Image summary for SUSE:SLE-15-SP4:Update:QR:QU3

SUSE-IU-2000:27-1

Container Advisory ID	SUSE-IU-2000:27-1
Container Tags	SUSE:SLE-15-SP4:3
Container Release

The following patches have been included in this update:

Advisory ID	SUSE-RU-2020:3277-1
Released	Wed Nov 11 09:06:52 2020
Summary	Recommended update for google-osconfig-agent
Type	recommended
Severity	moderate
References	1176427,1178249

Description:

This update for google-osconfig-agent fixes the following issues:
This update ships the google-osconfig-agent in version 20200929.00 (bsc#1176427, bsc#1178249, jsc#ECO-2702, jsc#PM-2203)

Advisory ID	SUSE-SU-2021:306-1
Released	Thu Feb 4 17:52:57 2021
Summary	Recommended update for RT kernel
Type	security
Severity	low
References	1034995,1040855,1043347,1044120,1044767,1055014,1055117,1055186,1058115,1061843,1065600,1065729,1066382,1071995,1077428,1085030,1094244,1094840,1109695,1115431,1120163,1129923,1133021,1134760,1136666,1138374,1139944,1148868,1149032,1152148,1152457,1152472,1152489,1153274,1154353,1154488,1154492,1154824,1155518,1155798,1156315,1156395,1157169,1158050,1158242,1158265,1158748,1158765,1158775,1158983,1159058,1159781,1159867,1159886,1160388,1160634,1160947,1161099,1161495,1162002,1162063,1162209,1162400,1162702,1163592,1163727,1164648,1164777,1164780,1165211,1165455,1165629,1165692,1165933,1165975,1166146,1166166,1166340,1166965,1166985,1167030,1167104,1167527,1167651,1167657,1167773,1167851,1168230,1168461,1168468,1168779,1168838,1168952,1168959,1169021,1169094,1169194,1169263,1169514,1169681,1169763,1169771,1169790,1169795,1170011,1170139,1170232,1170284,1170415,1170442,1170617,1170621,1170774,1170879,1170891,1170895,1171000,1171068,1171073,1171078,1171117,1171150,1171156,1171189,1171191,1171218,1171219,1171220,1171236,1171242,1171246,1171285,1171293,1171374,1171390,1171391,1171392,1171417,1171426,1171507,1171513,1171514,1171529,1171530,1171558,1171634,1171644,1171662,1171675,1171688,1171699,1171709,1171730,1171732,1171736,1171739,1171742,1171743,1171759,1171773,1171774,1171775,1171776,1171777,1171778,1171779,1171780,1171781,1171782,1171783,1171784,1171785,1171786,1171787,1171788,1171789,1171790,1171791,1171792,1171793,1171794,1171795,1171796,1171797,1171798,1171799,1171810,1171827,1171828,1171832,1171833,1171834,1171835,1171839,1171840,1171841,1171842,1171843,1171844,1171849,1171857,1171868,1171904,1171915,1171982,1171983,1171988,1172017,1172046,1172061,1172062,1172063,1172064,1172065,1172066,1172067,1172068,1172069,1172073,1172086,1172095,1172108,1172145,1172169,1172170,1172197,1172201,1172208,1172223,1172247,1172317,1172342,1172343,1172344,1172365,1172366,1172374,1172391,1172393,1172394,1172418,1172419,1172453,1172458,1172467,1172484,1172537,1172543,1172687,1172719,1172733,1172739,1172751,1172757,1172759,1172775,1172781,1172782,1172783,1172814,1172823,1172841,1172871,1172873,1172938,1172939,1172940,1172956,1172963,1172983,1172984,1172985,1172986,1172987,1172988,1172989,1172990,1172999,1173017,1173068,1173074,1173085,1173115,1173139,1173206,1173267,1173271,1173280,1173284,1173428,1173438,1173461,1173468,1173485,1173514,1173552,1173573,1173625,1173746,1173776,1173798,1173813,1173817,1173818,1173820,1173822,1173823,1173824,1173825,1173826,1173827,1173828,1173830,1173831,1173832,1173833,1173834,1173836,1173837,1173838,1173839,1173841,1173843,1173844,1173845,1173847,1173849,1173860,1173894,1173941,1173954,1174002,1174003,1174018,1174026,1174029,1174072,1174098,1174110,1174111,1174116,1174126,1174127,1174128,1174129,1174146,1174185,1174205,1174244,1174263,1174264,1174331,1174332,1174333,1174345,1174356,1174358,1174362,1174387,1174396,1174398,1174407,1174409,1174411,1174438,1174462,1174484,1174486,1174513,1174527,1174625,1174627,1174645,1174689,1174699,1174737,1174748,1174757,1174762,1174770,1174771,1174777,1174805,1174824,1174825,1174852,1174865,1174880,1174897,1174899,1174906,1174969,1175009,1175010,1175011,1175012,1175013,1175014,1175015,1175016,1175017,1175018,1175019,1175020,1175021,1175052,1175079,1175112,1175116,1175128,1175149,1175175,1175176,1175180,1175181,1175182,1175183,1175184,1175185,1175186,1175187,1175188,1175189,1175190,1175191,1175192,1175195,1175199,1175213,1175232,1175263,1175284,1175296,1175306,1175344,1175345,1175346,1175347,1175367,1175377,1175440,1175480,1175493,1175546,1175550,1175599,1175621,1175654,1175667,1175691,1175718,1175721,1175749,1175768,1175769,1175770,1175771,1175772,1175774,1175775,1175787,1175807,1175834,1175873,1175882,1175898,1175918,1175952,1175995,1175996,1175997,1175998,1175999,1176000,1176001,1176019,1176022,1176038,1176063,1176069,1176109,1176137,1176180,1176200,1176235,1176236,1176237,1176242,1176354,1176357,1176358,1176359,1176360,1176361,1176362,1176363,1176364,1176365,1176366,1176367,1176381,1176396,1176400,1176423,1176449,1176481,1176485,1176486,1176507,1176536,1176537,1176538,1176539,1176540,1176541,1176542,1176543,1176544,1176545,1176546,1176548,1176558,1176559,1176564,1176586,1176587,1176588,1176659,1176698,1176699,1176700,1176713,1176721,1176722,1176725,1176732,1176763,1176775,1176788,1176789,1176833,1176855,1176869,1176877,1176907,1176925,1176942,1176956,1176962,1176979,1176980,1176983,1176990,1177021,1177030,1177066,1177070,1177086,1177090,1177109,1177121,1177193,1177194,1177206,1177258,1177271,1177281,1177283,1177284,1177285,1177286,1177297,1177326,1177353,1177384,1177397,1177410,1177411,1177470,1177500,1177511,1177617,1177666,1177679,1177681,1177683,1177687,1177694,1177697,1177698,1177703,1177719,1177724,1177725,1177726,1177733,1177739,1177749,1177750,1177754,1177755,1177765,1177766,1177799,1177801,1177814,1177817,1177820,1177854,1177855,1177856,1177861,1178002,1178049,1178079,1178123,1178166,1178173,1178175,1178176,1178177,1178182,1178183,1178184,1178185,1178186,1178190,1178191,1178203,1178227,1178246,1178255,1178270,1178286,1178307,1178330,1178393,1178395,1178401,1178426,1178461,1178579,1178581,1178584,1178585,1178589,1178590,1178612,1178634,1178635,1178653,1178659,1178660,1178661,1178669,1178686,1178740,1178755,1178756,1178762,1178780,1178838,1178853,1178886,1179001,1179012,1179014,1179015,1179045,1179076,1179082,1179107,1179140,1179141,1179160,1179201,1179204,1179211,1179217,1179419,1179424,1179425,1179426,1179427,1179429,1179432,1179434,1179435,1179442,1179519,1179550,1179575,1179578,1179601,1179604,1179639,1179652,1179656,1179670,1179671,1179672,1179673,1179675,1179676,1179677,1179678,1179679,1179680,1179681,1179682,1179683,1179684,1179685,1179687,1179688,1179689,1179690,1179703,1179704,1179707,1179709,1179710,1179711,1179712,1179713,1179714,1179715,1179716,1179745,1179763,1179887,1179888,1179892,1179896,1179960,1179963,1180027,1180029,1180031,1180052,1180056,1180086,1180117,1180258,1180261,1180349,1180506,1180541,1180559,1180566,173030,744692,789311,954532,995541,CVE-2019-19462,CVE-2019-20810,CVE-2019-20812,CVE-2020-0110,CVE-2020-0305,CVE-2020-0404,CVE-2020-0427,CVE-2020-0431,CVE-2020-0432,CVE-2020-0444,CVE-2020-0465,CVE-2020-0466,CVE-2020-0543,CVE-2020-10135,CVE-2020-10711,CVE-2020-10732,CVE-2020-10751,CVE-2020-10757,CVE-2020-10766,CVE-2020-10767,CVE-2020-10768,CVE-2020-10773,CVE-2020-10781,CVE-2020-11668,CVE-2020-12351,CVE-2020-12352,CVE-2020-12652,CVE-2020-12656,CVE-2020-12769,CVE-2020-12771,CVE-2020-12888,CVE-2020-13143,CVE-2020-13974,CVE-2020-14314,CVE-2020-14331,CVE-2020-14351,CVE-2020-14356,CVE-2020-14385,CVE-2020-14386,CVE-2020-14390,CVE-2020-14416,CVE-2020-15393,CVE-2020-15436,CVE-2020-15437,CVE-2020-15780,CVE-2020-16120,CVE-2020-16166,CVE-2020-1749,CVE-2020-24490,CVE-2020-25212,CVE-2020-25284,CVE-2020-25285,CVE-2020-25641,CVE-2020-25643,CVE-2020-25645,CVE-2020-25656,CVE-2020-25668,CVE-2020-25669,CVE-2020-25704,CVE-2020-25705,CVE-2020-26088,CVE-2020-27068,CVE-2020-27777,CVE-2020-27786,CVE-2020-27825,CVE-2020-27830,CVE-2020-28915,CVE-2020-28941,CVE-2020-28974,CVE-2020-29369,CVE-2020-29370,CVE-2020-29371,CVE-2020-29373,CVE-2020-29660,CVE-2020-29661,CVE-2020-36158,CVE-2020-4788,CVE-2020-8694

Description:

This update syncs the RT kernel into the 15-SP2 codestream.

Advisory ID	SUSE-SU-2021:1625-1
Released	Tue May 18 14:21:06 2021
Summary	Security update for the Linux Kernel
Type	security
Severity	important
References	1047233,1065729,1113295,1152472,1152489,1153274,1154353,1155518,1156256,1156395,1159280,1160634,1167773,1168777,1169514,1169709,1171295,1173485,1177326,1178163,1178181,1178330,1179454,1180197,1180980,1181383,1181507,1181674,1181862,1182011,1182077,1182485,1182552,1182574,1182591,1182595,1182712,1182713,1182715,1182716,1182717,1182770,1182989,1183015,1183018,1183022,1183023,1183048,1183252,1183277,1183278,1183279,1183280,1183281,1183282,1183283,1183284,1183285,1183286,1183287,1183288,1183366,1183369,1183386,1183405,1183412,1183416,1183427,1183428,1183445,1183447,1183501,1183509,1183530,1183534,1183540,1183593,1183596,1183598,1183637,1183646,1183662,1183686,1183692,1183696,1183750,1183757,1183775,1183843,1183859,1183871,1184074,1184120,1184167,1184168,1184170,1184176,1184192,1184193,1184194,1184196,1184198,1184211,1184217,1184218,1184219,1184220,1184224,1184388,1184391,1184393,1184509,1184511,1184512,1184514,1184583,1184647,CVE-2019-18814,CVE-2019-19769,CVE-2020-25670,CVE-2020-25671,CVE-2020-25672,CVE-2020-25673,CVE-2020-27170,CVE-2020-27171,CVE-2020-27815,CVE-2020-35519,CVE-2020-36310,CVE-2020-36311,CVE-2020-36312,CVE-2021-27363,CVE-2021-27364,CVE-2021-27365,CVE-2021-28038,CVE-2021-28375,CVE-2021-28660,CVE-2021-28688,CVE-2021-28950,CVE-2021-28964,CVE-2021-28971,CVE-2021-28972,CVE-2021-29154,CVE-2021-29264,CVE-2021-29265,CVE-2021-29647,CVE-2021-30002,CVE-2021-3428,CVE-2021-3444,CVE-2021-3483

Description:

The SUSE Linux Enterprise 15 SP2 kernel RT was updated to receive various security and bugfixes.
The following security bugs were fixed:

CVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read (bsc#1184170).
CVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent (bsc#1173485).
CVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bsc#1184192 ).
CVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have allowed attackers to cause a denial of service due to race conditions during an update of the local and shared status (bsc#1184167).
CVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet driver which could have allowed attackers to cause a system crash due to a calculation of negative fragment size (bsc#1184168).
CVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly (bsc#1184198).
CVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could have caused a system crash because the PEBS status in a PEBS record was mishandled (bsc#1184196 ).
CVE-2021-28964: Fixed a race condition in get_old_root which could have allowed attackers to cause a denial of service (bsc#1184193).
CVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646).
CVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan (bsc#1183593 ).
CVE-2021-28375: Fixed an issue in fastrpc_internal_invoke which did not prevent user applications from sending kernel RPC messages (bsc#1183596).
CVE-2021-28038: Fixed an issue with the netback driver which was lacking necessary treatment of errors such as failed memory allocations (bsc#1183022).
CVE-2021-27365: Fixed an issue where an unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bsc#1182715).
CVE-2021-27364: Fixed an issue where an attacker could craft Netlink messages (bsc#1182717).
CVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1182716).
CVE-2020-35519: Fixed an out-of-bounds memory access was found in x25_bind (bsc#1183696).
CVE-2020-27815: Fixed an issue in JFS filesystem where could have allowed an attacker to execute code (bsc#1179454).
CVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183775).
CVE-2020-27170: Fixed potential side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183686).
CVE-2019-19769: Fixed a use-after-free in the perf_trace_lock_acquire function (bsc#1159280 ).
CVE-2019-18814: Fixed a use-after-free when aa_label_parse() fails in aa_audit_rule_init() (bsc#1156256).
CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673: Fixed multiple bugs in NFC subsytem (bsc#1178181).
CVE-2020-36311: Fixed a denial of service (soft lockup) by triggering destruction of a large SEV VM (bsc#1184511).
CVE-2021-29154: Fixed incorrect computation of branch displacements, allowing arbitrary code execution (bsc#1184391).
CVE-2021-30002: Fixed a memory leak for large arguments in video_usercopy (bsc#1184120).
CVE-2021-3483: Fixed a use-after-free in nosy.c (bsc#1184393).
CVE-2020-36310: Fixed infinite loop for certain nested page faults (bsc#1184512).
CVE-2020-36312: Fixed a memory leak upon a kmalloc failure (bsc#1184509 ).
CVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h due to a retry loop continually was finding the same bad inode (bsc#1184194).

The following non-security bugs were fixed:

0007-block-add-docs-for-gendisk-request_queue-refcount-he.patch: (bsc#1171295, git fixes (block drivers)).
0008-block-revert-back-to-synchronous-request_queue-remov.patch: (bsc#1171295, git fixes (block drivers)).
0009-blktrace-fix-debugfs-use-after-free.patch: (bsc#1171295, git fixes (block drivers)).
ACPI: bus: Constify is_acpi_node() and friends (part 2) (git-fixes).
ACPICA: Always create namespace nodes using acpi_ns_create_node() (git-fixes).
ACPICA: Enable sleep button on ACPI legacy wake (bsc#1181383).
ACPICA: Fix race in generic_serial_bus (I2C) and GPIO op_region parameter handling (git-fixes).
ACPI: scan: Rearrange memory allocation in acpi_device_add() (git-fixes).
ACPI: video: Add DMI quirk for GIGABYTE GB-BXBT-2807 (git-fixes).
ACPI: video: Add missing callback back for Sony VPCEH3U1E (git-fixes).
ALSA: aloop: Fix initialization of controls (git-fixes).
ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits (git-fixes).
ALSA: hda: Avoid spurious unsol event handling during S3/S4 (git-fixes).
ALSA: hda: Drop the BATCH workaround for AMD controllers (git-fixes).
ALSA: hda: generic: Fix the micmute led init state (git-fixes).
ALSA: hda/hdmi: Cancel pending works before suspend (git-fixes).
ALSA: hda/realtek: Add quirk for Clevo NH55RZQ (git-fixes).
ALSA: hda/realtek: Add quirk for Intel NUC 10 (git-fixes).
ALSA: hda/realtek: Apply dual codec quirks for MSI Godlike X570 board (git-fixes).
ALSA: hda/realtek: Apply headset-mic quirks for Xiaomi Redmibook Air (git-fixes).
ALSA: hda/realtek: apply pin quirk for XiaomiNotebook Pro (git-fixes).
ALSA: hda/realtek: Enable headset mic of Acer SWIFT with ALC256 (git-fixes).
ALSA: hda/realtek: fix a determine_headset_type issue for a Dell AIO (git-fixes).
ALSA: hda/realtek: Fix speaker amp setup on Acer Aspire E1 (git-fixes).
ALSA: usb: Add Plantronics C320-M USB ctrl msg delay quirk (bsc#1182552).
ALSA: usb-audio: Allow modifying parameters with succeeding hw_params calls (bsc#1182552).
ALSA: usb-audio: Apply sample rate quirk to Logitech Connect (git-fixes).
ALSA: usb-audio: Apply the control quirk to Plantronics headsets (bsc#1182552).
ALSA: usb-audio: Disable USB autosuspend properly in setup_disable_autosuspend() (bsc#1182552).
ALSA: usb-audio: Do not abort even if the clock rate differs (bsc#1182552).
ALSA: usb-audio: Drop bogus dB range in too low level (bsc#1182552).
ALSA: usb-audio: Fix 'cannot get freq eq' errors on Dell AE515 sound bar (bsc#1182552).
ALSA: usb-audio: fix NULL ptr dereference in usb_audio_probe (bsc#1182552).
ALSA: usb-audio: Fix 'RANGE setting not yet supported' errors (git-fixes).
ALSA: usb-audio: fix use after free in usb_audio_disconnect (bsc#1182552).
ALSA: usb-audio: Skip the clock selector inquiry for single connections (git-fixes).
ALSA: usb: Use DIV_ROUND_UP() instead of open-coding it (git-fixes).
amd/amdgpu: Disable VCN DPG mode for Picasso (git-fixes).
apparmor: check/put label on apparmor_sk_clone_security() (git-fixes).
appletalk: Fix skb allocation size in loopback case (git-fixes).
arm64: make STACKPROTECTOR_PER_TASK configurable (bsc#1181862).
ASoC: ak4458: Add MODULE_DEVICE_TABLE (git-fixes).
ASoC: ak5558: Add MODULE_DEVICE_TABLE (git-fixes).
ASoC: cs42l42: Always wait at least 3ms after reset (git-fixes).
ASoC: cs42l42: Do not enable/disable regulator at Bias Level (git-fixes).
ASoC: cs42l42: Fix Bitclock polarity inversion (git-fixes).
ASoC: cs42l42: Fix channel width support (git-fixes).
ASoC: cs42l42: Fix mixer volume control (git-fixes).
ASoC: cygnus: fix for_each_child.cocci warnings (git-fixes).
ASoC: es8316: Simplify adc_pga_gain_tlv table (git-fixes).
ASoC: fsl_esai: Fix TDM slot setup for I2S mode (git-fixes).
ASoC: fsl_ssi: Fix TDM slot setup for I2S mode (git-fixes).
ASoC: Intel: Add DMI quirk table to soc_intel_is_byt_cr() (git-fixes).
ASoC: intel: atom: Remove 44100 sample-rate from the media and deep-buffer DAI descriptions (git-fixes).
ASoC: intel: atom: Stop advertising non working S24LE support (git-fixes).
ASoC: Intel: bytcr_rt5640: Add quirk for ARCHOS Cesium 140 (git-fixes).
ASoC: Intel: bytcr_rt5640: Add quirk for the Acer One S1002 tablet (git-fixes).
ASoC: Intel: bytcr_rt5640: Add quirk for the Estar Beauty HD MID 7316R tablet (git-fixes).
ASoC: Intel: bytcr_rt5640: Add quirk for the Voyo Winpad A15 tablet (git-fixes).
ASoC: Intel: bytcr_rt5640: Fix HP Pavilion x2 10-p0XX OVCD current threshold (git-fixes).
ASoC: Intel: bytcr_rt5651: Add quirk for the Jumper EZpad 7 tablet (git-fixes).
ASoC: max98373: Added 30ms turn on/off time delay (git-fixes).
ASoC: rt5640: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes).
ASoC: rt5651: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes).
ASoC: rt5670: Add emulated 'DAC1 Playback Switch' control (git-fixes).
ASoC: rt5670: Remove ADC vol-ctrl mute bits poking from Sto1 ADC mixer settings (git-fixes).
ASoC: rt5670: Remove 'HP Playback Switch' control (git-fixes).
ASoC: rt5670: Remove 'OUT Channel Switch' control (git-fixes).
ASoC: sgtl5000: set DAP_AVC_CTRL register to correct default value on probe (git-fixes).
ASoC: simple-card-utils: Do not handle device clock (git-fixes).
ASoC: sunxi: sun4i-codec: fill ASoC card owner (git-fixes).
ASoC: wm8960: Fix wrong bclk and lrclk with pll enabled for some chips (git-fixes).
ath10k: fix wmi mgmt tx queue full due to race condition (git-fixes).
ath10k: hold RCU lock when calling ieee80211_find_sta_by_ifaddr() (git-fixes).
ath9k: fix transmitting to stations in dynamic SMPS mode (git-fixes).
atl1c: fix error return code in atl1c_probe() (git-fixes).
atl1e: fix error return code in atl1e_probe() (git-fixes).
batman-adv: initialize 'struct batadv_tvlv_tt_vlan_data'->reserved field (git-fixes).
binfmt_misc: fix possible deadlock in bm_register_write (git-fixes).
binfmt_misc: fix possible deadlock in bm_register_write (git-fixes).
blktrace-annotate-required-lock-on-do_blk_trace_setu.patch: (bsc#1171295).
blktrace-Avoid-sparse-warnings-when-assigning-q-blk_.patch: (bsc#1171295).
blktrace-break-out-of-blktrace-setup-on-concurrent-c.patch: (bsc#1171295).
block-clarify-context-for-refcount-increment-helpers.patch: (bsc#1171295).
block: rsxx: fix error return code of rsxx_pci_probe() (git-fixes).
Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data (git-fixes).
Bluetooth: hci_h5: Set HCI_QUIRK_SIMULTANEOUS_DISCOVERY for btrtl (git-fixes).
bnxt_en: reliably allocate IRQ table on reset to avoid crash (jsc#SLE-8371 bsc#1153274).
bpf: Add sanity check for upper ptr_limit (bsc#1183686 bsc#1183775).
bpf: Avoid warning when re-casting __bpf_call_base into __bpf_call_base_args (bsc#1155518).
bpf: Declare __bpf_free_used_maps() unconditionally (bsc#1155518).
bpf: Do not do bpf_cgroup_storage_set() for kuprobe/tp programs (bsc#1155518).
bpf: Fix 32 bit src register truncation on div/mod (bsc#1184170).
bpf_lru_list: Read double-checked variable once without lock (bsc#1155518).
bpf: Remove MTU check in __bpf_skb_max_len (bsc#1155518).
bpf: Simplify alu_limit masking for pointer arithmetic (bsc#1183686 bsc#1183775).
bpf,x64: Pad NOPs to make images converge more easily (bsc#1178163).
brcmfmac: Add DMI nvram filename quirk for Predia Basic tablet (git-fixes).
brcmfmac: Add DMI nvram filename quirk for Voyo winpad A15 tablet (git-fixes).
brcmfmac: clear EAP/association status bits on linkdown events (git-fixes).
btrfs: abort the transaction if we fail to inc ref in btrfs_copy_root (bsc#1184217).
btrfs: always pin deleted leaves when there are active tree mod log users (bsc#1184224).
btrfs: fix exhaustion of the system chunk array due to concurrent allocations (bsc#1183386).
btrfs: fix extent buffer leak on failure to copy root (bsc#1184218).
btrfs: fix race when cloning extent buffer during rewind of an old root (bsc#1184193).
btrfs: fix stale data exposure after cloning a hole with NO_HOLES enabled (bsc#1184220).
btrfs: fix subvolume/snapshot deletion not triggered on mount (bsc#1184219).
bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD (git-fixes).
bus: ti-sysc: Fix warning on unbind if reset is not deasserted (git-fixes).
can: c_can: move runtime PM enable/disable to c_can_platform (git-fixes).
can: c_can_pci: c_can_pci_remove(): fix use-after-free (git-fixes).
can: flexcan: assert FRZ bit in flexcan_chip_freeze() (git-fixes).
can: flexcan: enable RX FIFO after FRZ/HALT valid (git-fixes).
can: flexcan: flexcan_chip_freeze(): fix chip freeze for missing bitrate (git-fixes).
can: flexcan: invoke flexcan_chip_freeze() to enter freeze mode (git-fixes).
can: m_can: m_can_do_rx_poll(): fix extraneous msg loss warning (git-fixes).
can: peak_usb: add forgotten supported devices (git-fixes).
can: peak_usb: Revert 'can: peak_usb: add forgotten supported devices' (git-fixes).
can: skb: can_skb_set_owner(): fix ref counting if socket was closed before setting skb ownership (git-fixes).
cdc-acm: fix BREAK rx code path adding necessary calls (git-fixes).
certs: Fix blacklist flag type confusion (git-fixes).
cifs: change noisy error message to FYI (bsc#1181507).
cifs: check pointer before freeing (bsc#1183534).
cifs_debug: use %pd instead of messing with ->d_name (bsc#1181507).
cifs: do not send close in compound create+close requests (bsc#1181507).
cifs: New optype for session operations (bsc#1181507).
cifs: print MIDs in decimal notation (bsc#1181507).
cifs: return proper error code in statfs(2) (bsc#1181507).
cifs: Tracepoints and logs for tracing credit changes (bsc#1181507).
clk: fix invalid usage of list cursor in register (git-fixes).
clk: fix invalid usage of list cursor in unregister (git-fixes).
clk: socfpga: fix iomem pointer cast on 64-bit (git-fixes).
completion: Drop init_completion define (git-fixes).
configfs: fix a use-after-free in __configfs_open_file (git-fixes).
config: net: freescale: change xgmac-mdio to built-in References: bsc#1183015,bsc#1182595
crypto: aesni - prevent misaligned buffers on the stack (git-fixes).
crypto: arm64/sha - add missing module aliases (git-fixes).
crypto: bcm - Rename struct device_private to bcm_device_private (git-fixes).
crypto: Kconfig - CRYPTO_MANAGER_EXTRA_TESTS requires the manager (git-fixes).
crypto: tcrypt - avoid signed overflow in byte count (git-fixes).
Delete patches.suse/sched-Reenable-interrupts-in-do_sched_yield.patch (bsc#1183530)
drivers/misc/vmw_vmci: restrict too big queue size in qp_host_alloc_queue (git-fixes).
drivers: video: fbcon: fix NULL dereference in fbcon_cursor() (git-fixes).
drm/amd/display: Guard against NULL pointer deref when get_i2c_info fails (git-fixes).
drm/amdgpu: Add check to prevent IH overflow (git-fixes).
drm/amdgpu: check alignment on CPU page for bo map (git-fixes).
drm/amdgpu: fix offset calculation in amdgpu_vm_bo_clear_mappings() (git-fixes).
drm/amdgpu: fix parameter error of RREG32_PCIE() in amdgpu_regs_pcie (git-fixes).
drm/amdkfd: Put ACPI table after using it (bsc#1152489) Backporting notes: * context changes
drm/amd/powerplay: fix spelling mistake 'smu_state_memroy_block' -> (bsc#1152489) Backporting notes: * rename amd/pm to amd/powerplay * context changes
drm/compat: Clear bounce structures (git-fixes).
drm/hisilicon: Fix use-after-free (git-fixes).
drm/i915: Fix invalid access to ACPI _DSM objects (bsc#1184074).
drm/i915: Reject 446-480MHz HDMI clock on GLK (git-fixes).
drm/mediatek: Fix aal size config (bsc#1152489)
drm: meson_drv add shutdown function (git-fixes).
drm/msm/a5xx: Remove overwriting A5XX_PC_DBG_ECO_CNTL register (git-fixes).
drm/msm/adreno: a5xx_power: Do not apply A540 lm_setup to other GPUs (git-fixes).
drm/msm/dsi: Correct io_start for MSM8994 (20nm PHY) (git-fixes).
drm/msm: Fix races managing the OOB state for timestamp vs (bsc#1152489)
drm/msm: fix shutdown hook in case GPU components failed to bind (git-fixes).
drm/msm: Fix use-after-free in msm_gem with carveout (bsc#1152489)
drm/msm: Fix WARN_ON() splat in _free_object() (bsc#1152489)
drm/msm/gem: Add obj->lock wrappers (bsc#1152489)
drm/msm: Ratelimit invalid-fence message (git-fixes).
drm/msm: Set drvdata to NULL when msm_drm_init() fails (git-fixes).
drm/nouveau: bail out of nouveau_channel_new if channel init fails (bsc#1152489)
drm/nouveau/kms: handle mDP connectors (git-fixes).
drm/panfrost: Do not corrupt the queue mutex on open/close (bsc#1152472)
drm/panfrost: Fix job timeout handling (bsc#1152472)
drm/panfrost: Remove unused variables in panfrost_job_close() (bsc#1152472)
drm/radeon: fix AGP dependency (git-fixes).
drm: rcar-du: Fix crash when using LVDS1 clock for CRTC (bsc#1152489)
drm/sched: Cancel and flush all outstanding jobs before finish (git-fixes).
drm/sun4i: tcon: fix inverted DCLK polarity (bsc#1152489)
drm/tegra: sor: Grab runtime PM reference across reset (git-fixes).
drm/vc4: hdmi: Restore cec physical address on reconnect (bsc#1152472)
efi: use 32-bit alignment for efi_guid_t literals (git-fixes).
enetc: Fix reporting of h/w packet counters (git-fixes).
epoll: check for events when removing a timed out thread from the wait queue (git-fixes).
ethernet: alx: fix order of calls on resume (git-fixes).
exec: Move would_dump into flush_old_exec (git-fixes).
exfat: add missing MODULE_ALIAS_FS() (bsc#1182989).
exfat: add the dummy mount options to be backward compatible with staging/exfat (bsc#1182989).
extcon: Add stubs for extcon_register_notifier_all() functions (git-fixes).
extcon: Fix error handling in extcon_dev_register (git-fixes).
fbdev: aty: SPARC64 requires FB_ATY_CT (git-fixes).
firmware/efi: Fix a use after bug in efi_mem_reserve_persistent (git-fixes).
flow_dissector: fix byteorder of dissected ICMP ID (bsc#1154353).
fsl/fman: check dereferencing null pointer (git-fixes).
fsl/fman: fix dereference null return value (git-fixes).
fsl/fman: fix eth hash table allocation (git-fixes).
fsl/fman: fix unreachable code (git-fixes).
fsl/fman: use 32-bit unsigned integer (git-fixes).
fuse: fix bad inode (bsc#1184211).
fuse: fix live lock in fuse_iget() (bsc#1184211).
fuse: verify write return (git-fixes).
gcc-plugins: drop support for GCC <= 4.7 (bcs#1181862).
gcc-plugins: make it possible to disable CONFIG_GCC_PLUGINS again (bcs#1181862).
gcc-plugins: simplify GCC plugin-dev capability test (bsc#1181862).
gianfar: Account for Tx PTP timestamp in the skb headroom (git-fixes).
gianfar: Fix TX timestamping with a stacked DSA driver (git-fixes).
gianfar: Handle error code at MAC address change (git-fixes).
gianfar: Replace skb_realloc_headroom with skb_cow_head for PTP (git-fixes).
Goodix Fingerprint device is not a modem (git-fixes).
gpiolib: acpi: Add missing IRQF_ONESHOT (git-fixes).
gpio: pca953x: Set IRQ type when handle Intel Galileo Gen 2 (git-fixes).
gpio: zynq: fix reference leak in zynq_gpio functions (git-fixes).
HID: i2c-hid: Add I2C_HID_QUIRK_NO_IRQ_AFTER_RESET for ITE8568 EC on Voyo Winpad A15 (git-fixes).
HID: mf: add support for 0079:1846 Mayflash/Dragonrise USB Gamecube Adapter (git-fixes).
HSI: Fix PM usage counter unbalance in ssi_hw_init (git-fixes).
hwmon: (ina3221) Fix PM usage counter unbalance in ina3221_write_enable (git-fixes).
i2c: rcar: faster irq code to minimize HW race condition (git-fixes).
i2c: rcar: optimize cacheline to minimize HW race condition (git-fixes).
i40e: Fix parameters in aq_get_phy_register() (jsc#SLE-8025).
i40e: Fix sparse error: 'vsi->netdev' could be null (jsc#SLE-8025).
iavf: Fix incorrect adapter get in iavf_resume (git-fixes).
iavf: use generic power management (git-fixes).
ibmvnic: add comments for spinlock_t definitions (bsc#1183871 ltc#192139).
ibmvnic: always store valid MAC address (bsc#1182011 ltc#191844).
ibmvnic: avoid multiple line dereference (bsc#1183871 ltc#192139).
ibmvnic: fix block comments (bsc#1183871 ltc#192139).
ibmvnic: fix braces (bsc#1183871 ltc#192139).
ibmvnic: fix miscellaneous checks (bsc#1183871 ltc#192139).
ibmvnic: Fix possibly uninitialized old_num_tx_queues variable warning (jsc#SLE-17268).
ibmvnic: merge do_change_param_reset into do_reset (bsc#1183871 ltc#192139).
ibmvnic: prefer strscpy over strlcpy (bsc#1183871 ltc#192139).
ibmvnic: prefer 'unsigned long' over 'unsigned long int' (bsc#1183871 ltc#192139).
ibmvnic: remove excessive irqsave (bsc#1182485 ltc#191591).
ibmvnic: remove unnecessary rmb() inside ibmvnic_poll (bsc#1183871 ltc#192139).
ibmvnic: remove unused spinlock_t stats_lock definition (bsc#1183871 ltc#192139).
ibmvnic: rework to ensure SCRQ entry reads are properly ordered (bsc#1183871 ltc#192139).
ibmvnic: simplify reset_long_term_buff function (bsc#1183023 ltc#191791).
ibmvnic: substitute mb() with dma_wmb() for send_*crq* functions (bsc#1183023 ltc#191791).
ice: fix memory leak if register_netdev_fails (git-fixes).
ice: fix memory leak in ice_vsi_setup (git-fixes).
ice: Fix state bits on LLDP mode switch (jsc#SLE-7926).
ice: remove DCBNL_DEVRESET bit from PF state (jsc#SLE-7926).
ice: renegotiate link after FW DCB on (jsc#SLE-8464).
ice: report correct max number of TCs (jsc#SLE-7926).
ice: update the number of available RSS queues (jsc#SLE-7926).
igc: Fix igc_ptp_rx_pktstamp() (bsc#1160634).
iio: adc: ad7949: fix wrong ADC result due to incorrect bit mask (git-fixes).
iio:adc:qcom-spmi-vadc: add default scale to LR_MUX2_BAT_ID channel (git-fixes).
iio: adis16400: Fix an error code in adis16400_initial_setup() (git-fixes).
iio: gyro: mpu3050: Fix error handling in mpu3050_trigger_handler (git-fixes).
iio: hid-sensor-humidity: Fix alignment issue of timestamp channel (git-fixes).
iio: hid-sensor-prox: Fix scale not correct issue (git-fixes).
iio: hid-sensor-temperature: Fix issues of timestamp channel (git-fixes).
include/linux/sched/mm.h: use rcu_dereference in in_vfork() (git-fixes).
Input: applespi - do not wait for responses to commands indefinitely (git-fixes).
Input: elantech - fix protocol errors for some trackpoints in SMBus mode (git-fixes).
Input: i8042 - add ASUS Zenbook Flip to noselftest list (git-fixes).
Input: raydium_ts_i2c - do not send zero length (git-fixes).
Input: xpad - add support for PowerA Enhanced Wired Controller for Xbox Series X|S (git-fixes).
iommu/amd: Fix sleeping in atomic in increase_address_space() (bsc#1183277).
iommu/intel: Fix memleak in intel_irq_remapping_alloc (bsc#1183278).
iommu/qcom: add missing put_device() call in qcom_iommu_of_xlate() (bsc#1183637).
iommu/vt-d: Add get_domain_info() helper (bsc#1183279).
iommu/vt-d: Avoid panic if iommu init fails in tboot system (bsc#1183280).
iommu/vt-d: Correctly check addr alignment in qi_flush_dev_iotlb_pasid() (bsc#1183281).
iommu/vt-d: Do not use flush-queue when caching-mode is on (bsc#1183282).
iommu/vt-d: Fix general protection fault in aux_detach_device() (bsc#1183283).
iommu/vt-d: Fix ineffective devTLB invalidation for subdevices (bsc#1183284).
iommu/vt-d: Fix unaligned addresses for intel_flush_svm_range_dev() (bsc#1183285).
iommu/vt-d: Move intel_iommu info from struct intel_svm to struct intel_svm_dev (bsc#1183286).
ionic: linearize tso skb with too many frags (bsc#1167773).
kABI: powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes).
kbuild: add dummy toolchains to enable all cc-option etc. in Kconfig (bcs#1181862).
kbuild: change *FLAGS_<basetarget>.o to take the path relative to $(obj) (bcs#1181862).
kbuild: dummy-tools, fix inverted tests for gcc (bcs#1181862).
kbuild: dummy-tools, support MPROFILE_KERNEL checks for ppc (bsc#1181862).
kbuild: Fail if gold linker is detected (bcs#1181862).
kbuild: improve cc-option to clean up all temporary files (bsc#1178330).
kbuild: include scripts/Makefile.* only when relevant CONFIG is enabled (bcs#1181862).
kbuild: simplify GCC_PLUGINS enablement in dummy-tools/gcc (bcs#1181862).
kbuild: stop filtering out $(GCC_PLUGINS_CFLAGS) from cc-option base (bcs#1181862).
kbuild: use -S instead of -E for precise cc-option test in Kconfig (bsc#1178330).
kconfig: introduce m32-flag and m64-flag (bcs#1181862).
KVM: nVMX: Properly handle userspace interrupt window request (bsc#1183427).
KVM: SVM: Clear the CR4 register on reset (bsc#1183252).
KVM: x86: Add helpers to perform CPUID-based guest vendor check (bsc#1183445).
KVM: x86: Add RIP to the kvm_entry, i.e. VM-Enter, tracepoint Needed as a dependency of 0b40723a827 ('kvm: tracing: Fix unmatched kvm_entry and kvm_exit events', bsc#1182770).
KVM: x86: Allow guests to see MSR_IA32_TSX_CTRL even if tsx=off (bsc#1183287).
KVM: x86: do not reset microcode version on INIT or RESET (bsc#1183412).
KVM x86: Extend AMD specific guest behavior to Hygon virtual CPUs (bsc#1183447).
KVM: x86: list MSR_IA32_UCODE_REV as an emulated MSR (bsc#1183369).
KVM: x86: Return -E2BIG when KVM_GET_SUPPORTED_CPUID hits max entries (bsc#1183428).
KVM: x86: Set so called 'reserved CR3 bits in LM mask' at vCPU reset (bsc#1183288).
libbpf: Clear map_info before each bpf_obj_get_info_by_fd (bsc#1155518).
libbpf: Fix BTF dump of pointer-to-array-of-struct (bsc#1155518).
libbpf: Fix INSTALL flag order (bsc#1155518).
libbpf: Use SOCK_CLOEXEC when opening the netlink socket (bsc#1155518).
lib/syscall: fix syscall registers retrieval on 32-bit platforms (git-fixes).
locking/mutex: Fix non debug version of mutex_lock_io_nested() (git-fixes).
loop-be-paranoid-on-exit-and-prevent-new-additions-r.patch: (bsc#1171295).
mac80211: choose first enabled channel for monitor (git-fixes).
mac80211: fix double free in ibss_leave (git-fixes).
mac80211: fix rate mask reset (git-fixes).
mac80211: fix TXQ AC confusion (git-fixes).
mdio: fix mdio-thunder.c dependency & build error (git-fixes).
media: cros-ec-cec: do not bail on device_init_wakeup failure (git-fixes).
media: cx23885: add more quirks for reset DMA on some AMD IOMMU (git-fixes).
media: mceusb: Fix potential out-of-bounds shift (git-fixes).
media: mceusb: sanity check for prescaler value (git-fixes).
media: rc: compile rc-cec.c into rc-core (git-fixes).
media: usbtv: Fix deadlock on suspend (git-fixes).
media: uvcvideo: Allow entities with no pads (git-fixes).
media: v4l2-ctrls.c: fix shift-out-of-bounds in std_validate (git-fixes).
media: v4l: vsp1: Fix bru null pointer access (git-fixes).
media: v4l: vsp1: Fix uif null pointer access (git-fixes).
media: vicodec: add missing v4l2_ctrl_request_hdl_put() (git-fixes).
misc: eeprom_93xx46: Add quirk to support Microchip 93LC46B eeprom (git-fixes).
misc: fastrpc: restrict user apps from sending kernel RPC messages (git-fixes).
misc/pvpanic: Export module FDT device table (git-fixes).
misc: rtsx: init of rts522a add OCP power off when no card is present (git-fixes).
mISDN: fix crash in fritzpci (git-fixes).
mmc: core: Fix partition switch time for eMMC (git-fixes).
mmc: cqhci: Fix random crash when remove mmc module/card (git-fixes).
mmc: mxs-mmc: Fix a resource leak in an error handling path in 'mxs_mmc_probe()' (git-fixes).
mmc: sdhci-esdhc-imx: fix kernel panic when remove module (git-fixes).
mmc: sdhci-of-dwcmshc: set SDHCI_QUIRK2_PRESET_VALUE_BROKEN (git-fixes).
mm: hugetlbfs: fix cannot migrate the fallocated HugeTLB page (git-fixes).
mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking page tables prot_numa (bsc#1168777).
mount: fix mounting of detached mounts onto targets that reside on shared mounts (git-fixes).
mt76: dma: do not report truncated frames to mac80211 (git-fixes).
mwifiex: pcie: skip cancel_work_sync() on reset failure path (git-fixes).
net: arc_emac: Fix memleak in arc_mdio_probe (git-fixes).
net: atheros: switch from 'pci_' to 'dma_' API (git-fixes).
net: b44: fix error return code in b44_init_one() (git-fixes).
net: bonding: fix error return code of bond_neigh_init() (bsc#1154353).
net: cdc-phonet: fix data-interface release on probe failure (git-fixes).
net: core: introduce __netdev_notify_peers (bsc#1183871 ltc#192139).
netdevsim: init u64 stats for 32bit hardware (git-fixes).
net: dsa: rtl8366: Fix VLAN semantics (git-fixes).
net: dsa: rtl8366: Fix VLAN set-up (git-fixes).
net: dsa: rtl8366rb: Support all 4096 VLANs (git-fixes).
net: enic: Cure the enic api locking trainwreck (git-fixes).
net: ethernet: aquantia: Fix wrong return value (git-fixes).
net: ethernet: cavium: octeon_mgmt: use phy_start and phy_stop (git-fixes).
net: ethernet: ibm: ibmvnic: Fix some kernel-doc misdemeanours (bsc#1183871 ltc#192139).
net: ethernet: ti: cpsw: fix clean up of vlan mc entries for host port (git-fixes).
net: ethernet: ti: cpsw: fix error return code in cpsw_probe() (git-fixes).
net: fec: Fix phy_device lookup for phy_reset_after_clk_enable() (git-fixes).
net: fec: Fix PHY init after phy_reset_after_clk_enable() (git-fixes).
net: fec: Fix reference count leak in fec series ops (git-fixes).
net: gemini: Fix another missing clk_disable_unprepare() in probe (git-fixes).
net: gemini: Fix missing free_netdev() in error path of gemini_ethernet_port_probe() (git-fixes).
net: gianfar: Add of_node_put() before goto statement (git-fixes).
net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device (git-fixes).
net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup (git-fixes).
net: hns3: Remove the left over redundant check & assignment (bsc#1154353).
net: korina: cast KSEG0 address to pointer in kfree (git-fixes).
net: korina: fix kfree of rx/tx descriptor array (git-fixes).
net: lantiq: Wait for the GPHY firmware to be ready (git-fixes).
net/mlx5: Disable devlink reload for lag devices (jsc#SLE-8464).
net/mlx5: Disable devlink reload for multi port slave device (jsc#SLE-8464).
net/mlx5: Disallow RoCE on lag device (jsc#SLE-8464).
net/mlx5: Disallow RoCE on multi port slave device (jsc#SLE-8464).
net/mlx5e: E-switch, Fix rate calculation division (jsc#SLE-8464).
net/mlx5e: E-switch, Fix rate calculation for overflow (jsc#SLE-8464).
net/mlx5: Fix PPLM register mapping (jsc#SLE-8464).
net: mvneta: fix double free of txq->buf (git-fixes).
net: mvneta: make tx buffer array agnostic (git-fixes).
net: pasemi: fix error return code in pasemi_mac_open() (git-fixes).
net: phy: broadcom: Only advertise EEE for supported modes (git-fixes).
net: qcom/emac: add missed clk_disable_unprepare in error path of emac_clks_phase1_init (git-fixes).
net: qualcomm: rmnet: Fix incorrect receive packet handling during cleanup (git-fixes).
net: sched: disable TCQ_F_NOLOCK for pfifo_fast (bsc#1183405)
netsec: restore phy power state after controller reset (bsc#1183757).
net: spider_net: Fix the size used in a 'dma_free_coherent()' call (git-fixes).
net: stmmac: Fix incorrect location to set real_num_rx|tx_queues (git-fixes).
net: stmmac: removed enabling eee in EEE set callback (git-fixes).
net: stmmac: use netif_tx_start|stop_all_queues() function (git-fixes).
net: stmmac: Use rtnl_lock/unlock on netif_set_real_num_rx_queues() call (git-fixes).
net: usb: ax88179_178a: fix missing stop entry in driver_info (git-fixes).
net: usb: qmi_wwan: allow qmimux add/del with master up (git-fixes).
net: usb: qmi_wwan: support ZTE P685M modem (git-fixes).
net: wan/lmc: unregister device when no matching device is found (git-fixes).
nfp: flower: fix pre_tun mask id allocation (bsc#1154353).
nvme: allocate the keep alive request using BLK_MQ_REQ_NOWAIT (bsc#1182077).
nvme-fabrics: fix kato initialization (bsc#1182591).
nvme-fabrics: only reserve a single tag (bsc#1182077).
nvme-fc: fix racing controller reset and create association (bsc#1183048).
nvme-hwmon: Return error code when registration fails (bsc#1177326).
nvme: merge nvme_keep_alive into nvme_keep_alive_work (bsc#1182077).
nvme: return an error if nvme_set_queue_count() fails (bsc#1180197).
nvmet-rdma: Fix list_del corruption on queue establishment failure (bsc#1183501).
objtool: Fix '.cold' section suffix check for newer versions of GCC (bsc#1169514).
objtool: Fix error handling for STD/CLD warnings (bsc#1169514).
objtool: Fix retpoline detection in asm code (bsc#1169514).
ovl: fix dentry leak in ovl_get_redirect (bsc#1184176).
ovl: fix out of date comment and unreachable code (bsc#1184176).
ovl: fix regression with re-formatted lower squashfs (bsc#1184176).
ovl: fix unneeded call to ovl_change_flags() (bsc#1184176).
ovl: fix value of i_ino for lower hardlink corner case (bsc#1184176).
ovl: initialize error in ovl_copy_xattr (bsc#1184176).
ovl: relax WARN_ON() when decoding lower directory file handle (bsc#1184176).
PCI: Add a REBAR size quirk for Sapphire RX 5600 XT Pulse (git-fixes).
PCI: Add function 1 DMA alias quirk for Marvell 9215 SATA controller (git-fixes).
PCI: Align checking of syscall user config accessors (git-fixes).
PCI: Decline to resize resources if boot config must be preserved (git-fixes).
PCI: Fix pci_register_io_range() memory leak (git-fixes).
PCI: mediatek: Add missing of_node_put() to fix reference leak (git-fixes).
PCI: qcom: Use PHY_REFCLK_USE_PAD only for ipq8064 (git-fixes).
PCI: xgene-msi: Fix race in installing chained irq handler (git-fixes).
pinctrl: rockchip: fix restore error in resume (git-fixes).
Platform: OLPC: Fix probe error handling (git-fixes).
platform/x86: acer-wmi: Add ACER_CAP_KBD_DOCK quirk for the Aspire Switch 10E SW3-016 (git-fixes).
platform/x86: acer-wmi: Add ACER_CAP_SET_FUNCTION_MODE capability flag (git-fixes).
platform/x86: acer-wmi: Add new force_caps module parameter (git-fixes).
platform/x86: acer-wmi: Add support for SW_TABLET_MODE on Switch devices (git-fixes).
platform/x86: acer-wmi: Cleanup accelerometer device handling (git-fixes).
platform/x86: acer-wmi: Cleanup ACER_CAP_FOO defines (git-fixes).
platform/x86: intel-hid: Support Lenovo ThinkPad X1 Tablet Gen 2 (git-fixes).
platform/x86: intel-vbtn: Stop reporting SW_DOCK events (git-fixes).
platform/x86: thinkpad_acpi: Allow the FnLock LED to change state (git-fixes).
PM: EM: postpone creating the debugfs dir till fs_initcall (git-fixes).
PM: runtime: Add pm_runtime_resume_and_get to deal with usage counter (bsc#1183366).
PM: runtime: Fix ordering in pm_runtime_get_suppliers() (git-fixes).
PM: runtime: Fix race getting/putting suppliers at probe (git-fixes).
post.sh: Return an error when module update fails (bsc#1047233 bsc#1184388).
powerpc/64s: Fix instruction encoding for lis in ppc_function_entry() (bsc#1065729).
powerpc/book3s64/radix: Remove WARN_ON in destroy_context() (bsc#1183692 ltc#191963).
powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes).
powerpc/pseries/mobility: handle premature return from H_JOIN (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922).
powerpc/pseries/mobility: use struct for shared state (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922).
powerpc/pseries/ras: Remove unused variable 'status' (bsc#1065729).
powerpc/sstep: Check instruction validity against ISA version before emulation (bsc#1156395).
powerpc/sstep: Fix darn emulation (bsc#1156395).
powerpc/sstep: Fix incorrect return from analyze_instr() (bsc#1156395).
powerpc/sstep: Fix load-store and update emulation (bsc#1156395).
printk: fix deadlock when kernel panic (bsc#1183018).
proc: fix lookup in /proc/net subdirectories after setns(2) (git-fixes).
pwm: rockchip: rockchip_pwm_probe(): Remove superfluous clk_unprepare() (git-fixes).
qlcnic: fix error return code in qlcnic_83xx_restart_hw() (git-fixes).
qxl: Fix uninitialised struct field head.surface_id (git-fixes).
random: fix the RNDRESEEDCRNG ioctl (git-fixes).
RAS/CEC: Correct ce_add_elem()'s returned values (bsc#1152489).
RDMA/hns: Disable RQ inline by default (jsc#SLE-8449).
RDMA/hns: Fix type of sq_signal_bits (jsc#SLE-8449).
RDMA/srp: Fix support for unpopulated and unbalanced NUMA nodes (bsc#1169709)
regulator: bd9571mwv: Fix AVS and DVFS voltage range (git-fixes).
Revert 'net: bonding: fix error return code of bond_neigh_init()' (bsc#1154353).
rpadlpar: fix potential drc_name corruption in store functions (bsc#1183416 ltc#191079).
rpm/check-for-config-changes: add -mrecord-mcount ignore Added by 3b15cdc15956 (tracing: move function tracer options to Kconfig) upstream.
rpm/check-for-config-changes: Also ignore AS_VERSION added in 5.12.
rpm/check-for-config-changes: comment on the list To explain what it actually is.
rpm/check-for-config-changes: declare sed args as an array So that we can reuse it in both seds. This also introduces IGNORED_CONFIGS_RE array which can be easily extended.
rpm/check-for-config-changes: define ignores more strictly * search for whole words, so make wildcards explicit * use ' for quoting * prepend CONFIG_ dynamically, so it need not be in the list
rpm/check-for-config-changes: sort the ignores They are growing so to make them searchable by humans.
rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package (bsc#1184514) The devel package requires the kernel binary package itself for building modules externally.
rsi: Fix TX EAPOL packet handling against iwlwifi AP (git-fixes).
rsi: Move card interrupt handling to RX thread (git-fixes).
rsxx: Return -EFAULT if copy_to_user() fails (git-fixes).
s390/cio: return -EFAULT if copy_to_user() fails (git-fixes).
s390/cio: return -EFAULT if copy_to_user() fails (git-fixes).
s390/crypto: return -EFAULT if copy_to_user() fails (git-fixes).
s390/dasd: fix hanging IO request during DASD driver unbind (git-fixes).
s390/qeth: fix memory leak after failed TX Buffer allocation (git-fixes).
s390/qeth: fix notification for pending buffers during teardown (git-fixes).
s390/qeth: improve completion of pending TX buffers (git-fixes).
s390/qeth: schedule TX NAPI on QAOB completion (git-fixes).
s390/vtime: fix increased steal time accounting (bsc#1183859).
samples, bpf: Add missing munmap in xdpsock (bsc#1155518).
scsi: ibmvfc: Fix invalid state machine BUG_ON() (bsc#1184647 ltc#191231).
scsi: lpfc: Change wording of invalid pci reset log message (bsc#1182574).
scsi: lpfc: Correct function header comments related to ndlp reference counting (bsc#1182574).
scsi: lpfc: Fix ADISC handling that never frees nodes (bsc#1182574).
scsi: lpfc: Fix crash caused by switch reboot (bsc#1182574).
scsi: lpfc: Fix dropped FLOGI during pt2pt discovery recovery (bsc#1182574).
scsi: lpfc: Fix FLOGI failure due to accessing a freed node (bsc#1182574).
scsi: lpfc: Fix incorrect dbde assignment when building target abts wqe (bsc#1182574).
scsi: lpfc: Fix lpfc_els_retry() possible null pointer dereference (bsc#1182574).
scsi: lpfc: Fix nodeinfo debugfs output (bsc#1182574).
scsi: lpfc: Fix null pointer dereference in lpfc_prep_els_iocb() (bsc#1182574).
scsi: lpfc: Fix PLOGI ACC to be transmit after REG_LOGIN (bsc#1182574).
scsi: lpfc: Fix pt2pt connection does not recover after LOGO (bsc#1182574).
scsi: lpfc: Fix pt2pt state transition causing rmmod hang (bsc#1182574).
scsi: lpfc: Fix reftag generation sizing errors (bsc#1182574).
scsi: lpfc: Fix stale node accesses on stale RRQ request (bsc#1182574).
scsi: lpfc: Fix status returned in lpfc_els_retry() error exit path (bsc#1182574).
scsi: lpfc: Fix unnecessary null check in lpfc_release_scsi_buf (bsc#1182574).
scsi: lpfc: Fix use after free in lpfc_els_free_iocb (bsc#1182574).
scsi: lpfc: Fix vport indices in lpfc_find_vport_by_vpid() (bsc#1182574).
scsi: lpfc: Reduce LOG_TRACE_EVENT logging for vports (bsc#1182574).
scsi: lpfc: Update copyrights for 12.8.0.7 and 12.8.0.8 changes (bsc#1182574).
scsi: lpfc: Update lpfc version to 12.8.0.8 (bsc#1182574).
scsi: target: pscsi: Avoid OOM in pscsi_map_sg() (bsc#1183843).
scsi: target: pscsi: Clean up after failure in pscsi_map_sg() (bsc#1183843).
selftests/bpf: Mask bpf_csum_diff() return value to 16 bits in test_verifier (bsc#1155518).
selftests/bpf: No need to drop the packet when there is no geneve opt (bsc#1155518).
selftests/bpf: Set gopt opt_class to 0 if get tunnel opt failed (bsc#1155518).
selinux: fix error initialization in inode_doinit_with_dentry() (git-fixes).
selinux: Fix error return code in sel_ib_pkey_sid_slow() (git-fixes).
selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling (git-fixes).
smb3: add dynamic trace point to trace when credits obtained (bsc#1181507).
smb3: fix crediting for compounding when only one request in flight (bsc#1181507).
smb3: Fix out-of-bounds bug in SMB2_negotiate() (bsc#1183540).
soc/fsl: qbman: fix conflicting alignment attributes (git-fixes).
software node: Fix node registration (git-fixes).
spi: stm32: make spurious and overrun interrupts visible (git-fixes).
squashfs: fix inode lookup sanity checks (bsc#1183750).
squashfs: fix xattr id and id lookup sanity checks (bsc#1183750).
stop_machine: mark helpers __always_inline (git-fixes).
thermal/core: Add NULL pointer check before using cooling device stats (git-fixes).
udlfb: Fix memory leak in dlfb_usb_probe (git-fixes).
Update bug reference for USB-audio fixes (bsc#1182552 bsc#1183598)
USB: cdc-acm: downgrade message to debug (git-fixes).
USB: cdc-acm: fix double free on probe failure (git-fixes).
USB: cdc-acm: fix use-after-free after probe failure (git-fixes).
USB: cdc-acm: untangle a circular dependency between callback and softint (git-fixes).
USB: dwc2: Fix HPRT0.PrtSusp bit setting for HiKey 960 board (git-fixes).
USB: dwc2: Prevent core suspend when port connection flag is 0 (git-fixes).
USB: dwc3: gadget: Fix dep->interval for fullspeed interrupt (git-fixes).
USB: dwc3: gadget: Fix setting of DEPCFG.bInterval_m1 (git-fixes).
USB: dwc3: qcom: Add missing DWC3 OF node refcount decrement (git-fixes).
USB: dwc3: qcom: Honor wakeup enabled/disabled state (git-fixes).
USB: gadget: configfs: Fix KASAN use-after-free (git-fixes).
USB: gadget: f_uac1: stop playback on function disable (git-fixes).
USB: gadget: f_uac2: always increase endpoint max_packet_size by one audio slot (git-fixes).
USB: gadget: udc: amd5536udc_pci fix null-ptr-dereference (git-fixes).
USB: gadget: u_ether: Fix a configfs return code (git-fixes).
USBip: Fix incorrect double assignment to udc->ud.tcp_rx (git-fixes).
USBip: fix stub_dev to check for stream socket (git-fixes).
USBip: fix stub_dev usbip_sockfd_store() races leading to gpf (git-fixes).
USBip: fix vhci_hcd attach_store() races leading to gpf (git-fixes).
USBip: fix vhci_hcd to check for stream socket (git-fixes).
USBip: fix vudc to check for stream socket (git-fixes).
USBip: fix vudc usbip_sockfd_store races leading to gpf (git-fixes).
USBip: tools: fix build error for multiple definition (git-fixes).
USBip: vhci_hcd fix shift out-of-bounds in vhci_hub_control() (git-fixes).
USB: musb: Fix suspend with devices connected for a64 (git-fixes).
USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem (git-fixes).
USB: renesas_usbhs: Clear PIPECFG for re-enabling pipe with other EPNUM (git-fixes).
USB: replace hardcode maximum usb string length by definition (git-fixes).
USB: serial: ch341: add new Product ID (git-fixes).
USB: serial: cp210x: add ID for Acuity Brands nLight Air Adapter (git-fixes).
USB: serial: cp210x: add some more GE USB IDs (git-fixes).
USB: serial: ftdi_sio: fix FTX sub-integer prescaler (git-fixes).
USB: serial: io_edgeport: fix memory leak in edge_startup (git-fixes).
USB-storage: Add quirk to defeat Kindle's automatic unload (git-fixes).
USB: typec: tcpm: Invoke power_supply_changed for tcpm-source-psy- (git-fixes).
USB: usblp: fix a hang in poll() if disconnected (git-fixes).
USB: xhci: do not perform Soft Retry for some xHCI hosts (git-fixes).
USB: xhci: Fix ASMedia ASM1042A and ASM3242 DMA addressing (git-fixes).
USB: xhci-mtk: fix broken streams issue on 0.96 xHCI (git-fixes).
use __netdev_notify_peers in ibmvnic (bsc#1183871 ltc#192139).
video: fbdev: acornfb: remove free_unused_pages() (bsc#1152489)
video: hyperv_fb: Fix a double free in hvfb_probe (git-fixes).
VMCI: Use set_page_dirty_lock() when unregistering guest memory (git-fixes).
vt/consolemap: do font sum unsigned (git-fixes).
watchdog: mei_wdt: request stop on unregister (git-fixes).
wireguard: device: do not generate ICMP for non-IP packets (git-fixes).
wireguard: kconfig: use arm chacha even with no neon (git-fixes).
wireguard: selftests: test multiple parallel streams (git-fixes).
wlcore: Fix command execute failure 19 for wl12xx (git-fixes).
x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task (bsc#1152489).
x86: Introduce TS_COMPAT_RESTART to fix get_nr_restart_syscall() (bsc#1152489).
x86/ioapic: Ignore IRQ2 again (bsc#1152489).
x86/mem_encrypt: Correct physical address calculation in __set_clr_pte_enc() (bsc#1152489).
xen/events: avoid handling the same event on two cpus at the same time (git-fixes).
xen/events: do not unmask an event channel when an eoi is pending (git-fixes).
xen/events: fix setting irq affinity (bsc#1184583).
xen/events: reset affinity of 2-level event when tearing it down (git-fixes).
xen/gnttab: handle p2m update errors on a per-slot basis (bsc#1183022 XSA-367).
xen-netback: respect gnttab_map_refs()'s return value (bsc#1183022 XSA-367).
xfs: group quota should return EDQUOT when prj quota enabled (bsc#1180980).
xhci: Fix repeated xhci wake after suspend due to uncleared internal wake state (git-fixes).
xhci: Improve detection of device initiated wake signal (git-fixes).

Advisory ID	SUSE-SU-2021:1915-1
Released	Wed Jun 9 14:29:50 2021
Summary	Security update for the Linux Kernel
Type	security
Severity	important
References	1043990,1055117,1065729,1152457,1152489,1155518,1156395,1167260,1167574,1168838,1174416,1174426,1175995,1178089,1179243,1179851,1180846,1181161,1182613,1183063,1183203,1183289,1184208,1184209,1184436,1184485,1184514,1184585,1184650,1184724,1184728,1184730,1184731,1184736,1184737,1184738,1184740,1184741,1184742,1184760,1184811,1184893,1184934,1184942,1184957,1184969,1184984,1185041,1185113,1185233,1185244,1185269,1185365,1185454,1185472,1185491,1185549,1185586,1185587,CVE-2021-29155,CVE-2021-29650

Description:

The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

CVE-2021-29650: Fixed an issue with the netfilter subsystem that allowed attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value (bnc#1184208).
CVE-2021-29155: Fixed an issue that was discovered in kernel/bpf/verifier.c that performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation was not correctly accounted for when restricting subsequent operations (bnc#1184942).

The following non-security bugs were fixed:

ACPI: CPPC: Replace cppc_attr with kobj_attribute (git-fixes).
ALSA: core: remove redundant spin_lock pair in snd_card_disconnect (git-fixes).
ALSA: emu8000: Fix a use after free in snd_emu8000_create_mixer (git-fixes).
ALSA: hda/cirrus: Add error handling into CS8409 I2C functions (git-fixes).
ALSA: hda/cirrus: Add Headphone and Headset MIC Volume Control (git-fixes).
ALSA: hda/cirrus: Add jack detect interrupt support from CS42L42 companion codec (git-fixes).
ALSA: hda/cirrus: Add support for CS8409 HDA bridge and CS42L42 companion codec (git-fixes).
ALSA: hda/cirrus: Cleanup patch_cirrus.c code (git-fixes).
ALSA: hda/cirrus: Fix CS42L42 Headset Mic volume control name (git-fixes).
ALSA: hda/cirrus: Make CS8409 driver more generic by using fixups (git-fixes).
ALSA: hda/cirrus: Set Initial DMIC volume for Bullseye to -26 dB (git-fixes).
ALSA: hda/cirrus: Use CS8409 filter to fix abnormal sounds on Bullseye (git-fixes).
ALSA: hda/realtek: Add quirk for Intel Clevo PCx0Dx (git-fixes).
ALSA: hda/realtek: fix mic boost on Intel NUC 8 (git-fixes).
ALSA: hda/realtek: fix static noise on ALC285 Lenovo laptops (git-fixes).
ALSA: hda/realtek: GA503 use same quirks as GA401 (git-fixes).
ALSA: hda/realtek - Headset Mic issue on HP platform (git-fixes).
ALSA: hda/realtek: Remove redundant entry for ALC861 Haier/Uniwill devices (git-fixes).
ALSA: hda/realtek: Re-order ALC269 Acer quirk table entries (git-fixes).
ALSA: hda/realtek: Re-order ALC269 ASUS quirk table entries (git-fixes).
ALSA: hda/realtek: Re-order ALC269 Dell quirk table entries (git-fixes).
ALSA: hda/realtek: Re-order ALC269 HP quirk table entries (git-fixes).
ALSA: hda/realtek: Re-order ALC269 Lenovo quirk table entries (git-fixes).
ALSA: hda/realtek: Re-order ALC269 Sony quirk table entries (git-fixes).
ALSA: hda/realtek: Re-order ALC662 quirk table entries (git-fixes).
ALSA: hda/realtek: Re-order ALC882 Acer quirk table entries (git-fixes).
ALSA: hda/realtek: Re-order ALC882 Clevo quirk table entries (git-fixes).
ALSA: hda/realtek: Re-order ALC882 Sony quirk table entries (git-fixes).
ALSA: hda/realtek: Re-order remaining ALC269 quirk table entries (git-fixes).
ALSA: sb: Fix two use after free in snd_sb_qsound_build (git-fixes).
ALSA: usb-audio: Add DJM450 to Pioneer format quirk (git-fixes).
ALSA: usb-audio: Add error checks for usb_driver_claim_interface() calls (git-fixes).
ALSA: usb-audio: Add MIDI quirk for Vox ToneLab EX (git-fixes).
ALSA: usb-audio: Configure Pioneer DJM-850 samplerate (git-fixes).
ALSA: usb-audio: DJM-750: ensure format is set (git-fixes).
ALSA: usb-audio: Explicitly set up the clock selector (git-fixes).
ALSA: usb-audio: Fix implicit sync clearance at stopping stream (git-fixes).
ALSA: usb-audio: Fix Pioneer DJM devices URB_CONTROL request direction to set samplerate (git-fixes).
ALSA: usb: midi: do not return -ENOMEM when usb_urb_ep_type_check fails (git-fixes).
arm: dts: add imx7d pcf2127 fix to blacklist
ASoC: ak5558: correct reset polarity (git-fixes).
ASoC: ak5558: Fix s/show/slow/ typo (git-fixes).
ASoC: Intel: kbl_da7219_max98927: Fix kabylake_ssp_fixup function (git-fixes).
ASoC: samsung: tm2_wm5110: check of of_parse return value (git-fixes).
ASoC: simple-card: fix possible uninitialized single_cpu local variable (git-fixes).
ASoC: SOF: Intel: HDA: fix core status verification (git-fixes).
ASoC: SOF: Intel: hda: remove unnecessary parentheses (git-fixes).
ata: libahci_platform: fix IRQ check (git-fixes).
ath10k: Fix ath10k_wmi_tlv_op_pull_peer_stats_info() unlock without lock (git-fixes).
ath9k: Fix error check in ath9k_hw_read_revisions() for PCI devices (git-fixes).
backlight: journada720: Fix Wmisleading-indentation warning (git-fixes).
blkcg: fix memleak for iolatency (git-fixes).
block, bfq: set next_rq to waker_bfqq->next_rq in waker injection (bsc#1168838).
block: recalculate segment count for multi-segment discards correctly (bsc#1184724).
block: rsxx: select CONFIG_CRC32 (git-fixes).
bluetooth: eliminate the potential race condition when removing the HCI controller (git-fixes).
bnxt_en: reverse order of TX disable and carrier off (git-fixes).
bpf: Fix verifier jsgt branch analysis on max bound (bsc#1155518).
bpf, libbpf: Only create rx and tx XDP rings when necessary (bsc#1155518).
bpf, samples: Fix possible hang in xdpsock with multiple threads (bsc#1155518).
bpf, sockmap: Fix sk->prot unhash op reset (bsc#1155518).
bsg: free the request before return error code (git-fixes).
btrfs: fix qgroup data rsv leak caused by falloc failure (bsc#1185549).
btrfs: fix race between swap file activation and snapshot creation (bsc#1185587).
btrfs: fix race between writes to swap files and scrub (bsc#1185586).
btrfs: track qgroup released data in own variable in insert_prealloc_file_extent (bsc#1185549).
bus: qcom: Put child node before return (git-fixes).
cfg80211: remove WARN_ON() in cfg80211_sme_connect (git-fixes).
clk: exynos7: Mark aclk_fsys1_200 as critical (git-fixes).
clk: mvebu: armada-37xx-periph: Fix switching CPU freq from 250 Mhz to 1 GHz (git-fixes).
clk: mvebu: armada-37xx-periph: Fix workaround for switching from L1 to L0 (git-fixes).
clk: mvebu: armada-37xx-periph: remove .set_parent method for CPU PM clock (git-fixes).
clk: qcom: a53-pll: Add missing MODULE_DEVICE_TABLE (git-fixes).
clk: uniphier: Fix potential infinite loop (git-fixes).
clk: zynqmp: move zynqmp_pll_set_mode out of round_rate callback (git-fixes).
coresight: etm4x: Fix issues on trcseqevr access (git-fixes).
coresight: etm4x: Fix save and restore of TRCVMIDCCTLR1 register (git-fixes).
coresight: tmc-etr: Fix barrier packet insertion for perf buffer (git-fixes).
cpufreq: armada-37xx: Fix determining base CPU frequency (git-fixes).
cpufreq: armada-37xx: Fix driver cleanup when registration failed (git-fixes).
cpufreq: armada-37xx: Fix setting TBG parent for load levels (git-fixes).
cpufreq: armada-37xx: Fix the AVS value for load L1 (git-fixes).
cpufreq: Kconfig: fix documentation links (git-fixes).
crypto: arm/curve25519 - Move '.fpu' after '.arch' (git-fixes).
crypto: rng - fix crypto_rng_reset() refcounting when !CRYPTO_STATS (git-fixes).
cxgb4: avoid collecting SGE_QBASE regs during traffic (git-fixes).
cxgb4/chtls/cxgbit: Keeping the max ofld immediate data size same in cxgb4 and ulds (git-fixes).
dmaengine: dw: Make it dependent to HAS_IOMEM (git-fixes).
dm: eliminate potential source of excessive kernel log noise (git-fixes).
dm era: Fix bitset memory leaks (git-fixes).
dm era: only resize metadata in preresume (git-fixes).
dm era: Recover committed writeset after crash (git-fixes).
dm era: Reinitialize bitset cache before digesting a new writeset (git-fixes).
dm era: Use correct value size in equality function of writeset tree (git-fixes).
dm era: Verify the data block size hasn't changed (git-fixes).
dm: fix bug with RCU locking in dm_blk_report_zones (git-fixes).
dm integrity: fix error reporting in bitmap mode after creation (git-fixes).
dm ioctl: fix error return code in target_message (git-fixes).
dm mpath: fix racey management of PG initialization (git-fixes).
dm mpath: switch paths in dm_blk_ioctl() code path (bsc#1167574, bsc#1175995, bsc#1184485).
dm raid: fix discard limits for raid1 (git-fixes).
dm: remove invalid sparse __acquires and __releases annotations (git-fixes).
dm writecache: fix the maximum number of arguments (git-fixes).
dm writecache: handle DAX to partitions on persistent memory correctly (git-fixes).
dm writecache: remove BUG() and fail gracefully instead (git-fixes).
dm zoned: select CONFIG_CRC32 (git-fixes).
dpaa_eth: copy timestamp fields to new skb in A-050385 workaround (git-fixes).
dpaa_eth: fix the RX headroom size alignment (git-fixes).
dpaa_eth: Remove unnecessary boolean expression in dpaa_get_headroom (git-fixes).
dpaa_eth: Use random MAC address when none is given (bsc#1184811).
drivers: net: xgene: Fix the order of the arguments of 'alloc_etherdev_mqs()' (git-fixes).
drm/amdkfd: fix build error with AMD_IOMMU_V2=m (git-fixes).
drm/ast: Add 25MHz refclk support (bsc#1174416).
drm/ast: Add support for 1152x864 mode (bsc#1174416).
drm/ast: Add support for AIP200 (bsc#1174416).
drm/ast: AST2500 fixups (bsc#1174416).
drm/ast: Correct mode table for AST2500 precatch (bsc#1174416).
drm/ast: Disable screen on register init (bsc#1174416).
drm/ast: Disable VGA decoding while driver is active (bsc#1174416).
drm/ast: drm/ast: Fix boot address for AST2500 (bsc#1174416).
drm/ast: Fix P2A config detection (bsc#1174416).
drm/ast: Fix register access in non-P2A mode for DP501 (bsc#1174416).
drm/ast: Keep MISC fields when enabling VGA (bsc#1174416).
drm/i915/gvt: Fix error code in intel_gvt_init_device() (git-fixes).
drm/imx: imx-ldb: fix out of bounds array access warning (git-fixes).
drm/msm: Fix a5xx/a6xx timestamps (git-fixes).
drm/omap: fix misleading indentation in pixinc() (git-fixes).
drm/radeon: fix copy of uninitialized variable back to userspace (git-fixes).
drm/tegra: dc: Do not set PLL clock to 0Hz (git-fixes).
e1000e: add rtnl_lock() to e1000_reset_task (git-fixes).
e1000e: Fix duplicate include guard (git-fixes).
e1000e: Fix error handling in e1000_set_d0_lplu_state_82571 (git-fixes).
enetc: Let the hardware auto-advance the taprio base-time of 0 (git-fixes).
enetc: Workaround for MDIO register access issue (git-fixes).
ethernet/netronome/nfp: Fix a use after free in nfp_bpf_ctrl_msg_rx (git-fixes).
ext4: do not try to set xattr into ea_inode if value is empty (bsc#1184730).
ext4: find old entry again if failed to rename whiteout (bsc#1184742).
ext4: fix potential error in ext4_do_update_inode (bsc#1184731).
ext4: fix potential htree index checksum corruption (bsc#1184728).
firmware: qcom-scm: Fix QCOM_SCM configuration (git-fixes).
fnic: use scsi_host_busy_iter() to traverse commands (bsc#1179851).
fotg210-udc: Complete OUT requests on short packets (git-fixes).
fotg210-udc: Do not DMA more than the buffer can take (git-fixes).
fotg210-udc: Fix DMA on EP0 for length > max packet size (git-fixes).
fotg210-udc: Fix EP0 IN requests bigger than two packets (git-fixes).
fotg210-udc: Mask GRP2 interrupts we do not handle (git-fixes).
fotg210-udc: Remove a dubious condition leading to fotg210_done (git-fixes).
fs: direct-io: fix missing sdio->boundary (bsc#1184736).
fs/jfs: fix potential integer overflow on shift of a int (bsc#1184741).
fsl/fman: reuse set_mac_address() in dtsec init() (bsc#1184811).
fsl/fman: tolerate missing MAC address in device tree (bsc#1184811).
gpio: omap: Save and restore sysconfig (git-fixes).
gpio: sysfs: Obey valid_mask (git-fixes).
HID: alps: fix error return code in alps_input_configured() (git-fixes).
HID: google: add don USB id (git-fixes).
HID: plantronics: Workaround for double volume key presses (git-fixes).
HID: wacom: Assign boolean values to a bool variable (git-fixes).
HID: wacom: set EV_KEY and EV_ABS only for non-HID_GENERIC type of devices (git-fixes).
i2c: cadence: add IRQ check (git-fixes).
i2c: emev2: add IRQ check (git-fixes).
i2c: img-scb: fix reference leak when pm_runtime_get_sync fails (git-fixes).
i2c: imx-lpi2c: fix reference leak when pm_runtime_get_sync fails (git-fixes).
i2c: jz4780: add IRQ check (git-fixes).
i2c: omap: fix reference leak when pm_runtime_get_sync fails (git-fixes).
i2c: sh7760: add IRQ check (git-fixes).
i2c: sh7760: fix IRQ error path (git-fixes).
i2c: sprd: fix reference leak when pm_runtime_get_sync fails (git-fixes).
i40e: Added Asym_Pause to supported link modes (git-fixes).
i40e: Add zero-initialization of AQ command structures (git-fixes).
i40e: Fix addition of RX filters after enabling FW LLDP agent (git-fixes).
i40e: Fix add TC filter for IPv6 (git-fixes).
i40e: Fix display statistics for veb_tc (git-fixes).
i40e: Fix endianness conversions (git-fixes).
i40e: Fix flow for IPv6 next header (extension header) (git-fixes).
i40e: Fix kernel oops when i40e driver removes VF's (git-fixes).
i40e: Fix overwriting flow control settings during driver loading (git-fixes).
i40e: Fix sparse errors in i40e_txrx.c (git-fixes).
i40e: Fix sparse warning: missing error code 'err' (git-fixes).
i40e: fix the panic when running bpf in xdpdrv mode (git-fixes).
ibmvnic: avoid calling napi_disable() twice (bsc#1065729).
ibmvnic: clean up the remaining debugfs data structures (bsc#1065729).
ibmvnic: correctly use dev_consume/free_skb_irq (jsc#SLE-17268 jsc#SLE-17043 bsc#1179243 ltc#189290 git-fixes).
ibmvnic: improve failover sysfs entry (bsc#1043990 ltc#155681 git-fixes).
ibmvnic: print adapter state as a string (bsc#1152457 ltc#174432 git-fixes).
ibmvnic: print reset reason as a string (bsc#1152457 ltc#174432 git-fixes).
ibmvnic: queue reset work in system_long_wq (bsc#1152457 ltc#174432 git-fixes).
ibmvnic: remove duplicate napi_schedule call in do_reset function (bsc#1065729).
ibmvnic: remove duplicate napi_schedule call in open function (bsc#1065729).
ice: Account for port VLAN in VF max packet size calculation (git-fixes).
ice: Cleanup fltr list in case of allocation issues (git-fixes).
ice: Fix for dereference of NULL pointer (git-fixes).
ice: Increase control queue timeout (git-fixes).
ice: prevent ice_open and ice_stop during reset (git-fixes).
igb: check timestamp validity (git-fixes).
igb: Fix duplicate include guard (git-fixes).
igc: Fix Pause Frame Advertising (git-fixes).
igc: Fix Supported Pause Frame Link Setting (git-fixes).
igc: reinit_locked() should be called with rtnl_lock (git-fixes).
iio:accel:adis16201: Fix wrong axis assignment that prevents loading (git-fixes).
ima: Free IMA measurement buffer after kexec syscall (git-fixes).
Input: i8042 - fix Pegatron C15B ID entry (git-fixes).
Input: nspire-keypad - enable interrupts only when opened (git-fixes).
Input: s6sy761 - fix coordinate read bit shift (git-fixes).
interconnect: core: fix error return code of icc_link_destroy() (git-fixes).
iopoll: introduce read_poll_timeout macro (git-fixes).
iommu/vt-d: Use device numa domain if RHSA is missing (bsc#1184585).
ipw2x00: potential buffer overflow in libipw_wx_set_encodeext() (git-fixes).
irqchip: Add support for Layerscape external interrupt lines (bsc#1185233).
irqchip/ls-extirq: add IRQCHIP_SKIP_SET_WAKE to the irqchip flags (bsc#1185233).
irqchip/ls-extirq: Add LS1043A, LS1088A external interrupt support (bsc#1185233).
isofs: release buffer head before return (bsc#1182613).
ixgbe: fail to create xfrm offload of IPsec tunnel mode SA (git-fixes).
jffs2: fix use after free in jffs2_sum_write_data() (bsc#1184740).
kABI: cover up change in struct kvm_arch (bsc#1184969).
kABI: Fix kABI caused by fixes for bsc#1174426 (bsc#1174426).
kABI: powerpc/pseries: Add shutdown() to vio_driver and vio_bus (bsc#1184209 ltc#190917).
kernel/smp: make csdlock timeout depend on boot parameter (bsc#1180846).
KVM: kvmclock: Fix vCPUs > 64 can't be online/hotpluged (bsc#1152489).
KVM: PPC: Book3S HV P9: Restore host CTRL SPR after guest exit (bsc#1156395).
KVM: PPC: Make the VMX instruction emulation routines static (bsc#1156395).
libnvdimm/label: Return -ENXIO for no slot in __blk_label_update (bsc#1185269).
libnvdimm/namespace: Fix reaping of invalidated block-window-namespace labels (bsc#1185269).
libnvdimm/region: Fix nvdimm_has_flush() to handle ND_REGION_ASYNC (bsc#1184969 git-fixes).
libnvdimm/security: ensure sysfs poll thread woke up and fetch updated attr (git-fixes).
liquidio: Fix unintented sign extension of a left shift of a u16 (git-fixes).
locking/qrwlock: Fix ordering in queued_write_lock_slowpath() (bsc#1185041).
mac80211: bail out if cipher schemes are invalid (git-fixes).
mac80211: clear sta->fast_rx when STA removed from 4-addr VLAN (git-fixes).
macvlan: macvlan_count_rx() needs to be aware of preemption (git-fixes).
media: dvbdev: Fix memory leak in dvb_media_device_free() (git-fixes).
media: m88rs6000t: avoid potential out-of-bounds reads on arrays (git-fixes).
media: mantis: remove orphan mantis_core.c (git-fixes).
media: omap4iss: return error code when omap4iss_get() failed (git-fixes).
media: platform: sunxi: sun6i-csi: fix error return code of sun6i_video_start_streaming() (git-fixes).
media: staging/intel-ipu3: Fix memory leak in imu_fmt (git-fixes).
media: staging/intel-ipu3: Fix race condition during set_fmt (git-fixes).
media: staging/intel-ipu3: Fix set_fmt error handling (git-fixes).
media: v4l2-ctrls.c: fix race condition in hdl->requests list (git-fixes).
memory: gpmc: fix out of bounds read and dereference on gpmc_cs[] (git-fixes).
memory: pl353: fix mask of ECC page_size config register (git-fixes).
mfd: lpc_sch: Partially revert 'Add support for Intel Quark X1000' (git-fixes).
mfd: stm32-timers: Avoid clearing auto reload register (git-fixes).
misc: lis3lv02d: Fix false-positive WARN on various HP models (git-fixes).
misc: vmw_vmci: explicitly initialize vmci_datagram payload (git-fixes).
misc: vmw_vmci: explicitly initialize vmci_notify_bm_set_msg struct (git-fixes).
mmc: core: Correct descriptions in mmc_of_parse() (git-fixes).
mmc: cqhci: Add cqhci_deactivate() (git-fixes).
mmc: mmc_spi: Drop unused NO_IRQ definition (git-fixes).
mmc: sdhci-of-arasan: Add missed checks for devm_clk_register() (git-fixes).
mmc: sdhci-of-dwcmshc: fix rpmb access (git-fixes).
mmc: sdhci-of-dwcmshc: implement specific set_uhs_signaling (git-fixes).
mmc: sdhci-of-esdhc: make sure delay chain locked for HS400 (git-fixes).
mmc: sdhci-of-esdhc: set timeout to max before tuning (git-fixes).
mmc: sdhci-pci: Fix SDHCI_RESET_ALL for CQHCI for Intel GLK-based controllers (git-fixes).
mmc: sdhci: Use Auto CMD Auto Select only when v4_mode is true (git-fixes).
mmc: uniphier-sd: Fix an error handling path in uniphier_sd_probe() (git-fixes).
mmc: uniphier-sd: Fix a resource leak in the remove function (git-fixes).
mm/rmap: fix potential pte_unmap on an not mapped pte (git-fixes).
Move upstreamed i915 fix into sorted section
mt7601u: fix always true expression (git-fixes).
mtd: Handle possible -EPROBE_DEFER from parse_mtd_partitions() (git-fixes).
mtd: rawnand: brcmnand: fix OOB R/W with Hamming ECC (git-fixes).
mtd: rawnand: fsmc: Fix error code in fsmc_nand_probe() (git-fixes).
mtd: rawnand: gpmi: Fix a double free in gpmi_nand_init (git-fixes).
mtd: rawnand: qcom: Return actual error code instead of -ENODEV (git-fixes).
mtd: require write permissions for locking and badblock ioctls (git-fixes).
mtd: spinand: core: add missing MODULE_DEVICE_TABLE() (git-fixes).
mtd: spi-nor: Rename 'n25q512a' to 'mt25qu512a (n25q512a)' (bsc#1167260).
mtd: spi-nor: Split mt25qu512a (n25q512a) entry into two (bsc#1167260).
nbd: fix a block_device refcount leak in nbd_release (git-fixes).
net: atlantic: fix out of range usage of active_vlans array (git-fixes).
net: atlantic: fix potential error handling (git-fixes).
net: atlantic: fix use after free kasan warn (git-fixes).
net: dsa: felix: implement port flushing on .phylink_mac_link_down (git-fixes).
net: enetc: remove bogus write to SIRXIDR from enetc_setup_rxbdr (git-fixes).
net: enetc: take the MDIO lock only once per NAPI poll cycle (git-fixes).
net: geneve: check skb is large enough for IPv4/IPv6 header (git-fixes).
net: geneve: modify IP header check in geneve6_xmit_skb and geneve_xmit_skb (git-fixes).
net: hns3: clear VF down state bit before request link status (git-fixes).
net: hns3: fix bug when calculating the TCAM table info (git-fixes).
net: hns3: fix query vlan mask value error for flow director (git-fixes).
net: hns3: Remove un-necessary 'else-if' in the hclge_reset_event() (git-fixes).
net: ll_temac: Add more error handling of dma_map_single() calls (git-fixes).
net: ll_temac: Fix race condition causing TX hang (git-fixes).
net: ll_temac: Fix RX buffer descriptor handling on GFP_ATOMIC pressure (git-fixes).
net: ll_temac: Handle DMA halt condition caused by buffer underrun (git-fixes).
net/mlx4_core: Add missed mlx4_free_cmd_mailbox() (git-fixes).
net/mlx5: Do not request more than supported EQs (git-fixes).
net/mlx5e: Do not match on Geneve options in case option masks are all zero (git-fixes).
net/mlx5e: Fix error path for ethtool set-priv-flag (git-fixes).
net/mlx5e: Fix ethtool indication of connector type (git-fixes).
net/mlx5e: fix ingress_ifindex check in mlx5e_flower_parse_meta (jsc#SLE-8464).
net:nfc:digital: Fix a double free in digital_tg_recv_dep_req (git-fixes).
net: phy: intel-xway: enable integrated led functions (git-fixes).
net: phy: marvell: fix m88e1011_set_downshift (git-fixes).
net: phy: marvell: fix m88e1111_set_downshift (git-fixes).
net/qlcnic: Fix a use after free in qlcnic_83xx_get_minidump_template (git-fixes).
net: smc911x: Adjust indentation in smc911x_phy_configure (git-fixes).
net: stmmac: fix missing IFF_MULTICAST check in dwmac4_set_filter (git-fixes).
net: stmmac: xgmac: fix missing IFF_MULTICAST checki in dwxgmac2_set_filter (git-fixes).
net: tulip: Adjust indentation in {dmfe, uli526x}_init_module (git-fixes).
nfc: pn533: prevent potential memory corruption (git-fixes).
nfp: flower: ignore duplicate merge hints from FW (git-fixes).
node: fix device cleanups in error handling code (git-fixes).
null_blk: fix passing of REQ_FUA flag in null_handle_rq (git-fixes).
nvme-fabrics: reject I/O to offline device (bsc#1181161).
nvme-tcp: fix possible hang when failing to set io queues (bsc#1181161).
ocfs2: fix a use after free on error (bsc#1184738).
pata_arasan_cf: fix IRQ check (git-fixes).
pata_ipx4xx_cf: fix IRQ check (git-fixes).
PCI/AER: Add pcie_walk_rcec() to RCEC AER handling (bsc#1174426).
PCI/AER: Add RCEC AER error injection support (bsc#1174426).
PCI/AER: Clear AER status from Root Port when resetting Downstream Port (bsc#1174426).
PCI/AER: Specify the type of Port that was reset (bsc#1174426).
PCI/AER: Use 'aer' variable for capability offset (bsc#1174426).
PCI/AER: Write AER Capability only when we control it (bsc#1174426).
PCI: designware-ep: Fix the Header Type check (git-fixes).
PCI/ERR: Add pcie_link_rcec() to associate RCiEPs (bsc#1174426).
PCI/ERR: Add pci_walk_bridge() to pcie_do_recovery() (bsc#1174426).
PCI/ERR: Avoid negated conditional for clarity (bsc#1174426).
PCI/ERR: Bind RCEC devices to the Root Port driver (bsc#1174426).
PCI/ERR: Cache RCEC EA Capability offset in pci_init_capabilities() (bsc#1174426).
PCI/ERR: Clear AER status only when we control AER (bsc#1174426).
PCI/ERR: Clear PCIe Device Status errors only if OS owns AER (bsc#1174426).
PCI/ERR: Clear status of the reporting device (bsc#1174426).
PCI/ERR: Recover from RCEC AER errors (bsc#1174426).
PCI/ERR: Recover from RCiEP AER errors (bsc#1174426).
PCI/ERR: Rename reset_link() to reset_subordinates() (bsc#1174426).
PCI/ERR: Retain status from error notification (bsc#1174426).
PCI/ERR: Simplify by computing pci_pcie_type() once (bsc#1174426).
PCI/ERR: Simplify by using pci_upstream_bridge() (bsc#1174426).
PCI/ERR: Use 'bridge' for clarity in pcie_do_recovery() (bsc#1174426).
PCI/PME: Add pcie_walk_rcec() to RCEC PME handling (bsc#1174426).
PCI/portdrv: Report reset for frozen channel (bsc#1174426).
PCI: tegra: Fix ASPM-L1SS advertisement disable code (git-fixes).
PCI: tegra: Move 'dbi' accesses to post common DWC initialization (git-fixes).
phy: marvell: ARMADA375_USBCLUSTER_PHY should not default to y, unconditionally (git-fixes).
pinctrl: core: Fix kernel doc string for pin_get_name() (git-fixes).
pinctrl: Ingenic: Add missing pins to the JZ4770 MAC MII group (git-fixes).
platform/x86: pmc_atom: Match all Beckhoff Automation baytrail boards with critclk_systems DMI table (git-fixes).
PM: runtime: Add documentation for pm_runtime_resume_and_get() (git-fixes).
powerepc/book3s64/hash: Align start/end address correctly with bolt mapping (bsc#1184957).
powerpc/64s: Fix pte update for kernel memory on radix (bsc#1055117 git-fixes).
powerpc/asm-offsets: GPR14 is not needed either (bsc#1065729).
powerpc/eeh: Fix EEH handling for hugepages in ioremap space (bsc#1156395).
powerpc/fadump: Mark fadump_calculate_reserve_size as __init (bsc#1065729).
powerpc/mm: Add cond_resched() while removing hpte mappings (bsc#1183289 ltc#191637).
powerpc/papr_scm: Fix build error due to wrong printf specifier (bsc#1184969).
powerpc/papr_scm: Implement support for H_SCM_FLUSH hcall (bsc#1184969).
powerpc/perf: Fix PMU constraint check for EBB events (bsc#1065729).
powerpc/prom: Mark identical_pvr_fixup as __init (bsc#1065729).
powerpc/pseries: Add shutdown() to vio_driver and vio_bus (bsc#1184209 ltc#190917).
powerpc/time: Enable sched clock for irqtime (bsc#1156395).
regmap: set debugfs_name to NULL after it is freed (git-fixes).
regulator: Avoid a double 'of_node_get' in 'regulator_of_get_init_node()' (git-fixes).
reintroduce cqhci_suspend for kABI (git-fixes).
reiserfs: update reiserfs_xattrs_initialized() condition (bsc#1184737).
rpm/constraints.in: bump disk space to 45GB on riscv64
rpm/kernel-obs-build.spec.in: Include essiv with dm-crypt (boo#1183063).
rpm/macros.kernel-source: fix KMP failure in %install (bsc#1185244)
rpm/mkspec: Use tilde instead of dot for version string with rc (bsc#1184650)
rsi: Use resume_noirq for SDIO (git-fixes).
rsxx: remove extraneous 'const' qualifier (git-fixes).
rtc: ds1307: Fix wday settings for rx8130 (git-fixes).
rtc: fsl-ftm-alarm: add MODULE_TABLE() (bsc#1185454).
rtc: fsl-ftm-alarm: avoid struct rtc_time conversions (bsc#1185454).
rtc: fsl-ftm-alarm: enable acpi support (bsc#1185454).
rtc: fsl-ftm-alarm: fix freeze(s2idle) failed to wake (bsc#1185454).
rtc: fsl-ftm-alarm: report alarm to core (bsc#1185454).
rtc: fsl-ftm-alarm: switch to ktime_get_real_seconds (bsc#1185454).
rtc: fsl-ftm-alarm: switch to rtc_time64_to_tm/rtc_tm_to_time64 (bsc#1185454).
rtc: fsl-ftm-alarm: update acpi device id (bsc#1185454).
rtc: pcf2127: add alarm support (bsc#1185233).
rtc: pcf2127: add pca2129 device id (bsc#1185233).
rtc: pcf2127: add tamper detection support (bsc#1185233).
rtc: pcf2127: add watchdog feature support (bsc#1185233).
rtc: pcf2127: bugfix: watchdog build dependency (bsc#1185233).
rtc: pcf2127: cleanup register and bit defines (bsc#1185233).
rtc: pcf2127: convert to devm_rtc_allocate_device (bsc#1185233).
rtc: pcf2127: fix a bug when not specify interrupts property (bsc#1185233).
rtc: pcf2127: fix alarm handling (bsc#1185233).
rtc: pcf2127: fix pcf2127_nvmem_read/write() returns (bsc#1185233).
rtc: pcf2127: handle boot-enabled watchdog feature (bsc#1185233).
rtc: pcf2127: let the core handle rtc range (bsc#1185233).
rtc: pcf2127: move watchdog initialisation to a separate function (bsc#1185233).
rtc: pcf2127: only use watchdog when explicitly available (bsc#1185233).
rtc: pcf2127: properly set flag WD_CD for rtc chips(pcf2129, pca2129) (bsc#1185233).
rtc: pcf2127: remove unnecessary #ifdef (bsc#1185233).
rtc: pcf2127: set regmap max_register (bsc#1185233).
rtc: pcf2127: watchdog: handle nowayout feature (bsc#1185233).
rtlwifi: 8821ae: upgrade PHY and RF parameters (git-fixes).
rtw88: Fix array overrun in rtw_get_tx_power_params() (git-fixes).
sata_mv: add IRQ checks (git-fixes).
scsi: block: Fix a race in the runtime power management code (git-fixes).
scsi: core: add scsi_host_busy_iter() (bsc#1179851).
scsi: core: Only return started requests from scsi_host_find_tag() (bsc#1179851).
scsi: lpfc: Copyright updates for 12.8.0.9 patches (bsc#1185472).
scsi: lpfc: Eliminate use of LPFC_DRIVER_NAME in lpfc_attr.c (bsc#1185472).
scsi: lpfc: Fix a bunch of kernel-doc issues (bsc#1185472).
scsi: lpfc: Fix a bunch of kernel-doc misdemeanours (bsc#1185472).
scsi: lpfc: Fix a bunch of misnamed functions (bsc#1185472).
scsi: lpfc: Fix a few incorrectly named functions (bsc#1185472).
scsi: lpfc: Fix a typo (bsc#1185472).
scsi: lpfc: Fix crash when a REG_RPI mailbox fails triggering a LOGO response (bsc#1185472).
scsi: lpfc: Fix DMA virtual address ptr assignment in bsg (bsc#1185365).
scsi: lpfc: Fix error handling for mailboxes completed in MBX_POLL mode (bsc#1185472).
scsi: lpfc: Fix formatting and misspelling issues (bsc#1185472).
scsi: lpfc: Fix gcc -Wstringop-overread warning (bsc#1185472).
scsi: lpfc: Fix illegal memory access on Abort IOCBs (bsc#1183203).
scsi: lpfc: Fix incorrectly documented function lpfc_debugfs_commonxripools_data() (bsc#1185472).
scsi: lpfc: Fix incorrect naming of __lpfc_update_fcf_record() (bsc#1185472).
scsi: lpfc: Fix kernel-doc formatting issue (bsc#1185472).
scsi: lpfc: Fix lack of device removal on port swaps with PRLIs (bsc#1185472).
scsi: lpfc: Fix lpfc_hdw_queue attribute being ignored (bsc#1185472).
scsi: lpfc: Fix missing FDMI registrations after Mgmt Svc login (bsc#1185472).
scsi: lpfc: Fix NMI crash during rmmod due to circular hbalock dependency (bsc#1185472).
scsi: lpfc: Fix reference counting errors in lpfc_cmpl_els_rsp() (bsc#1185472).
scsi: lpfc: Fix rmmod crash due to bad ring pointers to abort_iotag (bsc#1185472).
scsi: lpfc: Fix silent memory allocation failure in lpfc_sli4_bsg_link_diag_test() (bsc#1185472).
scsi: lpfc: Fix some error codes in debugfs (bsc#1185472).
scsi: lpfc: Fix use-after-free on unused nodes after port swap (bsc#1185472).
scsi: lpfc: Fix various trivial errors in comments and log messages (bsc#1185472).
scsi: lpfc: Remove unsupported mbox PORT_CAPABILITIES logic (bsc#1185472).
scsi: lpfc: Standardize discovery object logging format (bsc#1185472).
scsi: lpfc: Update lpfc version to 12.8.0.9 (bsc#1185472).
scsi: qla2xxx: Add error counters to debugfs node (bsc#1185491).
scsi: qla2xxx: Add H:C:T info in the log message for fc ports (bsc#1185491).
scsi: qla2xxx: Always check the return value of qla24xx_get_isp_stats() (bsc#1185491).
scsi: qla2xxx: Assign boolean values to a bool variable (bsc#1185491).
scsi: qla2xxx: Check kzalloc() return value (bsc#1185491).
scsi: qla2xxx: Consolidate zio threshold setting for both FCP NVMe (bsc#1185491).
scsi: qla2xxx: Constify struct qla_tgt_func_tmpl (bsc#1185491).
scsi: qla2xxx: Do logout even if fabric scan retries got exhausted (bsc#1185491).
scsi: qla2xxx: Enable NVMe CONF (BIT_7) when enabling SLER (bsc#1185491).
scsi: qla2xxx: fc_remote_port_chkready() returns a SCSI result value (bsc#1185491).
scsi: qla2xxx: Fix a couple of misdocumented functions (bsc#1185491).
scsi: qla2xxx: Fix a couple of misnamed functions (bsc#1185491).
scsi: qla2xxx: Fix broken #endif placement (bsc#1185491).
scsi: qla2xxx: Fix crash in PCIe error handling (bsc#1185491).
scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand() (bsc#1185491).
scsi: qla2xxx: Fix endianness annotations (bsc#1185491).
scsi: qla2xxx: Fix incorrectly named function qla8044_check_temp() (bsc#1185491).
scsi: qla2xxx: Fix IOPS drop seen in some adapters (bsc#1185491).
scsi: qla2xxx: Fix mailbox Ch erroneous error (bsc#1185491).
scsi: qla2xxx: Fix mailbox recovery during PCIe error (bsc#1185491).
scsi: qla2xxx: Fix RISC RESET completion polling (bsc#1185491).
scsi: qla2xxx: Fix some incorrect formatting/spelling issues (bsc#1185491).
scsi: qla2xxx: Fix some memory corruption (bsc#1185491).
scsi: qla2xxx: Fix stuck session (bsc#1185491).
scsi: qla2xxx: Fix use after free in bsg (bsc#1185491).
scsi: qla2xxx: Implementation to get and manage host, target stats and initiator port (bsc#1185491).
scsi: qla2xxx: Move some messages from debug to normal log level (bsc#1185491).
scsi: qla2xxx: Remove redundant NULL check (bsc#1185491).
scsi: qla2xxx: Remove unnecessary NULL check (bsc#1185491).
scsi: qla2xxx: Remove unneeded if-null-free check (bsc#1185491).
scsi: qla2xxx: Replace __qla2x00_marker()'s missing underscores (bsc#1185491).
scsi: qla2xxx: Reserve extra IRQ vectors (bsc#1184436).
scsi: qla2xxx: Reuse existing error handling path (bsc#1185491).
scsi: qla2xxx: Simplify if statement (bsc#1185491).
scsi: qla2xxx: Simplify qla8044_minidump_process_control() (bsc#1185491).
scsi: qla2xxx: Simplify the calculation of variables (bsc#1185491).
scsi: qla2xxx: Suppress Coverity complaints about dseg_r* (bsc#1185491).
scsi: qla2xxx: Update default AER debug mask (bsc#1185491).
scsi: qla2xxx: Update version to 10.02.00.105-k (bsc#1185491).
scsi: qla2xxx: Update version to 10.02.00.106-k (bsc#1185491).
scsi: qla2xxx: Use dma_pool_zalloc() (bsc#1185491).
scsi: qla2xxx: Wait for ABTS response on I/O timeouts for NVMe (bsc#1185491).
scsi: smartpqi: Correct driver removal with HBA disks (bsc#1178089).
scsi: smartpqi: Correct pqi_sas_smp_handler busy condition (bsc#1178089).
scsi: smartpqi: Update version to 1.2.16-012 (bsc#1178089).
selftests/powerpc: Add pkey helpers for rights (bsc#1184934 ltc#191460).
selftests/powerpc: Add test for execute-disabled pkeys (bsc#1184934 ltc#191460).
selftests/powerpc: Add test for pkey siginfo verification (bsc#1184934 ltc#191460).
selftests/powerpc: Add wrapper for gettid (bsc#1184934 ltc#191460).
selftests/powerpc: Fix exit status of pkey tests (bsc#1184934 ltc#191460).
selftests/powerpc: Fix L1D flushing tests for Power10 (bsc#1184934 ltc#191460).
selftests/powerpc: Fix pkey syscall redefinitions (bsc#1184934 ltc#191460).
selftests/powerpc: Move pkey helpers to headers (bsc#1184934 ltc#191460).
selftests/powerpc: refactor entry and rfi_flush tests (bsc#1184934 ltc#191460).
soc: aspeed: fix a ternary sign expansion bug (git-fixes).
soc: qcom: mdt_loader: Detect truncated read of segments (git-fixes).
soc: qcom: mdt_loader: Validate that p_filesz p_memsz (git-fixes).
soundwire: bus: Fix device found flag correctly (git-fixes).
soundwire: stream: fix memory leak in stream config error path (git-fixes).
spi: fsl-dspi: fix NULL pointer dereference (bsc#1167260).
spi: fsl-dspi: fix use-after-free in remove path (bsc#1167260).
spi: fsl-dspi: fix wrong pointer in suspend/resume (bsc#1167260).
spi: fsl-lpspi: Fix PM reference leak in lpspi_prepare_xfer_hardware() (git-fixes).
spi: Introduce dspi_slave_abort() function for NXP's dspi SPI driver (bsc#1167260).
spi: spi-fsl-dspi: Accelerate transfers using larger word size if possible (bsc#1167260).
spi: spi-fsl-dspi: Add comments around dspi_pop_tx and dspi_push_rx functions (bsc#1167260).
spi: spi-fsl-dspi: Adding shutdown hook (bsc#1167260).
spi: spi-fsl-dspi: Add support for LS1028A (bsc#1167260).
spi: spi-fsl-dspi: Always use the TCFQ devices in poll mode (bsc#1167260).
spi: spi-fsl-dspi: Avoid NULL pointer in dspi_slave_abort for non-DMA mode (bsc#1167260).
spi: spi-fsl-dspi: Avoid reading more data than written in EOQ mode (bsc#1167260).
spi: spi-fsl-dspi: Change usage pattern of SPI_MCR_* and SPI_CTAR_* macros (bsc#1167260).
spi: spi-fsl-dspi: Convert TCFQ users to XSPI FIFO mode (bsc#1167260).
spi: spi-fsl-dspi: Convert the instantiations that support it to DMA (bsc#1167260).
spi: spi-fsl-dspi: delete EOQ transfer mode (bsc#1167260).
spi: spi-fsl-dspi: Demistify magic value in SPI_SR_CLEAR (bsc#1167260).
spi: spi-fsl-dspi: Do not access reserved fields in SPI_MCR (bsc#1167260).
spi: spi-fsl-dspi: Do not mask off undefined bits (bsc#1167260).
spi: spi-fsl-dspi: Exit the ISR with IRQ_NONE when it's not ours (bsc#1167260).
spi: spi-fsl-dspi: Fix 16-bit word order in 32-bit XSPI mode (bsc#1167260).
spi: spi-fsl-dspi: Fix bits-per-word acceleration in DMA mode (bsc#1167260).
spi: spi-fsl-dspi: Fix code alignment (bsc#1167260).
spi: spi-fsl-dspi: fix DMA mapping (bsc#1167260).
spi: spi-fsl-dspi: Fix external abort on interrupt in resume or exit paths (bsc#1167260).
spi: spi-fsl-dspi: Fix interrupt-less DMA mode taking an XSPI code path (bsc#1167260).
spi: spi-fsl-dspi: Fix little endian access to PUSHR CMD and TXDATA (bsc#1167260).
spi: spi-fsl-dspi: Fix lockup if device is removed during SPI transfer (bsc#1167260).
spi: spi-fsl-dspi: Fix lockup if device is shutdown during SPI transfer (bsc#1167260).
spi: spi-fsl-dspi: fix native data copy (bsc#1167260).
spi: spi-fsl-dspi: Fix race condition in TCFQ/EOQ interrupt (bsc#1167260).
spi: spi-fsl-dspi: Fix typos (bsc#1167260).
spi: spi-fsl-dspi: Free DMA memory with matching function (bsc#1167260).
spi: spi-fsl-dspi: Implement .max_message_size method for EOQ mode (bsc#1167260).
spi: spi-fsl-dspi: Initialize completion before possible interrupt (bsc#1167260).
spi: spi-fsl-dspi: LS2080A and LX2160A support XSPI mode (bsc#1167260).
spi: spi-fsl-dspi: Make bus-num property optional (bsc#1167260).
spi: spi-fsl-dspi: Move dspi_interrupt above dspi_transfer_one_message (bsc#1167260).
spi: spi-fsl-dspi: Move invariant configs out of dspi_transfer_one_message (bsc#1167260).
spi: spi-fsl-dspi: Optimize dspi_setup_accel for lowest interrupt count (bsc#1167260).
spi: spi-fsl-dspi: Parameterize the FIFO size and DMA buffer size (bsc#1167260).
spi: spi-fsl-dspi: Protect against races on dspi->words_in_flight (bsc#1167260).
spi: spi-fsl-dspi: Reduce indentation in dspi_release_dma() (bsc#1167260).
spi: spi-fsl-dspi: Reduce indentation level in dspi_interrupt (bsc#1167260).
spi: spi-fsl-dspi: remove git-fixes Remove git-fixes. Prepare to update the driver. References: bsc#1167260
spi: spi-fsl-dspi: Remove impossible to reach error check (bsc#1167260).
spi: spi-fsl-dspi: Remove pointless assignment of master->transfer to NULL (bsc#1167260).
spi: spi-fsl-dspi: Remove unused chip->void_write_data (bsc#1167260).
spi: spi-fsl-dspi: Remove unused defines and includes (bsc#1167260).
spi: spi-fsl-dspi: Remove unused initialization of 'ret' in dspi_probe (bsc#1167260).
spi: spi-fsl-dspi: Rename fifo_{read,write} and {tx,cmd}_fifo_write (bsc#1167260).
spi: spi-fsl-dspi: Replace interruptible wait queue with a simple completion (bsc#1167260).
spi: spi-fsl-dspi: Replace legacy spi_master names with spi_controller (bsc#1167260).
spi: spi-fsl-dspi: set ColdFire to DMA mode (bsc#1167260).
spi: spi-fsl-dspi: Simplify bytes_per_word gymnastics (bsc#1167260).
spi: spi-fsl-dspi: Take software timestamp in dspi_fifo_write (bsc#1167260).
spi: spi-fsl-dspi: Use BIT() and GENMASK() macros (bsc#1167260).
spi: spi-fsl-dspi: Use dma_request_chan() instead dma_request_slave_channel() (bsc#1167260).
spi: spi-fsl-dspi: Use EOQ for last word in buffer even for XSPI mode (bsc#1167260).
spi: spi-fsl-dspi: Use poll mode in case the platform IRQ is missing (bsc#1167260).
spi: spi-fsl-dspi: Use reverse Christmas tree declaration order (bsc#1167260).
spi: spi-fsl-dspi: Use specific compatible strings for all SoC instantiations (bsc#1167260).
spi: spi-fsl-dspi: use XSPI mode instead of DMA for DPAA2 SoCs (bsc#1167260).
spi: spi-ti-qspi: Free DMA resources (git-fixes).
staging: fwserial: fix TIOCGSERIAL implementation (git-fixes).
staging: fwserial: fix TIOCSSERIAL implementation (git-fixes).
staging: fwserial: fix TIOCSSERIAL jiffies conversions (git-fixes).
staging: fwserial: fix TIOCSSERIAL permission check (git-fixes).
staging: rtl8192u: Fix potential infinite loop (git-fixes).
usb: CDC-ACM: fix poison/unpoison imbalance (bsc#1184984).
usb: CDC-ACM: fix poison/unpoison imbalance (git-fixes).
usb: cdc-acm: fix TIOCGSERIAL implementation (git-fixes).
usb: cdc-acm: fix unprivileged TIOCCSERIAL (git-fixes).
usb: dwc2: Fix hibernation between host and device modes (git-fixes).
usb: dwc2: Fix host mode hibernation exit with remote wakeup flow (git-fixes).
usb: dwc2: Fix session request interrupt handler (git-fixes).
usb: dwc3: gadget: Fix START_TRANSFER link state check (git-fixes).
usb: dwc3: keystone: use devm_platform_ioremap_resource() to simplify code (git-fixes).
usb: dwc3: meson-g12a: use devm_platform_ioremap_resource() to simplify code (git-fixes).
usb: dwc3: Switch to use device_property_count_u32() (git-fixes).
usb: gadget: aspeed: fix dma map failure (git-fixes).
usb: gadget: Fix double free of device descriptor pointers (git-fixes).
usb: gadget: pch_udc: Check for DMA mapping error (git-fixes).
usb: gadget: pch_udc: Check if driver is present before calling ->setup() (git-fixes).
usb: gadget: pch_udc: Move pch_udc_init() to satisfy kernel doc (git-fixes).
usb: gadget: pch_udc: Replace cpu_to_le32() by lower_32_bits() (git-fixes).
usb: gadget: pch_udc: Revert d3cb25a12138 completely (git-fixes).
usb: gadget: r8a66597: Add missing null check on return from platform_get_resource (git-fixes).
usb: gadget: udc: fix wrong pointer passed to IS_ERR() and PTR_ERR() (git-fixes).
usb: Remove dev_err() usage after platform_get_irq() (git-fixes).
usb: serial: ark3116: fix TIOCGSERIAL implementation (git-fixes).
usb: serial: f81232: fix TIOCGSERIAL implementation (git-fixes).
usb: serial: f81534: fix TIOCGSERIAL implementation (git-fixes).
usb: serial: fix return value for unsupported ioctls (git-fixes).
usb: serial: mos7720: fix TIOCGSERIAL implementation (git-fixes).
usb: serial: opticon: fix TIOCGSERIAL implementation (git-fixes).
usb: serial: quatech2: fix TIOCGSERIAL implementation (git-fixes).
usb: serial: ssu100: fix TIOCGSERIAL implementation (git-fixes).
usb: serial: usb_wwan: fix TIOCGSERIAL implementation (git-fixes).
usb: serial: usb_wwan: fix TIOCSSERIAL jiffies conversions (git-fixes).
usb: serial: usb_wwan: fix unprivileged TIOCCSERIAL (git-fixes).
usb: typec: tcpci: Check ROLE_CONTROL while interpreting CC_STATUS (git-fixes).
usb: typec: tcpm: Address incorrect values of tcpm psy for fixed supply (git-fixes).
usb: typec: tcpm: Honour pSnkStdby requirement during negotiation (git-fixes).
veth: Store queue_mapping independently of XDP prog presence (git-fixes).
vfio/pci: Add missing range check in vfio_pci_mmap (git-fixes).
virt_wifi: Return micros for BSS TSF values (git-fixes).
vxlan: move debug check after netdev unregister (git-fixes).
workqueue: Move the position of debug_work_activate() in __queue_work() (bsc#1184893).
x86/crash: Fix crash_setup_memmap_entries() out-of-bounds access (bsc#1152489).
x86/insn: Add some Intel instructions to the opcode map (bsc#1184760).
x86/insn: Add some more Intel instructions to the opcode map (bsc#1184760).
x86/microcode: Check for offline CPUs before requesting new microcode (bsc#1152489).
x86/mm: Fix NX bit clearing issue in kernel_map_pages_in_pgd (bsc#1152489).
x86/platform/uv: Set section block size for hubless architectures (bsc#1152489).
x86/reboot: Force all cpus to exit VMX root if VMX is supported (bsc#1152489).

Advisory ID	SUSE-SU-2021:2208-1
Released	Wed Jun 30 09:49:44 2021
Summary	Security update for the Linux Kernel
Type	security
Severity	important
References	1087082,1133021,1152457,1152489,1155518,1156395,1162702,1164648,1176564,1177666,1178418,1178612,1179827,1179851,1182378,1182999,1183346,1183868,1183873,1183932,1183947,1184081,1184082,1184611,1184855,1185428,1185497,1185589,1185606,1185645,1185677,1185680,1185696,1185703,1185725,1185758,1185859,1185861,1185863,1185898,1185899,1185911,1185938,1185987,1185988,1186061,1186285,1186320,1186439,1186441,1186460,1186498,1186501,1186573,CVE-2020-24586,CVE-2020-24587,CVE-2020-24588,CVE-2020-26139,CVE-2020-26141,CVE-2020-26145,CVE-2020-26147,CVE-2021-23134,CVE-2021-32399,CVE-2021-33034,CVE-2021-33200,CVE-2021-3491

Description:

The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

CVE-2021-33200: Enforcing incorrect limits for pointer arithmetic operations by the BPF verifier could be abused to perform out-of-bounds reads and writes in kernel memory (bsc#1186484).
CVE-2021-33034: Fixed a use-after-free when destroying an hci_chan. This could lead to writing an arbitrary values. (bsc#1186111)
CVE-2020-26139: Fixed a denial-of-service when an Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. (bnc#1186062)
CVE-2021-23134: A Use After Free vulnerability in nfc sockets allowed local attackers to elevate their privileges. (bnc#1186060)
CVE-2021-3491: Fixed a potential heap overflow in mem_rw(). This vulnerability is related to the PROVIDE_BUFFERS operation, which allowed the MAX_RW_COUNT limit to be bypassed (bsc#1185642).
CVE-2021-32399: Fixed a race condition when removing the HCI controller (bnc#1184611).
CVE-2020-24586: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances this can be abused to inject arbitrary network packets and/or exfiltrate user data (bnc#1185859).
CVE-2020-24587: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed (bnc#1185859 bnc#1185862).
CVE-2020-26147: The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments, even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used (bnc#1185859).
CVE-2020-24588: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets. (bnc#1185861)
CVE-2020-26145: An issue was discovered with Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration. (bnc#1185860)
CVE-2020-26141: An issue was discovered in the ALFA driver for AWUS036H, where the Message Integrity Check (authenticity) of fragmented TKIP frames was not verified. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol. (bnc#1185987)

The following non-security bugs were fixed:

ACPI / hotplug / PCI: Fix reference count leak in enable_slot() (git-fixes).
ACPI: GTDT: Do not corrupt interrupt mappings on watchdow probe failure (git-fixes).
ACPI: custom_method: fix a possible memory leak (git-fixes).
ACPI: custom_method: fix potential use-after-free issue (git-fixes).
ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro (git-fixes).
ALSA: bebob: enable to deliver MIDI messages for multiple ports (git-fixes).
ALSA: dice: fix stream format at middle sampling rate for Alesis iO 26 (git-fixes).
ALSA: dice: fix stream format for TC Electronic Konnekt Live at high sampling transfer frequency (git-fixes).
ALSA: firewire-lib: fix calculation for size of IR context payload (git-fixes).
ALSA: firewire-lib: fix check for the size of isochronous packet payload (git-fixes).
ALSA: hda/conexant: Re-order CX5066 quirk table entries (git-fixes).
ALSA: hda/realtek: ALC285 Thinkpad jack pin quirk is unreachable (git-fixes).
ALSA: hda/realtek: Add some CLOVE SSIDs of ALC293 (git-fixes).
ALSA: hda/realtek: Headphone volume is controlled by Front mixer (git-fixes).
ALSA: hda/realtek: reset eapd coeff to default value for alc287 (git-fixes).
ALSA: hda: fixup headset for ASUS GU502 laptop (git-fixes).
ALSA: hda: generic: change the DAC ctl name for LO+SPK or LO+HP (git-fixes).
ALSA: hdsp: do not disable if not enabled (git-fixes).
ALSA: hdspm: do not disable if not enabled (git-fixes).
ALSA: intel8x0: Do not update period unless prepared (git-fixes).
ALSA: line6: Fix racy initialization of LINE6 MIDI (git-fixes).
ALSA: rme9652: do not disable if not enabled (git-fixes).
ALSA: usb-audio: Validate MS endpoint descriptors (git-fixes).
ALSA: usb-audio: fix control-request direction (git-fixes).
ALSA: usb-audio: scarlett2: Fix device hang with ehci-pci (git-fixes).
ALSA: usb-audio: scarlett2: Improve driver startup messages (git-fixes).
ALSA: usb-audio: scarlett2: snd_scarlett_gen2_controls_create() can be static (git-fixes).
ARM64: vdso32: Install vdso32 from vdso_install (git-fixes).
ASoC: Intel: bytcr_rt5640: Add quirk for the Chuwi Hi8 tablet (git-fixes).
ASoC: Intel: bytcr_rt5640: Enable jack-detect support on Asus T100TAF (git-fixes).
ASoC: cs35l33: fix an error code in probe() (git-fixes).
ASoC: cs42l42: Regmap must use_single_read/write (git-fixes).
ASoC: rsnd: call rsnd_ssi_master_clk_start() from rsnd_ssi_init() (git-fixes).
ASoC: rsnd: core: Check convert rate in rsnd_hw_params (git-fixes).
ASoC: rt286: Generalize support for ALC3263 codec (git-fixes).
ASoC: rt286: Make RT286_SET_GPIO_* readable and writable (git-fixes).
Bluetooth: L2CAP: Fix handling LE modes by L2CAP_OPTIONS (git-fixes).
Bluetooth: SMP: Fail if remote and local public keys are identical (git-fixes).
Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default (git-fixes).
Bluetooth: check for zapped sk before connecting (git-fixes).
Bluetooth: initialize skb_queue_head at l2cap_chan_create() (git-fixes).
Drivers: hv: vmbus: Fix Suspend-to-Idle for Generation-2 VM (git-fixes).
Drivers: hv: vmbus: Increase wait time for VMbus unload (bsc#1185725).
Drivers: hv: vmbus: Initialize unload_event statically (bsc#1185725).
Drivers: hv: vmbus: Use after free in __vmbus_open() (git-fixes).
Input: elants_i2c - do not bind to i2c-hid compatible ACPI instantiated devices (git-fixes).
Input: silead - add workaround for x86 BIOS-es which bring the chip up in a stuck state (git-fixes).
KVM: s390: fix guarded storage control register handling (bsc#1133021).
Move upstreamed media fixes into sorted section
NFC: nci: fix memory leak in nci_allocate_device (git-fixes).
PCI/RCEC: Fix RCiEP device to RCEC association (git-fixes).
PCI: Allow VPD access for QLogic ISP2722 (git-fixes).
PCI: PM: Do not read power state in pci_enable_device_flags() (git-fixes).
PCI: Release OF node in pci_scan_device()'s error path (git-fixes).
PCI: endpoint: Fix missing destroy_workqueue() (git-fixes).
PCI: iproc: Fix return value of iproc_msi_irq_domain_alloc() (git-fixes).
PCI: thunder: Fix compile testing (git-fixes).
PM / devfreq: Use more accurate returned new_freq as resume_freq (git-fixes).
RDMA/addr: create addr_wq with WQ_MEM_RECLAIM flag (bsc#1183346).
RDMA/core: create ib_cm with WQ_MEM_RECLAIM flag (bsc#1183346).
RDMA/hns: Delete redundant abnormal interrupt status (git-fixes).
RDMA/hns: Delete redundant condition judgment related to eq (git-fixes).
RDMA/qedr: Fix error return code in qedr_iw_connect() (jsc#SLE-8215).
RDMA/srpt: Fix error return code in srpt_cm_req_recv() (git-fixes).
SUNRPC in case of backlog, hand free slots directly to waiting task (bsc#1185428).
SUNRPC: More fixes for backlog congestion (bsc#1185428).
USB: Add LPM quirk for Lenovo ThinkPad USB-C Dock Gen2 Ethernet (git-fixes).
USB: Add reset-resume quirk for WD19's Realtek Hub (git-fixes).
USB: serial: pl2303: add support for PL2303HXN (bsc#1186320).
USB: serial: pl2303: fix line-speed handling on newer chips (bsc#1186320).
USB: serial: ti_usb_3410_5052: fix TIOCSSERIAL permission check (git-fixes).
USB: trancevibrator: fix control-request direction (git-fixes).
amdgpu: avoid incorrect %hu format string (git-fixes).
arm64/mm: Fix pfn_valid() for ZONE_DEVICE based memory (git-fixes).
arm64: Add missing ISB after invalidating TLB in __primary_switch (git-fixes).
arm64: avoid -Woverride-init warning (git-fixes).
arm64: kasan: fix page_alloc tagging with DEBUG_VIRTUAL (git-fixes).
arm64: kdump: update ppos when reading elfcorehdr (git-fixes).
arm64: kexec_file: fix memory leakage in create_dtb() when fdt_open_into() fails (git-fixes).
arm64: link with -z norelro for LLD or aarch64-elf (git-fixes).
arm64: link with -z norelro regardless of CONFIG_RELOCATABLE (git-fixes).
arm64: ptrace: Fix seccomp of traced syscall -1 (NO_SYSCALL) (git-fixes).
arm64: ptrace: Use NO_SYSCALL instead of -1 in syscall_trace_enter() (git-fixes).
arm64: vdso32: make vdso32 install conditional (git-fixes).
arm: mm: use __pfn_to_section() to get mem_section (git-fixes).
ata: ahci: Disable SXS for Hisilicon Kunpeng920 (git-fixes).
blk-iocost: ioc_pd_free() shouldn't assume irq disabled (git-fixes).
blk-mq: Swap two calls in blk_mq_exit_queue() (git-fixes).
block/genhd: use atomic_t for disk_event->block (bsc#1185497).
block: Fix three kernel-doc warnings (git-fixes).
block: fix get_max_io_size() (git-fixes).
bnxt_en: Fix RX consumer index logic in the error path (git-fixes).
bnxt_en: fix ternary sign extension bug in bnxt_show_temp() (git-fixes).
bpf: Fix leakage of uninitialized bpf stack under speculation (bsc#1155518).
bpf: Fix masking negation logic upon negative dst register (bsc#1155518).
btrfs: fix race between transaction aborts and fsyncs leading to use-after-free (bsc#1186441).
btrfs: fix race when picking most recent mod log operation for an old root (bsc#1186439).
cdc-wdm: untangle a circular dependency between callback and softint (git-fixes).
cdrom: gdrom: deallocate struct gdrom_unit fields in remove_gdrom (git-fixes).
cdrom: gdrom: initialize global variable at init time (git-fixes).
ceph: do not clobber i_snap_caps on non-I_NEW inode (bsc#1186501).
ceph: fix inode leak on getattr error in __fh_to_dentry (bsc#1186501).
ceph: fix up error handling with snapdirs (bsc#1186501).
ceph: only check pool permissions for regular files (bsc#1186501).
cfg80211: scan: drop entry from hidden_list on overflow (git-fixes).
clk: socfpga: arria10: Fix memory leak of socfpga_clk on error return (git-fixes).
cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode (bsc#1185758).
crypto: api - check for ERR pointers in crypto_destroy_tfm() (git-fixes).
crypto: mips/poly1305 - enable for all MIPS processors (git-fixes).
crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init (git-fixes).
crypto: qat - Fix a double free in adf_create_ring (git-fixes).
crypto: qat - do not release uninitialized resources (git-fixes).
crypto: qat - fix error path in adf_isr_resource_alloc() (git-fixes).
crypto: qat - fix unmap invalid dma address (git-fixes).
crypto: stm32/cryp - Fix PM reference leak on stm32-cryp.c (git-fixes).
crypto: stm32/hash - Fix PM reference leak on stm32-hash.c (git-fixes).
cxgb4: Fix unintentional sign extension issues (git-fixes).
dm: avoid filesystem lookup in dm_get_dev_t() (git-fixes).
dmaengine: dw-edma: Fix crash on loading/unloading driver (git-fixes).
docs: kernel-parameters: Add gpio_mockup_named_lines (git-fixes).
docs: kernel-parameters: Move gpio-mockup for alphabetic order (git-fixes).
drivers: hv: Fix whitespace errors (bsc#1185725).
drm/amd/display: Fix UBSAN warning for not a valid value for type '_Bool' (git-fixes).
drm/amd/display: Fix two cursor duplication when using overlay (git-fixes).
drm/amd/display: Force vsync flip when reconfiguring MPCC (git-fixes).
drm/amd/display: Reject non-zero src_y and src_x for video planes (git-fixes).
drm/amd/display: fix dml prefetch validation (git-fixes).
drm/amd/display: fixed divide by zero kernel crash during dsc enablement (git-fixes).
drm/amdgpu : Fix asic reset regression issue introduce by 8f211fe8ac7c4f (git-fixes).
drm/amdgpu: disable 3DCGCG on picasso/raven1 to avoid compute hang (git-fixes).
drm/amdgpu: fix NULL pointer dereference (git-fixes).
drm/amdgpu: mask the xgmi number of hops reported from psp to kfd (git-fixes).
drm/amdkfd: Fix cat debugfs hang_hws file causes system crash bug (git-fixes).
drm/i915: Avoid div-by-zero on gen2 (git-fixes).
drm/meson: fix shutdown crash when component not probed (git-fixes).
drm/msm/mdp5: Configure PP_SYNC_HEIGHT to double the vtotal (git-fixes).
drm/msm/mdp5: Do not multiply vclk line count by 100 (git-fixes).
drm/radeon/dpm: Disable sclk switching on Oland when two 4K 60Hz monitors are connected (git-fixes).
drm/radeon: Avoid power table parsing memory leaks (git-fixes).
drm/radeon: Fix off-by-one power_state index heap overwrite (git-fixes).
drm/vkms: fix misuse of WARN_ON (git-fixes).
drm: Added orientation quirk for OneGX1 Pro (git-fixes).
ethernet:enic: Fix a use after free bug in enic_hard_start_xmit (git-fixes).
extcon: arizona: Fix some issues when HPDET IRQ fires after the jack has been unplugged (git-fixes).
extcon: arizona: Fix various races on driver unbind (git-fixes).
fbdev: zero-fill colormap in fbcmap.c (git-fixes).
firmware: arm_scpi: Prevent the ternary sign expansion bug (git-fixes).
fs/epoll: restore waking from ep_done_scan() (bsc#1183868).
ftrace: Handle commands when closing set_ftrace_filter file (git-fixes).
futex: Change utime parameter to be 'const ... *' (git-fixes).
futex: Do not apply time namespace adjustment on FUTEX_LOCK_PI (bsc#1164648).
futex: Get rid of the val2 conditional dance (git-fixes).
futex: Make syscall entry points less convoluted (git-fixes).
genirq/irqdomain: Do not try to free an interrupt that has no (git-fixes)
genirq: Disable interrupts for force threaded handlers (git-fixes)
genirq: Reduce irqdebug cacheline bouncing (bsc#1185703 ltc#192641).
gpio: xilinx: Correct kernel doc for xgpio_probe() (git-fixes).
gpiolib: acpi: Add quirk to ignore EC wakeups on Dell Venue 10 Pro 5055 (git-fixes).
hrtimer: Update softirq_expires_next correctly after (git-fixes)
hwmon: (occ) Fix poll rate limiting (git-fixes).
i2c: Add I2C_AQ_NO_REP_START adapter quirk (git-fixes).
i2c: bail out early when RDWR parameters are wrong (git-fixes).
i2c: i801: Do not generate an interrupt on bus reset (git-fixes).
i2c: s3c2410: fix possible NULL pointer deref on read message after write (git-fixes).
i2c: sh_mobile: Use new clock calculation formulas for RZ/G2E (git-fixes).
i40e: Fix PHY type identifiers for 2.5G and 5G adapters (git-fixes).
i40e: Fix use-after-free in i40e_client_subtask() (git-fixes).
i40e: fix broken XDP support (git-fixes).
i40e: fix the restart auto-negotiation after FEC modified (git-fixes).
ibmvfc: Avoid move login if fast fail is enabled (bsc#1185938 ltc#192043).
ibmvfc: Handle move login failure (bsc#1185938 ltc#192043).
ibmvfc: Reinit target retries (bsc#1185938 ltc#192043).
ibmvnic: remove default label from to_string switch (bsc#1152457 ltc#174432 git-fixes).
ics932s401: fix broken handling of errors when word reading fails (git-fixes).
iio: adc: ad7124: Fix missbalanced regulator enable / disable on error (git-fixes).
iio: adc: ad7124: Fix potential overflow due to non sequential channel numbers (git-fixes).
iio: adc: ad7768-1: Fix too small buffer passed to iio_push_to_buffers_with_timestamp() (git-fixes).
iio: adc: ad7793: Add missing error code in ad7793_setup() (git-fixes).
iio: gyro: fxas21002c: balance runtime power in error path (git-fixes).
iio: gyro: mpu3050: Fix reported temperature value (git-fixes).
iio: proximity: pulsedlight: Fix rumtime PM imbalance on error (git-fixes).
iio: tsl2583: Fix division by a zero lux_val (git-fixes).
intel_th: Consistency and off-by-one fix (git-fixes).
iommu/amd: Add support for map/unmap_resource (jsc#ECO-3482).
ipc/mqueue, msg, sem: Avoid relying on a stack reference past its expiry (bsc#1185988).
ipmi/watchdog: Stop watchdog timer when the current action is 'none' (bsc#1184855).
kernel-docs.spec.in: Build using an utf-8 locale. Sphinx cannot handle UTF-8 input in non-UTF-8 locale.
leds: lp5523: check return value of lp5xx_read and jump to cleanup code (git-fixes).
locking/seqlock: Tweak DEFINE_SEQLOCK() kernel doc (bsc#1176564 bsc#1162702).
lpfc: Decouple port_template and vport_template (bsc#185032).
mac80211: clear the beacon's CRC after channel switch (git-fixes).
md-cluster: fix use-after-free issue when removing rdev (bsc#1184082).
md/raid1: properly indicate failure when ending a failed write request (bsc#1185680).
md: do not flush workqueue unconditionally in md_open (bsc#1184081).
md: factor out a mddev_find_locked helper from mddev_find (bsc#1184081).
md: md_open returns -EBUSY when entering racing area (bsc#1184081).
md: split mddev_find (bsc#1184081).
media: adv7604: fix possible use-after-free in adv76xx_remove() (git-fixes).
media: drivers: media: pci: sta2x11: fix Kconfig dependency on GPIOLIB (git-fixes).
media: dvb-usb: fix memory leak in dvb_usb_adapter_init (git-fixes).
media: em28xx: fix memory leak (git-fixes).
media: gspca/sq905.c: fix uninitialized variable (git-fixes).
media: i2c: adv7511-v4l2: fix possible use-after-free in adv7511_remove() (git-fixes).
media: i2c: adv7842: fix possible use-after-free in adv7842_remove() (git-fixes).
media: i2c: tda1997: Fix possible use-after-free in tda1997x_remove() (git-fixes).
media: imx: capture: Return -EPIPE from __capture_legacy_try_fmt() (git-fixes).
media: ite-cir: check for receive overflow (git-fixes).
media: media/saa7164: fix saa7164_encoder_register() memory leak bugs (git-fixes).
media: platform: sti: Fix runtime PM imbalance in regs_show (git-fixes).
media: tc358743: fix possible use-after-free in tc358743_remove() (git-fixes).
mfd: arizona: Fix rumtime PM imbalance on error (git-fixes).
misc/uss720: fix memory leak in uss720_probe (git-fixes).
mlxsw: spectrum_mr: Update egress RIF list before route's action (git-fixes).
mm: memcontrol: fix cpuhotplug statistics flushing (bsc#1185606).
mmc: block: Update ext_csd.cache_ctrl if it was written (git-fixes).
mmc: core: Do a power cycle when the CMD11 fails (git-fixes).
mmc: core: Set read only for SD cards with permanent write protect bit (git-fixes).
mmc: sdhci-pci-gli: increase 1.8V regulator wait (git-fixes).
mmc: sdhci-pci: Add PCI IDs for Intel LKF (git-fixes).
mmc: sdhci-pci: Fix initialization of some SD cards for Intel BYT-based controllers (git-fixes).
mmc: sdhci: Check for reset prior to DMA address unmap (git-fixes).
net, xdp: Update pkt_type if generic XDP changes unicast MAC (git-fixes).
net: enetc: fix link error again (git-fixes).
net: hns3: Fix for geneve tx checksum bug (git-fixes).
net: hns3: add check for HNS3_NIC_STATE_INITED in hns3_reset_notify_up_enet() (git-fixes).
net: hns3: clear unnecessary reset request in hclge_reset_rebuild (git-fixes).
net: hns3: disable phy loopback setting in hclge_mac_start_phy (git-fixes).
net: hns3: fix for vxlan gpe tx checksum bug (git-fixes).
net: hns3: fix incorrect configuration for igu_egu_hw_err (git-fixes).
net: hns3: initialize the message content in hclge_get_link_mode() (git-fixes).
net: hns3: use netif_tx_disable to stop the transmit queue (git-fixes).
net: thunderx: Fix unintentional sign extension issue (git-fixes).
net: usb: fix memory leak in smsc75xx_bind (git-fixes).
net: xfrm: Localize sequence counter per network namespace (bsc#1185696).
net: xfrm: Use sequence counter with associated spinlock (bsc#1185696).
netdevice: Add missing IFF_PHONY_HEADROOM self-definition (git-fixes).
netfilter: conntrack: add new sysctl to disable RST check (bsc#1183947 bsc#1185950).
netfilter: conntrack: avoid misleading 'invalid' in log message (bsc#1183947 bsc#1185950).
netfilter: conntrack: improve RST handling when tuple is re-used (bsc#1183947 bsc#1185950).
nvme-core: add cancel tagset helpers (bsc#1183976).
nvme-fabrics: decode host pathing error for connect (bsc#1179827).
nvme-fc: check sgl supported by target (bsc#1179827).
nvme-fc: clear q_live at beginning of association teardown (bsc#1186479).
nvme-fc: return NVME_SC_HOST_ABORTED_CMD when a command has been aborted (bsc#1184259).
nvme-fc: set NVME_REQ_CANCELLED in nvme_fc_terminate_exchange() (bsc#1184259).
nvme-fc: short-circuit reconnect retries (bsc#1179827).
nvme-multipath: fix double initialization of ANA state (bsc#1178612, bsc#1184259).
nvme-multipath: reset bdev to ns head when failover (bsc#178378 bsc#1182999).
nvme-pci: Remove tag from process cq (git-fixes).
nvme-pci: Remove two-pass completions (git-fixes).
nvme-pci: Simplify nvme_poll_irqdisable (git-fixes).
nvme-pci: align io queue count with allocted nvme_queue in (git-fixes).
nvme-pci: avoid race between nvme_reap_pending_cqes() and nvme_poll() (git-fixes).
nvme-pci: dma read memory barrier for completions (git-fixes).
nvme-pci: fix 'slimmer CQ head update' (git-fixes).
nvme-pci: make sure write/poll_queues less or equal then cpu (git-fixes).
nvme-pci: remove last_sq_tail (git-fixes).
nvme-pci: remove volatile cqes (git-fixes).
nvme-pci: slimmer CQ head update (git-fixes).
nvme-pci: use simple suspend when a HMB is enabled (git-fixes).
nvme-tcp: Fix possible race of io_work and direct send (git-fixes).
nvme-tcp: Fix warning with CONFIG_DEBUG_PREEMPT (git-fixes).
nvme-tcp: add clean action for failed reconnection (bsc#1183976).
nvme-tcp: fix kconfig dependency warning when !CRYPTO (git-fixes).
nvme-tcp: fix misuse of __smp_processor_id with preemption (git-fixes).
nvme-tcp: fix possible hang waiting for icresp response (bsc#1179519).
nvme-tcp: use cancel tagset helper for tear down (bsc#1183976).
nvme: Fix NULL dereference for pci nvme controllers (bsc#1182378).
nvme: add 'kato' sysfs attribute (bsc#1179825).
nvme: add NVME_REQ_CANCELLED flag in nvme_cancel_request() (bsc#1184259).
nvme: define constants for identification values (git-fixes).
nvme: do not intialize hwmon for discovery controllers (bsc#1184259).
nvme: do not intialize hwmon for discovery controllers (git-fixes).
nvme: document nvme controller states (git-fixes).
nvme: explicitly update mpath disk capacity on revalidation (git-fixes).
nvme: expose reconnect_delay and ctrl_loss_tmo via sysfs (bsc#1182378).
nvme: fix controller instance leak (git-fixes).
nvme: fix deadlock in disconnect during scan_work and/or ana_work (git-fixes).
nvme: fix possible deadlock when I/O is blocked (git-fixes).
nvme: remove superfluous else in nvme_ctrl_loss_tmo_store (bsc#1182378).
nvme: retrigger ANA log update if group descriptor isn't found (git-fixes)
nvme: sanitize KATO setting (bsc#1179825).
nvme: simplify error logic in nvme_validate_ns() (bsc#1184259).
nvmet: fix a memory leak (git-fixes).
nvmet: seset ns->file when open fails (bsc#1183873).
nvmet: use new ana_log_size instead the old one (bsc#1184259).
nxp-i2c: restore includes for kABI (bsc#1185589).
nxp-nci: add NXP1002 id (bsc#1185589).
phy: phy-twl4030-usb: Fix possible use-after-free in twl4030_usb_remove() (git-fixes).
pinctrl: ingenic: Improve unreachable code generation (git-fixes).
pinctrl: samsung: use 'int' for register masks in Exynos (git-fixes).
platform/mellanox: mlxbf-tmfifo: Fix a memory barrier issue (git-fixes).
platform/x86: intel_pmc_core: Do not use global pmcdev in quirks (git-fixes).
platform/x86: thinkpad_acpi: Correct thermal sensor allocation (git-fixes).
posix-timers: Preserve return value in clock_adjtime32() (git-fixes)
power: supply: Use IRQF_ONESHOT (git-fixes).
power: supply: generic-adc-battery: fix possible use-after-free in gab_remove() (git-fixes).
power: supply: s3c_adc_battery: fix possible use-after-free in s3c_adc_bat_remove() (git-fixes).
powerpc/64s: Fix crashes when toggling entry flush barrier (bsc#1177666 git-fixes).
powerpc/64s: Fix crashes when toggling stf barrier (bsc#1087082 git-fixes).
qtnfmac: Fix possible buffer overflow in qtnf_event_handle_external_auth (git-fixes).
rtc: pcf2127: handle timestamp interrupts (bsc#1185495).
s390/dasd: fix hanging DASD driver unbind (bsc#1183932 LTC#192153).
s390/entry: save the caller of psw_idle (bsc#1185677).
s390/kdump: fix out-of-memory with PCI (bsc#1182257 LTC#191375).
sched/eas: Do not update misfit status if the task is pinned (git-fixes)
sched/fair: Avoid stale CPU util_est value for schedutil in (git-fixes)
sched/fair: Fix unfairness caused by missing load decay (git-fixes)
scripts/git_sort/git_sort.py: add bpf git repo
scsi: core: Run queue in case of I/O resource contention failure (bsc#1186416).
scsi: fnic: Kill 'exclude_id' argument to fnic_cleanup_io() (bsc#1179851).
scsi: libfc: Avoid invoking response handler twice if ep is already completed (bsc#1186573).
scsi: lpfc: Add a option to enable interlocked ABTS before job completion (bsc#1186451).
scsi: lpfc: Add ndlp kref accounting for resume RPI path (bsc#1186451).
scsi: lpfc: Fix 'Unexpected timeout' error in direct attach topology (bsc#1186451).
scsi: lpfc: Fix Node recovery when driver is handling simultaneous PLOGIs (bsc#1186451).
scsi: lpfc: Fix bad memory access during VPD DUMP mailbox command (bsc#1186451).
scsi: lpfc: Fix crash when lpfc_sli4_hba_setup() fails to initialize the SGLs (bsc#1186451).
scsi: lpfc: Fix node handling for Fabric Controller and Domain Controller (bsc#1186451).
scsi: lpfc: Fix non-optimized ERSP handling (bsc#1186451).
scsi: lpfc: Fix unreleased RPIs when NPIV ports are created (bsc#1186451).
scsi: lpfc: Ignore GID-FT response that may be received after a link flip (bsc#1186451).
scsi: lpfc: Reregister FPIN types if ELS_RDF is received from fabric controller (bsc#1186451).
scsi: lpfc: Update lpfc version to 12.8.0.10 (bsc#1186451).
sctp: delay auto_asconf init until binding the first addr
seqlock,lockdep: Fix seqcount_latch_init() (bsc#1176564 bsc#1162702).
serial: core: fix suspicious security_locked_down() call (git-fixes).
serial: core: return early on unsupported ioctls (git-fixes).
serial: sh-sci: Fix off-by-one error in FIFO threshold register setting (git-fixes).
serial: stm32: fix incorrect characters on console (git-fixes).
serial: stm32: fix tx_empty condition (git-fixes).
serial: tegra: Fix a mask operation that is always true (git-fixes).
smc: disallow TCP_ULP in smc_setsockopt() (git-fixes).
spi: ath79: always call chipselect function (git-fixes).
spi: ath79: remove spi-master setup and cleanup assignment (git-fixes).
spi: dln2: Fix reference leak to master (git-fixes).
spi: omap-100k: Fix reference leak to master (git-fixes).
spi: qup: fix PM reference leak in spi_qup_remove() (git-fixes).
spi: spi-fsl-dspi: Fix a resource leak in an error handling path (git-fixes).
staging: emxx_udc: fix loop in _nbu2ss_nuke() (git-fixes).
staging: iio: cdc: ad7746: avoid overwrite of num_channels (git-fixes).
tcp: fix to update snd_wl1 in bulk receiver fast path
thermal/drivers/ti-soc-thermal/bandgap Remove unused variable 'val' (git-fixes).
thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue (git-fixes).
tracing: Map all PIDs to command lines (git-fixes).
tty: amiserial: fix TIOCSSERIAL permission check (git-fixes).
tty: fix memory leak in vc_deallocate (git-fixes).
tty: moxa: fix TIOCSSERIAL jiffies conversions (git-fixes).
tty: moxa: fix TIOCSSERIAL permission check (git-fixes).
uio: uio_hv_generic: use devm_kzalloc() for private data alloc (git-fixes).
uio_hv_generic: Fix a memory leak in error handling paths (git-fixes).
uio_hv_generic: Fix another memory leak in error handling paths (git-fixes).
uio_hv_generic: add missed sysfs_remove_bin_file (git-fixes).
usb: core: hub: Fix PM reference leak in usb_port_resume() (git-fixes).
usb: core: hub: fix race condition about TRSMRCY of resume (git-fixes).
usb: dwc2: Fix gadget DMA unmap direction (git-fixes).
usb: dwc3: gadget: Enable suspend events (git-fixes).
usb: dwc3: gadget: Return success always for kick transfer in ep queue (git-fixes).
usb: dwc3: omap: improve extcon initialization (git-fixes).
usb: dwc3: pci: Enable usb2-gadget-lpm-disable for Intel Merrifield (git-fixes).
usb: fotg210-hcd: Fix an error message (git-fixes).
usb: gadget/function/f_fs string table fix for multiple languages (git-fixes).
usb: gadget: dummy_hcd: fix gpf in gadget_setup (git-fixes).
usb: gadget: f_uac1: validate input parameters (git-fixes).
usb: gadget: f_uac2: validate input parameters (git-fixes).
usb: gadget: udc: renesas_usb3: Fix a race in usb3_start_pipen() (git-fixes).
usb: gadget: uvc: add bInterval checking for HS mode (git-fixes).
usb: musb: fix PM reference leak in musb_irq_work() (git-fixes).
usb: sl811-hcd: improve misleading indentation (git-fixes).
usb: webcam: Invalid size of Processing Unit Descriptor (git-fixes).
usb: xhci: Fix port minor revision (git-fixes).
usb: xhci: Increase timeout for HC halt (git-fixes).
vgacon: Record video mode changes with VT_RESIZEX (git-fixes).
video: hyperv_fb: Add ratelimit on error message (bsc#1185725).
vrf: fix a comment about loopback device (git-fixes).
watchdog/softlockup: Remove obsolete check of last reported task (bsc#1185982).
watchdog/softlockup: report the overall time of softlockups (bsc#1185982).
watchdog: explicitly update timestamp when reporting softlockup (bsc#1185982).
watchdog: rename __touch_watchdog() to a better descriptive name (bsc#1185982).
whitespace cleanup
wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join (git-fixes).
wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt (git-fixes).
workqueue: Minor follow-ups to the rescuer destruction change (bsc#1185911).
workqueue: more destroy_workqueue() fixes (bsc#1185911).
x86/cpu: Initialize MSR_TSC_AUX if RDTSCP *or* RDPID is supported (bsc#1152489).
xhci: Do not use GFP_KERNEL in (potentially) atomic context (git-fixes).
xhci: check control context is valid before dereferencing it (git-fixes).
xhci: fix potential array out of bounds with several interrupters (git-fixes).
xsk: Respect device's headroom and tailroom on generic xmit path (git-fixes).

Advisory ID	SUSE-SU-2022:3868-1
Released	Fri Nov 4 10:07:58 2022
Summary	Security update for rubygem-loofah
Type	security
Severity	moderate
References	1154751,CVE-2019-15587

Description:

This update for rubygem-loofah fixes the following issues:
- CVE-2019-15587: Fixed issue in sanitization of crafted SVG elements (bsc#1154751).

Advisory ID	SUSE-RU-2022:3869-1
Released	Fri Nov 4 10:55:26 2022
Summary	Recommended update for openssl-1_0_0
Type	recommended
Severity	moderate
References	1180995

Description:

This update for openssl-1_0_0 fixes the following issues:

Default to RFC7919 groups when generating ECDH parameters using 'genpkey' or 'dhparam' in FIPS mode (bsc#1180995)

Advisory ID	SUSE-RU-2022:3872-1
Released	Fri Nov 4 14:07:25 2022
Summary	Recommended update for cepces
Type	recommended
Severity	important
References	1203273

Description:

This update for cepces fixes the following issues:

Fix cepces won't compile on SLE15SP5. (bsc#1203273)

Advisory ID	SUSE-RU-2022:3873-1
Released	Fri Nov 4 14:58:08 2022
Summary	Recommended update for mozilla-nspr, mozilla-nss
Type	recommended
Severity	moderate
References	1191546,1198980,1201298,1202870,1204729

Description:

This update for mozilla-nspr, mozilla-nss fixes the following issues:
mozilla-nspr was updated to version 4.34.1:

add file descriptor sanity checks in the NSPR poll function.

mozilla-nss was updated to NSS 3.79.2 (bsc#1204729):

Bump minimum NSPR version to 4.34.1.
Gracefully handle null nickname in CERT_GetCertNicknameWithValidity.

Other fixes that were applied:

FIPS: Allow the use of DSA keys (verification only) (bsc#1201298).
FIPS: Add sftk_FIPSRepeatIntegrityCheck() to softoken's .def file (bsc#1198980).
FIPS: Allow the use of longer symmetric keys via the service level indicator (bsc#1191546).
FIPS: Prevent TLS sessions from getting flagged as non-FIPS (bsc#1191546).
FIPS: Mark DSA keygen unapproved (bsc#1191546, bsc#1201298).
FIPS: Use libjitterentropy for entropy (bsc#1202870).
FIPS: Fixed an abort() when both NSS_FIPS and /proc FIPS mode are enabled.

Advisory ID	SUSE-SU-2022:3875-1
Released	Fri Nov 4 15:11:53 2022
Summary	Security update for xmlbeans
Type	security
Severity	important
References	1180915,CVE-2021-23926

Description:

This update for xmlbeans fixes the following issues:
- CVE-2021-23926: Fixed XML parsers not protecting from malicious XML input (bsc#1180915).

Advisory ID	SUSE-RU-2022:3881-1
Released	Fri Nov 4 16:04:19 2022
Summary	Recommended update for scap-security-guide
Type	recommended
Severity	moderate
References

Description:

This update for scap-security-guide fixes the following issues:

Ship Ubuntu 2204 profiles.

ComplianceAsCode was updated to 0.1.64 (jsc#ECO-3319):

- Introduce OL9 stig and anssi profiles - Update RHEL8 STIG to V1R7 - Introduce e8 profile for OL9 - Update RHEL7 STIG to V3R8 - some SUSE profile fixes

Added several RPM requires that are needed by the SUSE remediation scripts.

Advisory ID	SUSE-SU-2022:3884-1
Released	Mon Nov 7 10:59:26 2022
Summary	Security update for expat
Type	security
Severity	important
References	1204708,CVE-2022-43680

Description:

This update for expat fixes the following issues:
- CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708).

Advisory ID	SUSE-SU-2022:3889-1
Released	Mon Nov 7 15:25:52 2022
Summary	Security update for exiv2
Type	security
Severity	important
References	1068871,1142675,1142679,1185002,1185218,1185447,1185913,1186053,1186192,1188645,1188733,1189332,1189333,1189334,1189335,1189338,CVE-2017-1000128,CVE-2019-13108,CVE-2019-13111,CVE-2020-19716,CVE-2021-29457,CVE-2021-29463,CVE-2021-29470,CVE-2021-29623,CVE-2021-31291,CVE-2021-32617,CVE-2021-34334,CVE-2021-37620,CVE-2021-37621,CVE-2021-37622,CVE-2021-37623

Description:

This update for exiv2 fixes the following issues:
Updated to version 0.27.5 (jsc#PED-1393):

CVE-2017-1000128: Fixed stack out of bounds read in JPEG2000 parser (bsc#1068871).
CVE-2019-13108: Fixed integer overflow PngImage:readMetadata (bsc#1142675).
CVE-2020-19716: Fixed buffer overflow vulnerability in the Databuf function in types.cpp (bsc#1188645).
CVE-2021-29457: Fixed heap buffer overflow when write metadata into a crafted image file (bsc#1185002).
CVE-2021-29470: Fixed out-of-bounds read in Exiv2:Jp2Image:encodeJp2Header (bsc#1185447).
CVE-2021-29623: Fixed read of uninitialized memory (bsc#1186053).
CVE-2021-31291: Fixed heap-based buffer overflow in jp2image.cpp (bsc#1188733).
CVE-2021-32617: Fixed denial of service due to inefficient algorithm (bsc#1186192).
CVE-2021-37620: Fixed out-of-bounds read in XmpTextValue:read() (bsc#1189332).
CVE-2021-37621: Fixed DoS due to infinite loop in Image:printIFDStructure (bsc#1189333).
CVE-2021-37622: Fixed DoS due to infinite loop in JpegBase:printStructure (bsc#1189334)
CVE-2021-34334: Fixed DoS due to integer overflow in loop counter(bsc#1189338)
CVE-2021-37623: Fixed DoS due to infinite loop in JpegBase:printStructure (bsc#1189335)
CVE-2021-29463: Fixed out-of-bounds read in webpimage.cpp (bsc#1185913).
CVE-2021-34334: Fixed DoS due to integer overflow in loop counter (bsc#1189338)
CVE-2019-13111: Fixed integer overflow in WebPImage:decodeChunks that lead to denial of service (bsc#1142679)
CVE-2021-29463: Fixed an out-of-bounds read was found in webpimage.cpp (bsc#1185913)

Bugfixes:

Fixed build using GCC 11 (bsc#1185218).

A new libexiv2-2_27 shared library is shipped, the libexiv2-2_26 is provided only for compatibility now.
Please recompile your applications using the exiv2 library.

Advisory ID	SUSE-SU-2022:3899-1
Released	Tue Nov 8 10:43:45 2022
Summary	Security update for sendmail
Type	security
Severity	important
References	1202937,1204696,CVE-2022-31256

Description:

This update for sendmail fixes the following issues:
- CVE-2022-31256: Fixed mail to root privilege escalation via sm-client.pre script (bsc#1204696, bsc#1202937).

Advisory ID	SUSE-RU-2022:3900-1
Released	Tue Nov 8 10:47:55 2022
Summary	Recommended update for docker
Type	recommended
Severity	moderate
References	1200022

Description:

This update for docker fixes the following issues:

Fix a crash-on-start issue with dockerd (bsc#1200022)

Advisory ID	SUSE-RU-2022:3904-1
Released	Tue Nov 8 10:52:13 2022
Summary	Recommended update for openssh
Type	recommended
Severity	moderate
References	1192439

Description:

This update for openssh fixes the following issue:

Prevent empty messages from being sent. (bsc#1192439)

Advisory ID	SUSE-SU-2022:3908-1
Released	Tue Nov 8 12:31:18 2022
Summary	Security update for gstreamer-plugins-good
Type	security
Severity	moderate
References	1201688,1201693,1201702,1201704,1201706,1201707,1201708,CVE-2022-1920,CVE-2022-1921,CVE-2022-1922,CVE-2022-1923,CVE-2022-1924,CVE-2022-1925,CVE-2022-2122

Description:

This update for gstreamer-plugins-good fixes the following issues:

CVE-2022-1920: Fixed integer overflow in WavPack header handling code (bsc#1201688).
CVE-2022-1921: Fixed integer overflow resulting in heap corruption in avidemux element (bsc#1201693).
CVE-2022-1922: Fixed integer overflows in mkv demuxing (bsc#1201702).
CVE-2022-1923: Fixed integer overflows in mkv demuxing using bzip (bsc#1201704).
CVE-2022-1924: Fixed integer overflows in mkv demuxing using lzo (bsc#1201706).
CVE-2022-1925: Fixed integer overflows in mkv demuxing using HEADERSTRIP (bsc#1201707).
CVE-2022-2122: Fixed integer overflows in qtdemux using zlib (bsc#1201708).

Advisory ID	SUSE-RU-2022:3909-1
Released	Tue Nov 8 13:02:20 2022
Summary	Recommended update for crmsh
Type	recommended
Severity	moderate
References	1196726,1202465,1202655,1204670

Description:

This update for crmsh fixes the following issues:

Update to version 4.4.0+20221028.3e41444: * Packaging: create /var/log/crmsh with tmpfiles.d * Fix: log: ownership and mode of log files should be set in RotatingFileHandler * Fix: crmsh not working when using ACL * fix: log: fail to open log file even if user is in haclient group (bsc#1204670) * Dev: bootstrap: Show remote node name when stopping service remotely * Dev: parallax: Add LogLevel=error ssh option to filter out warnings (bsc#1196726) * Revert 'Only raise exception when return code of systemctl ssh command is larger than 4 (bsc#1196726)' (bsc#1202655) * configure: refresh cib before showing or modifying if no pending changes has been made (bsc#1202465)

Advisory ID	SUSE-RU-2022:3910-1
Released	Tue Nov 8 13:05:04 2022
Summary	Recommended update for pam
Type	recommended
Severity	moderate
References

Description:

This update for pam fixes the following issue:

Update pam_motd to the most current version. (PED-1712)

Advisory ID	SUSE-SU-2022:3915-1
Released	Tue Nov 8 14:12:47 2022
Summary	Security update for vsftpd
Type	security
Severity	moderate
References	1196918

Description:

This update for vsftpd fixes the following issues:
Bugfixes:
- Removed unsupported systemd hardening options (bsc#1196918).

Advisory ID	SUSE-RU-2022:3917-1
Released	Tue Nov 8 16:41:28 2022
Summary	Recommended update for python-azure-agent
Type	recommended
Severity	moderate
References	1203164,1203181

Description:

This update for python-azure-agent fixes the following issues:

Properly set OS.EnableRDMA flag (bsc#1203181)
Update to version 2.8.0.11 (bsc#1203164)

Advisory ID	SUSE-SU-2022:3922-1
Released	Wed Nov 9 09:03:33 2022
Summary	Security update for protobuf
Type	security
Severity	important
References	1194530,1203681,1204256,CVE-2021-22569,CVE-2022-1941,CVE-2022-3171

Description:

This update for protobuf fixes the following issues:

CVE-2021-22569: Fixed Denial of Service in protobuf-java in the parsing procedure for binary data (bsc#1194530).
CVE-2022-1941: Fix a potential DoS issue in protobuf-cpp and protobuf-python (bsc#1203681)
CVE-2022-3171: Fix a potential DoS issue when parsing with binary data in protobuf-java (bsc#1204256)

Advisory ID	SUSE-RU-2022:3927-1
Released	Wed Nov 9 14:55:47 2022
Summary	Recommended update for runc
Type	recommended
Severity	moderate
References	1202021,1202821

Description:

This update for runc fixes the following issues:

Update to runc v1.1.4 (bsc#1202021)
Fix failed exec after systemctl daemon-reload (bsc#1202821)
Fix mounting via wrong proc
Fix 'permission denied' error from runc run on noexec filesystem

Advisory ID	SUSE-SU-2022:3931-1
Released	Thu Nov 10 11:26:01 2022
Summary	Security update for git
Type	security
Severity	moderate
References	1204455,1204456,CVE-2022-39253,CVE-2022-39260

Description:

This update for git fixes the following issues:
- CVE-2022-39260: Fixed overflow in split_cmdline() (bsc#1204456). - CVE-2022-39253: Fixed dereference issue with symbolic links via the `--local` clone mechanism (bsc#1204455).

Advisory ID	SUSE-SU-2022:3932-1
Released	Thu Nov 10 11:55:12 2022
Summary	Security update for python-rsa
Type	security
Severity	moderate
References	1178676,CVE-2020-25658

Description:

This update for python-rsa fixes the following issues:
- CVE-2020-25658: Fixed bleichenbacher timing oracle attack against RSA decryption (bsc#1178676).

Advisory ID	SUSE-SU-2022:3936-1
Released	Thu Nov 10 13:36:13 2022
Summary	Security update for libarchive
Type	security
Severity	moderate
References	1192426,1192427,CVE-2021-31566

Description:

This update for libarchive fixes the following issues:
- CVE-2021-31566: Fixed vulnerability where libarchive modifies file flags of symlink target (bsc#1192426) - Fixed issue where processing fixup entries may follow symbolic links (bsc#1192427).

Advisory ID	SUSE-SU-2022:3941-1
Released	Thu Nov 10 15:01:32 2022
Summary	Security update for xwayland
Type	security
Severity	important
References	1204412,1204416,CVE-2022-3550,CVE-2022-3551

Description:

This update for xwayland fixes the following issues:
- CVE-2022-3550: Fixed out of bounds read/write in _GetCountedString() (bsc#1204412). - CVE-2022-3551: Fixed various leaks of the return value of GetComponentSpec() (bsc#1204416).

Advisory ID	SUSE-RU-2022:3943-1
Released	Thu Nov 10 16:47:07 2022
Summary	Recommended update for ocfs2-tools
Type	recommended
Severity	moderate
References	1191084

Description:

This update for ocfs2-tools fixes the following issues:

ocfs2-tools: finish UsrMerge, install to /usr (bsc#1191084)

Advisory ID	SUSE-RU-2022:3946-1
Released	Fri Nov 11 08:17:46 2022
Summary	Recommended update for wireplumber
Type	recommended
Severity	moderate
References	1200485,1202008

Description:

This update for wireplumber fixes the following issues:

Fix to automatically enable wireplumber user service in new and current installations (bsc#1200485, bsc#1202008)

Advisory ID	SUSE-SU-2022:3953-1
Released	Fri Nov 11 11:41:28 2022
Summary	Security update for xterm
Type	security
Severity	moderate
References	1195387,CVE-2022-24130

Description:

This update for xterm fixes the following issues:
- CVE-2022-24130: Fixed buffer overflow in set_sixel when Sixel support is enabled (bsc#1195387).

Advisory ID	SUSE-RU-2022:3958-1
Released	Fri Nov 11 15:20:45 2022
Summary	Recommended update for mozilla-nss
Type	recommended
Severity	moderate
References	1191546,1198980,1201298,1202870,1204729

Description:

This update for mozilla-nss fixes the following issues:
mozilla-nss was updated to NSS 3.79.2 (bsc#1204729)

Bump minimum NSPR version to 4.34.1.
Gracefully handle null nickname in CERT_GetCertNicknameWithValidity.

FIPS: Allow the use of DSA keys (verification only) (bsc#1201298).
FIPS: Add sftk_FIPSRepeatIntegrityCheck() to softoken's .def file (bsc#1198980).
FIPS: Allow the use of longer symmetric keys via the service level indicator (bsc#1191546).
FIPS: Export sftk_FIPSRepeatIntegrityCheck() correctly (bsc#1198980).
FIPS: Prevent sessions from getting flagged as non-FIPS (bsc#1191546).
FIPS: Mark DSA keygen unapproved (bsc#1191546, bsc#1201298).
FIPS: Enable userspace entropy gathering via libjitterentropy (bsc#1202870).
FIPS: Prevent keys from getting flagged as non-FIPS and add remaining TLS mechanisms.
FIPS: Use libjitterentropy for entropy.
FIPS: Fixed an abort() when both NSS_FIPS and /proc FIPS mode are enabled.

Advisory ID	SUSE-SU-2022:3959-1
Released	Fri Nov 11 15:38:11 2022
Summary	Security update for busybox
Type	security
Severity	important
References	1064976,1064978,1069412,1099260,1099263,1102912,1121426,1121428,1184522,1192869,951562,970662,970663,991940,CVE-2011-5325,CVE-2015-9261,CVE-2016-2147,CVE-2016-2148,CVE-2016-6301,CVE-2017-15873,CVE-2017-15874,CVE-2017-16544,CVE-2018-1000500,CVE-2018-1000517,CVE-2018-20679,CVE-2019-5747,CVE-2021-28831,CVE-2021-42373,CVE-2021-42374,CVE-2021-42375,CVE-2021-42376,CVE-2021-42377,CVE-2021-42378,CVE-2021-42379,CVE-2021-42380,CVE-2021-42381,CVE-2021-42382,CVE-2021-42383,CVE-2021-42384,CVE-2021-42385,CVE-2021-42386

Description:

This update for busybox fixes the following issues:

Enable switch_root With this change virtme --force-initramfs works as expected.
Enable udhcpc

busybox was updated to 1.35.0

Adjust busybox.config for new features in find, date and cpio

Annotate CVEs already fixed in upstream, but not mentioned in .changes yet:

CVE-2017-16544 (bsc#1069412): Insufficient sanitization of filenames when autocompleting
CVE-2015-9261 (bsc#1102912): huft_build misuses a pointer, causing segfaults
CVE-2016-2147 (bsc#970663): out of bounds write (heap) due to integer underflow in udhcpc
CVE-2016-2148 (bsc#970662): heap-based buffer overflow in OPTION_6RD parsing
CVE-2016-6301 (bsc#991940): NTP server denial of service flaw
CVE-2017-15873 (bsc#1064976): The get_next_block function in archival/libarchive/decompress_bunzip2.c has an Integer Overflow
CVE-2017-15874 (bsc#1064978): archival/libarchive/decompress_unlzma.c has an Integer Underflow
CVE-2019-5747 (bsc#1121428): out of bounds read in udhcp components
CVE-2021-42373, CVE-2021-42374, CVE-2021-42375, CVE-2021-42376, CVE-2021-42377, CVE-2021-42378, CVE-2021-42379, CVE-2021-42380, CVE-2021-42381, CVE-2021-42382, CVE-2021-42383, CVE-2021-42384, CVE-2021-42385, CVE-2021-42386 (bsc#1192869) : v1.34.0 bugfixes
CVE-2021-28831 (bsc#1184522): invalid free or segmentation fault via malformed gzip data
CVE-2018-20679 (bsc#1121426): out of bounds read in udhcp
CVE-2018-1000517 (bsc#1099260): Heap-based buffer overflow in the retrieve_file_data()
CVE-2011-5325 (bsc#951562): tar directory traversal
CVE-2018-1000500 (bsc#1099263): wget: Missing SSL certificate validation

Advisory ID	SUSE-RU-2022:3961-1
Released	Mon Nov 14 07:33:50 2022
Summary	Recommended update for zlib
Type	recommended
Severity	important
References	1203652

Description:

This update for zlib fixes the following issues:

Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652)

Advisory ID	SUSE-RU-2022:3963-1
Released	Mon Nov 14 09:05:22 2022
Summary	Recommended update for sssd
Type	recommended
Severity	moderate
References	1202559

Description:

This update for sssd fixes the following issues:

Fix the 'No matching host rule found' error in sdap_access_host (bsc#1202559)

Advisory ID	SUSE-SU-2022:3969-1
Released	Mon Nov 14 14:03:32 2022
Summary	Security update for kubevirt stack
Type	security
Severity	important
References

Description:

This update provides rebuilds of the kubevirt containers with up to date base images, fixing various security issues.

Advisory ID	SUSE-SU-2022:3970-1
Released	Mon Nov 14 14:04:20 2022
Summary	Security update for containerized-data-importer
Type	security
Severity	important
References

Description:

This update rebuilds the current containeried data importer images against current base images, to fix security issues.

Advisory ID	SUSE-RU-2022:3972-1
Released	Mon Nov 14 15:03:13 2022
Summary	Recommended update for p7zip
Type	recommended
Severity	low
References	1203316

Description:

This update for p7zip fixes the following issue:

Ship p7zip-full to SLE15-SP3 basesystem (bsc#1203316).

Advisory ID	SUSE-RU-2022:3974-1
Released	Mon Nov 14 15:39:20 2022
Summary	Recommended update for util-linux
Type	recommended
Severity	moderate
References	1201959,1204211

Description:

This update for util-linux fixes the following issues:

Fix file conflict during upgrade (bsc#1204211)
libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid.

Advisory ID	SUSE-SU-2022:3976-1
Released	Mon Nov 14 20:05:36 2022
Summary	Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP4)
Type	security
Severity	important
References	1204289,CVE-2022-42722

Description:

This update for the Linux Kernel 5.14.21-150400_24_21 fixes one issue.
The following security issue was fixed:

CVE-2022-42722: Fixed crash in beacon protection for P2P-device. (bsc#1204125)

Advisory ID	SUSE-RU-2022:3978-1
Released	Tue Nov 15 09:56:31 2022
Summary	Security update for rpmlint-mini
Type	recommended
Severity	moderate
References	1201207

Description:

This update for rpmlint-mini fixes the following issues:

NetworkManager: update nm-priv-helper whitelisting (bsc#1201207)

Advisory ID	SUSE-SU-2022:3979-1
Released	Tue Nov 15 11:05:22 2022
Summary	Security update for python-Mako
Type	security
Severity	moderate
References	1203246,CVE-2022-40023

Description:

This update for python-Mako fixes the following issues:
- CVE-2022-40023: Fixed regular expression Denial of Service when using the Lexer class to parse (bsc#1203246).

Advisory ID	SUSE-SU-2022:3983-1
Released	Tue Nov 15 11:46:29 2022
Summary	Security update for freerdp
Type	security
Severity	moderate
References	1204257,1204258,CVE-2022-39282,CVE-2022-39283

Description:

This update for freerdp fixes the following issues:

CVE-2022-39282: Fix to init data read by `/parallel` command line switch. (bsc#1204258)
CVE-2022-39283: Fix to prevent video channel from reading uninitialized data. (bsc#1204257)

Advisory ID	SUSE-RU-2022:3985-1
Released	Tue Nov 15 12:54:11 2022
Summary	Recommended update for python-apipkg
Type	recommended
Severity	moderate
References	1204145

Description:

This update fixes for python3-apipkg the following issues:

Advisory ID	SUSE-SU-2022:3986-1
Released	Tue Nov 15 12:57:41 2022
Summary	Security update for libX11
Type	security
Severity	moderate
References	1204422,1204425,CVE-2022-3554,CVE-2022-3555

Description:

This update for libX11 fixes the following issues:
- CVE-2022-3554: Fixed memory leak in XRegisterIMInstantiateCallback() (bsc#1204422). - CVE-2022-3555: Fixed memory leak in _XFreeX11XCBStructure() (bsc#1204425).

Advisory ID	SUSE-SU-2022:3991-1
Released	Tue Nov 15 13:54:13 2022
Summary	Security update for dhcp
Type	security
Severity	moderate
References	1203988,1203989,CVE-2022-2928,CVE-2022-2929

Description:

This update for dhcp fixes the following issues:
- CVE-2022-2928: Fixed an option refcount overflow (bsc#1203988). - CVE-2022-2929: Fixed a DHCP memory leak (bsc#1203989).

Advisory ID	SUSE-SU-2022:3995-1
Released	Tue Nov 15 16:49:28 2022
Summary	Security update for jackson-databind
Type	security
Severity	important
References	1204369,1204370,CVE-2022-42003,CVE-2022-42004

Description:

This update for jackson-databind fixes the following issues:
Update to version 2.13.4.2:
- CVE-2022-42003: Fixed missing check in primitive value deserializers to avoid deep wrapper array nesting wrt 'UNWRAP_SINGLE_VALUE_ARRAYS' (bsc#1204370). - CVE-2022-42004: Fixed missing check in 'BeanDeserializer._deserializeFromArray()' to prevent use of deeply nested arrays (bsc#1204369).

Advisory ID	SUSE-SU-2022:3996-1
Released	Tue Nov 15 17:06:52 2022
Summary	Security update for 389-ds
Type	security
Severity	low
References	1194119,1204493,1204748,1205146,CVE-2021-45710

Description:

This update for 389-ds fixes the following issues:

CVE-2021-45710: Fixed tokio data race with memory corruption (bsc#1194119).

Update to version 2.0.16~git56.d15a0a7:
Failure to migrate from openldap if pwdPolicyChecker present (bsc#1205146).
Resolve issue with checklist post migration when dds is present (bsc#1204748).
Improve reliability of migrations from openldap when dynamic directory services is configured (bsc#1204493).

Advisory ID	SUSE-SU-2022:3997-1
Released	Tue Nov 15 17:07:17 2022
Summary	Security update for php7
Type	security
Severity	important
References	1203867,1203870,1204577,1204979,CVE-2021-21707,CVE-2021-21708,CVE-2022-31625,CVE-2022-31626,CVE-2022-31628,CVE-2022-31629,CVE-2022-31630,CVE-2022-37454

Description:

This update for php7 fixes the following issues:

Version update to 7.4.33:
CVE-2022-31630: Fixed out-of-bounds read due to insufficient input validation in imageloadfont() (bsc#1204979).
CVE-2022-37454: Fixed buffer overflow in hash_update() on long parameter (bsc#1204577).

Version update to 7.4.32 (jsc#SLE-23639)
CVE-2022-31628: Fixed an uncontrolled recursion in the phar uncompressor while decompressing 'quines' gzip files. (bsc#1203867)
CVE-2022-31629: Fixed a bug which could lead an attacker to set an insecure cookie that will treated as secure in the victim's browser. (bsc#1203870)

Advisory ID	SUSE-SU-2022:3998-1
Released	Tue Nov 15 17:07:45 2022
Summary	Security update for the Linux Kernel
Type	security
Severity	important
References	1065729,1071995,1152472,1152489,1188238,1194869,1196018,1196632,1199904,1200567,1200692,1200788,1202187,1202686,1202700,1202914,1203098,1203229,1203290,1203435,1203514,1203699,1203701,1203767,1203770,1203802,1203922,1203979,1204017,1204051,1204059,1204060,1204125,1204142,1204166,1204168,1204171,1204241,1204353,1204354,1204355,1204402,1204413,1204415,1204417,1204428,1204431,1204439,1204470,1204479,1204498,1204533,1204569,1204574,1204575,1204619,1204635,1204637,1204646,1204647,1204650,1204653,1204693,1204705,1204719,1204728,1204753,1204868,1204926,1204933,1204934,1204947,1204957,1204963,1204970,CVE-2022-1882,CVE-2022-2153,CVE-2022-28748,CVE-2022-2964,CVE-2022-2978,CVE-2022-3169,CVE-2022-33981,CVE-2022-3424,CVE-2022-3435,CVE-2022-3521,CVE-2022-3524,CVE-2022-3526,CVE-2022-3535,CVE-2022-3542,CVE-2022-3545,CVE-2022-3565,CVE-2022-3577,CVE-2022-3586,CVE-2022-3594,CVE-2022-3619,CVE-2022-3621,CVE-2022-3625,CVE-2022-3628,CVE-2022-3629,CVE-2022-3633,CVE-2022-3640,CVE-2022-3646,CVE-2022-3649,CVE-2022-40476,CVE-2022-40768,CVE-2022-41674,CVE-2022-42703,CVE-2022-42719,CVE-2022-42720,CVE-2022-42721,CVE-2022-42722,CVE-2022-43750

Description:

The SUSE Linux Enterprise 15-SP4 Azure kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:

CVE-2022-1882: Fixed a use-after-free flaw in free_pipe_info() that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1199904).
CVE-2022-2153: Fixed vulnerability in KVM that could allow an unprivileged local attacker on the host to cause DoS (bnc#1200788).
CVE-2022-2964, CVE-2022-28748: Fixed memory corruption issues in ax88179_178a devices (bnc#1202686 bsc#1196018).
CVE-2022-2978: Fixed use-after-free in the NILFS file system that could lead to local privilege escalation or DoS (bnc#1202700).
CVE-2022-3169: Fixed a denial of service flaw which occurs when consecutive requests to NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET are sent (bnc#1203290).
CVE-2022-33981: Fixed a use-after-free in floppy driver (bnc#1200692).
CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204166).
CVE-2022-3435: Fixed an out-of-bounds read in fib_nh_match() of the file net/ipv4/fib_semantics.c (bsc#1204171).
CVE-2022-3521: Fixed race condition in kcm_tx_work() in net/kcm/kcmsock.c (bnc#1204355).
CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bnc#1204354).
CVE-2022-3526: Fixed a memory leak in macvlan_handle_frame() from drivers/net/macvlan.c (bnc#1204353).
CVE-2022-3535: Fixed memory leak in mvpp2_dbgfs_port_init() in drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c (bnc#1204417).
CVE-2022-3542: Fixed memory leak in bnx2x_tpa_stop() in drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c (bnc#1204402).
CVE-2022-3545: Fixed use-after-free in area_cache_get() in drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bnc#1204415).
CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bnc#1204431).
CVE-2022-3577: Fixed out-of-bounds memory write flaw in bigben device driver that could lead to local privilege escalation or DoS (bnc#1204470).
CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bnc#1204439).
CVE-2022-3594: Fixed excessive data logging in intr_callback() in drivers/net/usb/r8152.c (bnc#1204479).
CVE-2022-3619: Fixed memory leak in l2cap_recv_acldata() in net/bluetooth/l2cap_core.c of the component (bnc#1204569).
CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bnc#1204574).
CVE-2022-3625: Fixed use-after-free in devlink_param_set()/devlink_param_get() in net/core/devlink.c (bnc#1204637).
CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868).
CVE-2022-3629: Fixed memory leak in vsock_connect() in net/vmw_vsock/af_vsock.c (bnc#1204635).
CVE-2022-3633: Fixed memory leak in j1939_session_destroy() in net/can/j1939/transport.c (bnc#1204650).
CVE-2022-3640: Fixed use-after-free in l2cap_conn_del() in net/bluetooth/l2cap_core.c (bnc#1204619).
CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bnc#1204646).
CVE-2022-3649: Fixed use-after-free in nilfs_new_inode() in fs/nilfs2/inode.c (bnc#1204647).
CVE-2022-40476: Fixed a null pointer dereference in fs/io_uring.c (bnc#1203435).
CVE-2022-40768: Fixed information leak in the scsi driver which allowed local users to obtain sensitive information from kernel memory (bnc#1203514).
CVE-2022-41674: Fixed a DoS issue where kernel can crash on the reception of specific WiFi Frames (bsc#1203770).
CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bnc#1204168).
CVE-2022-42719: Fixed MBSSID parsing use-after-free. (bsc#1204051)
CVE-2022-42720: Fixed BSS refcounting bugs. (bsc#1204059)
CVE-2022-42721: Avoid nontransmitted BSS list corruption. (bsc#1204060)
CVE-2022-42722: Fixed crash in beacon protection for P2P-device. (bsc#1204125)
CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bnc#1204653).

The following non-security bugs were fixed:

ACPI: APEI: do not add task_work to kernel thread to avoid memory leak (git-fixes).
ACPI: HMAT: Release platform device in case of platform_device_add_data() fails (git-fixes).
ACPI: extlog: Handle multiple records (git-fixes).
ACPI: tables: FPDT: Do not call acpi_os_map_memory() on invalid phys address (git-fixes).
ACPI: video: Add Toshiba Satellite/Portege Z830 quirk (git-fixes).
ACPI: video: Make backlight class device registration a separate step (v2) (git-fixes).
ACPI: x86: Add a quirk for Dell Inspiron 14 2-in-1 for StorageD3Enable (git-fixes).
ALSA: Use del_timer_sync() before freeing timer (git-fixes).
ALSA: ac97: fix possible memory leak in snd_ac97_dev_register() (git-fixes).
ALSA: aoa: Fix I2S device accounting (git-fixes).
ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() (git-fixes).
ALSA: asihpi - Remove useless code in hpi_meter_get_peak() (git-fixes).
ALSA: au88x0: use explicitly signed char (git-fixes).
ALSA: dmaengine: increment buffer pointer atomically (git-fixes).
ALSA: hda/cs_dsp_ctl: Fix mutex inversion when creating controls (bsc#1203699).
ALSA: hda/hdmi: Do not skip notification handling during PM operation (git-fixes).
ALSA: hda/hdmi: Fix the converter allocation for the silent stream (git-fixes).
ALSA: hda/hdmi: Fix the converter reuse for the silent stream (git-fixes).
ALSA: hda/hdmi: change type for the 'assigned' variable (git-fixes).
ALSA: hda/realtek: Add Intel Reference SSID to support headset keys (git-fixes).
ALSA: hda/realtek: Add another HP ZBook G9 model quirks (bsc#1203699).
ALSA: hda/realtek: Add quirk for ASUS GV601R laptop (git-fixes).
ALSA: hda/realtek: Add quirk for ASUS Zenbook using CS35L41 (bsc#1203922).
ALSA: hda/realtek: Correct pin configs for ASUS G533Z (git-fixes).
ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530 (git-fixes).
ALSA: hda: Fix position reporting on Poulsbo (git-fixes).
ALSA: hda: cs35l41: Remove suspend/resume hda hooks (bsc#1203699).
ALSA: hda: cs35l41: Support System Suspend (bsc#1203699).
ALSA: hda: hda_cs_dsp_ctl: Ensure pwr_lock is held before reading/writing controls (bsc#1203699).
ALSA: hda: hda_cs_dsp_ctl: Minor clean and redundant code removal (bsc#1203699).
ALSA: hiface: fix repeated words in comments (git-fixes).
ALSA: line6: Replace sprintf() with sysfs_emit() (git-fixes).
ALSA: line6: remove line6_set_raw declaration (git-fixes).
ALSA: oss: Fix potential deadlock at unregistration (git-fixes).
ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free() (git-fixes).
ALSA: rme9652: use explicitly signed char (git-fixes).
ALSA: scarlett2: Add Focusrite Clarett+ 8Pre support (git-fixes).
ALSA: scarlett2: Add support for the internal 'standalone' switch (git-fixes).
ALSA: scarlett2: Split scarlett2_config_items[] into 3 sections (git-fixes).
ALSA: usb-audio: Add mixer mapping for Gigabyte B450/550 Mobos (git-fixes).
ALSA: usb-audio: Add quirk to enable Avid Mbox 3 support (git-fixes).
ALSA: usb-audio: Add quirks for M-Audio Fast Track C400/600 (git-fixes).
ALSA: usb-audio: Fix NULL dererence at error path (git-fixes).
ALSA: usb-audio: Fix last interface check for registration (git-fixes).
ALSA: usb-audio: Fix potential memory leaks (git-fixes).
ALSA: usb-audio: Fix regression with Dell Dock jack detection (bsc#1204719).
ALSA: usb-audio: Register card at the last interface (git-fixes).
ALSA: usb-audio: make read-only array marker static const (git-fixes).
ALSA: usb-audio: remove redundant assignment to variable c (git-fixes).
ALSA: usb-audio: scarlett2: Use struct_size() helper in scarlett2_usb() (git-fixes).
ALSA: usb/6fire: fix repeated words in comments (git-fixes).
ARM: 9242/1: kasan: Only map modules if CONFIG_KASAN_VMALLOC=n (git-fixes).
ARM: 9244/1: dump: Fix wrong pg_level in walk_pmd() (git-fixes).
ARM: 9247/1: mm: set readonly for MT_MEMORY_RO with ARM_LPAE (git-fixes).
ARM: Drop CMDLINE_* dependency on ATAGS (git-fixes).
ARM: decompressor: Include .data.rel.ro.local (git-fixes).
ARM: defconfig: clean up multi_v4t and multi_v5 configs (git-fixes).
ARM: defconfig: drop CONFIG_PTP_1588_CLOCK=y (git-fixes).
ARM: defconfig: drop CONFIG_SERIAL_OMAP references (git-fixes).
ARM: defconfig: drop CONFIG_USB_FSL_USB2 (git-fixes).
ARM: dts: armada-38x: Add gpio-ranges for pin muxing (git-fixes).
ARM: dts: exynos: correct s5k6a3 reset polarity on Midas family (git-fixes).
ARM: dts: exynos: fix polarity of VBUS GPIO of Origen (git-fixes).
ARM: dts: fix Moxa SDIO 'compatible', remove 'sdhci' misnomer (git-fixes).
ARM: dts: imx6dl: add missing properties for sram (git-fixes).
ARM: dts: imx6q: add missing properties for sram (git-fixes).
ARM: dts: imx6qdl-gw59{10,13}: fix user pushbutton GPIO offset (git-fixes).
ARM: dts: imx6qdl-kontron-samx6i: hook up DDC i2c bus (git-fixes).
ARM: dts: imx6qp: add missing properties for sram (git-fixes).
ARM: dts: imx6sl: add missing properties for sram (git-fixes).
ARM: dts: imx6sll: add missing properties for sram (git-fixes).
ARM: dts: imx6sx: add missing properties for sram (git-fixes).
ARM: dts: imx7d-sdb: config the max pressure for tsc2046 (git-fixes).
ARM: dts: integrator: Tag PCI host with device_type (git-fixes).
ARM: dts: kirkwood: lsxl: fix serial line (git-fixes).
ARM: dts: kirkwood: lsxl: remove first ethernet port (git-fixes).
ARM: dts: turris-omnia: Add label for wan port (git-fixes).
ARM: dts: turris-omnia: Fix mpp26 pin name and comment (git-fixes).
ASoC: SOF: pci: Change DMI match info to support all Chrome platforms (git-fixes).
ASoC: codecs: tx-macro: fix kcontrol put (git-fixes).
ASoC: da7219: Fix an error handling path in da7219_register_dai_clks() (git-fixes).
ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API (git-fixes).
ASoC: fsl_sai: Remove unnecessary FIFO reset in ISR (git-fixes).
ASoC: mt6359: fix tests for platform_get_irq() failure (git-fixes).
ASoC: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe (git-fixes).
ASoC: qcom: lpass-cpu: Mark HDMI TX parity register as volatile (git-fixes).
ASoC: qcom: lpass-cpu: mark HDMI TX registers as volatile (git-fixes).
ASoC: rsnd: Add check for rsnd_mod_power_on (git-fixes).
ASoC: tas2764: Allow mono streams (git-fixes).
ASoC: tas2764: Drop conflicting set_bias_level power setting (git-fixes).
ASoC: tas2764: Fix mute/unmute (git-fixes).
ASoC: wcd9335: fix order of Slimbus unprepare/disable (git-fixes).
ASoC: wcd934x: fix order of Slimbus unprepare/disable (git-fixes).
ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe (git-fixes).
ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe (git-fixes).
ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe (git-fixes).
ASoC: wm_adsp: Handle optional legacy support (git-fixes).
Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (git-fixes).
Bluetooth: L2CAP: Fix user-after-free (git-fixes).
Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() (git-fixes).
Bluetooth: RFCOMM: Fix possible deadlock on socket shutdown/release (git-fixes).
Bluetooth: btintel: Mark Intel controller to support LE_STATES quirk (git-fixes).
Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times (git-fixes).
Bluetooth: virtio_bt: Use skb_put to set length (git-fixes).
Documentation: devres: add missing I2C helper (git-fixes).
Drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1204017).
Drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017).
Drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017).
Drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017).
Drop verbose nvme logging feature (bsc#1200567).
HID: hidraw: fix memory leak in hidraw_release() (git-fixes).
HID: magicmouse: Do not set BTN_MOUSE on double report (git-fixes).
HID: multitouch: Add memory barriers (git-fixes).
HID: roccat: Fix use-after-free in roccat_read() (git-fixes).
HSI: omap_ssi: Fix refcount leak in ssi_probe (git-fixes).
HSI: omap_ssi_port: Fix dma_map_sg error check (git-fixes).
IB/core: Fix a nested dead lock as part of ODP flow (git-fixes)
IB/rdmavt: Add __init/__exit annotations to module init/exit funcs (git-fixes)
Input: i8042 - fix refount leak on sparc (git-fixes).
Input: synaptics-rmi4 - fix firmware update operations with bootloader v8 (git-fixes).
Input: xpad - add supported devices as contributed on github (git-fixes).
Input: xpad - fix wireless 360 controller breaking after suspend (git-fixes).
KVM: SVM: Exit to userspace on ENOMEM/EFAULT GHCB errors (git-fixes).
KVM: VMX: Inject #PF on ENCLS as 'emulated' #PF (git-fixes).
KVM: fix avic_set_running for preemptable kernels (git-fixes).
KVM: nVMX: Ignore SIPI that arrives in L2 when vCPU is not in WFS (git-fixes).
KVM: nVMX: Unconditionally purge queued/injected events on nested 'exit' (git-fixes).
KVM: s390: Clarify SIGP orders versus STOP/RESTART (git-fixes).
KVM: s390: pv: do not present the ecall interrupt twice (bsc#1203229 LTC#199905).
KVM: s390x: fix SCK locking (git-fixes).
KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility (git-fixes).
KVM: x86/mmu: Do not advance iterator after restart due to yielding (git-fixes).
KVM: x86/mmu: Retry page fault if root is invalidated by memslot update (git-fixes).
KVM: x86/pmu: Add pmc->intr to refactor kvm_perf_overflow{_intr}() (git-fixes).
KVM: x86/pmu: Do not truncate the PerfEvtSeln MSR when creating a perf event (git-fixes).
KVM: x86/pmu: Fix available_event_types check for REF_CPU_CYCLES event (git-fixes).
KVM: x86/pmu: Refactoring find_arch_event() to pmc_perf_hw_id() (git-fixes).
KVM: x86: Add KVM_CAP_ENABLE_CAP to x86 (git-fixes).
KVM: x86: Add compat handler for KVM_X86_SET_MSR_FILTER (git-fixes).
KVM: x86: Always set kvm_run->if_flag (git-fixes).
KVM: x86: Forcibly leave nested virt when SMM state is toggled (git-fixes).
KVM: x86: Inject #UD on emulated XSETBV if XSAVES isn't enabled (git-fixes).
KVM: x86: Keep MSR_IA32_XSS unchanged for INIT (git-fixes).
KVM: x86: Register perf callbacks after calling vendor's hardware_setup() (git-fixes).
KVM: x86: Sync the states size with the XCR0/IA32_XSS at, any time (git-fixes).
KVM: x86: Update vPMCs when retiring branch instructions (git-fixes).
KVM: x86: Update vPMCs when retiring instructions (git-fixes).
KVM: x86: do not report preemption if the steal time cache is stale (git-fixes).
KVM: x86: nSVM/nVMX: set nested_run_pending on VM entry which is a result of RSM (git-fixes).
KVM: x86: nSVM: fix potential NULL derefernce on nested migration (git-fixes).
KVM: x86: nSVM: mark vmcb01 as dirty when restoring SMM saved state (git-fixes).
NFS: Fix another fsync() issue after a server reboot (git-fixes).
NFSv4: Fixes for nfs4_inode_return_delegation() (git-fixes).
PCI/ASPM: Correct LTR_L1.2_THRESHOLD computation (git-fixes).
PCI/ASPM: Ignore L1 PM Substates if device lacks capability (git-fixes).
PCI: Fix used_buses calculation in pci_scan_child_bus_extend() (git-fixes).
PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge (git-fixes).
PCI: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (bsc#1204017).
PCI: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (bsc#1204017).
PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (bsc#1204017).
PCI: mediatek-gen3: Change driver name to mtk-pcie-gen3 (git-fixes).
PM: domains: Fix handling of unavailable/disabled idle states (git-fixes).
PM: hibernate: Allow hybrid sleep to work with s2idle (git-fixes).
RDMA/cma: Fix arguments order in net device validation (git-fixes)
RDMA/hfi1: Fix potential integer multiplication overflow errors (git-fixes)
RDMA/hns: Add the detection for CMDQ status in the device initialization process (git-fixes)
RDMA/irdma: Add support for address handle re-use (git-fixes)
RDMA/irdma: Align AE id codes to correct flush code and event (git-fixes)
RDMA/irdma: Do not advertise 1GB page size for x722 (git-fixes)
RDMA/irdma: Fix VLAN connection with wildcard address (git-fixes)
RDMA/irdma: Fix a window for use-after-free (git-fixes)
RDMA/irdma: Fix setting of QP context err_rq_idx_valid field (git-fixes)
RDMA/irdma: Fix sleep from invalid context BUG (git-fixes)
RDMA/irdma: Move union irdma_sockaddr to header file (git-fixes)
RDMA/irdma: Remove the unnecessary variable saddr (git-fixes)
RDMA/irdma: Report RNR NAK generation in device caps (git-fixes)
RDMA/irdma: Report the correct max cqes from query device (git-fixes)
RDMA/irdma: Return correct WC error for bind operation failure (git-fixes)
RDMA/irdma: Return error on MR deregister CQP failure (git-fixes)
RDMA/irdma: Use net_type to check network type (git-fixes)
RDMA/irdma: Validate udata inlen and outlen (git-fixes)
RDMA/mlx5: Add missing check for return value in get namespace flow (git-fixes)
RDMA/mlx5: Do not compare mkey tags in DEVX indirect mkey (git-fixes)
RDMA/qedr: Fix potential memory leak in __qedr_alloc_mr() (git-fixes)
RDMA/qedr: Fix reporting QP timeout attribute (git-fixes)
RDMA/rxe: Fix 'kernel NULL pointer dereference' error (git-fixes)
RDMA/rxe: Fix deadlock in rxe_do_local_ops() (git-fixes)
RDMA/rxe: Fix error unwind in rxe_create_qp() (git-fixes)
RDMA/rxe: Fix mw bind to allow any consumer key portion (git-fixes)
RDMA/rxe: Fix resize_finish() in rxe_queue.c (git-fixes)
RDMA/rxe: Fix rnr retry behavior (git-fixes)
RDMA/rxe: Fix the error caused by qp->sk (git-fixes)
RDMA/rxe: For invalidate compare according to set keys in mr (git-fixes)
RDMA/rxe: Generate a completion for unsupported/invalid opcode (git-fixes)
RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall. (git-fixes)
RDMA/siw: Fix QP destroy to wait for all references dropped. (git-fixes)
RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event (git-fixes)
RDMA/siw: Pass a pointer to virt_to_page() (git-fixes)
RDMA/srp: Fix srp_abort() (git-fixes)
RDMA/srp: Handle dev_set_name() failure (git-fixes)
RDMA/srp: Rework the srp_add_port() error path (git-fixes)
RDMA/srp: Set scmnd->result only when scmnd is not NULL (git-fixes)
RDMA/srp: Support more than 255 rdma ports (git-fixes)
RDMA/srp: Use the attribute group mechanism for sysfs attributes (git-fixes)
RDMA/srpt: Duplicate port name members (git-fixes)
RDMA/srpt: Fix a use-after-free (git-fixes)
RDMA/srpt: Introduce a reference count in struct srpt_device (git-fixes)
RDMA/usnic: fix set-but-not-unused variable 'flags' warning (git-fixes)
RDMA: remove useless condition in siw_create_cq() (git-fixes)
Revert 'workqueue: remove unused cancel_work()' (bsc#1204933).
arm64/bti: Disable in kernel BTI when cross section thunks are broken (git-fixes)
arm64/mm: Consolidate TCR_EL1 fields (git-fixes).
arm64: dts: imx8: correct clock order (git-fixes).
arm64: dts: imx8mp: Add snps,gfladj-refclk-lpm-sel quirk to USB nodes (git-fixes).
arm64: dts: imx8mq-librem5: Add bq25895 as max17055's power supply (git-fixes).
arm64: dts: juno: Add thermal critical trip points (git-fixes).
arm64: dts: ls1088a: specify clock frequencies for the MDIO controllers (git-fixes).
arm64: dts: ls208xa: specify clock frequencies for the MDIO controllers (git-fixes).
arm64: dts: lx2160a: specify clock frequencies for the MDIO controllers (git-fixes).
arm64: dts: qcom: sc7280: Cleanup the lpasscc node (git-fixes).
arm64: dts: ti: k3-j7200: fix main pinmux range (git-fixes).
arm64: entry: avoid kprobe recursion (git-fixes).
arm64: ftrace: fix module PLTs with mcount (git-fixes).
arm64: mte: Avoid setting PG_mte_tagged if no tags cleared or restored (git-fixes).
arm64: topology: move store_cpu_topology() to shared code (git-fixes).
ata: ahci-imx: Fix MODULE_ALIAS (git-fixes).
ata: fix ata_id_has_devslp() (git-fixes).
ata: fix ata_id_has_dipm() (git-fixes).
ata: fix ata_id_has_ncq_autosense() (git-fixes).
ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting() (git-fixes).
ata: libahci_platform: Sanity check the DT child nodes number (git-fixes).
ata: pata_legacy: fix pdc20230_set_piomode() (git-fixes).
bnxt_en: Fix bnxt_refclk_read() (git-fixes).
bnxt_en: Fix bnxt_reinit_after_abort() code path (git-fixes).
bnxt_en: fix livepatch query (git-fixes).
bnxt_en: reclaim max resources if sriov enable fails (git-fixes).
bonding: 802.3ad: fix no transmission of LACPDUs (git-fixes).
bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers (git-fixes).
build mlx in arm64/azure as modules again (bsc#1203701) There is little gain by having the drivers built into the kernel. Having them as modules allows easy replacement by third party drivers. Change mlx4, mlx5 and mlxfw from built-in to module.
can: bcm: check the result of can_send() in bcm_can_tx() (git-fixes).
can: j1939: transport: j1939_session_skb_drop_old(): spin_unlock_irqrestore() before kfree_skb() (git-fixes).
can: kvaser_usb: Fix possible completions during init_completion (git-fixes).
can: kvaser_usb: Fix use of uninitialized completion (git-fixes).
can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency regression (git-fixes).
can: kvaser_usb: replace run-time checks with struct kvaser_usb_driver_info (git-fixes).
can: kvaser_usb_leaf: Fix CAN state after restart (git-fixes).
can: kvaser_usb_leaf: Fix TX queue out of sync after restart (git-fixes).
can: mcp251x: mcp251x_can_probe(): add missing unregister_candev() in error path (git-fixes).
can: mcp251xfd: mcp251xfd_register_get_dev_id(): fix endianness conversion (git-fixes).
can: mcp251xfd: mcp251xfd_register_get_dev_id(): use correct length to read dev_id (git-fixes).
can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path (git-fixes).
cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset (bsc#1204753).
clk: ast2600: BCLK comes from EPLL (git-fixes).
clk: at91: fix the build with binutils 2.27 (git-fixes).
clk: baikal-t1: Add SATA internal ref clock buffer (git-fixes).
clk: baikal-t1: Add shared xGMAC ref/ptp clocks internal parent (git-fixes).
clk: baikal-t1: Fix invalid xGMAC PTP clock divider (git-fixes).
clk: bcm2835: Make peripheral PLLC critical (git-fixes).
clk: bcm2835: Round UART input clock up (bsc#1188238)
clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration (git-fixes).
clk: bcm: rpi: Add support for VEC clock (bsc#1196632)
clk: berlin: Add of_node_put() for of_get_parent() (git-fixes).
clk: imx: scu: fix memleak on platform_device_add() fails (git-fixes).
clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent (git-fixes).
clk: meson: Hold reference returned by of_get_parent() (git-fixes).
clk: oxnas: Hold reference returned by of_get_parent() (git-fixes).
clk: qcom: apss-ipq6018: mark apcs_alias0_core_clk as critical (git-fixes).
clk: qcom: gcc-msm8916: use ARRAY_SIZE instead of specifying num_parents (git-fixes).
clk: qoriq: Hold reference returned by of_get_parent() (git-fixes).
clk: sprd: Hold reference returned by of_get_parent() (git-fixes).
clk: tegra20: Fix refcount leak in tegra20_clock_init (git-fixes).
clk: tegra: Fix refcount leak in tegra114_clock_init (git-fixes).
clk: tegra: Fix refcount leak in tegra210_clock_init (git-fixes).
clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe (git-fixes).
clk: vc5: Fix 5P49V6901 outputs disabling when enabling FOD (git-fixes).
clk: zynqmp: Fix stack-out-of-bounds in strncpy` (git-fixes).
clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate (git-fixes).
cpufreq: qcom: fix memory leak in error path (git-fixes).
cpufreq: qcom: fix writes in read-only memory region (git-fixes).
crypto: akcipher - default implementation for setting a private key (git-fixes).
crypto: cavium - prevent integer overflow loading firmware (git-fixes).
crypto: ccp - Release dma channels before dmaengine unrgister (git-fixes).
crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr (git-fixes).
crypto: inside-secure - Change swab to swab32 (git-fixes).
crypto: inside-secure - Replace generic aes with libaes (git-fixes).
crypto: marvell/octeontx - prevent integer overflows (git-fixes).
crypto: qat - fix default value of WDT timer (git-fixes).
crypto: sahara - do not sleep when in softirq (git-fixes).
device property: Fix documentation for *_match_string() APIs (git-fixes).
dmaengine: hisilicon: Add multi-thread support for a DMA channel (git-fixes).
dmaengine: hisilicon: Disable channels when unregister hisi_dma (git-fixes).
dmaengine: hisilicon: Fix CQ head update (git-fixes).
dmaengine: idxd: change bandwidth token to read buffers (jsc#PED-679).
dmaengine: idxd: deprecate token sysfs attributes for read buffers (jsc#PED-679).
dmaengine: idxd: force wq context cleanup on device disable path (git-fixes).
dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup() (git-fixes).
dmaengine: mxs: use platform_driver_register (git-fixes).
dmaengine: ti: k3-udma: Reset UDMA_CHAN_RT byte counters to prevent overflow (git-fixes).
dmaengine: xilinx_dma: Fix devm_platform_ioremap_resource error handling (git-fixes).
dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure (git-fixes).
dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property (git-fixes).
docs: update mediator information in CoC docs (git-fixes).
dpaa2-eth: trace the allocated address instead of page struct (git-fixes).
drivers: serial: jsm: fix some leaks in probe (git-fixes).
drm/amd/display: Assume an LTTPR is always present on fixed_vs links (git-fixes).
drm/amd/display: Changed pipe split policy to allow for multi-display (bsc#1152472) Backporting notes: * remove changes to non-existing 201 and 31 directories
drm/amd/display: Correct MPC split policy for DCN301 (git-fixes).
drm/amd/display: Fix build breakage with CONFIG_DEBUG_FS=n (git-fixes).
drm/amd/display: Fix double cursor on non-video RGB MPO (git-fixes).
drm/amd/display: Fix vblank refcount in vrr transition (git-fixes).
drm/amd/display: Remove interface for periodic interrupt 1 (git-fixes).
drm/amd/display: skip audio setup when audio stream is enabled (git-fixes).
drm/amd/display: update gamut remap if plane has changed (git-fixes).
drm/amd/pm: smu7_hwmgr: fix potential off-by-one overflow in 'performance_levels' (git-fixes).
drm/amdgpu/display: change pipe policy for DCN 2.0 (git-fixes).
drm/amdgpu/display: change pipe policy for DCN 2.1 (git-fixes).
drm/amdgpu/gfx10: add wraparound gpu counter check for APUs as well (bsc#1152472)
drm/amdgpu/gfx9: switch to golden tsc registers for renoir+ (bsc#1152472)
drm/amdgpu: add missing pci_disable_device() in amdgpu_pmops_runtime_resume() (git-fixes).
drm/amdgpu: fix initial connector audio value (git-fixes).
drm/amdgpu: fix sdma doorbell init ordering on APUs (git-fixes).
drm/amdkfd: Fix memory leak in kfd_mem_dmamap_userptr() (git-fixes).
drm/bridge: Avoid uninitialized variable warning (git-fixes).
drm/bridge: megachips: Fix a null pointer dereference bug (git-fixes).
drm/bridge: parade-ps8640: Fix regulator supply order (git-fixes).
drm/i915/dp: Reset frl trained flag before restarting FRL training (git-fixes).
drm/i915/ehl: Update MOCS table for EHL (git-fixes).
drm/i915/gvt: fix a memory leak in intel_gvt_init_vgpu_types (git-fixes).
drm/i915/hdmi: convert intel_hdmi_to_dev to intel_hdmi_to_i915 (bsc#1152489)
drm/i915: Reject unsupported TMDS rates on ICL+ (git-fixes).
drm/komeda: Fix handling of atomic commit in the atomic_commit_tail hook (git-fixes).
drm/meson: explicitly remove aggregate driver at module unload time (git-fixes).
drm/mipi-dsi: Detach devices when removing the host (git-fixes).
drm/msm/dp: Silence inconsistent indent warning (git-fixes).
drm/msm/dp: correct 1.62G link rate at dp_catalog_ctrl_config_msa() (git-fixes).
drm/msm/dp: fix IRQ lifetime (git-fixes).
drm/msm/dpu: Fix comment typo (git-fixes).
drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx (git-fixes).
drm/msm/dsi: fix memory corruption with too many bridges (git-fixes).
drm/msm/hdmi: fix memory corruption with too many bridges (git-fixes).
drm/msm: Fix return type of mdp4_lvds_connector_mode_valid (git-fixes).
drm/msm: Make .remove and .shutdown HW shutdown consistent (git-fixes).
drm/msm: fix use-after-free on probe deferral (git-fixes).
drm/nouveau/kms/nv140-: Disable interlacing (git-fixes).
drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc() (git-fixes).
drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table() (git-fixes).
drm/nouveau: wait for the exclusive fence after the shared ones v2 (bsc#1152472)
drm/omap: dss: Fix refcount leak bugs (git-fixes).
drm/scheduler: quieten kernel-doc warnings (git-fixes).
drm/virtio: Check whether transferred 2D BO is shmem (git-fixes).
drm/virtio: Unlock reservations on virtio_gpu_object_shmem_init() error (git-fixes).
drm: Prevent drm_copy_field() to attempt copying a NULL pointer (git-fixes).
drm: Use size_t type for len variable in drm_copy_field() (git-fixes).
drm: bridge: adv7511: fix CEC power down control register offset (git-fixes).
drm: bridge: dw_hdmi: only trigger hotplug event on link change (git-fixes).
drm: fix drm_mipi_dbi build errors (git-fixes).
drm: panel-orientation-quirks: Add quirk for Anbernic Win600 (git-fixes).
drm:pl111: Add of_node_put() when breaking out of for_each_available_child_of_node() (git-fixes).
dt-bindings: PCI: microchip,pcie-host: fix missing clocks properties (git-fixes).
dt-bindings: PCI: microchip,pcie-host: fix missing dma-ranges (git-fixes).
dt-bindings: crypto: ti,sa2ul: drop dma-coherent property (git-fixes).
dt-bindings: display/msm: dpu-sc7180: add missing DPU opp-table (git-fixes).
dt-bindings: display/msm: dpu-sdm845: add missing DPU opp-table (git-fixes).
dt-bindings: mtd: intel: lgm-nand: Fix compatible string (git-fixes).
dt-bindings: mtd: intel: lgm-nand: Fix maximum chip select value (git-fixes).
dt-bindings: phy: qcom,qmp-usb3-dp: fix bogus clock-cells property (git-fixes).
dt-bindings: phy: qcom,qmp: fix bogus clock-cells property (git-fixes).
dt-bindings: power: gpcv2: add power-domains property (git-fixes).
dyndbg: fix module.dyndbg handling (git-fixes).
dyndbg: fix static_branch manipulation (git-fixes).
dyndbg: let query-modname override actual module name (git-fixes).
efi/tpm: Pass correct address to memblock_reserve (git-fixes).
efi: Correct Macmini DMI match in uefi cert quirk (git-fixes).
efi: libstub: drop pointless get_memory_map() call (git-fixes).
fbdev: cyber2000fb: fix missing pci_disable_device() (git-fixes).
fbdev: da8xx-fb: Fix error handling in .remove() (git-fixes).
fec: Fix timer capture timing in `fec_ptp_enable_pps()` (git-fixes).
firmware: arm_scmi: Add SCMI PM driver remove routine (git-fixes).
firmware: arm_scmi: Harden accesses to the sensor domains (git-fixes).
firmware: arm_scmi: Improve checks in the info_get operations (git-fixes).
firmware: arm_scmi: Make Rx chan_setup fail on memory errors (git-fixes).
firmware: arm_scmi: Suppress the driver's bind attributes (git-fixes).
firmware: google: Test spinlock on panic path to avoid lockups (git-fixes).
fpga: prevent integer overflow in dfl_feature_ioctl_set_irq() (git-fixes).
fs/binfmt_elf: Fix memory leak in load_elf_binary() (git-fixes).
ftrace: Fix char print issue in print_ip_ins() (git-fixes).
ftrace: Properly unset FTRACE_HASH_FL_MOD (git-fixes).
fuse: fix deadlock between atomic O_TRUNC and page invalidation (bsc#1204533).
gcov: support GCC 12.1 and newer compilers (git-fixes).
gpu: lontium-lt9611: Fix NULL pointer dereference in lt9611_connector_init() (git-fixes).
hid: hid-logitech-hidpp: avoid unnecessary assignments in hidpp_connect_event (git-fixes).
hinic: Avoid some over memory allocation (git-fixes).
hwmon/coretemp: Handle large core ID value (git-fixes).
hwmon: (sht4x) do not overflow clamping operation on 32-bit platforms (git-fixes).
i2c: designware: Fix handling of real but unexpected device interrupts (git-fixes).
i2c: i801: Add support for Intel Ice Lake PCH-N (jsc#PED-634).
i2c: i801: Add support for Intel Meteor Lake-P (jsc#PED-732).
i2c: i801: Add support for Intel Raptor Lake PCH-S (jsc#PED-634).
i2c: i801: Improve handling of chip-specific feature definitions (jsc#PED-634).
i2c: piix4: Fix adapter not be removed in piix4_remove() (git-fixes).
i2c: qcom-cci: Fix ordering of pm_runtime_xx and i2c_add_adapter (git-fixes).
i40e: Fix call trace in setup_tx_descriptors (git-fixes).
i40e: Fix dropped jumbo frames statistics (git-fixes).
i40e: Fix to stop tx_timeout recovery if GLOBR fails (git-fixes).
iavf: Fix adminq error handling (git-fixes).
iavf: Fix handling of dummy receive descriptors (git-fixes).
iavf: Fix reset error handling (git-fixes).
ice: Fix switchdev rules book keeping (git-fixes).
ice: check (DD | EOF) bits on Rx descriptor rather than (EOP | RS) (git-fixes).
ice: do not setup vlan for loopback VSI (git-fixes).
igb: Make DMA faster when CPU is active on the PCIe link (git-fixes).
igb: fix a use-after-free issue in igb_clean_tx_ring (git-fixes).
iio: ABI: Fix wrong format of differential capacitance channel ABI (git-fixes).
iio: adc: ad7923: fix channel readings for some variants (git-fixes).
iio: adc: at91-sama5d2_adc: check return status for pressure and touch (git-fixes).
iio: adc: at91-sama5d2_adc: disable/prepare buffer on suspend/resume (git-fixes).
iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX (git-fixes).
iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq (git-fixes).
iio: adc: mcp3911: use correct id bits (git-fixes).
iio: adxl372: Fix unsafe buffer attributes (git-fixes).
iio: bmc150-accel-core: Fix unsafe buffer attributes (git-fixes).
iio: dac: ad5593r: Fix i2c read protocol requirements (git-fixes).
iio: inkern: fix return value in devm_of_iio_channel_get_by_name() (git-fixes).
iio: inkern: only release the device node when done with it (git-fixes).
iio: light: tsl2583: Fix module unloading (git-fixes).
iio: ltc2497: Fix reading conversion results (git-fixes).
iio: magnetometer: yas530: Change data type of hard_offsets to signed (git-fixes).
iio: pressure: dps310: Refactor startup procedure (git-fixes).
iio: pressure: dps310: Reset chip after timeout (git-fixes).
iio: temperature: ltc2983: allocate iio channels once (git-fixes).
ima: fix blocking of security.ima xattrs of unsupported algorithms (git-fixes).
increase NR_CPUS on azure and follow kernel-default (bsc#1203979)
iommu/vt-d: Do not falsely log intel_iommu is unsupported kernel option (bsc#1204947).
ip: Fix data-races around sysctl_ip_fwd_update_priority (git-fixes).
ipv4: Fix data-races around sysctl_fib_multipath_hash_policy (git-fixes).
irqchip/ls-extirq: Fix invalid wait context by avoiding to use regmap (git-fixes).
isdn: mISDN: netjet: fix wrong check of device registration (git-fixes).
ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero (git-fixes).
ixgbe: fix bcast packets Rx on VF after promisc removal (git-fixes).
ixgbe: fix unexpected VLAN Rx in promisc mode on VF (git-fixes).
kABI: Fix after adding trace_iterator.wait_index (git-fixes).
kABI: Fix kABI after backport Add pmc->intr to refactor kvm_perf_overflow{_intr}() (git-fixes).
kABI: Fix kABI after backport Always set kvm_run->if_flag (git-fixes).
kABI: Fix kABI after backport Forcibly leave nested virt when SMM state is toggled (git-fixes).
kABI: Fix kABI after backport Refactoring find_arch_event() to pmc_perf_hw_id() (git-fixes).
kABI: Fix kABI after backport Update vPMCs when retiring branch instructions (git-fixes).
kabi/severities: ignore CS35L41-specific exports (bsc#1203699)
kbuild: Add skip_encoding_btf_enum64 option to pahole (git-fixes).
kbuild: remove the target in signal traps when interrupted (git-fixes).
kbuild: rpm-pkg: fix breakage when V=1 is used (git-fixes).
kernfs: fix use-after-free in __kernfs_remove (git-fixes).
kselftest/arm64: Fix validatation termination record after EXTRA_CONTEXT (git-fixes).
lib/sg_pool: change module_init(sg_pool_init) to subsys_initcall (git-fixes).
livepatch: Add a missing newline character in klp_module_coming() (bsc#1071995).
livepatch: fix race between fork and KLP transition (bsc#1071995).
mISDN: fix possible memory leak in mISDN_register_device() (git-fixes).
mISDN: hfcpci: Fix use-after-free bug in hfcpci_softirq (git-fixes).
mac802154: Fix LQI recording (git-fixes).
macvlan: enforce a consistent minimal mtu (git-fixes).
mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg (git-fixes).
mailbox: mpfs: account for mbox offsets while sending (git-fixes).
mailbox: mpfs: fix handling of the reg property (git-fixes).
media: atomisp: prevent integer overflow in sh_css_set_black_frame() (git-fixes).
media: cedrus: Fix endless loop in cedrus_h265_skip_bits() (git-fixes).
media: cedrus: Set the platform driver data earlier (git-fixes).
media: cx88: Fix a null-ptr-deref bug in buffer_prepare() (git-fixes).
media: ipu3-imgu: Fix NULL pointer dereference in active selection access (git-fixes).
media: mceusb: set timeout to at least timeout provided (git-fixes).
media: meson: vdec: add missing clk_disable_unprepare on error in vdec_hevc_start() (git-fixes).
media: uvcvideo: Fix memory leak in uvc_gpio_parse (git-fixes).
media: uvcvideo: Use entity get_cur in uvc_ctrl_set (git-fixes).
media: v4l2-compat-ioctl32.c: zero buffer passed to v4l2_compat_get_array_args() (git-fixes).
media: v4l2-dv-timings: add sanity checks for blanking values (git-fixes).
media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation (git-fixes).
media: venus: dec: Handle the case where find_format fails (git-fixes).
media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced' (git-fixes).
media: vivid: dev->bitmap_cap wasn't freed in all cases (git-fixes).
media: vivid: s_fbuf: add more sanity checks (git-fixes).
media: vivid: set num_in/outputs to 0 if not supported (git-fixes).
media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init (git-fixes).
memory: of: Fix refcount leak bug in of_get_ddr_timings() (git-fixes).
memory: of: Fix refcount leak bug in of_lpddr3_get_ddr_timings() (git-fixes).
memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe() (git-fixes).
mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq() (git-fixes).
mfd: fsl-imx25: Fix check for platform_get_irq() errors (git-fixes).
mfd: intel-lpss: Add Intel Raptor Lake PCH-S PCI IDs (jsc#PED-634).
mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe() (git-fixes).
mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init() (git-fixes).
mfd: lp8788: Fix an error handling path in lp8788_probe() (git-fixes).
mfd: sm501: Add check for platform_driver_register() (git-fixes).
misc: ocxl: fix possible refcount leak in afu_ioctl() (git-fixes).
misc: pci_endpoint_test: Aggregate params checking for xfer (git-fixes).
misc: pci_endpoint_test: Fix pci_endpoint_test_{copy,write,read}() panic (git-fixes).
mlxsw: spectrum: Clear PTP configuration after unregistering the netdevice (git-fixes).
mlxsw: spectrum_cnt: Reorder counter pools (git-fixes).
mlxsw: spectrum_router: Fix IPv4 nexthop gateway indication (git-fixes).
mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page (bsc#1204575).
mmc: au1xmmc: Fix an error handling path in au1xmmc_probe() (git-fixes).
mmc: core: Fix kernel panic when remove non-standard SDIO card (git-fixes).
mmc: core: Replace with already defined values for readability (git-fixes).
mmc: core: Terminate infinite loop in SD-UHS voltage switch (git-fixes).
mmc: sdhci-esdhc-imx: Propagate ESDHC_FLAG_HS400* only on 8bit bus (git-fixes).
mmc: sdhci-msm: add compatible string check for sdm670 (git-fixes).
mmc: sdhci-pci-core: Disable ES for ASUS BIOS on Jasper Lake (git-fixes).
mmc: sdhci-sprd: Fix minimum clock limit (git-fixes).
mmc: sdhci_am654: 'select', not 'depends' REGMAP_MMIO (git-fixes).
mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe() (git-fixes).
mtd: devices: docg3: check the return value of devm_ioremap() in the probe (git-fixes).
mtd: rawnand: atmel: Unmap streaming DMA mappings (git-fixes).
mtd: rawnand: fsl_elbc: Fix none ECC mode (git-fixes).
mtd: rawnand: intel: Do not re-define NAND_DATA_IFACE_CHECK_ONLY (git-fixes).
mtd: rawnand: intel: Read the chip-select line from the correct OF node (git-fixes).
mtd: rawnand: intel: Remove undocumented compatible string (git-fixes).
mtd: rawnand: marvell: Use correct logic for nand-keep-config (git-fixes).
mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct() (git-fixes).
net/dsa/hirschmann: Add missing of_node_get() in hellcreek_led_setup() (git-fixes).
net/ice: fix initializing the bitmap in the switch code (git-fixes).
net/ieee802154: fix uninit value bug in dgram_sendmsg (git-fixes).
net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure (git-fixes).
net/mlx5e: Disable softirq in mlx5e_activate_rq to avoid race condition (git-fixes).
net/mlx5e: Fix enabling sriov while tc nic rules are offloaded (git-fixes).
net/mlx5e: Properly disable vlan strip on non-UL reps (git-fixes).
net/mlx5e: Remove WARN_ON when trying to offload an unsupported TLS cipher/version (git-fixes).
net/mlx5e: Ring the TX doorbell on DMA errors (git-fixes).
net/mlx5e: TC, fix decap fallback to uplink when int port not supported (git-fixes).
net/mlx5e: Update netdev features after changing XDP state (git-fixes).
net/mlx5e: xsk: Account for XSK RQ UMRs when calculating ICOSQ size (git-fixes).
net: altera: Fix refcount leak in altera_tse_mdio_create (git-fixes).
net: atlantic: fix aq_vec index out of range error (git-fixes).
net: bcmgenet: Indicate MAC is in charge of PHY PM (git-fixes).
net: bgmac: Fix a BUG triggered by wrong bytes_compl (git-fixes).
net: bgmac: Fix an erroneous kfree() in bgmac_remove() (git-fixes).
net: bgmac: support MDIO described in DT (git-fixes).
net: bonding: fix possible NULL deref in rlb code (git-fixes).
net: bonding: fix use-after-free after 802.3ad slave unbind (git-fixes).
net: chelsio: cxgb4: Avoid potential negative array offset (git-fixes).
net: dp83822: disable false carrier interrupt (git-fixes).
net: dp83822: disable rx error interrupt (git-fixes).
net: dsa: bcm_sf2: force pause link settings (git-fixes).
net: dsa: ksz9477: port mirror sniffing limited to one port (git-fixes).
net: dsa: lantiq_gswip: Fix refcount leak in gswip_gphy_fw_list (git-fixes).
net: dsa: microchip: ksz9477: fix fdb_dump last invalid entry (git-fixes).
net: dsa: microchip: ksz_common: Fix refcount leak bug (git-fixes).
net: dsa: mv88e6060: prevent crash on an unused port (git-fixes).
net: dsa: mv88e6xxx: use BMSR_ANEGCOMPLETE bit for filling an_complete (git-fixes).
net: dsa: sja1105: fix buffer overflow in sja1105_setup_devlink_regions() (git-fixes).
net: dsa: sja1105: silent spi_device_id warnings (git-fixes).
net: dsa: vitesse-vsc73xx: silent spi_device_id warnings (git-fixes).
net: ethernet: bgmac: Fix refcount leak in bcma_mdio_mii_register (git-fixes).
net: ethernet: ti: am65-cpsw: Fix devlink port register sequence (git-fixes).
net: ethernet: ti: davinci_mdio: Add workaround for errata i2329 (git-fixes).
net: ethernet: ti: davinci_mdio: fix build for mdio bitbang uses (git-fixes).
net: fix IFF_TX_SKB_NO_LINEAR definition (git-fixes).
net: ftgmac100: Hold reference returned by of_get_child_by_name() (git-fixes).
net: hns3: do not push link state to VF if unalive (git-fixes).
net: hns3: set port base vlan tbl_sta to false before removing old vlan (git-fixes).
net: huawei: hinic: Use devm_kcalloc() instead of devm_kzalloc() (git-fixes).
net: ieee802154: return -EINVAL for unknown addr type (git-fixes).
net: ipa: do not assume SMEM is page-aligned (git-fixes).
net: ipvtap - add __init/__exit annotations to module init/exit funcs (git-fixes).
net: moxa: get rid of asymmetry in DMA mapping/unmapping (git-fixes).
net: moxa: pass pdev instead of ndev to DMA functions (git-fixes).
net: mscc: ocelot: fix address of SYS_COUNT_TX_AGING counter (git-fixes).
net: pcs: xpcs: propagate xpcs_read error to xpcs_get_state_c37_sgmii (git-fixes).
net: phy: dp83822: disable MDI crossover status change interrupt (git-fixes).
net: phy: dp83867: Extend RX strap quirk for SGMII mode (git-fixes).
net: stmmac: fix dma queue left shift overflow issue (git-fixes).
net: stmmac: fix leaks in probe (git-fixes).
net: stmmac: fix pm runtime issue in stmmac_dvr_remove() (git-fixes).
net: stmmac: fix unbalanced ptp clock issue in suspend/resume flow (git-fixes).
net: stmmac: remove redunctant disable xPCS EEE call (git-fixes).
net: sungem_phy: Add of_node_put() for reference returned by of_get_parent() (git-fixes).
net: tap: NULL pointer derefence in dev_parse_header_protocol when skb->dev is null (git-fixes).
net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (git-fixes).
net: usb: r8152: Add in new Devices that are supported for Mac-Passthru (git-fixes).
netdevsim: fib: Fix reference count leak on route deletion failure (git-fixes).
nfc: fdp: Fix potential memory leak in fdp_nci_send() (git-fixes).
nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (git-fixes).
nfc: nxp-nci: Fix potential memory leak in nxp_nci_send() (git-fixes).
nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (git-fixes).
nfp: ethtool: fix the display error of `ethtool -m DEVNAME` (git-fixes).
nvme: do not print verbose errors for internal passthrough requests (bsc#1202187).
nvmem: core: Check input parameter for NULL in nvmem_unregister() (bsc#1204241).
octeontx2-af: Apply tx nibble fixup always (git-fixes).
octeontx2-af: Fix key checking for source mac (git-fixes).
octeontx2-af: Fix mcam entry resource leak (git-fixes).
octeontx2-af: suppress external profile loading warning (git-fixes).
octeontx2-pf: Fix NIX_AF_TL3_TL2X_LINKX_CFG register configuration (git-fixes).
octeontx2-pf: Fix UDP/TCP src and dst port tc filters (git-fixes).
octeontx2-pf: cn10k: Fix egress ratelimit configuration (git-fixes).
openvswitch: Fix double reporting of drops in dropwatch (git-fixes).
openvswitch: Fix overreporting of drops in dropwatch (git-fixes).
openvswitch: add nf_ct_is_confirmed check before assigning the helper (git-fixes).
openvswitch: switch from WARN to pr_warn (git-fixes).
overflow.h: restore __ab_c_size (git-fixes).
overflow: Implement size_t saturating arithmetic helpers (jsc#PED-1211).
phy: amlogic: phy-meson-axg-mipi-pcie-analog: Hold reference returned by of_get_parent() (git-fixes).
phy: qualcomm: call clk_disable_unprepare in the error handling (git-fixes).
pinctrl: Ingenic: JZ4755 bug fixes (git-fixes).
pinctrl: alderlake: Add Intel Alder Lake-N pin controller support (jsc#PED-676).
pinctrl: alderlake: Add Raptor Lake-S ACPI ID (jsc#PED-634).
pinctrl: alderlake: Fix register offsets for ADL-N variant (jsc#PED-676).
pinctrl: armada-37xx: Add missing GPIO-only pins (git-fixes).
pinctrl: armada-37xx: Checks for errors in gpio_request_enable callback (git-fixes).
pinctrl: armada-37xx: Fix definitions for MPP pins 20-22 (git-fixes).
pinctrl: microchip-sgpio: Correct the fwnode_irq_get() return value check (git-fixes).
platform/chrome: cros_ec: Notify the PM of wake events during resume (git-fixes).
platform/chrome: cros_ec_proto: Update version on GET_NEXT_EVENT failure (git-fixes).
platform/chrome: cros_ec_typec: Correct alt mode index (git-fixes).
platform/chrome: fix double-free in chromeos_laptop_prepare() (git-fixes).
platform/chrome: fix memory corruption in ioctl (git-fixes).
platform/x86: asus-wmi: Document the dgpu_disable sysfs attribute (git-fixes).
platform/x86: asus-wmi: Document the egpu_enable sysfs attribute (git-fixes).
platform/x86: asus-wmi: Document the panel_od sysfs attribute (git-fixes).
platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading (git-fixes).
platform/x86: msi-laptop: Fix old-ec check for backlight registering (git-fixes).
platform/x86: msi-laptop: Fix resource cleanup (git-fixes).
plip: avoid rcu debug splat (git-fixes).
power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() (git-fixes).
powerpc/64: Remove unused SYS_CALL_TABLE symbol (jsc#SLE-9246 git-fixes).
powerpc/64: pcpu setup avoid reading mmu_linear_psize on 64e or radix (bsc#1204413 ltc#200176).
powerpc/64s: Fix build failure when CONFIG_PPC_64S_HASH_MMU is not set (bsc#1204413 ltc#200176).
powerpc/64s: Make flush_and_reload_slb a no-op when radix is enabled (bsc#1204413 ltc#200176).
powerpc/64s: Make hash MMU support configurable (bsc#1204413 ltc#200176).
powerpc/64s: Move and rename do_bad_slb_fault as it is not hash specific (bsc#1204413 ltc#200176).
powerpc/64s: Move hash MMU support code under CONFIG_PPC_64S_HASH_MMU (bsc#1204413 ltc#200176).
powerpc/64s: Rename hash_hugetlbpage.c to hugetlbpage.c (bsc#1204413 ltc#200176).
powerpc/fadump: align destination address to pagesize (bsc#1204728 ltc#200074).
powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe() (jsc#SLE-13847 git-fixes).
powerpc/mm/64s: Drop pgd_huge() (bsc#1065729).
powerpc/pci_dn: Add missing of_node_put() (bsc#1065729).
powerpc/powernv: add missing of_node_put() in opal_export_attrs() (bsc#1065729).
powerpc/pseries/vas: Add VAS IRQ primary handler (bsc#1204413 ltc#200176).
powerpc/pseries: Stop selecting PPC_HASH_MMU_NATIVE (bsc#1204413 ltc#200176).
powerpc/pseries: lparcfg do not include slb_size line in radix mode (bsc#1204413 ltc#200176).
powerpc: Ignore DSI error caused by the copy/paste instruction (bsc#1204413 ltc#200176).
powerpc: Rename PPC_NATIVE to PPC_HASH_MMU_NATIVE (bsc#1204413 ltc#200176). Update config files.
powerpc: make memremap_compat_align 64s-only (bsc#1204413 ltc#200176).
printk: add missing memory barrier to wake_up_klogd() (bsc#1204934).
printk: use atomic updates for klogd work (bsc#1204934).
printk: wake waiters for safe and NMI contexts (bsc#1204934).
r8152: add PID for the Lenovo OneLink+ Dock (git-fixes).
regulator: core: Prevent integer underflow (git-fixes).
remoteproc: imx_rproc: Simplify some error message (git-fixes).
remove unused CONFIG_MAXSMP from arm64/azure
ring-buffer: Add ring_buffer_wake_waiters() (git-fixes).
ring-buffer: Allow splice to read previous partially read pages (git-fixes).
ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters() (bsc#1204705).
ring-buffer: Check pending waiters when doing wake ups as well (git-fixes).
ring-buffer: Fix race between reset page and reading page (git-fixes).
ring-buffer: Have the shortest_full queue be the shortest not longest (git-fixes).
rose: Fix NULL pointer dereference in rose_send_frame() (git-fixes).
rpm/check-for-config-changes: loosen pattern for AS_HAS_* This is needed to handle CONFIG_AS_HAS_NON_CONST_LEB128.
rpmsg: qcom: glink: replace strncpy() with strscpy_pad() (git-fixes).
rtc: stmp3xxx: Add failure handling for stmp3xxx_wdt_register() (git-fixes).
s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup (git-fixes).
s390/smp: enforce lowcore protection on CPU restart (git-fixes).
sbitmap: Avoid leaving waitqueue in invalid state in __sbq_wake_up() (git-fixes).
sbitmap: fix possible io hung due to lost wakeup (git-fixes).
scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() (git-fixes).
scsi: lpfc: Create a sysfs entry called lpfc_xcvr_data for transceiver info (bsc#1204957).
scsi: lpfc: Fix hard lockup when reading the rx_monitor from debugfs (bsc#1204957).
scsi: lpfc: Fix memory leak in lpfc_create_port() (bsc#1204957).
scsi: lpfc: Fix spelling mistake 'unsolicted' -> 'unsolicited' (bsc#1204957).
scsi: lpfc: Log when congestion management limits are in effect (bsc#1204957).
scsi: lpfc: Set sli4_param's cmf option to zero when CMF is turned off (bsc#1204957).
scsi: lpfc: Update lpfc version to 14.2.0.8 (bsc#1204957).
scsi: lpfc: Update the obsolete adapter list (bsc#1204142).
scsi: mpi3mr: Schedule IRQ kthreads only on non-RT kernels (bnc#1204498).
scsi: qla2xxx: Fix serialization of DCBX TLV data request (bsc#1204963).
scsi: qla2xxx: Use transport-defined speed mask for supported_speeds (bsc#1204963).
scsi: scsi_transport_fc: Use %u for dev_loss_tmo (bsc#1202914).
scsi: ufs: ufs-pci: Add support for Intel ADL (jsc#PED-707).
scsi: ufs: ufs-pci: Add support for Intel MTL (jsc#PED-732).
selftest: tpm2: Add Client.__del__() to close /dev/tpm* handle (git-fixes).
selftests/livepatch: better synchronize test_klp_callbacks_busy (bsc#1071995).
selftests/pidfd_test: Remove the erroneous ',' (git-fixes).
selftests/powerpc: Skip energy_scale_info test on older firmware (git-fixes).
selftests: netfilter: Fix nft_fib.sh for all.rp_filter=1 (git-fixes).
selinux: allow FIOCLEX and FIONCLEX with policy capability (git-fixes).
selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context() (git-fixes).
selinux: use 'grep -E' instead of 'egrep' (git-fixes).
serial: 8250: Fix restoring termios speed after suspend (git-fixes).
serial: core: move RS485 configuration tasks from drivers into core (git-fixes).
sfc: disable softirqs for ptp TX (git-fixes).
sfc: fix kernel panic when creating VF (git-fixes).
sfc: fix use after free when disabling sriov (git-fixes).
signal: break out of wait loops on kthread_stop() (bsc#1204926).
slimbus: qcom-ngd: cleanup in probe error path (git-fixes).
slimbus: qcom-ngd: use correct error in message of pdr_add_lookup() failure (git-fixes).
soc/tegra: fuse: Drop Kconfig dependency on TEGRA20_APB_DMA (git-fixes).
soc: qcom: smem_state: Add refcounting for the 'state->of_node' (git-fixes).
soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() (git-fixes).
soc: sunxi: sram: Fix probe function ordering issues (git-fixes).
soc: sunxi_sram: Make use of the helper function devm_platform_ioremap_resource() (git-fixes).
soundwire: cadence: Do not overwrite msg->buf during write commands (git-fixes).
soundwire: intel: fix error handling on dai registration issues (git-fixes).
spi: Ensure that sg_table won't be used after being freed (git-fixes).
spi: pxa2xx: Add support for Intel Meteor Lake-P (jsc#PED-732).
spi: pxa2xx: Add support for Intel Raptor Lake PCH-S (jsc#PED-634).
spmi: pmic-arb: correct duplicate APID to PPID mapping logic (git-fixes).
spmi: pmic-arb: do not ack and clear peripheral interrupts in cleanup_irq (git-fixes).
staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() (git-fixes).
staging: rtl8723bs: fix potential memory leak in rtw_init_drv_sw() (git-fixes).
staging: vt6655: fix potential memory leak (git-fixes).
staging: vt6655: fix some erroneous memory clean-up loops (git-fixes).
stmmac: intel: Add a missing clk_disable_unprepare() call in intel_eth_pci_remove() (git-fixes).
stmmac: intel: Fix an error handling path in intel_eth_pci_probe() (git-fixes).
thermal/drivers/qcom/tsens-v0_1: Fix MSM8939 fourth sensor hw_id (git-fixes).
thermal: cpufreq_cooling: Check the policy first in cpufreq_cooling_register() (git-fixes).
thermal: int340x: Mode setting with new OS handshake (jsc#PED-678).
thermal: int340x: Update OS policy capability handshake (jsc#PED-678).
thermal: intel_powerclamp: Use first online CPU as control_cpu (git-fixes).
thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash (git-fixes).
thunderbolt: Add back Intel Falcon Ridge end-to-end flow control workaround (git-fixes).
thunderbolt: Add missing device ID to tb_switch_is_alpine_ridge() (git-fixes).
thunderbolt: Add support for Intel Raptor Lake (jsc#PED-634).
thunderbolt: Disable LTTPR on Intel Titan Ridge (git-fixes).
thunderbolt: Explicitly enable lane adapter hotplug events at startup (git-fixes).
thunderbolt: Explicitly reset plug events delay back to USB4 spec value (git-fixes).
thunderbolt: Fix buffer allocation of devices with no DisplayPort adapters (git-fixes).
tracing/osnoise: Fix possible recursive locking in stop_per_cpu_kthreads (git-fixes).
tracing: Add '(fault)' name injection to kernel probes (git-fixes).
tracing: Add ioctl() to force ring buffer waiters to wake up (git-fixes).
tracing: Disable interrupt or preemption before acquiring arch_spinlock_t (git-fixes).
tracing: Do not free snapshot if tracer is on cmdline (git-fixes).
tracing: Fix reading strings from synthetic events (git-fixes).
tracing: Move duplicate code of trace_kprobe/eprobe.c into header (git-fixes).
tracing: Replace deprecated CPU-hotplug functions (git-fixes).
tracing: Simplify conditional compilation code in tracing_set_tracer() (git-fixes).
tracing: Wake up ring buffer waiters on closing of the file (git-fixes).
tracing: Wake up waiters when tracing is disabled (git-fixes).
tracing: kprobe: Fix kprobe event gen test module on exit (git-fixes).
tracing: kprobe: Make gen test module work in arm and riscv (git-fixes).
tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown (git-fixes).
tty: xilinx_uartps: Fix the ignore_status (git-fixes).
uas: add no-uas quirk for Hiksemi usb_disk (git-fixes).
uas: ignore UAS for Thinkplus chips (git-fixes).
udmabuf: Set ubuf->sg = NULL if the creation of sg table fails (git-fixes).
usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS (git-fixes).
usb/hcd: Fix dma_map_sg error check (git-fixes).
usb: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM (git-fixes).
usb: add quirks for Lenovo OneLink+ Dock (git-fixes).
usb: bdc: change state when port disconnected (git-fixes).
usb: cdc-wdm: Use skb_put_data() instead of skb_put/memcpy pair (git-fixes).
usb: common: debug: Check non-standard control requests (git-fixes).
usb: dwc3: core: Enable GUCTL1 bit 10 for fixing termination error after resume bug (git-fixes).
usb: dwc3: gadget: Do not set IMI for no_interrupt (git-fixes).
usb: dwc3: gadget: Stop processing more requests on IMI (git-fixes).
usb: ehci: Fix a function name in comments (git-fixes).
usb: gadget: bdc: fix typo in comment (git-fixes).
usb: gadget: f_fs: stricter integer overflow checks (git-fixes).
usb: gadget: function: fix dangling pnp_string in f_printer.c (git-fixes).
usb: host: xhci-plat: suspend and resume clocks (git-fixes).
usb: host: xhci-plat: suspend/resume clks for brcm (git-fixes).
usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() (git-fixes).
usb: idmouse: fix an uninit-value in idmouse_open (git-fixes).
usb: mon: make mmapped memory read only (git-fixes).
usb: mtu3: fix failed runtime suspend in host only mode (git-fixes).
usb: musb: Fix musb_gadget.c rxstate overflow bug (git-fixes).
usb: serial: console: move mutex_unlock() before usb_serial_put() (git-fixes).
usb: serial: ftdi_sio: fix 300 bps rate for SIO (git-fixes).
usb: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes).
usb: typec: tcpm: fix typo in comment (git-fixes).
usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller (git-fixes).
virt: vbox: convert to use dev_groups (git-fixes).
vsock: fix possible infinite sleep in vsock_connectible_wait_data() (git-fixes).
vsock: remove the unused 'wait' in vsock_connectible_recvmsg() (git-fixes).
watchdog/hpwdt: Include nmi.h only if CONFIG_HPWDT_NMI_DECODING (git-fixes).
watchdog: armada_37xx_wdt: Fix .set_timeout callback (git-fixes).
watchdog: ftwdt010_wdt: fix test for platform_get_irq() failure (git-fixes).
wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() (git-fixes).
wifi: brcmfmac: fix invalid address access when enabling SCAN log level (git-fixes).
wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (git-fixes).
wifi: cfg80211/mac80211: reject bad MBSSID elements (git-fixes).
wifi: cfg80211: fix ieee80211_data_to_8023_exthdr handling of small packets (git-fixes).
wifi: cfg80211: update hidden BSSes to avoid WARN_ON (git-fixes).
wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (other cases) (git-fixes).
wifi: mac80211: do not drop packets smaller than the LLC-SNAP header on fast-rx (git-fixes).
wifi: mac80211: fix decap offload for stations on AP_VLAN interfaces (git-fixes).
wifi: mac80211: fix probe req HE capabilities access (git-fixes).
wifi: mac80211_hwsim: avoid mac80211 warning on bad rate (git-fixes).
wifi: mt76: mt7921: reset msta->airtime_ac while clearing up hw value (git-fixes).
wifi: rt2x00: correctly set BBP register 86 for MT7620 (git-fixes).
wifi: rt2x00: do not run Rt5592 IQ calibration on MT7620 (git-fixes).
wifi: rt2x00: set SoC wmac clock register (git-fixes).
wifi: rt2x00: set VGC gain for both chains of MT7620 (git-fixes).
wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620 (git-fixes).
wwan_hwsim: fix possible memory leak in wwan_hwsim_dev_new() (git-fixes).
x86/boot: Do not propagate uninitialized boot_params->cc_blob_address (bsc#1204970).
x86/boot: Fix the setup data types max limit (bsc#1204970).
x86/compressed/64: Add identity mappings for setup_data entries (bsc#1204970).
x86/sev: Annotate stack change in the #VC handler (bsc#1204970).
x86/sev: Do not use cc_platform_has() for early SEV-SNP calls (bsc#1204970).
x86/sev: Remove duplicated assignment to variable info (bsc#1204970).
xen/gntdev: Prevent leaking grants (git-fixes).
xhci-pci: Set runtime PM as default policy on all xHC 1.2 or later devices (git-fixes).
xhci: Add quirk to reset host back to default state at shutdown (git-fixes).
xhci: Do not show warning for reinit on known broken suspend (git-fixes).
xhci: Remove device endpoints from bandwidth list when freeing the device (git-fixes).
xhci: dbc: Fix memory leak in xhci_alloc_dbc() (git-fixes).

Advisory ID	SUSE-SU-2022:3999-1
Released	Tue Nov 15 17:08:04 2022
Summary	Security update for systemd
Type	security
Severity	moderate
References	1204179,1204968,CVE-2022-3821

Description:

This update for systemd fixes the following issues:

CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968).

Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 * 0469b9f2bc pstore: do not try to load all known pstore modules * ad05f54439 pstore: Run after modules are loaded * ccad817445 core: Add trigger limit for path units * 281d818fe3 core/mount: also add default before dependency for automount mount units * ffe5b4afa8 logind: fix crash in logind on user-specified message string

Document udev naming scheme (bsc#1204179)
Make 'sle15-sp3' net naming scheme still available for backward compatibility reason

Advisory ID	SUSE-SU-2022:4000-1
Released	Tue Nov 15 17:08:27 2022
Summary	Security update for python-Twisted
Type	security
Severity	low
References	1204781,CVE-2022-39348

Description:

This update for python-Twisted fixes the following issues:

CVE-2022-39348: Fixed NameVirtualHost Host header injection (bsc#1204781).

Advisory ID	SUSE-SU-2022:4001-1
Released	Tue Nov 15 17:08:52 2022
Summary	Security update for sudo
Type	security
Severity	important
References	1204986,CVE-2022-43995

Description:

This update for sudo fixes the following issues:

CVE-2022-43995: Fixed a potential heap-based buffer over-read when entering a password of seven characters or fewer and using the crypt() password backend (bsc#1204986).

Advisory ID	SUSE-RU-2022:4002-1
Released	Tue Nov 15 17:09:26 2022
Summary	Recommended update for gegl, gimp, gnome-photos, libgexiv2
Type	recommended
Severity	moderate
References

Description:

This update for gegl, gimp, gnome-photos, libgexiv2 has the following changes:

The packages were rebuilt against exiv2 0.27, to allow obsoleting the old 0.26 version.

No other changes were done.

Advisory ID	SUSE-SU-2022:4003-1
Released	Tue Nov 15 17:09:53 2022
Summary	Security update for nodejs16
Type	security
Severity	important
References	1205119,CVE-2022-43548

Description:

This update for nodejs16 fixes the following issues:

Update to LTS versino 16.18.1:

CVE-2022-43548: Fixed DNS rebinding in --inspect via invalid octal IP address (bsc#1205119).

Update to LTS version 16.18.0: * http: throw error on content-length mismatch * stream: add ReadableByteStream.tee() * deps: npm updated to 8.19.2

Advisory ID	SUSE-SU-2022:4004-1
Released	Tue Nov 15 17:10:13 2022
Summary	Security update for python310
Type	security
Severity	important
References	1204886,1205244,CVE-2022-42919,CVE-2022-45061

Description:

This update for python310 fixes the following issues:
Security fixes:

CVE-2022-42919: Fixed local privilege escalation via the multiprocessing forkserver start method (bsc#1204886).
CVE-2022-45061: Fixed a quadratic IDNA decoding time (bsc#1205244).

Other fixes:

allow building of documentation with the latest Sphinx 5.3.0 (gh#python/cpython#98366).

Update to 3.10.8: - Fix multiplying a list by an integer (list *= int): detect the integer overflow when the new allocated length is close to the maximum size. - Fix a shell code injection vulnerability in the get-remote-certificate.py example script. The script no longer uses a shell to run openssl commands. (originally filed as CVE-2022-37460, later withdrawn) - Fix command line parsing: reject -X int_max_str_digits option with no value (invalid) when the PYTHONINTMAXSTRDIGITS environment variable is set to a valid limit. - When ValueError is raised if an integer is larger than the limit, mention the sys.set_int_max_str_digits() function in the error message. - The deprecated mailcap module now refuses to inject unsafe text (filenames, MIME types, parameters) into shell commands. Instead of using such text, it will warn and act as if a match was not found (or for test commands, as if the test failed). - os.sched_yield() now release the GIL while calling sched_yield(2). - Bugfix: PyFunction_GetAnnotations() should return a borrowed reference. It was returning a new reference. - Fixed a missing incref/decref pair in Exception.__setstate__(). - Fix overly-broad source position information for chained comparisons used as branching conditions. - Fix undefined behaviour in _testcapimodule.c. - At Python exit, sometimes a thread holding the GIL can wait forever for a thread (usually a daemon thread) which requested to drop the GIL, whereas the thread already exited. To fix the race condition, the thread which requested the GIL drop now resets its request before exiting. - Fix a possible assertion failure, fatal error, or SystemError if a line tracing event raises an exception while opcode tracing is enabled. - Fix undefined behaviour in C code of null pointer arithmetic. - Do not expose KeyWrapper in _functools. - When loading a file with invalid UTF-8 inside a multi-line string, a correct SyntaxError is emitted. - Disable incorrect pickling of the C implemented classmethod descriptors. - Fix AttributeError missing name and obj attributes in . object.__getattribute__() bpo-42316: Document some places . where an assignment expression needs parentheses . - Wrap network errors consistently in urllib FTP support, so the test suite doesn’t fail when a network is available but the public internet is not reachable. - Fixes AttributeError when subprocess.check_output() is used with argument input=None and either of the arguments encoding or errors are used. - Avoid spurious tracebacks from asyncio when default executor cleanup is delayed until after the event loop is closed (e.g. as the result of a keyboard interrupt). - Avoid a crash in the C version of asyncio.Future.remove_done_callback() when an evil argument is passed. - Remove tokenize.NL check from tabnanny. - Make Semaphore run faster. - Fix generation of the default name of tkinter.Checkbutton. Previously, checkbuttons in different parent widgets could have the same short name and share the same state if arguments “name” and “variable” are not specified. Now they are globally unique. - Update bundled libexpat to 2.4.9 - Fix race condition in asyncio where process_exited() called before the pipe_data_received() leading to inconsistent output. - Fixed check in multiprocessing.resource_tracker that guarantees that the length of a write to a pipe is not greater than PIPE_BUF. - Corrected type annotation for dataclass attribute pstats.FunctionProfile.ncalls to be str. - Fix the faulthandler implementation of faulthandler.register(signal, chain=True) if the sigaction() function is not available: don’t call the previous signal handler if it’s NULL. - In inspect, fix overeager replacement of “typing.” in formatting annotations. - Fix asyncio.streams.StreamReaderProtocol to keep a strong reference to the created task, so that it’s not garbage collected - Fix handling compiler warnings (SyntaxWarning and DeprecationWarning) in codeop.compile_command() when checking for incomplete input. Previously it emitted warnings and raised a SyntaxError. Now it always returns None for incomplete input without emitting any warnings. - Fixed flickering of the turtle window when the tracer is turned off. - Allow asyncio.StreamWriter.drain() to be awaited concurrently by multiple tasks. - Fix broken asyncio.Semaphore when acquire is cancelled. - Fix ast.unparse() when ImportFrom.level is None - Improve performance of urllib.request.getproxies_environment when there are many environment variables - Fix ! in c domain ref target syntax via a conf.py patch, so it works as intended to disable ref target resolution. - Clarified the conflicting advice given in the ast documentation about ast.literal_eval() being “safe” for use on untrusted input while at the same time warning that it can crash the process. The latter statement is true and is deemed unfixable without a large amount of work unsuitable for a bugfix. So we keep the warning and no longer claim that literal_eval is safe. - Update tutorial introduction output to use 3.10+ SyntaxError invalid range.

Advisory ID	SUSE-SU-2022:4005-1
Released	Tue Nov 15 17:10:33 2022
Summary	Security update for php8
Type	security
Severity	important
References	1204577,1204979,CVE-2022-31630,CVE-2022-37454

Description:

This update for php8 fixes the following issues:

CVE-2022-37454: Fixed buffer overflow in hash_update() on long parameter (bug#81738) (bsc#1204577).
CVE-2022-31630: Fixed OOB read due to insufficient input validation in imageloadfont() (bug#81739) (bsc#1204979).

version update to 8.0.25 (27 Oct 2022) * Session: Fixed bug GH-9583 (session_create_id() fails with user defined save handler that doesn't have a validateId() method). * Streams: Fixed bug GH-9590 (stream_select does not abort upon exception or empty valid fd set).

Advisory ID	SUSE-RU-2022:4006-1
Released	Wed Nov 16 08:25:00 2022
Summary	Recommended update for kernel-firmware
Type	recommended
Severity	important
References	1203699

Description:

This update for kernel-firmware fixes the following issues:

Update firmware for CS35L41 codecs (bsc#1203699)

Advisory ID	SUSE-SU-2022:4007-1
Released	Wed Nov 16 09:12:44 2022
Summary	Security update for xen
Type	security
Severity	important
References	1027519,1193923,1203806,1203807,1204482,1204483,1204485,1204487,1204488,1204489,1204490,1204494,1204496,CVE-2022-33746,CVE-2022-33747,CVE-2022-33748,CVE-2022-42309,CVE-2022-42310,CVE-2022-42311,CVE-2022-42312,CVE-2022-42313,CVE-2022-42314,CVE-2022-42315,CVE-2022-42316,CVE-2022-42317,CVE-2022-42318,CVE-2022-42319,CVE-2022-42320,CVE-2022-42321,CVE-2022-42322,CVE-2022-42323,CVE-2022-42325,CVE-2022-42326,CVE-2022-42327

Description:

This update for xen fixes the following issues:

CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing (bsc#1203806).
CVE-2022-33748: Fixed DoS due to race in locking (bsc#1203807).
CVE-2022-42311, CVE-2022-42312, CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316, CVE-2022-42317, CVE-2022-42318: xen: Xenstore: Guests can let xenstored run out of memory (bsc#1204482)
CVE-2022-42309: xen: Xenstore: Guests can crash xenstored (bsc#1204485)
CVE-2022-42310: xen: Xenstore: Guests can create orphaned Xenstore nodes (bsc#1204487)
CVE-2022-42319: xen: Xenstore: Guests can cause Xenstore to not free temporary memory (bsc#1204488)
CVE-2022-42320: xen: Xenstore: Guests can get access to Xenstore nodes of deleted domains (bsc#1204489)
CVE-2022-42321: xen: Xenstore: Guests can crash xenstored via exhausting the stack (bsc#1204490)
CVE-2022-42322,CVE-2022-42323: xen: Xenstore: cooperating guests can create arbitrary numbers of nodes (bsc#1204494)
CVE-2022-42325,CVE-2022-42326: xen: Xenstore: Guests can create arbitrary number of nodes via transactions (bsc#1204496)
xen: Frontends vulnerable to backends (bsc#1193923).

Advisory ID	SUSE-RU-2022:4008-1
Released	Wed Nov 16 10:29:27 2022
Summary	Recommended update for python3-ec2imgutils
Type	recommended
Severity	moderate
References	1199722

Description:

This update for python3-ec2imgutils fixes the following issues:

Update to version 10.0.1 + Follow up fix to (bsc#1199722) allow the user a choice of 2.0 and v2.0 as tpm versions on the command line

Update to version 10.0.0 (bsc#1199722) + Add --tpm-support as command line option and tpm_support to the API to register images that support NitroTPM + API change for ec2deprecateimg. It is now possible to deprecate an image without providing a successor image.

Add rpm-macros to build requirements in spec.

Advisory ID	SUSE-SU-2022:4010-1
Released	Wed Nov 16 11:07:36 2022
Summary	Security update for apache2-mod_wsgi
Type	security
Severity	moderate
References	1201634,CVE-2022-2255

Description:

This update for apache2-mod_wsgi fixes the following issues:

CVE-2022-2255: Hardened the trusted proxy header filter to avoid bypass. (bsc#1201634)

Advisory ID	SUSE-SU-2022:4011-1
Released	Wed Nov 16 11:29:09 2022
Summary	Security update for jsoup
Type	security
Severity	moderate
References	1203459,CVE-2022-36033

Description:

This update for jsoup fixes the following issues:
Updated to version 1.15.3:
- CVE-2022-36033: Fixed incorrect sanitization of user input in SafeList.preserveRelativeLinks (bsc#1203459).

Advisory ID	SUSE-SU-2022:4016-1
Released	Wed Nov 16 14:52:06 2022
Summary	Security update for rubygem-nokogiri
Type	security
Severity	important
References	1198408,1199782,CVE-2022-24836,CVE-2022-29181

Description:

This update for rubygem-nokogiri fixes the following issues:

CVE-2022-24836: Fixes possibility to DoS because of inefficient RE in HTML encoding. (bsc#1198408)
CVE-2022-29181: Fixes Improper Handling of Unexpected Data Typesi. (bsc#1199782)

Advisory ID	SUSE-RU-2022:4018-1
Released	Wed Nov 16 15:43:31 2022
Summary	Recommended update for python-service_identity
Type	recommended
Severity	low
References	1203743

Description:

This update for python-service_identity fixes the following issues:

Loose the filelist for the package info to avoid build failure (bsc#1203743)

Advisory ID	SUSE-RU-2022:4019-1
Released	Wed Nov 16 15:44:20 2022
Summary	Recommended update for apparmor
Type	recommended
Severity	low
References	1202344

Description:

This update for apparmor fixes the following issues:

profiles: permit php-fpm pid files directly under run/ (bsc#1202344)

Advisory ID	SUSE-RU-2022:4020-1
Released	Wed Nov 16 15:45:13 2022
Summary	Recommended update for nfs-utils
Type	recommended
Severity	moderate
References	1199856,1202627

Description:

This update for nfs-utils fixes the following issues:

Fix nfsdcltrack bug that affected non-x86 archs (bsc#1202627)
Ensure sysctl setting work (bsc#1199856)

Advisory ID	SUSE-RU-2022:4021-1
Released	Wed Nov 16 15:46:09 2022
Summary	Recommended update for mdadm
Type	recommended
Severity	low
References	1193566

Description:

This update for mdadm fixes the following issues:

Add EXTRAVERSION as make argument on build (jsc#SLE-24761, bsc#1193566)

Advisory ID	SUSE-SU-2022:4035-1
Released	Wed Nov 16 21:35:40 2022
Summary	Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP4)
Type	security
Severity	important
References	1200058,1202087,1203613,1204170,1204289,CVE-2021-33655,CVE-2022-1882,CVE-2022-2588,CVE-2022-42703,CVE-2022-42722

Description:

This update for the Linux Kernel 5.14.21-150400_24_11 fixes several issues.
The following security issues were fixed:

CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635).
CVE-2022-1882: Fixed a use-after-free flaw in free_pipe_info() that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1199904).
CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096).
CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bnc#1204168).
CVE-2022-42722: Fixed crash in beacon protection for P2P-device. (bsc#1204125)

Advisory ID	SUSE-SU-2022:4036-1
Released	Wed Nov 16 21:35:48 2022
Summary	Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP4)
Type	security
Severity	important
References	1196959,CVE-2021-39698

Description:

This update for the Linux Kernel 5.14.21-150400_24_28 fixes one issue.
The following security issue was fixed:

CVE-2021-39698: Fixed a possible memory corruption due to a use after free in aio_poll_complete_work. This could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1196956)

Advisory ID	SUSE-SU-2022:4039-1
Released	Wed Nov 16 22:06:42 2022
Summary	Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP4)
Type	security
Severity	important
References	1200058,1203613,1204170,1204289,CVE-2022-1882,CVE-2022-2588,CVE-2022-42703,CVE-2022-42722

Description:

This update for the Linux Kernel 5.14.21-150400_24_18 fixes several issues.
The following security issues were fixed:

CVE-2022-1882: Fixed a use-after-free flaw in free_pipe_info() that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1199904).
CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096).
CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bnc#1204168).
CVE-2022-42722: Fixed crash in beacon protection for P2P-device. (bsc#1204125)

Advisory ID	SUSE-RU-2022:4040-1
Released	Thu Nov 17 04:53:34 2022
Summary	Recommended update for libvirt
Type	recommended
Severity	important
References	1158430,1196087,1197084,1202608,1202630,1203976

Description:

This update for libvirt fixes the following issues:

apparmor: Fix QEMU access for UEFI variable files (bsc#1203976)
qemu: Don't assume that /usr/libexec/qemu-kvm exists (bsc#1158430, bsc#1196087)
qemu: Support memory allocation threads (bsc#1197084)
spec: Include aarch64 in the list of architectures that 'Require' dmidecode (bsc#1202608)
vmx: Require networkName for bridged and custom NICs (bsc#1202630)

Advisory ID	SUSE-RU-2022:4041-1
Released	Thu Nov 17 04:55:47 2022
Summary	Recommended update for libuv
Type	recommended
Severity	moderate
References	1199062

Description:

This update for libuv fixes the following issues:

Remove epoll syscall wrappers. (bsc#1199062)

Advisory ID	SUSE-RU-2022:4043-1
Released	Thu Nov 17 09:05:54 2022
Summary	Recommended update for python3-ec2metadata
Type	recommended
Severity	moderate
References	1204066

Description:

This update for python3-ec2metadata fixes the following issues:

Update to version 4.0.0 (bsc#1204066) - Disambiguate cli options for duplicate endpoints. This is an incompatible change for some API versions of IMDS. When a duplicate endpoint is detected the cli option for both endpoints is expanded to a unique name.

Advisory ID	SUSE-RU-2022:4045-1
Released	Thu Nov 17 09:17:07 2022
Summary	Recommended update for pacemaker
Type	recommended
Severity	critical
References	1196673,1198409,1198715,1203367,1204581,1205279

Description:

This update for pacemaker fixes the following issues:

tools: fix syntax on resetting options in crm_resource (bsc#1198409)
tools: display the correct minimum execution status when executing 'crm_resource -O' (bsc#1205279, bsc#1204581)
controller: log an info instead of a warning for a stonith/shutdown that is unknown to the new DC (bsc#1198715)
controller: record CRM feature set as a transient attribute (bsc#1196673, bsc#1203367, fate#320759)

Advisory ID	SUSE-RU-2022:4047-1
Released	Thu Nov 17 14:03:05 2022
Summary	Recommended update for nvme-cli
Type	recommended
Severity	moderate
References	1186399,1201701

Description:

This update for nvme-cli fixes the following issues:

Support auto discovery, add %systemd_ordering to spec file (bsc#1186399)
fabrics: Remove dhchap-ctrl-secret from discover/connect-all (bsc#1201701)
Various other fabrics related bug fixes were added.

Advisory ID	SUSE-RU-2022:4049-1
Released	Thu Nov 17 14:04:02 2022
Summary	Recommended update for libnvme
Type	recommended
Severity	moderate
References	1201501,1201700,1201701,1201717

Description:

This update for libnvme fixes the following issues:

Fixes for controller authentication (bsc#1201501 bsc#1201700 bsc#1201701 bsc#1201717)
Subsystem scanning logic
Fabrics improvements

Advisory ID	SUSE-SU-2022:4054-1
Released	Thu Nov 17 15:36:58 2022
Summary	Security update for go1.19
Type	security
Severity	low
References	1200441,1204941,CVE-2022-41716

Description:

This update for go1.19 fixes the following issues:
Update to go 1.19.3 (released 2022-11-01) (bsc#1200441):
Security fixes: - CVE-2022-41716: Fixed unsanitized NUL in environment variables in syscalls, os/exec (go#56327) (bsc#1204941).
Bugfixes: - runtime: lock count' fatal error when cgo is enabled (go#56308). - cmd/compile: libFuzzer instrumentation fakePC overflow on 386 arch (go#56168). - internal/fuzz: array literal initialization causes ICE 'unhandled stmt ASOP' while fuzzing (go#56106).

Advisory ID	SUSE-SU-2022:4055-1
Released	Thu Nov 17 15:37:24 2022
Summary	Security update for go1.18
Type	security
Severity	low
References	1193742,1204941,CVE-2022-41716

Description:

This update for go1.18 fixes the following issues:
Update to go 1.18.8 (released 2022-11-01) (bsc#1193742): Security fixes: - CVE-2022-41716: Fixed unsanitized NUL in environment variables in syscalls, os/exec (go#56327) (bsc#1204941).
Bugfixes: - runtime: lock count' fatal error when cgo is enabled (go#56308).

Advisory ID	SUSE-SU-2022:4058-1
Released	Thu Nov 17 15:40:53 2022
Summary	Security update for MozillaFirefox
Type	security
Severity	important
References	1205270,CVE-2022-45403,CVE-2022-45404,CVE-2022-45405,CVE-2022-45406,CVE-2022-45408,CVE-2022-45409,CVE-2022-45410,CVE-2022-45411,CVE-2022-45412,CVE-2022-45416,CVE-2022-45418,CVE-2022-45420,CVE-2022-45421

Description:

This update for MozillaFirefox fixes the following issues:
Update to Firefox Extended Support Release 102.5.0 ESR (MFSA 2022-48, bsc#1205270):

CVE-2022-45403: Service Workers might have learned size of cross-origin media files
CVE-2022-45404: Fullscreen notification bypass
CVE-2022-45405: Use-after-free in InputStream implementation
CVE-2022-45406: Use-after-free of a JavaScript Realm
CVE-2022-45408: Fullscreen notification bypass via windowName
CVE-2022-45409: Use-after-free in Garbage Collection
CVE-2022-45410: ServiceWorker-intercepted requests bypassed SameSite cookie policy
CVE-2022-45411: Cross-Site Tracing was possible via non-standard override headers
CVE-2022-45412: Symlinks may resolve to partially uninitialized buffers
CVE-2022-45416: Keystroke Side-Channel Leakage
CVE-2022-45418: Custom mouse cursor could have been drawn over browser UI
CVE-2022-45420: Iframe contents could be rendered outside the iframe
CVE-2022-45421: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5

Advisory ID	SUSE-OU-2022:4059-1
Released	Thu Nov 17 17:03:02 2022
Summary	Optional update for ssg-apply
Type	optional
Severity	moderate
References

Description:

This update for ssg-apply fixes the following issues:
This package contains a systemd service which can be run on boot which detects and/or mitigates hardening issues from the scap-security-guide, aka ComplianceAsCode.
The behaviour can be configured in the config file /etc/ssg-apply/default.conf
Options:

'profile' ... Which SCAP XCCDF profile to use. The default is 'stig' for the SUSE supported DISA stig profile.

Other profiles from the scap-security-guide can also be selected, like 'cis', 'hipaa', 'pci-dss' and others.

'remediate' Whether to have the service immediately fix the issues.

The default is 'off', if you want to enable automatic remediation, use 'on'.

'tailoring-file' ... default is '' (none).

A tailoring file is a XML configuration file that can be used to select/deselect rules to check / remediate.
The service can be enabled with:

systemctl enable ssg-apply.service

Advisory ID	SUSE-RU-2022:4061-1
Released	Fri Nov 18 05:56:17 2022
Summary	Recommended update for sapconf
Type	recommended
Severity	important
References	1190736,1190787

Description:

This update for sapconf fixes the following issues:

Adapt check of an active saptune service during the initial package installation to work in a chroot environment and fix the missing enablement of sapconf (bsc#1190736, bsc#1190787)

Advisory ID	SUSE-RU-2022:4062-1
Released	Fri Nov 18 09:05:07 2022
Summary	Recommended update for libusb-1_0
Type	recommended
Severity	moderate
References	1201590

Description:

This update for libusb-1_0 fixes the following issues:

Fix regression where some devices no longer work if they have a configuration value of 0 (bsc#1201590)

Advisory ID	SUSE-RU-2022:4063-1
Released	Fri Nov 18 09:07:50 2022
Summary	Recommended update for hwdata
Type	recommended
Severity	moderate
References

Description:

This update for hwdata fixes the following issues:

Updated pci, usb and vendor ids

Advisory ID	SUSE-RU-2022:4066-1
Released	Fri Nov 18 10:43:00 2022
Summary	Recommended update for timezone
Type	recommended
Severity	important
References	1177460,1202324,1204649,1205156

Description:

This update for timezone fixes the following issues:
Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156):

Mexico will no longer observe DST except near the US border
Chihuahua moves to year-round -06 on 2022-10-30
Fiji no longer observes DST
In vanguard form, GMT is now a Zone and Etc/GMT a link
zic now supports links to links, and vanguard form uses this
Simplify four Ontario zones
Fix a Y2438 bug when reading TZif data
Enable 64-bit time_t on 32-bit glibc platforms
Omit large-file support when no longer needed
Jordan and Syria switch from +02/+03 with DST to year-round +03
Palestine transitions are now Saturdays at 02:00
Simplify three Ukraine zones into one
Improve tzselect on intercontinental Zones
Chile's DST is delayed by a week in September 2022 (bsc#1202324)
Iran no longer observes DST after 2022
Rename Europe/Kiev to Europe/Kyiv
New `zic -R` command option
Vanguard form now uses %z

Advisory ID	SUSE-SU-2022:4072-1
Released	Fri Nov 18 13:36:05 2022
Summary	Security update for the Linux Kernel
Type	security
Severity	important
References	1065729,1071995,1152472,1152489,1188238,1194869,1196018,1196632,1199904,1200567,1200692,1200788,1202187,1202686,1202700,1202914,1203098,1203229,1203290,1203435,1203514,1203699,1203767,1203802,1203922,1204017,1204142,1204166,1204168,1204171,1204241,1204353,1204354,1204355,1204402,1204413,1204415,1204417,1204428,1204431,1204439,1204470,1204479,1204498,1204533,1204569,1204574,1204575,1204619,1204635,1204637,1204646,1204647,1204650,1204653,1204693,1204705,1204719,1204728,1204753,1204868,1204926,1204933,1204934,1204947,1204957,1204963,1204970,CVE-2022-1882,CVE-2022-2153,CVE-2022-28748,CVE-2022-2964,CVE-2022-2978,CVE-2022-3169,CVE-2022-33981,CVE-2022-3424,CVE-2022-3435,CVE-2022-3521,CVE-2022-3524,CVE-2022-3526,CVE-2022-3535,CVE-2022-3542,CVE-2022-3545,CVE-2022-3565,CVE-2022-3577,CVE-2022-3586,CVE-2022-3594,CVE-2022-3619,CVE-2022-3621,CVE-2022-3625,CVE-2022-3628,CVE-2022-3629,CVE-2022-3633,CVE-2022-3640,CVE-2022-3646,CVE-2022-3649,CVE-2022-40476,CVE-2022-40768,CVE-2022-42703,CVE-2022-43750

Description:

The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:

CVE-2022-28748: Fixed a leak of kernel memory over the network by ax88179_178a devices (bsc#1196018).
CVE-2022-1882: Fixed a use-after-free flaw in free_pipe_info() that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1199904).
CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices (bnc#1202686).
CVE-2022-3169: Fixed an denial of service though request to NVME_IOCTL_RESET and NVME_IOCTL_SUBSYS_RESET (bsc#1203290).
CVE-2022-33981: Fixed a use-after-free in floppy driver (bnc#1200692).
CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204166).
CVE-2022-3435: Fixed an out-of-bounds read in fib_nh_match() of the file net/ipv4/fib_semantics.c (bsc#1204171).
CVE-2022-3521: Fixed race condition in kcm_tx_work() in net/kcm/kcmsock.c (bnc#1204355).
CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bnc#1204354).
CVE-2022-3526: Fixed a memory leak in macvlan_handle_frame() from drivers/net/macvlan.c (bnc#1204353).
CVE-2022-3545: Fixed use-after-free in area_cache_get() in drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bnc#1204415).
CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bnc#1204431).
CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bnc#1204574).
CVE-2022-3625: Fixed use-after-free in devlink_param_set()/devlink_param_get() in net/core/devlink.c (bnc#1204637).
CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868).
CVE-2022-3640: Fixed use-after-free in l2cap_conn_del() in net/bluetooth/l2cap_core.c (bnc#1204619).
CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bnc#1204646).
CVE-2022-40476: Fixed a null pointer dereference in fs/io_uring.c (bnc#1203435).
CVE-2022-40768: Fixed information disclosure in stex_queuecommand_lck (bnc#1203514).
CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bnc#1204653).

The following non-security bugs were fixed:

acpi: APEI: do not add task_work to kernel thread to avoid memory leak (git-fixes).
acpi: HMAT: Release platform device in case of platform_device_add_data() fails (git-fixes).
acpi: extlog: Handle multiple records (git-fixes).
acpi: tables: FPDT: Do not call acpi_os_map_memory() on invalid phys address (git-fixes).
acpi: video: Add Toshiba Satellite/Portege Z830 quirk (git-fixes).
acpi: video: Make backlight class device registration a separate step (v2) (git-fixes).
acpi: x86: Add a quirk for Dell Inspiron 14 2-in-1 for StorageD3Enable (git-fixes).
alsa: Use del_timer_sync() before freeing timer (git-fixes).
alsa: ac97: fix possible memory leak in snd_ac97_dev_register() (git-fixes).
alsa: aoa: Fix I2S device accounting (git-fixes).
alsa: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() (git-fixes).
alsa: asihpi - Remove useless code in hpi_meter_get_peak() (git-fixes).
alsa: au88x0: use explicitly signed char (git-fixes).
alsa: dmaengine: increment buffer pointer atomically (git-fixes).
alsa: hda/cs_dsp_ctl: Fix mutex inversion when creating controls (bsc#1203699).
alsa: hda/hdmi: Do not skip notification handling during PM operation (git-fixes).
alsa: hda/hdmi: Fix the converter allocation for the silent stream (git-fixes).
alsa: hda/hdmi: Fix the converter reuse for the silent stream (git-fixes).
alsa: hda/hdmi: change type for the 'assigned' variable (git-fixes).
alsa: hda/realtek: Add Intel Reference SSID to support headset keys (git-fixes).
alsa: hda/realtek: Add another HP ZBook G9 model quirks (bsc#1203699).
alsa: hda/realtek: Add quirk for ASUS GV601R laptop (git-fixes).
alsa: hda/realtek: Add quirk for ASUS Zenbook using CS35L41 (bsc#1203922).
alsa: hda/realtek: Correct pin configs for ASUS G533Z (git-fixes).
alsa: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530 (git-fixes).
alsa: hda: Fix position reporting on Poulsbo (git-fixes).
alsa: hda: cs35l41: Remove suspend/resume hda hooks (bsc#1203699).
alsa: hda: cs35l41: Support System Suspend (bsc#1203699).
alsa: hda: hda_cs_dsp_ctl: Ensure pwr_lock is held before reading/writing controls (bsc#1203699).
alsa: hda: hda_cs_dsp_ctl: Minor clean and redundant code removal (bsc#1203699).
alsa: hiface: fix repeated words in comments (git-fixes).
alsa: line6: Replace sprintf() with sysfs_emit() (git-fixes).
alsa: line6: remove line6_set_raw declaration (git-fixes).
alsa: oss: Fix potential deadlock at unregistration (git-fixes).
alsa: rawmidi: Drop register_mutex in snd_rawmidi_free() (git-fixes).
alsa: rme9652: use explicitly signed char (git-fixes).
alsa: scarlett2: Add Focusrite Clarett+ 8Pre support (git-fixes).
alsa: scarlett2: Add support for the internal 'standalone' switch (git-fixes).
alsa: scarlett2: Split scarlett2_config_items[] into 3 sections (git-fixes).
alsa: usb-audio: Add mixer mapping for Gigabyte B450/550 Mobos (git-fixes).
alsa: usb-audio: Add quirk to enable Avid Mbox 3 support (git-fixes).
alsa: usb-audio: Add quirks for M-Audio Fast Track C400/600 (git-fixes).
alsa: usb-audio: Fix NULL dererence at error path (git-fixes).
alsa: usb-audio: Fix last interface check for registration (git-fixes).
alsa: usb-audio: Fix potential memory leaks (git-fixes).
alsa: usb-audio: Fix regression with Dell Dock jack detection (bsc#1204719).
alsa: usb-audio: Register card at the last interface (git-fixes).
alsa: usb-audio: make read-only array marker static const (git-fixes).
alsa: usb-audio: remove redundant assignment to variable c (git-fixes).
alsa: usb-audio: scarlett2: Use struct_size() helper in scarlett2_usb() (git-fixes).
alsa: usb/6fire: fix repeated words in comments (git-fixes).
arm64/bti: Disable in kernel BTI when cross section thunks are broken (git-fixes)
arm64/mm: Consolidate TCR_EL1 fields (git-fixes).
arm64: dts: imx8mp: Add snps,gfladj-refclk-lpm-sel quirk to USB nodes (git-fixes).
arm64: dts: imx8mq-librem5: Add bq25895 as max17055's power supply (git-fixes).
arm64: dts: qcom: sc7280: Cleanup the lpasscc node (git-fixes).
arm64: dts: ti: k3-j7200: fix main pinmux range (git-fixes).
arm64: ftrace: fix module PLTs with mcount (git-fixes).
arm64: mte: Avoid setting PG_mte_tagged if no tags cleared or restored (git-fixes).
arm64: topology: move store_cpu_topology() to shared code (git-fixes).
arm: 9242/1: kasan: Only map modules if CONFIG_KASAN_VMALLOC=n (git-fixes).
arm: 9244/1: dump: Fix wrong pg_level in walk_pmd() (git-fixes).
arm: 9247/1: mm: set readonly for MT_MEMORY_RO with ARM_LPAE (git-fixes).
arm: Drop CMDLINE_* dependency on ATAGS (git-fixes).
arm: decompressor: Include .data.rel.ro.local (git-fixes).
arm: defconfig: clean up multi_v4t and multi_v5 configs (git-fixes).
arm: defconfig: drop CONFIG_PTP_1588_CLOCK=y (git-fixes).
arm: defconfig: drop CONFIG_SERIAL_OMAP references (git-fixes).
arm: defconfig: drop CONFIG_USB_FSL_USB2 (git-fixes).
arm: dts: armada-38x: Add gpio-ranges for pin muxing (git-fixes).
arm: dts: exynos: correct s5k6a3 reset polarity on Midas family (git-fixes).
arm: dts: exynos: fix polarity of VBUS GPIO of Origen (git-fixes).
arm: dts: fix Moxa SDIO 'compatible', remove 'sdhci' misnomer (git-fixes).
arm: dts: imx6dl: add missing properties for sram (git-fixes).
arm: dts: imx6q: add missing properties for sram (git-fixes).
arm: dts: imx6qdl-kontron-samx6i: hook up DDC i2c bus (git-fixes).
arm: dts: imx6qp: add missing properties for sram (git-fixes).
arm: dts: imx6sl: add missing properties for sram (git-fixes).
arm: dts: imx6sll: add missing properties for sram (git-fixes).
arm: dts: imx6sx: add missing properties for sram (git-fixes).
arm: dts: imx7d-sdb: config the max pressure for tsc2046 (git-fixes).
arm: dts: integrator: Tag PCI host with device_type (git-fixes).
arm: dts: kirkwood: lsxl: fix serial line (git-fixes).
arm: dts: kirkwood: lsxl: remove first ethernet port (git-fixes).
arm: dts: turris-omnia: Add label for wan port (git-fixes).
arm: dts: turris-omnia: Fix mpp26 pin name and comment (git-fixes).
asoc: SOF: pci: Change DMI match info to support all Chrome platforms (git-fixes).
asoc: codecs: tx-macro: fix kcontrol put (git-fixes).
asoc: da7219: Fix an error handling path in da7219_register_dai_clks() (git-fixes).
asoc: eureka-tlv320: Hold reference returned from of_find_xxx API (git-fixes).
asoc: fsl_sai: Remove unnecessary FIFO reset in ISR (git-fixes).
asoc: mt6359: fix tests for platform_get_irq() failure (git-fixes).
asoc: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe (git-fixes).
asoc: qcom: lpass-cpu: Mark HDMI TX parity register as volatile (git-fixes).
asoc: qcom: lpass-cpu: mark HDMI TX registers as volatile (git-fixes).
asoc: rsnd: Add check for rsnd_mod_power_on (git-fixes).
asoc: tas2764: Allow mono streams (git-fixes).
asoc: tas2764: Drop conflicting set_bias_level power setting (git-fixes).
asoc: tas2764: Fix mute/unmute (git-fixes).
asoc: wcd9335: fix order of Slimbus unprepare/disable (git-fixes).
asoc: wcd934x: fix order of Slimbus unprepare/disable (git-fixes).
asoc: wm5102: Fix PM disable depth imbalance in wm5102_probe (git-fixes).
asoc: wm5110: Fix PM disable depth imbalance in wm5110_probe (git-fixes).
asoc: wm8997: Fix PM disable depth imbalance in wm8997_probe (git-fixes).
asoc: wm_adsp: Handle optional legacy support (git-fixes).
ata: ahci-imx: Fix MODULE_ALIAS (git-fixes).
ata: fix ata_id_has_devslp() (git-fixes).
ata: fix ata_id_has_dipm() (git-fixes).
ata: fix ata_id_has_ncq_autosense() (git-fixes).
ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting() (git-fixes).
ata: libahci_platform: Sanity check the DT child nodes number (git-fixes).
ata: pata_legacy: fix pdc20230_set_piomode() (git-fixes).
bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (git-fixes).
bluetooth: L2CAP: Fix user-after-free (git-fixes).
bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() (git-fixes).
bluetooth: RFCOMM: Fix possible deadlock on socket shutdown/release (git-fixes).
bluetooth: btintel: Mark Intel controller to support LE_STATES quirk (git-fixes).
bluetooth: hci_sysfs: Fix attempting to call device_add multiple times (git-fixes).
bluetooth: virtio_bt: Use skb_put to set length (git-fixes).
bnxt_en: Fix bnxt_refclk_read() (git-fixes).
bnxt_en: Fix bnxt_reinit_after_abort() code path (git-fixes).
bnxt_en: fix livepatch query (git-fixes).
bnxt_en: reclaim max resources if sriov enable fails (git-fixes).
bonding: 802.3ad: fix no transmission of LACPDUs (git-fixes).
bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers (git-fixes).
can: bcm: check the result of can_send() in bcm_can_tx() (git-fixes).
can: j1939: transport: j1939_session_skb_drop_old(): spin_unlock_irqrestore() before kfree_skb() (git-fixes).
can: kvaser_usb: Fix possible completions during init_completion (git-fixes).
can: kvaser_usb: Fix use of uninitialized completion (git-fixes).
can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency regression (git-fixes).
can: kvaser_usb: replace run-time checks with struct kvaser_usb_driver_info (git-fixes).
can: kvaser_usb_leaf: Fix CAN state after restart (git-fixes).
can: kvaser_usb_leaf: Fix TX queue out of sync after restart (git-fixes).
can: mcp251x: mcp251x_can_probe(): add missing unregister_candev() in error path (git-fixes).
can: mcp251xfd: mcp251xfd_register_get_dev_id(): fix endianness conversion (git-fixes).
can: mcp251xfd: mcp251xfd_register_get_dev_id(): use correct length to read dev_id (git-fixes).
can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path (git-fixes).
cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset (bsc#1204753).
clk: ast2600: BCLK comes from EPLL (git-fixes).
clk: at91: fix the build with binutils 2.27 (git-fixes).
clk: baikal-t1: Add SATA internal ref clock buffer (git-fixes).
clk: baikal-t1: Add shared xGMAC ref/ptp clocks internal parent (git-fixes).
clk: baikal-t1: Fix invalid xGMAC PTP clock divider (git-fixes).
clk: bcm2835: Make peripheral PLLC critical (git-fixes).
clk: bcm2835: Round UART input clock up (bsc#1188238)
clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration (git-fixes).
clk: bcm: rpi: Add support for VEC clock (bsc#1196632)
clk: berlin: Add of_node_put() for of_get_parent() (git-fixes).
clk: imx: scu: fix memleak on platform_device_add() fails (git-fixes).
clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent (git-fixes).
clk: meson: Hold reference returned by of_get_parent() (git-fixes).
clk: oxnas: Hold reference returned by of_get_parent() (git-fixes).
clk: qcom: apss-ipq6018: mark apcs_alias0_core_clk as critical (git-fixes).
clk: qcom: gcc-msm8916: use ARRAY_SIZE instead of specifying num_parents (git-fixes).
clk: qoriq: Hold reference returned by of_get_parent() (git-fixes).
clk: sprd: Hold reference returned by of_get_parent() (git-fixes).
clk: tegra20: Fix refcount leak in tegra20_clock_init (git-fixes).
clk: tegra: Fix refcount leak in tegra114_clock_init (git-fixes).
clk: tegra: Fix refcount leak in tegra210_clock_init (git-fixes).
clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe (git-fixes).
clk: vc5: Fix 5P49V6901 outputs disabling when enabling FOD (git-fixes).
clk: zynqmp: Fix stack-out-of-bounds in strncpy` (git-fixes).
clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate (git-fixes).
cpufreq: qcom: fix memory leak in error path (git-fixes).
cpufreq: qcom: fix writes in read-only memory region (git-fixes).
crypto: akcipher - default implementation for setting a private key (git-fixes).
crypto: cavium - prevent integer overflow loading firmware (git-fixes).
crypto: ccp - Release dma channels before dmaengine unrgister (git-fixes).
crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr (git-fixes).
crypto: inside-secure - Change swab to swab32 (git-fixes).
crypto: inside-secure - Replace generic aes with libaes (git-fixes).
crypto: marvell/octeontx - prevent integer overflows (git-fixes).
crypto: qat - fix default value of WDT timer (git-fixes).
crypto: sahara - do not sleep when in softirq (git-fixes).
device property: Fix documentation for *_match_string() APIs (git-fixes).
dmaengine: hisilicon: Add multi-thread support for a DMA channel (git-fixes).
dmaengine: hisilicon: Disable channels when unregister hisi_dma (git-fixes).
dmaengine: hisilicon: Fix CQ head update (git-fixes).
dmaengine: idxd: change bandwidth token to read buffers (jsc#PED-679).
dmaengine: idxd: deprecate token sysfs attributes for read buffers (jsc#PED-679).
dmaengine: idxd: force wq context cleanup on device disable path (git-fixes).
dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup() (git-fixes).
dmaengine: mxs: use platform_driver_register (git-fixes).
dmaengine: ti: k3-udma: Reset UDMA_CHAN_RT byte counters to prevent overflow (git-fixes).
dmaengine: xilinx_dma: Fix devm_platform_ioremap_resource error handling (git-fixes).
dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure (git-fixes).
dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property (git-fixes).
dpaa2-eth: trace the allocated address instead of page struct (git-fixes).
drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1204017).
drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017).
drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017).
drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017).
drivers: serial: jsm: fix some leaks in probe (git-fixes).
drm/amd/display: Assume an LTTPR is always present on fixed_vs links (git-fixes).
drm/amd/display: Changed pipe split policy to allow for multi-display (bsc#1152472) Backporting notes: * remove changes to non-existing 201 and 31 directories
drm/amd/display: Correct MPC split policy for DCN301 (git-fixes).
drm/amd/display: Fix build breakage with CONFIG_DEBUG_FS=n (git-fixes).
drm/amd/display: Fix double cursor on non-video RGB MPO (git-fixes).
drm/amd/display: Fix vblank refcount in vrr transition (git-fixes).
drm/amd/display: Remove interface for periodic interrupt 1 (git-fixes).
drm/amd/display: skip audio setup when audio stream is enabled (git-fixes).
drm/amd/display: update gamut remap if plane has changed (git-fixes).
drm/amd/pm: smu7_hwmgr: fix potential off-by-one overflow in 'performance_levels' (git-fixes).
drm/amdgpu/display: change pipe policy for DCN 2.0 (git-fixes).
drm/amdgpu/display: change pipe policy for DCN 2.1 (git-fixes).
drm/amdgpu/gfx10: add wraparound gpu counter check for APUs as well (bsc#1152472) Backporting notes: * also fix default branch
drm/amdgpu/gfx9: switch to golden tsc registers for renoir+ (bsc#1152472) Backporting notes: * replace IP_VERSION() with CHIP_ constants
drm/amdgpu: add missing pci_disable_device() in amdgpu_pmops_runtime_resume() (git-fixes).
drm/amdgpu: fix initial connector audio value (git-fixes).
drm/amdgpu: fix sdma doorbell init ordering on APUs (git-fixes).
drm/amdkfd: Fix memory leak in kfd_mem_dmamap_userptr() (git-fixes).
drm/bridge: Avoid uninitialized variable warning (git-fixes).
drm/bridge: megachips: Fix a null pointer dereference bug (git-fixes).
drm/bridge: parade-ps8640: Fix regulator supply order (git-fixes).
drm/i915/dp: Reset frl trained flag before restarting FRL training (git-fixes).
drm/i915/ehl: Update MOCS table for EHL (git-fixes).
drm/i915/gvt: fix a memory leak in intel_gvt_init_vgpu_types (git-fixes).
drm/i915/hdmi: convert intel_hdmi_to_dev to intel_hdmi_to_i915 (bsc#1152489)
drm/i915: Reject unsupported TMDS rates on ICL+ (git-fixes).
drm/komeda: Fix handling of atomic commits in the atomic_commit_tail hook (git-fixes).
drm/meson: explicitly remove aggregate driver at module unload time (git-fixes).
drm/mipi-dsi: Detach devices when removing the host (git-fixes).
drm/msm/dp: Silence inconsistent indent warning (git-fixes).
drm/msm/dp: correct 1.62G link rate at dp_catalog_ctrl_config_msa() (git-fixes).
drm/msm/dp: fix IRQ lifetime (git-fixes).
drm/msm/dpu: Fix comment typo (git-fixes).
drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx (git-fixes).
drm/msm/dsi: fix memory corruption with too many bridges (git-fixes).
drm/msm/hdmi: fix memory corruption with too many bridges (git-fixes).
drm/msm: Fix return type of mdp4_lvds_connector_mode_valid (git-fixes).
drm/msm: Make .remove and .shutdown HW shutdown consistent (git-fixes).
drm/msm: fix use-after-free on probe deferral (git-fixes).
drm/nouveau/kms/nv140-: Disable interlacing (git-fixes).
drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc() (git-fixes).
drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table() (git-fixes).
drm/nouveau: wait for the exclusive fence after the shared ones v2 (bsc#1152472) Backporting notes: * context changes
drm/omap: dss: Fix refcount leak bugs (git-fixes).
drm/scheduler: quieten kernel-doc warnings (git-fixes).
drm/virtio: Check whether transferred 2D BO is shmem (git-fixes).
drm/virtio: Unlock reservations on virtio_gpu_object_shmem_init() error (git-fixes).
drm: Prevent drm_copy_field() to attempt copying a NULL pointer (git-fixes).
drm: Use size_t type for len variable in drm_copy_field() (git-fixes).
drm: bridge: adv7511: fix CEC power down control register offset (git-fixes).
drm: bridge: dw_hdmi: only trigger hotplug event on link change (git-fixes).
drm: fix drm_mipi_dbi build errors (git-fixes).
drm: panel-orientation-quirks: Add quirk for Anbernic Win600 (git-fixes).
drm:pl111: Add of_node_put() when breaking out of for_each_available_child_of_node() (git-fixes).
drop Dell Dock regression fix patch again (bsc#1204719)
drop verbose nvme logging feature (bsc#1200567)
dt-bindings: crypto: ti,sa2ul: drop dma-coherent property (git-fixes).
dt-bindings: display/msm: dpu-sc7180: add missing DPU opp-table (git-fixes).
dt-bindings: display/msm: dpu-sdm845: add missing DPU opp-table (git-fixes).
dt-bindings: mtd: intel: lgm-nand: Fix compatible string (git-fixes).
dt-bindings: mtd: intel: lgm-nand: Fix maximum chip select value (git-fixes).
dt-bindings: pci: microchip,pcie-host: fix missing clocks properties (git-fixes).
dt-bindings: pci: microchip,pcie-host: fix missing dma-ranges (git-fixes).
dt-bindings: phy: qcom,qmp-usb3-dp: fix bogus clock-cells property (git-fixes).
dt-bindings: phy: qcom,qmp: fix bogus clock-cells property (git-fixes).
dyndbg: fix module.dyndbg handling (git-fixes).
dyndbg: fix static_branch manipulation (git-fixes).
dyndbg: let query-modname override actual module name (git-fixes).
efi: Correct Macmini DMI match in uefi cert quirk (git-fixes).
efi: libstub: drop pointless get_memory_map() call (git-fixes).
fbdev: cyber2000fb: fix missing pci_disable_device() (git-fixes).
fbdev: da8xx-fb: Fix error handling in .remove() (git-fixes).
fec: Fix timer capture timing in `fec_ptp_enable_pps()` (git-fixes).
firmware: arm_scmi: Add SCMI PM driver remove routine (git-fixes).
firmware: arm_scmi: Harden accesses to the sensor domains (git-fixes).
firmware: arm_scmi: Improve checks in the info_get operations (git-fixes).
firmware: google: Test spinlock on panic path to avoid lockups (git-fixes).
fpga: prevent integer overflow in dfl_feature_ioctl_set_irq() (git-fixes).
fs/binfmt_elf: Fix memory leak in load_elf_binary() (git-fixes).
ftrace: Fix char print issue in print_ip_ins() (git-fixes).
ftrace: Properly unset FTRACE_HASH_FL_MOD (git-fixes).
fuse: fix deadlock between atomic O_TRUNC and page invalidation (bsc#1204533).
gcov: support GCC 12.1 and newer compilers (git-fixes).
gpu: lontium-lt9611: Fix NULL pointer dereference in lt9611_connector_init() (git-fixes).
hid: hid-logitech-hidpp: avoid unnecessary assignments in hidpp_connect_event (git-fixes).
hid: hidraw: fix memory leak in hidraw_release() (git-fixes).
hid: magicmouse: Do not set BTN_MOUSE on double report (git-fixes).
hid: multitouch: Add memory barriers (git-fixes).
hid: roccat: Fix use-after-free in roccat_read() (git-fixes).
hinic: Avoid some over memory allocation (git-fixes).
hsi: omap_ssi: Fix refcount leak in ssi_probe (git-fixes).
hsi: omap_ssi_port: Fix dma_map_sg error check (git-fixes).
hwmon/coretemp: Handle large core ID value (git-fixes).
hwmon: (sht4x) do not overflow clamping operation on 32-bit platforms (git-fixes).
i2c: designware: Fix handling of real but unexpected device interrupts (git-fixes).
i2c: i801: Add support for Intel Ice Lake PCH-N (jsc#PED-634).
i2c: i801: Add support for Intel Meteor Lake-P (jsc#PED-732).
i2c: i801: Add support for Intel Raptor Lake PCH-S (jsc#PED-634).
i2c: i801: Improve handling of chip-specific feature definitions (jsc#PED-634).
i2c: qcom-cci: Fix ordering of pm_runtime_xx and i2c_add_adapter (git-fixes).
i40e: Fix call trace in setup_tx_descriptors (git-fixes).
i40e: Fix dropped jumbo frames statistics (git-fixes).
i40e: Fix to stop tx_timeout recovery if GLOBR fails (git-fixes).
iavf: Fix adminq error handling (git-fixes).
iavf: Fix handling of dummy receive descriptors (git-fixes).
iavf: Fix reset error handling (git-fixes).
ib/core: Fix a nested dead lock as part of ODP flow (git-fixes)
ib/rdmavt: Add __init/__exit annotations to module init/exit funcs (git-fixes)
ice: Fix switchdev rules book keeping (git-fixes).
ice: check (DD | EOF) bits on Rx descriptor rather than (EOP | RS) (git-fixes).
ice: do not setup vlan for loopback VSI (git-fixes).
igb: Make DMA faster when CPU is active on the PCIe link (git-fixes).
igb: fix a use-after-free issue in igb_clean_tx_ring (git-fixes).
iio: ABI: Fix wrong format of differential capacitance channel ABI (git-fixes).
iio: adc: ad7923: fix channel readings for some variants (git-fixes).
iio: adc: at91-sama5d2_adc: check return status for pressure and touch (git-fixes).
iio: adc: at91-sama5d2_adc: disable/prepare buffer on suspend/resume (git-fixes).
iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX (git-fixes).
iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq (git-fixes).
iio: adc: mcp3911: use correct id bits (git-fixes).
iio: adxl372: Fix unsafe buffer attributes (git-fixes).
iio: bmc150-accel-core: Fix unsafe buffer attributes (git-fixes).
iio: dac: ad5593r: Fix i2c read protocol requirements (git-fixes).
iio: inkern: fix return value in devm_of_iio_channel_get_by_name() (git-fixes).
iio: inkern: only release the device node when done with it (git-fixes).
iio: light: tsl2583: Fix module unloading (git-fixes).
iio: ltc2497: Fix reading conversion results (git-fixes).
iio: magnetometer: yas530: Change data type of hard_offsets to signed (git-fixes).
iio: pressure: dps310: Refactor startup procedure (git-fixes).
iio: pressure: dps310: Reset chip after timeout (git-fixes).
iio: temperature: ltc2983: allocate iio channels once (git-fixes).
ima: fix blocking of security.ima xattrs of unsupported algorithms (git-fixes).
input: i8042 - fix refount leak on sparc (git-fixes).
input: synaptics-rmi4 - fix firmware update operations with bootloader v8 (git-fixes).
input: xpad - add supported devices as contributed on github (git-fixes).
input: xpad - fix wireless 360 controller breaking after suspend (git-fixes).
iommu/vt-d: Do not falsely log intel_iommu is unsupported kernel option (bsc#1204947).
ip: Fix data-races around sysctl_ip_fwd_update_priority (git-fixes).
ipv4: Fix data-races around sysctl_fib_multipath_hash_policy (git-fixes).
irqchip/ls-extirq: Fix invalid wait context by avoiding to use regmap (git-fixes).
isdn: mISDN: netjet: fix wrong check of device registration (git-fixes).
ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero (git-fixes).
ixgbe: fix bcast packets Rx on VF after promisc removal (git-fixes).
ixgbe: fix unexpected VLAN Rx in promisc mode on VF (git-fixes).
kABI: Fix after adding trace_iterator.wait_index (git-fixes).
kABI: Fix kABI after backport Add pmc->intr to refactor kvm_perf_overflow{_intr}() (git-fixes).
kABI: Fix kABI after backport Always set kvm_run->if_flag (git-fixes).
kABI: Fix kABI after backport Forcibly leave nested virt when SMM state is toggled (git-fixes).
kABI: Fix kABI after backport Refactoring find_arch_event() to pmc_perf_hw_id() (git-fixes).
kABI: Fix kABI after backport Update vPMCs when retiring branch instructions (git-fixes).
kabi/severities: ignore CS35L41-specific exports (bsc#1203699)
kbuild: Add skip_encoding_btf_enum64 option to pahole (git-fixes).
kbuild: remove the target in signal traps when interrupted (git-fixes).
kbuild: rpm-pkg: fix breakage when V=1 is used (git-fixes).
kernfs: fix use-after-free in __kernfs_remove (git-fixes).
kselftest/arm64: Fix validatation termination record after EXTRA_CONTEXT (git-fixes).
kvm: SVM: Exit to userspace on ENOMEM/EFAULT GHCB errors (git-fixes).
kvm: VMX: Inject #PF on ENCLS as 'emulated' #PF (git-fixes).
kvm: fix avic_set_running for preemptable kernels (git-fixes).
kvm: nVMX: Ignore SIPI that arrives in L2 when vCPU is not in WFS (git-fixes).
kvm: nVMX: Unconditionally purge queued/injected events on nested 'exit' (git-fixes).
kvm: s390: Clarify SIGP orders versus STOP/RESTART (git-fixes).
kvm: s390: pv: do not present the ecall interrupt twice (bsc#1203229 LTC#199905).
kvm: s390x: fix SCK locking (git-fixes).
kvm: x86/emulator: Fix handing of POP SS to correctly set interruptibility (git-fixes).
kvm: x86/mmu: Do not advance iterator after restart due to yielding (git-fixes).
kvm: x86/mmu: Retry page fault if root is invalidated by memslot update (git-fixes).
kvm: x86/pmu: Add pmc->intr to refactor kvm_perf_overflow{_intr}() (git-fixes).
kvm: x86/pmu: Do not truncate the PerfEvtSeln MSR when creating a perf event (git-fixes).
kvm: x86/pmu: Fix available_event_types check for REF_CPU_CYCLES event (git-fixes).
kvm: x86/pmu: Refactoring find_arch_event() to pmc_perf_hw_id() (git-fixes).
kvm: x86: Add KVM_CAP_ENABLE_CAP to x86 (git-fixes).
kvm: x86: Add compat handler for KVM_X86_SET_MSR_FILTER (git-fixes).
kvm: x86: Always set kvm_run->if_flag (git-fixes).
kvm: x86: Forcibly leave nested virt when SMM state is toggled (git-fixes).
kvm: x86: Inject #UD on emulated XSETBV if XSAVES isn't enabled (git-fixes).
kvm: x86: Keep MSR_IA32_XSS unchanged for INIT (git-fixes).
kvm: x86: Register perf callbacks after calling vendor's hardware_setup() (git-fixes).
kvm: x86: Sync the states size with the XCR0/IA32_XSS at, any time (git-fixes).
kvm: x86: Update vPMCs when retiring branch instructions (git-fixes).
kvm: x86: Update vPMCs when retiring instructions (git-fixes).
kvm: x86: do not report preemption if the steal time cache is stale (git-fixes).
kvm: x86: nSVM/nVMX: set nested_run_pending on VM entry which is a result of RSM (git-fixes).
kvm: x86: nSVM: fix potential NULL derefernce on nested migration (git-fixes).
kvm: x86: nSVM: mark vmcb01 as dirty when restoring SMM saved state (git-fixes).
lib/sg_pool: change module_init(sg_pool_init) to subsys_initcall (git-fixes).
livepatch: Add a missing newline character in klp_module_coming() (bsc#1071995).
livepatch: fix race between fork and KLP transition (bsc#1071995).
mISDN: fix possible memory leak in mISDN_register_device() (git-fixes).
mISDN: hfcpci: Fix use-after-free bug in hfcpci_softirq (git-fixes).
mac802154: Fix LQI recording (git-fixes).
macvlan: enforce a consistent minimal mtu (git-fixes).
mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg (git-fixes).
mailbox: mpfs: account for mbox offsets while sending (git-fixes).
mailbox: mpfs: fix handling of the reg property (git-fixes).
media: atomisp: prevent integer overflow in sh_css_set_black_frame() (git-fixes).
media: cedrus: Fix endless loop in cedrus_h265_skip_bits() (git-fixes).
media: cedrus: Set the platform driver data earlier (git-fixes).
media: cx88: Fix a null-ptr-deref bug in buffer_prepare() (git-fixes).
media: ipu3-imgu: Fix NULL pointer dereference in active selection access (git-fixes).
media: mceusb: set timeout to at least timeout provided (git-fixes).
media: meson: vdec: add missing clk_disable_unprepare on error in vdec_hevc_start() (git-fixes).
media: uvcvideo: Fix memory leak in uvc_gpio_parse (git-fixes).
media: uvcvideo: Use entity get_cur in uvc_ctrl_set (git-fixes).
media: v4l2-compat-ioctl32.c: zero buffer passed to v4l2_compat_get_array_args() (git-fixes).
media: v4l2-dv-timings: add sanity checks for blanking values (git-fixes).
media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation (git-fixes).
media: venus: dec: Handle the case where find_format fails (git-fixes).
media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced' (git-fixes).
media: vivid: dev->bitmap_cap wasn't freed in all cases (git-fixes).
media: vivid: s_fbuf: add more sanity checks (git-fixes).
media: vivid: set num_in/outputs to 0 if not supported (git-fixes).
media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init (git-fixes).
memory: of: Fix refcount leak bug in of_get_ddr_timings() (git-fixes).
memory: of: Fix refcount leak bug in of_lpddr3_get_ddr_timings() (git-fixes).
memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe() (git-fixes).
mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq() (git-fixes).
mfd: fsl-imx25: Fix check for platform_get_irq() errors (git-fixes).
mfd: intel-lpss: Add Intel Raptor Lake PCH-S PCI IDs (jsc#PED-634).
mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe() (git-fixes).
mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init() (git-fixes).
mfd: lp8788: Fix an error handling path in lp8788_probe() (git-fixes).
mfd: sm501: Add check for platform_driver_register() (git-fixes).
misc: ocxl: fix possible refcount leak in afu_ioctl() (git-fixes).
misc: pci_endpoint_test: Aggregate params checking for xfer (git-fixes).
misc: pci_endpoint_test: Fix pci_endpoint_test_{copy,write,read}() panic (git-fixes).
mlxsw: spectrum: Clear PTP configuration after unregistering the netdevice (git-fixes).
mlxsw: spectrum_cnt: Reorder counter pools (git-fixes).
mlxsw: spectrum_router: Fix IPv4 nexthop gateway indication (git-fixes).
mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page (bsc#1204575).
mmc: au1xmmc: Fix an error handling path in au1xmmc_probe() (git-fixes).
mmc: core: Fix kernel panic when remove non-standard SDIO card (git-fixes).
mmc: core: Replace with already defined values for readability (git-fixes).
mmc: core: Terminate infinite loop in SD-UHS voltage switch (git-fixes).
mmc: sdhci-esdhc-imx: Propagate ESDHC_FLAG_HS400* only on 8bit bus (git-fixes).
mmc: sdhci-msm: add compatible string check for sdm670 (git-fixes).
mmc: sdhci-pci-core: Disable ES for ASUS BIOS on Jasper Lake (git-fixes).
mmc: sdhci-sprd: Fix minimum clock limit (git-fixes).
mmc: sdhci_am654: 'select', not 'depends' REGMAP_MMIO (git-fixes).
mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe() (git-fixes).
move upstreamed BT fixes into sorted section
move upstreamed patches into sorted section
move upstreamed sound patches into sorted section
mtd: devices: docg3: check the return value of devm_ioremap() in the probe (git-fixes).
mtd: rawnand: atmel: Unmap streaming DMA mappings (git-fixes).
mtd: rawnand: fsl_elbc: Fix none ECC mode (git-fixes).
mtd: rawnand: intel: Do not re-define NAND_DATA_IFACE_CHECK_ONLY (git-fixes).
mtd: rawnand: intel: Read the chip-select line from the correct OF node (git-fixes).
mtd: rawnand: intel: Remove undocumented compatible string (git-fixes).
mtd: rawnand: marvell: Use correct logic for nand-keep-config (git-fixes).
mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct() (git-fixes).
net/dsa/hirschmann: Add missing of_node_get() in hellcreek_led_setup() (git-fixes).
net/ice: fix initializing the bitmap in the switch code (git-fixes).
net/ieee802154: fix uninit value bug in dgram_sendmsg (git-fixes).
net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure (git-fixes).
net/mlx5e: Disable softirq in mlx5e_activate_rq to avoid race condition (git-fixes).
net/mlx5e: Fix enabling sriov while tc nic rules are offloaded (git-fixes).
net/mlx5e: Properly disable vlan strip on non-UL reps (git-fixes).
net/mlx5e: Remove WARN_ON when trying to offload an unsupported TLS cipher/version (git-fixes).
net/mlx5e: Ring the TX doorbell on DMA errors (git-fixes).
net/mlx5e: TC, fix decap fallback to uplink when int port not supported (git-fixes).
net/mlx5e: Update netdev features after changing XDP state (git-fixes).
net/mlx5e: xsk: Account for XSK RQ UMRs when calculating ICOSQ size (git-fixes).
net: altera: Fix refcount leak in altera_tse_mdio_create (git-fixes).
net: atlantic: fix aq_vec index out of range error (git-fixes).
net: bcmgenet: Indicate MAC is in charge of PHY PM (git-fixes).
net: bgmac: Fix a BUG triggered by wrong bytes_compl (git-fixes).
net: bgmac: Fix an erroneous kfree() in bgmac_remove() (git-fixes).
net: bgmac: support MDIO described in DT (git-fixes).
net: bonding: fix possible NULL deref in rlb code (git-fixes).
net: bonding: fix use-after-free after 802.3ad slave unbind (git-fixes).
net: chelsio: cxgb4: Avoid potential negative array offset (git-fixes).
net: dp83822: disable false carrier interrupt (git-fixes).
net: dp83822: disable rx error interrupt (git-fixes).
net: dsa: bcm_sf2: force pause link settings (git-fixes).
net: dsa: ksz9477: port mirror sniffing limited to one port (git-fixes).
net: dsa: lantiq_gswip: Fix refcount leak in gswip_gphy_fw_list (git-fixes).
net: dsa: microchip: ksz9477: fix fdb_dump last invalid entry (git-fixes).
net: dsa: microchip: ksz_common: Fix refcount leak bug (git-fixes).
net: dsa: mv88e6060: prevent crash on an unused port (git-fixes).
net: dsa: mv88e6xxx: use BMSR_ANEGCOMPLETE bit for filling an_complete (git-fixes).
net: dsa: sja1105: fix buffer overflow in sja1105_setup_devlink_regions() (git-fixes).
net: dsa: sja1105: silent spi_device_id warnings (git-fixes).
net: dsa: vitesse-vsc73xx: silent spi_device_id warnings (git-fixes).
net: ethernet: bgmac: Fix refcount leak in bcma_mdio_mii_register (git-fixes).
net: ethernet: ti: am65-cpsw: Fix devlink port register sequence (git-fixes).
net: ethernet: ti: davinci_mdio: Add workaround for errata i2329 (git-fixes).
net: ethernet: ti: davinci_mdio: fix build for mdio bitbang uses (git-fixes).
net: fix IFF_TX_SKB_NO_LINEAR definition (git-fixes).
net: ftgmac100: Hold reference returned by of_get_child_by_name() (git-fixes).
net: hns3: do not push link state to VF if unalive (git-fixes).
net: hns3: set port base vlan tbl_sta to false before removing old vlan (git-fixes).
net: huawei: hinic: Use devm_kcalloc() instead of devm_kzalloc() (git-fixes).
net: ieee802154: return -EINVAL for unknown addr type (git-fixes).
net: ipa: do not assume SMEM is page-aligned (git-fixes).
net: ipvtap - add __init/__exit annotations to module init/exit funcs (git-fixes).
net: moxa: get rid of asymmetry in DMA mapping/unmapping (git-fixes).
net: moxa: pass pdev instead of ndev to DMA functions (git-fixes).
net: mscc: ocelot: fix address of SYS_COUNT_TX_AGING counter (git-fixes).
net: pcs: xpcs: propagate xpcs_read error to xpcs_get_state_c37_sgmii (git-fixes).
net: phy: dp83822: disable MDI crossover status change interrupt (git-fixes).
net: phy: dp83867: Extend RX strap quirk for SGMII mode (git-fixes).
net: stmmac: fix dma queue left shift overflow issue (git-fixes).
net: stmmac: fix leaks in probe (git-fixes).
net: stmmac: fix pm runtime issue in stmmac_dvr_remove() (git-fixes).
net: stmmac: fix unbalanced ptp clock issue in suspend/resume flow (git-fixes).
net: stmmac: remove redunctant disable xPCS EEE call (git-fixes).
net: sungem_phy: Add of_node_put() for reference returned by of_get_parent() (git-fixes).
net: tap: NULL pointer derefence in dev_parse_header_protocol when skb->dev is null (git-fixes).
net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (git-fixes).
net: usb: r8152: Add in new Devices that are supported for Mac-Passthru (git-fixes).
netdevsim: fib: Fix reference count leak on route deletion failure (git-fixes).
nfc: fdp: Fix potential memory leak in fdp_nci_send() (git-fixes).
nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (git-fixes).
nfc: nxp-nci: Fix potential memory leak in nxp_nci_send() (git-fixes).
nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (git-fixes).
nfp: ethtool: fix the display error of `ethtool -m DEVNAME` (git-fixes).
nfs: Fix another fsync() issue after a server reboot (git-fixes).
nfsv4: Fixes for nfs4_inode_return_delegation() (git-fixes).
nvme: do not print verbose errors for internal passthrough requests (bsc#1202187).
nvmem: core: Check input parameter for NULL in nvmem_unregister() (bsc#1204241).
octeontx2-af: Apply tx nibble fixup always (git-fixes).
octeontx2-af: Fix key checking for source mac (git-fixes).
octeontx2-af: Fix mcam entry resource leak (git-fixes).
octeontx2-af: suppress external profile loading warning (git-fixes).
octeontx2-pf: Fix NIX_AF_TL3_TL2X_LINKX_CFG register configuration (git-fixes).
octeontx2-pf: Fix UDP/TCP src and dst port tc filters (git-fixes).
octeontx2-pf: cn10k: Fix egress ratelimit configuration (git-fixes).
openvswitch: Fix double reporting of drops in dropwatch (git-fixes).
openvswitch: Fix overreporting of drops in dropwatch (git-fixes).
openvswitch: add nf_ct_is_confirmed check before assigning the helper (git-fixes).
openvswitch: switch from WARN to pr_warn (git-fixes).
overflow.h: restore __ab_c_size (git-fixes).
overflow: Implement size_t saturating arithmetic helpers (jsc#PED-1211).
pci/aspm: Correct LTR_L1.2_THRESHOLD computation (git-fixes).
pci/aspm: Ignore L1 PM Substates if device lacks capability (git-fixes).
pci: Fix used_buses calculation in pci_scan_child_bus_extend() (git-fixes).
pci: Sanitise firmware BAR assignments behind a PCI-PCI bridge (git-fixes).
pci: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (bsc#1204017).
pci: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (bsc#1204017).
pci: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (bsc#1204017).
pci: mediatek-gen3: Change driver name to mtk-pcie-gen3 (git-fixes).
phy: amlogic: phy-meson-axg-mipi-pcie-analog: Hold reference returned by of_get_parent() (git-fixes).
phy: qualcomm: call clk_disable_unprepare in the error handling (git-fixes).
pinctrl: Ingenic: JZ4755 bug fixes (git-fixes).
pinctrl: alderlake: Add Intel Alder Lake-N pin controller support (jsc#PED-676).
pinctrl: alderlake: Add Raptor Lake-S ACPI ID (jsc#PED-634).
pinctrl: alderlake: Fix register offsets for ADL-N variant (jsc#PED-676).
pinctrl: armada-37xx: Add missing GPIO-only pins (git-fixes).
pinctrl: armada-37xx: Checks for errors in gpio_request_enable callback (git-fixes).
pinctrl: armada-37xx: Fix definitions for MPP pins 20-22 (git-fixes).
pinctrl: microchip-sgpio: Correct the fwnode_irq_get() return value check (git-fixes).
platform/chrome: cros_ec: Notify the PM of wake events during resume (git-fixes).
platform/chrome: cros_ec_proto: Update version on GET_NEXT_EVENT failure (git-fixes).
platform/chrome: cros_ec_typec: Correct alt mode index (git-fixes).
platform/chrome: fix double-free in chromeos_laptop_prepare() (git-fixes).
platform/chrome: fix memory corruption in ioctl (git-fixes).
platform/x86: asus-wmi: Document the dgpu_disable sysfs attribute (git-fixes).
platform/x86: asus-wmi: Document the egpu_enable sysfs attribute (git-fixes).
platform/x86: asus-wmi: Document the panel_od sysfs attribute (git-fixes).
platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading (git-fixes).
platform/x86: msi-laptop: Fix old-ec check for backlight registering (git-fixes).
platform/x86: msi-laptop: Fix resource cleanup (git-fixes).
plip: avoid rcu debug splat (git-fixes).
pm: domains: Fix handling of unavailable/disabled idle states (git-fixes).
pm: hibernate: Allow hybrid sleep to work with s2idle (git-fixes).
power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() (git-fixes).
powerpc/64: Remove unused SYS_CALL_TABLE symbol (jsc#SLE-9246 git-fixes).
powerpc/64: pcpu setup avoid reading mmu_linear_psize on 64e or radix (bsc#1204413 ltc#200176).
powerpc/64s: Fix build failure when CONFIG_PPC_64S_HASH_MMU is not set (bsc#1204413 ltc#200176).
powerpc/64s: Make flush_and_reload_slb a no-op when radix is enabled (bsc#1204413 ltc#200176).
powerpc/64s: Make hash MMU support configurable (bsc#1204413 ltc#200176).
powerpc/64s: Move and rename do_bad_slb_fault as it is not hash specific (bsc#1204413 ltc#200176).
powerpc/64s: Move hash MMU support code under CONFIG_PPC_64S_HASH_MMU (bsc#1204413 ltc#200176).
powerpc/64s: Rename hash_hugetlbpage.c to hugetlbpage.c (bsc#1204413 ltc#200176).
powerpc/fadump: align destination address to pagesize (bsc#1204728 ltc#200074).
powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe() (jsc#SLE-13847 git-fixes).
powerpc/mm/64s: Drop pgd_huge() (bsc#1065729).
powerpc/pci_dn: Add missing of_node_put() (bsc#1065729).
powerpc/powernv: add missing of_node_put() in opal_export_attrs() (bsc#1065729).
powerpc/pseries/vas: Add VAS IRQ primary handler (bsc#1204413 ltc#200176).
powerpc/pseries: Stop selecting PPC_HASH_MMU_NATIVE (bsc#1204413 ltc#200176).
powerpc/pseries: lparcfg do not include slb_size line in radix mode (bsc#1204413 ltc#200176).
powerpc: Ignore DSI error caused by the copy/paste instruction (bsc#1204413 ltc#200176).
powerpc: Rename PPC_NATIVE to PPC_HASH_MMU_NATIVE (bsc#1204413 ltc#200176). Update config files.
powerpc: make memremap_compat_align 64s-only (bsc#1204413 ltc#200176).
printk: add missing memory barrier to wake_up_klogd() (bsc#1204934).
printk: use atomic updates for klogd work (bsc#1204934).
printk: wake waiters for safe and NMI contexts (bsc#1204934).
r8152: add PID for the Lenovo OneLink+ Dock (git-fixes).
rdma/cma: Fix arguments order in net device validation (git-fixes)
rdma/hfi1: Fix potential integer multiplication overflow errors (git-fixes)
rdma/hns: Add the detection for CMDQ status in the device initialization process (git-fixes)
rdma/irdma: Add support for address handle re-use (git-fixes)
rdma/irdma: Align AE id codes to correct flush code and event (git-fixes)
rdma/irdma: Do not advertise 1GB page size for x722 (git-fixes)
rdma/irdma: Fix VLAN connection with wildcard address (git-fixes)
rdma/irdma: Fix a window for use-after-free (git-fixes)
rdma/irdma: Fix setting of QP context err_rq_idx_valid field (git-fixes)
rdma/irdma: Fix sleep from invalid context BUG (git-fixes)
rdma/irdma: Move union irdma_sockaddr to header file (git-fixes)
rdma/irdma: Remove the unnecessary variable saddr (git-fixes)
rdma/irdma: Report RNR NAK generation in device caps (git-fixes)
rdma/irdma: Report the correct max cqes from query device (git-fixes)
rdma/irdma: Return correct WC error for bind operation failure (git-fixes)
rdma/irdma: Return error on MR deregister CQP failure (git-fixes)
rdma/irdma: Use net_type to check network type (git-fixes)
rdma/irdma: Validate udata inlen and outlen (git-fixes)
rdma/mlx5: Add missing check for return value in get namespace flow (git-fixes)
rdma/mlx5: Do not compare mkey tags in DEVX indirect mkey (git-fixes)
rdma/qedr: Fix potential memory leak in __qedr_alloc_mr() (git-fixes)
rdma/qedr: Fix reporting QP timeout attribute (git-fixes)
rdma/rxe: Fix 'kernel NULL pointer dereference' error (git-fixes)
rdma/rxe: Fix deadlock in rxe_do_local_ops() (git-fixes)
rdma/rxe: Fix error unwind in rxe_create_qp() (git-fixes)
rdma/rxe: Fix mw bind to allow any consumer key portion (git-fixes)
rdma/rxe: Fix resize_finish() in rxe_queue.c (git-fixes)
rdma/rxe: Fix rnr retry behavior (git-fixes)
rdma/rxe: Fix the error caused by qp->sk (git-fixes)
rdma/rxe: For invalidate compare according to set keys in mr (git-fixes)
rdma/rxe: Generate a completion for unsupported/invalid opcode (git-fixes)
rdma/siw: Always consume all skbuf data in sk_data_ready() upcall. (git-fixes)
rdma/siw: Fix QP destroy to wait for all references dropped. (git-fixes)
rdma/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event (git-fixes)
rdma/siw: Pass a pointer to virt_to_page() (git-fixes)
rdma/srp: Fix srp_abort() (git-fixes)
rdma/srp: Handle dev_set_name() failure (git-fixes)
rdma/srp: Rework the srp_add_port() error path (git-fixes)
rdma/srp: Set scmnd->result only when scmnd is not NULL (git-fixes)
rdma/srp: Support more than 255 rdma ports (git-fixes)
rdma/srp: Use the attribute group mechanism for sysfs attributes (git-fixes)
rdma/srpt: Duplicate port name members (git-fixes)
rdma/srpt: Fix a use-after-free (git-fixes)
rdma/srpt: Introduce a reference count in struct srpt_device (git-fixes)
rdma/usnic: fix set-but-not-unused variable 'flags' warning (git-fixes)
rdma: remove useless condition in siw_create_cq() (git-fixes)
regulator: core: Prevent integer underflow (git-fixes).
remoteproc: imx_rproc: Simplify some error message (git-fixes).
revert 'SUNRPC: Remove unreachable error condition' (git-fixes).
revert 'crypto: qat - reduce size of mapped region' (git-fixes).
revert 'drm/amdgpu: use dirty framebuffer helper' (git-fixes).
revert 'usb: storage: Add quirk for Samsung Fit flash' (git-fixes).
revert 'workqueue: remove unused cancel_work()' (bsc#1204933).
ring-buffer: Add ring_buffer_wake_waiters() (git-fixes).
ring-buffer: Allow splice to read previous partially read pages (git-fixes).
ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters() (bsc#1204705).
ring-buffer: Check pending waiters when doing wake ups as well (git-fixes).
ring-buffer: Fix race between reset page and reading page (git-fixes).
ring-buffer: Have the shortest_full queue be the shortest not longest (git-fixes).
rose: Fix NULL pointer dereference in rose_send_frame() (git-fixes).
rpm/check-for-config-changes: loosen pattern for AS_HAS_* This is needed to handle CONFIG_AS_HAS_NON_CONST_LEB128.
rpmsg: qcom: glink: replace strncpy() with strscpy_pad() (git-fixes).
rtc: stmp3xxx: Add failure handling for stmp3xxx_wdt_register() (git-fixes).
s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup (git-fixes).
s390/smp: enforce lowcore protection on CPU restart (git-fixes).
sbitmap: Avoid leaving waitqueue in invalid state in __sbq_wake_up() (git-fixes).
sbitmap: fix possible io hung due to lost wakeup (git-fixes).
scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() (git-fixes).
scsi: lpfc: Create a sysfs entry called lpfc_xcvr_data for transceiver info (bsc#1204957).
scsi: lpfc: Fix hard lockup when reading the rx_monitor from debugfs (bsc#1204957).
scsi: lpfc: Fix memory leak in lpfc_create_port() (bsc#1204957).
scsi: lpfc: Fix spelling mistake 'unsolicted' -> 'unsolicited' (bsc#1204957).
scsi: lpfc: Log when congestion management limits are in effect (bsc#1204957).
scsi: lpfc: Set sli4_param's cmf option to zero when CMF is turned off (bsc#1204957).
scsi: lpfc: Update lpfc version to 14.2.0.8 (bsc#1204957).
scsi: lpfc: Update the obsolete adapter list (bsc#1204142).
scsi: mpi3mr: Schedule IRQ kthreads only on non-RT kernels (bnc#1204498).
scsi: qla2xxx: Fix serialization of DCBX TLV data request (bsc#1204963).
scsi: qla2xxx: Use transport-defined speed mask for supported_speeds (bsc#1204963).
scsi: scsi_transport_fc: Use %u for dev_loss_tmo (bsc#1202914).
scsi: ufs: ufs-pci: Add support for Intel ADL (jsc#PED-707).
scsi: ufs: ufs-pci: Add support for Intel MTL (jsc#PED-732).
selftest: tpm2: Add Client.__del__() to close /dev/tpm* handle (git-fixes).
selftests/livepatch: better synchronize test_klp_callbacks_busy (bsc#1071995).
selftests/pidfd_test: Remove the erroneous ',' (git-fixes).
selftests/powerpc: Skip energy_scale_info test on older firmware (git-fixes).
selftests: netfilter: Fix nft_fib.sh for all.rp_filter=1 (git-fixes).
selinux: allow FIOCLEX and FIONCLEX with policy capability (git-fixes).
selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context() (git-fixes).
selinux: use 'grep -E' instead of 'egrep' (git-fixes).
serial: 8250: Fix restoring termios speed after suspend (git-fixes).
serial: core: move RS485 configuration tasks from drivers into core (git-fixes).
sfc: disable softirqs for ptp TX (git-fixes).
sfc: fix kernel panic when creating VF (git-fixes).
sfc: fix use after free when disabling sriov (git-fixes).
signal: break out of wait loops on kthread_stop() (bsc#1204926).
slimbus: qcom-ngd: cleanup in probe error path (git-fixes).
slimbus: qcom-ngd: use correct error in message of pdr_add_lookup() failure (git-fixes).
soc/tegra: fuse: Drop Kconfig dependency on TEGRA20_APB_DMA (git-fixes).
soc: qcom: smem_state: Add refcounting for the 'state->of_node' (git-fixes).
soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() (git-fixes).
soc: sunxi: sram: Fix probe function ordering issues (git-fixes).
soc: sunxi_sram: Make use of the helper function devm_platform_ioremap_resource() (git-fixes).
soundwire: cadence: Do not overwrite msg->buf during write commands (git-fixes).
soundwire: intel: fix error handling on dai registration issues (git-fixes).
spi: Ensure that sg_table won't be used after being freed (git-fixes).
spi: pxa2xx: Add support for Intel Meteor Lake-P (jsc#PED-732).
spi: pxa2xx: Add support for Intel Raptor Lake PCH-S (jsc#PED-634).
spmi: pmic-arb: correct duplicate APID to PPID mapping logic (git-fixes).
spmi: pmic-arb: do not ack and clear peripheral interrupts in cleanup_irq (git-fixes).
staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() (git-fixes).
staging: rtl8723bs: fix potential memory leak in rtw_init_drv_sw() (git-fixes).
staging: vt6655: fix potential memory leak (git-fixes).
staging: vt6655: fix some erroneous memory clean-up loops (git-fixes).
stmmac: intel: Add a missing clk_disable_unprepare() call in intel_eth_pci_remove() (git-fixes).
stmmac: intel: Fix an error handling path in intel_eth_pci_probe() (git-fixes).
thermal/drivers/qcom/tsens-v0_1: Fix MSM8939 fourth sensor hw_id (git-fixes).
thermal: cpufreq_cooling: Check the policy first in cpufreq_cooling_register() (git-fixes).
thermal: int340x: Mode setting with new OS handshake (jsc#PED-678).
thermal: int340x: Update OS policy capability handshake (jsc#PED-678).
thermal: intel_powerclamp: Use first online CPU as control_cpu (git-fixes).
thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash (git-fixes).
thunderbolt: Add back Intel Falcon Ridge end-to-end flow control workaround (git-fixes).
thunderbolt: Add missing device ID to tb_switch_is_alpine_ridge() (git-fixes).
thunderbolt: Add support for Intel Raptor Lake (jsc#PED-634).
thunderbolt: Disable LTTPR on Intel Titan Ridge (git-fixes).
thunderbolt: Explicitly enable lane adapter hotplug events at startup (git-fixes).
thunderbolt: Explicitly reset plug events delay back to USB4 spec value (git-fixes).
thunderbolt: Fix buffer allocation of devices with no DisplayPort adapters (git-fixes).
tracing/osnoise: Fix possible recursive locking in stop_per_cpu_kthreads (git-fixes).
tracing: Add '(fault)' name injection to kernel probes (git-fixes).
tracing: Add ioctl() to force ring buffer waiters to wake up (git-fixes).
tracing: Disable interrupt or preemption before acquiring arch_spinlock_t (git-fixes).
tracing: Do not free snapshot if tracer is on cmdline (git-fixes).
tracing: Fix reading strings from synthetic events (git-fixes).
tracing: Move duplicate code of trace_kprobe/eprobe.c into header (git-fixes).
tracing: Replace deprecated CPU-hotplug functions (git-fixes).
tracing: Simplify conditional compilation code in tracing_set_tracer() (git-fixes).
tracing: Wake up ring buffer waiters on closing of the file (git-fixes).
tracing: Wake up waiters when tracing is disabled (git-fixes).
tracing: kprobe: Fix kprobe event gen test module on exit (git-fixes).++ kernel-source.spec (revision 4)Release: <RELEASE>.g76cfe60Provides: %name-srchash-76cfe60e3ab724313d9fba4cf5ebaf12ad49ea0e
tracing: kprobe: Make gen test module work in arm and riscv (git-fixes).
tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown (git-fixes).
tty: xilinx_uartps: Fix the ignore_status (git-fixes).
uas: add no-uas quirk for Hiksemi usb_disk (git-fixes).
uas: ignore UAS for Thinkplus chips (git-fixes).
udmabuf: Set ubuf->sg = NULL if the creation of sg table fails (git-fixes).
update kabi files. Refresh from Nov 2022 MU - 5.14.21-150400.24.28.1
update patches.suse/kbuild-Add-skip_encoding_btf_enum64-option-to-pahole.patch (bsc#1204693).
usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS (git-fixes).
usb/hcd: Fix dma_map_sg error check (git-fixes).
usb: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM (git-fixes).
usb: add quirks for Lenovo OneLink+ Dock (git-fixes).
usb: bdc: change state when port disconnected (git-fixes).
usb: cdc-wdm: Use skb_put_data() instead of skb_put/memcpy pair (git-fixes).
usb: common: debug: Check non-standard control requests (git-fixes).
usb: dwc3: core: Enable GUCTL1 bit 10 for fixing termination error after resume bug (git-fixes).
usb: dwc3: gadget: Do not set IMI for no_interrupt (git-fixes).
usb: dwc3: gadget: Stop processing more requests on IMI (git-fixes).
usb: ehci: Fix a function name in comments (git-fixes).
usb: gadget: bdc: fix typo in comment (git-fixes).
usb: gadget: f_fs: stricter integer overflow checks (git-fixes).
usb: gadget: function: fix dangling pnp_string in f_printer.c (git-fixes).
usb: host: xhci-plat: suspend and resume clocks (git-fixes).
usb: host: xhci-plat: suspend/resume clks for brcm (git-fixes).
usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() (git-fixes).
usb: idmouse: fix an uninit-value in idmouse_open (git-fixes).
usb: mon: make mmapped memory read only (git-fixes).
usb: mtu3: fix failed runtime suspend in host only mode (git-fixes).
usb: musb: Fix musb_gadget.c rxstate overflow bug (git-fixes).
usb: serial: console: move mutex_unlock() before usb_serial_put() (git-fixes).
usb: serial: ftdi_sio: fix 300 bps rate for SIO (git-fixes).
usb: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes).
usb: typec: tcpm: fix typo in comment (git-fixes).
usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller (git-fixes).
virt: vbox: convert to use dev_groups (git-fixes).
vsock: fix possible infinite sleep in vsock_connectible_wait_data() (git-fixes).
vsock: remove the unused 'wait' in vsock_connectible_recvmsg() (git-fixes).
watchdog/hpwdt: Include nmi.h only if CONFIG_HPWDT_NMI_DECODING (git-fixes).
watchdog: armada_37xx_wdt: Fix .set_timeout callback (git-fixes).
watchdog: ftwdt010_wdt: fix test for platform_get_irq() failure (git-fixes).
wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() (git-fixes).
wifi: brcmfmac: fix invalid address access when enabling SCAN log level (git-fixes).
wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (git-fixes).
wifi: cfg80211/mac80211: reject bad MBSSID elements (git-fixes).
wifi: cfg80211: fix ieee80211_data_to_8023_exthdr handling of small packets (git-fixes).
wifi: cfg80211: update hidden BSSes to avoid WARN_ON (git-fixes).
wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (other cases) (git-fixes).
wifi: mac80211: do not drop packets smaller than the LLC-SNAP header on fast-rx (git-fixes).
wifi: mac80211: fix decap offload for stations on AP_VLAN interfaces (git-fixes).
wifi: mac80211: fix probe req HE capabilities access (git-fixes).
wifi: mac80211_hwsim: avoid mac80211 warning on bad rate (git-fixes).
wifi: mt76: mt7921: reset msta->airtime_ac while clearing up hw value (git-fixes).
wifi: rt2x00: correctly set BBP register 86 for MT7620 (git-fixes).
wifi: rt2x00: do not run Rt5592 IQ calibration on MT7620 (git-fixes).
wifi: rt2x00: set SoC wmac clock register (git-fixes).
wifi: rt2x00: set VGC gain for both chains of MT7620 (git-fixes).
wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620 (git-fixes).
wwan_hwsim: fix possible memory leak in wwan_hwsim_dev_new() (git-fixes).
x86/boot: Do not propagate uninitialized boot_params->cc_blob_address (bsc#1204970).
x86/boot: Fix the setup data types max limit (bsc#1204970).
x86/compressed/64: Add identity mappings for setup_data entries (bsc#1204970).
x86/sev: Annotate stack change in the #VC handler (bsc#1204970).
x86/sev: Do not use cc_platform_has() for early SEV-SNP calls (bsc#1204970).
x86/sev: Remove duplicated assignment to variable info (bsc#1204970).
xen/gntdev: Prevent leaking grants (git-fixes).
xhci-pci: Set runtime PM as default policy on all xHC 1.2 or later devices (git-fixes).
xhci: Add quirk to reset host back to default state at shutdown (git-fixes).
xhci: Do not show warning for reinit on known broken suspend (git-fixes).
xhci: Remove device endpoints from bandwidth list when freeing the device (git-fixes).
xhci: dbc: Fix memory leak in xhci_alloc_dbc() (git-fixes).

Advisory ID	SUSE-RU-2022:4076-1
Released	Fri Nov 18 15:00:38 2022
Summary	Recommended update for jsoup
Type	recommended
Severity	moderate
References

Description:

This update for jsoup fixes the following issues:

Fix typo in the ant *-build.xml file that caused errors while building eclipse.

Advisory ID	SUSE-SU-2022:4078-1
Released	Fri Nov 18 15:34:17 2022
Summary	Security update for java-11-openjdk
Type	security
Severity	moderate
References	1203476,1204468,1204471,1204472,1204473,1204475,1204480,1204523,CVE-2022-21618,CVE-2022-21619,CVE-2022-21624,CVE-2022-21626,CVE-2022-21628,CVE-2022-39399

Description:

This update for java-11-openjdk fixes the following issues:

Update to jdk-11.0.17+8 (October 2022 CPU)
CVE-2022-39399: Improve HTTP/2 client usage(bsc#1204480)
CVE-2022-21628: Better HttpServer service (bsc#1204472)
CVE-2022-21624: Enhance icon presentations (bsc#1204475)
CVE-2022-21619: Improve NTLM support (bsc#1204473)
CVE-2022-21626: Key X509 usages (bsc#1204471)
CVE-2022-21618: Wider MultiByte (bsc#1204468)

Advisory ID	SUSE-SU-2022:4079-1
Released	Fri Nov 18 15:36:28 2022
Summary	Security update for java-17-openjdk
Type	security
Severity	moderate
References	1203476,1204468,1204472,1204473,1204475,1204480,CVE-2022-21618,CVE-2022-21619,CVE-2022-21624,CVE-2022-21628,CVE-2022-39399

Description:

This update for java-17-openjdk fixes the following issues:

Update to jdk-17.0.5+8 (October 2022 CPU)
CVE-2022-39399: Improve HTTP/2 client usage(bsc#1204480)
CVE-2022-21628: Better HttpServer service (bsc#1204472)
CVE-2022-21624: Enhance icon presentations (bsc#1204475)
CVE-2022-21619: Improve NTLM support (bsc#1204473)
CVE-2022-21618: Wider MultiByte (bsc#1204468)

Advisory ID	SUSE-SU-2022:4081-1
Released	Fri Nov 18 15:40:46 2022
Summary	Security update for dpkg
Type	security
Severity	low
References	1199944,CVE-2022-1664

Description:

This update for dpkg fixes the following issues:

CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944).

Advisory ID	SUSE-SU-2022:4082-1
Released	Fri Nov 18 15:44:06 2022
Summary	Security update for openjpeg
Type	security
Severity	important
References	1140205,1149789,1179821,1180043,1180044,1180046,CVE-2018-20846,CVE-2018-21010,CVE-2020-27824,CVE-2020-27842,CVE-2020-27843,CVE-2020-27845

Description:

This update for openjpeg fixes the following issues:

CVE-2018-20846: Fixed an Out-of-bounds accesses in pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi. (bsc#1140205)
CVE-2018-21010: Fixed a heap buffer overflow in color_apply_icc_profile in bin/common/color.c (bsc#1149789)
CVE-2020-27824: Fixed an OOB read in opj_dwt_calc_explicit_stepsizes() (bsc#1179821)
CVE-2020-27842: Fixed null pointer dereference in opj_tgt_reset function in lib/openjp2/tgt.c (bsc#1180043)
CVE-2020-27843: Fixed an out-of-bounds read in opj_t2_encode_packet function in openjp2/t2.c (bsc#1180044)
CVE-2020-27845: Fixed a heap-based buffer over-read in functions opj_pi_next_rlcp, opj_pi_next_rpcl and opj_pi_next_lrcp in openjp2/pi.c (bsc#1180046)

Advisory ID	SUSE-SU-2022:4085-1
Released	Fri Nov 18 16:38:57 2022
Summary	Security update for MozillaThunderbird
Type	security
Severity	important
References	1204421,1205270,CVE-2022-42927,CVE-2022-42928,CVE-2022-42929,CVE-2022-42932,CVE-2022-45403,CVE-2022-45404,CVE-2022-45405,CVE-2022-45406,CVE-2022-45408,CVE-2022-45409,CVE-2022-45410,CVE-2022-45411,CVE-2022-45412,CVE-2022-45416,CVE-2022-45418,CVE-2022-45420,CVE-2022-45421

Description:

This update for MozillaThunderbird fixes the following issues:

Fixed various security issues (MFSA 2022-49, bsc#1205270): * CVE-2022-45403 (bmo#1762078) Service Workers might have learned size of cross-origin media files * CVE-2022-45404 (bmo#1790815) Fullscreen notification bypass * CVE-2022-45405 (bmo#1791314) Use-after-free in InputStream implementation * CVE-2022-45406 (bmo#1791975) Use-after-free of a JavaScript Realm * CVE-2022-45408 (bmo#1793829) Fullscreen notification bypass via windowName * CVE-2022-45409 (bmo#1796901) Use-after-free in Garbage Collection * CVE-2022-45410 (bmo#1658869) ServiceWorker-intercepted requests bypassed SameSite cookie policy * CVE-2022-45411 (bmo#1790311) Cross-Site Tracing was possible via non-standard override headers * CVE-2022-45412 (bmo#1791029) Symlinks may resolve to partially uninitialized buffers * CVE-2022-45416 (bmo#1793676) Keystroke Side-Channel Leakage * CVE-2022-45418 (bmo#1795815) Custom mouse cursor could have been drawn over browser UI * CVE-2022-45420 (bmo#1792643) Iframe contents could be rendered outside the iframe * CVE-2022-45421 (bmo#1767920, bmo#1789808, bmo#1794061) Memory safety bugs fixed in Thunderbird 102.5

Fixed various security issues: (MFSA 2022-46, bsc#1204421): * CVE-2022-42927 (bmo#1789128) Same-origin policy violation could have leaked cross-origin URLs * CVE-2022-42928 (bmo#1791520) Memory Corruption in JS Engine * CVE-2022-42929 (bmo#1789439) Denial of Service via window.print * CVE-2022-42932 (bmo#1789729, bmo#1791363, bmo#1792041) Memory safety bugs fixed in Thunderbird 102.4

Mozilla Thunderbird 102.5 * changed: `Ctrl+N` shortcut to create new contacts from address book restored (bmo#1751288) * fixed: Account Settings UI did not update to reflect default identity changes (bmo#1782646) * fixed: New POP mail notifications were incorrectly shown for messages marked by filters as read or junk (bmo#1787531) * fixed: Connecting to an IMAP server configured to use `PREAUTH` caused Thunderbird to hang (bmo#1798161) * fixed: Error responses received in greeting header from NNTP servers did not display error message (bmo#1792281) * fixed: News messages sent using 'Send Later' failed to send after going back online (bmo#1794997) * fixed: 'Download/Sync Now...' did not completely sync all newsgroups before going offline (bmo#1795547) * fixed: Username was missing from error dialog on failed login to news server (bmo#1796964) * fixed: Thunderbird can now fetch RSS channel feeds with incomplete channel URL (bmo#1794775) * fixed: Add-on 'Contribute' button in Add-ons Manager did not work (bmo#1795751) * fixed: Help text for `/part` Matrix command was incorrect (bmo#1795578) * fixed: Invite Attendees dialog did not fetch free/busy info for attendees with encoded characters in their name (bmo#1797927)

Mozilla Thunderbird 102.4.2 * changed: 'Address Book' button in Account Central will now create a CardDAV address book instead of a local address book (bmo#1793903) * fixed: Messages fetched from POP server in `Fetch headers only` mode disappeared when moved to different folder by filter action (bmo#1793374) * fixed: Thunderbird re-downloaded locally deleted messages from a POP server when 'Leave messages on server' and 'Until I delete them' were enabled (bmo#1796903) * fixed: Multiple password prompts for the same POP account could be displayed (bmo#1786920) * fixed: IMAP authentication failed on next startup if ImapMail folder was deleted by user (bmo#1793599) * fixed: Retrieving passwords for authenticated NNTP accounts could fail due to obsolete preferences in a users profile on every startup (bmo#1770594) * fixed: `Get Next n Messages` did not consistently fetch all messages requested from NNTP server (bmo#1794185) * fixed: `Get Messages` button unable to fetch messages from NNTP server if root folder not selected (bmo#1792362) * fixed: Thunderbird text branding did not always match locale of localized build (bmo#1786199) * fixed: Thunderbird installer and Thunderbird updater created Windows shortcuts with different names (bmo#1787264) * fixed: LDAP search filters unable to work with non-ASCII characters (bmo#1794306) * fixed: 'Today' highlighting in Calendar Month view did not update after date change at midnight (bmo#1795176)

Mozilla Thunderbird 102.4.1 * new: Thunderbird will now catch and report errors parsing vCards that contain incorrectly formatted dates (bmo#1793415) * fixed: Dynamic language switching did not update interface when switched to right-to-left languages (bmo#1794289) * fixed: Custom header data was discarded after messages were saved as draft and reopened (bmo#195716) * fixed: `-remote` command line argument did not work, affecting integration with various applications such as LibreOffice (bmo#1793323) * fixed: Messages received via some SMS-to-email services could not display images (bmo#1774805) * fixed: VCards with nickname field set could not be edited (bmo#1793877) * fixed: Some recurring events were missing from Agenda on first load (bmo#1771168) * fixed: Download requests for remote ICS calendars incorrectly set 'Accept' header to text/xml (bmo#1793757) * fixed: Monthly events created on the 31st of a month with <30 days placed first occurrence 1-2 days after the beginning of the following month (bmo#1266797) * fixed: Various visual and UX improvements (bmo#1781437,bmo#1785314,bmo#1794139,bmo#1794155,bmo#1794399)

* changed: Thunderbird will automatically detect and repair OpenPGP key storage corruption caused by using the profile import tool in Thunderbird 102 (bmo#1790610) * fixed: POP message download into a large folder (~13000 messages) caused Thunderbird to temporarily freeze (bmo#1792675) * fixed: Forwarding messages with special characters in Subject failed on Windows (bmo#1782173) * fixed: Links for FileLink attachments were not added when attachment filename contained Unicode characters (bmo#1789589) * fixed: Address Book display pane continued to show contacts after deletion (bmo#1777808) * fixed: Printing address book did not include all contact details (bmo#1782076) * fixed: CardDAV contacts without a Name property did not save to Google Contacts (bmo#1792101) * fixed: 'Publish Calendar' did not work (bmo#1794471) * fixed: Calendar database storage improvements (bmo#1792124) * fixed: Incorrectly handled error responses from CalDAV servers sometimes caused events to disappear from calendar (bmo#1792923) * fixed: Various visual and UX improvements (bmo#1776093,bmo#17 80040,bmo#1780425,bmo#1792876,bmo#1792872,bmo#1793466,bmo#179 3543)

Advisory ID	SUSE-SU-2022:4113-1
Released	Fri Nov 18 18:04:53 2022
Summary	Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP4)
Type	security
Severity	important
References	1200058,1202087,1202685,1203613,1204170,1204289,1204381,CVE-2021-33655,CVE-2022-1882,CVE-2022-2588,CVE-2022-2959,CVE-2022-42703,CVE-2022-42722

Description:

This update for the Linux Kernel 5.14.21-150400_22 fixes several issues.
The following security issues were fixed:

CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635).
CVE-2022-1882: Fixed a use-after-free flaw in free_pipe_info() that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1199904).
CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096).
CVE-2022-2959: Fixed a race condition that was found inside the watch queue due to a missing lock in pipe_resize_ring() (bnc#1202681).
CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bnc#1204168).
CVE-2022-42722: Fixed crash in beacon protection for P2P-device. (bsc#1204125)

Fixed incorrect handling of empty arguments array in execve() (bsc#1200571).

Advisory ID	SUSE-SU-2022:4130-1
Released	Fri Nov 18 21:05:52 2022
Summary	Security update for frr
Type	security
Severity	important
References	1202085,1204124,CVE-2022-37035,CVE-2022-42917

Description:

This update for frr fixes the following issues:

CVE-2022-37035: Fixed a possible use-after-free due to a race condition related to bgp_notify_send_with_data() and bgp_process_packet() (bsc#1202085).
CVE-2022-42917: Fixed a privilege escalation from frr to root in frr config creation (bsc#1204124).

Advisory ID	SUSE-RU-2022:4131-1
Released	Sat Nov 19 10:25:11 2022
Summary	Recommended update for rust, rust1.65
Type	recommended
Severity	moderate
References	1196328

Description:

This update for rust, rust1.65 fixes the following issues:
This update provides rust1.65 (jsc#SLE-18626)
Version 1.65.0 (2022-11-03)
==========================
Language --------

Error on `as` casts of enums with `#[non_exhaustive]` variants
Stabilize `let else`
Stabilize generic associated types (GATs)
Add lints `let_underscore_drop`, `let_underscore_lock`, and `let_underscore_must_use` from Clippy
Stabilize `break`ing from arbitrary labeled blocks ('label-break-value')
Uninitialized integers, floats, and raw pointers are now considered immediate UB sage of `MaybeUninit` is the correct way to work with uninitialized memory.
Stabilize raw-dylib for Windows x86_64, aarch64, and thumbv7a
Do not allow `Drop` impl on foreign ADTs

Compiler --------

Stabilize -Csplit-debuginfo on Linux
Use niche-filling optimization even when multiple variants have data
Associated type projections are now verified to be well-formed prior to resolving the underlying type
Stringify non-shorthand visibility correctly
Normalize struct field types when unsizing
Update to LLVM 15
Fix aarch64 call abi to correctly zeroext when needed
debuginfo: Generalize C++-like encoding for enums
Add `special_module_name` lint
Add support for generating unique profraw files by default when using `-C instrument-coverage`
Allow dynamic linking for iOS/tvOS targets

Libraries ---------

Don't generate `PartialEq::ne` in derive(PartialEq)
Windows RNG: Use `BCRYPT_RNG_ALG_HANDLE` by default
Forbid mixing `System` with direct system allocator calls
Document no support for writing to non-blocking stdio/stderr
`std::layout::Layout` size must not overflow `isize::MAX` when rounded up to `align` This also changes the safety conditions on `Layout::from_size_align_unchecked`.

Stabilized APIs ---------------

`std::backtrace::Backtrace`
`Bound::as_ref`
`std::io::read_to_string`
`<*const T>::cast_mut`
`<*mut T>::cast_const`

Thse APIs are now stable in const contexts:

`<*const T>::offset_from`

`<*mut T>::offset_from`

Cargo -----

Apply GitHub fast path even for partial hashes
Do not add home bin path to PATH if it's already there
Take priority into account within the pending queue This slightly optimizes job scheduling by Cargo, with typically small improvements on larger crate graph builds.

Compatibility Notes -------------------

`std::layout::Layout` size must not overflow `isize::MAX` when rounded up to `align` This also changes the safety conditions on `Layout::from_size_align_unchecked`.
`PollFn` now only implements `Unpin` if the closure is `Unpin` This is a possible breaking change if users were relying on the blanket unpin implementation. See discussion on the PR for details of why this change was made.
Drop ExactSizeIterator impl from std::char::EscapeAscii This is a backwards-incompatible change to the standard library's surface area, but is unlikely to affect real world usage.
Do not consider a single repeated lifetime eligible for elision in the return type This behavior was unintentionally changed in 1.64.0, and this release reverts that change by making this an error again.
Reenable disabled early syntax gates as future-incompatibility lints
Update the minimum external LLVM to 13
Don't duplicate file descriptors into stdio fds
Sunset RLS
Deny usage of `#![cfg_attr(..., crate_type = ...)]` to set the crate type This strengthens the forward compatibility lint deprecated_cfg_attr_crate_type_name to deny.
`llvm-has-rust-patches` allows setting the build system to treat the LLVM as having Rust-specific patches This option may need to be set for distributions that are building Rust with a patched LLVM via `llvm-config`, not the built-in LLVM.

Changes in rust:

Update to version 1.65.0 - for details see the rust1.65 package
Enable armv6 again - bsc#1196328

This update also ships 'cargo-auditable', a tool to embed crate information into ELF binaries.

Advisory ID	SUSE-RU-2022:4133-1
Released	Mon Nov 21 00:11:56 2022
Summary	Recommended update for python-webencodings
Type	recommended
Severity	low
References	1203743

Description:

This update for python-webencodings fixes the following issue:

Loose the filelist for the package info to avoid build failure (bsc#1203743)

Advisory ID	SUSE-RU-2022:4134-1
Released	Mon Nov 21 00:12:57 2022
Summary	Recommended update for python-crcmod
Type	recommended
Severity	low
References	1203453

Description:

This update for python-crcmod fixes the following issues:

Replace python-base with python-devel in BuildRequires (bsc#1203453)

Advisory ID	SUSE-RU-2022:4135-1
Released	Mon Nov 21 00:13:40 2022
Summary	Recommended update for libeconf
Type	recommended
Severity	moderate
References	1198165

Description:

This update for libeconf fixes the following issues:

Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165)

Update to version 0.4.5+git - econftool: New call 'syntax' for checking the configuration files only. Returns an error string with line number if error. New options '--comment' and '--delimeters'

Advisory ID	SUSE-RU-2022:4137-1
Released	Mon Nov 21 00:14:24 2022
Summary	Recommended update for yast2-http-server
Type	recommended
Severity	moderate
References	1200016

Description:

This update for yast2-http-server fixes the following issue:

Find out php version dynamically to avoid hardcoded version (bsc#1200016)

Advisory ID	SUSE-RU-2022:4138-1
Released	Mon Nov 21 02:21:02 2022
Summary	Recommended update for python-msgpack
Type	recommended
Severity	important
References	1203743

Description:

This update for python-msgpack fixes the following issues:

Fix build failures on SUSE Linux Enterprise 15 Service Pack 5 (bsc#1203743)

Advisory ID	SUSE-RU-2022:4139-1
Released	Mon Nov 21 02:22:07 2022
Summary	Recommended update for libpfm
Type	recommended
Severity	moderate
References	1196709,1197770

Description:

This update for libpfm fixes the following issues:

Remove python2 support. (bsc#1196709, bsc#1197770)

Advisory ID	SUSE-SU-2022:4141-1
Released	Mon Nov 21 09:28:07 2022
Summary	Security update for grub2
Type	security
Severity	important
References	1205178,1205182,CVE-2022-2601,CVE-2022-3775

Description:

This update for grub2 fixes the following issues:

CVE-2022-2601: Fixed buffer overflow in grub_font_construct_glyph (bsc#1205178).
CVE-2022-3775: Fixed integer underflow in blit_comb() (bsc#1205182).

Other:

Bump upstream SBAT generation to 3

Advisory ID	SUSE-SU-2022:4146-1
Released	Mon Nov 21 09:56:12 2022
Summary	Security update for binutils
Type	security
Severity	moderate
References	1142579,1185597,1185712,1188374,1191473,1193929,1194783,1197592,1198237,1202816,1202966,1202967,1202969,CVE-2019-1010204,CVE-2021-3530,CVE-2021-3648,CVE-2021-3826,CVE-2021-45078,CVE-2021-46195,CVE-2022-27943,CVE-2022-38126,CVE-2022-38127,CVE-2022-38533

Description:

This update for binutils fixes the following issues:
The following security bugs were fixed:

CVE-2019-1010204: Fixed out-of-bounds read in elfcpp/elfcpp_file.h (bsc#1142579).
CVE-2021-3530: Fixed stack-based buffer overflow in demangle_path() in rust-demangle.c (bsc#1185597).
CVE-2021-3648: Fixed infinite loop while demangling rust symbols (bsc#1188374).
CVE-2021-3826: Fixed heap/stack buffer overflow in the dlang_lname function in d-demangle.c (bsc#1202969).
CVE-2021-45078: Fixed out-of-bounds write in stab_xcoff_builtin_type() in stabs.c (bsc#1193929).
CVE-2021-46195: Fixed uncontrolled recursion in libiberty/rust-demangle.c (bsc#1194783).
CVE-2022-27943: Fixed stack exhaustion in demangle_const in (bsc#1197592).
CVE-2022-38126: Fixed assertion fail in the display_debug_names() function in binutils/dwarf.c (bsc#1202966).
CVE-2022-38127: Fixed NULL pointer dereference in the read_and_display_attr_value() function in binutils/dwarf.c (bsc#1202967).
CVE-2022-38533: Fixed heap out-of-bounds read in bfd_getl32 (bsc#1202816).

The following non-security bugs were fixed:

SLE toolchain update of binutils, update to 2.39 from 2.37.
Update to 2.39: * The ELF linker will now generate a warning message if the stack is made executable. Similarly it will warn if the output binary contains a segment with all three of the read, write and execute permission bits set. These warnings are intended to help developers identify programs which might be vulnerable to attack via these executable memory regions. The warnings are enabled by default but can be disabled via a command line option. It is also possible to build a linker with the warnings disabled, should that be necessary. * The ELF linker now supports a --package-metadata option that allows embedding a JSON payload in accordance to the Package Metadata specification. * In linker scripts it is now possible to use TYPE= in an output section description to set the section type value. * The objdump program now supports coloured/colored syntax highlighting of its disassembler output for some architectures. (Currently: AVR, RiscV, s390, x86, x86_64). * The nm program now supports a --no-weak/-W option to make it ignore weak symbols. * The readelf and objdump programs now support a -wE option to prevent them from attempting to access debuginfod servers when following links. * The objcopy program's --weaken, --weaken-symbol, and --weaken-symbols options now works with unique symbols as well.

Update to 2.38: * elfedit: Add --output-abiversion option to update ABIVERSION. * Add support for the LoongArch instruction set. * Tools which display symbols or strings (readelf, strings, nm, objdump) have a new command line option which controls how unicode characters are handled. By default they are treated as normal for the tool. Using --unicode=locale will display them according to the current locale. Using --unicode=hex will display them as hex byte values, whilst --unicode=escape will display them as escape sequences. In addition using --unicode=highlight will display them as unicode escape sequences highlighted in red (if supported by the output device). * readelf -r dumps RELR relative relocations now. * Support for efi-app-aarch64, efi-rtdrv-aarch64 and efi-bsdrv-aarch64 has been added to objcopy in order to enable UEFI development using binutils. * ar: Add --thin for creating thin archives. -T is a deprecated alias without diagnostics. In many ar implementations -T has a different meaning, as specified by X/Open System Interface. * Add support for AArch64 system registers that were missing in previous releases. * Add support for the LoongArch instruction set. * Add a command-line option, -muse-unaligned-vector-move, for x86 target to encode aligned vector move as unaligned vector move. * Add support for Cortex-R52+ for Arm. * Add support for Cortex-A510, Cortex-A710, Cortex-X2 for AArch64. * Add support for Cortex-A710 for Arm. * Add support for Scalable Matrix Extension (SME) for AArch64. * The --multibyte-handling=[allow|warn|warn-sym-only] option tells the assembler what to when it encoutners multibyte characters in the input. The default is to allow them. Setting the option to 'warn' will generate a warning message whenever any multibyte character is encountered. Using the option to 'warn-sym-only' will make the assembler generate a warning whenever a symbol is defined containing multibyte characters. (References to undefined symbols will not generate warnings). * Outputs of .ds.x directive and .tfloat directive with hex input from x86 assembler have been reduced from 12 bytes to 10 bytes to match the output of .tfloat directive. * Add support for 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and 'armv9.3-a' for -march in AArch64 GAS. * Add support for 'armv8.7-a', 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and 'armv9.3-a' for -march in Arm GAS. * Add support for Intel AVX512_FP16 instructions. * Add -z pack-relative-relocs/-z no pack-relative-relocs to x86 ELF linker to pack relative relocations in the DT_RELR section. * Add support for the LoongArch architecture. * Add -z indirect-extern-access/-z noindirect-extern-access to x86 ELF linker to control canonical function pointers and copy relocation. * Add --max-cache-size=SIZE to set the the maximum cache size to SIZE bytes.
Explicitly enable --enable-warn-execstack=yes and --enable-warn-rwx-segments=yes.
Add gprofng subpackage.
Include recognition of 'z16' name for 'arch14' on s390. (bsc#1198237).
Add back fix for bsc#1191473, which got lost in the update to 2.38.
Install symlinks for all target specific tools on arm-eabi-none (bsc#1185712).
Enable PRU architecture for AM335x CPU (Beagle Bone Black board)

Advisory ID	SUSE-SU-2022:4147-1
Released	Mon Nov 21 10:24:07 2022
Summary	Security update for kubevirt stack
Type	security
Severity	important
References

Description:

This update provides rebuilds of the kubevirt containers with up to date base images, fixing various security issues.

Advisory ID	SUSE-RU-2022:4152-1
Released	Mon Nov 21 14:16:26 2022
Summary	Recommended update for novnc
Type	recommended
Severity	low
References	1201933

Description:

This update for novnc fixes the following issues:

For greater compatibility specify string binary as protocol (bsc#1201933)

Advisory ID	SUSE-SU-2022:4153-1
Released	Mon Nov 21 14:34:09 2022
Summary	Security update for krb5
Type	security
Severity	important
References	1205126,CVE-2022-42898

Description:

This update for krb5 fixes the following issues:

CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126).

Advisory ID	SUSE-RU-2022:4160-1
Released	Tue Nov 22 10:10:37 2022
Summary	Recommended update for nfsidmap
Type	recommended
Severity	moderate
References	1200901

Description:

This update for nfsidmap fixes the following issues:

Various bugfixes and improvemes from upstream In particular, fixed a crash that can happen when a 'static' mapping is configured. (bsc#1200901)

Advisory ID	SUSE-RU-2022:4162-1
Released	Tue Nov 22 10:56:10 2022
Summary	Recommended update for dracut
Type	recommended
Severity	moderate
References	1202014,1203267,1203368,1203749,1203894

Description:

This update for dracut fixes the following issues:

A series of fixes for NVMeoF boot to resolve wrong information that is added by dracut (bsc#1203368)
network-manager: always install the library plugins directory (bsc#1202014)
dmsquash-live: correct regression introduced with shellcheck changes (bsc#1203894)
systemd: add missing modprobe@.service (bsc#1203749)
i18n: do not fail if FONT in /etc/vconsole.conf has the file extension (bsc#1203267)

Advisory ID	SUSE-RU-2022:4164-1
Released	Tue Nov 22 10:58:37 2022
Summary	Recommended update for PackageKit
Type	recommended
Severity	moderate
References	1199895,1202585

Description:

This update for PackageKit fixes the following issues:

Ensure that package locks are honored (bsc#1199895): * Avoid clearing status information on locked packages * Check if packages are locked before attempting to remove them * Don't refresh repos before searching * Updatelibzypp dependency version to 17.31.0 * Restore pool status after simulating an update

Add repository data in the package id (bsc#1202585)
Implement upgrade-system method in openSUSE Leap (not supported in SUSE Linux Enterprise)

Advisory ID	SUSE-SU-2022:4166-1
Released	Tue Nov 22 11:08:48 2022
Summary	Security update for java-1_8_0-ibm
Type	security
Severity	important
References	1201684,1201685,1201692,1201694,1202427,1204468,1204471,1204472,1204473,1204475,1204480,1205302,CVE-2022-21540,CVE-2022-21541,CVE-2022-21549,CVE-2022-21618,CVE-2022-21619,CVE-2022-21624,CVE-2022-21626,CVE-2022-21628,CVE-2022-34169,CVE-2022-39399

Description:

This update for java-1_8_0-ibm fixes the following issues:

CVE-2022-21626: An unauthenticated attacker with network access via HTTPS can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204471).
CVE-2022-21618: An unauthenticated attacker with network access via Kerberos can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204468).
CVE-2022-21619: An unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE (bsc#1204473).
CVE-2022-21628: An unauthenticated attacker with network access via HTTP can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204472).
CVE-2022-21624: An unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise (bsc#1204475).
CVE-2022-39399: An unauthenticated attacker with network access via HTTP can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204480).
CVE-2022-21549: Fixed exponentials issue (bsc#1201685).
CVE-2022-21541: Fixed an improper restriction of MethodHandle.invokeBasic() (bsc#1201692).
CVE-2022-34169; Fixed an integer truncation issue in Xalan (bsc#1201684).
CVE-2022-21540: Fixed a class compilation issue (bsc#1201694).

Update to Java 8.0 Service Refresh 7 Fix Pack 20. * Security: - The IBM ORB Does Not Support Object-Serialisation Data Filtering - Large Allocation In CipherSuite - Avoid Evaluating Sslalgorithmconstraints Twice - Cache The Results Of Constraint Checks - An incorrect ShortBufferException is thrown by IBMJCEPlus, IBMJCEPlusFIPS during cipher update operation - Disable SHA-1 Signed Jars For Ea - JSSE Performance Improvement - Oracle Road Map Kerberos Deprecation Of 3DES And RC4 Encryption * Java 8/Orb: - Upgrade ibmcfw.jar To Version o2228.02 * Class Libraries: - Crash In Libjsor.So During An Rdma Failover - High CPU Consumption Observed In ZosEventPort$EventHandlerTask.run - Update Timezone Information To The Latest tzdata2022c * Jit Compiler: - Crash During JIT Compilation - Incorrect JIT Optimization Of Java Code - Incorrect Return From Class.isArray() - Unexpected ClassCastException - Performance Regression When Calling VM Helper Code On X86 * X/Os Extentions: - Add RSA-OAEP Cipher Function To IBMJCECCA

Update to Java 8.0 Service Refresh 7 Fix Pack 16 * Java Virtual Machine - Assertion failure at ClassLoaderRememberedSet.cpp

- Assertion failure at StandardAccessBarrier.cpp when -Xgc:concurrentScavenge is set. - GC can have unflushed ownable synchronizer objects which can eventually lead to heap corruption and failure when -Xgc:concurrentScavenge is set. * JIT Compiler: - Incorrect JIT optimization of Java code - JAVA JIT Power: JIT compile time assert on AIX or LINUXPPC * Reliability and Serviceability: - javacore with 'kill -3' SIGQUIT signal freezes Java process

Advisory ID	SUSE-SU-2022:4168-1
Released	Tue Nov 22 14:14:11 2022
Summary	Security update for redis
Type	security
Severity	low
References	1204633,CVE-2022-3647

Description:

This update for redis fixes the following issues:
- CVE-2022-3647: Fixed crash in sigsegvHandler debug function (bsc#1204633).

Advisory ID	SUSE-RU-2022:4171-1
Released	Tue Nov 22 15:24:35 2022
Summary	Recommended update for release-notes-sle_hpc
Type	recommended
Severity	moderate
References	933411

Description:

This update for release-notes-sle_hpc fixes the following issues:
Version update of release notes from 15.4.20220831 to 15.4.20220930 (bsc#933411):

Added note about SUSEConnect tracking (jsc#SLE-23312)

Advisory ID	SUSE-RU-2022:4176-1
Released	Tue Nov 22 15:25:17 2022
Summary	Recommended update for release-notes-sled
Type	recommended
Severity	moderate
References	933411

Description:

This update for release-notes-sled fixes the following issues:
Update release notes from version 15.4.20220511 to version 15.4.20220930 (bsc#933411):

Added note about SUSEConnect tracking (jsc#SLE-23312)

Advisory ID	SUSE-RU-2022:4182-1
Released	Tue Nov 22 15:27:32 2022
Summary	Recommended update for release-notes-sles
Type	recommended
Severity	moderate
References	1201266,1201370,1201709,1202115,1203256,1203259,1203461,1203527,1203528,1203781,933411

Description:

This update for release-notes-sles fixes the following issues:
Update release notes from version 15.4.20220714 to version 15.4.20220930 (bsc#933411):

Added note about SUSEConnect tracking (jsc#SLE-23312)
Added note about global crypto policies (bsc#1203781)
Added note about PHP7 (bsc#1203461)
Added note about removal of bind-chrootenv (bsc#1201266)
Added note about SUSEConnect tracking (jsc#SLE-24988)
Added AWS Graviton3 (jsc#SLE-24526)
Updated wording of ULP note (bsc#1203528)
Fixed broken link (bsc#1203527)
Fixed incorrect information about ODBC driver location (bsc#1203256)
Fixed spelling of SUSEConnect and suseconnect-ng (bsc#1203259)
Updated Java lifecycle (jsc#PED-1590)
Added note about zypper async downloads (jsc#SLE-20484)
Added note about Eclipse removal (jsc#SLE-23694)
Added note about nodejs16 addition (jsc#SLE-21779)
Added note about nodejs-common update (jsc#SLE-21233)
Added note about cloud-init 21.3 (jsc#SLE-22902)
Added note about GUI apps under WSL (jsc#SLE-21511)
Added note about AMX (jsc#SLE-21491)
Added note about Tomoyo (bsc#1202115)
Updated PHP 8 note to refer to version 8.0.10 (bsc#1201709)
Updated wording around list of updated packages/modules (bsc#1201370)

Advisory ID	SUSE-RU-2022:4188-1
Released	Wed Nov 23 05:17:15 2022
Summary	Recommended update for release-notes-sles-for-sap
Type	recommended
Severity	moderate
References	1201401,933411

Description:

This update for release-notes-sles-for-sap fixes the following issues:
Update release notes from version 15.4.20220714 to version 15.4.20220930 (bsc#933411):

Added note about SUSEConnect tracking (jsc#SLE-23312)
Added note about deprecating sapwmp (bsc#1201401)

Advisory ID	SUSE-SU-2022:4191-1
Released	Wed Nov 23 10:36:30 2022
Summary	Security update for containerized-data-importer
Type	security
Severity	important
References

Description:

This update rebuilds the current containeried data importer images against current base images, to fix security issues.

Advisory ID	SUSE-SU-2022:4194-1
Released	Wed Nov 23 12:12:07 2022
Summary	Security update for ffmpeg-4
Type	security
Severity	important
References	1205388,CVE-2022-3964

Description:

This update for ffmpeg-4 fixes the following issues:

CVE-2022-3964: Fixed out of bounds read in update_block_in_prev_frame() (bsc#1205388).

Advisory ID	SUSE-SU-2022:4197-1
Released	Wed Nov 23 12:57:08 2022
Summary	Security update for strongswan
Type	security
Severity	moderate
References	1203556,CVE-2022-40617

Description:

This update for strongswan fixes the following issues:
Security issues fixed:

CVE-2022-40617: Fixed that using untrusted URIs for revocation checking could lead to denial of service (bsc#1203556)

Feature changes:

Enable Marvell plugin (jsc#SLE-20151)

Advisory ID	SUSE-RU-2022:4198-1
Released	Wed Nov 23 13:15:04 2022
Summary	Recommended update for rpm
Type	recommended
Severity	moderate
References	1202750

Description:

This update for rpm fixes the following issues:

Strip critical bit in signature subpackage parsing
No longer deadlock DNF after pubkey import (bsc#1202750)

Advisory ID	SUSE-RU-2022:4200-1
Released	Wed Nov 23 14:04:50 2022
Summary	Recommended update for perl-DBD-SQLite
Type	recommended
Severity	low
References	1203742

Description:

This update for perl-DBD-SQLite fixes the following issues:

Fixed a failing test when comparing lowercase data (bsc#1203742)

Advisory ID	SUSE-SU-2022:4204-1
Released	Wed Nov 23 16:57:51 2022
Summary	Security update for keylime
Type	security
Severity	moderate
References	1204782,CVE-2022-3500

Description:

This update for keylime fixes the following issues:
- CVE-2022-3500: Fixed vulnerability where a node seems as attested when in reality it is not properly attested (bsc#1204782).

Advisory ID	SUSE-SU-2022:4205-1
Released	Wed Nov 23 17:34:41 2022
Summary	Security update for net-snmp
Type	security
Severity	moderate
References	1201103,CVE-2022-24805,CVE-2022-24806,CVE-2022-24807,CVE-2022-24808,CVE-2022-24809,CVE-2022-24810

Description:

This update for net-snmp fixes the following issues:
Updated to version 5.9.3 (bsc#1201103, jsc#SLE-11203):
- CVE-2022-24805: Fixed a buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB that can cause an out-of-bounds memory access. - CVE-2022-24809: Fixed a malformed OID in a GET-NEXT to the nsVacmAccessTable that can cause a NULL pointer dereference. - CVE-2022-24806: Fixed an improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously. - CVE-2022-24807: Fixed a malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access. - CVE-2022-24808: Fixed a malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference. - CVE-2022-24810: Fixed a malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference.

Advisory ID	SUSE-SU-2022:4206-1
Released	Wed Nov 23 17:35:17 2022
Summary	Security update for pixman
Type	security
Severity	important
References	1205033,CVE-2022-44638

Description:

This update for pixman fixes the following issues:

CVE-2022-44638: Fixed an integer overflow in pixman_sample_floor_y leading to heap out-of-bounds write (bsc#1205033).

Advisory ID	SUSE-SU-2022:4207-1
Released	Wed Nov 23 17:35:48 2022
Summary	Security update for webkit2gtk3
Type	security
Severity	important
References	1205120,1205121,1205122,1205123,1205124,CVE-2022-32888,CVE-2022-32923,CVE-2022-42799,CVE-2022-42823,CVE-2022-42824

Description:

Security fixes:

CVE-2022-32888: Fixed possible arbitrary code execution via maliciously crafted web content (bsc#1205121).
CVE-2022-32923: Fixed possible information leak via maliciously crafted web content (bsc#1205122).
CVE-2022-42799: Fixed user interface spoofing when visiting a malicious website (bsc#1205123).
CVE-2022-42823: Fixed possible arbitrary code execution via maliciously crafted web content (bsc#1205120).
CVE-2022-42824: Fixed possible sensitive user information leak via maliciously crafted web content (bsc#1205124).

Update to version 2.38.2:
- Fix scrolling issues in some sites having fixed background. - Fix prolonged buffering during progressive live playback. - Fix the build with accessibility disabled. - Fix several crashes and rendering issues. Update to version 2.38.1:
- Make xdg-dbus-proxy work if host session bus address is an abstract socket. - Use a single xdg-dbus-proxy process when sandbox is enabled. - Fix high resolution video playback due to unimplemented changeType operation. - Ensure GSubprocess uses posix_spawn() again and inherit file descriptors. - Fix player stucking in buffering (paused) state for progressive streaming. - Do not try to preconnect on link click when link preconnect setting is disabled. - Fix close status code returned when the client closes a WebSocket in some cases. - Fix media player duration calculation. - Fix several crashes and rendering issues.
Update to version 2.38.0:
- New media controls UI style. - Add new API to set WebView's Content-Security-Policy for web extensions support. - Make it possible to use the remote inspector from other browsers using WEBKIT_INSPECTOR_HTTP_SERVER env var. - MediaSession is enabled by default, allowing remote media control using MPRIS. - Add support for PDF documents using PDF.js.

Advisory ID	SUSE-SU-2022:4208-1
Released	Wed Nov 23 17:36:22 2022
Summary	Security update for exiv2-0_26
Type	security
Severity	important
References	1050257,1095070,1110282,1119559,1119560,1119562,1142677,1142678,1153577,1186231,1189337,CVE-2017-11591,CVE-2018-11531,CVE-2018-17581,CVE-2018-20097,CVE-2018-20098,CVE-2018-20099,CVE-2019-13109,CVE-2019-13110,CVE-2019-17402,CVE-2021-29473,CVE-2021-32815

Description:

This update for exiv2-0_26 fixes the following issues:

CVE-2019-17402: Fixed improper validation of the total size to the offset and size leads to a crash in Exiv2::getULong in types.cpp (bsc#1153577).
CVE-2018-20098: Fixed a heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header (bsc#1119560).
CVE-2018-17581: Fixed an excessive stack consumption CiffDirectory:readDirectory() at crwimage_int.cpp (bsc#1110282).
CVE-2018-20099: exiv2: infinite loop in Exiv2::Jp2Image::encodeJp2Header (bsc#1119559).
CVE-2018-20097: Fixed SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroupsu (bsc#1119562).
CVE-2017-11591: Fixed a floating point exception in Exiv2::ValueType (bsc#1050257).
CVE-2018-11531: Fixed a heap-based buffer overflow in getData in preview.cpp (bsc#1095070).
CVE-2021-32815: Fixed a deny-of-service due to assertion failure in crwimage_int.cpp (bsc#1189337).
CVE-2021-29473: Fixed out-of-bounds read in Exiv2::Jp2Image:doWriteMetadata (bsc#1186231).
CVE-2019-13109: Fixed a denial of service in PngImage:readMetadata (bsc#1142677).
CVE-2019-13110: Fixed an integer-overflow and out-of-bounds read in CiffDirectory:readDirectory leads to denail of service (bsc#1142678).

Advisory ID	SUSE-SU-2022:4209-1
Released	Wed Nov 23 17:36:43 2022
Summary	Security update for libarchive
Type	security
Severity	low
References	1205629,CVE-2022-36227

Description:

This update for libarchive fixes the following issues:

CVE-2022-36227: Fixed potential NULL pointer dereference in __archive_write_allocate_filter() (bsc#1205629).

Advisory ID	SUSE-RU-2022:4213-1
Released	Thu Nov 24 15:54:17 2022
Summary	Recommended update for libnvidia-container, nvidia-container-toolkit
Type	recommended
Severity	moderate
References

Description:

This update for libnvidia-container, nvidia-container-toolkit fixes the following issues:
Both nvidia-container-toolkit and libnvidia-container were updated to version 1.11.0 (jsc#SLE-18750):

1.11.0:

Added support for injection of GPUDirect Storage and MOFED devices into containerized environments.

1.10.0:

Improving support for Tegra-based systems

1.9.0:

Added multi-arch support for the container-toolkit images.
Enhancements for use on Tegra-systems and some notable bugfixes.

1.8.1:

This release is a bugfix release that fixes issues around cgroups found in NVIDIA Container Toolkit 1.8.0.

1.8.0:

It adds cgroupv2 support to the NVIDIA Container Toolkit and removes packaging support for Amazonlinux1.

Advisory ID	SUSE-SU-2022:4214-1
Released	Thu Nov 24 16:17:31 2022
Summary	Security update for libdb-4_8
Type	security
Severity	low
References	1174414,CVE-2019-2708

Description:

This update for libdb-4_8 fixes the following issues:

CVE-2019-2708: Fixed partial DoS due to data store execution (bsc#1174414).

Advisory ID	SUSE-SU-2022:4215-1
Released	Thu Nov 24 16:48:05 2022
Summary	Security update for erlang
Type	security
Severity	important
References	1205318,CVE-2022-37026

Description:

This update for erlang fixes the following issues:

CVE-2022-37026: fixed a client authorization bypass vulnerability for SSL, TLS, and DTLS in Erlang/OTP. [bsc#1205318]

Advisory ID	SUSE-RU-2022:4217-1
Released	Fri Nov 25 07:23:35 2022
Summary	Recommended update for wget
Type	recommended
Severity	moderate
References	1204720

Description:

This update for wget fixes the following issues:

Truncate long file names to prevent wget failures (bsc#1204720)

Advisory ID	SUSE-SU-2022:4224-1
Released	Fri Nov 25 16:34:06 2022
Summary	Security update for freerdp
Type	security
Severity	moderate
References	1205563,1205564,CVE-2022-39318,CVE-2022-39319

Description:

This update for freerdp fixes the following issues:

CVE-2022-39318: Fixed division by zero in urbdrc (bsc#1205563).
CVE-2022-39319: Fixed missing input buffer length check in urbdrc (bsc#1205564).

Advisory ID	SUSE-RU-2022:4225-1
Released	Fri Nov 25 18:16:40 2022
Summary	Recommended update for valgrind
Type	recommended
Severity	low
References	1204685

Description:

This update for valgrind fixes the following issues:

Fix memory check between RDMA and atomics (bsc#1204685)

Advisory ID	SUSE-RU-2022:4226-1
Released	Fri Nov 25 18:16:59 2022
Summary	Recommended update for suseconnect-ng
Type	recommended
Severity	moderate
References	1196076,1198625,1200803,1200994,1203341,1204821

Description:

This update for suseconnect-ng fixes the following issues:

Fix System-Token support in ruby binding (bsc#1203341)
Use system-wide proxy settings (bsc#1200994)
Add timer for SUSEConnect --keepalive (bsc#1196076)
Added support for the System-Token header
Add Keepalive command line option
Print nested zypper errors (bsc#1200803)
Fix migration json error with SMT (bsc#1198625)
Packaging adjustments (bsc#1204821)
Add option to run local scc tests

Advisory ID	SUSE-RU-2022:4227-1
Released	Fri Nov 25 18:17:31 2022
Summary	Recommended update for release-notes-sle-micro
Type	recommended
Severity	low
References	1204440

Description:

This update for samba fixes the following issue:

Make samba-tool available in the basesystem (bsc#1204440)

Advisory ID	SUSE-OU-2022:4229-1
Released	Fri Nov 25 18:18:05 2022
Summary	Optional update for cmocka
Type	optional
Severity	low
References	1204451

Description:

This update for cmocka fixes the following issues:

Ship the package also to Server Applications Module (bsc#1204451)

Advisory ID	SUSE-RU-2022:4232-1
Released	Fri Nov 25 18:19:06 2022
Summary	Recommended update for llvm11
Type	recommended
Severity	low
References	1189602

Description:

This update for llvm11 fixes the following issues:

The LLVM test suite expects specific compressed binary payload but with IBM z HW compression that payload can vary and not match the software implementation, fixes testsuite errors (bsc#1189602)

Advisory ID	SUSE-RU-2022:4233-1
Released	Fri Nov 25 18:19:33 2022
Summary	Recommended update for publicsuffix
Type	recommended
Severity	low
References

Description:

This update for publicsuffix fixes the following issues:

Update to version 20220903

Advisory ID	SUSE-RU-2022:4234-1
Released	Fri Nov 25 18:19:54 2022
Summary	Recommended update for osc
Type	recommended
Severity	moderate
References

Description:

This update for osc fixes the following issues:

0.182.0 - fix build on SLE12 / python 2.7 - SSH auth: Fix getallmatchingheaders() output to correspond with headers.get_all() - send HTTP header Accept: application/xml - git_version: return version from the source code if there's no matching tag
spec file: - Revert to python2 on SLE12 - Recommend openssh for ssh key auth

fix building on distros that are not openSUSE or SLE

build against python3.6 for SLE12 and older

0.181.0 - fix crash when 'pass' is not set in the config file - add missing attributes to Package when scm_url is set - fix failure to create config in current dir - update list of considered file names for ssh key autodetection - allow users to prefer ssh key over password auth - ssh: recognize gpg keys (yubikey usage) - fix operating on _project meta - revert 'interpretation of string literals in messages' that broke unicode handling - fix product build rpm caching - enable md5 revisions in osc log - parseRevisionOption(): raise an exception on invalid revisions

0.180.0 - warn when trying to commit a prj/pac managed in scm - fix crash on 'osc up' for git based package/projects - don't traceback on invalid credentials manager - improve README, rename it to README.md - declare OscHTTPSignatureAuthHandler as a new-style class - remove illegal character in comment

Advisory ID	SUSE-RU-2022:4235-1
Released	Fri Nov 25 18:20:13 2022
Summary	Recommended update for yast2-users
Type	recommended
Severity	moderate
References	1202974

Description:

This update for yast2-users fixes the following issues:

AutoYaST: Fix creation of home for system users (bsc#1202974)

Advisory ID	SUSE-RU-2022:4236-1
Released	Fri Nov 25 18:20:32 2022
Summary	Recommended update for linux-glibc-devel
Type	recommended
Severity	moderate
References

Description:

This update for linux-glibc-devel fixes the following issues:

Add the rest of 1.0 IAA operation definitions to the user header (jsc#PED-813).

Advisory ID	SUSE-RU-2022:4238-1
Released	Fri Nov 25 18:21:06 2022
Summary	Recommended update for rekor
Type	recommended
Severity	moderate
References

Description:

This update for rekor fixes the following issues:

updated to rekor 0.12.0 (jsc#SLE-23476)
enable server build

Advisory ID	SUSE-RU-2022:4239-1
Released	Fri Nov 25 18:21:20 2022
Summary	Recommended update for plymouth
Type	recommended
Severity	low
References	1203147

Description:

This update for plymouth fixes the following issues:

Remove typo on patch to clear dracut 'command not found' error (bsc#1203147).

Advisory ID	SUSE-RU-2022:4256-1
Released	Mon Nov 28 12:36:32 2022
Summary	Recommended update for gcc12
Type	recommended
Severity	moderate
References

Description:

This update for gcc12 fixes the following issues:
This update ship the GCC 12 compiler suite and its base libraries.
The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones.
The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module.
The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories.
To use gcc12 compilers use:

install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages.
override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages.

For a full changelog with all new GCC12 features, check out
https://gcc.gnu.org/gcc-12/changes.html

Advisory ID	SUSE-SU-2022:4259-1
Released	Mon Nov 28 15:42:54 2022
Summary	Security update for tiff
Type	security
Severity	important
References	1204641,1204643,1204644,1204645,1205392,CVE-2022-3597,CVE-2022-3599,CVE-2022-3626,CVE-2022-3627,CVE-2022-3970

Description:

This update for tiff fixes the following issues:

CVE-2022-3597: Fixed out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c (bnc#1204641).
CVE-2022-3599: Fixed out-of-bounds read in writeSingleSection in tools/tiffcrop.c (bnc#1204643).
CVE-2022-3626: Fixed out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c (bnc#1204644)
CVE-2022-3627: Fixed out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c (bnc#1204645).
CVE-2022-3970: Fixed unsigned integer overflow in TIFFReadRGBATileExt() (bnc#1205392).

Advisory ID	SUSE-feature-2022:4261-1
Released	Tue Nov 29 03:58:45 2022
Summary	Feature update for libvpd
Type	feature
Severity	moderate
References

Description:

This feature update for libvpd fixes the following issues:
libvpd:

New package at version 2.2.9 needed by lsvpd (jsc#SLE-25107, jsc#SLE-24497)

Advisory ID	SUSE-RU-2022:4262-1
Released	Tue Nov 29 05:45:23 2022
Summary	Recommended update for lvm2
Type	recommended
Severity	important
References	1199074,1203216,1203482

Description:

This update for lvm2 fixes the following issues:

Fix terminated lvmlockd not clearing/adopting locks, leading to inability to start volume group (bsc#1203216)
Fix device-mapper rpm package versioning to prevent migration issues (bsc#1199074)
Fix lvmlockd to support sanlock (bsc#1203482)

Advisory ID	SUSE-RU-2022:4263-1
Released	Tue Nov 29 07:31:54 2022
Summary	Recommended update for python-pyperclip
Type	recommended
Severity	important
References	1203743

Description:

This update for python-pyperclip fixes the following issues:

Fix build failures on SUSE Linux Enterprise 15 Service Pack 5 (bsc#1203743)

Advisory ID	SUSE-SU-2022:4278-1
Released	Tue Nov 29 15:43:49 2022
Summary	Security update for supportutils
Type	security
Severity	moderate
References	1184689,1188086,1192252,1192648,1197428,1200330,1202269,1202337,1202417,1203818

Description:

This update for supportutils fixes the following issues:
Security issues fixed:

Passwords correctly removed from email.txt, updates.txt and fs-iscsi.txt (bsc#1203818)

Bug fixes:

Added lifecycle information
Fixed KVM virtualization detection on bare metal (bsc#1184689)
Added logging using journalctl (bsc#1200330)
Get current sar data before collecting files (bsc#1192648)
Collects everything in /etc/multipath/ (bsc#1192252)
Collects power management information in hardware.txt (bsc#1197428)
Checks for suseconnect-ng or SUSEConnect packages (bsc#1202337)
Fixed conf_files and conf_text_files so y2log is gathered (bsc#1202269)
Update to nvme_info and block_info (bsc#1202417)
Added includedir directories from /etc/sudoers (bsc#1188086)

Advisory ID	SUSE-SU-2022:4281-1
Released	Tue Nov 29 15:46:10 2022
Summary	Security update for python3
Type	security
Severity	important
References	1188607,1203125,1204577,CVE-2019-18348,CVE-2020-10735,CVE-2020-8492,CVE-2022-37454

Description:

This update for python3 fixes the following issues:

CVE-2022-37454: Fixed a buffer overflow in hashlib.sha3_* implementations. (bsc#1204577)
CVE-2020-10735: Fixed a bug to limit amount of digits converting text to int and vice vera. (bsc#1203125)

The following non-security bug was fixed:

Fixed a crash in the garbage collection (bsc#1188607).

Advisory ID	SUSE-SU-2022:4282-1
Released	Tue Nov 29 15:50:15 2022
Summary	Security update for vim
Type	security
Severity	important
References	1192478,1202962,1203110,1203152,1203155,1203194,1203272,1203508,1203509,1203796,1203797,1203799,1203820,1203924,1204779,CVE-2021-3928,CVE-2022-2980,CVE-2022-2982,CVE-2022-3037,CVE-2022-3099,CVE-2022-3134,CVE-2022-3153,CVE-2022-3234,CVE-2022-3235,CVE-2022-3278,CVE-2022-3296,CVE-2022-3297,CVE-2022-3324,CVE-2022-3352,CVE-2022-3705

Description:

This update for vim fixes the following issues:
Updated to version 9.0 with patch level 0814:

CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478).
CVE-2022-3234: Fixed heap-based buffer overflow (bsc#1203508).
CVE-2022-3235: Fixed use-after-free (bsc#1203509).
CVE-2022-3324: Fixed stack-based buffer overflow (bsc#1203820).
CVE-2022-3705: Fixed use-after-free in function qf_update_buffer of the file quickfix.c (bsc#1204779).
CVE-2022-2982: Fixed use-after-free in qf_fill_buffer() (bsc#1203152).
CVE-2022-3296: Fixed stack out of bounds read in ex_finally() in ex_eval.c (bsc#1203796).
CVE-2022-3297: Fixed use-after-free in process_next_cpt_value() at insexpand.c (bsc#1203797).
CVE-2022-3099: Fixed use-after-free in ex_docmd.c (bsc#1203110).
CVE-2022-3134: Fixed use-after-free in do_tag() (bsc#1203194).
CVE-2022-3153: Fixed NULL pointer dereference (bsc#1203272).
CVE-2022-3278: Fixed NULL pointer dereference in eval_next_non_blank() in eval.c (bsc#1203799).
CVE-2022-3352: Fixed use-after-free (bsc#1203924).
CVE-2022-2980: Fixed NULL pointer dereference in do_mouse() (bsc#1203155).
CVE-2022-3037: Fixed use-after-free (bsc#1202962).

Advisory ID	SUSE-RU-2022:4299-1
Released	Wed Nov 30 14:13:00 2022
Summary	Recommended update for dconf
Type	recommended
Severity	moderate
References	1203344,971074

Description:

This update for dconf fixes the following issues:

Re-enable fix for `dconf update` to restore correct permissions on db files (bsc#971074, bsc#1203344)

Advisory ID	SUSE-SU-2022:4304-1
Released	Thu Dec 1 09:11:59 2022
Summary	Security update for emacs
Type	security
Severity	important
References	1205822,CVE-2022-45939

Description:

This update for emacs fixes the following issues:

CVE-2022-45939: Fixed shell command injection via source code files when using ctags (bsc#1205822).

Advisory ID	SUSE-SU-2022:4306-1
Released	Thu Dec 1 09:27:10 2022
Summary	Security update for bcel
Type	security
Severity	moderate
References	1205125,CVE-2022-42920

Description:

This update for bcel fixes the following issues:

CVE-2022-42920: Fixed producing arbitrary bytecode via out-of-bounds writing (bsc#1205125).

Advisory ID	SUSE-SU-2022:4308-1
Released	Thu Dec 1 15:51:19 2022
Summary	Security update for virt-v2v
Type	security
Severity	moderate
References	1201064,CVE-2022-2211

Description:

This update for virt-v2v fixes the following issues:

CVE-2022-2211: Fixed buffer overflow in get_keys (bsc#1201064).

Advisory ID	SUSE-RU-2022:4311-1
Released	Fri Dec 2 11:02:43 2022
Summary	Recommended update for open-vm-tools
Type	recommended
Severity	critical
References

Description:

This update for open-vm-tools fixes the following issues:

Include binaries of open-vm-tools for ARM architecture aarch64 in SUSE Linux Enterprise 15 Service Pack 4 (jsc#SLE-22385)

Advisory ID	SUSE-RU-2022:4312-1
Released	Fri Dec 2 11:16:47 2022
Summary	Recommended update for tar
Type	recommended
Severity	moderate
References	1200657,1203600

Description:

This update for tar fixes the following issues:

Fix unexpected inconsistency when making directory (bsc#1203600)
Update race condition fix (bsc#1200657)

Advisory ID	SUSE-feature-2022:4313-1
Released	Mon Dec 5 02:32:13 2022
Summary	Feature update for python-cached-property, python-osc-tiny, python-responses
Type	feature
Severity	important
References

Description:

This update for python-cached-property, python-osc-tiny, python-responses fixes the following issues:
python-cached-property:

New package at version 1.5.2 (jsc#PED-1872, jsc#PED-1964)

python-responses:

Version update from 0.10.12 to 0.21.0 (jsc#PED-1872, jsc#PED-1964)
Dropped support of Python 2.7, 3.5, 3.6
For the full list of changes please read the packaged CHANGES file or https://github.com/getsentry/responses/releases

python-osc-tiny:

New package at version 0.7.5 (jsc#PED-1872, jsc#PED-1964)

Advisory ID	SUSE-RU-2022:4314-1
Released	Mon Dec 5 08:05:35 2022
Summary	Recommended update for Yast2
Type	recommended
Severity	moderate
References	1199746,1201235,1201435,1201962,1202479,1203866,1204448,1204559

Description:

This update for Yast2 fixes the following issues:
autoyast2:

Allow empty values in ask/default, ask/selection/label and ask/selection/value elements (bsc#1204448)
Add needed packages for the selected network backend in order to prevent it is not declared in the software section (bsc#1201235, bsc#1201435)

yast2-bootloader:

Prevent leak of grub2 password to logs (bsc#1201962)

yast2-installation:

Fix copy of entropy pool during installation (bsc#1204559)

yast2-network:

Do not assume wicked will be installed by default anymore and return the needed packages by the selected backend when them are not installed (bsc#1201235, bsc#1201435)
Fixed issue when writing the NetworkManager config without a gateway (bsc#1203866)
Activate s390 devices before importing and reading the network configuration or otherwise the related linux devices will not be present and could be ignored (bsc#1199746)
At the end of the installation, force an enablement of the selected network service even when the selected one has not been modified and ensure other backends are disabled (bsc#1202479)

Advisory ID	SUSE-RU-2022:4326-1
Released	Tue Dec 6 03:22:25 2022
Summary	Recommended update for hawk2
Type	recommended
Severity	important
References	1196673,1198647,1199258,1203367

Description:

This update for hawk2 fixes the following issues:

Fix detection of partial upgrade (bsc#1196673,bsc#1203367)
Improve handling of unmatched paths (bsc#1199258)
Allow configuration of cookies to HttpOnly by the use of the environment variable HAWK_COOKIE_HTTP_ONLY=true (bsc#1198647)

Advisory ID	SUSE-RU-2022:4328-1
Released	Tue Dec 6 12:25:12 2022
Summary	Recommended update for audit-secondary
Type	recommended
Severity	moderate
References	1204844

Description:

This update for audit-secondary fixes the following issues:

Fix rules not loaded when restarting auditd.service (bsc#1204844)

Advisory ID	SUSE-SU-2022:4334-1
Released	Tue Dec 6 16:01:53 2022
Summary	Security update for MozillaThunderbird
Type	security
Severity	important
References	1205941,CVE-2022-45414

Description:

This update for MozillaThunderbird fixes the following issues:
Update to version 102.5.1:

CVE-2022-45414: Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content (bsc#1205941).

Advisory ID	SUSE-RU-2022:4336-1
Released	Tue Dec 6 16:27:50 2022
Summary	Recommended update for gdb
Type	recommended
Severity	moderate
References

Description:

gdb was updated to version 12.1:

DBX mode is deprecated, and will be removed in GDB 13.

GDB 12 is the last release of GDB that will support building against Python 2. From GDB 13, it will only be possible to build GDB itself with Python 3 support.

Improved C++ template support: GDB now treats functions/types involving C++ templates like it does function overloads. Users may omit parameter lists to set breakpoints on families of template functions, including types/functions composed of multiple template types:

(gdb) break template_func(template_1, int)
The above will set breakpoints at every function `template_func' where the first function parameter is any template type named `template_1' and the second function parameter is `int'. TAB completion also gains similar improvements.

New commands:

- maint set backtrace-on-fatal-signal on|off - maint show backtrace-on-fatal-signal
This setting is 'on' by default. When 'on' GDB will print a limited backtrace to stderr in the situation where GDB terminates with a fatal signal. This only supported on some platforms where the backtrace and backtrace_symbols_fd functions are available.
- set source open on|off - show source open
This setting, which is on by default, controls whether GDB will try to open source code files. Switching this off will stop GDB trying to open and read source code files, which can be useful if the files are located over a slow network connection.
- set varsize-limit - show varsize-limit
These are now deprecated aliases for 'set max-value-size' and 'show max-value-size'.
- task apply [all | TASK-IDS...] [FLAG]... COMMAND
Like 'thread apply', but applies COMMAND to Ada tasks.
- watch [...] task ID
Watchpoints can now be restricted to a specific Ada task.
- maint set internal-error backtrace on|off - maint show internal-error backtrace - maint set internal-warning backtrace on|off - maint show internal-warning backtrace
GDB can now print a backtrace of itself when it encounters either an internal-error, or an internal-warning. This is on by default for internal-error and off by default for internal-warning.
- set logging on|off
Deprecated and replaced by 'set logging enabled on|off'.
- set logging enabled on|off - show logging enabled
These commands set or show whether logging is enabled or disabled.
- exit
You can now exit GDB by using the new command 'exit', in addition to the existing 'quit' command.
- set debug threads on|off - show debug threads
Print additional debug messages about thread creation and deletion.
- set debug linux-nat on|off - show debug linux-nat
These new commands replaced the old 'set debug lin-lwp' and 'show debug lin-lwp' respectively. Turning this setting on prints debug messages relating to GDB's handling of native Linux inferiors.
- maint flush source-cache
Flush the contents of the source code cache.
- maint set gnu-source-highlight enabled on|off - maint show gnu-source-highlight enabled
Whether GDB should use the GNU Source Highlight library for adding styling to source code. When off, the library will not be used, even when available. When GNU Source Highlight isn't used, or can't add styling to a particular source file, then the Python Pygments library will be used instead.
- set suppress-cli-notifications (on|off) - show suppress-cli-notifications
This controls whether printing the notifications is suppressed for CLI. CLI notifications occur when you change the selected context (i.e., the current inferior, thread and/or the frame), or when the program being debugged stops (e.g., because of hitting a breakpoint, completing source-stepping, an interrupt, etc.).
- set style disassembler enabled on|off - show style disassembler enabled
If GDB is compiled with Python support, and the Python Pygments package is available, then, when this setting is on, disassembler output will have styling applied.
- set ada source-charset - show ada source-charset
Set the character set encoding that is assumed for Ada symbols. Valid values for this follow the values that can be passed to the GNAT compiler via the '-gnati' option. The default is ISO-8859-1.

Changed commands:

- print
Printing of floating-point values with base-modifying formats like /x has been changed to display the underlying bytes of the value in the desired base. This was GDB's documented behavior, but was never implemented correctly.
- maint packet
This command can now print a reply, if the reply includes non-printable characters. Any non-printable characters are printed as escaped hex, e.g. \x?? where '??' is replaces with the value of the non-printable character.
- clone-inferior
The clone-inferior command now ensures that the TTY, CMD and ARGS settings are copied from the original inferior to the new one. All modifications to the environment variables done using the 'set environment' or 'unset environment' commands are also copied to the new inferior.
- set debug lin-lwp on|off - show debug lin-lwp
These commands have been removed from GDB. The new command 'set debug linux-nat' and 'show debug linux-nat' should be used instead.
- info win
This command now includes information about the width of the tui windows in its output.

GDB's Ada parser now supports an extension for specifying the exact byte contents of a floating-point literal. This can be useful for setting floating-point registers to a precise value without loss of precision. The syntax is an extension of the based literal syntax. Use, e.g., '16lf#0123abcd#' -- the number of 'l's controls the width of the floating-point type, and the 'f' is the marker for floating point.

MI changes:

** The '-add-inferior' with no option flags now inherits the connection of the current inferior, this restores the behaviour of GDB as it was prior to GDB 10.
** The '-add-inferior' command now accepts a '--no-connection' option, which causes the new inferior to start without a connection.

Python API:

** New function gdb.add_history(), which takes a gdb.Value object and adds the value it represents to GDB's history list. An integer, the index of the new item in the history list, is returned.
** New function gdb.history_count(), which returns the number of values in GDB's value history.
** New gdb.events.gdb_exiting event. This event is called with a gdb.GdbExitingEvent object which has the read-only attribute 'exit_code', which contains the value of the GDB exit code. This event is triggered once GDB decides it is going to exit, but before GDB starts to clean up its internal state.
** New function gdb.architecture_names(), which returns a list containing all of the possible Architecture.name() values. Each entry is a string.
** New function gdb.Architecture.integer_type(), which returns an integer type given a size and a signed-ness.
** New gdb.TargetConnection object type that represents a connection (as displayed by the 'info connections' command). A sub-class, gdb.RemoteTargetConnection, is used to represent 'remote' and 'extended-remote' connections.
** The gdb.Inferior type now has a 'connection' property which is an instance of gdb.TargetConnection, the connection used by this inferior. This can be None if the inferior has no connection.
** New 'gdb.events.connection_removed' event registry, which emits a 'gdb.ConnectionEvent' when a connection is removed from GDB. This event has a 'connection' property, a gdb.TargetConnection object for the connection being removed.
** New gdb.connections() function that returns a list of all currently active connections.
** New gdb.RemoteTargetConnection.send_packet(PACKET) method. This is equivalent to the existing 'maint packet' CLI command; it allows a user specified packet to be sent to the remote target.
** New function gdb.host_charset(), returns a string, which is the name of the current host charset.
** New gdb.set_parameter(NAME, VALUE). This sets the gdb parameter NAME to VALUE.
** New gdb.with_parameter(NAME, VALUE). This returns a context manager that temporarily sets the gdb parameter NAME to VALUE, then resets it when the context is exited.
** The gdb.Value.format_string method now takes a 'styling' argument, which is a boolean. When true, the returned string can include escape sequences to apply styling. The styling will only be present if styling is otherwise turned on in GDB (see 'help set styling'). When false, which is the default if the argument is not given, then no styling is applied to the returned string.
** New read-only attribute gdb.InferiorThread.details, which is either a string, containing additional, target specific thread state information, or None, if there is no such additional information.
** New read-only attribute gdb.Type.is_scalar, which is True for scalar types, and False for all other types.
** New read-only attribute gdb.Type.is_signed. This attribute should only be read when Type.is_scalar is True, and will be True for signed types, and False for all other types. Attempting to read this attribute for non-scalar types will raise a ValueError.
** It is now possible to add GDB/MI commands implemented in Python.
Update libipt to v2.0.5.

Advisory ID	SUSE-RU-2022:4337-1
Released	Tue Dec 6 16:51:12 2022
Summary	Recommended update for collectd
Type	recommended
Severity	moderate
References

Description:

This update of collectd fixes the following issues:

rebuild against the new net-snmp (jsc#SLE-11203).

Advisory ID	SUSE-RU-2022:4338-1
Released	Tue Dec 6 16:51:30 2022
Summary	Recommended update for 389-ds
Type	recommended
Severity	moderate
References

Description:

This update of 389-ds fixes the following issues:

rebuild against the new net-snmp (jsc#SLE-11203).

Advisory ID	SUSE-RU-2022:4339-1
Released	Tue Dec 6 16:51:57 2022
Summary	Recommended update for hplip
Type	recommended
Severity	moderate
References

Description:

This update of hplip fixes the following issues:

rebuild against the new net-snmp (jsc#SLE-11203).

Advisory ID	SUSE-feature-2022:4340-1
Released	Wed Dec 7 12:54:47 2022
Summary	Feature update for wicked
Type	feature
Severity	moderate
References	1184124,1186787,1187655,1189560,1192508,1198894,1200505,1201053,876845,877776,885007,896188,988954

Description:

This update for wicked fixes the following issues:

build: Ensure binaries are Position Independent Executable (PIE) (bsc#1184124)
client: Add release options to ifdown/ifreload (jsc#SLE-25048, jsc#SLE-10249)
client: Fix memory access violation (SEGV) on empty xpath results
dbus: Clear string array before append
dhcp4: Fix issues in reuse of last lease (bsc#1187655)
dhcp6: Add option to refresh lease (jsc#SLE-24310, jsc#SLE-9492, jsc#SLE-24307)
dhcp6: Consider ppp interfaces supported
dhcp6: Ignore lease release status
dhcp6: Remove address before release
firewall-ext: No config change on ifdown (bsc#1201053, bsc#1189560)
socket: Fix memory access violation (SEGV) on heavy socket restart errors (bsc#1192508)
systemd: Remove systemd-udev-settle dependency (bsc#1186787)
team: Fix to configure port priority in teamd (bsc#1200505)
wireless: Add support for WPA3 and PMF (bsc#1198894)
wireless: Fix memory access violation (SEGV) on supplicant restart
wireless: Remove libiw dependencies

Advisory ID	SUSE-SU-2022:4349-1
Released	Wed Dec 7 16:15:52 2022
Summary	Security update for buildah
Type	security
Severity	important
References	1167864,1202812,CVE-2020-10696,CVE-2022-2990

Description:

This update for buildah fixes the following issues:
Version update to 1.28.2.

CVE-2022-2990: Fixed a possible information disclosure and modification vulnerability (bsc#1202812).
CVE-2020-10696: Fixed an issue with a crafted input tar file that may lead to a local file overwriting during image build process (bsc#1167864).

Advisory ID	SUSE-RU-2022:4354-1
Released	Thu Dec 8 10:10:00 2022
Summary	Recommended update for mvapich2
Type	recommended
Severity	moderate
References	1175679,1199808

Description:

This update for mvapich2 fixes the following issues:

Fix SIGFPE during MPI_Init on non-NUMA systems (bsc#1199808, bsc#1175679)

Advisory ID	SUSE-RU-2022:4361-1
Released	Thu Dec 8 16:11:52 2022
Summary	Recommended update for pdsh, slurm_22_05
Type	recommended
Severity	important
References	CVE-2021-43337,CVE-2022-29500,CVE-2022-29501,CVE-2022-29502,CVE-2022-31251

Description:

This update for pdsh, slurm_22_05 fixes the following issues:
Slurm was updated to 22.05.5

Fixes a number of moderate severity issues, noteable are:

* Load hash plugin at slurmstepd launch time to prevent issues loading the plugin at step completion if the Slurm installation is upgraded. * Update nvml plugin to match the unique id format for MIG devices in new Nvidia drivers. * Fix multi-node step launch failure when nodes in the controller aren't in natural order. This can happen with inconsistent node naming (such as node15 and node052) or with dynamic nodes which can register in any order. * job_container/tmpfs - cleanup containers even when the .ns file isn't mounted anymore. * Wait up to PrologEpilogTimeout before shutting down slurmd to allow prolog and epilog scripts to complete or timeout. Previously, slurmd waited 120 seconds before timing out and killing prolog and epilog scripts.

Do not deduplicate files of testsuite Slurm configuration. This directory is supposed to be mounted over /etc/slurm therefore it must not contain softlinks to the files in this directory.

Fix a potential security vulnerability in the test package (bsc#1201674, CVE-2022-31251).

update to 22.05.2 with following fixes:

* Fix regression which allowed the oversubscription of licenses. * Fix a segfault in slurmctld when requesting gres in job arrays.

Allow log in as user 'slurm'. This allows admins to run certain priviledged commands more easily without becoming root.

update to 22.05.0 with following changes:

Support for dynamic node addition and removal
Support for native Linux cgroup v2 operation
Newly added plugins to support HPE Slingshot 11 networks (switch/hpe_slingshot), and Intel Xe GPUs (gpu/oneapi)
Added new acct_gather_interconnect/sysfs plugin to collect statistics from arbitrary network interfaces.
Expanded and synced set of environment variables available in the Prolog/Epilog/PrologSlurmctld/EpilogSlurmctld scripts.
New '--prefer' option to job submissions to allow for a 'soft constraint' request to influence node selection.
Optional support for license planning in the backfill scheduler with 'bf_licenses' option in SchedulerParameters.

Add a comment about the CommunicationParameters=block_null_hash option warning users who migrate - just in case.

Update to 21.08.8 which fixes CVE-2022-29500 (bsc#1199278), CVE-2022-29501 (bsc#1199279), and CVE-2022-29502 (bsc#1199281).

Added 'CommunicationParameters=block_null_hash' to slurm.conf, please add this parameter to existing configurations.

Update to 21.08.7 with following changes:

* openapi/v0.0.37 - correct calculation for bf_queue_len_mean in /diag. * Avoid shrinking a reservation when overlapping with downed nodes. * Only check TRES limits against current usage for TRES requested by the job. * Do not allocate shared gres (MPS) in whole-node allocations * Constrain slurmstepd to job/step cgroup like in previous versions of Slurm. * Fix warnings on 32-bit compilers related to printf() formats. * Fix reconfigure issues after disabling/reenabling the GANG PreemptMode. * Fix race condition where a cgroup was being deleted while another step was creating it. * Set the slurmd port correctly if multi-slurmd * Fix FAIL mail not being sent if a job was cancelled due to preemption. * slurmrestd - move debug logs for HTTP handling to be gated by debugflag NETWORK to avoid unnecessary logging of communication contents. * Fix issue with bad memory access when shrinking running steps. * Fix various issues with internal job accounting with GRES when jobs are shrunk. * Fix ipmi polling on slurmd reconfig or restart. * Fix srun crash when reserved ports are being used and het step fails to launch. * openapi/dbv0.0.37 - fix DELETE execution path on /user/{user_name}. * slurmctld - Properly requeue all components of a het job if PrologSlurmctld fails. * rlimits - remove final calls to limit nofiles to 4096 but to instead use the max possible nofiles in slurmd and slurmdbd. * Allow the DBD agent to load large messages (up to MAX_BUF_SIZE) from state. * Fix potential deadlock during slurmctld restart when there is a completing job. * slurmstepd - reduce user requested soft rlimits when they are above max hard rlimits to avoid rlimit request being completely ignored and processes using default limits. * Fix Slurm user commands displaying available features as active features when no features were active. * Don't power down nodes that are rebooting. * Clear pending node reboot on power down request. * Ignore node registrations while node is powering down. * Don't reboot any node that is power down. * Don't allow a node to reboot if it's marked for power down. * Fix issuing reboot and downing when rebooting a powering up node. * Clear DRAIN on node after failing to resume before ResumeTimeout. * Prevent repeating power down if node fails to resume before ResumeTimeout. * Fix federated cloud node communication with srun and cloud_dns. * Fix jobs being scheduled on nodes marked to be powered_down when idle. * Fix problem where a privileged user could not view array tasks specified by _ when PrivateData had the jobs value set. - Changes in Slurm 21.08.6 * Fix plugin_name definitions in a number of plugins to improve logging. * Close sbcast file transfers when job is cancelled. * scrontab - fix handling of --gpus and --ntasks-per-gpu options. * sched/backfill - fix job_queue_rec_t memory leak. * Fix magnetic reservation logic in both main and backfill schedulers. * job_container/tmpfs - fix memory leak when using InitScript. * slurmrestd / openapi - fix memory leaks. * Fix slurmctld segfault due to job array resv_list double free. * Fix multi-reservation job testing logic. * Fix slurmctld segfault due to insufficient job reservation parse validation. * Fix main and backfill schedulers handling for already rejected job array. * sched/backfill - restore resv_ptr after yielding locks. * acct_gather_energy/xcc - appropriately close and destroy the IPMI context. * Protect slurmstepd from making multiple calls to the cleanup logic. * Prevent slurmstepd segfault at cleanup time in mpi_fini(). * Fix slurmctld sometimes hanging if shutdown while PrologSlurmctld or EpilogSlurmctld were running and PrologEpilogTimeout is set in slurm.conf. * Fix affinity of the batch step if batch host is different than the first node in the allocation. * slurmdbd - fix segfault after multiple failover/failback operations. * Fix jobcomp filetxt job selection condition. * Fix -f flag of sacct not being used. * Select cores for job steps according to the socket distribution. Previously, sockets were always filled before selecting cores from the next socket. * Keep node in Future state if epilog completes while in Future state. * Fix erroneous --constraint behavior by preventing multiple sets of brackets. * Make ResetAccrueTime update the job's accrue_time to now. * Fix sattach initialization with configless mode. * Revert packing limit checks affecting pmi2. * sacct - fixed assertion failure when using -c option and a federation display * Fix issue that allowed steps to overallocate the job's memory. * Fix the sanity check mode of AutoDetect so that it actually works. * Fix deallocated nodes that didn't actually launch a job from waiting for Epilogslurmctld to complete before clearing completing node's state. * Job should be in a completing state if EpilogSlurmctld when being requeued. * Fix job not being requeued properly if all node epilog's completed before EpilogSlurmctld finished. * Keep job completing until EpilogSlurmctld is completed even when 'downing' a node. * Fix handling reboot with multiple job features. * Fix nodes getting powered down when creating new partitions. * Fix bad bit_realloc which potentially could lead to bad memory access. * slurmctld - remove limit on the number of open files. * Fix bug where job_state file of size above 2GB wasn't saved without any error message. * Fix various issues with no_consume gres. * Fix regression in 21.08.0rc1 where job steps failed to launch on systems that reserved a CPU in a cgroup outside of Slurm (for example, on systems with WekaIO). * Fix OverTimeLimit not being reset on scontrol reconfigure when it is removed from slurm.conf. * serializer/yaml - use dynamic buffer to allow creation of YAML outputs larger than 1MiB. * Fix minor memory leak affecting openapi users at process termination. * Fix batch jobs not resolving the username when nss_slurm is enabled. * slurmrestd - Avoid slurmrestd ignoring invalid HTTP method if the response serialized without error. * openapi/dbv0.0.37 - Correct conditional that caused the diag output to give an internal server error status on success. * Make --mem-bind=sort work with task_affinity * Fix sacctmgr to set MaxJobsAccruePer{User|Account} and MinPrioThres in sacctmgr add qos, modify already worked correctly. * job_container/tmpfs - avoid printing extraneous error messages in Prolog and Epilog, and when the job completes. * Fix step CPU memory allocation with --threads-per-core without --exact. * Remove implicit --exact when --threads-per-core or --hint=nomultithread is used. * Do not allow a step to request more threads per core than the allocation did. * Remove implicit --exact when --cpus-per-task is used.

update to 21.08.5 with following changes: * Fix issue where typeless GRES node updates were not immediately reflected. * Fix setting the default scrontab job working directory so that it's the home of the different user (*u ) and not that of root or SlurmUser editor. * Fix stepd not respecting SlurmdSyslogDebug. * Fix concurrency issue with squeue. * Fix job start time not being reset after launch when job is packed onto already booting node. * Fix updating SLURM_NODE_ALIASES for jobs packed onto powering up nodes. * Cray - Fix issues with starting hetjobs. * auth/jwks - Print fatal() message when jwks is configured but file could not be opened. * If sacctmgr has an association with an unknown qos as the default qos print 'UNKN*###' instead of leaving a blank name. * Correctly determine task count when giving --cpus-per-gpu, --gpus and *-ntasks-per-node without task count. * slurmctld - Fix places where the global last_job_update was not being set to the time of update when a job's reason and description were updated. * slurmctld - Fix case where a job submitted with more than one partition would not have its reason updated while waiting to start. * Fix memory leak in node feature rebooting. * Fix time limit permanetly set to 1 minute by backfill for job array tasks higher than the first with QOS NoReserve flag and PreemptMode configured. * Fix sacct -N to show jobs that started in the current second * Fix issue on running steps where both SLURM_NTASKS_PER_TRES and SLURM_NTASKS_PER_GPU are set. * Handle oversubscription request correctly when also requesting *-ntasks-per-tres. * Correctly detect when a step requests bad gres inside an allocation. * slurmstepd - Correct possible deadlock when UnkillableStepTimeout triggers. * srun - use maximum number of open files while handling job I/O. * Fix writing to Xauthority files on root_squash NFS exports, which was preventing X11 forwarding from completing setup. * Fix regression in 21.08.0rc1 that broke --gres=none. * Fix srun --cpus-per-task and --threads-per-core not implicitly setting *-exact. It was meant to work this way in 21.08. * Fix regression in 21.08.0 that broke dynamic future nodes. * Fix dynamic future nodes remembering active state on restart. * Fix powered down nodes getting stuck in COMPLETING+POWERED_DOWN when job is cancelled before nodes are powering up.

updated to 21.08.4 which fixes (CVE-2021-43337) which is only present in 21.08 tree.
* CVE-2021-43337: For sites using the new AccountingStoreFlags=job_script and/or job_env options, an issue was reported with the access control rules in SlurmDBD that will permit users to request job scripts and environment files that they should not have access to. (Scripts/environments are meant to only be accessible by user accounts with administrator privileges, by account coordinators for jobs submitted under their account, and by the user themselves.)
changes from 21.08.3:
* This includes a number of fixes since the last release a month ago, including one critical fix to prevent a communication issue between slurmctld and slurmdbd for sites that have started using the new AccountingStoreFlags=job_script functionality.

Utilize sysuser infrastructure to set user/group slurm. For munge authentication slurm should have a fixed UID across all nodes including the management server. Set it to 120
Limit firewalld service definitions to SUSE versions >= 15.

added service definitions for firewalld (JSC#SLE-22741)

update to 21.08.2

major change: * removed of support of the TaskAffinity=yes option in cgroup.conf. Please consider using 'TaskPlugins=cgroup,affinity' in slurm.conf as an option.
minor changes and bugfixes: * slurmctld - fix how the max number of cores on a node in a partition are calculated when the partition contains multi*socket nodes. This in turn corrects certain jobs node count estimations displayed client*side. * job_submit/cray_aries - fix 'craynetwork' GRES specification after changes introduced in 21.08.0rc1 that made TRES always have a type prefix. * Ignore nonsensical check in the slurmd for [Pro|Epi]logSlurmctld. * Fix writing to stderr/syslog when systemd runs slurmctld in the foreground. * Fix issue with updating job started with node range. * Fix issue with nodes not clearing state in the database when the slurmctld is started with clean*start. * Fix hetjob components > 1 timing out due to InactiveLimit. * Fix sprio printing -nan for normalized association priority if PriorityWeightAssoc was not defined. * Disallow FirstJobId=0. * Preserve job start info in the database for a requeued job that hadn't registered the first time in the database yet. * Only send one message on prolog failure from the slurmd. * Remove support for TaskAffinity=yes in cgroup.conf. * accounting_storage/mysql - fix issue where querying jobs via sacct *-whole-hetjob=yes or slurmrestd (which automatically includes this flag) could in some cases return more records than expected. * Fix issue for preemption of job array task that makes afterok dependency fail. Additionally, send emails when requeueing happens due to preemption. * Fix sending requeue mail type. * Properly resize a job's GRES bitmaps and counts when resizing the job. * Fix node being able to transition to CLOUD state from non-cloud state. * Fix regression introduced in 21.08.0rc1 which broke a step's ability to inherit GRES from the job when the step didn't request GRES but the job did. * Fix errors in logic when picking nodes based on bracketed anded constraints. This also enforces the requirement to have a count when using such constraints. * Handle job resize better in the database. * Exclude currently running, resized jobs from the runaway jobs list. * Make it possible to shrink a job more than once.

moved pam module from /lib64 to /usr/lib64 which fixes bsc#1191095 via the macro %_pam_moduledir

updated to 21.08.1 with following bug fixes:
* Fix potential memory leak if a problem happens while allocating GRES for a job. * If an overallocation of GRES happens terminate the creation of a job. * AutoDetect=nvml: Fatal if no devices found in MIG mode. * Print federation and cluster sacctmgr error messages to stderr. * Fix off by one error in --gpu-bind=mask_gpu. * Add --gpu-bind=none to disable gpu binding when using --gpus-per-task. * Handle the burst buffer state 'alloc-revoke' which previously would not display in the job correctly. * Fix issue in the slurmstepd SPANK prolog/epilog handler where configuration values were used before being initialized. * Restore a step's ability to utilize all of an allocations memory if --mem=0. * Fix --cpu-bind=verbose garbage taskid. * Fix cgroup task affinity issues from garbage taskid info. * Make gres_job_state_validate() client logging behavior as before 44466a4641. * Fix steps with --hint overriding an allocation with --threads-per-core. * Require requesting a GPU if --mem-per-gpu is requested. * Return error early if a job is requesting --ntasks-per-gpu and no gpus or task count. * Properly clear out pending step if unavailable to run with available resources. * Kill all processes spawned by burst_buffer.lua including decendents. * openapi/v0.0.{35,36,37} - Avoid setting default values of min_cpus, job name, cwd, mail_type, and contiguous on job update. * openapi/v0.0.{35,36,37} - Clear user hold on job update if hold=false. * Prevent CRON_JOB flag from being cleared when loading job state. * sacctmgr - Fix deleting WCKeys when not specifying a cluster. * Fix getting memory for a step when the first node in the step isn't the first node in the allocation. * Make SelectTypeParameters=CR_Core_Memory default for cons_tres and cons_res. * Correctly handle mutex unlocks in the gres code if failures happen. * Give better error message if -m plane is given with no size. * Fix --distribution=arbitrary for salloc. * Fix jobcomp/script regression introduced in 21.08.0rc1 0c75b9ac9d. * Only send the batch node in the step_hostlist in the job credential. * When setting affinity for the batch step don't assume the batch host is node 0. * In task/affinity better checking for node existence when laying out affinity. * slurmrestd - fix job submission with auth/jwt.

Make configure arg '--with-pmix' conditional.
Move openapi plugins to package slurm-restd.

updated to 21.08.0, major changes:
* A new 'AccountingStoreFlags=job_script' option to store the job scripts directly in SlurmDBD. * Added 'sacct -o SubmitLine' format option to get the submit line of a job/step. * Changes to the node state management so that nodes are marked as PLANNED instead of IDLE if the scheduler is still accumulating resources while waiting to launch a job on them. * RS256 token support in auth/jwt. * Overhaul of the cgroup subsystems to simplify operation, mitigate a number of inherent race conditions, and prepare for future cgroup v2 support. * Further improvements to cloud node power state management. * A new child process of the Slurm controller called 'slurmscriptd' responsible for executing PrologSlurmctld and EpilogSlurmctld scripts, which significantly reduces performance issues associated with enabling those options. * A new burst_buffer/lua plugin allowing for site-specific asynchronous job data management. * Fixes to the job_container/tmpfs plugin to allow the slurmd process to be restarted while the job is running without issue. * Added json/yaml output to sacct, squeue, and sinfo commands. * Added a new node_features/helpers plugin to provide a generic way to change settings on a compute node across a reboot. * Added support for automatically detecting and broadcasting shared libraries for an executable launched with 'srun --bcast'. * Added initial OCI container execution support with a new --container option to sbatch and srun. * Improved 'configless' support by allowing multiple control servers to be specified through the slurmd --conf-server option, and send additional configuration files at startup including cli_filter.lua.
Changes in pdsh:

Preparing pdsh for Slurm 22.05. * No later version of Slurm builds on 32 bit.

Advisory ID	SUSE-RU-2022:4365-1
Released	Thu Dec 8 16:14:30 2022
Summary	Recommended update for powerman
Type	recommended
Severity	moderate
References

Description:

This update of powerman fixes the following issues:

rebuild against the new net-snmp (jsc#SLE-11203).

Advisory ID	SUSE-RU-2022:4367-1
Released	Thu Dec 8 16:56:07 2022
Summary	Recommended update for cloud-regionsrv-client
Type	recommended
Severity	critical
References	1191880,1195924,1195925,1203382,1205089,1206082

Description:

This update for cloud-regionsrv-client fixes the following issues:

Update to version 10.0.7 (bsc#1191880, bsc#1195925, bsc#1195924)
Implement functionality to detect if an update server has a new cert.

Import the new cert when it is detected.

From 10.0.6 (bsc#1205089)

Credentials are equal when username and password are the same ignore other entries in the credentials file

Handle multiple zypper names in process table, zypper and Zypp-main

to properly detect the running process

Require dmidecode only on supported archs (bsc#1206082)

Advisory ID	SUSE-RU-2022:4370-1
Released	Thu Dec 8 17:19:14 2022
Summary	Recommended update for rsyslog
Type	recommended
Severity	moderate
References	1191833,1205275

Description:

This update for rsyslog fixes the following issues:

Parsing of legacy config syntax (bsc#1205275)
Remove $klogConsoleLogLevel setting from rsyslog.conf as this legacy setting from pre-systemd times is obsolete and can block important systemd messages (bsc#1191833)

Advisory ID	SUSE-SU-2022:4371-1
Released	Thu Dec 8 17:19:43 2022
Summary	Security update for busybox
Type	security
Severity	moderate
References	1199744,914660,CVE-2014-9645,CVE-2022-30065

Description:

This update for busybox fixes the following issues:

CVE-2022-30065: Fixed use-after-free in the AWK applet (bsc#1199744).
CVE-2014-9645: Fixed loading of unwanted module with / in module names (bsc#914660).

Update to 1.35.0 also introduced: - awk: fix printf %%, fix read beyond end of buffer - chrt: silence analyzer warning - libarchive: remove duplicate forward declaration - mount: 'mount -o rw ....' should not fall back to RO mount - ps: fix -o pid=PID,args interpreting entire 'PID,args' as header - tar: prevent malicious archives with long name sizes causing OOM - udhcpc6: fix udhcp_find_option to actually find DHCP6 options - xxd: fix -p -r - support for new optoins added to basename, cpio, date, find, mktemp, wget and others

Advisory ID	SUSE-RU-2022:4375-1
Released	Thu Dec 8 17:40:32 2022
Summary	Recommended update for pam_saslauthd
Type	recommended
Severity	moderate
References

Description:

This update for pam_saslauthd fixes the following issues:
Initial shipment of version 0.1.0~1.

Advisory ID	SUSE-SU-2022:4378-1
Released	Thu Dec 8 18:34:03 2022
Summary	Security update for rabbitmq-server
Type	security
Severity	moderate
References	1205267,CVE-2022-31008

Description:

This update for rabbitmq-server fixes the following issues:

CVE-2022-31008: Fixed predictable secret seed in URI encryption (bsc#1205267).

Advisory ID	SUSE-feature-2022:4380-1
Released	Fri Dec 9 03:58:17 2022
Summary	Feature update for ipset
Type	feature
Severity	important
References	1116432,1122853

Description:

This update for ipset fixes the following issues:
Version update from 6.36 to 7.15 (jsc#PED-2086):

Update needed to match kernel protocol version
Fix bug with 'ipset save -file ' that wrongly produced empty files (bsc#1116432)
A new internal protocol version between the kernel and userspace is used. This is required in order to support two new functions and the extendend LIST operation, which makes possible to run ipset in every case entirely over netlink without the need to use getsockopt()
Allow specifying protocols by number
Enable memory accounting for ipset allocations
Fix argument parsing buffer overflow in ipset_parse_argv
Fix parsing the service names for ports
Fix memory accounting for hash types on resize
Fix rename concurrency with listing, which can result broken list/save results
Fix to list/save into file specified by option
Implement sorting for hash types in the ipset tool
Limit the maximum range of consecutive elements to add/delete
Support the '-exist' flag with the destroy command
For the full list of changes please consult the changelog at https://ipset.netfilter.org/changelog.html

Advisory ID	SUSE-RU-2022:4382-1
Released	Fri Dec 9 04:00:36 2022
Summary	Recommended update for libnvme
Type	recommended
Severity	important
References	1200089,1203163,1203204,1205019

Description:

This update for libnvme fixes the following issues:
libnvme:

Fix 'connect-all' failures when handling JSON configuration file (bsc#1205019)

nvme-cli:

Honor JSON config file in 'connect-all' command (bsc#1203204 bsc#1203163)
Add 'show-topology' command (bsc#1200089)

Advisory ID	SUSE-RU-2022:4383-1
Released	Fri Dec 9 04:01:50 2022
Summary	Recommended update for iputils
Type	recommended
Severity	important
References	1203957

Description:

This update for iputils fixes the following issues:

Fix occasional memory access violation when using `ping` (bsc#1203957)

Advisory ID	SUSE-RU-2022:4384-1
Released	Fri Dec 9 04:02:25 2022
Summary	Recommended update for migrate-sles-to-sles4sap
Type	recommended
Severity	moderate
References	1205281

Description:

This update for migrate-sles-to-sles4sap fixes the following issues:

Add missing required package dependencies to wget, coreutils, openssl and SUSE Connect (bsc#1205281)

Advisory ID	SUSE-RU-2022:4385-1
Released	Fri Dec 9 04:03:31 2022
Summary	Recommended update for clone-master-clean-up
Type	recommended
Severity	moderate
References	1203024,1204835

Description:

This update for clone-master-clean-up fixes the following issues:
Version update from 1.8 to 1.10:

Fix failure if postfix is not installed by adding a check for the directory's existance (bsc#1204835)
Clean up initiatorname.iscsi (bsc#1203024)

Advisory ID	SUSE-RU-2022:4387-1
Released	Fri Dec 9 04:05:27 2022
Summary	Recommended update for libteam
Type	recommended
Severity	moderate
References	1200505

Description:

This update for libteam fixes the following issues:

Set ports priority to local and kernel configurations (bsc#1200505)

Advisory ID	SUSE-RU-2022:4396-1
Released	Fri Dec 9 14:39:07 2022
Summary	Recommended update for frr
Type	recommended
Severity	moderate
References

Description:

This update of frr fixes the following issues:

rebuild against the new net-snmp (jsc#SLE-11203).

Advisory ID	SUSE-SU-2022:4397-1
Released	Fri Dec 9 15:59:23 2022
Summary	Security update for go1.19
Type	security
Severity	moderate
References	1200441,1206134,1206135,CVE-2022-41717,CVE-2022-41720

Description:

This update for go1.19 fixes the following issues:
Update to version 1.19.4, includes the following security fixes:

CVE-2022-41717: net/http: limit canonical header cache by bytes, not entries (bsc#1206135).
CVE-2022-41720: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows (bsc#1206134).

Advisory ID	SUSE-SU-2022:4398-1
Released	Fri Dec 9 15:59:41 2022
Summary	Security update for go1.18
Type	security
Severity	moderate
References	1193742,1206134,1206135,CVE-2022-41717,CVE-2022-41720

Description:

This update for go1.18 fixes the following issues:
Update to version 1.18.9, includes the following security fixes:

CVE-2022-41717: net/http: limit canonical header cache by bytes, not entries (bsc#1206135)
CVE-2022-41720: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows (bsc#1206134)

Advisory ID	SUSE-RU-2022:4404-1
Released	Mon Dec 12 09:04:37 2022
Summary	Recommended update for libpulp
Type	recommended
Severity	moderate
References	1200129,1200316

Description:

This update for libpulp fixes the following issues:

Fix ulp tool not patching on highly stressed environments. The reason behind it is that a 10s timeout was not enough depending of how stressed the machine is (bsc#1200316)
Fix HANA testcase failures (bsc#1200129)
Add support for searching for patches recursively so that to include subdirectories
Improve the process patching performance. This is achieved by reducing ptrace calls and switching to 'process_vm_readv/writev' when possible, and moving process discovery to a different thread.

Advisory ID	SUSE-SU-2022:4411-1
Released	Tue Dec 13 04:21:08 2022
Summary	Security update for tiff
Type	security
Severity	important
References	1204642,1205422,CVE-2022-3570,CVE-2022-3598

Description:

This update for tiff fixes the following issues:

CVE-2022-3570: Fixed heap buffer overflows in tiffcrop.c (bsc#1205422).
CVE-2022-3598: Fixed out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c [bsc#1204642]

Advisory ID	SUSE-RU-2022:4412-1
Released	Tue Dec 13 04:47:03 2022
Summary	Recommended update for suse-build-key
Type	recommended
Severity	moderate
References	1204706

Description:

This update for suse-build-key fixes the following issues:

added /usr/share/pki/containers directory for container pem keys (cosign/sigstore style), put the SUSE Container signing PEM key there too (bsc#1204706)

Advisory ID	SUSE-RU-2022:4413-1
Released	Tue Dec 13 08:04:34 2022
Summary	Recommended update for resource-agents
Type	recommended
Severity	moderate
References

Description:

This update for resource-agents fixes the following issue:

Pacemaker should provide a dynamic option to specify a logfile.

Advisory ID	SUSE-RU-2022:4420-1
Released	Tue Dec 13 08:25:30 2022
Summary	Recommended update for salt
Type	recommended
Severity	moderate
References	1203685,1203834,1203886

Description:

This update for salt fixes the following issues:

Pass the context to pillar ext modules
Align Amazon EC2 (Nitro) grains with upstream (bsc#1203685)
Detect module run syntax version
Implement automated patches alignment for the Salt Bundle
Ignore extend declarations from excluded SLS files (bsc#1203886)
Clarify pkg.installed pkg_verify documentation
Enhance capture of error messages for Zypper calls in zypperpkg module
Make pass renderer configurable and fix detected issues
Workaround fopen line buffering for binary mode (bsc#1203834)

Advisory ID	SUSE-RU-2022:4422-1
Released	Tue Dec 13 08:26:22 2022
Summary	Recommended update for SUSE Manager 4.3.3 Release Notes
Type	recommended
Severity	moderate
References	1200169,1200296,1201476,1201606,1201607,1201788,1201893,1202093,1202217,1202785,1203283,1203451,1203532,1203580,1203588,1203599,1203611,1203633,1203685,1203698,1203884,1204029,1204061,1204195,1204437,1204444,1204517,1204519,1204541,1204651,1204699,1205212,1205339,1205470

Description:

This update for SUSE Manager 4.3.3 Release Notes provides the following additions:
Release Notes for SUSE Manager: - Revision 4.3.3 - Bugs mentioned: bsc#1200169, bsc#1200296, bsc#1201476, bsc#1201606, bsc#1201607 bsc#1201788, bsc#1201893, bsc#1202093, bsc#1202217, bsc#1202785 bsc#1203283, bsc#1203451, bsc#1203532, bsc#1203580, bsc#1203588 bsc#1203599, bsc#1203611, bsc#1203633, bsc#1203685, bsc#1203698 bsc#1203884, bsc#1204029, bsc#1204061, bsc#1204195, bsc#1204437 bsc#1204444, bsc#1204517, bsc#1204519, bsc#1204541, bsc#1204651 bsc#1204699, bsc#1205212, bsc#1205339, bsc#1205470
Release Notes for SUSE Manager Proxy: - Revision 4.3.3 - Bugs mentioned: bsc#1201893, bsc#1203283, bsc#1204517, bsc#1205212, bsc#1205339

Advisory ID	SUSE-SU-2022:4437-1
Released	Tue Dec 13 08:33:20 2022
Summary	Security update for SUSE Manager Client Tools
Type	security
Severity	important
References	1188571,1189520,1192383,1192763,1193492,1193686,1199810,1201535,1201539,1202945,1203283,1203596,1203597,1203599,CVE-2021-36222,CVE-2021-3711,CVE-2021-41174,CVE-2021-41244,CVE-2021-43798,CVE-2021-43813,CVE-2021-43815,CVE-2022-29170,CVE-2022-31097,CVE-2022-31107,CVE-2022-35957,CVE-2022-36062

Description:

This update fixes the following issues:
dracut-saltboot:

Update to version 0.1.1665997480.587fa10 * Add dependencies on xz and gzip to support compressed images

golang-github-boynux-squid_exporter:

Exclude s390 architecture
Enhanced to build on Enterprise Linux 8.

grafana:

Version update from 8.3.10 to 8.5.13 (jsc#PED-2145)
Security fixes: * CVE-2022-36062: (bsc#1203596) * CVE-2022-35957: (bsc#1203597) * CVE-2022-31107: (bsc#1201539) * CVE-2022-31097: (bsc#1201535) * CVE-2022-29170: (bsc#1199810) * CVE-2021-43813, CVE-2021-43815: (bsc#1193686) * CVE-2021-43798: (bsc#1193492) * CVE-2021-41244: (bsc#1192763) * CVE-2021-41174: (bsc#1192383) * CVE-2021-3711: (bsc#1189520) * CVE-2021-36222: (bsc#1188571)
Features and enhancements: * AccessControl: Disable user remove and user update roles when they do not have the permissions * AccessControl: Provisioning for teams * Alerting: Add custom grouping to Alert Panel * Alerting: Add safeguard for migrations that might cause dataloss * Alerting: AlertingProxy to elevate permissions for request forwarded to data proxy when RBAC enabled * Alerting: Grafana uses > instead of >= when checking the For duration * Alerting: Move slow queries in the scheduler to another goroutine * Alerting: Remove disabled flag for data source when migrating alerts * Alerting: Show notification tab of legacy alerting only to editor * Alerting: Update migration to migrate only alerts that belon to existing org\dashboard * Alerting: Use expanded labels in dashboard annotations * Alerting: Use time.Ticker instead of alerting.Ticker in ngalert * Analytics: Add user id tracking to google analytics * Angular: Add AngularJS plugin support deprecation plan to docs site * API: Add usage stats preview endpoint * API: Extract OpenAPI specification from source code using go-swagger * Auth: implement auto_sign_up for auth.jwt * Azure monitor Logs: Optimize data fetching in resource picker * Azure Monitor Logs: Order subscriptions in resource picker by name * Azure Monitor: Include datasource ref when interpolating variables. * AzureMonitor: Add support for not equals and startsWith operators when creating Azure Metrics dimension filters. * AzureMonitor: Do not quote variables when a custom 'All' variable option is used * AzureMonitor: Filter list of resources by resourceType * AzureMonitor: Update allowed namespaces * BarChart: color by field, x time field, bar radius, label skipping * Chore: Implement OpenTelemetry in Grafana * Cloud Monitoring: Adds metric type to Metric drop down options * CloudMonitor: Correctly encode default project response * CloudWatch: Add all ElastiCache Redis Metrics * CloudWatch: Add Data Lifecycle Manager metrics and dimension * CloudWatch: Add Missing Elasticache Host-level metrics * CloudWatch: Add multi-value template variable support for log group names in logs query builder * CloudWatch: Add new AWS/ES metrics. #43034, @sunker * Cloudwatch: Add support for AWS/PrivateLink* metrics and dimensions * Cloudwatch: Add support for new AWS/RDS EBS* metrics * Cloudwatch: Add syntax highlighting and autocomplete for 'Metric Search' * Cloudwatch: Add template variable query function for listing log groups * Configuration: Add ability to customize okta login button name and icon * Elasticsearch: Add deprecation notice for < 7.10 versions. * Explore: Support custom display label for exemplar links for Prometheus datasource * Hotkeys: Make time range absolute/permanent * InfluxDB: Use backend for influxDB by default via feature toggle * Legend: Use correct unit for percent and count calculations * Logs: Escape windows newline into single newline * Loki: Add unpack to autocomplete suggestions * Loki: Use millisecond steps in Grafana 8.5.x. * Playlists: Enable sharing direct links to playlists * Plugins: Allow using both Function and Class components for app plugins * Plugins: Expose emotion/react to plugins to prevent load failures * Plugins: Introduce HTTP 207 Multi Status response to api/ds/query * Rendering: Add support for renderer token * Setting: Support configuring feature toggles with bools instead of just passing an array * SQLStore: Prevent concurrent migrations * SSE: Add Mode to drop NaN/Inf/Null in Reduction operations * Tempo: Switch out Select with AsyncSelect component to get loading state in Tempo Search * TimeSeries: Add migration for Graph panel's transform series override * TimeSeries: Add support for negative Y and constant transform * TimeSeries: Preserve null/undefined values when performing negative y transform * Traces: Filter by service/span name and operation in Tempo and Jaeger * Transformations: Add 'JSON' field type to ConvertFieldTypeTransformer * Transformations: Add an All Unique Values Reducer * Transformers: avoid error when the ExtractFields source field is missing
Breaking changes: * For a data source query made via /api/ds/query: + If the DatasourceQueryMultiStatus feature is enabled and the data source response has an error set as part of the DataResponse, the resulting HTTP status code is now '207 Multi Status' instead of '400 Bad gateway' + If the DatasourceQueryMultiStatus feature is not enabled and the data source response has an error set as part of the DataResponse, the resulting HTTP status code is '400 BadRequest' (no breaking change) * For a proxied request, e.g. Grafana's datasource or plugin proxy: + If the request is cancelled, e.g. from the browser/by the client, the HTTP status code is now '499 Client closed' request instead of 502 Bad gateway If the request times out, e.g. takes longer time than allowed, the HTTP status code is now '504 Gateway timeout' instead of '502 Bad gateway'. + The change in behavior is that negative-valued series are now stacked downwards from 0 (in their own stacks), rather than downwards from the top of the positive stacks. We now automatically group stacks by Draw style, Line interpolation, and Bar alignment, making it impossible to stack bars on top of lines, or smooth lines on top of stepped lines + The meaning of the default data source has now changed from being a persisted property in a panel. Before when you selected the default data source for a panel and later changed the default data source to another data source it would change all panels who were configured to use the default data source. From now on the default data source is just the default for new panels and changing the default will not impact any currently saved dashboards + The Tooltip component provided by @grafana/ui is no longer automatically interactive (that is you can hover onto it and click a link or select text). It will from now on by default close automatically when you mouse out from the trigger element. To make tooltips behave like before set the new interactive property to true.
Deprecations: * /api/tsdb/query API has been deprecated, please use /api/ds/query instead * AngularJS plugin support is now in a deprecated state. The documentation site has an article with more details on why, when, and how
Bug fixes: * Alerting: Add contact points provisioning API * Alerting: add field for custom slack endpoint * Alerting: Add resolved count to notification title when both firing and resolved present * Alerting: Alert rule should wait For duration when execution error state is Alerting * Alerting: Allow disabling override timings for notification policies * Alerting: Allow serving images from custom url path * Alerting: Apply Custom Headers to datasource queries * Alerting: Classic conditions can now display multiple values * Alerting: correctly show all alerts in a folder * Alerting: Display query from grafana-managed alert rules on /api/v1/rules * Alerting: Do not overwrite existing alert rule condition * Alerting: Enhance support for arbitrary group names in managed alerts * Alerting: Fix access to alerts for viewer with editor permissions when RBAC is disabled * Alerting: Fix anonymous access to alerting * Alerting: Fix migrations by making send_alerts_to field nullable * Alerting: Fix RBAC actions for notification policies * Alerting: Fix use of > instead of >= when checking the For duration * Alerting: Remove double quotes from matchers * API: Include userId, orgId, uname in request logging middleware * Auth: Guarantee consistency of signed SigV4 headers * Azure Monitor : Adding json formatting of error messages in Panel Header Corner and Inspect Error Tab * Azure Monitor: Add 2 more Curated Dashboards for VM Insights * Azure Monitor: Bug Fix for incorrect variable cascading for template variables * Azure Monitor: Fix space character encoding for metrics query link to Azure Portal * Azure Monitor: Fixes broken log queries that use workspace * Azure Monitor: Small bug fixes for Resource Picker * AzureAd Oauth: Fix strictMode to reject users without an assigned role * AzureMonitor: Fixes metric definition for Azure Storage queue/file/blob/table resources * Cloudwatch : Fixed reseting metric name when changing namespace in Metric Query * CloudWatch: Added missing MemoryDB Namespace metrics * CloudWatch: Fix MetricName resetting on Namespace change. * Cloudwatch: Fix template variables in variable queries. * CloudWatch: Fix variable query tag migration * CloudWatch: Handle new error codes for MetricInsights * CloudWatch: List all metrics properly in SQL autocomplete * CloudWatch: Prevent log groups from being removed on query change * CloudWatch: Remove error message when using multi-valued template vars in region field * CloudWatch: Run query on blur in logs query field * CloudWatch: Use default http client from aws-sdk-go * Dashboard: Fix dashboard update permission check * Dashboard: Fixes random scrolling on time range change * Dashboard: Template variables are now correctly persisted when clicking breadcrumb links * DashboardExport: Fix exporting and importing dashboards where query data source ended up as incorrect * DashboardPage: Remember scroll position when coming back panel edit / view panel * Dashboards: Fixes repeating by row and no refresh * Dashboards: Show changes in save dialog * DataSource: Default data source is no longer a persisted state but just the default data source for new panels * DataSourcePlugin API: Allow queries import when changing data source type * Elasticsearch: Respect maxConcurrentShardRequests datasource setting * Explore: Allow users to save Explore state to a new panel in a new dashboard * Explore: Avoid locking timepicker when range is inverted. * Explore: Fix closing split pane when logs panel is used * Explore: Prevent direct access to explore if disabled via feature toggle * Explore: Remove return to panel button * FileUpload: clicking the Upload file button now opens their modal correctly * Gauge: Fixes blank viz when data link exists and orientation was horizontal * GrafanaUI: Fix color of links in error Tooltips in light theme * Histogram Panel: Take decimal into consideration * InfluxDB: Fixes invalid no data alerts. #48295, @yesoreyeram * Instrumentation: Fix HTTP request instrumentation of authentication failures * Instrumentation: Make backend plugin metrics endpoints available with optional authentication * Instrumentation: Proxy status code correction and various improvements * LibraryPanels: Fix library panels not connecting properly in imported dashboards * LibraryPanels: Prevent long descriptions and names from obscuring the delete button * Logger: Use specified format for file logger * Logging: Introduce feature toggle to activate gokit/log format * Logs: Handle missing fields in dataframes better * Loki: Improve unpack parser handling * ManageDashboards: Fix error when deleting all dashboards from folder view * Middleware: Fix IPv6 host parsing in CSRF check * Navigation: Prevent navbar briefly showing on login * NewsPanel: Add support for Atom feeds. #45390, @kaydelaney * OAuth: Fix parsing of ID token if header contains non-string value * Panel Edit: Options search now works correctly when a logarithmic scale option is set * Panel Edit: Visualization search now works correctly with special characters * Plugins Catalog: Fix styling of hyperlinks * Plugins: Add deprecation notice for /api/tsdb/query endpoint * Plugins: Adding support for traceID field to accept variables * Plugins: Ensure catching all appropriate 4xx api/ds/query scenarios * Postgres: Return tables with hyphenated schemes * PostgreSQL: __unixEpochGroup to support arithmetic expression as argument * Profile/Help: Expose option to disable profile section and help menu * Prometheus: Enable new visual query builder by default * Provisioning: Fix duplicate validation when multiple organizations have been configured inserted * RBAC: Fix Anonymous Editors missing dashboard controls * RolePicker: Fix menu position on smaller screens * SAML: Allow disabling of SAML signups * Search: Sort results correctly when using postgres * Security: Fixes minor code scanning security warnings in old vendored javascript libs * Table panel: Fix horizontal scrolling when pagination is enabled * Table panel: Show datalinks for cell display modes JSON View and Gauge derivates * Table: Fix filter crashes table * Table: New pagination option * TablePanel: Add cell inspect option * TablePanel: Do not prefix columns with frame name if multipleframes and override active * TagsInput: Fix tags remove button accessibility issues * Tempo / Trace Viewer: Support Span Links in Trace Viewer * Tempo: Download span references in data inspector * Tempo: Separate trace to logs and loki search datasource config * TextPanel: Sanitize after markdown has been rendered to html * TimeRange: Fixes updating time range from url and browser history * TimeSeries: Fix detection & rendering of sparse datapoints * Timeseries: Fix outside range stale state * TimeSeries: Properly stack series with missing datapoints * TimeSeries: Sort tooltip values based on raw values * Tooltip: Fix links not legible in Tooltips when using light theme * Tooltip: Sort decimals using standard numeric compare * Trace View: Show number of child spans * Transformations: Support escaped characters in key-value pair parsing * Transforms: Labels to fields, fix label picker layout * Variables: Ensure variables in query params are correctly recognised * Variables: Fix crash when changing query variable datasource * Variables: Fixes issue with data source variables not updating queries with variable * Visualizations: Stack negative-valued series downwards
Plugin development fixes: * Card: Increase clickable area when meta items are present. * ClipboardButton: Use a fallback when the Clipboard API is unavailable * Loki: Fix operator description propup from being shortened. * OAuth: Add setting to skip org assignment for external users * Tooltips: Make tooltips non interactive by default * Tracing: Add option to map tag names to log label names in trace to logs settings

prometheus-blackbox_exporter:

Add requirement for go1.18 (bsc#1203599)

spacecmd:

Version 4.3.16-1 * Fix dict_keys not supporting indexing in systems_setconfigchannelorger * Improve Proxy FQDN hint message * Added a warning message for traditional stack deprecation * Stop always showing help for valid proxy_container_config calls * Remove 'Undefined return code' from debug messages (bsc#1203283)

spacewalk-client-tools:

Version 4.3.13-1 * Update translation strings

uyuni-proxy-systemd-services:

Version 4.3.7-1 * Expose /etc/sysconfig/proxy variables to container services (bsc#1202945)

Advisory ID	SUSE-RU-2022:4447-1
Released	Tue Dec 13 10:13:56 2022
Summary	Recommended update for postgresql13
Type	recommended
Severity	moderate
References	1205300

Description:

This update for postgresql13 fixes the following issues:
postgresql13 was updated to 13.9: (bsc#1205300)

https://www.postgresql.org/about/news/2543/
https://www.postgresql.org/docs/13/release-13-9.html

Advisory ID	SUSE-SU-2022:4452-1
Released	Tue Dec 13 11:35:26 2022
Summary	Security update for java-1_8_0-openjdk
Type	security
Severity	moderate
References	1204471,1204472,1204473,1204475,CVE-2022-21619,CVE-2022-21624,CVE-2022-21626,CVE-2022-21628

Description:

This update for java-1_8_0-openjdk fixes the following issues:
Update to version jdk8u352 (icedtea-3.25.0):

CVE-2022-21619,CVE-2022-21624: Fixed difficult to exploit vulnerability allows unauthenticated attacker with network access and can cause unauthorized update, insert or delete access via multiple protocols (bsc#1204473,bsc#1204475).
CVE-2022-21626: Fixed easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to cause partial denial of service (bsc#1204471).
CVE-2022-21628: Fixed easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to cause partial denial of service (bsc#1204472).

Advisory ID	SUSE-SU-2022:4453-1
Released	Tue Dec 13 11:38:38 2022
Summary	Security update for wireshark
Type	security
Severity	important
References	1204822,1206189,1206190,CVE-2022-3725

Description:

This update for wireshark fixes the following issues:
Update to version 3.6.10:

CVE-2022-3725: OPUS dissector crash (bsc#1204822).
Multiple dissector infinite loops (bsc#1206189).
Kafka dissector memory exhaustion (bsc#1206190).

Advisory ID	SUSE-RU-2022:4455-1
Released	Tue Dec 13 11:53:31 2022
Summary	Recommended update for 389-ds
Type	recommended
Severity	moderate
References	1205974

Description:

This update for 389-ds fixes the following issues:

support pam_saslauthd for authentication pass through requirements. (jsc#PED-2701 bsc#1205974)

Update to version 2.0.17~git7.959d36e:

RFE - split pass through auth cli
BUG - Pam PTA multiple issues
Increase default task TTL

Update to version 2.0.17~git4.9447f5f:

Fix typo in `lib389.cli_conf.backend._get_backend` (#5542)
Make logger's parameter name unified (#5540)
Bump VERSION.sh to 2.0.17
Fix a rebase typo (#5537)
Bump version ot 2.0.17
Add copyright text to the repository files
Make db compaction TOD day more robust.
UI - Fix npm vulnerability in loader-utils
UI - fix audit issue with npm loader-utils (#5514)
Fix dsctl tls ca-certfiicate add-cert arg requirement
RFE - CLI allow adding CA certificate bundles
memberof is slow on update/fixup if there are several 'groupattr' (#5455)

Advisory ID	SUSE-SU-2022:4457-1
Released	Tue Dec 13 13:10:48 2022
Summary	Security update for libtpms
Type	security
Severity	moderate
References	1187767,1204556,CVE-2021-3623

Description:

This update for libtpms fixes the following issues:

CVE-2021-3623: Fixed out-of-bounds access when trying to resume the state of the vTPM (bsc#1187767)

Advisory ID	SUSE-RU-2022:4458-1
Released	Tue Dec 13 13:16:04 2022
Summary	Recommended update for container-suseconnect
Type	recommended
Severity	moderate
References	1186827

Description:

This update for container-suseconnect fixes the following issues:
container-suseconnect was updated to 2.4.0 (jsc#PED-1710):

Fix docker build example for non-SLE hosts
Minor fixes to --help and README
Improve documentation when building with podman on non-SLE host
Add flag --log-credentials-errors
Update capture to the 1.0.0 release
Use URL.Redacted() to avoid security scanner warning
Regcode fix

strip binaries (removes 4MB/25% of the uncompressed size) (bsc#1186827)

Advisory ID	SUSE-SU-2022:4462-1
Released	Tue Dec 13 17:00:38 2022
Summary	Security update for MozillaFirefox
Type	security
Severity	important
References	1206242,CVE-2022-46872,CVE-2022-46874,CVE-2022-46875,CVE-2022-46878,CVE-2022-46880,CVE-2022-46881,CVE-2022-46882

Description:

This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 102.6.0 ESR (bsc#1206242):

CVE-2022-46880: Use-after-free in WebGL
CVE-2022-46872: Arbitrary file read from a compromised content process
CVE-2022-46881: Memory corruption in WebGL
CVE-2022-46874: Drag and Dropped Filenames could have been truncated to malicious extensions
CVE-2022-46875: Download Protections were bypassed by .atloc and .ftploc files on Mac OS
CVE-2022-46882: Use-after-free in WebGL
CVE-2022-46878: Memory safety bugs fixed in Firefox 108 and Firefox ESR 102.6

Advisory ID	SUSE-SU-2022:4463-1
Released	Tue Dec 13 17:04:31 2022
Summary	Security update for containerd
Type	security
Severity	important
References	1197284,1206065,1206235,CVE-2022-23471,CVE-2022-27191

Description:

This update for containerd fixes the following issues:
Update to containerd v1.6.12 including Docker v20.10.21-ce (bsc#1206065).
Also includes the following fix:

CVE-2022-23471: host memory exhaustion through Terminal resize goroutine leak (bsc#1206235).
CVE-2022-27191: crash in a golang.org/x/crypto/ssh server (bsc#1197284).

Advisory ID	SUSE-feature-2022:4464-1
Released	Wed Dec 14 05:56:21 2022
Summary	feature update for YaST
Type	feature
Severity	important
References	1204180,1205918

Description:

This update for YaST fixes the following issues:
autoyast2:

Add needed packages for kdump if the product enables kdump by default (bsc#1204180)
Add support for DISA STIG security policy validation (jsc#SLE-25087, jsc#SLE-24764)

skelcd-control-leanos:

Add support for DISA STIG security policy validation (jsc#SLE-25087, jsc#SLE-24764)

yast2-installation:

Fixed the help in the installation summary (jsc#SLE-25087, jsc#SLE-24764)
Write configuration for ssg-apply script according to the enabled security policy (jsc#SLE-25087, jsc#SLE-24764)

yast2-schema-default:

Add support for DISA STIG security policy validation (jsc#SLE-25087, jsc#SLE-24764)

yast2-security:

Fixed wrong steps count causing a crash during saving (bsc#1205918)
Disable the ssg-apply service if the selected SCAP action is 'do nothing' (jsc#SLE-25087, jsc#SLE-24764)
Add support for DISA STIG security policy validation (jsc#SLE-25087, jsc#SLE-24764)

yast2-storage-ng:

Validate security policies in both guided proposal and partitioner (jsc#SLE-25087, jsc#SLE-24764)

Advisory ID	SUSE-RU-2022:4465-1
Released	Wed Dec 14 05:58:28 2022
Summary	Recommended update for motif
Type	recommended
Severity	important
References	1205253

Description:

This update for motif fixes the following issues:

Fix to prevent third party application crash (bsc#1205253)

Advisory ID	SUSE-RU-2022:4466-1
Released	Wed Dec 14 05:59:27 2022
Summary	Recommended update for python-kiwi
Type	recommended
Severity	moderate
References	1203896

Description:

This update for python-kiwi fixes the following issues:
Version update from 9.24.36 to 9.24.43:

Add example aarch64 integration test for Ubuntu
Add option '--target-arch' for image info to allow cross architecture dependency solving
Add support for group id in users setting
Fix error handling for setfiles policy lookup and ensure the path to run scandir is properly created
Fix handling of signing_keys in cmdline options
Fix helper method to detect dracut outfile format
Fix 'kexec' options setup in kiwi-dump-reboot
Fix issues with the setfiles SELinux relabel command
Prefer file based syscall in kexec when possible, needed to support boot on a secure boot enabled system (bsc#1203896)
Setup SELinux on every system prepare / build

Advisory ID	SUSE-RU-2022:4467-1
Released	Wed Dec 14 06:00:36 2022
Summary	Recommended update for python-parallax
Type	recommended
Severity	important
References	1205116

Description:

This update for python-parallax fixes the following issues:

Fix parallax file descriptor leakage (bsc#1205116)

Advisory ID	SUSE-RU-2022:4469-1
Released	Wed Dec 14 06:05:13 2022
Summary	Recommended update for sudo
Type	recommended
Severity	important
References	1197998

Description:

This update for sudo fixes the following issues:

Change sudo-ldap schema from ASCII to UTF8 to fix a regression introduced in a previous maintenance update (bsc#1197998)

Advisory ID	SUSE-RU-2022:4472-1
Released	Wed Dec 14 06:08:43 2022
Summary	Recommended update for pesign
Type	recommended
Severity	moderate
References	1205323

Description:

This update for pesign fixes the following issues:

Fix OID array indices (bsc#1205323)

Advisory ID	SUSE-RU-2022:4474-1
Released	Wed Dec 14 07:45:26 2022
Summary	Recommended update for python-paramiko
Type	recommended
Severity	moderate
References	1205132

Description:

This update for python-paramiko fixes the following issues:

Fix loading of RSA key (bsc#1205132)

Advisory ID	SUSE-RU-2022:4476-1
Released	Wed Dec 14 10:48:21 2022
Summary	Maintenance update for SUSE Manager 4.3: Server
Type	recommended
Severity	important
References

Description:

Maintenance update for SUSE Manager 4.3: Server:
This is a codestream only update

Advisory ID	SUSE-SU-2022:4478-1
Released	Wed Dec 14 11:59:24 2022
Summary	Security update for capnproto
Type	security
Severity	moderate
References	1205968,CVE-2022-46149

Description:

This update for capnproto fixes the following issues:

CVE-2022-46149: Fixed out of bounds read when handling a list of lists (bsc#1205968).

Advisory ID	SUSE-SU-2022:4479-1
Released	Wed Dec 14 12:41:39 2022
Summary	Security update for xorg-x11-server
Type	security
Severity	important
References	1205874,1205875,1205876,1205877,1205878,1205879,1206017,CVE-2022-4283,CVE-2022-46340,CVE-2022-46341,CVE-2022-46342,CVE-2022-46343,CVE-2022-46344

Description:

This update for xorg-x11-server fixes the following issues:

CVE-2022-46340: Server XTestSwapFakeInput stack overflow (bsc#1205874)
CVE-2022-46341: Server XIPassiveUngrabDevice out-of-bounds access (bsc#1205877)
CVE-2022-46342: Server XvdiSelectVideoNotify use-after-free (bsc#1205879)
CVE-2022-46343: Server ScreenSaverSetAttributes use-after-free (bsc#1205878)
CVE-2022-46344: Server XIChangeProperty out-of-bounds access (bsc#1205876)
CVE-2022-4283: Reset the radio_groups pointer to NULL after freeing it (bsc#1206017)
Xi: return an error from XI property changes if verification failed (bsc#1205875)

Advisory ID	SUSE-SU-2022:4480-1
Released	Wed Dec 14 12:42:46 2022
Summary	Security update for xorg-x11-server
Type	security
Severity	important
References	1205874,1205875,1205876,1205877,1205878,1205879,1206017,CVE-2022-4283,CVE-2022-46340,CVE-2022-46341,CVE-2022-46342,CVE-2022-46343,CVE-2022-46344

Description:

This update for xorg-x11-server fixes the following issues:

CVE-2022-46340: Server XTestSwapFakeInput stack overflow (bsc#1205874)
CVE-2022-46341: Server XIPassiveUngrabDevice out-of-bounds access (bsc#1205877)
CVE-2022-46342: Server XvdiSelectVideoNotify use-after-free (bsc#1205879)
CVE-2022-46343: Server ScreenSaverSetAttributes use-after-free (bsc#1205878)
CVE-2022-46344: Server XIChangeProperty out-of-bounds access (bsc#1205876)
CVE-2022-4283: Reset the radio_groups pointer to NULL after freeing it (bsc#1206017)
Xi: return an error from XI property changes if verification failed (bsc#1205875)

Advisory ID	SUSE-SU-2022:4487-1
Released	Wed Dec 14 12:46:08 2022
Summary	Security update for xwayland
Type	security
Severity	important
References	1205874,1205875,1205876,1205877,1205878,1205879,1206017,CVE-2022-4283,CVE-2022-46340,CVE-2022-46341,CVE-2022-46342,CVE-2022-46343,CVE-2022-46344

Description:

This update for xwayland fixes the following issues:

CVE-2022-46340: Server XTestSwapFakeInput stack overflow (bsc#1205874)
CVE-2022-46342: Server XvdiSelectVideoNotify use-after-free (bsc#1205879)
CVE-2022-46344: Server XIChangeProperty out-of-bounds access (bsc#1205876)
CVE-2022-46343: Server ScreenSaverSetAttributes use-after-free (bsc#1205878)
CVE-2022-46341: Server XIPassiveUngrabDevice out-of-bounds access (bsc#1205877)
CVE-2022-4283: Reset the radio_groups pointer to NULL after freeing it (bsc#1206017)

Advisory ID	SUSE-SU-2022:4488-1
Released	Wed Dec 14 13:22:53 2022
Summary	Security update for apache2-mod_wsgi
Type	security
Severity	moderate
References	1201634,CVE-2022-2255

Description:

This update for apache2-mod_wsgi fixes the following issues:

CVE-2022-2255: Hardened the trusted proxy header filter to avoid bypass. (bsc#1201634)

Advisory ID	SUSE-RU-2022:4489-1
Released	Wed Dec 14 13:28:22 2022
Summary	Recommended update for keepalived
Type	recommended
Severity	moderate
References

Description:

This update of keepalived fixes the following issues:

rebuild against the new net-snmp (jsc#SLE-11203).
rebuild against the new libipset (jsc#PED-2086).

Advisory ID	SUSE-RU-2022:4491-1
Released	Wed Dec 14 13:31:51 2022
Summary	Recommended update for libsodium, python-Django, python-PyNaCl, python-cffi, python-hypothesis, python-packaging, python-readthedocs-sphinx-ext, python-semver, python-sphinx_rtd_theme
Type	recommended
Severity	important
References	1111657,1144506,1148184,1186870,1199282

Description:

This update for libsodium, python-Django, python-PyNaCl, python-cffi, python-hypothesis, python-packaging, python-readthedocs-sphinx-ext, python-semver, python-sphinx_rtd_theme fixes the following issues:
libsodium:

Version update from 1.0.16 to 1.0.18 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) * Enterprise versions of Visual Studio are now supported * Visual Studio 2019 is now supported * 32-bit binaries for Visual Studio 2010 are now provided * Emscripten: print and printErr functions are overridden to send errors to the console, if there is one * Emscripten: UTF8ToString() is now exported since Pointer_stringify() has been deprecated * Libsodium version detection has been fixed in the CMake recipe * Generic hashing got a 10% speedup on AVX2. * New target: WebAssembly/WASI (compile with dist-builds/wasm32-wasi.sh) * New functions to map a hash to an edwards25519 point or get a random point: core_ed25519_from_hash() and core_ed25519_random() * crypto_core_ed25519_scalar_mul() has been implemented for scalar*scalar (mod L) multiplication * Support for the Ristretto group has been implemented for interoperability with wasm-crypto * Improvements have been made to the test suite * Portability improvements have been made * 'randombytes_salsa20' has been 'renamed to randombytes_internal' * Support for NativeClient has been removed * Most ((nonnull)) attributes have been relaxed to allow 0-length inputs to be NULL. * The -ftree-vectorize and -ftree-slp-vectorize compiler switches are now used, if available, for optimized builds * For the full list of changes please consult the packaged ChangeLog
Disable LTO to bypass build failures on Power PC architecture (bsc#1148184)

python-cffi:

Version update from 1.11.2 to 1.15.0 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) * Fixed MANIFEST.in to include missing file for Windows arm64 support * Fixed Linux wheel build to use gcc default ISA for libffi * Updated setup.py Python trove specifiers to currently-tested Python versions * CPython 3.10 support (including wheels) * MacOS arm64 support (including wheels) * Initial Windows arm64 support * Misc. doc and test updates
Fix for using to proper void returning function not to corrupt memory in tests. (bsc#1111657)

python-Django:

New package at version 2.0.7 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)

python-hypothesis:

Version update from 3.40.1 to 3.76.0 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) * This release deprecates using floats for min_size and max_size * The type hint for average_size arguments has been changed from Optional[int] to None, because non-None values are always ignored and deprecated. * Fix a broken link in a docstring * Deprecate the use of 'min_size=None', setting the mdefault min_size to 0 * Strategies are now fully constructed and validated before the timer is started * Fix some broken formatting and links in the documentation * Check that the value of the print_blob setting is a PrintSettings instance * Being able to specify a boolean value was not intended, and is now deprecated. In addition, specifying True will now cause the blob to always be printed, instead of causing it to be suppressed. * Specifying any value that is not a PrintSettings or a boolean is now an error * Changes the documentation for hypothesis.strategies.datetimes, hypothesis.strategies.dates, hypothesis.strategies.times to use the new parameter names min_value and max_value instead of the deprecated names * Ensure that Hypothesis deprecation warnings display the code that emitted them when you’re not running in -Werror mode * For the full list of changes please consult the changelog at https://hypothesis.readthedocs.io/en/latest/changes.html#v3-76-0

python-packaging:

Version update from 16.8 to 21.3 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) * Fix testsuite on big-endian targets * Ignore python3.6.2 since the test doesn't support it * Replace the blank pyparsing 3 exclusion with a 3.0.5 exclusion * Fix a spelling mistake * Work around dependency generator issues (bsc#1186870) * Remove dependency on attrs (bsc#1144506) * Update documentation entry for 21.1. * Update pin to pyparsing to exclude 3.0.0. * PEP 656: musllinux support * Drop support for Python 2.7, Python 3.4 and Python 3.5. * Replace distutils usage with sysconfig * Add support for zip files in `parse_sdist_filename` * Use cached `_hash` attribute to short-circuit tag equality comparisons * Specify the default value for the `specifier` argument to `SpecifierSet` * Proper keyword-only 'warn' argument in packaging.tags * Correctly remove prerelease suffixes from ~= check * Fix type hints for `Version.post`` and `Version.dev` * Use typing alias `UnparsedVersion`` * Improve type inference for `packaging.specifiers.filter()` * Tighten the return type of `canonicalize_version()` * For the full list of changes please consult the packaged CHANGELOG file

python-PyNaCl: - Version update from 1.2.1 to 1.4.0 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) * Add dependency requirement to python-six, needed by the testsuite * Update `libsodium` to 1.0.18. * **BACKWARDS INCOMPATIBLE:** We no longer distribute 32-bit `manylinux1` wheels. Continuing to produce them was a maintenance burden. * Added support for Python 3.8, and removed support for Python 3.4. * Add low level bindings for extracting the seed and the public key from crypto_sign_ed25519 secret key * Add low level bindings for deterministic random generation. * Add `wheel` and `setuptools` setup_requirements in `setup.py` * Fix checks on very slow builders (#481, #495) * Add low-level bindings to ed25519 arithmetic functions * Update low-level blake2b state implementation * Fix wrong short-input behavior of SealedBox.decrypt() * Raise CryptPrefixError exception instead of InvalidkeyError when trying to check a password against a verifier stored in a unknown format * Add support for minimal builds of libsodium. Trying to call functions not available in a minimal build will raise an UnavailableError exception. To compile a minimal build of the bundled libsodium, set the SODIUM_INSTALL_MINIMAL environment variable to any non-empty string (e.g. `SODIUM_INSTALL_MINIMAL=1`) for setup. python-semver:

New package at version 2.13.0 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)

python-sphinx_rtd_theme:

Version update from 0.2.4 to 0.5.1 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) * Add github, gitlab, bitbucket page arguments option * Add html language attribute * Add language to the JS output variable * Add open list spacing * Add option to style external links * Add pygments support * Add setuptools entry point allowing to use sphinx_rtd_theme as Sphinx html_theme directly. * Add Sphinx as a dependency * Allow setting 'rel' and 'title' attributes for stylesheets * Changed code and literals to use a native font stack * Color accessibility improvements on the left navigation * Compress our Javascript files * Do not rely on readthedocs.org for CSS/JS * Fix line height adjustments for Liberation Mono * Fix line number spacing to align with the code lines * Fix many sidebar glitches * Fix many styling issues * Fix mkdocs version selector * Fix small styling issues * Fix some HTML warnings and errors * Fix table centering * Hide Edit links on auto created pages * Include missing font files with the theme * Updated dependencies * Write theme version and build date at top of JavaScript and CSS

Advisory ID	SUSE-RU-2022:4492-1
Released	Wed Dec 14 13:52:39 2022
Summary	Recommended update for mozilla-nss
Type	recommended
Severity	moderate
References	1191546,1198980,1201298

Description:

This update for mozilla-nss fixes the following issues:

FIPS: Disapprove the creation of DSA keys, i.e. mark them as not-fips (bsc#1201298)
FIPS: Allow the use SHA keygen mechs (bsc#1191546).
FIPS: ensure abort() is called when the repeat integrity check fails (bsc#1198980).

Advisory ID	SUSE-RU-2022:4499-1
Released	Thu Dec 15 10:48:49 2022
Summary	Recommended update for openssh
Type	recommended
Severity	moderate
References	1179465

Description:

This update for openssh fixes the following issues:

Make ssh connections update their dbus environment (bsc#1179465): * Add openssh-dbus.sh, openssh-dbus.csh, openssh-dbus.fish

Advisory ID	SUSE-RU-2022:4502-1
Released	Fri Dec 16 08:53:52 2022
Summary	Recommended update for rekor
Type	recommended
Severity	moderate
References

Description:

This update for rekor fixes the following issues:
Rekor was updated to 1.0.1 (jsc#SLE-23476):

stop inserting envelope hash for intoto:0.0.2 types into index

build with FIPSified go1.18.

updated to rekor 1.0.0 (jsc#SLE-23476):

add description on /api/v1/index/retrieve endpoint
Adding e2e test coverage
export rekor build/version information
Use POST instead of GET for /api/log/entries/retrieve metrics.
Search through all shards when searching
verify: verify checkpoint's STH against the inclusion proof root hash
add ability to enable/disable specific rekor API endpoints
enable configurable client retries with backoff in RekorClient
remove dead code around api-key and timestamp references
update swagger API version to 1.0.0
remove unused RekorVersion API definition
install gocovmerge in hack/tools
add retry command line flag on rekor-cli
Add some info and debug logging to commonly used funcs

updated to rekor 0.12.2 (jsc#SLE-23476):

add description on /api/v1/index/retrieve endpoint
Adding e2e test coverage
export rekor build/version information
Use POST instead of GET for /api/log/entries/retrieve metrics.
Search through all shards when searching by hash

updated to rekor 0.12.1 (jsc#SLE-23476):

** Rekor ** v0.12.1 comes with a breaking change to rekor-cli v0.12.1. Users of rekor-cli MUST upgrade to the latest version The addition of the intotov2 created a breaking change for the rekor-cli

What's Changed

- fix: fix harness tests with intoto v0.0.2 - feat: add file based signer and password - Adds new rekor metrics for latency and QPS.

Advisory ID	SUSE-SU-2022:4504-1
Released	Fri Dec 16 13:28:48 2022
Summary	Security update for the Linux Kernel
Type	security
Severity	important
References	1065729,1156395,1164051,1184350,1189297,1190256,1193629,1194869,1202341,1203183,1204631,1204636,1204693,1204810,1204850,1205007,1205100,1205111,1205128,1205130,1205149,1205153,1205220,1205331,1205428,1205473,1205514,1205617,1205653,1205744,1205764,1205796,1205882,1205993,1206035,1206036,1206037,1206046,1206047,1206051,1206056,1206057,1206113,1206114,1206147,1206149,1206207,1206273,CVE-2022-2602,CVE-2022-3176,CVE-2022-3566,CVE-2022-3567,CVE-2022-3635,CVE-2022-3643,CVE-2022-3707,CVE-2022-3903,CVE-2022-4095,CVE-2022-4129,CVE-2022-4139,CVE-2022-41850,CVE-2022-41858,CVE-2022-42328,CVE-2022-42329,CVE-2022-42895,CVE-2022-42896,CVE-2022-4378,CVE-2022-43945,CVE-2022-45869,CVE-2022-45888,CVE-2022-45934

Description:

The SUSE Linux Enterprise 15 SP4 Azure kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207).
CVE-2022-42328: Guests could trigger denial of service via the netback driver (bnc#1206114).
CVE-2022-42329: Guests could trigger denial of service via the netback driver (bnc#1206113).
CVE-2022-3643: Guests could trigger NIC interface reset/abort/crash via netback driver (bnc#1206113).
CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c of the component IPsec (bsc#1204631). - CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960).
CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796).
CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() of the component IPv6 Handler (bsc#1204414).
CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671).
CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128).
CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514).
CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220).
CVE-2022-45869: Fixed a race condition in the x86 KVM subsystem which could cause a denial of service (bsc#1205882).
CVE-2022-45888: Fixed a use-after-free during physical removal of a USB devices when using drivers/char/xillybus/xillyusb.c (bsc#1205764).
CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700).
CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711)
CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709).
CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705).
CVE-2022-3566: Fixed a race condition in the functions tcp_getsockopt/tcp_setsockopt of the component TCP Handler. The manipulation leads to race condition (bsc#1204405).
CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1204228).
CVE-2022-3176: Fixed a use-after-free in io_uring related to signalfd_poll() and binder_poll() (bsc#1203391).
CVE-2022-3707: Fixed a double free in the Intel GVT-g graphics driver (bsc#1204780).
CVE-2022-41850: Fixed a use-after-free in roccat_report_event in drivers/hid/hid-roccat.c (bnc#1203960).

The following non-security bugs were fixed:

ACPI: APEI: Fix integer overflow in ghes_estatus_pool_init() (git-fixes).
ACPI: HMAT: Fix initiator registration for single-initiator systems (git-fixes).
ACPI: HMAT: remove unnecessary variable initialization (git-fixes).
ACPI: scan: Add LATT2021 to acpi_ignore_dep_ids[] (git-fixes).
ACPI: x86: Add another system to quirk list for forcing StorageD3Enable (git-fixes).
ALSA: dice: fix regression for Lexicon I-ONIX FW810S (git-fixes).
ALSA: hda/ca0132: add quirk for EVGA Z390 DARK (git-fixes).
ALSA: hda/hdmi - enable runtime pm for more AMD display audio (git-fixes).
ALSA: hda/realtek: Add Positivo C6300 model quirk (git-fixes).
ALSA: hda/realtek: Add quirk for ASUS Zenbook using CS35L41 (git-fixes).
ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 (bsc#1205100).
ALSA: hda/realtek: fix speakers for Samsung Galaxy Book Pro (bsc#1205100).
ALSA: hda: fix potential memleak in 'add_widget_node' (git-fixes).
ALSA: usb-audio: Add DSD support for Accuphase DAC-60 (git-fixes).
ALSA: usb-audio: Add quirk entry for M-Audio Micro (git-fixes).
ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() (git-fixes).
ALSA: usb-audio: Remove redundant workaround for Roland quirk (bsc#1205111).
ALSA: usb-audio: Yet more regression for for the delayed card registration (bsc#1205111).
ALSA: usb-audio: add quirk to fix Hamedal C20 disconnect issue (git-fixes).
ARM: at91: rm9200: fix usb device clock id (git-fixes).
ARM: dts: am335x-pcm-953: Define fixed regulators in root node (git-fixes).
ARM: dts: at91: sam9g20ek: enable udc vbus gpio pinctrl (git-fixes).
ARM: dts: imx6q-prti6q: Fix ref/tcxo-clock-frequency properties (git-fixes).
ARM: dts: imx7: Fix NAND controller size-cells (git-fixes).
ARM: mxs: fix memory leak in mxs_machine_init() (git-fixes).
ASoC: Intel: bytcht_es8316: Add quirk for the Nanote UMPC-01 (git-fixes).
ASoC: Intel: sof_sdw: add quirk variant for LAPBC710 NUC15 (git-fixes).
ASoC: codecs: jz4725b: Fix spelling mistake 'Sourc' -> 'Source', 'Routee' -> 'Route' (git-fixes).
ASoC: codecs: jz4725b: add missed Line In power control bit (git-fixes).
ASoC: codecs: jz4725b: fix capture selector naming (git-fixes).
ASoC: codecs: jz4725b: fix reported volume for Master ctl (git-fixes).
ASoC: codecs: jz4725b: use right control for Capture Volume (git-fixes).
ASoC: core: Fix use-after-free in snd_soc_exit() (git-fixes).
ASoC: fsl_asrc fsl_esai fsl_sai: allow CONFIG_PM=N (git-fixes).
ASoC: fsl_sai: use local device pointer (git-fixes).
ASoC: max98373: Add checks for devm_kcalloc (git-fixes).
ASoC: mt6660: Keep the pm_runtime enables before component stuff in mt6660_i2c_probe (git-fixes).
ASoC: ops: Fix bounds check for _sx controls (git-fixes).
ASoC: rt1019: Fix the TDM settings (git-fixes).
ASoC: sgtl5000: Reset the CHIP_CLK_CTRL reg on remove (git-fixes).
ASoC: soc-pcm: Do not zero TDM masks in __soc_pcm_open() (git-fixes).
ASoC: soc-utils: Remove __exit for snd_soc_util_exit() (git-fixes).
ASoC: stm32: dfsdm: manage cb buffers cleanup (git-fixes).
ASoC: tas2764: Fix set_tdm_slot in case of single slot (git-fixes).
ASoC: tas2770: Fix set_tdm_slot in case of single slot (git-fixes).
ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK (git-fixes).
Bluetooth: 6LoWPAN: add missing hci_dev_put() in get_l2cap_conn() (git-fixes).
Bluetooth: Fix not cleanup led when bt_init fails (git-fixes).
Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM (git-fixes).
Bluetooth: L2CAP: Fix attempting to access uninitialized memory (git-fixes).
Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (git-fixes).
Decrease the number of SMB3 smbdirect client SGEs (bsc#1193629).
Do not enable CONFIG_ATARI_PARTITION (jsc#PED-1573)
Drivers: hv: Always reserve framebuffer region for Gen1 VMs (git-fixes).
Drivers: hv: Fix syntax errors in comments (git-fixes).
Drivers: hv: Never allocate anything besides framebuffer from framebuffer memory region (git-fixes).
Drivers: hv: fix repeated words in comments (git-fixes).
Drivers: hv: remove duplicate word in a comment (git-fixes).
Drivers: hv: vmbus: Accept hv_sock offers in isolated guests (git-fixes).
Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes).
Drivers: hv: vmbus: Do not wait for the ACPI device upon initialization (git-fixes).
Drivers: hv: vmbus: Fix kernel-doc (git-fixes).
Drivers: hv: vmbus: Optimize vmbus_on_event (git-fixes).
Drivers: hv: vmbus: Release cpu lock in error case (git-fixes).
Drivers: hv: vmbus: Use PCI_VENDOR_ID_MICROSOFT for better discoverability (git-fixes).
Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes).
Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes).
Drivers: hv: vmbus: fix typo in comment (git-fixes).
Fix formatting of client smbdirect RDMA logging (bsc#1193629).
HID: core: fix shift-out-of-bounds in hid_report_raw_event (git-fixes).
HID: hid-lg4ff: Add check for empty lbuf (git-fixes).
HID: hyperv: fix possible memory leak in mousevsc_probe() (git-fixes).
HID: playstation: add initial DualSense Edge controller support (git-fixes).
HID: saitek: add madcatz variant of MMO7 mouse device ID (git-fixes).
Handle variable number of SGEs in client smbdirect send (bsc#1193629).
IB/hfi1: Correctly move list in sc_disable() (git-fixes)
IB: Set IOVA/LENGTH on IB_MR in core/uverbs layers (git-fixes)
Input: goodix - try resetting the controller when no config is set (git-fixes).
Input: i8042 - fix leaking of platform device on module removal (git-fixes).
Input: iforce - invert valid length check when fetching device IDs (git-fixes).
Input: raydium_ts_i2c - fix memory leak in raydium_i2c_send() (git-fixes).
Input: soc_button_array - add Acer Switch V 10 to dmi_use_low_level_irq[] (git-fixes).
Input: soc_button_array - add use_low_level_irq module parameter (git-fixes).
Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode (git-fixes).
KVM: Move wiping of the kvm->vcpus array to common code (git-fixes).
KVM: SEV: Mark nested locking of vcpu->lock (git-fixes).
KVM: SVM: Disable SEV-ES support if MMIO caching is disable (git-fixes).
KVM: SVM: Stuff next_rip on emulated INT3 injection if NRIPS is supported (git-fixes).
KVM: SVM: adjust register allocation for __svm_vcpu_run() (git-fixes).
KVM: SVM: move guest vmsave/vmload back to assembly (git-fixes).
KVM: SVM: replace regs argument of __svm_vcpu_run() with vcpu_svm (git-fixes).
KVM: SVM: retrieve VMCB from assembly (git-fixes).
KVM: VMX: Add helper to check if the guest PMU has PERF_GLOBAL_CTRL (git-fixes).
KVM: VMX: Drop bits 31:16 when shoving exception error code into VMCS (git-fixes).
KVM: VMX: Mark all PERF_GLOBAL_(OVF)_CTRL bits reserved if there's no vPMU (git-fixes).
KVM: VMX: clear vmx_x86_ops.sync_pir_to_irr if APICv is disabled (bsc#1205007).
KVM: VMX: fully disable SGX if SECONDARY_EXEC_ENCLS_EXITING unavailable (git-fixes).
KVM: nVMX: Always enable TSC scaling for L2 when it was enabled for L1 (git-fixes).
KVM: nVMX: Attempt to load PERF_GLOBAL_CTRL on nVMX xfer iff it exists (git-fixes).
KVM: nVMX: Rename handle_vm{on,off}() to handle_vmx{on,off}() (git-fixes).
KVM: s390: Add a routine for setting userspace CPU state (git-fixes jsc#PED-611).
KVM: s390: Simplify SIGP Set Arch handling (git-fixes jsc#PED-611).
KVM: s390: pv: do not allow userspace to set the clock under PV (git-fixes).
KVM: s390: pv: leak the topmost page table when destroy fails (git-fixes).
KVM: x86/mmu: Fix wrong/misleading comments in TDP MMU fast zap (git-fixes).
KVM: x86/mmu: WARN if old _or_ new SPTE is REMOVED in non-atomic path (git-fixes).
KVM: x86/mmu: fix memoryleak in kvm_mmu_vendor_module_init() (git-fixes).
KVM: x86/pmu: Fix and isolate TSX-specific performance event logic (git-fixes).
KVM: x86/pmu: Update AMD PMC sample period to fix guest NMI-watchdog (git-fixes).
KVM: x86/pmu: Use different raw event masks for AMD and Intel (git-fixes).
KVM: x86/svm: Account for family 17h event renumberings in amd_pmc_perf_hw_id (git-fixes).
KVM: x86: Fully initialize 'struct kvm_lapic_irq' in kvm_pv_kick_cpu_op() (git-fixes).
KVM: x86: Hide IA32_PLATFORM_DCA_CAP[31:0] from the guest (git-fixes).
KVM: x86: Mask off reserved bits in CPUID.80000001H (git-fixes).
KVM: x86: Mask off reserved bits in CPUID.80000006H (git-fixes).
KVM: x86: Mask off reserved bits in CPUID.80000008H (git-fixes).
KVM: x86: Mask off reserved bits in CPUID.8000001AH (git-fixes).
KVM: x86: Report error when setting CPUID if Hyper-V allocation fails (git-fixes).
KVM: x86: Retry page fault if MMU reload is pending and root has no sp (bsc#1205744).
KVM: x86: Signal #GP, not -EPERM, on bad WRMSR(MCi_CTL/STATUS) (git-fixes).
KVM: x86: Treat #DBs from the emulator as fault-like (code and DR7.GD=1) (git-fixes).
KVM: x86: Use __try_cmpxchg_user() to emulate atomic accesses (git-fixes).
KVM: x86: Use __try_cmpxchg_user() to update guest PTE A/D bits (git-fixes).
KVM: x86: avoid loading a vCPU after .vm_destroy was called (git-fixes).
KVM: x86: emulator: em_sysexit should update ctxt->mode (git-fixes).
KVM: x86: emulator: introduce emulator_recalc_and_set_mode (git-fixes).
KVM: x86: emulator: update the emulation mode after CR0 write (git-fixes).
KVM: x86: emulator: update the emulation mode after rsm (git-fixes).
KVM: x86: use a separate asm-offsets.c file (git-fixes).
Kconfig: Add option for asm goto w/ tied outputs to workaround clang-13 bug (git-fixes).
MIPS: Loongson: Use hwmon_device_register_with_groups() to register hwmon (git-fixes).
NFC: nci: Bounds check struct nfc_target arrays (git-fixes).
NFC: nci: fix memory leak in nci_rx_data_packet() (git-fixes).
PCI: Move PCI_VENDOR_ID_MICROSOFT/PCI_DEVICE_ID_HYPERV_VIDEO definitions to pci_ids.h (git-fixes).
PCI: hv: Add validation for untrusted Hyper-V values (git-fixes).
PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (git-fixes).
RDMA/cm: Fix memory leak in ib_cm_insert_listen (git-fixes)
RDMA/cm: Use SLID in the work completion as the DLID in responder side (git-fixes)
RDMA/cma: Use output interface for net_dev check (git-fixes)
RDMA/core: Fix null-ptr-deref in ib_core_cleanup() (git-fixes)
RDMA/hfi1: Prevent panic when SDMA is disabled (git-fixes)
RDMA/hfi1: Prevent use of lock before it is initialized (git-fixes)
RDMA/hfi1: fix potential memory leak in setup_base_ctxt() (git-fixes)
RDMA/hns: Correct the type of variables participating in the shift operation (git-fixes)
RDMA/hns: Disable local invalidate operation (git-fixes)
RDMA/hns: Fix incorrect clearing of interrupt status register (git-fixes)
RDMA/hns: Fix supported page size (git-fixes)
RDMA/hns: Fix wrong fixed value of qp->rq.wqe_shift (git-fixes)
RDMA/hns: Remove magic number (git-fixes)
RDMA/hns: Remove the num_cqc_timer variable (git-fixes)
RDMA/hns: Remove the num_qpc_timer variable (git-fixes)
RDMA/hns: Remove unnecessary check for the sgid_attr when modifying QP (git-fixes)
RDMA/hns: Replace tab with space in the right-side comments (git-fixes)
RDMA/hns: Use hr_reg_xxx() instead of remaining roce_set_xxx() (git-fixes)
RDMA/irdma: Fix deadlock in irdma_cleanup_cm_core() (git-fixes)
RDMA/irdma: Use s/g array in post send only when its valid (git-fixes)
RDMA/mlx5: Set local port to one when accessing counters (git-fixes)
RDMA/qedr: clean up work queue on failure in qedr_alloc_resources() (git-fixes)
RDMA/rtrs-clt: Use the right sg_cnt after ib_dma_map_sg (git-fixes)
RDMA/rtrs-srv: Fix modinfo output for stringify (git-fixes)
RDMA/rxe: Limit the number of calls to each tasklet (git-fixes)
RDMA/rxe: Remove useless pkt parameters (git-fixes)
Reduce client smbdirect max receive segment size (bsc#1193629).
Revert 'net: phy: meson-gxl: improve link-up behavior' (git-fixes).
Revert 'tty: n_gsm: avoid call of sleeping functions from atomic context' (git-fixes).
Revert 'tty: n_gsm: replace kicktimer with delayed_work' (git-fixes).
Revert 'usb: dwc3: disable USB core PHY management' (git-fixes).
SCSI: scsi_probe_lun: retry INQUIRY after timeout (bsc#1189297).
SMB3: fix lease break timeout when multiple deferred close handles for the same file (bsc#1193629).
USB: bcma: Make GPIO explicitly optional (git-fixes).
USB: serial: option: add Fibocom FM160 0x0111 composition (git-fixes).
USB: serial: option: add Sierra Wireless EM9191 (git-fixes).
USB: serial: option: add u-blox LARA-L6 modem (git-fixes).
USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes).
USB: serial: option: remove old LARA-R6 PID (git-fixes).
arcnet: fix potential memory leak in com20020_probe() (git-fixes).
arm64/syscall: Include asm/ptrace.h in syscall_wrapper header (git-fixes).
arm64: Add AMPERE1 to the Spectre-BHB affected list (git-fixes).
arm64: Fix bit-shifting UB in the MIDR_CPU_MODEL() macro (git-fixes)
arm64: dts: imx8mm: Fix NAND controller size-cells (git-fixes).
arm64: dts: imx8mn: Fix NAND controller size-cells (git-fixes).
arm64: dts: qcom: sa8155p-adp: Specify which LDO modes are allowed (git-fixes).
arm64: dts: qcom: sm8150-xperia-kumano: Specify which LDO modes are allowed (git-fixes).
arm64: dts: qcom: sm8250-xperia-edo: Specify which LDO modes are allowed (git-fixes).
arm64: dts: qcom: sm8350-hdk: Specify which LDO modes are allowed (git-fixes).
arm64: dts: rockchip: add enable-strobe-pulldown to emmc phy on nanopi4 (git-fixes).
arm64: dts: rockchip: lower rk3399-puma-haikou SD controller clock frequency (git-fixes).
arm64: efi: Fix handling of misaligned runtime regions and drop warning (git-fixes).
arm64: errata: Add Cortex-A55 to the repeat tlbi list (git-fixes). Enable CONFIG_ARM64_ERRATUM_2441007, too
arm64: errata: Remove AES hwcap for COMPAT tasks (git-fixes) Enable CONFIG_ARM64_ERRATUM_1742098 in arm64/default
arm64: fix rodata=full again (git-fixes)
ata: libata-core: do not issue non-internal commands once EH is pending (git-fixes).
ata: libata-scsi: fix SYNCHRONIZE CACHE (16) command failure (git-fixes).
ata: libata-scsi: simplify __ata_scsi_queuecmd() (git-fixes).
ata: libata-transport: fix double ata_host_put() in ata_tport_add() (git-fixes).
ata: libata-transport: fix error handling in ata_tdev_add() (git-fixes).
ata: libata-transport: fix error handling in ata_tlink_add() (git-fixes).
ata: libata-transport: fix error handling in ata_tport_add() (git-fixes).
audit: fix undefined behavior in bit shift for AUDIT_BIT (git-fixes).
blk-cgroup: fix missing put device in error path from blkg_conf_pref() (git-fixes).
blk-mq: Properly init requests from blk_mq_alloc_request_hctx() (git-fixes).
blk-mq: do not create hctx debugfs dir until q->debugfs_dir is created (git-fixes).
blk-mq: fix io hung due to missing commit_rqs (git-fixes).
blk-wbt: call rq_qos_add() after wb_normal is initialized (git-fixes).
blktrace: Trace remapped requests correctly (git-fixes).
block/rnbd-srv: Set keep_id to true after mutex_trylock (git-fixes).
block: add bio_start_io_acct_time() to control start_time (git-fixes).
block: blk_queue_enter() / __bio_queue_enter() must return -EAGAIN for nowait (git-fixes).
block: drop unused includes in <linux/genhd.h> (git-fixes).
bridge: switchdev: Fix memory leaks when changing VLAN protocol (git-fixes).
btrfs: check if root is readonly while setting security xattr (bsc#1206147).
btrfs: do not allow compression on nodatacow files (bsc#1206149).
btrfs: export a helper for compression hard check (bsc#1206149).
btrfs: fix processing of delayed data refs during backref walking (bsc#1206056).
btrfs: fix processing of delayed tree block refs during backref walking (bsc#1206057).
btrfs: prevent subvol with swapfile from being deleted (bsc#1206035).
btrfs: send: always use the rbtree based inode ref management infrastructure (bsc#1206036).
btrfs: send: fix failures when processing inodes with no links (bsc#1206036).
btrfs: send: fix send failure of a subcase of orphan inodes (bsc#1206036).
btrfs: send: fix sending link commands for existing file paths (bsc#1206036).
btrfs: send: introduce recorded_ref_alloc and recorded_ref_free (bsc#1206036).
btrfs: send: refactor arguments of get_inode_info() (bsc#1206036).
btrfs: send: remove unused found_type parameter to lookup_dir_item_inode() (bsc#1206036).
btrfs: send: remove unused type parameter to iterate_inode_ref_t (bsc#1206036).
btrfs: send: use boolean types for current inode status (bsc#1206036).
bus: sunxi-rsb: Remove the shutdown callback (git-fixes).
bus: sunxi-rsb: Support atomic transfers (git-fixes).
ca8210: Fix crash by zero initializing data (git-fixes).
can: af_can: fix NULL pointer dereference in can_rx_register() (git-fixes).
can: cc770: cc770_isa_probe(): add missing free_cc770dev() (git-fixes).
can: etas_es58x: es58x_init_netdev(): free netdev when register_candev() (git-fixes).
can: j1939: j1939_send_one(): fix missing CAN header initialization (git-fixes).
can: m_can: Add check for devm_clk_get (git-fixes).
can: m_can: pci: add missing m_can_class_free_dev() in probe/remove methods (git-fixes).
can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev() (git-fixes).
capabilities: fix potential memleak on error path from vfs_getxattr_alloc() (git-fixes).
capabilities: fix undefined behavior in bit shift for CAP_TO_MASK (git-fixes).
ceph: allow ceph.dir.rctime xattr to be updatable (bsc#1206050).
ceph: avoid putting the realm twice when decoding snaps fails (bsc#1206051).
ceph: do not update snapshot context when there is no new snapshot (bsc#1206047).
ceph: fix inode reference leakage in ceph_get_snapdir() (bsc#1206048).
ceph: fix memory leak in ceph_readdir when note_last_dentry returns error (bsc#1206049).
ceph: properly handle statfs on multifs setups (bsc#1206045).
ceph: switch netfs read ops to use rreq->inode instead of rreq->mapping->host (bsc#1206046).
char: tpm: Protect tpm_pm_suspend with locks (git-fixes).
cifs: Add constructor/destructors for tcon->cfid (bsc#1193629).
cifs: Add helper function to check smb1+ server (bsc#1193629).
cifs: Do not access tcon->cfids->cfid directly from is_path_accessible (bsc#1193629).
cifs: Do not use tcon->cfid directly, use the cfid we get from open_cached_dir (bsc#1193629).
cifs: Fix connections leak when tlink setup failed (git-fixes).
cifs: Fix memory leak on the deferred close (bsc#1193629).
cifs: Fix memory leak when build ntlmssp negotiate blob failed (bsc#1193629).
cifs: Fix pages array leak when writedata alloc failed in cifs_writedata_alloc() (bsc#1193629).
cifs: Fix pages leak when writedata alloc failed in cifs_write_from_iter() (bsc#1193629).
cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message (bsc#1193629).
cifs: Fix wrong return value checking when GETFLAGS (git-fixes).
cifs: Fix xid leak in cifs_copy_file_range() (bsc#1193629).
cifs: Fix xid leak in cifs_create() (bsc#1193629).
cifs: Fix xid leak in cifs_flock() (bsc#1193629).
cifs: Fix xid leak in cifs_get_file_info_unix() (bsc#1193629).
cifs: Fix xid leak in cifs_ses_add_channel() (bsc#1193629).
cifs: Make tcon contain a wrapper structure cached_fids instead of cached_fid (bsc#1193629).
cifs: Move cached-dir functions into a separate file (bsc#1193629).
cifs: Replace a couple of one-element arrays with flexible-array members (bsc#1193629).
cifs: Use after free in debug code (git-fixes).
cifs: Use help macro to get the header preamble size (bsc#1193629).
cifs: Use help macro to get the mid header size (bsc#1193629).
cifs: add check for returning value of SMB2_close_init (git-fixes).
cifs: add check for returning value of SMB2_set_info_init (git-fixes).
cifs: add missing spinlock around tcon refcount (bsc#1193629).
cifs: alloc_mid function should be marked as static (bsc#1193629).
cifs: always initialize struct msghdr smb_msg completely (bsc#1193629).
cifs: always iterate smb sessions using primary channel (bsc#1193629).
cifs: avoid deadlocks while updating iface (bsc#1193629).
cifs: avoid unnecessary iteration of tcp sessions (bsc#1193629).
cifs: avoid use of global locks for high contention data (bsc#1193629).
cifs: cache the dirents for entries in a cached directory (bsc#1193629).
cifs: change iface_list from array to sorted linked list (bsc#1193629).
cifs: destage dirty pages before re-reading them for cache=none (bsc#1193629).
cifs: do not send down the destination address to sendmsg for a SOCK_STREAM (bsc#1193629).
cifs: drop the lease for cached directories on rmdir or rename (bsc#1193629).
cifs: during reconnect, update interface if necessary (bsc#1193629).
cifs: enable caching of directories for which a lease is held (bsc#1193629).
cifs: find and use the dentry for cached non-root directories also (bsc#1193629).
cifs: fix double-fault crash during ntlmssp (bsc#1193629).
cifs: fix lock length calculation (bsc#1193629).
cifs: fix memory leaks in session setup (bsc#1193629).
cifs: fix missing unlock in cifs_file_copychunk_range() (git-fixes).
cifs: fix race condition with delayed threads (bsc#1193629).
cifs: fix skipping to incorrect offset in emit_cached_dirents (bsc#1193629).
cifs: fix small mempool leak in SMB2_negotiate() (bsc#1193629).
cifs: fix static checker warning (bsc#1193629).
cifs: fix uninitialised var in smb2_compound_op() (bsc#1193629).
cifs: fix use-after-free caused by invalid pointer `hostname` (bsc#1193629).
cifs: fix use-after-free on the link name (bsc#1193629).
cifs: fix wrong unlock before return from cifs_tree_connect() (bsc#1193629).
cifs: improve handlecaching (bsc#1193629).
cifs: improve symlink handling for smb2+ (bsc#1193629).
cifs: lease key is uninitialized in smb1 paths (bsc#1193629).
cifs: lease key is uninitialized in two additional functions when smb1 (bsc#1193629).
cifs: list_for_each() -> list_for_each_entry() (bsc#1193629).
cifs: misc: fix spelling typo in comment (bsc#1193629).
cifs: move from strlcpy with unused retval to strscpy (bsc#1193629).
cifs: periodically query network interfaces from server (bsc#1193629).
cifs: populate empty hostnames for extra channels (bsc#1193629).
cifs: prevent copying past input buffer boundaries (bsc#1193629).
cifs: remove 'cifs_' prefix from init/destroy mids functions (bsc#1193629).
cifs: remove initialization value (bsc#1193629).
cifs: remove minor build warning (bsc#1193629).
cifs: remove redundant initialization to variable mnt_sign_enabled (bsc#1193629).
cifs: remove remaining build warnings (bsc#1193629).
cifs: remove some camelCase and also some static build warnings (bsc#1193629).
cifs: remove unnecessary (void*) conversions (bsc#1193629).
cifs: remove unnecessary locking of chan_lock while freeing session (bsc#1193629).
cifs: remove unnecessary type castings (bsc#1193629).
cifs: remove unused server parameter from calc_smb_size() (bsc#1193629).
cifs: remove useless DeleteMidQEntry() (bsc#1193629).
cifs: remove useless parameter 'is_fsctl' from SMB2_ioctl() (bsc#1193629).
cifs: replace kfree() with kfree_sensitive() for sensitive data (bsc#1193629).
cifs: return correct error in ->calc_signature() (bsc#1193629).
cifs: return errors during session setup during reconnects (bsc#1193629).
cifs: revalidate mapping when doing direct writes (bsc#1193629).
cifs: secmech: use shash_desc directly, remove sdesc (bsc#1193629).
cifs: set rc to -ENOENT if we can not get a dentry for the cached dir (bsc#1193629).
cifs: skip extra NULL byte in filenames (bsc#1193629).
cifs: store a pointer to a fid in the cfid structure instead of the struct (bsc#1193629).
cifs: truncate the inode and mapping when we simulate fcollapse (bsc#1193629).
cifs: update cifs_ses::ip_addr after failover (bsc#1193629).
cifs: update internal module number (bsc#1193629).
cifs: use ALIGN() and round_up() macros (bsc#1193629).
cifs: use LIST_HEAD() and list_move() to simplify code (bsc#1193629).
cifs: when a channel is not found for server, log its connection id (bsc#1193629).
cifs: when insecure legacy is disabled shrink amount of SMB1 code (bsc#1193629).
clocksource/drivers/hyperv: add data structure for reference TSC MSR (git-fixes).
cpufreq: intel_pstate: Handle no_turbo in frequency invariance (jsc#PED-849).
cpufreq: intel_pstate: Support Sapphire Rapids OOB mode (jsc#PED-849).
cpuidle: intel_idle: Drop redundant backslash at line end (jsc#PED-1936).
dm btree remove: fix use after free in rebalance_children() (git-fixes).
dm crypt: make printing of the key constant-time (git-fixes).
dm era: commit metadata in postsuspend after worker stops (git-fixes).
dm integrity: fix memory corruption when tag_size is less than digest size (git-fixes).
dm mirror log: clear log bits up to BITS_PER_LONG boundary (git-fixes).
dm raid: fix accesses beyond end of raid member array (git-fixes).
dm stats: add cond_resched when looping over entries (git-fixes).
dm thin: fix use-after-free crash in dm_sm_register_threshold_callback (git-fixes).
dm: fix double accounting of flush with data (git-fixes).
dm: interlock pending dm_io and dm_wait_for_bios_completion (git-fixes).
dm: properly fix redundant bio-based IO accounting (git-fixes).
dm: remove unnecessary assignment statement in alloc_dev() (git-fixes).
dm: return early from dm_pr_call() if DM device is suspended (git-fixes).
dm: revert partial fix for redundant bio-based IO accounting (git-fixes).
dma-buf: fix racing conflict of dma_heap_add() (git-fixes).
dmaengine: at_hdmac: Check return code of dma_async_device_register (git-fixes).
dmaengine: at_hdmac: Do not allow CPU to reorder channel enable (git-fixes).
dmaengine: at_hdmac: Do not call the complete callback on device_terminate_all (git-fixes).
dmaengine: at_hdmac: Do not start transactions at tx_submit level (git-fixes).
dmaengine: at_hdmac: Fix at_lli struct definition (git-fixes).
dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors (git-fixes).
dmaengine: at_hdmac: Fix concurrency over descriptor (git-fixes).
dmaengine: at_hdmac: Fix concurrency over the active list (git-fixes).
dmaengine: at_hdmac: Fix concurrency problems by removing atc_complete_all() (git-fixes).
dmaengine: at_hdmac: Fix descriptor handling when issuing it to hardware (git-fixes).
dmaengine: at_hdmac: Fix impossible condition (git-fixes).
dmaengine: at_hdmac: Fix premature completion of desc in issue_pending (git-fixes).
dmaengine: at_hdmac: Free the memset buf without holding the chan lock (git-fixes).
dmaengine: at_hdmac: Protect atchan->status with the channel lock (git-fixes).
dmaengine: at_hdmac: Start transfer for cyclic channels in issue_pending (git-fixes).
dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() (git-fixes).
dmaengine: pxa_dma: use platform_get_irq_optional (git-fixes).
dmaengine: ti: k3-udma-glue: fix memory leak when register device fail (git-fixes).
docs, kprobes: Fix the wrong location of Kprobes (git-fixes).
docs/core-api: expand Fedora instructions for GCC plugins (git-fixes).
drm/amd/display: Add HUBP surface flip interrupt handler (git-fixes).
drm/amdgpu: disable BACO on special BEIGE_GOBY card (git-fixes).
drm/amdgpu: set vm_update_mode=0 as default for Sienna Cichlid in SRIOV case (git-fixes).
drm/amdkfd: Fix NULL pointer dereference in svm_migrate_to_ram() (git-fixes).
drm/amdkfd: Migrate in CPU page fault use current mm (git-fixes).
drm/amdkfd: avoid recursive lock in migrations back to RAM (git-fixes).
drm/amdkfd: handle CPU fault on COW mapping (git-fixes).
drm/drv: Fix potential memory leak in drm_dev_init() (git-fixes).
drm/hyperv: Add ratelimit on error message (git-fixes).
drm/hyperv: Do not overwrite dirt_needed value set by host (git-fixes).
drm/i915/dmabuf: fix sg_table handling in map_dma_buf (git-fixes).
drm/i915/sdvo: Filter out invalid outputs more sensibly (git-fixes).
drm/i915/sdvo: Setup DDC fully before output init (git-fixes).
drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid (git-fixes).
drm/msm/hdmi: Remove spurious IRQF_ONESHOT flag (git-fixes).
drm/msm/hdmi: fix IRQ lifetime (git-fixes).
drm/panel: simple: set bpc field for logic technologies displays (git-fixes).
drm/rockchip: dsi: Force synchronous probe (git-fixes).
drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register() (git-fixes).
drm/vc4: kms: Fix IS_ERR() vs NULL check for vc4_kms (git-fixes).
drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() (git-fixes).
e1000e: Fix TX dispatch condition (git-fixes).
e100: Fix possible use after free in e100_xmit_prepare (git-fixes).
efi: random: Use 'ACPI reclaim' memory for random seed (git-fixes).
efi: random: reduce seed size to 32 bytes (git-fixes).
fbdev: smscufx: Fix several use-after-free bugs (git-fixes).
firmware: coreboot: Register bus in module init (git-fixes).
fm10k: Fix error handling in fm10k_init_module() (git-fixes).
ftrace: Fix null pointer dereference in ftrace_add_mod() (git-fixes).
ftrace: Fix the possible incorrect kernel message (git-fixes).
ftrace: Fix use-after-free for dynamic ftrace_ops (git-fixes).
ftrace: Optimize the allocation for mcount entries (git-fixes).
fuse: add file_modified() to fallocate (bsc#1205332).
fuse: fix readdir cache race (bsc#1205331).
fuse: lock inode unconditionally in fuse_fallocate() (bsc#1206273).
gpio: amd8111: Fix PCI device reference count leak (git-fixes).
hamradio: fix issue of dev reference count leakage in bpq_device_event() (git-fixes).
hv_netvsc: Fix potential dereference of NULL pointer (git-fixes).
hv_netvsc: Fix race between VF offering and VF association message from host (bsc#1204850).
hv_netvsc: Print value of invalid ID in netvsc_send_{completion,tx_complete}() (git-fixes).
hv_sock: Add validation for untrusted Hyper-V values (git-fixes).
hv_sock: Check hv_pkt_iter_first_raw()'s return value (git-fixes).
hv_sock: Copy packets sent by Hyper-V out of the ring buffer (git-fixes).
hwmon: (coretemp) Check for null before removing sysfs attrs (git-fixes).
hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() (git-fixes).
hwmon: (i5500_temp) fix missing pci_disable_device() (git-fixes).
hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails (git-fixes).
hwmon: (ina3221) Fix shunt sum critical calculation (git-fixes).
hwmon: (ltc2947) fix temperature scaling (git-fixes).
i2c: i801: add lis3lv02d's I2C address for Vostro 5568 (git-fixes).
i2c: imx: Only DMA messages with I2C_M_DMA_SAFE flag set (git-fixes).
i2c: npcm7xx: Fix error handling in npcm_i2c_init() (git-fixes).
i2c: tegra: Allocate DMA memory for DMA engine (git-fixes).
i2c: xiic: Add platform module alias (git-fixes).
ibmvnic: Free rwi on reset success (bsc#1184350 ltc#191533 git-fixes).
ieee802154: cc2520: Fix error return code in cc2520_hw_init() (git-fixes).
iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() (git-fixes).
iio: adc: mp2629: fix potential array out of bound access (git-fixes).
iio: adc: mp2629: fix wrong comparison of channel (git-fixes).
iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails (git-fixes).
iio: health: afe4403: Fix oob read in afe4403_read_raw (git-fixes).
iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw (git-fixes).
iio: light: apds9960: fix wrong register for gesture gain (git-fixes).
iio: light: rpr0521: add missing Kconfig dependencies (git-fixes).
iio: ms5611: Simplify IO callback parameters (git-fixes).
iio: pressure: ms5611: changed hardcoded SPI speed to value limited (git-fixes).
iio: pressure: ms5611: fixed value compensation bug (git-fixes).
iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() (git-fixes).
init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash (git-fixes).
intel_idle: Add AlderLake support (jsc#PED-824).
intel_idle: Fix SPR C6 optimization (jsc#PED-824 jsc#PED-1936).
intel_idle: Fix the 'preferred_cstates' module parameter (jsc#PED-824 jsc#PED-1936).
intel_idle: make SPR C1 and C1E be independent (jsc#PED-1936).
io-wq: Remove duplicate code in io_workqueue_create() (bnc#1205113).
io-wq: do not retry task_work creation failure on fatal conditions (bnc#1205113).
io-wq: ensure we exit if thread group is exiting (git-fixes).
io-wq: exclusively gate signal based exit on get_signal() return (git-fixes).
io-wq: fix cancellation on create-worker failure (bnc#1205113).
io-wq: fix silly logic error in io_task_work_match() (bnc#1205113).
io_uring: correct __must_hold annotation (git-fixes).
io_uring: drop ctx->uring_lock before acquiring sqd->lock (git-fixes).
io_uring: ensure IORING_REGISTER_IOWQ_MAX_WORKERS works with SQPOLL (git-fixes).
io_uring: fix io_timeout_remove locking (git-fixes).
io_uring: fix missing mb() before waitqueue_active (git-fixes).
io_uring: fix missing sigmask restore in io_cqring_wait() (git-fixes).
io_uring: fix possible poll event lost in multi shot mode (git-fixes).
io_uring: pin SQPOLL data before unlocking ring lock (git-fixes).
ipv6: ping: fix wrong checksum for large frames (bsc#1203183).
kABI: Fix kABI after 'KVM: x86/pmu: Use different raw event masks for AMD and Intel' (git-fixes).
kbuild: Unify options for BTF generation for vmlinux and modules (bsc#1204693).
kexec: turn all kexec_mutex acquisitions into trylocks (git-fixes).
mISDN: fix misuse of put_device() in mISDN_register_device() (git-fixes).
mISDN: fix possible memory leak in mISDN_dsp_element_register() (git-fixes).
mac80211: radiotap: Use BIT() instead of shifts (git-fixes).
mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add() (git-fixes).
macsec: Fix invalid error code set (git-fixes).
macsec: add missing attribute validation for offload (git-fixes).
macsec: clear encryption keys from the stack after setting up offload (git-fixes).
macsec: delete new rxsc when offload fails (git-fixes).
macsec: fix detection of RXSCs when toggling offloading (git-fixes).
macsec: fix secy->n_rx_sc accounting (git-fixes).
md/raid5: Ensure stripe_fill happens on non-read IO with journal (git-fixes).
md/raid5: Remove unnecessary bio_put() in raid5_read_one_chunk() (git-fixes).
md: Replace snprintf with scnprintf (git-fixes, bsc#1164051).
media: cros-ec-cec: limit msg.len to CEC_MAX_MSG_SIZE (git-fixes).
media: dvb-frontends/drxk: initialize err to 0 (git-fixes).
media: meson: vdec: fix possible refcount leak in vdec_probe() (git-fixes).
media: rkisp1: Do not pass the quantization to rkisp1_csm_config() (git-fixes).
media: rkisp1: Initialize color space on resizer sink and source pads (git-fixes).
media: rkisp1: Use correct macro for gradient registers (git-fixes).
media: rkisp1: Zero v4l2_subdev_format fields in when validating links (git-fixes).
media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE (git-fixes).
media: v4l: subdev: Fail graciously when getting try data for NULL state (git-fixes).
misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (git-fixes).
mmc: core: Fix ambiguous TRIM and DISCARD arg (git-fixes).
mmc: core: properly select voltage range without power cycle (git-fixes).
mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI (git-fixes).
mmc: mmc_test: Fix removal of debugfs file (git-fixes).
mmc: sdhci-brcmstb: Enable Clock Gating to save power (git-fixes).
mmc: sdhci-brcmstb: Fix SDHCI_RESET_ALL for CQHCI (git-fixes).
mmc: sdhci-brcmstb: Re-organize flags (git-fixes).
mmc: sdhci-esdhc-imx: correct CQHCI exit halt state check (git-fixes).
mmc: sdhci-esdhc-imx: use the correct host caps for MMC_CAP_8_BIT_DATA (git-fixes).
mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI (git-fixes).
mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce timeout (git-fixes).
mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() (git-fixes).
mmc: sdhci-sprd: Fix no reset data and command after voltage switch (git-fixes).
mmc: sdhci-tegra: Fix SDHCI_RESET_ALL for CQHCI (git-fixes).
mmc: sdhci_am654: Fix SDHCI_RESET_ALL for CQHCI (git-fixes).
mms: sdhci-esdhc-imx: Fix SDHCI_RESET_ALL for CQHCI (git-fixes).
mtd: parsers: bcm47xxpart: Fix halfblock reads (git-fixes).
mtd: parsers: bcm47xxpart: print correct offset on read error (git-fixes).
mtd: spi-nor: intel-spi: Disable write protection only if asked (git-fixes).
nbd: Fix incorrect error handle when first_minor is illegal in nbd_dev_add (git-fixes).
net/smc: Avoid overwriting the copies of clcsock callback functions (git-fixes).
net/smc: Fix an error code in smc_lgr_create() (git-fixes).
net/smc: Fix possible access to freed memory in link clear (git-fixes).
net/smc: Fix possible leaked pernet namespace in smc_init() (git-fixes).
net/smc: Fix slab-out-of-bounds issue in fallback (git-fixes).
net/smc: Fix sock leak when release after smc_shutdown() (git-fixes).
net/smc: Forward wakeup to smc socket waitqueue after fallback (git-fixes).
net/smc: Only save the original clcsock callback functions (git-fixes).
net/smc: Send directly when TCP_CORK is cleared (git-fixes).
net/smc: kABI workarounds for struct smc_link (git-fixes).
net/smc: kABI workarounds for struct smc_sock (git-fixes).
net/smc: send directly on setting TCP_NODELAY (git-fixes).
net/x25: Fix skb leak in x25_lapb_receive_frame() (git-fixes).
net: ethernet: nixge: fix NULL dereference (git-fixes).
net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed (git-fixes).
net: ethernet: ti: am65-cpsw: fix error handling in am65_cpsw_nuss_probe() (git-fixes).
net: hyperv: remove use of bpf_op_t (git-fixes).
net: mdio: fix unbalanced fwnode reference count in mdio_device_release() (git-fixes).
net: mdiobus: fix unbalanced node reference count (git-fixes).
net: phy: fix null-ptr-deref while probe() failed (git-fixes).
net: phy: marvell: add sleep time after enabling the loopback bit (git-fixes).
net: phy: mscc: macsec: clear encryption keys when freeing a flow (git-fixes).
net: smsc95xx: add support for Microchip EVB-LAN8670-USB (git-fixes).
net: stmmac: work around sporadic tx issue on link-up (git-fixes).
net: thunderbolt: Fix error handling in tbnet_init() (git-fixes).
net: thunderbolt: fix memory leak in tbnet_open() (git-fixes).
net: thunderx: Fix the ACPI memory leak (git-fixes).
net: usb: qmi_wwan: add Telit 0x103a composition (git-fixes).
net: wwan: iosm: fix dma_alloc_coherent incompatible pointer type (git-fixes).
net: wwan: iosm: fix kernel test robot reported error (git-fixes).
nfc/nci: fix race with opening and closing (git-fixes).
nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (git-fixes).
nfc: nxp-nci: Fix potential memory leak in nxp_nci_send() (git-fixes).
nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (git-fixes).
nfc: st-nci: fix incorrect sizing calculations in EVT_TRANSACTION (git-fixes).
nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION (git-fixes).
nfc: st-nci: fix memory leaks in EVT_TRANSACTION (git-fixes).
nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry() (git-fixes).
nilfs2: fix deadlock in nilfs_count_free_blocks() (git-fixes).
nilfs2: fix nilfs_sufile_mark_dirty() not set segment usage as dirty (git-fixes).
nilfs2: fix use-after-free bug of ns_writer on remount (git-fixes).
nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure (git-fixes).
panic, kexec: make __crash_kexec() NMI safe (git-fixes).
parport_pc: Avoid FIFO port location truncation (git-fixes).
phy: ralink: mt7621-pci: add sentinel to quirks table (git-fixes).
phy: stm32: fix an error code in probe (git-fixes).
pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map (git-fixes).
pinctrl: intel: Save and restore pins in 'direct IRQ' mode (git-fixes).
pinctrl: rockchip: list all pins in a possible mux route for PX30 (git-fixes).
pinctrl: single: Fix potential division by zero (git-fixes).
platform/surface: aggregator: Do not check for repeated unsequenced packets (git-fixes).
platform/x86/intel/pmt: Sapphire Rapids PMT errata fix (jsc#PED-2684 bsc#1205683).
platform/x86/intel: hid: add quirk to support Surface Go 3 (git-fixes).
platform/x86/intel: pmc: Do not unconditionally attach Intel PMC when virtualized (git-fixes).
platform/x86: acer-wmi: Enable SW_TABLET_MODE on Switch V 10 (SW5-017) (git-fixes).
platform/x86: asus-wmi: add missing pci_dev_put() in asus_wmi_set_xusb2pr() (git-fixes).
platform/x86: hp-wmi: Ignore Smart Experience App event (git-fixes).
platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi (git-fixes).
platform/x86: ideapad-laptop: Disable touchpad_switch (git-fixes).
platform/x86: touchscreen_dmi: Add info for the RCA Cambio W101 v2 2-in-1 (git-fixes).
powerpc/64: Fix build failure with allyesconfig in book3s_64_entry.S (bsc#1194869).
powerpc/boot: Explicitly disable usage of SPE instructions (bsc#1156395).
powerpc/kvm: Fix kvm_use_magic_page (bsc#1156395).
powerpc/pseries/vas: Declare pseries_vas_fault_thread_fn() as static (bsc#1194869).
proc: avoid integer type confusion in get_proc_long (git-fixes).
proc: proc_skip_spaces() shouldn't think it is working on C strings (git-fixes).
rbd: fix possible memory leak in rbd_sysfs_init() (git-fixes).
regulator: core: fix UAF in destroy_regulator() (git-fixes).
regulator: core: fix kobject release warning and memory leak in regulator_register() (git-fixes).
regulator: twl6030: re-add TWL6032_SUBCLASS (git-fixes).
ring-buffer: Include dropped pages in counting dirty patches (git-fixes).
ring_buffer: Do not deactivate non-existant pages (git-fixes).
s390/futex: add missing EX_TABLE entry to __futex_atomic_op() (bsc#1205427 LTC#200502).
s390/pci: add missing EX_TABLE entries to __pcistg_mio_inuser()/__pcilg_mio_inuser() (bsc#1205427 LTC#200502).
s390/uaccess: add missing EX_TABLE entries to __clear_user(), copy_in_user_mvcos(), copy_in_user_mvc(), clear_user_xc() and __strnlen_user() (bsc#1205428 LTC#200501).
s390: fix nospec table alignments (git-fixes).
sched: Clear ttwu_pending after enqueue_task() (git fixes (sched/core)).
sched: Disable sched domain debugfs creation on ppc64 unless sched_verbose is specified (bnc#1205653).
scripts/faddr2line: Fix regression in name resolution on ppc64le (git-fixes).
scsi: ibmvfc: Avoid path failures during live migration (bsc#1065729).
scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024 (bsc#1156395).
scsi: megaraid_sas: Correct value passed to scsi_device_lookup() (git-fixes).
scsi: mpt3sas: Fix return value check of dma_get_required_mask() (git-fixes).
scsi: qedf: Populate sysfs attributes for vport (git-fixes).
scsi: scsi_transport_sas: Fix error handling in sas_phy_add() (git-fixes).
scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes).
scsi: storvsc: Fix handling of srb_status and capacity change events (git-fixes).
scsi: storvsc: Fix typo in comment (git-fixes).
scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes).
scsi: storvsc: remove an extraneous 'to' in a comment (git-fixes).
scsi: zfcp: Fix double free of FSF request when qdio send fails (git-fixes).
selftests/intel_pstate: fix build for ARCH=x86_64 (git-fixes).
selftests: mptcp: fix mibit vs mbit mix up (git-fixes).
selftests: mptcp: make sendfile selftest work (git-fixes).
selftests: mptcp: more stable simult_flows tests (git-fixes).
selftests: rtnetlink: correct xfrm policy rule in kci_test_ipsec_offload (git-fixes).
serial: 8250: 8250_omap: Avoid RS485 RTS glitch on ->set_termios() (git-fixes).
serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs (git-fixes).
serial: 8250: Flush DMA Rx on RLSI (git-fixes).
serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove() (git-fixes).
serial: 8250: omap: Flush PM QOS work on remove (git-fixes).
serial: 8250_lpss: Configure DMA also w/o DMA filter (git-fixes).
serial: 8250_omap: remove wait loop from Errata i202 workaround (git-fixes).
serial: imx: Add missing .thaw_noirq hook (git-fixes).
siox: fix possible memory leak in siox_device_add() (git-fixes).
slimbus: stream: correct presence rate frequencies (git-fixes).
smb2: small refactor in smb2_check_message() (bsc#1193629).
smb3: Move the flush out of smb2_copychunk_range() into its callers (bsc#1193629).
smb3: add dynamic trace points for tree disconnect (bsc#1193629).
smb3: add trace point for SMB2_set_eof (bsc#1193629).
smb3: allow deferred close timeout to be configurable (bsc#1193629).
smb3: check xattr value length earlier (bsc#1193629).
smb3: clarify multichannel warning (bsc#1193629).
smb3: do not log confusing message when server returns no network interfaces (bsc#1193629).
smb3: fix empty netname context on secondary channels (bsc#1193629).
smb3: fix oops in calculating shash_setkey (bsc#1193629).
smb3: fix temporary data corruption in collapse range (bsc#1193629).
smb3: fix temporary data corruption in insert range (bsc#1193629).
smb3: improve SMB3 change notification support (bsc#1193629).
smb3: interface count displayed incorrectly (bsc#1193629).
smb3: missing inode locks in punch hole (bsc#1193629).
smb3: missing inode locks in zero range (bsc#1193629).
smb3: must initialize two ACL struct fields to zero (bsc#1193629).
smb3: remove unneeded null check in cifs_readdir (bsc#1193629).
smb3: rename encryption/decryption TFMs (bsc#1193629).
smb3: use filemap_write_and_wait_range instead of filemap_write_and_wait (bsc#1193629).
smb3: use netname when available on secondary channels (bsc#1193629).
smb3: workaround negprot bug in some Samba servers (bsc#1193629).
soc: imx8m: Enable OCOTP clock before reading the register (git-fixes).
soundwire: intel: Initialize clock stop timeout (bsc#1205507).
soundwire: qcom: check for outanding writes before doing a read (git-fixes).
soundwire: qcom: reinit broadcast completion (git-fixes).
speakup: fix a segfault caused by switching consoles (git-fixes).
spi: dw-dma: decrease reference count in dw_spi_dma_init_mfld() (git-fixes).
spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input clock (git-fixes).
spi: stm32: Print summary 'callbacks suppressed' message (git-fixes).
spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for every run (git-fixes).
spi: tegra210-quad: Fix duplicate resource error (git-fixes).
thunderbolt: Add DP OUT resource when DP tunnel is discovered (git-fixes).
tools: hv: Remove an extraneous 'the' (git-fixes).
tools: hv: kvp: remove unnecessary (void*) conversions (git-fixes).
tools: iio: iio_generic_buffer: Fix read size (git-fixes).
tracing/ring-buffer: Have polling block on watermark (git-fixes).
tracing: Fix memory leak in test_gen_synth_cmd() and test_empty_synth_event() (git-fixes).
tracing: Fix memory leak in tracing_read_pipe() (git-fixes).
tracing: Fix wild-memory-access in register_synth_event() (git-fixes).
tracing: kprobe: Fix memory leak in test_gen_kprobe/kretprobe_cmd() (git-fixes).
tracing: kprobe: Fix potential null-ptr-deref on trace_array in kprobe_event_gen_test_exit() (git-fixes).
tracing: kprobe: Fix potential null-ptr-deref on trace_event_file in kprobe_event_gen_test_exit() (git-fixes).
tty: n_gsm: fix sleep-in-atomic-context bug in gsm_control_send (git-fixes).
tty: serial: fsl_lpuart: do not break the on-going transfer when global reset (git-fixes).
usb: add NO_LPM quirk for Realforce 87U Keyboard (git-fixes).
usb: cdns3: host: fix endless superspeed hub port reset (git-fixes).
usb: cdnsp: Fix issue with Clear Feature Halt Endpoint (git-fixes).
usb: cdnsp: fix issue with ZLP - added TD_SIZE = 1 (git-fixes).
usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes).
usb: dwc3: exynos: Fix remove() function (git-fixes).
usb: dwc3: gadget: Clear ep descriptor last (git-fixes).
usb: dwc3: gadget: Return -ESHUTDOWN on ep disable (git-fixes).
usb: dwc3: gadget: conditionally remove requests (git-fixes).
usb: smsc: use eth_hw_addr_set() (git-fixes).
usb: typec: mux: Enter safe mode only when pins need to be reconfigured (git-fixes).
usb: xhci-mtk: check boundary before check tt (git-fixes).
usb: xhci-mtk: update fs bus bandwidth by bw_budget_table (git-fixes).
usbnet: smsc95xx: Do not reset PHY behind PHY driver's back (git-fixes).
v3 of 'PCI: hv: Only reuse existing IRTE allocation for Multi-MSI'
video/fbdev/stifb: Implement the stifb_fillrect() function (git-fixes).
virtio-blk: Use blk_validate_block_size() to validate block size (git-fixes).
vmxnet3: correctly report encapsulated LRO packet (git-fixes).
vmxnet3: use correct intrConf reference when using extended queues (git-fixes).
wifi: airo: do not assign -1 to unsigned char (git-fixes).
wifi: ath11k: Fix QCN9074 firmware boot on x86 (git-fixes).
wifi: ath11k: avoid deadlock during regulatory update in ath11k_regd_update() (git-fixes).
wifi: cfg80211: do not allow multi-BSSID in S1G (git-fixes).
wifi: cfg80211: fix buffer overflow in elem comparison (git-fixes).
wifi: cfg80211: fix memory leak in query_regdb_file() (git-fixes).
wifi: cfg80211: silence a sparse RCU warning (git-fixes).
wifi: mac80211: Fix ack frame idr leak when mesh has no route (git-fixes).
wifi: mac80211: fix memory free error when registering wiphy fail (git-fixes).
wifi: mac80211_hwsim: fix debugfs attribute ps with rc table support (git-fixes).
wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration (git-fixes).
wifi: wext: use flex array destination for memcpy() (git-fixes).
wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_CHANNEL_LIST attribute (git-fixes).
wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_OPER_CHANNEL attribute (git-fixes).
wifi: wilc1000: validate number of channels (git-fixes).
wifi: wilc1000: validate pairwise and authentication suite offsets (git-fixes).
x86/Xen: streamline (and fix) PV CPU enumeration (git-fixes).
x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3 (bsc#1206037).
x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473).
x86/entry: Work around Clang __bdos() bug (git-fixes).
x86/extable: Extend extable functionality (git-fixes).
x86/fpu: Drop fpregs lock before inheriting FPU permissions (bnc#1205282).
x86/futex: Remove .fixup usage (git-fixes).
x86/hyperv: Disable hardlockup detector by default in Hyper-V guests (git-fixes).
x86/hyperv: Fix 'struct hv_enlightened_vmcs' definition (git-fixes).
x86/hyperv: Update 'struct hv_enlightened_vmcs' definition (git-fixes).
x86/hyperv: fix invalid writes to MSRs during root partition kexec (git-fixes).
x86/kexec: Fix double-free of elf header buffer (bsc#1205567).
x86/microcode/AMD: Apply the patch early on every logical thread (bsc#1205264).
x86/uaccess: Implement macros for CMPXCHG on user addresses (git-fixes).
xen/gntdev: Accommodate VMA splitting (git-fixes).
xen/pcpu: fix possible memory leak in register_pcpu() (git-fixes).
xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32 (git-fixes).
xfs: convert XLOG_FORCED_SHUTDOWN() to xlog_is_shutdown() (git-fixes).
xfs: fix perag reference leak on iteration race with growfs (git-fixes).
xfs: fix xfs_ifree() error handling to not leak perag ref (git-fixes).
xfs: reserve quota for dir expansion when linking/unlinking files (bsc#1205616).
xfs: reserve quota for target dir expansion when renaming files (bsc#1205679).

Advisory ID	SUSE-SU-2022:4518-1
Released	Fri Dec 16 23:05:54 2022
Summary	Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP4)
Type	security
Severity	important
References	1203606,1204424,1204576,1205130,1205815,1206228,CVE-2022-3545,CVE-2022-3586,CVE-2022-41218,CVE-2022-4139,CVE-2022-4378,CVE-2022-43945

Description:

This update for the Linux Kernel 5.14.21-150400_24_11 fixes several issues.
The following security issues were fixed:

CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128).
CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207).
CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700).
CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439).
CVE-2022-3545: Fixed a use-after-free in area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415).
CVE-2022-41218: Fixed a use-after-free caused by refcount races, affecting dvb_demux_open() and dvb_dmxdev_release() in drivers/media/dvb-core/dmxdev.c (bsc#1202960).

Advisory ID	SUSE-SU-2022:4519-1
Released	Fri Dec 16 23:34:09 2022
Summary	Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP4)
Type	security
Severity	important
References	1203606,1204424,1204576,1205130,1205815,1206228,CVE-2022-3545,CVE-2022-3586,CVE-2022-41218,CVE-2022-4139,CVE-2022-4378,CVE-2022-43945

Description:

This update for the Linux Kernel 5.14.21-150400_24_18 fixes several issues.
The following security issues were fixed:

CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128).
CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207).
CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700).
CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439).
CVE-2022-3545: Fixed a use-after-free in area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415).
CVE-2022-41218: Fixed a use-after-free caused by refcount races, affecting dvb_demux_open() and dvb_dmxdev_release() in drivers/media/dvb-core/dmxdev.c (bsc#1202960).

Advisory ID	SUSE-SU-2022:4542-1
Released	Sat Dec 17 20:34:05 2022
Summary	Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP4)
Type	security
Severity	important
References	1196959,1205130,1205815,1206228,CVE-2021-39698,CVE-2022-4139,CVE-2022-4378,CVE-2022-43945

Description:

This update for the Linux Kernel 5.14.21-150400_24_33 fixes several issues.
The following security issues were fixed:

CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128).
CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207).
CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700).
CVE-2021-39698: Fixed a use-after-free in aio_poll_complete_work of aio.c (bsc#1196956).

Advisory ID	SUSE-SU-2022:4559-1
Released	Mon Dec 19 13:06:17 2022
Summary	Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP4)
Type	security
Severity	important
References	1203606,1204424,1204576,1204624,1205130,1205815,1206228,CVE-2022-3545,CVE-2022-3586,CVE-2022-3640,CVE-2022-41218,CVE-2022-4139,CVE-2022-4378,CVE-2022-43945

Description:

This update for the Linux Kernel 5.14.21-150400_24_21 fixes several issues.
The following security issues were fixed:

CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128).
CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207).
CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700).
CVE-2022-3640: Fixed a use-after-free in l2cap_conn_del of the file net/bluetooth/l2cap_core.c (bsc#1204619).
CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439).
CVE-2022-3545: Fixed a use-after-free in area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415).
CVE-2022-41218: Fixed a use-after-free caused by refcount races, affecting dvb_demux_open() and dvb_dmxdev_release() in drivers/media/dvb-core/dmxdev.c (bsc#1202960).

Advisory ID	SUSE-SU-2022:4560-1
Released	Mon Dec 19 13:06:24 2022
Summary	Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP4)
Type	security
Severity	important
References	1204424,1204576,1204624,1205130,1205815,1206228,CVE-2022-3545,CVE-2022-3586,CVE-2022-3640,CVE-2022-4139,CVE-2022-4378,CVE-2022-43945

Description:

This update for the Linux Kernel 5.14.21-150400_24_28 fixes several issues.
The following security issues were fixed:

CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128).
CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207).
CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700).
CVE-2022-3640: Fixed a use-after-free in l2cap_conn_del of the file net/bluetooth/l2cap_core.c (bsc#1204619).
CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439).
CVE-2022-3545: Fixed a use-after-free in area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415).

Advisory ID	SUSE-SU-2022:4565-1
Released	Mon Dec 19 13:34:57 2022
Summary	Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP4)
Type	security
Severity	important
References	1203606,1204424,1204486,1204576,1205130,1205815,1206228,CVE-2022-3545,CVE-2022-3577,CVE-2022-3586,CVE-2022-41218,CVE-2022-4139,CVE-2022-4378,CVE-2022-43945

Description:

This update for the Linux Kernel 5.14.21-150400_22 fixes several issues.
The following security issues were fixed:

CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128).
CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207).
CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700).
CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439).
CVE-2022-3577: Fixed an out-of-bounds memory write in bigben_probe of drivers/hid/hid-bigbenff.c (bsc#1204470).
CVE-2022-3545: Fixed a use-after-free in area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415).
CVE-2022-41218: Fixed a use-after-free caused by refcount races, affecting dvb_demux_open() and dvb_dmxdev_release() in drivers/media/dvb-core/dmxdev.c (bsc#1202960).

Advisory ID	SUSE-RU-2022:4568-1
Released	Mon Dec 19 14:13:24 2022
Summary	Recommended update for OpenIPMI
Type	recommended
Severity	moderate
References

Description:

This update of OpenIPMI fixes the following issues:

rebuild against the new net-snmp (jsc#SLE-11203).

Advisory ID	SUSE-SU-2022:4579-1
Released	Tue Dec 20 08:33:09 2022
Summary	Security update for MozillaThunderbird
Type	security
Severity	important
References	1206242,CVE-2022-46872,CVE-2022-46874,CVE-2022-46875,CVE-2022-46878,CVE-2022-46880,CVE-2022-46881,CVE-2022-46882

Description:

This update for MozillaThunderbird fixes the following issues:
Update to version 102.6 (bsc#1206242):

CVE-2022-46880: Use-after-free in WebGL
CVE-2022-46872: Arbitrary file read from a compromised content process
CVE-2022-46881: Memory corruption in WebGL
CVE-2022-46874: Drag and Dropped Filenames could have been truncated to malicious extensions
CVE-2022-46875: Download Protections were bypassed by .atloc and .ftploc files on Mac OS
CVE-2022-46882: Use-after-free in WebGL
CVE-2022-46878: Memory safety bugs fixed in Thunderbird 102.6

Advisory ID	SUSE-RU-2022:4584-1
Released	Tue Dec 20 12:42:21 2022
Summary	Recommended update for cloud-regionsrv-client
Type	recommended
Severity	critical
References	1206428

Description:

This update for cloud-regionsrv-client fixes the following issues:

Update to version 10.0.8 (bsc#1206428) - Fix regression introduced by 10.0.7. When the hosts file was modified such that there is no empty line at the end of the file the content after removing the registration data does not match the content prior to registration. The update fixes the issue triggered by an index logic error.

Advisory ID	SUSE-SU-2022:4585-1
Released	Tue Dec 20 12:52:24 2022
Summary	Security update for the Linux Kernel
Type	security
Severity	important
References	1065729,1156395,1164051,1184350,1189297,1190256,1193629,1194869,1202341,1203183,1203391,1203511,1203960,1204228,1204405,1204414,1204631,1204636,1204693,1204780,1204810,1204850,1205007,1205100,1205111,1205113,1205128,1205130,1205149,1205153,1205220,1205264,1205282,1205331,1205332,1205427,1205428,1205473,1205507,1205514,1205521,1205567,1205616,1205617,1205653,1205671,1205679,1205683,1205700,1205705,1205709,1205711,1205744,1205764,1205796,1205882,1205993,1206035,1206036,1206037,1206045,1206046,1206047,1206048,1206049,1206050,1206051,1206056,1206057,1206113,1206114,1206147,1206149,1206207,CVE-2022-2602,CVE-2022-3176,CVE-2022-3566,CVE-2022-3567,CVE-2022-3635,CVE-2022-3643,CVE-2022-3707,CVE-2022-3903,CVE-2022-4095,CVE-2022-4129,CVE-2022-4139,CVE-2022-41850,CVE-2022-41858,CVE-2022-42328,CVE-2022-42329,CVE-2022-42895,CVE-2022-42896,CVE-2022-4378,CVE-2022-43945,CVE-2022-45869,CVE-2022-45888,CVE-2022-45934

Description:

The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207).
CVE-2022-42328: Guests could trigger denial of service via the netback driver (bsc#1206114).
CVE-2022-42329: Guests could trigger denial of service via the netback driver (bsc#1206113).
CVE-2022-3643: Guests could trigger NIC interface reset/abort/crash via netback driver (bsc#1206113).
CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c (bsc#1204631).
CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960).
CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796).
CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414).
CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671).
CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128).
CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514).
CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220).
CVE-2022-45869: Fixed a race condition in the x86 KVM subsystem which could cause a denial of service (bsc#1205882).
CVE-2022-45888: Fixed a use-after-free during physical removal of a USB devices when using drivers/char/xillybus/xillyusb.c (bsc#1205764).
CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700).
CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711)
CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709).
CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705).
CVE-2022-3566: Fixed a race condition in the functions tcp_getsockopt/tcp_setsockopt. The manipulation leads to a race condition (bsc#1204405).
CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1204228).
CVE-2022-3176: Fixed a use-after-free in io_uring related to signalfd_poll() and binder_poll() (bsc#1203391).
CVE-2022-3707: Fixed a double free in the Intel GVT-g graphics driver (bsc#1204780).

The following non-security bugs were fixed:

ACPI: APEI: Fix integer overflow in ghes_estatus_pool_init() (git-fixes).
ACPI: HMAT: Fix initiator registration for single-initiator systems (git-fixes).
ACPI: HMAT: remove unnecessary variable initialization (git-fixes).
ACPI: scan: Add LATT2021 to acpi_ignore_dep_ids[] (git-fixes).
ACPI: x86: Add another system to quirk list for forcing StorageD3Enable (git-fixes).
ALSA: dice: fix regression for Lexicon I-ONIX FW810S (git-fixes).
ALSA: hda/ca0132: add quirk for EVGA Z390 DARK (git-fixes).
ALSA: hda/hdmi - enable runtime pm for more AMD display audio (git-fixes).
ALSA: hda/realtek: Add Positivo C6300 model quirk (git-fixes).
ALSA: hda/realtek: Add quirk for ASUS Zenbook using CS35L41 (git-fixes).
ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 (bsc#1205100).
ALSA: hda/realtek: fix speakers for Samsung Galaxy Book Pro (bsc#1205100).
ALSA: hda: fix potential memleak in 'add_widget_node' (git-fixes).
ALSA: usb-audio: Add DSD support for Accuphase DAC-60 (git-fixes).
ALSA: usb-audio: Add quirk entry for M-Audio Micro (git-fixes).
ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() (git-fixes).
ALSA: usb-audio: Remove redundant workaround for Roland quirk (bsc#1205111).
ALSA: usb-audio: Yet more regression for for the delayed card registration (bsc#1205111).
ALSA: usb-audio: add quirk to fix Hamedal C20 disconnect issue (git-fixes).
ARM: at91: rm9200: fix usb device clock id (git-fixes).
ARM: dts: am335x-pcm-953: Define fixed regulators in root node (git-fixes).
ARM: dts: at91: sam9g20ek: enable udc vbus gpio pinctrl (git-fixes).
ARM: dts: imx6q-prti6q: Fix ref/tcxo-clock-frequency properties (git-fixes).
ARM: dts: imx6qdl-gw59{10,13}: fix user pushbutton GPIO offset (git-fixes).
ARM: dts: imx7: Fix NAND controller size-cells (git-fixes).
ARM: mxs: fix memory leak in mxs_machine_init() (git-fixes).
ASoC: Intel: bytcht_es8316: Add quirk for the Nanote UMPC-01 (git-fixes).
ASoC: Intel: sof_sdw: add quirk variant for LAPBC710 NUC15 (git-fixes).
ASoC: codecs: jz4725b: Fix spelling mistake 'Sourc' -> 'Source', 'Routee' -> 'Route' (git-fixes).
ASoC: codecs: jz4725b: add missed Line In power control bit (git-fixes).
ASoC: codecs: jz4725b: fix capture selector naming (git-fixes).
ASoC: codecs: jz4725b: fix reported volume for Master ctl (git-fixes).
ASoC: codecs: jz4725b: use right control for Capture Volume (git-fixes).
ASoC: core: Fix use-after-free in snd_soc_exit() (git-fixes).
ASoC: fsl_asrc fsl_esai fsl_sai: allow CONFIG_PM=N (git-fixes).
ASoC: fsl_sai: use local device pointer (git-fixes).
ASoC: max98373: Add checks for devm_kcalloc (git-fixes).
ASoC: mt6660: Keep the pm_runtime enables before component stuff in mt6660_i2c_probe (git-fixes).
ASoC: ops: Fix bounds check for _sx controls (git-fixes).
ASoC: rt1019: Fix the TDM settings (git-fixes).
ASoC: sgtl5000: Reset the CHIP_CLK_CTRL reg on remove (git-fixes).
ASoC: soc-pcm: Do not zero TDM masks in __soc_pcm_open() (git-fixes).
ASoC: soc-utils: Remove __exit for snd_soc_util_exit() (git-fixes).
ASoC: stm32: dfsdm: manage cb buffers cleanup (git-fixes).
ASoC: tas2764: Fix set_tdm_slot in case of single slot (git-fixes).
ASoC: tas2770: Fix set_tdm_slot in case of single slot (git-fixes).
ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK (git-fixes).
Bluetooth: 6LoWPAN: add missing hci_dev_put() in get_l2cap_conn() (git-fixes).
Bluetooth: Fix not cleanup led when bt_init fails (git-fixes).
Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM (git-fixes).
Bluetooth: L2CAP: Fix attempting to access uninitialized memory (git-fixes).
Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (git-fixes).
Decrease the number of SMB3 smbdirect client SGEs (bsc#1193629).
Drivers: hv: Always reserve framebuffer region for Gen1 VMs (git-fixes).
Drivers: hv: Fix syntax errors in comments (git-fixes).
Drivers: hv: Never allocate anything besides framebuffer from framebuffer memory region (git-fixes).
Drivers: hv: fix repeated words in comments (git-fixes).
Drivers: hv: remove duplicate word in a comment (git-fixes).
Drivers: hv: vmbus: Accept hv_sock offers in isolated guests (git-fixes).
Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes).
Drivers: hv: vmbus: Do not wait for the ACPI device upon initialization (git-fixes).
Drivers: hv: vmbus: Fix kernel-doc (git-fixes).
Drivers: hv: vmbus: Optimize vmbus_on_event (git-fixes).
Drivers: hv: vmbus: Release cpu lock in error case (git-fixes).
Drivers: hv: vmbus: Use PCI_VENDOR_ID_MICROSOFT for better discoverability (git-fixes).
Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes).
Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes).
Drivers: hv: vmbus: fix typo in comment (git-fixes).
Fix formatting of client smbdirect RDMA logging (bsc#1193629).
HID: core: fix shift-out-of-bounds in hid_report_raw_event (git-fixes).
HID: hid-lg4ff: Add check for empty lbuf (git-fixes).
HID: hyperv: fix possible memory leak in mousevsc_probe() (git-fixes).
HID: playstation: add initial DualSense Edge controller support (git-fixes).
HID: saitek: add madcatz variant of MMO7 mouse device ID (git-fixes).
Handle variable number of SGEs in client smbdirect send (bsc#1193629).
IB/hfi1: Correctly move list in sc_disable() (git-fixes)
IB: Set IOVA/LENGTH on IB_MR in core/uverbs layers (git-fixes)
Input: goodix - try resetting the controller when no config is set (git-fixes).
Input: i8042 - fix leaking of platform device on module removal (git-fixes).
Input: iforce - invert valid length check when fetching device IDs (git-fixes).
Input: raydium_ts_i2c - fix memory leak in raydium_i2c_send() (git-fixes).
Input: soc_button_array - add Acer Switch V 10 to dmi_use_low_level_irq[] (git-fixes).
Input: soc_button_array - add use_low_level_irq module parameter (git-fixes).
Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode (git-fixes).
KVM: Move wiping of the kvm->vcpus array to common code (git-fixes).
KVM: SEV: Mark nested locking of vcpu->lock (git-fixes).
KVM: SVM: Disable SEV-ES support if MMIO caching is disable (git-fixes).
KVM: SVM: Stuff next_rip on emulated INT3 injection if NRIPS is supported (git-fixes).
KVM: SVM: adjust register allocation for __svm_vcpu_run() (git-fixes).
KVM: SVM: move guest vmsave/vmload back to assembly (git-fixes).
KVM: SVM: replace regs argument of __svm_vcpu_run() with vcpu_svm (git-fixes).
KVM: SVM: retrieve VMCB from assembly (git-fixes).
KVM: VMX: Add helper to check if the guest PMU has PERF_GLOBAL_CTRL (git-fixes).
KVM: VMX: Drop bits 31:16 when shoving exception error code into VMCS (git-fixes).
KVM: VMX: Mark all PERF_GLOBAL_(OVF)_CTRL bits reserved if there's no vPMU (git-fixes).
KVM: VMX: clear vmx_x86_ops.sync_pir_to_irr if APICv is disabled (bsc#1205007).
KVM: VMX: fully disable SGX if SECONDARY_EXEC_ENCLS_EXITING unavailable (git-fixes).
KVM: nVMX: Always enable TSC scaling for L2 when it was enabled for L1 (git-fixes).
KVM: nVMX: Attempt to load PERF_GLOBAL_CTRL on nVMX xfer iff it exists (git-fixes).
KVM: nVMX: Rename handle_vm{on,off}() to handle_vmx{on,off}() (git-fixes).
KVM: s390: Add a routine for setting userspace CPU state (git-fixes jsc#PED-611).
KVM: s390: Simplify SIGP Set Arch handling (git-fixes jsc#PED-611).
KVM: s390: pv: do not allow userspace to set the clock under PV (git-fixes).
KVM: s390: pv: leak the topmost page table when destroy fails (git-fixes).
KVM: x86/mmu: Fix wrong/misleading comments in TDP MMU fast zap (git-fixes).
KVM: x86/mmu: WARN if old _or_ new SPTE is REMOVED in non-atomic path (git-fixes).
KVM: x86/mmu: fix memoryleak in kvm_mmu_vendor_module_init() (git-fixes).
KVM: x86/pmu: Fix and isolate TSX-specific performance event logic (git-fixes).
KVM: x86/pmu: Update AMD PMC sample period to fix guest NMI-watchdog (git-fixes).
KVM: x86/pmu: Use different raw event masks for AMD and Intel (git-fixes).
KVM: x86/svm: Account for family 17h event renumberings in amd_pmc_perf_hw_id (git-fixes).
KVM: x86: Fully initialize 'struct kvm_lapic_irq' in kvm_pv_kick_cpu_op() (git-fixes).
KVM: x86: Hide IA32_PLATFORM_DCA_CAP[31:0] from the guest (git-fixes).
KVM: x86: Mask off reserved bits in CPUID.80000001H (git-fixes).
KVM: x86: Mask off reserved bits in CPUID.80000006H (git-fixes).
KVM: x86: Mask off reserved bits in CPUID.80000008H (git-fixes).
KVM: x86: Mask off reserved bits in CPUID.8000001AH (git-fixes).
KVM: x86: Report error when setting CPUID if Hyper-V allocation fails (git-fixes).
KVM: x86: Retry page fault if MMU reload is pending and root has no sp (bsc#1205744).
KVM: x86: Signal #GP, not -EPERM, on bad WRMSR(MCi_CTL/STATUS) (git-fixes).
KVM: x86: Treat #DBs from the emulator as fault-like (code and DR7.GD=1) (git-fixes).
KVM: x86: Use __try_cmpxchg_user() to emulate atomic accesses (git-fixes).
KVM: x86: Use __try_cmpxchg_user() to update guest PTE A/D bits (git-fixes).
KVM: x86: avoid loading a vCPU after .vm_destroy was called (git-fixes).
KVM: x86: emulator: em_sysexit should update ctxt->mode (git-fixes).
KVM: x86: emulator: introduce emulator_recalc_and_set_mode (git-fixes).
KVM: x86: emulator: update the emulation mode after CR0 write (git-fixes).
KVM: x86: emulator: update the emulation mode after rsm (git-fixes).
KVM: x86: use a separate asm-offsets.c file (git-fixes).
MIPS: Loongson: Use hwmon_device_register_with_groups() to register hwmon (git-fixes).
NFC: nci: Bounds check struct nfc_target arrays (git-fixes).
NFC: nci: fix memory leak in nci_rx_data_packet() (git-fixes).
PCI: Move PCI_VENDOR_ID_MICROSOFT/PCI_DEVICE_ID_HYPERV_VIDEO definitions to pci_ids.h (git-fixes).
PCI: hv: Add validation for untrusted Hyper-V values (git-fixes).
PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (git-fixes).
RDMA/cm: Fix memory leak in ib_cm_insert_listen (git-fixes)
RDMA/cm: Use SLID in the work completion as the DLID in responder side (git-fixes)
RDMA/cma: Use output interface for net_dev check (git-fixes)
RDMA/core: Fix null-ptr-deref in ib_core_cleanup() (git-fixes)
RDMA/hfi1: Prevent panic when SDMA is disabled (git-fixes)
RDMA/hfi1: Prevent use of lock before it is initialized (git-fixes)
RDMA/hfi1: fix potential memory leak in setup_base_ctxt() (git-fixes)
RDMA/hns: Correct the type of variables participating in the shift operation (git-fixes)
RDMA/hns: Disable local invalidate operation (git-fixes)
RDMA/hns: Fix incorrect clearing of interrupt status register (git-fixes)
RDMA/hns: Fix supported page size (git-fixes)
RDMA/hns: Fix wrong fixed value of qp->rq.wqe_shift (git-fixes)
RDMA/hns: Remove magic number (git-fixes)
RDMA/hns: Remove the num_cqc_timer variable (git-fixes)
RDMA/hns: Remove the num_qpc_timer variable (git-fixes)
RDMA/hns: Remove unnecessary check for the sgid_attr when modifying QP (git-fixes)
RDMA/hns: Replace tab with space in the right-side comments (git-fixes)
RDMA/hns: Use hr_reg_xxx() instead of remaining roce_set_xxx() (git-fixes)
RDMA/irdma: Fix deadlock in irdma_cleanup_cm_core() (git-fixes)
RDMA/irdma: Use s/g array in post send only when its valid (git-fixes)
RDMA/mlx5: Set local port to one when accessing counters (git-fixes)
RDMA/qedr: clean up work queue on failure in qedr_alloc_resources() (git-fixes)
RDMA/rtrs-clt: Use the right sg_cnt after ib_dma_map_sg (git-fixes)
RDMA/rtrs-srv: Fix modinfo output for stringify (git-fixes)
RDMA/rxe: Limit the number of calls to each tasklet (git-fixes)
RDMA/rxe: Remove useless pkt parameters (git-fixes)
Reduce client smbdirect max receive segment size (bsc#1193629).
SCSI: scsi_probe_lun: retry INQUIRY after timeout (bsc#1189297).
SMB3: fix lease break timeout when multiple deferred close handles for the same file (bsc#1193629).
USB: bcma: Make GPIO explicitly optional (git-fixes).
USB: serial: option: add Fibocom FM160 0x0111 composition (git-fixes).
USB: serial: option: add Sierra Wireless EM9191 (git-fixes).
USB: serial: option: add u-blox LARA-L6 modem (git-fixes).
USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes).
USB: serial: option: remove old LARA-R6 PID (git-fixes).
arcnet: fix potential memory leak in com20020_probe() (git-fixes).
arm64/syscall: Include asm/ptrace.h in syscall_wrapper header (git-fixes).
arm64: Add AMPERE1 to the Spectre-BHB affected list (git-fixes).
arm64: Fix bit-shifting UB in the MIDR_CPU_MODEL() macro (git-fixes)
arm64: dts: imx8: correct clock order (git-fixes).
arm64: dts: imx8mm: Fix NAND controller size-cells (git-fixes).
arm64: dts: imx8mn: Fix NAND controller size-cells (git-fixes).
arm64: dts: juno: Add thermal critical trip points (git-fixes).
arm64: dts: ls1088a: specify clock frequencies for the MDIO controllers (git-fixes).
arm64: dts: ls208xa: specify clock frequencies for the MDIO controllers (git-fixes).
arm64: dts: lx2160a: specify clock frequencies for the MDIO controllers (git-fixes).
arm64: dts: qcom: sa8155p-adp: Specify which LDO modes are allowed (git-fixes).
arm64: dts: qcom: sm8150-xperia-kumano: Specify which LDO modes are allowed (git-fixes).
arm64: dts: qcom: sm8250-xperia-edo: Specify which LDO modes are allowed (git-fixes).
arm64: dts: qcom: sm8350-hdk: Specify which LDO modes are allowed (git-fixes).
arm64: dts: rockchip: add enable-strobe-pulldown to emmc phy on nanopi4 (git-fixes).
arm64: dts: rockchip: lower rk3399-puma-haikou SD controller clock frequency (git-fixes).
arm64: efi: Fix handling of misaligned runtime regions and drop warning (git-fixes).
arm64: entry: avoid kprobe recursion (git-fixes).
arm64: errata: Add Cortex-A55 to the repeat tlbi list (git-fixes). Enable CONFIG_ARM64_ERRATUM_2441007, too
arm64: errata: Remove AES hwcap for COMPAT tasks (git-fixes) Enable CONFIG_ARM64_ERRATUM_1742098 in arm64/default
arm64: fix rodata=full again (git-fixes)
ata: libata-core: do not issue non-internal commands once EH is pending (git-fixes).
ata: libata-scsi: fix SYNCHRONIZE CACHE (16) command failure (git-fixes).
ata: libata-scsi: simplify __ata_scsi_queuecmd() (git-fixes).
ata: libata-transport: fix double ata_host_put() in ata_tport_add() (git-fixes).
ata: libata-transport: fix error handling in ata_tdev_add() (git-fixes).
ata: libata-transport: fix error handling in ata_tlink_add() (git-fixes).
ata: libata-transport: fix error handling in ata_tport_add() (git-fixes).
audit: fix undefined behavior in bit shift for AUDIT_BIT (git-fixes).
blk-cgroup: fix missing put device in error path from blkg_conf_pref() (git-fixes).
blk-mq: Properly init requests from blk_mq_alloc_request_hctx() (git-fixes).
blk-mq: do not create hctx debugfs dir until q->debugfs_dir is created (git-fixes).
blk-mq: fix io hung due to missing commit_rqs (git-fixes).
blk-wbt: call rq_qos_add() after wb_normal is initialized (git-fixes).
blktrace: Trace remapped requests correctly (git-fixes).
block/rnbd-srv: Set keep_id to true after mutex_trylock (git-fixes).
block: add bio_start_io_acct_time() to control start_time (git-fixes).
block: blk_queue_enter() / __bio_queue_enter() must return -EAGAIN for nowait (git-fixes).
block: drop unused includes in <linux/genhd.h> (git-fixes).
bridge: switchdev: Fix memory leaks when changing VLAN protocol (git-fixes).
btrfs: check if root is readonly while setting security xattr (bsc#1206147).
btrfs: do not allow compression on nodatacow files (bsc#1206149).
btrfs: export a helper for compression hard check (bsc#1206149).
btrfs: fix processing of delayed data refs during backref walking (bsc#1206056).
btrfs: fix processing of delayed tree block refs during backref walking (bsc#1206057).
btrfs: prevent subvol with swapfile from being deleted (bsc#1206035).
btrfs: send: always use the rbtree based inode ref management infrastructure (bsc#1206036).
btrfs: send: fix failures when processing inodes with no links (bsc#1206036).
btrfs: send: fix send failure of a subcase of orphan inodes (bsc#1206036).
btrfs: send: fix sending link commands for existing file paths (bsc#1206036).
btrfs: send: introduce recorded_ref_alloc and recorded_ref_free (bsc#1206036).
btrfs: send: refactor arguments of get_inode_info() (bsc#1206036).
btrfs: send: remove unused found_type parameter to lookup_dir_item_inode() (bsc#1206036).
btrfs: send: remove unused type parameter to iterate_inode_ref_t (bsc#1206036).
btrfs: send: use boolean types for current inode status (bsc#1206036).
bus: sunxi-rsb: Remove the shutdown callback (git-fixes).
bus: sunxi-rsb: Support atomic transfers (git-fixes).
ca8210: Fix crash by zero initializing data (git-fixes).
can: af_can: fix NULL pointer dereference in can_rx_register() (git-fixes).
can: cc770: cc770_isa_probe(): add missing free_cc770dev() (git-fixes).
can: etas_es58x: es58x_init_netdev(): free netdev when register_candev() (git-fixes).
can: j1939: j1939_send_one(): fix missing CAN header initialization (git-fixes).
can: m_can: Add check for devm_clk_get (git-fixes).
can: m_can: pci: add missing m_can_class_free_dev() in probe/remove methods (git-fixes).
can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev() (git-fixes).
capabilities: fix potential memleak on error path from vfs_getxattr_alloc() (git-fixes).
capabilities: fix undefined behavior in bit shift for CAP_TO_MASK (git-fixes).
ceph: allow ceph.dir.rctime xattr to be updatable (bsc#1206050).
ceph: avoid putting the realm twice when decoding snaps fails (bsc#1206051).
ceph: do not update snapshot context when there is no new snapshot (bsc#1206047).
ceph: fix inode reference leakage in ceph_get_snapdir() (bsc#1206048).
ceph: fix memory leak in ceph_readdir when note_last_dentry returns error (bsc#1206049).
ceph: properly handle statfs on multifs setups (bsc#1206045).
ceph: switch netfs read ops to use rreq->inode instead of rreq->mapping->host (bsc#1206046).
char: tpm: Protect tpm_pm_suspend with locks (git-fixes).
cifs: Add constructor/destructors for tcon->cfid (bsc#1193629).
cifs: Add helper function to check smb1+ server (bsc#1193629).
cifs: Do not access tcon->cfids->cfid directly from is_path_accessible (bsc#1193629).
cifs: Do not use tcon->cfid directly, use the cfid we get from open_cached_dir (bsc#1193629).
cifs: Fix connections leak when tlink setup failed (git-fixes).
cifs: Fix memory leak on the deferred close (bsc#1193629).
cifs: Fix memory leak when build ntlmssp negotiate blob failed (bsc#1193629).
cifs: Fix pages array leak when writedata alloc failed in cifs_writedata_alloc() (bsc#1193629).
cifs: Fix pages leak when writedata alloc failed in cifs_write_from_iter() (bsc#1193629).
cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message (bsc#1193629).
cifs: Fix wrong return value checking when GETFLAGS (git-fixes).
cifs: Fix xid leak in cifs_copy_file_range() (bsc#1193629).
cifs: Fix xid leak in cifs_create() (bsc#1193629).
cifs: Fix xid leak in cifs_flock() (bsc#1193629).
cifs: Fix xid leak in cifs_get_file_info_unix() (bsc#1193629).
cifs: Fix xid leak in cifs_ses_add_channel() (bsc#1193629).
cifs: Make tcon contain a wrapper structure cached_fids instead of cached_fid (bsc#1193629).
cifs: Move cached-dir functions into a separate file (bsc#1193629).
cifs: Replace a couple of one-element arrays with flexible-array members (bsc#1193629).
cifs: Use after free in debug code (git-fixes).
cifs: Use help macro to get the header preamble size (bsc#1193629).
cifs: Use help macro to get the mid header size (bsc#1193629).
cifs: add check for returning value of SMB2_close_init (git-fixes).
cifs: add check for returning value of SMB2_set_info_init (git-fixes).
cifs: add missing spinlock around tcon refcount (bsc#1193629).
cifs: alloc_mid function should be marked as static (bsc#1193629).
cifs: always initialize struct msghdr smb_msg completely (bsc#1193629).
cifs: always iterate smb sessions using primary channel (bsc#1193629).
cifs: avoid deadlocks while updating iface (bsc#1193629).
cifs: avoid unnecessary iteration of tcp sessions (bsc#1193629).
cifs: avoid use of global locks for high contention data (bsc#1193629).
cifs: cache the dirents for entries in a cached directory (bsc#1193629).
cifs: change iface_list from array to sorted linked list (bsc#1193629).
cifs: destage dirty pages before re-reading them for cache=none (bsc#1193629).
cifs: do not send down the destination address to sendmsg for a SOCK_STREAM (bsc#1193629).
cifs: drop the lease for cached directories on rmdir or rename (bsc#1193629).
cifs: during reconnect, update interface if necessary (bsc#1193629).
cifs: enable caching of directories for which a lease is held (bsc#1193629).
cifs: find and use the dentry for cached non-root directories also (bsc#1193629).
cifs: fix double-fault crash during ntlmssp (bsc#1193629).
cifs: fix lock length calculation (bsc#1193629).
cifs: fix memory leaks in session setup (bsc#1193629).
cifs: fix missing unlock in cifs_file_copychunk_range() (git-fixes).
cifs: fix race condition with delayed threads (bsc#1193629).
cifs: fix skipping to incorrect offset in emit_cached_dirents (bsc#1193629).
cifs: fix small mempool leak in SMB2_negotiate() (bsc#1193629).
cifs: fix static checker warning (bsc#1193629).
cifs: fix uninitialised var in smb2_compound_op() (bsc#1193629).
cifs: fix use-after-free caused by invalid pointer `hostname` (bsc#1193629).
cifs: fix use-after-free on the link name (bsc#1193629).
cifs: fix wrong unlock before return from cifs_tree_connect() (bsc#1193629).
cifs: improve handlecaching (bsc#1193629).
cifs: improve symlink handling for smb2+ (bsc#1193629).
cifs: lease key is uninitialized in smb1 paths (bsc#1193629).
cifs: lease key is uninitialized in two additional functions when smb1 (bsc#1193629).
cifs: list_for_each() -> list_for_each_entry() (bsc#1193629).
cifs: misc: fix spelling typo in comment (bsc#1193629).
cifs: move from strlcpy with unused retval to strscpy (bsc#1193629).
cifs: periodically query network interfaces from server (bsc#1193629).
cifs: populate empty hostnames for extra channels (bsc#1193629).
cifs: prevent copying past input buffer boundaries (bsc#1193629).
cifs: remove 'cifs_' prefix from init/destroy mids functions (bsc#1193629).
cifs: remove initialization value (bsc#1193629).
cifs: remove minor build warning (bsc#1193629).
cifs: remove redundant initialization to variable mnt_sign_enabled (bsc#1193629).
cifs: remove remaining build warnings (bsc#1193629).
cifs: remove some camelCase and also some static build warnings (bsc#1193629).
cifs: remove unnecessary (void*) conversions (bsc#1193629).
cifs: remove unnecessary locking of chan_lock while freeing session (bsc#1193629).
cifs: remove unnecessary type castings (bsc#1193629).
cifs: remove unused server parameter from calc_smb_size() (bsc#1193629).
cifs: remove useless DeleteMidQEntry() (bsc#1193629).
cifs: remove useless parameter 'is_fsctl' from SMB2_ioctl() (bsc#1193629).
cifs: replace kfree() with kfree_sensitive() for sensitive data (bsc#1193629).
cifs: return correct error in ->calc_signature() (bsc#1193629).
cifs: return errors during session setup during reconnects (bsc#1193629).
cifs: revalidate mapping when doing direct writes (bsc#1193629).
cifs: secmech: use shash_desc directly, remove sdesc (bsc#1193629).
cifs: set rc to -ENOENT if we can not get a dentry for the cached dir (bsc#1193629).
cifs: skip extra NULL byte in filenames (bsc#1193629).
cifs: store a pointer to a fid in the cfid structure instead of the struct (bsc#1193629).
cifs: truncate the inode and mapping when we simulate fcollapse (bsc#1193629).
cifs: update cifs_ses::ip_addr after failover (bsc#1193629).
cifs: update internal module number (bsc#1193629).
cifs: use ALIGN() and round_up() macros (bsc#1193629).
cifs: use LIST_HEAD() and list_move() to simplify code (bsc#1193629).
cifs: when a channel is not found for server, log its connection id (bsc#1193629).
cifs: when insecure legacy is disabled shrink amount of SMB1 code (bsc#1193629).
clocksource/drivers/hyperv: add data structure for reference TSC MSR (git-fixes).
cpufreq: intel_pstate: Handle no_turbo in frequency invariance (jsc#PED-849).
cpufreq: intel_pstate: Support Sapphire Rapids OOB mode (jsc#PED-849).
cpuidle: intel_idle: Drop redundant backslash at line end (jsc#PED-1936).
dm btree remove: fix use after free in rebalance_children() (git-fixes).
dm crypt: make printing of the key constant-time (git-fixes).
dm era: commit metadata in postsuspend after worker stops (git-fixes).
dm integrity: fix memory corruption when tag_size is less than digest size (git-fixes).
dm mirror log: clear log bits up to BITS_PER_LONG boundary (git-fixes).
dm raid: fix accesses beyond end of raid member array (git-fixes).
dm stats: add cond_resched when looping over entries (git-fixes).
dm thin: fix use-after-free crash in dm_sm_register_threshold_callback (git-fixes).
dm: fix double accounting of flush with data (git-fixes).
dm: interlock pending dm_io and dm_wait_for_bios_completion (git-fixes).
dm: properly fix redundant bio-based IO accounting (git-fixes).
dm: remove unnecessary assignment statement in alloc_dev() (git-fixes).
dm: return early from dm_pr_call() if DM device is suspended (git-fixes).
dm: revert partial fix for redundant bio-based IO accounting (git-fixes).
dma-buf: fix racing conflict of dma_heap_add() (git-fixes).
dmaengine: at_hdmac: Check return code of dma_async_device_register (git-fixes).
dmaengine: at_hdmac: Do not allow CPU to reorder channel enable (git-fixes).
dmaengine: at_hdmac: Do not call the complete callback on device_terminate_all (git-fixes).
dmaengine: at_hdmac: Do not start transactions at tx_submit level (git-fixes).
dmaengine: at_hdmac: Fix at_lli struct definition (git-fixes).
dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors (git-fixes).
dmaengine: at_hdmac: Fix concurrency over descriptor (git-fixes).
dmaengine: at_hdmac: Fix concurrency over the active list (git-fixes).
dmaengine: at_hdmac: Fix concurrency problems by removing atc_complete_all() (git-fixes).
dmaengine: at_hdmac: Fix descriptor handling when issuing it to hardware (git-fixes).
dmaengine: at_hdmac: Fix impossible condition (git-fixes).
dmaengine: at_hdmac: Fix premature completion of desc in issue_pending (git-fixes).
dmaengine: at_hdmac: Free the memset buf without holding the chan lock (git-fixes).
dmaengine: at_hdmac: Protect atchan->status with the channel lock (git-fixes).
dmaengine: at_hdmac: Start transfer for cyclic channels in issue_pending (git-fixes).
dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() (git-fixes).
dmaengine: pxa_dma: use platform_get_irq_optional (git-fixes).
dmaengine: ti: k3-udma-glue: fix memory leak when register device fail (git-fixes).
docs, kprobes: Fix the wrong location of Kprobes (git-fixes).
docs/core-api: expand Fedora instructions for GCC plugins (git-fixes).
drm/amd/display: Add HUBP surface flip interrupt handler (git-fixes).
drm/amdgpu: disable BACO on special BEIGE_GOBY card (git-fixes).
drm/amdkfd: Fix NULL pointer dereference in svm_migrate_to_ram() (git-fixes).
drm/amdkfd: Migrate in CPU page fault use current mm (git-fixes).
drm/amdkfd: avoid recursive lock in migrations back to RAM (git-fixes).
drm/amdkfd: handle CPU fault on COW mapping (git-fixes).
drm/drv: Fix potential memory leak in drm_dev_init() (git-fixes).
drm/hyperv: Add ratelimit on error message (git-fixes).
drm/hyperv: Do not overwrite dirt_needed value set by host (git-fixes).
drm/i915/dmabuf: fix sg_table handling in map_dma_buf (git-fixes).
drm/i915/sdvo: Filter out invalid outputs more sensibly (git-fixes).
drm/i915/sdvo: Setup DDC fully before output init (git-fixes).
drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid (git-fixes).
drm/msm/hdmi: Remove spurious IRQF_ONESHOT flag (git-fixes).
drm/msm/hdmi: fix IRQ lifetime (git-fixes).
drm/panel: simple: set bpc field for logic technologies displays (git-fixes).
drm/rockchip: dsi: Force synchronous probe (git-fixes).
drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register() (git-fixes).
drm/vc4: kms: Fix IS_ERR() vs NULL check for vc4_kms (git-fixes).
drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() (git-fixes).
dt-bindings: power: gpcv2: add power-domains property (git-fixes).
e1000e: Fix TX dispatch condition (git-fixes).
e100: Fix possible use after free in e100_xmit_prepare (git-fixes).
efi/tpm: Pass correct address to memblock_reserve (git-fixes).
efi: random: Use 'ACPI reclaim' memory for random seed (git-fixes).
efi: random: reduce seed size to 32 bytes (git-fixes).
firmware: arm_scmi: Make Rx chan_setup fail on memory errors (git-fixes).
firmware: arm_scmi: Suppress the driver's bind attributes (git-fixes).
firmware: coreboot: Register bus in module init (git-fixes).
fm10k: Fix error handling in fm10k_init_module() (git-fixes).
ftrace: Fix null pointer dereference in ftrace_add_mod() (git-fixes).
ftrace: Fix the possible incorrect kernel message (git-fixes).
ftrace: Fix use-after-free for dynamic ftrace_ops (git-fixes).
ftrace: Optimize the allocation for mcount entries (git-fixes).
fuse: add file_modified() to fallocate (bsc#1205332).
fuse: fix readdir cache race (bsc#1205331).
gpio: amd8111: Fix PCI device reference count leak (git-fixes).
hamradio: fix issue of dev reference count leakage in bpq_device_event() (git-fixes).
hv_netvsc: Fix potential dereference of NULL pointer (git-fixes).
hv_netvsc: Fix race between VF offering and VF association message from host (bsc#1204850).
hv_netvsc: Print value of invalid ID in netvsc_send_{completion,tx_complete}() (git-fixes).
hv_sock: Add validation for untrusted Hyper-V values (git-fixes).
hv_sock: Check hv_pkt_iter_first_raw()'s return value (git-fixes).
hv_sock: Copy packets sent by Hyper-V out of the ring buffer (git-fixes).
hwmon: (coretemp) Check for null before removing sysfs attrs (git-fixes).
hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() (git-fixes).
hwmon: (i5500_temp) fix missing pci_disable_device() (git-fixes).
hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails (git-fixes).
hwmon: (ina3221) Fix shunt sum critical calculation (git-fixes).
hwmon: (ltc2947) fix temperature scaling (git-fixes).
i2c: i801: add lis3lv02d's I2C address for Vostro 5568 (git-fixes).
i2c: imx: Only DMA messages with I2C_M_DMA_SAFE flag set (git-fixes).
i2c: npcm7xx: Fix error handling in npcm_i2c_init() (git-fixes).
i2c: piix4: Fix adapter not be removed in piix4_remove() (git-fixes).
i2c: tegra: Allocate DMA memory for DMA engine (git-fixes).
i2c: xiic: Add platform module alias (git-fixes).
ibmvnic: Free rwi on reset success (bsc#1184350 ltc#191533 git-fixes).
ieee802154: cc2520: Fix error return code in cc2520_hw_init() (git-fixes).
iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() (git-fixes).
iio: adc: mp2629: fix potential array out of bound access (git-fixes).
iio: adc: mp2629: fix wrong comparison of channel (git-fixes).
iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails (git-fixes).
iio: health: afe4403: Fix oob read in afe4403_read_raw (git-fixes).
iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw (git-fixes).
iio: light: apds9960: fix wrong register for gesture gain (git-fixes).
iio: light: rpr0521: add missing Kconfig dependencies (git-fixes).
iio: ms5611: Simplify IO callback parameters (git-fixes).
iio: pressure: ms5611: changed hardcoded SPI speed to value limited (git-fixes).
iio: pressure: ms5611: fixed value compensation bug (git-fixes).
iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() (git-fixes).
init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash (git-fixes).
intel_idle: Add AlderLake support (jsc#PED-824).
intel_idle: Fix SPR C6 optimization (jsc#PED-824 jsc#PED-1936).
intel_idle: Fix the 'preferred_cstates' module parameter (jsc#PED-824 jsc#PED-1936).
intel_idle: make SPR C1 and C1E be independent (jsc#PED-1936).
io-wq: Remove duplicate code in io_workqueue_create() (bnc#1205113).
io-wq: do not retry task_work creation failure on fatal conditions (bnc#1205113).
io-wq: ensure we exit if thread group is exiting (git-fixes).
io-wq: exclusively gate signal based exit on get_signal() return (git-fixes).
io-wq: fix cancellation on create-worker failure (bnc#1205113).
io-wq: fix silly logic error in io_task_work_match() (bnc#1205113).
io_uring: correct __must_hold annotation (git-fixes).
io_uring: drop ctx->uring_lock before acquiring sqd->lock (git-fixes).
io_uring: ensure IORING_REGISTER_IOWQ_MAX_WORKERS works with SQPOLL (git-fixes).
io_uring: fix io_timeout_remove locking (git-fixes).
io_uring: fix missing mb() before waitqueue_active (git-fixes).
io_uring: fix missing sigmask restore in io_cqring_wait() (git-fixes).
io_uring: fix possible poll event lost in multi shot mode (git-fixes).
io_uring: pin SQPOLL data before unlocking ring lock (git-fixes).
ipv6: ping: fix wrong checksum for large frames (bsc#1203183).
kABI: Fix kABI after 'KVM: x86/pmu: Use different raw event masks for AMD and Intel' (git-fixes).
kbuild: Unify options for BTF generation for vmlinux and modules (bsc#1204693).
kexec: turn all kexec_mutex acquisitions into trylocks (git-fixes).
mISDN: fix misuse of put_device() in mISDN_register_device() (git-fixes).
mISDN: fix possible memory leak in mISDN_dsp_element_register() (git-fixes).
mac80211: radiotap: Use BIT() instead of shifts (git-fixes).
mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add() (git-fixes).
macsec: Fix invalid error code set (git-fixes).
macsec: add missing attribute validation for offload (git-fixes).
macsec: clear encryption keys from the stack after setting up offload (git-fixes).
macsec: delete new rxsc when offload fails (git-fixes).
macsec: fix detection of RXSCs when toggling offloading (git-fixes).
macsec: fix secy->n_rx_sc accounting (git-fixes).
md/raid5: Ensure stripe_fill happens on non-read IO with journal (git-fixes).
md/raid5: Remove unnecessary bio_put() in raid5_read_one_chunk() (git-fixes).
md: Replace snprintf with scnprintf (git-fixes, bsc#1164051).
media: cros-ec-cec: limit msg.len to CEC_MAX_MSG_SIZE (git-fixes).
media: dvb-frontends/drxk: initialize err to 0 (git-fixes).
media: meson: vdec: fix possible refcount leak in vdec_probe() (git-fixes).
media: rkisp1: Do not pass the quantization to rkisp1_csm_config() (git-fixes).
media: rkisp1: Initialize color space on resizer sink and source pads (git-fixes).
media: rkisp1: Use correct macro for gradient registers (git-fixes).
media: rkisp1: Zero v4l2_subdev_format fields in when validating links (git-fixes).
media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE (git-fixes).
media: v4l: subdev: Fail graciously when getting try data for NULL state (git-fixes).
misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (git-fixes).
mmc: core: Fix ambiguous TRIM and DISCARD arg (git-fixes).
mmc: core: properly select voltage range without power cycle (git-fixes).
mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI (git-fixes).
mmc: mmc_test: Fix removal of debugfs file (git-fixes).
mmc: sdhci-brcmstb: Enable Clock Gating to save power (git-fixes).
mmc: sdhci-brcmstb: Fix SDHCI_RESET_ALL for CQHCI (git-fixes).
mmc: sdhci-brcmstb: Re-organize flags (git-fixes).
mmc: sdhci-esdhc-imx: correct CQHCI exit halt state check (git-fixes).
mmc: sdhci-esdhc-imx: use the correct host caps for MMC_CAP_8_BIT_DATA (git-fixes).
mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI (git-fixes).
mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce timeout (git-fixes).
mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() (git-fixes).
mmc: sdhci-sprd: Fix no reset data and command after voltage switch (git-fixes).
mmc: sdhci-tegra: Fix SDHCI_RESET_ALL for CQHCI (git-fixes).
mmc: sdhci_am654: Fix SDHCI_RESET_ALL for CQHCI (git-fixes).
mms: sdhci-esdhc-imx: Fix SDHCI_RESET_ALL for CQHCI (git-fixes).
mtd: parsers: bcm47xxpart: Fix halfblock reads (git-fixes).
mtd: parsers: bcm47xxpart: print correct offset on read error (git-fixes).
mtd: spi-nor: intel-spi: Disable write protection only if asked (git-fixes).
nbd: Fix incorrect error handle when first_minor is illegal in nbd_dev_add (git-fixes).
net/smc: Avoid overwriting the copies of clcsock callback functions (git-fixes).
net/smc: Fix an error code in smc_lgr_create() (git-fixes).
net/smc: Fix possible access to freed memory in link clear (git-fixes).
net/smc: Fix possible leaked pernet namespace in smc_init() (git-fixes).
net/smc: Fix slab-out-of-bounds issue in fallback (git-fixes).
net/smc: Fix sock leak when release after smc_shutdown() (git-fixes).
net/smc: Forward wakeup to smc socket waitqueue after fallback (git-fixes).
net/smc: Only save the original clcsock callback functions (git-fixes).
net/smc: Send directly when TCP_CORK is cleared (git-fixes).
net/smc: kABI workarounds for struct smc_link (git-fixes).
net/smc: kABI workarounds for struct smc_sock (git-fixes).
net/smc: send directly on setting TCP_NODELAY (git-fixes).
net/x25: Fix skb leak in x25_lapb_receive_frame() (git-fixes).
net: ethernet: nixge: fix NULL dereference (git-fixes).
net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed (git-fixes).
net: ethernet: ti: am65-cpsw: fix error handling in am65_cpsw_nuss_probe() (git-fixes).
net: hyperv: remove use of bpf_op_t (git-fixes).
net: mdio: fix unbalanced fwnode reference count in mdio_device_release() (git-fixes).
net: mdiobus: fix unbalanced node reference count (git-fixes).
net: phy: fix null-ptr-deref while probe() failed (git-fixes).
net: phy: marvell: add sleep time after enabling the loopback bit (git-fixes).
net: phy: mscc: macsec: clear encryption keys when freeing a flow (git-fixes).
net: smsc95xx: add support for Microchip EVB-LAN8670-USB (git-fixes).
net: stmmac: work around sporadic tx issue on link-up (git-fixes).
net: thunderbolt: Fix error handling in tbnet_init() (git-fixes).
net: thunderbolt: fix memory leak in tbnet_open() (git-fixes).
net: thunderx: Fix the ACPI memory leak (git-fixes).
net: usb: qmi_wwan: add Telit 0x103a composition (git-fixes).
net: wwan: iosm: fix dma_alloc_coherent incompatible pointer type (git-fixes).
net: wwan: iosm: fix kernel test robot reported error (git-fixes).
nfc/nci: fix race with opening and closing (git-fixes).
nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (git-fixes).
nfc: nxp-nci: Fix potential memory leak in nxp_nci_send() (git-fixes).
nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (git-fixes).
nfc: st-nci: fix incorrect sizing calculations in EVT_TRANSACTION (git-fixes).
nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION (git-fixes).
nfc: st-nci: fix memory leaks in EVT_TRANSACTION (git-fixes).
nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry() (git-fixes).
nilfs2: fix deadlock in nilfs_count_free_blocks() (git-fixes).
nilfs2: fix nilfs_sufile_mark_dirty() not set segment usage as dirty (git-fixes).
nilfs2: fix use-after-free bug of ns_writer on remount (git-fixes).
nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure (git-fixes).
panic, kexec: make __crash_kexec() NMI safe (git-fixes).
parport_pc: Avoid FIFO port location truncation (git-fixes).
phy: ralink: mt7621-pci: add sentinel to quirks table (git-fixes).
phy: stm32: fix an error code in probe (git-fixes).
pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map (git-fixes).
pinctrl: intel: Save and restore pins in 'direct IRQ' mode (git-fixes).
pinctrl: rockchip: list all pins in a possible mux route for PX30 (git-fixes).
pinctrl: single: Fix potential division by zero (git-fixes).
platform/surface: aggregator: Do not check for repeated unsequenced packets (git-fixes).
platform/x86/intel/pmt: Sapphire Rapids PMT errata fix (jsc#PED-2684 bsc#1205683).
platform/x86/intel: hid: add quirk to support Surface Go 3 (git-fixes).
platform/x86/intel: pmc: Do not unconditionally attach Intel PMC when virtualized (git-fixes).
platform/x86: acer-wmi: Enable SW_TABLET_MODE on Switch V 10 (SW5-017) (git-fixes).
platform/x86: asus-wmi: add missing pci_dev_put() in asus_wmi_set_xusb2pr() (git-fixes).
platform/x86: hp-wmi: Ignore Smart Experience App event (git-fixes).
platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi (git-fixes).
platform/x86: ideapad-laptop: Disable touchpad_switch (git-fixes).
platform/x86: touchscreen_dmi: Add info for the RCA Cambio W101 v2 2-in-1 (git-fixes).
powerpc/64: Fix build failure with allyesconfig in book3s_64_entry.S (bsc#1194869).
powerpc/boot: Explicitly disable usage of SPE instructions (bsc#1156395).
powerpc/kvm: Fix kvm_use_magic_page (bsc#1156395).
powerpc/pseries/vas: Declare pseries_vas_fault_thread_fn() as static (bsc#1194869).
proc: avoid integer type confusion in get_proc_long (git-fixes).
proc: proc_skip_spaces() shouldn't think it is working on C strings (git-fixes).
rbd: fix possible memory leak in rbd_sysfs_init() (git-fixes).
regulator: core: fix UAF in destroy_regulator() (git-fixes).
regulator: core: fix kobject release warning and memory leak in regulator_register() (git-fixes).
regulator: twl6030: re-add TWL6032_SUBCLASS (git-fixes).
ring-buffer: Include dropped pages in counting dirty patches (git-fixes).
ring_buffer: Do not deactivate non-existant pages (git-fixes).
s390/futex: add missing EX_TABLE entry to __futex_atomic_op() (bsc#1205427 LTC#200502).
s390/pci: add missing EX_TABLE entries to __pcistg_mio_inuser()/__pcilg_mio_inuser() (bsc#1205427 LTC#200502).
s390/uaccess: add missing EX_TABLE entries to __clear_user(), copy_in_user_mvcos(), copy_in_user_mvc(), clear_user_xc() and __strnlen_user() (bsc#1205428 LTC#200501).
s390: fix nospec table alignments (git-fixes).
sched: Clear ttwu_pending after enqueue_task() (git fixes (sched/core)).
sched: Disable sched domain debugfs creation on ppc64 unless sched_verbose is specified (bnc#1205653).
scripts/faddr2line: Fix regression in name resolution on ppc64le (git-fixes).
scsi: ibmvfc: Avoid path failures during live migration (bsc#1065729).
scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024 (bsc#1156395).
scsi: megaraid_sas: Correct value passed to scsi_device_lookup() (git-fixes).
scsi: mpt3sas: Fix return value check of dma_get_required_mask() (git-fixes).
scsi: qedf: Populate sysfs attributes for vport (git-fixes).
scsi: scsi_transport_sas: Fix error handling in sas_phy_add() (git-fixes).
scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes).
scsi: storvsc: Fix handling of srb_status and capacity change events (git-fixes).
scsi: storvsc: Fix typo in comment (git-fixes).
scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes).
scsi: storvsc: remove an extraneous 'to' in a comment (git-fixes).
scsi: zfcp: Fix double free of FSF request when qdio send fails (git-fixes).
selftests/intel_pstate: fix build for ARCH=x86_64 (git-fixes).
selftests: mptcp: fix mibit vs mbit mix up (git-fixes).
selftests: mptcp: make sendfile selftest work (git-fixes).
selftests: mptcp: more stable simult_flows tests (git-fixes).
selftests: rtnetlink: correct xfrm policy rule in kci_test_ipsec_offload (git-fixes).
serial: 8250: 8250_omap: Avoid RS485 RTS glitch on ->set_termios() (git-fixes).
serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs (git-fixes).
serial: 8250: Flush DMA Rx on RLSI (git-fixes).
serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove() (git-fixes).
serial: 8250: omap: Flush PM QOS work on remove (git-fixes).
serial: 8250_lpss: Configure DMA also w/o DMA filter (git-fixes).
serial: 8250_omap: remove wait loop from Errata i202 workaround (git-fixes).
serial: imx: Add missing .thaw_noirq hook (git-fixes).
siox: fix possible memory leak in siox_device_add() (git-fixes).
slimbus: stream: correct presence rate frequencies (git-fixes).
smb2: small refactor in smb2_check_message() (bsc#1193629).
smb3: Move the flush out of smb2_copychunk_range() into its callers (bsc#1193629).
smb3: add dynamic trace points for tree disconnect (bsc#1193629).
smb3: add trace point for SMB2_set_eof (bsc#1193629).
smb3: allow deferred close timeout to be configurable (bsc#1193629).
smb3: check xattr value length earlier (bsc#1193629).
smb3: clarify multichannel warning (bsc#1193629).
smb3: do not log confusing message when server returns no network interfaces (bsc#1193629).
smb3: fix empty netname context on secondary channels (bsc#1193629).
smb3: fix oops in calculating shash_setkey (bsc#1193629).
smb3: fix temporary data corruption in collapse range (bsc#1193629).
smb3: fix temporary data corruption in insert range (bsc#1193629).
smb3: improve SMB3 change notification support (bsc#1193629).
smb3: interface count displayed incorrectly (bsc#1193629).
smb3: missing inode locks in punch hole (bsc#1193629).
smb3: missing inode locks in zero range (bsc#1193629).
smb3: must initialize two ACL struct fields to zero (bsc#1193629).
smb3: remove unneeded null check in cifs_readdir (bsc#1193629).
smb3: rename encryption/decryption TFMs (bsc#1193629).
smb3: use filemap_write_and_wait_range instead of filemap_write_and_wait (bsc#1193629).
smb3: use netname when available on secondary channels (bsc#1193629).
smb3: workaround negprot bug in some Samba servers (bsc#1193629).
soc: imx8m: Enable OCOTP clock before reading the register (git-fixes).
soundwire: intel: Initialize clock stop timeout (bsc#1205507).
soundwire: qcom: check for outanding writes before doing a read (git-fixes).
soundwire: qcom: reinit broadcast completion (git-fixes).
speakup: fix a segfault caused by switching consoles (git-fixes).
spi: dw-dma: decrease reference count in dw_spi_dma_init_mfld() (git-fixes).
spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input clock (git-fixes).
spi: stm32: Print summary 'callbacks suppressed' message (git-fixes).
spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for every run (git-fixes).
spi: tegra210-quad: Fix duplicate resource error (git-fixes).
thunderbolt: Add DP OUT resource when DP tunnel is discovered (git-fixes).
tools: hv: Remove an extraneous 'the' (git-fixes).
tools: hv: kvp: remove unnecessary (void*) conversions (git-fixes).
tools: iio: iio_generic_buffer: Fix read size (git-fixes).
tracing/ring-buffer: Have polling block on watermark (git-fixes).
tracing: Fix memory leak in test_gen_synth_cmd() and test_empty_synth_event() (git-fixes).
tracing: Fix memory leak in tracing_read_pipe() (git-fixes).
tracing: Fix wild-memory-access in register_synth_event() (git-fixes).
tracing: kprobe: Fix memory leak in test_gen_kprobe/kretprobe_cmd() (git-fixes).
tracing: kprobe: Fix potential null-ptr-deref on trace_array in kprobe_event_gen_test_exit() (git-fixes).
tracing: kprobe: Fix potential null-ptr-deref on trace_event_file in kprobe_event_gen_test_exit() (git-fixes).
tty: n_gsm: fix sleep-in-atomic-context bug in gsm_control_send (git-fixes).
tty: serial: fsl_lpuart: do not break the on-going transfer when global reset (git-fixes).
usb: add NO_LPM quirk for Realforce 87U Keyboard (git-fixes).
usb: cdns3: host: fix endless superspeed hub port reset (git-fixes).
usb: cdnsp: Fix issue with Clear Feature Halt Endpoint (git-fixes).
usb: cdnsp: fix issue with ZLP - added TD_SIZE = 1 (git-fixes).
usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes).
usb: dwc3: exynos: Fix remove() function (git-fixes).
usb: dwc3: gadget: Clear ep descriptor last (git-fixes).
usb: dwc3: gadget: Return -ESHUTDOWN on ep disable (git-fixes).
usb: dwc3: gadget: conditionally remove requests (git-fixes).
usb: smsc: use eth_hw_addr_set() (git-fixes).
usb: typec: mux: Enter safe mode only when pins need to be reconfigured (git-fixes).
usb: xhci-mtk: check boundary before check tt (git-fixes).
usb: xhci-mtk: update fs bus bandwidth by bw_budget_table (git-fixes).
usbnet: smsc95xx: Do not reset PHY behind PHY driver's back (git-fixes).
v3 of 'PCI: hv: Only reuse existing IRTE allocation for Multi-MSI'
video/fbdev/stifb: Implement the stifb_fillrect() function (git-fixes).
virtio-blk: Use blk_validate_block_size() to validate block size (git-fixes).
vmxnet3: correctly report encapsulated LRO packet (git-fixes).
vmxnet3: use correct intrConf reference when using extended queues (git-fixes).
wifi: airo: do not assign -1 to unsigned char (git-fixes).
wifi: ath11k: Fix QCN9074 firmware boot on x86 (git-fixes).
wifi: ath11k: avoid deadlock during regulatory update in ath11k_regd_update() (git-fixes).
wifi: cfg80211: do not allow multi-BSSID in S1G (git-fixes).
wifi: cfg80211: fix buffer overflow in elem comparison (git-fixes).
wifi: cfg80211: fix memory leak in query_regdb_file() (git-fixes).
wifi: cfg80211: silence a sparse RCU warning (git-fixes).
wifi: mac80211: Fix ack frame idr leak when mesh has no route (git-fixes).
wifi: mac80211: fix memory free error when registering wiphy fail (git-fixes).
wifi: mac80211_hwsim: fix debugfs attribute ps with rc table support (git-fixes).
wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration (git-fixes).
wifi: wext: use flex array destination for memcpy() (git-fixes).
wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_CHANNEL_LIST attribute (git-fixes).
wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_OPER_CHANNEL attribute (git-fixes).
wifi: wilc1000: validate number of channels (git-fixes).
wifi: wilc1000: validate pairwise and authentication suite offsets (git-fixes).
x86/Xen: streamline (and fix) PV CPU enumeration (git-fixes).
x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3 (bsc#1206037).
x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473).
x86/entry: Work around Clang __bdos() bug (git-fixes).
x86/extable: Extend extable functionality (git-fixes).
x86/fpu: Drop fpregs lock before inheriting FPU permissions (bnc#1205282).
x86/futex: Remove .fixup usage (git-fixes).
x86/hyperv: Disable hardlockup detector by default in Hyper-V guests (git-fixes).
x86/hyperv: Fix 'struct hv_enlightened_vmcs' definition (git-fixes).
x86/hyperv: Update 'struct hv_enlightened_vmcs' definition (git-fixes).
x86/hyperv: fix invalid writes to MSRs during root partition kexec (git-fixes).
x86/kexec: Fix double-free of elf header buffer (bsc#1205567).
x86/microcode/AMD: Apply the patch early on every logical thread (bsc#1205264).
x86/uaccess: Implement macros for CMPXCHG on user addresses (git-fixes).
xen/gntdev: Accommodate VMA splitting (git-fixes).
xen/pcpu: fix possible memory leak in register_pcpu() (git-fixes).
xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32 (git-fixes).
xfs: convert XLOG_FORCED_SHUTDOWN() to xlog_is_shutdown() (git-fixes).
xfs: fix perag reference leak on iteration race with growfs (git-fixes).
xfs: fix xfs_ifree() error handling to not leak perag ref (git-fixes).
xfs: reserve quota for dir expansion when linking/unlinking files (bsc#1205616).
xfs: reserve quota for target dir expansion when renaming files (bsc#1205679).

Advisory ID	SUSE-SU-2022:4586-1
Released	Tue Dec 20 13:32:11 2022
Summary	Security update for openssl-3
Type	security
Severity	important
References	1206374,CVE-2022-3786,CVE-2022-3996

Description:

This update for openssl-3 fixes the following issues:

CVE-2022-3996: Fixed X.509 Policy Constraints Double Locking (bsc#1206374)

Advisory ID	SUSE-RU-2022:4590-1
Released	Tue Dec 20 15:08:51 2022
Summary	Recommended update for openscap
Type	recommended
Severity	moderate
References	1197599,1203408

Description:

This update for openscap fixes the following issues:
Added openSUSE Leap 15.4 and 15.5 dictionary entries. (bsc#1203408 bsc#1197599)
openscap was updated to 1.3.6

New features

- Select and exclude groups of rules on the command line - The boot-time remediation service for systemd's Offline Update mode - Memory limit control using OSCAP_PROBE_MEMORY_USAGE_RATIO environment variable - Allow disablement of SHA-1 and MD5 - Allow providing pre-downloaded components - Introduce OSBuild Blueprint fix type

Maintenance, bug fixes

- Fix coverity issues - Patch the `segfault` in dpkginfo_fini() - Add an alternative source of hostname - Fail download on HTTP errors - Compile 'environmentvariable_probe' on Windows - FreeBSD build and test fixes - Add offline mode for password probe - Initialize crypto API only once - Fix UBI 9 scan - oval/yamlfilecontent: Add 'null' values handling - Do not set Rpath - Do not split `XCCDF:requires` with multiple `idrefs` - Allow empty /proc in offline mode

oscap-remediate is shipped via /usr/bin.

Advisory ID	SUSE-SU-2022:4592-1
Released	Tue Dec 20 16:51:35 2022
Summary	Security update for cni
Type	security
Severity	important
References	1181961,CVE-2021-20206

Description:

This update for cni fixes the following issues:

CVE-2021-20206: Fixed arbitrary path injection via type field in CNI configuration (bsc#1181961).

Advisory ID	SUSE-SU-2022:4593-1
Released	Tue Dec 20 16:55:16 2022
Summary	Security update for cni-plugins
Type	security
Severity	important
References	1181961,CVE-2021-20206

Description:

This update for cni-plugins fixes the following issues:

CVE-2021-20206: Fixed arbitrary path injection via type field in CNI configuration (bsc#1181961).

Advisory ID	SUSE-SU-2022:4597-1
Released	Wed Dec 21 10:13:11 2022
Summary	Security update for curl
Type	security
Severity	important
References	1206308,1206309,CVE-2022-43551,CVE-2022-43552

Description:

This update for curl fixes the following issues:

CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309).
CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308).

Advisory ID	SUSE-feature-2022:4601-1
Released	Wed Dec 21 12:23:59 2022
Summary	Feature update for GNOME 41
Type	feature
Severity	moderate
References	1175622,1179584,1188882,1196205,1200581,1203274,1204867,944832

Description:

This update for GNOME 41 fixes the following issues:
atkmm1_6:

Version update from 2.28.1 to 2.28.3 (jsc#PED-2235): * Meson build: Avoid unnecessary configuration warnings * Meson build: Perl is not required by new versions of mm-common * Meson build: Require meson >= 0.55.0 * Meson build: Specify 'check' option in run_command(). Will be necessary with future versions of Meson. * Require atk >= 2.12.0 Not a new requirement, but previously it was not specified in configure.ac and meson.build * Support building with Visual Studio 2022

eog:

Version update from 41.1 to 41.2 (jsc#PED-2235): * eog-window: use correct type for display_profile * Fix discovery of Evince for multi-page images

evince:

Version update 41.3 to 41.4 (jsc#PED-2235): * shell: Fix failures when thumbnail extraction takes too long * Fix build with meson 0.60.0 and newer

evolution:

Ensure evolution-devel is forward compatible with evolution-data-server-devel in a same major version (jsc#PED-2235)

evolution-data-center:

Version update from 3.42.4 to 3.42.5 (jsc#PED-2235): * Google OAuth out-of-band (oob) flow will be deprecated

folks:

Version update 0.15.3 to 0.15.5 (jsc#PED-2235): * vapi: Add missing generic type argument * Fix docs build against newer eds version * Fix build against newer eds version * Remove volatile keyword from tests

gcr:

Version update 3.41.0 to 3.41.1 (jsc#PED-2235): * Add G_SPAWN_CLOEXEC_PIPES flag to all the g_spawn commands * Add gi-docgen dependency which is needed by the docs * Fix build with meson 0.60.0 and newer * Fix build without systemd * Several CI fixes

geocode-glib:

Version update from 3.26.2 to 3.26.4 (jsc#PED-2235): * Fix to a test data file not being installed, and a bug fix for a bug in the libsoup3 port * Add support for libsoup 3.x

gjs:

Version update from 1.70.1 to 1.70.2 (jsc#PED-2235): * Build and compatibility fixes backported from the development branch * Reverse order of running-from-source checks
Require xorg-x11-Xvfb for proper package build (bsc#1203274)

glib2:

Version update from 2.70.4 to 2.70.5 (jsc#PED-2235): * Bugs fixed: glgo#GNOME/GLib#2620, glgo#GNOME/GLib!2537, glgo#GNOME/GLib!2555 * Split gtk-docs from -devel package, these are not needed during building projects using glib2

gnome-control-center:

Fix the size of logo icon in About system (bsc#1200581)
Version update from 41.4 to 41.7 (jsc#PED-2235): * Cellular: Remove duplicate line from .desktop * Info: Allow changing 'Device Name' by pressing 'Enter' * Info: Remove trailing space after CPU name * Keyboard: Fix crash resetting all keyboard shortcuts * Keyboard: Fix leaks * Network: Fix saving passwords for non-wifi connections * Network: Fix critical when opening VPN details page * Wacom: Fix leaks

gnome-desktop:

Version update from 41.2 to 41.8 (jsc#PED-2235): * Version increase but no actual changes

gnome-music:

Version update from 41.0 to 41.1 (jsc#PED-2235): * Ensure the correct album is played * Fix build with meson 0.61.0 and newer * Fix crash on empty selection * Fix incorrect playlist import * Fix time displayed in RTL languages * Improve async queue work * Make random shuffle actually random * Make shuffle random * Speed increase on first startup on larger collections * Time is reversed in RTL

gnome-remote-desktop:

Version update from 41.2 to 41.3 (jsc#PED-2235): * Add Icelandic translation

gnome-session:

Clear error messages that can be ignored because expected to happen for GDM sessions (bsc#1204867)
Add fix for gnome-session to exit immediately when lost name on bus (bsc#1175622, bsc#1188882)

gnome-shell:

Disable offline update suggestion before shutdown/reboot in SLE and openSUSE Leap (bsc#944832)
Version update from 41.4 to 41.9 (jsc#PED-2235): * Allow extension updates with only Extension Manager installed * Allow more intermediate icon sizes in app grid * Disable workspace switching while in search. * Do not create systemd scope for D-Bus activated apps * Fix calendar to correctly align world clocks header in RTL * Fix drag placeholder position in dash in RTL locales * Fix edge case where windows stay dimmed after a modal is closed * Fix feedback when turning on a11y features by keyboard * Fix focus tracking in magnifier on wayland * Fix fractional timezone offsets in world clock * Fix glitches in overview transition * Fix logging in with realmd * Fix memory leak * Fix opening device settings for enterprise WPA networks * Fix programatically set scrollview fade * Fix regression in ibus support * Fix unresponsive top bar in overview when in fullscreen * Handle monitor changes during startup animation * Hide overview after 'Show Details' from app context menu * Improve Belgian on-screen keyboard layout * Improve CSS shadow appearance * Make sure startup animation completes * Misc. bug fixes and cleanups * Only close messages via delete key if they can be closed * Respect IM hint for candidates list in on-screen keyboard

gnome-software:

Disable offline update feature in SUSE Linux Enterprise and openSUSE Leap (bsc#944832)
Version update from 41.4 to 41.5 (jsc#PED-2235): * Added several appstream-related fixed * Disable scroll-by-mouse-wheel on featured carousel * Ensure details page shows app provided on command line

gnome-terminal:

Version update from 3.42.2 to 3.42.3 (jsc#PED-2235): * Fix build with meson 0.61.0 and newer * window: Use a normal menu for the popup menu

gnome-user-docs:

Version update from 41.1 to 41.5 (jsc#PED-2235): * Added missing icon for network-wired-symbolic

gspell:

Version update from 1.8.4 to 1.10.0 (jsc#PED-2235): * Build: distribute more files in tarballs * Documentation improvements

gtkmm3:

Version update from 3.24.5 to 3.24.6 (jsc#PED-2235): * Build with Meson: MSVC build: Support Visual Studio 2022 * Check if Perl is required for building documentation * Don't use deprecated python3.path() and execute (..., gui_app...) * GTK: TreeValueProxy: Declare copy constructor = default, avoiding warnings from the claing++ compiler * Object::_release_c_instance(): Unref orphan managed widgets * SizeGroup demo: Set active items in the combo boxs, so something is shown * Specify 'check' option in run_command()

gtk-vnc:

Version update from 1.3.0 to 1.3.1 (jsc#PED-2235): * Add 'check' arg to meson run_command() * Fix invalid use of subprojects with meson * Support ZRLE encoding for zero size alpha cursors

gupnp-av:

Version update from 0.12.11 to 0.14.1 (jsc#PED-2235): * Add utility function to format GDateTime to the iso variant DIDL expects * Allow to be used as a subproject * Drop autotools * Fix stripping @refID * Fix unsetting subtitleFileType * Make Feature derivable again * Obsolete code removal. * Port to modern GObject * Remove hand-written ref-counting, use RcBox/AtomicRcBox instead. * Switch to meson build system, following upstream
Rename libgupnp-av-1_0-2 subpackage to libgupnp-av-1_0-3, correcting the package name to match the provided library
Conflict with the wrongly provided libgupnp-av-1_0-2

gvfs:

Version update from 1.48.1 to 1.48.2 (jsc#PED-2235): * sftp: Adapt on new OpenSSH password prompts * smb: Rework anonymous handling to avoid EINVAL * smb: Ignore EINVAL for kerberos/ccache login

libgsf:

Version update from 1.14.48 to 1.14.50 (jsc#PED-2235): * Fix error handling problem when writing ole files * Fix problems with non-western text in OLE properties * Use g_date_time_new_from_iso8601 and g_date_time_format_iso8601 when available

libmediaart:

Version update from 1.9.5 to 1.9.6 (jsc#PED-2235): * build: Add introspection/vapi/tests options * build: Use library() to optionally build a static library

libnma:

Version update from 1.8.32 to 1.8.40 (jsc#PED-2235): * Ad-Hoc networks now default to using WPA2 instead of WEP * Add possibility of building libnma-gtk4 library with Gtk4 support * Do not allow setting empty 802.1x domain for EAP TLS * Fixed keyboard accelerator for certificate chooser * Fixed libnma-gtk4 version of mobile-wizard * Include OWE wireless security option * The GtkBuilder files for Gtk4 are now included in the release tarball * WEP is no longer provided as an option for connecting to hidden networks due to its deprecated status
New sub-packages libnma-gtk4-0, typelib-1_0-NMA4-1_0 and libnma-gtk4-devel
Split out documentation files in own docs sub-package

libnotify:

Version update from 0.7.10 to 0.7.12 (jsc#PED-2235): * Delete unused notifynotification.xml * Fix potential build errors with old glib version we require * docs/notify-send: Add --transient option to manpage * notification: Bookend calling NotifyActionCallback with temporary reference * notification: Include sender-pid hint by default if not provided * notify-send: Add debug message about server not supporting persistence * notify-send: Add explicit option to create transient notifications * notify-send: Add support for boolean hints * notify-send: Move server capabilities check to a separate function * notify-send: Support passing any hint value, by parsing variant strings

libpeas:

Version update from 1.30.0 to 1.32.0 (jsc#PED-2235): * Icon licenses have been corrected * Parallel build system operation fixes * Use gi-docgen for documentation * Various build warnings squashed * Various GIR data that should not have been exported was removed
Stop packaging the demo files/sub-package

librsvg:

Version update from 2.52.6 to 2.52.9 (jsc#PED-2235): * Catch circular references when rendering patterns * Fix regressions when computing element geometries * Fix regression outputting all text as paths

libsecret:

Version update from 0.20.4 to 0.20.5 (jsc#PED-2235): * Add bash-completion for secret-tool * Add locking capabilities to secret tool * Add support for TPM2 based secret storage * Create default collection after DBus.Error.UnknownObject * Detect local storage in snaps in the same way as flatpaks * Drop autotools-based build * GI annotation and documentation fixes * Port documentation to gi-docgen * Use G_GNUC_NULL_TERMINATED where appropriate collection, methods, prompt: Port to GTask * secret-file-backend: Avoid closing the same file descriptor twice

mutter:

Version update from 41.5 to 41.9 (jsc#PED-2235): * Fix '--replace option' * Fix missing root window properties after XWayland start * Fix night light without GAMMA_LUT property * KMS: Survive missing GAMMA_LUT property * wayland: Fix rotation transform * Misc. bug fixes

nautilus:

Version update from 41.2 to 41.5(jsc#PED-2235): * Drag-and-drop bugfixes * HighContrast style fixes

orca:

Version update from 41.1 to 41.3 (jsc#PED-2235): * Add more event-flood detection and handling for improved performance * Fix bug causing accessing preferences to fail for Esperanto * Web: Fix bug causing widgets descending from off-screen label elements to be skipped over * Web: Fix presentation of the FluentUI react dialog (and any other dialog which has an ARIA document-role descendant) * WebKitGtk: Fail gracefully when structural navigation commands are used in WebKitGtk 2.36.x

python-cairo:

Add python3-cairo to SUSE Linux Enterprise Micro 5.3 as it is now required by python3-gobject-cairo

python-gobject:

Add dependency on python-cairo to python-gobject-cairo: The introspection wrapper needs pycairo (bsc#1179584)
Version update from 3.42.0 to 3.42.2 (jsc#PED-2235): * Add a workaround for a PyPy 3.9+ bug when threads are used * Do not error out for unknown scopes * Prompt an error instead of crashing when marshaling unsupported fundamental types in some cases * Fix a crash/refcounting error in case marshaling a hash table fails * Fix crashes when marshaling zero terminated arrays for certain item types * Implement DynamicImporter.find_spec() to silence deprecation warning * Make the test suite pass again with PyPy * Some test/CI fixes * gtk overrides: Do not override Treeview.enable_model_drag_xx for GTK4 * gtk overrides: restore Gtk.ListStore.insert_with_valuesv with newer GTK4 * interface: Fix leak when overriding GInterfaceInfo * setup.py: look up pycairo headers without importing the module

trackers-python:

Allow system calls used by gstreamer (bsc#1196205)
Version update from 3.2.2 to 3.2.1 (jsc#PED-2235): * Backport seccomp rules for rseq and mbind syscalls

vala:

Version update from 0.54.6 to 0.54.8 (jsc#PED-2235): * Add missing TraverseVisitor.visit_data_type() * Add support for 'copy_/free_function' metadata for compact classes * Catch and throw possible inner error of lock statements * Clear SemanticAnalyzer.current_{symbol,source_file} when not needed anymore * Don't count instance-parameter when checking for backwards closure reference * Fix a few binding errors * Free empty stack list for code contexts * Handle duplicated and unnamed symbols. * Improve UI parsing and handling of nested objects and properties * Make sure to drop our 'trap' jump target in case of an error * Move dynamic property errors to semantic analyzer pass * Require lvalue access of delegate target/destroy 'fields' * Show source location when reporting deprecations * Transform assignment of an array element as needed * manual: Update from wiki.gnome.org * parser: Improve handling of nullable VarType in with-statement * parser: Reduce the source reference of main block method to its beginning

xdg-desktop-portal-gnome:

Version update from 0.54.6 to 0.54.8 (jsc#PED-2235): * Properly bind property in Lockdown portal

Advisory ID	SUSE-SU-2022:4606-1
Released	Thu Dec 22 09:32:03 2022
Summary	Security update for helm
Type	security
Severity	moderate
References	1181419,1206467,1206469,1206471,CVE-2021-21272,CVE-2022-1996,CVE-2022-23524,CVE-2022-23525,CVE-2022-23526

Description:

This update for helm fixes the following issues:
Update to version 3.10.3:

CVE-2022-23524: Fixed a denial of service in the string value parsing (bsc#1206467).
CVE-2022-23525: Fixed a denial of service with the repository index file (bsc#1206469).
CVE-2022-23526: Fixed a denial of service in the schema file handling (bsc#1206471).

Advisory ID	SUSE-RU-2022:4618-1
Released	Fri Dec 23 13:02:31 2022
Summary	Recommended update for catatonit
Type	recommended
Severity	moderate
References

Description:

This update for catatonit fixes the following issues:
Update to catatonit v0.1.7:

This release adds the ability for catatonit to be used as the only process in a pause container, by passing the -P flag (in this mode no subprocess is spawned and thus no signal forwarding is done).

Update to catatonit v0.1.6:

which fixes a few bugs -- mainly ones related to socket activation or features somewhat adjacent to socket activation (such as passing file descriptors).

Advisory ID	SUSE-RU-2022:4623-1
Released	Tue Dec 27 08:44:28 2022
Summary	Recommended update for rust, rust1.66
Type	recommended
Severity	moderate
References

Description:

This update for rust, rust1.66 fixes the following issues:
This update ships rust 1.66.
Version 1.66.0 (2022-12-15) ==========================
Language --------

Permit specifying explicit discriminants on all `repr(Int)` enums ```rust #[repr(u8)] enum Foo { A(u8) = 0, B(i8) = 1, C(bool) = 42, } ```
Allow transmutes between the same type differing only in lifetimes
Change constant evaluation errors from a deny-by-default lint to a hard error
Trigger `must_use` on `impl Trait` for supertraits This makes `impl ExactSizeIterator` respect the existing `#[must_use]` annotation on `Iterator`.
Allow `..X` and `..=X` in patterns
Uplift `clippy::for_loops_over_fallibles` lint into rustc
Stabilize `sym` operands in inline assembly
Update to Unicode 15
Opaque types no longer imply lifetime bounds This is a soundness fix which may break code that was erroneously relying on this behavior.

Compiler --------

Add armv5te-none-eabi and thumbv5te-none-eabi tier 3 targets - Refer to Rust's [platform support page][platform-support-doc] for more information on Rust's tiered platform support.
Add support for linking against macOS universal libraries

Libraries ---------

Fix `#[derive(Default)]` on a generic `#[default]` enum adding unnecessary `Default` bounds
Update to Unicode 15

Stabilized APIs ---------------

`proc_macro::Span::source_text`](https://doc.rust-lang.org/stable/proc_macro/struct.Span.html#method.source_text)
`uX::{checked_add_signed, overflowing_add_signed, saturating_add_signed, wrapping_add_signed}`](https://doc.rust-lang.org/stable/std/primitive.u8.html#method.checked_add_signed)
`iX::{checked_add_unsigned, overflowing_add_unsigned, saturating_add_unsigned, wrapping_add_unsigned}`](https://doc.rust-lang.org/stable/std/primitive.i8.html#method.checked_add_unsigned)
`iX::{checked_sub_unsigned, overflowing_sub_unsigned, saturating_sub_unsigned, wrapping_sub_unsigned}`](https://doc.rust-lang.org/stable/std/primitive.i8.html#method.checked_sub_unsigned)
`BTreeSet::{first, last, pop_first, pop_last}`](https://doc.rust-lang.org/stable/std/collections/struct.BTreeSet.html#method.first)
`BTreeMap::{first_key_value, last_key_value, first_entry, last_entry, pop_first, pop_last}`](https://doc.rust-lang.org/stable/std/collections/struct.BTreeMap.html#method.first_key_value)
Add `AsFd` implementations for stdio lock types on WASI.
`impl TryFrom> for Box<[T; N]>`](https://doc.rust-lang.org/stable/std/boxed/struct.Box.html#impl-TryFrom%3CVec%3CT%2C%20Global%3E%3E-for-Box%3C%5BT%3B%20N%5D%2C%20Global%3E)
`core::hint::black_box`](https://doc.rust-lang.org/stable/std/hint/fn.black_box.html)
`Duration::try_from_secs_{f32,f64}`](https://doc.rust-lang.org/stable/std/time/struct.Duration.html#method.try_from_secs_f32)
`Option::unzip`](https://doc.rust-lang.org/stable/std/option/enum.Option.html#method.unzip)
`std::os::fd`](https://doc.rust-lang.org/stable/std/os/fd/index.html)

Rustdoc -------

Add Rustdoc warning for invalid HTML tags in the documentation

Cargo -----

Added `cargo remove` to remove dependencies from Cargo.toml](https://doc.rust-lang.org/nightly/cargo/commands/cargo-remove.html)
`cargo publish` now waits for the new version to be downloadable before exiting

See [detailed release notes] for more.
Compatibility Notes -------------------

Only apply `ProceduralMasquerade` hack to older versions of `rental`]
Don't export `__heap_base` and `__data_end` on wasm32-wasi.]
Don't export `__wasm_init_memory` on WebAssembly.]
Only export `__tls_*` on wasm32-unknown-unknown.]
Don't link to `libresolv` in libstd on Darwin]
Update libstd's libc to 0.2.135 (to make `libstd` no longer pull in `libiconv.dylib` on Darwin)]
Opaque types no longer imply lifetime bounds] This is a soundness fix which may break code that was erroneously relying on this behavior.
Make `order_dependent_trait_objects` show up in future-breakage reports]
Change std::process::Command spawning to default to inheriting the parent's signal mask]

Changes in rust:

Update to version 1.66.0 - for details see the rust1.66 package

Advisory ID	SUSE-SU-2022:4626-1
Released	Tue Dec 27 13:05:35 2022
Summary	Security update for freeradius-server
Type	security
Severity	important
References	1206204,1206205,1206206,CVE-2022-41859,CVE-2022-41860,CVE-2022-41861

Description:

This update for freeradius-server fixes the following issues:

CVE-2022-41859: Fixes an information leakage in EAP-PWD (bsc#1206204).
CVE-2022-41860: Fixes a crash on unknown option in EAP-SIM (bsc#1206205).
CVE-2022-41861: Fixes a crash on invalid abinary data (bsc#1206206).

rebuild against the new net-snmp (jsc#SLE-11203).

Advisory ID	SUSE-SU-2022:4628-1
Released	Wed Dec 28 09:23:13 2022
Summary	Security update for sqlite3
Type	security
Severity	moderate
References	1206337,CVE-2022-46908

Description:

This update for sqlite3 fixes the following issues:

CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337).

Advisory ID	SUSE-SU-2022:4629-1
Released	Wed Dec 28 09:24:07 2022
Summary	Security update for systemd
Type	security
Severity	important
References	1200723,1205000,CVE-2022-4415

Description:

This update for systemd fixes the following issues:

CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000).

Bug fixes:

Support by-path devlink for multipath nvme block devices (bsc#1200723).

Advisory ID	SUSE-SU-2022:4631-1
Released	Wed Dec 28 09:29:15 2022
Summary	Security update for vim
Type	security
Severity	important
References	1204779,1205797,1206028,1206071,1206072,1206075,1206077,CVE-2022-3491,CVE-2022-3520,CVE-2022-3591,CVE-2022-3705,CVE-2022-4141,CVE-2022-4292,CVE-2022-4293

Description:

This update for vim fixes the following issues:
Updated to version 9.0.1040:

CVE-2022-3491: vim: Heap-based Buffer Overflow prior to 9.0.0742 (bsc#1206028).
CVE-2022-3520: vim: Heap-based Buffer Overflow (bsc#1206071).
CVE-2022-3591: vim: Use After Free (bsc#1206072).
CVE-2022-4292: vim: Use After Free in GitHub repository vim/vim prior to 9.0.0882 (bsc#1206075).
CVE-2022-4293: vim: Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804 (bsc#1206077).
CVE-2022-4141: vim: heap-buffer-overflow in alloc.c 246:11 (bsc#1205797).
CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c (bsc#1204779).

Advisory ID	SUSE-RU-2022:4632-1
Released	Wed Dec 28 09:31:41 2022
Summary	Recommended update for lifecycle-data-sle-module-live-patching
Type	recommended
Severity	moderate
References	1020320

Description:

This update for lifecycle-data-sle-module-live-patching fixes the following issues:

Added data for 4_12_14-150000_150_101, 4_12_14-150000_150_104, 4_12_14-150100_197_123, 4_12_14-150100_197_126, 5_14_21-150400_24_21, 5_14_21-150400_24_28, 5_3_18-150200_24_129, 5_3_18-150200_24_134, 5_3_18-150300_59_93, 5_3_18-150300_59_98. (bsc#1020320)

Advisory ID	SUSE-SU-2022:4634-1
Released	Thu Dec 29 10:05:17 2022
Summary	Security update for webkit2gtk3
Type	security
Severity	important
References	1206474,CVE-2022-42856

Description:

This update for webkit2gtk3 fixes the following issues:
Update to version 2.38.3:

CVE-2022-42856: Fixed a potential arbitrary code execution when processing maliciously crafted web content (bsc#1206474).

Advisory ID	SUSE-SU-2022:4635-1
Released	Thu Dec 29 12:31:19 2022
Summary	Security update for conmon
Type	security
Severity	moderate
References	1200285,CVE-2022-1708

Description:

This update for conmon fixes the following issues:
conmon was updated to version 2.1.5:

don't leak syslog_identifier
logging: do not read more that the buf size
logging: fix error handling
Makefile: Fix install for FreeBSD
signal: Track changes to get_signal_descriptor in the FreeBSD version
Packit: initial enablement

Update to version 2.1.4:

Fix a bug where conmon crashed when it got a SIGCHLD

update to 2.1.3:

Stop using g_unix_signal_add() to avoid threads
Rename CLI optionlog-size-global-max to log-global-size-max

Update to version 2.1.2:

add log-global-size-max option to limit the total output conmon processes (CVE-2022-1708 bsc#1200285)
journald: print tag and name if both are specified
drop some logs to debug level

Update to version 2.1.0

logging: buffer partial messages to journald
exit: close all fds >= 3
fix: cgroup: Free memory_cgroup_file_path if open fails.

Update to version 2.0.32

Fix: Avoid mainfd_std{in,out} sharing the same file descriptor.
exit_command: Fix: unset subreaper attribute before running exit command

Update to version 2.0.31

logging: new mode -l passthrough
ctr_logs: use container name or ID as SYSLOG_IDENTIFIER for journald
conmon: Fix: free userdata files before exec cleanup

Advisory ID	SUSE-SU-2022:4636-1
Released	Thu Dec 29 14:02:23 2022
Summary	Security update for MozillaThunderbird
Type	security
Severity	moderate
References	1206653,CVE-2022-46874

Description:

This update for MozillaThunderbird fixes the following issues:
Update to version 102.6.1

fixed: Remote content did not load in user-defined signatures
fixed: Addons that added new action buttons were not shown for addon upgrades, requiring removal and reinstall
fixed: Various stability improvements
CVE-2022-46874: Drag and Dropped Filenames could have been truncated to malicious extensions (bsc#1206653)

Advisory ID	SUSE-SU-2022:4639-1
Released	Fri Dec 30 09:31:14 2022
Summary	Security update for polkit-default-privs
Type	security
Severity	low
References	1206414

Description:

This update for polkit-default-privs fixes the following issues:
Update to version 13.2+20221216.a0c29e6:

backport usbguard actions (bsc#1206414).

Advisory ID	SUSE-RU-2022:4640-1
Released	Fri Dec 30 11:30:23 2022
Summary	Recommended update for drbd-utils
Type	recommended
Severity	low
References	1204276

Description:

This update for drbd-utils fixes the following issue:

Remove crm-fence-peer.sh for drbd8 to avoid confusion with v9 (bsc#1204276)

Advisory ID	SUSE-RU-2022:4645-1
Released	Sat Dec 31 16:04:44 2022
Summary	Security update for postgresql14, postgresql15
Type	recommended
Severity	moderate
References	1205300

Description:

This update for postgresql14, postgresql15 fixes the following issues:
postgresql15 is shipped in version 15.1.

https://www.postgresql.org/about/news/2543/
https://www.postgresql.org/docs/15/release-15-1.html

Update to 15.0:

https://www.postgresql.org/about/news/p-2526/
https://www.postgresql.org/docs/15/release-15.html

postgresql14 was updated to 14.6. (bsc#1205300)

https://www.postgresql.org/about/news/2543/
https://www.postgresql.org/docs/14/release-14-6.html

The libpq5 and libecpg6 libraries are now provided by postgresql15.

Advisory ID	SUSE-SU-2023:2-1
Released	Mon Jan 2 08:59:40 2023
Summary	Security update for sbd
Type	security
Severity	moderate
References	1180966,1181400,1185182,1204319

Description:

This update for sbd fixes the following issues:
Update to version 1.5.1+20221128.8ec8e01:

sbd-inquisitor: fail startup if pacemaker integration is disabled while SBD_SYNC_RESOURCE_STARTUP is conflicting (bsc#1204319)
sbd-inquisitor: do not warn about startup syncing if pacemaker integration is even intentionally disabled (bsc#1204319)
sbd-inquisitor: log a warning if SBD_PACEMAKER is overridden by -P or -PP option (bsc#1204319)
sbd-inquisitor: ensure a log info only tells the fact about how SBD_PACEMAKER is set (bsc#1204319)
Added hardened to systemd service(s) (bsc#1181400).

Advisory ID	SUSE-SU-2023:6-1
Released	Mon Jan 2 11:39:18 2023
Summary	Security update for nautilus
Type	security
Severity	moderate
References	1205418,CVE-2022-37290

Description:

This update for nautilus fixes the following issues:

CVE-2022-37290: Fixed a denial of service caused by pasted ZIP archives (bsc#1205418).

Advisory ID	SUSE-SU-2023:7-1
Released	Mon Jan 2 11:39:38 2023
Summary	Security update for ffmpeg
Type	security
Severity	moderate
References	1206442,CVE-2022-3109

Description:

This update for ffmpeg fixes the following issues:

CVE-2022-3109: Fixed null pointer dereference in vp3_decode_frame() (bsc#1206442).

Advisory ID	SUSE-SU-2023:8-1
Released	Mon Jan 2 11:40:05 2023
Summary	Security update for ffmpeg-4
Type	security
Severity	moderate
References	1206442,CVE-2022-3109

Description:

This update for ffmpeg-4 fixes the following issues:

CVE-2022-3109: Fixed null pointer dereference in vp3_decode_frame() (bsc#1206442).

Advisory ID	SUSE-SU-2023:9-1
Released	Mon Jan 2 11:42:16 2023
Summary	Security update for saphanabootstrap-formula
Type	security
Severity	important
References	1185643,1205990,CVE-2022-45153

Description:

This update for saphanabootstrap-formula fixes the following issues:

Version bump 0.13.1 * revert changes to spec file to re-enable SLES RPM builds * CVE-2022-45153: Fixed privilege escalation for arbitrary users in hana/ha_cluster.sls (bsc#1205990)

Version bump 0.13.0 * pass sid to sudoers in a SLES12 compatible way * add location constraint to gcp_stonith

Version bump 0.12.1 * moved templates dir into hana dir in repository to be gitfs compatible

Version bump 0.12.0 * add SAPHanaSR takeover blocker

Version bump 0.11.0 * use check_cmd instead of tmp sudoers file * make sudoers rules more secure * migrate sudoers to template file

Version bump 0.10.1 * fix hook removal conditions * fix majority_maker code on case grain is empty

Version bump 0.10.0 * allow to disable shared HANA basepath and rework add_hosts code (enables HANA scale-out on AWS) * do not edit global.ini directly (if not needed)

Version bump 0.9.1 * fix majority_maker code on case grain is empty

Version bump 0.9.0 * define vip_mechanism for every provider and reorder resources (same schema for all SAP related formulas)

Version bump 0.8.1 * use multi-target Hook on HANA scale-out

Version bump 0.8.0 * add HANA scale-out support * add idempotence to not affect a running HANA and cluster

Version bump 0.7.2 * add native fencing for microsoft-azure

fixes a not working import of dbapi in SUSE/ha-sap-terraform-deployments#703
removes the installation and extraction of all hdbcli files in the /hana/shared/srHook directory
fixes execution order of srTakeover/srCostOptMemConfig hook
renames and updates hook srTakeover to srCostOptMemConfig

Changing exporter stickiness to => 0 and adjusting the colocation score from +inf to -inf and changing the colocation from Master to Slave. This change fix the impact of a failed exporter in regards to the HANA DB.

Document extra_parameters in pillar.example (bsc#1185643)

Change hanadb_exporter default timeout value to 30 seconds

Set correct stickiness for the azure-lb resource The azure-lb resource receives an stickiness=0 to not influence on transitions calculations as the HANA resources have more priority

Advisory ID	SUSE-RU-2023:16-1
Released	Tue Jan 3 11:01:45 2023
Summary	Recommended update for qemu
Type	recommended
Severity	moderate
References	1202364

Description:

This update for qemu fixes the following issues:

Fix for qemu for broken emulation in SLES15 SP3. (bsc#1202364)

Advisory ID	SUSE-RU-2023:18-1
Released	Tue Jan 3 12:22:32 2023
Summary	Recommended update for libnvme, nvme-cli, nvme-stas
Type	recommended
Severity	important
References	1204975,1205657,1205873

Description:

This update for libnvme, nvme-cli and nvme-stas fixes the following issues:
libnvme, nvme-cli:

Fix 'persistent' handling during connect-all with JSON file (bsc#1205657)

nvme-stas:

Avahi: Handle upper/lower case 'NQN/nqn' in TXT attribute (bsc#1205873)
staslib: Trim whitespaces at the source (bsc#1204975)
stafd: Add 'origin' parameter to DC controller objects

Advisory ID	SUSE-SU-2023:19-1
Released	Tue Jan 3 20:16:50 2023
Summary	Security update for rmt-server
Type	security
Severity	important
References	1204285,1204769,1205089,CVE-2022-31254

Description:

This update for rmt-server fixes the following issues:
Update to version 2.10:

Add option to turn off system token support (bsc#1205089)
Update the `last_seen_at` column on zypper service refresh
Do not retry to import non-existing files in air-gapped mode (bsc#1204769)
CVE-2022-31254: Fixed a local privilege escalation related to the packaging of rmt-server (bsc#1204285).

Advisory ID	SUSE-RU-2023:25-1
Released	Thu Jan 5 09:51:41 2023
Summary	Recommended update for timezone
Type	recommended
Severity	moderate
References	1177460

Description:

This update for timezone fixes the following issues:
Version update from 2022f to 2022g (bsc#1177460):

In the Mexican state of Chihuahua: * The border strip near the US will change to agree with nearby US locations on 2022-11-30. * The strip's western part, represented by Ciudad Juarez, switches from -06 all year to -07/-06 with US DST rules, like El Paso, TX. * The eastern part, represented by Ojinaga, will observe US DST next year, like Presidio, TX. * A new Zone America/Ciudad_Juarez splits from America/Ojinaga.
Much of Greenland, represented by America/Nuuk, stops observing winter time after March 2023, so its daylight saving time becomes standard time.
Changes for pre-1996 northern Canada
Update to past DST transition in Colombia (1993), Singapore (1981)
'timegm' is now supported by default

Advisory ID	SUSE-RU-2023:27-1
Released	Thu Jan 5 09:53:58 2023
Summary	Recommended update for yast2-hana-update
Type	recommended
Severity	moderate
References	1185229

Description:

This update for yast2-hana-update fixes the following issues:

Fix wrong information in YaST2 module yast2-hana-update Step 4 of 7 (bsc#1185229)

Advisory ID	SUSE-RU-2023:28-1
Released	Thu Jan 5 09:54:44 2023
Summary	Recommended update for SAPHanaSR
Type	recommended
Severity	moderate
References	1192963,1203973

Description:

This update for SAPHanaSR fixes the following issues:

Add improvements from SAP to the RA scripts regarding the handling of the SAP tools 'HDB version', 'HDBSettings.sh' and 'pycd' and the SAPHana log filter handling (jsc#PED-1738, jsc#PED-1739)
Fix for SAPHanaSR-monitor reporting 'LPA status of one node is missing' (bsc#1192963, bsc#1203973)

Advisory ID	SUSE-SU-2023:30-1
Released	Thu Jan 5 13:33:15 2023
Summary	Security update for tcl
Type	security
Severity	important
References	1195773

Description:

This update for tcl fixes the following issues:

Fixed a race condition in test socket-13.1.
Removed the SQLite extension and use the packaged sqlite3 instead (bsc#1195773).

Advisory ID	SUSE-SU-2023:32-1
Released	Thu Jan 5 14:04:25 2023
Summary	Security update for rpmlint-mini
Type	security
Severity	low
References	1206414

Description:

This update for rpmlint-mini fixes the following issues:
Update polkit-default-privs to version 13.2+20221216.a0c29e6:

backport usbguard actions (bsc#1206414).

Advisory ID	SUSE-SU-2023:33-1
Released	Thu Jan 5 15:09:46 2023
Summary	Security update for xrdp
Type	security
Severity	important
References	1206300,1206302,1206303,1206306,1206307,1206310,1206311,1206312,1206313,CVE-2022-23468,CVE-2022-23478,CVE-2022-23479,CVE-2022-23480,CVE-2022-23481,CVE-2022-23482,CVE-2022-23483,CVE-2022-23484,CVE-2022-23493

Description:

This update for xrdp fixes the following issues:

CVE-2022-23468: Fixed a buffer overflow in xrdp_login_wnd_create() (bsc#1206300).
CVE-2022-23478: Fixed an out of bound write in xrdp_mm_trans_process_drdynvc_chan() (bsc#1206302).
CVE-2022-23479: Fixed a buffer overflow in xrdp_mm_chan_data_in() (bsc#1206303).
CVE-2022-23480: Fixed a buffer overflow in devredir_proc_client_devlist_announce_req() (bsc#1206306).
CVE-2022-23481: Fixed an out of bound read in xrdp_caps_process_confirm_active() (bsc#1206307).
CVE-2022-23482: Fixed an out of bound read in xrdp_sec_process_mcs_data_CS_CORE() (bsc#1206310).
CVE-2022-23483: Fixed an out of bound read in libxrdp_send_to_channel() (bsc#1206311).
CVE-2022-23484: Fixed a integer overflow in xrdp_mm_process_rail_update_window_text() (bsc#1206312).
CVE-2022-23493: Fixed an out of bound read in xrdp_mm_trans_process_drdynvc_channel_close() (bsc#1206313).

Advisory ID	SUSE-SU-2023:37-1
Released	Fri Jan 6 15:35:49 2023
Summary	Security update for ca-certificates-mozilla
Type	security
Severity	important
References	1206212,1206622

Description:

This update for ca-certificates-mozilla fixes the following issues:

Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622) Removed CAs: - Global Chambersign Root - EC-ACC - Network Solutions Certificate Authority - Staat der Nederlanden EV Root CA - SwissSign Platinum CA - G2 Added CAs: - DIGITALSIGN GLOBAL ROOT ECDSA CA - DIGITALSIGN GLOBAL ROOT RSA CA - Security Communication ECC RootCA1 - Security Communication RootCA3 Changed trust: - TrustCor certificates only trusted up to Nov 30 (bsc#1206212)
Removed CAs (bsc#1206212) as most code does not handle 'valid before nov 30 2022' and it is not clear how many certs were issued for SSL middleware by TrustCor: - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1

Advisory ID	SUSE-RU-2023:39-1
Released	Mon Jan 9 09:16:21 2023
Summary	Recommended update for skelcd-control-leanos, yast2-security
Type	recommended
Severity	moderate
References

Description:

This update for yast2-security fixes the following issues:
yast2-security was updated to 4.4.18:

AutoYaST: export security policy settings (related to DISA STIG enablement / jsc#SLE-24764).

skelcd-control-leanos:

is delivered to the INSTALLER channel to enable the DISA STIG feature.

Advisory ID	SUSE-RU-2023:41-1
Released	Mon Jan 9 10:23:07 2023
Summary	Recommended update for kdump
Type	recommended
Severity	important
References	1144337,1191410,1204000,1204743

Description:

This update for kdump fixes the following issues:

Make the kdump-save.service reboot after kdump-save is finished (bsc#1204000)
Fix renaming of qeth interfaces (bsc#1204743, bsc#1144337)
Rebuild initrd image after migration on ppc64 architecture (bsc#1191410)

Advisory ID	SUSE-RU-2023:42-1
Released	Mon Jan 9 10:28:23 2023
Summary	Recommended update for YaST
Type	recommended
Severity	moderate
References	1193009,1202007,1204399,1204530,1204845,1204907

Description:

This update for YaST fixes the following issues:
yast2-cluster:

Set crypto_hash as 'sha1' and set crypto_cipher as 'aes256' (bsc#1204530)
Set transport as 'udpu' when detect in cloud
Set default values for mcastaddr/mcastport/bindnedaddr when cluster firstly configured
Set focus on 'Generate Auth Key File' when secauth is true
Implement ValidateSecurity method
Set focus on 'memberaddr add' when using udpu

yast2-country:

Ensure the correct language translations are always used (bsc#1204845, bsc#1193009)

yast2-online-update:

Fix to prevent the unconditional refresh of all repositories when it's not needed (bsc#1204907)

yast2-packager:

Do not add an empty repository to the system when upgrading a registered system using the Full installation medium (bsc#1204399)

yast2-pkg-bindings:

Allow querying orphaned packages (bsc#1202007)

yast2-update:

Display a warning in the upgrade summary when removing orphaned 3rd party packages (bsc#1202007)

Advisory ID	SUSE-RU-2023:45-1
Released	Mon Jan 9 10:32:26 2023
Summary	Recommended update for libxml2
Type	recommended
Severity	moderate
References	1204585

Description:

This update for libxml2 fixes the following issues:

Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz

Advisory ID	SUSE-RU-2023:46-1
Released	Mon Jan 9 10:35:21 2023
Summary	Recommended update for hwdata
Type	recommended
Severity	moderate
References

Description:

This update for hwdata fixes the following issues:

Update pci, usb and vendor ids

Advisory ID	SUSE-RU-2023:47-1
Released	Mon Jan 9 10:37:28 2023
Summary	Recommended update for cepces
Type	recommended
Severity	moderate
References	1204788

Description:

This update for cepces fixes the following issues:

Make the openssl security level configurable (bsc#1204788)

Advisory ID	SUSE-RU-2023:48-1
Released	Mon Jan 9 10:37:54 2023
Summary	Recommended update for libtirpc
Type	recommended
Severity	moderate
References	1199467

Description:

This update for libtirpc fixes the following issues:

Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467)

Advisory ID	SUSE-RU-2023:49-1
Released	Mon Jan 9 10:40:08 2023
Summary	Recommended update for llvm9
Type	recommended
Severity	moderate
References	1189602,1197776

Description:

This update for llvm9 fixes the following issues:

Keep DFLTCC environment during testing so we can disable the compression facility on s390x which causes testsuite issues (bsc#1189602)
Drop RUNPATH from packaged binaries, instead set LD_LIBRARY_PATH for building and testing to simulate behavior of actual package (bsc#1197776)

Advisory ID	SUSE-RU-2023:50-1
Released	Mon Jan 9 10:42:21 2023
Summary	Recommended update for shadow
Type	recommended
Severity	moderate
References	1205502

Description:

This update for shadow fixes the following issues:

Fix issue with user id field that cannot be interpreted (bsc#1205502)

Advisory ID	SUSE-RU-2023:51-1
Released	Mon Jan 9 10:42:58 2023
Summary	Recommended update for suse-module-tools
Type	recommended
Severity	moderate
References	1195391,1200107,1203092,1204423

Description:

This update for suse-module-tools fixes the following issues:

80-hotplug-cpu-mem.rules: Restrict udev rule for Hotplug physical CPU to x86_64 architecture (bsc#1204423)
driver-check.sh, unblacklist: Convert `egrep` to `grep -E` (bsc#1203092)
driver-check.sh: Avoid false positive error messages (bsc#1200107)
kernel-scriptlets: Don't pass flags to weak-modules2 (bsc#1195391)

Advisory ID	SUSE-RU-2023:52-1
Released	Mon Jan 9 10:43:57 2023
Summary	Recommended update for xfsprogs
Type	recommended
Severity	moderate
References	1205266,1205272,1205284,1205377

Description:

This update for xfsprogs fixes the following issues:

mkfs: don't trample the gid set in the protofile (bsc#1205266)
mkfs: prevent corruption of passed-in suboption string values (bsc#1205377)
mkfs: terminate getsubopt arrays properly (bsc#1205284)
xfs_repair: ignore empty xattr leaf blocks (bsc#1205272)

Advisory ID	SUSE-RU-2023:54-1
Released	Mon Jan 9 10:49:19 2023
Summary	Recommended update for bash-completion
Type	recommended
Severity	moderate
References	1200791

Description:

This update for bash-completion fixes the following issues:

Fix curl help completion (bsc#1200791)

Advisory ID	SUSE-RU-2023:55-1
Released	Mon Jan 9 10:49:56 2023
Summary	Recommended update for php8
Type	recommended
Severity	moderate
References	1205782

Description:

This update for php8 fixes the following issues:

Don't expect the user to always have the php8 module loaded in Apache (bsc#1205782)

Advisory ID	SUSE-SU-2023:56-1
Released	Mon Jan 9 11:13:43 2023
Summary	Security update for libksba
Type	security
Severity	moderate
References	1206579,CVE-2022-47629

Description:

This update for libksba fixes the following issues:

CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579).

Advisory ID	SUSE-RU-2023:59-1
Released	Tue Jan 10 10:05:29 2023
Summary	Recommended update for gnome-music
Type	recommended
Severity	important
References	1206751

Description:

This update for gnome-music fixes the following issues:

Fixed a problem during application start (bsc#1206751).

Advisory ID	SUSE-SU-2023:65-1
Released	Wed Jan 11 11:43:20 2023
Summary	Security update for w3m
Type	security
Severity	moderate
References	1202684,CVE-2022-38223

Description:

This update for w3m fixes the following issues:

CVE-2022-38223: Fixed a memory safety issue when dumping crafted input to standard out (bsc#1202684).

Advisory ID	SUSE-SU-2023:69-1
Released	Wed Jan 11 11:44:36 2023
Summary	Security update for SDL2
Type	security
Severity	moderate
References	1206727,CVE-2022-4743

Description:

This update for SDL2 fixes the following issues:

CVE-2022-4743: Fixed a potential memory leak when creating a texture for an OpenGL ES image (bsc#1206727).

Advisory ID	SUSE-SU-2023:73-1
Released	Wed Jan 11 18:42:53 2023
Summary	Security update for php7
Type	security
Severity	important
References	1206958,CVE-2022-31631

Description:

This update for php7 fixes the following issues:

CVE-2022-31631: Fixed an issue where PDO::quote would return an unquoted string (bsc#1206958).

Advisory ID	SUSE-SU-2023:74-1
Released	Wed Jan 11 18:43:26 2023
Summary	Security update for php8
Type	security
Severity	important
References	1206958,CVE-2022-31631

Description:

This update for php8 fixes the following issues:

Updated to version 8.0.27: - CVE-2022-31631: Fixed an issue where PDO::quote would return an unquoted string (bsc#1206958).

Non-security fixes: - Fixed a NULL pointer dereference with -w/-s options. - Fixed a crash in Generator when interrupted during argument evaluation with extra named params. - Fixed a crash in Generator when memory limit was exceeded during initialization. - Fixed a memory leak in Generator when interrupted during argument evaluation. - Fixed an issue in the DateTimeZone constructor where an extra null byte could be added to the input. - Fixed a hang in SaltStack when using php-fpm 8.1.11. - Fixed mysqli_query warnings being shown despite using silenced error mode. - Fixed a NULL pointer dereference when serializing a SOAP response call.

Advisory ID	SUSE-SU-2023:75-1
Released	Thu Jan 12 09:03:11 2023
Summary	Security update for net-snmp
Type	security
Severity	moderate
References	1205148,1205150,1206044,1206828,CVE-2022-44792,CVE-2022-44793

Description:

This update for net-snmp fixes the following issues:

CVE-2022-44793: Fixed a NULL pointer dereference issue that could allow a remote attacker with write access to crash the server instance (bsc#1205148).
CVE-2022-44792: Fixed a NULL pointer dereference issue that could allow a remote attacker with write access to crash the server instance (bsc#1205150).

Other fixes:

Enabled AES-192 and AES-256 privacy protocols (bsc#1206828).
Fixed an incorrect systemd hardening that caused home directory size and allocation to be listed incorrectly (bsc#1206044)

Advisory ID	SUSE-SU-2023:79-1
Released	Thu Jan 12 09:05:47 2023
Summary	Security update for python-future
Type	security
Severity	moderate
References	1206673,CVE-2022-40899

Description:

This update for python-future fixes the following issues:

CVE-2022-40899: Fixed an issue that could allow attackers to cause an excessive CPU usage via a crafted Set-Cookie header (bsc#1206673).

Advisory ID	SUSE-RU-2023:82-1
Released	Thu Jan 12 11:07:16 2023
Summary	Recommended update for scap-security-guide
Type	recommended
Severity	moderate
References	1203602

Description:

This update for scap-security-guide fixes the following issues:
scap-security-guide was updated to 0.1.65 (jsc#ECO-3319)

Introduce cui profile for OL9
Remove Support for OVAL 5.10
Rename account_passwords_pam_faillock_audit
CI ansible hardening and rename of existing Bash hardening
Update contributors list for v0.1.65 release
various SUSE profile specific fixes

require sudo, as remediations touch sudo config or use sudo. (bsc#1203602)

Advisory ID	SUSE-RU-2023:87-1
Released	Fri Jan 13 20:08:25 2023
Summary	Recommended update for python-cairo
Type	recommended
Severity	moderate
References	1206716

Description:

This update for python-cairo ships the missing python3-cairo to openSUSE Leap Micro 5.3.

Advisory ID	SUSE-SU-2023:88-1
Released	Mon Jan 16 10:30:50 2023
Summary	Security update for python-wheel
Type	security
Severity	moderate
References	1206670,CVE-2022-40898

Description:

This update for python-wheel fixes the following issues:

CVE-2022-40898: Fixed an excessive use of CPU that could be triggered via a crafted regular expression (bsc#1206670).

Advisory ID	SUSE-SU-2023:91-1
Released	Mon Jan 16 11:14:14 2023
Summary	Security update for python310-setuptools
Type	security
Severity	moderate
References	1206667,CVE-2022-40897

Description:

This update for python310-setuptools fixes the following issues:

CVE-2022-40897: Fixed an excessive CPU usage that could be triggered by fetching a malicious HTML document (bsc#1206667).

Advisory ID	SUSE-SU-2023:95-1
Released	Tue Jan 17 12:58:53 2023
Summary	Security update for libzypp-plugin-appdata
Type	security
Severity	important
References	1206836,CVE-2023-22643

Description:

This update for libzypp-plugin-appdata fixes the following issues:

CVE-2023-22643: Fixed potential shell injection related to malicious repo names (bsc#1206836).

Advisory ID	SUSE-SU-2023:103-1
Released	Thu Jan 19 13:22:52 2023
Summary	Security update for postgresql-jdbc
Type	security
Severity	moderate
References	1206921,CVE-2022-41946

Description:

This update for postgresql-jdbc fixes the following issues:

CVE-2022-41946: Fixed a local information disclosure issue due to improper handling of temporary files (bsc#1206921).

Advisory ID	SUSE-RU-2023:107-1
Released	Thu Jan 19 15:03:23 2023
Summary	Recommended update for openssl-1_0_0
Type	recommended
Severity	moderate
References	1201627

Description:

This update for openssl-1_0_0 fixes the following issues:

Update further expiring certificates that affect tests [bsc#1201627]

Advisory ID	SUSE-SU-2023:110-1
Released	Fri Jan 20 10:18:16 2023
Summary	Security update for git
Type	security
Severity	important
References	1207032,1207033,CVE-2022-23521,CVE-2022-41903

Description:

This update for git fixes the following issues:

CVE-2022-41903: Fixed a heap overflow in the 'git archive' and 'git log --format' commands (bsc#1207033).
CVE-2022-23521: Fixed an integer overflow that could be triggered when parsing a gitattributes file (bsc#1207032).

Advisory ID	SUSE-SU-2023:113-1
Released	Fri Jan 20 10:21:40 2023
Summary	Security update for MozillaFirefox
Type	security
Severity	important
References	1207119,CVE-2022-46871,CVE-2022-46877,CVE-2023-23598,CVE-2023-23601,CVE-2023-23602,CVE-2023-23603,CVE-2023-23605

Description:

This update for MozillaFirefox fixes the following issues:

Updated to version 102.7.0 ESR (bsc#1207119): - CVE-2022-46871: Updated an out of date library (libusrsctp) which contained several vulnerabilities. - CVE-2023-23598: Fixed an arbitrary file read from GTK drag and drop on Linux. - CVE-2023-23601: Fixed a potential spoofing attack when dragging a URL from a cross-origin iframe into the same tab. - CVE-2023-23602: Fixed a mishandled security check, which caused the Content Security Policy header to be ignored for WebSockets in WebWorkers. - CVE-2022-46877: Fixed a fullscreen notification bypass which could be leveraged in spoofing attacks. - CVE-2023-23603: Fixed a Content Security Policy bypass via format directives. - CVE-2023-23605: Fixed several memory safety bugs.

Advisory ID	SUSE-SU-2023:114-1
Released	Fri Jan 20 10:22:57 2023
Summary	Security update for sudo
Type	security
Severity	important
References	1207082,CVE-2023-22809

Description:

This update for sudo fixes the following issues:

CVE-2023-22809: Fixed an arbitrary file write issue that could be exploited by users with sudoedit permissions (bsc#1207082).

Advisory ID	SUSE-SU-2023:119-1
Released	Fri Jan 20 10:28:07 2023
Summary	Security update for mozilla-nss
Type	security
Severity	important
References	1204272,1207038,CVE-2022-23491,CVE-2022-3479

Description:

This update for mozilla-nss fixes the following issues:

CVE-2022-3479: Fixed a potential crash that could be triggered when a server requested a client authentication certificate, but the client had no certificates stored (bsc#1204272).
Updated to version 3.79.3 (bsc#1207038): - CVE-2022-23491: Removed trust for 3 root certificates from TrustCor.

Advisory ID	SUSE-SU-2023:127-1
Released	Tue Jan 24 13:23:00 2023
Summary	Security update for rubygem-websocket-extensions
Type	security
Severity	moderate
References	1172445,CVE-2020-7663

Description:

This update for rubygem-websocket-extensions fixes the following issues:

CVE-2020-7663: Fixed an excessive resource consumption when parsing crafted message headers sent by an attacker (bsc#1172445).

Advisory ID	SUSE-SU-2023:132-1
Released	Tue Jan 24 15:37:46 2023
Summary	Security update for rust1.66
Type	security
Severity	important
References	1206930,CVE-2022-46176

Description:

This update for rust1.66 fixes the following issues:

CVE-2022-46176: Fixed missing SSH host key verification in cargo when cloning indexes and dependencies via SSH(bsc#1206930).

Advisory ID	SUSE-SU-2023:133-1
Released	Tue Jan 24 15:38:38 2023
Summary	Security update for rust1.65
Type	security
Severity	important
References	1206930,CVE-2022-46176

Description:

This update for rust1.65 fixes the following issues:

CVE-2022-46176: Fixed missing SSH host key verification in cargo when cloning indexes and dependencies via SSH (bsc#1206930).

Advisory ID	SUSE-SU-2023:139-1
Released	Wed Jan 25 14:41:55 2023
Summary	Security update for python-certifi
Type	security
Severity	important
References	1206212,CVE-2022-23491

Description:

This update for python-certifi fixes the following issues:

remove all TrustCor CAs, as TrustCor issued multiple man-in-the-middle certs (bsc#1206212 CVE-2022-23491) - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1
Add removeTrustCor.patch

Advisory ID	SUSE-feature-2023:142-1
Released	Thu Jan 26 06:40:15 2023
Summary	Feature update for bind
Type	feature
Severity	moderate
References

Description:

This update for bind fixes the following issues:
Version update from 9.16.33 to 9.16.35 (jsc#SLE-24801, jsc#SLE-24600)

New Features: * Support for parsing and validating the dohpath service parameter in SVCB records was added. * named now logs the supported cryptographic algorithms during startup and in the output of named -V

Bug Fixes: * A crash was fixed that happened when a dnssec-policy zone that used NSEC3 was reconfigured to enable inline-signing. * In certain resolution scenarios, quotas could be erroneously reached for servers, including any configured forwarders, resulting in SERVFAIL answers being sent to clients. * rpz-ip rules in response-policy zones could be ineffective in some cases if a query had the CD (Checking Disabled) bit set to 1. * Previously, if Internet connectivity issues were experienced during the initial startup of named, a BIND resolver with dnssec-validation set to auto could enter into a state where it would not recover without stopping named, manually deleting the managed-keys.bind and managed-keys.bind.jnl files, and starting named again. * The statistics counter representing the current number of clients awaiting recursive resolution results (RecursClients) could overflow in certain resolution scenarios. * Previously, BIND failed to start on Solaris-based systems with hundreds of CPUs. * When a DNS resource records TTL value was equal to the resolver configured prefetch eligibility value, the record was erroneously not treated as eligible for prefetching. * Changing just the TSIG key names for primaries in catalog zones member zones was not effective. This has been fixed.

Known Issues: * Upgrading from BIND 9.16.32 or any older version may require a manual configuration change. The following configurations are affected: + type primary zones configured with dnssec-policy but without either allow-update or update-policy + type secondary zones configured with dnssec-policy In these cases please add inline-signing yes; to the individual zone configuration(s). Without applying this change, named will fail to start. For more details, see https://kb.isc.org/docs/dnssec-policy-requires-dynamic-dns-or-inline-signing

Advisory ID	SUSE-RU-2023:143-1
Released	Thu Jan 26 06:41:22 2023
Summary	Recommended update for bind
Type	recommended
Severity	moderate
References	1201689

Description:

This update for bind fixes the following issues:

Add systemd drop-in directory for named service (bsc#1201689)

Advisory ID	SUSE-RU-2023:144-1
Released	Thu Jan 26 06:43:05 2023
Summary	Recommended update for freerdp
Type	recommended
Severity	moderate
References	1205446

Description:

This update for freerdp fixes the following issues:

Drop -DBUILTIN_CHANNELS=OFF option to fix missing symbols issue for builtin channels (bsc#1205446)

Advisory ID	SUSE-SU-2023:146-1
Released	Thu Jan 26 09:17:51 2023
Summary	Security update for the Linux Kernel
Type	security
Severity	important
References	1065729,1187428,1188605,1190969,1191259,1193629,1199294,1201068,1203219,1203740,1203829,1204614,1204652,1204760,1204911,1204989,1205257,1205263,1205485,1205496,1205601,1205695,1206073,1206098,1206101,1206188,1206209,1206344,1206389,1206390,1206391,1206393,1206394,1206395,1206396,1206397,1206398,1206399,1206456,1206468,1206515,1206536,1206554,1206602,1206619,1206664,1206703,1206794,1206896,1206912,1207016,CVE-2022-3104,CVE-2022-3105,CVE-2022-3106,CVE-2022-3107,CVE-2022-3108,CVE-2022-3111,CVE-2022-3112,CVE-2022-3113,CVE-2022-3114,CVE-2022-3115,CVE-2022-3344,CVE-2022-3564,CVE-2022-4379,CVE-2022-4662,CVE-2022-47520

Description:

The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:

CVE-2022-3344: Fixed a flaw found in the KVM's AMD nested virtualization (SVM). A malicious L1 guest could purposely fail to intercept the shutdown of a cooperative nested guest (L2), possibly leading to a page fault and kernel panic in the host (L0). (bsc#1204652)
CVE-2022-4662: Fixed a recursive locking violation in usb-storage that can cause the kernel to deadlock. (bsc#1206664)
CVE-2022-3115: Fixed a null pointer dereference in malidp_crtc.c caused by a lack of checks of the return value of kzalloc. (bsc#1206393)
CVE-2022-47520: Fixed an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet. (bsc#1206515)
CVE-2022-3112: Fixed a null pointer dereference caused by a missing check of the return value of kzalloc() in vdec_helpers.c:amvdec_set_canvases. (bsc#1206399)
CVE-2022-3564: Fixed a bug which could lead to use after free, it was found in the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. (bsc#1206073)
CVE-2022-4379: Fixed a use-after-free vulnerability in nfs4file.c:__nfs42_ssc_open. (bsc#1206209)
CVE-2022-3108: Fixed a bug in kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c where a lack of check of the return value of kmemdup() could lead to a NULL pointer dereference. (bsc#1206389)
CVE-2022-3104: Fixed a null pointer dereference caused by caused by a missing check of the return value of kzalloc() in bugs.c:lkdtm_ARRAY_BOUNDS. (bsc#1206396)
CVE-2022-3113: Fixed a null pointer dereference caused by a missing check of the return value of devm_kzalloc. (bsc#1206390)
CVE-2022-3107: Fixed a null pointer dereference caused by a missing check of the return value of kvmalloc_array. (bsc#1206395)
CVE-2022-3114: Fixed a null pointer dereference caused by a missing check of the return value of kcalloc. (bsc#1206391)
CVE-2022-3111: Fixed a missing release of resource after effective lifetime bug caused by a missing free of the WM8350_IRQ_CHG_FAST_RDY in wm8350_init_charger. (bsc#1206394)
CVE-2022-3105: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc_array. (bsc#1206398)
CVE-2022-3106: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc. (bsc#1206397)

The following non-security bugs were fixed:

acct: fix potential integer overflow in encode_comp_t() (git-fixes).
ACPI: resource: Skip IRQ override on Asus Vivobook K3402ZA/K3502ZA (git-fixes).
ACPICA: Fix error code path in acpi_ds_call_control_method() (git-fixes).
ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage() (git-fixes).
ALSA: asihpi: fix missing pci_disable_device() (git-fixes).
ALSA: hda/hdmi: Add HP Device 0x8711 to force connect list (git-fixes).
ALSA: hda/realtek: Add quirk for Lenovo TianYi510Pro-14IOB (git-fixes).
ALSA: hda/realtek: Apply dual codec fixup for Dell Latitude laptops (git-fixes).
ALSA: line6: correct midi status byte when receiving data from podxt (git-fixes).
ALSA: line6: fix stack overflow in line6_midi_transmit (git-fixes).
ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt (git-fixes).
ALSA: patch_realtek: Fix Dell Inspiron Plus 16 (git-fixes).
ALSA: pcm: fix undefined behavior in bit shift for SNDRV_PCM_RATE_KNOT (git-fixes).
ALSA: pcm: Set missing stop_operating flag at undoing trigger start (git-fixes).
ALSA: seq: Fix function prototype mismatch in snd_seq_expand_var_event (git-fixes).
ALSA: seq: fix undefined behavior in bit shift for SNDRV_SEQ_FILTER_USE_EVENT (git-fixes).
ALSA: usb-audio: add the quirk for KT0206 device (git-fixes).
amdgpu/pm: prevent array underflow in vega20_odn_edit_dpm_table() (git-fixes).
apparmor: fix a memleak in multi_transaction_new() (git-fixes).
apparmor: Fix abi check to include v8 abi (git-fixes).
apparmor: fix lockdep warning when removing a namespace (git-fixes).
apparmor: Fix memleak in alloc_ns() (git-fixes).
apparmor: Use pointer to struct aa_label for lbs_cred (git-fixes).
ARM: 9251/1: perf: Fix stacktraces for tracepoint events in THUMB2 kernels (git-fixes).
ARM: 9256/1: NWFPE: avoid compiler-generated __aeabi_uldivmod (git-fixes).
ARM: dts: armada-370: Fix assigned-addresses for every PCIe Root Port (git-fixes).
ARM: dts: armada-375: Fix assigned-addresses for every PCIe Root Port (git-fixes).
ARM: dts: armada-38x: Fix assigned-addresses for every PCIe Root Port (git-fixes).
ARM: dts: armada-38x: Fix compatible string for gpios (git-fixes).
ARM: dts: armada-39x: Fix assigned-addresses for every PCIe Root Port (git-fixes).
ARM: dts: armada-39x: Fix compatible string for gpios (git-fixes).
ARM: dts: armada-xp: Fix assigned-addresses for every PCIe Root Port (git-fixes).
ARM: dts: dove: Fix assigned-addresses for every PCIe Root Port (git-fixes).
ARM: dts: nuvoton: Remove bogus unit addresses from fixed-partition nodes (git-fixes).
ARM: dts: qcom: apq8064: fix coresight compatible (git-fixes).
ARM: dts: rockchip: disable arm_global_timer on rk3066 and rk3188 (git-fixes).
ARM: dts: rockchip: fix ir-receiver node names (git-fixes).
ARM: dts: rockchip: fix node name for hym8563 rtc (git-fixes).
ARM: dts: rockchip: remove clock-frequency from rtc (git-fixes).
ARM: dts: rockchip: rk3188: fix lcdc1-rgb24 node name (git-fixes).
ARM: dts: spear600: Fix clcd interrupt (git-fixes).
ARM: dts: stm32: Drop stm32mp15xc.dtsi from Avenger96 (git-fixes).
ARM: dts: stm32: Fix AV96 WLAN regulator gpio property (git-fixes).
ARM: dts: turris-omnia: Add ethernet aliases (git-fixes).
ARM: dts: turris-omnia: Add switch port 6 node (git-fixes).
ARM: mmp: fix timer_read delay (git-fixes).
ARM: ux500: do not directly dereference __iomem (git-fixes).
arm64: Avoid repeated AA64MMFR1_EL1 register read on pagefault path (performance bsc#1203219).
arm64: dts: armada-3720-turris-mox: Add missing interrupt for RTC (git-fixes).
arm64: dts: mediatek: mt6797: Fix 26M oscillator unit name (git-fixes).
arm64: dts: mediatek: pumpkin-common: Fix devicetree warnings (git-fixes).
arm64: dts: mt2712-evb: Fix usb vbus regulators unit names (git-fixes).
arm64: dts: mt2712-evb: Fix vproc fixed regulators unit names (git-fixes).
arm64: dts: mt2712e: Fix unit address for pinctrl node (git-fixes).
arm64: dts: mt2712e: Fix unit_address_vs_reg warning for oscillators (git-fixes).
arm64: dts: mt6779: Fix devicetree build warnings (git-fixes).
arm64: dts: mt7622: drop r_smpl property from mmc node (git-fixes).
arm64: dts: mt8183: drop drv-type from mmc-node (git-fixes).
arm64: dts: mt8183: Fix Mali GPU clock (git-fixes).
arm64: dts: qcom: ipq6018-cp01-c1: use BLSPI1 pins (git-fixes).
arm64: dts: qcom: msm8916: Drop MSS fallback compatible (git-fixes).
arm64: dts: qcom: msm8996: Add MSM8996 Pro support (git-fixes).
arm64: dts: qcom: msm8996: fix GPU OPP table (git-fixes).
arm64: dts: qcom: msm8996: fix supported-hw in cpufreq OPP tables (git-fixes).
arm64: dts: qcom: sdm630: fix UART1 pin bias (git-fixes).
arm64: dts: qcom: sdm845-cheza: fix AP suspend pin bias (git-fixes).
arm64: dts: qcom: sdm845-db845c: correct SPI2 pins drive strength (git-fixes).
arm64: dts: qcom: sdm850-lenovo-yoga-c630: correct I2C12 pins drive strength (git-fixes).
arm64: dts: qcom: sm8250-sony-xperia-edo: fix touchscreen bias-disable (git-fixes).
arm64: dts: qcom: sm8250: correct LPASS pin pull down (git-fixes).
arm64: dts: qcom: sm8250: drop bogus DP PHY clock (git-fixes).
arm64: dts: qcom: sm8250: fix USB-DP PHY registers (git-fixes).
arm64: dts: rockchip: fix ir-receiver node names (git-fixes).
arm64: dts: rockchip: keep I2S1 disabled for GPIO function on ROCK Pi 4 series (git-fixes).
arm64: dts: ti: k3-am65-main: Drop dma-coherent in crypto node (git-fixes).
arm64: dts: ti: k3-j721e-main: Drop dma-coherent in crypto node (git-fixes).
ASoC: audio-graph-card: fix refcount leak of cpu_ep in __graph_for_each_link() (git-fixes).
ASoC: codecs: rt298: Add quirk for KBL-R RVP platform (git-fixes).
ASoC: cs42l51: Correct PGA Volume minimum value (git-fixes).
ASoC: dt-bindings: wcd9335: fix reset line polarity in example (git-fixes).
ASoC: fsl_micfil: explicitly clear CHnF flags (git-fixes).
ASoC: fsl_micfil: explicitly clear software reset bit (git-fixes).
ASoC: Intel: bytcr_rt5640: Add quirk for the Advantech MICA-071 tablet (git-fixes).
ASoC: jz4740-i2s: Handle independent FIFO flush bits (git-fixes).
ASoC: mediatek: mt8173-rt5650-rt5514: fix refcount leak in mt8173_rt5650_rt5514_dev_probe() (git-fixes).
ASoC: mediatek: mt8173: Enable IRQ when pdata is ready (git-fixes).
ASoC: mediatek: mt8183: fix refcount leak in mt8183_mt6358_ts3a227_max98357_dev_probe() (git-fixes).
ASoC: mediatek: mtk-btcvsd: Add checks for write and read of mtk_btcvsd_snd (git-fixes).
ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx() (git-fixes).
ASoC: ops: Correct bounds check for second channel on SX controls (git-fixes).
ASoC: pcm512x: Fix PM disable depth imbalance in pcm512x_probe (git-fixes).
ASoC: pxa: fix null-pointer dereference in filter() (git-fixes).
ASoC: qcom: Add checks for devm_kcalloc (git-fixes).
ASoC: rockchip: pdm: Add missing clk_disable_unprepare() in rockchip_pdm_runtime_resume() (git-fixes).
ASoC: rockchip: spdif: Add missing clk_disable_unprepare() in rk_spdif_runtime_resume() (git-fixes).
ASoC: rt5670: Remove unbalanced pm_runtime_put() (git-fixes).
ASoC: rt711-sdca: fix the latency time of clock stop prepare state machine transitions (git-fixes).
ASoC: soc-pcm: Add NULL check in BE reparenting (git-fixes).
ASoC: wm8962: Wait for updated value of WM8962_CLOCKING1 register (git-fixes).
ASoC: wm8994: Fix potential deadlock (git-fixes).
ata: ahci: Fix PCS quirk application for suspend (git-fixes).
binfmt_elf: fix documented return value for load_elf_phdrs() (git-fixes).
binfmt_misc: fix shift-out-of-bounds in check_special_flags (git-fixes).
binfmt: Fix error return code in load_elf_fdpic_binary() (git-fixes).
block: Do not reread partition table on exclusively open device (bsc#1190969).
Bluetooth: btintel: Fix missing free skb in btintel_setup_combined() (git-fixes).
Bluetooth: btusb: Add debug message for CSR controllers (git-fixes).
Bluetooth: btusb: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
Bluetooth: hci_bcsp: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
Bluetooth: hci_core: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
Bluetooth: hci_h5: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
Bluetooth: hci_ll: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
Bluetooth: hci_qca: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
Bluetooth: MGMT: Fix error report for ADD_EXT_ADV_PARAMS (git-fixes).
Bluetooth: RFCOMM: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
brcmfmac: return error when getting invalid max_flowrings from dongle (git-fixes).
caif: fix memory leak in cfctrl_linkup_request() (git-fixes).
can: do not increase rx statistics when generating a CAN rx error message frame (git-fixes).
can: do not increase rx_bytes statistics for RTR frames (git-fixes).
can: kvaser_usb_leaf: Fix bogus restart events (git-fixes).
can: kvaser_usb_leaf: Fix wrong CAN state after stopping (git-fixes).
can: kvaser_usb_leaf: Set Warning state even without bus errors (git-fixes).
can: kvaser_usb: do not increase tx statistics when sending error message frames (git-fixes).
can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits (git-fixes).
can: kvaser_usb: make use of units.h in assignment of frequency (git-fixes).
can: m_can: fix typo prescalar -> prescaler (git-fixes).
can: m_can: is_lec_err(): clean up LEC error handling (git-fixes).
can: mcba_usb: Fix termination command argument (git-fixes).
can: sja1000: fix size of OCR_MODE_MASK define (git-fixes).
can: tcan4x5x: Remove invalid write in clear_interrupts (git-fixes).
chardev: fix error handling in cdev_device_add() (git-fixes).
cifs: Add 'extbuf' and 'extbuflen' args to smb2_compound_op() (bsc#1193629).
cifs: do not block in dfs_cache_noreq_update_tgthint() (bsc#1193629).
cifs: do not leak -ENOMEM in smb2_open_file() (bsc#1193629).
cifs: do not refresh cached referrals from unactive mounts (bsc#1193629).
cifs: fix confusing debug message (bsc#1193629).
cifs: Fix kmap_local_page() unmapping (git-fixes).
cifs: fix missing display of three mount options (bsc#1193629).
cifs: fix oops during encryption (bsc#1199294).
cifs: fix refresh of cached referrals (bsc#1193629).
cifs: fix source pathname comparison of dfs supers (bsc#1193629).
cifs: fix various whitespace errors in headers (bsc#1193629).
cifs: get rid of mount options string parsing (bsc#1193629).
cifs: minor cleanup of some headers (bsc#1193629).
cifs: optimize reconnect of nested links (bsc#1193629).
cifs: Parse owner/group for stat in smb311 posix extensions (bsc#1193629).
cifs: print warning when conflicting soft vs. hard mount options specified (bsc#1193629).
cifs: reduce roundtrips on create/qinfo requests (bsc#1193629).
cifs: refresh root referrals (bsc#1193629).
cifs: Remove duplicated include in cifsglob.h (bsc#1193629).
cifs: remove unused smb3_fs_context::mount_options (bsc#1193629).
cifs: set correct ipc status after initial tree connect (bsc#1193629).
cifs: set correct status of tcon ipc when reconnecting (bsc#1193629).
cifs: set correct tcon status after initial tree connect (bsc#1193629).
cifs: set resolved ip in sockaddr (bsc#1193629).
cifs: share dfs connections and supers (bsc#1193629).
cifs: skip alloc when request has no pages (bsc#1193629).
cifs: split out ses and tcon retrieval from mount_get_conns() (bsc#1193629).
cifs: update internal module number (bsc#1193629).
cifs: use fs_context for automounts (bsc#1193629).
cifs: use origin fullpath for automounts (bsc#1193629).
class: fix possible memory leak in __class_register() (git-fixes).
clk: Fix pointer casting to prevent oops in devm_clk_release() (git-fixes).
clk: generalize devm_clk_get() a bit (git-fixes).
clk: imx: imx8mp: add shared clk gate for usb suspend clk (git-fixes).
clk: imx: replace osc_hdmi with dummy (git-fixes).
clk: nomadik: correct struct name kernel-doc warning (git-fixes).
clk: Provide new devm_clk helpers for prepared and enabled clocks (git-fixes).
clk: qcom: clk-krait: fix wrong div2 functions (git-fixes).
clk: qcom: gcc-sm8250: Use retention mode for USB GDSCs (git-fixes).
clk: qcom: lpass-sc7180: Fix pm_runtime usage (git-fixes).
clk: renesas: r9a06g032: Repair grave increment error (git-fixes).
clk: rockchip: Fix memory leak in rockchip_clk_register_pll() (git-fixes).
clk: samsung: Fix memory leak in _samsung_clk_register_pll() (git-fixes).
clk: socfpga: Fix memory leak in socfpga_gate_init() (git-fixes).
clk: st: Fix memory leak in st_of_quadfs_setup() (git-fixes).
clk: sunxi-ng: v3s: Correct the header guard of ccu-sun8i-v3s.h (git-fixes).
clocksource/drivers/sh_cmt: Access registers according to spec (git-fixes).
clocksource/drivers/timer-ti-dm: Fix missing clk_disable_unprepare in dmtimer_systimer_init_clock() (git-fixes).
cpufreq: ACPI: Defer setting boost MSRs (bsc#1205485).
cpufreq: ACPI: Only set boost MSRs on supported CPUs (bsc#1205485).
cpufreq: ACPI: Remove unused variables 'acpi_cpufreq_online' and 'ret' (bsc#1205485).
cpufreq: intel_pstate: Add Sapphire Rapids support in no-HWP mode (bsc#1201068).
crypto: ccree - Make cc_debugfs_global_fini() available for module init function (git-fixes).
crypto: ccree - Remove debugfs when platform_driver_register failed (git-fixes).
crypto: cryptd - Use request context instead of stack for sub-request (git-fixes).
crypto: hisilicon/qm - fix missing destroy qp_idr (git-fixes).
crypto: img-hash - Fix variable dereferenced before check 'hdev->req' (git-fixes).
crypto: n2 - add missing hash statesize (git-fixes).
crypto: nitrox - avoid double free on error path in nitrox_sriov_init() (git-fixes).
crypto: omap-sham - Use pm_runtime_resume_and_get() in omap_sham_probe() (git-fixes).
crypto: rockchip - add fallback for ahash (git-fixes).
crypto: rockchip - add fallback for cipher (git-fixes).
crypto: rockchip - better handle cipher key (git-fixes).
crypto: rockchip - do not do custom power management (git-fixes).
crypto: rockchip - do not store mode globally (git-fixes).
crypto: rockchip - remove non-aligned handling (git-fixes).
crypto: rockchip - rework by using crypto_engine (git-fixes).
crypto: sun8i-ss - use dma_addr instead u32 (git-fixes).
crypto: tcrypt - Fix multibuffer skcipher speed test mem leak (git-fixes).
device property: Fix documentation for fwnode_get_next_parent() (git-fixes).
dmaengine: idxd: Fix crc_val field for completion record (git-fixes).
docs/zh_CN: Fix '.. only::' directive's expression (git-fixes).
Documentation: bonding: update miimon default to 100 (git-fixes).
Documentation: devres: add missing devm_acpi_dma_controller_free() helper (git-fixes).
Documentation: devres: add missing MEM helper (git-fixes).
Documentation: devres: add missing PHY helpers (git-fixes).
Documentation: devres: add missing PWM helper (git-fixes).
Documentation/features-refresh.sh: Only sed the beginning 'arch' of ARCH_DIR (git-fixes).
drbd: destroy workqueue when drbd device was freed (git-fixes).
drbd: remove call to memset before free device/resource/connection (git-fixes).
drbd: remove usage of list iterator variable after loop (git-fixes).
drbd: set QUEUE_FLAG_STABLE_WRITES (git-fixes).
drbd: use after free in drbd_create_device() (git-fixes).
driver core: Fix bus_type.match() error handling in __driver_attach() (git-fixes).
drivers: dio: fix possible memory leak in dio_init() (git-fixes).
drivers: soc: ti: knav_qmss_queue: Mark knav_acc_firmwares as static (git-fixes).
drm: bridge: dw_hdmi: fix preference of RGB modes over YUV420 (git-fixes).
drm/amd/display: fix array index out of bound error in bios parser (git-fixes).
drm/amd/display: Manually adjust strobe for DCN303 (git-fixes).
drm/amd/display: prevent memory leak (git-fixes).
drm/amd/display: Use the largest vready_offset in pipe group (git-fixes).
drm/amd/pm/smu11: BACO is supported when it's in BACO state (git-fixes).
drm/amdgpu: fix pci device refcount leak (git-fixes).
drm/amdgpu: Fix PCI device refcount leak in amdgpu_atrm_get_bios() (git-fixes).
drm/amdgpu: Fix type of second parameter in odn_edit_dpm_table() callback (git-fixes).
drm/amdgpu: Fix type of second parameter in trans_msg() callback (git-fixes).
drm/amdgpu: handle polaris10/11 overlap asics (v2) (git-fixes).
drm/amdgpu: make display pinning more flexible (v2) (git-fixes).
drm/amdgpu/powerplay/psm: Fix memory leak in power state init (git-fixes).
drm/amdgpu/sdma_v4_0: turn off SDMA ring buffer in the s2idle suspend (git-fixes).
drm/amdkfd: Fix memory leakage (git-fixes).
drm/bridge: adv7533: remove dynamic lane switching from adv7533 bridge (git-fixes).
drm/bridge: anx7625: Fix edid_read break case in sp_tx_edid_read() (git-fixes).
drm/bridge: ti-sn65dsi86: Fix output polarity setting bug (git-fixes).
drm/connector: send hotplug uevent on connector cleanup (git-fixes).
drm/edid: Fix minimum bpc supported with DSC1.2 for HDMI sink (git-fixes).
drm/etnaviv: add missing quirks for GC300 (git-fixes).
drm/etnaviv: do not truncate physical page address (git-fixes).
drm/fourcc: Add packed 10bit YUV 4:2:0 format (git-fixes).
drm/fourcc: Fix vsub/hsub for Q410 and Q401 (git-fixes).
drm/fsl-dcu: Fix return type of fsl_dcu_drm_connector_mode_valid() (git-fixes).
drm/i915: Fix documentation for intel_uncore_forcewake_put__locked (git-fixes).
drm/i915: remove circ_buf.h includes (git-fixes).
drm/i915: unpin on error in intel_vgpu_shadow_mm_pin() (git-fixes).
drm/i915/display: Do not disable DDI/Transcoder when setting phy test pattern (git-fixes).
drm/i915/dsi: fix VBT send packet port selection for dual link DSI (git-fixes).
drm/i915/gvt: fix gvt debugfs destroy (git-fixes).
drm/i915/gvt: fix vgpu debugfs clean in remove (git-fixes).
drm/i915/migrate: do not check the scratch page (git-fixes).
drm/i915/migrate: fix length calculation (git-fixes).
drm/i915/migrate: fix offset calculation (git-fixes).
drm/i915/ttm: never purge busy objects (git-fixes).
drm/imx: ipuv3-plane: Fix overlay plane width (git-fixes).
drm/ingenic: Fix missing platform_driver_unregister() call in ingenic_drm_init() (git-fixes).
drm/mediatek: Fix return type of mtk_hdmi_bridge_mode_valid() (git-fixes).
drm/mediatek: Modify dpi power on/off sequence (git-fixes).
drm/meson: Reduce the FIFO lines held when AFBC is not used (git-fixes).
drm/msm: Use drm_mode_copy() (git-fixes).
drm/panel/panel-sitronix-st7701: Remove panel on DSI attach failure (git-fixes).
drm/panfrost: Fix GEM handle creation ref-counting (git-fixes).
drm/radeon: Add the missed acpi_put_table() to fix memory leak (git-fixes).
drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios() (git-fixes).
drm/rockchip: lvds: fix PM usage counter unbalance in poweron (git-fixes).
drm/rockchip: Use drm_mode_copy() (git-fixes).
drm/shmem-helper: Avoid vm_open error paths (git-fixes).
drm/shmem-helper: Remove errant put in error path (git-fixes).
drm/sti: Fix return type of sti_{dvo,hda,hdmi}_connector_mode_valid() (git-fixes).
drm/sti: Use drm_mode_copy() (git-fixes).
drm/tegra: Add missing clk_disable_unprepare() in tegra_dc_probe() (git-fixes).
drm/vmwgfx: Do not use screen objects when SEV is active (git-fixes).
drm/vmwgfx: Fix a sparse warning in kernel docs (git-fixes).
drm/vmwgfx: Validate the box size for the snooped cursor (git-fixes).
Drop FIPS mode DRBG->getrandom(2) wire-up (bsc#1191259)
dt-bindings: clock: qcom,aoncc-sm8250: fix compatible (git-fixes).
dt-bindings: clocks: imx8mp: Add ID for usb suspend clock (git-fixes).
dt-bindings: display: sun6i-dsi: Fix clock conditional (git-fixes).
dt-bindings: gpio: gpio-davinci: Increase maxItems in gpio-line-names (git-fixes).
dt-bindings: net: sun8i-emac: Add phy-supply property (git-fixes).
EDAC/mc_sysfs: Increase legacy channel support to 12 (bsc#1205263).
efi: Add iMac Pro 2017 to uefi skip cert quirk (git-fixes).
ext4: avoid BUG_ON when creating xattrs (bsc#1205496).
extcon: usbc-tusb320: Add support for mode setting and reset (git-fixes).
extcon: usbc-tusb320: Add support for TUSB320L (git-fixes).
extcon: usbc-tusb320: Factor out extcon into dedicated functions (git-fixes).
fbcon: Use kzalloc() in fbcon_prepare_logo() (git-fixes).
fbdev: fbcon: release buffer when fbcon_do_set_font() failed (git-fixes).
fbdev: geode: do not build on UML (git-fixes).
fbdev: matroxfb: G200eW: Increase max memory from 1 MB to 16 MB (git-fixes).
fbdev: pm2fb: fix missing pci_disable_device() (git-fixes).
fbdev: ssd1307fb: Drop optional dependency (git-fixes).
fbdev: uvesafb: do not build on UML (git-fixes).
fbdev: uvesafb: Fixes an error handling path in uvesafb_probe() (git-fixes).
fbdev: vermilion: decrease reference count in error path (git-fixes).
fbdev: via: Fix error in via_core_init() (git-fixes).
firmware: raspberrypi: fix possible memory leak in rpi_firmware_probe() (git-fixes).
floppy: Fix memory leak in do_floppy_init() (git-fixes).
gpio: sifive: Fix refcount leak in sifive_gpio_probe (git-fixes).
gpiolib: cdev: fix NULL-pointer dereferences (git-fixes).
gpiolib: check the 'ngpios' property in core gpiolib code (git-fixes).
gpiolib: fix memory leak in gpiochip_setup_dev() (git-fixes).
gpiolib: Get rid of redundant 'else' (git-fixes).
gpiolib: improve coding style for local variables (git-fixes).
gpiolib: make struct comments into real kernel docs (git-fixes).
hamradio: baycom_epp: Fix return type of baycom_send_packet() (git-fixes).
hamradio: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes).
HID: hid-sensor-custom: set fixed size for custom attributes (git-fixes).
HID: ite: Enable QUIRK_TOUCHPAD_ON_OFF_REPORT on Acer Aspire Switch V 10 (git-fixes).
HID: mcp2221: do not connect hidraw (git-fixes).
HID: multitouch: fix Asus ExpertBook P2 P2451FA trackpoint (git-fixes).
HID: plantronics: Additional PIDs for double volume key presses quirk (git-fixes).
HID: uclogic: Add HID_QUIRK_HIDINPUT_FORCE quirk (git-fixes).
HID: usbhid: Add ALWAYS_POLL quirk for some mice (git-fixes).
HID: wacom: Ensure bootloader PID is usable in hidraw mode (git-fixes).
HSI: omap_ssi_core: Fix error handling in ssi_init() (git-fixes).
HSI: omap_ssi_core: fix possible memory leak in ssi_probe() (git-fixes).
HSI: omap_ssi_core: fix unbalanced pm_runtime_disable() (git-fixes).
hwmon: (jc42) Convert register access and caching to regmap/regcache (git-fixes).
hwmon: (jc42) Fix missing unlock on error in jc42_write() (git-fixes).
hwmon: (jc42) Restore the min/max/critical temperatures on resume (git-fixes).
hwrng: amd - Fix PCI device refcount leak (git-fixes).
i2c: ismt: Fix an out-of-bounds bug in ismt_access() (git-fixes).
i2c: mux: reg: check return value after calling platform_get_resource() (git-fixes).
i2c: pxa-pci: fix missing pci_disable_device() on error in ce4100_i2c_probe (git-fixes).
IB/IPoIB: Fix queue count inconsistency for PKEY child interfaces (git-fixes)
ibmveth: Always stop tx queues during close (bsc#1065729).
iio: adc: ad_sigma_delta: do not use internal iio_dev lock (git-fixes).
iio: adc128s052: add proper .data members in adc128_of_match table (git-fixes).
iio: fix memory leak in iio_device_register_eventset() (git-fixes).
iio: temperature: ltc2983: make bulk write buffer DMA-safe (git-fixes).
ima: Fix a potential NULL pointer access in ima_restore_measurement_list (git-fixes).
Input: elants_i2c - properly handle the reset GPIO when power is off (git-fixes).
Input: joystick - fix Kconfig warning for JOYSTICK_ADC (git-fixes).
Input: wistron_btns - disable on UML (git-fixes).
integrity: Fix memory leakage in keyring allocation error path (git-fixes).
ipmi: fix long wait in unload when IPMI disconnect (git-fixes).
ipmi: fix memleak when unload ipmi driver (git-fixes).
ipmi: fix use after free in _ipmi_destroy_user() (git-fixes).
ipmi: kcs: Poll OBF briefly to reduce OBE latency (git-fixes).
ipu3-imgu: Fix NULL pointer dereference in imgu_subdev_set_selection() (git-fixes).
kABI: reintroduce a non-inline usleep_range (git-fixes).
lib/debugobjects: fix stat count and optimize debug_objects_mem_init (git-fixes).
lib/fonts: fix undefined behavior in bit shift for get_default_font (git-fixes).
mailbox: arm_mhuv2: Fix return value check in mhuv2_probe() (git-fixes).
mailbox: mpfs: read the system controller's status (git-fixes).
mailbox: zynq-ipi: fix error handling while device_register() fails (git-fixes).
media: adv748x: afe: Select input port when initializing AFE (git-fixes).
media: camss: Clean up received buffers on failed start of streaming (git-fixes).
media: dvb-core: Fix double free in dvb_register_device() (git-fixes).
media: dvb-core: Fix ignored return value in dvb_register_frontend() (git-fixes).
media: dvb-frontends: fix leak of memory fw (git-fixes).
media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer() (git-fixes).
media: dvb-usb: fix memory leak in dvb_usb_adapter_init() (git-fixes).
media: i2c: ad5820: Fix error path (git-fixes).
media: imon: fix a race condition in send_packet() (git-fixes).
media: saa7164: fix missing pci_disable_device() (git-fixes).
media: si470x: Fix use-after-free in si470x_int_in_callback() (git-fixes).
media: solo6x10: fix possible memory leak in solo_sysfs_init() (git-fixes).
media: stv0288: use explicitly signed char (git-fixes).
media: v4l2-ctrls: Fix off-by-one error in integer menu control check (git-fixes).
media: v4l2-dv-timings.c: fix too strict blanking sanity checks (git-fixes).
media: videobuf-dma-contig: use dma_mmap_coherent (git-fixes).
media: vidtv: Fix use-after-free in vidtv_bridge_dvb_init() (git-fixes).
media: vimc: Fix wrong function called when vimc_init() fails (git-fixes).
media: vivid: fix compose size exceed boundary (git-fixes).
memcg, kmem: further deprecate kmem.limit_in_bytes (bsc#1206896).
memcg: Fix possible use-after-free in memcg_write_event_control() (bsc#1206344).
mfd: bd957x: Fix Kconfig dependency on REGMAP_IRQ (git-fixes).
mfd: mt6360: Add bounds checking in Regmap read/write call-backs (git-fixes).
mfd: pm8008: Fix return value check in pm8008_probe() (git-fixes).
mfd: pm8008: Remove driver data structure pm8008_data (git-fixes).
mfd: qcom_rpm: Fix an error handling path in qcom_rpm_probe() (git-fixes).
mfd: qcom_rpm: Use devm_of_platform_populate() to simplify code (git-fixes).
misc: ocxl: fix possible name leak in ocxl_file_register_afu() (git-fixes).
misc: tifm: fix possible memory leak in tifm_7xx1_switch_media() (git-fixes).
mISDN: hfcmulti: do not call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (git-fixes).
mISDN: hfcpci: do not call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (git-fixes).
mISDN: hfcsusb: do not call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (git-fixes).
mm: fix race between MADV_FREE reclaim and blkdev direct IO read (bsc#1204989,bsc#1205601).
mm/mempolicy: fix memory leak in set_mempolicy_home_node system call (bsc#1206468).
mmc: alcor: fix return value check of mmc_add_host() (git-fixes).
mmc: atmel-mci: fix return value check of mmc_add_host() (git-fixes).
mmc: core: Normalize the error handling branch in sd_read_ext_regs() (git-fixes).
mmc: f-sdh30: Add quirks for broken timeout clock capability (git-fixes).
mmc: meson-gx: fix return value check of mmc_add_host() (git-fixes).
mmc: mmci: fix return value check of mmc_add_host() (git-fixes).
mmc: moxart: fix return value check of mmc_add_host() (git-fixes).
mmc: mtk-sd: Fix missing clk_disable_unprepare in msdc_of_clock_parse() (git-fixes).
mmc: mxcmmc: fix return value check of mmc_add_host() (git-fixes).
mmc: omap_hsmmc: fix return value check of mmc_add_host() (git-fixes).
mmc: pxamci: fix return value check of mmc_add_host() (git-fixes).
mmc: renesas_sdhi: alway populate SCC pointer (git-fixes).
mmc: renesas_sdhi: better reset from HS400 mode (git-fixes).
mmc: rtsx_pci: fix return value check of mmc_add_host() (git-fixes).
mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host() (git-fixes).
mmc: sdhci-sprd: Disable CLK_AUTO when the clock is less than 400K (git-fixes).
mmc: toshsd: fix return value check of mmc_add_host() (git-fixes).
mmc: via-sdmmc: fix return value check of mmc_add_host() (git-fixes).
mmc: vub300: fix return value check of mmc_add_host() (git-fixes).
mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING (git-fixes).
mmc: wbsd: fix return value check of mmc_add_host() (git-fixes).
mmc: wmt-sdmmc: fix return value check of mmc_add_host() (git-fixes).
module: change to print useful messages from elf_validity_check() (git-fixes).
module: fix [e_shstrndx].sh_size=0 OOB access (git-fixes).
mt76: stop the radar detector after leaving dfs channel (git-fixes).
mtd: Fix device name leak when register device failed in add_mtd_device() (git-fixes).
mtd: lpddr2_nvm: Fix possible null-ptr-deref (git-fixes).
mtd: maps: pxa2xx-flash: fix memory leak in probe (git-fixes).
mtd: spi-nor: Check for zero erase size in spi_nor_find_best_erase_type() (git-fixes).
mtd: spi-nor: Fix the number of bytes for the dummy cycles (git-fixes).
mtd: spi-nor: hide jedec_id sysfs attribute if not present (git-fixes).
net: allow retransmitting a TCP packet if original is still in queue (bsc#1188605 bsc#1187428 bsc#1206619).
net: mana: Fix race on per-CQ variable napi work_done (git-fixes).
net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe (git-fixes).
net: usb: qmi_wwan: add u-blox 0x1342 composition (git-fixes).
net: usb: smsc95xx: fix external PHY reset (git-fixes).
net/mlx5: Fix mlx5_get_next_dev() peer device matching (bsc#1206536).
net/mlx5: Lag, filter non compatible devices (bsc#1206536).
netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() (bsc#1204614).
nfc: Fix potential resource leaks (git-fixes).
nfc: pn533: Clear nfc_target before being used (git-fixes).
nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame() (git-fixes).
NFS: Handle missing attributes in OPEN reply (bsc#1203740).
nilfs2: fix shift-out-of-bounds due to too large exponent of block size (git-fixes).
nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset() (git-fixes).
octeontx2-af: Add PTP PPS Errata workaround on CN10K silicon (jsc#SLE-24682).
octeontx2-af: Allow mkex profile without DMAC and add L2M/L2B header extraction support (jsc#SLE-24682).
octeontx2-af: Do not reset previous pfc config (jsc#SLE-24682).
octeontx2-af: fix operand size in bitwise operation (jsc#SLE-24682).
octeontx2-af: Initialize PTP_SEC_ROLLOVER register properly (jsc#SLE-24682).
octeontx2-af: Limit link bringup time at firmware (jsc#SLE-24682).
octeontx2-af: return correct ptp timestamp for CN10K silicon (jsc#SLE-24682).
octeontx2-af: Set NIX link credits based on max LMAC (jsc#SLE-24682).
octeontx2-af: Skip CGX/RPM probe incase of zero lmac count (jsc#SLE-24682).
octeontx2-pf: Add egress PFC support (jsc#SLE-24682).
octeontx2-pf: Add support for ptp 1-step mode on CN10K silicon (jsc#SLE-24682).
octeontx2-pf: Fix lmtst ID used in aura free (jsc#SLE-24682).
octeontx2-pf: Fix pfc_alloc_status array overflow (jsc#SLE-24682).
octeontx2-pf: Fix SQE threshold checking (jsc#SLE-24682).
octeontx2-pf: Fix unused variable build error (jsc#SLE-24682).
octeontx2-pf: NIX TX overwrites SQ_CTX_HW_S[SQ_INT] (jsc#SLE-24682).
octeontx2-pf: Reduce minimum mtu size to 60 (jsc#SLE-24682).
octeontx2: Modify mbox request and response structures (jsc#SLE-24682).
padata: Fix list iterator in padata_do_serial() (git-fixes).
PCI: Check for alloc failure in pci_request_irq() (git-fixes).
PCI: dwc: Fix n_fts[] array overrun (git-fixes).
PCI: Fix pci_device_is_present() for VFs by checking PF (git-fixes).
PCI: pci-epf-test: Register notifier if only core_init_notifier is enabled (git-fixes).
PCI: vmd: Disable MSI remapping after suspend (git-fixes).
PCI/sysfs: Fix double free in error path (git-fixes).
phy: usb: s2 WoL wakeup_count not incremented for USB->Eth devices (git-fixes).
pinctrl: k210: call of_node_put() (git-fixes).
pinctrl: meditatek: Startup with the IRQs disabled (git-fixes).
pinctrl: pinconf-generic: add missing of_node_put() (git-fixes).
platform/chrome: cros_ec_typec: Cleanup switch handle return paths (git-fixes).
platform/chrome: cros_usbpd_notify: Fix error handling in cros_usbpd_notify_init() (git-fixes).
platform/mellanox: mlxbf-pmc: Fix event typo (git-fixes).
platform/x86: huawei-wmi: fix return value calculation (git-fixes).
platform/x86: intel_scu_ipc: fix possible name leak in __intel_scu_ipc_register() (git-fixes).
platform/x86: mxm-wmi: fix memleak in mxm_wmi_call_mx[ds|mx]() (git-fixes).
PM: hibernate: Fix mistake in kerneldoc comment (git-fixes).
PM: runtime: Do not call __rpm_callback() from rpm_idle() (git-fixes).
PNP: fix name memory leak in pnp_alloc_dev() (git-fixes).
power: supply: ab8500: Fix error handling in ab8500_charger_init() (git-fixes).
power: supply: fix null pointer dereferencing in power_supply_get_battery_info (git-fixes).
power: supply: fix residue sysfs file in error handle route of __power_supply_register() (git-fixes).
power: supply: z2_battery: Fix possible memleak in z2_batt_probe() (git-fixes).
powerpc: export the CPU node count (bsc#1207016 ltc#201108).
powerpc: Take in account addition CPU node when building kexec FDT (bsc#1207016 ltc#201108).
powerpc/64: Init jump labels before parse_early_param() (bsc#1065729).
powerpc/pci: Fix get_phb_number() locking (bsc#1065729).
powerpc/perf: callchain validate kernel stack pointer bounds (bsc#1065729).
powerpc/powernv: add missing of_node_put (bsc#1065729).
powerpc/pseries: unregister VPA when hot unplugging a CPU (bsc#1205695 ltc#200603).
powerpc/pseries/eeh: use correct API for error log size (bsc#1065729).
powerpc/rtas: avoid device tree lookups in rtas_os_term() (bsc#1065729).
powerpc/rtas: avoid scheduling in rtas_os_term() (bsc#1065729).
powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data() (git-fixes).
powerpc/xive/spapr: correct bitmap allocation size (git-fixes).
proc: fixup uptime selftest (git-fixes).
pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP (git-fixes).
pstore: Make sure CONFIG_PSTORE_PMSG selects CONFIG_RT_MUTEXES (git-fixes).
pstore: Properly assign mem_type property (git-fixes).
pstore: Switch pmsg_lock to an rt_mutex to avoid priority inversion (git-fixes).
pstore/ram: Fix error return code in ramoops_probe() (git-fixes).
pstore/zone: Use GFP_ATOMIC to allocate zone buffer (git-fixes).
pwm: lpc18xx-sct: Fix a comment to match code (git-fixes).
pwm: mediatek: always use bus clock for PWM on MT7622 (git-fixes).
pwm: sifive: Call pwm_sifive_update_clock() while mutex is held (git-fixes).
pwm: tegra: Improve required rate calculation (git-fixes).
r6040: Fix kmemleak in probe and remove (git-fixes).
random: allow partial reads if later user copies fail (bsc#1204911).
random: check for signals every PAGE_SIZE chunk of /dev/random (bsc#1204911).
random: convert to using fops->read_iter() (bsc#1204911).
random: convert to using fops->write_iter() (bsc#1204911).
random: remove outdated INT_MAX >> 6 check in urandom_read() (bsc#1204911).
random: zero buffer after reading entropy from userspace (bsc#1204911).
RDMA: Disable IB HW for UML (git-fixes)
RDMA/core: Fix order of nldev_exit call (git-fixes)
RDMA/core: Make sure 'ib_port' is valid when access sysfs node (git-fixes)
RDMA/efa: Add EFA 0xefa2 PCI ID (git-fixes)
RDMA/hfi: Decrease PCI device reference count in error path (git-fixes)
RDMA/hfi1: Fix error return code in parse_platform_config() (git-fixes)
RDMA/hns: Fix AH attr queried by query_qp (git-fixes)
RDMA/hns: Fix error code of CMD (git-fixes)
RDMA/hns: Fix ext_sge num error when post send (git-fixes)
RDMA/hns: fix memory leak in hns_roce_alloc_mr() (git-fixes)
RDMA/hns: Fix page size cap from firmware (git-fixes)
RDMA/hns: Fix PBL page MTR find (git-fixes)
RDMA/hns: Fix XRC caps on HIP08 (git-fixes)
RDMA/hns: Repacing 'dseg_len' by macros in fill_ext_sge_inl_data() (git-fixes)
RDMA/irdma: Do not request 2-level PBLEs for CQ alloc (git-fixes)
RDMA/irdma: Initialize net_type before checking it (git-fixes)
RDMA/irdma: Report the correct link speed (git-fixes)
RDMA/nldev: Add checks for nla_nest_start() in fill_stat_counter_qps() (git-fixes)
RDMA/nldev: Fix failure to send large messages (git-fixes)
RDMA/nldev: Return '-EAGAIN' if the cm_id isn't from expected port (git-fixes)
RDMA/restrack: Release MR restrack when delete (git-fixes)
RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed (git-fixes)
RDMA/siw: Fix immediate work request flush to completion queue (git-fixes)
RDMA/siw: Fix pointer cast warning (git-fixes)
RDMA/siw: Set defined status for work completion with undefined status (git-fixes)
RDMA/srp: Fix error return code in srp_parse_options() (git-fixes)
regulator: bd718x7: Drop unnecessary info print (git-fixes).
regulator: core: fix deadlock on regulator enable (git-fixes).
regulator: core: fix module refcount leak in set_supply() (git-fixes).
regulator: core: fix resource leak in regulator_register() (git-fixes).
regulator: core: fix unbalanced of node refcount in regulator_dev_lookup() (git-fixes).
regulator: core: fix use_count leakage when handling boot-on (git-fixes).
regulator: core: use kfree_const() to free space conditionally (git-fixes).
regulator: qcom-labibb: Fix missing of_node_put() in qcom_labibb_regulator_probe() (git-fixes).
regulator: qcom-rpmh: Fix PMR735a S3 regulator spec (git-fixes).
regulator: slg51000: Wait after asserting CS pin (git-fixes).
regulator: twl6030: fix get status of twl6032 regulators (git-fixes).
remoteproc: core: Do pm_relax when in RPROC_OFFLINE state (git-fixes).
remoteproc: qcom_q6v5_pas: detach power domains on remove (git-fixes).
remoteproc: qcom_q6v5_pas: disable wakeup on probe fail or remove (git-fixes).
remoteproc: qcom_q6v5_pas: Fix missing of_node_put() in adsp_alloc_memory_region() (git-fixes).
remoteproc: qcom: q6v5: Fix missing clk_disable_unprepare() in q6v5_wcss_qcs404_power_on() (git-fixes).
remoteproc: qcom: q6v5: Fix potential null-ptr-deref in q6v5_wcss_init_mmio() (git-fixes).
remoteproc: sysmon: fix memory leak in qcom_add_sysmon_subdev() (git-fixes).
restore m_can_lec_type (git-fixes).
rtc: cmos: fix build on non-ACPI platforms (git-fixes).
rtc: cmos: Fix event handler registration ordering issue (git-fixes).
rtc: cmos: Fix wake alarm breakage (git-fixes).
rtc: ds1347: fix value written to century register (git-fixes).
rtc: mxc_v2: Add missing clk_disable_unprepare() (git-fixes).
rtc: pcf85063: fix pcf85063_clkout_control (gut-fixes).
rtc: pcf85063: Fix reading alarm (git-fixes).
rtc: pic32: Move devm_rtc_allocate_device earlier in pic32_rtc_probe() (git-fixes).
rtc: rtc-cmos: Do not check ACPI_FADT_LOW_POWER_S0 (git-fixes).
rtc: snvs: Allow a time difference on clock register read (git-fixes).
rtc: st-lpc: Add missing clk_disable_unprepare in st_rtc_probe() (git-fixes).
rtmutex: Add acquire semantics for rtmutex lock acquisition slow path (bnc#1203829).
s390/boot: add secure boot trailer (bsc#1205257 LTC#200451).
sbitmap: fix lockup while swapping (bsc#1206602).
sched/core: Fix comparison in sched_group_cookie_match() (git-fixes)
sched/core: Fix the bug that task won't enqueue into core (git-fixes)
sched/topology: Remove redundant variable and fix incorrect (git-fixes)
sched/uclamp: Fix relationship between uclamp and migration (git-fixes)
sched/uclamp: Make task_fits_capacity() use util_fits_cpu() (git-fixes)
scsi: 3w-9xxx: Avoid disabling device if failing to enable it (git-fixes).
scsi: advansys: Fix kernel pointer leak (git-fixes).
scsi: aha152x: Fix aha152x_setup() __setup handler return value (git-fixes).
scsi: bfa: Replace snprintf() with sysfs_emit() (git-fixes).
scsi: core: Fix sbitmap depth in scsi_realloc_sdev_budget_map() (git-fixes).
scsi: core: Fix scsi_mode_sense() buffer length handling (git-fixes).
scsi: core: Reallocate device's budget map on queue depth change (git-fixes).
scsi: core: Restrict legal sdev_state transitions via sysfs (git-fixes).
scsi: hisi_sas: Free irq vectors in order for v3 HW (git-fixes).
scsi: hisi_sas: Limit max hw sectors for v3 HW (git-fixes).
scsi: hisi_sas: Use managed PCI functions (git-fixes).
scsi: ipr: Fix missing/incorrect resource cleanup in error case (git-fixes).
scsi: iscsi: Add recv workqueue helpers (git-fixes).
scsi: iscsi: Fix harmless double shift bug (git-fixes).
scsi: iscsi: Fix possible memory leak when device_register() failed (git-fixes).
scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername() (git-fixes).
scsi: iscsi: kabi: add iscsi_conn_queue_work back (git-fixes).
scsi: iscsi: kabi: fix libiscsi new field (git-fixes).
scsi: iscsi: Merge suspend fields (git-fixes).
scsi: iscsi: Rename iscsi_conn_queue_work() (git-fixes).
scsi: iscsi: Run recv path from workqueue (git-fixes).
scsi: iscsi: Unblock session then wake up error handler (git-fixes).
scsi: libfc: Fix use after free in fc_exch_abts_resp() (git-fixes).
scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() (git-fixes).
scsi: lpfc: Correct bandwidth logging during receipt of congestion sync WCQE (jsc#PED-1445).
scsi: lpfc: Fix crash involving race between FLOGI timeout and devloss handler (jsc#PED-1445).
scsi: lpfc: Fix MI capability display in cmf_info sysfs attribute (jsc#PED-1445).
scsi: lpfc: Fix WQ|CQ|EQ resource check (jsc#PED-1445).
scsi: lpfc: Remove linux/msi.h include (jsc#PED-1445).
scsi: lpfc: Remove redundant pointer 'lp' (jsc#PED-1445).
scsi: lpfc: Update lpfc version to 14.2.0.9 (jsc#PED-1445).
scsi: lpfc: Use memset_startat() helper (jsc#PED-1445).
scsi: megaraid_sas: Fix double kfree() (git-fixes).
scsi: megaraid_sas: Target with invalid LUN ID is deleted during scan (git-fixes).
scsi: megaraid: Fix error check return value of register_chrdev() (git-fixes).
scsi: mpi3mr: Fix memory leaks (git-fixes).
scsi: mpi3mr: Fix reporting of actual data transfer size (git-fixes).
scsi: mpi3mr: Fixes around reply request queues (git-fixes).
scsi: mpt3sas: Do not change DMA mask while reallocating pools (bsc#1206912,bsc#1206098).
scsi: mpt3sas: Fail reset operation if config request timed out (git-fixes).
scsi: mpt3sas: Fix out-of-bounds compiler warning (git-fixes).
scsi: mpt3sas: re-do lost mpt3sas DMA mask fix (bsc#1206912,bsc#1206098).
scsi: mpt3sas: Remove usage of dma_get_required_mask() API (bsc#1206912,bsc#1206098).
scsi: mvsas: Add PCI ID of RocketRaid 2640 (git-fixes).
scsi: mvsas: Replace snprintf() with sysfs_emit() (git-fixes).
scsi: myrb: Fix up null pointer access on myrb_cleanup() (git-fixes).
scsi: myrs: Fix crash in error case (git-fixes).
scsi: ncr53c8xx: Remove unused retrieve_from_waiting_list() function (git-fixes).
scsi: pm8001: Fix bogus FW crash for maxcpus=1 (git-fixes).
scsi: pm8001: Fix memory leak in pm8001_chip_fw_flash_update_req() (git-fixes).
scsi: pm8001: Fix pm8001_mpi_task_abort_resp() (git-fixes).
scsi: pm8001: Fix pm80xx_pci_mem_copy() interface (git-fixes).
scsi: pm8001: Fix tag leaks on error (git-fixes).
scsi: pm8001: Fix task leak in pm8001_send_abort_all() (git-fixes).
scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task (git-fixes).
scsi: pm8001: Fix use-after-free for aborted TMF sas_task (git-fixes).
scsi: pm80xx: Fix double completion for SATA devices (git-fixes).
scsi: pm80xx: Fix memory leak during rmmod (git-fixes).
scsi: pmcraid: Fix missing resource cleanup in error case (git-fixes).
scsi: qedf: Add stag_work to all the vports (git-fixes).
scsi: qedf: Change context reset messages to ratelimited (git-fixes).
scsi: qedf: Fix a UAF bug in __qedf_probe() (git-fixes).
scsi: qedf: Fix refcount issue when LOGO is received during TMF (git-fixes).
scsi: qla2xxx: Fix crash when I/O abort times out (jsc#PED-568).
scsi: qla2xxx: Fix set-but-not-used variable warnings (jsc#PED-568).
scsi: qla2xxx: Initialize vha->unknown_atio_[list, work] for NPIV hosts (jsc#PED-568).
scsi: qla2xxx: Remove duplicate of vha->iocb_work initialization (jsc#PED-568).
scsi: qla2xxx: Remove unused variable 'found_devs' (jsc#PED-568).
scsi: scsi_debug: Fix out-of-bound read in resp_readcap16() (git-fixes).
scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs() (git-fixes).
scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper() (git-fixes).
scsi: scsi_debug: Make the READ CAPACITY response compliant with ZBC (git-fixes).
scsi: scsi_dh_alua: Properly handle the ALUA transitioning state (git-fixes).
scsi: smartpqi: Fix kdump issue when controller is locked up (git-fixes).
scsi: sr: Do not use GFP_DMA (git-fixes).
scsi: ufs: core: Fix ufshcd_probe_hba() prototype to match the definition (git-fixes).
scsi: ufs: Fix a kernel crash during shutdown (git-fixes).
scsi: ufs: Treat link loss as fatal error (git-fixes).
scsi: ufs: ufshcd-pltfrm: Check the return value of devm_kstrdup() (git-fixes).
scsi: ufs: Use generic error code in ufshcd_set_dev_pwr_mode() (git-fixes).
scsi: ufs: Use pm_runtime_resume_and_get() instead of pm_runtime_get_sync() (git-fixes).
scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (git-fixes).
sctp: sysctl: make extra pointers netns aware (bsc#1204760).
selftests: devlink: fix the fd redirect in dummy_reporter_test (git-fixes).
selftests: set the BUILD variable to absolute path (git-fixes).
selftests: Use optional USERCFLAGS and USERLDFLAGS (git-fixes).
selftests/efivarfs: Add checking of the test return value (git-fixes).
selftests/ftrace: event_triggers: wait longer for test_event_enable (git-fixes).
selftests/powerpc: Fix resource leaks (git-fixes).
serial: 8250_bcm7271: Fix error handling in brcmuart_init() (git-fixes).
serial: amba-pl011: avoid SBSA UART accessing DMACR register (git-fixes).
serial: pch: Fix PCI device refcount leak in pch_request_dma() (git-fixes).
serial: pl011: Do not clear RX FIFO & RX interrupt in unthrottle (git-fixes).
serial: stm32: move dma_request_chan() before clk_prepare_enable() (git-fixes).
serial: sunsab: Fix error handling in sunsab_init() (git-fixes).
serial: tegra: Read DMA status before terminating (git-fixes).
soc: mediatek: pm-domains: Fix the power glitch issue (git-fixes).
soc: qcom: llcc: make irq truly optional (git-fixes).
soc: qcom: Select REMAP_MMIO for LLCC driver (git-fixes).
soc: ti: knav_qmss_queue: Fix PM disable depth imbalance in knav_queue_probe (git-fixes).
soc: ti: knav_qmss_queue: Use pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes).
soc: ti: smartreflex: Fix PM disable depth imbalance in omap_sr_probe (git-fixes).
soundwire: dmi-quirks: add quirk variant for LAPBC710 NUC15 (git-fixes).
spi: spi-gpio: Do not set MOSI as an input if not 3WIRE mode (git-fixes).
spi: spidev: mask SPI_CS_HIGH in SPI_IOC_RD_MODE (git-fixes).
spi: Update reference to struct spi_controller (git-fixes).
staging: media: tegra-video: fix chan->mipi value on error (git-fixes).
staging: media: tegra-video: fix device_node use after free (git-fixes).
staging: rtl8192e: Fix potential use-after-free in rtllib_rx_Monitor() (git-fixes).
staging: rtl8192u: Fix use after free in ieee80211_rx() (git-fixes).
string.h: Introduce memset_startat() for wiping trailing members and padding (jsc#PED-1445).
test_firmware: fix memory leak in test_firmware_init() (git-fixes).
thermal: core: fix some possible name leaks in error paths (git-fixes).
thermal: int340x: Add missing attribute for data rate base (git-fixes).
thermal/drivers/imx8mm_thermal: Validate temperature range (git-fixes).
thermal/drivers/qcom/temp-alarm: Fix inaccurate warning for gen2 (git-fixes).
timers: implement usleep_idle_range() (git-fixes).
tpm: acpi: Call acpi_put_table() to fix memory leak (git-fixes).
tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak (git-fixes).
tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak (git-fixes).
tpm/tpm_crb: Fix error message in __crb_relinquish_locality() (git-fixes).
tpm/tpm_ftpm_tee: Fix error handling in ftpm_mod_init() (git-fixes).
tracing: Add tracing_reset_all_online_cpus_unlocked() function (git-fixes).
tracing: Free buffers when a used dynamic event is removed (git-fixes).
tracing/doc: Fix typos on the timerlat tracer documentation (git-fixes).
tracing/osnoise: Fix duration type (git-fixes).
tty: serial: altera_uart_{r,t}x_chars() need only uart_port (git-fixes).
tty: serial: clean up stop-tx part in altera_uart_tx_chars() (git-fixes).
uio: uio_dmem_genirq: Fix deadlock between irq config and handling (git-fixes).
uio: uio_dmem_genirq: Fix missing unlock in irq configuration (git-fixes).
units: Add SI metric prefix definitions (git-fixes).
units: add the HZ macros (git-fixes).
usb: cdnsp: fix lack of ZLP for ep0 (git-fixes).
usb: dwc3: core: defer probe on ulpi_read_id timeout (git-fixes).
usb: dwc3: fix PHY disable sequence (git-fixes).
usb: dwc3: Fix race between dwc3_set_mode and __dwc3_set_mode (git-fixes).
usb: dwc3: gadget: Disable GUSB2PHYCFG.SUSPHY for End Transfer (git-fixes).
usb: dwc3: pci: Update PCIe device ID for USB3 controller on CPU sub-system for Raptor Lake (git-fixes).
usb: dwc3: qcom: fix runtime PM wakeup (git-fixes).
usb: gadget: uvc: Prevent buffer overflow in setup handler (git-fixes).
usb: gadget: uvc: Rename bmInterfaceFlags -> bmInterlaceFlags (git-fixes).
usb: rndis_host: Secure rndis_query check against int overflow (git-fixes).
usb: roles: fix of node refcount leak in usb_role_switch_is_parent() (git-fixes).
usb: serial: cp210x: add Kamstrup RF sniffer PIDs (git-fixes).
usb: serial: f81232: fix division by zero on line-speed change (git-fixes).
usb: serial: f81534: fix division by zero on line-speed change (git-fixes).
usb: serial: option: add Quectel EM05-G modem (git-fixes).
usb: storage: Add check for kcalloc (git-fixes).
usb: typec: Check for ops->exit instead of ops->enter in altmode_exit (git-fixes).
usb: typec: Factor out non-PD fwnode properties (git-fixes).
usb: typec: tcpci: fix of node refcount leak in tcpci_register_port() (git-fixes).
usb: typec: tipd: Cleanup resources if devm_tps6598_psy_register fails (git-fixes).
usb: typec: tipd: Fix spurious fwnode_handle_put in error path (git-fixes).
usb: ulpi: defer ulpi_register on ulpi_read_id timeout (git-fixes).
usb: xhci-mtk: fix leakage of shared hcd when fail to set wakeup irq (git-fixes).
vdpa_sim: fix possible memory leak in vdpasim_net_init() and vdpasim_blk_init() (git-fixes).
vdpa_sim: fix vringh initialization in vdpasim_queue_ready() (git-fixes).
vfio: platform: Do not pass return buffer to ACPI _RST method (git-fixes).
vhost: fix range used in translate_desc() (git-fixes).
vhost/vsock: Fix error handling in vhost_vsock_init() (git-fixes).
vmxnet3: correctly report csum_level for encapsulated packet (git-fixes).
vringh: fix range used in iotlb_translate() (git-fixes).
vsock: Enable y2038 safe timeval for timeout (bsc#1206101).
vsock: Refactor vsock_*_getsockopt to resemble sock_getsockopt (bsc#1206101).
wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out (git-fixes).
wifi: ath10k: Fix return value in ath10k_pci_init() (git-fixes).
wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs() (git-fixes).
wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb() (git-fixes).
wifi: ath9k: verify the expected usb_endpoints are present (git-fixes).
wifi: brcmfmac: Fix error return code in brcmf_sdio_download_firmware() (git-fixes).
wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request() (git-fixes).
wifi: cfg80211: Fix not unregister reg_pdev when load_builtin_regdb_keys() fails (git-fixes).
wifi: iwlwifi: mvm: fix double free on tx path (git-fixes).
wifi: mac80211: fix memory leak in ieee80211_if_add() (git-fixes).
wifi: mt76: do not run mt76u_status_worker if the device is not running (git-fixes).
wifi: mt76: fix coverity overrun-call in mt76_get_txpower() (git-fixes).
wifi: rsi: Fix handling of 802.3 EAPOL frames sent via control port (git-fixes).
wifi: rtl8xxxu: Add __packed to struct rtl8723bu_c2h (git-fixes).
wifi: rtl8xxxu: Fix the channel width reporting (git-fixes).
wifi: rtl8xxxu: gen2: Turn on the rate control (git-fixes).
wifi: rtw89: fix physts IE page check (git-fixes).
wifi: rtw89: Fix some error handling path in rtw89_core_sta_assoc() (git-fixes).
wifi: rtw89: use u32_encode_bits() to fill MAC quota value (git-fixes).
wifi: wilc1000: sdio: fix module autoloading (git-fixes).
xfrm: Fix oops in __xfrm_state_delete() (bsc#1206794).
xhci: Apply XHCI_RESET_TO_DEFAULT quirk to ADL-N (git-fixes).

Advisory ID	SUSE-SU-2023:149-1
Released	Thu Jan 26 10:18:30 2023
Summary	Security update for the Linux Kernel
Type	security
Severity	important
References	1065729,1187428,1188605,1190969,1191259,1193629,1199294,1201068,1203219,1203740,1203829,1204614,1204652,1204760,1204911,1204989,1205257,1205263,1205485,1205496,1205601,1205695,1206073,1206098,1206101,1206188,1206209,1206273,1206344,1206389,1206390,1206391,1206393,1206394,1206395,1206396,1206397,1206398,1206399,1206456,1206468,1206515,1206536,1206554,1206602,1206619,1206664,1206703,1206794,1206896,1206912,1207016,CVE-2022-3104,CVE-2022-3105,CVE-2022-3106,CVE-2022-3107,CVE-2022-3108,CVE-2022-3111,CVE-2022-3112,CVE-2022-3113,CVE-2022-3114,CVE-2022-3115,CVE-2022-3344,CVE-2022-3564,CVE-2022-4379,CVE-2022-4662,CVE-2022-47520

Description:

The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:

CVE-2022-3344: Fixed a bug where nested shutdown interception could lead to host crash (bsc#1204652)
CVE-2022-4662: Fixed a recursive locking violation in usb-storage that can cause the kernel to deadlock. (bsc#1206664)
CVE-2022-3115: Fixed a null pointer dereference in malidp_crtc.c caused by a lack of checks of the return value of kzalloc. (bsc#1206393)
CVE-2022-47520: Fixed an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet. (bsc#1206515)
CVE-2022-3112: Fixed a null pointer dereference caused by lacks check of the return value of kzalloc() in vdec_helpers.c:amvdec_set_canvases. (bsc#1206399)
CVE-2022-3564: Fixed a bug which could lead to use after free, it was found in the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. (bsc#1206073)
CVE-2022-4379: Fixed a use-after-free vulnerability in nfs4file.c:__nfs42_ssc_open. (bsc#1206209)
CVE-2022-3108: Fixed a bug in kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c where a lack of check of the return value of kmemdup() could lead to a NULL pointer dereference. (bsc#1206389)
CVE-2022-3104: Fixed a null pointer dereference caused by caused by a missing check of the return value of kzalloc() in bugs.c:lkdtm_ARRAY_BOUNDS. (bsc#1206396)
CVE-2022-3113: Fixed a null pointer dereference caused by a missing check of the return value of devm_kzalloc. (bsc#1206390)
CVE-2022-3107: Fixed a null pointer dereference caused by a missing check of the return value of kvmalloc_array. (bsc#1206395)
CVE-2022-3114: Fixed a null pointer dereference caused by a missing check of the return value of kcalloc. (bsc#1206391)
CVE-2022-3111: Fixed a missing release of resource after effective lifetime bug caused by a missing free of the WM8350_IRQ_CHG_FAST_RDY in wm8350_init_charger. (bsc#1206394)
CVE-2022-3105: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc_array. (bsc#1206398)
CVE-2022-3106: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc. (bsc#1206397)

The following non-security bugs were fixed:

acct: fix potential integer overflow in encode_comp_t() (git-fixes).
ACPI: resource: Skip IRQ override on Asus Vivobook K3402ZA/K3502ZA (git-fixes).
ACPICA: Fix error code path in acpi_ds_call_control_method() (git-fixes).
ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage() (git-fixes).
ALSA: asihpi: fix missing pci_disable_device() (git-fixes).
ALSA: hda/hdmi: Add HP Device 0x8711 to force connect list (git-fixes).
ALSA: hda/realtek: Add quirk for Lenovo TianYi510Pro-14IOB (git-fixes).
ALSA: hda/realtek: Apply dual codec fixup for Dell Latitude laptops (git-fixes).
ALSA: line6: correct midi status byte when receiving data from podxt (git-fixes).
ALSA: line6: fix stack overflow in line6_midi_transmit (git-fixes).
ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt (git-fixes).
ALSA: patch_realtek: Fix Dell Inspiron Plus 16 (git-fixes).
ALSA: pcm: fix undefined behavior in bit shift for SNDRV_PCM_RATE_KNOT (git-fixes).
ALSA: pcm: Set missing stop_operating flag at undoing trigger start (git-fixes).
ALSA: seq: Fix function prototype mismatch in snd_seq_expand_var_event (git-fixes).
ALSA: seq: fix undefined behavior in bit shift for SNDRV_SEQ_FILTER_USE_EVENT (git-fixes).
ALSA: usb-audio: add the quirk for KT0206 device (git-fixes).
amdgpu/pm: prevent array underflow in vega20_odn_edit_dpm_table() (git-fixes).
apparmor: fix a memleak in multi_transaction_new() (git-fixes).
apparmor: Fix abi check to include v8 abi (git-fixes).
apparmor: fix lockdep warning when removing a namespace (git-fixes).
apparmor: Fix memleak in alloc_ns() (git-fixes).
apparmor: Use pointer to struct aa_label for lbs_cred (git-fixes).
ARM: 9251/1: perf: Fix stacktraces for tracepoint events in THUMB2 kernels (git-fixes).
ARM: 9256/1: NWFPE: avoid compiler-generated __aeabi_uldivmod (git-fixes).
ARM: dts: armada-370: Fix assigned-addresses for every PCIe Root Port (git-fixes).
ARM: dts: armada-375: Fix assigned-addresses for every PCIe Root Port (git-fixes).
ARM: dts: armada-38x: Fix assigned-addresses for every PCIe Root Port (git-fixes).
ARM: dts: armada-38x: Fix compatible string for gpios (git-fixes).
ARM: dts: armada-39x: Fix assigned-addresses for every PCIe Root Port (git-fixes).
ARM: dts: armada-39x: Fix compatible string for gpios (git-fixes).
ARM: dts: armada-xp: Fix assigned-addresses for every PCIe Root Port (git-fixes).
ARM: dts: dove: Fix assigned-addresses for every PCIe Root Port (git-fixes).
ARM: dts: nuvoton: Remove bogus unit addresses from fixed-partition nodes (git-fixes).
ARM: dts: qcom: apq8064: fix coresight compatible (git-fixes).
ARM: dts: rockchip: disable arm_global_timer on rk3066 and rk3188 (git-fixes).
ARM: dts: rockchip: fix ir-receiver node names (git-fixes).
ARM: dts: rockchip: fix node name for hym8563 rtc (git-fixes).
ARM: dts: rockchip: remove clock-frequency from rtc (git-fixes).
ARM: dts: rockchip: rk3188: fix lcdc1-rgb24 node name (git-fixes).
ARM: dts: spear600: Fix clcd interrupt (git-fixes).
ARM: dts: stm32: Drop stm32mp15xc.dtsi from Avenger96 (git-fixes).
ARM: dts: stm32: Fix AV96 WLAN regulator gpio property (git-fixes).
ARM: dts: turris-omnia: Add ethernet aliases (git-fixes).
ARM: dts: turris-omnia: Add switch port 6 node (git-fixes).
ARM: mmp: fix timer_read delay (git-fixes).
ARM: ux500: do not directly dereference __iomem (git-fixes).
arm64: Avoid repeated AA64MMFR1_EL1 register read on pagefault path (performance bsc#1203219).
arm64: dts: armada-3720-turris-mox: Add missing interrupt for RTC (git-fixes).
arm64: dts: mediatek: mt6797: Fix 26M oscillator unit name (git-fixes).
arm64: dts: mediatek: pumpkin-common: Fix devicetree warnings (git-fixes).
arm64: dts: mt2712-evb: Fix usb vbus regulators unit names (git-fixes).
arm64: dts: mt2712-evb: Fix vproc fixed regulators unit names (git-fixes).
arm64: dts: mt2712e: Fix unit address for pinctrl node (git-fixes).
arm64: dts: mt2712e: Fix unit_address_vs_reg warning for oscillators (git-fixes).
arm64: dts: mt6779: Fix devicetree build warnings (git-fixes).
arm64: dts: mt7622: drop r_smpl property from mmc node (git-fixes).
arm64: dts: mt8183: drop drv-type from mmc-node (git-fixes).
arm64: dts: mt8183: Fix Mali GPU clock (git-fixes).
arm64: dts: qcom: ipq6018-cp01-c1: use BLSPI1 pins (git-fixes).
arm64: dts: qcom: msm8916: Drop MSS fallback compatible (git-fixes).
arm64: dts: qcom: msm8996: Add MSM8996 Pro support (git-fixes).
arm64: dts: qcom: msm8996: fix GPU OPP table (git-fixes).
arm64: dts: qcom: msm8996: fix supported-hw in cpufreq OPP tables (git-fixes).
arm64: dts: qcom: sdm630: fix UART1 pin bias (git-fixes).
arm64: dts: qcom: sdm845-cheza: fix AP suspend pin bias (git-fixes).
arm64: dts: qcom: sdm845-db845c: correct SPI2 pins drive strength (git-fixes).
arm64: dts: qcom: sdm850-lenovo-yoga-c630: correct I2C12 pins drive strength (git-fixes).
arm64: dts: qcom: sm8250-sony-xperia-edo: fix touchscreen bias-disable (git-fixes).
arm64: dts: qcom: sm8250: correct LPASS pin pull down (git-fixes).
arm64: dts: qcom: sm8250: drop bogus DP PHY clock (git-fixes).
arm64: dts: qcom: sm8250: fix USB-DP PHY registers (git-fixes).
arm64: dts: rockchip: fix ir-receiver node names (git-fixes).
arm64: dts: rockchip: keep I2S1 disabled for GPIO function on ROCK Pi 4 series (git-fixes).
arm64: dts: ti: k3-am65-main: Drop dma-coherent in crypto node (git-fixes).
arm64: dts: ti: k3-j721e-main: Drop dma-coherent in crypto node (git-fixes).
ASoC: audio-graph-card: fix refcount leak of cpu_ep in __graph_for_each_link() (git-fixes).
ASoC: codecs: rt298: Add quirk for KBL-R RVP platform (git-fixes).
ASoC: cs42l51: Correct PGA Volume minimum value (git-fixes).
ASoC: dt-bindings: wcd9335: fix reset line polarity in example (git-fixes).
ASoC: fsl_micfil: explicitly clear CHnF flags (git-fixes).
ASoC: fsl_micfil: explicitly clear software reset bit (git-fixes).
ASoC: Intel: bytcr_rt5640: Add quirk for the Advantech MICA-071 tablet (git-fixes).
ASoC: jz4740-i2s: Handle independent FIFO flush bits (git-fixes).
ASoC: mediatek: mt8173-rt5650-rt5514: fix refcount leak in mt8173_rt5650_rt5514_dev_probe() (git-fixes).
ASoC: mediatek: mt8173: Enable IRQ when pdata is ready (git-fixes).
ASoC: mediatek: mt8183: fix refcount leak in mt8183_mt6358_ts3a227_max98357_dev_probe() (git-fixes).
ASoC: mediatek: mtk-btcvsd: Add checks for write and read of mtk_btcvsd_snd (git-fixes).
ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx() (git-fixes).
ASoC: ops: Correct bounds check for second channel on SX controls (git-fixes).
ASoC: pcm512x: Fix PM disable depth imbalance in pcm512x_probe (git-fixes).
ASoC: pxa: fix null-pointer dereference in filter() (git-fixes).
ASoC: qcom: Add checks for devm_kcalloc (git-fixes).
ASoC: rockchip: pdm: Add missing clk_disable_unprepare() in rockchip_pdm_runtime_resume() (git-fixes).
ASoC: rockchip: spdif: Add missing clk_disable_unprepare() in rk_spdif_runtime_resume() (git-fixes).
ASoC: rt5670: Remove unbalanced pm_runtime_put() (git-fixes).
ASoC: rt711-sdca: fix the latency time of clock stop prepare state machine transitions (git-fixes).
ASoC: soc-pcm: Add NULL check in BE reparenting (git-fixes).
ASoC: wm8962: Wait for updated value of WM8962_CLOCKING1 register (git-fixes).
ASoC: wm8994: Fix potential deadlock (git-fixes).
ata: ahci: Fix PCS quirk application for suspend (git-fixes).
binfmt_elf: fix documented return value for load_elf_phdrs() (git-fixes).
binfmt_misc: fix shift-out-of-bounds in check_special_flags (git-fixes).
binfmt: Fix error return code in load_elf_fdpic_binary() (git-fixes).
block: Do not reread partition table on exclusively open device (bsc#1190969).
Bluetooth: btintel: Fix missing free skb in btintel_setup_combined() (git-fixes).
Bluetooth: btusb: Add debug message for CSR controllers (git-fixes).
Bluetooth: btusb: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
Bluetooth: hci_bcsp: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
Bluetooth: hci_core: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
Bluetooth: hci_h5: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
Bluetooth: hci_ll: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
Bluetooth: hci_qca: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
Bluetooth: MGMT: Fix error report for ADD_EXT_ADV_PARAMS (git-fixes).
Bluetooth: RFCOMM: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
brcmfmac: return error when getting invalid max_flowrings from dongle (git-fixes).
caif: fix memory leak in cfctrl_linkup_request() (git-fixes).
can: do not increase rx statistics when generating a CAN rx error message frame (git-fixes).
can: do not increase rx_bytes statistics for RTR frames (git-fixes).
can: kvaser_usb_leaf: Fix bogus restart events (git-fixes).
can: kvaser_usb_leaf: Fix wrong CAN state after stopping (git-fixes).
can: kvaser_usb_leaf: Set Warning state even without bus errors (git-fixes).
can: kvaser_usb: do not increase tx statistics when sending error message frames (git-fixes).
can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits (git-fixes).
can: kvaser_usb: make use of units.h in assignment of frequency (git-fixes).
can: m_can: fix typo prescalar -> prescaler (git-fixes).
can: m_can: is_lec_err(): clean up LEC error handling (git-fixes).
can: mcba_usb: Fix termination command argument (git-fixes).
can: sja1000: fix size of OCR_MODE_MASK define (git-fixes).
can: tcan4x5x: Remove invalid write in clear_interrupts (git-fixes).
chardev: fix error handling in cdev_device_add() (git-fixes).
cifs: Add 'extbuf' and 'extbuflen' args to smb2_compound_op() (bsc#1193629).
cifs: do not block in dfs_cache_noreq_update_tgthint() (bsc#1193629).
cifs: do not leak -ENOMEM in smb2_open_file() (bsc#1193629).
cifs: do not refresh cached referrals from unactive mounts (bsc#1193629).
cifs: fix confusing debug message (bsc#1193629).
cifs: Fix kmap_local_page() unmapping (git-fixes).
cifs: fix missing display of three mount options (bsc#1193629).
cifs: fix oops during encryption (bsc#1199294).
cifs: fix refresh of cached referrals (bsc#1193629).
cifs: fix source pathname comparison of dfs supers (bsc#1193629).
cifs: fix various whitespace errors in headers (bsc#1193629).
cifs: get rid of mount options string parsing (bsc#1193629).
cifs: minor cleanup of some headers (bsc#1193629).
cifs: optimize reconnect of nested links (bsc#1193629).
cifs: Parse owner/group for stat in smb311 posix extensions (bsc#1193629).
cifs: print warning when conflicting soft vs. hard mount options specified (bsc#1193629).
cifs: reduce roundtrips on create/qinfo requests (bsc#1193629).
cifs: refresh root referrals (bsc#1193629).
cifs: Remove duplicated include in cifsglob.h (bsc#1193629).
cifs: remove unused smb3_fs_context::mount_options (bsc#1193629).
cifs: set correct ipc status after initial tree connect (bsc#1193629).
cifs: set correct status of tcon ipc when reconnecting (bsc#1193629).
cifs: set correct tcon status after initial tree connect (bsc#1193629).
cifs: set resolved ip in sockaddr (bsc#1193629).
cifs: share dfs connections and supers (bsc#1193629).
cifs: skip alloc when request has no pages (bsc#1193629).
cifs: split out ses and tcon retrieval from mount_get_conns() (bsc#1193629).
cifs: update internal module number (bsc#1193629).
cifs: use fs_context for automounts (bsc#1193629).
cifs: use origin fullpath for automounts (bsc#1193629).
class: fix possible memory leak in __class_register() (git-fixes).
clk: Fix pointer casting to prevent oops in devm_clk_release() (git-fixes).
clk: generalize devm_clk_get() a bit (git-fixes).
clk: imx: imx8mp: add shared clk gate for usb suspend clk (git-fixes).
clk: imx: replace osc_hdmi with dummy (git-fixes).
clk: nomadik: correct struct name kernel-doc warning (git-fixes).
clk: Provide new devm_clk helpers for prepared and enabled clocks (git-fixes).
clk: qcom: clk-krait: fix wrong div2 functions (git-fixes).
clk: qcom: gcc-sm8250: Use retention mode for USB GDSCs (git-fixes).
clk: qcom: lpass-sc7180: Fix pm_runtime usage (git-fixes).
clk: renesas: r9a06g032: Repair grave increment error (git-fixes).
clk: rockchip: Fix memory leak in rockchip_clk_register_pll() (git-fixes).
clk: samsung: Fix memory leak in _samsung_clk_register_pll() (git-fixes).
clk: socfpga: Fix memory leak in socfpga_gate_init() (git-fixes).
clk: st: Fix memory leak in st_of_quadfs_setup() (git-fixes).
clk: sunxi-ng: v3s: Correct the header guard of ccu-sun8i-v3s.h (git-fixes).
clocksource/drivers/sh_cmt: Access registers according to spec (git-fixes).
clocksource/drivers/timer-ti-dm: Fix missing clk_disable_unprepare in dmtimer_systimer_init_clock() (git-fixes).
cpufreq: ACPI: Defer setting boost MSRs (bsc#1205485).
cpufreq: ACPI: Only set boost MSRs on supported CPUs (bsc#1205485).
cpufreq: ACPI: Remove unused variables 'acpi_cpufreq_online' and 'ret' (bsc#1205485).
cpufreq: intel_pstate: Add Sapphire Rapids support in no-HWP mode (bsc#1201068).
crypto: ccree - Make cc_debugfs_global_fini() available for module init function (git-fixes).
crypto: ccree - Remove debugfs when platform_driver_register failed (git-fixes).
crypto: cryptd - Use request context instead of stack for sub-request (git-fixes).
crypto: hisilicon/qm - fix missing destroy qp_idr (git-fixes).
crypto: img-hash - Fix variable dereferenced before check 'hdev->req' (git-fixes).
crypto: n2 - add missing hash statesize (git-fixes).
crypto: nitrox - avoid double free on error path in nitrox_sriov_init() (git-fixes).
crypto: omap-sham - Use pm_runtime_resume_and_get() in omap_sham_probe() (git-fixes).
crypto: rockchip - add fallback for ahash (git-fixes).
crypto: rockchip - add fallback for cipher (git-fixes).
crypto: rockchip - better handle cipher key (git-fixes).
crypto: rockchip - do not do custom power management (git-fixes).
crypto: rockchip - do not store mode globally (git-fixes).
crypto: rockchip - remove non-aligned handling (git-fixes).
crypto: rockchip - rework by using crypto_engine (git-fixes).
crypto: sun8i-ss - use dma_addr instead u32 (git-fixes).
crypto: tcrypt - Fix multibuffer skcipher speed test mem leak (git-fixes).
device property: Fix documentation for fwnode_get_next_parent() (git-fixes).
dmaengine: idxd: Fix crc_val field for completion record (git-fixes).
docs/zh_CN: Fix '.. only::' directive's expression (git-fixes).
Documentation: devres: add missing devm_acpi_dma_controller_free() helper (git-fixes).
Documentation: devres: add missing MEM helper (git-fixes).
Documentation: devres: add missing PHY helpers (git-fixes).
Documentation: devres: add missing PWM helper (git-fixes).
drbd: destroy workqueue when drbd device was freed (git-fixes).
drbd: remove call to memset before free device/resource/connection (git-fixes).
drbd: remove usage of list iterator variable after loop (git-fixes).
drbd: set QUEUE_FLAG_STABLE_WRITES (git-fixes).
drbd: use after free in drbd_create_device() (git-fixes).
driver core: Fix bus_type.match() error handling in __driver_attach() (git-fixes).
drivers: dio: fix possible memory leak in dio_init() (git-fixes).
drivers: soc: ti: knav_qmss_queue: Mark knav_acc_firmwares as static (git-fixes).
drm: bridge: dw_hdmi: fix preference of RGB modes over YUV420 (git-fixes).
drm/amd/display: fix array index out of bound error in bios parser (git-fixes).
drm/amd/display: Manually adjust strobe for DCN303 (git-fixes).
drm/amd/display: prevent memory leak (git-fixes).
drm/amd/display: Use the largest vready_offset in pipe group (git-fixes).
drm/amd/pm/smu11: BACO is supported when it's in BACO state (git-fixes).
drm/amdgpu: fix pci device refcount leak (git-fixes).
drm/amdgpu: Fix PCI device refcount leak in amdgpu_atrm_get_bios() (git-fixes).
drm/amdgpu: Fix type of second parameter in odn_edit_dpm_table() callback (git-fixes).
drm/amdgpu: Fix type of second parameter in trans_msg() callback (git-fixes).
drm/amdgpu: handle polaris10/11 overlap asics (v2) (git-fixes).
drm/amdgpu: make display pinning more flexible (v2) (git-fixes).
drm/amdgpu/powerplay/psm: Fix memory leak in power state init (git-fixes).
drm/amdgpu/sdma_v4_0: turn off SDMA ring buffer in the s2idle suspend (git-fixes).
drm/amdkfd: Fix memory leakage (git-fixes).
drm/bridge: adv7533: remove dynamic lane switching from adv7533 bridge (git-fixes).
drm/bridge: anx7625: Fix edid_read break case in sp_tx_edid_read() (git-fixes).
drm/bridge: ti-sn65dsi86: Fix output polarity setting bug (git-fixes).
drm/connector: send hotplug uevent on connector cleanup (git-fixes).
drm/edid: Fix minimum bpc supported with DSC1.2 for HDMI sink (git-fixes).
drm/etnaviv: add missing quirks for GC300 (git-fixes).
drm/etnaviv: do not truncate physical page address (git-fixes).
drm/fourcc: Add packed 10bit YUV 4:2:0 format (git-fixes).
drm/fourcc: Fix vsub/hsub for Q410 and Q401 (git-fixes).
drm/fsl-dcu: Fix return type of fsl_dcu_drm_connector_mode_valid() (git-fixes).
drm/i915: Fix documentation for intel_uncore_forcewake_put__locked (git-fixes).
drm/i915: remove circ_buf.h includes (git-fixes).
drm/i915: unpin on error in intel_vgpu_shadow_mm_pin() (git-fixes).
drm/i915/display: Do not disable DDI/Transcoder when setting phy test pattern (git-fixes).
drm/i915/dsi: fix VBT send packet port selection for dual link DSI (git-fixes).
drm/i915/gvt: fix gvt debugfs destroy (git-fixes).
drm/i915/gvt: fix vgpu debugfs clean in remove (git-fixes).
drm/i915/migrate: do not check the scratch page (git-fixes).
drm/i915/migrate: fix length calculation (git-fixes).
drm/i915/migrate: fix offset calculation (git-fixes).
drm/i915/ttm: never purge busy objects (git-fixes).
drm/imx: ipuv3-plane: Fix overlay plane width (git-fixes).
drm/ingenic: Fix missing platform_driver_unregister() call in ingenic_drm_init() (git-fixes).
drm/mediatek: Fix return type of mtk_hdmi_bridge_mode_valid() (git-fixes).
drm/mediatek: Modify dpi power on/off sequence (git-fixes).
drm/meson: Reduce the FIFO lines held when AFBC is not used (git-fixes).
drm/msm: Use drm_mode_copy() (git-fixes).
drm/panel/panel-sitronix-st7701: Remove panel on DSI attach failure (git-fixes).
drm/panfrost: Fix GEM handle creation ref-counting (git-fixes).
drm/radeon: Add the missed acpi_put_table() to fix memory leak (git-fixes).
drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios() (git-fixes).
drm/rockchip: lvds: fix PM usage counter unbalance in poweron (git-fixes).
drm/rockchip: Use drm_mode_copy() (git-fixes).
drm/shmem-helper: Avoid vm_open error paths (git-fixes).
drm/shmem-helper: Remove errant put in error path (git-fixes).
drm/sti: Fix return type of sti_{dvo,hda,hdmi}_connector_mode_valid() (git-fixes).
drm/sti: Use drm_mode_copy() (git-fixes).
drm/tegra: Add missing clk_disable_unprepare() in tegra_dc_probe() (git-fixes).
drm/vmwgfx: Do not use screen objects when SEV is active (git-fixes).
drm/vmwgfx: Fix a sparse warning in kernel docs (git-fixes).
drm/vmwgfx: Validate the box size for the snooped cursor (git-fixes).
Drop FIPS mode DRBG->getrandom(2) wire-up (bsc#1191259)
dt-bindings: clock: qcom,aoncc-sm8250: fix compatible (git-fixes).
dt-bindings: clocks: imx8mp: Add ID for usb suspend clock (git-fixes).
dt-bindings: display: sun6i-dsi: Fix clock conditional (git-fixes).
dt-bindings: gpio: gpio-davinci: Increase maxItems in gpio-line-names (git-fixes).
dt-bindings: net: sun8i-emac: Add phy-supply property (git-fixes).
EDAC/mc_sysfs: Increase legacy channel support to 12 (bsc#1205263).
efi: Add iMac Pro 2017 to uefi skip cert quirk (git-fixes).
ext4: avoid BUG_ON when creating xattrs (bsc#1205496).
extcon: usbc-tusb320: Add support for mode setting and reset (git-fixes).
extcon: usbc-tusb320: Add support for TUSB320L (git-fixes).
extcon: usbc-tusb320: Factor out extcon into dedicated functions (git-fixes).
fbcon: Use kzalloc() in fbcon_prepare_logo() (git-fixes).
fbdev: fbcon: release buffer when fbcon_do_set_font() failed (git-fixes).
fbdev: geode: do not build on UML (git-fixes).
fbdev: matroxfb: G200eW: Increase max memory from 1 MB to 16 MB (git-fixes).
fbdev: pm2fb: fix missing pci_disable_device() (git-fixes).
fbdev: smscufx: Fix several use-after-free bugs (git-fixes).
fbdev: ssd1307fb: Drop optional dependency (git-fixes).
fbdev: uvesafb: do not build on UML (git-fixes).
fbdev: uvesafb: Fixes an error handling path in uvesafb_probe() (git-fixes).
fbdev: vermilion: decrease reference count in error path (git-fixes).
fbdev: via: Fix error in via_core_init() (git-fixes).
firmware: raspberrypi: fix possible memory leak in rpi_firmware_probe() (git-fixes).
floppy: Fix memory leak in do_floppy_init() (git-fixes).
fuse: lock inode unconditionally in fuse_fallocate() (bsc#1206273).
gpio: sifive: Fix refcount leak in sifive_gpio_probe (git-fixes).
gpiolib: cdev: fix NULL-pointer dereferences (git-fixes).
gpiolib: check the 'ngpios' property in core gpiolib code (git-fixes).
gpiolib: fix memory leak in gpiochip_setup_dev() (git-fixes).
gpiolib: Get rid of redundant 'else' (git-fixes).
gpiolib: improve coding style for local variables (git-fixes).
gpiolib: make struct comments into real kernel docs (git-fixes).
hamradio: baycom_epp: Fix return type of baycom_send_packet() (git-fixes).
hamradio: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes).
HID: hid-sensor-custom: set fixed size for custom attributes (git-fixes).
HID: ite: Enable QUIRK_TOUCHPAD_ON_OFF_REPORT on Acer Aspire Switch V 10 (git-fixes).
HID: mcp2221: do not connect hidraw (git-fixes).
HID: multitouch: fix Asus ExpertBook P2 P2451FA trackpoint (git-fixes).
HID: plantronics: Additional PIDs for double volume key presses quirk (git-fixes).
HID: uclogic: Add HID_QUIRK_HIDINPUT_FORCE quirk (git-fixes).
HID: usbhid: Add ALWAYS_POLL quirk for some mice (git-fixes).
HID: wacom: Ensure bootloader PID is usable in hidraw mode (git-fixes).
HSI: omap_ssi_core: Fix error handling in ssi_init() (git-fixes).
HSI: omap_ssi_core: fix possible memory leak in ssi_probe() (git-fixes).
HSI: omap_ssi_core: fix unbalanced pm_runtime_disable() (git-fixes).
hwmon: (jc42) Convert register access and caching to regmap/regcache (git-fixes).
hwmon: (jc42) Fix missing unlock on error in jc42_write() (git-fixes).
hwmon: (jc42) Restore the min/max/critical temperatures on resume (git-fixes).
hwrng: amd - Fix PCI device refcount leak (git-fixes).
i2c: ismt: Fix an out-of-bounds bug in ismt_access() (git-fixes).
i2c: mux: reg: check return value after calling platform_get_resource() (git-fixes).
i2c: pxa-pci: fix missing pci_disable_device() on error in ce4100_i2c_probe (git-fixes).
IB/IPoIB: Fix queue count inconsistency for PKEY child interfaces (git-fixes)
ibmveth: Always stop tx queues during close (bsc#1065729).
iio: adc: ad_sigma_delta: do not use internal iio_dev lock (git-fixes).
iio: adc128s052: add proper .data members in adc128_of_match table (git-fixes).
iio: fix memory leak in iio_device_register_eventset() (git-fixes).
iio: temperature: ltc2983: make bulk write buffer DMA-safe (git-fixes).
ima: Fix a potential NULL pointer access in ima_restore_measurement_list (git-fixes).
Input: elants_i2c - properly handle the reset GPIO when power is off (git-fixes).
Input: joystick - fix Kconfig warning for JOYSTICK_ADC (git-fixes).
Input: wistron_btns - disable on UML (git-fixes).
integrity: Fix memory leakage in keyring allocation error path (git-fixes).
ipmi: fix long wait in unload when IPMI disconnect (git-fixes).
ipmi: fix memleak when unload ipmi driver (git-fixes).
ipmi: fix use after free in _ipmi_destroy_user() (git-fixes).
ipmi: kcs: Poll OBF briefly to reduce OBE latency (git-fixes).
ipu3-imgu: Fix NULL pointer dereference in imgu_subdev_set_selection() (git-fixes).
kABI: reintroduce a non-inline usleep_range (git-fixes).
lib/debugobjects: fix stat count and optimize debug_objects_mem_init (git-fixes).
lib/fonts: fix undefined behavior in bit shift for get_default_font (git-fixes).
mailbox: arm_mhuv2: Fix return value check in mhuv2_probe() (git-fixes).
mailbox: mpfs: read the system controller's status (git-fixes).
mailbox: zynq-ipi: fix error handling while device_register() fails (git-fixes).
media: adv748x: afe: Select input port when initializing AFE (git-fixes).
media: camss: Clean up received buffers on failed start of streaming (git-fixes).
media: dvb-core: Fix double free in dvb_register_device() (git-fixes).
media: dvb-core: Fix ignored return value in dvb_register_frontend() (git-fixes).
media: dvb-frontends: fix leak of memory fw (git-fixes).
media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer() (git-fixes).
media: dvb-usb: fix memory leak in dvb_usb_adapter_init() (git-fixes).
media: i2c: ad5820: Fix error path (git-fixes).
media: imon: fix a race condition in send_packet() (git-fixes).
media: saa7164: fix missing pci_disable_device() (git-fixes).
media: si470x: Fix use-after-free in si470x_int_in_callback() (git-fixes).
media: solo6x10: fix possible memory leak in solo_sysfs_init() (git-fixes).
media: stv0288: use explicitly signed char (git-fixes).
media: v4l2-ctrls: Fix off-by-one error in integer menu control check (git-fixes).
media: v4l2-dv-timings.c: fix too strict blanking sanity checks (git-fixes).
media: videobuf-dma-contig: use dma_mmap_coherent (git-fixes).
media: vidtv: Fix use-after-free in vidtv_bridge_dvb_init() (git-fixes).
media: vimc: Fix wrong function called when vimc_init() fails (git-fixes).
media: vivid: fix compose size exceed boundary (git-fixes).
memcg, kmem: further deprecate kmem.limit_in_bytes (bsc#1206896).
memcg: Fix possible use-after-free in memcg_write_event_control() (bsc#1206344).
mfd: bd957x: Fix Kconfig dependency on REGMAP_IRQ (git-fixes).
mfd: mt6360: Add bounds checking in Regmap read/write call-backs (git-fixes).
mfd: pm8008: Fix return value check in pm8008_probe() (git-fixes).
mfd: pm8008: Remove driver data structure pm8008_data (git-fixes).
mfd: qcom_rpm: Fix an error handling path in qcom_rpm_probe() (git-fixes).
mfd: qcom_rpm: Use devm_of_platform_populate() to simplify code (git-fixes).
misc: ocxl: fix possible name leak in ocxl_file_register_afu() (git-fixes).
misc: tifm: fix possible memory leak in tifm_7xx1_switch_media() (git-fixes).
mISDN: hfcmulti: do not call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (git-fixes).
mISDN: hfcpci: do not call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (git-fixes).
mISDN: hfcsusb: do not call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (git-fixes).
mm: fix race between MADV_FREE reclaim and blkdev direct IO read (bsc#1204989,bsc#1205601).
mm/mempolicy: fix memory leak in set_mempolicy_home_node system call (bsc#1206468).
mmc: alcor: fix return value check of mmc_add_host() (git-fixes).
mmc: atmel-mci: fix return value check of mmc_add_host() (git-fixes).
mmc: core: Normalize the error handling branch in sd_read_ext_regs() (git-fixes).
mmc: f-sdh30: Add quirks for broken timeout clock capability (git-fixes).
mmc: meson-gx: fix return value check of mmc_add_host() (git-fixes).
mmc: mmci: fix return value check of mmc_add_host() (git-fixes).
mmc: moxart: fix return value check of mmc_add_host() (git-fixes).
mmc: mtk-sd: Fix missing clk_disable_unprepare in msdc_of_clock_parse() (git-fixes).
mmc: mxcmmc: fix return value check of mmc_add_host() (git-fixes).
mmc: omap_hsmmc: fix return value check of mmc_add_host() (git-fixes).
mmc: pxamci: fix return value check of mmc_add_host() (git-fixes).
mmc: renesas_sdhi: alway populate SCC pointer (git-fixes).
mmc: renesas_sdhi: better reset from HS400 mode (git-fixes).
mmc: rtsx_pci: fix return value check of mmc_add_host() (git-fixes).
mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host() (git-fixes).
mmc: sdhci-sprd: Disable CLK_AUTO when the clock is less than 400K (git-fixes).
mmc: toshsd: fix return value check of mmc_add_host() (git-fixes).
mmc: via-sdmmc: fix return value check of mmc_add_host() (git-fixes).
mmc: vub300: fix return value check of mmc_add_host() (git-fixes).
mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING (git-fixes).
mmc: wbsd: fix return value check of mmc_add_host() (git-fixes).
mmc: wmt-sdmmc: fix return value check of mmc_add_host() (git-fixes).
module: change to print useful messages from elf_validity_check() (git-fixes).
module: fix [e_shstrndx].sh_size=0 OOB access (git-fixes).
mt76: stop the radar detector after leaving dfs channel (git-fixes).
mtd: Fix device name leak when register device failed in add_mtd_device() (git-fixes).
mtd: lpddr2_nvm: Fix possible null-ptr-deref (git-fixes).
mtd: maps: pxa2xx-flash: fix memory leak in probe (git-fixes).
mtd: spi-nor: Check for zero erase size in spi_nor_find_best_erase_type() (git-fixes).
mtd: spi-nor: Fix the number of bytes for the dummy cycles (git-fixes).
mtd: spi-nor: hide jedec_id sysfs attribute if not present (git-fixes).
net: allow retransmitting a TCP packet if original is still in queue (bsc#1188605 bsc#1187428 bsc#1206619).
net: mana: Fix race on per-CQ variable napi work_done (git-fixes).
net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe (git-fixes).
net: usb: qmi_wwan: add u-blox 0x1342 composition (git-fixes).
net: usb: smsc95xx: fix external PHY reset (git-fixes).
net/mlx5: Fix mlx5_get_next_dev() peer device matching (bsc#1206536).
net/mlx5: Lag, filter non compatible devices (bsc#1206536).
netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() (bsc#1204614).
nfc: Fix potential resource leaks (git-fixes).
nfc: pn533: Clear nfc_target before being used (git-fixes).
nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame() (git-fixes).
NFS: Handle missing attributes in OPEN reply (bsc#1203740).
nilfs2: fix shift-out-of-bounds due to too large exponent of block size (git-fixes).
nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset() (git-fixes).
octeontx2-af: Add PTP PPS Errata workaround on CN10K silicon (jsc#SLE-24682).
octeontx2-af: Allow mkex profile without DMAC and add L2M/L2B header extraction support (jsc#SLE-24682).
octeontx2-af: Do not reset previous pfc config (jsc#SLE-24682).
octeontx2-af: fix operand size in bitwise operation (jsc#SLE-24682).
octeontx2-af: Initialize PTP_SEC_ROLLOVER register properly (jsc#SLE-24682).
octeontx2-af: Limit link bringup time at firmware (jsc#SLE-24682).
octeontx2-af: return correct ptp timestamp for CN10K silicon (jsc#SLE-24682).
octeontx2-af: Set NIX link credits based on max LMAC (jsc#SLE-24682).
octeontx2-af: Skip CGX/RPM probe incase of zero lmac count (jsc#SLE-24682).
octeontx2-pf: Add egress PFC support (jsc#SLE-24682).
octeontx2-pf: Add support for ptp 1-step mode on CN10K silicon (jsc#SLE-24682).
octeontx2-pf: Fix lmtst ID used in aura free (jsc#SLE-24682).
octeontx2-pf: Fix pfc_alloc_status array overflow (jsc#SLE-24682).
octeontx2-pf: Fix SQE threshold checking (jsc#SLE-24682).
octeontx2-pf: Fix unused variable build error (jsc#SLE-24682).
octeontx2-pf: NIX TX overwrites SQ_CTX_HW_S[SQ_INT] (jsc#SLE-24682).
octeontx2-pf: Reduce minimum mtu size to 60 (jsc#SLE-24682).
octeontx2: Modify mbox request and response structures (jsc#SLE-24682).
padata: Fix list iterator in padata_do_serial() (git-fixes).
PCI: Check for alloc failure in pci_request_irq() (git-fixes).
PCI: dwc: Fix n_fts[] array overrun (git-fixes).
PCI: Fix pci_device_is_present() for VFs by checking PF (git-fixes).
PCI: pci-epf-test: Register notifier if only core_init_notifier is enabled (git-fixes).
PCI: vmd: Disable MSI remapping after suspend (git-fixes).
PCI/sysfs: Fix double free in error path (git-fixes).
phy: usb: s2 WoL wakeup_count not incremented for USB->Eth devices (git-fixes).
pinctrl: k210: call of_node_put() (git-fixes).
pinctrl: meditatek: Startup with the IRQs disabled (git-fixes).
pinctrl: pinconf-generic: add missing of_node_put() (git-fixes).
platform/chrome: cros_ec_typec: Cleanup switch handle return paths (git-fixes).
platform/chrome: cros_usbpd_notify: Fix error handling in cros_usbpd_notify_init() (git-fixes).
platform/mellanox: mlxbf-pmc: Fix event typo (git-fixes).
platform/x86: huawei-wmi: fix return value calculation (git-fixes).
platform/x86: intel_scu_ipc: fix possible name leak in __intel_scu_ipc_register() (git-fixes).
platform/x86: mxm-wmi: fix memleak in mxm_wmi_call_mx[ds|mx]() (git-fixes).
PM: hibernate: Fix mistake in kerneldoc comment (git-fixes).
PM: runtime: Do not call __rpm_callback() from rpm_idle() (git-fixes).
PNP: fix name memory leak in pnp_alloc_dev() (git-fixes).
power: supply: ab8500: Fix error handling in ab8500_charger_init() (git-fixes).
power: supply: fix null pointer dereferencing in power_supply_get_battery_info (git-fixes).
power: supply: fix residue sysfs file in error handle route of __power_supply_register() (git-fixes).
power: supply: z2_battery: Fix possible memleak in z2_batt_probe() (git-fixes).
powerpc: export the CPU node count (bsc#1207016 ltc#201108).
powerpc: Take in account addition CPU node when building kexec FDT (bsc#1207016 ltc#201108).
powerpc/64: Init jump labels before parse_early_param() (bsc#1065729).
powerpc/pci: Fix get_phb_number() locking (bsc#1065729).
powerpc/perf: callchain validate kernel stack pointer bounds (bsc#1065729).
powerpc/powernv: add missing of_node_put (bsc#1065729).
powerpc/pseries: unregister VPA when hot unplugging a CPU (bsc#1205695 ltc#200603).
powerpc/pseries/eeh: use correct API for error log size (bsc#1065729).
powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data() (git-fixes).
powerpc/xive/spapr: correct bitmap allocation size (git-fixes).
proc: fixup uptime selftest (git-fixes).
pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP (git-fixes).
pstore: Make sure CONFIG_PSTORE_PMSG selects CONFIG_RT_MUTEXES (git-fixes).
pstore: Properly assign mem_type property (git-fixes).
pstore: Switch pmsg_lock to an rt_mutex to avoid priority inversion (git-fixes).
pstore/ram: Fix error return code in ramoops_probe() (git-fixes).
pstore/zone: Use GFP_ATOMIC to allocate zone buffer (git-fixes).
pwm: lpc18xx-sct: Fix a comment to match code (git-fixes).
pwm: mediatek: always use bus clock for PWM on MT7622 (git-fixes).
pwm: sifive: Call pwm_sifive_update_clock() while mutex is held (git-fixes).
pwm: tegra: Improve required rate calculation (git-fixes).
r6040: Fix kmemleak in probe and remove (git-fixes).
random: allow partial reads if later user copies fail (bsc#1204911).
random: check for signals every PAGE_SIZE chunk of /dev/random (bsc#1204911).
random: convert to using fops->read_iter() (bsc#1204911).
random: convert to using fops->write_iter() (bsc#1204911).
random: remove outdated INT_MAX >> 6 check in urandom_read() (bsc#1204911).
random: zero buffer after reading entropy from userspace (bsc#1204911).
RDMA: Disable IB HW for UML (git-fixes)
RDMA/core: Fix order of nldev_exit call (git-fixes)
RDMA/core: Make sure 'ib_port' is valid when access sysfs node (git-fixes)
RDMA/efa: Add EFA 0xefa2 PCI ID (git-fixes)
RDMA/hfi: Decrease PCI device reference count in error path (git-fixes)
RDMA/hfi1: Fix error return code in parse_platform_config() (git-fixes)
RDMA/hns: Fix AH attr queried by query_qp (git-fixes)
RDMA/hns: Fix error code of CMD (git-fixes)
RDMA/hns: Fix ext_sge num error when post send (git-fixes)
RDMA/hns: fix memory leak in hns_roce_alloc_mr() (git-fixes)
RDMA/hns: Fix page size cap from firmware (git-fixes)
RDMA/hns: Fix PBL page MTR find (git-fixes)
RDMA/hns: Fix XRC caps on HIP08 (git-fixes)
RDMA/hns: Repacing 'dseg_len' by macros in fill_ext_sge_inl_data() (git-fixes)
RDMA/irdma: Do not request 2-level PBLEs for CQ alloc (git-fixes)
RDMA/irdma: Initialize net_type before checking it (git-fixes)
RDMA/irdma: Report the correct link speed (git-fixes)
RDMA/nldev: Add checks for nla_nest_start() in fill_stat_counter_qps() (git-fixes)
RDMA/nldev: Fix failure to send large messages (git-fixes)
RDMA/nldev: Return '-EAGAIN' if the cm_id isn't from expected port (git-fixes)
RDMA/restrack: Release MR restrack when delete (git-fixes)
RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed (git-fixes)
RDMA/siw: Fix immediate work request flush to completion queue (git-fixes)
RDMA/siw: Fix pointer cast warning (git-fixes)
RDMA/siw: Set defined status for work completion with undefined status (git-fixes)
RDMA/srp: Fix error return code in srp_parse_options() (git-fixes)
regulator: bd718x7: Drop unnecessary info print (git-fixes).
regulator: core: fix deadlock on regulator enable (git-fixes).
regulator: core: fix module refcount leak in set_supply() (git-fixes).
regulator: core: fix resource leak in regulator_register() (git-fixes).
regulator: core: fix unbalanced of node refcount in regulator_dev_lookup() (git-fixes).
regulator: core: fix use_count leakage when handling boot-on (git-fixes).
regulator: core: use kfree_const() to free space conditionally (git-fixes).
regulator: qcom-labibb: Fix missing of_node_put() in qcom_labibb_regulator_probe() (git-fixes).
regulator: qcom-rpmh: Fix PMR735a S3 regulator spec (git-fixes).
regulator: slg51000: Wait after asserting CS pin (git-fixes).
regulator: twl6030: fix get status of twl6032 regulators (git-fixes).
remoteproc: core: Do pm_relax when in RPROC_OFFLINE state (git-fixes).
remoteproc: qcom_q6v5_pas: detach power domains on remove (git-fixes).
remoteproc: qcom_q6v5_pas: disable wakeup on probe fail or remove (git-fixes).
remoteproc: qcom_q6v5_pas: Fix missing of_node_put() in adsp_alloc_memory_region() (git-fixes).
remoteproc: qcom: q6v5: Fix missing clk_disable_unprepare() in q6v5_wcss_qcs404_power_on() (git-fixes).
remoteproc: qcom: q6v5: Fix potential null-ptr-deref in q6v5_wcss_init_mmio() (git-fixes).
remoteproc: sysmon: fix memory leak in qcom_add_sysmon_subdev() (git-fixes).
rtc: cmos: fix build on non-ACPI platforms (git-fixes).
rtc: cmos: Fix event handler registration ordering issue (git-fixes).
rtc: cmos: Fix wake alarm breakage (git-fixes).
rtc: ds1347: fix value written to century register (git-fixes).
rtc: mxc_v2: Add missing clk_disable_unprepare() (git-fixes).
rtc: pcf85063: fix pcf85063_clkout_control (gut-fixes).
rtc: pcf85063: Fix reading alarm (git-fixes).
rtc: pic32: Move devm_rtc_allocate_device earlier in pic32_rtc_probe() (git-fixes).
rtc: rtc-cmos: Do not check ACPI_FADT_LOW_POWER_S0 (git-fixes).
rtc: snvs: Allow a time difference on clock register read (git-fixes).
rtc: st-lpc: Add missing clk_disable_unprepare in st_rtc_probe() (git-fixes).
rtmutex: Add acquire semantics for rtmutex lock acquisition slow path (bnc#1203829).
s390/boot: add secure boot trailer (bsc#1205257 LTC#200451).
sbitmap: fix lockup while swapping (bsc#1206602).
sched/core: Fix comparison in sched_group_cookie_match() (git-fixes)
sched/core: Fix the bug that task won't enqueue into core (git-fixes)
sched/topology: Remove redundant variable and fix incorrect (git-fixes)
sched/uclamp: Fix relationship between uclamp and migration (git-fixes)
sched/uclamp: Make task_fits_capacity() use util_fits_cpu() (git-fixes)
scsi: 3w-9xxx: Avoid disabling device if failing to enable it (git-fixes).
scsi: advansys: Fix kernel pointer leak (git-fixes).
scsi: aha152x: Fix aha152x_setup() __setup handler return value (git-fixes).
scsi: bfa: Replace snprintf() with sysfs_emit() (git-fixes).
scsi: core: Fix sbitmap depth in scsi_realloc_sdev_budget_map() (git-fixes).
scsi: core: Fix scsi_mode_sense() buffer length handling (git-fixes).
scsi: core: Reallocate device's budget map on queue depth change (git-fixes).
scsi: core: Restrict legal sdev_state transitions via sysfs (git-fixes).
scsi: hisi_sas: Free irq vectors in order for v3 HW (git-fixes).
scsi: hisi_sas: Limit max hw sectors for v3 HW (git-fixes).
scsi: hisi_sas: Use managed PCI functions (git-fixes).
scsi: ipr: Fix missing/incorrect resource cleanup in error case (git-fixes).
scsi: iscsi: Add recv workqueue helpers (git-fixes).
scsi: iscsi: Fix harmless double shift bug (git-fixes).
scsi: iscsi: Fix possible memory leak when device_register() failed (git-fixes).
scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername() (git-fixes).
scsi: iscsi: kabi: add iscsi_conn_queue_work back (git-fixes).
scsi: iscsi: kabi: fix libiscsi new field (git-fixes).
scsi: iscsi: Merge suspend fields (git-fixes).
scsi: iscsi: Rename iscsi_conn_queue_work() (git-fixes).
scsi: iscsi: Run recv path from workqueue (git-fixes).
scsi: iscsi: Unblock session then wake up error handler (git-fixes).
scsi: libfc: Fix use after free in fc_exch_abts_resp() (git-fixes).
scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() (git-fixes).
scsi: lpfc: Correct bandwidth logging during receipt of congestion sync WCQE (jsc#PED-1445).
scsi: lpfc: Fix crash involving race between FLOGI timeout and devloss handler (jsc#PED-1445).
scsi: lpfc: Fix MI capability display in cmf_info sysfs attribute (jsc#PED-1445).
scsi: lpfc: Fix WQ|CQ|EQ resource check (jsc#PED-1445).
scsi: lpfc: Remove linux/msi.h include (jsc#PED-1445).
scsi: lpfc: Remove redundant pointer 'lp' (jsc#PED-1445).
scsi: lpfc: Update lpfc version to 14.2.0.9 (jsc#PED-1445).
scsi: lpfc: Use memset_startat() helper (jsc#PED-1445).
scsi: megaraid_sas: Fix double kfree() (git-fixes).
scsi: megaraid_sas: Target with invalid LUN ID is deleted during scan (git-fixes).
scsi: megaraid: Fix error check return value of register_chrdev() (git-fixes).
scsi: mpi3mr: Fix memory leaks (git-fixes).
scsi: mpi3mr: Fix reporting of actual data transfer size (git-fixes).
scsi: mpi3mr: Fixes around reply request queues (git-fixes).
scsi: mpt3sas: Do not change DMA mask while reallocating pools (bsc#1206912,bsc#1206098).
scsi: mpt3sas: Fail reset operation if config request timed out (git-fixes).
scsi: mpt3sas: Fix out-of-bounds compiler warning (git-fixes).
scsi: mpt3sas: re-do lost mpt3sas DMA mask fix (bsc#1206912,bsc#1206098).
scsi: mpt3sas: Remove usage of dma_get_required_mask() API (bsc#1206912,bsc#1206098).
scsi: mvsas: Add PCI ID of RocketRaid 2640 (git-fixes).
scsi: mvsas: Replace snprintf() with sysfs_emit() (git-fixes).
scsi: myrb: Fix up null pointer access on myrb_cleanup() (git-fixes).
scsi: myrs: Fix crash in error case (git-fixes).
scsi: ncr53c8xx: Remove unused retrieve_from_waiting_list() function (git-fixes).
scsi: pm8001: Fix bogus FW crash for maxcpus=1 (git-fixes).
scsi: pm8001: Fix memory leak in pm8001_chip_fw_flash_update_req() (git-fixes).
scsi: pm8001: Fix pm8001_mpi_task_abort_resp() (git-fixes).
scsi: pm8001: Fix pm80xx_pci_mem_copy() interface (git-fixes).
scsi: pm8001: Fix tag leaks on error (git-fixes).
scsi: pm8001: Fix task leak in pm8001_send_abort_all() (git-fixes).
scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task (git-fixes).
scsi: pm8001: Fix use-after-free for aborted TMF sas_task (git-fixes).
scsi: pm80xx: Fix double completion for SATA devices (git-fixes).
scsi: pm80xx: Fix memory leak during rmmod (git-fixes).
scsi: pmcraid: Fix missing resource cleanup in error case (git-fixes).
scsi: qedf: Add stag_work to all the vports (git-fixes).
scsi: qedf: Change context reset messages to ratelimited (git-fixes).
scsi: qedf: Fix a UAF bug in __qedf_probe() (git-fixes).
scsi: qedf: Fix refcount issue when LOGO is received during TMF (git-fixes).
scsi: qla2xxx: Fix crash when I/O abort times out (jsc#PED-568).
scsi: qla2xxx: Fix set-but-not-used variable warnings (jsc#PED-568).
scsi: qla2xxx: Initialize vha->unknown_atio_[list, work] for NPIV hosts (jsc#PED-568).
scsi: qla2xxx: Remove duplicate of vha->iocb_work initialization (jsc#PED-568).
scsi: qla2xxx: Remove unused variable 'found_devs' (jsc#PED-568).
scsi: scsi_debug: Fix out-of-bound read in resp_readcap16() (git-fixes).
scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs() (git-fixes).
scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper() (git-fixes).
scsi: scsi_debug: Make the READ CAPACITY response compliant with ZBC (git-fixes).
scsi: scsi_dh_alua: Properly handle the ALUA transitioning state (git-fixes).
scsi: smartpqi: Fix kdump issue when controller is locked up (git-fixes).
scsi: sr: Do not use GFP_DMA (git-fixes).
scsi: ufs: core: Fix ufshcd_probe_hba() prototype to match the definition (git-fixes).
scsi: ufs: Fix a kernel crash during shutdown (git-fixes).
scsi: ufs: Treat link loss as fatal error (git-fixes).
scsi: ufs: ufshcd-pltfrm: Check the return value of devm_kstrdup() (git-fixes).
scsi: ufs: Use generic error code in ufshcd_set_dev_pwr_mode() (git-fixes).
scsi: ufs: Use pm_runtime_resume_and_get() instead of pm_runtime_get_sync() (git-fixes).
scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (git-fixes).
sctp: sysctl: make extra pointers netns aware (bsc#1204760).
selftests: devlink: fix the fd redirect in dummy_reporter_test (git-fixes).
selftests: set the BUILD variable to absolute path (git-fixes).
selftests: Use optional USERCFLAGS and USERLDFLAGS (git-fixes).
selftests/efivarfs: Add checking of the test return value (git-fixes).
selftests/ftrace: event_triggers: wait longer for test_event_enable (git-fixes).
selftests/powerpc: Fix resource leaks (git-fixes).
serial: 8250_bcm7271: Fix error handling in brcmuart_init() (git-fixes).
serial: amba-pl011: avoid SBSA UART accessing DMACR register (git-fixes).
serial: pch: Fix PCI device refcount leak in pch_request_dma() (git-fixes).
serial: pl011: Do not clear RX FIFO & RX interrupt in unthrottle (git-fixes).
serial: stm32: move dma_request_chan() before clk_prepare_enable() (git-fixes).
serial: sunsab: Fix error handling in sunsab_init() (git-fixes).
serial: tegra: Read DMA status before terminating (git-fixes).
soc: mediatek: pm-domains: Fix the power glitch issue (git-fixes).
soc: qcom: llcc: make irq truly optional (git-fixes).
soc: qcom: Select REMAP_MMIO for LLCC driver (git-fixes).
soc: ti: knav_qmss_queue: Fix PM disable depth imbalance in knav_queue_probe (git-fixes).
soc: ti: knav_qmss_queue: Use pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes).
soc: ti: smartreflex: Fix PM disable depth imbalance in omap_sr_probe (git-fixes).
soundwire: dmi-quirks: add quirk variant for LAPBC710 NUC15 (git-fixes).
spi: spi-gpio: Do not set MOSI as an input if not 3WIRE mode (git-fixes).
spi: spidev: mask SPI_CS_HIGH in SPI_IOC_RD_MODE (git-fixes).
spi: Update reference to struct spi_controller (git-fixes).
staging: media: tegra-video: fix chan->mipi value on error (git-fixes).
staging: media: tegra-video: fix device_node use after free (git-fixes).
staging: rtl8192e: Fix potential use-after-free in rtllib_rx_Monitor() (git-fixes).
staging: rtl8192u: Fix use after free in ieee80211_rx() (git-fixes).
string.h: Introduce memset_startat() for wiping trailing members and padding (jsc#PED-1445).
test_firmware: fix memory leak in test_firmware_init() (git-fixes).
thermal: core: fix some possible name leaks in error paths (git-fixes).
thermal: int340x: Add missing attribute for data rate base (git-fixes).
thermal/drivers/imx8mm_thermal: Validate temperature range (git-fixes).
thermal/drivers/qcom/temp-alarm: Fix inaccurate warning for gen2 (git-fixes).
timers: implement usleep_idle_range() (git-fixes).
tpm: acpi: Call acpi_put_table() to fix memory leak (git-fixes).
tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak (git-fixes).
tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak (git-fixes).
tpm/tpm_crb: Fix error message in __crb_relinquish_locality() (git-fixes).
tpm/tpm_ftpm_tee: Fix error handling in ftpm_mod_init() (git-fixes).
tracing: Add tracing_reset_all_online_cpus_unlocked() function (git-fixes).
tracing: Free buffers when a used dynamic event is removed (git-fixes).
tracing/doc: Fix typos on the timerlat tracer documentation (git-fixes).
tracing/osnoise: Fix duration type (git-fixes).
tty: serial: altera_uart_{r,t}x_chars() need only uart_port (git-fixes).
tty: serial: clean up stop-tx part in altera_uart_tx_chars() (git-fixes).
uio: uio_dmem_genirq: Fix deadlock between irq config and handling (git-fixes).
uio: uio_dmem_genirq: Fix missing unlock in irq configuration (git-fixes).
units: Add SI metric prefix definitions (git-fixes).
units: add the HZ macros (git-fixes).
usb: cdnsp: fix lack of ZLP for ep0 (git-fixes).
usb: dwc3: core: defer probe on ulpi_read_id timeout (git-fixes).
usb: dwc3: fix PHY disable sequence (git-fixes).
usb: dwc3: Fix race between dwc3_set_mode and __dwc3_set_mode (git-fixes).
usb: dwc3: gadget: Disable GUSB2PHYCFG.SUSPHY for End Transfer (git-fixes).
usb: dwc3: pci: Update PCIe device ID for USB3 controller on CPU sub-system for Raptor Lake (git-fixes).
usb: dwc3: qcom: fix runtime PM wakeup (git-fixes).
usb: gadget: uvc: Prevent buffer overflow in setup handler (git-fixes).
usb: gadget: uvc: Rename bmInterfaceFlags -> bmInterlaceFlags (git-fixes).
usb: rndis_host: Secure rndis_query check against int overflow (git-fixes).
usb: roles: fix of node refcount leak in usb_role_switch_is_parent() (git-fixes).
usb: serial: cp210x: add Kamstrup RF sniffer PIDs (git-fixes).
usb: serial: f81232: fix division by zero on line-speed change (git-fixes).
usb: serial: f81534: fix division by zero on line-speed change (git-fixes).
usb: serial: option: add Quectel EM05-G modem (git-fixes).
usb: storage: Add check for kcalloc (git-fixes).
usb: typec: Check for ops->exit instead of ops->enter in altmode_exit (git-fixes).
usb: typec: Factor out non-PD fwnode properties (git-fixes).
usb: typec: tcpci: fix of node refcount leak in tcpci_register_port() (git-fixes).
usb: typec: tipd: Cleanup resources if devm_tps6598_psy_register fails (git-fixes).
usb: typec: tipd: Fix spurious fwnode_handle_put in error path (git-fixes).
usb: ulpi: defer ulpi_register on ulpi_read_id timeout (git-fixes).
usb: xhci-mtk: fix leakage of shared hcd when fail to set wakeup irq (git-fixes).
vdpa_sim: fix possible memory leak in vdpasim_net_init() and vdpasim_blk_init() (git-fixes).
vdpa_sim: fix vringh initialization in vdpasim_queue_ready() (git-fixes).
vfio: platform: Do not pass return buffer to ACPI _RST method (git-fixes).
vhost: fix range used in translate_desc() (git-fixes).
vhost/vsock: Fix error handling in vhost_vsock_init() (git-fixes).
vmxnet3: correctly report csum_level for encapsulated packet (git-fixes).
vringh: fix range used in iotlb_translate() (git-fixes).
vsock: Enable y2038 safe timeval for timeout (bsc#1206101).
vsock: Refactor vsock_*_getsockopt to resemble sock_getsockopt (bsc#1206101).
wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out (git-fixes).
wifi: ath10k: Fix return value in ath10k_pci_init() (git-fixes).
wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs() (git-fixes).
wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb() (git-fixes).
wifi: ath9k: verify the expected usb_endpoints are present (git-fixes).
wifi: brcmfmac: Fix error return code in brcmf_sdio_download_firmware() (git-fixes).
wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request() (git-fixes).
wifi: cfg80211: Fix not unregister reg_pdev when load_builtin_regdb_keys() fails (git-fixes).
wifi: iwlwifi: mvm: fix double free on tx path (git-fixes).
wifi: mac80211: fix memory leak in ieee80211_if_add() (git-fixes).
wifi: mt76: do not run mt76u_status_worker if the device is not running (git-fixes).
wifi: mt76: fix coverity overrun-call in mt76_get_txpower() (git-fixes).
wifi: rsi: Fix handling of 802.3 EAPOL frames sent via control port (git-fixes).
wifi: rtl8xxxu: Add __packed to struct rtl8723bu_c2h (git-fixes).
wifi: rtl8xxxu: Fix the channel width reporting (git-fixes).
wifi: rtl8xxxu: gen2: Turn on the rate control (git-fixes).
wifi: rtw89: fix physts IE page check (git-fixes).
wifi: rtw89: Fix some error handling path in rtw89_core_sta_assoc() (git-fixes).
wifi: rtw89: use u32_encode_bits() to fill MAC quota value (git-fixes).
wifi: wilc1000: sdio: fix module autoloading (git-fixes).
xfrm: Fix oops in __xfrm_state_delete() (bsc#1206794).
xhci: Apply XHCI_RESET_TO_DEFAULT quirk to ADL-N (git-fixes).

Advisory ID	SUSE-SU-2023:151-1
Released	Thu Jan 26 11:10:25 2023
Summary	Security update for xrdp
Type	security
Severity	important
References	1206301,CVE-2022-23477

Description:

This update for xrdp fixes the following issues:

CVE-2022-23477: Fixed a buffer overflow for oversized audio format from client (bsc#1206301).

Advisory ID	SUSE-SU-2023:153-1
Released	Thu Jan 26 13:14:15 2023
Summary	Security update for haproxy
Type	security
Severity	important
References	1207181,CVE-2023-0056

Description:

This update for haproxy fixes the following issues:

CVE-2023-0056: Fixed a server crash that could be triggered via a malformed HTTP/2 frame (bsc#1207181).

Advisory ID	SUSE-RU-2023:158-1
Released	Thu Jan 26 16:05:10 2023
Summary	Recommended update for mlocate
Type	recommended
Severity	moderate
References

Description:

This update for mlocate fixes the following issues:

Pass '--shell=/bin/sh' to 'su' when running the 'updatedb' command so that we

don't depend on the '${RUN_UPDATEDB_AS}' user's login shell. Since that user is 'nobody' by default, the login shell will oftentimes be '/bin/false'.

require apparmor-abstractions

Advisory ID	SUSE-SU-2023:159-1
Released	Thu Jan 26 18:21:56 2023
Summary	Security update for python-setuptools
Type	security
Severity	moderate
References	1206667,CVE-2022-40897

Description:

This update for python-setuptools fixes the following issues:

CVE-2022-40897: Fixed an excessive CPU usage that could be triggered by fetching a malicious HTML document (bsc#1206667).

Advisory ID	SUSE-SU-2023:160-1
Released	Thu Jan 26 18:22:30 2023
Summary	Security update for samba
Type	security
Severity	important
References	1200102,1201490,1201492,1201493,1201495,1201496,1201689,1204254,1205126,1205385,1205386,1206504,1206546,CVE-2021-20251,CVE-2022-2031,CVE-2022-32742,CVE-2022-32744,CVE-2022-32745,CVE-2022-32746,CVE-2022-3437,CVE-2022-37966,CVE-2022-37967,CVE-2022-38023,CVE-2022-42898

Description:

This update for samba fixes the following issues:

CVE-2021-20251: Fixed an issue where the bad password count would not be properly incremented, which could allow attackers to brute force a user's password (bsc#1206546).

Updated to version 4.15.13: - CVE-2022-37966: Fixed an issue where a weak cipher would be selected to encrypt session keys, which could lead to privilege escalation (bsc#1205385). - CVE-2022-37967: Fixed a potential privilege escalation issue via constrained delegation due to weak a cryptographic algorithm being selected (bsc#1205386). - CVE-2022-38023: Disabled weak ciphers by default in the Netlogon Secure channel (bsc#1206504).

Updated to version 4.15.12: - CVE-2022-42898: Fixed several buffer overflow vulnerabilities on 32-bit systems (bsc#1205126).

Updated to version 4.15.11: - CVE-2022-3437: Fixed a buffer overflow in Heimdal unwrap_des3() (bsc#1204254).

Updated to version 4.15.10: - Fixed a potential crash due to a concurrency issue (bsc#1200102).

Updated to version 4.15.9: - CVE-2022-32742: Fixed an information leak that could be triggered via SMB1 (bsc#1201496). - CVE-2022-32746: Fixed a memory corruption issue in database audit logging (bsc#1201490). - CVE-2022-2031: Fixed AD restrictions bypass associated with changing passwords (bsc#1201495). - CVE-2022-32745: Fixed a remote server crash that could be triggered with certain LDAP requests (bsc#1201492). - CVE-2022-32744: Fixed an issue where AD users could have forged password change requests on behalf of other users (bsc#1201493).

Other fixes:

Fixed a problem when using bind as samba-ad-dc backend related to the named service (bsc#1201689).

Advisory ID	SUSE-SU-2023:161-1
Released	Thu Jan 26 18:23:16 2023
Summary	Security update for python-py
Type	security
Severity	moderate
References	1204364,CVE-2022-42969

Description:

This update for python-py fixes the following issues:

CVE-2022-42969: Fixed an excessive resource consumption that could be triggered when interacting with a Subversion repository containing crated data (bsc#1204364).

Advisory ID	SUSE-SU-2023:167-1
Released	Thu Jan 26 18:28:32 2023
Summary	Security update for bluez
Type	security
Severity	moderate
References	1204426,CVE-2022-3563

Description:

This update for bluez fixes the following issues:

CVE-2022-3563: Fixed a potential crash in the mgmt-tester tool (bsc#1204426).

Advisory ID	SUSE-SU-2023:169-1
Released	Thu Jan 26 18:29:53 2023
Summary	Security update for xen
Type	security
Severity	important
References	1027519,1205209,CVE-2022-23824

Description:

This update for xen fixes the following issues:

CVE-2022-23824: Fixed multiple speculative execution issues (bnc#1205209).

Non-security fixes:

Updated to version 4.16.3 (bsc#1027519).

Advisory ID	SUSE-SU-2023:171-1
Released	Thu Jan 26 18:31:58 2023
Summary	Security update for libXpm
Type	security
Severity	important
References	1207029,1207030,1207031,CVE-2022-44617,CVE-2022-46285,CVE-2022-4883

Description:

This update for libXpm fixes the following issues:

CVE-2022-46285: Fixed an infinite loop that could be triggered when reading a XPM image with a C-style comment that is never closed (bsc#1207029).
CVE-2022-44617: Fixed an excessive resource consumption that could be triggered when reading small crafted XPM image (bsc#1207030).
CVE-2022-4883: Fixed an issue that made decompression commands susceptible to PATH environment variable manipulation attacks (bsc#1207031).

Advisory ID	SUSE-SU-2023:172-1
Released	Thu Jan 26 18:33:30 2023
Summary	Security update for ffmpeg-4
Type	security
Severity	moderate
References	1206778,CVE-2022-3341

Description:

This update for ffmpeg-4 fixes the following issues:

CVE-2022-3341: Fixed a potential crash when processing a crafted NUT stream (bsc#1206778).

Advisory ID	SUSE-RU-2023:177-1
Released	Thu Jan 26 20:57:35 2023
Summary	Recommended update for util-linux
Type	recommended
Severity	moderate
References	1194038,1205646

Description:

This update for util-linux fixes the following issues:

Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038).
libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646).

Advisory ID	SUSE-RU-2023:179-1
Released	Thu Jan 26 21:54:30 2023
Summary	Recommended update for tar
Type	recommended
Severity	low
References	1202436

Description:

This update for tar fixes the following issue:

Fix hang when unpacking test tarball (bsc#1202436)

Advisory ID	SUSE-RU-2023:181-1
Released	Thu Jan 26 21:55:43 2023
Summary	Recommended update for procps
Type	recommended
Severity	low
References	1206412

Description:

This update for procps fixes the following issues:

Improve memory handling/usage (bsc#1206412)
Make sure that correct library version is installed (bsc#1206412)

Advisory ID	SUSE-RU-2023:182-1
Released	Fri Jan 27 09:30:20 2023
Summary	Recommended update for corosync
Type	recommended
Severity	important
References

Description:

This update for corosync fixes the following issues:
Version update from 2.4.5 to 2.4.6:

Code cleanups of unused variables and trailing spaces
Man pages improvements and fixes
Provide more informative messages for token and consensus timeouts
Various fixes for tests and checks
Various improvements for error handling and logging
For the detailed list of changes please consult the changelog at: https://github.com/corosync/corosync/releases/tag/v2.4.6

Advisory ID	SUSE-SU-2023:187-1
Released	Fri Jan 27 11:26:55 2023
Summary	Security update for podman
Type	security
Severity	important
References	1181640,1181961,1193166,1193273,1197672,1199790,1202809,CVE-2021-20199,CVE-2021-20206,CVE-2021-4024,CVE-2021-41190,CVE-2022-27649,CVE-2022-2989

Description:

This update for podman fixes the following issues:
podman was updated to version 4.3.1:
4.3.1:

Bugfixes

Fixed a deadlock between the `podman ps` and `podman container inspect` commands

Misc

Updated the containers/image library to v5.23.1

4.3.0:

Features

A new command, `podman generate spec`, has been added, which creates a JSON struct based on a given container that can be used with the Podman REST API to create containers.
A new command, `podman update`, has been added,which makes changes to the resource limits of existing containers. Please note that these changes do not persist if the container is restarted
A new command, `podman kube down`, has been added, which removes pods and containers created by the given Kubernetes YAML (functionality is identical to `podman kube play --down`, but it now has its own command).
The `podman kube play` command now supports Kubernetes secrets using Podman's secrets backend.
Systemd-managed pods created by the `podman kube play` command now integrate with sd-notify, using the `io.containers.sdnotify` annotation (or `io.containers.sdnotify/$name` for specific containers).
Systemd-managed pods created by `podman kube play` can now be auto-updated, using the `io.containers.auto-update` annotation (or `io.containers.auto-update/$name` for specific containers).
The `podman kube play` command can now read YAML from URLs, e.g. `podman kube play https://example.com/demo.yml`
The `podman kube play` command now supports the `emptyDir` volume type
The `podman kube play` command now supports the `HostUsers` field in the pod spec.
The `podman play kube` command now supports `binaryData` in ConfigMaps.
The `podman pod create` command can now set additional resource limits for pods using the new `--memory-swap`, `--cpuset-mems`, `--device-read-bps`, `--device-write-bps`, `--blkio-weight`, `--blkio-weight-device`, and `--cpu-shares` options.
The `podman machine init` command now supports a new option, `--username`, to set the username that will be used to connect to the VM as a non-root user
The `podman volume create` command's `-o timeout=` option can now set a timeout of 0, indicating volume plugin operations will never time out.
Added support for a new volume driver, `image`, which allows volumes to be created that are backed by images.
The `podman run` and `podman create` commands support a new option, `--env-merge`, allowing environment variables to be specified relative to other environment variables in the image (e.g. `podman run --env-merge 'PATH=$PATH:/my/app' ...`)
The `podman run` and `podman create` commands support a new option, `--on-failure`, to allow action to be taken when a container fails health checks, with the following supported actions: `none` (take no action, the default), `kill` (kill the container), `restart` (restart the container), and `stop` (stop the container).
The `--keep-id` option to `podman create` and `podman run` now supports new options, `uid` and `gid`, to set the UID and GID of the user in the container that will be mapped to the user running Podman (e.g. `--userns=keep-id:uid=11` will made the user running Podman to UID 11 in the container)
The `podman generate systemd` command now supports a new option, `--env`/`-e`, to set environment variables in the generated unit file
The `podman pause` and `podman unpause` commands now support the `--latest`, `--cidfile`, and `--filter` options.
The `podman restart` command now supports the `--cidfile` and `--filter` options.
The `podman rm` command now supports the `--filter` option to select which containers will be removed.
The `podman rmi` command now supports a new option, `--no-prune`, to prevent the removal of dangling parents of removed images.
The `--dns-opt` option to `podman create`, `podman run`, and `podman pod create` has received a new alias, `--dns-option`, to improve Docker compatibility.
The `podman` command now features a new global flag, `--debug`/`-D`, which enables debug-level logging (identical to `--log-level=debug`), improving Docker compatibility.
The `podman` command now features a new global flag, `--config`. This flag is ignored, and is only included for Docker compatibility
The `podman manifest create` command now accepts a new option, `--amend`/`-a`.
The `podman manifest create`, `podman manifest add` and `podman manifest push` commands now accept a new option, `--insecure` (identical to `--tls-verify=false`), improving Docker compatibility.
The `podman secret create` command's `--driver` and `--format` options now have new aliases, `-d` for `--driver` and `-f` for `--format`.
The `podman secret create` command now supports a new option, `--label`/`-l`, to add labels to created secrets.
The `podman secret ls` command now accepts the `--quiet`/`-q` option.
The `podman secret inspect` command now accepts a new option, `--pretty`, to print output in human-readable format.
The `podman stats` command now accepts the `--no-trunc` option.
The `podman save` command now accepts the `--signature-policy` option
The `podman pod inspect` command now allows multiple arguments to be passed. If so, it will return a JSON array of the inspected pods
A series of new hidden commands have been added under `podman context` as aliases to existing `podman system connection` commands, to improve Docker compatibility.
The remote Podman client now supports proxying signals for attach sessions when the `--sig-proxy` option is set

### Changes

Duplicate volume mounts are now allowed with the `-v` option to `podman run`, `podman create`, and `podman pod create`, so long as source, destination, and options all match
The `podman generate kube` and `podman play kube` commands have been renamed to `podman kube generate` and `podman kube play` to group Kubernetes-related commands. Aliases have been added to ensure the old command names still function.
A number of Podman commands (`podman init`, `podman container checkpoint`, `podman container restore`, `podman container cleanup`) now print the user-inputted name of the container, instead of its full ID, on success.
When an unsupported option (e.g. resource limit) is specified for a rootless container on a cgroups v1 system, a warning message is now printed that the limit will not be honored.
The installer for the Windows Podman client has been improved.
The `--cpu-rt-period` and `--cpu-rt-runtime` options to `podman run` and `podman create` now print a warning and are ignored on cgroups v2 systems (cgroups v2 having dropped support for these controllers)
Privileged containers running systemd will no longer mount `/dev/tty*` devices other than `/dev/tty` itself into the container
Events for containers that are part of a pod now include the ID of the pod in the event.
SSH functionality for `podman machine` commands has seen a thorough rework, addressing many issues about authentication.
The `--network` option to `podman kube play` now allows passing `host` to set the pod to use host networking, even if the YAML does not request this.
The `podman inspect` command on containers now includes the digest of the image used to create the container.
Pods created by `podman play kube` are now, by default, placed into a network named `podman-kube`. If the `podman-kube` network does not exist, it will be created. This ensures pods can connect to each other by their names, as the network has DNS enabled.

Update to version 4.2.0:

Features

Podman now supports the Gitlab Runner (using the Docker executor), allowing its use in Gitlab CI/CD pipelines.
A new command has been added, podman pod clone, to create a copy of an existing pod. It supports several options, including --start to start the new pod, --destroy to remove the original pod, and --name to change the name of the new pod
A new command has been added, podman volume reload, to sync changes in state between Podman's database and any configured volume plugins
A new command has been added, podman machine info, which displays information about the host and the versions of various machine components.
Pods created by podman play kube can now be managed by systemd unit files. This can be done via a new systemd service, podman-kube@.service - e.g. systemctl --user start podman-play-kube@$(systemd-escape my.yaml).service will run the Kubernetes pod or deployment contained in my.yaml under systemd.
The podman play kube command now honors the RunAsUser, RunAsGroup, and SupplementalGroups setting from the Kubernetes pod's security context.
The podman play kube command now supports volumes with the BlockDevice and CharDevice types
The podman play kube command now features a new flag, --userns, to set the user namespace of created pods. Two values are allowed at present: host and auto
The podman play kube command now supports setting the type of created init containers via the io.podman.annotations.init.container.type annotation.
Pods now have include an exit policy (configurable via the --exit-policy option to podman pod create), which determines what will happen to the pod's infra container when the entire pod stops. The default, continue, acts as Podman currently does, while a new option, stop, stops the infra container after the last container in the pod stops, and is used by default for pods from podman play kube
The podman pod create command now allows the pod's name to be specified as an argument, instead of using the --name option - for example, podman pod create mypod instead of the prior podman pod create --name mypod. Please note that the --name option is not deprecated and will continue to work.
The podman pod create command's --share option now supports adding namespaces to the set by prefacing them with + (as opposed to specifying all namespaces that should be shared)
The podman pod create command has a new option, --shm-size, to specify the size of the /dev/shm mount that will be shared if the pod shares its UTS namespace (#14609).
The podman pod create command has a new option, --uts, to configure the UTS namespace that will be shared by containers in the pod.
The podman pod create command now supports setting pod-level resource limits via the --cpus, --cpuset-cpus, and --memory options. These will set a limit for all containers in the pod, while individual containers within the pod are allowed to set further limits. Look forward to more options for resource limits in our next release!
The podman create and podman run commands now include the -c short option for the --cpu-shares option.
The podman create and podman run commands can now create containers from a manifest list (and not an image) as long as the --platform option is specified (#14773).
The podman build command now supports a new option, --cpp-flag, to specify options for the C preprocessor when using Containerfile.in files that require preprocessing.
The podman build command now supports a new option, --build-context, allowing the user to specify an additional build context.
The podman machine inspect command now prints the location of the VM's Podman API socket on the host (#14231).
The podman machine init command on Windows now fetches an image with packages pre-installed (#14698).
Unused, cached Podman machine VM images are now cleaned up automatically. Note that because Podman now caches in a different directory, this will not clean up old images pulled before this change (#14697).
The default for the --image-volume option to podman run and podman create can now have its default set through the image_volume_mode setting in containers.conf (#14230).
Overlay volumes now support two new options, workdir and upperdir, to allow multiple overlay volumes from different containers to reuse the same workdir or upperdir (#14427).
The podman volume create command now supports two new options, copy and nocopy, to control whether contents from the overmounted folder in a container will be copied into the newly-created named volume (copy-up).
Volumes created using a volume plugin can now specify a timeout for all operations that contact the volume plugin (replacing the standard 5 second timeout) via the --opt o=timeout= option to podman volume create (BZ 2080458).
The podman volume ls command's --filter name= option now supports regular expression matching for volume names (#14583).
When used with a podman machine VM, volumes now support specification of the 9p security model using the security_model option to podman create -v and podman run -v.
The remote Podman client's podman push command now supports the --remove-signatures option (#14558).
The remote Podman client now supports the podman image scp command.
The podman image scp command now supports tagging the transferred image with a new name.
The podman network ls command supports a new filter, --filter dangling=, to list networks not presently used by any containers (#14595).
The --condition option to podman wait can now be specified multiple times to wait on any one of multiple conditions.
The podman events command now includes the -f short option for the --filter option.
The podman pull command now includes the -a short option for the --all-tags option.
The podman stop command now includes a new flag, --filter, to filter which containers will be stopped (e.g. podman stop --all --filter label=COM.MY.APP).
The Podman global option --url now has two aliases: -H and --host.
The podman network create command now supports a new option with the default bridge driver, --opt isolate=, which isolates the network by blocking any traffic from it to any other network with the isolate option enabled. This option is enabled by default for networks created using the Docker-compatible API.
Added the ability to create sigstore signatures in podman push and podman manifest push.
Added an option to read image signing passphrase from a file.

Changes

Paused containers can now be killed with the podman kill command.
The podman system prune command now removes unused networks.
The --userns=keep-id and --userns=nomap options to the podman run and podman create commands are no longer allowed (instead of simply being ignored) with root Podman.
If the /run directory for a container is part of a volume, Podman will not create the /run/.containerenv file (#14577).
The podman machine stop command on macOS now waits for the machine to be completely stopped to exit (#14148).
All podman machine commands now only support being run as rootless, given that VMs only functioned when run rootless.
The podman unpause --all command will now only attempt to unpause containers that are paused, not all containers.
Init containers created with podman play kube now default to the once type (#14877).
Pods created with no shared namespaces will no longer create an infra container unless one is explicitly requested (#15048).
The podman create, podman run, and podman cp commands can now autocomplete paths in the image or container via the shell completion.
The libpod/common package has been removed as it's not used anywhere.
The --userns option to podman create and podman run is no longer accepted when an explicit UID or GID mapping is specified (#15233).

Misc

Podman will now check for nameservers in /run/NetworkManager/no-stub-resolv.conf if the /etc/resolv.conf file only contains a localhost server.
The podman build command now supports caching with builds that specify --squash-all by allowing the --layers flag to be used at the same time.
Podman Machine support for QEMU installations at non-default paths has been improved.
The podman machine ssh command no longer prints spurious warnings every time it is run.
When accessing the WSL prompt on Windows, the rootless user will be preferred.
The podman info command now includes a field for information on supported authentication plugins for improved Docker compatibility. Authentication plugins are not presently supported by Podman, so this field is always empty.
The podman system prune command now no longer prints the Deleted Images header if no images were pruned.
The podman system service command now automatically creates and moves to a sub-cgroup when running in the root cgroup (#14573).
Updated Buildah to v1.27.0 (fixes CVE-2022-21698 / bsc#1196338)
Updated the containers/image library to v5.22.0
Updated the containers/storage library to v1.42.0 (fixes bsc#1196751)
Updated the containers/common library to v0.49.1
Podman will automatically create a sub-cgroup and move itself into it when it detects that it is running inside a container (#14884).
Fixed an incorrect release note about regexp.
A new MacOS installer (via pkginstaller) is now supported.

Update to version 4.1.1:

The output of the podman load command now mirrors that of docker load.
Podman now supports Docker Compose v2.2 and higher. Please note that it may be necessary to disable the use of Buildkit by setting the environment variable DOCKER_BUILDKIT=0.
A new container command has been added, podman container clone. This command makes a copy of an existing container, with the ability to change some settings (e.g. resource limits) while doing so.
Podman now supports sending JSON events related to machines to a Unix socket named machine_events.*\.sock in XDG_RUNTIME_DIR/podman or to a socket whose path is set in the PODMAN_MACHINE_EVENTS_SOCK environment variable.
Two new volume commands have been added, podman volume mount and podman volume unmount. These allow for Podman-managed named volumes to be mounted and accessed from outside containers.
The podman container checkpoint and podman container restore options now support checkpointing to and restoring from OCI images. This allows checkpoints to be distributed via standard image registries.
The podman play kube command now supports environment variables that are specified using the fieldRef and resourceFieldRef sources.
The podman play kube command will now set default resource limits when the provided YAML does not include them.
The podman play kube command now supports a new option, --annotation, to add annotations to created containers.
The podman play kube --build command now supports a new option, --context-dir, which allows the user to specify the context directory to use when building the Containerfile.
The podman container commit command now supports a new option, --squash, which squashes the generated image into a single layer.
The podman pod logs command now supports two new options, --names, which identifies which container generated a log message by name, instead of ID and --color, which colors messages based on what container generated them.
The podman rmi command now supports a new option, --ignore, which will ignore errors caused by missing images.
The podman network create command now features a new option, --ipam-driver, to specify details about how IP addresses are assigned to containers in the network.
The podman machine list command now features a new option, --quiet, to print only the names of configured VMs and no other information.
The --ipc option to the podman create, podman run, and podman pod create commands now supports three new modes: none, private, and shareable. The default IPC mode is now shareable, indicating the the IPC namespace can be shared with other containers.
The --mount option to the podman create and podman run commands can now set options for created named volumes via the volume-opt parameter.
The --mount option to the podman create and podman run commands now allows parameters to be passed in CSV format.
The --userns option to the podman create and podman run commands now supports a new option, nomap, that (only for rootless containers) does not map the UID of the user that started the container into the container, increasing security.
The podman import command now supports three new options, --arch, --os, and --variant, to specify what system the imported image was built for.
The podman inspect command now includes information on the network configuration of containers that joined a pre-configured network namespace with the --net ns: option to podman run, podman create, and podman pod create.
The podman run and podman create commands now support a new option, --chrootdirs, which specifies additional locations where container-specific files managed by Podman (e.g. /etc/hosts, `/etc/resolv.conf, etc) will be mounted inside the container (#12961).
The podman run and podman create commands now support a new option, --passwd-entry, allowing entries to be added to the container's /etc/passwd file.
The podman images --format command now accepts two new format directives: {{.CreatedAt}} and {{.CreatedSince}}.
The podman volume create command's -o option now accepts a new argument, o=noquota, to disable XFS quotas entirely and avoid potential issues when Podman is run on an XFS filesystem with existing quotas defined.
The podman info command now includes additional information on the machine Podman is running on, including disk utilization on the drive Podman is storing containers and images on, and CPU utilization.
Fix CVE-2022-27191 / bsc#1197284

Require catatonit >= 0.1.7 for pause functionality needed by pods

Update to version 4.0.3:

Security

- This release fixes CVE-2022-27649, where containers run by Podman would have excess inheritable capabilities set.

Changes

- The podman machine rm --force command will now remove running machines as well (such machines are shut down first, then removed) (#13448). - When a podman machine VM is started that is using a too-old VM image, it will now start in a reduced functionality mode, and provide instructions on how to recreate it (previously, VMs were effectively unusable) (#13510).
- Updated the containers/common library to v0.47.5

This release addresses CVE-2021-4024 / bsc#1193166, where the podman machine command opened the gvproxy API (used to forward ports to podman machine VMs) to the public internet on port 7777.
This release addresses CVE-2021-41190 / bsc#1193273, where incomplete specification of behavior regarding image manifests could lead to inconsistent decoding on different clients.

Update to version 3.1.0: (bsc#1181961, CVE-2021-20206)

A fix for CVE-2021-20199 / bsc#1181640 is included. Podman between v1.8.0 and v2.2.1 used 127.0.0.1 as the source address for all traffic forwarded into rootless containers by a forwarded port; this has been changed to address the issue.

Advisory ID	SUSE-RU-2023:188-1
Released	Fri Jan 27 12:07:19 2023
Summary	Recommended update for zlib
Type	recommended
Severity	important
References	1203652

Description:

This update for zlib fixes the following issues:

Follow up fix for bug bsc#1203652 due to libxml2 issues

Advisory ID	SUSE-RU-2023:190-1
Released	Fri Jan 27 12:13:51 2023
Summary	Recommended update for llvm11
Type	recommended
Severity	important
References	1197773

Description:

This update for llvm11 fixes the following issues:

Drop RUNPATH from packaged binaries, instead set LD_LIBRARY_PATH for building and testing to simulate behavior of the actual package (bsc#1197773)
Propagate the complete host environment to the tests run. This ensures that all envvars needed e.g. for the compiler to work correctly are present. This run libc++ tests successfully getting the en LD_LIBRARY_PATH, otherwise, library were not found.

Advisory ID	SUSE-feature-2023:195-1
Released	Fri Jan 27 12:23:02 2023
Summary	Feature update for SAPHanaSR-ScaleOut
Type	feature
Severity	moderate
References	1192963,1197239,1198127,1198780,1198897,1200969,1203973

Description:

This update for SAPHanaSR-ScaleOut fixes the following issues:
Version update from 0.181.0 to 0.184.1 (jsc#PED-1253):

Add new HA/DR provider hook susChkSrv supporting a fast-dying indexserver (jsc#PED-1253, jsc#PED-1241, jsc#PED-1240)
Add new HA/DR provider hook susTkOver for blocking manual takeovers (jsc#SLE-16347, jsc#SLE-11220, jsc#PED-1253)
Add improvements from SAP to the RA scripts regarding the handling of the SAP tools 'HDB version', 'HDBSettings.sh' and 'pycd' and the SAPHana log filter handling (jsc#PED-1739, jsc#PED-1738)
Add lost-nameserver-slave handling to SAPHanaTopology, to avoid toggeling SAPHanaController resource, if all nameserver-masters got lost. The SAP HANA instance will only be started, if enough nodes are available to fulfill the needs of the SAP HANA landscape.
Add new tool SAPHanaSR-manageProvider to show, add and delete HA/DR provider sections in the global.ini of SAP HANA.
Changes to the demote_clone function of the resource agent: * if the role is '*:shtdown:shtdown:shtdown' (topology agent run into timeouts) the function fails with rc=1, to get the managed resource stopped
Changes to the stop_clone function of the topology agent: * call landscapeHostConfiguration.py and set the roles as they were reported. If the command timed out, set the role to '*:shtdown:shtdown:shtdown' and return 1 to get the node fenced. The used timeout for the landscapeHostConfiguration.py call can be configured by the cluster action timeout, if needed. It will be 50% of the action timeout or the minimum of 300s. (bsc#1198127)
Change SAPHanaSR-manageAttr to support the different behaviour of 'crmadmin -qD' in different pacemaker versions (bsc#1200969)
Correct the order constraint in man page ocf_suse_SAPHanaTopology.7 (bsc#1197239)
Fix HANA_CALL function to support MCOS environments again (bsc#1198780)
Fix SAPHanaSR-replay-archive to handle hb_report archives again (bsc#1198897)
Fix SAPHanaSR-monitor reporting 'LPA status of one node is missing' (bsc#1192963, bsc#1203973)
Fix SAPHanaSRTools.pm to show terminate node attribute too

Advisory ID	SUSE-RU-2023:196-1
Released	Fri Jan 27 12:26:06 2023
Summary	Recommended update for release-notes-sles-for-sap
Type	recommended
Severity	moderate
References	1204008,933411

Description:

This update for release-notes-sles-for-sap fixes the following issues:
Version update from 15.4.20220930 to 15.4.20221130 (bsc#933411):

Added note about susChkSrv.py (bsc#1204008)

Advisory ID	SUSE-RU-2023:197-1
Released	Fri Jan 27 12:27:17 2023
Summary	Recommended update for release-notes-sles
Type	recommended
Severity	moderate
References	1205484,933411

Description:

This update for release-notes-sles fixes the following issues:
Version update from 15.4.20220930 to 15.4.20221130 (bsc#933411):

Added note about Minimal-VM with cloud-init (jsc#SLE-7254)
Added link to PHP7 deprecation note (bsc#1205484)
Added note about SUSEConnect license handling (jsc#CSD-100)
Added note about debuginfod packages (jsc#SLE-17951)
Added note about p11-kit-server (jsc#SLE-18495)
Added note about Windows Terminal shortcuts in WSL (jsc#SLE-20406)
Added note about fail2ban (jsc#SLE-11611)
Added note about cryptsetup 2.4.3 (jsc#SLE-20275)
Added note about SLE 11 migration being unsupported (jsc#SLE-20518)
Added note about DFS share failover (jsc#SLE-20043)
Added note about prometheus 2.32.1 (jsc#SLE-23458)

Advisory ID	SUSE-SU-2023:201-1
Released	Fri Jan 27 15:24:15 2023
Summary	Security update for systemd
Type	security
Severity	moderate
References	1204944,1205000,1207264,CVE-2022-4415

Description:

This update for systemd fixes the following issues:

CVE-2022-4415: Fixed an issue where users could access coredumps with changed uid, gid or capabilities (bsc#1205000).

Non-security fixes:

Enabled the pstore service (jsc#PED-2663).
Fixed an issue accessing TPM when secure boot is enabled (bsc#1204944).
Fixed an issue where a pamd file could get accidentally overwritten after an update (bsc#1207264).

Advisory ID	SUSE-SU-2023:206-1
Released	Mon Jan 30 11:17:59 2023
Summary	Security update for ffmpeg
Type	security
Severity	moderate
References	1140754,1206778,CVE-2019-13390,CVE-2022-3341

Description:

This update for ffmpeg fixes the following issues:

CVE-2022-3341: Fixed a potential crash when processing a crafted NUT stream (bsc#1206778).
CVE-2019-13390: Fixed a potential crash when processing a crafted AVI stream (bsc#1140754).

Advisory ID	SUSE-SU-2023:211-1
Released	Mon Jan 30 17:26:10 2023
Summary	Security update for vim
Type	security
Severity	moderate
References	1206866,1206867,1206868,1207162,1207396,CVE-2023-0049,CVE-2023-0051,CVE-2023-0054,CVE-2023-0288,CVE-2023-0433

Description:

This update for vim fixes the following issues:

Updated to version 9.0.1234: - CVE-2023-0433: Fixed an out of bounds memory access that could cause a crash (bsc#1207396). - CVE-2023-0288: Fixed an out of bounds memory access that could cause a crash (bsc#1207162). - CVE-2023-0054: Fixed an out of bounds memory write that could cause a crash or memory corruption (bsc#1206868). - CVE-2023-0051: Fixed an out of bounds memory access that could cause a crash (bsc#1206867). - CVE-2023-0049: Fixed an out of bounds memory access that could cause a crash (bsc#1206866).

Advisory ID	SUSE-SU-2023:212-1
Released	Mon Jan 30 17:26:44 2023
Summary	Security update for nginx
Type	security
Severity	important
References	1204526,1204527,CVE-2022-41741,CVE-2022-41742

Description:

This update for nginx fixes the following issues:

CVE-2022-41741: Handle duplicated atoms in mp4 streams, to mitigate out-of-bound reads. (bsc#1204526)
CVE-2022-41742: Handle duplicated atoms in mp4 streams, to mitigate out-of-bound reads. (bsc#1204527)

Advisory ID	SUSE-SU-2023:215-1
Released	Mon Jan 30 17:27:24 2023
Summary	Security update for apache2-mod_auth_openidc
Type	security
Severity	moderate
References	1190223,1199868,1206441,CVE-2021-39191,CVE-2022-23527

Description:

This update for apache2-mod_auth_openidc fixes the following issues:

CVE-2022-23527: Fixed open redirect in oidc_validate_redirect_url() using tab character (bsc#1206441).
CVE-2021-39191: Fixed open redirect issue in target_link_uri parameter (bsc#1190223).

Advisory ID	SUSE-RU-2023:218-1
Released	Wed Feb 1 06:12:06 2023
Summary	Recommended update for SAPHanaSR
Type	recommended
Severity	critical
References	1205535,1207466

Description:

This update for SAPHanaSR fixes the following issues:

Fix for SAPHanaTopology failing with error code 1 (OCF_ERR_GENERIC) during a normal stop action (bsc#1207466)
Set srhook attribute to PRIM during a probe so that there is no need to wait for the first srConnectionChanged() to set the attribute (bsc#1205535)

Advisory ID	SUSE-SU-2023:221-1
Released	Wed Feb 1 09:34:32 2023
Summary	Security update for xterm
Type	security
Severity	important
References	1205305,CVE-2022-45063

Description:

This update for xterm fixes the following issues:

CVE-2022-45063: Fixed an arbitrary code execution issue under configurations using vi and zsh (bsc#1205305).

Advisory ID	SUSE-SU-2023:225-1
Released	Wed Feb 1 09:37:51 2023
Summary	Security update for ctags
Type	security
Severity	important
References	1206543,CVE-2022-4515

Description:

This update for ctags fixes the following issues:

CVE-2022-4515: Fixed a command injection issue via a tag file wih a crafted filename (bsc#1206543).

Advisory ID	SUSE-SU-2023:269-1
Released	Mon Feb 6 15:04:59 2023
Summary	Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP4)
Type	security
Severity	important
References	1204167,1205186,1206373,CVE-2022-2602,CVE-2022-3424,CVE-2022-4379

Description:

This update for the Linux Kernel 5.14.21-150400_22 fixes several issues.
The following security issues were fixed:

CVE-2022-4379: A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allowed an attacker to conduct a remote denial of service attack (bsc#1206373).
CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204167).
CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1205186).

Advisory ID	SUSE-SU-2023:270-1
Released	Mon Feb 6 15:05:09 2023
Summary	Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP4)
Type	security
Severity	important
References	1204167,1205186,1206373,CVE-2022-2602,CVE-2022-3424,CVE-2022-4379

Description:

This update for the Linux Kernel 5.14.21-150400_24_28 fixes several issues.
The following security issues were fixed:

CVE-2022-4379: A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allowed an attacker to conduct a remote denial of service attack (bsc#1206373).
CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204167).
CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1205186).

Advisory ID	SUSE-SU-2023:272-1
Released	Mon Feb 6 15:34:08 2023
Summary	Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP4)
Type	security
Severity	important
References	1204167,1205186,1206373,CVE-2022-2602,CVE-2022-3424,CVE-2022-4379

Description:

This update for the Linux Kernel 5.14.21-150400_24_18 fixes several issues.
The following security issues were fixed:

CVE-2022-4379: A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allowed an attacker to conduct a remote denial of service attack (bsc#1206373).
CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204167).
CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1205186).

Advisory ID	SUSE-SU-2023:273-1
Released	Mon Feb 6 15:34:17 2023
Summary	Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP4)
Type	security
Severity	important
References	1206373,CVE-2022-4379

Description:

This update for the Linux Kernel 5.14.21-150400_24_38 fixes one issue.
The following security issue was fixed:

CVE-2022-4379: A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allowed an attacker to conduct a remote denial of service attack (bsc#1206373).

Advisory ID	SUSE-SU-2023:275-1
Released	Mon Feb 6 17:18:38 2023
Summary	Security update for rubygem-activesupport-5_1
Type	security
Severity	moderate
References	1207454,CVE-2023-22796

Description:

This update for rubygem-activesupport-5_1 fixes the following issues:

CVE-2023-22796: Fixed a potential denial of service when passing a crafted input to the underscore method due to an inefficient regular expression (bsc#1207454).

Advisory ID	SUSE-SU-2023:276-1
Released	Mon Feb 6 17:19:34 2023
Summary	Security update for rubygem-rack
Type	security
Severity	moderate
References	1207596,1207597,1207599,CVE-2022-44570,CVE-2022-44571,CVE-2022-44572

Description:

This update for rubygem-rack fixes the following issues:

CVE-2022-44570: Fixed a potential denial of service when parsing a RFC2183 multipart boundary (bsc#1207597).
CVE-2022-44571: Fixed a potential denial of service when parsing a Range header (bsc#1207599).
CVE-2022-44572: Fixed a potential denial of service when parsing a Content-Disposition header (bsc#1207596).

Advisory ID	SUSE-SU-2023:277-1
Released	Tue Feb 7 07:34:23 2023
Summary	Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP4)
Type	security
Severity	important
References	1204167,1205186,1206373,CVE-2022-2602,CVE-2022-3424,CVE-2022-4379

Description:

This update for the Linux Kernel 5.14.21-150400_24_11 fixes several issues.
The following security issues were fixed:

CVE-2022-4379: A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allowed an attacker to conduct a remote denial of service attack (bsc#1206373).
CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204167).
CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1205186).

Advisory ID	SUSE-SU-2023:280-1
Released	Tue Feb 7 08:05:25 2023
Summary	Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP4)
Type	security
Severity	important
References	1205186,1206373,CVE-2022-2602,CVE-2022-4379

Description:

This update for the Linux Kernel 5.14.21-150400_24_33 fixes several issues.
The following security issues were fixed:

CVE-2022-4379: A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allowed an attacker to conduct a remote denial of service attack (bsc#1206373).
CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1205186).

Advisory ID	SUSE-SU-2023:285-1
Released	Tue Feb 7 09:31:42 2023
Summary	Security update for xorg-x11-server
Type	security
Severity	important
References	1207783,CVE-2023-0494

Description:

This update for xorg-x11-server fixes the following issues:

CVE-2023-0494: Fixed a use-after-free in DeepCopyPointerClasses (bsc#1207783).

Advisory ID	SUSE-SU-2023:288-1
Released	Tue Feb 7 09:33:45 2023
Summary	Security update for xorg-x11-server
Type	security
Severity	important
References	1207783,CVE-2023-0494

Description:

This update for xorg-x11-server fixes the following issues:

CVE-2023-0494: Fixed a use-after-free in DeepCopyPointerClasses (bsc#1207783).

Advisory ID	SUSE-SU-2023:289-1
Released	Tue Feb 7 09:34:49 2023
Summary	Security update for xwayland
Type	security
Severity	important
References	1207783,CVE-2023-0494

Description:

This update for xwayland fixes the following issues:

CVE-2023-0494: Fixed a use-after-free in DeepCopyPointerClasses (bsc#1207783).

Advisory ID	SUSE-RU-2023:290-1
Released	Tue Feb 7 09:57:17 2023
Summary	Recommended update for rust, rust1.67
Type	recommended
Severity	moderate
References

Description:

This update for rust, rust1.67 fixes the following issues:
Rust is shipped in version 1.67.0.
Changes in rust1.67:
Version 1.67.0 (2023-01-26) ==========================
Language --------

Make `Sized` predicates coinductive, allowing cycles.
#[must_use]` annotations on `async fn` also affect the `Future::Output`.
Elaborate supertrait obligations when deducing closure signatures.
Invalid literals are no longer an error under `cfg(FALSE)`.
Unreserve braced enum variants in value namespace.

Compiler --------

Enable varargs support for calling conventions other than `C` or `cdecl`.
Add new MIR constant propagation based on dataflow analysis.
Optimize field ordering by grouping m\*2^n-sized fields with equivalently aligned ones.
Stabilize native library modifier `verbatim`.

Added and removed targets:

Remove tier 3 `linuxkernel` targets Refer to Rust's platform support page for more information on Rust's tiered platform support.

Libraries ---------

Merge `crossbeam-channel` into `std::sync::mpsc`.
Fix inconsistent rounding of 0.5 when formatted to 0 decimal places.
Derive `Eq` and `Hash` for `ControlFlow`.
Don't build `compiler_builtins` with `-C panic=abort`.

Stabilized APIs ---------------

{integer}::checked_ilog
{integer}::checked_ilog2
{integer}::checked_ilog10
{integer}::ilog
{integer}::ilog2
{integer}::ilog10
NonZeroU*::ilog2
NonZeroU*::ilog10
NonZero*::BITS

These APIs are now stable in const contexts:

char::from_u32
char::from_digit
char::to_digit
core::char::from_u32
core::char::from_digit

Compatibility Notes -------------------

The layout of `repr(Rust)` types now groups m\*2^n-sized fields with equivalently aligned ones. This is intended to be an optimization, but it is also known to increase type sizes in a few cases for the placement of enum tags. As a reminder, the layout of `repr(Rust)` types is an implementation detail, subject to change.
0.5 now rounds to 0 when formatted to 0 decimal places. This makes it consistent with the rest of floating point formatting that rounds ties toward even digits.
Chains of `&&` and `||` will now drop temporaries from their sub-expressions in evaluation order, left-to-right. Previously, it was 'twisted' such that the _first_ expression dropped its temporaries _last_, after all of the other expressions dropped in order.
Underscore suffixes on string literals are now a hard error. This has been a future-compatibility warning since 1.20.0.
Stop passing `-export-dynamic` to `wasm-ld`.
main` is now mangled as `__main_void` on `wasm32-wasi`.
Cargo now emits an error if there are multiple registries in the configuration with the same index URL.

Advisory ID	SUSE-SU-2023:295-1
Released	Tue Feb 7 10:39:39 2023
Summary	Security update for redis
Type	security
Severity	important
References	1207202,1207203,1207448,CVE-2022-35977,CVE-2023-22458

Description:

This update for redis fixes the following issues:

CVE-2022-35977: Fixed an integer overflow that could allow authenticated users to cause a crash (bsc#1207202).
CVE-2023-22458: Fixed a missing check that could allow authenticated users to cause a crash (bsc#1207203).

Advisory ID	SUSE-RU-2023:297-1
Released	Tue Feb 7 13:17:47 2023
Summary	Recommended update for java-17-openjdk
Type	recommended
Severity	moderate
References	1205916

Description:

This update for java-17-openjdk fixes the following issues:

Modified patches: Revert fips patch to a version used with 17.0.4.0 (bsc#1205916) Apply nss-security-provider patch after the fips patch, thus rediff the hunk to changed context.

Fix jconsole.desktop icon

Advisory ID	SUSE-RU-2023:302-1
Released	Tue Feb 7 16:12:57 2023
Summary	Recommended update for libpulp
Type	recommended
Severity	moderate
References

Description:

This update for libpulp fixes the following issues:
Update package with libpulp-0.2.7:

Add support to library to JSON library dumps, Removing any requirement of adding the original library .so file into the livepatch build tarball.
Update the ulp post hook script for transactional systems (jsc#PED-1078).
Add `setup_package.sh` as part of libpulp tools.

Update package with libpulp-0.2.6

Add new `-R` option to specify a prefix root for livepatches (jsc#PED-1078).

Advisory ID	SUSE-RU-2023:303-1
Released	Tue Feb 7 16:18:06 2023
Summary	Recommended update for sane-backends
Type	recommended
Severity	moderate
References

Description:

This update of sane-backends fixes the following issues:

rebuild against the new net-snmp (jsc#SLE-11203).

Advisory ID	SUSE-SU-2023:305-1
Released	Tue Feb 7 17:31:51 2023
Summary	Security update for openssl-1_0_0
Type	security
Severity	important
References	1207533,1207534,1207536,CVE-2022-4304,CVE-2023-0215,CVE-2023-0286

Description:

This update for openssl-1_0_0 fixes the following issues:

CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533).
CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536).
CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534).

Advisory ID	SUSE-SU-2023:312-1
Released	Tue Feb 7 17:54:46 2023
Summary	Security update for openssl-3
Type	security
Severity	important
References	1195149,1206222,1207533,1207534,1207535,1207536,1207538,1207539,1207540,1207541,CVE-2022-4203,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0216,CVE-2023-0217,CVE-2023-0286,CVE-2023-0401

Description:

This update for openssl-3 fixes the following issues:
Security fixes:

CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533).
CVE-2023-0401: Fixed NULL pointer dereference during PKCS7 data verification (bsc#1207541).
CVE-2023-0217: Fixed NULL pointer dereference validating DSA public key (bsc#1207540).
CVE-2023-0216: Fixed invalid pointer dereference in d2i_PKCS7 functions (bsc#1207539).
CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536).
CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538).
CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534).
CVE-2022-4203: Fixed read Buffer Overflow with X.509 Name Constraints (bsc#1207535).

Non-security fixes:

Fix SHA, SHAKE, KECCAK ASM and EC ASM flag passing (bsc#1206222).
Enable zlib compression support (bsc#1195149).
Add crypto-policies dependency.

Advisory ID	SUSE-SU-2023:314-1
Released	Wed Feb 8 12:51:27 2023
Summary	Security update for apache2-mod_security2
Type	security
Severity	important
References	1207378,CVE-2022-48279

Description:

This update for apache2-mod_security2 fixes the following issues:

CVE-2022-48279: Fixed a potential firewall bypass due to an incorrect parsing of HTTP multipart requests (bsc#1207378).

Advisory ID	SUSE-SU-2023:322-1
Released	Wed Feb 8 16:19:37 2023
Summary	Security update for apache2
Type	security
Severity	important
References	1207247,1207250,1207251,CVE-2006-20001,CVE-2022-36760,CVE-2022-37436

Description:

This update for apache2 fixes the following issues:

CVE-2022-37436: Fixed an issue in mod_proxy where a malicious backend could cause the response headers to be truncated early, resulting in some headers being incorporated into the response body (bsc#1207251).
CVE-2022-36760: Fixed an issue in mod_proxy_ajp that could allow request smuggling attacks (bsc#1207250).
CVE-2006-20001: Fixed an issue in mod_proxy_ajp where a request header could cause memory corruption (bsc#1207247).

Advisory ID	SUSE-SU-2023:328-1
Released	Thu Feb 9 09:09:22 2023
Summary	Security update for rubygem-globalid
Type	security
Severity	moderate
References	1207587,CVE-2023-22799

Description:

This update for rubygem-globalid fixes the following issues:

CVE-2023-22799: Fixed ReDoS vulnerability (bsc#1207587).

Advisory ID	SUSE-SU-2023:329-1
Released	Thu Feb 9 10:20:18 2023
Summary	Security update for MozillaThunderbird
Type	security
Severity	important
References	1207119,CVE-2022-46871,CVE-2022-46877,CVE-2023-0430,CVE-2023-23598,CVE-2023-23599,CVE-2023-23601,CVE-2023-23602,CVE-2023-23603,CVE-2023-23605

Description:

This update for MozillaThunderbird fixes the following issues:
Updated to version 102.7.1 (bsc#1207119): * CVE-2022-46871: Fixed out of date libusrsctp. * CVE-2023-23598: Fixed arbitrary file read from GTK drag and drop on Linux. * CVE-2023-23599: Fixed issue where malicious command that could be hidden in devtools output on Windows. * CVE-2023-23601: Fixed issue where URL being dragged from cross-origin iframe into same tab triggers navigation. * CVE-2023-23602: Fixed Content Security Policy not being correctly applied to WebSockets in WebWorkers. * CVE-2022-46877: Fixed fullscreen notification bypass. * CVE-2023-23603: Fixed issue where calls to code tag allowed bypassing Content Security Policy via format directive. * CVE-2023-23605: Fixed memory safety bugs.

Advisory ID	SUSE-RU-2023:330-1
Released	Thu Feb 9 11:41:51 2023
Summary	Recommended update for pesign-obs-integration
Type	recommended
Severity	important
References	1195805,1205917,1207520

Description:

This update for pesign-obs-integration fixes the following issues:

Fix for a filename issue in the scripts of generated ueficert package (bsc#1195805, bsc#1205917)
fixed dependency generators (bsc#1207520)(jsc#PED-2658):

- Add support for including macros in pesign-repackage.spec by using pesign-spec-macros - Add support for copying sources to the new build directory by using pesign-copy-sources - Update README for dependency generation, add Dependency Generation section

Advisory ID	SUSE-SU-2023:331-1
Released	Thu Feb 9 12:33:54 2023
Summary	Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP4)
Type	security
Severity	important
References	1204167,1205186,1206373,CVE-2022-2602,CVE-2022-3424,CVE-2022-4379

Description:

This update for the Linux Kernel 5.14.21-150400_24_21 fixes several issues.
The following security issues were fixed:

CVE-2022-4379: A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allowed an attacker to conduct a remote denial of service attack (bsc#1206373).
CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204167).
CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1205186).

Advisory ID	SUSE-RU-2023:333-1
Released	Thu Feb 9 13:49:04 2023
Summary	Recommended update for amazon-ecs-init
Type	recommended
Severity	moderate
References

Description:

This update for amazon-ecs-init fixes the following issues: - Add aarch64 binaries to the channels.

Advisory ID	SUSE-RU-2023:334-1
Released	Thu Feb 9 13:49:43 2023
Summary	Recommended update for google-osconfig-agent
Type	recommended
Severity	moderate
References

Description:

This update for google-osconfig-agent fixes the following issues: - Provide the latest version for SLE-15-SP4 too.

Advisory ID	SUSE-RU-2023:335-1
Released	Thu Feb 9 13:51:13 2023
Summary	Recommended update for hyper-v
Type	recommended
Severity	moderate
References

Description:

This update for hyper-v fixes the following issues: - Provide the latest version for SLE-15-SP4 too.

Advisory ID	SUSE-SU-2023:341-1
Released	Fri Feb 10 10:04:35 2023
Summary	Security update for bind
Type	security
Severity	important
References	1207471,1207473,1207475,CVE-2022-3094,CVE-2022-3736,CVE-2022-3924

Description:

This update for bind fixes the following issues:

Updated to version 9.16.37 (jsc#SLE-24600): - CVE-2022-3094: Fixed an issue where a message flood could exhaust all available memory (bsc#1207471). - CVE-2022-3736: Fixed a potential crash upon receiving an RRSIG in configurations with stale cache and stale answers enabled and stale-answer-client-timeout set to a positive value (bsc#1207473). - CVE-2022-3924: Fixed a potential crash upon reaching the recursive-clients soft quota in configurations with stale answers enabled and stale-answer-client-timeout set to a positive value (bsc#1207475).

Advisory ID	SUSE-SU-2023:342-1
Released	Fri Feb 10 10:06:46 2023
Summary	Security update for tiff
Type	security
Severity	important
References	1207413,CVE-2022-48281

Description:

This update for tiff fixes the following issues:

CVE-2022-48281: Fixed a buffer overflow that could be triggered via a crafted image (bsc#1207413).

Advisory ID	SUSE-SU-2023:343-1
Released	Fri Feb 10 12:29:50 2023
Summary	Security update for wireshark
Type	security
Severity	important
References	1206189,1207447,1207663,1207664,1207665,1207667,1207668,1207669,CVE-2022-4345,CVE-2023-0411,CVE-2023-0412,CVE-2023-0413,CVE-2023-0415,CVE-2023-0416,CVE-2023-0417

Description:

This update for wireshark fixes the following issues:

Updated to version 3.6.11 (bsc#1207447): - CVE-2023-0417: Fixed a memory leak in the NFS dissector (bsc#1207669). - CVE-2023-0413: Fixed a crash in the dissection engine (bsc#1207665). - CVE-2023-0416: Fixed a crash in the GNW dissector (bsc#1207668). - CVE-2023-0415: Fixed a crash in the iSCSI dissector (bsc#1207667). - CVE-2023-0411: Fixed several issues where an excessive CPU consumption could be triggered in multiple dissectors (bsc#1207663). - CVE-2023-0412: Fixed a crash in the TIPC dissector (bsc#1207664).

Advisory ID	SUSE-RU-2023:346-1
Released	Fri Feb 10 15:06:56 2023
Summary	Recommended update for salt
Type	recommended
Severity	moderate
References	1204939

Description:

This update for salt fixes the following issues:

Control the collection of lvm grains via config (bsc#1204939)

Advisory ID	SUSE-SU-2023:348-1
Released	Fri Feb 10 15:08:41 2023
Summary	Security update for less
Type	security
Severity	moderate
References	1207815,CVE-2022-46663

Description:

This update for less fixes the following issues:
- CVE-2022-46663: Fixed denial-of-service by printing specially crafted escape sequences to the terminal (bsc#1207815).

Advisory ID	SUSE-RU-2023:349-1
Released	Fri Feb 10 15:09:03 2023
Summary	Recommended update for hwinfo
Type	recommended
Severity	moderate
References	1204294

Description:

This update for hwinfo fixes the following issues:

Create Xen usb controller device if necessary. (bsc#1204294)

Advisory ID	SUSE-SU-2023:373-1
Released	Fri Feb 10 15:19:25 2023
Summary	Maintenance update for SUSE Manager 4.3.4 Release Notes
Type	security
Severity	important
References	1172110,1195979,1200801,1202150,1203478,1203532,1203826,1204032,1204126,1204186,1204235,1204270,1204330,1204712,1204715,1204879,1204932,1205012,1205040,1205207,1205255,1205350,1205489,1205523,1205644,1205663,1205749,1205754,1205890,1205919,1205943,1205976,1206055,1206160,1206168,1206186,1206249,1206276,1206294,1206336,1206375,1206470,1206613,1206666,1206799,1207136,CVE-2022-1415

Description:

Maintenance update for SUSE Manager 4.3.4 Release Notes:
This is a codestream only update

Advisory ID	SUSE-SU-2023:375-1
Released	Fri Feb 10 17:05:34 2023
Summary	Security update for java-1_8_0-ibm
Type	security
Severity	moderate
References	1204703,1205302,CVE-2022-3676

Description:

This update for java-1_8_0-ibm fixes the following issues:
IBM Security Update November 2022: (bsc#1205302, bsc#1204703)

CVE-2022-3676: A security vulnerability was fixed in version 8.0.7.20, adding the reference here.

Advisory ID	SUSE-RU-2023:376-1
Released	Mon Feb 13 03:06:47 2023
Summary	Recommended update for pacemaker
Type	recommended
Severity	important
References	1206263,1206761

Description:

This update for pacemaker fixes the following issues:

Fix issues with SAPHanaController instances in SAPHanaSR ScaleOut cluster (bsc#1206263)
Fix a memory access violation in error handling in crm_resource (bsc#1206761)

Advisory ID	SUSE-RU-2023:384-1
Released	Mon Feb 13 03:10:52 2023
Summary	Recommended update for irqbalance
Type	recommended
Severity	important
References	1204962,1206661

Description:

This update for irqbalance fixes the following issues:

Fix `--banmod` option not working as expected (bsc#1206661, bsc#1204962)

Advisory ID	SUSE-RU-2023:386-1
Released	Mon Feb 13 03:12:28 2023
Summary	Recommended update for NetworkManager-applet
Type	recommended
Severity	important
References

Description:

This update for NetworkManager-applet fixes the following issues:

Fix build issues related to meson

Advisory ID	SUSE-RU-2023:388-1
Released	Mon Feb 13 09:39:56 2023
Summary	Recommended update for crmsh
Type	recommended
Severity	moderate
References	1201785,1205522,1205615,1205727,1205735

Description:

This update for crmsh fixes the following issues:

Add a mechanism for updating cluster configuration after version update (bsc#1201785)
cibconfig: Set 'promotable=true' and 'interlave=true' if resource instances need to be Promoted/Unpromoted with the resource agent (bsc#1205522)
Fix help text for consistency in both `help` subcommand and `--help` argument (bsc#1205735)
Fix passwordless ssh authentication for hacluster automatically when a new node is joining the cluster (bsc#1201785)
Fix sbd not starting up if qdevice configuration is enabled (bsc#1205727)
Show corosync ring status if it has faults (bsc#1205615)

Advisory ID	SUSE-SU-2023:389-1
Released	Mon Feb 13 09:41:49 2023
Summary	Security update for apr-util
Type	security
Severity	critical
References	1207866,CVE-2022-25147

Description:

This update for apr-util fixes the following issues:

CVE-2022-25147: Fixed a buffer overflow possible with specially crafted input during base64 encoding (bsc#1207866)

Advisory ID	SUSE-SU-2023:394-1
Released	Mon Feb 13 10:10:23 2023
Summary	Security update for the Linux Kernel
Type	security
Severity	important
References	1185861,1185863,1186449,1191256,1192868,1193629,1194869,1195175,1195655,1196058,1199701,1204063,1204356,1204662,1205495,1206006,1206036,1206056,1206057,1206258,1206363,1206459,1206616,1206677,1206784,1207010,1207034,1207134,1207149,1207158,1207184,1207186,1207190,1207237,1207263,1207269,1207497,1207500,1207501,1207506,1207507,1207734,1207769,1207842,1207878,1207933,CVE-2020-24588,CVE-2022-4382,CVE-2022-47929,CVE-2023-0179,CVE-2023-0266

Description:

The SUSE Linux Enterprise 15 SP4 AZURE kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

CVE-2023-0266: Fixed a use-after-free vulnerability inside the ALSA PCM package. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 was missing locks that could have been used in a use-after-free that could have resulted in a priviledge escalation to gain ring0 access from the system user (bsc#1207134).
CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header bits (bsc#1207034).
CVE-2022-47929: Fixed NULL pointer dereference bug in the traffic control subsystem (bnc#1207237).
CVE-2022-4382: Fixed a use-after-free flaw that was caused by a race condition among the superblock operations inside the gadgetfs code (bsc#1206258).
CVE-2020-24588: Fixed injection of arbitrary network packets against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n) (bsc#1199701).

The following non-security bugs were fixed:

ACPI: EC: Fix EC address space handler unregistration (bsc#1207149).
ACPI: EC: Fix ECDT probe ordering issues (bsc#1207149).
ACPI: PRM: Check whether EFI runtime is available (git-fixes).
ACPICA: Allow address_space_handler Install and _REG execution as 2 separate steps (bsc#1207149).
ACPICA: include/acpi/acpixf.h: Fix indentation (bsc#1207149).
ALSA: control-led: use strscpy in set_led_id() (git-fixes).
ALSA: hda - Enable headset mic on another Dell laptop with ALC3254 (git-fixes).
ALSA: hda/hdmi: Add a HP device 0x8715 to force connect list (git-fixes).
ALSA: hda/realtek - Turn on power early (git-fixes).
ALSA: hda/realtek: Add Acer Predator PH315-54 (git-fixes).
ALSA: hda/realtek: Enable mute/micmute LEDs on HP Spectre x360 13-aw0xxx (git-fixes).
ALSA: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes).
ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes).
ALSA: hda/realtek: fix mute/micmute LEDs, speaker do not work for a HP platform (git-fixes).
ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path() (git-fixes).
ALSA: hda: cs35l41: Check runtime suspend capability at runtime_idle (git-fixes).
ALSA: hda: cs35l41: Do not return -EINVAL from system suspend/resume (git-fixes).
ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (git-fixes).
ALSA: usb-audio: Make sure to stop endpoints before closing EPs (git-fixes).
ALSA: usb-audio: Relax hw constraints for implicit fb sync (git-fixes).
ARM: dts: at91: sam9x60: fix the ddr clock for sam9x60 (git-fixes).
ARM: dts: imx6qdl-gw560x: Remove incorrect 'uart-has-rtscts' (git-fixes).
ARM: dts: imx6ul-pico-dwarf: Use 'clock-frequency' (git-fixes).
ARM: dts: imx7d-pico: Use 'clock-frequency' (git-fixes).
ARM: dts: imx: Fix pca9547 i2c-mux node name (git-fixes).
ARM: dts: vf610: Fix pca9548 i2c-mux node names (git-fixes).
ARM: imx: add missing of_node_put() (git-fixes).
ASoC: Intel: bytcr_rt5651: Drop reference count of ACPI device after use (git-fixes).
ASoC: Intel: bytcr_wm5102: Drop reference count of ACPI device after use (git-fixes).
ASoC: fsl-asoc-card: Fix naming of AC'97 CODEC widgets (git-fixes).
ASoC: fsl_micfil: Correct the number of steps on SX controls (git-fixes).
ASoC: fsl_ssi: Rename AC'97 streams to avoid collisions with AC'97 CODEC (git-fixes).
ASoC: qcom: lpass-cpu: Fix fallback SD line index handling (git-fixes).
ASoC: wm8904: fix wrong outputs volume after power reactivation (git-fixes).
Bluetooth: Fix possible deadlock in rfcomm_sk_state_change (git-fixes).
Bluetooth: hci_qca: Fix driver shutdown on closed serdev (git-fixes).
Documentation: Remove bogus claim about del_timer_sync() (git-fixes).
HID: betop: check shape of output reports (git-fixes).
HID: betop: check shape of output reports (git-fixes, bsc#1207186).
HID: check empty report_list in bigben_probe() (git-fixes).
HID: check empty report_list in hid_validate_values() (git-fixes).
HID: drop assumptions on non-empty lists (git-fixes, bsc#1206784).
HID: intel_ish-hid: Add check for ishtp_dma_tx_map (git-fixes).
HID: playstation: sanity check DualSense calibration data (git-fixes).
HID: revert CHERRY_MOUSE_000C quirk (git-fixes).
IB/hfi1: Fix expected receive setup error exit issues (git-fixes)
IB/hfi1: Immediately remove invalid memory from hardware (git-fixes)
IB/hfi1: Reject a zero-length user expected buffer (git-fixes)
IB/hfi1: Remove user expected buffer invalidate race (git-fixes)
IB/hfi1: Reserve user expected TIDs (git-fixes)
IB/mad: Do not call to function that might sleep while in atomic context (git-fixes).
KVM: x86: Check for existing Hyper-V vCPU in kvm_hv_vcpu_init() (bsc#1206616).
PCI/PM: Define pci_restore_standard_config() only for CONFIG_PM_SLEEP (bsc#1207269).
PM: AVS: qcom-cpr: Fix an error handling path in cpr_probe() (git-fixes).
RDMA/core: Fix ib block iterator counter overflow (bsc#1207878).
RDMA/core: Fix ib block iterator counter overflow (git-fixes)
RDMA/mlx5: Fix mlx5_ib_get_hw_stats when used for device (git-fixes)
RDMA/mlx5: Fix validation of max_rd_atomic caps for DC (git-fixes)
RDMA/rxe: Prevent faulty rkey generation (git-fixes)
RDMA/srp: Move large values to a new enum for gcc13 (git-fixes)
Revert 'ARM: dts: armada-38x: Fix compatible string for gpios' (git-fixes).
Revert 'ARM: dts: armada-39x: Fix compatible string for gpios' (git-fixes).
Revert 'Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode' (git-fixes).
Revert 'Revert 'block, bfq: honor already-setup queue merges'' (git-fixes).
Revert 'arm64: dts: meson-sm1-odroid-hc4: disable unused USB PHY0' (git-fixes).
Revert 'wifi: mac80211: fix memory leak in ieee80211_if_add()' (git-fixes).
SUNRPC: Do not dereference xprt->snd_task if it's a cookie (git-fixes).
SUNRPC: Use BIT() macro in rpc_show_xprt_state() (git-fixes).
USB: gadget: Fix use-after-free during usb config switch (git-fixes).
USB: misc: iowarrior: fix up header size for USB_DEVICE_ID_CODEMERCS_IOW100 (git-fixes).
USB: serial: cp210x: add SCALANCE LPE-9000 device id (git-fixes).
USB: serial: option: add Quectel EC200U modem (git-fixes).
USB: serial: option: add Quectel EM05-G (CS) modem (git-fixes).
USB: serial: option: add Quectel EM05-G (GR) modem (git-fixes).
USB: serial: option: add Quectel EM05-G (RS) modem (git-fixes).
USB: serial: option: add Quectel EM05CN (SG) modem (git-fixes).
USB: serial: option: add Quectel EM05CN modem (git-fixes).
VMCI: Use threaded irqs instead of tasklets (git-fixes).
arm64: atomics: format whitespace consistently (git-fixes).
arm64: dts: imx8mm-beacon: Fix ecspi2 pinmux (git-fixes).
arm64: dts: imx8mm-venice-gw7901: fix USB2 controller OC polarity (git-fixes).
arm64: dts: imx8mm: Fix pad control for UART1_DTE_RX (git-fixes).
arm64: dts: imx8mq-thor96: fix no-mmc property for SDHCI (git-fixes).
arm64: dts: qcom: msm8992-libra: Add CPU regulators (git-fixes).
arm64: dts: qcom: msm8992-libra: Fix the memory map (git-fixes).
arm64: dts: qcom: msm8992: Do not use sfpb mutex (git-fixes).
arm64: efi: Execute runtime services from a dedicated stack (git-fixes).
ata: libata: Fix sata_down_spd_limit() when no link speed is reported (git-fixes).
ath11k: Fix unexpected return buffer manager error for QCA6390 (git-fixes).
bcache: fix set_at_max_writeback_rate() for multiple attached devices (git-fixes).
bfq: fix use-after-free in bfq_dispatch_request (git-fixes).
bfq: fix waker_bfqq inconsistency crash (git-fixes).
blk-throttle: prevent overflow while calculating wait time (git-fixes).
blk-wbt: fix that 'rwb->wc' is always set to 1 in wbt_init() (git-fixes).
blktrace: Fix output non-blktrace event when blk_classic option enabled (git-fixes).
block, bfq: do not move oom_bfqq (git-fixes).
block, bfq: fix null pointer dereference in bfq_bio_bfqg() (git-fixes).
block, bfq: fix possible uaf for 'bfqq->bic' (git-fixes).
block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq (git-fixes).
block, bfq: protect 'bfqd->queued' by 'bfqd->lock' (git-fixes).
block/bfq_wf2q: correct weight to ioprio (git-fixes).
block/bio: remove duplicate append pages code (git-fixes).
block: check minor range in device_add_disk() (git-fixes).
block: ensure iov_iter advances for added pages (git-fixes).
block: fix infinite loop for invalid zone append (git-fixes).
block: mq-deadline: Fix dd_finish_request() for zoned devices (git-fixes).
block: use bdev_get_queue() in bio.c (git-fixes).
bnx2x: fix pci device refcount leak in bnx2x_vf_is_pcie_pending() (git-fixes).
bnxt_en: Fix possible crash in bnxt_hwrm_set_coal() (git-fixes).
bnxt_en: Remove debugfs when pci_register_driver failed (git-fixes).
bnxt_en: add dynamic debug support for HWRM messages (git-fixes).
bnxt_en: fix potentially incorrect return value for ndo_rx_flow_steer (git-fixes).
bnxt_en: fix the handling of PCIE-AER (git-fixes).
bnxt_en: refactor bnxt_cancel_reservations() (git-fixes).
btrfs: add helper to delete a dir entry from a log tree (bsc#1207263).
btrfs: avoid inode logging during rename and link when possible (bsc#1207263).
btrfs: avoid logging all directory changes during renames (bsc#1207263).
btrfs: backport recent fixes for send/receive into SLE15 SP4/SP5 (bsc#1206036 bsc#1207500 ltc#201363).
btrfs: do not log unnecessary boundary keys when logging directory (bsc#1207263).
btrfs: fix assertion failure when logging directory key range item (bsc#1207263).
btrfs: fix processing of delayed data refs during backref walking (bsc#1206056 bsc#1207507 ltc#201367).
btrfs: fix processing of delayed tree block refs during backref walking (bsc#1206057 bsc#1207506 ltc#201368).
btrfs: fix race between quota enable and quota rescan ioctl (bsc#1207158).
btrfs: fix race between quota rescan and disable leading to NULL pointer deref (bsc#1207158).
btrfs: fix trace event name typo for FLUSH_DELAYED_REFS (git-fixes).
btrfs: join running log transaction when logging new name (bsc#1207263).
btrfs: move QUOTA_ENABLED check to rescan_should_stop from btrfs_qgroup_rescan_worker (bsc#1207158).
btrfs: pass the dentry to btrfs_log_new_name() instead of the inode (bsc#1207263).
btrfs: prepare extents to be logged before locking a log tree path (bsc#1207263).
btrfs: put initial index value of a directory in a constant (bsc#1207263).
btrfs: qgroup: remove duplicated check in adding qgroup relations (bsc#1207158).
btrfs: qgroup: remove outdated TODO comments (bsc#1207158).
btrfs: remove unnecessary NULL check for the new inode during rename exchange (bsc#1207263).
btrfs: remove useless path release in the fast fsync path (bsc#1207263).
btrfs: remove write and wait of struct walk_control (bsc#1207263).
btrfs: stop copying old dir items when logging a directory (bsc#1207263).
btrfs: stop doing unnecessary log updates during a rename (bsc#1207263).
btrfs: stop trying to log subdirectories created in past transactions (bsc#1207263).
btrfs: use single variable to track return value at btrfs_log_inode() (bsc#1207263).
bus: sunxi-rsb: Fix error handling in sunxi_rsb_init() (git-fixes).
can: j1939: fix errant WARN_ON_ONCE in j1939_session_deactivate (git-fixes).
cifs: Fix uninitialized memory read for smb311 posix symlink create (git-fixes).
cifs: do not query ifaces on smb1 mounts (git-fixes).
cifs: fix double free on failed kerberos auth (git-fixes).
cifs: fix file info setting in cifs_open_file() (git-fixes).
cifs: fix file info setting in cifs_query_path_info() (git-fixes).
cifs: fix potential memory leaks in session setup (bsc#1193629).
cifs: fix race in assemble_neg_contexts() (bsc#1193629).
cifs: ignore ipc reconnect failures during dfs failover (bsc#1193629).
cifs: protect access of TCP_Server_Info::{dstaddr,hostname} (bsc#1193629).
cifs: remove redundant assignment to the variable match (bsc#1193629).
comedi: adv_pci1760: Fix PWM instruction handling (git-fixes).
config: arm64: Fix Freescale LPUART dependency (boo#1204063).
cpufreq: Add Tegra234 to cpufreq-dt-platdev blocklist (git-fixes).
cpufreq: armada-37xx: stop using 0 as NULL pointer (git-fixes).
crypto: fixed DH and ECDH implemention for FIPS PCT (jsc#SLE-21132,bsc#1191256,bsc#1207184).
dm btree: add a defensive bounds check to insert_at() (git-fixes).
dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort (git-fixes).
dm cache: Fix UAF in destroy() (git-fixes).
dm cache: set needs_check flag after aborting metadata (git-fixes).
dm clone: Fix UAF in clone_dtr() (git-fixes).
dm integrity: Fix UAF in dm_integrity_dtr() (git-fixes).
dm integrity: clear the journal on suspend (git-fixes).
dm integrity: flush the journal on suspend (git-fixes).
dm ioctl: fix misbehavior if list_versions races with module loading (git-fixes).
dm ioctl: prevent potential spectre v1 gadget (git-fixes).
dm raid: fix address sanitizer warning in raid_resume (git-fixes).
dm raid: fix address sanitizer warning in raid_status (git-fixes).
dm space map common: add bounds check to sm_ll_lookup_bitmap() (git-fixes).
dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata (git-fixes).
dm thin: Fix UAF in run_timer_softirq() (git-fixes).
dm thin: Use last transaction's pmd->root when commit failed (git-fixes).
dm thin: resume even if in FAIL mode (git-fixes).
dm writecache: set a default MAX_WRITEBACK_JOBS (git-fixes).
dm: fix alloc_dax error handling in alloc_dev (git-fixes).
dm: requeue IO if mapping table not yet available (git-fixes).
dmaengine: Fix double increment of client_count in dma_chan_get() (git-fixes).
dmaengine: idxd: Do not call DMX TX callbacks during workqueue disable (git-fixes).
dmaengine: idxd: Let probe fail when workqueue cannot be enabled (git-fixes).
dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init (git-fixes).
dmaengine: lgm: Move DT parsing after initialization (git-fixes).
dmaengine: tegra210-adma: fix global intr clear (git-fixes).
dmaengine: ti: k3-udma: Do conditional decrement of UDMA_CHAN_RT_PEER_BCNT_REG (git-fixes).
dmaengine: xilinx_dma: call of_node_put() when breaking out of for_each_child_of_node() (git-fixes).
docs: Fix the docs build with Sphinx 6.0 (git-fixes).
driver core: Fix test_async_probe_init saves device in wrong array (git-fixes).
drivers: net: xgene: disable napi when register irq failed in xgene_enet_open() (git-fixes).
drivers:md:fix a potential use-after-free bug (git-fixes).
drm/amd/display: Calculate output_color_space after pixel encoding adjustment (git-fixes).
drm/amd/display: Fix COLOR_SPACE_YCBCR2020_TYPE matrix (git-fixes).
drm/amd/display: Fix set scaling doesn's work (git-fixes).
drm/amd/display: Take emulated dc_sink into account for HDCP (bsc#1207734).
drm/amd/display: fix issues with driver unload (git-fixes).
drm/amdgpu: complete gfxoff allow signal during suspend without delay (git-fixes).
drm/amdgpu: disable runtime pm on several sienna cichlid cards(v2) (git-fixes).
drm/amdgpu: drop experimental flag on aldebaran (git-fixes).
drm/hyperv: Add error message for fb size greater than allocated (git-fixes).
drm/i915/adlp: Fix typo for reference clock (git-fixes).
drm/i915/display: Check source height is > 0 (git-fixes).
drm/i915/gt: Reset twice (git-fixes).
drm/i915/selftest: fix intel_selftest_modify_policy argument types (git-fixes).
drm/i915: Fix potential bit_17 double-free (git-fixes).
drm/i915: re-disable RC6p on Sandy Bridge (git-fixes).
drm/msm/adreno: Make adreno quirks not overwrite each other (git-fixes).
drm/msm/dp: do not complete dp_aux_cmd_fifo_tx() if irq is not for aux transfer (git-fixes).
drm/msm: another fix for the headless Adreno GPU (git-fixes).
drm/panfrost: fix GENERIC_ATOMIC64 dependency (git-fixes).
drm/vc4: hdmi: make CEC adapter name unique (git-fixes).
drm/virtio: Fix GEM handle creation UAF (git-fixes).
drm: Add orientation quirk for Lenovo ideapad D330-10IGL (git-fixes).
dt-bindings: msm/dsi: Do not require vcca-supply on 14nm PHY (git-fixes).
dt-bindings: msm/dsi: Do not require vdds-supply on 10nm PHY (git-fixes).
dt-bindings: msm: dsi-controller-main: Fix description of core clock (git-fixes).
dt-bindings: msm: dsi-controller-main: Fix operating-points-v2 constraint (git-fixes).
dt-bindings: msm: dsi-phy-28nm: Add missing qcom, dsi-phy-regulator-ldo-mode (git-fixes).
efi: fix potential NULL deref in efi_mem_reserve_persistent (git-fixes).
efi: fix userspace infinite retry read efivars after EFI runtime services page fault (git-fixes).
efi: rt-wrapper: Add missing include (git-fixes).
efi: tpm: Avoid READ_ONCE() for accessing the event log (git-fixes).
ext4: Fixup pages without buffers (bsc#1205495).
extcon: usbc-tusb320: fix kernel-doc warning (git-fixes).
fbcon: Check font dimension limits (git-fixes).
fbdev: omapfb: avoid stack overflow warning (git-fixes).
firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region (git-fixes).
firmware: arm_scmi: Harden shared memory access in fetch_notification (git-fixes).
firmware: arm_scmi: Harden shared memory access in fetch_response (git-fixes).
fpga: stratix10-soc: Fix return value check in s10_ops_write_init() (git-fixes).
fs: remove __sync_filesystem (git-fixes).
ftrace/x86: Add back ftrace_expected for ftrace bug reports (git-fixes).
ftrace: Clean comments related to FTRACE_OPS_FL_PER_CPU (git-fixes).
git_sort: add usb-linus branch for gregkh/usb
gsmi: fix null-deref in gsmi_get_variable (git-fixes).
hv_netvsc: Fix missed pagebuf entries in netvsc_dma_map/unmap() (git-fixes).
i2c: mv64xxx: Add atomic_xfer method to driver (git-fixes).
i2c: mv64xxx: Remove shutdown method from driver (git-fixes).
i40e: Disallow ip4 and ip6 l4_4_bytes (git-fixes).
i40e: Fix error handling in i40e_init_module() (git-fixes).
i40e: Fix not setting default xps_cpus after reset (git-fixes).
igb: Allocate MSI-X vector when testing (git-fixes).
iio: adc: berlin2-adc: Add missing of_node_put() in error path (git-fixes).
iio: adc: stm32-dfsdm: fill module aliases (git-fixes).
iio: hid: fix the retval in accel_3d_capture_sample (git-fixes).
iio: hid: fix the retval in gyro_3d_capture_sample (git-fixes).
iio: imu: fxos8700: fix ACCEL measurement range selection (git-fixes).
iio: imu: fxos8700: fix IMU data bits returned to user space (git-fixes).
iio: imu: fxos8700: fix MAGN sensor scale and unit (git-fixes).
iio: imu: fxos8700: fix failed initialization ODR mode assignment (git-fixes).
iio: imu: fxos8700: fix incomplete ACCEL and MAGN channels readback (git-fixes).
iio: imu: fxos8700: fix incorrect ODR mode readback (git-fixes).
iio: imu: fxos8700: fix map label of channel type to MAGN sensor (git-fixes).
iio: imu: fxos8700: fix swapped ACCEL and MAGN channels readback (git-fixes).
iio: imu: fxos8700: remove definition FXOS8700_CTRL_ODR_MIN (git-fixes).
iio:adc:twl6030: Enable measurement of VAC (git-fixes).
iio:adc:twl6030: Enable measurements of VUSB, VBAT and others (git-fixes).
ipmi:ssif: Add 60ms time internal between write retries (bsc#1206459).
ipmi:ssif: Increase the message retry time (bsc#1206459).
ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network (git-fixes).
ixgbevf: Fix resource leak in ixgbevf_init_module() (git-fixes).
jbd2: use the correct print format (git-fixes).
kABI workaround for struct acpi_ec (bsc#1207149).
kABI: Preserve TRACE_EVENT_FL values (git-fixes).
kabi/severities: add mlx5 internal symbols
l2tp: Do not sleep and disable BH under writer-side sk_callback_lock (git-fixes).
loop: Fix the max_loop commandline argument treatment when it is set to 0 (git-fixes).
md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes).
md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes).
md: Notify sysfs sync_completed in md_reap_sync_thread() (git-fixes).
md: protect md_unregister_thread from reentrancy (git-fixes).
mei: me: add meteor lake point M DID (git-fixes).
memory: atmel-sdramc: Fix missing clk_disable_unprepare in atmel_ramc_probe() (git-fixes).
memory: mvebu-devbus: Fix missing clk_disable_unprepare in mvebu_devbus_probe() (git-fixes).
memory: tegra: Remove clients SID override programming (git-fixes).
misc: fastrpc: Do not remove map on creater_process and device_release (git-fixes).
misc: fastrpc: Fix use-after-free race condition for maps (git-fixes).
mm: /proc/pid/smaps_rollup: fix no vma's null-deref (bsc#1207769).
mm: compaction: kABI: avoid pglist_data kABI breakage (bsc#1207010).
mm: compaction: support triggering of proactive compaction by user (bsc#1207010).
mmc: sdhci-esdhc-imx: correct the tuning start tap and step setting (git-fixes).
mmc: sunxi-mmc: Fix clock refcount imbalance during unbind (git-fixes).
module: Do not wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662).
mt76: fix use-after-free by removing a non-RCU wcid pointer (git-fixes).
mt76: mt7921: avoid unnecessary spin_lock/spin_unlock in mt7921_mcu_tx_done_event (git-fixes).
nbd: Fix hung on disconnect request if socket is closed before (git-fixes).
nbd: Fix hung when signal interrupts nbd_start_device_ioctl() (git-fixes).
nbd: call genl_unregister_family() first in nbd_cleanup() (git-fixes).
nbd: fix io hung while disconnecting device (git-fixes).
nbd: fix race between nbd_alloc_config() and module removal (git-fixes).
net/mlx4: Check retval of mlx4_bitmap_init (git-fixes).
net/mlx5: Dynamically resize flow counters query buffer (bsc#1195175).
net/tg3: resolve deadlock in tg3_reset_task() during EEH (bsc#1207842).
net: cxgb3_main: disable napi when bind qsets failed in cxgb_up() (git-fixes).
net: ena: Fix error handling in ena_init() (git-fixes).
net: liquidio: release resources when liquidio driver open failed (git-fixes).
net: liquidio: simplify if expression (git-fixes).
net: macvlan: Use built-in RCU list checking (git-fixes).
net: macvlan: fix memory leaks of macvlan_common_newlink (git-fixes).
net: mdio: validate parameter addr in mdiobus_get_phy() (git-fixes).
net: nfc: Fix use-after-free in local_cleanup() (git-fixes).
net: phy: dp83822: Fix null pointer access on DP83825/DP83826 devices (git-fixes).
net: phy: meson-gxl: Add generic dummy stubs for MMD register access (git-fixes).
net: tun: Fix memory leaks of napi_get_frags (git-fixes).
net: tun: Fix use-after-free in tun_detach() (git-fixes).
net: tun: call napi_schedule_prep() to ensure we own a napi (git-fixes).
net: usb: cdc_ether: add support for Thales Cinterion PLS62-W modem (git-fixes).
net: usb: sr9700: Handle negative len (git-fixes).
net: wan: Add checks for NULL for utdm in undo_uhdlc_init and unmap_si_regs (git-fixes).
netrom: Fix use-after-free caused by accept on already connected socket (git-fixes).
netrom: Fix use-after-free of a listening socket (git-fixes).
nilfs2: fix general protection fault in nilfs_btree_insert() (git-fixes).
null_blk: fix ida error handling in null_add_dev() (git-fixes).
octeontx2-af: Fix reference count issue in rvu_sdp_init() (jsc#SLE-24682).
octeontx2-af: debugsfs: fix pci device refcount leak (git-fixes).
octeontx2-pf: Add check for devm_kcalloc (git-fixes).
octeontx2-pf: Fix potential memory leak in otx2_init_tc() (jsc#SLE-24682).
phy: Revert 'phy: qualcomm: usb28nm: Add MDM9607 init sequence' (git-fixes).
phy: phy-can-transceiver: Skip warning if no 'max-bitrate' (git-fixes).
phy: rockchip-inno-usb2: Fix missing clk_disable_unprepare() in rockchip_usb2phy_power_on() (git-fixes).
phy: ti: fix Kconfig warning and operator precedence (git-fixes).
pinctrl: amd: Add dynamic debugging for active GPIOs (git-fixes).
pinctrl: rockchip: fix mux route data for rk3568 (git-fixes).
platform/surface: aggregator: Add missing call to ssam_request_sync_free() (git-fixes).
platform/surface: aggregator: Ignore command messages not intended for us (git-fixes).
platform/x86: asus-nb-wmi: Add alternate mapping for KEY_SCREENLOCK (git-fixes).
platform/x86: dell-privacy: Fix SW_CAMERA_LENS_COVER reporting (git-fixes).
platform/x86: dell-privacy: Only register SW_CAMERA_LENS_COVER if present (git-fixes).
platform/x86: sony-laptop: Do not turn off 0x153 keyboard backlight during probe (git-fixes).
platform/x86: touchscreen_dmi: Add info for the CSL Panther Tab HD (git-fixes).
powerpc/64s/radix: Fix RWX mapping with relocated kernel (bsc#1194869).
powerpc/64s/radix: Fix crash with unaligned relocated kernel (bsc#1194869).
powerpc/64s: Fix local irq disable when PMIs are disabled (bsc#1195655 ltc#1195655 git-fixes).
powerpc/kexec_file: Count hot-pluggable memory in FDT estimate (bsc#1194869).
powerpc/kexec_file: Fix division by zero in extra size estimation (bsc#1194869).
powerpc/vmlinux.lds: Add an explicit symbol for the SRWX boundary (bsc#1194869).
powerpc/vmlinux.lds: Ensure STRICT_ALIGN_SIZE is at least page aligned (bsc#1194869).
powerpc: move __end_rodata to cover arch read-only sections (bsc#1194869).
qlcnic: fix sleep-in-atomic-context bugs caused by msleep (git-fixes).
r8152: add vendor/device ID pair for Microsoft Devkit (git-fixes).
r8169: move rtl_wol_enable_rx() and rtl_prepare_power_down() (git-fixes).
regulator: da9211: Use irq handler when ready (git-fixes).
s390/qeth: fix various format strings (git-fixes).
sched/core: Fix arch_scale_freq_tick() on tickless systems (git-fixes)
sched/core: Introduce sched_asym_cpucap_active() (git-fixes)
sched/cpuset: Fix dl_cpu_busy() panic due to empty (git-fixes)
sched/deadline: Merge dl_task_can_attach() and dl_cpu_busy() (git-fixes)
sched/tracing: Report TASK_RTLOCK_WAIT tasks as (git-fixes)
sched/uclamp: Make asym_fits_capacity() use util_fits_cpu() (git-fixes)
sched: Avoid double preemption in __cond_resched_*lock*() (git-fixes)
scsi: Revert 'scsi: core: map PQ=1, PDT=other values to SCSI_SCAN_TARGET_PRESENT' (git-fixes).
scsi: core: Fix a race between scsi_done() and scsi_timeout() (git-fixes).
scsi: efct: Fix possible memleak in efct_device_init() (git-fixes).
scsi: elx: libefc: Fix second parameter type in state callbacks (git-fixes).
scsi: fcoe: Fix possible name leak when device_register() fails (git-fixes).
scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails (git-fixes).
scsi: hpsa: Fix allocation size for scsi_host_alloc() (git-fixes).
scsi: hpsa: Fix error handling in hpsa_add_sas_host() (git-fixes).
scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device() (git-fixes).
scsi: hpsa: Fix possible memory leak in hpsa_init_one() (git-fixes).
scsi: ipr: Fix WARNING in ipr_init() (git-fixes).
scsi: mpi3mr: Refer CONFIG_SCSI_MPI3MR in Makefile (git-fixes).
scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add() (git-fixes).
scsi: mpt3sas: Remove scsi_dma_map() error messages (git-fixes).
scsi: scsi_debug: Fix a warning in resp_report_zones() (git-fixes).
scsi: scsi_debug: Fix a warning in resp_verify() (git-fixes).
scsi: scsi_debug: Fix a warning in resp_write_scat() (git-fixes).
scsi: scsi_debug: Fix possible name leak in sdebug_add_host_helper() (git-fixes).
scsi: snic: Fix possible UAF in snic_tgt_create() (git-fixes).
scsi: storvsc: Correct reporting of Hyper-V I/O size limits (git-fixes).
scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM (bsc#1206006).
scsi: tracing: Fix compile error in trace_array calls when TRACING is disabled (git-fixes).
scsi: ufs: Stop using the clock scaling lock in the error handler (git-fixes).
scsi: ufs: core: Enable link lost interrupt (git-fixes).
sctp: fail if no bound addresses can be used for a given scope (bsc#1206677).
selftests/vm: remove ARRAY_SIZE define from individual tests (git-fixes).
selftests: Provide local define of __cpuid_count() (git-fixes).
serial: 8250_dma: Fix DMA Rx rearm race (git-fixes).
serial: atmel: fix incorrect baudrate setup (git-fixes).
serial: pch_uart: Pass correct sg to dma_unmap_sg() (git-fixes).
sfc: fix potential memleak in __ef100_hard_start_xmit() (git-fixes).
soc: imx8m: Fix incorrect check for of_clk_get_by_name() (git-fixes).
spi: spidev: remove debug messages that access spidev->spi without locking (git-fixes).
staging: mt7621-dts: change some node hex addresses to lower case (git-fixes).
staging: vchiq_arm: fix enum vchiq_status return types (git-fixes).
swim3: add missing major.h include (git-fixes).
tcp: prohibit TCP_REPAIR_OPTIONS if data was already sent (git-fixes).
thermal/core: Remove duplicate information when an error occurs (git-fixes).
thunderbolt: Do not call PM runtime functions in tb_retimer_scan() (git-fixes).
thunderbolt: Do not report errors if on-board retimers are found (git-fixes).
thunderbolt: Use correct function to calculate maximum USB3 link rate (git-fixes).
tick/nohz: Use WARN_ON_ONCE() to prevent console saturation.
tick/sched: Fix non-kernel-doc comment (git-fixes).
tomoyo: fix broken dependency on *.conf.default (git-fixes).
tools: fix ARRAY_SIZE defines in tools and selftests hdrs (git-fixes).
tracing/hist: Fix issue of losting command info in error_log (git-fixes).
tracing/hist: Fix out-of-bound write on 'action_data.var_ref_idx' (git-fixes).
tracing/hist: Fix wrong return value in parse_action_params() (git-fixes).
tracing/osnoise: Make osnoise_main to sleep for microseconds (git-fixes).
tracing/perf: Avoid -Warray-bounds warning for __rel_loc macro (git-fixes).
tracing/probes: Handle system names with hyphens (git-fixes).
tracing: Add '__rel_loc' using trace event macros (git-fixes).
tracing: Add DYNAMIC flag for dynamic events (git-fixes).
tracing: Add trace_event helper macros __string_len() and __assign_str_len() (git-fixes).
tracing: Avoid -Warray-bounds warning for __rel_loc macro (git-fixes).
tracing: Do not use out-of-sync va_list in event printing (git-fixes).
tracing: Ensure trace buffer is at least 4096 bytes large (git-fixes).
tracing: Fix a kmemleak false positive in tracing_map (git-fixes).
tracing: Fix complicated dependency of CONFIG_TRACER_MAX_TRACE (git-fixes).
tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line (git-fixes).
tracing: Fix issue of missing one synthetic field (git-fixes).
tracing: Fix mismatched comment in __string_len (git-fixes).
tracing: Fix possible memory leak in __create_synth_event() error path (git-fixes).
tracing: Fix race where histograms can be called before the event (git-fixes).
tracing: Fix sleeping function called from invalid context on RT kernel (git-fixes).
tracing: Fix tp_printk option related with tp_printk_stop_on_boot (git-fixes).
tracing: Fix warning on variable 'struct trace_array' (git-fixes).
tracing: Have TRACE_DEFINE_ENUM affect trace event types as well (git-fixes).
tracing: Have syscall trace events use trace_event_buffer_lock_reserve() (git-fixes).
tracing: Have type enum modifications copy the strings (git-fixes).
tracing: Make tp_printk work on syscall tracepoints (git-fixes).
tracing: Use alignof__(struct {type b;}) instead of offsetof() (git-fixes).
tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate (git-fixes).
tty: fix possible null-ptr-defer in spk_ttyio_release (git-fixes).
tty: serial: qcom-geni-serial: fix slab-out-of-bounds on RX FIFO buffer (git-fixes).
usb-storage: apply IGNORE_UAS only for HIKSEMI MD202 on RTL9210 (git-fixes).
usb: acpi: add helper to check port lpm capability using acpi _DSM (git-fixes).
usb: cdns3: remove fetched trb from cache before dequeuing (git-fixes).
usb: core: hub: disable autosuspend for TI TUSB8041 (git-fixes).
usb: dwc3: qcom: enable vbus override when in OTG dr-mode (git-fixes).
usb: fotg210-udc: Fix ages old endianness issues (git-fixes).
usb: gadget: f_fs: Ensure ep0req is dequeued before free_request (git-fixes).
usb: gadget: f_fs: Fix unbalanced spinlock in __ffs_ep0_queue_wait (git-fixes).
usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait (git-fixes).
usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate() (git-fixes).
usb: gadget: f_uac2: Fix incorrect increment of bNumEndpoints (git-fixes).
usb: gadget: g_webcam: Send color matching descriptor per frame (git-fixes).
usb: gadget: udc: core: Print error code in usb_gadget_probe_driver() (git-fixes).
usb: gadget: udc: core: Revise comments for USB ep enable/disable (git-fixes).
usb: gadget: udc: core: Use pr_fmt() to prefix messages (git-fixes).
usb: gadget: udc: core: remove usage of list iterator past the loop body (git-fixes).
usb: host: ehci-fsl: Fix module alias (git-fixes).
usb: typec: altmodes/displayport: Add pin assignment helper (git-fixes).
usb: typec: altmodes/displayport: Fix pin assignment calculation (git-fixes).
usb: typec: tcpm: Fix altmode re-registration causes sysfs create fail (git-fixes).
usb: xhci: Check endpoint is valid before dereferencing it (git-fixes).
vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF (git-fixes).
vfs: make sync_filesystem return errors from ->sync_fs (git-fixes).
virtio-blk: modify the value type of num in virtio_queue_rq() (git-fixes).
virtio-net: correctly enable callback during start_xmit (git-fixes).
virtio_pci: modify ENOENT to EINVAL (git-fixes).
w1: fix WARNING after calling w1_process() (git-fixes).
w1: fix deadloop in __w1_remove_master_device() (git-fixes).
wait: Fix __wait_event_hrtimeout for RT/DL tasks (git-fixes)
watchdog: diag288_wdt: do not use stack buffers for hardware data (bsc#1207497).
watchdog: diag288_wdt: fix __diag288() inline assembly (bsc#1207497).
wifi: brcmfmac: fix regression for Broadcom PCIe wifi devices (git-fixes).
wifi: mac80211: sdata can be NULL during AMPDU start (git-fixes).
wifi: mt76: mt7921: add mt7921_mutex_acquire at mt7921_sta_set_decap_offload (git-fixes).
wifi: mt76: mt7921e: fix race issue between reset and suspend/resume (git-fixes).
wifi: mt76: sdio: fix the deadlock caused by sdio->stat_work (git-fixes).
wifi: mt76: sdio: poll sta stat when device transmits data (git-fixes).
wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid (git-fixes).
x86/hyperv: Remove unregister syscore call from Hyper-V cleanup (git-fixes).
x86/hyperv: Restore VP assist page after cpu offlining/onlining (git-fixes).
xfs: Fix unreferenced object reported by kmemleak in xfs_sysfs_init() (git-fixes).
xfs: fix incorrect error-out in xfs_remove (git-fixes).
xfs: fix incorrect i_nlink caused by inode racing (git-fixes).
xfs: fix maxlevels comparisons in the btree staging code (git-fixes).
xfs: fix memory leak in xfs_errortag_init (git-fixes).
xfs: get rid of assert from xfs_btree_islastblock (git-fixes).
xfs: get root inode correctly at bulkstat (git-fixes).
xfs: initialize the check_owner object fully (git-fixes).
xfs: prevent a WARN_ONCE() in xfs_ioc_attr_list() (git-fixes).
xfs: reject crazy array sizes being fed to XFS_IOC_GETBMAP* (git-fixes).
xfs: return errors in xfs_fs_sync_fs (git-fixes).
xfs: xfstest fails with error missing kernel patch (git-fixes bsc#1207501 ltc#201370).
xhci-pci: set the dma max_seg_size (git-fixes).
xhci: Fix null pointer dereference when host dies (git-fixes).
zram: Delete patch for regression addressed (bsc#1207933).
zram: do not lookup algorithm in backends table (git-fixes).

Advisory ID	SUSE-SU-2023:399-1
Released	Mon Feb 13 16:17:28 2023
Summary	Security update for freerdp
Type	security
Severity	moderate
References	1205512,CVE-2022-39316,CVE-2022-39317,CVE-2022-39320,CVE-2022-39347,CVE-2022-41877

Description:

This update for freerdp fixes the following issues:

CVE-2022-39316: Fixed out of bound read in zgfx decoder (bsc#1205512).
CVE-2022-39317: Fixed undefined behaviour in zgfx decoder (bsc#1205512).
CVE-2022-39320: Fixed heap buffer overflow in urbdrc channel (bsc#1205512).
CVE-2022-39347: Fixed missing path sanitation with drive channel (bsc#1205512).
CVE-2022-41877: Fixed missing input length validation in drive channel (bsc#1205512).

Advisory ID	SUSE-feature-2023:401-1
Released	Tue Feb 14 07:15:50 2023
Summary	Feature update for LibreOffice
Type	feature
Severity	moderate
References

Description:

This update for LibreOffice fixes the following issues:
libreoffice:

Version update from 7.3.6.2 to 7.4.3.2 (jsc#PED-1785): * For the highlights of changes of version 7.4 please consult the official release notes: https://wiki.documentfoundation.org/ReleaseNotes/7.4 * Updated bundled dependencies: * boost version update from 1_77_0 to 1_79_0 * curl version update from 7.83.1 to 7.86.0 * icu4c-data version update from 70_1 to 71_1 * icu4c version update from 70_1 to 71_1 * pdfium version update from 4699 to 5058 * poppler version update from 21.11.0 to 22.09.0 * poppler-data version update from 0.4.10 to 0.4.11 * skia version from m97-a7230803d64ae9d44f4e128244480111a3ae967 to m103-b301ff025004c9cd82816c86c547588e6c24b466 * New build dependencies: * fixmath-devel * libwebp-devel * zlib-devel * dragonbox-devel * at-spi2-core-devel * libtiff-devel

dragonbox:

New package at version 1.1.3 * New dependency for LibreOffice 7.4

fixmath:

New package at version 2022.07.20 * New dependency for LibreOffice 7.4

libmwaw:

Version update from 0.3.20 to 0.3.21 (jsc#PED-1785): * add debug code to read some private rsrc data * allow to read some MacWrite which does not have printer informations * add a parser for Scoop files * add a parser for ScriptWriter files * add a parser for ReadySetGo 1-4 files

Advisory ID	SUSE-SU-2023:405-1
Released	Tue Feb 14 11:47:47 2023
Summary	Security update for libbpf
Type	security
Severity	important
References	1204391,1204502,CVE-2022-3534,CVE-2022-3606

Description:

This update for libbpf fixes the following issues:
- CVE-2022-3534: Fixed use-after-free in btf_dump_name_dups (bsc#1204391). - CVE-2022-3606: Fixed null pointer dereference in find_prog_by_sec_insn() (bsc#1204502).

Advisory ID	SUSE-SU-2023:411-1
Released	Tue Feb 14 17:07:00 2023
Summary	Security update for haproxy
Type	security
Severity	critical
References	1208132,CVE-2023-25725

Description:

This update for haproxy fixes the following issues:

CVE-2023-25725: Fixed a serious vulnerability in the HTTP/1 parser (bsc#1208132).
Fixed an issue where sensitive data might leak to the backend.

Advisory ID	SUSE-SU-2023:423-1
Released	Wed Feb 15 13:41:56 2023
Summary	Security update for aws-efs-utils
Type	security
Severity	moderate
References	1191055,1206737,CVE-2022-46174

Description:

This update for aws-efs-utils fixes the following issues:

Updated to version 1.34.5: - CVE-2022-46174: Fixed a race condition when mounting filesystems using TLS, which could result in various failures (bsc#1206737).

Advisory ID	SUSE-SU-2023:427-1
Released	Wed Feb 15 17:40:08 2023
Summary	Security update for bind
Type	security
Severity	important
References	1207471,CVE-2022-3094

Description:

This update for bind fixes the following issues:
- CVE-2022-3094: Fixed memory exhaustion due to UPDATE message flooding (bsc#1207471).

Advisory ID	SUSE-SU-2023:428-1
Released	Wed Feb 15 17:40:56 2023
Summary	Security update for ImageMagick
Type	security
Severity	important
References	1207982,1207983,CVE-2022-44267,CVE-2022-44268

Description:

This update for ImageMagick fixes the following issues:

CVE-2022-44267: Fixed a denial of service when parsing a PNG image (bsc#1207982).
CVE-2022-44268: Fixed arbitrary file disclosure when parsing a PNG image (bsc#1207983).

Advisory ID	SUSE-SU-2023:429-1
Released	Wed Feb 15 17:41:22 2023
Summary	Security update for curl
Type	security
Severity	important
References	1207990,1207991,1207992,CVE-2023-23914,CVE-2023-23915,CVE-2023-23916

Description:

This update for curl fixes the following issues:

CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990).
CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991).
CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992).

Advisory ID	SUSE-SU-2023:430-1
Released	Wed Feb 15 17:42:25 2023
Summary	Security update for git
Type	security
Severity	important
References	1208027,1208028,CVE-2023-22490,CVE-2023-23946

Description:

This update for git fixes the following issues:
- CVE-2023-22490: Fixed incorrectly usable local clone optimization even when using a non-local transport (bsc#1208027). - CVE-2023-23946: Fixed issue where a path outside the working tree can be overwritten as the user who is running 'git apply' (bsc#1208028).

Advisory ID	SUSE-SU-2023:431-1
Released	Wed Feb 15 17:43:13 2023
Summary	Security update for apache2-mod_security2
Type	security
Severity	important
References	1207379,CVE-2023-24021

Description:

This update for apache2-mod_security2 fixes the following issues:
- CVE-2023-24021: Fixed FILES_TMP_CONTENT missing complete content (bsc#1207379).

Advisory ID	SUSE-RU-2023:432-1
Released	Wed Feb 15 18:48:25 2023
Summary	Recommended update for graphite2
Type	recommended
Severity	moderate
References	1207676

Description:

This update for graphite2 fixes the following issue:

Correct license string to LGPL-2.1-or-later OR MPL-2.0 OR GPL-2.0-or-later (bsc#1207676)

Advisory ID	SUSE-SU-2023:433-1
Released	Thu Feb 16 08:42:45 2023
Summary	Security update for the Linux Kernel
Type	security
Severity	important
References	1065729,1185861,1185863,1186449,1191256,1192868,1193629,1194869,1195175,1195655,1196058,1199701,1204063,1204356,1204662,1205495,1206006,1206036,1206056,1206057,1206258,1206363,1206459,1206616,1206677,1206784,1207010,1207034,1207036,1207050,1207125,1207134,1207149,1207158,1207184,1207186,1207190,1207237,1207263,1207269,1207497,1207500,1207501,1207506,1207507,1207734,1207769,1207795,1207842,1207878,1207933,CVE-2020-24588,CVE-2022-4382,CVE-2022-47929,CVE-2023-0122,CVE-2023-0179,CVE-2023-0266,CVE-2023-0590,CVE-2023-23454,CVE-2023-23455

Description:

The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207125).
CVE-2023-23454: Fixed denial or service in cbq_classify in net/sched/sch_cbq.c (bnc#1207036).
CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795).
CVE-2023-0266: Fixed a use-after-free vulnerability inside the ALSA PCM package. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 was missing locks that could have been used in a use-after-free that could have resulted in a priviledge escalation to gain ring0 access from the system user (bsc#1207134).
CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header bits (bsc#1207034).
CVE-2023-0122: Fixed a NULL pointer dereference vulnerability in nvmet_setup_auth(), that allowed an attacker to perform a Pre-Auth Denial of Service (DoS) attack on a remote machine (bnc#1207050).
CVE-2022-4382: Fixed a use-after-free flaw that was caused by a race condition among the superblock operations inside the gadgetfs code (bsc#1206258).
CVE-2020-24588: Fixed injection of arbitrary network packets against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n) (bsc#1199701).

The following non-security bugs were fixed:

ACPI: EC: Fix EC address space handler unregistration (bsc#1207149).
ACPI: EC: Fix ECDT probe ordering issues (bsc#1207149).
ACPI: PRM: Check whether EFI runtime is available (git-fixes).
ACPICA: Allow address_space_handler Install and _REG execution as 2 separate steps (bsc#1207149).
ACPICA: include/acpi/acpixf.h: Fix indentation (bsc#1207149).
ALSA: control-led: use strscpy in set_led_id() (git-fixes).
ALSA: hda - Enable headset mic on another Dell laptop with ALC3254 (git-fixes).
ALSA: hda/hdmi: Add a HP device 0x8715 to force connect list (git-fixes).
ALSA: hda/realtek - Turn on power early (git-fixes).
ALSA: hda/realtek: Add Acer Predator PH315-54 (git-fixes).
ALSA: hda/realtek: Enable mute/micmute LEDs on HP Spectre x360 13-aw0xxx (git-fixes).
ALSA: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes).
ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes).
ALSA: hda/realtek: fix mute/micmute LEDs, speaker do not work for a HP platform (git-fixes).
ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path() (git-fixes).
ALSA: hda: cs35l41: Check runtime suspend capability at runtime_idle (git-fixes).
ALSA: hda: cs35l41: Do not return -EINVAL from system suspend/resume (git-fixes).
ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (git-fixes).
ALSA: usb-audio: Make sure to stop endpoints before closing EPs (git-fixes).
ALSA: usb-audio: Relax hw constraints for implicit fb sync (git-fixes).
ARM: dts: at91: sam9x60: fix the ddr clock for sam9x60 (git-fixes).
ARM: dts: imx6qdl-gw560x: Remove incorrect 'uart-has-rtscts' (git-fixes).
ARM: dts: imx6ul-pico-dwarf: Use 'clock-frequency' (git-fixes).
ARM: dts: imx7d-pico: Use 'clock-frequency' (git-fixes).
ARM: dts: imx: Fix pca9547 i2c-mux node name (git-fixes).
ARM: dts: vf610: Fix pca9548 i2c-mux node names (git-fixes).
ARM: imx: add missing of_node_put() (git-fixes).
ASoC: Intel: bytcr_rt5651: Drop reference count of ACPI device after use (git-fixes).
ASoC: Intel: bytcr_wm5102: Drop reference count of ACPI device after use (git-fixes).
ASoC: fsl-asoc-card: Fix naming of AC'97 CODEC widgets (git-fixes).
ASoC: fsl_micfil: Correct the number of steps on SX controls (git-fixes).
ASoC: fsl_ssi: Rename AC'97 streams to avoid collisions with AC'97 CODEC (git-fixes).
ASoC: qcom: lpass-cpu: Fix fallback SD line index handling (git-fixes).
ASoC: wm8904: fix wrong outputs volume after power reactivation (git-fixes).
Bluetooth: Fix possible deadlock in rfcomm_sk_state_change (git-fixes).
Bluetooth: hci_qca: Fix driver shutdown on closed serdev (git-fixes).
Documentation: Remove bogus claim about del_timer_sync() (git-fixes).
HID: betop: check shape of output reports (git-fixes).
HID: betop: check shape of output reports (git-fixes, bsc#1207186).
HID: check empty report_list in bigben_probe() (git-fixes).
HID: check empty report_list in hid_validate_values() (git-fixes).
HID: drop assumptions on non-empty lists (git-fixes, bsc#1206784).
HID: intel_ish-hid: Add check for ishtp_dma_tx_map (git-fixes).
HID: playstation: sanity check DualSense calibration data (git-fixes).
HID: revert CHERRY_MOUSE_000C quirk (git-fixes).
IB/hfi1: Fix expected receive setup error exit issues (git-fixes)
IB/hfi1: Immediately remove invalid memory from hardware (git-fixes)
IB/hfi1: Reject a zero-length user expected buffer (git-fixes)
IB/hfi1: Remove user expected buffer invalidate race (git-fixes)
IB/hfi1: Reserve user expected TIDs (git-fixes)
IB/mad: Do not call to function that might sleep while in atomic context (git-fixes).
KVM: x86: Check for existing Hyper-V vCPU in kvm_hv_vcpu_init() (bsc#1206616).
PCI/PM: Define pci_restore_standard_config() only for CONFIG_PM_SLEEP (bsc#1207269).
PM: AVS: qcom-cpr: Fix an error handling path in cpr_probe() (git-fixes).
RDMA/core: Fix ib block iterator counter overflow (bsc#1207878).
RDMA/core: Fix ib block iterator counter overflow (git-fixes)
RDMA/mlx5: Fix mlx5_ib_get_hw_stats when used for device (git-fixes)
RDMA/mlx5: Fix validation of max_rd_atomic caps for DC (git-fixes)
RDMA/rxe: Prevent faulty rkey generation (git-fixes)
RDMA/srp: Move large values to a new enum for gcc13 (git-fixes)
Revert 'ARM: dts: armada-38x: Fix compatible string for gpios' (git-fixes).
Revert 'ARM: dts: armada-39x: Fix compatible string for gpios' (git-fixes).
Revert 'Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode' (git-fixes).
Revert 'Revert 'block, bfq: honor already-setup queue merges'' (git-fixes).
Revert 'arm64: dts: meson-sm1-odroid-hc4: disable unused USB PHY0' (git-fixes).
Revert 'wifi: mac80211: fix memory leak in ieee80211_if_add()' (git-fixes).
SUNRPC: Do not dereference xprt->snd_task if it's a cookie (git-fixes).
SUNRPC: Use BIT() macro in rpc_show_xprt_state() (git-fixes).
USB: gadget: Fix use-after-free during usb config switch (git-fixes).
USB: misc: iowarrior: fix up header size for USB_DEVICE_ID_CODEMERCS_IOW100 (git-fixes).
USB: serial: cp210x: add SCALANCE LPE-9000 device id (git-fixes).
USB: serial: option: add Quectel EC200U modem (git-fixes).
USB: serial: option: add Quectel EM05-G (CS) modem (git-fixes).
USB: serial: option: add Quectel EM05-G (GR) modem (git-fixes).
USB: serial: option: add Quectel EM05-G (RS) modem (git-fixes).
USB: serial: option: add Quectel EM05CN (SG) modem (git-fixes).
USB: serial: option: add Quectel EM05CN modem (git-fixes).
VMCI: Use threaded irqs instead of tasklets (git-fixes).
arm64: atomics: format whitespace consistently (git-fixes).
arm64: dts: imx8mm-beacon: Fix ecspi2 pinmux (git-fixes).
arm64: dts: imx8mm-venice-gw7901: fix USB2 controller OC polarity (git-fixes).
arm64: dts: imx8mm: Fix pad control for UART1_DTE_RX (git-fixes).
arm64: dts: imx8mq-thor96: fix no-mmc property for SDHCI (git-fixes).
arm64: dts: qcom: msm8992-libra: Add CPU regulators (git-fixes).
arm64: dts: qcom: msm8992-libra: Fix the memory map (git-fixes).
arm64: dts: qcom: msm8992: Do not use sfpb mutex (git-fixes).
arm64: efi: Execute runtime services from a dedicated stack (git-fixes).
ata: libata: Fix sata_down_spd_limit() when no link speed is reported (git-fixes).
ath11k: Fix unexpected return buffer manager error for QCA6390 (git-fixes).
bcache: fix set_at_max_writeback_rate() for multiple attached devices (git-fixes).
bfq: fix use-after-free in bfq_dispatch_request (git-fixes).
bfq: fix waker_bfqq inconsistency crash (git-fixes).
blk-throttle: prevent overflow while calculating wait time (git-fixes).
blk-wbt: fix that 'rwb->wc' is always set to 1 in wbt_init() (git-fixes).
blktrace: Fix output non-blktrace event when blk_classic option enabled (git-fixes).
block, bfq: do not move oom_bfqq (git-fixes).
block, bfq: fix null pointer dereference in bfq_bio_bfqg() (git-fixes).
block, bfq: fix possible uaf for 'bfqq->bic' (git-fixes).
block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq (git-fixes).
block, bfq: protect 'bfqd->queued' by 'bfqd->lock' (git-fixes).
block/bfq_wf2q: correct weight to ioprio (git-fixes).
block/bio: remove duplicate append pages code (git-fixes).
block: check minor range in device_add_disk() (git-fixes).
block: ensure iov_iter advances for added pages (git-fixes).
block: fix infinite loop for invalid zone append (git-fixes).
block: mq-deadline: Fix dd_finish_request() for zoned devices (git-fixes).
block: use bdev_get_queue() in bio.c (git-fixes).
bnx2x: fix pci device refcount leak in bnx2x_vf_is_pcie_pending() (git-fixes).
bnxt_en: Fix possible crash in bnxt_hwrm_set_coal() (git-fixes).
bnxt_en: Remove debugfs when pci_register_driver failed (git-fixes).
bnxt_en: add dynamic debug support for HWRM messages (git-fixes).
bnxt_en: fix potentially incorrect return value for ndo_rx_flow_steer (git-fixes).
bnxt_en: fix the handling of PCIE-AER (git-fixes).
bnxt_en: refactor bnxt_cancel_reservations() (git-fixes).
btrfs: add helper to delete a dir entry from a log tree (bsc#1207263).
btrfs: avoid inode logging during rename and link when possible (bsc#1207263).
btrfs: avoid logging all directory changes during renames (bsc#1207263).
btrfs: backport recent fixes for send/receive into SLE15 SP4/SP5 (bsc#1206036 bsc#1207500 ltc#201363).
btrfs: do not log unnecessary boundary keys when logging directory (bsc#1207263).
btrfs: fix assertion failure when logging directory key range item (bsc#1207263).
btrfs: fix processing of delayed data refs during backref walking (bsc#1206056 bsc#1207507 ltc#201367).
btrfs: fix processing of delayed tree block refs during backref walking (bsc#1206057 bsc#1207506 ltc#201368).
btrfs: fix race between quota enable and quota rescan ioctl (bsc#1207158).
btrfs: fix race between quota rescan and disable leading to NULL pointer deref (bsc#1207158).
btrfs: fix trace event name typo for FLUSH_DELAYED_REFS (git-fixes).
btrfs: join running log transaction when logging new name (bsc#1207263).
btrfs: move QUOTA_ENABLED check to rescan_should_stop from btrfs_qgroup_rescan_worker (bsc#1207158).
btrfs: pass the dentry to btrfs_log_new_name() instead of the inode (bsc#1207263).
btrfs: prepare extents to be logged before locking a log tree path (bsc#1207263).
btrfs: put initial index value of a directory in a constant (bsc#1207263).
btrfs: qgroup: remove duplicated check in adding qgroup relations (bsc#1207158).
btrfs: qgroup: remove outdated TODO comments (bsc#1207158).
btrfs: remove unnecessary NULL check for the new inode during rename exchange (bsc#1207263).
btrfs: remove useless path release in the fast fsync path (bsc#1207263).
btrfs: remove write and wait of struct walk_control (bsc#1207263).
btrfs: stop copying old dir items when logging a directory (bsc#1207263).
btrfs: stop doing unnecessary log updates during a rename (bsc#1207263).
btrfs: stop trying to log subdirectories created in past transactions (bsc#1207263).
btrfs: use single variable to track return value at btrfs_log_inode() (bsc#1207263).
bus: sunxi-rsb: Fix error handling in sunxi_rsb_init() (git-fixes).
can: j1939: fix errant WARN_ON_ONCE in j1939_session_deactivate (git-fixes).
cifs: Fix uninitialized memory read for smb311 posix symlink create (git-fixes).
cifs: avoid re-lookups in dfs_cache_find() (bsc#1193629).
cifs: do not include page data when checking signature (git-fixes).
cifs: do not query ifaces on smb1 mounts (git-fixes).
cifs: don't take exclusive lock for updating target hints (bsc#1193629).
cifs: fix double free on failed kerberos auth (git-fixes).
cifs: fix file info setting in cifs_open_file() (git-fixes).
cifs: fix file info setting in cifs_query_path_info() (git-fixes).
cifs: fix potential deadlock in cache_refresh_path() (git-fixes).
cifs: fix potential memory leaks in session setup (bsc#1193629).
cifs: fix race in assemble_neg_contexts() (bsc#1193629).
cifs: fix return of uninitialized rc in dfs_cache_update_tgthint() (bsc#1193629).
cifs: handle cache lookup errors different than -ENOENT (bsc#1193629).
cifs: ignore ipc reconnect failures during dfs failover (bsc#1193629).
cifs: protect access of TCP_Server_Info::{dstaddr,hostname} (bsc#1193629).
cifs: remove duplicate code in __refresh_tcon() (bsc#1193629).
cifs: remove redundant assignment to the variable match (bsc#1193629).
cifs: remove unused function (bsc#1193629).
comedi: adv_pci1760: Fix PWM instruction handling (git-fixes).
config: arm64: Fix Freescale LPUART dependency (boo#1204063).
cpufreq: Add Tegra234 to cpufreq-dt-platdev blocklist (git-fixes).
cpufreq: armada-37xx: stop using 0 as NULL pointer (git-fixes).
crypto: fixed DH and ECDH implemention for FIPS PCT (jsc#SLE-21132,bsc#1191256,bsc#1207184).
dm btree: add a defensive bounds check to insert_at() (git-fixes).
dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort (git-fixes).
dm cache: Fix UAF in destroy() (git-fixes).
dm cache: set needs_check flag after aborting metadata (git-fixes).
dm clone: Fix UAF in clone_dtr() (git-fixes).
dm integrity: Fix UAF in dm_integrity_dtr() (git-fixes).
dm integrity: clear the journal on suspend (git-fixes).
dm integrity: flush the journal on suspend (git-fixes).
dm ioctl: fix misbehavior if list_versions races with module loading (git-fixes).
dm ioctl: prevent potential spectre v1 gadget (git-fixes).
dm raid: fix address sanitizer warning in raid_resume (git-fixes).
dm raid: fix address sanitizer warning in raid_status (git-fixes).
dm space map common: add bounds check to sm_ll_lookup_bitmap() (git-fixes).
dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata (git-fixes).
dm thin: Fix UAF in run_timer_softirq() (git-fixes).
dm thin: Use last transaction's pmd->root when commit failed (git-fixes).
dm thin: resume even if in FAIL mode (git-fixes).
dm writecache: set a default MAX_WRITEBACK_JOBS (git-fixes).
dm: fix alloc_dax error handling in alloc_dev (git-fixes).
dm: requeue IO if mapping table not yet available (git-fixes).
dmaengine: Fix double increment of client_count in dma_chan_get() (git-fixes).
dmaengine: idxd: Do not call DMX TX callbacks during workqueue disable (git-fixes).
dmaengine: idxd: Let probe fail when workqueue cannot be enabled (git-fixes).
dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init (git-fixes).
dmaengine: lgm: Move DT parsing after initialization (git-fixes).
dmaengine: tegra210-adma: fix global intr clear (git-fixes).
dmaengine: ti: k3-udma: Do conditional decrement of UDMA_CHAN_RT_PEER_BCNT_REG (git-fixes).
dmaengine: xilinx_dma: call of_node_put() when breaking out of for_each_child_of_node() (git-fixes).
docs: Fix the docs build with Sphinx 6.0 (git-fixes).
driver core: Fix test_async_probe_init saves device in wrong array (git-fixes).
drivers: net: xgene: disable napi when register irq failed in xgene_enet_open() (git-fixes).
drivers:md:fix a potential use-after-free bug (git-fixes).
drm/amd/display: Calculate output_color_space after pixel encoding adjustment (git-fixes).
drm/amd/display: Fix COLOR_SPACE_YCBCR2020_TYPE matrix (git-fixes).
drm/amd/display: Fix set scaling doesn's work (git-fixes).
drm/amd/display: Take emulated dc_sink into account for HDCP (bsc#1207734).
drm/amd/display: fix issues with driver unload (git-fixes).
drm/amdgpu: complete gfxoff allow signal during suspend without delay (git-fixes).
drm/amdgpu: disable runtime pm on several sienna cichlid cards(v2) (git-fixes).
drm/amdgpu: drop experimental flag on aldebaran (git-fixes).
drm/hyperv: Add error message for fb size greater than allocated (git-fixes).
drm/i915/adlp: Fix typo for reference clock (git-fixes).
drm/i915/display: Check source height is > 0 (git-fixes).
drm/i915/gt: Reset twice (git-fixes).
drm/i915/selftest: fix intel_selftest_modify_policy argument types (git-fixes).
drm/i915: Fix potential bit_17 double-free (git-fixes).
drm/i915: re-disable RC6p on Sandy Bridge (git-fixes).
drm/msm/adreno: Make adreno quirks not overwrite each other (git-fixes).
drm/msm/dp: do not complete dp_aux_cmd_fifo_tx() if irq is not for aux transfer (git-fixes).
drm/msm: another fix for the headless Adreno GPU (git-fixes).
drm/panfrost: fix GENERIC_ATOMIC64 dependency (git-fixes).
drm/vc4: hdmi: make CEC adapter name unique (git-fixes).
drm/virtio: Fix GEM handle creation UAF (git-fixes).
drm: Add orientation quirk for Lenovo ideapad D330-10IGL (git-fixes).
dt-bindings: msm/dsi: Do not require vcca-supply on 14nm PHY (git-fixes).
dt-bindings: msm/dsi: Do not require vdds-supply on 10nm PHY (git-fixes).
dt-bindings: msm: dsi-controller-main: Fix description of core clock (git-fixes).
dt-bindings: msm: dsi-controller-main: Fix operating-points-v2 constraint (git-fixes).
dt-bindings: msm: dsi-phy-28nm: Add missing qcom, dsi-phy-regulator-ldo-mode (git-fixes).
efi: fix potential NULL deref in efi_mem_reserve_persistent (git-fixes).
efi: fix userspace infinite retry read efivars after EFI runtime services page fault (git-fixes).
efi: rt-wrapper: Add missing include (git-fixes).
efi: tpm: Avoid READ_ONCE() for accessing the event log (git-fixes).
ext4: Fixup pages without buffers (bsc#1205495).
extcon: usbc-tusb320: fix kernel-doc warning (git-fixes).
fbcon: Check font dimension limits (git-fixes).
fbdev: omapfb: avoid stack overflow warning (git-fixes).
firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region (git-fixes).
firmware: arm_scmi: Harden shared memory access in fetch_notification (git-fixes).
firmware: arm_scmi: Harden shared memory access in fetch_response (git-fixes).
fpga: stratix10-soc: Fix return value check in s10_ops_write_init() (git-fixes).
fs: remove __sync_filesystem (git-fixes).
ftrace/x86: Add back ftrace_expected for ftrace bug reports (git-fixes).
ftrace: Clean comments related to FTRACE_OPS_FL_PER_CPU (git-fixes).
git_sort: add usb-linus branch for gregkh/usb
gsmi: fix null-deref in gsmi_get_variable (git-fixes).
hv_netvsc: Fix missed pagebuf entries in netvsc_dma_map/unmap() (git-fixes).
i2c: mv64xxx: Add atomic_xfer method to driver (git-fixes).
i2c: mv64xxx: Remove shutdown method from driver (git-fixes).
i40e: Disallow ip4 and ip6 l4_4_bytes (git-fixes).
i40e: Fix error handling in i40e_init_module() (git-fixes).
i40e: Fix not setting default xps_cpus after reset (git-fixes).
igb: Allocate MSI-X vector when testing (git-fixes).
iio: adc: berlin2-adc: Add missing of_node_put() in error path (git-fixes).
iio: adc: stm32-dfsdm: fill module aliases (git-fixes).
iio: hid: fix the retval in accel_3d_capture_sample (git-fixes).
iio: hid: fix the retval in gyro_3d_capture_sample (git-fixes).
iio: imu: fxos8700: fix ACCEL measurement range selection (git-fixes).
iio: imu: fxos8700: fix IMU data bits returned to user space (git-fixes).
iio: imu: fxos8700: fix MAGN sensor scale and unit (git-fixes).
iio: imu: fxos8700: fix failed initialization ODR mode assignment (git-fixes).
iio: imu: fxos8700: fix incomplete ACCEL and MAGN channels readback (git-fixes).
iio: imu: fxos8700: fix incorrect ODR mode readback (git-fixes).
iio: imu: fxos8700: fix map label of channel type to MAGN sensor (git-fixes).
iio: imu: fxos8700: fix swapped ACCEL and MAGN channels readback (git-fixes).
iio: imu: fxos8700: remove definition FXOS8700_CTRL_ODR_MIN (git-fixes).
iio:adc:twl6030: Enable measurement of VAC (git-fixes).
iio:adc:twl6030: Enable measurements of VUSB, VBAT and others (git-fixes).
ipmi:ssif: Add 60ms time internal between write retries (bsc#1206459).
ipmi:ssif: Increase the message retry time (bsc#1206459).
ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network (git-fixes).
ixgbevf: Fix resource leak in ixgbevf_init_module() (git-fixes).
jbd2: use the correct print format (git-fixes).
kABI workaround for struct acpi_ec (bsc#1207149).
kABI: Preserve TRACE_EVENT_FL values (git-fixes).
kabi/severities: add mlx5 internal symbols
l2tp: Do not sleep and disable BH under writer-side sk_callback_lock (git-fixes).
loop: Fix the max_loop commandline argument treatment when it is set to 0 (git-fixes).
md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes).
md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes).
md: Notify sysfs sync_completed in md_reap_sync_thread() (git-fixes).
md: protect md_unregister_thread from reentrancy (git-fixes).
mei: me: add meteor lake point M DID (git-fixes).
memory: atmel-sdramc: Fix missing clk_disable_unprepare in atmel_ramc_probe() (git-fixes).
memory: mvebu-devbus: Fix missing clk_disable_unprepare in mvebu_devbus_probe() (git-fixes).
memory: tegra: Remove clients SID override programming (git-fixes).
misc: fastrpc: Do not remove map on creater_process and device_release (git-fixes).
misc: fastrpc: Fix use-after-free race condition for maps (git-fixes).
mm: /proc/pid/smaps_rollup: fix no vma's null-deref (bsc#1207769).
mm: compaction: kABI: avoid pglist_data kABI breakage (bsc#1207010).
mm: compaction: support triggering of proactive compaction by user (bsc#1207010).
mmc: sdhci-esdhc-imx: correct the tuning start tap and step setting (git-fixes).
mmc: sunxi-mmc: Fix clock refcount imbalance during unbind (git-fixes).
module: Do not wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662).
mt76: fix use-after-free by removing a non-RCU wcid pointer (git-fixes).
mt76: mt7921: avoid unnecessary spin_lock/spin_unlock in mt7921_mcu_tx_done_event (git-fixes).
nbd: Fix hung on disconnect request if socket is closed before (git-fixes).
nbd: Fix hung when signal interrupts nbd_start_device_ioctl() (git-fixes).
nbd: call genl_unregister_family() first in nbd_cleanup() (git-fixes).
nbd: fix io hung while disconnecting device (git-fixes).
nbd: fix race between nbd_alloc_config() and module removal (git-fixes).
net/mlx4: Check retval of mlx4_bitmap_init (git-fixes).
net/mlx5: Dynamically resize flow counters query buffer (bsc#1195175).
net/tg3: resolve deadlock in tg3_reset_task() during EEH (bsc#1207842).
net: cxgb3_main: disable napi when bind qsets failed in cxgb_up() (git-fixes).
net: ena: Fix error handling in ena_init() (git-fixes).
net: liquidio: release resources when liquidio driver open failed (git-fixes).
net: liquidio: simplify if expression (git-fixes).
net: macvlan: Use built-in RCU list checking (git-fixes).
net: macvlan: fix memory leaks of macvlan_common_newlink (git-fixes).
net: mdio: validate parameter addr in mdiobus_get_phy() (git-fixes).
net: nfc: Fix use-after-free in local_cleanup() (git-fixes).
net: phy: dp83822: Fix null pointer access on DP83825/DP83826 devices (git-fixes).
net: phy: meson-gxl: Add generic dummy stubs for MMD register access (git-fixes).
net: tun: Fix memory leaks of napi_get_frags (git-fixes).
net: tun: Fix use-after-free in tun_detach() (git-fixes).
net: tun: call napi_schedule_prep() to ensure we own a napi (git-fixes).
net: usb: cdc_ether: add support for Thales Cinterion PLS62-W modem (git-fixes).
net: usb: sr9700: Handle negative len (git-fixes).
net: wan: Add checks for NULL for utdm in undo_uhdlc_init and unmap_si_regs (git-fixes).
netrom: Fix use-after-free caused by accept on already connected socket (git-fixes).
netrom: Fix use-after-free of a listening socket (git-fixes).
nilfs2: fix general protection fault in nilfs_btree_insert() (git-fixes).
null_blk: fix ida error handling in null_add_dev() (git-fixes).
octeontx2-af: Fix reference count issue in rvu_sdp_init() (jsc#SLE-24682).
octeontx2-af: debugsfs: fix pci device refcount leak (git-fixes).
octeontx2-pf: Add check for devm_kcalloc (git-fixes).
octeontx2-pf: Fix potential memory leak in otx2_init_tc() (jsc#SLE-24682).
of/address: Return an error when no valid dma-ranges are found (git-fixes).
phy: Revert 'phy: qualcomm: usb28nm: Add MDM9607 init sequence' (git-fixes).
phy: phy-can-transceiver: Skip warning if no 'max-bitrate' (git-fixes).
phy: rockchip-inno-usb2: Fix missing clk_disable_unprepare() in rockchip_usb2phy_power_on() (git-fixes).
phy: ti: fix Kconfig warning and operator precedence (git-fixes).
pinctrl: amd: Add dynamic debugging for active GPIOs (git-fixes).
pinctrl: rockchip: fix mux route data for rk3568 (git-fixes).
platform/surface: aggregator: Add missing call to ssam_request_sync_free() (git-fixes).
platform/surface: aggregator: Ignore command messages not intended for us (git-fixes).
platform/x86: asus-nb-wmi: Add alternate mapping for KEY_SCREENLOCK (git-fixes).
platform/x86: dell-privacy: Fix SW_CAMERA_LENS_COVER reporting (git-fixes).
platform/x86: dell-privacy: Only register SW_CAMERA_LENS_COVER if present (git-fixes).
platform/x86: sony-laptop: Do not turn off 0x153 keyboard backlight during probe (git-fixes).
platform/x86: touchscreen_dmi: Add info for the CSL Panther Tab HD (git-fixes).
powerpc/64s/radix: Fix RWX mapping with relocated kernel (bsc#1194869).
powerpc/64s/radix: Fix crash with unaligned relocated kernel (bsc#1194869).
powerpc/64s: Fix local irq disable when PMIs are disabled (bsc#1195655 ltc#1195655 git-fixes).
powerpc/kexec_file: Count hot-pluggable memory in FDT estimate (bsc#1194869).
powerpc/kexec_file: Fix division by zero in extra size estimation (bsc#1194869).
powerpc/rtas: avoid device tree lookups in rtas_os_term() (bsc#1065729).
powerpc/rtas: avoid scheduling in rtas_os_term() (bsc#1065729).
powerpc/vmlinux.lds: Add an explicit symbol for the SRWX boundary (bsc#1194869).
powerpc/vmlinux.lds: Ensure STRICT_ALIGN_SIZE is at least page aligned (bsc#1194869).
powerpc: move __end_rodata to cover arch read-only sections (bsc#1194869).
qlcnic: fix sleep-in-atomic-context bugs caused by msleep (git-fixes).
r8152: add vendor/device ID pair for Microsoft Devkit (git-fixes).
r8169: move rtl_wol_enable_rx() and rtl_prepare_power_down() (git-fixes).
regulator: da9211: Use irq handler when ready (git-fixes).
rpm/mkspec-dtb: add riscv64 dtb-renesas subpackage
s390/qeth: fix various format strings (git-fixes).
sched/core: Fix arch_scale_freq_tick() on tickless systems (git-fixes)
sched/core: Introduce sched_asym_cpucap_active() (git-fixes)
sched/cpuset: Fix dl_cpu_busy() panic due to empty (git-fixes)
sched/deadline: Merge dl_task_can_attach() and dl_cpu_busy() (git-fixes)
sched/tracing: Report TASK_RTLOCK_WAIT tasks as (git-fixes)
sched/uclamp: Make asym_fits_capacity() use util_fits_cpu() (git-fixes)
sched: Avoid double preemption in __cond_resched_*lock*() (git-fixes)
scsi: Revert 'scsi: core: map PQ=1, PDT=other values to SCSI_SCAN_TARGET_PRESENT' (git-fixes).
scsi: core: Fix a race between scsi_done() and scsi_timeout() (git-fixes).
scsi: efct: Fix possible memleak in efct_device_init() (git-fixes).
scsi: elx: libefc: Fix second parameter type in state callbacks (git-fixes).
scsi: fcoe: Fix possible name leak when device_register() fails (git-fixes).
scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails (git-fixes).
scsi: hpsa: Fix allocation size for scsi_host_alloc() (git-fixes).
scsi: hpsa: Fix error handling in hpsa_add_sas_host() (git-fixes).
scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device() (git-fixes).
scsi: hpsa: Fix possible memory leak in hpsa_init_one() (git-fixes).
scsi: ipr: Fix WARNING in ipr_init() (git-fixes).
scsi: mpi3mr: Refer CONFIG_SCSI_MPI3MR in Makefile (git-fixes).
scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add() (git-fixes).
scsi: mpt3sas: Remove scsi_dma_map() error messages (git-fixes).
scsi: scsi_debug: Fix a warning in resp_report_zones() (git-fixes).
scsi: scsi_debug: Fix a warning in resp_verify() (git-fixes).
scsi: scsi_debug: Fix a warning in resp_write_scat() (git-fixes).
scsi: scsi_debug: Fix possible name leak in sdebug_add_host_helper() (git-fixes).
scsi: snic: Fix possible UAF in snic_tgt_create() (git-fixes).
scsi: storvsc: Correct reporting of Hyper-V I/O size limits (git-fixes).
scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM (bsc#1206006).
scsi: tracing: Fix compile error in trace_array calls when TRACING is disabled (git-fixes).
scsi: ufs: Stop using the clock scaling lock in the error handler (git-fixes).
scsi: ufs: core: Enable link lost interrupt (git-fixes).
sctp: fail if no bound addresses can be used for a given scope (bsc#1206677).
selftests/vm: remove ARRAY_SIZE define from individual tests (git-fixes).
selftests: Provide local define of __cpuid_count() (git-fixes).
serial: 8250_dma: Fix DMA Rx rearm race (git-fixes).
serial: atmel: fix incorrect baudrate setup (git-fixes).
serial: pch_uart: Pass correct sg to dma_unmap_sg() (git-fixes).
sfc: fix potential memleak in __ef100_hard_start_xmit() (git-fixes).
soc: imx8m: Fix incorrect check for of_clk_get_by_name() (git-fixes).
spi: spidev: remove debug messages that access spidev->spi without locking (git-fixes).
staging: mt7621-dts: change some node hex addresses to lower case (git-fixes).
staging: vchiq_arm: fix enum vchiq_status return types (git-fixes).
swim3: add missing major.h include (git-fixes).
tcp: prohibit TCP_REPAIR_OPTIONS if data was already sent (git-fixes).
thermal/core: Remove duplicate information when an error occurs (git-fixes).
thunderbolt: Do not call PM runtime functions in tb_retimer_scan() (git-fixes).
thunderbolt: Do not report errors if on-board retimers are found (git-fixes).
thunderbolt: Use correct function to calculate maximum USB3 link rate (git-fixes).
tick/nohz: Use WARN_ON_ONCE() to prevent console saturation.
tick/sched: Fix non-kernel-doc comment (git-fixes).
tomoyo: fix broken dependency on *.conf.default (git-fixes).
tools: fix ARRAY_SIZE defines in tools and selftests hdrs (git-fixes).
tracing/hist: Fix issue of losting command info in error_log (git-fixes).
tracing/hist: Fix out-of-bound write on 'action_data.var_ref_idx' (git-fixes).
tracing/hist: Fix wrong return value in parse_action_params() (git-fixes).
tracing/osnoise: Make osnoise_main to sleep for microseconds (git-fixes).
tracing/perf: Avoid -Warray-bounds warning for __rel_loc macro (git-fixes).
tracing/probes: Handle system names with hyphens (git-fixes).
tracing: Add '__rel_loc' using trace event macros (git-fixes).
tracing: Add DYNAMIC flag for dynamic events (git-fixes).
tracing: Add trace_event helper macros __string_len() and __assign_str_len() (git-fixes).
tracing: Avoid -Warray-bounds warning for __rel_loc macro (git-fixes).
tracing: Do not use out-of-sync va_list in event printing (git-fixes).
tracing: Ensure trace buffer is at least 4096 bytes large (git-fixes).
tracing: Fix a kmemleak false positive in tracing_map (git-fixes).
tracing: Fix complicated dependency of CONFIG_TRACER_MAX_TRACE (git-fixes).
tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line (git-fixes).
tracing: Fix issue of missing one synthetic field (git-fixes).
tracing: Fix mismatched comment in __string_len (git-fixes).
tracing: Fix possible memory leak in __create_synth_event() error path (git-fixes).
tracing: Fix race where histograms can be called before the event (git-fixes).
tracing: Fix sleeping function called from invalid context on RT kernel (git-fixes).
tracing: Fix tp_printk option related with tp_printk_stop_on_boot (git-fixes).
tracing: Fix warning on variable 'struct trace_array' (git-fixes).
tracing: Have TRACE_DEFINE_ENUM affect trace event types as well (git-fixes).
tracing: Have syscall trace events use trace_event_buffer_lock_reserve() (git-fixes).
tracing: Have type enum modifications copy the strings (git-fixes).
tracing: Make tp_printk work on syscall tracepoints (git-fixes).
tracing: Use alignof__(struct {type b;}) instead of offsetof() (git-fixes).
tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate (git-fixes).
tty: fix possible null-ptr-defer in spk_ttyio_release (git-fixes).
tty: serial: qcom-geni-serial: fix slab-out-of-bounds on RX FIFO buffer (git-fixes).
usb-storage: apply IGNORE_UAS only for HIKSEMI MD202 on RTL9210 (git-fixes).
usb: acpi: add helper to check port lpm capability using acpi _DSM (git-fixes).
usb: cdns3: remove fetched trb from cache before dequeuing (git-fixes).
usb: core: hub: disable autosuspend for TI TUSB8041 (git-fixes).
usb: dwc3: qcom: enable vbus override when in OTG dr-mode (git-fixes).
usb: fotg210-udc: Fix ages old endianness issues (git-fixes).
usb: gadget: f_fs: Ensure ep0req is dequeued before free_request (git-fixes).
usb: gadget: f_fs: Fix unbalanced spinlock in __ffs_ep0_queue_wait (git-fixes).
usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait (git-fixes).
usb: gadget: f_hid: fix f_hidg lifetime vs cdev (git-fixes).
usb: gadget: f_hid: fix refcount leak on error path (git-fixes).
usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate() (git-fixes).
usb: gadget: f_uac2: Fix incorrect increment of bNumEndpoints (git-fixes).
usb: gadget: g_webcam: Send color matching descriptor per frame (git-fixes).
usb: gadget: udc: core: Print error code in usb_gadget_probe_driver() (git-fixes).
usb: gadget: udc: core: Revise comments for USB ep enable/disable (git-fixes).
usb: gadget: udc: core: Use pr_fmt() to prefix messages (git-fixes).
usb: gadget: udc: core: remove usage of list iterator past the loop body (git-fixes).
usb: host: ehci-fsl: Fix module alias (git-fixes).
usb: typec: altmodes/displayport: Add pin assignment helper (git-fixes).
usb: typec: altmodes/displayport: Fix pin assignment calculation (git-fixes).
usb: typec: tcpm: Fix altmode re-registration causes sysfs create fail (git-fixes).
usb: xhci: Check endpoint is valid before dereferencing it (git-fixes).
vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF (git-fixes).
vfs: make sync_filesystem return errors from ->sync_fs (git-fixes).
virtio-blk: modify the value type of num in virtio_queue_rq() (git-fixes).
virtio-net: correctly enable callback during start_xmit (git-fixes).
virtio_pci: modify ENOENT to EINVAL (git-fixes).
w1: fix WARNING after calling w1_process() (git-fixes).
w1: fix deadloop in __w1_remove_master_device() (git-fixes).
wait: Fix __wait_event_hrtimeout for RT/DL tasks (git-fixes)
watchdog: diag288_wdt: do not use stack buffers for hardware data (bsc#1207497).
watchdog: diag288_wdt: fix __diag288() inline assembly (bsc#1207497).
wifi: brcmfmac: fix regression for Broadcom PCIe wifi devices (git-fixes).
wifi: mac80211: sdata can be NULL during AMPDU start (git-fixes).
wifi: mt76: mt7921: add mt7921_mutex_acquire at mt7921_sta_set_decap_offload (git-fixes).
wifi: mt76: mt7921e: fix race issue between reset and suspend/resume (git-fixes).
wifi: mt76: sdio: fix the deadlock caused by sdio->stat_work (git-fixes).
wifi: mt76: sdio: poll sta stat when device transmits data (git-fixes).
wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid (git-fixes).
x86/hyperv: Remove unregister syscore call from Hyper-V cleanup (git-fixes).
x86/hyperv: Restore VP assist page after cpu offlining/onlining (git-fixes).
xfs: Fix unreferenced object reported by kmemleak in xfs_sysfs_init() (git-fixes).
xfs: fix incorrect error-out in xfs_remove (git-fixes).
xfs: fix incorrect i_nlink caused by inode racing (git-fixes).
xfs: fix maxlevels comparisons in the btree staging code (git-fixes).
xfs: fix memory leak in xfs_errortag_init (git-fixes).
xfs: get rid of assert from xfs_btree_islastblock (git-fixes).
xfs: get root inode correctly at bulkstat (git-fixes).
xfs: initialize the check_owner object fully (git-fixes).
xfs: prevent a WARN_ONCE() in xfs_ioc_attr_list() (git-fixes).
xfs: reject crazy array sizes being fed to XFS_IOC_GETBMAP* (git-fixes).
xfs: return errors in xfs_fs_sync_fs (git-fixes).
xfs: xfstest fails with error missing kernel patch (git-fixes bsc#1207501 ltc#201370).
xhci-pci: set the dma max_seg_size (git-fixes).
xhci: Fix null pointer dereference when host dies (git-fixes).
zram: Delete patch for regression addressed (bsc#1207933).
zram: do not lookup algorithm in backends table (git-fixes).

Advisory ID	SUSE-SU-2023:434-1
Released	Thu Feb 16 09:08:05 2023
Summary	Security update for mozilla-nss
Type	security
Severity	important
References	1208138,CVE-2023-0767

Description:

This update for mozilla-nss fixes the following issues:
Updated to NSS 3.79.4 (bsc#1208138):
- CVE-2023-0767: Fixed handling of unknown PKCS#12 safe bag types.

Advisory ID	SUSE-SU-2023:435-1
Released	Thu Feb 16 11:06:29 2023
Summary	Security update for java-17-openjdk
Type	security
Severity	moderate
References	1205916,1207246,1207248,CVE-2023-21835,CVE-2023-21843

Description:

This update for java-17-openjdk fixes the following issues:
Updated to version jdk-17.0.6.0+10:
- CVE-2023-21835: Fixed handshake DoS attack against DTLS connections (bsc#1207246). - CVE-2023-21843: Fixed soundbank URL remote loading (bsc#1207248).
Bugfixes:
- Avoid calling C_GetInfo() too early, before cryptoki is initialized (bsc#1205916).

Advisory ID	SUSE-RU-2023:439-1
Released	Thu Feb 16 13:09:30 2023
Summary	Recommended update for dracut
Type	recommended
Severity	moderate
References	1069169,1186056,1204929,1205175

Description:

This update for dracut fixes the following issues:

Exclude USB drivers in strict hostonly mode (bsc#1186056)
Warn if included with no multipath devices and no user conf (bsc#1069169)
Improve detection of installed kernel versions (bsc#1205175)
chown using rpc default group (bsc#1204929)

Advisory ID	SUSE-SU-2023:444-1
Released	Fri Feb 17 09:44:11 2023
Summary	Security update for rubygem-actionpack-5_1
Type	security
Severity	important
References	1207451,1207455,CVE-2023-22792,CVE-2023-22795

Description:

This update for rubygem-actionpack-5_1 fixes the following issues:
- CVE-2023-22795: Fixed ReDoS in Action Dispatch cache (bsc#1207451). - CVE-2023-22792: Fixed ReDoS in Action Dispatch cookies (bnc#1207455).

Advisory ID	SUSE-RU-2023:452-1
Released	Mon Feb 20 11:11:10 2023
Summary	Recommended update for build
Type	recommended
Severity	moderate
References

Description:

This update for build fixes the following issues:
build was updated to the current version:

CycloneDX SBOM support added
added support for generating VCS url information into rpms
SPDX SBOM generation for container and product builds
Revert & Redo 'Better filetype detection for temp changes files'
Fix typo in glibc hwcaps supplements
Implement lua string macros
configure mkbaselibs to create glibc-hwcaps baselibs as well
Better filetype detection for temp changes files
Add hook to run checks after mkbaselibs run
Delete leftover multilinedefine variable definition
Support multiline macros in the config's macro sections
Support #!BuildConstraint lines
Support #!BuildTarget in spec files to set the build target (as workaround of broken BuildArch in rpm since 2001)
Support a regexp for file renames
Set home to /root when running build time services
INCOMPATIBLE CHANGE: get rid off the power8 cpu limitation (#889) on powerpc
Add handling of non-compressed tar when creating Debian archive for DSC 3.0
Add automatic build-in-place detection
Support dist/package subdir builds in pbuild
Skip iothreads on QEMU 7.1.0
Fix permissions of /dev/pts/ptmx
Add license to container package list output
initial SP5 build configurations
vm-type:qemu use virtio on x86_64
Improve installation of obs-docker-support for multi-stage builds
Tweak ARG handling in dockerfile parser
fixed Undefined subroutine &PBuild::Job::ls issue
Add missing dependencies from vc as Recommends
sync factory build config
build-recipe-livebuild: run as root
vm_kill_kvm: Use SIGKILL after 3 minutes if the kvm process is not going away
Zip: Allow extraction of symlink targets
Convert obsolete egrep/fgrep calls to grep -E/-F
Add RemoteAsset support for Dockerfile based builds
new image format: mkosi
Support stacked container builds
Revert 'build-vm-kvm: enable l3-cache on i386/x86_64 builds'
handling of non-compressed tar when creating Debian archive for DSC 3.0
kvm: exclude powerpc from io_uring, enable iothreads always (#829)
kvm: enable more performant I/O also for s390(x) (#828)
Changelog patching when building DSC format 3.0. (#831)
support for building from slsa provenance files

Advisory ID	SUSE-RU-2023:457-1
Released	Mon Feb 20 12:56:48 2023
Summary	Recommended update for scap-security-guide
Type	recommended
Severity	moderate
References

Description:

This update for scap-security-guide fixes the following issues:
scap-security-guide was updated to 0.1.66 (jsc#ECO-3319)
- Ubuntu 22.04 CIS - OL7 stig v2r9 update - Bump OL8 STIG version to V1R4 - Update RHEL7 STIG to V3R10 - Update RHEL8 STIG to V1R9 - Introduce CIS RHEL9 profiles

also various SUSE profile fixes were done

Advisory ID	SUSE-SU-2023:461-1
Released	Mon Feb 20 14:36:11 2023
Summary	Security update for MozillaFirefox
Type	security
Severity	important
References	1208138,1208144,CVE-2023-0767,CVE-2023-25728,CVE-2023-25729,CVE-2023-25730,CVE-2023-25732,CVE-2023-25734,CVE-2023-25735,CVE-2023-25737,CVE-2023-25738,CVE-2023-25739,CVE-2023-25742,CVE-2023-25743,CVE-2023-25744,CVE-2023-25746

Description:

This update for MozillaFirefox fixes the following issues:
Updated to version 102.8.0 ESR (bsc#1208144):
- CVE-2023-25728: Fixed content security policy leak in violation reports using iframes. - CVE-2023-25730: Fixed screen hijack via browser fullscreen mode. - CVE-2023-25743: Fixed Fullscreen notification not being shown in Firefox Focus. - CVE-2023-0767: Fixed arbitrary memory write via PKCS 12 in NSS. - CVE-2023-25735: Fixed potential use-after-free from compartment mismatch in SpiderMonkey. - CVE-2023-25737: Fixed invalid downcast in SVGUtils::SetupStrokeGeometry. - CVE-2023-25738: Fixed printing on Windows which could potentially crash Firefox with some device drivers. - CVE-2023-25739: Fixed use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext. - CVE-2023-25729: Fixed extensions opening external schemes without user knowledge. - CVE-2023-25732: Fixed out of bounds memory write from EncodeInputStream. - CVE-2023-25734: Fixed opening local .url files that causes unexpected network loads. - CVE-2023-25742: Fixed tab crash by Web Crypto ImportKey. - CVE-2023-25744: Fixed Memory safety bugs. - CVE-2023-25746: Fixed Memory safety bugs.

Advisory ID	SUSE-SU-2023:463-1
Released	Mon Feb 20 16:33:39 2023
Summary	Security update for tar
Type	security
Severity	moderate
References	1202436,1207753,CVE-2022-48303

Description:

This update for tar fixes the following issues:

CVE-2022-48303: Fixed a one-byte out-of-bounds read that resulted in use of uninitialized memory for a conditional jump (bsc#1207753).

Bug fixes:

Fix hang when unpacking test tarball (bsc#1202436).

Advisory ID	SUSE-RU-2023:464-1
Released	Mon Feb 20 18:11:37 2023
Summary	Recommended update for systemd
Type	recommended
Severity	moderate
References

Description:

This update for systemd fixes the following issues:

Merge of v249.15
Drop workaround related to systemd-timesyncd that addressed a Factory issue.
Conditionalize the use of /lib/modprobe.d only on systems with split usr support enabled (i.e. SLE).
Make use of the %systemd_* rpm macros consistently. Using the upstream variants will ease the backports of Factory changes to SLE since Factory systemd uses the upstream variants exclusively.
machines.target belongs to systemd-container, do its init/cleanup steps from the scriptlets of this sub-package.
Make sure we apply the presets on units shipped by systemd package.
systemd-testsuite: move the integration tests in a dedicated sub directory.
Move systemd-cryptenroll into udev package.

Advisory ID	SUSE-SU-2023:465-1
Released	Mon Feb 20 18:33:58 2023
Summary	Security update for prometheus-ha_cluster_exporter
Type	security
Severity	important
References	1208046,1208047,CVE-2022-46146

Description:

This update for prometheus-ha_cluster_exporter fixes the following issues:
Updated to version 1.3.1:
- CVE-2022-46146: Fixed authentication bypass via cache poisoning in prometheus/exporter-toolkit (bsc#1208046, bsc#1208047).

Advisory ID	SUSE-SU-2023:470-1
Released	Tue Feb 21 10:05:53 2023
Summary	Security update for clamav
Type	security
Severity	critical
References	1208363,1208365,CVE-2023-20032,CVE-2023-20052

Description:

This update for clamav fixes the following issues:

CVE-2023-20032: Fixed a possible remote code execution vulnerability in the HFS+ file parser (bsc#1208363).
CVE-2023-20052: Fixed a possible remote information leak vulnerability in the DMG file parser (bsc#1208365).

Advisory ID	SUSE-feature-2023:472-1
Released	Tue Feb 21 10:19:47 2023
Summary	Feature update for nvptx-tools
Type	feature
Severity	moderate
References

Description:

This update for nvptx-tools fixes the following issues:
Update nvptx-tools (jsc#SLE-25047):

Add fixes which deal with CUDA 11 dropping support for NVIDIA Kepler sm_30 and sm_32
Add command line tools `nvptx-none-run` and `nvptx-none-run-single`

Advisory ID	SUSE-RU-2023:473-1
Released	Tue Feb 21 15:16:31 2023
Summary	Recommended update for libica, openssl-ibmca, openCryptoki
Type	recommended
Severity	moderate
References	1202365

Description:

This update for libica fixes the following issues:
libica was upgraded to version 4.2.0 (jsc#PED-581, bsc#1202365).
Note that the major library versions was changed from libica.so.3 to libica.so.4.
Features:

Display build info via icainfo -v
New API function ica_get_build_version()
Display fips indication via icainfo -f
New API function ica_get_fips_indicator()
New API function ica_aes_gcm_initialize_fips()
New API function ica_aes_gcm_kma_get_iv()
New API function ica_get_msa_level()

Upgrade to version 4.1.1 (jsc#PED-581, bsc#1202365).
v4.1.1:

Fix aes-xts multi-part operations

v4.1.0

FIPS: make libica FIPS 140-3 compliant
New API function ica_ecdsa_sign_ex()
New icainfo output option -r

Upgraded to version 4.0.3 (jsc#PED-581, jsc#PED-621, jsc#PED-629)
v4.0.3

Reduce the number of open file descriptors
Various bug fixes

v4.0.2

Various bug fixes

v4.0.1

Various bug fixes
Compute HMAC from installed library

v4.0.0

NO_SW_FALLBACKS is now the default for libica.so
Removed deprecated API functions including tests
Introduced 'const' for some API function parameters
icastats: new parm -k to display detailed counters

This update also provides rebuilds of openssl-ibmca and openCryptoki against the new libica.
openssl-ibmca was updated:

Upgraded to version 2.3.1 (jsc#PED-597) - Adjustments for libica 4.1.0 - First version including the provider - Fix for engine build without OpenSSL 3.0 sources - Fix PKEY segfault with OpenSSL 3.0 - Build against libica 4.0

Advisory ID	SUSE-RU-2023:474-1
Released	Wed Feb 22 09:46:25 2023
Summary	Recommended update for pdsh
Type	recommended
Severity	moderate
References	1206795

Description:

This update for pdsh fixes the following issues:

Backport a number of features and fixes from the git master branch (bsc#1206795): Add '-C' option on Slurm plugin to restrict selected nodes to ones with the specified features present. Add option '-k' to the ssh plugin to fail faster on connection failures. Fix use of strchr. Dshbak: Fix uninitialized use of $tag on empty input. Dsh: Release a lock that is no longer used.

Advisory ID	SUSE-RU-2023:477-1
Released	Wed Feb 22 14:00:53 2023
Summary	Recommended update for google-guest-configs
Type	recommended
Severity	moderate
References	1195437,1195438,1204068,1204091

Description:

This update for google-guest-configs fixes the following issues:

Add nvme-cli to Requires (bsc#1204068, bsc#1204091)

Update to version 20220211.00 (bsc#1195437, bsc#1195438) * Set NVMe-PD IO timeout to 4294967295. (#32)

Advisory ID	SUSE-RU-2023:481-1
Released	Thu Feb 23 07:59:22 2023
Summary	Recommended update for yast2-sap-ha
Type	recommended
Severity	moderate
References	1202979,1206601

Description:

This update for yast2-sap-ha fixes the following issues:

Use ruby base64 to replace uuencode/uudecode. (bsc#1206601)
YaST2 HA Setup for SAP Products - cannot input several instance numbers. (bsc#1202979)

Advisory ID	SUSE-SU-2023:482-1
Released	Thu Feb 23 10:00:19 2023
Summary	Security update for openssl-1_1-livepatches
Type	security
Severity	important
References	1207533,CVE-2023-0286

Description:

This update for openssl-1_1-livepatches fixes the following issues:
- CVE-2023-0286: Fixed X.400 address type confusion in X.509 GeneralName via livepatch (bsc#1207533).

Advisory ID	SUSE-SU-2023:484-1
Released	Thu Feb 23 10:26:47 2023
Summary	Security update for pesign
Type	security
Severity	important
References	1202933,CVE-2022-3560

Description:

This update for pesign fixes the following issues:
- CVE-2022-3560: Fixed pesign-authorize ExecStartPost script allowing privilege escalation from pesign to root (bsc#1202933).

Advisory ID	SUSE-SU-2023:486-1
Released	Thu Feb 23 10:38:13 2023
Summary	Security update for c-ares
Type	security
Severity	important
References	1208067,CVE-2022-4904

Description:

This update for c-ares fixes the following issues:
Updated to version 1.19.0:
- CVE-2022-4904: Fixed missing string length check in config_sortlist() (bsc#1208067).

Advisory ID	SUSE-SU-2023:489-1
Released	Thu Feb 23 11:08:51 2023
Summary	Security update for webkit2gtk3
Type	security
Severity	important
References	1206750,1207997,1208328,CVE-2022-42826,CVE-2022-42852,CVE-2022-42863,CVE-2022-42867,CVE-2022-46691,CVE-2022-46692,CVE-2022-46698,CVE-2022-46699,CVE-2022-46700,CVE-2023-23517,CVE-2023-23518,CVE-2023-23529

Description:

This update for webkit2gtk3 fixes the following issues:
Update to version 2.38.5 (boo#1208328):

CVE-2023-23529: Fixed possible arbitrary code execution via maliciously crafted web content.

Update to version 2.38.4 (boo#1207997):

CVE-2023-23517: Fixed web content processing that could have led to arbitrary code execution.
CVE-2023-23518: Fixed web content processing that could have led to arbitrary code execution.
CVE-2022-42826: Fixed a use-after-free issue that was caused by improper memory management.

New CVE and bug references where added for already released updates:
Update to version 2.38.3 (boo#1206750):

CVE-2022-42852: Fixed disclosure of process memory by improved memory handling.
CVE-2022-42867: Fixed a use after free issue was addressed with improved memory management.
CVE-2022-46692: Fixed bypass of Same Origin Policy through improved state management.
CVE-2022-46698: Fixed disclosure of sensitive user information with improved checks.
CVE-2022-46699: Fixed an arbitrary code execution caused by memory corruption.
CVE-2022-46700: Fixed a potential arbitrary code execution when processing maliciously crafted web content.

Update to version 2.38.1:

CVE-2022-46691: Fixed a potential arbitrary code execution when processing maliciously crafted web content.

Update to version 2.38.0:

CVE-2022-42863: Fixed a potential arbitrary code execution when processing maliciously crafted web content.

Advisory ID	SUSE-RU-2023:491-1
Released	Thu Feb 23 11:17:11 2023
Summary	Recommended update for yast2-network
Type	recommended
Severity	important
References	1206551,1207221

Description:

This update for yast2-network fixes the following issues:

Fix the return of packages needed by the selected backend when running an autoinstallation (bsc#1207221)
Report a warning message for issues detected when the NETMASK or PREFIXLEN are invalid and allow the user to stop or to continue with the broken configuration (bsc#1206551)

Advisory ID	SUSE-SU-2023:492-1
Released	Thu Feb 23 11:38:57 2023
Summary	Security update for rubygem-activerecord-5_1
Type	security
Severity	moderate
References	1207450,CVE-2022-44566

Description:

This update for rubygem-activerecord-5_1 fixes the following issues:

CVE-2022-44566: Fixed possible denial of service vulnerability in ActiveRecord's PostgreSQL adapter (bsc#1207450).

Advisory ID	SUSE-SU-2023:495-1
Released	Thu Feb 23 12:48:29 2023
Summary	Security update for poppler
Type	security
Severity	important
References	1202692,CVE-2022-38784

Description:

This update for poppler fixes the following issues:
- CVE-2022-38784: Fixed integer overflow in the JBIG2 decoder (bsc#1202692).

SUSE-IU-2000:26-1

Container Advisory ID	SUSE-IU-2000:26-1
Container Tags	SUSE:SLE-15-SP4:2
Container Release

The following patches have been included in this update:

Advisory ID	SUSE-RU-2018:1712-1
Released	Mon Aug 20 17:01:17 2018
Summary	Recommended update for SUSE Manager Client Tools
Type	recommended
Severity	moderate
References	1039043,1083294,1093381,1093529,1094497,1101152

Description:

This update fixes the following issues:
rhncfg:

Format the file mode in unified way. (bsc#1093529)

spacewalk-backend:

Fix directory permissions. (bsc#1101152)
Feature: implement optional signing repository metadata.
Fix truncated result message of server actions. (bsc#1039043)
Do not copy 'foreign_entitlement' from virtual host to the registered guest. (bsc#1093381)
Spacewalk-debug: add Postgres configuration files.
Initial branding change for Uyuni. (bsc#1094497)

spacewalk-remote-utils:

Fix ordering of channel data. (bsc#1083294)
Add RHEL 6.10 channel definitions.

zypp-plugin-spacewalk:

Turn on metadata signature checking if signature is available.

Advisory ID	SUSE-RU-2019:993-1
Released	Tue Apr 23 14:44:56 2019
Summary	Recommended update for python-python-memcached
Type	recommended
Severity	moderate
References	1131840,1133090

Description:

This update for python-python-memcached fixes the following issues:
python-python-memcached was updated to 1.59:

Various fixes for python 3.7 and 3.6

Advisory ID	SUSE-RU-2019:1691-1
Released	Mon Jun 24 16:21:37 2019
Summary	Recommended update for SUSE Manager Client Tools
Type	recommended
Severity	moderate
References	1095804,1103388,1103696,1104034,1118492,1120242,1125610,1125744,1128529,1128564,1129243,1129300,1130041,1130077,1131677,1132346,1133424,1134876,1136102,1138130,987798

Description:

This update fixes the following issues:
koan:

Require virt-install only for RHEL6/7. Other distributions accepting Recommends must use it as virt-install is not available sometimes (for example SLED)
Change virt-install from Reccommends to Require because this fixes RHEL 6 & 7
Fix regex error in the files section
Remove Recursion in python_sitelib and remove non relevant parts of the specfile
Replace python2_sitelib macro with python_sitelib to fix build on older distros.
Remove duplicate file section entrys
Adjust Group Tag to Development/Libraries/Python to satisfy linter

prometheus-node_exporter:

Add the package to the SLE Basesytem module. (fate#327287)

rhnlib:

Add group to python*-rhnlib to fix building at SLE11
Read SSL decoded buffer completely when no pending bytes on the underlying connection.
Fix encoding issues after porting to Python 3.
Sync changes from Spacewalk
1652859 - python3 http.client does not contain _set_hostport()
Use rpm for debian packaging
Bump version to 4.0.0 (bsc#1104034)
Fix copyright for the package specfile (bsc#1103696)

spacecmd:

Save SSM list on system delete and update cache (bsc#1130077, bsc#1125744)
Replace iteritems with items for python2/3 compat (bsc#1129243)
Fix python 3 bytes issue when handling config channels
Prevent spacecmd crashing when piping the output in Python 3 (bsc#1125610)
Fix compatibility with Python 3
Add function to merge errata and packages through spacecmd (bsc#987798)
Bump version to 4.0.0 (bsc#1104034)
Fix copyright for the package specfile (bsc#1103696)

spacewalk-backend:

Use new names in code for client tool packages which were renamed (bsc#1134876)
Fix password prompt within mgr-sign-metadata
Fix TypeError for 'errata.getErrataInfo' XMLRPC handler (bsc#1132346)
Fix typo in syncing product extensions (bsc#1118492)
Fix mgr-sign-metadata-ctl checking of exported keys.
Use suseLib.get_proxy to get the HTTP proxy configuration properly on DEB repos (bsc#1133424)
Add support for mirrorlist and metalink on Zypper reposync.
Solve situations where synced packages have epoch 0 but reposync does not find them them on the database.
Fix path to the RPM database used by Zypper at reposync.
Add makefile for python linter and unit/integration tests
Fix linking of packages in reposync (bsc#1131677)
Include arch to distinct latest packages on reposync.
Migrate missing spacewalk-cfg-get script to Python3
Improve dependency solving algorithm for spacewalk-repo-sync.
Remove apache access_compat module and adapt config files
Add support for getting latest versions from RPM packages when running 'spacewalk-repo-sync' after migration to Zypper.
Include packages dependencies on 'spacewalk-repo-sync' when using filters for RPM packages.
Allow package filtering (name matching) on spacewalk-repo-sync after migrating away from yum.
Fix crash when importing new channel families on 'mgr-inter-sync' (bsc#1129300)
Make Zypper to use the spacewalk GPG keyring in reposync (bsc#1128529)
Fix: handle non-standard filenames for comps.xml (bsc#1120242)
Make reposync use and append token correctly to the URL
Fix invalid mode error when doing spacewalk-repo-sync on Ubuntu official repos.
Fix bootstrapping SLE15 traditional client (bsc#1128564)
Fix reading LOB objects with python3
Fix 'mgr-inter-sync' problems after Python 3 migration.
Mgr-sign-metadata can optionally clear-sign metadata files
Allow errata import from local repositories.
Fix 'rhnpush' after migration to Python 3.
Fix package import issues when package encoding is ISO8859-1.
Fix issues with HTTP proxy and reposync.
Solve Python 3 problem and allow traditional registration.
Add 'python-urlgrabber' as a new dependency.
Fix Python3 issues on satellite_tools scripts
Use 'Zypper' and 'libsolv' in 'spacewalk-repo-sync'. Replace 'yum'.
Require the correct dependency for python-rpm to allow the Proxy to work with Python3 only
Make rhn-ssl-dbstore compatible with python3
Take only text files from /srv/salt to make spacewalk-debug smaller (bsc#1103388)
Support mirroring of source packages
Make spacewalk-backend code compatible with Python 3
Prepare spacewalk-backend packages to build on Python 3
Replace PyPAM with python-python-pam
Bump version to 4.0.0 (bsc#1104034)
Fix copyright for the package specfile (bsc#1103696)
Disable Oracle support for openSUSE (bsc#1095804)

spacewalk-client-tools:

Fix bootstrapping SLE15 traditional client (bsc#1128564)
Sync with Spacewalk
Add ability to work behind http proxies
1666099 - python3 is picky about bytes and string
Fix testConfig.py
Use rpm for debian packaging
Bump version to 4.0.0 (bsc#1104034)
Fix copyright for the package specfile (bsc#1103696)
The rhnsd service was replaced by rhnsd timer, so registration script and systemd presets are now adapted to this (bsc#1138130)

spacewalk-koan:

Fix building on openSUSE 15.0
Add Uyuni URL to package
Bump version to 4.0.0 (bsc#1104034)
Fix copyright for the package specfile (bsc#1103696)

spacewalk-oscap:

Fix python2 compilation on openSUSE
Add Uyuni URL to package
Bump version to 4.0.0 (bsc#1104034)
Fix copyright for the package specfile (bsc#1103696)

spacewalk-remote-utils:

Sync changes from Spacewalk
1649374 - Update spacewalk-remote-utils with RHEL 7.6 channel definitions
1633532 - Use python-gpg instead of python-gpgme where possible
Add Uyuni URL to package
Bump version to 4.0.0 (bsc#1104034)
Fix copyright for the package specfile (bsc#1103696)

spacewalk-usix:

Add compatibility with Python 3
Use rpm for debian packaging
Bump version to 4.0.0 (bsc#1104034)
Fix copyright for the package specfile (bsc#1103696)

supportutils-plugin-susemanager-client:

Bump version to 4.0.0 (bsc#1104034)
Fix copyright for the package specfile (bsc#1103696)

suseRegisterInfo:

Make suseRegisterInfo compatible with Python 2 and 3
Bump version to 4.0.0 (bsc#1104034)
Fix copyright for the package specfile (bsc#1103696)

zypp-plugin-spacewalk:

Fix python syntax error in distupgrade (bsc#1136102)

mgr-daemon:

rhnsd service was replaced by rhnsd timer (bsc#1138130)

Advisory ID	SUSE-RU-2019:3361-1
Released	Thu Dec 19 18:54:43 2019
Summary	Recommended update for SUSE Manager Client Tools
Type	recommended
Severity	moderate
References	1113160,1131556,1143913,1146683,1152722,1153090,1154968,1156211,1156397,1156521

Description:

This update fixes the following issues:
golang-github-lusitaniae-apache_exporter:

Handle OS TERM signals
Add option to override host name

golang-github-prometheus-prometheus:

Patch macros on spec file to support builds on SLE 12
Remove prometheus.firewall.xml source file
Remove firewalld files. They are installed in the main firewalld package.
Update Uyuni/SUSE Manager service discovery patch + Fixes crashes when systems have no FQDN + Adds Parallel calls to Uyuni API, meaningful performance increase + Adds Support for system group labels
Do not install the firewalld config file on Tumbleweed (on versions newer than Leap 15.1). It's installed in the main firewalld package.
reorder some %install tasks
Add network-online (Wants and After) dependency to systemd unit bsc#1143913
Only package required files (reduces rpm size by 4 MB)
Add sysconfig file
Add firewall config file
Use variables for defining user and group

koan:

Fix auto installing VMs (bsc#1156211)

rhnlib:

Fix malformed XML response when data contains non-ASCII chars (bsc#1154968)

spacecmd:

Enable building and installing for Ubuntu 16.04 and Ubuntu 18.04
Prevent error when piping stdout in Python 2 (bsc#1153090)

spacewalk-backend:

Fix specfile for systems that do not yet use systemd
Fix spacewalk-update-signatures for python3 (bsc#1156521)
Fix problems with Package Hub repos having multiple rpms with same NEVRA but different checksums (bsc#1146683)
Add systemd service macros for diskcheck.service
Port diskcheck utility to 4.0.3 branch (bsc#1156397)
Use active values for diskchecker mails
Do not require parameters to start on column 1
Add Requires: systemd for completeness
Create /usr/lib/systemd/systemd during build
BuildRequires: systemd for spacewalk-diskcheck
Add option spacecheck_shutdown; tidy up wording of notifications
Add disk space checker script
Fix broken spacewalk-data-fsck utility (bsc#1131556)

spacewalk-client-tools:

Skip dmidecode data on aarch64 to prevent coredump (bsc#1113160)

spacewalk-koan:

Gfx_type needs to default to 'vnc' (bsc#1156211)

zypp-plugin-spacewalk:

Prevent possible encoding issues on Python 3 (bsc#1152722)

Advisory ID	SUSE-SU-2020:1972-1
Released	Tue Jul 21 02:39:24 2020
Summary	Security update for SUSE Manager Client Tools
Type	security
Severity	moderate
References	1113160,1138822,1142038,1148177,1153090,1153277,1154940,1154968,1155372,1163871,1165921,1168310,1170231,1170557,1170824,1171687,1172462,CVE-2019-10215,CVE-2019-15043,CVE-2020-12245,CVE-2020-13379

Description:

This update fixes the following issues:
dracut-saltboot:

Print a list of available disk devices (bsc#1170824)
Install wipefs to initrd
Force install crypt modules

golang-github-prometheus-prometheus:

Update change log and spec file + Modified spec file: default to golang 1.14 to avoid 'have choice' build issues in OBS. + Rebase and update patches for version 2.18.0
Update to 2.18.0 + Features * Tracing: Added experimental Jaeger support #7148 + Changes * Federation: Only use local TSDB for federation (ignore remote read). #7096 * Rules: `rule_evaluations_total` and `rule_evaluation_failures_total` have a `rule_group` label now. #7094 + Enhancements * TSDB: Significantly reduce WAL size kept around after a block cut. #7098 * Discovery: Add `architecture` meta label for EC2. #7000 + Bug fixes * UI: Fixed wrong MinTime reported by /status. #7182 * React UI: Fixed multiselect legend on OSX. #6880 * Remote Write: Fixed blocked resharding edge case. #7122 * Remote Write: Fixed remote write not updating on relabel configs change. #7073
Changes from 2.17.2 + Bug fixes * Federation: Register federation metrics #7081 * PromQL: Fix panic in parser error handling #7132 * Rules: Fix reloads hanging when deleting a rule group that is being evaluated #7138 * TSDB: Fix a memory leak when prometheus starts with an empty TSDB WAL #7135 * TSDB: Make isolation more robust to panics in web handlers #7129 #7136
Changes from 2.17.1 + Bug fixes * TSDB: Fix query performance regression that increased memory and CPU usage #7051
Changes from 2.17.0 + Features * TSDB: Support isolation #6841 * This release implements isolation in TSDB. API queries and recording rules are guaranteed to only see full scrapes and full recording rules. This comes with a certain overhead in resource usage. Depending on the situation, there might be some increase in memory usage, CPU usage, or query latency. + Enhancements * PromQL: Allow more keywords as metric names #6933 * React UI: Add normalization of localhost URLs in targets page #6794 * Remote read: Read from remote storage concurrently #6770 * Rules: Mark deleted rule series as stale after a reload #6745 * Scrape: Log scrape append failures as debug rather than warn #6852 * TSDB: Improve query performance for queries that partially hit the head #6676 * Consul SD: Expose service health as meta label #5313 * EC2 SD: Expose EC2 instance lifecycle as meta label #6914 * Kubernetes SD: Expose service type as meta label for K8s service role #6684 * Kubernetes SD: Expose label_selector and field_selector #6807 * Openstack SD: Expose hypervisor id as meta label #6962 + Bug fixes * PromQL: Do not escape HTML-like chars in query log #6834 #6795 * React UI: Fix data table matrix values #6896 * React UI: Fix new targets page not loading when using non-ASCII characters #6892 * Remote read: Fix duplication of metrics read from remote storage with external labels #6967 #7018 * Remote write: Register WAL watcher and live reader metrics for all remotes, not just the first one #6998 * Scrape: Prevent removal of metric names upon relabeling #6891 * Scrape: Fix 'superfluous response.WriteHeader call' errors when scrape fails under some circonstances #6986 * Scrape: Fix crash when reloads are separated by two scrape intervals #7011
Changes from 2.16.0 + Features * React UI: Support local timezone on /graph #6692 * PromQL: add absent_over_time query function #6490 * Adding optional logging of queries to their own file #6520 + Enhancements * React UI: Add support for rules page and 'Xs ago' duration displays #6503 * React UI: alerts page, replace filtering togglers tabs with checkboxes #6543 * TSDB: Export metric for WAL write errors #6647 * TSDB: Improve query performance for queries that only touch the most recent 2h of data. #6651 * PromQL: Refactoring in parser errors to improve error messages #6634 * PromQL: Support trailing commas in grouping opts #6480 * Scrape: Reduce memory usage on reloads by reusing scrape cache #6670 * Scrape: Add metrics to track bytes and entries in the metadata cache #6675 * promtool: Add support for line-column numbers for invalid rules output #6533 * Avoid restarting rule groups when it is unnecessary #6450 + Bug fixes * React UI: Send cookies on fetch() on older browsers #6553 * React UI: adopt grafana flot fix for stacked graphs #6603 * React UI: broken graph page browser history so that back button works as expected #6659 * TSDB: ensure compactionsSkipped metric is registered, and log proper error if one is returned from head.Init #6616 * TSDB: return an error on ingesting series with duplicate labels #6664 * PromQL: Fix unary operator precedence #6579 * PromQL: Respect query.timeout even when we reach query.max-concurrency #6712 * PromQL: Fix string and parentheses handling in engine, which affected React UI #6612 * PromQL: Remove output labels returned by absent() if they are produced by multiple identical label matchers #6493 * Scrape: Validate that OpenMetrics input ends with `# EOF` #6505 * Remote read: return the correct error if configs can't be marshal'd to JSON #6622 * Remote write: Make remote client `Store` use passed context, which can affect shutdown timing #6673 * Remote write: Improve sharding calculation in cases where we would always be consistently behind by tracking pendingSamples #6511 * Ensure prometheus_rule_group metrics are deleted when a rule group is removed #6693
Changes from 2.15.2 + Bug fixes * TSDB: Fixed support for TSDB blocks built with Prometheus before 2.1.0. #6564 * TSDB: Fixed block compaction issues on Windows. #6547
Changes from 2.15.1 + Bug fixes * TSDB: Fixed race on concurrent queries against same data. #6512
Changes from 2.15.0 + Features * API: Added new endpoint for exposing per metric metadata `/metadata`. #6420 #6442 + Changes * Discovery: Removed `prometheus_sd_kubernetes_cache_*` metrics. Additionally `prometheus_sd_kubernetes_workqueue_latency_seconds` and `prometheus_sd_kubernetes_workqueue_work_duration_seconds` metrics now show correct values in seconds. #6393 * Remote write: Changed `query` label on `prometheus_remote_storage_*` metrics to `remote_name` and `url`. #6043 + Enhancements * TSDB: Significantly reduced memory footprint of loaded TSDB blocks. #6418 #6461 * TSDB: Significantly optimized what we buffer during compaction which should result in lower memory footprint during compaction. #6422 #6452 #6468 #6475 * TSDB: Improve replay latency. #6230 * TSDB: WAL size is now used for size based retention calculation. #5886 * Remote read: Added query grouping and range hints to the remote read request #6401 * Remote write: Added `prometheus_remote_storage_sent_bytes_total` counter per queue. #6344 * promql: Improved PromQL parser performance. #6356 * React UI: Implemented missing pages like `/targets` #6276, TSDB status page #6281 #6267 and many other fixes and performance improvements. * promql: Prometheus now accepts spaces between time range and square bracket. e.g `[ 5m]` #6065 + Bug fixes * Config: Fixed alertmanager configuration to not miss targets when configurations are similar. #6455 * Remote write: Value of `prometheus_remote_storage_shards_desired` gauge shows raw value of desired shards and it's updated correctly. #6378 * Rules: Prometheus now fails the evaluation of rules and alerts where metric results collide with labels specified in `labels` field. #6469 * API: Targets Metadata API `/targets/metadata` now accepts empty `match_targets` parameter as in the spec. #6303
Changes from 2.14.0 + Features * API: `/api/v1/status/runtimeinfo` and `/api/v1/status/buildinfo` endpoints added for use by the React UI. #6243 * React UI: implement the new experimental React based UI. #5694 and many more * Can be found by under `/new`. * Not all pages are implemented yet. * Status: Cardinality statistics added to the Runtime & Build Information page. #6125 + Enhancements * Remote write: fix delays in remote write after a compaction. #6021 * UI: Alerts can be filtered by state. #5758 + Bug fixes * Ensure warnings from the API are escaped. #6279 * API: lifecycle endpoints return 403 when not enabled. #6057 * Build: Fix Solaris build. #6149 * Promtool: Remove false duplicate rule warnings when checking rule files with alerts. #6270 * Remote write: restore use of deduplicating logger in remote write. #6113 * Remote write: do not reshard when unable to send samples. #6111 * Service discovery: errors are no longer logged on context cancellation. #6116, #6133 * UI: handle null response from API properly. #6071
Changes from 2.13.1 + Bug fixes * Fix panic in ARM builds of Prometheus. #6110 * promql: fix potential panic in the query logger. #6094 * Multiple errors of http: superfluous response.WriteHeader call in the logs. #6145
Changes from 2.13.0 + Enhancements * Metrics: renamed prometheus_sd_configs_failed_total to prometheus_sd_failed_configs and changed to Gauge #5254 * Include the tsdb tool in builds. #6089 * Service discovery: add new node address types for kubernetes. #5902 * UI: show warnings if query have returned some warnings. #5964 * Remote write: reduce memory usage of the series cache. #5849 * Remote read: use remote read streaming to reduce memory usage. #5703 * Metrics: added metrics for remote write max/min/desired shards to queue manager. #5787 * Promtool: show the warnings during label query. #5924 * Promtool: improve error messages when parsing bad rules. #5965 * Promtool: more promlint rules. #5515 + Bug fixes * UI: Fix a Stored DOM XSS vulnerability with query history [CVE-2019-10215](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10215). #6098 * Promtool: fix recording inconsistency due to duplicate labels. #6026 * UI: fixes service-discovery view when accessed from unhealthy targets. #5915 * Metrics format: OpenMetrics parser crashes on short input. #5939 * UI: avoid truncated Y-axis values. #6014
Changes from 2.12.0 + Features * Track currently active PromQL queries in a log file. #5794 * Enable and provide binaries for `mips64` / `mips64le` architectures. #5792 + Enhancements * Improve responsiveness of targets web UI and API endpoint. #5740 * Improve remote write desired shards calculation. #5763 * Flush TSDB pages more precisely. tsdb#660 * Add `prometheus_tsdb_retention_limit_bytes` metric. tsdb#667 * Add logging during TSDB WAL replay on startup. tsdb#662 * Improve TSDB memory usage. tsdb#653, tsdb#643, tsdb#654, tsdb#642, tsdb#627 + Bug fixes * Check for duplicate label names in remote read. #5829 * Mark deleted rules' series as stale on next evaluation. #5759 * Fix JavaScript error when showing warning about out-of-sync server time. #5833 * Fix `promtool test rules` panic when providing empty `exp_labels`. #5774 * Only check last directory when discovering checkpoint number. #5756 * Fix error propagation in WAL watcher helper functions. #5741 * Correctly handle empty labels from alert templates. #5845
Update Uyuni/SUSE Manager service discovery patch + Adapt service discovery to the new Uyuni API endpoints + Modified spec file: force golang 1.12 to fix build issues in SLE15SP2
Update to Prometheus 2.11.2

grafana:

Update to version 7.0.3 * Features / Enhancements - Stats: include all fields. #24829, @ryantxu - Variables: change VariableEditorList row action Icon to IconButton. #25217, @hshoff * Bug fixes - Cloudwatch: Fix dimensions of DDoSProtection. #25317, @papagian - Configuration: Fix env var override of sections containing hyphen. #25178, @marefr - Dashboard: Get panels in collapsed rows. #25079, @peterholmberg - Do not show alerts tab when alerting is disabled. #25285, @dprokop - Jaeger: fixes cascader option label duration value. #25129, @Estrax - Transformations: Fixed Transform tab crash & no update after adding first transform. #25152, @torkelo
Update to version 7.0.2 * Bug fixes - Security: Urgent security patch release to fix CVE-2020-13379
Update to version 7.0.1 * Features / Enhancements - Datasource/CloudWatch: Makes CloudWatch Logs query history more readable. #24795, @kaydelaney - Download CSV: Add date and time formatting. #24992, @ryantxu - Table: Make last cell value visible when right aligned. #24921, @peterholmberg - TablePanel: Adding sort order persistance. #24705, @torkelo - Transformations: Display correct field name when using reduce transformation. #25068, @peterholmberg - Transformations: Allow custom number input for binary operations. #24752, @ryantxu * Bug fixes - Dashboard/Links: Fixes dashboard links by tags not working. #24773, @KamalGalrani - Dashboard/Links: Fixes open in new window for dashboard link. #24772, @KamalGalrani - Dashboard/Links: Variables are resolved and limits to 100. #25076, @hugohaggmark - DataLinks: Bring back variables interpolation in title. #24970, @dprokop - Datasource/CloudWatch: Field suggestions no longer limited to prefix-only. #24855, @kaydelaney - Explore/Table: Keep existing field types if possible. #24944, @kaydelaney - Explore: Fix wrap lines toggle for results of queries with filter expression. #24915, @ivanahuckova - Explore: fix undo in query editor. #24797, @zoltanbedi - Explore: fix word break in type head info. #25014, @zoltanbedi - Graph: Legend decimals now work as expected. #24931, @torkelo - LoginPage: Fix hover color for service buttons. #25009, @tskarhed - LogsPanel: Fix scrollbar. #24850, @ivanahuckova - MoveDashboard: Fix for moving dashboard caused all variables to be lost. #25005, @torkelo - Organize transformer: Use display name in field order comparer. #24984, @dprokop - Panel: shows correct panel menu items in view mode. #24912, @hugohaggmark - PanelEditor Fix missing labels and description if there is only single option in category. #24905, @dprokop - PanelEditor: Overrides name matcher still show all original field names even after Field default display name is specified. #24933, @torkelo - PanelInspector: Makes sure Data display options are visible. #24902, @hugohaggmark - PanelInspector: Hides unsupported data display options for Panel type. #24918, @hugohaggmark - PanelMenu: Make menu disappear on button press. #25015, @tskarhed - Postgres: Fix add button. #25087, @phemmer - Prometheus: Fix recording rules expansion. #24977, @ivanahuckova - Stackdriver: Fix creating Service Level Objectives (SLO) datasource query variable. #25023, @papagian
Update to version 7.0.0 * Breaking changes - Removed PhantomJS: PhantomJS was deprecated in Grafana v6.4 and starting from Grafana v7.0.0, all PhantomJS support has been removed. This means that Grafana no longer ships with a built-in image renderer, and we advise you to install the Grafana Image Renderer plugin. - Dashboard: A global minimum dashboard refresh interval is now enforced and defaults to 5 seconds. - Interval calculation: There is now a new option Max data points that controls the auto interval $__interval calculation. Interval was previously calculated by dividing the panel width by the time range. With the new max data points option it is now easy to set $__interval to a dynamic value that is time range agnostic. For example if you set Max data points to 10 Grafana will dynamically set $__interval by dividing the current time range by 10. - Datasource/Loki: Support for deprecated Loki endpoints has been removed. - Backend plugins: Grafana now requires backend plugins to be signed, otherwise Grafana will not load/start them. This is an additional security measure to make sure backend plugin binaries and files haven't been tampered with. Refer to Upgrade Grafana for more information. - @grafana/ui: Forms migration notice, see @grafana/ui changelog - @grafana/ui: Select API change for creating custom values, see @grafana/ui changelog + Deprecation warnings - Scripted dashboards is now deprecated. The feature is not removed but will be in a future release. We hope to address the underlying requirement of dynamic dashboards in a different way. #24059 - The unofficial first version of backend plugins together with usage of grafana/grafana-plugin-model is now deprecated and support for that will be removed in a future release. Please refer to backend plugins documentation for information about the new officially supported backend plugins. * Features / Enhancements - Backend plugins: Log deprecation warning when using the unofficial first version of backend plugins. #24675, @marefr - Editor: New line on Enter, run query on Shift+Enter. #24654, @davkal - Loki: Allow multiple derived fields with the same name. #24437, @aocenas - Orgs: Add future deprecation notice. #24502, @torkelo * Bug Fixes - @grafana/toolkit: Use process.cwd() instead of PWD to get directory. #24677, @zoltanbedi - Admin: Makes long settings values line break in settings page. #24559, @hugohaggmark - Dashboard: Allow editing provisioned dashboard JSON and add confirmation when JSON is copied to dashboard. #24680, @dprokop - Dashboard: Fix for strange 'dashboard not found' errors when opening links in dashboard settings. #24416, @torkelo - Dashboard: Fix so default data source is selected when data source can't be found in panel editor. #24526, @mckn - Dashboard: Fixed issue changing a panel from transparent back to normal in panel editor. #24483, @torkelo - Dashboard: Make header names reflect the field name when exporting to CSV file from the the panel inspector. #24624, @peterholmberg - Dashboard: Make sure side pane is displayed with tabs by default in panel editor. #24636, @dprokop - Data source: Fix query/annotation help content formatting. #24687, @AgnesToulet - Data source: Fixes async mount errors. #24579, @Estrax - Data source: Fixes saving a data source without failure when URL doesn't specify a protocol. #24497, @aknuds1 - Explore/Prometheus: Show results of instant queries only in table. #24508, @ivanahuckova - Explore: Fix rendering of react query editors. #24593, @ivanahuckova - Explore: Fixes loading more logs in logs context view. #24135, @Estrax - Graphite: Fix schema and dedupe strategy in rollup indicators for Metrictank queries. #24685, @torkelo - Graphite: Makes query annotations work again. #24556, @hugohaggmark - Logs: Clicking 'Load more' from context overlay doesn't expand log row. #24299, @kaydelaney - Logs: Fix total bytes process calculation. #24691, @davkal - Org/user/team preferences: Fixes so UI Theme can be set back to Default. #24628, @AgnesToulet - Plugins: Fix manifest validation. #24573, @aknuds1 - Provisioning: Use proxy as default access mode in provisioning. #24669, @bergquist - Search: Fix select item when pressing enter and Grafana is served using a sub path. #24634, @tskarhed - Search: Save folder expanded state. #24496, @Clarity-89 - Security: Tag value sanitization fix in OpenTSDB data source. #24539, @rotemreiss - Table: Do not include angular options in options when switching from angular panel. #24684, @torkelo - Table: Fixed persisting column resize for time series fields. #24505, @torkelo - Table: Fixes Cannot read property subRows of null. #24578, @hugohaggmark - Time picker: Fixed so you can enter a relative range in the time picker without being converted to absolute range. #24534, @mckn - Transformations: Make transform dropdowns not cropped. #24615, @dprokop - Transformations: Sort order should be preserved as entered by user when using the reduce transformation. #24494, @hugohaggmark - Units: Adds scale symbol for currencies with suffixed symbol. #24678, @hugohaggmark - Variables: Fixes filtering options with more than 1000 entries. #24614, @hugohaggmark - Variables: Fixes so Textbox variables read value from url. #24623, @hugohaggmark - Zipkin: Fix error when span contains remoteEndpoint. #24524, @aocenas - SAML: Switch from email to login for user login attribute mapping (Enterprise)
Update Makefile and spec file * Remove phantomJS patch from Makefile * Fix multiline strings in Makefile * Exclude s390 from SLE12 builds, golang 1.14 is not built for s390
Add instructions for patching the Grafana javascript frontend.
BuildRequires golang(API) instead of go metapackage version range * BuildRequires: golang(API) >= 1.14 from BuildRequires: ( go >= 1.14 with go < 1.15 )
Update to version 6.7.3 - This version fixes bsc#1170557 and its corresponding CVE-2020-12245 - Admin: Fix Synced via LDAP message for non-LDAP external users. #23477, @alexanderzobnin - Alerting: Fixes notifications for alerts with empty message in Google Hangouts notifier. #23559, @hugohaggmark - AuthProxy: Fixes bug where long username could not be cached.. #22926, @jcmcken - Dashboard: Fix saving dashboard when editing raw dashboard JSON model. #23314, @peterholmberg - Dashboard: Try to parse 8 and 15 digit numbers as timestamps if parsing of time range as date fails. #21694, @jessetan - DashboardListPanel: Fixed problem with empty panel after going into edit mode (General folder filter being automatically added) . #23426, @torkelo - Data source: Handle datasource withCredentials option properly. #23380, @hvtuananh - Security: Fix annotation popup XSS vulnerability. #23813, @torkelo - Server: Exit Grafana with status code 0 if no error. #23312, @aknuds1 - TablePanel: Fix XSS issue in header column rename (backport). #23814, @torkelo - Variables: Fixes error when setting adhoc variable values. #23580, @hugohaggmark
Update to version 6.7.2: (see installed changelog for the full list of changes) - BackendSrv: Adds config to response to fix issue for external plugins that used this property . #23032, @torkelo - Dashboard: Fixed issue with saving new dashboard after changing title . #23104, @dprokop - DataLinks: make sure we use the correct datapoint when dataset contains null value.. #22981, @mckn - Plugins: Fixed issue for plugins that imported dateMath util . #23069, @mckn - Security: Fix for dashboard snapshot original dashboard link could contain XSS vulnerability in url. #23254, @torkelo - Variables: Fixes issue with too many queries being issued for nested template variables after value change. #23220, @torkelo - Plugins: Expose promiseToDigest. #23249, @torkelo - Reporting (Enterprise): Fixes issue updating a report created by someone else
Update to 6.7.1: (see installed changelog for the full list of changes) Bug Fixes - Azure: Fixed dropdowns not showing current value. #22914, @torkelo - BackendSrv: only add content-type on POST, PUT requests. #22910, @hugohaggmark - Panels: Fixed size issue with panel internal size when exiting panel edit mode. #22912, @torkelo - Reporting: fixes migrations compatibility with mysql (Enterprise) - Reporting: Reduce default concurrency limit to 4 (Enterprise)
Update to 6.7.0: (see installed changelog for the full list of changes) Bug Fixes - AngularPanels: Fixed inner height calculation for angular panels . #22796, @torkelo - BackendSrv: makes sure provided headers are correctly recognized and set. #22778, @hugohaggmark - Forms: Fix input suffix position (caret-down in Select) . #22780, @torkelo - Graphite: Fixed issue with query editor and next select metric now showing after selecting metric node . #22856, @torkelo - Rich History: UX adjustments and fixes. #22729, @ivanahuckova
Update to 6.7.0-beta1: Breaking changes - Slack: Removed Mention setting and instead introduce Mention Users, Mention Groups, and Mention Channel. The first two settings require user and group IDs, respectively. This change was necessary because the way of mentioning via the Slack API changed and mentions in Slack notifications no longer worked. - Alerting: Reverts the behavior of diff and percent_diff to not always be absolute. Something we introduced by mistake in 6.1.0. Alerting now support diff(), diff_abs(), percent_diff() and percent_diff_abs(). #21338 - Notice about changes in backendSrv for plugin authors In our mission to migrate away from AngularJS to React we have removed all AngularJS dependencies in the core data retrieval service backendSrv. Removing the AngularJS dependencies in backendSrv has the unfortunate side effect of AngularJS digest no longer being triggered for any request made with backendSrv. Because of this, external plugins using backendSrv directly may suffer from strange behaviour in the UI. To remedy this issue, as a plugin author you need to trigger the digest after a direct call to backendSrv. Bug Fixes API: Fix redirect issues. #22285, @papagian Alerting: Don't include image_url field with Slack message if empty. #22372, @aknuds1 Alerting: Fixed bad background color for default notifications in alert tab . #22660, @krvajal Annotations: In table panel when setting transform to annotation, they will now show up right away without a manual refresh. #22323, @krvajal Azure Monitor: Fix app insights source to allow for new __timeFrom and __timeTo. #21879, @ChadNedzlek BackendSrv: Fixes POST body for form data. #21714, @hugohaggmark CloudWatch: Credentials cache invalidation fix. #22473, @sunker CloudWatch: Expand alias variables when query yields no result. #22695, @sunker Dashboard: Fix bug with NaN in alerting. #22053, @a-melnyk Explore: Fix display of multiline logs in log panel and explore. #22057, @thomasdraebing Heatmap: Legend color range is incorrect when using custom min/max. #21748, @sv5d Security: Fixed XSS issue in dashboard history diff . #22680, @torkelo StatPanel: Fixes base color is being used for null values . #22646, @torkelo
Update to version 6.6.2: (see installed changelog for the full list of changes)
Update to version 6.6.1: (see installed changelog for the full list of changes)
Update to version 6.6.0: (see installed changelog for the full list of changes)
Update to version 6.5.3: (see installed changelog for the full list of changes)
Update to version 6.5.2: (see installed changelog for the full list of changes)
Update to version 6.5.1: (see installed changelog for the full list of changes)
Update to version 6.5.0 (see installed changelog for the full list of changes)
Update to version 6.4.5: * Create version 6.4.5 * CloudWatch: Fix high CPU load (#20579)
Add obs-service-go_modules to download required modules into vendor.tar.gz
Adjusted spec file to use vendor.tar.gz
Adjusted Makefile to work with new filenames
BuildRequire go1.14
Update to version 6.4.4: * DataLinks: Fix blur issues. #19883, @aocenas * Docker: Makes it possible to parse timezones in the docker image. #20081, @xlson * LDAP: All LDAP servers should be tried even if one of them returns a connection error. #20077, @jongyllen * LDAP: No longer shows incorrectly matching groups based on role in debug page. #20018, @xlson * Singlestat: Fix no data / null value mapping . #19951, @ryantxu
Revert the spec file and make script
Remove PhantomJS dependency
Update to 6.4.3 * Bug Fixes - Alerting: All notification channels should send even if one fails to send. #19807, @jan25 - AzureMonitor: Fix slate interference with dropdowns. #19799, @aocenas - ContextMenu: make ContextMenu positioning aware of the viewport width. #19699, @krvajal - DataLinks: Fix context menu not showing in singlestat-ish visualisations. #19809, @dprokop - DataLinks: Fix url field not releasing focus. #19804, @aocenas - Datasource: Fixes clicking outside of some query editors required 2 clicks. #19822, @aocenas - Panels: Fixes default tab for visualizations without Queries Tab. #19803, @hugohaggmark - Singlestat: Fixed issue with mapping null to text. #19689, @torkelo - @grafana/toolkit: Don't fail plugin creation when git user.name config is not set. #19821, @dprokop - @grafana/toolkit: TSLint line number off by 1. #19782, @fredwangwang
Update to 6.4.2 * Bug Fixes - CloudWatch: Changes incorrect dimension wmlid to wlmid . #19679, @ATTron - Grafana Image Renderer: Fixes plugin page. #19664, @hugohaggmark - Graph: Fixes auto decimals logic for y axis ticks that results in too many decimals for high values. #19618, @torkelo - Graph: Switching to series mode should re-render graph. #19623, @torkelo - Loki: Fix autocomplete on label values. #19579, @aocenas - Loki: Removes live option for logs panel. #19533, @davkal - Profile: Fix issue with user profile not showing more than sessions sessions in some cases. #19578, @huynhsamha - Prometheus: Fixes so results in Panel always are sorted by query order. #19597, @hugohaggmark - ShareQuery: Fixed issue when using -- Dashboard -- datasource (to share query result) when dashboard had rows. #19610, @torkelo - Show SAML login button if SAML is enabled. #19591, @papagian - SingleStat: Fixes postfix/prefix usage. #19687, @hugohaggmark - Table: Proper handling of json data with dataframes. #19596, @marefr - Units: Fixed wrong id for Terabits/sec. #19611, @andreaslangnevyjel
Changes from 6.4.1 * Bug Fixes - Provisioning: Fixed issue where empty nested keys in YAML provisioning caused a server crash, #19547 - ImageRendering: Fixed issue with image rendering in enterprise build (Enterprise) - Reporting: Fixed issue with reporting service when STMP was disabled (Enterprise).
Changes from 6.4.0 * Features / Enhancements - Build: Upgrade go to 1.12.10. #19499, @marefr - DataLinks: Suggestions menu improvements. #19396, @dprokop - Explore: Take root_url setting into account when redirecting from dashboard to explore. #19447, @ivanahuckova - Explore: Update broken link to logql docs. #19510, @ivanahuckova - Logs: Adds Logs Panel as a visualization. #19504, @davkal * Bug Fixes - CLI: Fix version selection for plugin install. #19498, @aocenas - Graph: Fixes minor issue with series override color picker and custom color . #19516, @torkelo
Changes from 6.4.0 Beta 2 * Features / Enhancements - Azure Monitor: Remove support for cross resource queries (#19115)'. #19346, @sunker - Docker: Upgrade packages to resolve reported vulnerabilities. #19188, @marefr - Graphite: Time range expansion reduced from 1 minute to 1 second. #19246, @torkelo - grafana/toolkit: Add plugin creation task. #19207, @dprokop * Bug Fixes - Alerting: Prevents creating alerts from unsupported queries. #19250, @hugohaggmark - Alerting: Truncate PagerDuty summary when greater than 1024 characters. #18730, @nvllsvm - Cloudwatch: Fix autocomplete for Gamelift dimensions. #19146, @kevinpz - Dashboard: Fix export for sharing when panels use default data source. #19315, @torkelo - Database: Rewrite system statistics query to perform better. #19178, @papagian - Gauge/BarGauge: Fix issue with [object Object] in titles . #19217, @ryantxu - MSSQL: Revert usage of new connectionstring format introduced by #18384. #19203, @marefr - Multi-LDAP: Do not fail-fast on invalid credentials. #19261, @gotjosh - MySQL, Postgres, MSSQL: Fix validating query with template variables in alert . #19237, @marefr - MySQL, Postgres: Update raw sql when query builder updates. #19209, @marefr - MySQL: Limit datasource error details returned from the backend. #19373, @marefr
Changes from 6.4.0 Beta 1 * Features / Enhancements - API: Readonly datasources should not be created via the API. #19006, @papagian - Alerting: Include configured AlertRuleTags in Webhooks notifier. #18233, @dominic-miglar - Annotations: Add annotations support to Loki. #18949, @aocenas - Annotations: Use a single row to represent a region. #17673, @ryantxu - Auth: Allow inviting existing users when login form is disabled. #19048, @548017 - Azure Monitor: Add support for cross resource queries. #19115, @sunker - CLI: Allow installing custom binary plugins. #17551, @aocenas - Dashboard: Adds Logs Panel (alpha) as visualization option for Dashboards. #18641, @hugohaggmark - Dashboard: Reuse query results between panels . #16660, @ryantxu - Dashboard: Set time to to 23:59:59 when setting To time using calendar. #18595, @simPod - DataLinks: Add DataLinks support to Gauge, BarGauge and SingleStat2 panel. #18605, @ryantxu - DataLinks: Enable access to labels & field names. #18918, @torkelo - DataLinks: Enable multiple data links per panel. #18434, @dprokop - Docker: switch docker image to alpine base with phantomjs support. #18468, @DanCech - Elasticsearch: allow templating queries to order by doc_count. #18870, @hackery - Explore: Add throttling when doing live queries. #19085, @aocenas - Explore: Adds ability to go back to dashboard, optionally with query changes. #17982, @kaydelaney - Explore: Reduce default time range to last hour. #18212, @davkal - Gauge/BarGauge: Support decimals for min/max. #18368, @ryantxu - Graph: New series override transform constant that renders a single point as a line across the whole graph. #19102, @davkal - Image rendering: Add deprecation warning when PhantomJS is used for rendering images. #18933, @papagian - InfluxDB: Enable interpolation within ad-hoc filter values. #18077, @kvc-code - LDAP: Allow an user to be synchronized against LDAP. #18976, @gotjosh - Ldap: Add ldap debug page. #18759, @peterholmberg - Loki: Remove prefetching of default label values. #18213, @davkal - Metrics: Add failed alert notifications metric. #18089, @koorgoo - OAuth: Support JMES path lookup when retrieving user email. #14683, @bobmshannon - OAuth: return GitLab groups as a part of user info (enable team sync). #18388, @alexanderzobnin - Panels: Add unit for electrical charge - ampere-hour. #18950, @anirudh-ramesh - Plugin: AzureMonitor - Reapply MetricNamespace support. #17282, @raphaelquati - Plugins: better warning when plugins fail to load. #18671, @ryantxu - Postgres: Add support for scram sha 256 authentication. #18397, @nonamef - RemoteCache: Support SSL with Redis. #18511, @kylebrandt - SingleStat: The gauge option in now disabled/hidden (unless it's an old panel with it already enabled) . #18610, @ryantxu - Stackdriver: Add extra alignment period options. #18909, @sunker - Units: Add South African Rand (ZAR) to currencies. #18893, @jeteon - Units: Adding T,P,E,Z,and Y bytes. #18706, @chiqomar * Bug Fixes - Alerting: Notification is sent when state changes from no_data to ok. #18920, @papagian - Alerting: fix duplicate alert states when the alert fails to save to the database. #18216, @kylebrandt - Alerting: fix response popover prompt when add notification channels. #18967, @lzdw - CloudWatch: Fix alerting for queries with Id (using GetMetricData). #17899, @alex-berger - Explore: Fix auto completion on label values for Loki. #18988, @aocenas - Explore: Fixes crash using back button with a zoomed in graph. #19122, @hugohaggmark - Explore: Fixes so queries in Explore are only run if Graph/Table is shown. #19000, @hugohaggmark - MSSQL: Change connectionstring to URL format to fix using passwords with semicolon. #18384, @Russiancold - MSSQL: Fix memory leak when debug enabled. #19049, @briangann - Provisioning: Allow escaping literal '$' with '$$' in configs to avoid interpolation. #18045, @kylebrandt - TimePicker: Fixes hiding time picker dropdown in FireFox. #19154, @hugohaggmark * Breaking changes + Annotations There are some breaking changes in the annotations HTTP API for region annotations. Region annotations are now represented using a single event instead of two seperate events. Check breaking changes in HTTP API below and HTTP API documentation for more details. + Docker Grafana is now using Alpine 3.10 as docker base image. + HTTP API - GET /api/alert-notifications now requires at least editor access. New /api/alert-notifications/lookup returns less information than /api/alert-notifications and can be access by any authenticated user. - GET /api/alert-notifiers now requires at least editor access - GET /api/org/users now requires org admin role. New /api/org/users/lookup returns less information than /api/org/users and can be access by users that are org admins, admin in any folder or admin of any team. - GET /api/annotations no longer returns regionId property. - POST /api/annotations no longer supports isRegion property. - PUT /api/annotations/:id no longer supports isRegion property. - PATCH /api/annotations/:id no longer supports isRegion property. - DELETE /api/annotations/region/:id has been removed. * Deprecation notes + PhantomJS - PhantomJS, which is used for rendering images of dashboards and panels, is deprecated and will be removed in a future Grafana release. A deprecation warning will from now on be logged when Grafana starts up if PhantomJS is in use. Please consider migrating from PhantomJS to the Grafana Image Renderer plugin.
Changes from 6.3.6 * Features / Enhancements - Metrics: Adds setting for turning off total stats metrics. #19142, @marefr * Bug Fixes - Database: Rewrite system statistics query to perform better. #19178, @papagian - Explore: Fixes error when switching from prometheus to loki data sources. #18599, @kaydelaney
Rebase package spec. Use mostly from fedora, fix suse specified things and fix some errors.
Add missing directories provisioning/datasources and provisioning/notifiers and sample.yaml as described in packaging/rpm/control from upstream. Missing directories are shown in logfiles.
Version 6.3.5 * Upgrades + Build: Upgrade to go 1.12.9. * Bug Fixes + Dashboard: Fixes dashboards init failed loading error for dashboards with panel links that had missing properties. + Editor: Fixes issue where only entire lines were being copied. + Explore: Fixes query field layout in splitted view for Safari browsers. + LDAP: multildap + ldap integration. + Profile/UserAdmin: Fix for user agent parser crashes grafana-server on 32-bit builds. + Prometheus: Prevents panel editor crash when switching to Prometheus datasource. + Prometheus: Changes brace-insertion behavior to be less annoying.
Version 6.3.4 * Security: CVE-2019-15043 - Parts of the HTTP API allow unauthenticated use.
Version 6.3.3 * Bug Fixes + Annotations: Fix failing annotation query when time series query is cancelled. #18532 1, @dprokop 1 + Auth: Do not set SameSite cookie attribute if cookie_samesite is none. #18462 1, @papagian 3 + DataLinks: Apply scoped variables to data links correctly. #18454 1, @dprokop 1 + DataLinks: Respect timezone when displaying datapoint’s timestamp in graph context menu. #18461 2, @dprokop 1 + DataLinks: Use datapoint timestamp correctly when interpolating variables. #18459 1, @dprokop 1 + Explore: Fix loading error for empty queries. #18488 1, @davkal + Graph: Fixes legend issue clicking on series line icon and issue with horizontal scrollbar being visible on windows. #18563 1, @torkelo 2 + Graphite: Avoid glob of single-value array variables . #18420, @gotjosh + Prometheus: Fix queries with label_replace remove the $1 match when loading query editor. #18480 5, @hugohaggmark 3 + Prometheus: More consistently allows for multi-line queries in editor. #18362 2, @kaydelaney 2 + TimeSeries: Assume values are all numbers. #18540 4, @ryantxu
Version 6.3.2 * Bug Fixes + Gauge/BarGauge: Fixes issue with losts thresholds and issue loading Gauge with avg stat. #18375 12
Version 6.3.1 * Bug Fixes + PanelLinks: Fix crash issue Gauge & Bar Gauge for panels with panel links (drill down links). #18430 2
Version 6.3.0 * Features / Enhancements + OAuth: Do not set SameSite OAuth cookie if cookie_samesite is None. #18392 4, @papagian 3 + Auth Proxy: Include additional headers as part of the cache key. #18298 6, @gotjosh + Build grafana images consistently. #18224 12, @hassanfarid + Docs: SAML. #18069 11, @gotjosh + Permissions: Show plugins in nav for non admin users but hide plugin configuration. #18234 1, @aocenas + TimePicker: Increase max height of quick range dropdown. #18247 2, @torkelo 2 + Alerting: Add tags to alert rules. #10989 13, @Thib17 1 + Alerting: Attempt to send email notifications to all given email addresses. #16881 1, @zhulongcheng + Alerting: Improve alert rule testing. #16286 2, @marefr + Alerting: Support for configuring content field for Discord alert notifier. #17017 2, @jan25 + Alertmanager: Replace illegal chars with underscore in label names. #17002 5, @bergquist 1 + Auth: Allow expiration of API keys. #17678, @papagian 3 + Auth: Return device, os and browser when listing user auth tokens in HTTP API. #17504, @shavonn 1 + Auth: Support list and revoke of user auth tokens in UI. #17434 2, @shavonn 1 + AzureMonitor: change clashing built-in Grafana variables/macro names for Azure Logs. #17140, @shavonn 1 + CloudWatch: Made region visible for AWS Cloudwatch Expressions. #17243 2, @utkarshcmu + Cloudwatch: Add AWS DocDB metrics. #17241, @utkarshcmu + Dashboard: Use timezone dashboard setting when exporting to CSV. #18002 1, @dehrax + Data links. #17267 11, @torkelo 2 + Docker: Switch base image to ubuntu:latest from debian:stretch to avoid security issues… #17066 5, @bergquist 1 + Elasticsearch: Support for visualizing logs in Explore . #17605 7, @marefr + Explore: Adds Live option for supported datasources. #17062 1, @hugohaggmark 3 + Explore: Adds orgId to URL for sharing purposes. #17895 1, @kaydelaney 2 + Explore: Adds support for new loki ‘start’ and ‘end’ params for labels endpoint. #17512, @kaydelaney 2 + Explore: Adds support for toggling raw query mode in explore. #17870, @kaydelaney 2 + Explore: Allow switching between metrics and logs . #16959 2, @marefr + Explore: Combines the timestamp and local time columns into one. #17775, @hugohaggmark 3 + Explore: Display log lines context . #17097, @dprokop 1 + Explore: Don’t parse log levels if provided by field or label. #17180 1, @marefr + Explore: Improves performance of Logs element by limiting re-rendering. #17685, @kaydelaney 2 + Explore: Support for new LogQL filtering syntax. #16674 4, @davkal + Explore: Use new TimePicker from Grafana/UI. #17793, @hugohaggmark 3 + Explore: handle newlines in LogRow Highlighter. #17425, @rrfeng 1 + Graph: Added new fill gradient option. #17528 3, @torkelo 2 + GraphPanel: Don’t sort series when legend table & sort column is not visible . #17095, @shavonn 1 + InfluxDB: Support for visualizing logs in Explore. #17450 9, @hugohaggmark 3 + Logging: Login and Logout actions (#17760). #17883 1, @ATTron + Logging: Move log package to pkg/infra. #17023, @zhulongcheng + Metrics: Expose stats about roles as metrics. #17469 2, @bergquist 1 + MySQL/Postgres/MSSQL: Add parsing for day, weeks and year intervals in macros. #13086 6, @bernardd + MySQL: Add support for periodically reloading client certs. #14892, @tpetr + Plugins: replace dataFormats list with skipDataQuery flag in plugin.json. #16984, @ryantxu + Prometheus: Take timezone into account for step alignment. #17477, @fxmiii + Prometheus: Use overridden panel range for $__range instead of dashboard range. #17352, @patrick246 + Prometheus: added time range filter to series labels query. #16851 3, @FUSAKLA + Provisioning: Support folder that doesn’t exist yet in dashboard provisioning. #17407 1, @Nexucis + Refresh picker: Handle empty intervals. #17585 1, @dehrax + Singlestat: Add y min/max config to singlestat sparklines. #17527 4, @pitr + Snapshot: use given key and deleteKey. #16876, @zhulongcheng + Templating: Correctly display __text in multi-value variable after page reload. #17840 1, @EduardSergeev + Templating: Support selecting all filtered values of a multi-value variable. #16873 2, @r66ad + Tracing: allow propagation with Zipkin headers. #17009 4, @jrockway + Users: Disable users removed from LDAP. #16820 2, @alexanderzobnin * Bug Fixes + PanelLinks: Fix render issue when there is no panel description. #18408 3, @dehrax + OAuth: Fix “missing saved state” OAuth login failure due to SameSite cookie policy. #18332 1, @papagian 3 + cli: fix for recognizing when in dev mode… #18334, @xlson + DataLinks: Fixes incorrect interpolation of ${__series_name} . #18251 1, @torkelo 2 + Loki: Display live tailed logs in correct order in Explore. #18031 3, @kaydelaney 2 + PhantomJS: Fixes rendering on Debian Buster. #18162 2, @xlson + TimePicker: Fixed style issue for custom range popover. #18244, @torkelo 2 + Timerange: Fixes a bug where custom time ranges didn’t respect UTC. #18248 1, @kaydelaney 2 + remote_cache: Fix redis connstr parsing. #18204 1, @mblaschke + AddPanel: Fix issue when removing moved add panel widget . #17659 2, @dehrax + CLI: Fix encrypt-datasource-passwords fails with sql error. #18014, @marefr + Elasticsearch: Fix default max concurrent shard requests. #17770 4, @marefr + Explore: Fix browsing back to dashboard panel. #17061, @jschill + Explore: Fix filter by series level in logs graph. #17798, @marefr + Explore: Fix issues when loading and both graph/table are collapsed. #17113, @marefr + Explore: Fix selection/copy of log lines. #17121, @marefr + Fix: Wrap value of multi variable in array when coming from URL. #16992 1, @aocenas + Frontend: Fix for Json tree component not working. #17608, @srid12 + Graphite: Fix for issue with alias function being moved last. #17791, @torkelo 2 + Graphite: Fixes issue with seriesByTag & function with variable param. #17795, @torkelo 2 + Graphite: use POST for /metrics/find requests. #17814 2, @papagian 3 + HTTP Server: Serve Grafana with a custom URL path prefix. #17048 6, @jan25 + InfluxDB: Fixes single quotes are not escaped in label value filters. #17398 1, @Panzki + Prometheus: Correctly escape ‘|’ literals in interpolated PromQL variables. #16932, @Limess + Prometheus: Fix when adding label for metrics which contains colons in Explore. #16760, @tolwi + SinglestatPanel: Remove background color when value turns null. #17552 1, @druggieri
Make phantomjs dependency configurable
Create plugin directory and clean up (create in %install, add to %files) handling of /var/lib/grafana/* and

koan:

Calculate relative path for kernel and inited when generating grub entry (bsc#1170231)
Fix os-release version detection for SUSE

mgr-cfg:

Remove commented code in test files
Replace spacewalk-usix with uyuni-common-libs
Bump version to 4.1.0 (bsc#1154940)
Add mgr manpage links

mgr-custom-info:

Bump version to 4.1.0 (bsc#1154940)

mgr-daemon:

Bump version to 4.1.0 (bsc#1154940)
Fix systemd timer configuration on SLE12 (bsc#1142038)

mgr-osad:

Separate osa-dispatcher and jabberd so it can be disabled independently
Replace spacewalk-usix with uyuni-common-libs
Bump version to 4.1.0 (bsc#1154940)
Move /usr/share/rhn/config-defaults to uyuni-base-common
Require uyuni-base-common for /etc/rhn (for osa-dispatcher)
Ensure bytes type when using hashlib to avoid traceback (bsc#1138822)

mgr-push:

Replace spacewalk-usix and spacewalk-backend-libs with uyuni-common-libs
Bump version to 4.1.0 (bsc#1154940)

mgr-virtualization:

Replace spacewalk-usix with uyuni-common-libs
Bump version to 4.1.0 (bsc#1154940)
Fix mgr-virtualization timer

rhnlib:

Fix building
Fix malformed XML response when data contains non-ASCII chars (bsc#1154968)
Bump version to 4.1.0 (bsc#1154940)
Fix bootstrapping SLE11SP4 trad client with SSL enabled (bsc#1148177)

spacecmd:

Only report real error, not result (bsc#1171687)
Use defined return values for spacecmd methods so scripts can check for failure (bsc#1171687)
Disable globbing for api subcommand to allow wildcards in filter settings (bsc#1163871)
Bugfix: attempt to purge SSM when it is empty (bsc#1155372)
Bump version to 4.1.0 (bsc#1154940)
Prevent error when piping stdout in Python 2 (bsc#1153090)
Java api expects content as encoded string instead of encoded bytes like before (bsc#1153277)
Enable building and installing for Ubuntu 16.04 and Ubuntu 18.04
Add unit test for schedule, errata, user, utils, misc, configchannel and kickstart modules
Multiple minor bugfixes alongside the unit tests
Bugfix: referenced variable before assignment.
Add unit test for report, package, org, repo and group

spacewalk-client-tools:

Add workaround for uptime overflow to spacewalk-update-status as well (bsc#1165921)
Spell correctly 'successful' and 'successfully'
Skip dmidecode data on aarch64 to prevent coredump (bsc#1113160)
Replace spacewalk-usix with uyuni-common-libs
Return a non-zero exit status on errors in rhn_check
Bump version to 4.1.0 (bsc#1154940)
Make a explicit requirement to systemd for spacewalk-client-tools when rhnsd timer is installed

spacewalk-koan:

Bump version to 4.1.0 (bsc#1154940)
Require commands we use in merge-rd.sh

spacewalk-oscap:

Bump version to 4.1.0 (bsc#1154940)

spacewalk-remote-utils:

Update spacewalk-create-channel with RHEL 7.7 channel definitions
Bump version to 4.1.0 (bsc#1154940)

supportutils-plugin-susemanager-client:

Bump version to 4.1.0 (bsc#1154940)

suseRegisterInfo:

SuseRegisterInfo only needs perl-base, not full perl (bsc#1168310)
Bump version to 4.1.0 (bsc#1154940)

zypp-plugin-spacewalk:

1.0.7
Prevent issue with non-ASCII characters in Python 2 systems (bsc#1172462)

Advisory ID	SUSE-RU-2020:2374-1
Released	Fri Aug 28 12:59:39 2020
Summary	Recommended update for SUSE Manager Client Tools
Type	recommended
Severity	moderate
References	1171281,1172709,1173149,1173584,1174405,1174965

Description:

This update fixes the following issues:
POS_Image-Graphical7:

Add plymouth-plugin-label-ft package to all *7 templates and set them to be of SLE15SP2 version
Add optional dracut-wireless comment section and move wpa_suplicant there

POS_Image-JeOS7:

Add plymouth-plugin-label-ft package to all *7 templates and set them to be of SLE15SP2 version
Add optional dracut-wireless comment section and move wpa_suplicant there

dracut-saltboot:

Use automatic RAID assembly only in the first phase before start of salt

dracut-wireless:

Make sure ifup is scheduled (bsc#1173149)

golang-github-prometheus-prometheus:

Add support for Prometheus exporters proxy

mgr-osad:

Move uyuni-base-common dependency from mgr-osad to mgr-osa-dispatcher (bsc#1174405)

spacecmd:

Fix softwarechannel update for vendor channels (bsc#1172709)
Fix escaping of package names (bsc#1171281)

spacewalk-koan:

Use the 4.1 image to fix tests

suseRegisterInfo:

Enhance RedHat product detection for CentOS and OracleLinux (bsc#1173584)

uyuni-common-libs:

Fix issues importing RPM packages with long RPM headers (bsc#1174965)

Advisory ID	SUSE-RU-2020:2539-1
Released	Fri Sep 4 16:43:26 2020
Summary	Recommended update for golang-github-QubitProducts-exporter_exporter
Type	recommended
Severity	important
References	1175946

Description:

This Maintenance update for SUSE Manager fixes the following issue:

Add requires for fillup, groupadd, useradd, systemd (bsc#1175946)

Advisory ID	SUSE-SU-2020:2606-1
Released	Fri Sep 11 09:01:11 2020
Summary	Security update for golang-github-prometheus-prometheus
Type	security
Severity	moderate
References	1143913,1175478,CVE-2019-10215

Description:

This update for golang-github-prometheus-prometheus to version 2.18.0 fixes the following issues:

Fixed some building issues (bsc#1175478)
prometheus components systemd units should depend on network target (bsc#1143913).

Update to 2.18.0 + Features * Tracing: Added experimental Jaeger support #7148 + Changes * Federation: Only use local TSDB for federation (ignore remote read). #7096 * Rules: `rule_evaluations_total` and `rule_evaluation_failures_total` have a `rule_group` label now. #7094 + Enhancements * TSDB: Significantly reduce WAL size kept around after a block cut. #7098 * Discovery: Add `architecture` meta label for EC2. #7000 + Bug fixes * UI: Fixed wrong MinTime reported by /status. #7182 * React UI: Fixed multiselect legend on OSX. #6880 * Remote Write: Fixed blocked resharding edge case. #7122 * Remote Write: Fixed remote write not updating on relabel configs change. #7073

Changes from 2.17.2 + Bug fixes * Federation: Register federation metrics #7081 * PromQL: Fix panic in parser error handling #7132 * Rules: Fix reloads hanging when deleting a rule group that is being evaluated #7138 * TSDB: Fix a memory leak when prometheus starts with an empty TSDB WAL #7135 * TSDB: Make isolation more robust to panics in web handlers #7129 #7136
Changes from 2.17.1 + Bug fixes * TSDB: Fix query performance regression that increased memory and CPU usage #7051
Changes from 2.17.0 + Features * TSDB: Support isolation #6841 * This release implements isolation in TSDB. API queries and recording rules are guaranteed to only see full scrapes and full recording rules. This comes with a certain overhead in resource usage. Depending on the situation, there might be some increase in memory usage, CPU usage, or query latency. + Enhancements * PromQL: Allow more keywords as metric names #6933 * React UI: Add normalization of localhost URLs in targets page #6794 * Remote read: Read from remote storage concurrently #6770 * Rules: Mark deleted rule series as stale after a reload #6745 * Scrape: Log scrape append failures as debug rather than warn #6852 * TSDB: Improve query performance for queries that partially hit the head #6676 * Consul SD: Expose service health as meta label #5313 * EC2 SD: Expose EC2 instance lifecycle as meta label #6914 * Kubernetes SD: Expose service type as meta label for K8s service role #6684 * Kubernetes SD: Expose label_selector and field_selector #6807 * Openstack SD: Expose hypervisor id as meta label #6962 + Bug fixes * PromQL: Do not escape HTML-like chars in query log #6834 #6795 * React UI: Fix data table matrix values #6896 * React UI: Fix new targets page not loading when using non-ASCII characters #6892 * Remote read: Fix duplication of metrics read from remote storage with external labels #6967 #7018 * Remote write: Register WAL watcher and live reader metrics for all remotes, not just the first one #6998 * Scrape: Prevent removal of metric names upon relabeling #6891 * Scrape: Fix 'superfluous response.WriteHeader call' errors when scrape fails under some circonstances #6986 * Scrape: Fix crash when reloads are separated by two scrape intervals #7011
Changes from 2.16.0 + Features * React UI: Support local timezone on /graph #6692 * PromQL: add absent_over_time query function #6490 * Adding optional logging of queries to their own file #6520 + Enhancements * React UI: Add support for rules page and 'Xs ago' duration displays #6503 * React UI: alerts page, replace filtering togglers tabs with checkboxes #6543 * TSDB: Export metric for WAL write errors #6647 * TSDB: Improve query performance for queries that only touch the most recent 2h of data. #6651 * PromQL: Refactoring in parser errors to improve error messages #6634 * PromQL: Support trailing commas in grouping opts #6480 * Scrape: Reduce memory usage on reloads by reusing scrape cache #6670 * Scrape: Add metrics to track bytes and entries in the metadata cache #6675 * promtool: Add support for line-column numbers for invalid rules output #6533 * Avoid restarting rule groups when it is unnecessary #6450 + Bug fixes * React UI: Send cookies on fetch() on older browsers #6553 * React UI: adopt grafana flot fix for stacked graphs #6603 * React UI: broken graph page browser history so that back button works as expected #6659 * TSDB: ensure compactionsSkipped metric is registered, and log proper error if one is returned from head.Init #6616 * TSDB: return an error on ingesting series with duplicate labels #6664 * PromQL: Fix unary operator precedence #6579 * PromQL: Respect query.timeout even when we reach query.max-concurrency #6712 * PromQL: Fix string and parentheses handling in engine, which affected React UI #6612 * PromQL: Remove output labels returned by absent() if they are produced by multiple identical label matchers #6493 * Scrape: Validate that OpenMetrics input ends with `# EOF` #6505 * Remote read: return the correct error if configs can't be marshal'd to JSON #6622 * Remote write: Make remote client `Store` use passed context, which can affect shutdown timing #6673 * Remote write: Improve sharding calculation in cases where we would always be consistently behind by tracking pendingSamples #6511 * Ensure prometheus_rule_group metrics are deleted when a rule group is removed #6693
Changes from 2.15.2 + Bug fixes * TSDB: Fixed support for TSDB blocks built with Prometheus before 2.1.0. #6564 * TSDB: Fixed block compaction issues on Windows. #6547
Changes from 2.15.1 + Bug fixes * TSDB: Fixed race on concurrent queries against same data. #6512
Changes from 2.15.0 + Features * API: Added new endpoint for exposing per metric metadata `/metadata`. #6420 #6442 + Changes * Discovery: Removed `prometheus_sd_kubernetes_cache_*` metrics. Additionally `prometheus_sd_kubernetes_workqueue_latency_seconds` and `prometheus_sd_kubernetes_workqueue_work_duration_seconds` metrics now show correct values in seconds. #6393 * Remote write: Changed `query` label on `prometheus_remote_storage_*` metrics to `remote_name` and `url`. #6043 + Enhancements * TSDB: Significantly reduced memory footprint of loaded TSDB blocks. #6418 #6461 * TSDB: Significantly optimized what we buffer during compaction which should result in lower memory footprint during compaction. #6422 #6452 #6468 #6475 * TSDB: Improve replay latency. #6230 * TSDB: WAL size is now used for size based retention calculation. #5886 * Remote read: Added query grouping and range hints to the remote read request #6401 * Remote write: Added `prometheus_remote_storage_sent_bytes_total` counter per queue. #6344 * promql: Improved PromQL parser performance. #6356 * React UI: Implemented missing pages like `/targets` #6276, TSDB status page #6281 #6267 and many other fixes and performance improvements. * promql: Prometheus now accepts spaces between time range and square bracket. e.g `[ 5m]` #6065 + Bug fixes * Config: Fixed alertmanager configuration to not miss targets when configurations are similar. #6455 * Remote write: Value of `prometheus_remote_storage_shards_desired` gauge shows raw value of desired shards and it's updated correctly. #6378 * Rules: Prometheus now fails the evaluation of rules and alerts where metric results collide with labels specified in `labels` field. #6469 * API: Targets Metadata API `/targets/metadata` now accepts empty `match_targets` parameter as in the spec. #6303
Changes from 2.14.0 + Features * API: `/api/v1/status/runtimeinfo` and `/api/v1/status/buildinfo` endpoints added for use by the React UI. #6243 * React UI: implement the new experimental React based UI. #5694 and many more * Can be found by under `/new`. * Not all pages are implemented yet. * Status: Cardinality statistics added to the Runtime & Build Information page. #6125 + Enhancements * Remote write: fix delays in remote write after a compaction. #6021 * UI: Alerts can be filtered by state. #5758 + Bug fixes * Ensure warnings from the API are escaped. #6279 * API: lifecycle endpoints return 403 when not enabled. #6057 * Build: Fix Solaris build. #6149 * Promtool: Remove false duplicate rule warnings when checking rule files with alerts. #6270 * Remote write: restore use of deduplicating logger in remote write. #6113 * Remote write: do not reshard when unable to send samples. #6111 * Service discovery: errors are no longer logged on context cancellation. #6116, #6133 * UI: handle null response from API properly. #6071
Changes from 2.13.1 + Bug fixes * Fix panic in ARM builds of Prometheus. #6110 * promql: fix potential panic in the query logger. #6094 * Multiple errors of http: superfluous response.WriteHeader call in the logs. #6145
Changes from 2.13.0 + Enhancements * Metrics: renamed prometheus_sd_configs_failed_total to prometheus_sd_failed_configs and changed to Gauge #5254 * Include the tsdb tool in builds. #6089 * Service discovery: add new node address types for kubernetes. #5902 * UI: show warnings if query have returned some warnings. #5964 * Remote write: reduce memory usage of the series cache. #5849 * Remote read: use remote read streaming to reduce memory usage. #5703 * Metrics: added metrics for remote write max/min/desired shards to queue manager. #5787 * Promtool: show the warnings during label query. #5924 * Promtool: improve error messages when parsing bad rules. #5965 * Promtool: more promlint rules. #5515 + Bug fixes * UI: Fix a Stored DOM XSS vulnerability with query history [CVE-2019-10215](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10215). #6098 * Promtool: fix recording inconsistency due to duplicate labels. #6026 * UI: fixes service-discovery view when accessed from unhealthy targets. #5915 * Metrics format: OpenMetrics parser crashes on short input. #5939 * UI: avoid truncated Y-axis values. #6014
Changes from 2.12.0 + Features * Track currently active PromQL queries in a log file. #5794 * Enable and provide binaries for `mips64` / `mips64le` architectures. #5792 + Enhancements * Improve responsiveness of targets web UI and API endpoint. #5740 * Improve remote write desired shards calculation. #5763 * Flush TSDB pages more precisely. tsdb#660 * Add `prometheus_tsdb_retention_limit_bytes` metric. tsdb#667 * Add logging during TSDB WAL replay on startup. tsdb#662 * Improve TSDB memory usage. tsdb#653, tsdb#643, tsdb#654, tsdb#642, tsdb#627 + Bug fixes * Check for duplicate label names in remote read. #5829 * Mark deleted rules' series as stale on next evaluation. #5759 * Fix JavaScript error when showing warning about out-of-sync server time. #5833 * Fix `promtool test rules` panic when providing empty `exp_labels`. #5774 * Only check last directory when discovering checkpoint number. #5756 * Fix error propagation in WAL watcher helper functions. #5741 * Correctly handle empty labels from alert templates. #5845

Update to Prometheus 2.11.2

+ Fixes crashes when systems have no FQDN + Adds Parallel calls to Uyuni API, meaningful performance increase + Adds Support for system group labels

Build with PIE

Only package required files (reduces rpm size by 4 MB)
Add sysconfig file
Add firewall config file
Use variables for defining user and group

Add support for Uyuni/SUSE Manager service discovery

readded _service file removed in error.
Update to 2.11.1 + Bug Fix: * Fix potential panic when prometheus is watching multiple zookeeper paths.
Update to 2.11.0 + Bug Fix: * resolve race condition in maxGauge. * Fix ZooKeeper connection leak. * Improved atomicity of .tmp block replacement during compaction for usual case. * Fix 'unknown series references' after clean shutdown. * Re-calculate block size when calling block.Delete. * Fix unsafe snapshots with head block. * prometheus_tsdb_compactions_failed_total is now incremented on any compaction failure. + Changes: * Remove max_retries from queue_config (it has been unused since rewriting remote-write to utilize the write-ahead-log) * The meta file BlockStats no longer holds size information. This is now dynamically calculated and kept in memory. It also includes the meta file size which was not included before * Renamed metric from prometheus_tsdb_wal_reader_corruption_errors to prometheus_tsdb_wal_reader_corruption_errors_total + Features: * Add option to use Alertmanager API v2. * Added humanizePercentage function for templates. * Include InitContainers in Kubernetes Service Discovery. * Provide option to compress WAL records using Snappy. + Enhancements: * Create new clean segment when starting the WAL. * Reduce allocations in PromQL aggregations. * Add storage warnings to LabelValues and LabelNames API results. * Add prometheus_http_requests_total metric. * Enable openbsd/arm build. * Remote-write allocation improvements. * Query performance improvement: Efficient iteration and search in HashForLabels and HashWithoutLabels. * Allow injection of arbitrary headers in promtool. * Allow passing external_labels in alert unit tests groups. * Allows globs for rules when unit testing. * Improved postings intersection matching. * Reduced disk usage for WAL for small setups. * Optimize queries using regexp for set lookups.

Update to 2.10.0: + Bug Fixes: * TSDB: Don't panic when running out of disk space and recover nicely from the condition * TSDB: Correctly handle empty labels. * TSDB: Don't crash on an unknown tombstone reference. * Storage/remote: Remove queue-manager specific metrics if queue no longer exists. * PromQL: Correctly display {__name__='a'}. * Discovery/kubernetes: Use service rather than ingress as the name for the service workqueue. * Discovery/azure: Don't panic on a VM with a public IP. * Web: Fixed Content-Type for js and css instead of using /etc/mime.types. * API: Encode alert values as string to correctly represent Inf/NaN. + Features: * Template expansion: Make external labels available as $externalLabels in alert and console template expansion. * TSDB: Add prometheus_tsdb_wal_segment_current metric for the WAL segment index that TSDB is currently writing to. tsdb * Scrape: Add scrape_series_added per-scrape metric. #5546 + Enhancements * Discovery/kubernetes: Add labels __meta_kubernetes_endpoint_node_name and __meta_kubernetes_endpoint_hostname. * Discovery/azure: Add label __meta_azure_machine_public_ip. * TSDB: Simplify mergedPostings.Seek, resulting in better performance if there are many posting lists. tsdb * Log filesystem type on startup. * Cmd/promtool: Use POST requests for Query and QueryRange. client_golang * Web: Sort alerts by group name. * Console templates: Add convenience variables $rawParams, $params, $path.
Upadte to 2.9.2 + Bug Fixes: * Make sure subquery range is taken into account for selection * Exhaust every request body before closing it * Cmd/promtool: return errors from rule evaluations * Remote Storage: string interner should not panic in release * Fix memory allocation regression in mergedPostings.Seek tsdb
Update to 2.9.1 + Bug Fixes: * Discovery/kubernetes: fix missing label sanitization * Remote_write: Prevent reshard concurrent with calling stop
Update to 2.9.0 + Feature: * Add honor_timestamps scrape option. + Enhancements: * Update Consul to support catalog.ServiceMultipleTags. * Discovery/kubernetes: add present labels for labels/annotations. * OpenStack SD: Add ProjectID and UserID meta labels. * Add GODEBUG and retention to the runtime page. * Add support for POSTing to /series endpoint. * Support PUT methods for Lifecycle and Admin APIs. * Scrape: Add global jitter for HA server. * Check for cancellation on every step of a range evaluation. * String interning for labels & values in the remote_write path. * Don't lose the scrape cache on a failed scrape. * Reload cert files from disk automatically. common * Use fixed length millisecond timestamp format for logs. common * Performance improvements for postings. Bug Fixes: * Remote Write: fix checkpoint reading. * Check if label value is valid when unmarshaling external labels from YAML. * Promparse: sort all labels when parsing. * Reload rules: copy state on both name and labels. * Exponentation operator to drop metric name in result of operation. * Config: resolve more file paths. * Promtool: resolve relative paths in alert test files. * Set TLSHandshakeTimeout in HTTP transport. common * Use fsync to be more resilient to machine crashes. * Keep series that are still in WAL in checkpoints.
Update to 2.8.1 + Bug Fixes * Display the job labels in /targets which was removed accidentally
Update to 2.8.0 + Change: * This release uses Write-Ahead Logging (WAL) for the remote_write API. This currently causes a slight increase in memory usage, which will be addressed in future releases. * Default time retention is used only when no size based retention is specified. These are flags where time retention is specified by the flag --storage.tsdb.retention and size retention by --storage.tsdb.retention.size. * prometheus_tsdb_storage_blocks_bytes_total is now prometheus_tsdb_storage_blocks_bytes. + Feature: * (EXPERIMENTAL) Time overlapping blocks are now allowed; vertical compaction and vertical query merge. It is an optional feature which is controlled by the --storage.tsdb.allow-overlapping-blocks flag, disabled by default. + Enhancements:

* Use the WAL for remote_write API. * Query performance improvements. * UI enhancements with upgrade to Bootstrap 4. * Reduce time that Alertmanagers are in flux when reloaded. * Limit number of metrics displayed on UI to 10000. * (1) Remember All/Unhealthy choice on target-overview when reloading page. (2) Resize text-input area on Graph page on mouseclick. * In histogram_quantile merge buckets with equivalent le values. * Show list of offending labels in the error message in many-to-many scenarios. * Show Storage Retention criteria in effect on /status page. + Bug Fixes: + Fix sorting of rule groups. + Fix support for password_file and bearer_token_file in Kubernetes SD. + Scrape: catch errors when creating HTTP clients + Adds new metrics: prometheus_target_scrape_pools_total prometheus_target_scrape_pools_failed_total prometheus_target_scrape_pool_reloads_total prometheus_target_scrape_pool_reloads_failed_total + Fix panic when aggregator param is not a literal.

Advisory ID	SUSE-RU-2020:2839-1
Released	Fri Oct 2 12:16:15 2020
Summary	Recommended update for SUSE Manager Client Tools
Type	recommended
Severity	moderate
References	1173268,1175889

Description:

This update fixes the following issues:
POS_Image-Graphical7:

Set wicked to use plain mac address for computing DHCP DUID (bsc#1173268)

POS_Image-JeOS7:

Set wicked to use plain mac address for computing DHCP DUID (bsc#1173268)

dracut-saltboot:

Set wicked to use plain mac address for computing DHCP DUID
Copy wicked lease xml file to prevent query for second IP address (bsc#1173268)

golang-github-QubitProducts-exporter_exporter:

Pin Golang version to 1.14

mgr-daemon:

Remove duplicate languages and update translation strings

spacecmd:

Fix softwarechannel_listlatestpackages throwing error on empty channels (bsc#1175889)

spacewalk-client-tools:

Remove duplicated languages and update translation strings

Advisory ID	SUSE-OU-2020:3291-1
Released	Wed Nov 11 12:26:29 2020
Summary	Optional update for python-redis and redis
Type	optional
Severity	moderate
References	1002351,1047218,1061967,1064980,1097430,1131555,798455,835815,991250,CVE-2013-7458,CVE-2015-8080,CVE-2016-10517,CVE-2016-8339,CVE-2017-15047,CVE-2018-11218,CVE-2018-11219

Description:

This optional update for python-redis and redis provides the following fixes
python-redis:

Update to version to 3.4.1 (jsc#ECO-2417) * Move the username argument in the Redis and Connection classes to the end of the argument list. This helps those poor souls that specify all their connection options as non-keyword arguments. * Prior to ACL support, redis-py ignored the username component of Connection URLs. With ACL support, usernames are no longer ignored and are used to authenticate against an ACL rule. Some cloud vendors with managed Redis instances (like Heroku) provide connection URLs with a username component pre-ACL that is not intended to be used. Sending that username to Redis servers < 6.0.0 results in an error. Attempt to detect this condition and retry the AUTH command with only the password such that authentication continues to work for these users. * Removed the __eq__ hooks to Redis and ConnectionPool that were added in 3.4.0. This ended up being a bad idea as two separate connection pools be considered equal yet manage a completely separate set of connections. * Allow empty pipelines to be executed if there are WATCHed keys. This is a convenient way to test if any of the watched keys changed without actually running any other commands. * Removed support for end of life Python 3.4. * Added support for all ACL commands in Redis 6. * Pipeline instances now always evaluate to True. Prior to this change, pipeline instances relied on __len__ for boolean evaluation which meant that pipelines with no commands on the stack would be considered False. * Client instances and Connection pools now support a 'client_name' argument. If supplied, all connections created will call CLIENT SETNAME as soon as the connection is opened. * Added the 'ssl_check_hostname' argument to specify whether SSL connections should require the server hostname to match the hostname specified in the SSL cert. By default 'ssl_check_hostname' is False for backwards compatibility. * Added support for the TYPE argument to SCAN. * Better thread and fork safety in ConnectionPool and BlockingConnectionPool. Added better locking to synchronize critical sections rather than relying on CPython-specific implementation details relating to atomic operations. Adjusted how the pools identify and deal with a fork. Added a ChildDeadlockedError exception that is raised by child processes in the very unlikely chance that a deadlock is encountered. * Further fix for the SSLError -> TimeoutError mapping to work on obscure releases of Python 2.7. * Fixed a potential error handling bug for the SSLError -> TimeoutError mapping introduced in 3.3.9. * Mapped Python 2.7 SSLError to TimeoutError where appropriate. Timeouts should now consistently raise TimeoutErrors on Python 2.7 for both unsecured and secured connections. * Fixed MONITOR parsing to properly parse IPv6 client addresses * Fixed a regression introduced in 3.3.0 * Resolve a race condition with the PubSubWorkerThread. * Response callbacks are now case insensitive. * Added support for hiredis-py 1.0.0 encoding error support. * Add READONLY and READWRITE commands. * Added extensive health checks that keep the connections lively. * Many more changes, see upstream changelog. * Add missing build dependency setuptools * Fix SentinelConnectionPool to work in multiprocess/forked environments

Update to 3.2.0 (bsc#1131555) * Added support for `select.poll` to test whether data can be read on a socket. This should allow for significantly more connections to be used with pubsub. * Attempt to guarentee that the ConnectionPool hands out healthy connections. Healthy connections are those that have an established socket connection to the Redis server, are ready to accept a command and have no data available to read. * Use the socket.IPPROTO_TCP constant instead of socket.SOL_TCP. IPPROTO_TCP is available on more interpreters (Jython for instance). * Fixed a regression introduced in 3.0 that mishandles exceptions not derived from the base Exception class. KeyboardInterrupt and gevent.timeout notable. * Significant improvements to handing connections with forked processes. Parent and child processes no longer trample on each others' connections. * PythonParser no longer closes the associated connection's socket. The connection itself will close the socket. * Connection URLs must have one of the following schemes: redis://, rediss://, unix://. * Fixed an issue with retry_on_timeout logic that caused some TimeoutErrors to be retried. * Added support for SNI for SSL. * Fixed ConnectionPool repr for pools with no connections. * Fixed GEOHASH to return a None value when specifying a place that doesn't exist on the server. * Fixed XREADGROUP to return an empty dictionary for messages that have been deleted but still exist in the unacknowledged queue. * Added an owned method to Lock objects. owned returns a boolean indicating whether the current lock instance still owns the lock. * Allow lock.acquire() to accept an optional token argument. If provided, the token argument is used as the unique value used to claim the lock. * Added a reacquire method to Lock objects. reaquire attempts to renew the lock such that the timeout is extended to the same value that the lock was initially acquired with. * Stream names found within XREAD and XREADGROUP responses now properly respect the decode_responses flag. * XPENDING_RANGE now requires the user the specify the min, max and count arguments. Newer versions of Redis prevent count from being infinite so it's left to the user to specify these values explicitly. * ZADD now returns None when xx=True and incr=True and an element is specified that doesn't exist in the sorted set. This matches what the server returns in this case. * Added client_kill_filter that accepts various filters to identify and kill clients. * Fixed a race condition that occurred when unsubscribing and resubscribing to the same channel or pattern in rapid succession. * Added a LockNotOwnedError that is raised when trying to extend or release a lock that is no longer owned. This is a subclass of LockError so previous code should continue to work as expected. * Fixed a bug in GEORADIUS that forced decoding of places without respecting the decode_responses option. * add recommendation for python-hiredis * Fixed regression with UnixDomainSocketConnection caused by 3.0.0. * Fixed an issue with the new asynchronous flag on flushdb and flushall. * Updated Lock.locked() method to indicate whether *any* process has acquired the lock, not just the current one. This is in line with the behavior of threading.Lock.

Update to version 3.0.0: BACKWARDS INCOMPATIBLE CHANGES * When using a Lock as a context manager and the lock fails to be acquired a LockError is now raised. This prevents the code block inside the context manager from being executed if the lock could not be acquired. * Renamed LuaLock to Lock. * Removed the pipeline based Lock implementation in favor of the LuaLock implementation. * Only bytes, strings and numbers (ints, longs and floats) are acceptable for keys and values. Previously redis-py attempted to cast other types to str() and store the result. This caused must confusion and frustration when passing boolean values (cast to 'True' and 'False') or None values (cast to 'None'). It is now the user's responsibility to cast all key names and values to bytes, strings or numbers before passing the value to redis-py. * The StrictRedis class has been renamed to Redis. StrictRedis will continue to exist as an alias of Redis for the forseeable future. * The legacy Redis client class has been removed. It caused much confusion to users. * ZINCRBY arguments 'value' and 'amount' have swapped order to match the the Redis server. The new argument order is: keyname, amount, value. * MGET no longer raises an error if zero keys are passed in. Instead an empty list is returned. * MSET and MSETNX now require all keys/values to be specified in a single dictionary argument named mapping. This was changed to allow for future options to these commands in the future. * ZADD now requires all element names/scores be specified in a single dictionary argument named mapping. This was required to allow the NX, XX, CH and INCR options to be specified. OTHER CHANGES * Added missing DECRBY command. * CLUSTER INFO and CLUSTER NODES respones are now properly decoded to strings. * Added a 'locked()' method to Lock objects. This method returns True if the lock has been acquired and owned by the current process, otherwise False. * EXISTS now supports multiple keys. It's return value is now the number of keys in the list that exist. * Ensure all commands can accept key names as bytes. This fixes issues with BLPOP, BRPOP and SORT. * All errors resulting from bad user input are raised as DataError exceptions. DataError is a subclass of RedisError so this should be transparent to anyone previously catching these. * Added support for NX, XX, CH and INCR options to ZADD * Added support for the MIGRATE command * Added support for the MEMORY USAGE and MEMORY PURGE commands. * Added support for the 'asynchronous' argument to FLUSHDB and FLUSHALL commands. * Added support for the BITFIELD command. * Improved performance on pipeline requests with large chunks of data. * Fixed test suite to not fail if another client is connected to the server the tests are running against. * Added support for SWAPDB. * Added support for all STREAM commands. * SHUTDOWN now accepts the 'save' and 'nosave' arguments. * Added support for ZPOPMAX, ZPOPMIN, BZPOPMAX, BZPOPMIN. * Added support for the 'type' argument in CLIENT LIST. * Added support for CLIENT PAUSE. * Added support for CLIENT ID and CLIENT UNBLOCK. * GEODIST now returns a None value when referencing a place that does not exist. * Added a ping() method to pubsub objects. * Fixed a bug with keys in the INFO dict that contained ':' symbols. * ssl_cert_reqs now has a default value of 'required' by default. This should make connecting to a remote Redis server over SSL more secure. * max_connections is now a valid querystring argument for creating connection pools from URLs. * Added the UNLINK command. * Added socket_type option to Connection for configurability. * Lock.do_acquire now atomically sets acquires the lock and sets the expire value via set(nx=True, px=timeout). * Added 'count' argument to SPOP. * Fixed an issue parsing client_list respones that contained an '='. * Fix rounding issues with geolocation, it is not stable enought to produce pinpoint equal results among 32bit platforms * Run tests by launching redis server * Require redis on runtime

redis:

Update to version 6.0.8 (jsc#PM-1615, jsc#PM-1622, jsc#PM-1681, jsc#ECO-2867, jsc#PM-1547, jsc#CAPS-56, jsc#SLE-11578, jsc#SLE-12821) * bug fixes when using with Sentinel * bug fixes when using CONFIG REWRITE * Remove THP warning when set to madvise * Allow EXEC with read commands on readonly replica in cluster * Add masters/replicas options to redis-cli --cluster call command * CONFIG SET could hung the client when arrives during RDB/ROF loading * LPOS command when RANK is greater than matches responded with broken protocol * Add oom-score-adj configuration option to control Linux OOM killer * Show IO threads statistics and status in INFO output * Add optional tls verification mode (see tls-auth-clients) * Fix crash when enabling CLIENT TRACKING with prefix * EXEC always fails with EXECABORT and multi-state is cleared * RESTORE ABSTTL won't store expired keys into the db * redis-cli better handling of non-pritable key names * TLS: Ignore client cert when tls-auth-clients off * Tracking: fix invalidation message on flush * Notify systemd on Sentinel startup * Fix crash on a misuse of STRALGO * Fix a few rare leaks (STRALGO error misuse, Sentinel) * Fix a possible invalid access in defrag of scripts * Add LPOS command to search in a list * Use user+pass for MIGRATE in redis-cli and redis-benchmark in cluster mode * redis-cli support TLS for --pipe, --rdb and --replica options * TLS: Session caching configuration support * Fix handling of speical chars in ACL LOAD * Make Redis Cluster more robust about operation errors that may lead to two clusters to mix together * Revert the sendfile() implementation of RDB transfer * Fix TLS certificate loading for chained certificates * Fix AOF rewirting of KEEPTTL SET option * Fix MULTI/EXEC behavior during -BUSY script errors * fix a severe replication bug introduced in Redis 6 by the 'meaningful offset' feature * fix a crash introduced in 6.0.2 * fix to client side caching when keys are evicted from the tracking table but no notifications are sent * add BR pkgconfig(libsystemd) for the rewritten systemd support and force building with it * XCLAIM AOF/replicas propagation fixed. * Client side caching: new NOLOOP option to avoid getting notified about changes performed by ourselves. * ACL GENPASS now uses HMAC-SHA256 and have an optional 'bits' argument. It means you can use it as a general purpose 'secure random strings' primitive! * Cluster 'SLOTS' subcommand memory optimization. * The LCS command is now a subcommand of STRALGO. * Meaningful offset for replicas as well. More successful partial resynchronizations. * Optimize memory usage of deferred replies. * Faster CRC64 algorithm for faster RDB loading. * XINFO STREAM FULL, a new subcommand to get the whole stream state. * CLIENT KILL USER . * MIGRATE AUTH2 option, for ACL style authentication support. * use libatomic also on ppc * add hash file from redis-hashes and verify it during build

Advisory ID	SUSE-RU-2020:3767-1
Released	Fri Dec 11 16:06:22 2020
Summary	Recommended update for apache-commons-el
Type	recommended
Severity	low
References	1179637

Description:

This update for apache-commons-el fixes the following issues:

Provide missing update dependencies for apache-commons-el. (bsc#1179637)

Advisory ID	SUSE-RU-2020:3783-1
Released	Mon Dec 14 12:02:48 2020
Summary	Recommended update for SUSE Manager Client Tools
Type	recommended
Severity	moderate
References	1143913,1176943,1177928

Description:

This update fixes the following issues:
golang-github-prometheus-alertmanager:

Fix building amtool (bsc#1176943)
Fix permissions for /var/lib/prometheus to match golang-github-prometheus-prometheus package. Otherwise the install check will fail.
Update to 0.21.0 + Changes: * [HipChat] Remove HipChat integration as it is end-of-life. #2282 * [amtool] Remove default assignment of environment variables. #2161 * [PagerDuty] Enforce 512KB event size limit. #2225 + Enhancements: * [amtool] Add cluster command to show cluster and peer statuses. #2256 * Add redirection from / to the routes prefix when it isn't empty. #2235 * [Webhook] Add max_alerts option to limit the number of alerts included in the payload. #2274 * Improve logs for API v2, notifications and clustering. #2177 #2188 #2260 #2261 #2273 + Bugfixes: * Fix child routes not inheriting their parent route's grouping when group_by: [...]. * [UI] Fix the receiver selector in the Alerts page when the receiver name contains regular expression metacharacters such as +. * Fix error message about start and end time validation. #2173 * Fix a potential race condition in dispatcher. #2208 * [API v2] Return an empty array of peers when the clustering is disabled. #2203 * Fix the registration of alertmanager_dispatcher_aggregation_groups and alertmanager_dispatcher_alert_processing_duration_seconds metrics. * Always retry notifications with back-off. #2290
Remove rpm group
Update to build with go1.14 for Factory (Tumbleweed)
Refresh example config from upstream
Add network-online (Wants and After) dependency to systemd unit bsc#1143913

mgr-daemon:

Fix removal of mgr-deamon with selinux enabled (bsc#1177928)

spacecmd:

Fix: make spacecmd build on Debian

spacewalk-client-tools:

Update translations

spacewalk-koan:

Adjust ownership of some tests files to fix them

supportutils-plugin-susemanager-client:

Remove checks for obsolete packages
Gather new configfiles
Add more important informations

zypp-plugin-spacewalk:

Support 'allow vendor change' for dist upgrades

Advisory ID	SUSE-RU-2021:333-1
Released	Mon Feb 8 10:31:48 2021
Summary	Recommended update for SUSE Manager Client Tools
Type	recommended
Severity	moderate
References	1176823,1177884,1179555,1179566

Description:

This update fixes the following issues:
golang-github-prometheus-alertmanager:

Exclude s390 architecture
Update packaging * Remove systemd and shadow hard requirements * use the system user provided by the system-user-prometheus subpackge * add 'prometheus-alertmanager' package alias

golang-github-prometheus-prometheus:

Update to upstream version 2.22.1
Update packaging * Remove systemd and shadow hard requirements * use systemd-sysusers to configure the user in a dedicated 'system-user-prometheus' subpackage * add 'prometheus' package alias

grafana:

Update packaging * avoid systemd and shadow hard requirements * Require the user from a new dedicated 'system-user-grafana' sibling package * avoid pinning to a specific Go version in the spec file
Update to version 7.3.1: * Breaking changes - CloudWatch: The AWS CloudWatch data source's authentication scheme has changed. See the upgrade notes for details and how this may affect you. - Units: The date time units `YYYY-MM-DD HH:mm:ss` and `MM/DD/YYYY h:mm:ss a` have been renamed to `Datetime ISO` and `Datetime US` respectively. * Features / Enhancements - AzureMonitor: Support decimal (as float64) type in analytics/logs. - Add monitoring mixing for Grafana. - CloudWatch: Missing Namespace AWS/EC2CapacityReservations. - CloudWatch: Add support for AWS DirectConnect virtual interface metrics and add missing dimensions. - CloudWatch: Adding support for Amazon ElastiCache Redis metrics. - CloudWatch: Adding support for additional Amazon CloudFront metrics. - CloudWatch: Re-implement authentication. - Elasticsearch: Support multiple pipeline aggregations for a query. - Prometheus: Add time range parameters to labels API. - Loki: Visually distinguish error logs for LogQL2. - Api: Add /healthz endpoint for health checks. - API: Enrich add user to org endpoints with user ID in the response. - API: Enrich responses and improve error handling for alerting API endpoints. - Elasticsearch: Add support for date_nanos type. - Elasticsearch: Allow fields starting with underscore. - Elasticsearch: Increase maximum geohash aggregation precision to 12. - Postgres: Support request cancellation properly (Uses new backendSrv.fetch Observable request API). - Provisioning: Remove provisioned dashboards without parental reader. - API: Return ID of the deleted resource for dashboard, datasource and folder DELETE endpoints. - API: Support paging in the admin orgs list API. - API: return resource ID for auth key creation, folder permissions update and user invite complete endpoints. - BackendSrv: Uses credentials, deprecates withCredentials & defaults to same-origin. - CloudWatch: Update list of AmazonMQ metrics and dimensions. - Cloudwatch: Add Support for external ID in assume role. - Cloudwatch: Add af-south-1 region. - DateFormats: Default ISO & US formats never omit date part even if date is today (breaking change). - Explore: Transform prometheus query to elasticsearch query. - InfluxDB/Flux: Increase series limit for Flux datasource. - InfluxDB: exclude result and table column from Flux table results. - InfluxDB: return a table rather than an error when timeseries is missing time. - Loki: Add scopedVars support in legend formatting for repeated variables. - Loki: Re-introduce running of instant queries. - Loki: Support request cancellation properly (Uses new backendSrv.fetch Observable request API). - MixedDatasource: Shows retrieved data even if a data source fails. - Postgres: Support Unix socket for host. - Prometheus: Add scopedVars support in legend formatting for repeated variables. - Prometheus: Support request cancellation properly (Uses new backendSrv.fetch Observable request API). - Prometheus: add $__rate_interval variable. - Table: Adds column filtering. - grafana-cli: Add ability to read password from stdin to reset admin password. - Variables: enables cancel for slow query variables queries. - AzureMonitor: fix panic introduced in 7.1.4 when unit was unspecified and alias was used. - TextPanel: Fix content overflowing panel boundaries. - Fix golang version = 1.14 to avoid dependency conflicts on some OBS projects
Update to version 7.0.0 * Remove phantomJS patch from Makefile

mgr-osad:

Change the log file permissions as expected by logrotate (bsc#1177884)

spacecmd:

Fix spacecmd with no parameters produces traceback on SLE 11 SP4 (bsc#1176823)
Added '-r REVISION' option to the 'configchannel_updateinitsls' command (bsc#1179566)
Fix: internal: workaround for future tee of logs translation

uyuni-common-libs:

Section in Debian packages in now treated as optional (bsc#1179555)

Advisory ID	SUSE-RU-2021:644-1
Released	Fri Feb 26 11:21:54 2021
Summary	Recommended Beta update for SUSE Manager Client Tools
Type	recommended
Severity	moderate
References	1180583,1180585

Description:

This update fixes the following issues:
spacecmd:

Deprecated 'Software Crashes' feature
Document advanced package search on '--help' (bsc#1180583)
Fixed advanced search on 'package_listinstalledsystems'
Fixed duplicate results when using multiple search criteria (bsc#1180585)

Advisory ID	SUSE-SU-2021:2664-1
Released	Thu Aug 12 12:02:29 2021
Summary	Security update for golang-github-prometheus-prometheus
Type	security
Severity	moderate
References	1186242,CVE-2021-29622

Description:

This update for golang-github-prometheus-prometheus fixes the following issues:

Provide and reload firewalld configuration only for: + openSUSE Leap 15.0, 15.1, 15.2 + SUSE SLE15, SLE15 SP1, SLE15 SP2
Upgrade to upstream version 2.27.1 (jsc#SLE-18254) + Bugfix: * SECURITY: Fix arbitrary redirects under the /new endpoint (CVE-2021-29622, bsc#1186242) + Features: * Promtool: Retroactive rule evaluation functionality. #7675 * Configuration: Environment variable expansion for external labels. Behind --enable-feature=expand-external-labels flag. #8649 * TSDB: Add a flag(--storage.tsdb.max-block-chunk-segment-size) to control the max chunks file size of the blocks for small Prometheus instances. * UI: Add a dark theme. #8604 * AWS Lightsail Discovery: Add AWS Lightsail Discovery. #8693 * Docker Discovery: Add Docker Service Discovery. #8629 * OAuth: Allow OAuth 2.0 to be used anywhere an HTTP client is used. #8761 * Remote Write: Send exemplars via remote write. Experimental and disabled by default. #8296 + Enhancements: * Digital Ocean Discovery: Add __meta_digitalocean_vpc label. #8642 * Scaleway Discovery: Read Scaleway secret from a file. #8643 * Scrape: Add configurable limits for label size and count. #8777 * UI: Add 16w and 26w time range steps. #8656 * Templating: Enable parsing strings in humanize functions. #8682 + Bugfixes: * UI: Provide errors instead of blank page on TSDB Status Page. #8654 #8659 * TSDB: Do not panic when writing very large records to the WAL. #8790 * TSDB: Avoid panic when mmaped memory is referenced after the file is closed. #8723 * Scaleway Discovery: Fix nil pointer dereference. #8737 * Consul Discovery: Restart no longer required after config update with no targets. #8766
Add tarball with vendor modules and web assets
Uyuni: Read formula data from exporters map
Uyuni: Add support for TLS targets
Upgrade to upstream version 2.26.0 + Changes * Alerting: Using Alertmanager v2 API by default. #8626 * Prometheus/Promtool: Binaries are now printing help and usage to stdout instead of stderr. #8542 + Features * Remote: Add support for AWS SigV4 auth method for remote_write. #8509 * PromQL: Allow negative offsets. Behind --enable-feature=promql-negative-offset flag. #8487 * UI: Add advanced auto-completion, syntax highlighting and linting to graph page query input. #8634 + Enhancements * PromQL: Add last_over_time, sgn, clamp functions. #8457 * Scrape: Add support for specifying type of Authorization header credentials with Bearer by default. #8512 * Scrape: Add follow_redirects option to scrape configuration. #8546 * Remote: Allow retries on HTTP 429 response code for remote_write. #8237 #8477 * Remote: Allow configuring custom headers for remote_read. #8516 * UI: Hitting Enter now triggers new query. #8581 * UI: Better handling of long rule and names on the /rules and /targets pages. #8608 #8609 * UI: Add collapse/expand all button on the /targets page. #8486
Upgrade to upstream version 2.25.0 + Features * Include a new `--enable-feature=` flag that enables experimental features. + Enhancements * Add optional name property to testgroup for better test failure output. #8440 * Add warnings into React Panel on the Graph page. #8427 * TSDB: Increase the number of buckets for the compaction duration metric. #8342 * Remote: Allow passing along custom remote_write HTTP headers. #8416 * Mixins: Scope grafana configuration. #8332 * Kubernetes SD: Add endpoint labels metadata. #8273 * UI: Expose total number of label pairs in head in TSDB stats page. #8343 * TSDB: Reload blocks every minute, to detect new blocks and enforce retention more often. #8343 + Bug fixes * API: Fix global URL when external address has no port. #8359 * Deprecate unused flag --alertmanager.timeout. #8407
Upgrade to upstream version 2.24.1 + Enhancements * Cache basic authentication results to significantly improve performance of HTTP endpoints.
Upgrade to upstream version 2.24.0 + Features * Add TLS and basic authentication to HTTP endpoints. #8316 * promtool: Add check web-config subcommand to check web config files. #8319 * promtool: Add tsdb create-blocks-from openmetrics subcommand to backfill metrics data from an OpenMetrics file. + Enhancements * HTTP API: Fast-fail queries with only empty matchers. #8288 * HTTP API: Support matchers for labels API. #8301 * promtool: Improve checking of URLs passed on the command line. #7956 * SD: Expose IPv6 as a label in EC2 SD. #7086 * SD: Reuse EC2 client, reducing frequency of requesting credentials. #8311 * TSDB: Add logging when compaction takes more than the block time range. #8151 * TSDB: Avoid unnecessary GC runs after compaction. #8276
Upgrade to upstream version 2.23.0 + Changes * UI: Make the React UI default. #8142 * Remote write: The following metrics were removed/renamed in remote write. #6815 > prometheus_remote_storage_succeeded_samples_total was removed and prometheus_remote_storage_samples_total was introduced for all the samples attempted to send. > prometheus_remote_storage_sent_bytes_total was removed and replaced with prometheus_remote_storage_samples_bytes_total and prometheus_remote_storage_metadata_bytes_total. > prometheus_remote_storage_failed_samples_total -> prometheus_remote_storage_samples_failed_total . > prometheus_remote_storage_retried_samples_total -> prometheus_remote_storage_samples_retried_total. > prometheus_remote_storage_dropped_samples_total -> prometheus_remote_storage_samples_dropped_total. > prometheus_remote_storage_pending_samples -> prometheus_remote_storage_samples_pending. * Remote: Do not collect non-initialized timestamp metrics. #8060 + Enhancements * Remote write: Added a metric prometheus_remote_storage_max_samples_per_send for remote write. #8102 * TSDB: Make the snapshot directory name always the same length. #8138 * TSDB: Create a checkpoint only once at the end of all head compactions. #8067 * TSDB: Avoid Series API from hitting the chunks. #8050 * TSDB: Cache label name and last value when adding series during compactions making compactions faster. #8192 * PromQL: Improved performance of Hash method making queries a bit faster. #8025 * promtool: tsdb list now prints block sizes. #7993 * promtool: Calculate mint and maxt per test avoiding unnecessary calculations. #8096 * SD: Add filtering of services to Docker Swarm SD. #8074
Uyuni: `hostname` label is now set to FQDN instead of IP
Update to upstream version 2.22.1
Update packaging * Remove systemd and shadow hard requirements * use systemd-sysusers to configure the user in a dedicated 'system-user-prometheus' subpackage * add 'prometheus' package alias + Add support for Prometheus exporters proxy
Remove prometheus.firewall.xml source file
Remove firewalld files. They are installed in the main firewalld package.

Advisory ID	SUSE-RU-2021:2667-1
Released	Thu Aug 12 12:03:18 2021
Summary	Recommended update for system-user-prometheus
Type	recommended
Severity	moderate
References

Description:

This recommended update for system-user-prometheus provides the following fixes:

Provide the user and group 'prometheus' to SUSE Enterprise Storage 6 needed by 'golang-github-prometheus-prometheus' (jsc#SLE-18254)

Advisory ID	SUSE-SU-2021:2675-1
Released	Thu Aug 12 12:05:11 2021
Summary	Security update for SUSE Manager Client Tools
Type	security
Severity	moderate
References	1175478,1186242,1186508,1186581,1186650,1188846,CVE-2021-27962,CVE-2021-28146,CVE-2021-28147,CVE-2021-28148,CVE-2021-29622

Description:

This update fixes the following issues:
ansible:

The support level for ansible is l2, not l3

dracut-saltboot:

Force installation of libexpat.so.1 (bsc#1188846)
Use kernel parameters from PXE formula also for local boot

golang-github-prometheus-prometheus:

Provide and reload firewalld configuration only for: + openSUSE Leap 15.0, 15.1, 15.2 + SUSE Linux Enterprise 15, 15 SP1, 15 SP2
Upgrade to upstream version 2.27.1 (jsc#SLE-18254) + Bugfix: * SECURITY: Fix arbitrary redirects under the /new endpoint (CVE-2021-29622, bsc#1186242) * UI: Provide errors instead of blank page on TSDB Status Page. #8654 #8659 * TSDB: Do not panic when writing very large records to the WAL. #8790 * TSDB: Avoid panic when mmaped memory is referenced after the file is closed. #8723 * Scaleway Discovery: Fix nil pointer dereference. #8737 * Consul Discovery: Restart no longer required after config update with no targets. #8766 + Features: * Promtool: Retroactive rule evaluation functionality. * Configuration: Environment variable expansion for external labels. Behind '--enable-feature=expand-external-labels' flag. * Add a flag '--storage.tsdb.max-block-chunk-segment-size' to control the max chunks file size of the blocks for small Prometheus instances. * UI: Add a dark theme. * AWS Lightsail Discovery: Add AWS Lightsail Discovery. * Docker Discovery: Add Docker Service Discovery. * OAuth: Allow OAuth 2.0 to be used anywhere an HTTP client is used. * Remote Write: Send exemplars via remote write. Experimental and disabled by default. + Enhancements: * Digital Ocean Discovery: Add '__meta_digitalocean_vpc' label. * Scaleway Discovery: Read Scaleway secret from a file. * Scrape: Add configurable limits for label size and count. * UI: Add 16w and 26w time range steps. * Templating: Enable parsing strings in humanize functions.
Update package with changes from `server:monitoring` (bsc#1175478) Left out removal of 'firewalld' related configuration files as SUSE Linux Enterprise 15-SP1's `firewalld` package does not contain 'prometheus' configuration yet.

mgr-cfg:

No visible impact for the user

mgr-custom-info:

No visible impact for the user

mgr-osad:

No visible impact for the user

mgr-push:

No visible impact for the user

mgr-virtualization:

No visible impact for the user

rhnlib:

No visible impact for the user

spacecmd:

Make spacecmd aware of retracted patches/packages
Enhance help for installation types when creating distributions (bsc#1186581)
Parse empty argument when nothing in between the separator

spacewalk-client-tools:

Update translation strings

spacewalk-koan:

Fix for spacewalk-koan tests after switching to the new Docker images

spacewalk-oscap:

No visible impact for the user

suseRegisterInfo:

No visible impact for the user

uyuni-common-libs:

Handle broken RPM packages to prevent exceptions causing fails on repository synchronization (bsc#1186650)
Maintainer field in debian packages are only recommended (bsc#1186508)

Advisory ID	SUSE-feature-2021:3166-1
Released	Mon Sep 20 17:25:05 2021
Summary	Feature update for SUSE Manager 4.2.2 Proxy
Type	feature
Severity	moderate
References

Description:

This update provides the following package to SUSE Manager 4.2.2 Proxy
golang-github-prometheus-prometheus:

golang-github-prometheus-prometheus is added to SUSE Manager Proxy as L3 supported.

Advisory ID	SUSE-feature-2021:3168-1
Released	Mon Sep 20 17:25:42 2021
Summary	Feature update for SUSE Manager 4.2.2 Proxy and Server
Type	feature
Severity	moderate
References

Description:

This update provides the following package to SUSE Manager 4.2.2 Proxy
python-pyvmomi:

python-pyvmomi is added to SUSE Manager Proxy as L3 supported.

Advisory ID	SUSE-feature-2021:3169-1
Released	Mon Sep 20 17:26:07 2021
Summary	Feature update for SUSE Manager 4.2.2 Proxy and Server
Type	feature
Severity	moderate
References

Description:

This update provides the following packages to SUSE Manager 4.2.2 Proxy and Server:
ansible:

ansible and ansible-doc are added to SUSE Manager Proxy as L2 supported

golang-github-prometheus-alertmanager:

golang-github-prometheus-alertmanager is added to SUSE Manager Proxy as L3 supported

python-python-memcached:

python-python-memcached is added to SUSE Manager Proxy as L3 supported

python-redis:

python-redis is added to SUSE Manager Proxy as L3 supported

system-user-prometheus:

system-user-prometheus is added to SUSE Manager Proxy as L3 supported

Advisory ID	SUSE-feature-2021:3262-1
Released	Thu Sep 30 11:39:15 2021
Summary	Feature update for SUSE Manager 4.1.11 Proxy
Type	feature
Severity	moderate
References

Description:

This update provides the following packages to SUSE Manager 4.1.11 Proxy
golang-github-prometheus-prometheus:

golang-github-prometheus-prometheus is added to SUSE Manager Proxy as L3 supported

Advisory ID	SUSE-feature-2021:3263-1
Released	Thu Sep 30 11:39:37 2021
Summary	Feature update for SUSE Manager 4.1.11 Proxy
Type	feature
Severity	moderate
References

Description:

This update provides the following packages to SUSE Manager 4.1.11 Proxy
golang-github-prometheus-alertmanager:

golang-github-prometheus-alertmanager is added to SUSE Manager Proxy as L3 supported

system-user-prometheus:

system-user-prometheus is added to SUSE Manager Proxy as L3 supported

Advisory ID	SUSE-feature-2021:3924-1
Released	Fri Dec 3 14:20:03 2021
Summary	Feature update for golang-github-prometheus-alertmanager
Type	feature
Severity	moderate
References	1143913,1176943

Description:

This feature update for golang-github-prometheus-alertmanager fixes the following issue:
Provide version 0.21.0 of golang-github-prometheus-alertmanager (jsc#SLE-21859)

Exclude s390 architecture
Remove systemd and shadow hard requirements
Use the system user provided by the 'system-user-prometheus' subpackge
Add 'prometheus-alertmanager' package alias
Fix building amtool (bsc#1176943)
Fix permissions for '/var/lib/prometheus' to match 'golang-github-prometheus-prometheus' package and avoid installation checks failures
Remove HipChat integration as it is end-of-life.
Remove default assignment of environment variables.
Enforce 512KB event size limit.
Add cluster command to show cluster and peer statuses.
Add redirection from '/' to the routes prefix when it isn't empty.
Add 'max_alerts' option to limit the number of alerts included in the payload.
Improve logs for API v2, notifications and clustering.
Fix child routes not inheriting their parent route's grouping when 'group_by: [...]'.
Fix the receiver selector in the Alerts page when the receiver name contains regular expression metacharacters such as '+'.
Fix error message about start and end time validation.
Fix a potential race condition in dispatcher.
Return an empty array of peers when the clustering is disabled.
Fix the registration of 'alertmanager_dispatcher_aggregation_groups' and 'alertmanager_dispatcher_alert_processing_duration_seconds' metrics.
Always retry notifications with back-off.
Update to build with go1.14
Refresh example config from upstream
Add 'network-online' (Wants and After) dependency to systemd unit (bsc#1143913)

Advisory ID	SUSE-feature-2021:3925-1
Released	Fri Dec 3 14:20:36 2021
Summary	Feature update for SUSE Manager Client Tools
Type	feature
Severity	moderate
References	1191194

Description:

This update fixes the following issues:
prometheus-blackbox_exporter:

Provide 'prometheus-blackbox_exporter' version 0.19.0 (jsc#SLE-22351)
Use '%set_permissions' and '%verify_permissions' for SUSE Linux Enterprise 12 (bsc#1191194)
Set 'CAP_NET_RAW' capability to allow ICMP requests

grafana:

Add URL to package source code in the login page footer

spacecmd:

Update translation strings

spacewalk-client-tools:

Update translation strings

zypp-plugin-spacewalk:

Use proxy configured in 'up2date' config when it is defined
Added RHEL8 build.

Advisory ID	SUSE-feature-2022:446-1
Released	Wed Feb 16 16:25:01 2022
Summary	Feature update for venv-salt-minion
Type	feature
Severity	moderate
References	1000080,1000117,1000194,1000742,1002895,1003091,1005246,1010874,1010966,1011936,1015549,1027610,1027705,1029902,1030038,1032118,1032119,1035604,1039469,1040164,1040256,1041090,1042670,1049186,1049304,1050653,1050665,1055478,1055542,1056951,1057496,1062237,1066873,1068790,1070737,1070738,1070853,1071941,1073310,1073845,1073879,1074247,1076519,1077096,1077230,1078329,1079761,1080301,1081005,1081750,1081751,1082155,1082163,1082318,1083826,1084117,1084157,1085276,1085529,1085661,1087104,1088573,1090427,1090953,1093518,1093917,1094788,1094814,1094883,1095267,1096738,1096937,1097531,1098535,1099308,1099569,1102868,1108508,1109882,1109998,1110435,1110869,1110871,1111493,1111622,1111657,1112357,1115769,1118611,1119376,1119416,1119792,1121717,1121852,1122191,1123064,1123185,1123186,1123558,1124885,1125815,1126283,1126318,1127173,1128146,1128323,1128355,1129071,1129566,1130840,1132174,1132323,1132455,1132663,1132900,1135009,1136444,1138666,1138715,1138746,1139915,1140255,1141168,1142899,1143033,1143454,1143893,1144506,1149686,1149792,1150190,1150895,1153830,1155815,1156677,1156694,1156908,1157104,1157354,1159235,1159538,1161557,1161770,1162224,1162367,1162743,1163978,1164310,1165439,1165578,1165730,1165823,1165960,1166139,1166758,1167008,1167501,1167732,1167746,1168480,1168973,1169489,1170175,1170863,1171368,1171561,1172226,1172908,1172928,1173226,1173356,1174009,1174091,1174514,1175729,1176116,1176129,1176134,1176232,1176256,1176257,1176258,1176259,1176262,1176389,1176785,1176977,1177120,1177127,1177559,1178168,1178341,1178670,1179562,1179630,1179805,1180125,1180781,1181126,1181324,1181944,1182066,1182211,1182244,1182264,1182379,1182963,1183059,1183374,1183858,1184505,1185588,1185706,1185748,1186738,1187045,1190781,1193357,428177,431945,637176,657698,658604,673071,715423,743787,747125,750618,751718,754447,754677,761500,784670,787526,799119,809831,811890,825221,828513,831629,834601,835687,839107,84331,855666,858239,867887,871152,885662,885882,889363,892480,898917,907584,912460,913229,915479,917607,917759,917815,922448,929736,930189,931978,935856,937912,939456,940608,942385,942751,944204,945455,946648,947357,947679,948198,954486,954690,961334,962291,963974,964204,964472,964474,965830,967128,968270,968601,975875,981848,988086,992988,992989,992992,993130,993825,993968,994910,996255,997614,CVE-2011-3389,CVE-2011-4944,CVE-2012-0845,CVE-2012-1150,CVE-2013-1752,CVE-2013-4238,CVE-2013-4314,CVE-2014-0012,CVE-2014-1829,CVE-2014-1830,CVE-2014-2667,CVE-2014-4650,CVE-2014-7202,CVE-2014-7203,CVE-2014-9721,CVE-2015-2296,CVE-2016-10745,CVE-2016-9015,CVE-2017-18342,CVE-2018-18074,CVE-2018-20060,CVE-2018-7750,CVE-2019-10906,CVE-2019-11236,CVE-2019-11324,CVE-2019-13132,CVE-2019-20907,CVE-2019-20916,CVE-2019-5010,CVE-2019-6250,CVE-2019-8341,CVE-2019-9740,CVE-2019-9947,CVE-2020-14343,CVE-2020-15166,CVE-2020-15523,CVE-2020-15801,CVE-2020-1747,CVE-2020-25659,CVE-2020-26137,CVE-2020-27783,CVE-2020-28493,CVE-2020-29651,CVE-2020-36242,CVE-2020-8492,CVE-2021-23336,CVE-2021-28957,CVE-2021-29921,CVE-2021-3177,CVE-2021-33503,CVE-2021-3426

Description:

This feature update for venv-salt-minion provides the following changes:

Introduce `venv-salt-minion`.
Track already fixed issues.

Advisory ID	SUSE-RU-2022:595-1
Released	Mon Feb 28 16:55:47 2022
Summary	Recommended update for SUSE Manager Client Tools
Type	recommended
Severity	moderate
References	1192487,1193600

Description:

This update fixes the following issues:
ansible:

Require python macros for building

mgr-cfg:

Version 4.2.6-1 * Do not build python 2 package for SLE15SP4 and higher
Version 4.2.5-1 * do not build python 2 package for SLE15
Version 4.2.4-1 * Fix python selinux package name depending on build target (bsc#1193600)

mgr-custom-info:

Version 4.2.3-1 * require python macros for building

mgr-osad:

Version 4.2.7-1 * Do not build python 2 package for SLE15SP4 and higher * require python macros for building

mgr-push:

Version 4.2.4-1 * Do not build python 2 package for SLE15SP4 and higher

mgr-virtualization:

Version 4.2.3-1 * Do not build python 2 package for SLE15SP4 and higher * require python macros for building

rhnlib:

Version 4.2.5-1 * do not build python 2 package for SLE15

spacecmd:

Version 4.2.15-1 * require python macros for building

spacewalk-client-tools:

Version 4.2.16-1 * do not build python 2 package for SLE15 * require python macros for building

spacewalk-koan:

Version 4.2.5-1 * Do not build python 2 package for SLE15SP4 and higher

spacewalk-oscap:

Version 4.2.3-1 * Do not build python 2 package for SLE15SP4 and higher * require python macros for building

spacewalk-remote-utils:

Version 4.2.2-1 * require python macros for building

suseRegisterInfo:

Version 4.2.5-1 * require python macros for building * Do not build python 2 package for SLE15 and higher

uyuni-common-libs:

Version 4.2.6-1 * Read modularity data from DISTTAG tag as fallback (bsc#1192487) * require python macros for building

zypp-plugin-spacewalk:

1.0.11 * require python macros for building

Advisory ID	SUSE-feature-2022:599-1
Released	Mon Feb 28 16:59:39 2022
Summary	Feature update for golang-github-prometheus-prometheus
Type	feature
Severity	moderate
References	1181400

Description:

This feature update for golang-github-prometheus-prometheus provides the following changes:
Upgrade `golang-github-prometheus-prometheus` from version 2.27.1 to version 2.32.1: (jsc#SLE-22863)

Use `obs-service-go_modules`
Added hardening to systemd service(s). Modified `prometheus.service` (bsc#1181400)
Bugfixes: * Scrape: Fix reporting metrics when sample limit is reached during the report. * Scrape: Ensure that scrape interval and scrape timeout are always set. * TSDB: Expose and fix bug in iterators' Seek() method. * TSDB: Add more size checks when writing individual sections in the index. * PromQL: Make deriv() return zero values for constant series. * TSDB: Fix panic when checkpoint directory is empty. #9687 * TSDB: Fix panic, out of order chunks, and race warning during WAL replay. * UI: Correctly render links for targets with IPv6 addresses that contain a Zone ID. * Promtool: Fix checking of `authorization.credentials_file` and `bearer_token_file` fields. * Uyuni SD: Fix null pointer exception during initialization. * TSDB: Fix queries after a failed snapshot replay. * SD: Fix a panic when the experimental discovery manager receives targets during a reload. * Backfill: Apply rule labels after query labels. * Scrape: Resolve conflicts between multiple exported label prefixes. * Scrape: Restart scrape loops when __scrape_interval__ is changed. * TSDB: Fix memory leak in samples deletion. * UI: Use consistent margin-bottom for all alert kinds. * TSDB: Fix panic on failed snapshot replay. * TSDB: Don't fail snapshot replay with exemplar storage disabled when the snapshot contains exemplars. * TSDB: Don't error on overlapping m-mapped chunks during WAL replay. * promtool rules backfill: Prevent creation of data before the start time. * promtool rules backfill: Do not query after the end time. * Azure SD: Fix panic when no computername is set. * Exemplars: Fix panic when resizing exemplar storage from 0 to a non-zero size. * TSDB: Correctly decrement `prometheus_tsdb_head_active_appenders` when the append has no samples. * promtool rules backfill: Return 1 if backfill was unsuccessful. * promtool rules backfill: Avoid creation of overlapping blocks. * config: Fix a panic when reloading configuration with a null relabel action. * Fix Kubernetes SD failing to discover Ingress in Kubernetes v1.22. * Fix data race in loading write-ahead-log (WAL). * TSDB: align atomically accessed int64 to prevent panic in 32-bit archs. * Log when total symbol size exceeds 2^32 bytes, causing compaction to fail, and skip compaction. * Fix incorrect target_limit reloading of zero value. * Fix head GC and pending readers race condition. * Fix timestamp handling in OpenMetrics parser. * Fix potential duplicate metrics in /federate endpoint when specifying multiple matchers. * Fix server configuration and validation for authentication via client cert. * Allow start and end again as label names in PromQL queries. They were disallowed since the introduction of @ timestamp feature. * HTTP SD: Allow charset specification in Content-Type header. * HTTP SD: Fix handling of disappeared target groups. * Fix incorrect log-level handling after moving to go-kit/log. * UI: In the experimental PromQL editor, fix autocompletion and parsing for special float values and improve series metadata fetching. * TSDB: When merging chunks, split resulting chunks if they would contain more than the maximum of 120 samples. * SD: Fix the computation of the `prometheus_sd_discovered_targets` metric when using multiple service discoveries.
Change: * remote-write: Change default max retry time from 100ms to 5 seconds. * UI: Remove standard PromQL editor in favour of the codemirror-based editor. * Promote `--storage.tsdb.allow-overlapping-blocks` flag to stable. * Promote `--storage.tsdb.retention.size` flag to stable. * UI: Make the new experimental PromQL editor the default.
Features: * Agent: New mode of operation optimized for remote-write only scenarios, without local storage. * Promtool: Add promtool check service-discovery command. * PromQL: Add trigonometric functions and atan2 binary operator. * Remote: Add support for exemplar in the remote write receiver endpoint. * SD: Add PuppetDB service discovery. * SD: Add Uyuni service discovery. * Web: Add support for security-related HTTP headers. * experimental TSDB: Snapshot in-memory chunks on shutdown for faster restarts. * experimental Scrape: Configure scrape interval and scrape timeout via relabeling using `__scrape_interval__` and `__scrape_timeout__` labels respectively. * Scrape: Add scrape_timeout_seconds and scrape_sample_limit metric. * Add Kuma service discovery. * Add present_over_time PromQL function. * Allow configuring exemplar storage via file and make it reloadable. * UI: Allow selecting time range with mouse drag. * promtool: Add feature flags flag `--enable-feature`. * promtool: Add `file_sd` file validation. * Linode SD: Add Linode service discovery. * HTTP SD: Add generic HTTP-based service discovery. * Kubernetes SD: Allow configuring API Server access via a kubeconfig file. * UI: Add exemplar display support to the graphing interface. * Consul SD: Add namespace support for Consul Enterprise.
Enhancements: * Promtool: Improve test output. * Promtool: Use kahan summation for better numerical stability. * Remote-write: Reuse memory for marshalling. * Scrape: Add scrape_body_size_bytes scrape metric behind the `--enable-feature=extra-scrape-metrics` flag. * TSDB: Add windows arm64 support. * TSDB: Optimize query by skipping unneeded sorting in TSDB. * Templates: Support int and uint as datatypes for template formatting. * UI: Prefer rate over rad, delta over deg, and count over cos in autocomplete. * Azure SD: Add proxy_url, follow_redirects, tls_config. * Backfill: Add `--max-block-duration` in promtool `create-blocks-from` rules. * Config: Print human-readable sizes with unit instead of raw numbers. * HTTP: Re-enable HTTP/2. * Kubernetes SD: Warn user if number of endpoints exceeds limit. * OAuth2: Add TLS configuration to token requests. * PromQL: Several optimizations. * PromQL: Make aggregations deterministic in instant queries. * Rules: Add the ability to limit number of alerts or series. * SD: Experimental discovery manager to avoid restarts upon reload. * UI: Debounce timerange setting changes. * Remote Write: Redact remote write URL when used for metric label. * UI: Redact remote write URL and proxy URL passwords in the /config page. * Scrape: Add --scrape.timestamp-tolerance flag to adjust scrape timestamp tolerance when enabled via `--scrape.adjust-timestamps`. * Remote Write: Improve throughput when sending exemplars. * TSDB: Optimise WAL loading by removing extra map and caching min-time * promtool: Speed up checking for duplicate rules. * Scrape: Reduce allocations when parsing the metrics. * docker_sd: Support host network mode * Reduce blocking of outgoing remote write requests from series garbage collection. * Improve write-ahead-log decoding performance. * Improve append performance in TSDB by reducing mutexes usage. * Allow configuring max_samples_per_send for remote write metadata. * Add `__meta_gce_interface_ipv4_` meta label to GCE discovery. * Add `__meta_ec2_availability_zone_id` meta label to EC2 discovery. * Add `__meta_azure_machine_computer_name` meta label to Azure discovery. * Add `__meta_hetzner_hcloud_labelpresent_` meta label to Hetzner discovery. * promtool: Add compaction efficiency to promtool tsdb analyze reports. * promtool: Allow configuring max block duration for backfilling via `--max-block-duration` flag. * UI: Add sorting and filtering to flags page. * UI: Improve alerts page rendering performance. * Promtool: Allow silencing output when importing / backfilling data. * Consul SD: Support reading tokens from file. * Rules: Add a new .ExternalURL alert field templating variable, containing the external URL of the Prometheus server. * Scrape: Add experimental body_size_limit scrape configuration setting to limit the allowed response body size for target scrapes. * Kubernetes SD: Add ingress class name label for ingress discovery. * UI: Show a startup screen with progress bar when the TSDB is not ready yet. * SD: Add a target creation failure counter `prometheus_target_sync_failed_total` and improve target creation failure handling. * TSDB: Improve validation of exemplar label set length. * TSDB: Add a prometheus_tsdb_clean_start metric that indicates whether a TSDB lockfile from a previous run still existed upon startup.

Advisory ID	SUSE-RU-2022:796-1
Released	Thu Mar 10 12:16:15 2022
Summary	Recommended update for golang-github-prometheus-prometheus
Type	recommended
Severity	moderate
References	1196300

Description:

This update for golang-github-prometheus-prometheus fixes the following issues:

Fix Firewalld configuration file location (bsc#1196300)
Require Go 1.16+
Do not build on s390 architecture.

Advisory ID	SUSE-RU-2022:797-1
Released	Thu Mar 10 12:16:39 2022
Summary	Recommended update for zypp-plugin-spacewalk
Type	recommended
Severity	moderate
References

Description:

This update for zypp-plugin-spacewalk fixes the following issues:
zypp-plugin-spacewalk:

Update to version 1.0.12 * use new encoding function if available

Advisory ID	SUSE-SU-2022:1435-1
Released	Wed Apr 27 14:34:27 2022
Summary	Security update for firewalld, golang-github-prometheus-prometheus
Type	security
Severity	important
References	1196338,1197042,CVE-2022-21698

Description:

This update for firewalld, golang-github-prometheus-prometheus fixes the following issues:
Security fixes for golang-github-prometheus-prometheus:

CVE-2022-21698: Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods (bsc#1196338).

Other non security changes for golang-github-prometheus-prometheus:

Build `firewalld-prometheus-config` only for SUSE Linux Enterprise 15, 15-SP1 and 15-SP2, and require `firewalld`.
Only recommends `firewalld-prometheus-config` as prometheus does not require it to run.
Create `firewalld-prometheus-config` subpackage (bsc#1197042, jsc#SLE-24373, jsc#SLE-24374, jsc#SLE-24375)

Other non security changes for firewalld:

Provide dummy `firewalld-prometheus-config` package (bsc#1197042)

Advisory ID	SUSE-RU-2022:1500-1
Released	Tue May 3 09:31:40 2022
Summary	Recommended updates for jetty-artifact-remote-resources, jboss-logging
Type	recommended
Severity	low
References	1197642

Description:

This update for jetty-artifact-remote-resources, jboss-logging fixes the following issues:

Do not require mvn(log4j:log4j) for build. (bsc#1197642)
Do not build against the log4j12 packages.
Update jboss-logging to 3.4.1

Advisory ID	SUSE-feature-2022:2042-1
Released	Fri Jun 10 11:56:06 2022
Summary	Feature update for SUSE Manager Salt Bundle
Type	feature
Severity	important
References	1182851,1194632,1196050,1196432,1197417,1197637,1198556,1199149,CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941

Description:

This update fixes the following issues:
venv-salt-minion:

Make sure SaltCacheLoader use correct fileclient (bsc#1199149)
Fix the regression caused by the patch removing strict requirement for OpenSSL 1.1.1 leading to read/write issues with ssl module for SLE 15, SLE 12, CentOS 7, Debian 9 (bsc#1198556)
Fix salt-ssh opts poisoning (bsc#1197637)
Fix multiple security issues (bsc#1197417) * CVE-2022-22935: Sign authentication replies to prevent MiTM. * CVE-2022-22934: Sign pillar data to prevent MiTM attacks. * CVE-2022-22936: Prevent job and fileserver replays. * CVE-2022-22941: Fixed targeting bug, especially visible when using syndic and user auth.
Salt version bump to 3004
Python version bump to 3.10.2
Clear network interfaces cache on grains request (bsc#1196050)
Add salt-ssh with Salt Bundle support (venv-salt-minion) (bsc#1182851, bsc#1196432)
Restrict 'state.orchestrate_single' to pass a pillar value if it exists (bsc#1194632)

Advisory ID	SUSE-RU-2022:2118-1
Released	Mon Jun 20 13:04:15 2022
Summary	Recommended update for SUSE Manager Client Tools
Type	recommended
Severity	moderate
References	1181223,1190462,1193600,1196704,1197507,1197689

Description:

This update fixes the following issues:
golang-github-QubitProducts-exporter_exporter:

Adapted to build on Enterprise Linux.
Fix build for RedHat 7
Require Go >= 1.14 also for CentOS
Add support for CentOS
Replace %{?systemd_requires} with %{?systemd_ordering}

mgr-cfg:

Version 4.3.6-1 * Corrected source URL in spec file * Fix installation problem for SLE15SP4 due missing python-selinux * Fix python selinux package name depending on build target (bsc#1193600) * Do not build python 2 package for SLE15SP4 and higher * Remove unused legacy code

mgr-custom-info:

Version 4.3.3-1 * Remove unused legacy code

mgr-daemon:

Version 4.3.4-1 * Corrected source URLs in spec file. * Update translation strings

mgr-osad:

Version 4.3.6-1 * Corrected source URL in spec file. * Do not build python 2 package for SLE15SP4 and higher * Removed spacewalk-selinux dependencies. * Updated source url.

mgr-push:

Version 4.3.4-1 * Corrected source URLs in spec file.

mgr-virtualization:

Version 4.3.5-1 * Corrected source URLs in spec file. * Do not build python 2 package for SLE15SP4 and higher

prometheus-blackbox_exporter:

Enhanced to build on Enterprise Linux 8

prometheus-postgres_exporter:

Updated for RHEL8.

python-hwdata:

Require python macros for building

rhnlib:

Version 4.3.4-1 * Reorganize python files

spacecmd:

Version 4.3.11-1 * on full system update call schedulePackageUpdate API (bsc#1197507) * parse boolean paramaters correctly (bsc#1197689) * Add parameter to set containerized proxy SSH port * Add proxy config generation subcommand * Option 'org_createfirst' added to perform initial organization and user creation * Added gettext build requirement for RHEL. * Removed RHEL 5 references. * Include group formulas configuration in spacecmd group_backup and spacecmd group_restore. This changes backup format to json, previously used plain text is still supported for reading (bsc#1190462) * Update translation strings * Improved event history listing and added new system_eventdetails command to retrieve the details of an event * Make schedule_deletearchived to get all actions without display limit * Allow passing a date limit for schedule_deletearchived on spacecmd (bsc#1181223)

spacewalk-client-tools:

Version 4.3.9-1 * Corrected source URLs in spec file. * do not build python 2 package for SLE15 * Remove unused legacy code * Update translation strings

spacewalk-koan:

Version 4.3.5-1 * Corrected source URLs in spec file.

spacewalk-oscap:

Version 4.3.5-1 * Corrected source URLs in spec file. * Do not build python 2 package for SLE15SP4 and higher

spacewalk-remote-utils:

Version 4.3.3-1 * Adapt the package for changes in rhnlib

supportutils-plugin-susemanager-client:

Version 4.3.2-1 * Add proxy containers config and logs

suseRegisterInfo:

Version 4.3.3-1 * Bump version to 4.3.0

supportutils-plugin-salt:

Add support for Salt Bundle

uyuni-common-libs:

Version 4.3.4-1 * implement more decompression algorithms for reposync (bsc#1196704) * Reorganize python files * Add decompression of zck files to fileutils

Advisory ID	SUSE-RU-2022:2136-1
Released	Mon Jun 20 13:45:31 2022
Summary	Recommended update for SUSE Manager 4.3 Release Notes
Type	recommended
Severity	low
References

Description:

This update for SUSE Manager 4.3 Release Notes provides the following additions:
Release notes for SUSE Manager:

Update to SUSE Manager 4.3.0.1 * Workarounds for some known issues.

Release notes for SUSE Manager proxy:

Update to SUSE Manager 4.3.0.1 * Workaround for an upgrade issue of SUSE Manager Proxy 4.2 based on JeOS image to 4.3.

Advisory ID	SUSE-SU-2022:2139-1
Released	Mon Jun 20 14:55:41 2022
Summary	Security update for golang-github-prometheus-alertmanager
Type	security
Severity	important
References	1181400,1196338,CVE-2022-21698

Description:

This update for golang-github-prometheus-alertmanager fixes the following issues:
Update golang-github-prometheus-alertmanager from version 0.21.0 to version 0.23.0 (bsc#1196338, jsc#SLE-24077)

CVE-2022-21698: Denial of service using InstrumentHandlerCounter
Update vendor tarball with prometheus/client_golang 1.11.1
Update required Go version to 1.16
Use %autosetup macro
Update to version 0.23.0: * Release 0.23.0 * Release 0.23.0-rc.0 * amtool: Detect version drift and warn users (#2672) * Add ability to skip TLS verification for amtool (#2663) * Fix empty isEqual in amtool. (#2668) * Fix main tests (#2670) * cli: add new template render command (#2538) * OpsGenie: refer to alert instead of incident (#2609) * Docs: target_match and source_match are DEPRECATED (#2665) * Fix test not waiting for cluster member to be ready
Add go_modules to _service.
Added hardening to systemd service(s) with a modified prometheus-alertmanager.service (bsc#1181400)

Advisory ID	SUSE-feature-2022:2488-1
Released	Thu Jul 21 12:15:27 2022
Summary	Feature update for python-python-debian
Type	feature
Severity	moderate
References

Description:

This feature update for python-python-debian provides:

Rename python-debian to python-python-debian according to the Python packaging guidelines (jsc#SLE-24672)
Provide python-python-debian version 0.1.44 (jsc#SLE-24672) * Add support for zstd compression in .deb files * Use logging.warning rather than warnings for data problems. * Support for finding files (including changelog.Debian.gz) that are beyond a symlink within the package * Update packaging for zstd compressed .deb code * Annotate binutils build-dep with * Update Standards-Version to 4.6.1 * Various improvements to the round-trip-safe deb822 parser * Support the Files-Included field in debian/copyright * Fix URL for API documentation in README.rst * RTS parser: minor documentation fixes * Declare minimum Python version of 3.5 for most modules except the RTS parser. Add CI testing with Python 3.5 * RTS parser: Handle leading tabs for setting values * RTS parser: Preserve original field case * RTS parser: Expose str type for keys in paragraphs * Use logging for warnings about data that's being read, rather than the warnings module * Fix type checks for mypy 0.910 * Silence lintian complaint about touching the dpkg database in the examples * Add RTS parser to setup.py so that it is installed. * Add copyright attribution for RTS parser * RTS parser: Accept tabs as continuation line marker * Interpretation: Preserve tab as continuation line if used * RTS parser: Make value interpretation tokenization consistent * RTS parser: Add interpretation for Uploaders field * Add contextmanager to DebFile * Added format/comment preserving deb822 parser as debian._deb822_repro. * Add Build-Depends-Arch, Build-Conflicts-Arch to list of relationship fields * In debian.changelog.get_maintainer, cope with unknown UIDs * Numerous enhancements to the deb822.BuildInfo class * Include portability patch for pwd module on Windows * Drop the deb822.BuildInfo.get_debian_suite function * Move re.compile calls out of functions * Revert unintended renaming of Changelog.get_version/set_version * Add a type for .buildinfo files (deb822.BuildInfo) * Add support for SHA1-Download and SHA256-* variants in PdiffIndex class for .diff/Index files * Permit single-character package names in dependency relationship specifications * Update to debhelper-compat (= 13) * Update examples to use #!/usr/bin/python3 * Fix tabs vs spaces in examples. * Provide accessor for source package version for binary packages * Allow debian_support.PackageFile to accept StringIO as well as BytesIO * Change handling of case-insensitive field names to allow Deb822 objects to be serialised * Add SHA265 support to handling of pdiffs * Add support for additional headers for merged pdiffs to PDiffIndex * Add a debian.watch module for parsing watch files * Prevent stripping of last newline in initial lines before changelog files * Add a Copyright.files_excluded field * Allow specifying allow_missing_author when reserializing changelog entries * Drop python2 support (from version 0.1.37) * Add Rules-Requires-Root: no * Parse Built-Using relationship fields * Extend Deb822 parser to allow underscores in the field name * Add accessors for Version objects from Deb822
Remove superfluous devel dependency for noarch package

Advisory ID	SUSE-RU-2022:2676-1
Released	Thu Aug 4 18:27:49 2022
Summary	Recommended update for patterns-suse-manager
Type	recommended
Severity	critical
References	1202142

Description:

This update for patterns-suse-manager fixes the following issues:

Strictly require OpenJDK 11. (bsc#1202142)

Advisory ID	SUSE-SU-2022:3172-1
Released	Thu Sep 8 09:29:28 2022
Summary	Security update for SUSE Manager Salt Bundle
Type	security
Severity	moderate
References	1195895,1197288,1198489,1198744,1199372,1200566,1201082,CVE-2022-22967

Description:

This update fixes the following issues:
venv-salt-minion:

Add support for gpgautoimport in zypperpkg module
Update Salt to work with Jinja >= and <= 3.1.0 (bsc#1198744)
Fix salt.states.file.managed() for follow_symlinks=True and test=True (bsc#1199372)
Make Salt 3004 compatible with pyzmq >= 23.0.0 (bsc#1201082)
Add support for name, pkgs and diff_attr parameters to upgrade function for zypper and yum (bsc#1198489)
Fix possible errors on running post install script if semanage is present on the system, but SELinux is not configured
Remove unused imports in the venv wrappers
Set VENV_PIP_TARGET to /var/lib/venv-salt-minion/local to force PIP use it as the destination to install modules
Fix ownership of salt thin directory when using the Salt Bundle
Set default target for pip from VENV_PIP_TARGET environment variable
Normalize package names once with pkg.installed/removed using yum (bsc#1195895)
Save log to logfile with docker.build
Use Salt Bundle in dockermod
Ignore errors on reading license files with dpkg_lowpkg (bsc#1197288)
Fix PAM auth issue due missing check for PAM_ACCT_MGM return value (CVE-2022-22967) (bsc#1200566)

Advisory ID	SUSE-SU-2022:3178-1
Released	Thu Sep 8 09:35:05 2022
Summary	Important security update for SUSE Manager Client Tools
Type	security
Severity	important
References	1176460,1180816,1180942,1181119,1181935,1183684,1187725,1188061,1193585,1197963,1199528,1200142,1200591,1200968,1200970,1201003,1202614,CVE-2021-20178,CVE-2021-20180,CVE-2021-20191,CVE-2021-20228,CVE-2021-3447,CVE-2021-3583,CVE-2021-3620

Description:

This update fixes the following issues:
ansible:

Update to version 2.9.27 (jsc#SLE-23631, jsc#SLE-24133) * CVE-2021-3620 ansible-connection module discloses sensitive info in traceback error message (in 2.9.27) (bsc#1187725) * CVE-2021-3583 Template Injection through yaml multi-line strings with ansible facts used in template. (in 2.9.23) (bsc#1188061) * ansible module nmcli is broken in ansible 2.9.13 (in 2.9.15) (bsc#1176460)
Update to 2.9.22: * CVE-2021-3447 (bsc#1183684) multiple modules expose secured values * CVE-2021-20228 (bsc#1181935) basic.py no_log with fallback option * CVE-2021-20191 (bsc#1181119) multiple collections exposes secured values * CVE-2021-20180 (bsc#1180942) bitbucket_pipeline_variable exposes sensitive values * CVE-2021-20178 (bsc#1180816) user data leak in snmp_facts module

dracut-saltboot:

Require e2fsprogs (bsc#1202614)
Update to version 0.1.1657643023.0d694ce * Update dracut-saltboot dependencies (bsc#1200970) * Fix network loading when ipappend is used in pxe config * Add new information messages

golang-github-QubitProducts-exporter_exporter:

Remove license file from %doc

mgr-daemon:

Version 4.3.5-1 * Update translation strings

mgr-virtualization:

Version 4.3.6-1 * Report all VMs in poller, not only running ones (bsc#1199528)

prometheus-blackbox_exporter:

Exclude s390 arch

python-hwdata:

Declare the LICENSE file as license and not doc

spacecmd:

Version 4.3.14-1 * Fix missing argument on system_listmigrationtargets (bsc#1201003) * Show correct help on calling kickstart_importjson with no arguments * Fix tracebacks on spacecmd kickstart_export (bsc#1200591) * Change proxy container config default filename to end with tar.gz * Update translation strings

spacewalk-client-tools:

Version 4.3.11-1 * Update translation strings

uyuni-common-libs:

Version 4.3.5-1 * Fix reposync issue about 'rpm.hdr' object has no attribute 'get'

uyuni-proxy-systemd-services:

Version 4.3.6-1 * Expose port 80 (bsc#1200142) * Use volumes rather than bind mounts * TFTPD to listen on udp port (bsc#1200968) * Add TAG variable in configuration * Fix containers namespaces in configuration

zypp-plugin-spacewalk:

1.0.13 * Log in before listing channels. (bsc#1197963, bsc#1193585)

Advisory ID	SUSE-RU-2022:3182-1
Released	Thu Sep 8 09:40:09 2022
Summary	Recommended update for SUSE Manager 4.3.1 Release Notes
Type	recommended
Severity	moderate
References	1172179,1179962,1186011,1187028,1191925,1194394,1195455,1198356,1198358,1198944,1199147,1199157,1199523,1199629,1199646,1199656,1199659,1199662,1199663,1199679,1199714,1199727,1199779,1199817,1199874,1199950,1199984,1199998,1200276,1200347,1200532,1200591,1200606,1200707,1201003,1201142,1201189,1201224,1201411,1201498,1201782,1201842

Description:

This update for SUSE Manager 4.3.1 Release Notes fixes the following issues:
Release notes for SUSE Manager:

Update to SUSE Manager 4.3.1 * GPG key handling in SUSE Manager * Disabling locally defined repositories * Bugs mentioned bsc#1172179, bsc#1179962, bsc#1186011, bsc#1187028, bsc#1191925, bsc#1194394, bsc#1195455, bsc#1198356, bsc#1198358, bsc#1198944, bsc#1199147, bsc#1199157, bsc#1199523, bsc#1199629, bsc#1199646, bsc#1199656, bsc#1199659, bsc#1199662, bsc#1199663, bsc#1199679, bsc#1199714, bsc#1199727, bsc#1199779, bsc#1199817, bsc#1199874, bsc#1199950, bsc#1199984, bsc#1199998, bsc#1200276, bsc#1200347, bsc#1200532, bsc#1200591, bsc#1200606, bsc#1200707, bsc#1201003, bsc#1201142, bsc#1201189, bsc#1201224, bsc#1201411, bsc#1201498, bsc#1201782, bsc#1201842

Release notes for SUSE Manager Proxy:

Update to SUSE Manager 4.3.1 * Bugs mentioned bsc#1199659, bsc#1199679, bsc#1200591, bsc#1201003, bsc#1201142

Advisory ID	SUSE-RU-2022:3324-1
Released	Wed Sep 21 11:22:23 2022
Summary	Recommended update for skelcd-control-suse-manager-proxy, skelcd-control-suse-manager-server
Type	recommended
Severity	important
References	1203294

Description:

This update for skelcd-control-suse-manager-proxy, skelcd-control-suse-manager-server fixes the following issues:
skelcd-control-suse-manager-proxy:

Fix setting default module section in installation control file (bsc#1203294)

skelcd-control-suse-manager-server:

Remove python2 module not supported and not needed in SLE15 SP4 and SUSE Manager Server 4.3
Fix setting default module section in installation control file (bsc#1203294)

Advisory ID	SUSE-SU-2022:3494-1
Released	Tue Oct 4 09:34:30 2022
Summary	Security update for libgit2
Type	security
Severity	important
References	1198234,1201431,CVE-2022-24765,CVE-2022-29187

Description:

This update for libgit2 fixes the following issues:

CVE-2022-24765: Fixed potential command injection via git worktree (bsc#1198234).
CVE-2022-29187: Fixed incomplete fix for CVE-2022-24765 (bsc#1201431).

Advisory ID	SUSE-SU-2022:3563-1
Released	Tue Oct 11 09:46:01 2022
Summary	Security update for libgsasl
Type	security
Severity	moderate
References	1201715,CVE-2022-2469

Description:

This update for libgsasl fixes the following issues:

CVE-2022-2469: Fixed OOB read in GSSAPI server (bsc#1201715).

Advisory ID	SUSE-RU-2022:3743-1
Released	Wed Oct 26 10:34:54 2022
Summary	Recommended update for golang-github-prometheus-alertmanager
Type	recommended
Severity	moderate
References	1200725

Description:

This update for golang-github-prometheus-alertmanager fixes the following issues:

Do not include sources (bsc#1200725)

Advisory ID	SUSE-SU-2022:3751-1
Released	Wed Oct 26 10:47:46 2022
Summary	Security update for SUSE Manager Client Tools
Type	security
Severity	moderate
References	1198903,1201535,1201539,CVE-2022-31097,CVE-2022-31107

Description:

This update fixes the following issues:
dracut-saltboot:

Update to version 0.1.1661440542.6cbe0da * Use standard susemanager.conf * Move image services to dracut-saltboot package * Use salt bundle

golang-github-lusitaniae-apache_exporter:

Update to upstream release 0.11.0 (jsc#SLE-24791) * Add TLS support * Switch to logger, please check --log.level and --log.format flags
Update to version 0.10.1 * Bugfix: Reset ProxyBalancer metrics on each scrape to remove stale data
Update to version 0.10.0 * Add Apache Proxy and other metrics
Update to version 0.8.0 * Change commandline flags * Add metrics: Apache version, request duration total
Adapted to build on Enterprise Linux 8
Require building with Go 1.15
Add %license macro for LICENSE file

grafana:

Update to version 8.3.10 + Security: * CVE-2022-31097: Cross Site Scripting vulnerability in the Unified Alerting (bsc#1201535) * CVE-2022-31107: Fixes OAuth account takeover vulnerability (bsc#1201539)
Update to version 8.3.9 + Bug fixes: * Geomap: Display legend * Prometheus: Fix timestamp truncation
Update to version 8.3.7 + Bug fix: * Provisioning: Ensure that the default value for orgID is set when provisioning datasources to be deleted.
Update to version 8.3.6 + Features and enhancements: * Cloud Monitoring: Reduce request size when listing labels. * Explore: Show scalar data result in a table instead of graph. * Snapshots: Updates the default external snapshot server URL. * Table: Makes footer not overlap table content. * Tempo: Add request histogram to service graph datalink. * Tempo: Add time range to tempo search query behind a feature flag. * Tempo: Auto-clear results when changing query type. * Tempo: Display start time in search results as relative time. * CloudMonitoring: Fix resource labels in query editor. * Cursor sync: Apply the settings without saving the dashboard. * LibraryPanels: Fix for Error while cleaning library panels. * Logs Panel: Fix timestamp parsing for string dates without timezone. * Prometheus: Fix some of the alerting queries that use reduce/math operation. * TablePanel: Fix ad-hoc variables not working on default datasources. * Text Panel: Fix alignment of elements. * Variables: Fix for constant variables in self referencing links.
Update to version 8.3.5 (jsc#SLE-23439, jsc#SLE-23422, jsc#SLE-24565)

mgr-daemon:

Version 4.3.6-1 * Update translation strings

spacecmd:

Version 4.3.15-1 * Process date values in spacecmd api calls (bsc#1198903)

spacewalk-client-tools:

Version 4.3.12-1 * Update translation strings

uyuni-common-libs:

Version 4.3.6-1 * Do not allow creating path if nonexistent user or group in fileutils.

Advisory ID	SUSE-RU-2022:3755-1
Released	Wed Oct 26 10:52:03 2022
Summary	Recommended update for SUSE Manager Salt Bundle
Type	recommended
Severity	moderate
References	1195624,1199562,1200596,1202165,1202167,1202631

Description:

This update fixes the following issues:
venv-salt-minion:

Remove kiwi python module from the bundle as no longer required
Handle non-UTF-8 bytes in core grains generation (bsc#1202165)
Don't include kiwi binaries
Fix Syndic authentication errors (bsc#1199562)
Add Amazon EC2 detection for virtual grains (bsc#1195624)
Fix the regression in schedule module releasded in 3004 (bsc#1202631)
Fix state.apply in test mode with file state module on user/group checking (bsc#1202167)
Change the delimeters to prevent possible tracebacks on some packages with dpkg_lowpkg
Make zypperpkg to retry if RPM lock is temporarily unavailable (bsc#1200596)
Add SELinux profile to the package instead of using semanage
Remove Build ID links from the virtual environment and disable generating new links on building the package
Remove packages.log from the virtual environment
Fix test_ipc unit test

Advisory ID	SUSE-SU-2022:3760-1
Released	Wed Oct 26 10:58:30 2022
Summary	Security update for netty
Type	security
Severity	important
References	1168932,1182103,1190610,1190613,CVE-2020-11612,CVE-2021-21290,CVE-2021-37136,CVE-2021-37137

Description:

This update for netty fixes the following issues:

CVE-2020-11612: The ZlibDecoders allow for unbounded memory allocation while decoding a byte stream (bsc#1168932)
CVE-2021-21290: Information disclosure via the local system temporary directory (bsc#1182103)
CVE-2021-37136: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (bsc#1190610)
CVE-2021-37137: Snappy frame decoder doesn't restrict the chunk length and may buffer skippable chunks (bsc#1190613)

Advisory ID	SUSE-SU-2022:3761-1
Released	Wed Oct 26 10:58:50 2022
Summary	Security update for release-notes-susemanager, release-notes-susemanager-proxy
Type	security
Severity	moderate
References	1191857,1195624,1196729,1197027,1198168,1198903,1199726,1200480,1200573,1200629,1201210,1201220,1201260,1201589,1201626,1201753,1201788,1201913,1201918,1202271,1202272,1202367,1202455,1202464,1202602,1202728,1202729,1202805,1202899,1203026,1203049,1203056,1203169,1203287,1203288,1203385,1203406,1203422,1203449,1203478,1203484,1203564,1203585,1203611,CVE-2021-41411,CVE-2021-42740,CVE-2021-43138,CVE-2022-0860,CVE-2022-31129

Description:

This update for release-notes-susemanager, release-notes-susemanager-proxy fixes the following issues:
Release notes for SUSE Manager:

Update to SUSE Manager 4.3.2 * Containerized proxy and RBS are now fully supported * HTTP API is now fully supported * Ubuntu 22.04 is now supported as a client * Cobbler has been upgraded to version 3.3.3 which also includes building ISOs with UEFI support * pip support has been added for the Salt Bundle * Prometheus exporter for Apache has been upgraded to 0.10.0 * CVEs fixed: CVE-2021-41411, CVE-2021-42740, CVE-2021-43138, CVE-2022-0860, CVE-2022-31129 * Bugs mentioned: bsc#1191857, bsc#1195624, bsc#1196729, bsc#1197027, bsc#1198168 bsc#1198903, bsc#1199726, bsc#1200480, bsc#1200573, bsc#1200629 bsc#1201210, bsc#1201220, bsc#1201260, bsc#1201626, bsc#1201753 bsc#1201788, bsc#1201913, bsc#1201918, bsc#1202271, bsc#1202272 bsc#1202367, bsc#1202455, bsc#1202464, bsc#1202602, bsc#1202728 bsc#1202729, bsc#1202805, bsc#1202899, bsc#1203026, bsc#1203049 bsc#1203056, bsc#1203169, bsc#1203287, bsc#1203288, bsc#1203385 bsc#1203406, bsc#1203422, bsc#1203449, bsc#1203478, bsc#1203484 bsc#1203564, bsc#1203585, bsc#1203611

Release notes for SUSE Manager Proxy:

Update to SUSE Manager 4.3.2 * Containerized proxy and RBS are now fully supported * CVEs fixed: CVE-2021-42740, CVE-2021-43138, CVE-2022-31129 * Bugs mentioned: bsc#1198168, bsc#1198903, bsc#1200480, bsc#1201589, bsc#1201788 bsc#1203287, bsc#1203288, bsc#1203585

Advisory ID	SUSE-SU-2022:3880-1
Released	Fri Nov 4 15:26:54 2022
Summary	Security update for spacewalk-java
Type	security
Severity	critical
References	1204543,1204716,1204741,CVE-2022-31255,CVE-2022-43753,CVE-2022-43754

Description:

This update for spacewalk-java fixes the following issues:

CVE-2022-31255: Fix directory path traversal vulnerability (bsc#1204543)
CVE-2022-43754: Fix reflected cross site scripting vulnerability (bsc#1204741)
CVE-2022-43753: Fix arbitrary file disclosure vulnerability (bsc#1204716)

Advisory ID	SUSE-RU-2022:3945-1
Released	Thu Nov 10 16:53:13 2022
Summary	Recommended update for SUSE Manager 4.3.2
Type	recommended
Severity	critical
References	1204050,1204948

Description:

This update for SUSE Manager 4.3.2 fixes the following issues:
proxy-httpd-image:

Remove chmod and chown of /srv/www/htdocs/pub as this folder does not exist

proxy-squid-image:

Update the squid.pid path to /run/squid.squid.pid (bsc#1204948)

spacewalk-java:

Version 4.3.40-1 * Fix number of handlers for deleted files managed by taskomatic growing continuously (bsc#1204050)

How to apply this update:
1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-service start`

Advisory ID	SUSE-RU-2022:3994-1
Released	Tue Nov 15 16:45:17 2022
Summary	Recommended update for SUSE Manager Server 4.3
Type	recommended
Severity	critical
References	1203478

Description:

This update for SUSE Manager Server 4.3 fixes the following issues:
cobbler:

Fix problem for the migration of 'autoinstall' collection attribute.
Update v2 to v3 migration script to allow migration of collections that contains settings from Cobbler 2 (bsc#1203478)

spacewalk-setup:

Version 4.3.14-1 * Fix possible wrong autoinstall value from Cobbler collections (bsc#1203478)
Version 4.3.13-1 * Execute migration of Cobbler version 2 collections (bsc#1203478)

SUSE-IU-2000:25-1

Container Advisory ID	SUSE-IU-2000:25-1
Container Tags	SUSE:SLE-15-SP4:1
Container Release

The following patches have been included in this update:

Advisory ID	SUSE-SU-2018:1189-1
Released	Wed Jun 20 16:20:01 2018
Summary	Security update for go, go1.9
Type	security
Severity	moderate
References	1081495,1085785,CVE-2018-7187

Description:

This update for go and go1.9 fixes the following issues: The following security issues have been addressed for both packages:

CVE-2018-7187: Fixed the validation of the import path in the go get command, which allowed for arbitrary command execution via VCS path when the -insecure flag is used (bsc#1081495)

The following other changes have been made for go1.9:

Fixes to the go command and the crypto/x509 and strings packages, which add minimal support to the go command for the vgo transition.
Several fixes to the compiler and go command
Fixed various issues in go trace (bsc#1085785):
Ensure go binaries are not stripped (eg: go tools trace), this caused some of them to misbehave
Ensure go trace html template is shipped as part of the installation, otherwise the web UI won't work

For details on any other changes see the Go milestones on the official issue tracker.

Advisory ID	SUSE-RU-2019:1642-1
Released	Fri Jun 21 14:31:24 2019
Summary	Security update for the Linux Kernel
Type	recommended
Severity	moderate
References	1135344

Description:

The SUSE Linux Enterprise 15 SP1 RT kernel was updated to receive various security and bugfixes.

The following non-security bugs were fixed:

kernel/padata.c: Make RT aware (SLE Realtime Extension (bnc#1135344)).

Advisory ID	SUSE-SU-2019:2430-1
Released	Mon Sep 23 09:31:21 2019
Summary	Security update for kernel-source-rt
Type	security
Severity	important
References	1050242,1050549,1051510,1052904,1053043,1055117,1055121,1055186,1056787,1058115,1061840,1064802,1065600,1065729,1066129,1070872,1071995,1075020,1082387,1082555,1083647,1083710,1085535,1085536,1088047,1088804,1093389,1094555,1096003,1098633,1099658,1102247,1103186,1103259,1103990,1103991,1103992,1104745,1106011,1106284,1106383,1106751,1108193,1108838,1108937,1109837,1110946,1111331,1111666,1111696,1112063,1112128,1112178,1112374,1113722,1113956,1114279,1114427,1114542,1114638,1114685,1115688,1117114,1117158,1117561,1118139,1119113,1119222,1119532,1119680,1120091,1120318,1120423,1120566,1120843,1120902,1122767,1122776,1123080,1123454,1123663,1124503,1124839,1125703,1126206,1126356,1126704,1127034,1127175,1127315,1127371,1127374,1127611,1127616,1128052,1128415,1128432,1128544,1128902,1128904,1128971,1128979,1129138,1129273,1129693,1129770,1129845,1130195,1130425,1130527,1130567,1130579,1130699,1130836,1130937,1130972,1131326,1131427,1131438,1131451,1131467,1131488,1131530,1131565,1131574,1131587,1131645,1131659,1131673,1131847,1131848,1131851,1131900,1131934,1131935,1132044,1132219,1132226,1132227,1132365,1132368,1132369,1132370,1132372,1132373,1132384,1132390,1132397,1132402,1132403,1132404,1132405,1132407,1132411,1132412,1132413,1132414,1132426,1132527,1132531,1132555,1132558,1132561,1132562,1132563,1132564,1132570,1132571,1132572,1132589,1132618,1132673,1132681,1132726,1132828,1132894,1132943,1132982,1133005,1133016,1133021,1133094,1133095,1133115,1133149,1133176,1133188,1133190,1133311,1133320,1133401,1133486,1133529,1133547,1133584,1133593,1133612,1133616,1133667,1133668,1133672,1133674,1133675,1133698,1133702,1133731,1133738,1133769,1133772,1133774,1133778,1133779,1133780,1133825,1133850,1133851,1133852,1133897,1134090,1134097,1134160,1134162,1134199,1134200,1134201,1134202,1134203,1134204,1134205,1134223,1134303,1134354,1134390,1134393,1134395,1134397,1134399,1134459,1134460,1134461,1134597,1134600,1134607,1134618,1134651,1134671,1134730,1134738,1134743,1134760,1134806,1134810,1134813,1134848,1134936,1134945,1134946,1134947,1134948,1134949,1134950,1134951,1134952,1134953,1134972,1134974,1134975,1134980,1134981,1134983,1134987,1134989,1134990,1134994,1134995,1134998,1134999,1135006,1135007,1135008,1135018,1135021,1135024,1135026,1135027,1135028,1135029,1135031,1135033,1135034,1135035,1135036,1135037,1135038,1135039,1135041,1135042,1135044,1135045,1135046,1135047,1135049,1135051,1135052,1135053,1135055,1135056,1135058,1135100,1135120,1135153,1135278,1135281,1135296,1135309,1135312,1135314,1135315,1135316,1135320,1135323,1135330,1135335,1135492,1135542,1135556,1135603,1135642,1135661,1135758,1135897,1136156,1136157,1136161,1136188,1136206,1136215,1136217,1136264,1136271,1136333,1136342,1136343,1136345,1136347,1136348,1136353,1136424,1136428,1136430,1136432,1136434,1136435,1136438,1136439,1136456,1136460,1136461,1136462,1136467,1136469,1136477,1136478,1136498,1136573,1136586,1136598,1136881,1136922,1136935,1136978,1136990,1137103,1137151,1137152,1137153,1137162,1137194,1137201,1137224,1137232,1137233,1137236,1137366,1137372,1137429,1137444,1137458,1137534,1137535,1137584,1137586,1137609,1137625,1137728,1137739,1137752,1137811,1137827,1137884,1137985,1137995,1137996,1137998,1137999,1138000,1138002,1138003,1138005,1138006,1138007,1138008,1138009,1138010,1138011,1138012,1138013,1138014,1138015,1138016,1138017,1138018,1138019,1138263,1138291,1138293,1138336,1138374,1138375,1138589,1138681,1138719,1138732,1138874,1138879,1139358,1139619,1139712,1139751,1139771,1139865,1140133,1140139,1140228,1140322,1140328,1140405,1140424,1140428,1140454,1140463,1140559,1140575,1140577,1140637,1140652,1140658,1140676,1140715,1140719,1140726,1140727,1140728,1140814,1140887,1140888,1140889,1140891,1140893,1140903,1140945,1140948,1140954,1140955,1140956,1140957,1140958,1140959,1140960,1140961,1140962,1140964,1140971,1140972,1140992,1141312,1141401,1141402,1141452,1141453,1141454,1141478,1141558,1142023,1142052,1142083,1142112,1142115,1142119,1142220,1142221,1142254,1142350,1142351,1142354,1142359,1142450,1142623,1142673,1142701,1142868,1143003,1143045,1143105,1143185,1143189,1143191,1143209,1143507,CVE-2017-5753,CVE-2018-12126,CVE-2018-12127,CVE-2018-12130,CVE-2018-16871,CVE-2018-16880,CVE-2018-20836,CVE-2018-20855,CVE-2018-7191,CVE-2019-10124,CVE-2019-10638,CVE-2019-10639,CVE-2019-11085,CVE-2019-11091,CVE-2019-1125,CVE-2019-11477,CVE-2019-11478,CVE-2019-11479,CVE-2019-11486,CVE-2019-11487,CVE-2019-11599,CVE-2019-11810,CVE-2019-11811,CVE-2019-11815,CVE-2019-11833,CVE-2019-11884,CVE-2019-12380,CVE-2019-12382,CVE-2019-12456,CVE-2019-12614,CVE-2019-12817,CVE-2019-12818,CVE-2019-12819,CVE-2019-13233,CVE-2019-13631,CVE-2019-13648,CVE-2019-14283,CVE-2019-14284,CVE-2019-3846,CVE-2019-3882,CVE-2019-5489,CVE-2019-8564,CVE-2019-9003,CVE-2019-9500,CVE-2019-9503,SLE-4678,SLE-4679,SLE-4681,SLE-4683,SLE-4684,SLE-4688,SLE-4689,SLE-4692,SLE-4693,SLE-4694,SLE-4695,SLE-4699,SLE-4710,SLE-4712,SLE-4717,SLE-4721,SLE-4722,SLE-4994,SLE-5759,SLE-5789,SLE-5802,SLE-5954,SLE-6197

Description:

The SUSE Linux Enterprise 15 SP1 RT kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

CVE-2018-12126 CVE-2018-12127 CVE-2018-12130: Microarchitectural Store Buffer Data Sampling (MSBDS): Stored buffers on some microprocessors utilizing speculative execution which may have allowed an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019. (bsc#1103186)
CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may have allowed an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019. (bsc#1111331)
CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel There was an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). (bsc#1136586)
CVE-2019-10124: An issue was discovered in the hwpoison implementation in mm/memory-failure.c in the Linux kernel. When soft_offline_in_use_page() runs on a thp tail page after pmd is split, an attacker could cause a denial of service (bsc#1130699).
CVE-2019-11486: The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel has multiple race conditions. (bsc#1133188)
CVE-2019-11811: An issue was discovered in the Linux kernel There was a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module was removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c. (bsc#1134397)
CVE-2019-11487: The Linux kernel allowed page reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It could occur with FUSE requests. (bsc#1133190)
CVE-2019-12818: The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller does not check for this, it will trigger a NULL pointer dereference. This will cause denial of service. This used to affect nfc_llcp_build_gb in net/nfc/llcp_core.c. (bsc#1138293)
CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem. (bsc#1135281)
CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bsc#1120843)
CVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. (bsc#1135603)
CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a hidPCONNADD command, because a name field may not end with a '\0' character. (bsc#1134848)
CVE-2019-9500: An issue was discovered that lead to brcmfmac heap buffer overflow. (bsc#1132681)
CVE-2019-11085: Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux may have allowed an authenticated user to potentially enable escalation of privilege via local access. (bsc#1135278)
CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bsc#1135278)
CVE-2018-16880: A flaw was found in the Linux kernel's handle_rx() function in the [vhost_net] driver. A malicious virtual guest, under specific conditions, could trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may have lead to a kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (bsc#1122767)
CVE-2019-12819: The function __mdiobus_register() called put_device(), which triggered a fixed_mdio_bus_init use-after-free. This would cause a denial of service. (bsc#1138291)
CVE-2019-3882: A flaw was found in the Linux kernel's vfio interface implementation that permitted violation of the user's locked memory limit. If a device was bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may have caused a system memory exhaustion and thus a denial of service (DoS). (bsc#1131427)
CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bsc#1136424)
CVE-2019-8564: An issue was discoved which meant that brcmfmac frame validation could be bypassed. (bsc#1132673)
CVE-2019-9503: An issue was discoved which meant that brcmfmac frame validation could be bypassed. (bsc#1132828)
CVE-2019-9003: In the Linux kernel, attackers could trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a 'service ipmievd restart' loop. (bsc#1126704)
CVE-2017-5753: Systems with microprocessors utilizing speculative execution and branch prediction may have allowed unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
CVE-2019-11478: It was possible to send a crafted sequence of SACKs which will fragment the TCP retransmission queue. An attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection.
CVE-2019-11479: An attacker could force the Linux kernel to segment its responses into multiple TCP segments. This would drastically increased the bandwidth required to deliver the same amount of data. Further, it would consume additional resources such as CPU and NIC processing power.
CVE-2018-16871: A NULL pointer dereference due to an anomalized NFS message sequence was fixed. (bnc#1137103).
CVE-2019-12614: An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c. There was an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash) (bnc#1137194).
CVE-2019-12817: On the PowerPC architecture, local attackers could access other users processes memory (bnc#1138263).
CVE-2018-20836: An issue was discovered in the Linux kernel There was a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free (bnc#1134395).
CVE-2019-10638: In the Linux kernel, a device could be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may have been conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses (bnc#1140575 1140577).
CVE-2019-10639: The Linux kernel allowed Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it was possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key was extracted (via enumeration), the offset of the kernel image was exposed. This attack could be carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visits the attacker's web page, then WebRTC or gQUIC can be used to force UDP traffic to attacker-controlled IP addresses. NOTE: this attack against KASLR became viable because IP ID generation was changed to have a dependency on an address associated with a network namespace (bnc#1140577).
CVE-2019-11599: The coredump implementation in the Linux kernel did not use locking or other mechanisms to prevent vma layout or vma flags changes while it ran, which allowed local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c (bnc#1131645 1133738).
CVE-2019-13233: In arch/x86/lib/insn-eval.c in the Linux kernel, there was a use-after-free for access to an LDT entry because of a race condition between modify_ldt() and a #BR exception for an MPX bounds violation (bnc#1140454).
CVE-2018-20855: An issue was discovered in the Linux kernel In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace(bsc#1143045).
CVE-2019-1125: Exclude ATOMs from speculation through SWAPGS (bsc#1139358).
CVE-2019-11810: An issue was discovered in the Linux kernel A NULL pointer dereference could occur when megasas_create_frame_pool() failed in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This caused a Denial of Service, related to a use-after-free (bnc#1134399).
CVE-2019-13631: In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel, a malicious USB device could send an HID report that triggered an out-of-bounds write during generation of debugging messages. (bnc#1142023)
CVE-2019-13648: In the Linux kernel on the powerpc platform, when hardware transactional memory was disabled, a local user could cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sent a crafted signal frame. (bnc#1142254)
CVE-2019-14283: In the Linux kernel, set_geometry in drivers/block/floppy.c did not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It could be triggered by an unprivileged local user when a floppy disk was inserted. NOTE: QEMU creates the floppy device by default. (bnc#1143191)
CVE-2019-14284: In the Linux kernel, drivers/block/floppy.c allows a denial of service by setup_format_params division-by-zero. (bnc#1143189)
CVE-2019-12456: An issue was discovered in the MPT3COMMAND case in _ctl_ioctl_main in drivers/scsi/mpt3sas/mpt3sas_ctl.c in the Linux. It allows local users to cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kernel reads of that value, aka a 'double fetch' vulnerability. NOTE: a third party reports that this is unexploitable because the doubly fetched value is not used. (bsc#1136922)
CVE-2019-12380: An issue was discovered in the efi subsystem in the Linux kernel phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures. (bsc#1136598)

The following non-security bugs were fixed:

6lowpan: Off by one handling nexthdr (bsc#1051510).
9p locks: add mount option for lock retry interval (bsc#1051510).
9p: do not trust pdu content for stat item size (bsc#1051510).
ARM: 8824/1: fix a migrating irq bug when hotplug cpu (bsc#1051510).
ARM: 8833/1: Ensure that NEON code always compiles with Clang (bsc#1051510).
ARM: 8839/1: kprobe: make patch_lock a raw_spinlock_t (bsc#1051510).
ARM: 8840/1: use a raw_spinlock_t in unwind (bsc#1051510).
ARM: OMAP2+: Variable 'reg' in function omap4_dsi_mux_pads() could be uninitialized (bsc#1051510).
ARM: OMAP2+: fix lack of timer interrupts on CPU1 after hotplug (bsc#1051510).
ARM: avoid Cortex-A9 livelock on tight dmb loops (bsc#1051510).
ARM: imx6q: cpuidle: fix bug that CPU might not wake up at expected time (bsc#1051510).
ARM: iop: don't use using 64-bit DMA masks (bsc#1051510).
ARM: orion: don't use using 64-bit DMA masks (bsc#1051510).
ARM: pxa: ssp: unneeded to free devm_ allocated data (bsc#1051510).
ARM: s3c24xx: Fix boolean expressions in osiris_dvs_notify (bsc#1051510).
ARM: samsung: Limit SAMSUNG_PM_CHECK config option to non-Exynos platforms (bsc#1051510).
ASoC : cs4265 : readable register too low (bsc#1051510).
ASoC: Intel: avoid Oops if DMA setup fails (bsc#1051510).
ASoC: RT5677-SPI: Disable 16Bit SPI Transfers (bsc#1051510).
ASoC: cs4270: Set auto-increment bit for register writes (bsc#1051510).
ASoC: cs42xx8: Add regcache mask dirty (bsc#1051510).
ASoC: cx2072x: fix integer overflow on unsigned int multiply (bsc#1111666).
ASoC: eukrea-tlv320: fix a leaked reference by adding missing of_node_put (bsc#1051510).
ASoC: fix valid stream condition (bsc#1051510).
ASoC: fsl-asoc-card: fix object reference leaks in fsl_asoc_card_probe (bsc#1051510).
ASoC: fsl_asrc: Fix the issue about unsupported rate (bsc#1051510).
ASoC: fsl_esai: Fix missing break in switch statement (bsc#1051510).
ASoC: fsl_esai: fix channel swap issue when stream starts (bsc#1051510).
ASoC: fsl_sai: Update is_slave_mode with correct value (bsc#1051510).
ASoC: fsl_utils: fix a leaked reference by adding missing of_node_put (bsc#1051510).
ASoC: hdmi-codec: fix S/PDIF DAI (bsc#1051510).
ASoC: hdmi-codec: unlock the device on startup errors (bsc#1051510).
ASoC: max98090: Fix restore of DAPM Muxes (bsc#1051510).
ASoC: max98090: remove 24-bit format support if RJ is 0 (bsc#1051510).
ASoC: nau8810: fix the issue of widget with prefixed name (bsc#1051510).
ASoC: nau8824: fix the issue of the widget with prefix name (bsc#1051510).
ASoC: samsung: odroid: Fix clock configuration for 44100 sample rate (bsc#1051510).
ASoC: soc-pcm: BE dai needs prepare when pause release after resume (bsc#1051510).
ASoC: stm32: fix sai driver name initialisation (bsc#1051510).
ASoC: tlv320aic32x4: Fix Common Pins (bsc#1051510).
ASoC: topology: free created components in tplg load error (bsc#1051510).
ASoC: wm_adsp: Add locking to wm_adsp2_bus_error (bsc#1051510).
ASoC:soc-pcm:fix a codec fixup issue in TDM case (bsc#1051510).
Abort file_remove_privs() for non-reg. files (bsc#1140888).
Add back sibling paca poiter to paca (bsc#1055117).
Backporting hwpoison fixes
Bluetooth: Align minimum encryption key size for LE and BR/EDR connections (bsc#1051510).
Bluetooth: btusb: request wake pin with NOAUTOEN (bsc#1051510).
Bluetooth: hidp: fix buffer overflow (bsc#1051510).
CIFS: Do not count -ENODATA as failure for query directory (bsc#1051510).
CIFS: Do not hide EINTR after sending network packets (bsc#1051510).
CIFS: Do not reconnect TCP session in add_credits() (bsc#1051510).
CIFS: Do not reset lease state to NONE on lease break (bsc#1051510).
CIFS: Fix adjustment of credits for MTU requests (bsc#1051510).
CIFS: Fix credit calculation for encrypted reads with errors (bsc#1051510).
CIFS: Fix credits calculations for reads with errors (bsc#1051510).
CIFS: Fix possible hang during async MTU reads and writes (bsc#1051510).
CIFS: Fix read after write for files with read caching (bsc#1051510).
CIFS: fix POSIX lock leak and invalid ptr deref (bsc#1114542).
CIFS: fix POSIX lock leak and invalid ptr deref (bsc#1114542).
Correct iwlwifi 22000 series ucode file name (bsc#1142673)
Correct the buggy backport about AER / DPC pcie stuff (bsc#1142623)
Delete patches.fixes/s390-setup-fix-early-warning-messages (bsc#1140948).
Delete patches.fixes/s390-setup-fix-early-warning-messages (bsc#1140948).
Disable kgdboc failed by echo space to /sys/module/kgdboc/parameters/kgdboc (bsc#1051510).
Do not provide kernel-default from kernel-default-base (boo#1132154, bsc#1106751).
Do not provide kernel-default from kernel-default-base (boo#1132154, bsc#1106751).
Do not restrict NFSv4.2 on openSUSE (bsc#1138719).
Drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var (bsc#1051510).
EDAC/mc: Fix edac_mc_find() in case no device is found (bsc#1114279).
Fix cpu online check (bsc#1051510).
Fix kABI for asus-wmi quirk_entry field addition (bsc#1051510).
HID: Wacom: switch Dell canvas into highres mode (bsc#1051510).
HID: core: move Usage Page concatenation to Main item (bsc#1093389).
HID: debug: fix race condition with between rdesc_show() and device removal (bsc#1051510).
HID: input: add mapping for 'Toggle Display' key (bsc#1051510).
HID: input: add mapping for Assistant key (bsc#1051510).
HID: input: add mapping for Expose/Overview key (bsc#1051510).
HID: input: add mapping for keyboard Brightness Up/Down/Toggle keys (bsc#1051510).
HID: intel-ish-hid: avoid binding wrong ishtp_cl_device (bsc#1051510).
HID: intel-ish: ipc: handle PIMR before ish_wakeup also clear PISR busy_clear bit (bsc#1051510).
HID: logitech-hidpp: change low battery level threshold from 31 to 30 percent (bsc#1051510).
HID: logitech-hidpp: use RAP instead of FAP to get the protocol version (bsc#1051510).
HID: logitech: check the return value of create_singlethread_workqueue (bsc#1051510).
HID: wacom: Add ability to provide explicit battery status info (bsc#1051510).
HID: wacom: Add support for 3rd generation Intuos BT (bsc#1051510).
HID: wacom: Add support for Pro Pen slim (bsc#1051510).
HID: wacom: Correct button numbering 2nd-gen Intuos Pro over Bluetooth (bsc#1051510).
HID: wacom: Don't report anything prior to the tool entering range (bsc#1051510).
HID: wacom: Don't set tool type until we're in range (bsc#1051510).
HID: wacom: Mark expected switch fall-through (bsc#1051510).
HID: wacom: Move HID fix for AES serial number into wacom_hid_usage_quirk (bsc#1051510).
HID: wacom: Move handling of HID quirks into a dedicated function (bsc#1051510).
HID: wacom: Properly handle AES serial number and tool type (bsc#1051510).
HID: wacom: Queue events with missing type/serial data for later processing (bsc#1051510).
HID: wacom: Remove comparison of u8 mode with zero and simplify (bsc#1051510).
HID: wacom: Replace touch_max fixup code with static touch_max definitions (bsc#1051510).
HID: wacom: Send BTN_TOUCH in response to INTUOSP2_BT eraser contact (bsc#1051510).
HID: wacom: Support 'in range' for Intuos/Bamboo tablets where possible (bsc#1051510).
HID: wacom: Sync INTUOSP2_BT touch state after each frame if necessary (bsc#1051510).
HID: wacom: Work around HID descriptor bug in DTK-2451 and DTH-2452 (bsc#1051510).
HID: wacom: convert Wacom custom usages to standard HID usages (bsc#1051510).
HID: wacom: correct touch resolution x/y typo (bsc#1051510).
HID: wacom: fix mistake in printk (bsc#1051510).
HID: wacom: generic: Correct pad syncing (bsc#1051510).
HID: wacom: generic: Ignore HID_DG_BATTERYSTRENTH == 0 (bsc#1051510).
HID: wacom: generic: Leave tool in prox until it completely leaves sense (bsc#1051510).
HID: wacom: generic: Refactor generic battery handling (bsc#1051510).
HID: wacom: generic: Report AES battery information (bsc#1051510).
HID: wacom: generic: Reset events back to zero when pen leaves (bsc#1051510).
HID: wacom: generic: Scale battery capacity measurements to percentages (bsc#1051510).
HID: wacom: generic: Send BTN_STYLUS3 when both barrel switches are set (bsc#1051510).
HID: wacom: generic: Send BTN_TOOL_PEN in prox once the pen enters range (bsc#1051510).
HID: wacom: generic: Support multiple tools per report (bsc#1051510).
HID: wacom: generic: Use generic codepath terminology in wacom_wac_pen_report (bsc#1051510).
HID: wacom: generic: add the 'Report Valid' usage (bsc#1051510).
HID: wacom: generic: only switch the mode on devices with LEDs (bsc#1051510).
HID: wacom: generic: read HID_DG_CONTACTMAX from any feature report (bsc#1051510).
HID: wacom: wacom_wac_collection() is local to wacom_wac.c (bsc#1051510).
IB/hfi1: Clear the IOWAIT pending bits when QP is put into error state (bsc#1114685 FATE#325854).
IB/hfi1: Create inline to get extended headers (bsc#1114685 FATE#325854).
IB/hfi1: Validate fault injection opcode user input (bsc#1114685 FATE#325854).
IB/ipoib: Add child to parent list only if device initialized (bsc#1103992 FATE#326009).
IB/mlx5: Fixed reporting counters on 2nd port for Dual port RoCE (bsc#1103991 FATE#326007).
IB/mlx5: Verify DEVX general object type correctly (bsc#1103991 FATE#326007).
Improve the headset mic for Acer Aspire laptops' (bsc#1051510).
Input: elan_i2c - add hardware ID for multiple Lenovo laptops (bsc#1051510).
Input: elantech - enable middle button support on 2 ThinkPads (bsc#1051510).
Input: imx_keypad - make sure keyboard can always wake up system (bsc#1051510).
Input: introduce KEY_ASSISTANT (bsc#1051510).
Input: psmouse - fix build error of multiple definition (bsc#1051510).
Input: snvs_pwrkey - initialize necessary driver data before enabling IRQ (bsc#1051510).
Input: synaptics - enable SMBUS on T480 thinkpad trackpad (bsc#1051510).
Input: synaptics - enable SMBus on ThinkPad E480 and E580 (bsc#1051510).
Input: synaptics-rmi4 - fix possible double free (bsc#1051510).
Input: synaptics-rmi4 - write config register values to the right offset (bsc#1051510).
Input: tm2-touchkey - acknowledge that setting brightness is a blocking call (bsc#1129770).
Input: uinput - add compat ioctl number translation for UI_*_FF_UPLOAD (bsc#1051510).
KEYS: always initialize keyring_index_key::desc_len (bsc#1051510).
KEYS: user: Align the payload buffer (bsc#1051510).
KVM: PPC: Book3S HV: Avoid lockdep debugging in TCE realmode handlers (bsc#1061840).
KVM: PPC: Book3S HV: Fix race between kvm_unmap_hva_range and MMU mode switch (bsc#1061840).
KVM: PPC: Book3S HV: XIVE: Do not clear IRQ data of passthrough interrupts (bsc#1061840).
KVM: PPC: Book3S: Protect memslots while validating user address (bsc#1061840).
KVM: PPC: Release all hardware TCE tables attached to a group (bsc#1061840).
KVM: PPC: Remove redundand permission bits removal (bsc#1061840).
KVM: PPC: Validate TCEs against preregistered memory page sizes (bsc#1061840).
KVM: PPC: Validate all tces before updating tables (bsc#1061840).
KVM: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts (bsc#1114279).
MD: fix invalid stored role for a disk (bsc#1051510).
NFC: nci: Add some bounds checking in nci_hci_cmd_received() (bsc#1051510).
PCI/P2PDMA: fix the gen_pool_add_virt() failure path (bsc#1103992 FATE#326009).
PCI: Add function 1 DMA alias quirk for Marvell 9170 SATA controller (bsc#1051510).
PCI: Always allow probing with driver_override (bsc#1051510).
PCI: Do not poll for PME if the device is in D3cold (bsc#1051510).
PCI: Mark AMD Stoney Radeon R7 GPU ATS as broken (bsc#1051510).
PCI: Mark Atheros AR9462 to avoid bus reset (bsc#1051510).
PCI: PM: Avoid possible suspend-to-idle issue (bsc#1051510).
PCI: PM: Skip devices in D0 for suspend-to-idle (bsc#1051510).
PCI: Return error if cannot probe VF (bsc#1051510).
PCI: designware-ep: Read-only registers need DBI_RO_WR_EN to be writable (bsc#1051510).
PCI: rpadlpar: Fix leaked device_node references in add/remove paths (bsc#1051510).
PM / core: Propagate dev power.wakeup_path when no callbacks (bsc#1051510).
RAS/CEC: Check the correct variable in the debugfs error handling (bsc#1085535).
RAS/CEC: Convert the timer callback to a workqueue (bsc#1114279).
RAS/CEC: Fix binary search function (bsc#1114279).
RDMA/ipoib: Allow user space differentiate between valid dev_port (bsc#1103992 FATE#326009).
RDMA/mlx5: Do not allow the user to write to the clock page (bsc#1103991 FATE#326007).
RDMA/mlx5: Initialize roce port info before multiport master init (bsc#1103991 FATE#326007).
RDMA/mlx5: Use rdma_user_map_io for mapping BAR pages (bsc#1103992 FATE#326009).
RDMA/odp: Fix missed unlock in non-blocking invalidate_start (bsc#1103992 FATE#326009).
RDMA/rxe: Consider skb reserve space based on netdev of GID (bsc#1082387, bsc#1103992, FATE#326009).
RDMA/rxe: Consider skb reserve space based on netdev of GID (bsc#1082387, bsc#1103992, FATE#326009).
RDMA/srp: Accept again source addresses that do not have a port number (bsc#1103992 FATE#326009).
RDMA/srp: Document srp_parse_in() arguments (bsc#1103992 FATE#326009).
RDMA/uverbs: check for allocation failure in uapi_add_elm() (bsc#1103992 FATE#326009).
Re-export snd_cards for kABI compatibility (bsc#1051510).
Revert 'Sign non-x86 kernels when possible (boo#1134303)'
Revert 'bcache: set CACHE_SET_IO_DISABLE in bch_cached_dev_error()' (bsc#1140652).
Revert 'net: ena: ethtool: add extra properties retrieval via get_priv_flags' (bsc#1138879).
Revert 's390/jump_label: Use 'jdd' constraint on gcc9 (bsc#1138589).' This broke the build with older gcc instead.
Revert 'svm: Fix AVIC incomplete IPI emulation' (bsc#1140133).
Revert 'svm: Fix AVIC incomplete IPI emulation' (bsc#1140133).
SMB3: Fix endian warning (bsc#1137884).
UAS: fix alignment of scatter/gather segments (bsc#1129770).
USB: Add LPM quirk for Surface Dock GigE adapter (bsc#1051510).
USB: Fix chipmunk-like voice when using Logitech C270 for recording audio (bsc#1051510).
USB: Fix slab-out-of-bounds write in usb_get_bos_descriptor (bsc#1051510).
USB: cdc-acm: fix unthrottle races (bsc#1051510).
USB: core: Don't unbind interfaces following device reset failure (bsc#1051510).
USB: core: Fix bug caused by duplicate interface PM usage counter (bsc#1051510).
USB: core: Fix unterminated string returned by usb_string() (bsc#1051510).
USB: rio500: fix memory leak in close after disconnect (bsc#1051510).
USB: rio500: refuse more than one device at a time (bsc#1051510).
USB: serial: cp210x: fix GPIO in autosuspend (bsc#1120902).
USB: serial: f81232: fix interrupt worker not stop (bsc#1051510).
USB: serial: fix unthrottle races (bsc#1051510).
USB: serial: ftdi_sio: add ID for isodebug v1 (bsc#1051510).
USB: serial: option: add Telit 0x1260 and 0x1261 compositions (bsc#1051510).
USB: serial: option: add support for GosunCn ME3630 RNDIS mode (bsc#1051510).
USB: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode (bsc#1051510).
USB: serial: pl2303: add Allied Telesis VT-Kit3 (bsc#1051510).
USB: sisusbvga: fix oops in error path of sisusb_probe (bsc#1051510).
USB: usb-storage: Add new ID to ums-realtek (bsc#1051510).
USB: w1 ds2490: Fix bug caused by improper use of altsetting array (bsc#1051510).
USB: yurex: Fix protection fault after device removal (bsc#1051510).
VMCI: Fix integer overflow in VMCI handle arrays (bsc#1051510).
acpi / SBS: Fix GPE storm on recent MacBookPro's (bsc#1051510).
acpi / property: fix handling of data_nodes in acpi_get_next_subnode() (bsc#1051510).
acpi / utils: Drop reference in test for device presence (bsc#1051510).
acpi, nfit: Prefer _DSM over _LSR for namespace label reads (bsc#1112128) (bsc#1132426).
acpi, nfit: Prefer _DSM over _LSR for namespace label reads (bsc#1112128) (bsc#1132426).
acpi/nfit: Always dump _DSM output payload (bsc#1142351).
acpi: PM: Allow transitions to D0 to occur in special cases (bsc#1051510).
acpi: PM: Avoid evaluating _PS3 on transitions from D3hot to D3cold (bsc#1051510).
acpi: PM: Set enable_for_wake for wakeup GPEs during suspend-to-idle (bsc#1111666).
acpi: button: reinitialize button state upon resume (bsc#1051510).
acpi: fix menuconfig presentation of acpi submenu (bsc#1117158).
acpi: property: restore _DSD data subnodes GUID comment (bsc#1111666).
acpiCA: AML interpreter: add region addresses in global list during initialization (bsc#1051510).
acpiCA: Clear status of GPEs on first direct enable (bsc#1111666).
acpiCA: Namespace: remove address node from global list after method termination (bsc#1051510).
af_key: unconditionally clone on broadcast (bsc#1051510).
alsa: PCM: check if ops are defined before suspending PCM (bsc#1051510).
alsa: compress: Be more restrictive about when a drain is allowed (bsc#1051510).
alsa: compress: Don't allow paritial drain operations on capture streams (bsc#1051510).
alsa: compress: Fix regression on compressed capture streams (bsc#1051510).
alsa: compress: Prevent bypasses of set_params (bsc#1051510).
alsa: core: Don't refer to snd_cards array directly (bsc#1051510).
alsa: core: Fix card races between register and disconnect (bsc#1051510).
alsa: emu10k1: Drop superfluous id-uniquification behavior (bsc#1051510).
alsa: firewire-lib/fireworks: fix miss detection of received MIDI messages (bsc#1051510).
alsa: firewire-motu: fix destruction of data for isochronous resources (bsc#1051510).
alsa: hda - Add a conexant codec entry to let mute led work (bsc#1051510).
alsa: hda - Add two more machines to the power_save_blacklist (bsc#1051510).
alsa: hda - Don't resume forcibly i915 HDMI/DP codec (bsc#1111666).
alsa: hda - Fix intermittent CORB/RIRB stall on Intel chips (bsc#1111666).
alsa: hda - Force polling mode on CNL for fixing codec communication (bsc#1051510).
alsa: hda - Optimize resume for codecs without jack detection (bsc#1111666).
alsa: hda - Register irq handler after the chip initialization (bsc#1051510).
alsa: hda - Use a macro for snd_array iteration loops (bsc#1051510).
alsa: hda/hdmi - Consider eld_valid when reporting jack event (bsc#1051510).
alsa: hda/hdmi - Fix i915 reverse port/pin mapping (bsc#1111666).
alsa: hda/hdmi - Read the pin sense from register when repolling (bsc#1051510).
alsa: hda/hdmi - Remove duplicated define (bsc#1111666).
alsa: hda/realtek - Add new Dell platform for headset mode (bsc#1051510).
alsa: hda/realtek - Apply the fixup for ASUS Q325UAR (bsc#1051510).
alsa: hda/realtek - Avoid superfluous COEF EAPD setups (bsc#1051510).
alsa: hda/realtek - Change front mic location for Lenovo M710q (bsc#1051510).
alsa: hda/realtek - Corrected fixup for System76 Gazelle (gaze14) (bsc#1051510).
alsa: hda/realtek - EAPD turn on later (bsc#1051510).
alsa: hda/realtek - Enable micmute LED for Huawei laptops (bsc#1051510).
alsa: hda/realtek - Fix for Lenovo B50-70 inverted internal microphone bug (bsc#1051510).
alsa: hda/realtek - Fixed Dell AIO speaker noise (bsc#1051510).
alsa: hda/realtek - Fixed Headphone Mic can't record on Dell platform (bsc#1051510).
alsa: hda/realtek - Fixup headphone noise via runtime suspend (bsc#1051510).
alsa: hda/realtek - Headphone Mic can't record after S3 (bsc#1051510).
alsa: hda/realtek - Improve the headset mic for Acer Aspire laptops (bsc#1051510).
alsa: hda/realtek - Move to ACT_INIT state (bsc#1111666).
alsa: hda/realtek - Set default power save node to 0 (bsc#1051510).
alsa: hda/realtek - Support low power consumption for ALC256 (bsc#1051510).
alsa: hda/realtek - Support low power consumption for ALC295 (bsc#1051510).
alsa: hda/realtek - Update headset mode for ALC256 (bsc#1051510).
alsa: hda/realtek - add two more pin configuration sets to quirk table (bsc#1051510).
alsa: hda/realtek: Add quirks for several Clevo notebook barebones (bsc#1051510).
alsa: hda/realtek: Enable headset MIC of Acer TravelMate B114-21 with ALC233 (bsc#1111666).
alsa: hda/realtek: apply ALC891 headset fixup to one Dell machine (bsc#1051510).
alsa: hda: Initialize power_state field properly (bsc#1051510).
alsa: hdea/realtek - Headset fixup for System76 Gazelle (gaze14) (bsc#1051510).
alsa: info: Fix racy addition/deletion of nodes (bsc#1051510).
alsa: line6: Avoid polluting led_* namespace (bsc#1051510).
alsa: line6: Fix a typo (bsc#1051510).
alsa: line6: Fix write on zero-sized buffer (bsc#1051510).
alsa: line6: Fix wrong altsetting for LINE6_PODHD500_1 (bsc#1051510).
alsa: line6: use dynamic buffers (bsc#1051510).
alsa: oxfw: allow PCM capture for Stanton SCS.1m (bsc#1051510).
alsa: seq: Align temporary re-locking with irqsave version (bsc#1051510).
alsa: seq: Break too long mutex context in the write loop (bsc#1051510).
alsa: seq: Correct unlock sequence at snd_seq_client_ioctl_unlock() (bsc#1051510).
alsa: seq: Cover unsubscribe_port() in list_mutex (bsc#1051510).
alsa: seq: Fix OOB-reads from strlcpy (bsc#1051510).
alsa: seq: Fix race of get-subscription call vs port-delete ioctls (bsc#1051510).
alsa: seq: Protect in-kernel ioctl calls with mutex (bsc#1051510).
alsa: seq: Protect racy pool manipulation from OSS sequencer (bsc#1051510).
alsa: seq: Remove superfluous irqsave flags (bsc#1051510).
alsa: seq: Simplify snd_seq_kernel_client_enqueue() helper (bsc#1051510).
alsa: seq: fix incorrect order of dest_client/dest_ports arguments (bsc#1051510).
alsa: timer: Check ack_list emptiness instead of bit flag (bsc#1051510).
alsa: timer: Coding style fixes (bsc#1051510).
alsa: timer: Make snd_timer_close() really kill pending actions (bsc#1051510).
alsa: timer: Make sure to clear pending ack list (bsc#1051510).
alsa: timer: Revert active callback sync check at close (bsc#1051510).
alsa: timer: Simplify error path in snd_timer_open() (bsc#1051510).
alsa: timer: Unify timer callback process code (bsc#1051510).
alsa: usb-audio: Add quirk for Focusrite Scarlett Solo (bsc#1051510).
alsa: usb-audio: Add quirk for MOTU MicroBook II (bsc#1051510).
alsa: usb-audio: Cleanup DSD whitelist (bsc#1051510).
alsa: usb-audio: Enable .product_name override for Emagic, Unitor 8 (bsc#1051510).
alsa: usb-audio: Fix a memory leak bug (bsc#1051510).
alsa: usb-audio: Fix parse of UAC2 Extension Units (bsc#1111666).
alsa: usb-audio: Handle the error from snd_usb_mixer_apply_create_quirk() (bsc#1051510).
alsa: usb-audio: Sanity checks for each pipe and EP types (bsc#1051510).
alsa: usb-audio: fix Line6 Helix audio format rates (bsc#1111666).
alsa: usb-audio: fix sign unintended sign extension on left shifts (bsc#1051510).
alsa: usx2y: fix a double free bug (bsc#1051510).
apparmor: enforce nullbyte at end of tag string (bsc#1051510).
appletalk: Fix compile regression (bsc#1051510).
appletalk: Fix use-after-free in atalk_proc_exit (bsc#1051510).
arch: arm64: acpi: KABI ginore includes (bsc#1117158 bsc#1134671).
arch: arm64: acpi: KABI ginore includes (bsc#1117158 bsc#1134671).
arm64, mm, efi: Account for GICv3 LPI tables in static memblock reserve table (bsc#1117158).
arm64: acpi: fix alignment fault in accessing acpi (bsc#1117158).
arm64: do not override dma_max_pfn (jsc#SLE-6197 bsc#1140559 LTC#173150).
arm64: fix acpi dependencies (bsc#1117158).
assume flash part size to be 4MB, if it can't be determined (bsc#1127371).
at76c50x-usb: Don't register led_trigger if usb_register_driver failed (bsc#1051510).
ath10k: Do not send probe response template for mesh (bsc#1111666).
ath10k: Fix encoding for protected management frames (bsc#1111666).
ath10k: add missing error handling (bsc#1111666).
ath10k: add peer id check in ath10k_peer_find_by_id (bsc#1111666).
ath10k: avoid possible string overflow (bsc#1051510).
ath10k: destroy sdio workqueue while remove sdio module (bsc#1111666).
ath10k: fix PCIE device wake up failed (bsc#1111666).
ath10k: fix incorrect multicast/broadcast rate setting (bsc#1111666).
ath10k: snoc: fix unbalanced clock error handling (bsc#1111666).
ath6kl: add some bounds checking (bsc#1051510).
ath9k: Check for errors when reading SREV register (bsc#1111666).
ath9k: correctly handle short radar pulses (bsc#1111666).
ath: DFS JP domain W56 fixed pulse type 3 RADAR detection (bsc#1111666).
audit: fix a memleak caused by auditing load module (bsc#1051510).
audit: fix a memory leak bug (bsc#1051510).
ax25: fix inconsistent lock state in ax25_destroy_timer (bsc#1051510).
b43: shut up clang -Wuninitialized variable warning (bsc#1051510).
backlight: lm3630a: Return 0 on success in update_status functions (bsc#1051510).
batman-adv: Reduce claim hash refcnt only for removed entry (bsc#1051510).
batman-adv: Reduce tt_global hash refcnt only for removed entry (bsc#1051510).
batman-adv: Reduce tt_local hash refcnt only for removed entry (bsc#1051510).
batman-adv: allow updating DAT entry timeouts on incoming ARP Replies (bsc#1051510).
batman-adv: fix for leaked TVLV handler (bsc#1051510).
bcache: Add comments for blkdev_put() in registration code path (bsc#1140652).
bcache: Clean up bch_get_congested() (bsc#1140652).
bcache: Move couple of functions to sysfs.c (bsc#1130972).
bcache: Move couple of functions to sysfs.c (bsc#1130972).
bcache: Move couple of string arrays to sysfs.c (bsc#1130972).
bcache: Move couple of string arrays to sysfs.c (bsc#1130972).
bcache: Populate writeback_rate_minimum attribute (bsc#1130972).
bcache: Populate writeback_rate_minimum attribute (bsc#1130972).
bcache: Replace bch_read_string_list() by __sysfs_match_string() (bsc#1130972).
bcache: Replace bch_read_string_list() by __sysfs_match_string() (bsc#1130972).
bcache: Revert 'bcache: fix high CPU occupancy during journal' (bsc#1140652).
bcache: Revert 'bcache: free heap cache_set flush_btree in bch_journal_free' (bsc#1140652).
bcache: account size of buckets used in uuid write to ca meta_sectors_written (bsc#1130972).
bcache: account size of buckets used in uuid write to ca meta_sectors_written (bsc#1130972).
bcache: acquire bch_register_lock later in cached_dev_detach_finish() (bsc#1140652).
bcache: acquire bch_register_lock later in cached_dev_free() (bsc#1140652).
bcache: add MODULE_DESCRIPTION information (bsc#1130972).
bcache: add MODULE_DESCRIPTION information (bsc#1130972).
bcache: add a comment in super.c (bsc#1130972).
bcache: add a comment in super.c (bsc#1130972).
bcache: add code comments for bset.c (bsc#1130972).
bcache: add code comments for bset.c (bsc#1130972).
bcache: add code comments for journal_read_bucket() (bsc#1140652).
bcache: add comment for cache_set fill_iter (bsc#1130972).
bcache: add comment for cache_set fill_iter (bsc#1130972).
bcache: add comments for closure_fn to be called in closure_queue() (bsc#1140652).
bcache: add comments for kobj release callback routine (bsc#1140652).
bcache: add comments for mutex_lock(b write_lock) (bsc#1140652).
bcache: add error check for calling register_bdev() (bsc#1140652).
bcache: add failure check to run_cache_set() for journal replay (bsc#1140652).
bcache: add identifier names to arguments of function definitions (bsc#1130972).
bcache: add identifier names to arguments of function definitions (bsc#1130972).
bcache: add io error counting in write_bdev_super_endio() (bsc#1140652).
bcache: add missing SPDX header (bsc#1130972).
bcache: add missing SPDX header (bsc#1130972).
bcache: add more error message in bch_cached_dev_attach() (bsc#1140652).
bcache: add pendings_cleanup to stop pending bcache device (bsc#1140652).
bcache: add reclaimed_journal_buckets to struct cache_set (bsc#1140652).
bcache: add return value check to bch_cached_dev_run() (bsc#1140652).
bcache: add separate workqueue for journal_write to avoid deadlock (bsc#1130972).
bcache: add separate workqueue for journal_write to avoid deadlock (bsc#1130972).
bcache: add static const prefix to char * array declarations (bsc#1130972).
bcache: add static const prefix to char * array declarations (bsc#1130972).
bcache: add sysfs_strtoul_bool() for setting bit-field variables (bsc#1130972).
bcache: add sysfs_strtoul_bool() for setting bit-field variables (bsc#1130972).
bcache: add the missing comments for smp_mb()/smp_wmb() (bsc#1130972).
bcache: add the missing comments for smp_mb()/smp_wmb() (bsc#1130972).
bcache: avoid a deadlock in bcache_reboot() (bsc#1140652).
bcache: avoid clang -Wunintialized warning (bsc#1140652).
bcache: avoid flushing btree node in cache_set_flush() if io disabled (bsc#1140652).
bcache: avoid potential memleak of list of journal_replay(s) in the CACHE_SYNC branch of run_cache_set (bsc#1140652).
bcache: cannot set writeback_running via sysfs if no writeback kthread created (bsc#1130972).
bcache: cannot set writeback_running via sysfs if no writeback kthread created (bsc#1130972).
bcache: check CACHE_SET_IO_DISABLE bit in bch_journal() (bsc#1140652).
bcache: check CACHE_SET_IO_DISABLE in allocator code (bsc#1140652).
bcache: check c gc_thread by IS_ERR_OR_NULL in cache_set_flush() (bsc#1140652).
bcache: correct dirty data statistics (bsc#1130972).
bcache: correct dirty data statistics (bsc#1130972).
bcache: destroy dc writeback_write_wq if failed to create dc writeback_thread (bsc#1140652).
bcache: do not assign in if condition in bcache_device_init() (bsc#1140652).
bcache: do not assign in if condition in bcache_init() (bsc#1130972).
bcache: do not assign in if condition in bcache_init() (bsc#1130972).
bcache: do not assign in if condition register_bcache() (bsc#1130972).
bcache: do not assign in if condition register_bcache() (bsc#1130972).
bcache: do not check NULL pointer before calling kmem_cache_destroy (bsc#1130972).
bcache: do not check NULL pointer before calling kmem_cache_destroy (bsc#1130972).
bcache: do not check if debug dentry is ERR or NULL explicitly on remove (bsc#1130972).
bcache: do not check if debug dentry is ERR or NULL explicitly on remove (bsc#1130972).
bcache: do not clone bio in bch_data_verify (bsc#1130972).
bcache: do not clone bio in bch_data_verify (bsc#1130972).
bcache: do not mark writeback_running too early (bsc#1130972).
bcache: do not mark writeback_running too early (bsc#1130972).
bcache: do not set max writeback rate if gc is running (bsc#1140652).
bcache: export backing_dev_name via sysfs (bsc#1130972).
bcache: export backing_dev_name via sysfs (bsc#1130972).
bcache: export backing_dev_uuid via sysfs (bsc#1130972).
bcache: export backing_dev_uuid via sysfs (bsc#1130972).
bcache: fix a race between cache register and cacheset unregister (bsc#1140652).
bcache: fix code comments style (bsc#1130972).
bcache: fix code comments style (bsc#1130972).
bcache: fix crashes stopping bcache device before read miss done (bsc#1140652).
bcache: fix failure in journal relplay (bsc#1140652).
bcache: fix inaccurate result of unused buckets (bsc#1140652).
bcache: fix indent by replacing blank by tabs (bsc#1130972).
bcache: fix indent by replacing blank by tabs (bsc#1130972).
bcache: fix indentation issue, remove tabs on a hunk of code (bsc#1130972).
bcache: fix indentation issue, remove tabs on a hunk of code (bsc#1130972).
bcache: fix input integer overflow of congested threshold (bsc#1130972).
bcache: fix input integer overflow of congested threshold (bsc#1130972).
bcache: fix input overflow to cache set io_error_limit (bsc#1130972).
bcache: fix input overflow to cache set io_error_limit (bsc#1130972).
bcache: fix input overflow to cache set sysfs file io_error_halflife (bsc#1130972).
bcache: fix input overflow to cache set sysfs file io_error_halflife (bsc#1130972).
bcache: fix input overflow to journal_delay_ms (bsc#1130972).
bcache: fix input overflow to journal_delay_ms (bsc#1130972).
bcache: fix input overflow to sequential_cutoff (bsc#1130972).
bcache: fix input overflow to sequential_cutoff (bsc#1130972).
bcache: fix input overflow to writeback_delay (bsc#1130972).
bcache: fix input overflow to writeback_delay (bsc#1130972).
bcache: fix input overflow to writeback_rate_minimum (bsc#1130972).
bcache: fix input overflow to writeback_rate_minimum (bsc#1130972).
bcache: fix ioctl in flash device (bsc#1130972).
bcache: fix ioctl in flash device (bsc#1130972).
bcache: fix mistaken code comments in bcache.h (bsc#1130972).
bcache: fix mistaken code comments in bcache.h (bsc#1130972).
bcache: fix mistaken comments in request.c (bsc#1130972).
bcache: fix mistaken comments in request.c (bsc#1130972).
bcache: fix mistaken sysfs entry for io_error counter (bsc#1140652).
bcache: fix potential deadlock in cached_def_free() (bsc#1140652).
bcache: fix potential div-zero error of writeback_rate_i_term_inverse (bsc#1130972).
bcache: fix potential div-zero error of writeback_rate_i_term_inverse (bsc#1130972).
bcache: fix potential div-zero error of writeback_rate_p_term_inverse (bsc#1130972).
bcache: fix potential div-zero error of writeback_rate_p_term_inverse (bsc#1130972).
bcache: fix race in btree_flush_write() (bsc#1140652).
bcache: fix return value error in bch_journal_read() (bsc#1140652).
bcache: fix stack corruption by PRECEDING_KEY() (bsc#1140652).
bcache: fix typo 'succesfully' to 'successfully' (bsc#1130972).
bcache: fix typo 'succesfully' to 'successfully' (bsc#1130972).
bcache: fix typo in code comments of closure_return_with_destructor() (bsc#1130972).
bcache: fix typo in code comments of closure_return_with_destructor() (bsc#1130972).
bcache: fix wrong usage use-after-freed on keylist in out_nocoalesce branch of btree_gc_coalesce (bsc#1140652).
bcache: ignore read-ahead request failure on backing device (bsc#1140652).
bcache: improve bcache_reboot() (bsc#1140652).
bcache: improve error message in bch_cached_dev_run() (bsc#1140652).
bcache: improve sysfs_strtoul_clamp() (bsc#1130972).
bcache: improve sysfs_strtoul_clamp() (bsc#1130972).
bcache: introduce force_wake_up_gc() (bsc#1130972).
bcache: introduce force_wake_up_gc() (bsc#1130972).
bcache: make bset_search_tree() be more understandable (bsc#1140652).
bcache: make cutoff_writeback and cutoff_writeback_sync tunable (bsc#1130972).
bcache: make cutoff_writeback and cutoff_writeback_sync tunable (bsc#1130972).
bcache: make is_discard_enabled() static (bsc#1140652).
bcache: more detailed error message to bcache_device_link() (bsc#1140652).
bcache: move definition of 'int ret' out of macro read_bucket() (bsc#1140652).
bcache: move open brace at end of function definitions to next line (bsc#1130972).
bcache: move open brace at end of function definitions to next line (bsc#1130972).
bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim() (bsc#1140652).
bcache: never writeback a discard operation (bsc#1130972).
bcache: never writeback a discard operation (bsc#1130972).
bcache: not use hard coded memset size in bch_cache_accounting_clear() (bsc#1130972).
bcache: not use hard coded memset size in bch_cache_accounting_clear() (bsc#1130972).
bcache: only clear BTREE_NODE_dirty bit when it is set (bsc#1140652).
bcache: only set BCACHE_DEV_WB_RUNNING when cached device attached (bsc#1140652).
bcache: option to automatically run gc thread after writeback (bsc#1130972).
bcache: option to automatically run gc thread after writeback (bsc#1130972).
bcache: panic fix for making cache device (bsc#1130972).
bcache: panic fix for making cache device (bsc#1130972).
bcache: performance improvement for btree_flush_write() (bsc#1140652).
bcache: prefer 'help' in Kconfig (bsc#1130972).
bcache: prefer 'help' in Kconfig (bsc#1130972).
bcache: print number of keys in trace_bcache_journal_write (bsc#1130972).
bcache: print number of keys in trace_bcache_journal_write (bsc#1130972).
bcache: recal cached_dev_sectors on detach (bsc#1130972).
bcache: recal cached_dev_sectors on detach (bsc#1130972).
bcache: remove redundant LIST_HEAD(journal) from run_cache_set() (bsc#1140652).
bcache: remove redundant LIST_HEAD(journal) from run_cache_set() (bsc#1140652).
bcache: remove retry_flush_write from struct cache_set (bsc#1140652).
bcache: remove unncessary code in bch_btree_keys_init() (bsc#1140652).
bcache: remove unnecessary prefetch() in bset_search_tree() (bsc#1140652).
bcache: remove unnecessary space before ioctl function pointer arguments (bsc#1130972).
bcache: remove unnecessary space before ioctl function pointer arguments (bsc#1130972).
bcache: remove unused bch_passthrough_cache (bsc#1130972).
bcache: remove unused bch_passthrough_cache (bsc#1130972).
bcache: remove useless parameter of bch_debug_init() (bsc#1130972).
bcache: remove useless parameter of bch_debug_init() (bsc#1130972).
bcache: replace '%pF' by '%pS' in seq_printf() (bsc#1130972).
bcache: replace '%pF' by '%pS' in seq_printf() (bsc#1130972).
bcache: replace Symbolic permissions by octal permission numbers (bsc#1130972).
bcache: replace Symbolic permissions by octal permission numbers (bsc#1130972).
bcache: replace hard coded number with BUCKET_GC_GEN_MAX (bsc#1130972).
bcache: replace hard coded number with BUCKET_GC_GEN_MAX (bsc#1130972).
bcache: replace printk() by pr_*() routines (bsc#1130972).
bcache: replace printk() by pr_*() routines (bsc#1130972).
bcache: return error immediately in bch_journal_replay() (bsc#1140652).
bcache: set largest seq to ja seq[bucket_index] in journal_read_bucket() (bsc#1140652).
bcache: set writeback_percent in a flexible range (bsc#1130972).
bcache: set writeback_percent in a flexible range (bsc#1130972).
bcache: shrink btree node cache after bch_btree_check() (bsc#1140652).
bcache: split combined if-condition code into separate ones (bsc#1130972).
bcache: split combined if-condition code into separate ones (bsc#1130972).
bcache: stop bcache device when backing device is offline (bsc#1130972).
bcache: stop bcache device when backing device is offline (bsc#1130972).
bcache: stop using the deprecated get_seconds() (bsc#1130972).
bcache: stop using the deprecated get_seconds() (bsc#1130972).
bcache: stop writeback kthread and kworker when bch_cached_dev_run() failed (bsc#1140652).
bcache: style fix to add a blank line after declarations (bsc#1130972).
bcache: style fix to add a blank line after declarations (bsc#1130972).
bcache: style fix to replace 'unsigned' by 'unsigned int' (bsc#1130972).
bcache: style fix to replace 'unsigned' by 'unsigned int' (bsc#1130972).
bcache: style fixes for lines over 80 characters (bsc#1130972).
bcache: style fixes for lines over 80 characters (bsc#1130972).
bcache: treat stale and dirty keys as bad keys (bsc#1130972).
bcache: treat stale and dirty keys as bad keys (bsc#1130972).
bcache: trivial - remove tailing backslash in macro BTREE_FLAG (bsc#1130972).
bcache: trivial - remove tailing backslash in macro BTREE_FLAG (bsc#1130972).
bcache: update comment for bch_data_insert (bsc#1130972).
bcache: update comment for bch_data_insert (bsc#1130972).
bcache: update comment in sysfs.c (bsc#1130972).
bcache: update comment in sysfs.c (bsc#1130972).
bcache: use (REQ_META|REQ_PRIO) to indicate bio for metadata (bsc#1130972).
bcache: use (REQ_META|REQ_PRIO) to indicate bio for metadata (bsc#1130972).
bcache: use MAX_CACHES_PER_SET instead of magic number 8 in __bch_bucket_alloc_set (bsc#1130972).
bcache: use MAX_CACHES_PER_SET instead of magic number 8 in __bch_bucket_alloc_set (bsc#1130972).
bcache: use REQ_PRIO to indicate bio for metadata (bsc#1130972).
bcache: use REQ_PRIO to indicate bio for metadata (bsc#1130972).
bcache: use routines from lib/crc64.c for CRC64 calculation (bsc#1130972).
bcache: use routines from lib/crc64.c for CRC64 calculation (bsc#1130972).
bcache: use sysfs_match_string() instead of __sysfs_match_string() (bsc#1140652).
bcache: use sysfs_strtoul_bool() to set bit-field variables (bsc#1130972).
bcache: use sysfs_strtoul_bool() to set bit-field variables (bsc#1130972).
be2net: Signal that the device cannot transmit during reconfiguration (bsc#1127315).
be2net: Synchronize be_update_queues with dev_watchdog (bsc#1127315).
blk-mq: Avoid that submitting a bio concurrently with device removal triggers a crash (bsc#1131673).
blk-mq: adjust debugfs and sysfs register when updating nr_hw_queues (bsc#1131673).
blk-mq: change gfp flags to GFP_NOIO in blk_mq_realloc_hw_ctxs (bsc#1131673).
blk-mq: fallback to previous nr_hw_queues when updating fails (bsc#1131673).
blk-mq: fix hang caused by freeze/unfreeze sequence (bsc#1128432).
blk-mq: free hw queue's resource in hctx's release handler (bsc#1140637).
blk-mq: init hctx sched after update ctx and hctx mapping (bsc#1131673).
blk-mq: realloc hctx when hw queue is mapped to another node (bsc#1131673).
blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter (bsc#1131673).
blkcg: Introduce blkg_root_lookup() (bsc#1131673).
blkcg: Make blkg_root_lookup() work for queues in bypass mode (bsc#1131673).
block, bfq: NULL out the bic when it's no longer valid (bsc#1142359).
block: Do not revalidate bdev of hidden gendisk (bsc#1120091).
block: Ensure that a request queue is dissociated from the cgroup controller (bsc#1131673).
block: Fix a NULL pointer dereference in generic_make_request() (bsc#1139771).
block: Fix a race between request queue removal and the block cgroup controller (bsc#1131673).
block: Introduce blk_exit_queue() (bsc#1131673).
block: check_events: do not bother with events if unsupported (bsc#1110946, bsc#1119843).
block: check_events: do not bother with events if unsupported (bsc#1110946, bsc#1119843).
block: disk_events: introduce event flags (bsc#1110946, bsc#1119843).
block: disk_events: introduce event flags (bsc#1110946, bsc#1119843).
block: do not leak memory in bio_copy_user_iov() (bsc#1135309).
block: fix the return errno for direct IO (bsc#1135320).
block: fix use-after-free on gendisk (bsc#1135312).
block: kABI fixes for bio_rewind_iter() removal (bsc#1131673).
block: remove bio_rewind_iter() (bsc#1131673).
bluetooth: Check key sizes only when Secure Simple Pairing is enabled (bsc#1135556).
bluetooth: Check key sizes only when Secure Simple Pairing is enabled (bsc#1135556).
bluetooth: Fix faulty expression for minimum encryption key size check (bsc#1140328).
bluetooth: hci_uart: Check if socket buffer is ERR_PTR in h4_recv_buf() (bsc#1133731).
bnx2x: Add support for detection of P2P event packets (bsc#1136498 jsc#SLE-4699).
bnx2x: Bump up driver version to 1.713.36 (bsc#1136498 jsc#SLE-4699).
bnx2x: Prevent load reordering in tx completion processing (bsc#1142868).
bnx2x: Remove set but not used variable 'mfw_vn' (bsc#1136498 jsc#SLE-4699).
bnx2x: Replace magic numbers with macro definitions (bsc#1136498 jsc#SLE-4699).
bnx2x: Use struct_size() in kzalloc() (bsc#1136498 jsc#SLE-4699).
bnx2x: Utilize FW 7.13.11.0 (bsc#1136498 jsc#SLE-4699).
bnx2x: fix spelling mistake 'dicline' 'decline' (bsc#1136498 jsc#SLE-4699).
bnx2x: fix various indentation issues (bsc#1136498 jsc#SLE-4699).
bnxt_en: Add device IDs 0x1806 and 0x1752 for 57500 devices (bsc#1137224).
bnxt_en: Add support for BCM957504 (bsc#1137224).
bnxt_en: Disable bus master during PCI shutdown and driver unload (bsc#1104745 FATE#325918).
bnxt_en: Fix aggregation buffer leak under OOM condition (bsc#1134090 jsc#SLE-5954).
bnxt_en: Fix aggregation buffer leak under OOM condition (bsc#1134090 jsc#SLE-5954).
bnxt_en: Fix possible BUG() condition when calling pci_disable_msix() (bsc#1134090 jsc#SLE-5954).
bnxt_en: Fix possible BUG() condition when calling pci_disable_msix() (bsc#1134090 jsc#SLE-5954).
bnxt_en: Fix possible crash in bnxt_hwrm_ring_free() under error conditions (bsc#1134090 jsc#SLE-5954).
bnxt_en: Fix possible crash in bnxt_hwrm_ring_free() under error conditions (bsc#1134090 jsc#SLE-5954).
bnxt_en: Fix statistics context reservation logic (bsc#1134090 jsc#SLE-5954).
bnxt_en: Fix statistics context reservation logic (bsc#1134090 jsc#SLE-5954).
bnxt_en: Fix statistics context reservation logic for RDMA driver (bsc#1104745 FATE#325918).
bnxt_en: Fix uninitialized variable usage in bnxt_rx_pkt() (bsc#1134090 jsc#SLE-5954).
bnxt_en: Fix uninitialized variable usage in bnxt_rx_pkt() (bsc#1134090 jsc#SLE-5954).
bnxt_en: Free short FW command HWRM memory in error path in bnxt_init_one() (bsc#1050242 FATE#322914).
bnxt_en: Improve NQ reservations (bsc#1134090 jsc#SLE-5954).
bnxt_en: Improve NQ reservations (bsc#1134090 jsc#SLE-5954).
bnxt_en: Improve multicast address setup logic (bsc#1134090 jsc#SLE-5954).
bnxt_en: Improve multicast address setup logic (bsc#1134090 jsc#SLE-5954).
bnxt_en: Pass correct extended TX port statistics size to firmware (bsc#1134090 jsc#SLE-5954).
bnxt_en: Pass correct extended TX port statistics size to firmware (bsc#1134090 jsc#SLE-5954).
bnxt_en: Reduce memory usage when running in kdump kernel (bsc#1134090 jsc#SLE-5954).
bnxt_en: Reduce memory usage when running in kdump kernel (bsc#1134090 jsc#SLE-5954).
bnxt_en: Suppress error messages when querying DSCP DCB capabilities (bsc#1104745 FATE#325918).
bonding: Force slave speed check after link state recovery for 802.3ad (bsc#1137584).
bpf, devmap: Add missing RCU read lock on flush (bsc#1109837).
bpf, devmap: Add missing bulk queue free (bsc#1109837).
bpf, devmap: Fix premature entry free on destroying map (bsc#1109837).
bpf, lru: avoid messing with eviction heuristics upon syscall lookup (bsc#1083647).
bpf, tcp: correctly handle DONT_WAIT flags and timeo == 0 (bsc#1109837).
bpf, x64: fix stack layout of JITed bpf code (bsc#1083647).
bpf, x64: save 5 bytes in prologue when ebpf insns came from cbpf (bsc#1083647).
bpf: Add missed newline in verifier verbose log (bsc#1056787).
bpf: add map_lookup_elem_sys_only for lookups from syscall side (bsc#1083647).
bpf: btf: fix the brackets of BTF_INT_OFFSET() (bsc#1083647).
bpf: devmap: fix use-after-free Read in __dev_map_entry_free (bsc#1109837).
bpf: fix callees pruning callers (bsc#1109837).
bpf: fix nested bpf tracepoints with per-cpu data (bsc#1083647).
bpf: fix use after free in bpf_evict_inode (bsc#1083647).
bpf: lpm_trie: check left child of last leftmost node for NULL (bsc#1109837).
bpf: sockmap fix msg sg.size account on ingress skb (bsc#1109837).
bpf: sockmap remove duplicate queue free (bsc#1109837).
bpf: sockmap, fix use after free from sleep in psock backlog workqueue (bsc#1109837).
brcm80211: potential NULL dereference in brcmf_cfg80211_vndr_cmds_dcmd_handler() (bsc#1051510).
brcmfmac: convert dev_init_lock mutex to completion (bsc#1051510).
brcmfmac: fix NULL pointer derefence during USB disconnect (bsc#1111666).
brcmfmac: fix Oops when bringing up interface during USB disconnect (bsc#1051510).
brcmfmac: fix WARNING during USB disconnect in case of unempty psq (bsc#1051510).
brcmfmac: fix leak of mypkt on error return path (bsc#1111666).
brcmfmac: fix missing checks for kmemdup (bsc#1051510).
brcmfmac: fix race during disconnect when USB completion is in progress (bsc#1051510).
broadcom: Mark expected switch fall-throughs (bsc#1136498 jsc#SLE-4699).
btrfs: Do not panic when we can't find a root key (bsc#1112063).
btrfs: Factor out common delayed refs init code (bsc#1134813).
btrfs: Introduce init_delayed_ref_head (bsc#1134813).
btrfs: Open-code add_delayed_data_ref (bsc#1134813).
btrfs: Open-code add_delayed_tree_ref (bsc#1134813).
btrfs: Use init_delayed_ref_common in add_delayed_data_ref (bsc#1134813).
btrfs: Use init_delayed_ref_common in add_delayed_tree_ref (bsc#1134813).
btrfs: Use init_delayed_ref_head in add_delayed_ref_head (bsc#1134813).
btrfs: add a helper to return a head ref (bsc#1134813).
btrfs: breakout empty head cleanup to a helper (bsc#1134813).
btrfs: delayed-ref: Introduce better documented delayed ref structures (bsc#1063638 bsc#1128052 bsc#1108838).
btrfs: delayed-ref: Introduce better documented delayed ref structures (bsc#1063638 bsc#1128052 bsc#1108838).
btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_data_ref() (bsc#1063638 bsc#1128052 bsc#1108838).
btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_data_ref() (bsc#1063638 bsc#1128052 bsc#1108838).
btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_tree_ref() (bsc#1063638 bsc#1128052 bsc#1108838).
btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_tree_ref() (bsc#1063638 bsc#1128052 bsc#1108838).
btrfs: do not allow trimming when a fs is mounted with the nologreplay option (bsc#1135758).
btrfs: do not double unlock on error in btrfs_punch_hole (bsc#1136881).
btrfs: extent-tree: Fix a bug that btrfs is unable to add pinned bytes (bsc#1063638 bsc#1128052 bsc#1108838).
btrfs: extent-tree: Fix a bug that btrfs is unable to add pinned bytes (bsc#1063638 bsc#1128052 bsc#1108838).
btrfs: extent-tree: Open-code process_func in __btrfs_mod_ref (bsc#1063638 bsc#1128052 bsc#1108838).
btrfs: extent-tree: Open-code process_func in __btrfs_mod_ref (bsc#1063638 bsc#1128052 bsc#1108838).
btrfs: extent-tree: Use btrfs_ref to refactor add_pinned_bytes() (bsc#1063638 bsc#1128052 bsc#1108838).
btrfs: extent-tree: Use btrfs_ref to refactor add_pinned_bytes() (bsc#1063638 bsc#1128052 bsc#1108838).
btrfs: extent-tree: Use btrfs_ref to refactor btrfs_free_extent() (bsc#1063638 bsc#1128052 bsc#1108838).
btrfs: extent-tree: Use btrfs_ref to refactor btrfs_free_extent() (bsc#1063638 bsc#1128052 bsc#1108838).
btrfs: extent-tree: Use btrfs_ref to refactor btrfs_inc_extent_ref() (bsc#1063638 bsc#1128052 bsc#1108838).
btrfs: extent-tree: Use btrfs_ref to refactor btrfs_inc_extent_ref() (bsc#1063638 bsc#1128052 bsc#1108838).
btrfs: fix assertion failure on fsync with NO_HOLES enabled (bsc#1131848).
btrfs: fix fsync not persisting changed attributes of a directory (bsc#1137151).
btrfs: fix incorrect file size after shrinking truncate and fsync (bsc#1130195).
btrfs: fix race between block group removal and block group allocation (bsc#1143003).
btrfs: fix race between ranged fsync and writeback of adjacent ranges (bsc#1136477).
btrfs: fix race updating log root item during fsync (bsc#1137153).
btrfs: fix wrong ctime and mtime of a directory after log replay (bsc#1137152).
btrfs: improve performance on fsync of files with multiple hardlinks (bsc#1123454).
btrfs: move all ref head cleanup to the helper function (bsc#1134813).
btrfs: move extent_op cleanup to a helper (bsc#1134813).
btrfs: move ref_mod modification into the if (ref) logic (bsc#1134813).
btrfs: qgroup: Check bg while resuming relocation to avoid NULL pointer dereference (bsc#1134806).
btrfs: qgroup: Do not scan leaf if we're modifying reloc tree (bsc#1063638 bsc#1128052 bsc#1108838).
btrfs: qgroup: Do not scan leaf if we're modifying reloc tree (bsc#1063638 bsc#1128052 bsc#1108838).
btrfs: qgroup: Move reserved data accounting from btrfs_delayed_ref_head to btrfs_qgroup_extent_record (bsc#1134162).
btrfs: qgroup: Remove duplicated trace points for qgroup_rsv_add/release (bsc#1134160).
btrfs: reloc: Also queue orphan reloc tree for cleanup to avoid BUG_ON() (bsc#1133612).
btrfs: remove WARN_ON in log_dir_items (bsc#1131847).
btrfs: remove delayed_ref_node from ref_head (bsc#1134813).
btrfs: send, flush dellaloc in order to avoid data loss (bsc#1133320).
btrfs: split delayed ref head initialization and addition (bsc#1134813).
btrfs: track refs in a rb_tree instead of a list (bsc#1134813).
btrfs: tree-checker: detect file extent items with overlapping ranges (bsc#1136478).
can: af_can: Fix error path of can_init() (bsc#1051510).
can: flexcan: fix timeout when set small bitrate (bsc#1051510).
can: purge socket error queue on sock destruct (bsc#1051510).
carl9170: fix misuse of device driver API (bsc#1111666).
cdrom: Fix race condition in cdrom_sysctl_register (bsc#1051510).
ceph: ensure d_name stability in ceph_dentry_hash() (bsc#1134461).
ceph: ensure d_name stability in ceph_dentry_hash() (bsc#1134461).
ceph: factor out ceph_lookup_inode() (bsc#1138681).
ceph: fix NULL pointer deref when debugging is enabled (bsc#1138681).
ceph: fix ci i_head_snapc leak (bsc#1122776).
ceph: fix ci i_head_snapc leak (bsc#1122776).
ceph: fix potential use-after-free in ceph_mdsc_build_path (bsc#1138681).
ceph: fix use-after-free on symlink traversal (bsc#1134459).
ceph: fix use-after-free on symlink traversal (bsc#1134459).
ceph: flush dirty inodes before proceeding with remount (bsc#1138681).
ceph: flush dirty inodes before proceeding with remount (bsc#1140405).
ceph: only use d_name directly when parent is locked (bsc#1134460).
ceph: only use d_name directly when parent is locked (bsc#1134460).
ceph: print inode number in __caps_issued_mask debugging messages (bsc#1138681).
ceph: quota: fix quota subdir mounts (bsc#1138681).
ceph: remove duplicated filelock ref increase (bsc#1138681).
cfg80211: Handle WMM rules in regulatory domain intersection (bsc#1111666).
cfg80211: fix memory leak of wiphy device name (bsc#1051510).
cgroup: Use css_tryget() instead of css_tryget_online() in task_get_css() (bsc#1141478).
cgroup: fix parsing empty mount option string (bsc#1133094).
chardev: add additional check for minor range overlap (bsc#1051510).
chelsio: use BUG() instead of BUG_ON(1) (bsc#1136345 jsc#SLE-4681).
cifs: Fix potential OOB access of lock element array (bsc#1051510).
cifs: don't dereference smb_file_target before null check (bsc#1051510).
cifs: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565).
cifs: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565).
clk: fractional-divider: check parent rate only if flag is set (bsc#1051510).
clk: qcom: Fix -Wunused-const-variable (bsc#1051510).
clk: rockchip: Don't yell about bad mmc phases when getting (bsc#1051510).
clk: rockchip: Fix video codec clocks on rk3288 (bsc#1051510).
clk: rockchip: Turn on 'aclk_dmac1' for suspend on rk3288 (bsc#1051510).
clk: rockchip: fix frac settings of GPLL clock for rk3328 (bsc#1051510).
clk: rockchip: fix wrong clock definitions for rk3328 (bsc#1051510).
clk: tegra210: fix PLLU and PLLU_OUT1 (bsc#1051510).
clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider (bsc#1051510).
clk: x86: Add system specific quirk to mark clocks as critical (bsc#1051510).
config: arm64: enable CN99xx uncore pmu References: bsc#1117114
configfs: Fix use-after-free when accessing sd s_dentry (bsc#1051510).
configfs: fix possible use-after-free in configfs_register_group (bsc#1051510).
coresight: etb10: Fix handling of perf mode (bsc#1051510).
coresight: etm4x: Add support to enable ETMv4.2 (bsc#1051510).
cpu/speculation: Add 'mitigations=' cmdline option (bsc#1112178).
cpu/speculation: Add 'mitigations=' cmdline option (bsc#1112178).
cpufreq/pasemi: fix possible object reference leak (bsc#1051510).
cpufreq: Use struct kobj_attribute instead of struct global_attr (bsc#1051510).
cpufreq: acpi-cpufreq: Report if CPU doesn't support boost technologies (bsc#1051510).
cpufreq: brcmstb-avs-cpufreq: Fix initial command check (bsc#1051510).
cpufreq: brcmstb-avs-cpufreq: Fix types for voltage/frequency (bsc#1051510).
cpufreq: check if policy is inactive early in __cpufreq_get() (bsc#1051510).
cpufreq: kirkwood: fix possible object reference leak (bsc#1051510).
cpufreq: pmac32: fix possible object reference leak (bsc#1051510).
cpufreq: ppc_cbe: fix possible object reference leak (bsc#1051510).
crypto: algapi - guard against uninitialized spawn list in crypto_remove_spawns (bsc#1133401).
crypto: arm/aes-neonbs - don't access already-freed walk.iv (bsc#1051510).
crypto: arm64/sha1-ce - correct digest for empty data in finup (bsc#1051510).
crypto: arm64/sha2-ce - correct digest for empty data in finup (bsc#1051510).
crypto: caam - add missing put_device() call (bsc#1129770).
crypto: caam - fix caam_dump_sg that iterates through scatterlist (bsc#1051510).
crypto: caam/qi2 - fix DMA mapping of stack memory (bsc#1111666).
crypto: caam/qi2 - fix zero-length buffer DMA mapping (bsc#1111666).
crypto: caam/qi2 - generate hash keys in-place (bsc#1111666).
crypto: ccm - fix incompatibility between 'ccm' and 'ccm_base' (bsc#1051510).
crypto: ccp - Do not free psp_master when PLATFORM_INIT fails (bsc#1051510).
crypto: ccp - Fix 3DES complaint from ccp-crypto module (bsc#1051510).
crypto: ccp - Fix SEV_VERSION_GREATER_OR_EQUAL (bsc#1051510).
crypto: ccp - Validate the the error value used to index error messages (bsc#1051510).
crypto: ccp - fix AES CFB error exposed by new test vectors (bsc#1051510).
crypto: ccp - memset structure fields to zero before reuse (bsc#1051510).
crypto: ccp/gcm - use const time tag comparison (bsc#1051510).
crypto: chacha20poly1305 - fix atomic sleep when using async algorithm (bsc#1051510).
crypto: chacha20poly1305 - set cra_name correctly (bsc#1051510).
crypto: chcr - ESN for Inline IPSec Tx (bsc#1136353 jsc#SLE-4688).
crypto: chcr - small packet Tx stalls the queue (bsc#1136353 jsc#SLE-4688).
crypto: chelsio - Fix NULL pointer dereference (bsc#1136353 jsc#SLE-4688).
crypto: chelsio - Fix passing zero to 'PTR_ERR' warning in chcr_aead_op (bsc#1136353 jsc#SLE-4688).
crypto: chelsio - Fix softlockup with heavy I/O (bsc#1136353 jsc#SLE-4688).
crypto: chelsio - Fix wrong error counter increments (bsc#1136353 jsc#SLE-4688).
crypto: chelsio - Fixed Traffic Stall (bsc#1136353 jsc#SLE-4688).
crypto: chelsio - Handle pci shutdown event (bsc#1136353 jsc#SLE-4688).
crypto: chelsio - Inline single pdu only (bsc#1136353 jsc#SLE-4688).
crypto: chelsio - Reset counters on cxgb4 Detach (bsc#1136353 jsc#SLE-4688).
crypto: chelsio - Swap location of AAD and IV sent in WR (bsc#1136353 jsc#SLE-4688).
crypto: chelsio - Use same value for both channel in single WR (bsc#1136353 jsc#SLE-4688).
crypto: chelsio - avoid using sa_entry imm (bsc#1136353 jsc#SLE-4688).
crypto: chelsio - check set_msg_len overflow in generate_b0 (bsc#1136353 jsc#SLE-4688).
crypto: chelsio - clean up various indentation issues (bsc#1136353 jsc#SLE-4688).
crypto: chelsio - cleanup:send addr as value in function argument (bsc#1136353 jsc#SLE-4688).
crypto: chelsio - count incomplete block in IV (bsc#1136353 jsc#SLE-4688).
crypto: chelsio - remove set but not used variable 'kctx_len' (bsc#1136353 jsc#SLE-4688).
crypto: chelsio - remove set but not used variables 'adap' (bsc#1136353 jsc#SLE-4688).
crypto: chtls - remove cdev_list_lock (bsc#1136353 jsc#SLE-4688).
crypto: chtls - remove set but not used variables 'err, adap, request, hws' (bsc#1136353 jsc#SLE-4688).
crypto: crct10dif-generic - fix use via crypto_shash_digest() (bsc#1051510).
crypto: cryptd - Fix skcipher instance memory leak (bsc#1051510).
crypto: crypto4xx - fix a potential double free in ppc4xx_trng_probe (bsc#1051510).
crypto: crypto4xx - properly set IV after de- and encrypt (bsc#1051510).
crypto: fips - Grammar s/options/option/, s/to/the/ (bsc#1051510).
crypto: gcm - fix incompatibility between 'gcm' and 'gcm_base' (bsc#1051510).
crypto: ghash - fix unaligned memory access in ghash_setkey() (bsc#1051510).
crypto: pcbc - remove bogus memcpy()s with src == dest (bsc#1051510).
crypto: prefix header search paths with $(srctree)/ (bsc#1136353 jsc#SLE-4688).
crypto: sha256/arm - fix crash bug in Thumb2 build (bsc#1051510).
crypto: sha512/arm - fix crash bug in Thumb2 build (bsc#1051510).
crypto: skcipher - don't WARN on unprocessed data after slow walk step (bsc#1051510).
crypto: sun4i-ss - Fix invalid calculation of hash end (bsc#1051510).
crypto: talitos - Align SEC1 accesses to 32 bits boundaries (bsc#1051510).
crypto: talitos - HMAC SNOOP NO AFEU mode requires SW icv checking (bsc#1051510).
crypto: talitos - check data blocksize in ablkcipher (bsc#1051510).
crypto: talitos - fix CTR alg blocksize (bsc#1051510).
crypto: talitos - fix max key size for sha384 and sha512 (bsc#1051510).
crypto: talitos - properly handle split ICV (bsc#1051510).
crypto: talitos - reduce max key size for SEC1 (bsc#1051510).
crypto: talitos - rename alternative AEAD algos (bsc#1051510).
crypto: user - prevent operating on larval algorithms (bsc#1133401).
crypto: vmx - CTR: always increment IV as quadword (bsc#1051510).
crypto: vmx - fix copy-paste error in CTR mode (bsc#1051510).
crypto: vmx - ghash: do nosimd fallback manually (bsc#1135661, bsc#1137162).
crypto: vmx - ghash: do nosimd fallback manually (bsc#1135661, bsc#1137162).
crypto: vmx - return correct error code on failed setkey (bsc#1135661, bsc#1137162).
crypto: vmx - return correct error code on failed setkey (bsc#1135661, bsc#1137162).
crypto: x86/crct10dif-pcl - fix use via crypto_shash_digest() (bsc#1051510).
crypto: x86/poly1305 - fix overflow during partial reduction (bsc#1051510).
cxgb4/chtls: Prefix adapter flags with CXGB4 (bsc#1136345 jsc#SLE-4681).
cxgb4/cxgb4vf: Add support for SGE doorbell queue timer (bsc#1127371).
cxgb4/cxgb4vf: Display advertised FEC in ethtool (bsc#1136345 jsc#SLE-4681).
cxgb4/cxgb4vf: Fix mac_hlist initialization and free (bsc#1127374).
cxgb4/cxgb4vf: Fix up netdev hw_features (bsc#1136345 jsc#SLE-4681).
cxgb4/cxgb4vf: Link management changes (bsc#1127371).
cxgb4/cxgb4vf: Program hash region for {t4/t4vf}_change_mac() (bsc#1127371).
cxgb4/cxgb4vf_main: Mark expected switch fall-through (bsc#1136345 jsc#SLE-4681).
cxgb4: Add VF Link state support (bsc#1136345 jsc#SLE-4681).
cxgb4: Add capability to get/set SGE Doorbell Queue Timer Tick (bsc#1127371).
cxgb4: Add flag tc_flower_initialized (bsc#1127371).
cxgb4: Add new T5 pci device id 0x50ae (bsc#1127371).
cxgb4: Add new T5 pci device ids 0x50af and 0x50b0 (bsc#1127371).
cxgb4: Add new T6 pci device ids 0x608a (bsc#1127371).
cxgb4: Add new T6 pci device ids 0x608b (bsc#1136345 jsc#SLE-4681).
cxgb4: Add support for FW_ETH_TX_PKT_VM_WR (bsc#1127371).
cxgb4: Add support to read actual provisioned resources (bsc#1127371).
cxgb4: Added missing break in ndo_udp_tunnel_{add/del} (bsc#1127371).
cxgb4: Delete all hash and TCAM filters before resource cleanup (bsc#1136345 jsc#SLE-4681).
cxgb4: Do not return EAGAIN when TCAM is full (bsc#1136345 jsc#SLE-4681).
cxgb4: Enable hash filter with offload (bsc#1136345 jsc#SLE-4681).
cxgb4: Enable outer UDP checksum offload for T6 (bsc#1136345 jsc#SLE-4681).
cxgb4: Export sge_host_page_size to ulds (bsc#1127371).
cxgb4: Fix error path in cxgb4_init_module (bsc#1136345 jsc#SLE-4681).
cxgb4: Mask out interrupts that are not enabled (bsc#1127175).
cxgb4: Remove SGE_HOST_PAGE_SIZE dependency on page size (bsc#1127371).
cxgb4: Revert 'cxgb4: Remove SGE_HOST_PAGE_SIZE dependency on page size' (bsc#1136345 jsc#SLE-4681).
cxgb4: Support ethtool private flags (bsc#1127371).
cxgb4: TLS record offload enable (bsc#1136345 jsc#SLE-4681).
cxgb4: Update 1.23.3.0 as the latest firmware supported (bsc#1136345 jsc#SLE-4681).
cxgb4: add per rx-queue counter for packet errors (bsc#1127371).
cxgb4: add support to display DCB info (bsc#1127371).
cxgb4: add tcb flags and tcb rpl struct (bsc#1136345 jsc#SLE-4681).
cxgb4: collect ASIC LA dumps from ULP TX (bsc#1127371).
cxgb4: collect hardware queue descriptors (bsc#1127371).
cxgb4: collect number of free PSTRUCT page pointers (bsc#1127371).
cxgb4: convert flower table to use rhashtable (bsc#1127371).
cxgb4: cxgb4: use FW_PORT_ACTION_L1_CFG32 for 32 bit capability (bsc#1127371).
cxgb4: display number of rx and tx pages free (bsc#1127371).
cxgb4: do not return DUPLEX_UNKNOWN when link is down (bsc#1127371).
cxgb4: fix the error path of cxgb4_uld_register() (bsc#1127371).
cxgb4: free mac_hlist properly (bsc#1136345 jsc#SLE-4681).
cxgb4: impose mandatory VLAN usage when non-zero TAG ID (bsc#1127371).
cxgb4: kfree mhp after the debug print (bsc#1136345 jsc#SLE-4681).
cxgb4: move Tx/Rx free pages collection to common code (bsc#1127371).
cxgb4: offload VLAN flows regardless of VLAN ethtype (bsc#1136345 jsc#SLE-4681).
cxgb4: remove DEFINE_SIMPLE_DEBUGFS_FILE() (bsc#1136345 jsc#SLE-4681).
cxgb4: remove redundant assignment to vlan_cmd.dropnovlan_fm (bsc#1127371).
cxgb4: remove set but not used variables 'multitrc, speed' (bsc#1136345 jsc#SLE-4681).
cxgb4: remove the unneeded locks (bsc#1127371).
cxgb4: specify IQTYPE in fw_iq_cmd (bsc#1127371).
cxgb4: update supported DCB version (bsc#1127371).
cxgb4: use firmware API for validating filter spec (bsc#1136345 jsc#SLE-4681).
cxgb4: use new fw interface to get the VIN and smt index (bsc#1127371).
cxgb4vf: Call netif_carrier_off properly in pci_probe (bsc#1136347 jsc#SLE-4683).
cxgb4vf: Enter debugging mode if FW is inaccessible (bsc#1136347 jsc#SLE-4683).
cxgb4vf: Few more link management changes (bsc#1127374).
cxgb4vf: Prefix adapter flags with CXGB4VF (bsc#1136347 jsc#SLE-4683).
cxgb4vf: Revert force link up behaviour (bsc#1136347 jsc#SLE-4683).
cxgb4vf: Update port information in cxgb4vf_open() (bsc#1127374).
cxgb4vf: fix memleak in mac_hlist initialization (bsc#1127374).
cxgb4vf: free mac_hlist properly (bsc#1136345 jsc#SLE-4681).
dasd_fba: Display '00000000' for zero page when dumping sense (bsc#1123080).
dax: Fix xarray entry association for mixed mappings (bsc#1140893).
dccp: Fix memleak in __feat_register_sp (bsc#1051510).
debugfs: fix use-after-free on symlink traversal (bsc#1051510).
device core: Consolidate locking and unlocking of parent and device (bsc#1106383).
device_cgroup: fix RCU imbalance in error case (bsc#1051510).
devres: Align data[] to ARCH_KMALLOC_MINALIGN (bsc#1051510).
dm: disable DISCARD if the underlying storage no longer supports it (bsc#1114638).
dma-buf: Discard old fence_excl on retrying get_fences_rcu for realloc (bsc#1111666).
dma-direct: add support for allocation from ZONE_DMA and ZONE_DMA32 (jsc#SLE-6197 bsc#1140559 LTC#173150).
dma-direct: do not retry allocation for no-op GFP_DMA (jsc#SLE-6197 bsc#1140559 LTC#173150).
dma-direct: retry allocations using GFP_DMA for small masks (jsc#SLE-6197 bsc#1140559 LTC#173150).
dma-mapping: move dma_mark_clean to dma-direct.h (jsc#SLE-6197 bsc#1140559 LTC#173150).
dma-mapping: move swiotlb arch helpers to a new header (jsc#SLE-6197 bsc#1140559 LTC#173150).
dma-mapping: take dma_pfn_offset into account in dma_max_pfn (jsc#SLE-6197 bsc#1140559 LTC#173150).
dmaengine: at_xdmac: remove BUG_ON macro in tasklet (bsc#1111666).
dmaengine: axi-dmac: Don't check the number of frames for alignment (bsc#1051510).
dmaengine: hsu: Revert 'set HSU_CH_MTSR to memory width' (bsc#1051510).
dmaengine: imx-dma: fix warning comparison of distinct pointer types (bsc#1051510).
dmaengine: imx-sdma: remove BD_INTR for channel0 (bsc#1051510).
dmaengine: pl330: _stop: clear interrupt status (bsc#1111666).
dmaengine: qcom_hidma: assign channel cookie correctly (bsc#1051510).
dmaengine: sh: rcar-dmac: With cyclic DMA residue 0 is valid (bsc#1051510).
dmaengine: tegra210-adma: Fix crash during probe (bsc#1111666).
dmaengine: tegra210-adma: restore channel status (bsc#1111666).
dmaengine: tegra210-dma: free dma controller in remove() (bsc#1051510).
dmaengine: tegra: avoid overflow of byte tracking (bsc#1051510).
doc: Cope with the deprecation of AutoReporter (bsc#1051510).
documentation: Add MDS vulnerability documentation (bsc#1135642).
documentation: Add MDS vulnerability documentation (bsc#1135642).
documentation: Add MDS vulnerability documentation (bsc#1135642).
documentation: Add MDS vulnerability documentation (bsc#1135642).
documentation: DMA-API: fix a function name of max_mapping_size (bsc#1140954).
drbd: Avoid Clang warning about pointless switch statment (bsc#1051510).
drbd: disconnect, if the wrong UUIDs are attached on a connected peer (bsc#1051510).
drbd: narrow rcu_read_lock in drbd_sync_handshake (bsc#1051510).
drbd: skip spurious timeout (ping-timeo) when failing promote (bsc#1051510).
driver core: Establish order of operations for device_add and device_del via bitflag (bsc#1106383).
driver core: Probe devices asynchronously instead of the driver (bsc#1106383).
drivers/base/devres: introduce devm_release_action() (bsc#1103992 FATE#326009).
drivers/base: Introduce kill_device() (bsc#1139865).
drivers/base: kABI fixes for struct device_private (bsc#1106383).
drivers/rapidio/devices/rio_mport_cdev.c: fix resource leak in error handling path in 'rio_dma_transfer()' (bsc#1051510).
drivers/rapidio/rio_cm.c: fix potential oops in riocm_ch_listen() (bsc#1051510).
drivers: acpi: add dependency of EFI for arm64 (bsc#1117158).
drivers: depend on HAS_IOMEM for devm_platform_ioremap_resource() (bsc#1136333 jsc#SLE-4994).
drivers: fix a typo in the kernel doc for devm_platform_ioremap_resource() (bsc#1136333 jsc#SLE-4994).
drivers: hv: vmbus: Offload the handling of channels to two workqueues (bsc#1130567).
drivers: hv: vmbus: Reset the channel callback in vmbus_onoffer_rescind() (bsc#1130567).
drivers: provide devm_platform_ioremap_resource() (bsc#1136333 jsc#SLE-4994).
drivers: thermal: tsens: Don't print error message on -EPROBE_DEFER (bsc#1051510).
drm/amd/display: Fix Divide by 0 in memory calculations (bsc#1111666).
drm/amd/display: If one stream full updates, full update all planes (bsc#1111666).
drm/amd/display: Make some functions static (bsc#1111666).
drm/amd/display: Set stream mode_changed when connectors change (bsc#1111666).
drm/amd/display: Use plane color_space for dpp if specified (bsc#1111666).
drm/amd/display: extending AUX SW Timeout (bsc#1111666).
drm/amd/display: fix cursor black issue (bsc#1111666).
drm/amd/display: fix releasing planes when exiting odm (bsc#1111666).
drm/amd/powerplay: use hardware fan control if no powerplay fan table (bsc#1111666).
drm/amdgpu/gfx9: use reset default for PA_SC_FIFO_SIZE (bsc#1051510).
drm/amdgpu/gmc9: fix VM_L2_CNTL3 programming (bsc#1111666).
drm/amdgpu/psp: move psp version specific function pointers to early_init (bsc#1111666).
drm/amdgpu: fix old fence check in amdgpu_fence_emit (bsc#1051510).
drm/amdgpu: remove ATPX_DGPU_REQ_POWER_FOR_DISPLAYS check when hotplug-in (bsc#1111666).
drm/amdkfd: use init_mqd function to allocate object for hid_mqd (CI) (bsc#1111666).
drm/arm/hdlcd: Actually validate CRTC modes (bsc#1111666).
drm/arm/hdlcd: Allow a bit of clock tolerance (bsc#1051510).
drm/arm/mali-dp: Add a loop around the second set CVAL and try 5 times (bsc#1111666).
drm/atmel-hlcdc: revert shift by 8 (bsc#1111666).
drm/bridge: adv7511: Fix low refresh rate selection (bsc#1051510).
drm/doc: Drop 'content type' from the legacy kms property table (bsc#1111666).
drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers (bsc#1051510).
drm/drv: Hold ref on parent device during drm_device lifetime (bsc#1051510).
drm/edid: abstract override/firmware EDID retrieval (bsc#1111666).
drm/etnaviv: add missing failure path to destroy suballoc (bsc#1111666).
drm/etnaviv: lock MMU while dumping core (bsc#1113722)
drm/exynos/mixer: fix MIXER shadow registry synchronisation code (bsc#1111666).
drm/fb-helper: dpms_legacy(): Only set on connectors in use (bsc#1051510).
drm/fb-helper: generic: Call drm_client_add() after setup is done (bsc#1111666).
drm/fb-helper: generic: Don't take module ref for fbcon (bsc#1111666).
drm/gma500/cdv: Check vbt config bits when detecting lvds panels (bsc#1051510).
drm/i915/dmc: protect against reading random memory (bsc#1051510).
drm/i915/fbc: disable framebuffer compression on GeminiLake (bsc#1051510).
drm/i915/gvt: Add in context mmio 0x20D8 to gen9 mmio list (bsc#1113722)
drm/i915/gvt: Add in context mmio 0x20D8 to gen9 mmio list (bsc#1113956)
drm/i915/gvt: Annotate iomem usage (bsc#1051510).
drm/i915/gvt: Fix cmd length of VEB_DI_IECP (bsc#1113722)
drm/i915/gvt: Fix incorrect mask of mmio 0x22028 in gen8/9 mmio list (bnc#1113722)
drm/i915/gvt: Initialize intel_gvt_gtt_entry in stack (bsc#1111666).
drm/i915/gvt: Prevent use-after-free in ppgtt_free_all_spt() (bsc#1111666).
drm/i915/gvt: Roundup fb height into tile's height at calucation fb size (bsc#1111666).
drm/i915/gvt: Tiled Resources mmios are in-context mmios for gen9+ (bsc#1113722)
drm/i915/gvt: add 0x4dfc to gen9 save-restore list (bsc#1113722)
drm/i915/gvt: do not deliver a workload if its creation fails (bsc#1051510).
drm/i915/gvt: do not let TRTTE and 0x4dfc write passthrough to hardware (bsc#1051510).
drm/i915/gvt: do not let pin count of shadow mm go negative (bsc#1113722)
drm/i915/gvt: do not let pin count of shadow mm go negative (bsc#1113956)
drm/i915/gvt: ignore unexpected pvinfo write (bsc#1051510).
drm/i915/gvt: refine ggtt range validation (bsc#1113722)
drm/i915/icl: Add WaDisableBankHangMode (bsc#1111666).
drm/i915/icl: Whitelist GEN9_SLICE_COMMON_ECO_CHICKEN1 (bsc#1111666).
drm/i915/perf: fix whitelist on Gen10+ (bsc#1051510).
drm/i915/sdvo: Implement proper HDMI audio support for SDVO (bsc#1051510).
drm/i915: Disable LP3 watermarks on all SNB machines (bsc#1051510).
drm/i915: Disable tv output on i9x5gm (bsc#1086657, bsc#1133897).
drm/i915: Downgrade Gen9 Plane WM latency error (bsc#1051510).
drm/i915: Fix I915_EXEC_RING_MASK (bsc#1051510).
drm/i915: Force 2*96 MHz cdclk on glk/cnl when audio power is enabled (bsc#1111666).
drm/i915: Maintain consistent documentation subsection ordering (bsc#1111666).
drm/imx: don't skip DP channel disable for background plane (bsc#1051510).
drm/imx: notify drm core before sending event during crtc disable (bsc#1111666).
drm/imx: only send event on crtc disable if kept disabled (bsc#1111666).
drm/lease: Make sure implicit planes are leased (bsc#1111666).
drm/mediatek: Fix an error code in mtk_hdmi_dt_parse_pdata() (bsc#1113722)
drm/mediatek: Fix an error code in mtk_hdmi_dt_parse_pdata() (bsc#1113956)
drm/mediatek: call drm_atomic_helper_shutdown() when unbinding driver (bsc#1111666).
drm/mediatek: call mtk_dsi_stop() after mtk_drm_crtc_atomic_disable() (bsc#1111666).
drm/mediatek: clear num_pipes when unbind driver (bsc#1111666).
drm/mediatek: fix possible object reference leak (bsc#1051510).
drm/mediatek: fix unbind functions (bsc#1111666).
drm/mediatek: unbind components in mtk_drm_unbind() (bsc#1111666).
drm/meson: Add support for XBGR8888 ABGR8888 formats (bsc#1051510).
drm/meson: add size and alignment requirements for dumb buffers (bnc#1113722)
drm/msm/a3xx: remove TPL1 regs from snapshot (bsc#1051510).
drm/msm/mdp5: Fix mdp5_cfg_init error return (bsc#1111666).
drm/msm: a5xx: fix possible object reference leak (bsc#1111666).
drm/msm: fix fb references in async update (bsc#1111666).
drm/nouveau/bar/nv50: ensure BAR is mapped (bsc#1111666).
drm/nouveau/bar/tu104: initial support (bsc#1133593).
drm/nouveau/bar/tu106: initial support (bsc#1133593).
drm/nouveau/bios/tu104: initial support (bsc#1133593).
drm/nouveau/bios/tu106: initial support (bsc#1133593).
drm/nouveau/bios: translate additional memory types (bsc#1133593).
drm/nouveau/bios: translate usb-C connector type (bsc#1133593).
drm/nouveau/bus/tu104: initial support (bsc#1133593).
drm/nouveau/bus/tu106: initial support (bsc#1133593).
drm/nouveau/ce/tu104: initial support (bsc#1133593).
drm/nouveau/ce/tu106: initial support (bsc#1133593).
drm/nouveau/core: increase maximum number of nvdec instances to 3 (bsc#1133593).
drm/nouveau/core: recognise TU102 (bsc#1133593).
drm/nouveau/core: recognise TU104 (bsc#1133593).
drm/nouveau/core: recognise TU106 (bsc#1133593).
drm/nouveau/core: support multiple nvdec instances (bsc#1133593).
drm/nouveau/devinit/gm200-: export function to upload+execute PMU/PRE_OS (bsc#1133593).
drm/nouveau/devinit/tu104: initial support (bsc#1133593).
drm/nouveau/devinit/tu106: initial support (bsc#1133593).
drm/nouveau/disp/dp: respect sink limits when selecting failsafe link configuration (bsc#1051510).
drm/nouveau/disp/gm200-: add scdc parameter setter (bsc#1133593).
drm/nouveau/disp/gv100: fix name of window channels in debug output (bsc#1133593).
drm/nouveau/disp/tu104: initial support (bsc#1133593).
drm/nouveau/disp/tu106: initial support (bsc#1133593).
drm/nouveau/disp: add a way to configure scrambling/tmds for hdmi 2.0 (bsc#1133593).
drm/nouveau/disp: add support for setting scdc parameters for high modes (bsc#1133593).
drm/nouveau/disp: keep track of high-speed state, program into clock (bsc#1133593).
drm/nouveau/disp: take sink support into account for exposing 594mhz (bsc#1133593).
drm/nouveau/dma/tu104: initial support (bsc#1133593).
drm/nouveau/dma/tu106: initial support (bsc#1133593).
drm/nouveau/drm/nouveau: Do not forget to label dp_aux devices (bsc#1133593).
drm/nouveau/drm/nouveau: s/nouveau_backlight_exit/nouveau_backlight_fini/ (bsc#1133593).
drm/nouveau/drm/nouveau: tegra: Call nouveau_drm_device_init() (bsc#1133593).
drm/nouveau/fault/tu104: initial support (bsc#1133593).
drm/nouveau/fault/tu106: initial support (bsc#1133593).
drm/nouveau/fault: add explicit control over fault buffer interrupts (bsc#1133593).
drm/nouveau/fault: remove manual mapping of fault buffers into BAR2 (bsc#1133593).
drm/nouveau/fault: store get/put pri address in nvkm_fault_buffer (bsc#1133593).
drm/nouveau/fb/tu104: initial support (bsc#1133593).
drm/nouveau/fb/tu106: initial support (bsc#1133593).
drm/nouveau/fifo/gf100-: call into BAR to reset BARs after MMU fault (bsc#1133593).
drm/nouveau/fifo/gk104-: group pbdma functions together (bsc#1133593).
drm/nouveau/fifo/gk104-: return channel instance in ctor args (bsc#1133593).
drm/nouveau/fifo/gk104-: separate runlist building from committing to hw (bsc#1133593).
drm/nouveau/fifo/gk104-: support enabling privileged ce functions (bsc#1133593).
drm/nouveau/fifo/gk104-: virtualise pbdma enable function (bsc#1133593).
drm/nouveau/fifo/gm200-: read pbdma count more directly (bsc#1133593).
drm/nouveau/fifo/gv100: allocate method buffer (bsc#1133593).
drm/nouveau/fifo/gv100: return work submission token in channel ctor args (bsc#1133593).
drm/nouveau/fifo/tu104: initial support (bsc#1133593).
drm/nouveau/fifo/tu106: initial support (bsc#1133593).
drm/nouveau/fuse/tu104: initial support (bsc#1133593).
drm/nouveau/fuse/tu106: initial support (bsc#1133593).
drm/nouveau/gpio/tu104: initial support (bsc#1133593).
drm/nouveau/gpio/tu106: initial support (bsc#1133593).
drm/nouveau/i2c/tu104: initial support (bsc#1133593).
drm/nouveau/i2c/tu106: initial support (bsc#1133593).
drm/nouveau/i2c: Disable i2c bus access after fini() (bsc#1113722)
drm/nouveau/i2c: Enable i2c pads busses during preinit (bsc#1051510).
drm/nouveau/ibus/tu104: initial support (bsc#1133593).
drm/nouveau/ibus/tu106: initial support (bsc#1133593).
drm/nouveau/imem/nv50: support pinning objects in BAR2 and returning address (bsc#1133593).
drm/nouveau/imem/tu104: initial support (bsc#1133593).
drm/nouveau/imem/tu106: initial support (bsc#1133593).
drm/nouveau/kms/gf119-gp10x: push HeadSetControlOutputResource() mthd when encoders change (bsc#1111666).
drm/nouveau/kms/gv100-: fix spurious window immediate interlocks (bsc#1111666).
drm/nouveau/kms/nv50-: allow more flexibility with lut formats (bsc#1133593).
drm/nouveau/kms/tu104: initial support (bsc#1133593).
drm/nouveau/ltc/tu104: initial support (bsc#1133593).
drm/nouveau/ltc/tu106: initial support (bsc#1133593).
drm/nouveau/mc/tu104: initial support (bsc#1133593).
drm/nouveau/mc/tu106: initial support (bsc#1133593).
drm/nouveau/mmu/tu104: initial support (bsc#1133593).
drm/nouveau/mmu/tu106: initial support (bsc#1133593).
drm/nouveau/mmu: add more general vmm free/node handling functions (bsc#1133593).
drm/nouveau/pci/tu104: initial support (bsc#1133593).
drm/nouveau/pci/tu106: initial support (bsc#1133593).
drm/nouveau/pmu/tu104: initial support (bsc#1133593).
drm/nouveau/pmu/tu106: initial support (bsc#1133593).
drm/nouveau/therm/tu104: initial support (bsc#1133593).
drm/nouveau/therm/tu106: initial support (bsc#1133593).
drm/nouveau/tmr/tu104: initial support (bsc#1133593).
drm/nouveau/tmr/tu106: initial support (bsc#1133593).
drm/nouveau/top/tu104: initial support (bsc#1133593).
drm/nouveau/top/tu106: initial support (bsc#1133593).
drm/nouveau/volt/gf117: fix speedo readout register (bsc#1051510).
drm/nouveau: Add NV_PRINTK_ONCE and variants (bsc#1133593).
drm/nouveau: Add size to vbios.rom file in debugfs (bsc#1133593).
drm/nouveau: Add strap_peek to debugfs (bsc#1133593).
drm/nouveau: Cleanup indenting in nouveau_backlight.c (bsc#1133593).
drm/nouveau: Fix potential memory leak in nouveau_drm_load() (bsc#1133593).
drm/nouveau: Move backlight device into nouveau_connector (bsc#1133593).
drm/nouveau: Refactor nvXX_backlight_init() (bsc#1133593).
drm/nouveau: Remove unecessary dma_fence_ops (bsc#1133593).
drm/nouveau: Start using new drm_dev initialization helpers (bsc#1133593).
drm/nouveau: Stop using drm_crtc_force_disable (bsc#1051510).
drm/nouveau: add DisplayPort CEC-Tunneling-over-AUX support (bsc#1133593).
drm/nouveau: register backlight on pascal and newer (bsc#1133593).
drm/nouveau: remove left-over struct member (bsc#1133593).
drm/omap: dsi: Fix PM for display blank with paired dss_pll calls (bsc#1111666).
drm/omap: hdmi4_cec: Fix CEC clock handling for PM (bsc#1111666).
drm/panel: otm8009a: Add delay at the end of initialization (bsc#1111666).
drm/panel: panel-innolux: set display off in innolux_panel_unprepare (bsc#1111666).
drm/pl111: Initialize clock spinlock early (bsc#1111666).
drm/pl111: fix possible object reference leak (bsc#1111666).
drm/radeon/evergreen_cs: fix missing break in switch statement (bsc#1113722)
drm/radeon: prefer lower reference dividers (bsc#1051510).
drm/rockchip: Properly adjust to a true clock in adjusted_mode (bsc#1051510).
drm/rockchip: fix for mailbox read validation (bsc#1051510).
drm/rockchip: fix for mailbox read validation (bsc#1111666).
drm/rockchip: shutdown drm subsystem on shutdown (bsc#1051510).
drm/rockchip: vop: reset scale mode when win is disabled (bsc#1113722)
drm/sun4i: Add missing drm_atomic_helper_shutdown at driver unbind (bsc#1113722)
drm/sun4i: Fix component unbinding and component master deletion (bsc#1113722)
drm/sun4i: Fix sun8i HDMI PHY clock initialization (bsc#1111666).
drm/sun4i: Fix sun8i HDMI PHY configuration for 148.5 MHz (bsc#1111666).
drm/sun4i: Set device driver data at bind time for use in unbind (bsc#1113722)
drm/sun4i: Unbind components before releasing DRM and memory (bsc#1113722)
drm/sun4i: dsi: Change the start delay calculation (bsc#1111666).
drm/sun4i: dsi: Enforce boundaries on the start delay (bsc#1111666).
drm/sun4i: rgb: Change the pixel clock validation check (bnc#1113722)
drm/sun4i: tcon top: Fix NULL/invalid pointer dereference in sun8i_tcon_top_un/bind (bsc#1111666).
drm/tegra: gem: Fix CPU-cache maintenance for BO's allocated using get_pages() (bsc#1111666).
drm/tegra: hub: Fix dereference before check (bsc#1111666).
drm/ttm: Fix bo_global and mem_global kfree error (bsc#1111666).
drm/ttm: Remove warning about inconsistent mapping information (bnc#1131488)
drm/ttm: fix out-of-bounds read in ttm_put_pages() v2 (bsc#1111666).
drm/udl: Replace drm_dev_unref with drm_dev_put (bsc#1111666).
drm/udl: add a release method and delay modeset teardown (bsc#1085536)
drm/udl: introduce a macro to convert dev to udl (bsc#1111666).
drm/udl: move to embedding drm device inside udl device (bsc#1111666).
drm/v3d: Handle errors from IRQ setup (bsc#1111666).
drm/vc4: Fix memory leak during gpu reset. (bsc#1113722)
drm/vc4: fix fb references in async update (bsc#1141312).
drm/vmwgfx: Don't send drm sysfs hotplug events on initial master set (bsc#1051510).
drm/vmwgfx: Honor the sg list segment size limitation (bsc#1111666).
drm/vmwgfx: NULL pointer dereference from vmw_cmd_dx_view_define() (bsc#1113722)
drm/vmwgfx: Remove set but not used variable 'restart' (bsc#1111666).
drm/vmwgfx: Use the backdoor port if the HB port is not available (bsc#1111666).
drm/vmwgfx: fix a warning due to missing dma_parms (bsc#1111666).
drm/vmwgfx: integer underflow in vmw_cmd_dx_set_shader() leading to an invalid read (bsc#1051510).
drm: Auto-set allow_fb_modifiers when given modifiers at plane init (bsc#1051510).
drm: Fix drm_release() and device unplug (bsc#1111666).
drm: Wake up next in drm_read() chain if we are forced to putback the event (bsc#1051510).
drm: add fallback override/firmware EDID modes workaround (bsc#1111666).
drm: add non-desktop quirk for Valve HMDs (bsc#1111666).
drm: add non-desktop quirks to Sensics and OSVR headsets (bsc#1111666).
drm: bridge: dw-hdmi: Fix overflow workaround for Rockchip SoCs (bsc#1113722)
drm: don't block fb changes for async plane updates (bsc#1111666).
drm: etnaviv: avoid DMA API warning when importing buffers (bsc#1111666).
drm: panel-orientation-quirks: Add quirk for GPD MicroPC (bsc#1111666).
drm: panel-orientation-quirks: Add quirk for GPD pocket2 (bsc#1111666).
drm: rcar-du: Fix rcar_du_crtc structure documentation (bsc#1111666).
drm: return -EFAULT if copy_to_user() fails (bsc#1111666).
drm_dp_cec: add note about good MegaChips 2900 CEC support (bsc#1136978).
drm_dp_cec: check that aux has a transfer function (bsc#1136978).
dt-bindings: clock: r8a7795: Remove CSIREF clock (bsc#1120902).
dt-bindings: clock: r8a7796: Remove CSIREF clock (bsc#1120902).
dt-bindings: net: Add binding for the external clock for TI WiLink (bsc#1085535).
dt-bindings: net: Fix a typo in the phy-mode list for ethernet bindings (bsc#1129770).
dt-bindings: rtc: sun6i-rtc: Fix register range in example (bsc#1120902).
dwc2: gadget: Fix completed transfer size calculation in DDMA (bsc#1051510).
e1000e: Fix -Wformat-truncation warnings (bsc#1051510).
e1000e: fix cyclic resets at link up with active tx (bsc#1051510).
e1000e: start network tx queue only when link is up (bsc#1051510).
efi/arm: Defer persistent reservations until after paging_init() (bsc#1117158).
efi/arm: Do not mark acpi reclaim memory as MEMBLOCK_NOMAP (bsc#1117158 bsc#1115688 bsc#1120566).
efi/arm: Do not mark acpi reclaim memory as MEMBLOCK_NOMAP (bsc#1117158 bsc#1115688 bsc#1120566).
efi/arm: Do not mark acpi reclaim memory as MEMBLOCK_NOMAP (bsc#1117158 bsc#1115688 bsc#1120566).
efi/arm: Revert 'Defer persistent reservations until after paging_init()' (bsc#1117158).
efi/arm: Revert deferred unmap of early memmap mapping (bsc#1117158).
efi/arm: libstub: add a root memreserve config table (bsc#1117158).
efi/arm: map UEFI memory map even w/o runtime services enabled (bsc#1117158).
efi/arm: preserve early mapping of UEFI memory map longer for BGRT (bsc#1117158).
efi: Permit calling efi_mem_reserve_persistent() from atomic context (bsc#1117158).
efi: Permit multiple entries in persistent memreserve data structure (bsc#1117158).
efi: Prevent GICv3 WARN() by mapping the memreserve table before first use (bsc#1117158).
efi: Reduce the amount of memblock reservations for persistent allocations (bsc#1117158).
efi: add API to reserve memory persistently across kexec reboot (bsc#1117158).
efi: honour memory reservations passed via a linux specific config table (bsc#1117158).
ext4: Do not warn when enabling DAX (bsc#1132894).
ext4: actually request zeroing of inode table after grow (bsc#1135315).
ext4: avoid panic during forced reboot due to aborted journal (bsc#1126356).
ext4: cleanup bh release code in ext4_ind_remove_space() (bsc#1131851).
ext4: cleanup bh release code in ext4_ind_remove_space() (bsc#1131851).
ext4: do not delete unlinked inode from orphan list on failed truncate (bsc#1140891).
ext4: fix data corruption caused by overlapping unaligned and aligned IO (bsc#1136428).
ext4: fix ext4_show_options for file systems w/o journal (bsc#1135316).
ext4: fix use-after-free race with debug_want_extra_isize (bsc#1135314).
ext4: make sanity check in mballoc more strict (bsc#1136439).
ext4: wait for outstanding dio during truncate in nojournal mode (bsc#1136438).
extcon: arizona: Disable mic detect if running when driver is removed (bsc#1051510).
failover: allow name change on IFF_UP slave interfaces (bsc#1109837).
fbdev: fbmem: fix memory access if logo is bigger than the screen (bsc#1051510).
fbdev: fix WARNING in __alloc_pages_nodemask bug (bsc#1113722)
fbdev: fix divide error in fb_var_to_videomode (bsc#1113722)
firmware: efi: factor out mem_reserve (bsc#1117158 bsc#1134671).
firmware: efi: factor out mem_reserve (bsc#1117158 bsc#1134671).
fix cgroup_do_mount() handling of failure exits (bsc#1133095).
fm10k: Fix a potential NULL pointer dereference (bsc#1051510).
fork, memcg: fix cached_stacks case (bsc#1134097).
fork, memcg: fix crash in free_thread_stack on memcg charge fail (bsc#1134097).
fs/ocfs2: fix race in ocfs2_dentry_attach_lock() (bsc#1140889).
fs/proc/proc_sysctl.c: Fix a NULL pointer dereference (bsc#1140887).
fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links (bsc#1140887).
fs/sync.c: sync_file_range(2) may use WB_SYNC_ALL writeback (bsc#1136432).
fs/writeback.c: use rcu_barrier() to wait for inflight wb switches going into workqueue when umount (bsc#1136435).
fs: avoid fdput() after failed fdget() in vfs_dedupe_file_range() (bsc#1132384, bsc#1132219).
fs: avoid fdput() after failed fdget() in vfs_dedupe_file_range() (bsc#1132384, bsc#1132219).
fs: hugetlbfs: fix hwpoison reserve accounting (bsc#1139712)
ftrace/x86: Remove possible deadlock between register_kprobe() and ftrace_run_update_code() (bsc#1071995 fate#323487).
ftrace/x86_64: Emulate call function while updating in breakpoint handler (bsc#1099658).
fuse: fallocate: fix return with locked inode (bsc#1051510).
fuse: fix writepages on 32bit (bsc#1051510).
fuse: honor RLIMIT_FSIZE in fuse_file_fallocate (bsc#1051510).
futex: Cure exit race (bsc#1050549).
futex: Ensure that futex address is aligned in handle_futex_death() (bsc#1050549).
futex: Handle early deadlock return correctly (bsc#1050549).
genirq: Prevent use-after-free and work list corruption (bsc#1051510).
genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent() (bsc#1051510).
genwqe: Prevent an integer overflow in the ioctl (bsc#1051510).
ghes, EDAC: Fix ghes_edac registration (bsc#1133176).
gpio: Remove obsolete comment about gpiochip_free_hogs() usage (bsc#1051510).
gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input (bsc#1051510).
gpio: aspeed: fix a potential NULL pointer dereference (bsc#1051510).
gpio: fix gpio-adp5588 build errors (bsc#1051510).
gpio: gpio-omap: fix level interrupt idling (bsc#1051510).
gpio: of: Fix of_gpiochip_add() error path (bsc#1051510).
gpio: omap: fix lack of irqstatus_raw0 for OMAP4 (bsc#1051510).
gpu: ipu-v3: dp: fix CSC handling (bsc#1051510).
gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM (bsc#1111666).
hid: i2c-hid: Ignore input report if there's no data present on Elan touchpanels (bsc#1133486).
hid: input: fix a4tech horizontal wheel custom usage (bsc#1137429).
hwmon: (core) add thermal sensors only if dev of_node is present (bsc#1051510).
hwmon: (f71805f) Use request_muxed_region for Super-IO accesses (bsc#1051510).
hwmon: (pc87427) Use request_muxed_region for Super-IO accesses (bsc#1051510).
hwmon: (pmbus/core) Treat parameters as paged if on multiple pages (bsc#1051510).
hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses (bsc#1051510).
hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses (bsc#1051510).
hwmon: (vt1211) Use request_muxed_region for Super-IO accesses (bsc#1051510).
hwmon: (w83627hf) Use request_muxed_region for Super-IO accesses (bsc#1051510).
hwrng: omap - Set default quality (bsc#1051510).
hwrng: virtio - Avoid repeated init of completion (bsc#1051510).
i2c: Make i2c_unregister_device() NULL-aware (bsc#1108193).
i2c: Make i2c_unregister_device() NULL-aware (bsc#1133311).
i2c: Make i2c_unregister_device() NULL-aware (bsc#1133311).
i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr (bsc#1051510).
i2c: imx: correct the method of getting private data in notifier_call (bsc#1111666).
i2c: mlxcpld: Add support for extended transaction length for i2c-mlxcpld (bsc#1112374).
i2c: mlxcpld: Add support for smbus block read transaction (bsc#1112374).
i2c: mlxcpld: Allow configurable adapter id for mlxcpld (bsc#1112374).
i2c: mlxcpld: Fix adapter functionality support callback (bsc#1112374).
i2c: mlxcpld: Fix wrong initialization order in probe (bsc#1112374).
i2c: mux: mlxcpld: simplify code to reach the adapter (bsc#1112374).
i2c: synquacer: fix enumeration of slave devices (bsc#1111666).
i2c: synquacer: fix synquacer_i2c_doxfer() return value (bsc#1111666).
ib/hw: Remove unneeded semicolons (bsc#1136456 jsc#SLE-4689).
ibmveth: Update ethtool settings to reflect virtual properties (bsc#1136157, LTC#177197).
ibmvnic: Add device identification to requested IRQs (bsc#1137739).
ibmvnic: Do not close unopened driver during reset (bsc#1137752).
ibmvnic: Enable GRO (bsc#1132227).
ibmvnic: Fix completion structure initialization (bsc#1131659).
ibmvnic: Fix netdev feature clobbering during a reset (bsc#1132227).
ibmvnic: Fix unchecked return codes of memory allocations (bsc#1137752).
ibmvnic: Refresh device multicast list after reset (bsc#1137752).
ibmvnic: remove set but not used variable 'netdev' (bsc#1137739).
idr: fix overflow case for idr_for_each_entry_ul() (bsc#1109837).
iio/gyro/bmg160: Use millidegrees for temperature scale (bsc#1051510).
iio: Fix scan mask selection (bsc#1051510).
iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion (bsc#1051510).
iio: ad_sigma_delta: select channel when reading register (bsc#1051510).
iio: adc: at91: disable adc channel interrupt in timeout case (bsc#1051510).
iio: adc: fix warning in Qualcomm PM8xxx HK/XOADC driver (bsc#1051510).
iio: adc: xilinx: fix potential use-after-free on remove (bsc#1051510).
iio: common: ssp_sensors: Initialize calculated_time in ssp_common_process_data (bsc#1051510).
iio: core: fix a possible circular locking dependency (bsc#1051510).
iio: cros_ec: Fix the maths for gyro scale calculation (bsc#1051510).
iio: dac: mcp4725: add missing powerdown bits in store eeprom (bsc#1051510).
iio: gyro: mpu3050: fix chip ID reading (bsc#1051510).
iio: hmc5843: fix potential NULL pointer dereferences (bsc#1051510).
include/linux/bitops.h: introduce BITS_PER_TYPE (bsc#1136345 jsc#SLE-4681).
indirect call wrappers: helpers to speed-up indirect calls of builtin (bsc#1124503).
infiniband/qedr: Potential null ptr dereference of qp (bsc#1136456 jsc#SLE-4689).
intel_th: msu: Fix single mode with IOMMU (bsc#1051510).
intel_th: msu: Fix single mode with disabled IOMMU (bsc#1051510).
intel_th: pci: Add Comet Lake support (bsc#1051510).
io: accel: kxcjk1013: restore the range after resume (bsc#1051510).
iommu-helper: mark iommu_is_span_boundary as inline (jsc#SLE-6197 bsc#1140559 LTC#173150).
iommu/amd: Make iommu_disable safer (bsc#1140955).
iommu/amd: Set exclusion range correctly (bsc#1130425).
iommu/arm-smmu-v3: Abort all transactions if SMMU is enabled in kdump kernel (bsc#1117158).
iommu/arm-smmu-v3: Do not disable SMMU in kdump kernel (bsc#1117158 bsc#1134671).
iommu/arm-smmu-v3: Do not disable SMMU in kdump kernel (bsc#1117158 bsc#1134671).
iommu/arm-smmu-v3: Fix big-endian CMD_SYNC writes (bsc#1111666).
iommu/arm-smmu-v3: Use explicit mb() when moving cons pointer (bsc#1051510).
iommu/arm-smmu-v3: sync the OVACKFLG to PRIQ consumer register (bsc#1051510).
iommu/arm-smmu: Add support for qcom,smmu-v2 variant (bsc#1051510).
iommu/arm-smmu: Avoid constant zero in TLBI writes (bsc#1140956).
iommu/vt-d: Do not request page request irq under dmar_global_lock (bsc#1135006).
iommu/vt-d: Duplicate iommu_resv_region objects per device list (bsc#1140959).
iommu/vt-d: Handle PCI bridge RMRR device scopes in intel_iommu_get_resv_regions (bsc#1140960).
iommu/vt-d: Handle RMRR with PCI bridge device scopes (bsc#1140961).
iommu/vt-d: Introduce is_downstream_to_pci_bridge helper (bsc#1140962).
iommu/vt-d: Make kernel parameter igfx_off work with vIOMMU (bsc#1135007).
iommu/vt-d: Remove unnecessary rcu_read_locks (bsc#1140964).
iommu/vt-d: Set intel_iommu_gfx_mapped correctly (bsc#1135008).
iommu: Fix a leak in iommu_insert_resv_region (bsc#1140957).
iommu: Use right function to get group for device (bsc#1140958).
iov_iter: Fix build error without CONFIG_CRYPTO (bsc#1111666).
ipconfig: Correctly initialise ic_nameservers (bsc#1051510).
ipmi: Fix I2C client removal in the SSIF driver (bsc#1108193).
ipmi: Prevent use-after-free in deliver_response (bsc#1111666).
ipmi: fix sleep-in-atomic in free_user at cleanup SRCU user release_barrier (bsc#1111666).
ipmi:ssif: compare block number correctly for multi-part return messages (bsc#1051510).
ipmi_ssif: Remove duplicate NULL check (bsc#1108193).
ipv6: fib: Do not assume only nodes hold a reference on routes (bsc#1138732).
ipvlan: Add the skb mark as flow4's member to lookup route (bsc#1051510).
ipvlan: fix ipv6 outbound device (bsc#1051510).
ipvlan: use ETH_MAX_MTU as max mtu (bsc#1051510).
ipvs: Fix signed integer overflow when setsockopt timeout (bsc#1051510).
ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest() (bsc#1051510).
irqchip/gic-v3-its: fix some definitions of inner cacheability attributes (bsc#1051510).
irqchip/mbigen: Don't clear eventid when freeing an MSI (bsc#1051510).
iw_cxgb*: kzalloc the iwcm verbs struct (bsc#1136348 jsc#SLE-4684).
iw_cxgb4: Check for send WR also while posting write with completion WR (bsc#1136348 jsc#SLE-4684).
iw_cxgb4: Fix qpid leak (bsc#1136348 jsc#SLE-4684).
iw_cxgb4: Make function read_tcb() static (bsc#1136348 jsc#SLE-4684).
iw_cxgb4: complete the cached SRQ buffers (bsc#1136348 jsc#SLE-4684).
iw_cxgb4: cq/qp mask depends on bar2 pages in a host page (bsc#1127371).
iw_cxgb4: fix srqidx leak during connection abort (bsc#1136348 jsc#SLE-4684).
iw_cxgb4: only allow 1 flush on user qps (bsc#1051510).
iw_cxgb4: use listening ep tos when accepting new connections (bsc#1136348 jsc#SLE-4684).
iw_cxgb4: use tos when finding ipv6 routes (bsc#1136348 jsc#SLE-4684).
iw_cxgb4: use tos when importing the endpoint (bsc#1136348 jsc#SLE-4684).
iwiwifi: fix bad monitor buffer register addresses (bsc#1129770).
iwlwifi: Fix double-free problems in iwl_req_fw_callback() (bsc#1111666).
iwlwifi: correct one of the PCI struct names (bsc#1111666).
iwlwifi: don't WARN when calling iwl_get_shared_mem_conf with RF-Kill (bsc#1111666).
iwlwifi: fix RF-Kill interrupt while FW load for gen2 devices (bsc#1111666).
iwlwifi: fix cfg structs for 22000 with different RF modules (bsc#1111666).
iwlwifi: fix devices with PCI Device ID 0x34F0 and 11ac RF modules (bsc#1111666).
iwlwifi: fix driver operation for 5350 (bsc#1111666).
iwlwifi: fix send hcmd timeout recovery flow (bsc#1129770).
iwlwifi: mvm: Drop large non sta frames (bsc#1111666).
iwlwifi: mvm: check for length correctness in iwl_mvm_create_skb() (bsc#1051510).
iwlwifi: pcie: don't crash on invalid RX interrupt (bsc#1051510).
iwlwifi: pcie: don't service an interrupt that was masked (bsc#1111666).
iwlwifi: pcie: fix ALIVE interrupt handling for gen2 devices w/o MSI-X (bsc#1111666).
ixgbe: Avoid NULL pointer dereference with VF on non-IPsec hw (bsc#1140228).
jbd2: check superblock mapped prior to committing (bsc#1136430).
kABI fix for hda_codec.relaxed_resume flag (bsc#1111666).
kABI workaround for asus-wmi changes (bsc#1051510).
kABI workaround for removed usb_interface.pm_usage_cnt field (bsc#1051510).
kABI workaround for snd_seq_kernel_client_enqueue() API changes (bsc#1051510).
kABI workaround for the new pci_dev.skip_bus_pm field addition (bsc#1051510).
kABI: protect functions using struct net_generic (bsc#1129845 LTC#176252).
kABI: protect struct smc_ib_device (bsc#1129845 LTC#176252).
kABI: protect struct smcd_dev (bsc#1129845 LTC#176252).
kabi fixup blk_mq_register_dev() (bsc#1140637).
kabi protect struct iw_cm_id (bsc#1136348 jsc#SLE-4684).
kabi protect struct vf_info (bsc#1136347 jsc#SLE-4683).
kabi/severities: exclude hns3 symbols (bsc#1134948)
kabi/severities: exclude qed* symbols (bsc#1136461)
kabi/severities: exclude qed* symbols (bsc#1136461)
kabi: Fix lost iommu-helper symbols on arm64 (jsc#SLE-6197 bsc#1140559 LTC#173150).
kabi: drop LINUX_Mib_TCPWQUEUETOOBIG snmp counter (bsc#1137586).
kabi: implement map_lookup_elem_sys_only in another way (bsc#1083647).
kabi: mask changes made by basic protected virtualization support (jsc#SLE-6197 bsc#1140559 LTC#173150).
kabi: mask changes made by swiotlb for protected virtualization (jsc#SLE-6197 bsc#1140559 LTC#173150).
kabi: mask changes made by use of DMA memory for adapter interrupts (jsc#SLE-6197 bsc#1140559 LTC#173150).
kabi: move sysctl_tcp_min_snd_mss to preserve struct net layout (bsc#1137586).
kabi: remove unused hcall definition (bsc#1140322 LTC#176270).
kabi: s390: enum interruption_class (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388).
kabi: s390: enum interruption_class (jsc#SLE-5789 bsc#1134730 LTC#173388).
kbuild: strip whitespace in cmd_record_mcount findstring (bsc#1065729).
kbuild: use -flive-patching when CONFIG_LIVEPATCH is enabled (bsc#1071995 fate#323487).
kcm: switch order of device registration to fix a crash (bnc#1130527).
kernel/padata.c: Make RT aware (SLE Realtime Extension (bnc#1135344)).
kernel/padata.c: Make RT aware (SLE Realtime Extension (bnc#1135344)).
kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv (bsc#1051510).
kernel/sysctl.c: fix out-of-bounds access when setting file-max (bsc#1051510).
kernel: jump label transformation performance (bsc#1137534 bsc#1137535 LTC#178058 LTC#178059).
kernel: jump label transformation performance (bsc#1137534 bsc#1137535 LTC#178058 LTC#178059).
kernfs: do not set dentry d_fsdata (boo#1133115).
keys: safe concurrent user {session,uid}_keyring access (bsc#1135642).
keys: safe concurrent user {session,uid}_keyring access (bsc#1135642).
keys: safe concurrent user {session,uid}_keyring access (bsc#1135642).
keys: safe concurrent user {session,uid}_keyring access (bsc#1135642).
kmsg: Update message catalog to latest ibM level (2019/03/08) (bsc#1128904 LTC#176078).
kvm/mmu: kABI fix for *_mmu_pages changes in struct kvm_arch (bsc#1135335).
kvm: Call kvm_arch_memslots_updated() before updating memslots (bsc#1132563).
kvm: Fix UAF in nested posted interrupt processing (bsc#1134199).
kvm: Fix kABI for AMD SMAP Errata workaround (bsc#1133149).
kvm: SVM: Fix detection of AMD Errata 1096 (bsc#1142354).
kvm: SVM: Workaround errata#1096 (insn_len maybe zero on SMAP violation) (bsc#1133149).
kvm: VMX: Compare only a single byte for VMCS' 'launched' in vCPU-run (bsc#1132555).
kvm: VMX: Zero out *all* general purpose registers after VM-Exit (bsc#1134202).
kvm: arm/arm64: vgic-its: Take the srcu lock when parsing the memslots (bsc#1133021).
kvm: arm/arm64: vgic-its: Take the srcu lock when writing to guest memory (bsc#1133021).
kvm: mmu: Fix overflow on kvm mmu page limit calculation (bsc#1135335).
kvm: nVMX: Apply addr size mask to effective address for VMX instructions (bsc#1132561).
kvm: nVMX: Clear reserved bits of #DB exit qualification (bsc#1134200).
kvm: nVMX: Ignore limit checks on VMX instructions using flat segments (bsc#1132564).
kvm: nVMX: Sign extend displacements of VMX instr's mem operands (bsc#1132562).
kvm: nVMX: restore host state in nested_vmx_vmexit for VMFail (bsc#1134201).
kvm: polling: add architecture backend to disable polling (bsc#1119222).
kvm: s390: change default halt poll time to 50us (bsc#1119222).
kvm: s390: enable CONFIG_HAVE_kvm_NO_POLL (bsc#1119222) We need to enable CONFIG_HAVE_kvm_NO_POLL for bsc#1119222
kvm: s390: fix memory overwrites when not using SCA entries (bsc#1136206).
kvm: s390: fix typo in parameter description (bsc#1119222).
kvm: s390: kABI Workaround for 'lowcore' (bsc#1119222).
kvm: s390: provide io interrupt kvm_stat (bsc#1136206).
kvm: s390: provide kvm_arch_no_poll function (bsc#1119222).
kvm: s390: use created_vcpus in more places (bsc#1136206).
kvm: s390: vsie: fix 8k check for the itdba (bsc#1136206).
kvm: svm/avic: fix off-by-one in checking host APIC ID (bsc#1140971).
kvm: x86/mmu: Detect MMIO generation wrap in any address space (bsc#1132570).
kvm: x86/mmu: Do not cache MMIO accesses while memslots are in flux (bsc#1132571).
kvm: x86: Always use 32-bit SMRAM save state for 32-bit kernels (bsc#1134203).
kvm: x86: Do not clear EFER during SMM transitions for 32-bit vCPU (bsc#1134204).
kvm: x86: Include CPUID leaf 0x8000001e in kvm's supported CPUID (bsc#1114279).
kvm: x86: Include multiple indices with CPUID leaf 0x8000001d (bsc#1114279).
kvm: x86: Report STibP on GET_SUPPORTED_CPUID (bsc#1111331).
kvm: x86: Skip EFER vs. guest CPUID checks for host-initiated writes (bsc#1140972).
kvm: x86: fix return value for reserved EFER (bsc#1140992).
kvm: x86: svm: make sure NMI is injected after nmi_singlestep (bsc#1134205).
l2tp: cleanup l2tp_tunnel_delete calls (bsc#1051510).
l2tp: revert 'l2tp: fix missing print session offset info' (bsc#1051510).
leds: avoid flush_work in atomic context (bsc#1051510).
leds: avoid races with workqueue (bsc#1051510).
leds: pwm: silently error out on EPROBE_DEFER (bsc#1051510).
lib/bitmap.c: make bitmap_parselist() thread-safe and much faster (bsc#1143507).
lib/scatterlist: Fix mapping iterator when sg offset is greater than PAGE_SIZE (bsc#1051510).
lib: add crc64 calculation routines (bsc#1130972).
lib: add crc64 calculation routines (bsc#1130972).
lib: do not depend on linux headers being installed (bsc#1130972).
lib: do not depend on linux headers being installed (bsc#1130972).
lib: fix stall in __bitmap_parselist() (bsc#1051510).
libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk (bsc#1051510).
libata: fix using DMA buffers on stack (bsc#1051510).
libceph, rbd, ceph: move ceph_osdc_alloc_messages() calls (bsc#1135897).
libceph, rbd: add error handling for osd_req_op_cls_init() (bsc#1135897). This feature was requested for SLE15 but aws reverted in packaging and master.
libceph: assign cookies in linger_submit() (bsc#1135897).
libceph: check reply num_data_items in setup_request_data() (bsc#1135897).
libceph: do not consume a ref on pagelist in ceph_msg_data_add_pagelist() (bsc#1135897).
libceph: enable fallback to ceph_msg_new() in ceph_msgpool_get() (bsc#1135897).
libceph: introduce alloc_watch_request() (bsc#1135897).
libceph: introduce ceph_pagelist_alloc() (bsc#1135897).
libceph: preallocate message data items (bsc#1135897).
libcxgb: fix incorrect ppmax calculation (bsc#1136345 jsc#SLE-4681).
libnvdimm, pfn: Fix over-trim in trim_pfn_device() (bsc#1140719).
libnvdimm/bus: Prevent duplicate device_unregister() calls (bsc#1139865).
libnvdimm/namespace: Fix label tracking error (bsc#1142350).
libnvdimm/region: Register badblocks before namespaces (bsc#1143209).
lightnvm: if LUNs are already allocated fix return (bsc#1085535).
linux/kernel.h: Use parentheses around argument in u64_to_user_ptr() (bsc#1051510).
livepatch: Convert error about unsupported reliable stacktrace into a warning (bsc#1071995).
livepatch: Remove custom kobject state handling (bsc#1071995).
livepatch: Remove duplicate warning about missing reliable stacktrace support (bsc#1071995 fate#323487).
livepatch: Remove duplicated code for early initialization (bsc#1071995).
livepatch: Use static buffer for debugging messages under rq lock (bsc#1071995 fate#323487).
lpfc: validate command in lpfc_sli4_scmd_to_wqidx_distr() (bsc#1129138).
mISDN: Check address length before reading address family (bsc#1051510).
mISDN: make sure device name is NUL terminated (bsc#1051510).
mac80211/cfg80211: update bss channel on channel switch (bsc#1051510).
mac80211: Do not use stack memory with scatterlist for GMAC (bsc#1051510).
mac80211: Fix kernel panic due to use of txq after free (bsc#1051510).
mac80211: Honor SW_CRYPTO_CONTROL for unicast keys in AP VLAN mode (bsc#1111666).
mac80211: do not call driver wake_tx_queue op during reconfig (bsc#1051510).
mac80211: do not start any work during reconfigure flow (bsc#1111666).
mac80211: don't attempt to rename ERR_PTR() debugfs dirs (bsc#1111666).
mac80211: drop robust management frames from unknown TA (bsc#1051510).
mac80211: fix memory accounting with A-MSDU aggregation (bsc#1051510).
mac80211: fix rate reporting inside cfg80211_calculate_bitrate_he() (bsc#1111666).
mac80211: fix unaligned access in mesh table hash function (bsc#1051510).
mac80211: free peer keys before vif down in mesh (bsc#1111666).
mac80211: handle deauthentication/disassociation from TDLS peer (bsc#1051510).
mac80211: mesh: fix RCU warning (bsc#1111666).
mac80211: only warn once on chanctx_conf being NULL (bsc#1111666).
mac8390: Fix mmio access size probe (bsc#1051510).
md: batch flush requests (bsc#1119680).
media: atmel: atmel-isc: fix INIT_WORK misplacement (bsc#1051510).
media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable() (bsc#1051510).
media: au0828: stop video streaming only when last user stops (bsc#1051510).
media: coda: clear error return value before picture run (bsc#1051510).
media: cpia2: Fix use-after-free in cpia2_exit (bsc#1051510).
media: cx18: update *pos correctly in cx18_read_pos() (bsc#1051510).
media: cx23885: check allocation return (bsc#1051510).
media: davinci-isif: avoid uninitialized variable use (bsc#1051510).
media: davinci/vpbe: array underflow in vpbe_enum_outputs() (bsc#1051510).
media: go7007: avoid clang frame overflow warning with KASAN (bsc#1051510).
media: ivtv: update *pos correctly in ivtv_read_pos() (bsc#1051510).
media: m88ds3103: serialize reset messages in m88ds3103_set_frontend (bsc#1051510).
media: marvell-ccic: fix DMA s/g desc number calculation (bsc#1051510).
media: mt9m111: set initial frame size other than 0x0 (bsc#1051510).
media: mtk-jpeg: Correct return type for mem2mem buffer helpers (bsc#1051510).
media: mx2_emmaprp: Correct return type for mem2mem buffer helpers (bsc#1051510).
media: omap_vout: potential buffer overflow in vidioc_dqbuf() (bsc#1051510).
media: ov2659: fix unbalanced mutex_lock/unlock (bsc#1051510).
media: ov2659: make S_FMT succeed even if requested format doesn't match (bsc#1051510).
media: pvrusb2: Prevent a buffer overflow (bsc#1129770).
media: s5p-g2d: Correct return type for mem2mem buffer helpers (bsc#1051510).
media: s5p-jpeg: Correct return type for mem2mem buffer helpers (bsc#1051510).
media: s5p-mfc: Make additional clocks optional (bsc#1051510).
media: saa7146: avoid high stack usage with clang (bsc#1051510).
media: serial_ir: Fix use-after-free in serial_ir_init_module (bsc#1051510).
media: sh_veu: Correct return type for mem2mem buffer helpers (bsc#1051510).
media: smsusb: better handle optional alignment (bsc#1051510).
media: tw5864: Fix possible NULL pointer dereference in tw5864_handle_frame (bsc#1051510).
media: usb: siano: Fix false-positive 'uninitialized variable' warning (bsc#1051510).
media: usb: siano: Fix general protection fault in smsusb (bsc#1051510).
media: v4l2-ioctl: clear fields in s_parm (bsc#1051510).
media: v4l2: Test type instead of cfg type in v4l2_ctrl_new_custom() (bsc#1051510).
media: vivid: fix incorrect assignment operation when setting video mode (bsc#1051510).
media: vivid: use vfree() instead of kfree() for dev bitmap_cap (bsc#1051510).
media: wl128x: Fix an error code in fm_download_firmware() (bsc#1051510).
media: wl128x: prevent two potential buffer overflows (bsc#1051510).
mei: bus: need to unlink client before freeing (bsc#1051510).
mei: me: add denverton innovation engine device IDs (bsc#1051510).
mei: me: add gemini lake devices id (bsc#1051510).
memcg: make it work on sparse non-0-node systems (bnc#1133616).
memcg: make it work on sparse non-0-node systems kabi (bnc#1133616).
memory: tegra: Fix integer overflow on tick value calculation (bsc#1051510).
memstick: Fix error cleanup path of memstick_init (bsc#1051510).
mfd: da9063: Fix OTP control register names to match datasheets for DA9063/63L (bsc#1051510).
mfd: hi655x: Fix regmap area declared size for hi655x (bsc#1051510).
mfd: intel-lpss: Release IDA resources (bsc#1051510).
mfd: intel-lpss: Set the device in reset state when init (bsc#1051510).
mfd: max77620: Fix swapped FPS_PERIOD_MAX_US values (bsc#1051510).
mfd: tps65912-spi: Add missing of table registration (bsc#1051510).
mfd: twl6040: Fix device init errors for ACCCTL register (bsc#1051510).
mips: fix an off-by-one in dma_capable (jsc#SLE-6197 bsc#1140559 LTC#173150).
mlxsw: core: Add API for QSFP module temperature thresholds reading (bsc#1112374).
mlxsw: core: Do not use WQ_MEM_RECLAIM for EMAD workqueue (bsc#1112374).
mlxsw: core: Move ethtool module callbacks to a common location (bsc#1112374).
mlxsw: core: Prevent reading unsupported slave address from SFP EEPROM (bsc#1112374).
mlxsw: core: mlxsw: core: avoid -Wint-in-bool-context warning (bsc#1112374).
mlxsw: pci: Reincrease PCI reset timeout (bsc#1112374).
mlxsw: reg: Add Management Temperature Bulk Register (bsc#1112374).
mlxsw: spectrum: Move QSFP EEPROM definitions to common location (bsc#1112374).
mlxsw: spectrum: Put MC TCs into DWRR mode (bsc#1112374).
mlxsw: spectrum_dcb: Configure DSCP map as the last rule is removed (bsc#1112374).
mlxsw: spectrum_flower: Fix TOS matching (bsc#1112374).
mm, page_alloc: fix has_unmovable_pages for HugePages (bsc#1127034).
mm/debug.c: fix __dump_page when mapping host is not set (bsc#1131934).
mm/devm_memremap_pages: introduce devm_memunmap_pages (bsc#1103992 FATE#326009).
mm/huge_memory: fix vmf_insert_pfn_{pmd, pud}() crash, handle unaligned addresses (bsc#1135330).
mm/nvdimm: add is_ioremap_addr and use that to check ioremap address (bsc#1140322 LTC#176270).
mm/page_isolation.c: fix a wrong flag in set_migratetype_isolate() (bsc#1131935).
mm/vmalloc: fix size check for remap_vmalloc_range_partial() (bsc#1133825).
mm: Fix buggy backport leading to MAP_SYNC failures (bsc#1137372)
mm: fix race on soft-offlining free huge pages (bsc#1139712).
mm: hugetlb: delete dequeue_hwpoisoned_huge_page() (bsc#1139712).
mm: hugetlb: prevent reuse of hwpoisoned free hugepages (bsc#1139712).
mm: hugetlb: soft-offline: dissolve source hugepage after successful migration (bsc#1139712).
mm: hugetlb: soft-offline: dissolve_free_huge_page() return zero on !PageHuge (bsc#bsc#1139712).
mm: hugetlb: soft_offline: save compound page order before page migration (bsc#1139712)
mm: hwpoison: change PageHWPoison behavior on hugetlb pages (bsc#1139712).
mm: hwpoison: dissolve in-use hugepage in unrecoverable memory error (bsc#1139712).
mm: hwpoison: introduce idenfity_page_state (bsc#1139712).
mm: hwpoison: introduce memory_failure_hugetlb() (bsc#1139712).
mm: migrate: Fix reference check race between __find_get_block() and migration (bnc#1137609).
mm: replace all open encodings for NUMA_NO_NODE (bsc#1140322 LTC#176270).
mm: soft-offline: close the race against page allocation (bsc#1139712).
mm: soft-offline: dissolve free hugepage if soft-offlined (bsc#1139712).
mm: soft-offline: return -EBUSY if set_hwpoison_free_buddy_page() fails (bsc#1139712).
mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings (bnc#1012382).
mmc: bcm2835 MMC issues (bsc#1070872).
mmc: block: Delete gendisk before cleaning up the request queue (bsc#1127616).
mmc: core: Fix tag set memory leak (bsc#1111666).
mmc: core: Prevent processing SDIO IRQs when the card is suspended (bsc#1051510).
mmc: core: Verify SD bus width (bsc#1051510).
mmc: core: complete HS400 before checking status (bsc#1111666).
mmc: core: fix possible use after free of host (bsc#1051510).
mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers (bsc#1051510).
mmc: davinci: remove extraneous __init annotation (bsc#1051510).
mmc: mmci: Prevent polling for busy detection in IRQ context (bsc#1051510).
mmc: sdhci-iproc: Set NO_HISPD bit to fix HS50 data hold time problem (bsc#1051510).
mmc: sdhci-iproc: cygnus: Set NO_HISPD bit to fix HS50 data hold time problem (bsc#1051510).
mmc: sdhci-of-esdhc: add erratum A-009204 support (bsc#1051510).
mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support (bsc#1051510).
mmc: sdhci-of-esdhc: add erratum eSDHC5 support (bsc#1051510).
mmc: sdhci-pci: Try 'cd' for card-detect lookup before using NULL (bsc#1051510).
mmc: sdhci: Fix data command CRC error handling (bsc#1051510).
mmc: sdhci: Handle auto-command errors (bsc#1051510).
mmc: sdhci: Rename SDHCI_ACMD12_ERR and SDHCI_INT_ACMD12ERR (bsc#1051510).
mmc: tmio_mmc_core: don't claim spurious interrupts (bsc#1051510).
mmc_spi: add a status check for spi_sync_locked (bsc#1051510).
module: Fix livepatch/ftrace module text permissions race (bsc#1071995 fate#323487).
mount: copy the port field into the cloned nfs_server structure (bsc#1136990).
mt7601u: bump supported EEPROM version (bsc#1051510).
mt7601u: do not schedule rx_tasklet when the device has been disconnected (bsc#1111666).
mt7601u: fix possible memory leak when the device is disconnected (bsc#1111666).
mtd: docg3: Fix passing zero to 'PTR_ERR' warning in doc_probe_device (bsc#1051510).
mtd: docg3: fix a possible memory leak of mtd name (bsc#1051510).
mtd: nand: omap: Fix comment in platform data using wrong Kconfig symbol (bsc#1051510).
mtd: part: fix incorrect format specifier for an unsigned long long (bsc#1051510).
mtd: spi-nor: intel-spi: Avoid crossing 4K address boundary on read/write (bsc#1129770).
mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() (bsc#1136935).
mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() (bsc#1136935).
mwifiex: Fix mem leak in mwifiex_tm_cmd (bsc#1051510).
mwifiex: Make resume actually do something useful again on SDIO cards (bsc#1111666).
mwifiex: don't advertise IBSS features without FW support (bsc#1129770).
mwifiex: prevent an array overflow (bsc#1051510).
mwl8k: Fix rate_idx underflow (bsc#1051510).
net/af_iucv: build proper skbs for HiperTransport (bsc#1142221 LTC#179332).
net/af_iucv: remove GFP_DMA restriction for HiperTransport (bsc#1142112 bsc#1142221 LTC#179334 LTC#179332).
net/af_iucv: remove GFP_DMA restriction for HiperTransport (bsc#1142112 bsc#1142221 LTC#179334 LTC#179332).
net/af_iucv: remove GFP_DMA restriction for HiperTransport (bsc#1142221 LTC#179332).
net/ibmvnic: Remove tests of member address (bsc#1137739).
net/ibmvnic: Update MAC address settings after adapter reset (bsc#1134760).
net/ibmvnic: Update carrier state after link state change (bsc#1135100).
net/mlx5: Avoid reloading already removed devices (bsc#1103990 FATE#326006).
net/mlx5: FPGA, tls, hold rcu read lock a bit longer (bsc#1103990 FATE#326006).
net/mlx5: FPGA, tls, idr remove on flow delete (bsc#1103990 FATE#326006).
net/mlx5: Set completion EQs as shared resources (bsc#1103991 FATE#326007).
net/mlx5: Update pci error handler entries and command translation (bsc#1103991 FATE#326007).
net/mlx5e: Fix ethtool rxfh commands when CONFIG_MLX5_EN_RXNFC is disabled (bsc#1103990 FATE#326006).
net/mlx5e: Fix the max MTU check in case of XDP (bsc#1103990 FATE#326006).
net/mlx5e: Fix trailing semicolon (bsc#1075020).
net/mlx5e: Fix use-after-free after xdp_return_frame (bsc#1103990 FATE#326006).
net/mlx5e: IPoIB, Reset QP after channels are closed (bsc#1075020).
net/mlx5e: Rx, Check ip headers sanity (bsc#1103990 FATE#326006).
net/mlx5e: Rx, Fix checksum calculation for new hardware (bsc#1127611).
net/mlx5e: Rx, Fixup skb checksum for packets with tail padding (bsc#1109837).
net/mlx5e: XDP, Fix shifted flag index in RQ bitmap (bsc#1103990 FATE#326006).
net/sched: cbs: Fix error path of cbs_module_init (bsc#1109837).
net/sched: cbs: fix port_rate miscalculation (bsc#1109837).
net/sched: don't dereference a goto_chain to read the chain index (bsc#1064802 bsc#1066129).
net/sched: don't dereference a goto_chain to read the chain index (bsc#1064802 bsc#1066129).
net/smc: add pnet table namespace support (bsc#1129845 LTC#176252).
net/smc: add smcd support to the pnet table (bsc#1129845 LTC#176252).
net/smc: allow pci IDs as ib device names in the pnet table (bsc#1129845 LTC#176252).
net/smc: allow pnetid-less configuration (bsc#1129845 LTC#176252).
net/smc: check for ip prefix and subnet (bsc#1134607 LTC#177518).
net/smc: cleanup for smcr_tx_sndbuf_nonempty (bsc#1129845 LTC#176252).
net/smc: cleanup of get vlan id (bsc#1134607 LTC#177518).
net/smc: code cleanup smc_listen_work (bsc#1134607 LTC#177518).
net/smc: consolidate function parameters (bsc#1134607 LTC#177518).
net/smc: fallback to TCP after connect problems (bsc#1134607 LTC#177518).
net/smc: fix a NULL pointer dereference (bsc#1134607 LTC#177518).
net/smc: fix return code from FLUSH command (bsc#1134607 LTC#177518).
net/smc: improve smc_conn_create reason codes (bsc#1134607 LTC#177518).
net/smc: improve smc_listen_work reason codes (bsc#1134607 LTC#177518).
net/smc: move unhash before release of clcsock (bsc#1134607 LTC#177518).
net/smc: nonblocking connect rework (bsc#1134607 LTC#177518).
net/smc: propagate file from SMC to TCP socket (bsc#1134607 LTC#177518).
net/smc: return booleans instead of integers (bsc#1096003, FATE#325023, LTC#164003).
net/smc: rework pnet table (bsc#1129845 LTC#176252).
net/smc: wait for pending work before clcsock release_sock (bsc#1134607 LTC#177518).
net/tls: avoid NULL pointer deref on nskb sk in fallback (bsc#1109837).
net/tls: avoid potential deadlock in tls_set_device_offload_rx() (bsc#1109837).
net/tls: don't copy negative amounts of data in reencrypt (bsc#1109837).
net/tls: don't ignore netdev notifications if no TLS features (bsc#1109837).
net/tls: don't leak IV and record seq when offload fails (bsc#1109837).
net/tls: don't leak partially sent record in device mode (bsc#1109837).
net/tls: fix build without CONFIG_TLS_DEVICE (bsc#1109837).
net/tls: fix copy to fragments in reencrypt (bsc#1109837).
net/tls: fix page double free on TX cleanup (bsc#1109837).
net/tls: fix refcount adjustment in fallback (bsc#1109837).
net/tls: fix socket wmem accounting on fallback with netem (bsc#1109837).
net/tls: fix state removal with feature flags off (bsc#1109837).
net/tls: fix the IV leaks (bsc#1109837).
net/tls: free ctx in sock destruct (bsc#1136353 jsc#SLE-4688).
net/tls: make sure offload also gets the keys wiped (bsc#1109837).
net/tls: prevent bad memory access in tls_is_sk_tx_device_offloaded() (bsc#1109837).
net/tls: replace the sleeping lock around RX resync with a bit lock (bsc#1109837).
net/udp_gso: Allow TX timestamp with UDP GSO (bsc#1109837).
net: Fix missing meta data in skb with vlan packet (bsc#1109837).
net: chelsio: Add a missing check on cudg_get_buffer (bsc#1136345 jsc#SLE-4681).
net: core: support XDP generic on stacked devices (bsc#1109837).
net: cxgb4: fix various indentation issues (bsc#1136345 jsc#SLE-4681).
net: don't clear sock sk early to avoid trouble in strparser (bsc#1103990 FATE#326006).
net: ena: Fix bug where ring allocation backoff stopped too late (bsc#1138879).
net: ena: add MAX_QUEUES_EXT get feature admin command (bsc#1138879).
net: ena: add ethtool function for changing io queue sizes (bsc#1138879).
net: ena: add good checksum counter (bsc#1138879).
net: ena: add handling of llq max tx burst size (bsc#1138879).
net: ena: add newline at the end of pr_err prints (bsc#1138879).
net: ena: add support for changing max_header_size in LLQ mode (bsc#1138879).
net: ena: allow automatic fallback to polling mode (bsc#1138879).
net: ena: allow queue allocation backoff when low on memory (bsc#1138879).
net: ena: arrange ena_probe() function variables in reverse christmas tree (bsc#1138879).
net: ena: enable negotiating larger Rx ring size (bsc#1138879).
net: ena: ethtool: add extra properties retrieval via get_priv_flags (bsc#1138879).
net: ena: fix ena_com_fill_hash_function() implementation (bsc#1138879).
net: ena: fix incorrect test of supported hash function (bsc#1138879).
net: ena: fix return value of ena_com_config_llq_info() (bsc#1111696 bsc#1117561).
net: ena: fix return value of ena_com_config_llq_info() (bsc#1111696 bsc#1117561).
net: ena: fix swapped parameters when calling ena_com_indirect_table_fill_entry (bsc#1138879).
net: ena: fix: Free napi resources when ena_up() fails (bsc#1138879).
net: ena: fix: set freed objects to NULL to avoid failing future allocations (bsc#1138879).
net: ena: gcc 8: fix compilation warning (bsc#1138879).
net: ena: improve latency by disabling adaptive interrupt moderation by default (bsc#1138879).
net: ena: make ethtool show correct current and max queue sizes (bsc#1138879).
net: ena: optimise calculations for CQ doorbell (bsc#1138879).
net: ena: remove inline keyword from functions in *.c (bsc#1138879).
net: ena: replace free_tx/rx_ids union with single free_ids field in ena_ring (bsc#1138879).
net: ena: update driver version from 2.0.3 to 2.1.0 (bsc#1138879).
net: ena: use dev_info_once instead of static variable (bsc#1138879).
net: ethernet: ti: cpsw_ethtool: fix ethtool ring param set (bsc#1130836).
net: hns3: Add handling of MAC tunnel interruption (bsc#1104353 bsc#1134983).
net: hns3: Add support for netif message level settings (bsc#1104353 bsc#1134989).
net: hns3: Fix inconsistent indenting (bsc#1140676).
net: hns3: Make hclge_destroy_cmd_queue static (bsc#1104353 bsc#1137201).
net: hns3: Make hclgevf_update_link_mode static (bsc#1104353 bsc#1137201).
net: hns3: add counter for times RX pages gets allocated (bsc#1104353 bsc#1134947).
net: hns3: add error handler for initializing command queue (bsc#1104353 bsc#1135058).
net: hns3: add function type check for debugfs help information (bsc#1104353 bsc#1134980).
net: hns3: add hns3_gro_complete for HW GRO process (bsc#1104353 bsc#1135051).
net: hns3: add linearizing checking for TSO case (bsc#1104353 bsc#1134947).
net: hns3: add queue's statistics update to service task (bsc#1104353 bsc#1134981).
net: hns3: add reset statistics for VF (bsc#1104353 bsc#1134995).
net: hns3: add reset statistics info for PF (bsc#1104353 bsc#1134995).
net: hns3: add some debug info for hclgevf_get_mbx_resp() (bsc#1104353 bsc#1134994).
net: hns3: add some debug information for hclge_check_event_cause (bsc#1104353 bsc#1134994).
net: hns3: add support for dump ncl config by debugfs (bsc#1104353 bsc#1134987).
net: hns3: adjust the timing of hns3_client_stop when unloading (bsc#1104353 bsc#1137201).
net: hns3: always assume no drop TC for performance reason (bsc#1104353 bsc#1135049).
net: hns3: check 1000M half for hns3_ethtool_ops.set_link_ksettings (bsc#1104353 bsc#1137201).
net: hns3: check resetting status in hns3_get_stats() (bsc#1104353 bsc#1137201).
net: hns3: code optimization for command queue' spin lock (bsc#1104353 bsc#1135042).
net: hns3: combine len and checksum handling for inner and outer header (bsc#1104353 bsc#1134947).
net: hns3: deactive the reset timer when reset successfully (bsc#1104353 bsc#1137201).
net: hns3: divide shared buffer between TC (bsc#1104353 bsc#1135047).
net: hns3: do not initialize MDIO bus when PHY is inexistent (bsc#1104353 bsc#1135045).
net: hns3: do not request reset when hardware resetting (bsc#1104353 bsc#1137201).
net: hns3: dump more information when tx timeout happens (bsc#1104353 bsc#1134990).
net: hns3: fix VLAN offload handle for VLAN inserted by port (bsc#1104353 bsc#1135053).
net: hns3: fix data race between ring next_to_clean (bsc#1104353 bsc#1134975 bsc#1134945).
net: hns3: fix data race between ring next_to_clean (bsc#1104353 bsc#1134975 bsc#1134945).
net: hns3: fix for HNS3_RXD_GRO_SIZE_M macro (bsc#1104353 bsc#1137201).
net: hns3: fix for tunnel type handling in hns3_rx_checksum (bsc#1104353 bsc#1134946).
net: hns3: fix for vport bw_limit overflow problem (bsc#1104353 bsc#1134998).
net: hns3: fix keep_alive_timer not stop problem (bsc#1104353 bsc#1135055).
net: hns3: fix loop condition of hns3_get_tx_timeo_queue_info() (bsc#1104353 bsc#1134990).
net: hns3: fix pause configure fail problem (bsc#1104353 bsc#1134951 bsc#1134951).
net: hns3: fix set port based VLAN for PF (bsc#1104353 bsc#1135053).
net: hns3: fix set port based VLAN issue for VF (bsc#1104353 bsc#1135053).
net: hns3: fix sparse: warning when calling hclge_set_vlan_filter_hw() (bsc#1104353 bsc#1134999).
net: hns3: free the pending skb when clean RX ring (bsc#1104353 bsc#1135044).
net: hns3: handle pending reset while reset fail (bsc#1104353 bsc#1135058).
net: hns3: handle the BD info on the last BD of the packet (bsc#1104353 bsc#1134974).
net: hns3: ignore lower-level new coming reset (bsc#1104353 bsc#1137201).
net: hns3: minor refactor for hns3_rx_checksum (bsc#1104353 bsc#1135052).
net: hns3: modify VLAN initialization to be compatible with port based VLAN (bsc#1104353 bsc#1135053).
net: hns3: modify the VF network port media type acquisition method (bsc#1104353 bsc#1137201).
net: hns3: not reset TQP in the DOWN while VF resetting (bsc#1104353 bsc#1134952).
net: hns3: not reset vport who not alive when PF reset (bsc#1104353 bsc#1137201).
net: hns3: optimize the barrier using when cleaning TX BD (bsc#1104353 bsc#1134945).
net: hns3: prevent change MTU when resetting (bsc#1104353 bsc#1137201).
net: hns3: prevent double free in hns3_put_ring_config() (bsc#1104353 bsc#1134950).
net: hns3: reduce resources use in kdump kernel (bsc#1104353 bsc#1137201).
net: hns3: refactor BD filling for l2l3l4 info (bsc#1104353 bsc#1134947).
net: hns3: refine tx timeout count handle (bsc#1104353 bsc#1134990).
net: hns3: remove reset after command send failed (bsc#1104353 bsc#1134949).
net: hns3: remove resetting check in hclgevf_reset_task_schedule (bsc#1104353 bsc#1135056).
net: hns3: return 0 and print warning when hit duplicate MAC (bsc#1104353 bsc#1137201).
net: hns3: set dividual reset level for all RAS and MSI-X errors (bsc#1104353 bsc#1135046).
net: hns3: set up the vport alive state while reinitializing (bsc#1104353 bsc#1137201).
net: hns3: set vport alive state to default while resetting (bsc#1104353 bsc#1137201).
net: hns3: some cleanup for struct hns3_enet_ring (bsc#1104353 bsc#1134947).
net: hns3: stop mailbox handling when command queue need re-init (bsc#1104353 bsc#1135058).
net: hns3: stop sending keep alive msg when VF command queue needs reinit (bsc#1104353 bsc#1134972).
net: hns3: unify maybe_stop_tx for TSO and non-TSO case (bsc#1104353 bsc#1134947).
net: hns3: unify the page reusing for page size 4K and 64K (bsc#1104353 bsc#1134947).
net: hns3: use atomic_t replace u32 for arq's count (bsc#1104353 bsc#1134953).
net: hns3: use devm_kcalloc when allocating desc_cb (bsc#1104353 bsc#1134947).
net: hns3: use napi_schedule_irqoff in hard interrupts handlers (bsc#1104353 bsc#1134947).
net: hns: Fix WARNING when remove HNS driver with SMMU enabled (bsc#1140676).
net: hns: Fix loopback test failed at copper ports (bsc#1140676).
net: hns: Fix probabilistic memory overwrite when HNS driver initialized (bsc#1140676).
net: hns: Use NAPI_POLL_WEIGHT for hns driver (bsc#1140676).
net: hns: fix ICMP6 neighbor solicitation messages discard problem (bsc#1140676).
net: hns: fix KASAN: use-after-free in hns_nic_net_xmit_hw() (bsc#1140676).
net: hns: fix unsigned comparison to less than zero (bsc#1140676).
net: mvpp2: Use strscpy to handle stat strings (bsc#1098633).
net: mvpp2: Use strscpy to handle stat strings (bsc#1098633).
net: mvpp2: prs: Fix parser range for VID filtering (bsc#1098633).
net: mvpp2: prs: Fix parser range for VID filtering (bsc#1098633).
net: mvpp2: prs: Use the correct helpers when removing all VID filters (bsc#1098633).
net: mvpp2: prs: Use the correct helpers when removing all VID filters (bsc#1098633).
net: phy: marvell10g: report if the PHY fails to boot firmware (bsc#1119113 FATE#326472).
net: phy: marvell: Enable interrupt function on LED2 pin (bsc#1135018).
net: phy: marvell: add new default led configure for m88e151x (bsc#1135018).
net: phy: marvell: change default m88e1510 LED configuration (bsc#1135018).
net: smc_close: mark expected switch fall-through (bsc#1096003, FATE#325023, LTC#164003).
net: tls, correctly account for copied bytes with multiple sk_msgs (bsc#1109837).
net: unbreak CONFIG_RETPOLINE=n builds (bsc#1124503).
net: use indirect call wrappers at GRO network layer (bsc#1124503).
net: use indirect call wrappers at GRO transport layer (bsc#1124503).
new primitive: vmemdup_user() (jsc#SLE-4712 bsc#1136156).
nfit/ars: Allow root to busy-poll the ARS state machine (bsc#1140814).
nfp: bpf: fix static check error through tightening shift amount adjustment (bsc#1109837).
nfp: flower: add rcu locks when accessing netdev for tunnels (bsc#1109837).
nfs: Fix dentry revalidation on nfsv4 lookup (bsc#1132618).
nl80211: Add NL80211_FLAG_CLEAR_SKB flag for other NL commands (bsc#1051510).
nl80211: fix station_info pertid memory leak (bsc#1051510).
nvme-fc: use separate work queue to avoid warning (bsc#1131673).
nvme-multipath: avoid crash on invalid subsystem cntlid enumeration (bsc#1129273).
nvme-multipath: avoid crash on invalid subsystem cntlid enumeration (bsc#1130937).
nvme-multipath: split bios with the ns_head bio_set before submitting (bsc#1103259, bsc#1131673).
nvme-multipath: split bios with the ns_head bio_set before submitting (bsc#1103259, bsc#1131673).
nvme-rdma: fix possible free of a non-allocated async event buffer (bsc#1120423).
nvme-rdma: fix possible free of a non-allocated async event buffer (bsc#1120423).
nvme: Do not remove namespaces during reset (bsc#1131673).
nvme: add proper discard setup for the multipath device (bsc#1114638).
nvme: copy MTFA field from identify controller (bsc#1140715).
nvme: fix memory leak caused by incorrect subsystem free (bsc#1143185).
nvme: fix the dangerous reference of namespaces list (bsc#1131673).
nvme: flush scan_work when resetting controller (bsc#1131673).
nvme: make sure ns head inherits underlying device limits (bsc#1131673).
nvme: only reconfigure discard if necessary (bsc#1114638).
nvme: skip nvme_update_disk_info() if the controller is not live (bsc#1128432).
nvmem: Don't let a NULL cell_id for nvmem_cell_get() crash us (bsc#1051510).
nvmem: allow to select i.MX nvmem driver for i.MX 7D (bsc#1051510).
nvmem: core: fix read buffer in place (bsc#1051510).
nvmem: correct Broadcom OTP controller driver writes (bsc#1051510).
nvmem: imx-ocotp: Add i.MX7D timing write clock setup support (bsc#1051510).
nvmem: imx-ocotp: Add support for banked OTP addressing (bsc#1051510).
nvmem: imx-ocotp: Enable i.MX7D OTP write support (bsc#1051510).
nvmem: imx-ocotp: Move i.MX6 write clock setup to dedicated function (bsc#1051510).
nvmem: imx-ocotp: Pass parameters via a struct (bsc#1051510).
nvmem: imx-ocotp: Restrict OTP write to IMX6 processors (bsc#1051510).
nvmem: imx-ocotp: Update module description (bsc#1051510).
nvmem: properly handle returned value nvmem_reg_read (bsc#1051510).
objtool: Fix function fallthrough detection (bsc#1058115).
ocfs2: add first lock wait time in locking_state (bsc#1134390).
ocfs2: add last unlock times in locking_state (bsc#1134390).
ocfs2: add locking filter debugfs file (bsc#1134390).
ocfs2: fix ocfs2 read inode data panic in ocfs2_iget (bsc#1136434).
ocfs2: try to reuse extent block in dealloc without meta_alloc (bsc#1128902).
ocfs2: turn on OCFS2_FS_STATS setting(bsc#1134393) We need to turn on OCFS2_FS_STATS kernel configuration setting, to fix bsc#1134393.
of: fix clang -Wunsequenced for be32_to_cpu() (bsc#1135642).
of: fix clang -Wunsequenced for be32_to_cpu() (bsc#1135642).
of: fix clang -Wunsequenced for be32_to_cpu() (bsc#1135642).
of: fix clang -Wunsequenced for be32_to_cpu() (bsc#1135642).
omapfb: add missing of_node_put after of_device_is_available (bsc#1051510).
openvswitch: add seqadj extension when NAT is used (bsc#1051510).
openvswitch: fix flow actions reallocation (bsc#1051510).
overflow: Fix -Wtype-limits compilation warnings (bsc#1111666).
p54: drop device reference count if fails to enable device (bsc#1135642).
p54: drop device reference count if fails to enable device (bsc#1135642).
p54: drop device reference count if fails to enable device (bsc#1135642).
p54: drop device reference count if fails to enable device (bsc#1135642).
p54usb: Fix race between disconnect and firmware loading (bsc#1111666).
parport: Fix mem leak in parport_register_dev_model (bsc#1051510).
pci / PM: Use SMART_SUSPEND and LEAVE_SUSPENDED flags for PCIe ports (bsc#1142623).
pci/aer: Use cached AER Capability offset (bsc#1142623).
pci/p2pdma: Fix missing check for dma_virt_ops (bsc#1111666).
pci/portdrv: Add #defines for AER and DPC Interrupt Message Number masks (bsc#1142623).
pci/portdrv: Consolidate comments (bsc#1142623).
pci/portdrv: Disable port driver in compat mode (bsc#1142623).
pci/portdrv: Remove pcie_portdrv_err_handler.slot_reset (bsc#1142623).
pci/portdrv: Support PCIe services on subtractive decode bridges (bsc#1142623).
pci/portdrv: Use conventional Device ID table formatting (bsc#1142623).
pci: Init PCIe feature bits for managed host bridge alloc (bsc#1111666).
pci: hv: Add hv_pci_remove_slots() when we unload the driver (bsc#1142701).
pci: hv: Add pci_destroy_slot() in pci_devices_present_work(), if necessary (bsc#1142701).
pci: hv: Fix a memory leak in hv_eject_device_work() (bsc#1142701).
pci: hv: Fix a use-after-free bug in hv_eject_device_work() (bsc#1142701).
pci: hv: Fix return value check in hv_pci_assign_slots() (bsc#1142701).
pci: hv: Remove unused reason for refcount handler (bsc#1142701).
pci: hv: support reporting serial number as slot information (bsc#1142701).
pci: pciehp: Convert to threaded IRQ (bsc#1133005).
pci: pciehp: Ignore Link State Changes after powering off a slot (bsc#1133005).
pci: pciehp: Tolerate Presence Detect hardwired to zero (bsc#1133016).
pci: portdrv: Restore PCI config state on slot reset (bsc#1142623).
perf/x86/amd: Add event map for AMD Family 17h (bsc#1134223).
perf/x86/amd: Update generic hardware cache events for Family 17h (bsc#1134223).
phy: sun4i-usb: Make sure to disable PHY0 passby for peripheral mode (bsc#1051510).
phy: sun4i-usb: Support set_mode to USB_HOST for non-OTG PHYs (bsc#1051510).
pinctrl/amd: add get_direction handler (bsc#1140463).
pinctrl/amd: fix gpio irq level in debugfs (bsc#1140463).
pinctrl/amd: fix masking of GPIO interrupts (bsc#1140463).
pinctrl/amd: make functions amd_gpio_suspend and amd_gpio_resume static (bsc#1140463).
pinctrl/amd: poll InterruptEnable bits in amd_gpio_irq_set_type (bsc#1140463).
pinctrl/amd: poll InterruptEnable bits in enable_irq (bsc#1140463).
pkey: Indicate old mkvp only if old and current mkvp are different (bsc#1137827 LTC#178090).
platform/chrome: cros_ec_proto: check for NULL transfer function (bsc#1051510).
platform/mellanox: Add TmFifo driver for Mellanox BlueField Soc (bsc#1136333 jsc#SLE-4994).
platform/mellanox: Add new ODM system types to mlx-platform (bsc#1112374).
platform/mellanox: mlxreg-hotplug: Add devm_free_irq call to remove flow (bsc#1111666).
platform/x86: alienware-wmi: printing the wrong error code (bsc#1051510).
platform/x86: asus-nb-wmi: Support ALS on the Zenbook UX430UQ (bsc#1051510).
platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys from asus_nb_wmi (bsc#1051510).
platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys from asus_nb_wmi (bsc#1051510).
platform/x86: dell-rbtn: Add missing #include (bsc#1051510).
platform/x86: intel_pmc_ipc: adding error handling (bsc#1051510).
platform/x86: intel_punit_ipc: Revert 'Fix resource ioremap warning' (bsc#1051510).
platform/x86: mlx-platform: Add ASIC hotplug device configuration (bsc#1112374).
platform/x86: mlx-platform: Add LED platform driver activation (bsc#1112374).
platform/x86: mlx-platform: Add UID LED for the next generation systems (bsc#1112374).
platform/x86: mlx-platform: Add definitions for new registers (bsc#1112374).
platform/x86: mlx-platform: Add extra CPLD for next generation systems (bsc#1112374).
platform/x86: mlx-platform: Add mlx-wdt platform driver activation (bsc#1112374).
platform/x86: mlx-platform: Add mlxreg-fan platform driver activation (bsc#1112374).
platform/x86: mlx-platform: Add mlxreg-io platform driver activation (bsc#1112374).
platform/x86: mlx-platform: Add support for fan capability registers (bsc#1112374).
platform/x86: mlx-platform: Add support for fan direction register (bsc#1112374).
platform/x86: mlx-platform: Add support for new VMOD0007 board name (bsc#1112374).
platform/x86: mlx-platform: Add support for tachometer speed register (bsc#1112374).
platform/x86: mlx-platform: Allow mlxreg-io driver activation for more systems (bsc#1112374).
platform/x86: mlx-platform: Allow mlxreg-io driver activation for new systems (bsc#1112374).
platform/x86: mlx-platform: Change mlxreg-io configuration for MSN274x systems (bsc#1112374).
platform/x86: mlx-platform: Convert to use SPDX identifier (bsc#1112374).
platform/x86: mlx-platform: Fix LED configuration (bsc#1112374).
platform/x86: mlx-platform: Fix access mode for fan_dir attribute (bsc#1112374).
platform/x86: mlx-platform: Fix copy-paste error in mlxplat_init() (bsc#1112374).
platform/x86: mlx-platform: Fix parent device in i2c-mux-reg device registration (bsc#1051510).
platform/x86: mlx-platform: Fix tachometer registers (bsc#1112374).
platform/x86: mlx-platform: Remove unused define (bsc#1112374).
platform/x86: mlx-platform: Rename new systems product names (bsc#1112374).
platform/x86: pmc_atom: Add CB4063 Beckhoff Automation board to critclk_systems DMI table (bsc#1051510).
platform/x86: pmc_atom: Add Lex 3I380D industrial PC to critclk_systems DMI table (bsc#1051510).
platform/x86: pmc_atom: Add several Beckhoff Automation boards to critclk_systems DMI table (bsc#1051510).
platform/x86: pmc_atom: Drop __initconst on dmi table (bsc#1051510).
platform/x86: sony-laptop: Fix unintentional fall-through (bsc#1051510).
platform_data/mlxreg: Add capability field to core platform data (bsc#1112374).
platform_data/mlxreg: Document fixes for core platform data (bsc#1112374).
platform_data/mlxreg: additions for Mellanox watchdog driver (bsc#1112374).
pm: acpi/PCI: Resume all devices during hibernation (bsc#1111666).
power: supply: axp20x_usb_power: Fix typo in VBUS current limit macros (bsc#1051510).
power: supply: axp288_charger: Fix unchecked return value (bsc#1051510).
power: supply: max14656: fix potential use-before-alloc (bsc#1051510).
power: supply: sysfs: prevent endless uevent loop with CONFIG_POWER_SUPPLY_DEBUG (bsc#1051510).
powerpc/64s: Fix logic when handling unknown CPU features (bsc#1055117).
powerpc/64s: Fix page table fragment refcount race vs speculative references (bsc#1131326, bsc#1108937).
powerpc/64s: Fix page table fragment refcount race vs speculative references (bsc#1131326, bsc#1108937).
powerpc/64s: Remove POWER9 DD1 support (bsc#1055117, LTC#159753, FATE#323286, git-fixes).
powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild (bsc#1138374, LTC#178199).
powerpc/eeh: Fix race with driver un/bind (bsc#1065729).
powerpc/hugetlb: Handle mmap_min_addr correctly in get_unmapped_area callback (bsc#1131900).
powerpc/kvm: Save and restore host AMR/IAMR/UAMOR (bsc#1061840).
powerpc/mm/drconf: Use NUMA_NO_NODE on failures instead of node 0 (bsc#1140322 LTC#176270).
powerpc/mm/hash: Handle mmap_min_addr correctly in get_unmapped_area topdown search (bsc#1131900).
powerpc/mm/hugetlb: Update huge_ptep_set_access_flags to call __ptep_set_access_flags directly (bsc#1055117).
powerpc/mm/radix: Change pte relax sequence to handle nest MMU hang (bsc#1055117).
powerpc/mm/radix: Display if mappings are exec or not (bsc#1055186, fate#323286, git-fixes).
powerpc/mm/radix: Move function from radix.h to pgtable-radix.c (bsc#1055117).
powerpc/mm/radix: Prettify mapped memory range print out (bsc#1055186, fate#323286, git-fixes).
powerpc/mm: Add missing tracepoint for tlbie (bsc#1055117, git-fixes).
powerpc/mm: Change function prototype (bsc#1055117).
powerpc/mm: Check secondary hash page table (bsc#1065729).
powerpc/mm: Consolidate numa_enable check and min_common_depth check (bsc#1140322 LTC#176270).
powerpc/mm: Fix node look up with numa=off boot (bsc#1140322 LTC#176270).
powerpc/mm: Fix page table dump to work on Radix (bsc#1055186, fate#323286, git-fixes).
powerpc/msi: Fix NULL pointer access in teardown code (bsc#1065729).
powerpc/numa: document topology_updates_enabled, disable by default (bsc#1133584).
powerpc/numa: improve control of topology updates (bsc#1133584).
powerpc/papr_scm: Force a scm-unbind if initial scm-bind fails (bsc#1140322 LTC#176270).
powerpc/papr_scm: Update drc_pmem_unbind() to use H_SCM_UNBIND_ALL (bsc#1140322 LTC#176270).
powerpc/perf: Add PM_LD_MISS_L1 and PM_BR_2PATH to power9 event list (bsc#1137728, LTC#178106).
powerpc/perf: Add POWER9 alternate PM_RUN_CYC and PM_RUN_INST_CMPL events (bsc#1137728, LTC#178106).
powerpc/perf: Fix MMCRA corruption by bhrb_filter (bsc#1053043).
powerpc/perf: Fix unit_sel/cache_sel checks (bsc#1053043).
powerpc/perf: Remove l2 bus events from HW cache event array (bsc#1053043).
powerpc/powernv/cpuidle: Init all present cpus for deep states (bsc#1055121).
powerpc/powernv/idle: Restore IAMR after idle (bsc#1065729).
powerpc/powernv/ioda2: Remove redundant free of TCE pages (bsc#1061840).
powerpc/powernv/ioda: Allocate indirect TCE levels of cached userspace addresses on demand (bsc#1061840).
powerpc/powernv/ioda: Fix locked_vm counting for memory used by IOMMU tables (bsc#1061840).
powerpc/powernv: Don't reprogram SLW image on every KVM guest entry/exit (bsc#1061840).
powerpc/powernv: Make opal log only readable by root (bsc#1065729).
powerpc/powernv: Remove never used pnv_power9_force_smt4 (bsc#1061840).
powerpc/process: Fix sparse address space warnings (bsc#1065729).
powerpc/pseries/mobility: prevent cpu hotplug during DT update (bsc#1138374, LTC#178199).
powerpc/pseries/mobility: rebuild cacheinfo hierarchy post-migration (bsc#1138374, LTC#178199).
powerpc/pseries: Fix oops in hotplug memory notifier (bsc#1138375, LTC#178204).
powerpc/pseries: Update SCM hcall op-codes in hvcall.h (bsc#1140322 LTC#176270).
powerpc/rtas: retry when cpu offline races with suspend/migration (bsc#1140428, LTC#178808).
powerpc/speculation: Support 'mitigations=' cmdline option (bsc#1112178).
powerpc/vdso32: fix CLOCK_MONOTONIC on PPC64 (bsc#1131587).
powerpc/vdso64: Fix CLOCK_MONOTONIC inconsistencies across Y2038 (bsc#1131587).
powerpc/watchpoint: Restore NV GPRs while returning from exception (bsc#1140945 bsc#1141401 bsc#1141402 bsc#1141452 bsc#1141453 bsc#1141454 LTC#178983 LTC#179191 LTC#179192 LTC#179193 LTC#179194 LTC#179195).
powerpc/watchpoint: Restore NV GPRs while returning from exception (bsc#1140945 bsc#1141401 bsc#1141402 bsc#1141452 bsc#1141453 bsc#1141454 LTC#178983 LTC#179191 LTC#179192 LTC#179193 LTC#179194 LTC#179195).
powerpc/watchpoint: Restore NV GPRs while returning from exception (bsc#1140945 bsc#1141401 bsc#1141402 bsc#1141452 bsc#1141453 bsc#1141454 LTC#178983 LTC#179191 LTC#179192 LTC#179193 LTC#179194 LTC#179195).
powerpc/watchpoint: Restore NV GPRs while returning from exception (bsc#1140945 bsc#1141401 bsc#1141402 bsc#1141452 bsc#1141453 bsc#1141454 LTC#178983 LTC#179191 LTC#179192 LTC#179193 LTC#179194 LTC#179195).
powerpc/watchpoint: Restore NV GPRs while returning from exception (bsc#1140945 bsc#1141401 bsc#1141402 bsc#1141452 bsc#1141453 bsc#1141454 LTC#178983 LTC#179191 LTC#179192 LTC#179193 LTC#179194 LTC#179195).
powerpc/watchpoint: Restore NV GPRs while returning from exception (bsc#1140945 bsc#1141401 bsc#1141402 bsc#1141452 bsc#1141453 bsc#1141454 LTC#178983 LTC#179191 LTC#179192 LTC#179193 LTC#179194 LTC#179195).
powerpc64/ftrace: Include ftrace.h needed for enable/disable calls (bsc#1088804, git-fixes).
powerpc: Always initialize input array when calling epapr_hypercall() (bsc#1065729).
powerpc: Fix 32-bit KVM-PR lockup and host crash with MacOS guest (bsc#1061840).
powerpc: Fix HMIs on big-endian with CONFIG_RELOCATABLE=y (bsc#1065729).
powerpc: avoid -mno-sched-epilog on GCC 4.9 and newer (bsc#1065729).
powerpc: consolidate -mno-sched-epilog into FTRACE flags (bsc#1065729).
ppc: Convert mmu context allocation to new IDA API (bsc#1139619 LTC#178538).
ppp: mppe: Add softdep to arc4 (bsc#1088047).
proc/kcore: don't bounds check against address 0 (bsc#1051510).
proc/sysctl: fix return error for proc_doulongvec_minmax() (bsc#1051510).
proc: revalidate kernel thread inodes to root:root (bsc#1051510).
pwm: Fix deadlock warning when removing PWM device (bsc#1051510).
pwm: meson: Consider 128 a valid pre-divider (bsc#1051510).
pwm: meson: Don't disable PWM when setting duty repeatedly (bsc#1051510).
pwm: meson: Use the spin-lock only to protect register modifications (bsc#1051510).
pwm: stm32: Use 3 cells of_xlate() (bsc#1111666).
pwm: tiehrpwm: Update shadow register for disabling PWMs (bsc#1051510).
qed*: Add iWARP 100g support (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed*: Add iWARP 100g support (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed*: Add iWARP 100g support (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed*: Add iWARP 100g support (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed*: Change hwfn used for sb initialization (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed*: Change hwfn used for sb initialization (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed*: Change hwfn used for sb initialization (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed*: Change hwfn used for sb initialization (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Add API for SmartAN query (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Add API for SmartAN query (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Add API for SmartAN query (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Add API for SmartAN query (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Add infrastructure for error detection and recovery (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Add infrastructure for error detection and recovery (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Add infrastructure for error detection and recovery (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Add infrastructure for error detection and recovery (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Add llh ppfid interface and 100g support for offload protocols (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Add llh ppfid interface and 100g support for offload protocols (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Add llh ppfid interface and 100g support for offload protocols (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Add llh ppfid interface and 100g support for offload protocols (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Add qed devlink parameters table (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Add qed devlink parameters table (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Add qed devlink parameters table (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Add qed devlink parameters table (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Define new MF bit for no_vlan config (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Define new MF bit for no_vlan config (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Define new MF bit for no_vlan config (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Define new MF bit for no_vlan config (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Delete redundant doorbell recovery types (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Delete redundant doorbell recovery types (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Delete redundant doorbell recovery types (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Delete redundant doorbell recovery types (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Fix iWARP buffer size provided for syn packet processing (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Fix iWARP buffer size provided for syn packet processing (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Fix iWARP buffer size provided for syn packet processing (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Fix iWARP buffer size provided for syn packet processing (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Fix iWARP syn packet mac address validation (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Fix iWARP syn packet mac address validation (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Fix iWARP syn packet mac address validation (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Fix iWARP syn packet mac address validation (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Fix missing DORQ attentions (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Fix missing DORQ attentions (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Fix missing DORQ attentions (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Fix missing DORQ attentions (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Fix static checker warning (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Fix static checker warning (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Fix static checker warning (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Fix static checker warning (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Fix the DORQ's attentions handling (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Fix the DORQ's attentions handling (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Fix the DORQ's attentions handling (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Fix the DORQ's attentions handling (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Fix the doorbell address sanity check (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Fix the doorbell address sanity check (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Fix the doorbell address sanity check (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Fix the doorbell address sanity check (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Mark expected switch fall-through (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Mark expected switch fall-through (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Mark expected switch fall-through (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Mark expected switch fall-through (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Modify api for performing a dmae to another PF (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Modify api for performing a dmae to another PF (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Modify api for performing a dmae to another PF (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Modify api for performing a dmae to another PF (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Modify offload protocols to use the affined engine (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Modify offload protocols to use the affined engine (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Modify offload protocols to use the affined engine (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Modify offload protocols to use the affined engine (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Read device port count from the shmem (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Read device port count from the shmem (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Read device port count from the shmem (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Read device port count from the shmem (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Reduce the severity of ptp debug message (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Reduce the severity of ptp debug message (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Reduce the severity of ptp debug message (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Reduce the severity of ptp debug message (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Revise load sequence to avoid pci errors (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Revise load sequence to avoid pci errors (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Revise load sequence to avoid pci errors (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Revise load sequence to avoid pci errors (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Set the doorbell address correctly (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Set the doorbell address correctly (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Set the doorbell address correctly (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: Set the doorbell address correctly (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: fix indentation issue with statements in an if-block (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: fix indentation issue with statements in an if-block (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: fix indentation issue with statements in an if-block (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: fix indentation issue with statements in an if-block (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: fix spelling mistake 'faspath' 'fastpath' (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: fix spelling mistake 'faspath' 'fastpath' (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: fix spelling mistake 'faspath' 'fastpath' (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: fix spelling mistake 'faspath' 'fastpath' (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: fix spelling mistake 'inculde' 'include' (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: fix spelling mistake 'inculde' 'include' (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: fix spelling mistake 'inculde' 'include' (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: fix spelling mistake 'inculde' 'include' (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: remove duplicated include from qed_if.h (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: remove duplicated include from qed_if.h (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: remove duplicated include from qed_if.h (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: remove duplicated include from qed_if.h (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: remove redundant assignment to rc (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: remove redundant assignment to rc (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: remove redundant assignment to rc (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qed: remove redundant assignment to rc (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qede: Add ethtool interface for SmartAN query (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qede: Add ethtool interface for SmartAN query (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qede: Add ethtool interface for SmartAN query (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qede: Add ethtool interface for SmartAN query (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qede: Error recovery process (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qede: Error recovery process (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qede: Error recovery process (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qede: Error recovery process (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qede: Fix internal loopback failure with jumbo mtu configuration (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qede: Fix internal loopback failure with jumbo mtu configuration (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qede: Fix internal loopback failure with jumbo mtu configuration (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qede: Fix internal loopback failure with jumbo mtu configuration (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qede: Handle infinite driver spinning for Tx timestamp (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qede: Handle infinite driver spinning for Tx timestamp (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qede: Handle infinite driver spinning for Tx timestamp (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qede: Handle infinite driver spinning for Tx timestamp (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qede: Populate mbi version in ethtool driver query data (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qede: Populate mbi version in ethtool driver query data (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qede: Populate mbi version in ethtool driver query data (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qede: Populate mbi version in ethtool driver query data (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qede: fix write to free'd pointer error and double free of ptp (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qede: fix write to free'd pointer error and double free of ptp (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qede: fix write to free'd pointer error and double free of ptp (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qede: fix write to free'd pointer error and double free of ptp (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qede: place ethtool_rx_flow_spec after code after TC flower codebase (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qede: place ethtool_rx_flow_spec after code after TC flower codebase (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qede: place ethtool_rx_flow_spec after code after TC flower codebase (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qede: place ethtool_rx_flow_spec after code after TC flower codebase (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qedi: Use hwfns and affin_hwfn_idx to get MSI-X vector index (jsc#SLE-4693 bsc#1136462).
qedr: Change the MSI-X vectors selection to be based on affined engine (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qedr: Change the MSI-X vectors selection to be based on affined engine (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qedr: Change the MSI-X vectors selection to be based on affined engine (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qedr: Change the MSI-X vectors selection to be based on affined engine (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
qla2xxx: allow irqbalance control in non-MQ mode (bsc#1128971).
qla2xxx: allow irqbalance control in non-MQ mode (bsc#1128979).
qla2xxx: always allocate qla_tgt_wq (bsc#1131451).
qla2xxx: kABI fixes for v10.00.00.14-k (bsc#1136215).
qla2xxx: kABI fixes for v10.01.00.15-k (bsc#1136215).
qlcnic: Avoid potential NULL pointer dereference (bsc#1051510).
qlcnic: remove assumption that vlan_tci != 0 (bsc#1136469 jsc#SLE-4695).
qlcnic: remove set but not used variables 'cur_rings, max_hw_rings, tx_desc_info' (bsc#1136469 jsc#SLE-4695).
qlcnic: remove set but not used variables 'op, cmd_op' (bsc#1136469 jsc#SLE-4695).
qmi_wwan: Add quirk for Quectel dynamic config (bsc#1051510).
qmi_wwan: Fix out-of-bounds read (bsc#1111666).
qmi_wwan: add Olicard 600 (bsc#1051510).
qmi_wwan: add network device usage statistics for qmimux devices (bsc#1051510).
qmi_wwan: add support for QMAP padding in the RX path (bsc#1051510).
qmi_wwan: avoid RCU stalls on device disconnect when in QMAP mode (bsc#1051510).
qmi_wwan: extend permitted QMAP mux_id value range (bsc#1051510).
rapidio: fix a NULL pointer dereference when create_workqueue() fails (bsc#1051510).
rbd: do not assert on writes to snapshots (bsc#1137985 bsc#1138681).
rbd: do not assert on writes to snapshots (bsc#1137985 bsc#1138681).
rdma/cxbg: Use correct sizing on buffers holding page DMA addresses (bsc#1136348 jsc#SLE-4684).
rdma/cxgb4: Add support for 64Byte cqes (bsc#1127371).
rdma/cxgb4: Add support for kernel mode SRQ's (bsc#1127371).
rdma/cxgb4: Add support for srq functions and structs (bsc#1127371).
rdma/cxgb4: Don't expose DMA addresses (bsc#1136348 jsc#SLE-4684).
rdma/cxgb4: Fix null pointer dereference on alloc_skb failure (bsc#1136348 jsc#SLE-4684).
rdma/cxgb4: Fix spelling mistake 'immedate' 'immediate' (bsc#1136348 jsc#SLE-4684).
rdma/cxgb4: Make c4iw_poll_cq_one() easier to analyze (bsc#1127371).
rdma/cxgb4: Remove a set-but-not-used variable (bsc#1127371).
rdma/cxgb4: Remove kref accounting for sync operation (bsc#1136348 jsc#SLE-4684).
rdma/cxgb4: Use sizeof() notation (bsc#1136348 jsc#SLE-4684).
rdma/cxgb4: fix some info leaks (bsc#1127371).
rdma/hns: Add SCC context allocation support for hip08 (bsc#1104427 bsc#1126206).
rdma/hns: Add SCC context clr support for hip08 (bsc#1104427 bsc#1126206).
rdma/hns: Add constraint on the setting of local ACK timeout (bsc#1104427 bsc#1137233).
rdma/hns: Add the process of AEQ overflow for hip08 (bsc#1104427 bsc#1126206).
rdma/hns: Add timer allocation support for hip08 (bsc#1104427 bsc#1126206).
rdma/hns: Bugfix for SCC hem free (bsc#1104427 bsc#1137236).
rdma/hns: Bugfix for mapping user db (bsc#1104427 bsc#1137236).
rdma/hns: Bugfix for posting multiple srq work request (bsc#1104427 bsc#1137236).
rdma/hns: Bugfix for sending with invalidate (bsc#1104427 bsc#1137236).
rdma/hns: Bugfix for set hem of SCC (bsc#1104427 bsc#1137236).
rdma/hns: Bugfix for the scene without receiver queue (bsc#1104427 bsc#1137233).
rdma/hns: Configure capacity of hns device (bsc#1104427 bsc#1137236).
rdma/hns: Delete useful prints for aeq subtype event (bsc#1104427 bsc#1126206).
rdma/hns: Fix the Oops during rmmod or insmod ko when reset occurs (bsc#1104427 bsc#1137232).
rdma/hns: Fix the bug with updating rq head pointer when flush cqe (bsc#1104427 bsc#1137233).
rdma/hns: Fix the chip hanging caused by sending doorbell during reset (bsc#1104427 bsc#1137232).
rdma/hns: Fix the chip hanging caused by sending mailbox CMQ during reset (bsc#1104427 bsc#1137232).
rdma/hns: Fix the state of rereg mr (bsc#1104427 bsc#1137236).
rdma/hns: Hide error print information with roce vf device (bsc#1104427 bsc#1137236).
rdma/hns: Limit minimum ROCE CQ depth to 64 (bsc#1104427 bsc#1137236).
rdma/hns: Make some function static (bsc#1104427 bsc#1126206).
rdma/hns: Modify qp specification according to UM (bsc#1104427 bsc#1137233).
rdma/hns: Modify the pbl ba page size for hip08 (bsc#1104427 bsc#1137233).
rdma/hns: Move spin_lock_irqsave to the correct place (bsc#1104427 bsc#1137236).
rdma/hns: Remove jiffies operation in disable interrupt context (bsc#1104427 bsc#1137236).
rdma/hns: Remove set but not used variable 'rst' (bsc#1104427 bsc#1126206).
rdma/hns: Set allocated memory to zero for wrid (bsc#1104427 bsc#1137236).
rdma/hns: Update CQE specifications (bsc#1104427 bsc#1137236).
rdma/hns: rdma/hns: Assign rq head pointer when enable rq record db (bsc#1104427 bsc#1137236).
rdma/iw_cxgb4: Always disconnect when QP is transitioning to TERMINATE state (bsc#1136348 jsc#SLE-4684).
rdma/iw_cxgb4: Drop __GFP_NOFAIL (bsc#1127371).
rdma/iwcm: add tos_set bool to iw_cm struct (bsc#1136348 jsc#SLE-4684).
rdma/qedr: Fix incorrect device rate (bsc#1136188).
rdma/qedr: Fix out of bounds index check in query pkey (bsc#1136456 jsc#SLE-4689).
rdma/smc: Replace ib_query_gid with rdma_get_gid_attr (bsc#1131530 LTC#176717).
regulator: s2mps11: Fix buck7 and buck8 wrong voltages (bsc#1051510).
regulator: tps65086: Fix tps65086_ldoa1_ranges for selector 0xB (bsc#1051510).
ring-buffer: Check if memory is available before allocation (bsc#1132531).
rpm/post.sh: correct typo in err msg (bsc#1137625)
rt2x00: do not increment sequence number while re-transmitting (bsc#1051510).
rtc: 88pm860x: prevent use-after-free on device remove (bsc#1051510).
rtc: da9063: set uie_unsupported when relevant (bsc#1051510).
rtc: don't reference bogus function pointer in kdoc (bsc#1051510).
rtc: sh: Fix invalid alarm warning for non-enabled alarm (bsc#1051510).
rtlwifi: fix a potential NULL pointer dereference (bsc#1051510).
rtlwifi: fix potential NULL pointer dereference (bsc#1111666).
rtlwifi: rtl8192cu: fix error handle when usb probe failed (bsc#1111666).
rtlwifi: rtl8723ae: Fix missing break in switch statement (bsc#1051510).
s390/airq: provide cacheline aligned ivs (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388).
s390/airq: recognize directed interrupts (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388).
s390/airq: use DMA memory for adapter interrupts (jsc#SLE-6197 bsc#1140559 LTC#173150).
s390/cio: add basic protected virtualization support (jsc#SLE-6197 bsc#1140559 LTC#173150).
s390/cio: introduce DMA pools to cio (jsc#SLE-6197 bsc#1140559 LTC#173150).
s390/cpumf: Add extended counter set definitions for model 8561 and 8562 (bsc#1142052 LTC#179320).
s390/dasd: fix panic for failed online processing (bsc#1132589).
s390/dasd: fix using offset into zero size array error (bsc#1051510).
s390/dma: provide proper ARCH_ZONE_DMA_BITS value (jsc#SLE-6197 bsc#1140559 LTC#173150).
s390/ism: move oddities of device IO to wrapper function (jsc#SLE-5802 FATE#327055 bsc#1134738 LTC#173387).
s390/jump_label: Use 'jdd' constraint on gcc9 (bsc#1138589).
s390/mm: force swiotlb for protected virtualization (jsc#SLE-6197 bsc#1140559 LTC#173150).
s390/pci: add parameter to disable usage of MIO instructions (jsc#SLE-5802 FATE#327055 bsc#1134738 LTC#173387).
s390/pci: add parameter to force floating irqs (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388).
s390/pci: clarify interrupt vector usage (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388).
s390/pci: fix assignment of bus resources (jsc#SLE-5802 FATE#327055 bsc#1134738 LTC#173387).
s390/pci: fix struct definition for set PCI function (jsc#SLE-5802 FATE#327055 bsc#1134738 LTC#173387).
s390/pci: gather statistics for floating vs directed irqs (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388).
s390/pci: mark command line parser data __initdata (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388).
s390/pci: move everything irq related to pci_irq.c (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388).
s390/pci: move io address mapping code to pci_insn.c (jsc#SLE-5802 FATE#327055 bsc#1134738 LTC#173387).
s390/pci: provide support for CPU directed interrupts (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388).
s390/pci: provide support for MIO instructions (jsc#SLE-5802 FATE#327055 bsc#1134738 LTC#173387).
s390/pci: remove stale rc (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388).
s390/pci: remove unused define (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388).
s390/pkey: move pckmo subfunction available checks away from module init (bsc#1128544).
s390/protvirt: add memory sharing for diag 308 set/store (jsc#SLE-5759 FATE#327003 bsc#1135153 LTC#173151).
s390/protvirt: block kernel command line alteration (jsc#SLE-5759 FATE#327003 bsc#1135153 LTC#173151).
s390/qdio: clear intparm during shutdown (bsc#1134597 LTC#177516).
s390/qdio: handle PENDING state for QEBSM devices (bsc#1142119 LTC#179331).
s390/qeth: be drop monitor friendly (bsc#1142115 LTC#179337).
s390/qeth: be drop monitor friendly (bsc#1142220 LTC#179335).
s390/qeth: fix VLAN attribute in bridge_hostnotify udev event (bsc#1051510).
s390/qeth: fix race when initializing the IP address table (bsc#1051510).
s390/sclp: detect DIRQ facility (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388).
s390/setup: fix early warning messages (bsc#1051510).
s390/speculation: Support 'mitigations=' cmdline option (bsc#1112178).
s390/speculation: Support 'mitigations=' cmdline option (bsc#1112178).
s390/uv: introduce guest side ultravisor code (jsc#SLE-5759 FATE#327003 bsc#1135153 LTC#173151).
s390/virtio: handle find on invalid queue gracefully (bsc#1051510).
s390/vtime: steal time exponential moving average (bsc#1119222).
s390/zcrypt: Fix wrong dispatching for control domain CPRBs (bsc#1137811 LTC#178088).
s390: enable processes for mio instructions (jsc#SLE-5802 FATE#327055 bsc#1134738 LTC#173387).
s390: remove the unused dma_capable helper (jsc#SLE-6197 bsc#1140559 LTC#173150).
s390: show statistics for MSI IRQs (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388).
sbitmap: fix improper use of smp_mb__before_atomic() (bsc#1140658).
sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init() (bsc#1051510).
sc16is7xx: move label 'err_spi' to correct section (bsc#1051510).
sc16is7xx: put err_spi and err_i2c into correct #ifdef (bsc#1051510).
sched/topology: Improve load balancing on AMD EPYC (bsc#1137366).
scripts: override locale from environment when running recordmcount.pl (bsc#1134354).
scsi/fc: kABI fixes for new ELS_FPIN definition (bsc#1136217,jsc#SLE-4722).
scsi: aacraid: Mark expected switch fall-through (jsc#SLE-4710 bsc#1136161).
scsi: aacraid: Mark expected switch fall-throughs (jsc#SLE-4710 bsc#1136161).
scsi: aacraid: change event_wait to a completion (jsc#SLE-4710 bsc#1136161).
scsi: aacraid: change wait_sem to a completion (jsc#SLE-4710 bsc#1136161).
scsi: aacraid: clean up some indentation and formatting issues (jsc#SLE-4710 bsc#1136161).
scsi: be2iscsi: be_iscsi: Mark expected switch fall-through (jsc#SLE-4721 bsc#1136264).
scsi: be2iscsi: be_main: Mark expected switch fall-through (jsc#SLE-4721 bsc#1136264).
scsi: be2iscsi: fix spelling mistake 'Retreiving' 'Retrieving' (jsc#SLE-4721 bsc#1136264).
scsi: be2iscsi: lpfc: fix typo (jsc#SLE-4721 bsc#1136264).
scsi: be2iscsi: remove unused variable dmsg (jsc#SLE-4721 bsc#1136264).
scsi: be2iscsi: switch to generic DMA API (jsc#SLE-4721 bsc#1136264).
scsi: core: add new RDAC LENOVO/DE_Series device (bsc#1132390).
scsi: csiostor: Remove set but not used variable 'pln' (jsc#SLE-4679 bsc#1136343).
scsi: csiostor: csio_wr: mark expected switch fall-through (jsc#SLE-4679 bsc#1136343).
scsi: csiostor: drop serial_number usage (jsc#SLE-4679 bsc#1136343).
scsi: csiostor: fix NULL pointer dereference in csio_vport_set_state() (jsc#SLE-4679 bsc#1136343).
scsi: csiostor: fix calls to dma_set_mask_and_coherent() (jsc#SLE-4679 bsc#1136343).
scsi: csiostor: fix incorrect dma device in case of vport (jsc#SLE-4679 bsc#1136343).
scsi: csiostor: fix missing data copy in csio_scsi_err_handler() (jsc#SLE-4679 bsc#1136343).
scsi: csiostor: no need to check return value of debugfs_create functions (jsc#SLE-4679 bsc#1136343).
scsi: cxgb4i: add wait_for_completion() (jsc#SLE-4678 bsc#1136342).
scsi: cxgbi: KABI: fix handle completion etc (jsc#SLE-4678 bsc#1136342).
scsi: cxgbi: remove redundant __kfree_skb call on skb and free cst atid (jsc#SLE-4678 bsc#1136342).
scsi: fc: add FPIN ELS definition (bsc#1136217,jsc#SLE-4722).
scsi: hisi: KABI ignore new symbols (bsc#1135038).
scsi: hisi_sas: Add softreset in hisi_sas_I_T_nexus_reset() (bsc#1135033).
scsi: hisi_sas: Adjust the printk format of functions hisi_sas_init_device() (bsc#1135037).
scsi: hisi_sas: Do not fail IT nexus reset for Open Reject timeout (bsc#1135033).
scsi: hisi_sas: Do not hard reset disk during controller reset (bsc#1135034).
scsi: hisi_sas: Fix for setting the PHY linkrate when disconnected (bsc#1135038).
scsi: hisi_sas: Remedy inconsistent PHY down state in software (bsc#1135039).
scsi: hisi_sas: Send HARD RESET to clear the previous affiliation of STP target port (bsc#1135037).
scsi: hisi_sas: Set PHY linkrate when disconnected (bsc#1135038).
scsi: hisi_sas: Some misc tidy-up (bsc#1135031).
scsi: hisi_sas: Support all RAS events with MSI interrupts (bsc#1135035).
scsi: hisi_sas: add host reset interface for test (bsc#1135041).
scsi: hisi_sas: allocate different SAS address for directly attached situation (bsc#1135036).
scsi: hisi_sas: remove the check of sas_dev status in hisi_sas_I_T_nexus_reset() (bsc#1135037).
scsi: hpsa: Use vmemdup_user to replace the open code (jsc#SLE-4712 bsc#1136156).
scsi: hpsa: bump driver version (jsc#SLE-4712 bsc#1136156).
scsi: hpsa: check for lv removal (jsc#SLE-4712 bsc#1136156).
scsi: hpsa: clean up two indentation issues (jsc#SLE-4712 bsc#1136156).
scsi: hpsa: correct device id issues (jsc#SLE-4712 bsc#1136156).
scsi: hpsa: correct device resets (jsc#SLE-4712 bsc#1136156).
scsi: hpsa: correct ioaccel2 chaining (jsc#SLE-4712 bsc#1136156).
scsi: hpsa: correct simple mode (jsc#SLE-4712 bsc#1136156).
scsi: hpsa: fix an uninitialized read and dereference of pointer dev (jsc#SLE-4712 bsc#1136156).
scsi: hpsa: mark expected switch fall-throughs (jsc#SLE-4712 bsc#1136156).
scsi: hpsa: remove timeout from TURs (jsc#SLE-4712 bsc#1136156).
scsi: hpsa: switch to generic DMA API (jsc#SLE-4712 bsc#1136156).
scsi: ibmvfc: fix WARN_ON during event pool release (bsc#1137458 LTC#178093).
scsi: libsas: Do discovery on empty PHY to update PHY info (bsc#1135024).
scsi: libsas: Improve vague log in SAS rediscovery (bsc#1135027).
scsi: libsas: Inject revalidate event for root port event (bsc#1135026).
scsi: libsas: Print expander PHY indexes in decimal (bsc#1135021).
scsi: libsas: Stop hardcoding SAS address length (bsc#1135029).
scsi: libsas: Support SATA PHY connection rate unmatch fixing during discovery (bsc#1135028).
scsi: libsas: Try to retain programmed min linkrate for SATA min pathway unmatch fixing (bsc#1135028).
scsi: libsas: allocate sense buffer for bsg queue (bsc#1131467).
scsi: lpfc: Add loopback testing to trunking mode (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Annotate switch/case fall-through (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Cancel queued work for an IO when processing a received ABTS (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Change smp_processor_id() into raw_smp_processor_id() (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Convert bootstrap mbx polling from msleep to udelay (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Coordinate adapter error handling with offline handling (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Correct __lpfc_sli_issue_iocb_s4 lockdep check (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Correct boot bios information to FDMI registration (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Correct localport timeout duration error (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Correct nvmet buffer free race condition (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Declare local functions static (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Enhance 6072 log string (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Fix BFS crash with DIX enabled (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Fix FDMI fc4type for nvme support (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Fix FDMI manufacturer attribute value (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Fix HDMI2 registration string for symbolic name (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Fix PT2PT PLOGI collison stopping discovery (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Fix SLI3 commands being issued on SLI4 devices (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Fix a recently introduced compiler warning (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Fix alloc context on oas lun creations (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Fix build error (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Fix deadlock due to nested hbalock call (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Fix driver crash in target reset handler (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Fix duplicate log message numbers (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Fix error code if kcalloc() fails (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Fix error codes in lpfc_sli4_pci_mem_setup() (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Fix fc4type information for FDMI (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Fix fcp_rsp_len checking on lun reset (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Fix handling of trunk links state reporting (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Fix hardlockup in scsi_cmd_iocb_cmpl (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Fix incorrect logical link speed on trunks when links down (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Fix indentation and balance braces (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Fix io lost on host resets (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Fix kernel warnings related to smp_processor_id() (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Fix link speed reporting for 4-link trunk (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Fix location of SCSI ktime counters (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Fix lpfc_nvmet_mrq attribute handling when 0 (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Fix mailbox hang on adapter init (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Fix memory leak in abnormal exit path from lpfc_eq_create (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Fix missing wakeups on abort threads (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Fix nvmet async receive buffer replenishment (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Fix nvmet handling of first burst cmd (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Fix nvmet handling of received ABTS for unmapped frames (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Fix nvmet target abort cmd matching (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Fix oops when driver is loaded with 1 interrupt vector (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Fix poor use of hardware queues if fewer irq vectors (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Fix protocol support on G6 and G7 adapters (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Fix use-after-free mailbox cmd completion (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Fixup eq_clr_intr references (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Make lpfc_sli4_oas_verify static (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Move trunk_errmsg[] from a header file into a .c file (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Prevent 'use after free' memory overwrite in nvmet LS handling (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Reduce memory footprint for lpfc_queue (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Remove set but not used variable 'phys_id' (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Remove set-but-not-used variables (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Remove unused functions (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Resolve inconsistent check of hdwq in lpfc_scsi_cmd_iocb_cmpl (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Resolve irq-unsafe lockdep heirarchy warning in lpfc_io_free (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Revert message logging on unsupported topology (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Revise message when stuck due to unresponsive adapter (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Rework misleading nvme not supported in firmware message (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Separate CQ processing for nvmet_fc upcalls (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Specify node affinity for queue memory allocation (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Stop adapter if pci errors detected (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Update Copyright in driver version (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Update lpfc version to 12.2.0.1 (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: Update lpfc version to 12.2.0.3 (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: add support for posting FC events on FPIN reception (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: avoid uninitialized variable warning (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: fix 32-bit format string warning (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: fix a handful of indentation issues (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: fix calls to dma_set_mask_and_coherent() (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: fix unused variable warning (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: resolve static checker warning in lpfc_sli4_hba_unset (bsc#1136217,jsc#SLE-4722).
scsi: lpfc: use dma_set_mask_and_coherent (bsc#1136217,jsc#SLE-4722).
scsi: megaraid_sas: Add support for DEVICE_LIST DCMD in driver (bsc#1136271).
scsi: megaraid_sas: Retry reads of outbound_intr_status reg (bsc#1136271).
scsi: megaraid_sas: Rework code to get PD and LD list (bsc#1136271).
scsi: megaraid_sas: Rework device add code in AEN path (bsc#1136271).
scsi: megaraid_sas: Update structures for HOST_DEVICE_LIST DCMD (bsc#1136271).
scsi: megaraid_sas: correct an info message (bsc#1136271).
scsi: megaraid_sas: driver version update (bsc#1136271).
scsi: mpt3sas: Add Atomic RequestDescriptor support on Aero (bsc#1125703,jsc#SLE-4717).
scsi: mpt3sas: Add flag high_iops_queues (bsc#1125703,jsc#SLE-4717).
scsi: mpt3sas: Add missing breaks in switch statements (bsc#1125703,jsc#SLE-4717).
scsi: mpt3sas: Add support for ATLAS PCIe switch (bsc#1125703,jsc#SLE-4717).
scsi: mpt3sas: Add support for NVMe Switch Adapter (bsc#1125703,jsc#SLE-4717).
scsi: mpt3sas: Affinity high iops queues IRQs to local node (bsc#1125703,jsc#SLE-4717).
scsi: mpt3sas: Enable interrupt coalescing on high iops (bsc#1125703,jsc#SLE-4717).
scsi: mpt3sas: Fix kernel panic during expander reset (bsc#1125703,jsc#SLE-4717).
scsi: mpt3sas: Fix typo in request_desript_type (bsc#1125703,jsc#SLE-4717).
scsi: mpt3sas: Improve the threshold value and introduce module param (bsc#1125703,jsc#SLE-4717).
scsi: mpt3sas: Introduce perf_mode module parameter (bsc#1125703,jsc#SLE-4717).
scsi: mpt3sas: Irq poll to avoid CPU hard lockups (bsc#1125703,jsc#SLE-4717).
scsi: mpt3sas: Load balance to improve performance and avoid soft lockups (bsc#1125703,jsc#SLE-4717).
scsi: mpt3sas: Rename mpi endpoint device ID macro (bsc#1125703,jsc#SLE-4717).
scsi: mpt3sas: Update driver version to 27.102.00.00 (bsc#1125703,jsc#SLE-4717).
scsi: mpt3sas: Update driver version to 29.100.00.00 (bsc#1125703,jsc#SLE-4717).
scsi: mpt3sas: Update mpt3sas driver version to 28.100.00.00 (bsc#1125703,jsc#SLE-4717).
scsi: mpt3sas: Use high iops queues under some circumstances (bsc#1125703,jsc#SLE-4717).
scsi: mpt3sas: change _base_get_msix_index prototype (bsc#1125703,jsc#SLE-4717).
scsi: mpt3sas: fix indentation issue (bsc#1125703,jsc#SLE-4717).
scsi: mpt3sas: function pointers of request descriptor (bsc#1125703,jsc#SLE-4717).
scsi: mpt3sas: save and use MSI-X index for posting RD (bsc#1125703,jsc#SLE-4717).
scsi: mpt3sas: simplify interrupt handler (bsc#1125703,jsc#SLE-4717).
scsi: qedf: Add LBA to underrun debug messages (bsc#1136467 jsc#SLE-4694).
scsi: qedf: Add a flag to help debugging io_req which could not be cleaned (bsc#1136467 jsc#SLE-4694).
scsi: qedf: Add additional checks for io_req sc_cmd validity (bsc#1136467 jsc#SLE-4694).
scsi: qedf: Add comment to display logging levels (bsc#1136467 jsc#SLE-4694).
scsi: qedf: Add driver state to 'driver_stats' debugfs node (bsc#1136467 jsc#SLE-4694).
scsi: qedf: Add missing return in qedf_post_io_req() in the fcport offload check (bsc#1136467 jsc#SLE-4694).
scsi: qedf: Add missing return in qedf_scsi_done() (bsc#1136467 jsc#SLE-4694).
scsi: qedf: Add port_id for fcport into initiate_cleanup debug message (bsc#1136467 jsc#SLE-4694).
scsi: qedf: Add return value to log message if scsi_add_host fails (bsc#1136467 jsc#SLE-4694).
scsi: qedf: Change MSI-X load error message (bsc#1136467 jsc#SLE-4694).
scsi: qedf: Check both the FCF and fabric ID before servicing clear virtual link (bsc#1136467 jsc#SLE-4694).
scsi: qedf: Check for fcoe_libfc_config failure (bsc#1136467 jsc#SLE-4694).
scsi: qedf: Check for tm_flags instead of cmd_type during cleanup (bsc#1136467 jsc#SLE-4694).
scsi: qedf: Check the return value of start_xmit (bsc#1136467 jsc#SLE-4694).
scsi: qedf: Cleanup rrq_work after QEDF_CMD_OUTSTANDING is cleared (bsc#1136467 jsc#SLE-4694).
scsi: qedf: Correctly handle refcounting of rdata (bsc#1136467 jsc#SLE-4694).
scsi: qedf: Do not queue anything if upload is in progress (bsc#1136467 jsc#SLE-4694).
scsi: qedf: Do not send ABTS for under run scenario (bsc#1136467 jsc#SLE-4694).
scsi: qedf: Fix lport may be used uninitialized warning (bsc#1136467 jsc#SLE-4694).
scsi: qedf: Log message if scsi_add_host fails (bsc#1136467 jsc#SLE-4694).
scsi: qedf: Modify abort and tmf handler to handle edge condition and flush (bsc#1136467 jsc#SLE-4694).
scsi: qedf: Modify flush routine to handle all I/Os and TMF (bsc#1136467 jsc#SLE-4694).
scsi: qedf: Print fcport information on wait for upload timeout (bsc#1136467 jsc#SLE-4694).
scsi: qedf: Print scsi_cmd backpointer in good completion path if the command is still being used (bsc#1136467 jsc#SLE-4694).
scsi: qedf: Remove set but not used variable 'fr_len' (bsc#1136467 jsc#SLE-4694).
scsi: qedf: Update the driver version to 8.37.25.19 (bsc#1136467 jsc#SLE-4694).
scsi: qedf: Update the driver version to 8.37.25.20 (bsc#1136467 jsc#SLE-4694).
scsi: qedf: Wait for upload and link down processing during soft ctx reset (bsc#1136467 jsc#SLE-4694).
scsi: qedf: fc_rport_priv reference counting fixes (bsc#1136467 jsc#SLE-4694).
scsi: qedf: fixup bit operations (bsc#1135542).
scsi: qedf: fixup locking in qedf_restart_rport() (bsc#1135542).
scsi: qedf: missing kref_put in qedf_xmit() (bsc#1135542).
scsi: qedf: remove memset/memcpy to nfunc and use func instead (bsc#1136467 jsc#SLE-4694).
scsi: qedf: remove set but not used variables (bsc#1136467 jsc#SLE-4694).
scsi: qedi: Add packet filter in light L2 Rx path (jsc#SLE-4693 bsc#1136462).
scsi: qedi: Check for session online before getting iSCSI TLV data (jsc#SLE-4693 bsc#1136462).
scsi: qedi: Cleanup redundant QEDI_PAGE_SIZE macro definition (jsc#SLE-4693 bsc#1136462).
scsi: qedi: Fix spelling mistake 'OUSTANDING' 'OUTSTANDING' (jsc#SLE-4693 bsc#1136462).
scsi: qedi: Move LL2 producer index processing in BH (jsc#SLE-4693 bsc#1136462).
scsi: qedi: Replace PAGE_SIZE with QEDI_PAGE_SIZE (jsc#SLE-4693 bsc#1136462).
scsi: qedi: Update driver version to 8.33.0.21 (jsc#SLE-4693 bsc#1136462).
scsi: qedi: add module param to set ping packet size (jsc#SLE-4693 bsc#1136462).
scsi: qedi: remove set but not used variables 'cdev' and 'udev' (jsc#SLE-4693 bsc#1136462).
scsi: qla2xxx: Add 28xx flash primary/secondary status/image mechanism (bsc#1136215).
scsi: qla2xxx: Add Device ID for ISP28XX (bsc#1136215).
scsi: qla2xxx: Add First Burst support for FC-NVMe devices (bsc#1136215).
scsi: qla2xxx: Add Serdes support for ISP28XX (bsc#1136215).
scsi: qla2xxx: Add fw_attr and port_no SysFS node (bsc#1136215).
scsi: qla2xxx: Add new FC-NVMe enable BIT to enable FC-NVMe feature (bsc#1130579).
scsi: qla2xxx: Add new FW dump template entry types (bsc#1136215).
scsi: qla2xxx: Add protection mask module parameters (bsc#1136215).
scsi: qla2xxx: Add support for multiple fwdump templates/segments (bsc#1136215).
scsi: qla2xxx: Add support for setting port speed (bsc#1136215).
scsi: qla2xxx: Avoid pci IRQ affinity mapping when multiqueue is not supported (bsc#1136215).
scsi: qla2xxx: Check for FW started flag before aborting (bsc#1136215).
scsi: qla2xxx: Cleanups for NVRAM/Flash read/write path (bsc#1136215).
scsi: qla2xxx: Correction and improvement to fwdt processing (bsc#1136215).
scsi: qla2xxx: Correctly report max/min supported speeds (bsc#1136215).
scsi: qla2xxx: Declare local functions 'static' (bsc#1137444).
scsi: qla2xxx: Fix DMA error when the DIF sg buffer crosses 4GB boundary (bsc#1136215).
scsi: qla2xxx: Fix FC-AL connection target discovery (bsc#1094555).
scsi: qla2xxx: Fix LUN discovery if loop id is not assigned yet by firmware (bsc#1136215).
scsi: qla2xxx: Fix N2N target discovery with Local loop (bsc#1094555).
scsi: qla2xxx: Fix abort handling in tcm_qla2xxx_write_pending() (bsc#1140727).
scsi: qla2xxx: Fix code indentation for qla27xx_fwdt_entry (bsc#1136215).
scsi: qla2xxx: Fix function argument descriptions (bsc#1118139).
scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines (bsc#1140728).
scsi: qla2xxx: Fix memory corruption during hba reset test (bsc#1118139).
scsi: qla2xxx: Fix panic from use after free in qla2x00_async_tm_cmd (bsc#1136215).
scsi: qla2xxx: Fix panic in qla_dfs_tgt_counters_show (bsc#1132044).
scsi: qla2xxx: Fix read offset in qla24xx_load_risc_flash() (bsc#1136215).
scsi: qla2xxx: Fix routine qla27xx_dump_{mpi|ram}() (bsc#1136215).
scsi: qla2xxx: Fix unload when NVMe devices are configured (bsc#1136215).
scsi: qla2xxx: Improve several kernel-doc headers (bsc#1137444).
scsi: qla2xxx: Introduce a switch/case statement in qlt_xmit_tm_rsp() (bsc#1137444).
scsi: qla2xxx: Make qla2x00_sysfs_write_nvram() easier to analyze (bsc#1137444).
scsi: qla2xxx: Make sure that qlafx00_ioctl_iosb_entry() initializes 'res' (bsc#1137444).
scsi: qla2xxx: Move debug messages before sending srb preventing panic (bsc#1136215).
scsi: qla2xxx: Move marker request behind QPair (bsc#1136215).
scsi: qla2xxx: NULL check before some freeing functions is not needed (bsc#1137444).
scsi: qla2xxx: Prevent SysFS access when chip is down (bsc#1136215).
scsi: qla2xxx: Prevent multiple ADISC commands per session (bsc#1136215).
scsi: qla2xxx: Remove FW default template (bsc#1136215).
scsi: qla2xxx: Remove a set-but-not-used variable (bsc#1137444).
scsi: qla2xxx: Remove two arguments from qlafx00_error_entry() (bsc#1137444).
scsi: qla2xxx: Remove unused symbols (bsc#1118139).
scsi: qla2xxx: Secure flash update support for ISP28XX (bsc#1136215).
scsi: qla2xxx: Set remote port devloss timeout to 0 (bsc#1136215).
scsi: qla2xxx: Simplification of register address used in qla_tmpl.c (bsc#1136215).
scsi: qla2xxx: Simplify conditional check again (bsc#1136215).
scsi: qla2xxx: Split the __qla2x00_abort_all_cmds() function (bsc#1137444).
scsi: qla2xxx: Update driver version to 10.00.00.14-k (bsc#1136215).
scsi: qla2xxx: Update driver version to 10.01.00.15-k (bsc#1136215).
scsi: qla2xxx: Update flash read/write routine (bsc#1136215).
scsi: qla2xxx: Use %p for printing pointers (bsc#1118139).
scsi: qla2xxx: avoid printf format warning (bsc#1136215).
scsi: qla2xxx: check for kstrtol() failure (bsc#1136215).
scsi: qla2xxx: do not crash on uninitialized pool list (boo#1138874).
scsi: qla2xxx: fix error message on qla2400 (bsc#1118139).
scsi: qla2xxx: fix spelling mistake: 'existant' - 'existent' (bsc#1118139).
scsi: qla2xxx: fully convert to the generic DMA API (bsc#1137444).
scsi: qla2xxx: fx00 copypaste typo (bsc#1118139).
scsi: qla2xxx: no need to check return value of debugfs_create functions (bsc#1136215).
scsi: qla2xxx: remove redundant null check on pointer sess (bsc#1136215).
scsi: qla2xxx: remove the unused tcm_qla2xxx_cmd_wq (bsc#1118139).
scsi: qla2xxx: use lower_32_bits and upper_32_bits instead of reinventing them (bsc#1137444).
scsi: scsi_transport_fc: Add FPIN fc event codes (bsc#1136217,jsc#SLE-4722).
scsi: scsi_transport_fc: refactor event posting routines (bsc#1136217,jsc#SLE-4722).
scsi: smartpqi: Add retries for device reset (bsc#1133547).
scsi: smartpqi: Reporting 'logical unit failure' (bsc#1133547).
scsi: smartpqi: add H3C controller IDs (bsc#1133547).
scsi: smartpqi: add h3c ssid (bsc#1133547).
scsi: smartpqi: add no_write_same for logical volumes (bsc#1133547).
scsi: smartpqi: add ofa support (bsc#1133547).
scsi: smartpqi: add smp_utils support (bsc#1133547).
scsi: smartpqi: add spdx (bsc#1133547).
scsi: smartpqi: add support for PQI Config Table handshake (bsc#1133547).
scsi: smartpqi: add support for huawei controllers (bsc#1133547).
scsi: smartpqi: add sysfs attributes (bsc#1133547).
scsi: smartpqi: allow for larger raid maps (bsc#1133547).
scsi: smartpqi: bump driver version (bsc#1133547).
scsi: smartpqi: bump driver version (bsc#1133547).
scsi: smartpqi: call pqi_free_interrupts() in pqi_shutdown() (bsc#1133547).
scsi: smartpqi: check for null device pointers (bsc#1133547).
scsi: smartpqi: correct host serial num for ssa (bsc#1133547).
scsi: smartpqi: correct lun reset issues (bsc#1133547).
scsi: smartpqi: correct volume status (bsc#1133547).
scsi: smartpqi: do not offline disks for transient did no connect conditions (bsc#1133547).
scsi: smartpqi: enhance numa node detection (bsc#1133547).
scsi: smartpqi: fix build warnings (bsc#1133547).
scsi: smartpqi: fix disk name mount point (bsc#1133547).
scsi: smartpqi: fully convert to the generic DMA API (bsc#1133547).
scsi: smartpqi: increase LUN reset timeout (bsc#1133547).
scsi: smartpqi: increase fw status register read timeout (bsc#1133547).
scsi: smartpqi: refactor sending controller raid requests (bsc#1133547).
scsi: smartpqi: turn off lun data caching for ptraid (bsc#1133547).
scsi: smartpqi: update copyright (bsc#1133547).
scsi: smartpqi: update driver version (bsc#1133547).
scsi: smartpqi: wake up drives after os resumes from suspend (bsc#1133547).
scsi: smartpqi_init: fix boolean expression in pqi_device_remove_start (bsc#1133547).
scsi: target/iblock: Fix overrun in WRITE SAME emulation (bsc#1140424).
scsi: target/iblock: Fix overrun in WRITE SAME emulation (bsc#1140424).
scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck() (bsc#1135296).
scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove (bsc#1051510).
scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host (bsc#1051510).
scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices (bsc#1051510).
scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs) (bsc#1051510).
sctp: silence warns on sctp_stream_init allocations (bsc#1083710).
selinux: use kernel linux/socket.h for genheaders and mdp (bsc#1134810).
serial: 8250_pxa: honor the port number from devicetree (bsc#1051510).
serial: ar933x_uart: Fix build failure with disabled console (bsc#1051510).
serial: sh-sci: disable DMA for uart_console (bsc#1051510).
serial: uartps: Do not add a trailing semicolon to macro (bsc#1051510).
serial: uartps: Fix long line over 80 chars (bsc#1051510).
serial: uartps: Fix multiple line dereference (bsc#1051510).
serial: uartps: Remove useless return from cdns_uart_poll_put_char (bsc#1051510).
serial: uartps: console_setup() can't be placed to init section (bsc#1051510).
soc/fsl/qe: Fix an error code in qe_pin_request() (bsc#1051510).
soc/tegra: fuse: Fix illegal free of IO base address (bsc#1051510).
soc/tegra: pmc: Drop locking from tegra_powergate_is_powered() (bsc#1051510).
soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher (bsc#1051510).
soc: qcom: gsbi: Fix error handling in gsbi_probe() (bsc#1051510).
soc: rockchip: Set the proper PWM for rk3288 (bsc#1051510).
spi : spi-topcliff-pch: Fix to handle empty DMA buffers (bsc#1051510).
spi-mem: fix kernel-doc for spi_mem_dirmap_{read|write}() (bsc#1111666).
spi: Add missing pm_runtime_put_noidle() after failed get (bsc#1111666).
spi: Fix zero length xfer bug (bsc#1051510).
spi: Micrel eth switch: declare missing of table (bsc#1051510).
spi: ST ST95HF NFC: declare missing of table (bsc#1051510).
spi: a3700: Clear DATA_OUT when performing a read (bsc#1051510).
spi: bcm2835aux: fix driver to not allow 65535 (=-1) cs-gpios (bsc#1051510).
spi: bcm2835aux: setup gpio-cs to output and correct level during setup (bsc#1051510).
spi: bcm2835aux: warn in dmesg that native cs is not really supported (bsc#1051510).
spi: bitbang: Fix NULL pointer dereference in spi_unregister_master (bsc#1051510).
spi: pxa2xx: fix SCR (divisor) calculation (bsc#1051510).
spi: rspi: Fix sequencer reset during initialization (bsc#1051510).
spi: spi-fsl-spi: call spi_finalize_current_message() at the end (bsc#1051510).
spi: tegra114: reset controller on probe (bsc#1051510).
ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit (bsc#1051510).
staging: comedi: amplc_pci230: fix null pointer deref on interrupt (bsc#1051510).
staging: comedi: dt282x: fix a null pointer deref on interrupt (bsc#1051510).
staging: comedi: ni_mio_common: Fix divide-by-zero for DIO cmdtest (bsc#1051510).
staging: comedi: ni_usb6501: Fix possible double-free of usb_rx_buf (bsc#1051510).
staging: comedi: ni_usb6501: Fix use of uninitialized mutex (bsc#1051510).
staging: comedi: vmk80xx: Fix possible double-free of usb_rx_buf (bsc#1051510).
staging: comedi: vmk80xx: Fix use of uninitialized semaphore (bsc#1051510).
staging: iio: ad7192: Fix ad7193 channel address (bsc#1051510).
staging: rtl8188eu: Fix potential NULL pointer dereference of kcalloc (bsc#1051510).
staging: rtl8712: reduce stack usage, again (bsc#1051510).
staging: rtl8712: uninitialized memory in read_bbreg_hdl() (bsc#1051510).
staging: rtlwifi: Fix potential NULL pointer dereference of kzalloc (bsc#1111666).
staging: rtlwifi: rtl8822b: fix to avoid potential NULL pointer dereference (bsc#1111666).
staging: vc04_services: prevent integer overflow in create_pagelist() (bsc#1051510).
staging: vt6655: Fix interrupt race condition on device start up (bsc#1051510).
staging: vt6655: Remove vif check from vnt_interrupt (bsc#1051510).
staging: wlan-ng: fix adapter initialization failure (bsc#1051510).
staging:iio:ad7150: fix threshold mode config bit (bsc#1051510).
stm class: Fix an endless loop in channel allocation (bsc#1051510).
stm class: Fix channel free in stm output free path (bsc#1051510).
stm class: Prevent division by zero (bsc#1051510).
supported.conf: Add cls_bpf, sch_ingress to kernel-default-base (bsc#1134743).
supported.conf: Add openvswitch to kernel-default-base (bsc#1124839).
supported.conf: Add openvswitch to kernel-default-base (bsc#1124839).
supported.conf: added mlxbf_tmfifo (bsc#1136333 jsc#SLE-4994)
supported.conf: dw_mmc-bluefield is not needed in kernel-default-base (bsc#1131574).
svm/avic: Fix invalidate logical APIC id entry (bsc#1132726).
svm: Add warning message for AVIC IPI invalid target (bsc#1140133).
svm: Add warning message for AVIC IPI invalid target (bsc#1140133).
svm: Fix AVIC DFR and LDR handling (bsc#1132558).
svm: Fix AVIC incomplete IPI emulation (bsc#1140133).
svm: Fix AVIC incomplete IPI emulation (bsc#1140133).
sysctl: handle overflow for file-max (bsc#1051510).
sysctl: handle overflow in proc_get_long (bsc#1051510).
tcp: add tcp_min_snd_mss sysctl (bsc#1137586).
tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (bsc#1137586).
tcp: fix fack_count accounting on tcp_shift_skb_data() (CVE-2019-11477 bsc#1137586).
tcp: fix tcp_set_congestion_control() use from bpf hook (bsc#1109837).
tcp: limit payload size of sacked skbs (bsc#1137586).
tcp: tcp_fragment() should apply sane memory limits (bsc#1137586).
team: Always enable vlan tx offload (bsc#1051510).
team: set slave to promisc if team is already in promisc mode (bsc#1051510).
testing: nvdimm: provide SZ_4G constant (bsc#1132982).
thermal/int340x_thermal: Add additional UUIDs (bsc#1051510).
thermal/int340x_thermal: fix mode setting (bsc#1051510).
thermal: cpu_cooling: Actually trace CPU load in thermal_power_cpu_get_power (bsc#1051510).
thermal: rcar_gen3_thermal: disable interrupt in .remove (bsc#1051510).
thunderbolt: Fix to check for kmemdup failure (bsc#1051510).
tmpfs: fix link accounting when a tmpfile is linked in (bsc#1051510).
tmpfs: fix uninitialized return value in shmem_link (bsc#1051510).
tools lib traceevent: Fix missing equality check for strcmp (bsc#1129770).
tools: bpftool: Fix json dump crash on powerpc (bsc#1109837).
tools: bpftool: fix infinite loop in map create (bsc#1109837).
tools: bpftool: use correct argument in cgroup errors (bsc#1109837).
tpm: Fix the type of the return value in calc_tpm2_event_size() (bsc#1082555).
tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account (bsc#1132527).
tracing/snapshot: Resize spare buffer if size changed (bsc#1140726).
tracing: Fix a memory leak by early error exit in trace_pid_write() (bsc#1133702).
tracing: Fix buffer_ref pipe ops (bsc#1133698).
tracing: Fix partial reading of trace event's id file (bsc#1136573).
treewide: Use DEVICE_ATTR_WO (bsc#1137739).
tty/vt: fix write/write race in ioctl(KDSKBSENT) handler (bsc#1051510).
tty: increase the default flip buffer limit to 2*640K (bsc#1051510).
tty: ipwireless: fix missing checks for ioremap (bsc#1051510).
tty: max310x: Fix external crystal register setup (bsc#1051510).
tty: pty: Fix race condition between release_one_tty and pty_write (bsc#1051510).
tty: rocket: fix incorrect forward declaration of 'rp_init()' (bsc#1051510).
tty: serial: cpm_uart - fix init when SMC is relocated (bsc#1051510).
tty: serial: msm_serial: Fix XON/XOFF (bsc#1051510).
tty: serial_core, add install (bnc#1129693).
tty: serial_core: Set port active bit in uart_port_activate (bsc#1051510).
tty: vt.c: Fix TIOCL_BLANKSCREEN console blanking if blankinterval == 0 (bsc#1051510).
udp: use indirect call wrappers for GRO socket lookup (bsc#1124503).
ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour (bsc#1135323).
usb-storage: Set virt_boundary_mask to avoid SG overflows (bsc#1051510).
usb: chipidea: Grab the (legacy) USB PHY by phandle first (bsc#1051510).
usb: core: Add PM runtime calls to usb_hcd_platform_shutdown (bsc#1051510).
usb: dwc2: Fix DMA cache alignment issues (bsc#1051510).
usb: dwc3: Fix default lpm_nyet_threshold value (bsc#1051510).
usb: f_fs: Avoid crash due to out-of-scope stack ptr access (bsc#1051510).
usb: gadget: ether: Fix race between gether_disconnect and rx_submit (bsc#1051510).
usb: gadget: fusb300_udc: Fix memory leak of fusb300 ep[i] (bsc#1051510).
usb: gadget: net2272: Fix net2272_dequeue() (bsc#1051510).
usb: gadget: net2280: Fix net2280_dequeue() (bsc#1051510).
usb: gadget: net2280: Fix overrun of OUT messages (bsc#1051510).
usb: gadget: udc: lpc32xx: allocate descriptor with GFP_ATOMIC (bsc#1051510).
usb: pci-quirks: Correct AMD PLL quirk detection (bsc#1051510).
usb: u132-hcd: fix resource leak (bsc#1051510).
usb: usb251xb: fix to avoid potential NULL pointer dereference (bsc#1051510).
usb: usbip: fix isoc packet num validation in get_pipe (bsc#1051510).
usbip: usbip_host: fix BUG: sleeping function called from invalid context (bsc#1051510).
usbip: usbip_host: fix stub_dev lock context imbalance regression (bsc#1051510).
usbnet: fix kernel crash after disconnect (bsc#1051510).
usbnet: ipheth: fix racing condition (bsc#1051510).
vfio/mdev: Avoid release parent reference during error path (bsc#1051510).
vfio/mdev: Fix aborting mdev child device removal if one fails (bsc#1051510).
vfio/pci: use correct format characters (bsc#1051510).
vfio: ccw: only free cp on final interrupt (bsc#1051510).
vfio_pci: Enable memory accesses before calling pci_map_rom (bsc#1051510).
vfs: allow dedupe of user owned read-only files (bsc#1133778, bsc#1132219).
vfs: allow dedupe of user owned read-only files (bsc#1133778, bsc#1132219).
vfs: avoid problematic remapping requests into partial EOF block (bsc#1133850, bsc#1132219).
vfs: avoid problematic remapping requests into partial EOF block (bsc#1133850, bsc#1132219).
vfs: dedupe should return EPERM if permission is not granted (bsc#1133779, bsc#1132219).
vfs: dedupe should return EPERM if permission is not granted (bsc#1133779, bsc#1132219).
vfs: dedupe: extract helper for a single dedup (bsc#1133769, bsc#1132219).
vfs: dedupe: extract helper for a single dedup (bsc#1133769, bsc#1132219).
vfs: exit early from zero length remap operations (bsc#1132411, bsc#1132219).
vfs: exit early from zero length remap operations (bsc#1132411, bsc#1132219).
vfs: export vfs_dedupe_file_range_one() to modules (bsc#1133772, bsc#1132219).
vfs: export vfs_dedupe_file_range_one() to modules (bsc#1133772, bsc#1132219).
vfs: limit size of dedupe (bsc#1132397, bsc#1132219).
vfs: limit size of dedupe (bsc#1132397, bsc#1132219).
vfs: rename clone_verify_area to remap_verify_area (bsc#1133852, bsc#1132219).
vfs: rename clone_verify_area to remap_verify_area (bsc#1133852, bsc#1132219).
vfs: skip zero-length dedupe requests (bsc#1133851, bsc#1132219).
vfs: skip zero-length dedupe requests (bsc#1133851, bsc#1132219).
vfs: swap names of {do,vfs}_clone_file_range() (bsc#1133774, bsc#1132219).
vfs: swap names of {do,vfs}_clone_file_range() (bsc#1133774, bsc#1132219).
vfs: vfs_clone_file_prep_inodes should return EINVAL for a clone from beyond EOF (bsc#1133780, bsc#1132219).
vfs: vfs_clone_file_prep_inodes should return EINVAL for a clone from beyond EOF (bsc#1133780, bsc#1132219).
vhost/vsock: fix reset orphans race with close timeout (bsc#1051510).
video: hgafb: fix potential NULL pointer dereference (bsc#1051510).
video: imsttfb: fix potential NULL pointer dereferences (bsc#1051510).
virtio-blk: limit number of hw queues by nr_cpu_ids (bsc#1051510).
virtio/s390: DMA support for virtio-ccw (jsc#SLE-6197 bsc#1140559 LTC#173150).
virtio/s390: add indirection to indicators access (jsc#SLE-6197 bsc#1140559 LTC#173150).
virtio/s390: make airq summary indicators DMA (jsc#SLE-6197 bsc#1140559 LTC#173150).
virtio/s390: use DMA memory for ccw I/O and classic notifiers (jsc#SLE-6197 bsc#1140559 LTC#173150).
virtio/s390: use cacheline aligned airq bit vectors (jsc#SLE-6197 bsc#1140559 LTC#173150).
virtio/s390: use vring_create_virtqueue (jsc#SLE-6197 bsc#1140559 LTC#173150).
virtio: Honour 'may_reduce_num' in vring_create_virtqueue (bsc#1051510).
virtio_console: initialize vtermno value for ports (bsc#1051510).
virtio_pci: fix a NULL pointer reference in vp_del_vqs (bsc#1051510).
vlan: disable SIOCSHWTSTAMP in container (bsc#1051510).
vsock/virtio: Initialize core virtio vsock before registering the driver (bsc#1051510).
vsock/virtio: fix kernel panic after device hot-unplug (bsc#1051510).
vsock/virtio: fix kernel panic from virtio_transport_reset_no_sock (bsc#1051510).
vsock/virtio: reset connected sockets on device removal (bsc#1051510).
vt: always call notifier with the console lock held (bsc#1051510).
vxlan: trivial indenting fix (bsc#1051510).
vxlan: use __be32 type for the param vni in __vxlan_fdb_delete (bsc#1051510).
w1: fix the resume command API (bsc#1051510).
watchdog: imx2_wdt: Fix set_timeout for big timeout values (bsc#1051510).
wil6210: check null pointer in _wil_cfg80211_merge_extra_ies (bsc#1051510).
wil6210: drop old event after wmi_call timeout (bsc#1111666).
wil6210: fix potential out-of-bounds read (bsc#1051510).
wil6210: fix return code of wmi_mgmt_tx and wmi_mgmt_tx_ext (bsc#1111666).
wil6210: fix spurious interrupts in 3-msi (bsc#1111666).
wlcore: Fix memory leak in case wl12xx_fetch_firmware failure (bsc#1051510).
x86, mm: fix fast GUP with hyper-based TLB flushing (VM Functionality, bsc#1140903).
x86/CPU/AMD: Don't force the CPB cap when running under a hypervisor (bsc#1114279).
x86/MCE/AMD, EDAC/mce_amd: Add new MP5, NBIO, and pciE SMCA bank types (bsc#1128415).
x86/MCE/AMD, EDAC/mce_amd: Add new McaTypes for CS, PSP, and SMU units (bsc#1128415).
x86/MCE/AMD, EDAC/mce_amd: Add new error descriptions for some SMCA bank types (bsc#1128415).
x86/MCE: Fix kABI for new AMD bank names (bsc#1128415).
x86/PCI: Fixup RTIT_BAR of Intel Denverton Trace Hub (bsc#1120318).
x86/cpu: Sanitize FAM6_ATOM naming (bsc#1111331).
x86/kvm/hyper-v: avoid spurious pending stimer on vCPU init (bsc#1132572).
x86/mce/AMD, EDAC/mce_amd: Enumerate Reserved SMCA bank type (bsc#1128415).
x86/mce/AMD: Pass the bank number to smca_get_bank_type() (bsc#1128415).
x86/mce: Fix machine_check_poll() tests for error types (bsc#1114279).
x86/mce: Handle varying MCA bank counts (bsc#1128415).
x86/microcode, cpuhotplug: Add a microcode loader CPU hotplug callback (bsc#1114279).
x86/microcode: Fix microcode hotplug state (bsc#1114279).
x86/microcode: Fix the ancient deprecated microcode loading method (bsc#1114279).
x86/mm/mem_encrypt: Disable all instrumentation for early SME setup (bsc#1114279).
x86/msr-index: Cleanup bit defines (bsc#1111331).
x86/perf/amd: Remove need to check 'running' bit in NMI handler (bsc#1131438).
x86/perf/amd: Resolve NMI latency issues for active PMCs (bsc#1131438).
x86/perf/amd: Resolve race condition when disabling PMC (bsc#1131438).
x86/speculation/mds: Fix documentation typo (bsc#1135642).
x86/speculation/mds: Fix documentation typo (bsc#1135642).
x86/speculation/mds: Fix documentation typo (bsc#1135642).
x86/speculation/mds: Fix documentation typo (bsc#1135642).
x86/speculation/mds: Revert CPU buffer clear on double fault exit (bsc#1114279).
x86/speculation: Prevent deadlock on ssb_state::lock (bsc#1114279).
x86/speculation: Prevent deadlock on ssb_state::lock (bsc#1114279).
x86/speculation: Support 'mitigations=' cmdline option (bsc#1112178).
x86/tsc: Force inlining of cyc2ns bits (bsc#1052904).
x86/umip: Make the UMIP activated message generic (bsc#1138336).
x86/umip: Print UMIP line only once (bsc#1138336).
x86_64: Add gap to int3 to allow for call emulation (bsc#1099658).
x86_64: Allow breakpoints to emulate call instructions (bsc#1099658).
xdp: check device pointer before clearing (bsc#1109837).
xdp: fix possible cq entry leak (bsc#1109837).
xdp: fix race on generic receive path (bsc#1109837).
xdp: hold device for umem regardless of zero-copy mode (bsc#1109837).
xen/pciback: Don't disable PCI_COMMAND on PCI device reset (bsc#1065600).
xen: Prevent buffer overflow in privcmd ioctl (bsc#1065600).
xen: let alloc_xenballooned_pages() fail if not enough memory free (bsc#1142450 XSA-300).
xen: remove pre-xen3 fallback handlers (bsc#1065600).
xenbus: drop useless LIST_HEAD in xenbus_write_watch() and xenbus_file_write() (bsc#1065600).
xfs: add log item pinning error injection tag (bsc#1114427).
xfs: add the ability to join a held buffer to a defer_ops (bsc#1133674).
xfs: allow xfs_lock_two_inodes to take different EXCL/SHARED modes (bsc#1132370, bsc#1132219).
xfs: allow xfs_lock_two_inodes to take different EXCL/SHARED modes (bsc#1132370, bsc#1132219).
xfs: buffer lru reference count error injection tag (bsc#1114427).
xfs: call xfs_qm_dqattach before performing reflink operations (bsc#1132368, bsc#1132219).
xfs: call xfs_qm_dqattach before performing reflink operations (bsc#1132368, bsc#1132219).
xfs: cap the length of deduplication requests (bsc#1132373, bsc#1132219).
xfs: cap the length of deduplication requests (bsc#1132373, bsc#1132219).
xfs: check _btree_check_block value (bsc#1123663).
xfs: clean up xfs_reflink_remap_blocks call site (bsc#1132413, bsc#1132219).
xfs: clean up xfs_reflink_remap_blocks call site (bsc#1132413, bsc#1132219).
xfs: convert drop_writes to use the errortag mechanism (bsc#1114427).
xfs: create block pointer check functions (bsc#1123663).
xfs: create inode pointer verifiers (bsc#1114427).
xfs: detect and fix bad summary counts at mount (bsc#1114427).
xfs: do not overflow xattr listent buffer (bsc#1143105).
xfs: do not set the page uptodate in xfs_writepage_map (bsc#1138003).
xfs: don't clear imap_valid for a non-uptodate buffers (bsc#1138018).
xfs: don't look at buffer heads in xfs_add_to_ioend (bsc#1138013).
xfs: don't use XFS_BMAPI_ENTRIRE in xfs_get_blocks (bsc#1137999).
xfs: don't use XFS_BMAPI_IGSTATE in xfs_map_blocks (bsc#1138005).
xfs: eof trim writeback mapping as soon as it is cached (bsc#1138019).
xfs: export _inobt_btrec_to_irec and _ialloc_cluster_alignment for scrub (bsc#1114427).
xfs: export various function for the online scrubber (bsc#1123663).
xfs: expose errortag knobs via sysfs (bsc#1114427).
xfs: fix data corruption w/ unaligned dedupe ranges (bsc#1132405, bsc#1132219).
xfs: fix data corruption w/ unaligned dedupe ranges (bsc#1132405, bsc#1132219).
xfs: fix data corruption w/ unaligned reflink ranges (bsc#1132407, bsc#1132219).
xfs: fix data corruption w/ unaligned reflink ranges (bsc#1132407, bsc#1132219).
xfs: fix pagecache truncation prior to reflink (bsc#1132412, bsc#1132219).
xfs: fix pagecache truncation prior to reflink (bsc#1132412, bsc#1132219).
xfs: fix reporting supported extra file attributes for statx() (bsc#1133529).
xfs: fix s_maxbytes overflow problems (bsc#1137996).
xfs: fix unused variable warning in xfs_buf_set_ref() (bsc#1114427).
xfs: flush removing page cache in xfs_reflink_remap_prep (bsc#1132414, bsc#1132219).
xfs: flush removing page cache in xfs_reflink_remap_prep (bsc#1132414, bsc#1132219).
xfs: force summary counter recalc at next mount (bsc#1114427).
xfs: hold xfs_buf locked between shortform leaf conversion and the addition of an attribute (bsc#1133675).
xfs: kill meaningless variable 'zero' (bsc#1106011).
xfs: make errortag a per-mountpoint structure (bsc#1123663).
xfs: make xfs_writepage_map extent map centric (bsc#1138009).
xfs: minor cleanup for xfs_get_blocks (bsc#1138000).
xfs: move all writeback buffer_head manipulation into xfs_map_at_offset (bsc#1138014).
xfs: move error injection tags into their own file (bsc#1114427).
xfs: only grab shared inode locks for source file during reflink (bsc#1132372, bsc#1132219).
xfs: only grab shared inode locks for source file during reflink (bsc#1132372, bsc#1132219).
xfs: prepare xfs_break_layouts() for another layout type (bsc#1106011).
xfs: prepare xfs_break_layouts() to be called with XFS_MMAPLOCK_EXCL (bsc#1106011).
xfs: refactor btree block header checking functions (bsc#1123663).
xfs: refactor btree pointer checks (bsc#1123663).
xfs: refactor clonerange preparation into a separate helper (bsc#1132402, bsc#1132219).
xfs: refactor clonerange preparation into a separate helper (bsc#1132402, bsc#1132219).
xfs: refactor the tail of xfs_writepage_map (bsc#1138016).
xfs: refactor unmount record write (bsc#1114427).
xfs: refactor xfs_trans_roll (bsc#1133667).
xfs: reflink find shared should take a transaction (bsc#1132226, bsc#1132219).
xfs: reflink find shared should take a transaction (bsc#1132226, bsc#1132219).
xfs: reflink should break pnfs leases before sharing blocks (bsc#1132369, bsc#1132219).
xfs: reflink should break pnfs leases before sharing blocks (bsc#1132369, bsc#1132219).
xfs: remove XFS_IO_INVALID (bsc#1138017).
xfs: remove dest file's post-eof preallocations before reflinking (bsc#1132365, bsc#1132219).
xfs: remove dest file's post-eof preallocations before reflinking (bsc#1132365, bsc#1132219).
xfs: remove the imap_valid flag (bsc#1138012).
xfs: remove the ip argument to xfs_defer_finish (bsc#1133672).
xfs: remove unneeded parameter from XFS_TEST_ERROR (bsc#1123663).
xfs: remove unused parameter from xfs_writepage_map (bsc#1137995).
xfs: remove xfs_map_cow (bsc#1138007).
xfs: remove xfs_reflink_find_cow_mapping (bsc#1138010).
xfs: remove xfs_reflink_trim_irec_to_next_cow (bsc#1138006).
xfs: remove xfs_start_page_writeback (bsc#1138015).
xfs: remove xfs_zero_range (bsc#1106011).
xfs: rename MAXPATHLEN to XFS_SYMLINK_MAXLEN (bsc#1123663).
xfs: rename the offset variable in xfs_writepage_map (bsc#1138008).
xfs: rename xfs_defer_join to xfs_defer_ijoin (bsc#1133668).
xfs: replace log_badcrc_factor knob with error injection tag (bsc#1114427).
xfs: sanity-check the unused space before trying to use it (bsc#1123663).
xfs: serialize unaligned dio writes against all other dio writes (bsc#1134936).
xfs: simplify xfs_map_blocks by using xfs_iext_lookup_extent directly (bsc#1138011).
xfs: skip CoW writes past EOF when writeback races with truncate (bsc#1137998).
xfs: update ctime and remove suid before cloning files (bsc#1132404, bsc#1132219).
xfs: update ctime and remove suid before cloning files (bsc#1132404, bsc#1132219).
xfs: xfs_reflink_convert_cow() memory allocation deadlock (bsc#1138002).
xfs: zero posteof blocks when cloning above eof (bsc#1132403, bsc#1132219).
xfs: zero posteof blocks when cloning above eof (bsc#1132403, bsc#1132219).
xhci: Convert xhci_handshake() to use readl_poll_timeout_atomic() (bsc#1051510).
xhci: Use %zu for printing size_t type (bsc#1051510).
xhci: update bounce buffer with correct sg num (bsc#1051510).
xprtrdma: Fix use-after-free in rpcrdma_post_recvs (bsc#1103992 FATE#326009).
xsk: Properly terminate assignment in xskq_produce_flush_desc (bsc#1109837).
{nl,mac}80211: allow 4addr AP operation on crypto controlled devices (bsc#1051510).

Advisory ID	SUSE-SU-2019:2738-1
Released	Tue Oct 22 14:35:13 2019
Summary	Security update for the Linux Kernel
Type	security
Severity	important
References	1047238,1050911,1051510,1054914,1055117,1056686,1060662,1061840,1061843,1064597,1064701,1065600,1065729,1066369,1071009,1071306,1078248,1082555,1082635,1085030,1085536,1085539,1086103,1087092,1090734,1091171,1093205,1102097,1103990,1104353,1104427,1104745,1104902,1106061,1106284,1106434,1108382,1109837,1111666,1112178,1112374,1112894,1112899,1112902,1112903,1112905,1112906,1112907,1113722,1113994,1114279,1114542,1118689,1119086,1119113,1120046,1120876,1120902,1123105,1123959,1124370,1129424,1129519,1129664,1131107,1131281,1131489,1131565,1132426,1133021,1134291,1134476,1134881,1134882,1135219,1135642,1135897,1135990,1136039,1136261,1136346,1136349,1136352,1136496,1136498,1136502,1136682,1137322,1137323,1137884,1138099,1138100,1138539,1139020,1139021,1139101,1139500,1140012,1140426,1140487,1141340,1141450,1141543,1141554,1142019,1142076,1142109,1142117,1142118,1142119,1142496,1142541,1142635,1142685,1142701,1142857,1143300,1143331,1143466,1143706,1143738,1143765,1143841,1143843,1143962,1144123,1144333,1144375,1144474,1144518,1144582,1144718,1144813,1144880,1144886,1144912,1144920,1144979,1145010,1145018,1145051,1145059,1145189,1145235,1145256,1145300,1145302,1145357,1145388,1145389,1145390,1145391,1145392,1145393,1145394,1145395,1145396,1145397,1145408,1145409,1145446,1145661,1145678,1145687,1145920,1145922,1145934,1145937,1145940,1145941,1145942,1145946,1146074,1146084,1146141,1146163,1146215,1146285,1146346,1146351,1146352,1146361,1146368,1146376,1146378,1146381,1146391,1146399,1146413,1146425,1146512,1146514,1146516,1146519,1146524,1146526,1146529,1146531,1146543,1146547,1146550,1146575,1146589,1146678,1146938,1148031,1148032,1148033,1148034,1148035,1148093,1148133,1148192,1148196,1148198,1148202,1148219,1148297,1148303,1148308,1148363,1148379,1148394,1148527,1148570,1148574,1148616,1148617,1148619,1148698,1148859,1148868,1149053,1149083,1149104,1149105,1149106,1149197,1149214,1149224,1149325,1149376,1149413,1149418,1149424,1149522,1149527,1149539,1149552,1149591,1149602,1149612,1149626,1149652,1149713,1149940,1149976,1150025,1150033,1150112,1150562,1150727,1150860,1150861,1150933,CVE-2017-18551,CVE-2018-20976,CVE-2018-21008,CVE-2019-10207,CVE-2019-14814,CVE-2019-14815,CVE-2019-14816,CVE-2019-14835,CVE-2019-15030,CVE-2019-15031,CVE-2019-15090,CVE-2019-15098,CVE-2019-15099,CVE-2019-15117,CVE-2019-15118,CVE-2019-15211,CVE-2019-15212,CVE-2019-15214,CVE-2019-15215,CVE-2019-15216,CVE-2019-15217,CVE-2019-15218,CVE-2019-15219,CVE-2019-15220,CVE-2019-15221,CVE-2019-15222,CVE-2019-15239,CVE-2019-15290,CVE-2019-15292,CVE-2019-15538,CVE-2019-15666,CVE-2019-15902,CVE-2019-15917,CVE-2019-15919,CVE-2019-15920,CVE-2019-15921,CVE-2019-15924,CVE-2019-15926,CVE-2019-15927,CVE-2019-9456

Description:

The SUSE Linux Enterprise 15 SP1 RT kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

CVE-2019-14835: A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could have used this flaw to increase their privileges on the host (bnc#1150112).
CVE-2019-15216: There was a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver (bnc#1146361).
CVE-2019-15924: fm10k_init_module in drivers/net/ethernet/intel/fm10k/fm10k_main.c had a NULL pointer dereference because there was no -ENOMEM upon an alloc_workqueue failure (bnc#1149612).
CVE-2019-9456: In the Pixel C USB monitor driver there was a possible OOB write due to a missing bounds check. This could have led to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1150025).
CVE-2019-15031: In the Linux kernel on the powerpc platform, a local user could have read vector registers of other users' processes via an interrupt. To exploit the vulnerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process, because MSR_TM_ACTIVE was misused in arch/powerpc/kernel/process.c (bnc#1149713).
CVE-2019-15030: In the Linux kernel on the powerpc platform, a local user could have read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check (bnc#1149713).
CVE-2019-15920: SMB2_read in fs/cifs/smb2pdu.c had a use-after-free. (bnc#1149626).
CVE-2019-15921: There was a memory leak issue when idr_alloc() fails in genl_register_family() in net/netlink/genetlink.c (bnc#1149602).
CVE-2018-21008: A use-after-free could have been caused by the function rsi_mac80211_detach in the file drivers/net/wireless/rsi/rsi_91x_mac80211.c (bnc#1149591).
CVE-2019-15919: SMB2_write in fs/cifs/smb2pdu.c had a use-after-free (bnc#1149552).
CVE-2019-15917: There was a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c (bnc#1149539).
CVE-2019-15926: An out-of-bounds access existed in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx in the file drivers/net/wireless/ath/ath6kl/wmi.c (bnc#1149527).
CVE-2019-15927: An out-of-bounds access existed in the function build_audio_procunit in the file sound/usb/mixer.c (bnc#1149522).
CVE-2019-15902: Misuse of the upstream 'x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()' commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped (bnc#1149376).
CVE-2019-15666: There was an out-of-bounds array access in __xfrm_policy_unlink, which will cause denial of service, because verify_newpolicy_info in net/xfrm/xfrm_user.c mishandled directory validation (bnc#1148394).
CVE-2019-15219: There was a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver (bnc#1146524).
CVE-2019-14814: There was a heap-based buffer overflow in the Marvell wifi chip driver, that allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1146512).
CVE-2019-14815: There was a heap-based buffer overflow in the Marvell wifi chip driver, that allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code. (bsc#1146514)
CVE-2019-14816: There was a heap-based buffer overflow in the Marvell wifi chip driver, that allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1146516).
CVE-2019-15220: There was a use-after-free caused by a malicious USB device in the drivers/net/wireless/intersil/p54/p54usb.c driver (bnc#1146526).
CVE-2019-15538: An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS (bnc#1148093).
- Update reference for ath6kl fix (CVE-2019-15290,bsc#1146543).
- Update reference for ath6kl fix (CVE-2019-15290,bsc#1146543).
CVE-2019-15099: drivers/net/wireless/ath/ath10k/usb.c had a NULL pointer dereference via an incomplete address in an endpoint descriptor (bnc#1146368).
CVE-2019-15098: drivers/net/wireless/ath/ath6kl/usb.c had a NULL pointer dereference via an incomplete address in an endpoint descriptor (bnc#1146378).
CVE-2019-15239: An incorrect backport of a certain net/ipv4/tcp_output.c fix allowed a local attacker to trigger multiple use-after-free conditions. This could result in a kernel crash, or potentially in privilege escalation. (bsc#1146589)
CVE-2019-15212: There was a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver (bnc#1146391).
CVE-2019-15292: There was a use-after-free in atalk_proc_exit, related to net/appletalk/atalk_proc.c, net/appletalk/ddp.c, and net/appletalk/sysctl_net_atalk.c (bnc#1146678).
CVE-2019-15217: There was a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver (bnc#1146547).
CVE-2019-15211: There was a use-after-free caused by a malicious USB device in the drivers/media/v4l2-core/v4l2-dev.c driver because drivers/media/radio/radio-raremono.c did not properly allocate memory (bnc#1146519).
CVE-2019-15214: There was a use-after-free in the sound subsystem because card disconnection causes certain data structures to be deleted too early. This is related to sound/core/init.c and sound/core/info.c (bnc#1146550).
CVE-2019-15221: There was a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver (bnc#1146529).
CVE-2019-15222: There was a NULL pointer dereference caused by a malicious USB device in the sound/usb/helper.c (motu_microbookii) driver (bnc#1146531).
CVE-2019-15218: There was a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver (bnc#1146413).
CVE-2019-15215: There was a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver (bnc#1146425).
CVE-2019-15090: An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the qedi_dbg_* family of functions, there is an out-of-bounds read (bnc#1146399).
CVE-2018-20976: An issue was discovered in fs/xfs/xfs_super.c. A use after free exists, related to xfs_fs_fill_super failure (bnc#1146285).
CVE-2017-18551: An issue was discovered in drivers/i2c/i2c-core-smbus.c. There was an out of bounds write in the function i2c_smbus_xfer_emulated (bnc#1146163).
CVE-2019-15118: check_input_term in sound/usb/mixer.c mishandled recursion, leading to kernel stack exhaustion (bnc#1145922).
CVE-2019-15117: parse_audio_mixer_unit in sound/usb/mixer.c mishandled a short descriptor, leading to out-of-bounds memory access (bnc#1145920).
CVE-2019-10207: Bluetooth/hci_uart was missing a check for tty operations (bsc#1142857).

The following non-security bugs were fixed:

9p: acl: fix uninitialized iattr access (bsc#1051510).
9p: p9dirent_read: check network-provided name length (bsc#1051510).
9p: pass the correct prototype to read_cache_page (bsc#1051510).
9p/rdma: do not disconnect on down_interruptible EAGAIN (bsc#1051510).
9p/rdma: remove useless check in cm_event_handler (bsc#1051510).
9p/virtio: Add cleanup path in p9_virtio_init (bsc#1051510).
9p/xen: Add cleanup path in p9_trans_xen_init (bsc#1051510).
9p/xen: fix check for xenbus_read error in front_probe (bsc#1051510).
ACPI/arm64: ignore 5.1 FADTs that are reported as 5.0 (bsc#1051510).
ACPICA: Increase total number of possible Owner IDs (bsc#1148859).
ACPI: fix false-positive -Wuninitialized warning (bsc#1051510).
ACPI/IORT: Fix off-by-one check in iort_dev_find_its_id() (bsc#1051510).
ACPI: PM: Fix regression in acpi_device_set_power() (bsc#1051510).
Add missing structs and defines from recent SMB3.1.1 documentation (bsc#1144333).
Add new flag on SMB3.1.1 read (bsc#1144333).
Address lock imbalance warnings in smbdirect.c (bsc#1144333).
Add some missing debug fields in server and tcon structs (bsc#1144333).
add some missing definitions (bsc#1144333).
Add vers=3.0.2 as a valid option for SMBv3.0.2 (bsc#1144333).
af_key: fix leaks in key_pol_get_resp and dump_sp (bsc#1051510).
af_packet: Block execution of tasks waiting for transmit to complete in AF_PACKET (networking-stable-19_07_02).
ALSA: firewire: fix a memory leak bug (bsc#1051510).
ALSA: hda - Add a generic reboot_notify (bsc#1051510).
ALSA: hda - Apply workaround for another AMD chip 1022:1487 (bsc#1051510).
ALSA: hda/ca0132 - Add new SBZ quirk (bsc#1051510).
ALSA: hda - Do not override global PCM hw info flag (bsc#1051510).
ALSA: hda: Fix 1-minute detection delay when i915 module is not available (bsc#1111666).
ALSA: hda - Fix a memory leak bug (bsc#1051510).
ALSA: hda - Fixes inverted Conexant GPIO mic mute led (bsc#1051510).
ALSA: hda - Fix potential endless loop at applying quirks (bsc#1051510).
ALSA: hda: kabi workaround for generic parser flag (bsc#1051510).
ALSA: hda - Let all conexant codec enter D3 when rebooting (bsc#1051510).
ALSA: hda/realtek - Add quirk for HP Envy x360 (bsc#1051510).
ALSA: hda/realtek - Add quirk for HP Pavilion 15 (bsc#1051510).
ALSA: hda/realtek - Enable internal speaker & headset mic of ASUS UX431FL (bsc#1051510).
ALSA: hda/realtek - Fix overridden device-specific initialization (bsc#1051510).
ALSA: hda/realtek - Fix the problem of two front mics on a ThinkCentre (bsc#1051510).
ALSA: hda - Workaround for crackled sound on AMD controller (1022:1457) (bsc#1051510).
ALSA: hiface: fix multiple memory leak bugs (bsc#1051510).
ALSA: line6: Fix memory leak at line6_init_pcm() error path (bsc#1051510).
ALSA: pcm: fix lost wakeup event scenarios in snd_pcm_drain (bsc#1051510).
ALSA: seq: Fix potential concurrent access to the deleted pool (bsc#1051510).
ALSA: usb-audio: Add implicit fb quirk for Behringer UFX1604 (bsc#1051510).
ALSA: usb-audio: Check mixer unit bitmap yet more strictly (bsc#1051510).
ALSA: usb-audio: fix a memory leak bug (bsc#1111666).
ALSA: usb-audio: Fix gpf in snd_usb_pipe_sanity_check (bsc#1051510).
ALSA: usb-audio: Fix invalid NULL check in snd_emuusb_set_samplerate() (bsc#1051510).
arm64: fix undefined reference to 'printk' (bsc#1148219).
arm64/kernel: rename module_emit_adrp_veneer->module_emit_veneer_for_adrp (bsc#1148219).
arm64: KVM: Fix architecturally invalid reset value for FPEXC32_EL2 (bsc#1133021).
arm64: module: do not BUG when exceeding preallocated PLT count (bsc#1148219).
arm64: PCI: Preserve firmware configuration when desired (SLE-9332).
ARM: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling (bsc#1133021).
ARM: KVM: report support for SMCCC_ARCH_WORKAROUND_1 (bsc#1133021).
ASoC: dapm: Fix handling of custom_stop_condition on DAPM graph walks (bsc#1051510).
ASoC: Fail card instantiation if DAI format setup fails (bsc#1051510).
ata: libahci: do not complain in case of deferred probe (bsc#1051510).
ath10k: Change the warning message string (bsc#1051510).
ath10k: Drop WARN_ON()s that always trigger during system resume (bsc#1111666).
batman-adv: fix uninit-value in batadv_netlink_get_ifindex() (bsc#1051510).
batman-adv: Only read OGM2 tvlv_len after buffer len check (bsc#1051510).
batman-adv: Only read OGM tvlv_len after buffer len check (bsc#1051510).
bcache: fix possible memory leak in bch_cached_dev_run() (git fixes).
bcache: Revert 'bcache: use sysfs_match_string() instead of __sysfs_match_string()' (git fixes).
bio: fix improper use of smp_mb__before_atomic() (git fixes).
blk-mq: backport fixes for blk_mq_complete_e_request_sync() (bsc#1145661).
blk-mq: Fix spelling in a source code comment (git fixes).
blk-mq: introduce blk_mq_complete_request_sync() (bsc#1145661).
blk-wbt: Avoid lock contention and thundering herd issue in wbt_wait (bsc#1141543).
blk-wbt: Avoid lock contention and thundering herd issue in wbt_wait (bsc#1141543).
block, documentation: Fix wbt_lat_usec documentation (git fixes).
Bluetooth: 6lowpan: search for destination address in all peers (bsc#1051510).
Bluetooth: Add SMP workaround Microsoft Surface Precision Mouse bug (bsc#1051510).
Bluetooth: btqca: Add a short delay before downloading the NVM (bsc#1051510).
Bluetooth: Check state in l2cap_disconnect_rsp (bsc#1051510).
Bluetooth: hci_bcsp: Fix memory leak in rx_skb (bsc#1051510).
Bluetooth: validate BLE connection interval updates (bsc#1051510).
bnx2fc_fcoe: Use skb_queue_walk_safe() (bsc#1136502 jsc#SLE-4703).
bnx2x: Disable multi-cos feature (bsc#1136498 jsc#SLE-4699).
bnx2x: Prevent ptp_task to be rescheduled indefinitely (networking-stable-19_07_25).
bnxt_en: Fix to include flow direction in L2 key (bsc#1104745 ).
bnxt_en: Fix VNIC clearing logic for 57500 chips (bsc#1104745 ).
bnxt_en: Improve RX doorbell sequence (bsc#1104745).
bnxt_en: Use correct src_fid to determine direction of the flow (bsc#1104745).
bonding: Always enable vlan tx offload (networking-stable-19_07_02).
bonding: validate ip header before check IPPROTO_IGMP (networking-stable-19_07_25).
bpf: sockmap, only create entry if ulp is not already enabled (bsc#1109837).
bpf: sockmap, sock_map_delete needs to use xchg (bsc#1109837).
bpf: sockmap, synchronize_rcu before free'ing map (bsc#1109837).
btrfs: add a helper to retrive extent inline ref type (bsc#1149325).
btrfs: add cleanup_ref_head_accounting helper (bsc#1050911).
btrfs: add missing inode version, ctime and mtime updates when punching hole (bsc#1140487).
btrfs: add one more sanity check for shared ref type (bsc#1149325).
btrfs: clean up pending block groups when transaction commit aborts (bsc#1050911).
btrfs: convert to use btrfs_get_extent_inline_ref_type (bsc#1149325).
btrfs: do not abort transaction at btrfs_update_root() after failure to COW path (bsc#1150933).
btrfs: fix assertion failure during fsync and use of stale transaction (bsc#1150562).
btrfs: fix data loss after inode eviction, renaming it, and fsync it (bsc#1145941).
btrfs: Fix delalloc inodes invalidation during transaction abort (bsc#1050911).
btrfs: fix fsync not persisting dentry deletions due to inode evictions (bsc#1145942).
btrfs: fix incremental send failure after deduplication (bsc#1145940).
btrfs: fix pinned underflow after transaction aborted (bsc#1050911).
btrfs: fix race between send and deduplication that lead to failures and crashes (bsc#1145059).
btrfs: fix race leading to fs corruption after transaction abort (bsc#1145937).
btrfs: handle delayed ref head accounting cleanup in abort (bsc#1050911).
btrfs: prevent send failures and crashes due to concurrent relocation (bsc#1145059).
btrfs: remove BUG() in add_data_reference (bsc#1149325).
btrfs: remove BUG() in btrfs_extent_inline_ref_size (bsc#1149325).
btrfs: remove BUG() in print_extent_item (bsc#1149325).
btrfs: remove BUG_ON in __add_tree_block (bsc#1149325).
btrfs: scrub: add memalloc_nofs protection around init_ipath (bsc#1086103).
btrfs: Split btrfs_del_delalloc_inode into 2 functions (bsc#1050911).
btrfs: start readahead also in seed devices (bsc#1144886).
btrfs: track running balance in a simpler way (bsc#1145059).
btrfs: use GFP_KERNEL in init_ipath (bsc#1086103).
caif-hsi: fix possible deadlock in cfhsi_exit_module() (networking-stable-19_07_25).
can: m_can: implement errata 'Needless activation of MRAF irq' (bsc#1051510).
can: mcp251x: add support for mcp25625 (bsc#1051510).
can: peak_usb: fix potential double kfree_skb() (bsc#1051510).
can: peak_usb: force the string buffer NULL-terminated (bsc#1051510).
can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices (bsc#1051510).
can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices (bsc#1051510).
can: rcar_canfd: fix possible IRQ storm on high load (bsc#1051510).
can: sja1000: force the string buffer NULL-terminated (bsc#1051510).
carl9170: fix misuse of device driver API (bsc#1142635).
ceph: add btime field to ceph_inode_info (bsc#1148133 bsc#1136682).
ceph: add ceph.snap.btime vxattr (bsc#1148133 bsc#1148570).
ceph: add change_attr field to ceph_inode_info (bsc#1148133 bsc#1136682).
ceph: always get rstat from auth mds (bsc#1146346).
ceph: carry snapshot creation time with inodes (bsc#1148133 bsc#1148570).
ceph: clean up ceph.dir.pin vxattr name sizeof() (bsc#1146346).
ceph: clean up ceph.dir.pin vxattr name sizeof() (bsc#1146346).
ceph: clear page dirty before invalidate page (bsc#1148133).
ceph: decode feature bits in session message (bsc#1146346).
ceph: decode feature bits in session message (bsc#1146346).
ceph: do not blindly unregister session that is in opening state (bsc#1148133).
ceph: do not blindly unregister session that is in opening state (bsc#1148133).
ceph: do not try fill file_lock on unsuccessful GETFILELOCK reply (bsc#1148133).
ceph: do not try fill file_lock on unsuccessful GETFILELOCK reply (bsc#1148133).
ceph: fix buffer free while holding i_ceph_lock in __ceph_build_xattrs_blob() (bsc#1148133).
ceph: fix buffer free while holding i_ceph_lock in __ceph_build_xattrs_blob() (bsc#1148133).
ceph: fix buffer free while holding i_ceph_lock in __ceph_setxattr() (bsc#1148133).
ceph: fix buffer free while holding i_ceph_lock in __ceph_setxattr() (bsc#1148133).
ceph: fix buffer free while holding i_ceph_lock in fill_inode() (bsc#1148133).
ceph: fix buffer free while holding i_ceph_lock in fill_inode() (bsc#1148133).
ceph: fix 'ceph.dir.rctime' vxattr value (bsc#1148133 bsc#1135219).
ceph: fix 'ceph.dir.rctime' vxattr value (bsc#1148133 bsc#1135219).
ceph: fix decode_locker to use ceph_decode_entity_addr (bsc#1148133 bsc#1136682).
ceph: fix improper use of smp_mb__before_atomic() (bsc#1148133).
ceph: fix improper use of smp_mb__before_atomic() (bsc#1148133).
ceph: fix infinite loop in get_quota_realm() (bsc#1148133).
ceph: fix iov_iter issues in ceph_direct_read_write() (bsc#1141450).
ceph: fix listxattr vxattr buffer length calculation (bsc#1148133 bsc#1148570).
ceph: handle btime in cap messages (bsc#1148133 bsc#1136682).
ceph: handle change_attr in cap messages (bsc#1148133 bsc#1136682).
ceph: have MDS map decoding use entity_addr_t decoder (bsc#1148133 bsc#1136682).
ceph: hold i_ceph_lock when removing caps for freeing inode (bsc#1148133).
ceph: hold i_ceph_lock when removing caps for freeing inode (bsc#1148133).
ceph: increment change_attribute on local changes (bsc#1148133 bsc#1136682).
ceph: initialize superblock s_time_gran to 1 (bsc#1148133).
ceph: remove request from waiting list before unregister (bsc#1148133).
ceph: remove request from waiting list before unregister (bsc#1148133).
ceph: remove unused vxattr length helpers (bsc#1148133 bsc#1148570).
ceph: silence a checker warning in mdsc_show() (bsc#1148133).
ceph: silence a checker warning in mdsc_show() (bsc#1148133).
ceph: support cephfs' own feature bits (bsc#1146346).
ceph: support getting ceph.dir.pin vxattr (bsc#1146346).
ceph: support getting ceph.dir.pin vxattr (bsc#1146346).
ceph: support versioned reply (bsc#1146346).
ceph: support versioned reply (bsc#1146346).
ceph: use bit flags to define vxattr attributes (bsc#1146346).
cifs: Accept validate negotiate if server return NT_STATUS_NOT_SUPPORTED (bsc#1144333).
cifs: add a new SMB2_close_flags function (bsc#1144333).
cifs: add a smb2_compound_op and change QUERY_INFO to use it (bsc#1144333).
cifs: add a timeout argument to wait_for_free_credits (bsc#1144333).
cifs: add a warning if we try to to dequeue a deleted mid (bsc#1144333).
cifs: add compound_send_recv() (bsc#1144333).
cifs: add credits from unmatched responses/messages (bsc#1144333).
cifs: add debug output to show nocase mount option (bsc#1144333).
cifs: Add DFS cache routines (bsc#1144333).
cifs: Add direct I/O functions to file_operations (bsc#1144333).
cifs: add fiemap support (bsc#1144333).
cifs: add iface info to struct cifs_ses (bsc#1144333).
cifs: add IOCTL for QUERY_INFO passthrough to userspace (bsc#1144333).
cifs: add lease tracking to the cached root fid (bsc#1144333).
cifs: Add minor debug message during negprot (bsc#1144333).
cifs: add missing debug entries for kconfig options (bsc#1051510, bsc#1144333).
cifs: add missing GCM module dependency (bsc#1144333).
cifs: add missing support for ACLs in SMB 3.11 (bsc#1051510, bsc#1144333).
cifs: add ONCE flag for cifs_dbg type (bsc#1144333).
cifs: add pdu_size to the TCP_Server_Info structure (bsc#1144333).
cifs: add resp_buf_size to the mid_q_entry structure (bsc#1144333).
cifs: address trivial coverity warning (bsc#1144333).
cifs: add server argument to the dump_detail method (bsc#1144333).
cifs: add server->vals->header_preamble_size (bsc#1144333).
cifs: add SFM mapping for 0x01-0x1F (bsc#1144333).
cifs: add sha512 secmech (bsc#1051510, bsc#1144333).
cifs: Adds information-level logging function (bsc#1144333).
cifs: add SMB2_close_init()/SMB2_close_free() (bsc#1144333).
cifs: add SMB2_ioctl_init/free helpers to be used with compounding (bsc#1144333).
cifs: add SMB2_query_info_[init|free]() (bsc#1144333).
cifs: Add smb2_send_recv (bsc#1144333).
cifs: add spinlock for the openFileList to cifsInodeInfo (bsc#1144333).
cifs: add .splice_write (bsc#1144333).
cifs: Add support for direct I/O read (bsc#1144333).
cifs: Add support for direct I/O write (bsc#1144333).
cifs: Add support for direct pages in rdata (bsc#1144333).
cifs: Add support for direct pages in wdata (bsc#1144333).
cifs: Add support for failover in cifs_mount() (bsc#1144333).
cifs: Add support for failover in cifs_reconnect() (bsc#1144333).
cifs: Add support for failover in cifs_reconnect_tcon() (bsc#1144333).
cifs: Add support for failover in smb2_reconnect() (bsc#1144333).
cifs: Add support for FSCTL passthrough that write data to the server (bsc#1144333).
cifs: add support for ioctl on directories (bsc#1144333).
cifs: Add support for reading attributes on SMB2+ (bsc#1051510, bsc#1144333).
cifs: add support for SEEK_DATA and SEEK_HOLE (bsc#1144333).
cifs: Add support for writing attributes on SMB2+ (bsc#1051510, bsc#1144333).
cifs: Adjust MTU credits before reopening a file (bsc#1144333).
cifs: Allocate memory for all iovs in smb2_ioctl (bsc#1144333).
cifs: Allocate validate negotiation request through kmalloc (bsc#1144333).
cifs: allow calling SMB2_xxx_free(NULL) (bsc#1144333).
cifs: allow disabling less secure legacy dialects (bsc#1144333).
cifs: allow guest mounts to work for smb3.11 (bsc#1051510, bsc#1144333).
cifs: always add credits back for unsolicited PDUs (bsc#1144333).
cifs: Always reset read error to -EIO if no response (bsc#1144333).
cifs: Always resolve hostname before reconnecting (bsc#1051510, bsc#1144333).
cifs: a smb2_validate_and_copy_iov failure does not mean the handle is invalid (bsc#1144333).
cifs: auto disable 'serverino' in dfs mounts (bsc#1144333).
cifs: avoid a kmalloc in smb2_send_recv/SendReceive2 for the common case (bsc#1144333).
cifs: Avoid returning EBUSY to upper layer VFS (bsc#1144333).
cifs: cache FILE_ALL_INFO for the shared root handle (bsc#1144333).
cifs: Calculate the correct request length based on page offset and tail size (bsc#1144333).
cifs: Call MID callback before destroying transport (bsc#1144333).
cifs: change mkdir to use a compound (bsc#1144333).
cifs: change smb2_get_data_area_len to take a smb2_sync_hdr as argument (bsc#1144333).
cifs: Change SMB2_open to return an iov for the error parameter (bsc#1144333).
cifs: change SMB2_OP_RENAME and SMB2_OP_HARDLINK to use compounding (bsc#1144333).
cifs: change SMB2_OP_SET_EOF to use compounding (bsc#1144333).
cifs: change SMB2_OP_SET_INFO to use compounding (bsc#1144333).
cifs: change smb2_query_eas to use the compound query-info helper (bsc#1144333).
cifs: change unlink to use a compound (bsc#1144333).
cifs: change validate_buf to validate_iov (bsc#1144333).
cifs: change wait_for_free_request() to take flags as argument (bsc#1144333).
cifs: check CIFS_MOUNT_NO_DFS when trying to reuse existing sb (bsc#1144333).
cifs: Check for reconnects before sending async requests (bsc#1144333).
cifs: Check for reconnects before sending compound requests (bsc#1144333).
cifs: check for STATUS_USER_SESSION_DELETED (bsc#1112902, bsc#1144333).
cifs: Check for timeout on Negotiate stage (bsc#1091171, bsc#1144333).
cifs: check if SMB2 PDU size has been padded and suppress the warning (bsc#1144333).
cifs: check kmalloc before use (bsc#1051510, bsc#1144333).
cifs: check kzalloc return (bsc#1144333).
cifs: check MaxPathNameComponentLength != 0 before using it (bsc#1085536, bsc#1144333).
cifs: check ntwrk_buf_start for NULL before dereferencing it (bsc#1144333).
cifs: check rsp for NULL before dereferencing in SMB2_open (bsc#1085536, bsc#1144333).
cifs: cifs_read_allocate_pages: do not iterate through whole page array on ENOMEM (bsc#1144333).
cifs: clean up indentation, replace spaces with tab (bsc#1144333).
cifs: cleanup smb2ops.c and normalize strings (bsc#1144333).
cifs: complete PDU definitions for interface queries (bsc#1144333).
cifs: connect to servername instead of IP for IPC$ share (bsc#1051510, bsc#1144333).
cifs: Count SMB3 credits for malformed pending responses (bsc#1144333).
cifs: create a define for how many iovs we need for an SMB2_open() (bsc#1144333).
cifs: create a define for the max number of iov we need for a SMB2 set_info (bsc#1144333).
cifs: create a helper function for compound query_info (bsc#1144333).
cifs: create helpers for SMB2_set_info_init/free() (bsc#1144333).
cifs: create SMB2_open_init()/SMB2_open_free() helpers (bsc#1144333).
cifs: Display SMB2 error codes in the hex format (bsc#1144333).
cifs: document tcon/ses/server refcount dance (bsc#1144333).
cifs: do not allow creating sockets except with SMB1 posix exensions (bsc#1102097, bsc#1144333).
cifs: Do not assume one credit for async responses (bsc#1144333).
cifs: do not attempt cifs operation on smb2+ rename error (bsc#1144333).
cifs: Do not consider -ENODATA as stat failure for reads (bsc#1144333).
cifs: Do not count -ENODATA as failure for query directory (bsc#1051510, bsc#1144333).
cifs: do not dereference smb_file_target before null check (bsc#1051510, bsc#1144333).
cifs: Do not hide EINTR after sending network packets (bsc#1051510, bsc#1144333).
cifs: Do not log credits when unmounting a share (bsc#1144333).
cifs: do not log STATUS_NOT_FOUND errors for DFS (bsc#1051510, bsc#1144333).
cifs: Do not match port on SMBDirect transport (bsc#1144333).
cifs: Do not modify mid entry after submitting I/O in cifs_call_async (bsc#1051510, bsc#1144333).
cifs: Do not reconnect TCP session in add_credits() (bsc#1051510, bsc#1144333).
cifs: Do not reset lease state to NONE on lease break (bsc#1051510, bsc#1144333).
cifs: do not return atime less than mtime (bsc#1144333).
cifs: do not send invalid input buffer on QUERY_INFO requests (bsc#1144333).
cifs: Do not set credits to 1 if the server didn't grant anything (bsc#1144333).
cifs: do not show domain= in mount output when domain is empty (bsc#1144333).
cifs: Do not skip SMB2 message IDs on send failures (bsc#1144333).
cifs: do not use __constant_cpu_to_le32() (bsc#1144333).
cifs: dump every session iface info (bsc#1144333).
cifs: dump IPC tcon in debug proc file (bsc#1071306, bsc#1144333).
cifs: fallback to older infolevels on findfirst queryinfo retry (bsc#1144333).
cifs: Find and reopen a file before get MTU credits in writepages (bsc#1144333).
cifs: fix a buffer leak in smb2_query_symlink (bsc#1144333).
cifs: fix a credits leak for compund commands (bsc#1144333).
cifs: Fix a debug message (bsc#1144333).
cifs: Fix adjustment of credits for MTU requests (bsc#1051510, bsc#1144333).
cifs: Fix an issue with re-sending rdata when transport returning -EAGAIN (bsc#1144333).
cifs: Fix an issue with re-sending wdata when transport returning -EAGAIN (bsc#1144333).
cifs: Fix a race condition with cifs_echo_request (bsc#1144333).
cifs: Fix a tiny potential memory leak (bsc#1144333).
cifs: Fix autonegotiate security settings mismatch (bsc#1087092, bsc#1144333).
cifs: fix bi-directional fsctl passthrough calls (bsc#1144333).
cifs: fix build break when CONFIG_CIFS_DEBUG2 enabled (bsc#1144333).
cifs: fix build errors for SMB_DIRECT (bsc#1144333).
cifs: Fix check for matching with existing mount (bsc#1144333).
cifs: fix circular locking dependency (bsc#1064701, bsc#1144333).
cifs: fix computation for MAX_SMB2_HDR_SIZE (bsc#1144333).
cifs: fix confusing warning message on reconnect (bsc#1144333).
cifs: fix crash in cifs_dfs_do_automount (bsc#1144333).
cifs: fix crash in smb2_compound_op()/smb2_set_next_command() (bsc#1144333).
cifs: fix crash querying symlinks stored as reparse-points (bsc#1144333).
cifs: Fix credit calculation for encrypted reads with errors (bsc#1051510, bsc#1144333).
cifs: Fix credit calculations in compound mid callback (bsc#1144333).
cifs: Fix credit computation for compounded requests (bsc#1144333).
cifs: Fix credits calculation for cancelled requests (bsc#1144333).
cifs: Fix credits calculations for reads with errors (bsc#1051510, bsc#1144333).
cifs: fix credits leak for SMB1 oplock breaks (bsc#1144333).
cifs: fix deadlock in cached root handling (bsc#1144333).
cifs: Fix DFS cache refresher for DFS links (bsc#1144333).
cifs: fix encryption in SMB3.1.1 (bsc#1144333).
cifs: Fix encryption/signing (bsc#1144333).
cifs: Fix error mapping for SMB2_LOCK command which caused OFD lock problem (bsc#1051510, bsc#1144333).
cifs: Fix error paths in writeback code (bsc#1144333).
cifs: fix GlobalMid_Lock bug in cifs_reconnect (bsc#1144333).
cifs: fix handle leak in smb2_query_symlink() (bsc#1144333).
cifs: fix incorrect handling of smb2_set_sparse() return in smb3_simple_falloc (bsc#1144333).
cifs: Fix infinite loop when using hard mount option (bsc#1091171, bsc#1144333).
cifs: Fix invalid check in __cifs_calc_signature() (bsc#1144333).
cifs: Fix kernel oops when traceSMB is enabled (bsc#1144333).
cifs: fix kref underflow in close_shroot() (bsc#1144333).
cifs: Fix leaking locked VFS cache pages in writeback retry (bsc#1144333).
cifs: Fix lease buffer length error (bsc#1144333).
cifs: fix memory leak and remove dead code (bsc#1144333).
cifs: fix memory leak in SMB2_open() (bsc#1112894, bsc#1144333).
cifs: fix memory leak in SMB2_read (bsc#1144333).
cifs: Fix memory leak in smb2_set_ea() (bsc#1051510, bsc#1144333).
cifs: fix memory leak of an allocated cifs_ntsd structure (bsc#1144333).
cifs: fix memory leak of pneg_inbuf on -EOPNOTSUPP ioctl case (bsc#1144333).
cifs: Fix missing put_xid in cifs_file_strict_mmap (bsc#1087092, bsc#1144333).
cifs: Fix module dependency (bsc#1144333).
cifs: Fix mounts if the client is low on credits (bsc#1144333).
cifs: fix NULL deref in SMB2_read (bsc#1085539, bsc#1144333).
cifs: Fix NULL pointer dereference of devname (bnc#1129519).
cifs: Fix NULL pointer deref on SMB2_tcon() failure (bsc#1071009, bsc#1144333).
cifs: Fix NULL ptr deref (bsc#1144333).
cifs: fix page reference leak with readv/writev (bsc#1144333).
cifs: fix panic in smb2_reconnect (bsc#1144333).
cifs: fix parsing of symbolic link error response (bsc#1144333).
cifs: fix POSIX lock leak and invalid ptr deref (bsc#1114542, bsc#1144333).
cifs: Fix possible hang during async MTU reads and writes (bsc#1051510, bsc#1144333).
cifs: Fix possible oops and memory leaks in async IO (bsc#1144333).
cifs: Fix potential OOB access of lock element array (bsc#1051510, bsc#1144333).
cifs: Fix read after write for files with read caching (bsc#1051510, bsc#1144333).
cifs: fix return value for cifs_listxattr (bsc#1051510, bsc#1144333).
cifs: fix rmmod regression in cifs.ko caused by force_sig changes (bsc#1144333).
cifs: Fix separator when building path from dentry (bsc#1051510, bsc#1144333).
cifs: fix sha512 check in cifs_crypto_secmech_release (bsc#1051510, bsc#1144333).
cifs: Fix signing for SMB2/3 (bsc#1144333).
cifs: Fix slab-out-of-bounds in send_set_info() on SMB2 ACE setting (bsc#1144333).
cifs: Fix slab-out-of-bounds when tracing SMB tcon (bsc#1144333).
cifs: fix SMB1 breakage (bsc#1144333).
cifs: fix smb3_zero_range for Azure (bsc#1144333).
cifs: fix smb3_zero_range so it can expand the file-size when required (bsc#1144333).
cifs: fix spelling mistake, EACCESS -> EACCES (bsc#1144333).
cifs: Fix stack out-of-bounds in smb{2,3}_create_lease_buf() (bsc#1051510, bsc#1144333).
cifs: fix strcat buffer overflow and reduce raciness in smb21_set_oplock_level() (bsc#1144333).
cifs: Fix to use kmem_cache_free() instead of kfree() (bsc#1144333).
cifs: Fix trace command logging for SMB2 reads and writes (bsc#1144333).
cifs: fix typo in cifs_dbg (bsc#1144333).
cifs: fix typo in debug message with struct field ia_valid (bsc#1144333).
cifs: fix uninitialized ptr deref in smb2 signing (bsc#1144333).
cifs: Fix use-after-free in SMB2_read (bsc#1144333).
cifs: Fix use-after-free in SMB2_write (bsc#1144333).
cifs: Fix use after free of a mid_q_entry (bsc#1112903, bsc#1144333).
cifs: fix use-after-free of the lease keys (bsc#1144333).
cifs: Fix validation of signed data in smb2 (bsc#1144333).
cifs: Fix validation of signed data in smb3+ (bsc#1144333).
cifs: fix wrapping bugs in num_entries() (bsc#1051510, bsc#1144333).
cifs: flush before set-info if we have writeable handles (bsc#1144333).
cifs: For SMB2 security informaion query, check for minimum sized security descriptor instead of sizeof FileAllInformation class (bsc#1051510, bsc#1144333).
cifs: handle large EA requests more gracefully in smb2+ (bsc#1144333).
cifs: handle netapp error codes (bsc#1136261).
cifs: hide unused functions (bsc#1051510, bsc#1144333).
cifs: hide unused functions (bsc#1051510, bsc#1144333).
cifs: implement v3.11 preauth integrity (bsc#1051510, bsc#1144333).
cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs) (bsc#1144333).
cifs: integer overflow in in SMB2_ioctl() (bsc#1051510, bsc#1144333).
cifs: Introduce helper function to get page offset and length in smb_rqst (bsc#1144333).
cifs: Introduce offset for the 1st page in data transfer structures (bsc#1144333).
cifs: invalidate cache when we truncate a file (bsc#1051510, bsc#1144333).
cifs: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565, bsc#1144333).
cifs: limit amount of data we request for xattrs to CIFSMaxBufSize (bsc#1144333).
cifs: Limit memory used by lock request calls to a page (bsc#1144333).
cifs_lookup(): cifs_get_inode_...() never returns 0 with *inode left NULL (bsc#1144333).
cifs_lookup(): switch to d_splice_alias() (bsc#1144333).
cifs: make arrays static const, reduces object code size (bsc#1144333).
cifs: Make devname param optional in cifs_compose_mount_options() (bsc#1144333).
cifs: make IPC a regular tcon (bsc#1071306, bsc#1144333).
cifs: make minor clarifications to module params for cifs.ko (bsc#1144333).
cifs: make mknod() an smb_version_op (bsc#1144333).
cifs: make 'nodfs' mount opt a superblock flag (bsc#1051510, bsc#1144333).
cifs: make rmdir() use compounding (bsc#1144333).
cifs: make smb_send_rqst take an array of requests (bsc#1144333).
cifs: Make sure all data pages are signed correctly (bsc#1144333).
cifs: Make use of DFS cache to get new DFS referrals (bsc#1144333).
cifs: Mask off signals when sending SMB packets (bsc#1144333).
cifs: minor clarification in comments (bsc#1144333).
cifs: Minor Kconfig clarification (bsc#1144333).
cifs: minor updates to module description for cifs.ko (bsc#1144333).
cifs: Move credit processing to mid callbacks for SMB3 (bsc#1144333).
cifs: move default port definitions to cifsglob.h (bsc#1144333).
cifs: move large array from stack to heap (bsc#1144333).
cifs: Move open file handling to writepages (bsc#1144333).
cifs: Move unlocking pages from wdata_send_pages() (bsc#1144333).
cifs: OFD locks do not conflict with eachothers (bsc#1051510, bsc#1144333).
cifs: Only free DFS target list if we actually got one (bsc#1144333).
cifs: Only send SMB2_NEGOTIATE command on new TCP connections (bsc#1144333).
cifs: only wake the thread for the very last PDU in a compound (bsc#1144333).
cifs: parse and store info on iface queries (bsc#1144333).
cifs: pass flags down into wait_for_free_credits() (bsc#1144333).
cifs: Pass page offset for calculating signature (bsc#1144333).
cifs: Pass page offset for encrypting (bsc#1144333).
cifs: pass page offsets on SMB1 read/write (bsc#1144333).
cifs: prevent integer overflow in nxt_dir_entry() (bsc#1051510, bsc#1144333).
cifs: prevent starvation in wait_for_free_credits for multi-credit requests (bsc#1144333).
cifs: print CIFSMaxBufSize as part of /proc/fs/cifs/DebugData (bsc#1144333).
cifs: Print message when attempting a mount (bsc#1144333).
cifs: Properly handle auto disabling of serverino option (bsc#1144333).
cifs: protect against server returning invalid file system block size (bsc#1144333).
cifs: prototype declaration and definition for smb 2 - 3 and cifsacl mount options (bsc#1051510, bsc#1144333).
cifs: prototype declaration and definition to set acl for smb 2 - 3 and cifsacl mount options (bsc#1051510, bsc#1144333).
cifs: push rfc1002 generation down the stack (bsc#1144333).
cifs: read overflow in is_valid_oplock_break() (bsc#1144333).
cifs: Reconnect expired SMB sessions (bnc#1060662).
cifs: refactor and clean up arguments in the reparse point parsing (bsc#1144333).
cifs: refactor crypto shash/sdesc allocation&free (bsc#1051510, bsc#1144333).
cifs: Refactor out cifs_mount() (bsc#1144333).
cifs: release auth_key.response for reconnect (bsc#1085536, bsc#1144333).
cifs: release cifs root_cred after exit_cifs (bsc#1085536, bsc#1144333).
cifs: remove coverity warning in calc_lanman_hash (bsc#1144333).
cifs: Remove custom credit adjustments for SMB2 async IO (bsc#1144333).
cifs: remove header_preamble_size where it is always 0 (bsc#1144333).
cifs: remove redundant duplicated assignment of pointer 'node' (bsc#1144333).
cifs: remove rfc1002 hardcoded constants from cifs_discard_remaining_data() (bsc#1144333).
cifs: remove rfc1002 header from all SMB2 response structures (bsc#1144333).
cifs: remove rfc1002 header from smb2_close_req (bsc#1144333).
cifs: remove rfc1002 header from smb2_create_req (bsc#1144333).
cifs: remove rfc1002 header from smb2_echo_req (bsc#1144333).
cifs: remove rfc1002 header from smb2_flush_req (bsc#1144333).
cifs: remove rfc1002 header from smb2_ioctl_req (bsc#1144333).
cifs: remove rfc1002 header from smb2_lease_ack (bsc#1144333).
cifs: remove rfc1002 header from smb2_lock_req (bsc#1144333).
cifs: remove rfc1002 header from smb2_logoff_req (bsc#1144333).
cifs: remove rfc1002 header from smb2_negotiate_req (bsc#1144333).
cifs: remove rfc1002 header from smb2_oplock_break we get from server (bsc#1144333).
cifs: remove rfc1002 header from smb2_query_directory_req (bsc#1144333).
cifs: remove rfc1002 header from smb2_query_info_req (bsc#1144333).
cifs: remove rfc1002 header from smb2 read/write requests (bsc#1144333).
cifs: remove rfc1002 header from smb2_sess_setup_req (bsc#1144333).
cifs: remove rfc1002 header from smb2_set_info_req (bsc#1144333).
cifs: remove rfc1002 header from smb2_tree_connect_req (bsc#1144333).
cifs: remove rfc1002 header from smb2_tree_disconnect_req (bsc#1144333).
cifs: remove set but not used variable 'cifs_sb' (bsc#1144333).
cifs: remove set but not used variable 'sep' (bsc#1144333).
cifs: remove set but not used variable 'server' (bsc#1144333).
cifs: remove set but not used variable 'smb_buf' (bsc#1144333).
cifs: remove small_smb2_init (bsc#1144333).
cifs: remove smb2_send_recv() (bsc#1144333).
cifs: remove struct smb2_hdr (bsc#1144333).
cifs: remove struct smb2_oplock_break_rsp (bsc#1144333).
cifs: remove the is_falloc argument to SMB2_set_eof (bsc#1144333).
cifs: remove unused stats (bsc#1144333).
cifs: remove unused value pointed out by Coverity (bsc#1144333).
cifs: remove unused variable from SMB2_read (bsc#1144333).
cifs: rename and clarify CIFS_ASYNC_OP and CIFS_NO_RESP (bsc#1144333).
cifs: Reopen file before get SMB2 MTU credits for async IO (bsc#1144333).
cifs: replace a 4 with server->vals->header_preamble_size (bsc#1144333).
cifs: replace snprintf with scnprintf (bsc#1144333).
cifs: Respect reconnect in MTU credits calculations (bsc#1144333).
cifs: Respect reconnect in non-MTU credits calculations (bsc#1144333).
cifs: Respect SMB2 hdr preamble size in read responses (bsc#1144333).
cifs: return correct errors when pinning memory failed for direct I/O (bsc#1144333).
cifs: Return -EAGAIN instead of -ENOTSOCK (bsc#1144333).
cifs: return -ENODATA when deleting an xattr that does not exist (bsc#1144333).
cifs: Return error code when getting file handle for writeback (bsc#1144333).
cifs: return error on invalid value written to cifsFYI (bsc#1144333).
cifs: Save TTL value when parsing DFS referrals (bsc#1144333).
cifs: Select all required crypto modules (bsc#1085536, bsc#1144333).
cifs: set mapping error when page writeback fails in writepage or launder_pages (bsc#1144333).
cifs: set oparms.create_options rather than or'ing in CREATE_OPEN_BACKUP_INTENT (bsc#1144333).
cifs: Set reconnect instance to one initially (bsc#1144333).
cifs: set *resp_buf_type to NO_BUFFER on error (bsc#1144333).
cifs: Show locallease in /proc/mounts for cifs shares mounted with locallease feature (bsc#1144333).
cifs: show 'soft' in the mount options for hard mounts (bsc#1144333).
cifs: show the w bit for writeable /proc/fs/cifs/* files (bsc#1144333).
cifs: silence compiler warnings showing up with gcc-8.0.0 (bsc#1090734, bsc#1144333).
cifs: Silence uninitialized variable warning (bsc#1144333).
cifs: simple stats should always be enabled (bsc#1144333).
cifs: simplify code by removing CONFIG_CIFS_ACL ifdef (bsc#1144333). - Update config files.
cifs: simplify how we handle credits in compound_send_recv() (bsc#1144333).
cifs: Skip any trailing backslashes from UNC (bsc#1144333).
cifs: smb2 commands can not be negative, remove confusing check (bsc#1144333).
cifs: smb2ops: Fix listxattr() when there are no EAs (bsc#1051510, bsc#1144333).
cifs: smb2ops: Fix NULL check in smb2_query_symlink (bsc#1144333).
cifs: smb2pdu: Fix potential NULL pointer dereference (bsc#1144333).
cifs: SMBD: Add parameter rdata to smb2_new_read_req (bsc#1144333).
cifs: SMBD: Add rdma mount option (bsc#1144333).
cifs: SMBD: Add SMB Direct debug counters (bsc#1144333).
cifs: SMBD: Add SMB Direct protocol initial values and constants (bsc#1144333).
cifs: smbd: Avoid allocating iov on the stack (bsc#1144333).
cifs: smbd: avoid reconnect lockup (bsc#1144333).
cifs: smbd: Check for iov length on sending the last iov (bsc#1144333).
cifs: smbd: depend on INFINIBAND_ADDR_TRANS (bsc#1144333).
cifs: SMBD: Disable signing on SMB direct transport (bsc#1144333).
cifs: smbd: disconnect transport on RDMA errors (bsc#1144333).
cifs: SMBD: Do not call ib_dereg_mr on invalidated memory registration (bsc#1144333).
cifs: smbd: Do not destroy transport on RDMA disconnect (bsc#1144333).
cifs: smbd: Do not use RDMA read/write when signing is used (bsc#1144333).
cifs: smbd: Dump SMB packet when configured (bsc#1144333).
cifs: smbd: Enable signing with smbdirect (bsc#1144333).
cifs: SMBD: Establish SMB Direct connection (bsc#1144333).
cifs: SMBD: export protocol initial values (bsc#1144333).
cifs: SMBD: fix spelling mistake: faield and legnth (bsc#1144333).
cifs: SMBD: Fix the definition for SMB2_CHANNEL_RDMA_V1_INVALIDATE (bsc#1144333).
cifs: SMBD: Implement function to create a SMB Direct connection (bsc#1144333).
cifs: SMBD: Implement function to destroy a SMB Direct connection (bsc#1144333).
cifs: SMBD: Implement function to receive data via RDMA receive (bsc#1144333).
cifs: SMBD: Implement function to reconnect to a SMB Direct transport (bsc#1144333).
cifs: SMBD: Implement function to send data via RDMA send (bsc#1144333).
cifs: SMBD: Implement RDMA memory registration (bsc#1144333).
cifs: smbd: Indicate to retry on transport sending failure (bsc#1144333).
cifs: SMBD: Read correct returned data length for RDMA write (SMB read) I/O (bsc#1144333).
cifs: smbd: Retry on memory registration failure (bsc#1144333).
cifs: smbd: Return EINTR when interrupted (bsc#1144333).
cifs: SMBD: Set SMB Direct maximum read or write size for I/O (bsc#1144333).
cifs: SMBD: _smbd_get_connection() can be static (bsc#1144333).
cifs: SMBD: Support page offset in memory registration (bsc#1144333).
cifs: SMBD: Support page offset in RDMA recv (bsc#1144333).
cifs: SMBD: Support page offset in RDMA send (bsc#1144333).
cifs: smbd: take an array of reqeusts when sending upper layer data (bsc#1144333).
cifs: SMBD: Upper layer connects to SMBDirect session (bsc#1144333).
cifs: SMBD: Upper layer destroys SMB Direct session on shutdown or umount (bsc#1144333).
cifs: SMBD: Upper layer performs SMB read via RDMA write through memory registration (bsc#1144333).
cifs: SMBD: Upper layer performs SMB write via RDMA read through memory registration (bsc#1144333).
cifs: SMBD: Upper layer receives data via RDMA receive (bsc#1144333).
cifs: SMBD: Upper layer reconnects to SMB Direct session (bsc#1144333).
cifs: SMBD: Upper layer sends data via RDMA send (bsc#1144333).
cifs:smbd Use the correct DMA direction when sending data (bsc#1144333).
cifs:smbd When reconnecting to server, call smbd_destroy() after all MIDs have been called (bsc#1144333).
cifs: SMBD: work around gcc -Wmaybe-uninitialized warning (bsc#1144333).
cifs: start DFS cache refresher in cifs_mount() (bsc#1144333).
cifs: store the leaseKey in the fid on SMB2_open (bsc#1051510, bsc#1144333).
cifs: suppress some implicit-fallthrough warnings (bsc#1144333).
cifs: track writepages in vfs operation counters (bsc#1144333).
cifs: Try to acquire credits at once for compound requests (bsc#1144333).
cifs: update calc_size to take a server argument (bsc#1144333).
cifs: update init_sg, crypt_message to take an array of rqst (bsc#1144333).
cifs: update internal module number (bsc#1144333).
cifs: update internal module version number (bsc#1144333).
cifs: update internal module version number (bsc#1144333).
cifs: update internal module version number (bsc#1144333).
cifs: update internal module version number (bsc#1144333).
cifs: update internal module version number (bsc#1144333).
cifs: update internal module version number for cifs.ko to 2.12 (bsc#1144333).
cifs: update internal module version number for cifs.ko to 2.12 (bsc#1144333).
cifs: update internal module version number for cifs.ko to 2.14 (bsc#1144333).
cifs: update module internal version number (bsc#1144333).
cifs: update multiplex loop to handle compounded responses (bsc#1144333).
cifs: update receive_encrypted_standard to handle compounded responses (bsc#1144333).
cifs: update smb2_calc_size to use smb2_sync_hdr instead of smb2_hdr (bsc#1144333).
cifs: update smb2_check_message to handle PDUs without a 4 byte length header (bsc#1144333).
cifs: update smb2_queryfs() to use compounding (bsc#1144333).
cifs: update __smb_send_rqst() to take an array of requests (bsc#1144333).
cifs: use a compound for setting an xattr (bsc#1144333).
cifs: use a refcount to protect open/closing the cached file handle (bsc#1144333).
cifs: use correct format characters (bsc#1144333).
cifs: Use correct packet length in SMB2_TRANSFORM header (bsc#1144333).
cifs: Use GFP_ATOMIC when a lock is held in cifs_mount() (bsc#1144333).
cifs: Use kmemdup in SMB2_ioctl_init() (bsc#1144333).
cifs: Use kmemdup rather than duplicating its implementation in smb311_posix_mkdir() (bsc#1144333).
cifs: Use kzfree() to free password (bsc#1144333).
cifs: Use offset when reading pages (bsc#1144333).
cifs: Use smb 2 - 3 and cifsacl mount options getacl functions (bsc#1051510, bsc#1144333).
cifs: Use smb 2 - 3 and cifsacl mount options setacl function (bsc#1051510, bsc#1144333).
cifs: use tcon_ipc instead of use_ipc parameter of SMB2_ioctl (bsc#1071306, bsc#1144333).
cifs: use the correct length when pinning memory for direct I/O for write (bsc#1144333).
cifs: Use ULL suffix for 64-bit constant (bsc#1051510, bsc#1144333).
cifs: wait_for_free_credits() make it possible to wait for >=1 credits (bsc#1144333).
cifs: we can not use small padding iovs together with encryption (bsc#1144333).
cifs: When sending data on socket, pass the correct page offset (bsc#1144333).
cifs: zero-range does not require the file is sparse (bsc#1144333).
cifs: zero sensitive data when freeing (bsc#1087092, bsc#1144333).
Cleanup some minor endian issues in smb3 rdma (bsc#1144333).
clk: add clk_bulk_get accessories (bsc#1144813).
clk: bcm2835: remove pllb (jsc#SLE-7294).
clk: bcm283x: add driver interfacing with Raspberry Pi's firmware (jsc#SLE-7294).
clk: bulk: silently error out on EPROBE_DEFER (bsc#1144718,bsc#1144813).
clk: Export clk_bulk_prepare() (bsc#1144813).
clk: raspberrypi: register platform device for raspberrypi-cpufreq (jsc#SLE-7294).
clk: renesas: cpg-mssr: Fix reset control race condition (bsc#1051510).
clk: rockchip: Add 1.6GHz PLL rate for rk3399 (bsc#1144718,bsc#1144813).
clk: rockchip: assign correct id for pclk_ddr and hclk_sd in rk3399 (bsc#1144718,bsc#1144813).
compat_ioctl: pppoe: fix PPPOEIOCSFWD handling (bsc#1051510).
config: arm64: Remove CONFIG_ARM64_MODULE_CMODEL_LARGE Option removed by patches in bsc#1148219
coredump: split pipe command whitespace before expanding template (bsc#1051510).
cpufreq: add driver for Raspberry Pi (jsc#SLE-7294).
cpufreq: dt: Try freeing static OPPs only if we have added them (jsc#SLE-7294).
cpu/speculation: Warn on unsupported mitigations= parameter (bsc#1114279).
crypto: ccp - Add support for valid authsize values less than 16 (bsc#1051510).
crypto: ccp - Fix oops by properly managing allocated structures (bsc#1051510).
crypto: ccp - Ignore tag length when decrypting GCM ciphertext (bsc#1051510).
crypto: ccp - Ignore unconfigured CCP device on suspend/resume (bnc#1145934).
crypto: ccp - Validate buffer lengths for copy operations (bsc#1051510).
crypto: talitos - fix skcipher failure due to wrong output IV (bsc#1051510).
crypto: virtio - Read crypto services and algorithm masks (jsc#SLE-5844 jsc#SLE-6331 bsc#1145446 LTC#175307).
crypto: virtio - Register an algo only if it's supported (jsc#SLE-5844 jsc#SLE-6331 bsc#1145446 LTC#175307).
cx82310_eth: fix a memory leak bug (bsc#1051510).
dax: dax_layout_busy_page() should not unmap cow pages (bsc#1148698).
devres: always use dev_name() in devm_ioremap_resource() (git fixes).
dfs_cache: fix a wrong use of kfree in flush_cache_ent() (bsc#1144333).
dma-buf: balance refcount inbalance (bsc#1051510).
dmaengine: rcar-dmac: Reject zero-length slave DMA requests (bsc#1051510).
dm btree: fix order of block initialization in btree_split_beneath (git fixes).
dm bufio: fix deadlock with loop device (git fixes).
dm cache metadata: Fix loading discard bitset (git fixes).
dm crypt: do not overallocate the integrity tag space (git fixes).
dm crypt: fix parsing of extended IV arguments (git fixes).
dm delay: fix a crash when invalid device is specified (git fixes).
dm: fix to_sector() for 32bit (git fixes).
dm integrity: change memcmp to strncmp in dm_integrity_ctr (git fixes).
dm integrity: correctly calculate the size of metadata area (git fixes).
dm integrity: fix a crash due to BUG_ON in __journal_read_write() (git fixes).
dm integrity: fix deadlock with overlapping I/O (git fixes).
dm integrity: limit the rate of error messages (git fixes).
dm kcopyd: always complete failed jobs (git fixes).
dm log writes: make sure super sector log updates are written in order (git fixes).
dm raid: add missing cleanup in raid_ctr() (git fixes).
dm: revert 8f50e358153d ('dm: limit the max bio size as BIO_MAX_PAGES * PAGE_SIZE') (git fixes).
dm space map metadata: fix missing store of apply_bops() return value (git fixes).
dm table: fix invalid memory accesses with too high sector number (git fixes).
dm table: propagate BDI_CAP_STABLE_WRITES to fix sporadic checksum errors (git fixes).
dm thin: fix bug where bio that overwrites thin block ignores FUA (git fixes).
dm thin: fix passdown_double_checking_shared_status() (git fixes).
dm zoned: fix potential NULL dereference in dmz_do_reclaim() (git fixes).
dm zoned: Fix zone report handling (git fixes).
dm zoned: fix zone state management race (git fixes).
dm zoned: improve error handling in i/o map code (git fixes).
dm zoned: improve error handling in reclaim (git fixes).
dm zoned: properly handle backing device failure (git fixes).
dm zoned: Silence a static checker warning (git fixes).
Documentation: Add nospectre_v1 parameter (bsc#1051510).
Documentation/networking: fix default_ttl typo in mpls-sysctl (bsc#1051510).
Documentation: Update Documentation for iommu.passthrough (bsc#1136039).
Do not log confusing message on reconnect by default (bsc#1129664, bsc#1144333).
Do not log expected error on DFS referral request (bsc#1051510, bsc#1144333).
driver core: Fix use-after-free and double free on glue directory (bsc#1131281).
drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl (bsc#1051510).
drivers/rapidio/devices/rio_mport_cdev.c: NUL terminate some strings (bsc#1051510).
drm/amd/display: Always allocate initial connector state state (bsc#1111666).
drm/amd/display: Disable ABM before destroy ABM struct (bsc#1111666).
drm/amd/display: Fill prescale_params->scale for RGB565 (bsc#1111666).
drm/amd/display: fix compilation error (bsc#1111666).
drm/amd/display: Fix dc_create failure handling and 666 color depths (bsc#1111666).
drm/amd/display: Increase size of audios array (bsc#1111666).
drm/amd/display: num of sw i2c/aux engines less than num of connectors (bsc#1145946).
drm/amd/display: Only enable audio if speaker allocation exists (bsc#1111666).
drm/amd/display: Remove redundant non-zero and overflow check (bsc#1145946).
drm/amd/display: use encoder's engine id to find matched free audio device (bsc#1111666).
drm/amd/display: Wait for backlight programming completion in set backlight level (bsc#1111666).
drm/amdgpu: Add APTX quirk for Dell Latitude 5495 (bsc#1142635)
drm/amdgpu: added support 2nd UVD instance (bsc#1143331).
drm/amdgpu:change VEGA booting with firmware loaded by PSP (bsc#1143331).
drm/amdgpu: fix a potential information leaking bug (bsc#1111666).
drm/amdgpu/psp: move psp version specific function pointers to (bsc#1135642)
drm/amdgpu/sriov: Need to initialize the HDP_NONSURFACE_BAStE (bsc#1111666).
drm/amdkfd: Fix a potential memory leak (bsc#1111666).
drm/amdkfd: Fix sdma queue map issue (bsc#1111666).
drm/bridge: lvds-encoder: Fix build error while CONFIG_DRM_KMS_HELPER=m (bsc#1111666).
drm/bridge: sii902x: pixel clock unit is 10kHz instead of 1kHz (bsc#1051510).
drm/bridge: tc358767: read display_props in get_modes() (bsc#1051510).
drm/crc-debugfs: Also sprinkle irqrestore over early exits (bsc#1051510).
drm/crc-debugfs: User irqsafe spinlock in drm_crtc_add_crc_entry (bsc#1051510).
drm/edid: parse CEA blocks embedded in DisplayID (bsc#1111666).
drm/etnaviv: add missing failure path to destroy suballoc (bsc#1135642)
drm/exynos: fix missing decrement of retry counter (bsc#1111666).
drm/i915: Do not deballoon unused ggtt drm_mm_node in linux guest (bsc#1142635)
drm/i915: Fix GEN8_MCR_SELECTOR programming (bsc#1111666).
drm/i915: Fix HW readout for crtc_clock in HDMI mode (bsc#1111666).
drm/i915: Fix the TBT AUX power well enabling (bsc#1111666).
drm/i915: Fix wrong escape clock divisor init for GLK (bsc#1051510).
drm/i915: Fix wrong escape clock divisor init for GLK (bsc#1142635)
drm/i915/gvt: fix incorrect cache entry for guest page mapping (bsc#1111666).
drm/i915/perf: ensure we keep a reference on the driver (bsc#1051510).
drm/i915/perf: ensure we keep a reference on the driver (bsc#1142635)
drm/i915/perf: fix ICL perf register offsets (bsc#1111666).
drm/i915: Restore relaxed padding (OCL_OOB_SUPPRES_ENABLE) for skl+ (bsc#1142635)
drm/i915/userptr: Acquire the page lock around set_page_dirty() (bsc#1051510).
drm/imx: notify drm core before sending event during crtc disable (bsc#1135642)
drm/imx: only send event on crtc disable if kept disabled (bsc#1135642)
drm/mediatek: call drm_atomic_helper_shutdown() when unbinding driver (bsc#1135642)
drm/mediatek: call mtk_dsi_stop() after mtk_drm_crtc_atomic_disable() (bsc#1135642)
drm/mediatek: clear num_pipes when unbind driver (bsc#1135642)
drm/mediatek: fix unbind functions (bsc#1135642)
drm/mediatek: mtk_drm_drv.c: Add of_node_put() before goto (bsc#1111666).
drm/mediatek: mtk_drm_drv.c: Add of_node_put() before goto (bsc#1142635)
drm/mediatek: unbind components in mtk_drm_unbind() (bsc#1135642)
drm/mediatek: use correct device to import PRIME buffers (bsc#1111666).
drm/mediatek: use correct device to import PRIME buffers (bsc#1142635)
drm/msm: Depopulate platform on probe failure (bsc#1051510).
drm: msm: Fix add_gpu_components (bsc#1051510).
drm/msm/mdp5: Fix mdp5_cfg_init error return (bsc#1142635)
drm/nouveau: Do not retry infinitely when receiving no data on i2c (bsc#1142635)
drm/nouveau: fix memory leak in nouveau_conn_reset() (bsc#1051510).
drm/panel: simple: Fix panel_simple_dsi_probe (bsc#1051510).
drm/rockchip: Suspend DP late (bsc#1051510).
drm/rockchip: Suspend DP late (bsc#1142635)
drm: silence variable 'conn' set but not used (bsc#1051510).
drm/udl: introduce a macro to convert dev to udl. (bsc#1113722)
drm/udl: move to embedding drm device inside udl device. (bsc#1113722)
drm/virtio: Add memory barriers for capset cache (bsc#1051510).
drm/vmwgfx: fix a warning due to missing dma_parms (bsc#1135642)
drm/vmwgfx: fix memory leak when too many retries have occurred (bsc#1051510).
drm/vmwgfx: Use the backdoor port if the HB port is not available (bsc#1135642)
Drop an ASoC fix that was reverted in 4.14.y stable
eCryptfs: fix a couple type promotion bugs (bsc#1051510).
EDAC/amd64: Add Family 17h Model 30h PCI IDs (bsc#1112178).
EDAC, amd64: Add Family 17h, models 10h-2fh support (bsc#1112178).
EDAC/amd64: Adjust printed chip select sizes when interleaved (bsc#1131489).
EDAC/amd64: Cache secondary Chip Select registers (bsc#1131489).
EDAC/amd64: Decode syndrome before translating address (bsc#1131489).
EDAC/amd64: Find Chip Select memory size using Address Mask (bsc#1131489).
EDAC/amd64: Initialize DIMM info for systems with more than two channels (bsc#1131489).
EDAC/amd64: Recognize DRAM device type ECC capability (bsc#1131489).
EDAC/amd64: Recognize x16 symbol size (bsc#1131489).
EDAC/amd64: Set maximum channel layer size depending on family (bsc#1131489).
EDAC/amd64: Support asymmetric dual-rank DIMMs (bsc#1131489).
EDAC/amd64: Support more than two controllers for chip selects handling (bsc#1131489).
EDAC/amd64: Support more than two Unified Memory Controllers (bsc#1131489).
EDAC/amd64: Use a macro for iterating over Unified Memory Controllers (bsc#1131489).
EDAC: Fix global-out-of-bounds write when setting edac_mc_poll_msec (bsc#1114279).
efi/bgrt: Drop BGRT status field reserved bits check (bsc#1051510).
ehea: Fix a copy-paste err in ehea_init_port_res (bsc#1051510).
ext4: use jbd2_inode dirty range scoping (bsc#1148616).
firmware: raspberrypi: register clk device (jsc#SLE-7294).
firmware: ti_sci: Always request response from firmware (bsc#1051510).
Fixed https://bugzilla.kernel.org/show_bug.cgi?id=202935 allow write on the same file (bsc#1144333).
Fix encryption labels and lengths for SMB3.1.1 (bsc#1085536, bsc#1144333).
Fix incorrect error code mapping for OBJECTID_NOT_FOUND (bsc#1144333).
Fix kABI after KVM fixes
Fix match_server check to allow for auto dialect negotiate (bsc#1144333).
Fix SMB3.1.1 guest authentication to Samba (bsc#1085536, bsc#1144333).
Fix smb3-encryption breakage when CONFIG_DEBUG_SG=y (bsc#1051510, bsc#1144333).
Fix struct ufs_req removal of unused field (git-fixes).
Fix warning messages when mounting to older servers (bsc#1144333).
floppy: fix invalid pointer dereference in drive_name (bsc#1111666).
floppy: fix out-of-bounds read in next_valid_format (bsc#1111666).
fs/cifs/cifsacl.c Fixes typo in a comment (bsc#1144333).
fs: cifs: cifsssmb: Change return type of convert_ace_to_cifs_ace (bsc#1144333).
fs/cifs: do not translate SFM_SLASH (U+F026) to backslash (bsc#1144333).
fs: cifs: Drop unlikely before IS_ERR(_OR_NULL) (bsc#1144333).
fs/cifs: fix uninitialised variable warnings (bsc#1144333).
fs: cifs: Kconfig: pedantic formatting (bsc#1144333).
fs: cifs: Replace _free_xid call in cifs_root_iget function (bsc#1144333).
fs/cifs: require sha512 (bsc#1051510, bsc#1144333).
fs/cifs: Simplify ib_post_(send|recv|srq_recv)() calls (bsc#1144333).
fs/cifs/smb2pdu.c: fix buffer free in SMB2_ioctl_free (bsc#1144333).
fs/cifs: suppress a string overflow warning (bsc#1144333).
fs/*/Kconfig: drop links to 404-compliant http://acl.bestbits.at (bsc#1144333).
fsl/fman: Use GFP_ATOMIC in {memac,tgec}_add_hash_mac_address() (bsc#1051510).
fs/xfs: Fix return code of xfs_break_leased_layouts() (bsc#1148031).
fs: xfs: xfs_log: Do not use KM_MAYFAIL at xfs_log_reserve() (bsc#1148033).
ftrace: Check for empty hash and comment the race with registering probes (bsc#1149418).
ftrace: Check for successful allocation of hash (bsc#1149424).
ftrace: Fix NULL pointer dereference in t_probe_next() (bsc#1149413).
gpio: Fix build error of function redefinition (bsc#1051510).
gpio: gpio-omap: add check for off wake capable gpios (bsc#1051510).
gpiolib: fix incorrect IRQ requesting of an active-low lineevent (bsc#1051510).
gpiolib: never report open-drain/source lines as 'input' to user-space (bsc#1051510).
gpio: mxs: Get rid of external API call (bsc#1051510).
gpio: omap: ensure irq is enabled before wakeup (bsc#1051510).
gpio: pxa: handle corner case of unprobed device (bsc#1051510).
gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM (bsc#1142635)
HID: Add 044f:b320 ThrustMaster, Inc. 2 in 1 DT (bsc#1051510).
HID: Add quirk for HP X1200 PIXART OEM mouse (bsc#1051510).
HID: cp2112: prevent sleeping function called from invalid context (bsc#1051510).
HID: hiddev: avoid opening a disconnected device (bsc#1051510).
HID: hiddev: do cleanup in failure of opening a device (bsc#1051510).
HID: holtek: test for sanity of intfdata (bsc#1051510).
HID: sony: Fix race condition between rumble and device remove (bsc#1051510).
HID: wacom: Correct distance scale for 2nd-gen Intuos devices (bsc#1142635).
HID: wacom: correct misreported EKR ring values (bsc#1142635).
HID: wacom: fix bit shift for Cintiq Companion 2 (bsc#1051510).
hpet: Fix division by zero in hpet_time_div() (bsc#1051510).
hwmon: (nct6775) Fix register address and added missed tolerance for nct6106 (bsc#1051510).
hwmon: (nct7802) Fix wrong detection of in4 presence (bsc#1051510).
i2c: emev2: avoid race when unregistering slave client (bsc#1051510).
i2c: piix4: Fix port selection for AMD Family 16h Model 30h (bsc#1051510).
i2c: qup: fixed releasing dma without flush operation completion (bsc#1051510).
ia64: Get rid of iommu_pass_through (bsc#1136039).
IB/mlx5: Fix MR registration flow to use UMR properly (bsc#1093205 bsc#1145678).
ibmveth: Convert multicast list size for little-endian system (bsc#1061843).
ibmvnic: Do not process reset during or after device removal (bsc#1149652 ltc#179635).
ibmvnic: Unmap DMA address of TX descriptor buffers after use (bsc#1146351 ltc#180726).
igmp: fix memory leak in igmpv3_del_delrec() (networking-stable-19_07_25).
iio: adc: max9611: Fix misuse of GENMASK macro (bsc#1051510).
iio: adc: max9611: Fix temperature reading in probe (bsc#1051510).
iio: iio-utils: Fix possible incorrect mask calculation (bsc#1051510).
Improve security, move default dialect to SMB3 from old CIFS (bsc#1051510, bsc#1144333).
include/linux/bitops.h: sanitize rotate primitives (git fixes).
Input: alps - do not handle ALPS cs19 trackpoint-only device (bsc#1051510).
Input: alps - fix a mismatch between a condition check and its comment (bsc#1051510).
Input: iforce - add sanity checks (bsc#1051510).
Input: kbtab - sanity check for endpoint type (bsc#1051510).
Input: synaptics - enable RMI mode for HP Spectre X360 (bsc#1051510).
Input: synaptics - whitelist Lenovo T580 SMBus intertouch (bsc#1051510).
Input: trackpoint - only expose supported controls for Elan, ALPS and NXP (bsc#1051510).
intel_th: pci: Add Ice Lake NNPI support (bsc#1051510).
intel_th: pci: Add support for another Lewisburg PCH (bsc#1051510).
intel_th: pci: Add Tiger Lake support (bsc#1051510).
iommu: Add helpers to set/get default domain type (bsc#1136039).
iommu/amd: Add support for X2APIC IOMMU interrupts (bsc#1145010).
iommu/amd: Fix race in increase_address_space() (bsc#1150860).
iommu/amd: Flush old domains in kdump kernel (bsc#1150861).
iommu/amd: Move iommu_init_pci() to .init section (bsc#1149105).
iommu/amd: Request passthrough mode from IOMMU core (bsc#1136039).
iommu: Disable passthrough mode when SME is active (bsc#1136039).
iommu/dma: Handle SG length overflow better (bsc#1146084).
iommu/iova: Remove stale cached32_node (bsc#1145018).
iommu: Print default domain type on boot (bsc#1136039).
iommu: Remember when default domain type was set on kernel command line (bsc#1136039).
iommu: Set default domain type at runtime (bsc#1136039).
iommu: Use Functions to set default domain type in iommu_set_def_domain_type() (bsc#1136039).
iommu/vt-d: Request passthrough mode from IOMMU core (bsc#1136039).
ipip: validate header length in ipip_tunnel_xmit (git-fixes).
ipv4: do not set IPv6 only flags to IPv4 addresses (networking-stable-19_07_25).
irqchip/gic-v2m: Add support for Amazon Graviton variant of GICv3+GICv2m (SLE-9332).
irqchip/gic-v3-its: fix build warnings (bsc#1144880).
ISDN: hfcsusb: checking idx of ep configuration (bsc#1051510).
isdn: hfcsusb: Fix mISDN driver crash caused by transfer buffer on the stack (bsc#1051510).
isdn: mISDN: hfcsusb: Fix possible null-pointer dereferences in start_isoc_chain() (bsc#1051510).
iversion: add a routine to update a raw value with a larger one (bsc#1148133).
iwlwifi: dbg: split iwl_fw_error_dump to two functions (bsc#1119086).
iwlwifi: do not unmap as page memory that was mapped as single (bsc#1051510).
iwlwifi: fix bad dma handling in page_mem dumping flow (bsc#1120902).
iwlwifi: fw: use helper to determine whether to dump paging (bsc#1106434).
iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT on version < 41 (bsc#1142635).
iwlwifi: mvm: fix an out-of-bound access (bsc#1051510).
iwlwifi: mvm: fix version check for GEO_TX_POWER_LIMIT support (bsc#1142635).
iwlwifi: pcie: do not service an interrupt that was masked (bsc#1142635).
iwlwifi: pcie: fix ALIVE interrupt handling for gen2 devices w/o MSI-X (bsc#1142635).
ixgbe: fix possible deadlock in ixgbe_service_task() (bsc#1113994).
jbd2: flush_descriptor(): Do not decrease buffer head's ref count (bsc#1143843).
jbd2: introduce jbd2_inode dirty range scoping (bsc#1148616).
kABI: Fix kABI for 'struct amd_iommu' (bsc#1145010).
kABI: Fix kABI for x86 pci-dma code (bsc#1136039).
kABI/severities: Exclude drivers/crypto/ccp/*
kABI/severities: match SLE15 entry ordering.
kasan: remove redundant initialization of variable 'real_size' (git fixes).
kconfig/[mn]conf: handle backspace (^H) key (bsc#1051510).
keys: Fix missing null pointer check in request_key_auth_describe() (bsc#1051510).
KVM: arm64: Fix caching of host MDCR_EL2 value (bsc#1133021).
KVM: arm/arm64: Close VMID generation race (bsc#1133021).
KVM: arm/arm64: Convert kvm_host_cpu_state to a static per-cpu allocation (bsc#1133021).
KVM: arm/arm64: Drop resource size check for GICV window (bsc#1133021).
KVM: arm/arm64: Fix lost IRQs from emulated physcial timer when blocked (bsc#1133021).
KVM: arm/arm64: Fix VMID alloc race by reverting to lock-less (bsc#1133021).
KVM: arm/arm64: Handle CPU_PM_ENTER_FAILED (bsc#1133021).
KVM: arm/arm64: Reduce verbosity of KVM init log (bsc#1133021).
KVM: arm/arm64: Set dist->spis to NULL after kfree (bsc#1133021).
KVM: arm/arm64: Skip updating PMD entry if no change (bsc#1133021).
KVM: arm/arm64: Skip updating PTE entry if no change (bsc#1133021).
KVM: arm/arm64: vgic: Add missing irq_lock to vgic_mmio_read_pending (bsc#1133021).
KVM: arm/arm64: vgic: Fix kvm_device leak in vgic_its_destroy (bsc#1133021).
KVM: arm/arm64: vgic-its: Fix potential overrun in vgic_copy_lpi_list (bsc#1133021).
KVM: arm/arm64: vgic-v3: Tighten synchronization for guests using v2 on v3 (bsc#1133021).
KVM: Disallow wraparound in kvm_gfn_to_hva_cache_init (bsc#1133021).
KVM/Eventfd: Avoid crash when assign and deassign specific eventfd in parallel (bsc#1133021).
KVM: Fix leak vCPU's VMCS value into other pCPU (bsc#1145388).
KVM: LAPIC: Fix pending interrupt in IRR blocked by software disable LAPIC (bsc#1145408).
KVM: mmu: Fix overlap between public and private memslots (bsc#1133021).
KVM: nVMX: allow setting the VMFUNC controls MSR (bsc#1145389).
KVM: nVMX: do not use dangling shadow VMCS after guest reset (bsc#1145390).
KVM: nVMX: Remove unnecessary sync_roots from handle_invept (bsc#1145391).
KVM: nVMX: Use adjusted pin controls for vmcs02 (bsc#1145392).
KVM: PPC: Book3S HV: Fix CR0 setting in TM emulation (bsc#1061840).
KVM: Reject device ioctls from processes other than the VM's creator (bsc#1133021).
KVM: s390: add debug logging for cpu model subfunctions (jsc#SLE-6240).
KVM: s390: add deflate conversion facilty to cpu model (jsc#SLE-6240).
KVM: s390: add enhanced sort facilty to cpu model (jsc#SLE-6240 ).
KVM: s390: add MSA9 to cpumodel (jsc#SLE-6240).
KVM: s390: add vector BCD enhancements facility to cpumodel (jsc#SLE-6240).
KVM: s390: add vector enhancements facility 2 to cpumodel (jsc#SLE-6240).
KVM: s390: enable MSA9 keywrapping functions depending on cpu model (jsc#SLE-6240).
KVM: s390: implement subfunction processor calls (jsc#SLE-6240 ).
KVM: s390: provide query function for instructions returning 32 byte (jsc#SLE-6240).
KVM: VMX: Always signal #GP on WRMSR to MSR_IA32_CR_PAT with bad value (bsc#1145393).
KVM: VMX: check CPUID before allowing read/write of IA32_XSS (bsc#1145394).
KVM: VMX: Fix handling of #MC that occurs during VM-Entry (bsc#1145395).
KVM: x86: degrade WARN to pr_warn_ratelimited (bsc#1145409).
KVM: x86: Do not update RIP or do single-step on faulting emulation (bsc#1149104).
KVM: x86: fix backward migration with async_PF (bsc#1146074).
KVM/x86: Move MSR_IA32_ARCH_CAPABILITIES to array emulated_msrs (bsc#1134881 bsc#1134882).
KVM: X86: Reduce the overhead when lapic_timer_advance is disabled (bsc#1149083).
KVM: x86: Unconditionally enable irqs in guest context (bsc#1145396).
KVM: x86/vPMU: refine kvm_pmu err msg when event creation failed (bsc#1145397).
lan78xx: Fix memory leaks (bsc#1051510).
libata: add SG safety checks in SFF pio transfers (bsc#1051510).
libata: do not request sense data on !ZAC ATA devices (bsc#1051510).
libata: have ata_scsi_rw_xlat() fail invalid passthrough requests (bsc#1051510).
libata: zpodd: Fix small read overflow in zpodd_get_mech_type() (bsc#1051510).
libceph: add ceph_decode_entity_addr (bsc#1148133 bsc#1136682).
libceph: add osd_req_op_extent_osd_data_bvecs() (bsc#1141450).
libceph: ADDR2 support for monmap (bsc#1148133 bsc#1136682).
libceph: allow ceph_buffer_put() to receive a NULL ceph_buffer (bsc#1148133).
libceph: allow ceph_buffer_put() to receive a NULL ceph_buffer (bsc#1148133).
libceph: assign cookies in linger_submit() (bsc#1135897).
libceph: check reply num_data_items in setup_request_data() (bsc#1135897).
libceph: correctly decode ADDR2 addresses in incremental OSD maps (bsc#1148133 bsc#1136682).
libceph: do not consume a ref on pagelist in ceph_msg_data_add_pagelist() (bsc#1135897).
libceph: enable fallback to ceph_msg_new() in ceph_msgpool_get() (bsc#1135897).
libceph: fix PG split vs OSD (re)connect race (bsc#1148133).
libceph: fix PG split vs OSD (re)connect race (bsc#1148133).
libceph: fix sa_family just after reading address (bsc#1148133 bsc#1136682).
libceph: fix unaligned accesses in ceph_entity_addr handling (bsc#1136682).
libceph: fix watch_item_t decoding to use ceph_decode_entity_addr (bsc#1148133 bsc#1136682).
libceph: handle zero-length data items (bsc#1141450).
libceph: introduce alloc_watch_request() (bsc#1135897).
libceph: introduce BVECS data type (bsc#1141450).
libceph: introduce ceph_pagelist_alloc() (bsc#1135897).
libceph: make ceph_pr_addr take an struct ceph_entity_addr pointer (bsc#1136682).
libceph: preallocate message data items (bsc#1135897).
libceph, rbd: add error handling for osd_req_op_cls_init() (bsc#1135897).
libceph, rbd, ceph: move ceph_osdc_alloc_messages() calls (bsc#1135897).
libceph, rbd: new bio handling code (aka do not clone bios) (bsc#1141450).
libceph: rename ceph_encode_addr to ceph_encode_banner_addr (bsc#1148133 bsc#1136682).
libceph: switch osdmap decoding to use ceph_decode_entity_addr (bsc#1148133 bsc#1136682).
libceph: turn on CEPH_FEATURE_MSG_ADDR2 (bsc#1148133 bsc#1136682).
libceph: use single request data item for cmp/setxattr (bsc#1139101).
libceph: use TYPE_LEGACY for entity addrs instead of TYPE_NONE (bsc#1148133 bsc#1136682).
libnvdimm/pfn: Store correct value of npfns in namespace superblock (bsc#1146381 ltc#180720).
liquidio: add cleanup in octeon_setup_iq() (bsc#1051510).
loop: set PF_MEMALLOC_NOIO for the worker thread (git fixes).
lpfc: fix 12.4.0.0 GPF at boot (bsc#1148308).
mac80211: Correctly set noencrypt for PAE frames (bsc#1111666).
mac80211: Do not memset RXCB prior to PAE intercept (bsc#1111666).
mac80211: do not warn about CW params when not using them (bsc#1051510).
mac80211: do not WARN on short WMM parameters from AP (bsc#1051510).
mac80211: fix possible memory leak in ieee80211_assign_beacon (bsc#1142635).
mac80211: fix possible sta leak (bsc#1051510).
mac80211_hwsim: Fix possible null-pointer dereferences in hwsim_dump_radio_nl() (bsc#1111666).
macsec: fix checksumming after decryption (bsc#1051510).
macsec: fix use-after-free of skb during RX (bsc#1051510).
macsec: let the administrator set UP state even if lowerdev is down (bsc#1051510).
macsec: update operstate when lower device changes (bsc#1051510).
mailbox: handle failed named mailbox channel request (bsc#1051510).
md: add mddev->pers to avoid potential NULL pointer dereference (git fixes).
md/raid: raid5 preserve the writeback action after the parity check (git fixes).
media: au0828: fix null dereference in error path (bsc#1051510).
media: coda: fix last buffer handling in V4L2_ENC_CMD_STOP (bsc#1051510).
media: coda: fix mpeg2 sequence number handling (bsc#1051510).
media: coda: increment sequence offset for the last returned frame (bsc#1051510).
media: coda: Remove unbalanced and unneeded mutex unlock (bsc#1051510).
media: dvb: usb: fix use after free in dvb_usb_device_exit (bsc#1051510).
media: hdpvr: fix locking and a missing msleep (bsc#1051510).
media: media_device_enum_links32: clean a reserved field (bsc#1051510).
media: pvrusb2: use a different format for warnings (bsc#1051510).
media: spi: IR LED: add missing of table registration (bsc#1051510).
media: staging: media: davinci_vpfe: - Fix for memory leak if decoder initialization fails (bsc#1051510).
media: vpss: fix a potential NULL pointer dereference (bsc#1051510).
media: wl128x: Fix some error handling in fm_v4l2_init_video_device() (bsc#1051510).
mfd: arizona: Fix undefined behavior (bsc#1051510).
mfd: core: Set fwnode for created devices (bsc#1051510).
mfd: hi655x-pmic: Fix missing return value check for devm_regmap_init_mmio_clk (bsc#1051510).
mfd: intel-lpss: Add Intel Comet Lake PCI IDs (jsc#SLE-4875).
mlxsw: spectrum: Fix error path in mlxsw_sp_module_init() (bsc#1112374).
mm: add filemap_fdatawait_range_keep_errors() (bsc#1148616).
mmc: cavium: Add the missing dma unmap when the dma has finished (bsc#1051510).
mmc: cavium: Set the correct dma max segment size for mmc_host (bsc#1051510).
mmc: core: Fix init of SD cards reporting an invalid VDD range (bsc#1051510).
mmc: dw_mmc: Fix occasional hang after tuning on eMMC (bsc#1051510).
mmc: sdhci-of-at91: add quirk for broken HS200 (bsc#1051510).
mmc: sdhci-pci: Add support for Intel CML (jsc#SLE-4875).
mmc: sdhci-pci: Add support for Intel ICP (jsc#SLE-4875).
mmc: sdhci-pci: Fix BYT OCP setting (bsc#1051510).
mm: do not stall register_shrinker() (bsc#1104902, VM Performance).
mm/hmm: fix bad subpage pointer in try_to_unmap_one (bsc#1148202, HMM, VM Functionality).
mm/hotplug: fix offline undo_isolate_page_range() (bsc#1148196, VM Functionality).
mm/list_lru.c: fix memory leak in __memcg_init_list_lru_node (bsc#1148379, VM Functionality).
mm/memcontrol.c: fix use after free in mem_cgroup_iter() (bsc#1149224, VM Functionality).
mm/memory.c: recheck page table entry with page table lock held (bsc#1148363, VM Functionality).
mm/migrate.c: initialize pud_entry in migrate_vma() (bsc#1148198, HMM, VM Functionality).
mm/mlock.c: change count_mm_mlocked_page_nr return type (bsc#1148527, VM Functionality).
mm/mlock.c: mlockall error for flag MCL_ONFAULT (bsc#1148527, VM Functionality).
mm: move MAP_SYNC to asm-generic/mman-common.h (bsc#1148297).
mm/page_alloc.c: fix calculation of pgdat->nr_zones (bsc#1148192, VM Functionality).
mm: page_mapped: do not assume compound page is huge or THP (bsc#1148574, VM Functionality).
mm, page_owner: handle THP splits correctly (bsc#1149197, VM Debugging Functionality).
mm/vmalloc: Sync unmappings in __purge_vmap_area_lazy() (bsc#1118689).
mm/vmscan.c: fix trying to reclaim unevictable LRU page (bsc#1149214, VM Functionality).
mm, vmscan: do not special-case slab reclaim when watermarks are boosted (git fixes (mm/vmscan)).
move a few externs to smbdirect.h to eliminate warning (bsc#1144333).
move irq_data_get_effective_affinity_mask prior the sorted section
Move upstreamed BT fix into sorted section
Move upstreamed nvme fix into sorted section
mpls: fix warning with multi-label encap (bsc#1051510).
nbd: replace kill_bdev() with __invalidate_device() again (git fixes).
Negotiate and save preferred compression algorithms (bsc#1144333).
net/9p: include trans_common.h to fix missing prototype warning (bsc#1051510).
net: bcmgenet: use promisc for unsupported filters (networking-stable-19_07_25).
net: bridge: mcast: fix stale ipv6 hdr pointer when handling v6 query (networking-stable-19_07_25).
net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2 report handling (networking-stable-19_07_25).
net: bridge: stp: do not cache eth dest pointer before skb pull (networking-stable-19_07_25).
net: dsa: mv88e6xxx: wait after reset deactivation (networking-stable-19_07_25).
net: ena: add ethtool function for changing io queue sizes (bsc#1139020 bsc#1139021).
net: ena: add good checksum counter (bsc#1139020 bsc#1139021).
net: ena: add handling of llq max tx burst size (bsc#1139020 bsc#1139021).
net: ena: add MAX_QUEUES_EXT get feature admin command (bsc#1139020 bsc#1139021).
net: ena: add newline at the end of pr_err prints (bsc#1139020 bsc#1139021).
net: ena: add support for changing max_header_size in LLQ mode (bsc#1139020 bsc#1139021).
net: ena: allow automatic fallback to polling mode (bsc#1139020 bsc#1139021).
net: ena: allow queue allocation backoff when low on memory (bsc#1139020 bsc#1139021).
net: ena: arrange ena_probe() function variables in reverse christmas tree (bsc#1139020 bsc#1139021).
net: ena: enable negotiating larger Rx ring size (bsc#1139020 bsc#1139021).
net: ena: ethtool: add extra properties retrieval via get_priv_flags (bsc#1139020 bsc#1139021).
net: ena: Fix bug where ring allocation backoff stopped too late (bsc#1139020 bsc#1139021).
net: ena: fix ena_com_fill_hash_function() implementation (bsc#1139020 bsc#1139021).
net: ena: fix: Free napi resources when ena_up() fails (bsc#1139020 bsc#1139021).
net: ena: fix incorrect test of supported hash function (bsc#1139020 bsc#1139021).
net: ena: fix: set freed objects to NULL to avoid failing future allocations (bsc#1139020 bsc#1139021).
net: ena: fix swapped parameters when calling ena_com_indirect_table_fill_entry (bsc#1139020 bsc#1139021).
net: ena: gcc 8: fix compilation warning (bsc#1139020 bsc#1139021).
net: ena: improve latency by disabling adaptive interrupt moderation by default (bsc#1139020 bsc#1139021).
net: ena: make ethtool show correct current and max queue sizes (bsc#1139020 bsc#1139021).
net: ena: optimise calculations for CQ doorbell (bsc#1139020 bsc#1139021).
net: ena: remove inline keyword from functions in *.c (bsc#1139020 bsc#1139021).
net: ena: replace free_tx/rx_ids union with single free_ids field in ena_ring (bsc#1139020 bsc#1139021).
net: ena: update driver version from 2.0.3 to 2.1.0 (bsc#1139020 bsc#1139021).
net: ena: use dev_info_once instead of static variable (bsc#1139020 bsc#1139021).
net: fix bpf_xdp_adjust_head regression for generic-XDP (bsc#1109837).
net: Fix netdev_WARN_ONCE macro (git-fixes).
net: hns3: add a check to pointer in error_detected and slot_reset (bsc#1104353).
net: hns3: add all IMP return code (bsc#1104353).
net: hns3: add aRFS support for PF (bsc#1104353).
net: hns3: add Asym Pause support to fix autoneg problem (bsc#1104353).
net: hns3: add check to number of buffer descriptors (bsc#1104353).
net: hns3: add default value for tc_size and tc_offset (bsc#1104353).
net: hns3: add exception handling when enable NIC HW error interrupts (bsc#1104353).
net: hns3: add handling of two bits in MAC tunnel interrupts (bsc#1104353).
net: hns3: add handshake with hardware while doing reset (bsc#1104353).
net: hns3: Add missing newline at end of file (bsc#1104353 ).
net: hns3: add opcode about query and clear RAS & MSI-X to special opcode (bsc#1104353).
net: hns3: add recovery for the H/W errors occurred before the HNS dev initialization (bsc#1104353).
net: hns3: add some error checking in hclge_tm module (bsc#1104353).
net: hns3: add support for dump firmware statistics by debugfs (bsc#1104353).
net: hns3: adjust hns3_uninit_phy()'s location in the hns3_client_uninit() (bsc#1104353).
net: hns3: bitwise operator should use unsigned type (bsc#1104353).
net: hns3: change SSU's buffer allocation according to UM (bsc#1104353).
net: hns3: check msg_data before memcpy in hclgevf_send_mbx_msg (bsc#1104353).
net: hns3: clear restting state when initializing HW device (bsc#1104353).
net: hns3: code optimizaition of hclge_handle_hw_ras_error() (bsc#1104353).
net: hns3: delay and separate enabling of NIC and ROCE HW errors (bsc#1104353).
net: hns3: delay ring buffer clearing during reset (bsc#1104353 ).
net: hns3: delay setting of reset level for hw errors until slot_reset is called (bsc#1104353).
net: hns3: delete the redundant user NIC codes (bsc#1104353 ).
net: hns3: do not configure new VLAN ID into VF VLAN table when it's full (bsc#1104353).
net: hns3: enable broadcast promisc mode when initializing VF (bsc#1104353).
net: hns3: enable DCB when TC num is one and pfc_en is non-zero (bsc#1104353).
net: hns3: extract handling of mpf/pf msi-x errors into functions (bsc#1104353).
net: hns3: fix a memory leak issue for hclge_map_unmap_ring_to_vf_vector (bsc#1104353).
net: hns3: fix a statistics issue about l3l4 checksum error (bsc#1104353).
net: hns3: fix avoid unnecessary resetting for the H/W errors which do not require reset (bsc#1104353).
net: hns3: fix a -Wformat-nonliteral compile warning (bsc#1104353).
net: hns3: fix compile warning without CONFIG_RFS_ACCEL (bsc#1104353).
net: hns3: fix dereference of ae_dev before it is null checked (bsc#1104353).
net: hns3: fixes wrong place enabling ROCE HW error when loading (bsc#1104353).
net: hns3: fix flow control configure issue for fibre port (bsc#1104353).
net: hns3: fix for dereferencing before null checking (bsc#1104353).
net: hns3: fix for skb leak when doing selftest (bsc#1104353 ).
net: hns3: fix __QUEUE_STATE_STACK_XOFF not cleared issue (bsc#1104353).
net: hns3: fix race conditions between reset and module loading & unloading (bsc#1104353).
net: hns3: fix some coding style issues (bsc#1104353 ).
net: hns3: fix VLAN filter restore issue after reset (bsc#1104353).
net: hns3: fix wrong size of mailbox responding data (bsc#1104353).
net: hns3: free irq when exit from abnormal branch (bsc#1104353 ).
net: hns3: handle empty unknown interrupt (bsc#1104353 ).
net: hns3: initialize CPU reverse mapping (bsc#1104353 ).
net: hns3: log detail error info of ROCEE ECC and AXI errors (bsc#1104353).
net: hns3: make HW GRO handling compliant with SW GRO (bsc#1104353).
net: hns3: modify handling of out of memory in hclge_err.c (bsc#1104353).
net: hns3: modify hclge_init_client_instance() (bsc#1104353 ).
net: hns3: modify hclgevf_init_client_instance() (bsc#1104353 ).
net: hns3: optimize the CSQ cmd error handling (bsc#1104353 ).
net: hns3: process H/W errors occurred before HNS dev initialization (bsc#1104353).
net: hns3: refactor hns3_get_new_int_gl function (bsc#1104353 ).
net: hns3: refactor PF/VF RSS hash key configuration (bsc#1104353).
net: hns3: refine the flow director handle (bsc#1104353 ).
net: hns3: remove override_pci_need_reset (bsc#1104353 ).
net: hns3: remove redundant core reset (bsc#1104353 ).
net: hns3: remove RXD_VLD check in hns3_handle_bdinfo (bsc#1104353).
net: hns3: remove setting bit of reset_requests when handling mac tunnel interrupts (bsc#1104353).
net: hns3: remove unused linkmode definition (bsc#1104353 ).
net: hns3: remove VF VLAN filter entry inexistent warning print (bsc#1104353).
net: hns3: replace numa_node_id with numa_mem_id for buffer reusing (bsc#1104353).
net: hns3: re-schedule reset task while VF reset fail (bsc#1104353).
net: hns3: set default value for param 'type' in hclgevf_bind_ring_to_vector (bsc#1104353).
net: hns3: set maximum length to resp_data_len for exceptional case (bsc#1104353).
net: hns3: set ops to null when unregister ad_dev (bsc#1104353 ).
net: hns3: set the port shaper according to MAC speed (bsc#1104353).
net: hns3: small changes for magic numbers (bsc#1104353 ).
net: hns3: some changes of MSI-X bits in PPU(RCB) (bsc#1104353 ).
net: hns3: some modifications to simplify and optimize code (bsc#1104353).
net: hns3: some variable modification (bsc#1104353).
net: hns3: stop schedule reset service while unloading driver (bsc#1104353).
net: hns3: sync VLAN filter entries when kill VLAN ID failed (bsc#1104353).
net: hns3: trigger VF reset if a VF has an over_8bd_nfe_err (bsc#1104353).
net: hns3: typo in the name of a constant (bsc#1104353 ).
net: hns3: use HCLGE_STATE_NIC_REGISTERED to indicate PF NIC client has registered (bsc#1104353).
net: hns3: use HCLGE_STATE_ROCE_REGISTERED to indicate PF ROCE client has registered (bsc#1104353).
net: hns3: use HCLGEVF_STATE_NIC_REGISTERED to indicate VF NIC client has registered (bsc#1104353).
net: hns3: use macros instead of magic numbers (bsc#1104353 ).
net: hns: add support for vlan TSO (bsc#1104353).
net/ibmvnic: Fix missing { in __ibmvnic_reset (bsc#1149652 ltc#179635).
net/ibmvnic: free reset work of removed device from queue (bsc#1149652 ltc#179635).
net: Introduce netdev_*_once functions (networking-stable-19_07_25).
net: make skb_dst_force return true when dst is refcounted (networking-stable-19_07_25).
net/mlx4_core: Zero out lkey field in SW2HW_MPT fw command (bsc#1145678).
net/mlx5e: always initialize frag->last_in_page (bsc#1103990 ).
net/mlx5e: IPoIB, Add error path in mlx5_rdma_setup_rn (networking-stable-19_07_25).
net/mlx5: Fix modify_cq_in alignment (bsc#1103990).
net: mvpp2: Do not check for 3 consecutive Idle frames for 10G links (bsc#1119113).
net: neigh: fix multiple neigh timer scheduling (networking-stable-19_07_25).
net: openvswitch: fix csum updates for MPLS actions (networking-stable-19_07_25).
net: phylink: Fix flow control for fixed-link (bsc#1119113 ).
net: remove duplicate fetch in sock_getsockopt (networking-stable-19_07_02).
netrom: fix a memory leak in nr_rx_frame() (networking-stable-19_07_25).
netrom: hold sock when setting skb->destructor (networking-stable-19_07_25).
net_sched: unset TCQ_F_CAN_BYPASS when adding filters (networking-stable-19_07_25).
net: sched: verify that q!=NULL before setting q->flags (git-fixes).
net: stmmac: fixed new system time seconds value calculation (networking-stable-19_07_02).
net: stmmac: set IC bit when transmitting frames with HW timestamp (networking-stable-19_07_02).
net: usb: pegasus: fix improper read if get_registers() fail (bsc#1051510).
nfc: fix potential illegal memory access (bsc#1051510).
NFS: Cleanup if nfs_match_client is interrupted (bsc#1134291).
NFS: Fix a double unlock from nfs_match,get_client (bsc#1134291).
NFS: Fix the inode request accounting when pages have subrequests (bsc#1140012).
NFS: make nfs_match_client killable (bsc#1134291).
nilfs2: do not use unexported cpu_to_le32()/le32_to_cpu() in uapi header (git fixes).
{nl,mac}80211: fix interface combinations on crypto controlled devices (bsc#1111666).
nvme: cancel request synchronously (bsc#1145661).
nvme: change locking for the per-subsystem controller list (bsc#1142541).
nvme-core: Fix extra device_put() call on error path (bsc#1142541).
nvme-fc: fix module unloads while lports still pending (bsc#1150033).
nvme: fix possible use-after-free in connect error flow (bsc#1139500)
nvme: fix possible use-after-free in connect error flow (bsc#1139500, bsc#1140426)
nvme: introduce NVME_QUIRK_IGNORE_DEV_SUBNQN (bsc#1146938).
nvme-multipath: fix ana log nsid lookup when nsid is not found (bsc#1141554).
nvme-multipath: relax ANA state check (bsc#1123105).
nvme-multipath: revalidate nvme_ns_head gendisk in nvme_validate_ns (bsc#1120876).
nvme: Return BLK_STS_TARGET if the DNR bit is set (bsc#1142076).
objtool: Add rewind_stack_do_exit() to the noreturn list (bsc#1145302).
objtool: Support GCC 9 cold subfunction naming scheme (bsc#1145300).
octeon_mgmt: Fix MIX registers configuration on MTU setup (bsc#1051510).
PCI: al: Add Amazon Annapurna Labs PCIe host controller driver (SLE-9332).
PCI: hv: Fix panic by calling hv_pci_remove_slots() earlier (bsc#1142701).
PCI: PM/ACPI: Refresh all stale power state data in pci_pm_complete() (bsc#1149106).
PCI: qcom: Ensure that PERST is asserted for at least 100 ms (bsc#1142635).
PCI: Restore Resizable BAR size bits correctly for 1MB BARs (bsc#1143841).
PCI: xilinx-nwl: Fix Multi MSI data programming (bsc#1142635).
phy: qcom-qusb2: Fix crash if nvmem cell not specified (bsc#1051510).
phy: renesas: rcar-gen2: Fix memory leak at error paths (bsc#1051510).
pinctrl: pistachio: fix leaked of_node references (bsc#1051510).
pinctrl: rockchip: fix leaked of_node references (bsc#1051510).
PM / devfreq: rk3399_dmc: do not print error when get supply and clk defer (bsc#1144718,bsc#1144813).
PM / devfreq: rk3399_dmc: fix spelling mistakes (bsc#1144718,bsc#1144813).
PM / devfreq: rk3399_dmc: Pass ODT and auto power down parameters to TF-A (bsc#1144718,bsc#1144813).
PM / devfreq: rk3399_dmc: remove unneeded semicolon (bsc#1144718,bsc#1144813).
PM / devfreq: rk3399_dmc: remove wait for dcf irq event (bsc#1144718,bsc#1144813).
PM / devfreq: rockchip-dfi: Move GRF definitions to a common place (bsc#1144718,bsc#1144813).
PM / OPP: OF: Use pr_debug() instead of pr_err() while adding OPP table (jsc#SLE-7294).
powerpc/64s: Include cpu header (bsc#1065729).
powerpc/64s: support nospectre_v2 cmdline option (bsc#1131107).
powerpc: Allow flush_(inval_)dcache_range to work across ranges >4GB (bsc#1146575 ltc#180764).
powerpc/book3s/64: check for NULL pointer in pgd_alloc() (bsc#1078248, git-fixes).
powerpc: dump kernel log before carrying out fadump or kdump (bsc#1149940 ltc#179958).
powerpc/fadump: use kstrtoint to handle sysfs store (bsc#1146376).
powerpc/fadump: when fadump is supported register the fadump sysfs files (bsc#1146352).
powerpc/fsl: Add nospectre_v2 command line argument (bsc#1131107).
powerpc/fsl: Update Spectre v2 reporting (bsc#1131107).
powerpc/kdump: Handle crashkernel memory reservation failure (bsc#1143466 LTC#179600).
powerpc/lib: Fix feature fixup test of external branch (bsc#1065729).
powerpc/mm: Handle page table allocation failures (bsc#1065729).
powerpc/mm/hash/4k: Do not use 64K page size for vmemmap with 4K pagesize (bsc#1142685 LTC#179509).
powerpc/mm/nvdimm: Add an informative message if we fail to allocate altmap block (bsc#1142685 LTC#179509).
powerpc/mm/radix: Use the right page size for vmemmap mapping (bsc#1055117 bsc#1142685 LTC#179509).
powerpc/nvdimm: Add support for multibyte read/write for metadata (bsc#1142685 LTC#179509).
powerpc/nvdimm: Pick nearby online node if the device node is not online (bsc#1142685 ltc#179509).
powerpc/perf: Add constraints for power9 l2/l3 bus events (bsc#1056686).
powerpc/perf: Add mem access events to sysfs (bsc#1124370).
powerpc/perf: Cleanup cache_sel bits comment (bsc#1056686).
powerpc/perf: Fix thresholding counter data for unknown type (bsc#1056686).
powerpc/perf: Remove PM_BR_CMPL_ALT from power9 event list (bsc#1047238, bsc#1056686).
powerpc/perf: Update perf_regs structure to include SIER (bsc#1056686).
powerpc/powernv: Flush console before platform error reboot (bsc#1149940 ltc#179958).
powerpc/powernv/opal-dump : Use IRQ_HANDLED instead of numbers in interrupt handler (bsc#1065729).
powerpc/powernv: Return for invalid IMC domain (bsc1054914, git-fixes).
powerpc/powernv: Use kernel crash path for machine checks (bsc#1149940 ltc#179958).
powerpc/pseries: add missing cpumask.h include file (bsc#1065729).
powerpc/pseries: correctly track irq state in default idle (bsc#1150727 ltc#178925).
powerpc/pseries: Fix xive=off command line (bsc#1085030, git-fixes).
powerpc/pseries, ps3: panic flush kernel messages before halting system (bsc#1149940 ltc#179958).
powerpc/pseries/scm: Mark the region volatile if cache flush not required (bsc#1142685 LTC#179509).
powerpc/rtas: use device model APIs and serialization during LPM (bsc#1144123 ltc#178840).
powerpc/security: Show powerpc_security_features in debugfs (bsc#1131107).
powerpc/xive: Fix dump of XIVE interrupt under pseries (bsc#1142019).
powerpc/xive: Fix loop exit-condition in xive_find_target_in_mask() (bsc#1085030, bsc#1145189, LTC#179762).
powerpc/xmon: Add a dump of all XIVE interrupts (bsc#1142019).
powerpc/xmon: Check for HV mode when dumping XIVE info from OPAL (bsc#1142019).
qede: fix write to free'd pointer error and double free of ptp (bsc#1051510).
qla2xxx: kABI fixes for v10.01.00.18-k (bcs#1082635 bcs#1141340 bcs#1143706).
qlge: Deduplicate lbq_buf_size (bsc#1106061).
qlge: Deduplicate rx buffer queue management (bsc#1106061).
qlge: Factor out duplicated expression (bsc#1106061).
qlge: Fix dma_sync_single calls (bsc#1106061).
qlge: Fix irq masking in INTx mode (bsc#1106061).
qlge: Refill empty buffer queues from wq (bsc#1106061).
qlge: Refill rx buffers up to multiple of 16 (bsc#1106061).
qlge: Remove bq_desc.maplen (bsc#1106061).
qlge: Remove irq_cnt (bsc#1106061).
qlge: Remove page_chunk.last_flag (bsc#1106061).
qlge: Remove qlge_bq.len & size (bsc#1106061).
qlge: Remove rx_ring.sbq_buf_size (bsc#1106061).
qlge: Remove rx_ring.type (bsc#1106061).
qlge: Remove useless dma synchronization calls (bsc#1106061).
qlge: Remove useless memset (bsc#1106061).
qlge: Replace memset with assignment (bsc#1106061).
qlge: Update buffer queue prod index despite oom (bsc#1106061).
raid5-cache: Need to do start() part job after adding journal device (git fixes).
rbd: do not (ab)use obj_req->pages for stat requests (bsc#1141450).
rbd: do not NULL out ->obj_request in rbd_img_obj_parent_read_full() (bsc#1141450).
rbd: get rid of img_req->copyup_pages (bsc#1141450).
rbd: move from raw pages to bvec data descriptors (bsc#1141450).
rbd: remove bio cloning helpers (bsc#1141450).
rbd: start enums at 1 instead of 0 (bsc#1141450).
rbd: use kmem_cache_zalloc() in rbd_img_request_create() (bsc#1141450).
RDMA/hns: Add mtr support for mixed multihop addressing (bsc#1104427).
RDMA/hns: Bugfix for calculating qp buffer size (bsc#1104427 ).
RDMA/hns: Bugfix for filling the sge of srq (bsc#1104427 ).
RDMa/hns: Do not stuck in endless timeout loop (bsc#1104427 ).
RDMA/hns: Fix an error code in hns_roce_set_user_sq_size() (bsc#1104427).
RDMA/hns: fix inverted logic of readl read and shift (bsc#1104427).
RDMA/hns: Fixs hw access invalid dma memory error (bsc#1104427 ).
RDMA/hns: Fixup qp release bug (bsc#1104427).
RDMA/hns: Modify ba page size for cqe (bsc#1104427).
RDMA/hns: Remove set but not used variable 'fclr_write_fail_flag' (bsc#1104427).
RDMA/hns: Remove unnecessary print message in aeq (bsc#1104427 ).
RDMA/hns: Replace magic numbers with #defines (bsc#1104427 ).
RDMA/hns: reset function when removing module (bsc#1104427 ).
RDMA/hns: Set reset flag when hw resetting (bsc#1104427 ).
RDMA/hns: Use %pK format pointer print (bsc#1104427 ).
refresh: soc: fsl: guts: Add definition for LX2160A ().
regmap: fix bulk writes on paged registers (bsc#1051510).
regulator: qcom_spmi: Fix math of spmi_regulator_set_voltage_time_sel (bsc#1051510).
Remove ifdef since SMB3 (and later) now STRONGLY preferred (bsc#1051510, bsc#1144333).
Revert 'Bluetooth: validate BLE connection interval updates' (bsc#1051510).
Revert 'cfg80211: fix processing world regdomain when non modular' (bsc#1051510).
Revert 'dm bufio: fix deadlock with loop device' (git fixes).
Revert i915 userptr page lock patch (bsc#1145051) This patch potentially causes a deadlock between kcompactd, as reported on 5.3-rc3.
Revert 'net: ena: ethtool: add extra properties retrieval via get_priv_flags' (bsc#1139020 bsc#1139021).
Revert patches.suse/0001-blk-wbt-Avoid-lock-contention-and-thundering-herd-is.patch (bsc#1141543)
Revert 'scsi: ncr5380: Increase register polling limit' (git-fixes).
Revert 'scsi: prefix header search paths with $(srctree)/ (bsc#1136346)'
Revert 'scsi: ufs: disable vccq if it's not needed by UFS device' (git-fixes).
rpm/kernel-binary.spec.in: Enable missing modules check.
rpmsg: added MODULE_ALIAS for rpmsg_char (bsc#1051510).
rpmsg: smd: do not use mananged resources for endpoints and channels (bsc#1051510).
rpmsg: smd: fix memory leak on channel create (bsc#1051510).
rsi: improve kernel thread handling to fix kernel panic (bsc#1051510).
rslib: Fix decoding of shortened codes (bsc#1051510).
rslib: Fix handling of of caller provided syndrome (bsc#1051510).
rtc: pcf8523: do not return invalid date when battery is low (bsc#1051510).
rtc: pcf8563: Clear event flags and disable interrupts before requesting irq (bsc#1051510).
rtc: pcf8563: Fix interrupt trigger method (bsc#1051510).
rxrpc: Fix send on a connected, but unbound socket (networking-stable-19_07_25).
s390/cio: fix ccw_device_start_timeout API (bsc#1142109 LTC#179339).
s390/dasd: fix endless loop after read unit address configuration (bsc#1144912 LTC#179907).
s390/qdio: handle PENDING state for QEBSM devices (bsc#1142117 bsc#1142118 bsc#1142119 LTC#179329 LTC#179330 LTC#179331).
s390/qeth: avoid control IO completion stalls (bsc#1142109 LTC#179339).
s390/qeth: cancel cmd on early error (bsc#1142109 LTC#179339).
s390/qeth: fix request-side race during cmd IO timeout (bsc#1142109 LTC#179339).
s390/qeth: release cmd buffer in error paths (bsc#1142109 LTC#179339).
s390/qeth: simplify reply object handling (bsc#1142109 LTC#179339).
samples, bpf: fix to change the buffer size for read() (bsc#1051510).
samples: mei: use /dev/mei0 instead of /dev/mei (bsc#1051510).
sched/fair: Do not free p->numa_faults with concurrent readers (bsc#1144920).
sched/fair: Use RCU accessors consistently for ->numa_group (bsc#1144920).
scripts/checkstack.pl: Fix arm64 wrong or unknown architecture (bsc#1051510).
scripts/decode_stacktrace: only strip base path when a prefix of the path (bsc#1051510).
scripts/decode_stacktrace.sh: prefix addr2line with $CROSS_COMPILE (bsc#1051510).
scripts/gdb: fix lx-version string output (bsc#1051510).
scripts/git_sort/git_sort.py:
scsi: aacraid: Fix missing break in switch statement (git-fixes).
scsi: aacraid: Fix performance issue on logical drives (git-fixes).
scsi: aic94xx: fix an error code in aic94xx_init() (git-fixes).
scsi: aic94xx: fix module loading (git-fixes).
scsi: bfa: Avoid implicit enum conversion in bfad_im_post_vendor_event (bsc#1136496 jsc#SLE-4698).
scsi: bfa: bfa_fcs_lport: Mark expected switch fall-throughs (bsc#1136496 jsc#SLE-4698).
scsi: bfa: bfa_fcs_rport: Mark expected switch fall-throughs (bsc#1136496 jsc#SLE-4698).
scsi: bfa: bfa_ioc: Mark expected switch fall-throughs (bsc#1136496 jsc#SLE-4698).
scsi: bfa: clean up a couple of indentation issues (bsc#1136496 jsc#SLE-4698).
scsi: bfa: convert to strlcpy/strlcat (git-fixes).
scsi: bfa: fix calls to dma_set_mask_and_coherent() (bsc#1136496 jsc#SLE-4698).
scsi: bfa: no need to check return value of debugfs_create functions (bsc#1136496 jsc#SLE-4698).
scsi: bfa: remove ScsiResult macro (bsc#1136496 jsc#SLE-4698).
scsi: bfa: Remove unused functions (bsc#1136496 jsc#SLE-4698).
scsi: bfa: use dma_set_mask_and_coherent (bsc#1136496 jsc#SLE-4698).
scsi: bnx2fc: Do not allow both a cleanup completion and abort completion for the same request (bsc#1144582).
scsi: bnx2fc: fix bnx2fc_cmd refcount imbalance in send_rec (bsc#1144582).
scsi: bnx2fc: fix bnx2fc_cmd refcount imbalance in send_srr (bsc#1144582).
scsi: bnx2fc: Fix error handling in probe() (bsc#1136502 jsc#SLE-4703).
scsi: bnx2fc: fix incorrect cast to u64 on shift operation (bsc#1136502 jsc#SLE-4703).
scsi: bnx2fc: fix incorrect cast to u64 on shift operation (git-fixes).
scsi: bnx2fc: Fix NULL dereference in error handling (bsc#1136502 jsc#SLE-4703).
scsi: bnx2fc: Fix NULL dereference in error handling (git-fixes).
scsi: bnx2fc: Limit the IO size according to the FW capability (bsc#1144582).
scsi: bnx2fc: Only put reference to io_req in bnx2fc_abts_cleanup if cleanup times out (bsc#1144582).
scsi: bnx2fc: Redo setting source FCoE MAC (bsc#1144582).
scsi: bnx2fc: Remove set but not used variable 'oxid' (bsc#1136502 jsc#SLE-4703).
scsi: bnx2fc: remove unneeded variable (bsc#1136502 jsc#SLE-4703).
scsi: bnx2fc: Separate out completion flags and variables for abort and cleanup (bsc#1144582).
scsi: bnx2fc: Update the driver version to 2.12.10 (bsc#1144582).
scsi: core: Fix race on creating sense cache (git-fixes).
scsi: core: set result when the command cannot be dispatched (git-fixes).
scsi: core: Synchronize request queue PM status only on successful resume (git-fixes).
scsi: cxgb4i: fix incorrect spelling 'reveive' -> 'receive' (bsc#1136346 jsc#SLE-4682).
scsi: cxgb4i: get pf number from lldi->pf (bsc#1136346 jsc#SLE-4682).
scsi: cxgb4i: validate tcp sequence number only if chip version <= T5 (bsc#1136346 jsc#SLE-4682).
scsi: cxlflash: Mark expected switch fall-throughs (bsc#1148868).
scsi: cxlflash: Prevent deadlock when adapter probe fails (git-fixes).
scsi: esp_scsi: Track residual for PIO transfers (git-fixes) Also, mitigate kABI changes.
scsi: fas216: fix sense buffer initialization (git-fixes).
scsi: hisi_sas: Add support for DIX feature for v3 hw (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100).
scsi: hisi_sas: change queue depth from 512 to 4096 (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100).
scsi: hisi_sas: Change SERDES_CFG init value to increase reliability of HiLink (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100).
scsi: hisi_sas: Disable stash for v3 hw (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100).
scsi: hisi_sas: Fix losing directly attached disk when hot-plug (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100).
scsi: hisi_sas: Ignore the error code between phy down to phy up (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100).
scsi: hisi_sas: Issue internal abort on all relevant queues (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100).
scsi: hisi_sas: kabi fixes (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100).
scsi: hisi_sas: print PHY RX errors count for later revision of v3 hw (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100).
scsi: hisi_sas: Reduce HISI_SAS_SGE_PAGE_CNT in size (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100).
scsi: hisi_sas: Reject setting programmed minimum linkrate > 1.5G (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100).
scsi: hisi_sas: send primitive NOTIFY to SSP situation only (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100).
scsi: hisi_sas: shutdown axi bus to avoid exception CQ returned (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100).
scsi: hisi_sas: Use pci_irq_get_affinity() for v3 hw as experimental (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100).
scsi: isci: initialize shost fully before calling scsi_add_host() (git-fixes).
scsi: libcxgbi: find cxgbi device by MAC address (bsc#1136352 jsc#SLE-4687).
scsi: libcxgbi: remove uninitialized variable len (bsc#1136352 jsc#SLE-4687).
scsi: libcxgbi: update route finding logic (bsc#1136352 jsc#SLE-4687)
scsi: libfc: fix null pointer dereference on a null lport (git-fixes).
scsi: libsas: delete sas port if expander discover failed (git-fixes).
scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached (git-fixes).
scsi: libsas: kABI protect struct sas_task_slow (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100).
scsi: libsas: only clear phy->in_shutdown after shutdown event done (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100).
scsi: lpfc: add check for loss of ndlp when sending RRQ (bsc#1148308).
scsi: lpfc: Add first and second level hardware revisions to sysfs (bsc#1146215).
scsi: lpfc: Add MDS driver loopback diagnostics support (bsc#1146215).
scsi: lpfc: Add NVMe sequence level error recovery support (bsc#1146215).
scsi: lpfc: Add simple unlikely optimizations to reduce NVME latency (bsc#1146215).
scsi: lpfc: Avoid unused function warnings (bsc#1148308).
scsi: lpfc: change snprintf to scnprintf for possible overflow (bsc#1146215).
scsi: lpfc: Convert timers to use timer_setup() (bsc#1148308).
scsi: lpfc: correct rcu unlock issue in lpfc_nvme_info_show (bsc#1148308).
scsi: lpfc: Default fdmi_on to on (bsc#1148308).
scsi: lpfc: Fix ADISC reception terminating login state if a NVME (bsc#1146215).
scsi: lpfc: Fix BlockGuard enablement on FCoE adapters (bsc#1146215).
scsi: lpfc: Fix coverity warnings (bsc#1146215).
scsi: lpfc: Fix crash due to port reset racing vs adapter error (bsc#1146215).
scsi: lpfc: Fix crash on driver unload in wq free (bsc#1146215).
scsi: lpfc: Fix crash when cpu count is 1 and null irq affinity mask (bsc#1146215).
scsi: lpfc: Fix deadlock on host_lock during cable pulls (bsc#1146215).
scsi: lpfc: Fix devices that do not return after devloss followed by (bsc#1146215).
scsi: lpfc: Fix discovery when target has no GID_FT information (bsc#1146215).
scsi: lpfc: Fix ELS field alignments (bsc#1146215).
scsi: lpfc: Fix error in remote port address change (bsc#1146215).
scsi: lpfc: Fix failure to clear non-zero eq_delay after io rate (bsc#1146215).
scsi: lpfc: Fix FLOGI handling across multiple link up/down (bsc#1146215).
scsi: lpfc: Fix hang when downloading fw on port enabled for nvme (bsc#1146215).
scsi: lpfc: Fix irq raising in lpfc_sli_hba_down (bsc#1146215).
scsi: lpfc: Fix issuing init_vpi mbox on SLI-3 card (bsc#1146215).
scsi: lpfc: Fix leak of ELS completions on adapter reset (bsc#1146215).
scsi: lpfc: Fix loss of remote port after devloss due to lack of RPIs (bsc#1146215).
scsi: lpfc: Fix Max Frame Size value shown in fdmishow output (bsc#1146215).
scsi: lpfc: Fix null ptr oops updating lpfc_devloss_tmo via sysfs (bsc#1146215).
scsi: lpfc: Fix nvme first burst module parameter description (bsc#1146215).
scsi: lpfc: Fix nvme sg_seg_cnt display if HBA does not support NVME (bsc#1146215).
scsi: lpfc: Fix nvme target mode ABTSing a received ABTS (bsc#1146215).
scsi: lpfc: Fix Oops in nvme_register with target logout/login (bsc#1146215).
scsi: lpfc: Fix oops when fewer hdwqs than cpus (bsc#1146215).
scsi: lpfc: Fix PLOGI failure with high remoteport count (bsc#1146215).
scsi: lpfc: Fix port relogin failure due to GID_FT interaction (bsc#1146215).
scsi: lpfc: Fix propagation of devloss_tmo setting to nvme transport (bsc#1146215).
scsi: lpfc: Fix reported physical link speed on a disabled trunked (bsc#1146215).
scsi: lpfc: Fix reset recovery paths that are not recovering (bsc#1144375).
scsi: lpfc: Fix sg_seg_cnt for HBAs that do not support NVME (bsc#1146215).
scsi: lpfc: Fix sli4 adapter initialization with MSI (bsc#1146215).
scsi: lpfc: Fix too many sg segments spamming in kernel log (bsc#1146215).
scsi: lpfc: Fix upcall to bsg done in non-success cases (bsc#1146215).
scsi: lpfc: Limit xri count for kdump environment (bsc#1146215).
scsi: lpfc: lpfc_sli: Mark expected switch fall-throughs (bsc#1148308).
scsi: lpfc: Make some symbols static (bsc#1148308).
scsi: lpfc: Merge per-protocol WQ/CQ pairs into single per-cpu pair (bsc#1146215).
scsi: lpfc: Merge per-protocol WQ/CQ pairs into single per-cpu pair (bsc#1146215).
scsi: lpfc: Migrate to %px and %pf in kernel print calls (bsc#1146215).
scsi: lpfc: no need to check return value of debugfs_create functions (bsc#1148308).
scsi: lpfc: nvme: avoid hang / use-after-free when destroying localport (bsc#1148308).
scsi: lpfc: nvmet: avoid hang / use-after-free when destroying targetport (bsc#1148308).
scsi: lpfc: remove a bogus pci_dma_sync_single_for_device call (bsc#1148308).
scsi: lpfc: Remove bg debugfs buffers (bsc#1144375).
scsi: lpfc: remove NULL check before some freeing functions (bsc#1146215).
scsi: lpfc: remove null check on nvmebuf (bsc#1148308).
scsi: lpfc: remove ScsiResult macro (bsc#1148308).
scsi: lpfc: Remove set but not used variable 'psli' (bsc#1148308).
scsi: lpfc: Remove set but not used variables 'fc_hdr' and 'hw_page_size' (bsc#1148308).
scsi: lpfc: Remove set but not used variables 'qp' (bsc#1148308).
scsi: lpfc: Remove set but not used variables 'tgtp' (bsc#1148308).
scsi: lpfc: Resolve checker warning for lpfc_new_io_buf() (bsc#1144375).
scsi: lpfc: resolve lockdep warnings (bsc#1148308).
scsi: lpfc: Support dynamic unbounded SGL lists on G7 hardware (bsc#1146215).
scsi: lpfc: Update lpfc version to 12.4.0.0 (bsc#1146215).
scsi: lpfc: Use dma_zalloc_coherent (bsc#1148308).
scsi: lpfc: use sg helper to iterate over scatterlist (bsc#1148308).
scsi: mac_scsi: Fix pseudo DMA implementation, take 2 (git-fixes).
scsi: mac_scsi: Increase PIO/PDMA transfer length threshold (git-fixes).
scsi: megaraid: fix out-of-bound array accesses (git-fixes).
scsi: megaraid_sas: Fix calculation of target ID (git-fixes).
scsi: megaraid_sas: IRQ poll to avoid CPU hard lockups (bsc#1143962).
scsi: megaraid_sas: Release Mutex lock before OCR in case of DCMD timeout (bsc#1143962).
scsi: mpt3sas: Determine smp affinity on per HBA basis (bsc#1143738).
scsi: mpt3sas: Fix msix load balance on and off settings (bsc#1143738).
scsi: mpt3sas: make driver options visible in sys (bsc#1143738).
scsi: mpt3sas: Mark expected switch fall-through (bsc#1143738).
scsi: mpt3sas: Remove CPU arch check to determine perf_mode (bsc#1143738).
scsi: mpt3sas: Use 63-bit DMA addressing on SAS35 HBA (bsc#1143738).
scsi: mpt3sas: Use configured PCIe link speed, not max (bsc#1143738).
scsi: mpt3sas: use DEVICE_ATTR_{RO, RW} (bsc#1143738).
scsi: NCR5380: Always re-enable reselection interrupt (git-fixes).
scsi: pmcraid: do not allocate a dma coherent buffer for sense data (bsc#1135990 jsc#SLE-4709).
scsi: pmcraid: simplify pmcraid_cancel_all a bit (bsc#1135990 jsc#SLE-4709).
scsi: pmcraid: use generic DMA API (bsc#1135990 jsc#SLE-4709).
scsi: pmcraid: use sg helper to iterate over scatterlist (bsc#1135990 jsc#SLE-4709).
scsi: prefix header search paths with $(srctree)/ (bsc#1136346 jsc#SLE-4682).
scsi: qedf: Add debug information for unsolicited processing (bsc#1149976).
scsi: qedf: Add shutdown callback handler (bsc#1149976).
scsi: qedf: Add support for 20 Gbps speed (bsc#1149976).
scsi: qedf: Check both the FCF and fabric ID before servicing clear virtual link (bsc#1149976).
scsi: qedf: Check for link state before processing LL2 packets and send fipvlan retries (bsc#1149976).
scsi: qedf: Check for module unloading bit before processing link update AEN (bsc#1149976).
scsi: qedf: Decrease the LL2 MTU size to 2500 (bsc#1149976).
scsi: qedf: Fix race betwen fipvlan request and response path (bsc#1149976).
scsi: qedf: Initiator fails to re-login to switch after link down (bsc#1149976).
scsi: qedf: Print message during bailout conditions (bsc#1149976).
scsi: qedf: remove memset/memcpy to nfunc and use func instead (git-fixes).
scsi: qedf: remove set but not used variables (bsc#1149976).
scsi: qedf: Stop sending fipvlan request on unload (bsc#1149976).
scsi: qedf: Update module description string (bsc#1149976).
scsi: qedf: Update the driver version to 8.37.25.20 (bsc#1149976).
scsi: qedf: Update the version to 8.42.3.0 (bsc#1149976).
scsi: qedf: Use discovery list to traverse rports (bsc#1149976).
scsi: qedi: remove declaration of nvm_image from stack (git-fixes).
scsi: qla2xxx: Add cleanup for PCI EEH recovery (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Add cleanup for PCI EEH recovery (bsc#1129424).
scsi: qla2xxx: Allow NVMe IO to resume with short cable pull (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Always check the qla2x00_wait_for_hba_online() return value (bsc#1143706).
scsi: qla2xxx: Avoid that Coverity complains about dereferencing a NULL rport pointer (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Avoid that lockdep complains about unsafe locking in tcm_qla2xxx_close_session() (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Avoid that qla2x00_mem_free() crashes if called twice (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Avoid that qlt_send_resp_ctio() corrupts memory (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Avoid that qlt_send_resp_ctio() corrupts memory (git-fixes).
scsi: qla2xxx: Change abort wait_loop from msleep to wait_event_timeout (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Change a stack variable into a static const variable (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Change data_dsd into an array (bsc#1143706).
scsi: qla2xxx: Change the return type of qla24xx_read_flash_data() (bsc#1143706).
scsi: qla2xxx: Change the return type of qla2x00_update_ms_fdmi_iocb() into void (bsc#1143706).
scsi: qla2xxx: Check secondary image if reading the primary image fails (bsc#1143706).
scsi: qla2xxx: Check the PCI info string output buffer size (bsc#1143706).
scsi: qla2xxx: Check the size of firmware data structures at compile time (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Cleanup fcport memory to prevent leak (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Cleanup redundant qla2x00_abort_all_cmds during unload (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: cleanup trace buffer initialization (bsc#1134476).
scsi: qla2xxx: Complain if a command is released that is owned by the firmware (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Complain if a mailbox command times out (bsc#1143706).
scsi: qla2xxx: Complain if a soft reset fails (bsc#1143706).
scsi: qla2xxx: Complain if parsing the version string fails (bsc#1143706).
scsi: qla2xxx: Complain if sp->done() is not called from the completion path (bsc#1143706).
scsi: qla2xxx: Complain if waiting for pending commands times out (bsc#1143706).
scsi: qla2xxx: Complain loudly about reference count underflow (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Correct error handling during initialization failures (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Declare fourth qla2x00_set_model_info() argument const (bsc#1143706).
scsi: qla2xxx: Declare local symbols static (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Declare qla24xx_build_scsi_crc_2_iocbs() static (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Declare qla2x00_find_new_loop_id() static (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Declare qla_tgt_cmd.cdb const (bsc#1143706).
scsi: qla2xxx: Declare the fourth ql_dump_buffer() argument const (bsc#1143706).
scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Do not corrupt vha->plogi_ack_list (bsc#1143706).
scsi: qla2xxx: Enable type checking for the SRB free and done callback functions (bsc#1143706).
scsi: qla2xxx: Fix abort timeout race condition (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Fix a format specifier (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Fix a format specifier (git-fixes).
scsi: qla2xxx: Fix an endian bug in fcpcmd_is_corrupted() (git-fixes).
scsi: qla2xxx: Fix a NULL pointer dereference (bsc#1143706).
scsi: qla2xxx: Fix a qla24xx_enable_msix() error path (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Fix a race condition between aborting and completing a SCSI command (bsc#1143706).
scsi: qla2xxx: Fix a small typo in qla_bsg.c (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Fix comment alignment in qla_bsg.c (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Fix device staying in blocked state (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Fix device staying in blocked state (git-fixes).
scsi: qla2xxx: Fix different size DMA Alloc/Unmap (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Fix DMA unmap leak (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Fix driver reload for ISP82xx (bsc#1143706).
scsi: qla2xxx: Fix driver unload when FC-NVMe LUNs are connected (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Fix error handling in qlt_alloc_qfull_cmd() (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Fix error handling in qlt_alloc_qfull_cmd() (git-fixes).
scsi: qla2xxx: Fix flash read for Qlogic ISPs (bsc#1143706).
scsi: qla2xxx: Fix formatting of pointer types (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Fix fw dump corruption (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Fix hang in fcport delete path (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Fix hardirq-unsafe locking (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Fix hardlockup in abort command during driver remove (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Fix kernel crash after disconnecting NVMe devices (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Fix message indicating vectors used by driver (bsc#1143706).
scsi: qla2xxx: Fix NULL pointer crash due to stale CPUID (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Fix NVME cmd and LS cmd timeout race condition (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Fix NVMe port discovery after a short device port loss (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Fix possible fcport null-pointer dereferences (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Fix premature timer expiration (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Fix qla24xx_process_bidir_cmd() (bsc#1143706).
scsi: qla2xxx: Fix race conditions in the code for aborting SCSI commands (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Fix Relogin to prevent modifying scan_state flag (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Fix session lookup in qlt_abort_work() (bsc#1143706).
scsi: qla2xxx: fix spelling mistake 'alredy' -> 'already' (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Fix stale session (bsc#1143706).
scsi: qla2xxx: Fix stuck login session (bsc#1143706).
scsi: qla2xxx: Fix use-after-free issues in qla2xxx_qpair_sp_free_dma() (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Further limit FLASH region write access from SysFS (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Improve Linux kernel coding style conformance (bsc#1143706).
scsi: qla2xxx: Include the header file from qla_dsd.h (bsc#1143706).
scsi: qla2xxx: Increase the max_sgl_segments to 1024 (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Increase the size of the mailbox arrays from 4 to 8 (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Inline the qla2x00_fcport_event_handler() function (bsc#1143706).
scsi: qla2xxx: Insert spaces where required (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Introduce qla2x00_els_dcmd2_free() (bsc#1143706).
scsi: qla2xxx: Introduce qla2xxx_get_next_handle() (bsc#1143706).
scsi: qla2xxx: Introduce the be_id_t and le_id_t data types for FC src/dst IDs (bsc#1143706).
scsi: qla2xxx: Introduce the dsd32 and dsd64 data structures (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Introduce the function qla2xxx_init_sp() (bsc#1143706).
scsi: qla2xxx: Leave a blank line after declarations (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Let the compiler check the type of the SCSI command context pointer (bsc#1143706).
scsi: qla2xxx: Log the status code if a firmware command fails (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Make it explicit that ELS pass-through IOCBs use little endian (bsc#1143706).
scsi: qla2xxx: Make qla24xx_async_abort_cmd() static (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Make qla2x00_abort_srb() again decrease the sp reference count (bsc#1143706).
scsi: qla2xxx: Make qla2x00_mem_free() easier to verify (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Make qla2x00_process_response_queue() easier to read (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Make qlt_handle_abts_completion() more robust (bsc#1143706).
scsi: qla2xxx: Make sure that aborted commands are freed (bsc#1143706).
scsi: qla2xxx: Modify NVMe include directives (bsc#1143706).
scsi: qla2xxx: move IO flush to the front of NVME rport unregistration (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Move qla2x00_clear_loop_id() from qla_inline.h into qla_init.c (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Move qla2x00_is_reserved_id() from qla_inline.h into qla_init.c (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Move qla2x00_set_fcport_state() from a .h into a .c file (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Move qla2x00_set_reserved_loop_ids() definition (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Move the include directive (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Move the port_state_str definition from a .h to a .c file (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: on session delete, return nvme cmd (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Pass little-endian values to the firmware (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: qla2x00_alloc_fw_dump: set ha->eft (bsc#1134476).
scsi: qla2xxx: Really fix qla2xxx_eh_abort() (bsc#1143706).
scsi: qla2xxx: Reduce the number of casts in GID list code (bsc#1143706).
scsi: qla2xxx: Reduce the number of forward declarations (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Reduce the scope of three local variables in qla2xxx_queuecommand() (bsc#1143706).
scsi: qla2xxx: Reject EH_{abort|device_reset|target_request} (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Remove a comment that refers to the SCSI host lock (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Remove an include directive from qla_mr.c (bsc#1143706).
scsi: qla2xxx: Remove a set-but-not-used variable (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Remove a superfluous forward declaration (bsc#1143706).
scsi: qla2xxx: Remove a superfluous pointer check (bsc#1143706).
scsi: qla2xxx: Remove dead code (bsc#1143706).
scsi: qla2xxx: remove double assignment in qla2x00_update_fcport (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Remove qla_tgt_cmd.data_work and qla_tgt_cmd.data_work_free (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Remove qla_tgt_cmd.released (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Remove superfluous sts_entry_* casts (bsc#1143706).
scsi: qla2xxx: Remove the fcport test from qla_nvme_abort_work() (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Remove two superfluous casts (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Remove two superfluous if-tests (bsc#1143706).
scsi: qla2xxx: Remove two superfluous tests (bsc#1143706).
scsi: qla2xxx: Remove unnecessary locking from the target code (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Remove unnecessary null check (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Remove unreachable code from qla83xx_idc_lock() (bsc#1143706).
scsi: qla2xxx: Remove useless set memory to zero use memset() (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Replace vmalloc + memset with vzalloc (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Report invalid mailbox status codes (bsc#1143706).
scsi: qla2xxx: Report the firmware status code if a mailbox command fails (bsc#1143706).
scsi: qla2xxx: Reset the FCF_ASYNC_{SENT|ACTIVE} flags (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Retry fabric Scan on IOCB queue full (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Rework key encoding in qlt_find_host_by_d_id() (bsc#1143706).
scsi: qla2xxx: Set the qpair in SRB to NULL when SRB is released (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Set the responder mode if appropriate for ELS pass-through IOCBs (bsc#1143706).
scsi: qla2xxx: Set the SCSI command result before calling the command done (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Silence Successful ELS IOCB message (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Simplify a debug statement (bsc#1143706).
scsi: qla2xxx: Simplify qla24xx_abort_sp_done() (bsc#1143706).
scsi: qla2xxx: Simplify qla24xx_async_abort_cmd() (bsc#1143706).
scsi: qla2xxx: Simplify qlt_lport_dump() (bsc#1143706).
scsi: qla2xxx: Simplify qlt_send_term_imm_notif() (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Skip FW dump on LOOP initialization error (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Suppress a Coveritiy complaint about integer overflow (bsc#1143706).
scsi: qla2xxx: Suppress multiple Coverity complaint about out-of-bounds accesses (bsc#1143706).
scsi: qla2xxx: target: Fix offline port handling and host reset handling (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Uninline qla2x00_init_timer() (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Unregister chrdev if module initialization fails (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Unregister chrdev if module initialization fails (git-fixes).
scsi: qla2xxx: Unregister resources in the opposite order of the registration order (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Update driver version to 10.01.00.16-k (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Update driver version to 10.01.00.18-k (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Update driver version to 10.01.00.19-k (bsc#1143706).
scsi: qla2xxx: Update two source code comments (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Update two source code comments (git-fixes).
scsi: qla2xxx: Use an on-stack completion in qla24xx_control_vp() (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Use ARRAY_SIZE() in the definition of QLA_LAST_SPEED (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Use common update-firmware-options routine for ISP27xx+ (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Use Correct index for Q-Pair array (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Use get/put_unaligned where appropriate (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Use __le64 instead of uint32_t[2] for sending DMA addresses to firmware (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Use memcpy() and strlcpy() instead of strcpy() and strncpy() (bsc#1143706).
scsi: qla2xxx: Use mutex protection during qla2x00_sysfs_read_fw_dump() (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Use strlcpy() instead of strncpy() (bsc#1143706).
scsi: qla2xxx: Use tabs instead of spaces for indentation (bsc#1143706).
scsi: qla2xxx: Use tabs to indent code (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: qla2xxx: Verify locking assumptions at runtime (bsc#1143706).
scsi: qla4xxx: avoid freeing unallocated dma memory (git-fixes).
scsi: raid_attrs: fix unused variable warning (git-fixes).
scsi: sas: Convert timers to use timer_setup() (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100).
scsi: scsi_dh_alua: Fix possible null-ptr-deref (git-fixes).
scsi: scsi_transport_fc: nvme: display FC-NVMe port roles (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: sd: Defer spinning up drive while SANITIZE is in progress (git-fixes).
scsi: sd: Fix a race between closing an sd device and sd I/O (git-fixes).
scsi: sd: Fix cache_type_store() (git-fixes).
scsi: sd: Optimal I/O size should be a multiple of physical block size (git-fixes).
scsi: sd: Quiesce warning if device does not report optimal I/O size (git-fixes).
scsi: sd: use mempool for discard special page (git-fixes).
scsi: sd_zbc: Fix potential memory leak (git-fixes).
scsi: smartpqi: unlock on error in pqi_submit_raid_request_synchronous() (git-fixes).
scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled (git-fixes).
scsi: target: iscsi: cxgbit: add missing spin_lock_init() (bsc#1136349 jsc#SLE-4685).
scsi: tcm_qla2xxx: Minimize #include directives (bsc#1082635 bsc#1141340 bsc#1143706).
scsi: ufs: Avoid runtime suspend possibly being blocked forever (git-fixes).
scsi: ufs: Check that space was properly alloced in copy_query_response (git-fixes).
scsi: ufs: Fix NULL pointer dereference in ufshcd_config_vreg_hpm() (git-fixes).
scsi: ufs: Fix RX_TERMINATION_FORCE_ENABLE define value (git-fixes).
scsi: ufs: fix wrong command type of UTRD for UFSHCI v2.1 (git-fixes).
scsi: use dma_get_cache_alignment() as minimum DMA alignment (git-fixes).
scsi: virtio_scsi: do not send sc payload with tmfs (git-fixes).
sctp: change to hold sk after auth shkey is created successfully (networking-stable-19_07_02).
sdhci-fujitsu: add support for setting the CMD_DAT_DELAY attribute (bsc#1145256).
serial: 8250: Fix TX interrupt handling condition (bsc#1051510).
signal/cifs: Fix cifs_put_tcp_session to call send_sig instead of force_sig (bsc#1144333).
sis900: fix TX completion (bsc#1051510).
sky2: Disable MSI on ASUS P6T (bsc#1142496).
smb2: fix missing files in root share directory listing (bsc#1112907, bsc#1144333).
smb2: fix typo in definition of a few error flags (bsc#1144333).
smb2: fix uninitialized variable bug in smb2_ioctl_query_info (bsc#1144333).
smb3.1.1: Add GCM crypto to the encrypt and decrypt functions (bsc#1144333).
smb3.1.1 dialect is no longer experimental (bsc#1051510, bsc#1144333).
smb311: Fix reconnect (bsc#1051510, bsc#1144333).
smb311: Improve checking of negotiate security contexts (bsc#1051510, bsc#1144333).
smb3.11: replace a 4 with server->vals->header_preamble_size (bsc#1144333).
smb3: add additional ftrace entry points for entry/exit to cifs.ko (bsc#1144333).
smb3: add credits we receive from oplock/break PDUs (bsc#1144333).
smb3: add debug for unexpected mid cancellation (bsc#1144333).
smb3: Add debug message later in smb2/smb3 reconnect path (bsc#1144333).
smb3: add define for id for posix create context and corresponding struct (bsc#1144333).
smb3: Add defines for new negotiate contexts (bsc#1144333).
smb3: add dynamic trace point for query_info_enter/done (bsc#1144333).
smb3: add dynamic trace point for smb3_cmd_enter (bsc#1144333).
smb3: add dynamic tracepoint for timeout waiting for credits (bsc#1144333).
smb3: add dynamic tracepoints for simple fallocate and zero range (bsc#1144333).
smb3: Add dynamic trace points for various compounded smb3 ops (bsc#1144333).
smb3: Add ftrace tracepoints for improved SMB3 debugging (bsc#1144333).
smb3: Add handling for different FSCTL access flags (bsc#1144333).
smb3: add missing read completion trace point (bsc#1144333).
smb3: add module alias for smb3 to cifs.ko (bsc#1144333).
smb3: add new mount option to retrieve mode from special ACE (bsc#1144333).
smb3: Add posix create context for smb3.11 posix mounts (bsc#1144333).
smb3: Add protocol structs for change notify support (bsc#1144333).
smb3: add reconnect tracepoints (bsc#1144333).
smb3: Add SMB3.1.1 GCM to negotiated crypto algorigthms (bsc#1144333).
smb3: add smb3.1.1 to default dialect list (bsc#1144333).
smb3: Add support for multidialect negotiate (SMB2.1 and later) (bsc#1051510, bsc#1144333).
smb3: add support for posix negotiate context (bsc#1144333).
smb3: add support for statfs for smb3.1.1 posix extensions (bsc#1144333).
smb3: add tracepoint for sending lease break responses to server (bsc#1144333).
smb3: add tracepoint for session expired or deleted (bsc#1144333).
smb3: add tracepoint for slow responses (bsc#1144333).
smb3: add trace point for tree connection (bsc#1144333).
smb3: add tracepoints for query dir (bsc#1144333).
smb3: Add tracepoints for read, write and query_dir enter (bsc#1144333).
smb3: add tracepoints for smb2/smb3 open (bsc#1144333).
smb3: add tracepoint to catch cases where credit refund of failed op overlaps reconnect (bsc#1144333).
smb3: add way to control slow response threshold for logging and stats (bsc#1144333).
smb3: allow more detailed protocol info on open files for debugging (bsc#1144333).
smb3: Allow persistent handle timeout to be configurable on mount (bsc#1144333).
smb3: allow posix mount option to enable new SMB311 protocol extensions (bsc#1144333).
smb3: allow previous versions to be mounted with snapshot= mount parm (bsc#1144333).
smb3: Allow query of symlinks stored as reparse points (bsc#1144333).
smb3: Allow SMB3 FSCTL queries to be sent to server from tools (bsc#1144333).
smb3: allow stats which track session and share reconnects to be reset (bsc#1051510, bsc#1144333).
smb3: Backup intent flag missing for directory opens with backupuid mounts (bsc#1051510, bsc#1144333).
smb3: Backup intent flag missing from compounded ops (bsc#1144333).
smb3: check for and properly advertise directory lease support (bsc#1051510, bsc#1144333).
smb3 - clean up debug output displaying network interfaces (bsc#1144333).
smb3: Cleanup license mess (bsc#1144333).
smb3: Clean up query symlink when reparse point (bsc#1144333).
smb3: create smb3 equivalent alias for cifs pseudo-xattrs (bsc#1144333).
smb3: directory sync should not return an error (bsc#1051510, bsc#1144333).
smb3: display bytes_read and bytes_written in smb3 stats (bsc#1144333).
smb3: display security information in /proc/fs/cifs/DebugData more accurately (bsc#1144333).
smb3: display session id in debug data (bsc#1144333).
smb3: display stats counters for number of slow commands (bsc#1144333).
smb3: display volume serial number for shares in /proc/fs/cifs/DebugData (bsc#1144333).
smb3: do not allow insecure cifs mounts when using smb3 (bsc#1144333).
smb3: do not attempt cifs operation in smb3 query info error path (bsc#1051510, bsc#1144333).
smb3: do not display confusing message on mount to Azure servers (bsc#1144333).
smb3: do not display empty interface list (bsc#1144333).
smb3: Do not ignore O_SYNC/O_DSYNC and O_DIRECT flags (bsc#1085536, bsc#1144333).
smb3: do not request leases in symlink creation and query (bsc#1051510, bsc#1144333).
smb3: do not send compression info by default (bsc#1144333).
smb3: Do not send SMB3 SET_INFO if nothing changed (bsc#1051510, bsc#1144333).
smb3: enumerating snapshots was leaving part of the data off end (bsc#1051510, bsc#1144333).
smb3: fill in statfs fsid and correct namelen (bsc#1112905, bsc#1144333).
smb3: Fix 3.11 encryption to Windows and handle encrypted smb3 tcon (bsc#1051510, bsc#1144333).
smb3: fix bytes_read statistics (bsc#1144333).
smb3: fix corrupt path in subdirs on smb311 with posix (bsc#1144333).
smb3: Fix deadlock in validate negotiate hits reconnect (bsc#1144333).
smb3: Fix endian warning (bsc#1144333, bsc#1137884).
smb3: Fix enumerating snapshots to Azure (bsc#1144333).
smb3: fix large reads on encrypted connections (bsc#1144333).
smb3: fix lease break problem introduced by compounding (bsc#1144333).
smb3: Fix length checking of SMB3.11 negotiate request (bsc#1051510, bsc#1144333).
smb3: fix minor debug output for CONFIG_CIFS_STATS (bsc#1144333).
smb3: Fix mode on mkdir on smb311 mounts (bsc#1144333).
smb3: Fix potential memory leak when processing compound chain (bsc#1144333).
smb3: fix redundant opens on root (bsc#1144333).
smb3: fix reset of bytes read and written stats (bsc#1112906, bsc#1144333).
smb3: Fix rmdir compounding regression to strict servers (bsc#1144333).
smb3: Fix root directory when server returns inode number of zero (bsc#1051510, bsc#1144333).
smb3: Fix SMB3.1.1 guest mounts to Samba (bsc#1051510, bsc#1144333).
smb3: fix various xid leaks (bsc#1051510, bsc#1144333).
smb3: for kerberos mounts display the credential uid used (bsc#1144333).
smb3: handle new statx fields (bsc#1085536, bsc#1144333).
smb3: if max_credits is specified then display it in /proc/mounts (bsc#1144333).
smb3: if server does not support posix do not allow posix mount option (bsc#1144333).
smb3: improve dynamic tracing of open and posix mkdir (bsc#1144333).
smb3: increase initial number of credits requested to allow write (bsc#1144333).
smb3: Kernel oops mounting a encryptData share with CONFIG_DEBUG_VIRTUAL (bsc#1144333).
smb3: Log at least once if tree connect fails during reconnect (bsc#1144333).
smb3: make default i/o size for smb3 mounts larger (bsc#1144333).
smb3: minor cleanup of compound_send_recv (bsc#1144333).
smb3: minor debugging clarifications in rfc1001 len processing (bsc#1144333).
smb3: minor missing defines relating to reparse points (bsc#1144333).
smb3: missing defines and structs for reparse point handling (bsc#1144333).
smb3: note that smb3.11 posix extensions mount option is experimental (bsc#1144333).
smb3: Number of requests sent should be displayed for SMB3 not just CIFS (bsc#1144333).
smb3: on kerberos mount if server does not specify auth type use krb5 (bsc#1051510, bsc#1144333).
smb3: on reconnect set PreviousSessionId field (bsc#1112899, bsc#1144333).
smb3: optimize open to not send query file internal info (bsc#1144333).
smb3: passthru query info does not check for SMB3 FSCTL passthru (bsc#1144333).
smb3: print tree id in debugdata in proc to be able to help logging (bsc#1144333).
smb3: query inode number on open via create context (bsc#1144333).
smb3: remove noisy warning message on mount (bsc#1129664, bsc#1144333).
smb3: remove per-session operations from per-tree connection stats (bsc#1144333).
smb3: rename encryption_required to smb3_encryption_required (bsc#1144333).
smb3: request more credits on normal (non-large read/write) ops (bsc#1144333).
smb3: request more credits on tree connect (bsc#1144333).
smb3: retry on STATUS_INSUFFICIENT_RESOURCES instead of failing write (bsc#1144333).
smb3: send backup intent on compounded query info (bsc#1144333).
smb3: send CAP_DFS capability during session setup (bsc#1144333).
smb3: Send netname context during negotiate protocol (bsc#1144333).
smb3: show number of current open files in /proc/fs/cifs/Stats (bsc#1144333).
smb3: simplify code by removing CONFIG_CIFS_SMB311 (bsc#1051510, bsc#1144333).
smb3: smbdirect no longer experimental (bsc#1144333).
smb3: snapshot mounts are read-only and make sure info is displayable about the mount (bsc#1144333).
smb3: track the instance of each session for debugging (bsc#1144333).
smb3: Track total time spent on roundtrips for each SMB3 command (bsc#1144333).
smb3: trivial cleanup to smb2ops.c (bsc#1144333).
smb3: update comment to clarify enumerating snapshots (bsc#1144333).
smb3: update default requested iosize to 4MB from 1MB for recent dialects (bsc#1144333).
smb3: Update POSIX negotiate context with POSIX ctxt GUID (bsc#1144333).
smb3: Validate negotiate request must always be signed (bsc#1064597, bsc#1144333).
smb3: Warn user if trying to sign connection that authenticated as guest (bsc#1085536, bsc#1144333).
smbd: Make upper layer decide when to destroy the transport (bsc#1144333).
smb: fix leak of validate negotiate info response buffer (bsc#1064597, bsc#1144333).
smb: fix validate negotiate info uninitialised memory use (bsc#1064597, bsc#1144333).
smb: Validate negotiate (to protect against downgrade) even if signing off (bsc#1085536, bsc#1144333).
smpboot: Place the __percpu annotation correctly (git fixes).
soc: rockchip: power-domain: Add a sanity check on pd->num_clks (bsc#1144718,bsc#1144813).
soc: rockchip: power-domain: use clk_bulk APIs (bsc#1144718,bsc#1144813).
soc: rockchip: power-domain: Use of_clk_get_parent_count() instead of open coding (bsc#1144718,bsc#1144813).
sound: fix a memory leak bug (bsc#1051510).
spi: bcm2835aux: fix corruptions for longer spi transfers (bsc#1051510).
spi: bcm2835aux: remove dangerous uncontrolled read of fifo (bsc#1051510).
spi: bcm2835aux: unifying code between polling and interrupt driven code (bsc#1051510).
st21nfca_connectivity_event_received: null check the allocation (bsc#1051510).
staging: comedi: dt3000: Fix rounding up of timer divisor (bsc#1051510).
staging: comedi: dt3000: Fix signed integer overflow 'divider * base' (bsc#1051510).
staging: fsl-dpaa2/ethsw: fix memory leak of switchdev_work (bsc#1111666).
st_nci_hci_connectivity_event_received: null check the allocation (bsc#1051510).
supported.conf: Add missing modules (bsc#1066369).
supported.conf: Remove duplicate drivers/ata/libahci_platform
supported.conf: Remove duplicate entries
supported.conf: Sort alphabetically, align comments.
supported.conf: Sort alphabetically, align comments.
tcp: Reset bytes_acked and bytes_received when disconnecting (networking-stable-19_07_25).
test_firmware: fix a memory leak bug (bsc#1051510).
tipc: change to use register_pernet_device (networking-stable-19_07_02).
tools: bpftool: close prog FD before exit on showing a single program (bsc#1109837).
tools: bpftool: fix error message (prog -> object) (bsc#1109837).
tpm: Fix off-by-one when reading binary_bios_measurements (bsc#1082555).
tpm: Fix TPM 1.2 Shutdown sequence to prevent future TPM operations (bsc#1082555).
tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete (bsc#1082555).
tpm: Unify the send callback behaviour (bsc#1082555).
tpm: vtpm_proxy: Suppress error logging when in closed state (bsc#1082555).
tracing: Fix header include guards in trace event headers (bsc#1144474).
Tree connect for SMB3.1.1 must be signed for non-encrypted shares (bsc#1051510, bsc#1144333).
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 231 (bsc#1144333).
tty/ldsem, locking/rwsem: Add missing ACQUIRE to read_failed sleep loop (bsc#1051510).
tty: max310x: Fix invalid baudrate divisors calculator (bsc#1051510).
tty/serial: digicolor: Fix digicolor-usart already registered warning (bsc#1051510).
tty: serial: msm_serial: avoid system lockup condition (bsc#1051510).
tua6100: Avoid build warnings (bsc#1051510).
tun: mark small packets as owned by the tap sock (bsc#1109837).
tun: wake up waitqueues after IFF_UP is set (networking-stable-19_07_02).
udf: Fix incorrect final NOT_ALLOCATED (hole) extent length (bsc#1148617).
update internal version number for cifs.ko (bsc#1144333).
Update session and share information displayed for debugging SMB2/SMB3 (bsc#1144333).
Update version of cifs module (bsc#1144333).
usb: cdc-acm: make sure a refcount is taken early enough (bsc#1142635).
usb: CDC: fix sanity checks in CDC union parser (bsc#1142635).
usb: cdc-wdm: fix race between write and disconnect due to flag abuse (bsc#1051510).
usb: chipidea: udc: do not do hardware access if gadget has stopped (bsc#1051510).
usb: core: Fix races in character device registration and deregistraion (bsc#1051510).
usb: core: hub: Disable hub-initiated U1/U2 (bsc#1051510).
usb: gadget: composite: Clear 'suspended' on reset/disconnect (bsc#1051510).
usb: gadget: udc: renesas_usb3: Fix sysfs interface of 'role' (bsc#1142635).
usb: Handle USB3 remote wakeup for LPM enabled devices correctly (bsc#1051510).
usb: host: fotg2: restart hcd after port reset (bsc#1051510).
usb: host: ohci: fix a race condition between shutdown and irq (bsc#1051510).
usb: host: xhci-rcar: Fix timeout in xhci_suspend() (bsc#1051510).
usb: host: xhci: rcar: Fix typo in compatible string matching (bsc#1051510).
usb: iowarrior: fix deadlock on disconnect (bsc#1051510).
usb: serial: option: add D-Link DWM-222 device ID (bsc#1051510).
usb: serial: option: Add Motorola modem UARTs (bsc#1051510).
usb: serial: option: Add support for ZTE MF871A (bsc#1051510).
usb: serial: option: add the BroadMobi BM818 card (bsc#1051510).
usb-storage: Add new JMS567 revision to unusual_devs (bsc#1051510).
usb: storage: ums-realtek: Update module parameter description for auto_delink_en (bsc#1051510).
usb: storage: ums-realtek: Whitelist auto-delink support (bsc#1051510).
usb: typec: tcpm: free log buf memory when remove debug file (bsc#1111666).
usb: typec: tcpm: Ignore unsupported/unknown alternate mode requests (bsc#1111666).
usb: typec: tcpm: remove tcpm dir if no children (bsc#1111666).
usb: usbfs: fix double-free of usb memory upon submiturb error (bsc#1051510).
usb: wusbcore: fix unbalanced get/put cluster_id (bsc#1051510).
usb: yurex: Fix use-after-free in yurex_delete (bsc#1051510).
vfs: fix page locking deadlocks when deduping files (bsc#1148619).
virtio/s390: fix race on airq_areas (bsc#1145357).
VMCI: Release resource if the work is already queued (bsc#1051510).
vrf: make sure skb->data contains ip header to make routing (networking-stable-19_07_25).
watchdog: bcm2835_wdt: Fix module autoload (bsc#1051510).
watchdog: core: fix null pointer dereference when releasing cdev (bsc#1051510).
watchdog: f71808e_wdt: fix F81866 bit operation (bsc#1051510).
watchdog: fix compile time error of pretimeout governors (bsc#1051510).
wimax/i2400m: fix a memory leak bug (bsc#1051510).
x86/asm: Remove dead __GNUC__ conditionals (bsc#1112178).
x86/boot: Fix memory leak in default_get_smp_config() (bsc#1114279).
x86/dma: Get rid of iommu_pass_through (bsc#1136039).
x86/entry/64/compat: Fix stack switching for XEN PV (bsc#1108382).
x86/microcode: Fix the microcode load on CPU hotplug for real (bsc#1114279).
x86/mm: Check for pfn instead of page in vmalloc_sync_one() (bsc#1118689).
x86/mm: Sync also unmappings in vmalloc_sync_all() (bsc#1118689).
x86/resctrl: Prevent NULL pointer dereference when local MBM is disabled (bsc#1112178).
x86/speculation: Allow guests to use SSBD even if host does not (bsc#1114279).
x86/speculation/mds: Apply more accurate check on hypervisor platform (bsc#1114279).
x86/unwind: Add hardcoded ORC entry for NULL (bsc#1114279).
x86/unwind: Handle NULL pointer calls better in frame unwinder (bsc#1114279).
xdp: unpin xdp umem pages in error path (bsc#1109837).
xen/swiotlb: fix condition for calling xen_destroy_contiguous_region() (bsc#1065600).
xfrm: Fix bucket count reported to userspace (bsc#1143300).
xfrm: Fix error return code in xfrm_output_one() (bsc#1143300).
xfrm: Fix NULL pointer dereference in xfrm_input when skb_dst_force clears the dst_entry (bsc#1143300).
xfrm: Fix NULL pointer dereference when skb_dst_force clears the dst_entry (bsc#1143300).
xfs: do not crash on null attr fork xfs_bmapi_read (bsc#1148035).
xfs: do not trip over uninitialized buffer on extent read of corrupted inode (bsc#1149053).
xfs: dump transaction usage details on log reservation overrun (bsc#1145235).
xfs: eliminate duplicate icreate tx reservation functions (bsc#1145235).
xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT (bsc#1148032).
xfs: fix semicolon.cocci warnings (bsc#1145235).
xfs: fix up agi unlinked list reservations (bsc#1145235).
xfs: include an allocfree res for inobt modifications (bsc#1145235).
xfs: include inobt buffers in ifree tx log reservation (bsc#1145235).
xfs: print transaction log reservation on overrun (bsc#1145235).
xfs: refactor inode chunk alloc/free tx reservation (bsc#1145235).
xfs: refactor xlog_cil_insert_items() to facilitate transaction dump (bsc#1145235).
xfs: remove more ondisk directory corruption asserts (bsc#1148034).
xfs: separate shutdown from ticket reservation print helper (bsc#1145235).
xfs: truncate transaction does not modify the inobt (bsc#1145235).

Advisory ID	SUSE-RU-2019:2929-1
Released	Thu Nov 7 16:45:13 2019
Summary	Recommended update for python-kubernetes
Type	recommended
Severity	moderate
References	1151481

Description:

This update for python-kubernetes fixes the following issues:

python-ipaddress is only required for building on Python2 (on Python3 is part of the standard library)
Backport fix for base64 padding in kubeconfig (bsc#1151481)

Advisory ID	SUSE-SU-2019:3295-1
Released	Fri Dec 13 18:30:02 2019
Summary	Security update for the Linux Kernel
Type	security
Severity	important
References	1046299,1046303,1046305,1048942,1050244,1050536,1050545,1051510,1054914,1055117,1055186,1061840,1064802,1065600,1065729,1066129,1071995,1073513,1082555,1082635,1083647,1086323,1087092,1089644,1090631,1091041,1093205,1096254,1097583,1097584,1097585,1097586,1097587,1097588,1098291,1101674,1104967,1109158,1111666,1112178,1113722,1113994,1114279,1117665,1119086,1119461,1119465,1123034,1123080,1127988,1131107,1131304,1133140,1134303,1135642,1135854,1135873,1135966,1135967,1137040,1137069,1137799,1137861,1137865,1137959,1137982,1138190,1139073,1140090,1140155,1140729,1140845,1140883,1141013,1141600,1142076,1142635,1142667,1143706,1144338,1144375,1144449,1144903,1145099,1146042,1146519,1146540,1146612,1146664,1148133,1148410,1148712,1148868,1149119,1149313,1149446,1149448,1149555,1149651,1149853,1150305,1150381,1150423,1150452,1150457,1150465,1150466,1150846,1150875,1151067,1151192,1151350,1151508,1151610,1151661,1151662,1151667,1151680,1151807,1151891,1151955,1152024,1152025,1152026,1152033,1152161,1152187,1152243,1152325,1152457,1152460,1152466,1152497,1152505,1152506,1152525,1152624,1152665,1152685,1152696,1152697,1152782,1152788,1152790,1152791,1152972,1152974,1152975,1153112,1153158,1153236,1153263,1153476,1153509,1153607,1153646,1153681,1153713,1153717,1153718,1153719,1153811,1153969,1154108,1154124,1154189,1154242,1154268,1154354,1154372,1154521,1154526,1154578,1154601,1154607,1154608,1154610,1154611,1154651,1154737,1154747,1154848,1154858,1154905,1154956,1155021,1155061,1155178,1155179,1155184,1155186,1155671,1155692,1155812,1155817,1155836,1155945,1155982,1156187,1156429,1156466,1156494,1156609,1156700,1156729,1156882,CVE-2017-18595,CVE-2018-12207,CVE-2019-0154,CVE-2019-0155,CVE-2019-10220,CVE-2019-11135,CVE-2019-14821,CVE-2019-15291,CVE-2019-15916,CVE-2019-16231,CVE-2019-16232,CVE-2019-16233,CVE-2019-16234,CVE-2019-16995,CVE-2019-17055,CVE-2019-17056,CVE-2019-17133,CVE-2019-17666,CVE-2019-18805,CVE-2019-9506

Description:

The SUSE Linux Enterprise 15 SP1 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:

CVE-2019-15916: Fixed a memory leak in register_queue_kobjects() which might have led denial of service (bsc#1149448).
CVE-2019-0154: Fixed an improper access control in subsystem for Intel (R) processor graphics whichs may have allowed an authenticated user to potentially enable denial of service via local access (bsc#1135966).
CVE-2019-0155: Fixed an improper access control in subsystem for Intel (R) processor graphics whichs may have allowed an authenticated user to potentially enable escalation of privilege via local access (bsc#1135967).
CVE-2019-16231: Fixed a NULL pointer dereference due to lack of checking the alloc_workqueue return value (bsc#1150466).
CVE-2019-18805: Fixed an integer overflow in tcp_ack_update_rtt() leading to a denial of service or possibly unspecified other impact (bsc#1156187).
CVE-2019-17055: Enforced CAP_NET_RAW in the AF_ISDN network module to restrict unprivileged users to create a raw socket (bsc#1152782).
CVE-2019-16995: Fixed a memory leak in hsr_dev_finalize() which may have caused denial of service (bsc#1152685).
CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described 'Microarchitectural Data Sampling' attack.(bsc#1139073). The Linux kernel was supplemented with the option to disable TSX operation altogether (requiring CPU Microcode updates on older systems) and better flushing of microarchitectural buffers (VERW). The set of options available is described in our TID at https://www.suse.com/support/kb/doc/?id=7024251
CVE-2019-16233: drivers/scsi/qla2xxx/qla_os.c did not check the alloc_workqueue return value, leading to a NULL pointer dereference. (bsc#1150457).
CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional.
CVE-2019-10220: Added sanity checks on the pathnames passed to the user space. (bsc#1144903)
CVE-2019-17666: rtlwifi: Fix potential overflow in P2P code (bsc#1154372).
CVE-2019-16232: Fix a potential NULL pointer dereference in the Marwell libertas driver (bsc#1150465).
CVE-2019-16234: iwlwifi pcie driver did not check the alloc_workqueue return value, leading to a NULL pointer dereference. (bsc#1150452).
CVE-2019-17133: cfg80211 wireless extension did not reject a long SSID IE, leading to a Buffer Overflow (bsc#1153158).
CVE-2019-17056: The AF_NFC network module did not enforce CAP_NET_RAW, which meant that unprivileged users could create a raw socket (bsc#1152788).
CVE-2019-15291: Fixed a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function (bsc#1146519).
CVE-2019-14821: Fixed an out-of-bounds access resulting in a denial of service or potentially escalating privileges on the system (bnc#1151350).
CVE-2017-18595: Fixed a double free which caused by the function allocate_trace_buffer (bsc#1149555).
CVE-2019-9506: Fixed an issue with Bluetooth which permited low encryption key length and did not prevent an attacker from influencing the key length negotiation allowing brute-force attacks (bsc#1137865).

The following non-security bugs were fixed:

9p: avoid attaching writeback_fid on mmap with type PRIVATE (bsc#1051510).
ACPI / CPPC: do not require the _PSD method (bsc#1051510).
ACPI: CPPC: Set pcc_data[pcc_ss_id] to NULL in acpi_cppc_processor_exit() (bsc#1051510).
ACPI: custom_method: fix memory leaks (bsc#1051510).
ACPI / PCI: fix acpi_pci_irq_enable() memory leak (bsc#1051510).
ACPI / processor: do not print errors for processorIDs == 0xff (bsc#1051510).
ACPI / property: Fix acpi_graph_get_remote_endpoint() name in kerneldoc (bsc#1051510).
act_mirred: Fix mirred_init_module error handling (bsc#1051510).
Add Acer Aspire Ethos 8951G model quirk (bsc#1051510).
Add kernel module compression support (bsc#1135854) For enabling the kernel module compress, add the item COMPRESS_MODULES='xz' in config.sh, then mkspec will pass it to the spec file.
alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP (bsc#1151680).
ALSA: aoa: onyx: always initialize register read value (bsc#1051510).
ALSA: bebob: Fix prototype of helper function to return negative value (bsc#1051510).
ALSA: bebob: fix to detect configured source of sampling clock for Focusrite Saffire Pro i/o series (git-fixes).
ALSA: firewire-motu: add support for MOTU 4pre (bsc#1111666).
ALSA: firewire-tascam: check intermediate state of clock status and retry (bsc#1051510).
ALSA: firewire-tascam: handle error code when getting current source of clock (bsc#1051510).
ALSA: hda - Add a quirk model for fixing Huawei Matebook X right speaker (bsc#1051510).
ALSA: hda: Add Cometlake-S PCI ID (git-fixes).
ALSA: hda: Add Elkhart Lake PCI ID (bsc#1051510).
ALSA: hda - Add laptop imic fixup for ASUS M9V laptop (bsc#1051510).
ALSA: hda: Add support of Zhaoxin controller (bsc#1051510).
ALSA: hda: Add Tigerlake/Jasperlake PCI ID (bsc#1051510).
ALSA: hda - Apply AMD controller workaround for Raven platform (bsc#1051510).
ALSA: hda/ca0132 - Fix possible workqueue stall (bsc#1155836).
ALSA: hda - Define a fallback_pin_fixup_tbl for alc269 family (bsc#1051510).
ALSA: hda - Drop unsol event handler for Intel HDMI codecs (bsc#1051510).
ALSA: hda - Expand pin_match function to match upcoming new tbls (bsc#1051510).
ALSA: hda: Flush interrupts on disabling (bsc#1051510).
ALSA: hda - Force runtime PM on Nvidia HDMI codecs (bsc#1051510).
ALSA: hda/hdmi - Do not report spurious jack state changes (bsc#1051510).
ALSA: hda/hdmi: remove redundant assignment to variable pcm_idx (bsc#1051510).
ALSA: hda - Inform too slow responses (bsc#1051510).
ALSA: hda/intel: add CometLake PCI IDs (bsc#1156729).
ALSA: hda/realtek - Add support for ALC623 (bsc#1051510).
ALSA: hda/realtek - Add support for ALC711 (bsc#1051510).
ALSA: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93 (bsc#1051510).
ALSA: hda/realtek - Check beep whitelist before assigning in all codecs (bsc#1051510).
ALSA: hda/realtek - Enable headset mic on Asus MJ401TA (bsc#1051510).
ALSA: hda/realtek - Fix 2 front mics of codec 0x623 (bsc#1051510).
ALSA: hda/realtek - Fix alienware headset mic (bsc#1051510).
ALSA: hda/realtek - PCI quirk for Medion E4254 (bsc#1051510).
ALSA: hda/realtek: Reduce the Headphone static noise on XPS 9350/9360 (bsc#1051510).
ALSA: hda: Set fifo_size for both playback and capture streams (bsc#1051510).
ALSA: hda - Show the fatal CORB/RIRB error more clearly (bsc#1051510).
ALSA: hda/sigmatel - remove unused variable 'stac9200_core_init' (bsc#1051510).
ALSA: i2c: ak4xxx-adda: Fix a possible null pointer dereference in build_adc_controls() (bsc#1051510).
ALSA: line6: sizeof (byte) is always 1, use that fact (bsc#1051510).
ALSA: pcm: Fix stream lock usage in snd_pcm_period_elapsed() (git-fixes).
ALSA: timer: Fix incorrectly assigned timer instance (git-fixes).
ALSA: timer: Fix mutex deadlock at releasing card (bsc#1051510).
ALSA: usb-audio: Add DSD support for EVGA NU Audio (bsc#1051510).
ALSA: usb-audio: Add DSD support for Gustard U16/X26 USB Interface (bsc#1051510).
ALSA: usb-audio: Add Hiby device family to quirks for native DSD support (bsc#1051510).
ALSA: usb-audio: Add Pioneer DDJ-SX3 PCM quirck (bsc#1051510).
ALSA: usb-audio: Clean up check_input_term() (bsc#1051510).
ALSA: usb-audio: Disable quirks for BOSS Katana amplifiers (bsc#1051510).
ALSA: usb-audio: Disable quirks for BOSS Katana amplifiers (bsc#1111666).
ALSA: usb-audio: DSD auto-detection for Playback Designs (bsc#1051510).
ALSA: usb-audio: Fix copy&paste error in the validator (bsc#1111666).
ALSA: usb-audio: Fix missing error check at mixer resolution test (git-fixes).
ALSA: usb-audio: fix PCM device order (bsc#1051510).
ALSA: usb-audio: Fix possible NULL dereference at create_yamaha_midi_quirk() (bsc#1051510).
ALSA: usb-audio: More validations of descriptor units (bsc#1051510).
ALSA: usb-audio: not submit urb for stopped endpoint (git-fixes).
ALSA: usb-audio: remove some dead code (bsc#1051510).
ALSA: usb-audio: Remove superfluous bLength checks (bsc#1051510).
ALSA: usb-audio: Simplify parse_audio_unit() (bsc#1051510).
ALSA: usb-audio: Skip bSynchAddress endpoint check if it is invalid (bsc#1051510).
ALSA: usb-audio: Unify audioformat release code (bsc#1051510).
ALSA: usb-audio: Unify the release of usb_mixer_elem_info objects (bsc#1051510).
ALSA: usb-audio: Update DSD support quirks for Oppo and Rotel (bsc#1051510).
appletalk: enforce CAP_NET_RAW for raw sockets (bsc#1051510).
arcnet: provide a buffer big enough to actually receive packets (networking-stable-19_09_30).
arm64: Add decoding macros for CP15_32 and CP15_64 traps (jsc#ECO-561).
arm64: Add part number for Neoverse N1 (jsc#ECO-561).
arm64: Add silicon-errata.txt entry for ARM erratum 1188873 (jsc#ECO-561).
arm64: Add support for new control bits CTR_EL0.DIC and CTR_EL0.IDC (jsc#ECO-561,jsc#SLE-10671).
arm64: Apply ARM64_ERRATUM_1188873 to Neoverse-N1 (jsc#ECO-561).
arm64: arch_timer: Add workaround for ARM erratum 1188873 (jsc#ECO-561).
arm64: arch_timer: avoid unused function warning (jsc#ECO-561).
arm64: compat: Add CNTFRQ trap handler (jsc#ECO-561).
arm64: compat: Add CNTVCT trap handler (jsc#ECO-561).
arm64: compat: Add condition code checks and IT advance (jsc#ECO-561).
arm64: compat: Add cp15_32 and cp15_64 handler arrays (jsc#ECO-561).
arm64: compat: Add separate CP15 trapping hook (jsc#ECO-561).
arm64: compat: Workaround Neoverse-N1 #1542419 for compat user-space (jsc#ECO-561,jsc#SLE-10671).
arm64: cpu_errata: Remove ARM64_MISMATCHED_CACHE_LINE_SIZE (jsc#ECO-561,jsc#SLE-10671).
arm64/cpufeature: Convert hook_lock to raw_spin_lock_t in cpu_enable_ssbs() (jsc#ECO-561).
arm64: cpufeature: ctr: Fix cpu capability check for late CPUs (jsc#ECO-561,jsc#SLE-10671).
arm64: cpufeature: Detect SSBS and advertise to userspace (jsc#ECO-561).
arm64: cpufeature: Fix handling of CTR_EL0.IDC field (jsc#ECO-561,jsc#SLE-10671).
arm64: cpufeature: Trap CTR_EL0 access only where it is necessary (jsc#ECO-561,jsc#SLE-10671).
arm64: cpu: Move errata and feature enable callbacks closer to callers (jsc#ECO-561).
arm64: entry: Allow handling of undefined instructions from EL1 (jsc#ECO-561).
arm64: errata: Hide CTR_EL0.DIC on systems affected by Neoverse-N1 #1542419 (jsc#ECO-561,jsc#SLE-10671).
arm64: Fake the IminLine size on systems affected by Neoverse-N1 #1542419 (jsc#ECO-561,jsc#SLE-10671).
arm64: Fix mismatched cache line size detection (jsc#ECO-561,jsc#SLE-10671).
arm64: Fix silly typo in comment (jsc#ECO-561).
arm64: fix SSBS sanitization (jsc#ECO-561).
arm64: force_signal_inject: WARN if called from kernel context (jsc#ECO-561).
arm64: Force SSBS on context switch (jsc#ECO-561).
arm64: Handle erratum 1418040 as a superset of erratum 1188873 (jsc#ECO-561).
arm64: Introduce sysreg_clear_set() (jsc#ECO-561).
arm64: kill change_cpacr() (jsc#ECO-561).
arm64: kill config_sctlr_el1() (jsc#ECO-561).
arm64: KVM: Add invalidate_icache_range helper (jsc#ECO-561,jsc#SLE-10671).
arm64: KVM: PTE/PMD S2 XN bit definition (jsc#ECO-561,jsc#SLE-10671).
arm64: Make ARM64_ERRATUM_1188873 depend on COMPAT (jsc#ECO-561).
arm64: move SCTLR_EL{1,2} assertions to (jsc#ECO-561).
arm64: Restrict ARM64_ERRATUM_1188873 mitigation to AArch32 (jsc#ECO-561).
arm64: ssbd: Add support for PSTATE.SSBS rather than trapping to EL3 (jsc#ECO-561).
arm64: ssbd: Drop #ifdefs for PR_SPEC_STORE_BYPASS (jsc#ECO-561).
arm64: Update config files. (bsc#1156466) Enable HW_RANDOM_OMAP driver and mark driver omap-rng as supported.
arm: KVM: Add optimized PIPT icache flushing (jsc#ECO-561,jsc#SLE-10671).
ASoC: Define a set of DAPM pre/post-up events (bsc#1051510).
ASoC: dmaengine: Make the pcm->name equal to pcm->id if the name is not set (bsc#1051510).
ASoC: es8328: Fix copy-paste error in es8328_right_line_controls (bsc#1051510).
ASoC: Intel: Baytrail: Fix implicit fallthrough warning (bsc#1051510).
ASoC: Intel: Fix use of potentially uninitialized variable (bsc#1051510).
ASoC: Intel: NHLT: Fix debug print format (bsc#1051510).
ASoc: rockchip: i2s: Fix RPM imbalance (bsc#1051510).
ASoC: rsnd: Reinitialize bit clock inversion flag for every format setting (bsc#1051510).
ASoC: sgtl5000: Fix charge pump source assignment (bsc#1051510).
ASoC: sun4i-i2s: RX and TX counter registers are swapped (bsc#1051510).
ASoC: wm8737: Fix copy-paste error in wm8737_snd_controls (bsc#1051510).
ASoC: wm8988: fix typo in wm8988_right_line_controls (bsc#1051510).
ath10k: adjust skb length in ath10k_sdio_mbox_rx_packet (bsc#1111666).
ath10k: assign 'n_cipher_suites = 11' for WCN3990 to enable WPA3 (bsc#1111666).
ath9k: dynack: fix possible deadlock in ath_dynack_node_{de}init (bsc#1051510).
atm: iphase: Fix Spectre v1 vulnerability (networking-stable-19_08_08).
auxdisplay: panel: need to delete scan_timer when misc_register fails in panel_attach (bsc#1051510).
ax25: enforce CAP_NET_RAW for raw sockets (bsc#1051510).
bcma: fix incorrect update of BCMA_CORE_PCI_MDIO_DATA (bsc#1051510).
blk-flush: do not run queue for requests bypassing flush (bsc#1137959).
blk-flush: use blk_mq_request_bypass_insert() (bsc#1137959).
blk-mq: do not allocate driver tag upfront for flush rq (bsc#1137959).
blk-mq: Fix memory leak in blk_mq_init_allocated_queue error handling (bsc#1151610).
blk-mq: insert rq with DONTPREP to hctx dispatch list when requeue (bsc#1137959).
blk-mq: introduce blk_mq_request_completed() (bsc#1149446).
blk-mq: introduce blk_mq_tagset_wait_completed_request() (bsc#1149446).
blk-mq: kABI fixes for blk-mq.h (bsc#1137959).
blk-mq: move blk_mq_put_driver_tag*() into blk-mq.h (bsc#1137959).
blk-mq: punt failed direct issue to dispatch list (bsc#1137959).
blk-mq: put the driver tag of nxt rq before first one is requeued (bsc#1137959).
blk-mq-sched: decide how to handle flush rq via RQF_FLUSH_SEQ (bsc#1137959).
blk-wbt: abstract out end IO completion handler (bsc#1135873).
blk-wbt: fix has-sleeper queueing check (bsc#1135873).
blk-wbt: improve waking of tasks (bsc#1135873).
blk-wbt: move disable check into get_limit() (bsc#1135873).
blk-wbt: use wq_has_sleeper() for wq active check (bsc#1135873).
block: add io timeout to sysfs (bsc#1148410).
block: add io timeout to sysfs (bsc#1148410).
block: do not show io_timeout if driver has no timeout handler (bsc#1148410).
block: do not show io_timeout if driver has no timeout handler (bsc#1148410).
block: fix timeout changes for legacy request drivers (bsc#1149446).
block: kABI fixes for BLK_EH_DONE renaming (bsc#1142076).
block: rename BLK_EH_NOT_HANDLED to BLK_EH_DONE (bsc#1142076).
Bluetooth: btrtl: Additional Realtek 8822CE Bluetooth devices (bsc#1051510).
bnx2x: Disable multi-cos feature (networking-stable-19_08_08).
bnx2x: Fix VF's VLAN reconfiguration in reload (bsc#1086323 ).
bnxt_en: Add PCI IDs for 57500 series NPAR devices (bsc#1153607).
bonding/802.3ad: fix link_failure_count tracking (bsc#1137069 bsc#1141013).
bonding/802.3ad: fix slave link initialization transition states (bsc#1137069 bsc#1141013).
bonding: Add vlan tx offload to hw_enc_features (networking-stable-19_08_21).
bonding: set default miimon value for non-arp modes if not set (bsc#1137069 bsc#1141013).
bonding: speed/duplex update at NETDEV_UP event (bsc#1137069 bsc#1141013).
bpf: fix use after free in prog symbol exposure (bsc#1083647).
brcmfmac: sdio: Disable auto-tuning around commands expected to fail (bsc#1111666).
brcmfmac: sdio: Do not tune while the card is off (bsc#1111666).
bridge/mdb: remove wrong use of NLM_F_MULTI (networking-stable-19_09_15).
btrfs: bail out gracefully rather than BUG_ON (bsc#1153646).
btrfs: block-group: Fix a memory leak due to missing btrfs_put_block_group() (bsc#1155178).
btrfs: check for the full sync flag while holding the inode lock during fsync (bsc#1153713).
btrfs: Ensure btrfs_init_dev_replace_tgtdev sees up to date values (bsc#1154651).
btrfs: Ensure replaced device does not have pending chunk allocation (bsc#1154607).
btrfs: fix log context list corruption after rename exchange operation (bsc#1156494).
btrfs: fix use-after-free when using the tree modification log (bsc#1151891).
btrfs: qgroup: Always free PREALLOC META reserve in btrfs_delalloc_release_extents() (bsc#1155179).
btrfs: qgroup: Fix reserved data space leak if we have multiple reserve calls (bsc#1152975).
btrfs: qgroup: Fix the wrong target io_tree when freeing reserved data space (bsc#1152974).
btrfs: relocation: fix use-after-free on dead relocation roots (bsc#1152972).
btrfs: remove wrong use of volume_mutex from btrfs_dev_replace_start (bsc#1154651).
btrfs: tracepoints: Fix bad entry members of qgroup events (bsc#1155186).
btrfs: tracepoints: Fix wrong parameter order for qgroup events (bsc#1155184).
can: dev: call netif_carrier_off() in register_candev() (bsc#1051510).
can: mcp251x: mcp251x_hw_reset(): allow more time after a reset (bsc#1051510).
can: xilinx_can: xcan_probe(): skip error message on deferred probe (bsc#1051510).
cdc_ether: fix rndis support for Mediatek based smartphones (networking-stable-19_09_15).
cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize (bsc#1051510).
ceph: fix directories inode i_blkbits initialization (bsc#1153717).
ceph: reconnect connection if session hang in opening state (bsc#1153718).
ceph: update the mtime when truncating up (bsc#1153719).
ceph: use ceph_evict_inode to cleanup inode's resource (bsc#1148133).
cfg80211: add and use strongly typed element iteration macros (bsc#1051510).
cfg80211: Purge frame registrations on iftype change (bsc#1051510).
clk: at91: fix update bit maps on CFG_MOR write (bsc#1051510).
clk: at91: select parent if main oscillator or bypass is enabled (bsc#1051510).
clk: qoriq: Fix -Wunused-const-variable (bsc#1051510).
clk: sirf: Do not reference clk_init_data after registration (bsc#1051510).
clk: sunxi-ng: v3s: add missing clock slices for MMC2 module clocks (bsc#1051510).
clk: sunxi-ng: v3s: add the missing PLL_DDR1 (bsc#1051510).
clk: zx296718: Do not reference clk_init_data after registration (bsc#1051510).
Compile nvme.ko as module (bsc#1150846)
config: arm64: enable erratum 1418040 and 1542419
crypto: af_alg - consolidation of duplicate code (bsc#1154737).
crypto: af_alg - fix race accessing cipher request (bsc#1154737).
crypto: af_alg - Fix race around ctx->rcvused by making it atomic_t (bsc#1154737).
crypto: af_alg - Initialize sg_num_bytes in error code path (bsc#1051510).
crypto: af_alg - remove locking in async callback (bsc#1154737).
crypto: af_alg - update correct dst SGL entry (bsc#1051510).
crypto: af_alg - wait for data at beginning of recvmsg (bsc#1154737).
crypto: algif_aead - copy AAD from src to dst (bsc#1154737).
crypto: algif_aead - fix reference counting of null skcipher (bsc#1154737).
crypto: algif_aead - overhaul memory management (bsc#1154737).
crypto: algif_aead - skip SGL entries with NULL page (bsc#1154737).
crypto: algif - return error code when no data was processed (bsc#1154737).
crypto: algif_skcipher - overhaul memory management (bsc#1154737).
crypto: caam - fix concurrency issue in givencrypt descriptor (bsc#1051510).
crypto: caam - free resources in case caam_rng registration failed (bsc#1051510).
crypto: caam/qi - fix error handling in ERN handler (bsc#1111666).
crypto: cavium/zip - Add missing single_release() (bsc#1051510).
crypto: ccp - Reduce maximum stack usage (bsc#1051510).
crypto: qat - Silence smp_processor_id() warning (bsc#1051510).
crypto: skcipher - Unmap pages after an external error (bsc#1051510).
crypto: talitos - fix missing break in switch statement (bsc#1142635).
cxgb4: do not dma memory off of the stack (bsc#1152790).
cxgb4: fix endianness for vlan value in cxgb4_tc_flower (bsc#1064802 bsc#1066129).
cxgb4:Fix out-of-bounds MSI-X info array access (networking-stable-19_10_05).
cxgb4: offload VLAN flows regardless of VLAN ethtype (bsc#1064802 bsc#1066129).
cxgb4: reduce kernel stack usage in cudbg_collect_mem_region() (bsc#1073513).
cxgb4: Signedness bug in init_one() (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584).
cxgb4: smt: Add lock for atomic_dec_and_test (bsc#1064802 bsc#1066129).
dasd_fba: Display '00000000' for zero page when dumping sense (bsc#1123080).
/dev/mem: Bail out upon SIGKILL (git-fixes).
dma-buf/sw_sync: Synchronize signal vs syncpt free (bsc#1111666).
dmaengine: bcm2835: Print error in case setting DMA mask fails (bsc#1051510).
dmaengine: dw: platform: Switch to acpi_dma_controller_register() (bsc#1051510).
dmaengine: imx-sdma: fix size check for sdma script_number (bsc#1051510).
dmaengine: iop-adma.c: fix printk format warning (bsc#1051510).
drivers: thermal: int340x_thermal: Fix sysfs race condition (bsc#1051510).
drm: add __user attribute to ptr_to_compat() (bsc#1111666).
drm/amd/display: fix issue where 252-255 values are clipped (bsc#1111666).
drm/amd/display: fix odm combine pipe reset (bsc#1111666).
drm/amd/display: reprogram VM config when system resume (bsc#1111666).
drm/amd/display: Restore backlight brightness after system resume (bsc#1112178)
drm/amd/display: support spdif (bsc#1111666).
drm/amd/dm: Understand why attaching path/tile properties are needed (bsc#1111666).
drm/amdgpu: Check for valid number of registers to read (bsc#1051510).
drm/amdgpu: Fix KFD-related kernel oops on Hawaii (bsc#1111666).
drm/amdgpu: fix memory leak (bsc#1111666).
drm/amdgpu/gfx9: Update gfx9 golden settings (bsc#1111666).
drm/amdgpu/powerplay/vega10: allow undervolting in p7 (bsc#1111666).
drm/amdgpu/si: fix ASIC tests (git-fixes).
drm/amdgpu: Update gc_9_0 golden settings (bsc#1111666).
drm/amdkfd: Add missing Polaris10 ID (bsc#1111666).
drm/amd/powerplay/smu7: enforce minimal VBITimeout (v2) (bsc#1051510).
drm/amd/pp: Fix truncated clock value when set watermark (bsc#1111666).
drm/ast: Fixed reboot test may cause system hanged (bsc#1051510).
drm/atomic_helper: Allow DPMS On<->Off changes for unregistered connectors (bsc#1111666).
drm/atomic_helper: Disallow new modesets on unregistered connectors (bsc#1111666).
drm/atomic_helper: Stop modesets on unregistered connectors harder (bsc#1111666).
drm/bridge: tc358767: Increase AUX transfer length limit (bsc#1051510).
drm/bridge: tfp410: fix memleak in get_modes() (bsc#1111666).
drm/edid: Add 6 bpc quirk for SDC panel in Lenovo G50 (bsc#1051510).
drm: Flush output polling on shutdown (bsc#1051510).
drm/i915: Add gen9 BCS cmdparsing (bsc#1135967)
drm/i915: Add gen9 BCS cmdparsing (bsc#1135967)
drm/i915: Add support for mandatory cmdparsing (bsc#1135967)
drm/i915: Add support for mandatory cmdparsing (bsc#1135967)
drm/i915: Allow parsing of unsized batches (bsc#1135967)
drm/i915: Allow parsing of unsized batches (bsc#1135967)
drm/i915: Cleanup gt powerstate from gem (bsc#1111666).
drm/i915/cmdparser: Add support for backward jumps (bsc#1135967)
drm/i915/cmdparser: Add support for backward jumps (bsc#1135967)
drm/i915/cmdparser: Ignore Length operands during (bsc#1135967)
drm/i915/cmdparser: Ignore Length operands during command matching (bsc#1135967)
drm/i915/cmdparser: Use explicit goto for error paths (bsc#1135967)
drm/i915/cmdparser: Use explicit goto for error paths (bsc#1135967)
drm/i915/cml: Add second PCH ID for CMP (bsc#1111666).
drm/i915: Disable Secure Batches for gen6+
drm/i915: Disable Secure Batches for gen6+ (bsc#1135967)
drm/i915: Fix intel_dp_mst_best_encoder() (bsc#1111666).
drm/i915: Fix various tracepoints for gen2 (bsc#1113722)
drm/i915/gen8+: Add RC6 CTX corruption WA (bsc#1135967)
drm/i915/gen8+: Add RC6 CTX corruption WA (bsc#1135967)
drm/i915/gtt: Add read only pages to gen8_pte_encode (bsc#1135967)
drm/i915/gtt: Disable read-only support under GVT (bsc#1135967)
drm/i915/gtt: Read-only pages for insert_entries on bdw (bsc#1135967)
drm/i915/gvt: update vgpu workload head pointer correctly (bsc#1112178)
drm/i915/ilk: Fix warning when reading emon_status with no output (bsc#1111666).
drm/i915: Lower RM timeout to avoid DSI hard hangs (bsc#1135967)
drm/i915: Lower RM timeout to avoid DSI hard hangs (bsc#1135967)
drm/i915: Prevent writing into a read-only object via a GGTT mmap (bsc#1135967)
drm/i915: Remove Master tables from cmdparser
drm/i915: Remove Master tables from cmdparser (bsc#1135967)
drm/i915: Rename gen7 cmdparser tables (bsc#1135967)
drm/i915: Rename gen7 cmdparser tables (bsc#1135967)
drm/i915: Restore sane defaults for KMS on GEM error load (bsc#1111666).
drm/i915: Support ro ppgtt mapped cmdparser shadow (bsc#1135967)
drm/i915: Support ro ppgtt mapped cmdparser shadow buffers (bsc#1135967)
drm/imx: Drop unused imx-ipuv3-crtc.o build (bsc#1113722)
drm/mediatek: set DMA max segment size (bsc#1111666).
drm/msm/dpu: handle failures while initializing displays (bsc#1111666).
drm/msm/dsi: Fix return value check for clk_get_parent (bsc#1111666).
drm/msm/dsi: Implement reset correctly (bsc#1051510).
drm/nouveau/disp/nv50-: fix center/aspect-corrected scaling (bsc#1111666).
drm/nouveau/kms/nv50-: Do not create MSTMs for eDP connectors (bsc#1112178)
drm/nouveau/volt: Fix for some cards having 0 maximum voltage (bsc#1111666).
drm/omap: fix max fclk divider for omap36xx (bsc#1111666).
drm/panel: check failure cases in the probe func (bsc#1111666).
drm/panel: make drm_panel.h self-contained (bsc#1111666).
drm: panel-orientation-quirks: Add extra quirk table entry for GPD MicroPC (bsc#1111666).
drm/panel: simple: fix AUO g185han01 horizontal blanking (bsc#1051510).
drm/radeon: Bail earlier when radeon.cik_/si_support=0 is passed (bsc#1111666).
drm/radeon: Fix EEH during kexec (bsc#1051510).
drm: rcar-du: lvds: Fix bridge_to_rcar_lvds (bsc#1111666).
drm/rockchip: Check for fast link training before enabling psr (bsc#1111666).
drm/stm: attach gem fence to atomic state (bsc#1111666).
drm/tilcdc: Register cpufreq notifier after we have initialized crtc (bsc#1051510).
drm/vmwgfx: Fix double free in vmw_recv_msg() (bsc#1051510).
e1000e: add workaround for possible stalled packet (bsc#1051510).
EDAC/amd64: Decode syndrome before translating address (bsc#1114279).
eeprom: at24: make spd world-readable again (git-fixes).
efi/arm: Show SMBIOS bank/device location in CPER and GHES error logs (bsc#1152033).
efi: cper: print AER info of PCIe fatal error (bsc#1051510).
efi/memattr: Do not bail on zero VA if it equals the region's PA (bsc#1051510).
efivar/ssdt: Do not iterate over EFI vars if no SSDT override was specified (bsc#1051510).
ext4: fix warning inside ext4_convert_unwritten_extents_endio (bsc#1152025).
ext4: set error return correctly when ext4_htree_store_dirent fails (bsc#1152024).
firmware: dmi: Fix unlikely out-of-bounds read in save_mem_devices (git-fixes).
Fix AMD IOMMU kABI (bsc#1154610).
Fix kabi for: NFSv4: Fix OPEN / CLOSE race (git-fixes).
Fix KVM kABI after x86 mmu backports (bsc#1117665).
Fix NULL pointer dereference in fc_lookup_rport (bsc#1098291)
floppy: fix usercopy direction (bsc#1111666).
gpio: fix line flag validation in lineevent_create (bsc#1051510).
gpio: fix line flag validation in linehandle_create (bsc#1051510).
gpiolib: acpi: Add gpiolib_acpi_run_edge_events_on_boot option and blacklist (bsc#1051510).
gpiolib: only check line handle flags once (bsc#1051510).
gpio: Move gpiochip_lock/unlock_as_irq to gpio/driver.h (bsc#1051510).
gpu: drm: radeon: Fix a possible null-pointer dereference in radeon_connector_set_property() (bsc#1051510).
HID: apple: Fix stuck function keys when using FN (bsc#1051510).
HID: fix error message in hid_open_report() (bsc#1051510).
HID: hidraw: Fix invalid read in hidraw_ioctl (bsc#1051510).
HID: logitech: Fix general protection fault caused by Logitech driver (bsc#1051510).
HID: logitech-hidpp: do all FF cleanup in hidpp_ff_destroy() (bsc#1051510).
HID: prodikeys: Fix general protection fault during probe (bsc#1051510).
HID: sony: Fix memory corruption issue on cleanup (bsc#1051510).
hso: fix NULL-deref on tty open (bsc#1051510).
hwmon: (acpi_power_meter) Change log level for 'unsafe software power cap' (bsc#1051510).
hwmon: (lm75) Fix write operations for negative temperatures (bsc#1051510).
hwmon: (shtc1) fix shtc1 and shtw1 id mask (bsc#1051510).
hwrng: core - do not wait on add_early_randomness() (git-fixes).
hyperv: set nvme msi interrupts to unmanaged (jsc#SLE-8953, jsc#SLE-9221, jsc#SLE-4941, bsc#1119461, bsc#1119465, bsc#1138190, bsc#1154905).
i2c: designware: Synchronize IRQs when unregistering slave client (bsc#1111666).
i2c: riic: Clear NACK in tend isr (bsc#1051510).
i40e: Add support for X710 device (bsc#1151067).
IB/core: Add mitigation for Spectre V1 (bsc#1155671)
IB/core, ipoib: Do not overreact to SM LID change event (bsc#1154108)
IB/hfi1: Remove overly conservative VM_EXEC flag check (bsc#1144449).
IB/mlx5: Consolidate use_umr checks into single function (bsc#1093205).
IB/mlx5: Fix MR re-registration flow to use UMR properly (bsc#1093205).
IB/mlx5: Report correctly tag matching rendezvous capability (bsc#1046305).
ieee802154: atusb: fix use-after-free at disconnect (bsc#1051510).
ieee802154: ca8210: prevent memory leak (bsc#1051510).
ieee802154: enforce CAP_NET_RAW for raw sockets (bsc#1051510).
ife: error out when nla attributes are empty (networking-stable-19_08_08).
iio: adc: ad799x: fix probe error handling (bsc#1051510).
iio: dac: ad5380: fix incorrect assignment to val (bsc#1051510).
iio: light: opt3001: fix mutex unlock race (bsc#1051510).
ima: always return negative code for error (bsc#1051510).
Input: da9063 - fix capability and drop KEY_SLEEP (bsc#1051510).
Input: elan_i2c - remove Lenovo Legion Y7000 PnpID (bsc#1051510).
Input: synaptics-rmi4 - avoid processing unknown IRQs (bsc#1051510).
integrity: prevent deadlock during digsig verification (bsc#1090631).
iommu/amd: Apply the same IVRS IOAPIC workaround to Acer Aspire A315-41 (bsc#1137799).
iommu/amd: Check PM_LEVEL_SIZE() condition in locked section (bsc#1154608).
iommu/amd: Override wrong IVRS IOAPIC on Raven Ridge systems (bsc#1137799).
iommu/amd: Remove domain->updated (bsc#1154610).
iommu/amd: Wait for completion of IOTLB flush in attach_device (bsc#1154611).
iommu/dma: Fix for dereferencing before null checking (bsc#1151667).
iommu: Do not use sme_active() in generic code (bsc#1151661).
iommu/iova: Avoid false sharing on fq_timer_on (bsc#1151662).
ip6_tunnel: fix possible use-after-free on xmit (networking-stable-19_08_08).
ipmi_si: Only schedule continuously in the thread in maintenance mode (bsc#1051510).
ipv6/addrconf: allow adding multicast addr if IFA_F_MCAUTOJOIN is set (networking-stable-19_08_28).
ipv6: drop incoming packets having a v4mapped source address (networking-stable-19_10_05).
ipv6: Fix the link time qualifier of 'ping_v6_proc_exit_net()' (networking-stable-19_09_15).
ipv6: Handle missing host route in __ipv6_ifa_notify (networking-stable-19_10_05).
irqchip/gic-v3-its: Fix command queue pointer comparison bug (jsc#ECO-561).
irqchip/gic-v3-its: Fix LPI release for Multi-MSI devices (jsc#ECO-561).
irqchip/gic-v3-its: Fix misuse of GENMASK macro (jsc#ECO-561).
isdn/capi: check message length in capi_write() (bsc#1051510).
iwlwifi: do not panic in error path on non-msix systems (bsc#1155692).
iwlwifi: exclude GEO SAR support for 3168 (bsc#1111666).
iwlwifi: exclude GEO SAR support for 3168 (git-fixes).
iwlwifi: fw: do not send GEO_TX_POWER_LIMIT command to FW version 36 (bsc#1111666).
iwlwifi: pcie: fix memory leaks in iwl_pcie_ctxt_info_gen3_init (bsc#1111666).
ixgbe: Fix secpath usage for IPsec TX offload (bsc#1113994 bsc#1151807).
ixgbe: Prevent u8 wrapping of ITR value to something less than 10us (bsc#1101674).
ixgbe: sync the first fragment unconditionally (bsc#1133140).
kABI: media: em28xx: fix handler for vidioc_s_input() (bsc#1051510). fixes kABI
kABI: media: em28xx: stop rewriting device's struct (bsc#1051510). fixes kABI
kABI: net: sched: act_sample: fix psample group handling on overwrite (networking-stable-19_09_05).
kABI protect enum RDMA_DRIVER_EFA (jsc#SLE-4805)
kABI protect struct vmem_altmap (bsc#1150305).
kABI/severities: Whitelist a couple of xive functions xive_cleanup_irq_data and xive_native_populate_irq_data are exported by the xive interupt controller driver and used by KVM. I do not expect any out-of-tree driver can sanely use these.
kABI/severities: Whitelist functions internal to radix mm. To call these functions you have to first detect if you are running in radix mm mode which can't be expected of OOT code.
kABI workaround for crypto/af_alg changes (bsc#1154737).
kABI workaround for drm_connector.registered type changes (bsc#1111666).
kABI workaround for drm_vma_offset_node readonly field addition (bsc#1135967)
kABI workaround for mmc_host retune_crc_disable flag addition (bsc#1111666).
kABI workaround for snd_hda_pick_pin_fixup() changes (bsc#1051510).
kernel-binary: check also bzImage on s390/s390x Starting with 4.19-rc1, uncompressed image is no longer built on s390x. If file 'image' is not found in arch/s390/boot after the build, try bzImage instead. For now, install bzImage under the name image-* until we know grub2 and our grub2 scripts can handle correct name.
kernel-binary.spec.in: Fix build of non-modular kernels (boo#1154578).
kernel-binary.spec.in: Obsolete kgraft packages only when not building them.
kernel-subpackage-build: create zero size ghost for uncompressed vmlinux (bsc#1154354). It is not strictly necessary to uncompress it so maybe the ghost file can be 0 size in this case.
kernel/sysctl.c: do not override max_threads provided by userspace (bnc#1150875).
ksm: cleanup stable_node chain collapse case (bnc#1144338).
ksm: fix use after free with merge_across_nodes = 0 (bnc#1144338).
ksm: introduce ksm_max_page_sharing per page deduplication limit (bnc#1144338).
ksm: optimize refile of stable_node_dup at the head of the chain (bnc#1144338).
ksm: swap the two output parameters of chain/chain_prune (bnc#1144338).
KVM: arm64: Set SCTLR_EL2.DSSBS if SSBD is forcefully disabled and !vhe (jsc#ECO-561).
KVM: arm/arm64: Clean dcache to PoC when changing PTE due to CoW (jsc#ECO-561,jsc#SLE-10671).
KVM: arm/arm64: Detangle kvm_mmu.h from kvm_hyp.h (jsc#ECO-561,jsc#SLE-10671).
KVM: arm/arm64: Drop vcpu parameter from guest cache maintenance operartions (jsc#ECO-561,jsc#SLE-10671).
KVM: arm/arm64: Limit icache invalidation to prefetch aborts (jsc#ECO-561,jsc#SLE-10671).
KVM: arm/arm64: Only clean the dcache on translation fault (jsc#ECO-561,jsc#SLE-10671).
KVM: arm/arm64: Preserve Exec permission across R/W permission faults (jsc#ECO-561,jsc#SLE-10671).
KVM: arm/arm64: Split dcache/icache flushing (jsc#ECO-561,jsc#SLE-10671).
KVM: Convert kvm_lock to a mutex (bsc#1117665).
KVM: MMU: drop vcpu param in gpte_access (bsc#1117665).
KVM: PPC: Book3S: Fix incorrect guest-to-user-translation error handling (bsc#1061840).
KVM: PPC: Book3S HV: Check for MMU ready on piggybacked virtual cores (bsc#1061840).
KVM: PPC: Book3S HV: Do not lose pending doorbell request on migration on P9 (bsc#1061840).
KVM: PPC: Book3S HV: Do not push XIVE context when not using XIVE device (bsc#1061840).
KVM: PPC: Book3S HV: Fix lockdep warning when entering the guest (bsc#1061840).
KVM: PPC: Book3S HV: Fix race in re-enabling XIVE escalation interrupts (bsc#1061840).
KVM: PPC: Book3S HV: Handle virtual mode in XIVE VCPU push code (bsc#1061840).
KVM: PPC: Book3S HV: use smp_mb() when setting/clearing host_ipi flag (bsc#1061840).
KVM: PPC: Book3S HV: XIVE: Free escalation interrupts before disabling the VP (bsc#1061840).
KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is active (bsc#1117665).
KVM: x86: add tracepoints around __direct_map and FNAME(fetch) (bsc#1117665).
KVM: x86: adjust kvm_mmu_page member to save 8 bytes (bsc#1117665).
KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON (bsc#1117665).
KVM: x86: Do not release the page inside mmu_set_spte() (bsc#1117665).
KVM: x86: make FNAME(fetch) and __direct_map more similar (bsc#1117665).
KVM: x86, powerpc: do not allow clearing largepages debugfs entry (bsc#1117665).
KVM: x86: remove now unneeded hugepage gfn adjustment (bsc#1117665).
leds: leds-lp5562 allow firmware files up to the maximum length (bsc#1051510).
leds: trigger: gpio: GPIO 0 is valid (bsc#1051510).
libertas: Add missing sentinel at end of if_usb.c fw_table (bsc#1051510).
libertas_tf: Use correct channel range in lbtf_geo_init (bsc#1051510).
libiscsi: do not try to bypass SCSI EH (bsc#1142076).
lib/mpi: Fix karactx leak in mpi_powm (bsc#1051510).
libnvdimm/altmap: Track namespace boundaries in altmap (bsc#1150305).
libnvdimm: prevent nvdimm from requesting key when security is disabled (bsc#1137982).
libnvdimm/security: provide fix for secure-erase to use zero-key (bsc#1149853).
lib/scatterlist: Fix chaining support in sgl_alloc_order() (git-fixes).
lib/scatterlist: Introduce sgl_alloc() and sgl_free() (git-fixes).
lightnvm: remove dependencies on BLK_DEV_NVME and PCI (bsc#1150846).
livepatch: Nullify obj->mod in klp_module_coming()'s error path (bsc#1071995).
lpfc: Add additional discovery log messages (bsc#1154521).
lpfc: Add FA-WWN Async Event reporting (bsc#1154521).
lpfc: Add FC-AL support to lpe32000 models (bsc#1154521).
lpfc: Add log macros to allow print by serverity or verbocity setting (bsc#1154521).
lpfc: Fix bad ndlp ptr in xri aborted handling (bsc#1154521).
lpfc: fix coverity error of dereference after null check (bsc#1154521).
lpfc: Fix hardlockup in lpfc_abort_handler (bsc#1154521).
lpfc: Fix lockdep errors in sli_ringtx_put (bsc#1154521).
lpfc: fix lpfc_nvmet_mrq to be bound by hdw queue count (bsc#1154521).
lpfc: Fix reporting of read-only fw error errors (bsc#1154521).
lpfc: Fix SLI3 hba in loop mode not discovering devices (bsc#1154521).
lpfc: Make FW logging dynamically configurable (bsc#1154521).
lpfc: Remove lock contention target write path (bsc#1154521).
lpfc: Revise interrupt coalescing for missing scenarios (bsc#1154521).
lpfc: Slight fast-path Performance optimizations (bsc#1154521).
lpfc: Update lpfc version to 12.6.0.0 (bsc#1154521).
mac80211: accept deauth frames in IBSS mode (bsc#1051510).
mac80211: fix txq null pointer dereference (bsc#1051510).
mac80211: minstrel_ht: fix per-group max throughput rate initialization (bsc#1051510).
mac80211: Reject malformed SSID elements (bsc#1051510).
macsec: drop skb sk before calling gro_cells_receive (bsc#1051510).
md: do not report active array_state until after revalidate_disk() completes (git-fixes).
md: only call set_in_sync() when it is expected to succeed (git-fixes).
md/raid0: avoid RAID0 data corruption due to layout confusion (bsc#1140090).
md/raid0: fix warning message for parameter default_layout (bsc#1140090).
md/raid6: Set R5_ReadError when there is read failure on parity disk (git-fixes).
media: atmel: atmel-isc: fix asd memory allocation (bsc#1135642).
media: atmel: atmel-isi: fix timeout value for stop streaming (bsc#1051510).
media: cpia2_usb: fix memory leaks (bsc#1051510).
media: dib0700: fix link error for dibx000_i2c_set_speed (bsc#1051510).
media: dvb-core: fix a memory leak bug (bsc#1051510).
media: em28xx: fix handler for vidioc_s_input() (bsc#1051510).
media: em28xx: stop rewriting device's struct (bsc#1051510).
media: exynos4-is: fix leaked of_node references (bsc#1051510).
media: fdp1: Reduce FCP not found message level to debug (bsc#1051510).
media: gspca: zero usb_buf on error (bsc#1051510).
media: hdpvr: Add device num check and handling (bsc#1051510).
media: hdpvr: add terminating 0 at end of string (bsc#1051510).
media: i2c: ov5645: Fix power sequence (bsc#1051510).
media: iguanair: add sanity checks (bsc#1051510).
media: marvell-ccic: do not generate EOF on parallel bus (bsc#1051510).
media: mc-device.c: do not memset __user pointer contents (bsc#1051510).
media: omap3isp: Do not set streaming state on random subdevs (bsc#1051510).
media: omap3isp: Set device on omap3isp subdevs (bsc#1051510).
media: ov6650: Fix sensor possibly not detected on probe (bsc#1051510).
media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper (bsc#1051510).
media: ov9650: add a sanity check (bsc#1051510).
media: radio/si470x: kill urb on error (bsc#1051510).
media: replace strcpy() by strscpy() (bsc#1051510).
media: Revert '[media] marvell-ccic: reset ccic phy when stop streaming for stability' (bsc#1051510).
media: saa7134: fix terminology around saa7134_i2c_eeprom_md7134_gate() (bsc#1051510).
media: saa7146: add cleanup in hexium_attach() (bsc#1051510).
media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table (bsc#1051510).
media: stkwebcam: fix runtime PM after driver unbind (bsc#1051510).
media: technisat-usb2: break out of loop at end of buffer (bsc#1051510).
media: tm6000: double free if usb disconnect while streaming (bsc#1051510).
media: ttusb-dec: Fix info-leak in ttusb_dec_send_command() (bsc#1051510).
media: vb2: Fix videobuf2 to map correct area (bsc#1051510).
memstick: jmb38x_ms: Fix an error handling path in 'jmb38x_ms_probe()' (bsc#1051510).
mfd: intel-lpss: Remove D3cold delay (bsc#1051510).
mic: avoid statically declaring a 'struct device' (bsc#1051510).
mISDN: enforce CAP_NET_RAW for raw sockets (bsc#1051510).
mld: fix memory leak in mld_del_delrec() (networking-stable-19_09_05).
mmc: core: Add sdio_retune_hold_now() and sdio_retune_release() (bsc#1111666).
mmc: core: API to temporarily disable retuning for SDIO CRC errors (bsc#1111666).
mmc: sdhci-esdhc-imx: correct the fix of ERR004536 (git-fixes).
mmc: sdhci: Fix incorrect switch to HS mode (bsc#1051510).
mmc: sdhci: improve ADMA error reporting (bsc#1051510).
mmc: sdhci-msm: fix mutex while in spinlock (bsc#1142635).
mmc: sdhci-of-arasan: Do now show error message in case of deffered probe (bsc#1119086).
mmc: sdhci-of-esdhc: set DMA snooping based on DMA coherence (bsc#1051510).
mtd: nand: mtk: fix incorrect register setting order about ecc irq.
mtd: spi-nor: Fix Cadence QSPI RCU Schedule Stall (bsc#1051510).
mvpp2: refactor MTU change code (networking-stable-19_08_08).
net: bridge: delete local fdb on device init failure (networking-stable-19_08_08).
net: bridge: mcast: do not delete permanent entries when fast leave is enabled (networking-stable-19_08_08).
netfilter: nf_nat: do not bug when mapping already exists (bsc#1146612).
net: fix ifindex collision during namespace removal (networking-stable-19_08_08).
net: Fix null de-reference of device refcount (networking-stable-19_09_15).
net: fix skb use after free in netpoll (networking-stable-19_09_05).
net: gso: Fix skb_segment splat when splitting gso_size mangled skb having linear-headed frag_list (networking-stable-19_09_15).
net/ibmvnic: Fix EOI when running in XIVE mode (bsc#1089644, ltc#166495, ltc#165544, git-fixes).
net/ibmvnic: prevent more than one thread from running in reset (bsc#1152457 ltc#174432).
net/ibmvnic: unlock rtnl_lock in reset so linkwatch_event can run (bsc#1152457 ltc#174432).
net/mlx4_en: fix a memory leak bug (bsc#1046299).
net/mlx5: Add device ID of upcoming BlueField-2 (bsc#1046303 ).
net/mlx5e: Only support tx/rx pause setting for port owner (networking-stable-19_08_21).
net/mlx5e: Prevent encap flow counter update async to user query (networking-stable-19_08_08).
net/mlx5e: Use flow keys dissector to parse packets for ARFS (networking-stable-19_08_21).
net/mlx5: Fix error handling in mlx5_load() (bsc#1046305 ).
net/mlx5: Use reversed order when unregister devices (networking-stable-19_08_08).
net: openvswitch: free vport unless register_netdevice() succeeds (git-fixes).
net/packet: fix race in tpacket_snd() (networking-stable-19_08_21).
net/phy: fix DP83865 10 Mbps HDX loopback disable function (networking-stable-19_09_30).
net: qlogic: Fix memory leak in ql_alloc_large_buffers (networking-stable-19_10_05).
net: qrtr: Stop rx_worker before freeing node (networking-stable-19_09_30).
net/rds: Fix error handling in rds_ib_add_one() (networking-stable-19_10_05).
net/rds: fix warn in rds_message_alloc_sgs (bsc#1154848).
net/rds: remove user triggered WARN_ON in rds_sendmsg (bsc#1154848).
net: Replace NF_CT_ASSERT() with WARN_ON() (bsc#1146612).
net/sched: act_sample: do not push mac header on ip6gre ingress (networking-stable-19_09_30).
net: sched: act_sample: fix psample group handling on overwrite (networking-stable-19_09_05).
net_sched: add policy validation for action attributes (networking-stable-19_09_30).
net: sched: Fix a possible null-pointer dereference in dequeue_func() (networking-stable-19_08_08).
net_sched: fix backward compatibility for TCA_ACT_KIND (git-fixes).
net/smc: make sure EPOLLOUT is raised (networking-stable-19_08_28).
net: stmmac: dwmac-rk: Do not fail if phy regulator is absent (networking-stable-19_09_05).
net: Unpublish sk from sk_reuseport_cb before call_rcu (networking-stable-19_10_05).
NFC: fix attrs checks in netlink interface (bsc#1051510).
NFC: fix memory leak in llcp_sock_bind() (bsc#1051510).
NFC: pn533: fix use-after-free and memleaks (bsc#1051510).
NFS4: Fix v4.0 client state corruption when mount (git-fixes).
nfsd: degraded slot-count more gracefully as allocation nears exhaustion (bsc#1150381).
nfsd: Do not release the callback slot unless it was actually held (git-fixes).
nfsd: Fix overflow causing non-working mounts on 1 TB machines (bsc#1150381).
nfsd: fix performance-limiting session calculation (bsc#1150381).
nfsd: give out fewer session slots as limit approaches (bsc#1150381).
nfsd: handle drc over-allocation gracefully (bsc#1150381).
nfsd: increase DRC cache limit (bsc#1150381).
NFS: Do not interrupt file writeout due to fatal errors (git-fixes).
NFS: Do not open code clearing of delegation state (git-fixes).
NFS: Ensure O_DIRECT reports an error if the bytes read/written is 0 (git-fixes).
NFS: Fix regression whereby fscache errors are appearing on 'nofsc' mounts (git-fixes).
NFS: Forbid setting AF_INET6 to 'struct sockaddr_in'->sin_family (git-fixes).
NFS: Refactor nfs_lookup_revalidate() (git-fixes).
NFS: Remove redundant semicolon (git-fixes).
NFSv4.1: Again fix a race where CB_NOTIFY_LOCK fails to wake a waiter (git-fixes).
NFSv4.1 - backchannel request should hold ref on xprt (bsc#1152624).
NFSv4.1: Fix open stateid recovery (git-fixes).
NFSv4.1: Only reap expired delegations (git-fixes).
NFSv4: Fix an Oops in nfs4_do_setattr (git-fixes).
NFSv4: Fix a potential sleep while atomic in nfs4_do_reclaim() (git-fixes).
NFSv4: Fix delegation state recovery (git-fixes).
NFSv4: Fix lookup revalidate of regular files (git-fixes).
NFSv4: Fix OPEN / CLOSE race (git-fixes).
NFSv4: Handle the special Linux file open access mode (git-fixes).
NFSv4: Only pass the delegation to setattr if we're sending a truncate (git-fixes).
NFSv4/pnfs: Fix a page lock leak in nfs_pageio_resend() (git-fixes).
nl80211: fix null pointer dereference (bsc#1051510).
nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (bsc#1051510).
null_blk: complete requests from ->timeout (bsc#1149446).
null_blk: wire up timeouts (bsc#1149446).
nvme: do not abort completed request in nvme_cancel_request (bsc#1149446).
nvme: fix multipath crash when ANA is deactivated (bsc#1149446).
nvme: fix multipath crash when ANA is deactivated (bsc#1149446).
nvmem: Use the same permissions for eeprom as for nvmem (git-fixes).
nvme-rdma: Allow DELETING state change failure in (bsc#1104967,).
nvme-rdma: centralize admin/io queue teardown sequence (bsc#1142076).
nvme-rdma: centralize controller setup sequence (bsc#1142076).
nvme-rdma: fix a NULL deref when an admin connect times out (bsc#1149446).
nvme-rdma: fix a NULL deref when an admin connect times out (bsc#1149446).
nvme-rdma: fix timeout handler (bsc#1149446).
nvme-rdma: fix timeout handler (bsc#1149446).
nvme-rdma: remove redundant reference between ib_device and tagset (bsc#1149446).
nvme-rdma: stop admin queue before freeing it (bsc#1140155).
nvme-rdma: support up to 4 segments of inline data (bsc#1142076).
nvme-rdma: unquiesce queues when deleting the controller (bsc#1142076).
nvme-rdma: use dynamic dma mapping per command (bsc#1149446).
nvme: remove ns sibling before clearing path (bsc#1140155).
nvme: return BLK_EH_DONE from ->timeout (bsc#1142076).
nvme-tcp: fix a NULL deref when an admin connect times out (bsc#1149446).
nvme-tcp: fix timeout handler (bsc#1149446).
nvme: wait until all completed request's complete fn is called (bsc#1149446).
objtool: Clobber user CFLAGS variable (bsc#1153236).
openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC (networking-stable-19_09_30).
packaging: add support for riscv64
PCI: Add ACS quirk for Amazon Annapurna Labs root ports (bsc#1152187,bsc#1152525).
PCI: Add Amazon's Annapurna Labs vendor ID (bsc#1152187,bsc#1152525).
PCI: Add quirk to disable MSI-X support for Amazon's Annapurna Labs Root Port (bsc#1152187,bsc#1152525).
PCI: Correct pci=resource_alignment parameter example (bsc#1051510).
PCI: dra7xx: Fix legacy INTD IRQ handling (bsc#1087092).
PCI: hv: Detect and fix Hyper-V PCI domain number collision (bsc#1150423).
PCI: hv: Use bytes 4 and 5 from instance ID as the PCI domain numbers (bsc#1153263).
PCI: PM: Fix pci_power_up() (bsc#1051510).
PCI/VPD: Prevent VPD access for Amazon's Annapurna Labs Root Port (bsc#1152187,bsc#1152525).
phylink: fix kernel-doc warnings (bsc#1111666).
phy: renesas: rcar-gen3-usb2: Disable clearing VBUS in over-current (bsc#1051510).
pinctrl: cherryview: restore Strago DMI workaround for all versions (bsc#1111666).
pinctrl: tegra: Fix write barrier placement in pmx_writel (bsc#1051510).
platform/x86: classmate-laptop: remove unused variable (bsc#1051510).
platform/x86: i2c-multi-instantiate: Derive the device name from parent (bsc#1111666).
platform/x86: i2c-multi-instantiate: Fail the probe if no IRQ provided (bsc#1111666).
platform/x86: pmc_atom: Add Siemens SIMATIC IPC227E to critclk_systems DMI table (bsc#1051510).
platform/x86: pmc_atom: Add Siemens SIMATIC IPC277E to critclk_systems DMI table (bsc#1051510).
PM: sleep: Fix possible overflow in pm_system_cancel_wakeup() (bsc#1051510).
Pnfs fallback to MDS if no deviceid found (git-fixes).
pnfs/flexfiles: Fix PTR_ERR() dereferences in ff_layout_track_ds_error (git-fixes).
pnfs/flexfiles: Turn off soft RPC calls (git-fixes).
powerpc/64: Make meltdown reporting Book3S 64 specific (bsc#1091041).
powerpc/64: Make sys_switch_endian() traceable (bsc#1065729).
powerpc/64s/pseries: radix flush translations before MMU is enabled at boot (bsc#1055186).
powerpc/64s/radix: Fix MADV_[FREE|DONTNEED] TLB flush miss problem with THP (bsc#1152161 ltc#181664).
powerpc/64s/radix: Fix memory hotplug section page table creation (bsc#1065729).
powerpc/64s/radix: Fix memory hot-unplug page table split (bsc#1065729).
powerpc/64s/radix: Implement _tlbie(l)_va_range flush functions (bsc#1152161 ltc#181664).
powerpc/64s/radix: Improve preempt handling in TLB code (bsc#1152161 ltc#181664).
powerpc/64s/radix: Improve TLB flushing for page table freeing (bsc#1152161 ltc#181664).
powerpc/64s/radix: Introduce local single page ceiling for TLB range flush (bsc#1055117 bsc#1152161 ltc#181664).
powerpc/64s/radix: keep kernel ERAT over local process/guest invalidates (bsc#1055186).
powerpc/64s/radix: Optimize flush_tlb_range (bsc#1152161 ltc#181664).
powerpc/64s/radix: tidy up TLB flushing code (bsc#1055186).
powerpc/64s: Rename PPC_INVALIDATE_ERAT to PPC_ISA_3_0_INVALIDATE_ERAT (bsc#1055186).
powerpc/book3s64/mm: Do not do tlbie fixup for some hardware revisions (bsc#1152161 ltc#181664).
powerpc/book3s64/radix: Rename CPU_FTR_P9_TLBIE_BUG feature flag (bsc#1152161 ltc#181664).
powerpc: bpf: Fix generation of load/store DW instructions (bsc#1065729).
powerpc/bpf: use unsigned division instruction for 64-bit operations (bsc#1065729).
powerpc: Drop page_is_ram() and walk_system_ram_range() (bsc#1065729).
powerpc/irq: Do not WARN continuously in arch_local_irq_restore() (bsc#1065729).
powerpc/irq: drop arch_early_irq_init() (bsc#1065729).
powerpc/mm/book3s64: Move book3s64 code to pgtable-book3s64 (bsc#1055186).
powerpc/mm: Fixup tlbie vs mtpidr/mtlpidr ordering issue on POWER9 (bsc#1152161 ltc#181664).
powerpc/mm: mark more tlb functions as __always_inline (bsc#1055186).
powerpc/mm: Properly invalidate when setting process table base (bsc#1055186).
powerpc/mm/radix: Drop unneeded NULL check (bsc#1152161 ltc#181664).
powerpc/mm/radix: implement LPID based TLB flushes to be used by KVM (bsc#1152161 ltc#181664).
powerpc/mm/radix: mark as __tlbie_pid() and friends as__always_inline (bsc#1055186).
powerpc/mm/radix: mark __radix__flush_tlb_range_psize() as __always_inline (bsc#1055186).
powerpc/mm: Simplify page_is_ram by using memblock_is_memory (bsc#1065729).
powerpc/mm: Use memblock API for PPC32 page_is_ram (bsc#1065729).
powerpc/module64: Fix comment in R_PPC64_ENTRY handling (bsc#1065729).
powerpc/papr_scm: Fix an off-by-one check in papr_scm_meta_{get, set} (bsc#1152243 ltc#181472).
powerpc/powernv: Fix compile without CONFIG_TRACEPOINTS (bsc#1065729).
powerpc/powernv/ioda2: Allocate TCE table levels on demand for default DMA window (bsc#1061840).
powerpc/powernv/ioda: Fix race in TCE level allocation (bsc#1061840).
powerpc/powernv: move OPAL call wrapper tracing and interrupt handling to C (bsc#1065729).
powerpc/powernv/npu: Remove obsolete comment about TCE_KILL_INVAL_ALL (bsc#1065729).
powerpc/pseries: address checkpatch warnings in dlpar_offline_cpu (bsc#1156700 ltc#182459).
powerpc/pseries: Call H_BLOCK_REMOVE when supported (bsc#1109158).
powerpc/pseries: Fix cpu_hotplug_lock acquisition in resize_hpt() (bsc#1065729).
powerpc/pseries/memory-hotplug: Fix return value type of find_aa_index (bsc#1065729).
powerpc/pseries/mobility: use cond_resched when updating device tree (bsc#1153112 ltc#181778).
powerpc/pseries: Read TLB Block Invalidate Characteristics (bsc#1109158).
powerpc/pseries: Remove confusing warning message (bsc#1109158).
powerpc/pseries: safely roll back failed DLPAR cpu add (bsc#1156700 ltc#182459).
powerpc/ptrace: Simplify vr_get/set() to avoid GCC warning (bsc#1148868).
powerpc/rtas: allow rescheduling while changing cpu states (bsc#1153112 ltc#181778).
powerpc/security/book3s64: Report L1TF status in sysfs (bsc#1091041).
powerpc/security: Fix wrong message when RFI Flush is disable (bsc#1131107).
powerpc/xive: Fix bogus error code returned by OPAL (bsc#1065729).
powerpc/xive: Implement get_irqchip_state method for XIVE to fix shutdown race (bsc#1065729).
powerpc/xive: Prevent page fault issues in the machine crash handler (bsc#1156882 ltc#182435).
powerpc/xmon: Fix opcode being uninitialized in print_insn_powerpc (bsc#1065729).
powerplay: Respect units on max dcfclk watermark (bsc#1111666).
power: reset: gpio-restart: Fix typo when gpio reset is not found (bsc#1051510).
power: supply: Init device wakeup after device_add() (bsc#1051510).
power: supply: max14656: fix potential use-after-free (bsc#1051510).
power: supply: sysfs: ratelimit property read error message (bsc#1051510).
ppp: Fix memory leak in ppp_write (git-fixes).
printk: Do not lose last line in kmsg buffer dump (bsc#1152460).
printk: fix printk_time race (bsc#1152466).
printk/panic: Avoid deadlock in printk() after stopping CPUs by NMI (bsc#1148712).
qed: iWARP - Fix default window size to be based on chip (bsc#1050536 bsc#1050545).
qed: iWARP - Fix tc for MPA ll2 connection (bsc#1050536 bsc#1050545).
qed: iWARP - fix uninitialized callback (bsc#1050536 bsc#1050545).
qed: iWARP - Use READ_ONCE and smp_store_release to access ep->state (bsc#1050536 bsc#1050545).
qla2xxx: kABI fixes for v10.01.00.18-k (bsc#1123034 bsc#1131304 bsc#1127988).
qla2xxx: remove SGI SN2 support (bsc#1123034 bsc#1131304 bsc#1127988).
qmi_wwan: add support for Cinterion CLS8 devices (networking-stable-19_10_05).
quota: fix wrong condition in is_quota_modification() (bsc#1152026).
r8152: Set macpassthru in reset_resume callback (bsc#1051510).
r8152: Set memory to all 0xFFs on failed reg reads (bsc#1051510).
RDMA/bnxt_re: Fix spelling mistake 'missin_resp' -> 'missing_resp' (bsc#1050244).
RDMA/efa: Add Amazon EFA driver (jsc#SLE-4805)
RDMA: Fix goto target to release the allocated memory (bsc#1050244).
RDMA/hns: Add reset process for function-clear (bsc#1155061).
RDMA/hns: Remove the some magic number (bsc#1155061).
RDMA/restrack: Track driver QP types in resource tracker (jsc#SLE-4805)
rds: Fix warning (bsc#1154848).
regulator: lm363x: Fix off-by-one n_voltages for lm3632 ldo_vpos/ldo_vneg (bsc#1051510).
rtlwifi: Fix file release memory leak (bsc#1111666).
rtlwifi: rtl8192cu: Fix value set in descriptor (bsc#1142635).
s390: add support for IBM z15 machines (bsc#1152696 LTC#181731).
s390/cmf: set_schib_wait add timeout (bsc#1153509, bsc#1153476).
s390/cpumsf: Check for CPU Measurement sampling (bsc#1153681 LTC#181855).
s390/crypto: fix gcm-aes-s390 selftest failures (bsc#1137861 LTC#178091).
s390: fix setting of mio addressing control (bsc#1152665 LTC#181729).
s390/pci: add mio_enabled attribute (bsc#1152665 LTC#181729).
s390/pci: correctly handle MIO opt-out (bsc#1152665 LTC#181729).
s390/pci: deal with devices that have no support for MIO instructions (bsc#1152665 LTC#181729).
s390/pci: fix MSI message data (bsc#1152697 LTC#181730).
sc16is7xx: Fix for 'Unexpected interrupt: 8' (bsc#1051510).
sch_cbq: validate TCA_CBQ_WRROPT to avoid crash (networking-stable-19_10_05).
sch_dsmark: fix potential NULL deref in dsmark_init() (networking-stable-19_10_05).
sched/fair: Avoid divide by zero when rebalancing domains (bsc#1096254).
sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero (networking-stable-19_09_15).
sch_netem: fix a divide by zero in tabledist() (networking-stable-19_09_30).
scripts/arch-symbols: add missing link.
scsi: lpfc: Add enablement of multiple adapter dumps (bsc#1154601).
scsi: lpfc: Add registration for CPU Offline/Online events (bsc#1154601).
scsi: lpfc: Change default IRQ model on AMD architectures (bsc#1154601).
scsi: lpfc: Check queue pointer before use (bsc#1154242).
scsi: lpfc: Clarify FAWNN error message (bsc#1154601).
scsi: lpfc: cleanup: remove unused fcp_txcmlpq_cnt (bsc#1154521).
scsi: lpfc: Complete removal of FCoE T10 PI support on SLI-4 adapters (bsc#1154521).
scsi: lpfc: Convert existing %pf users to %ps (bsc#1154521).
scsi: lpfc: Fix a kernel warning triggered by lpfc_get_sgl_per_hdwq() (bsc#1154601).
scsi: lpfc: Fix a kernel warning triggered by lpfc_sli4_enable_intr() (bsc#1154601).
scsi: lpfc: fix build error of lpfc_debugfs.c for vfree/vmalloc (bsc#1154601).
scsi: lpfc: Fix configuration of BB credit recovery in service parameters (bsc#1154601).
scsi: lpfc: Fix coverity errors on NULL pointer checks (bsc#1154521).
scsi: lpfc: fix: Coverity: lpfc_cmpl_els_rsp(): Null pointer dereferences (bsc#1154601).
scsi: lpfc: fix: Coverity: lpfc_get_scsi_buf_s3(): Null pointer dereferences (bsc#1154601).
scsi: lpfc: Fix device recovery errors after PLOGI failures (bsc#1154521).
scsi: lpfc: Fix devices that do not return after devloss followed by rediscovery (bsc#1137040).
scsi: lpfc: Fix discovery failures when target device connectivity bounces (bsc#1154521).
scsi: lpfc: Fix duplicate unreg_rpi error in port offline flow (bsc#1154601).
scsi: lpfc: Fix dynamic fw log enablement check (bsc#1154601).
scsi: lpfc: Fix GPF on scsi command completion (bsc#1154521).
scsi: lpfc: Fix hdwq sgl locks and irq handling (bsc#1154521).
scsi: lpfc: Fix host hang at boot or slow boot (bsc#1154521).
scsi: lpfc: fix inlining of lpfc_sli4_cleanup_poll_list() (bsc#1154601).
scsi: lpfc: Fix kernel crash at lpfc_nvme_info_show during remote port bounce (bsc#1154601).
scsi: lpfc: Fix list corruption detected in lpfc_put_sgl_per_hdwq (bsc#1154521).
scsi: lpfc: Fix list corruption in lpfc_sli_get_iocbq (bsc#1154521).
scsi: lpfc: Fix locking on mailbox command completion (bsc#1154521).
scsi: lpfc: Fix lpfc_cpumask_of_node_init() (bsc#1154601).
scsi: lpfc: Fix miss of register read failure check (bsc#1154521).
scsi: lpfc: Fix NULL check before mempool_destroy is not needed (bsc#1154601).
scsi: lpfc: Fix null ptr oops updating lpfc_devloss_tmo via sysfs attribute (bsc#1140845).
scsi: lpfc: Fix NVMe ABTS in response to receiving an ABTS (bsc#1154521).
scsi: lpfc: Fix NVME io abort failures causing hangs (bsc#1154521).
scsi: lpfc: Fix premature re-enabling of interrupts in lpfc_sli_host_down (bsc#1154521).
scsi: lpfc: Fix propagation of devloss_tmo setting to nvme transport (bsc#1140883).
scsi: lpfc: Fix pt2pt discovery on SLI3 HBAs (bsc#1154521).
scsi: lpfc: Fix rpi release when deleting vport (bsc#1154521).
scsi: lpfc: fix spelling error in MAGIC_NUMER_xxx (bsc#1154601).
scsi: lpfc: Fix spinlock_irq issues in lpfc_els_flush_cmd() (bsc#1154521).
scsi: lpfc: Fix unexpected error messages during RSCN handling (bsc#1154601).
scsi: lpfc: Honor module parameter lpfc_use_adisc (bsc#1154601).
scsi: lpfc: Initialize cpu_map for not present cpus (bsc#1154601).
scsi: lpfc: Limit xri count for kdump environment (bsc#1154124).
scsi: lpfc: lpfc_attr: Fix Use plain integer as NULL pointer (bsc#1154601).
scsi: lpfc: lpfc_nvmet: Fix Use plain integer as NULL pointer (bsc#1154601).
scsi: lpfc: Make function lpfc_defer_pt2pt_acc static (bsc#1154521).
scsi: lpfc: Make lpfc_debugfs_ras_log_data static (bsc#1154601).
scsi: lpfc: Mitigate high memory pre-allocation by SCSI-MQ (bsc#1154601).
scsi: lpfc: Raise config max for lpfc_fcp_mq_threshold variable (bsc#1154601).
scsi: lpfc: Remove bg debugfs buffers (bsc#1144375).
scsi: lpfc: remove left-over BUILD_NVME defines (bsc#1154268).
scsi: lpfc: revise nvme max queues to be hdwq count (bsc#1154601).
scsi: lpfc: Sync with FC-NVMe-2 SLER change to require Conf with SLER (bsc#1154601).
scsi: lpfc: Update async event logging (bsc#1154521).
scsi: lpfc: Update lpfc version to 12.4.0.1 (bsc#1154521).
scsi: lpfc: Update lpfc version to 12.6.0.1 (bsc#1154601).
scsi: lpfc: Update lpfc version to 12.6.0.2 (bsc#1154601).
scsi: qedf: fc_rport_priv reference counting fixes (bsc#1098291).
scsi: qedf: Modify abort and tmf handler to handle edge condition and flush (bsc#1098291).
scsi: qla2xxx: Add 28xx flash primary/secondary status/image mechanism (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Add Device ID for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Add error handling for PLOGI ELS passthrough (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Add error handling for PLOGI ELS passthrough (bsc#1143706 bsc#1082635 bsc#1123034).
scsi: qla2xxx: Add error handling for PLOGI ELS passthrough (bsc#1143706 bsc#1082635 bsc#1123034).
scsi: qla2xxx: Add First Burst support for FC-NVMe devices (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Add fw_attr and port_no SysFS node (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Add new FW dump template entry types (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Add pci function reset support (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Add protection mask module parameters (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Add Serdes support for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Add support for multiple fwdump templates/segments (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Add support for setting port speed (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Allow NVMe IO to resume with short cable pull (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: allow session delete to finish before create (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Always check the qla2x00_wait_for_hba_online() return value (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Avoid PCI IRQ affinity mapping when multiqueue is not supported (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: avoid printf format warning (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Avoid that Coverity complains about dereferencing a NULL rport pointer (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Avoid that lockdep complains about unsafe locking in tcm_qla2xxx_close_session() (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Avoid that qla2x00_mem_free() crashes if called twice (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Capture FW dump on MPI heartbeat stop event (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Capture FW dump on MPI heartbeat stop event (bsc#1143706 bsc#1082635 bsc#1123034).
scsi: qla2xxx: Capture FW dump on MPI heartbeat stop event (bsc#1143706 bsc#1082635 bsc#1123034).
scsi: qla2xxx: Change abort wait_loop from msleep to wait_event_timeout (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Change data_dsd into an array (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Change default ZIO threshold (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Change the return type of qla24xx_read_flash_data() (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Change the return type of qla2x00_update_ms_fdmi_iocb() into void (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Check for FW started flag before aborting (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: check for kstrtol() failure (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Check for MB timeout while capturing ISP27/28xx FW dump (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Check for MB timeout while capturing ISP27/28xx FW dump (bsc#1143706 bsc#1082635 bsc#1123034).
scsi: qla2xxx: Check for MB timeout while capturing ISP27/28xx FW dump (bsc#1143706 bsc#1082635 bsc#1123034).
scsi: qla2xxx: Check secondary image if reading the primary image fails (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Check the PCI info string output buffer size (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Check the size of firmware data structures at compile time (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Cleanup fcport memory to prevent leak (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Cleanup redundant qla2x00_abort_all_cmds during unload (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Cleanups for NVRAM/Flash read/write path (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: cleanup trace buffer initialization (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Complain if a command is released that is owned by the firmware (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Complain if a mailbox command times out (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Complain if a soft reset fails (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Complain if parsing the version string fails (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Complain if sp->done() is not called from the completion path (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Complain if waiting for pending commands times out (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Complain loudly about reference count underflow (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Correct error handling during initialization failures (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Correction and improvement to fwdt processing (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Correctly report max/min supported speeds (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: deadlock by configfs_depend_item (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Declare fourth qla2x00_set_model_info() argument const (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Declare local symbols static (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Declare qla24xx_build_scsi_crc_2_iocbs() static (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Declare qla2x00_find_new_loop_id() static (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Declare qla_tgt_cmd.cdb const (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Declare the fourth ql_dump_buffer() argument const (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Do command completion on abort timeout (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942).
scsi: qla2xxx: Do not corrupt vha->plogi_ack_list (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: do not use zero for FC4_PRIORITY_NVME (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942).
scsi: qla2xxx: Downgrade driver to 10.01.00.19-k There are upstream bug reports against 10.01.00.19-k which haven't been resolved. Also the newer version failed to get a proper review. For time being it's better to got with the older version and do not introduce new bugs.
scsi: qla2xxx: Dual FCP-NVMe target port support (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Dual FCP-NVMe target port support (bsc#1143706 bsc#1082635 bsc#1123034).
scsi: qla2xxx: Dual FCP-NVMe target port support (bsc#1143706 bsc#1082635 bsc#1123034).
scsi: qla2xxx: Enable type checking for the SRB free and done callback functions (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Fix abort timeout race condition (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Fix a dma_pool_free() call (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942).
scsi: qla2xxx: Fix a NULL pointer dereference (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Fix a qla24xx_enable_msix() error path (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Fix a race condition between aborting and completing a SCSI command (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Fix a recently introduced kernel warning (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Fix a small typo in qla_bsg.c (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Fix code indentation for qla27xx_fwdt_entry (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Fix comment alignment in qla_bsg.c (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Fix comment in MODULE_PARM_DESC in qla2xxx (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Fix device connect issues in P2P configuration (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942).
scsi: qla2xxx: Fix different size DMA Alloc/Unmap (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Fix DMA error when the DIF sg buffer crosses 4GB boundary (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Fix DMA unmap leak (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Fix double scsi_done for abort path (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942).
scsi: qla2xxx: Fix driver reload for ISP82xx (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Fix driver unload hang (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942).
scsi: qla2xxx: Fix driver unload when FC-NVMe LUNs are connected (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: fix fcport null pointer access (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Fix flash read for Qlogic ISPs (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Fix formatting of pointer types (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Fix fw dump corruption (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Fix fw options handle eh_bus_reset() (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Fix gnl.l memory leak on adapter init failure (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Fix hang in fcport delete path (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Fix hardirq-unsafe locking (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Fix hardlockup in abort command during driver remove (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Fix kernel crash after disconnecting NVMe devices (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Fix LUN discovery if loop id is not assigned yet by firmware (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Fix memory leak when sending I/O fails (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942).
scsi: qla2xxx: Fix message indicating vectors used by driver (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Fix N2N link reset (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Fix N2N link reset (bsc#1143706 bsc#1082635 bsc#1123034).
scsi: qla2xxx: Fix N2N link reset (bsc#1143706 bsc#1082635 bsc#1123034).
scsi: qla2xxx: Fix N2N link up fail (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Fix N2N link up fail (bsc#1143706 bsc#1082635 bsc#1123034).
scsi: qla2xxx: Fix N2N link up fail (bsc#1143706 bsc#1082635 bsc#1123034).
scsi: qla2xxx: Fix Nport ID display value (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Fix NULL pointer crash due to stale CPUID (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Fix NVME cmd and LS cmd timeout race condition (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Fix NVMe port discovery after a short device port loss (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Fix panic from use after free in qla2x00_async_tm_cmd (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Fix partial flash write of MBI (bsc#1143706 bsc#1082635 bsc#1123034).
scsi: qla2xxx: Fix possible fcport null-pointer dereferences (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Fix premature timer expiration (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Fix qla24xx_process_bidir_cmd() (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Fix race conditions in the code for aborting SCSI commands (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Fix read offset in qla24xx_load_risc_flash() (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Fix Relogin to prevent modifying scan_state flag (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Fix routine qla27xx_dump_{mpi|ram}() (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Fix session cleanup hang (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Fix session lookup in qlt_abort_work() (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: fix spelling mistake 'alredy' -> 'already' (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: fix spelling mistake 'initializatin' -> 'initialization' (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Fix SRB allocation flag to avoid sleeping in IRQ context (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Fix SRB leak on switch command timeout (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942).
scsi: qla2xxx: Fix stale mem access on driver unload (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Fix stale mem access on driver unload (bsc#1143706 bsc#1082635 bsc#1123034).
scsi: qla2xxx: Fix stale mem access on driver unload (bsc#1143706 bsc#1082635 bsc#1123034).
scsi: qla2xxx: Fix stale session (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Fix stuck login session (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Fix unbound sleep in fcport delete path (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Fix unbound sleep in fcport delete path (bsc#1143706 bsc#1082635 bsc#1123034).
scsi: qla2xxx: Fix unbound sleep in fcport delete path (bsc#1143706 bsc#1082635 bsc#1123034).
scsi: qla2xxx: Fix unload when NVMe devices are configured (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: fixup incorrect usage of host_byte (bsc#1143706 bsc#1082635 bsc#1123034).
scsi: qla2xxx: Fix use-after-free issues in qla2xxx_qpair_sp_free_dma() (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Fix wait condition in loop (bsc#1143706 bsc#1082635 bsc#1123034).
scsi: qla2xxx: flush IO on chip reset or sess delete (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Further limit FLASH region write access from SysFS (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Improve Linux kernel coding style conformance (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Improve logging for scan thread (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Improve logging for scan thread (bsc#1143706 bsc#1082635 bsc#1123034).
scsi: qla2xxx: Improve logging for scan thread (bsc#1143706 bsc#1082635 bsc#1123034).
scsi: qla2xxx: Include the header file from qla_dsd.h (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Increase the max_sgl_segments to 1024 (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Increase the size of the mailbox arrays from 4 to 8 (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Initialized mailbox to prevent driver load failure (bsc#1143706 bsc#1082635 bsc#1123034).
scsi: qla2xxx: initialize fc4_type_priority (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942).
scsi: qla2xxx: Inline the qla2x00_fcport_event_handler() function (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Insert spaces where required (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Introduce qla2x00_els_dcmd2_free() (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Introduce qla2xxx_get_next_handle() (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Introduce the be_id_t and le_id_t data types for FC src/dst IDs (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Introduce the dsd32 and dsd64 data structures (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Introduce the function qla2xxx_init_sp() (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Leave a blank line after declarations (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Let the compiler check the type of the SCSI command context pointer (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Log the status code if a firmware command fails (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Make it explicit that ELS pass-through IOCBs use little endian (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Make qla24xx_async_abort_cmd() static (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Make qla2x00_abort_srb() again decrease the sp reference count (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Make qla2x00_mem_free() easier to verify (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Make qla2x00_process_response_queue() easier to read (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Make qlt_handle_abts_completion() more robust (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Make sure that aborted commands are freed (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Modify NVMe include directives (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Move debug messages before sending srb preventing panic (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: move IO flush to the front of NVME rport unregistration (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Move marker request behind QPair (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Move qla2x00_clear_loop_id() from qla_inline.h into qla_init.c (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Move qla2x00_is_reserved_id() from qla_inline.h into qla_init.c (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Move qla2x00_set_fcport_state() from a .h into a .c file (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Move qla2x00_set_reserved_loop_ids() definition (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Move the include directive (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Move the port_state_str definition from a .h to a .c file (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: no need to check return value of debugfs_create functions (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: on session delete, return nvme cmd (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Optimize NPIV tear down process (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Optimize NPIV tear down process (bsc#1143706 bsc#1082635 bsc#1123034).
scsi: qla2xxx: Optimize NPIV tear down process (bsc#1143706 bsc#1082635 bsc#1123034).
scsi: qla2xxx: Pass little-endian values to the firmware (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Prevent memory leak for CT req/rsp allocation (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Prevent multiple ADISC commands per session (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Prevent SysFS access when chip is down (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: qla2x00_alloc_fw_dump: set ha->eft (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Really fix qla2xxx_eh_abort() (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Reduce the number of casts in GID list code (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Reduce the number of forward declarations (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Reduce the scope of three local variables in qla2xxx_queuecommand() (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Reject EH_{abort|device_reset|target_request} (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Remove a comment that refers to the SCSI host lock (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Remove an include directive (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942).
scsi: qla2xxx: Remove an include directive from qla_mr.c (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Remove a set-but-not-used variable (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Remove a superfluous forward declaration (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Remove a superfluous pointer check (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Remove dead code (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: remove double assignment in qla2x00_update_fcport (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Remove FW default template (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Remove qla_tgt_cmd.data_work and qla_tgt_cmd.data_work_free (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Remove qla_tgt_cmd.released (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: remove redundant assignment to pointer host (bsc#1143706 bsc#1082635 bsc#1123034).
scsi: qla2xxx: remove redundant assignment to pointer host (bsc#1143706 bsc#1082635 bsc#1123034).
scsi: qla2xxx: remove redundant null check on pointer sess (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Remove set but not used variable 'ptr_dma' (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Remove superfluous sts_entry_* casts (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Remove the fcport test from qla_nvme_abort_work() (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Remove two superfluous casts (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Remove two superfluous if-tests (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Remove two superfluous tests (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Remove unnecessary locking from the target code (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Remove unnecessary null check (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Remove unreachable code from qla83xx_idc_lock() (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Remove useless set memory to zero use memset() (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Remove WARN_ON_ONCE in qla2x00_status_cont_entry() (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Remove WARN_ON_ONCE in qla2x00_status_cont_entry() (bsc#1143706 bsc#1082635 bsc#1123034).
scsi: qla2xxx: Replace vmalloc + memset with vzalloc (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Report invalid mailbox status codes (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Report the firmware status code if a mailbox command fails (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Reset the FCF_ASYNC_{SENT|ACTIVE} flags (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Restore FAWWPN of Physical Port only for loop down (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Retry fabric Scan on IOCB queue full (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Retry PLOGI on FC-NVMe PRLI failure (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942).
scsi: qla2xxx: Rework key encoding in qlt_find_host_by_d_id() (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Secure flash update support for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Set remote port devloss timeout to 0 (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Set remove flag for all VP (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Set remove flag for all VP (bsc#1143706 bsc#1082635 bsc#1123034).
scsi: qla2xxx: Set remove flag for all VP (bsc#1143706 bsc#1082635 bsc#1123034).
scsi: qla2xxx: Set the qpair in SRB to NULL when SRB is released (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Set the responder mode if appropriate for ELS pass-through IOCBs (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Set the SCSI command result before calling the command done (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Silence fwdump template message (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Silence fwdump template message (bsc#1143706 bsc#1082635 bsc#1123034).
scsi: qla2xxx: Silence fwdump template message (bsc#1143706 bsc#1082635 bsc#1123034).
scsi: qla2xxx: Silence Successful ELS IOCB message (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Simplification of register address used in qla_tmpl.c (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Simplify a debug statement (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Simplify conditional check again (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Simplify qla24xx_abort_sp_done() (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Simplify qla24xx_async_abort_cmd() (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Simplify qlt_lport_dump() (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Simplify qlt_send_term_imm_notif() (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Skip FW dump on LOOP initialization error (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: stop timer in shutdown path (bsc#1143706 bsc#1082635 bsc#1123034).
scsi: qla2xxx: Suppress a Coveritiy complaint about integer overflow (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Suppress multiple Coverity complaint about out-of-bounds accesses (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: target: Fix offline port handling and host reset handling (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Uninline qla2x00_init_timer() (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Unregister resources in the opposite order of the registration order (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Update driver version to 10.00.00.13-k (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Update driver version to 10.00.00.14-k (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Update driver version to 10.01.00.15-k (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Update driver version to 10.01.00.16-k (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Update driver version to 10.01.00.18-k (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Update driver version to 10.01.00.19-k (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Update driver version to 10.01.00.20-k (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Update driver version to 10.01.00.20-k (bsc#1143706 bsc#1082635 bsc#1123034).
scsi: qla2xxx: Update driver version to 10.01.00.20-k (bsc#1143706 bsc#1082635 bsc#1123034).
scsi: qla2xxx: Update driver version to 10.01.00.21-k (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942).
scsi: qla2xxx: Update flash read/write routine (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Use an on-stack completion in qla24xx_control_vp() (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Use ARRAY_SIZE() in the definition of QLA_LAST_SPEED (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Use common update-firmware-options routine for ISP27xx+ (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Use complete switch scan for RSCN events (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Use Correct index for Q-Pair array (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Use dma_pool_zalloc() (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Use get/put_unaligned where appropriate (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Use __le64 instead of uint32_t for sending DMA addresses to firmware (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Use memcpy() and strlcpy() instead of strcpy() and strncpy() (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Use mutex protection during qla2x00_sysfs_read_fw_dump() (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Use strlcpy() instead of strncpy() (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Use tabs instead of spaces for indentation (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Use tabs to indent code (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: qla2xxx: Verify locking assumptions at runtime (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: scsi_dh_rdac: zero cdb in send_mode_select() (bsc#1149313).
scsi: scsi_transport_fc: nvme: display FC-NVMe port roles (bsc#1123034 bsc#1131304 bsc#1127988).
scsi: sd: Ignore a failure to sync cache due to lack of authorization (git-fixes).
scsi: storvsc: Add ability to change scsi queue depth (bsc#1155021).
scsi: storvsc: setup 1:1 mapping between hardware queue and CPU queue (bsc#1140729).
scsi: tcm_qla2xxx: Minimize #include directives (bsc#1123034 bsc#1131304 bsc#1127988).
scsi_transport_fc: complete requests from ->timeout (bsc#1142076).
scsi: zfcp: fix reaction on bit error threshold notification (bsc#1154956 LTC#182054).
sctp: Fix the link time qualifier of 'sctp_ctrlsock_exit()' (networking-stable-19_09_15).
sctp: fix the transport error_count check (networking-stable-19_08_21).
sctp: use transport pf_retrans in sctp_do_8_2_transport_strike (networking-stable-19_09_15).
serial: fix kernel-doc warning in comments (bsc#1051510).
serial: mctrl_gpio: Check for NULL pointer (bsc#1051510).
serial: uartlite: fix exit path null pointer (bsc#1051510).
Sign non-x86 kernels when possible (boo#1134303)
skge: fix checksum byte order (networking-stable-19_09_30).
sky2: Disable MSI on yet another ASUS boards (P6Xxxx) (bsc#1051510).
slip: make slhc_free() silently accept an error pointer (bsc#1051510).
slip: sl_alloc(): remove unused parameter 'dev_t line' (bsc#1051510).
sock_diag: fix autoloading of the raw_diag module (bsc#1152791).
sock_diag: request _diag module only when the family or proto has been registered (bsc#1152791).
spi: spi-fsl-dspi: Exit the ISR with IRQ_NONE when it's not ours (bsc#1111666).
staging: bcm2835-audio: Fix draining behavior regression (bsc#1111666).
staging: rtl8188eu: fix null dereference when kzalloc fails (bsc#1051510).
staging: vt6655: Fix memory leak in vt6655_probe (bsc#1051510).
staging: wlan-ng: fix exit return when sme->key_idx >= NUM_WEPKEYS (bsc#1051510).
SUNRPC fix regression in umount of a secure mount (git-fixes).
SUNRPC: Handle connection breakages correctly in call_status() (git-fixes).
SUNRPC/nfs: Fix return value for nfs4_callback_compound() (git-fixes).
supporte.conf: add efivarfs to kernel-default-base (bsc#1154858).
supported.conf: Add vfio_ccw (bsc#1151192 jsc#SLE-6138).
supported.conf: Mark vfio_ccw supported by SUSE, because bugs can be routed to IBM via SUSE support (jsc#SLE-6138, bsc#1151192).
tcp: Do not dequeue SYN/FIN-segments from write-queue (git-gixes).
tcp: fix tcp_ecn_withdraw_cwr() to clear TCP_ECN_QUEUE_CWR (networking-stable-19_09_15).
tcp: inherit timestamp on mtu probe (networking-stable-19_09_05).
tcp: make sure EPOLLOUT wont be missed (networking-stable-19_08_28).
tcp: remove empty skb from write queue in error cases (networking-stable-19_09_05).
team: Add vlan tx offload to hw_enc_features (bsc#1051510).
team: Add vlan tx offload to hw_enc_features (networking-stable-19_08_21).
thermal: Fix use-after-free when unregistering thermal zone device (bsc#1051510).
thermal_hwmon: Sanitize thermal_zone type (bsc#1051510).
tipc: add NULL pointer check before calling kfree_rcu (networking-stable-19_09_15).
tipc: fix unlimited bundling of small messages (networking-stable-19_10_05).
tpm_tis_core: Set TPM_CHIP_FLAG_IRQ before probing for interrupts (bsc#1082555).
tracing: Get trace_array reference for available_tracers files (bsc#1156429).
tracing: Initialize iter->seq after zeroing in tracing_read_pipe() (bsc#1151508).
tty: serial: fsl_lpuart: Use appropriate lpuart32_* I/O funcs (bsc#1111666).
tun: fix use-after-free when register netdev failed (bsc#1111666).
tun: fix use-after-free when register netdev failed (networking-stable-19_09_15).
tuntap: correctly set SOCKWQ_ASYNC_NOSPACE (bsc#1145099).
UAS: Revert commit 3ae62a42090f ('UAS: fix alignment of scatter/gather segments').
USB: adutux: fix NULL-derefs on disconnect (bsc#1142635).
USB: adutux: fix use-after-free on disconnect (bsc#1142635).
USB: adutux: fix use-after-free on release (bsc#1051510).
USB: chaoskey: fix use-after-free on release (bsc#1051510).
USB: dummy-hcd: fix power budget for SuperSpeed mode (bsc#1051510).
USB: gadget: Reject endpoints with 0 maxpacket value (bsc#1051510).
USB: gadget: udc: atmel: Fix interrupt storm in FIFO mode (bsc#1051510).
USB: handle warm-reset port requests on hub resume (bsc#1051510).
USB: iowarrior: fix use-after-free after driver unbind (bsc#1051510).
USB: iowarrior: fix use-after-free on disconnect (bsc#1051510).
USB: iowarrior: fix use-after-free on release (bsc#1051510).
USBIP: add config dependency for SGL_ALLOC (git-fixes).
USBip: Fix free of unallocated memory in vhci tx (git-fixes).
USBip: Fix vhci_urb_enqueue() URB null transfer buffer error path (git-fixes).
USBip: Implement SG support to vhci-hcd and stub driver (git-fixes).
USB: ldusb: fix control-message timeout (bsc#1051510).
USB: ldusb: fix memleak on disconnect (bsc#1051510).
USB: ldusb: fix NULL-derefs on driver unbind (bsc#1051510).
USB: ldusb: fix read info leaks (bsc#1051510).
USB: ldusb: fix ring-buffer locking (bsc#1051510).
USB: legousbtower: fix a signedness bug in tower_probe() (bsc#1051510).
USB: legousbtower: fix deadlock on disconnect (bsc#1142635).
USB: legousbtower: fix memleak on disconnect (bsc#1051510).
USB: legousbtower: fix open after failed reset request (bsc#1142635).
USB: legousbtower: fix potential NULL-deref on disconnect (bsc#1142635).
USB: legousbtower: fix slab info leak at probe (bsc#1142635).
USB: legousbtower: fix use-after-free on release (bsc#1051510).
USB: microtek: fix info-leak at probe (bsc#1142635).
usbnet: ignore endpoints with invalid wMaxPacketSize (bsc#1051510).
usbnet: sanity checking of packet sizes and device mtu (bsc#1051510).
USB: serial: fix runtime PM after driver unbind (bsc#1051510).
USB: serial: ftdi_sio: add device IDs for Sienna and Echelon PL-20 (bsc#1051510).
USB: serial: keyspan: fix NULL-derefs on open() and write() (bsc#1051510).
USB: serial: option: add support for Cinterion CLS8 devices (bsc#1051510).
USB: serial: option: add Telit FN980 compositions (bsc#1051510).
USB: serial: ti_usb_3410_5052: fix port-close races (bsc#1051510).
USB: serial: whiteheat: fix line-speed endianness (bsc#1051510).
USB: serial: whiteheat: fix potential slab corruption (bsc#1051510).
usb-storage: Revert commit 747668dbc061 ('usb-storage: Set virt_boundary_mask to avoid SG overflows') (bsc#1051510).
USB: udc: lpc32xx: fix bad bit shift operation (bsc#1051510).
USB: usbcore: Fix slab-out-of-bounds bug during device reset (bsc#1051510).
USB: usblcd: fix I/O after disconnect (bsc#1142635).
USB: usblp: fix runtime PM after driver unbind (bsc#1051510).
USB: usblp: fix use-after-free on disconnect (bsc#1051510).
USB: usb-skeleton: fix NULL-deref on disconnect (bsc#1051510).
USB: usb-skeleton: fix runtime PM after driver unbind (bsc#1051510).
USB: usb-skeleton: fix use-after-free after driver unbind (bsc#1051510).
USB: xhci: wait for CNR controller not ready bit in xhci resume (bsc#1051510).
USB: yurex: Do not retry on unexpected errors (bsc#1051510).
USB: yurex: fix NULL-derefs on disconnect (bsc#1051510).
vfio_pci: Restore original state on release (bsc#1051510).
vhost_net: conditionally enable tx polling (bsc#1145099).
vhost/test: fix build for vhost test (bsc#1111666).
video: of: display_timing: Add of_node_put() in of_get_display_timing() (bsc#1051510).
video: ssd1307fb: Start page range at page_offset (bsc#1113722)
vsock: Fix a lockdep warning in __vsock_release() (networking-stable-19_10_05).
watchdog: imx2_wdt: fix min() calculation in imx2_wdt_set_timeout (bsc#1051510).
wcn36xx: use dynamic allocation for large variables (bsc#1111666).
wil6210: fix freeing of rx buffers in EDMA mode (bsc#1111666).
x86/asm: Fix MWAITX C-state hint value (bsc#1114279).
x86/boot/64: Make level2_kernel_pgt pages invalid outside kernel area (bnc#1153969).
x86/boot/64: Round memory hole size up to next PMD page (bnc#1153969).
x86/CPU/AMD: Clear RDRAND CPUID bit on AMD family 15h/16h (bsc#1114279).
x86/fpu: Add FPU state copying quirk to handle XRSTOR failure on Intel Skylake CPUs (bsc#1151955).
x86/mm: Use WRITE_ONCE() when setting PTEs (bsc#1114279).
x86/tls: Fix possible spectre-v1 in do_get_thread_area() (bsc#1114279).
xen/netback: fix error path of xenvif_connect_data() (bsc#1065600).
xen/netback: Reset nr_frags before freeing skb (networking-stable-19_08_21).
xen-netfront: do not assume sk_buff_head list is empty in error handling (bsc#1065600).
xen-netfront: do not use ~0U as error return value for xennet_fill_frags() (bsc#1065600).
xen/pv: Fix Xen PV guest int3 handling (bsc#1153811).
xen/xenbus: fix self-deadlock after killing user process (bsc#1065600).
xfrm: fix sa selector validation (bsc#1156609).
xfrm: Fix xfrm sel prefix length validation (git-fixes).
xhci: Check all endpoints for LPM timeout (bsc#1051510).
xhci: Fix false warning message about wrong bounce buffer write length (bsc#1051510).
xhci: Increase STS_SAVE timeout in xhci_suspend() (bsc#1051510).
xhci: Prevent device initiated U1/U2 link pm if exit latency is too long (bsc#1051510).
xsk: avoid store-tearing when assigning queues (bsc#1111666).
xsk: avoid store-tearing when assigning umem (bsc#1111666).

Advisory ID	SUSE-SU-2020:613-1
Released	Mon Mar 9 10:24:57 2020
Summary	Security update for the Linux Kernel
Type	security
Severity	moderate
References	1046303,1050244,1051510,1051858,1061840,1065600,1065729,1071995,1078248,1083647,1085030,1086301,1086313,1086314,1089644,1090888,1103989,1103990,1103991,1104353,1104427,1104745,1108043,1109837,1111666,1112178,1112374,1113722,1113956,1113994,1114279,1114685,1115026,1117169,1118661,1119113,1120853,1123328,1126206,1126390,1127354,1127371,1127611,1127682,1129551,1129770,1134973,1134983,1137223,1137236,1138039,1140948,1141054,1142095,1142635,1142924,1143959,1144333,1146519,1146544,1151067,1151548,1151900,1151910,1151927,1152107,1152631,1153535,1153628,1153811,1153917,1154043,1154058,1154243,1154355,1154601,1154768,1154916,1155331,1155334,1155689,1155897,1155921,1156258,1156259,1156286,1156462,1156471,1156928,1157032,1157038,1157042,1157044,1157045,1157046,1157049,1157070,1157115,1157143,1157145,1157155,1157157,1157158,1157160,1157162,1157169,1157171,1157173,1157178,1157180,1157182,1157183,1157184,1157191,1157193,1157197,1157298,1157303,1157304,1157307,1157324,1157333,1157386,1157424,1157463,1157499,1157678,1157692,1157698,1157778,1157853,1157895,1157908,1158013,1158021,1158026,1158049,1158063,1158064,1158065,1158066,1158067,1158068,1158071,1158082,1158094,1158132,1158381,1158394,1158398,1158407,1158410,1158413,1158417,1158427,1158445,1158533,1158637,1158638,1158639,1158640,1158641,1158643,1158644,1158645,1158646,1158647,1158649,1158651,1158652,1158819,1158823,1158824,1158827,1158834,1158893,1158900,1158903,1158904,1158954,1159024,1159028,1159297,1159377,1159394,1159483,1159484,1159500,1159569,1159588,1159841,1159908,1159909,1159910,1159911,1159955,1160147,1160195,1160210,1160211,1160433,1160442,1160469,1160470,1160476,1160560,1160618,1160678,1160755,1160756,1160784,1160787,1160802,1160803,1160804,1160917,1160966,1161087,1161243,1161472,1161514,1161518,1161522,1161523,1161549,1161552,1161674,1161931,1161933,1161934,1161935,1161936,1161937,1162028,1162067,1162109,1162139,CVE-2019-14615,CVE-2019-14895,CVE-2019-14896,CVE-2019-14897,CVE-2019-14901,CVE-2019-15213,CVE-2019-16746,CVE-2019-16994,CVE-2019-18660,CVE-2019-18683,CVE-2019-18808,CVE-2019-18809,CVE-2019-19036,CVE-2019-19045,CVE-2019-19046,CVE-2019-19049,CVE-2019-19051,CVE-2019-19052,CVE-2019-19054,CVE-2019-19056,CVE-2019-19057,CVE-2019-19058,CVE-2019-19060,CVE-2019-19062,CVE-2019-19063,CVE-2019-19065,CVE-2019-19066,CVE-2019-19067,CVE-2019-19068,CVE-2019-19073,CVE-2019-19074,CVE-2019-19075,CVE-2019-19077,CVE-2019-19078,CVE-2019-19080,CVE-2019-19081,CVE-2019-19082,CVE-2019-19083,CVE-2019-19227,CVE-2019-19318,CVE-2019-19319,CVE-2019-19332,CVE-2019-19338,CVE-2019-19447,CVE-2019-19523,CVE-2019-19524,CVE-2019-19525,CVE-2019-19526,CVE-2019-19527,CVE-2019-19528,CVE-2019-19529,CVE-2019-19530,CVE-2019-19531,CVE-2019-19532,CVE-2019-19533,CVE-2019-19534,CVE-2019-19535,CVE-2019-19536,CVE-2019-19537,CVE-2019-19543,CVE-2019-19767,CVE-2019-19927,CVE-2019-19965,CVE-2019-19966,CVE-2019-20054,CVE-2019-20095,CVE-2019-20096,CVE-2020-7053,CVE-2020-8428

Description:

The SUSE Linux Enterprise 15 SP1 real-time kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

CVE-2019-14615: An information disclosure vulnerability existed due to insufficient control flow in certain data structures for some Intel(R) Processors (bnc#1160195).
CVE-2019-14895: A heap-based buffer overflow was discovered in the Marvell WiFi driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service or possibly execute arbitrary code (bnc#1157158).
CVE-2019-14896: A heap overflow was found in the add_ie_rates() function of the Marvell Wifi Driver (bsc#1157157).
CVE-2019-14897: A stack overflow was found in the lbs_ibss_join_existing() function of the Marvell Wifi Driver (bsc#1157155).
CVE-2019-14901: A heap overflow flaw was found in the Marvell WiFi driver. The vulnerability allowed a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code (bnc#1157042).
CVE-2019-15213: A use-after-free bug caused by a malicious USB device was found in drivers/media/usb/dvb-usb/dvb-usb-init.c (bsc#1146544).
CVE-2019-16746: An issue was discovered in net/wireless/nl80211.c. The check for the length of variable elements in a beacon head was insufficient, leading to a buffer overflow (bnc#1152107).
CVE-2019-16994: A memory leak existed in sit_init_net() in net/ipv6/sit.c which might have caused denial of service, aka CID-07f12b26e21a (bnc#1161523).
CVE-2019-18660: An information disclosure bug occured because the Spectre-RSB mitigation were not in place for all applicable CPUs, aka CID-39e72bf96f58 (bnc#1157038).
CVE-2019-18683: Multiple race conditions were discovered in drivers/media/platform/vivid. It was exploitable for privilege escalation if local users had access to /dev/video0, but only if the driver happened to be loaded. At least one of these race conditions led to a use-after-free (bnc#1155897).
CVE-2019-18808: A memory leak in drivers/crypto/ccp/ccp-ops.c allowed attackers to cause a denial of service (memory consumption), aka CID-128c66429247 (bnc#1156259).
CVE-2019-18809: A memory leak in drivers/media/usb/dvb-usb/af9005.c allowed attackers to cause a denial of service (memory consumption), aka CID-2289adbfa559 (bnc#1156258).
CVE-2019-19036: An issue discovered in btrfs_root_node in fs/btrfs/ctree.c allowed a NULL pointer dereference because rcu_dereference(root->node) can be zero (bnc#1157692).
CVE-2019-19045: A memory leak in drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c allowed attackers to cause a denial of service (memory consumption) by triggering mlx5_vector2eqn() failures, aka CID-c8c2a057fdc7 (bnc#1161522).
CVE-2019-19046: There was a memory leak in __ipmi_bmc_register (bsc#1157304).
CVE-2019-19049: There was an unlikely memory leak in unittest_data_add (bsc#1157173).
CVE-2019-19051: A memory leak in drivers/net/wimax/i2400m/op-rfkill.c allowed attackers to cause a denial of service (memory consumption), aka CID-6f3ef5c25cc7 (bnc#1159024).
CVE-2019-19052: A memory leak in drivers/net/can/usb/gs_usb.c allowed attackers to cause a denial of service (memory consumption), aka CID-fb5be6a7b486 (bnc#1157324).
CVE-2019-19054: A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c allowed attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b (bnc#1161518).
CVE-2019-19056: A memory leak in drivers/net/wireless/marvell/mwifiex/pcie.c allowed attackers to cause a denial of service (memory consumption), aka CID-db8fd2cde932 (bnc#1157197).
CVE-2019-19057: Two memory leaks in drivers/net/wireless/marvell/mwifiex/pcie.c allowed attackers to cause a denial of service (memory consumption), aka CID-d10dcb615c8e (bnc#1157193 bsc#1157197).
CVE-2019-19058: A memory leak in drivers/net/wireless/intel/iwlwifi/fw/dbg.c allowed attackers to cause a denial of service (memory consumption), aka CID-b4b814fec1a5 (bnc#1157145).
CVE-2019-19060: A memory leak in drivers/iio/imu/adis_buffer.c allowed attackers to cause a denial of service (memory consumption), aka CID-ab612b1daf41 (bnc#1157178).
CVE-2019-19062: A memory leak in crypto/crypto_user_base.c allowed attackers to cause a denial of service (memory consumption), aka CID-ffdde5932042 (bnc#1157333).
CVE-2019-19063: Two memory leaks in drivers/net/wireless/realtek/rtlwifi/usb.c allowed attackers to cause a denial of service (memory consumption), aka CID-3f9361695113 (bnc#1157298).
CVE-2019-19065: A memory leak in drivers/infiniband/hw/hfi1/sdma.c allowed attackers to cause a denial of service (memory consumption), aka CID-34b3be18a04e (bnc#1157191).
CVE-2019-19066: A memory leak in drivers/scsi/bfa/bfad_attr.c allowed attackers to cause a denial of service (memory consumption), aka CID-0e62395da2bd (bnc#1157303).
CVE-2019-19067: There were four unlikely memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c (bnc#1157180).
CVE-2019-19068: A memory leak in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c allowed attackers to cause a denial of service (memory consumption), aka CID-a2cdd07488e6 (bnc#1157307).
CVE-2019-19073: Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c allowed attackers to cause a denial of service (memory consumption), aka CID-853acf7caf10 (bnc#1157070).
CVE-2019-19074: A memory leak in drivers/net/wireless/ath/ath9k/wmi.c allowed attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4 (bnc#1157143).
CVE-2019-19075: A memory leak in drivers/net/ieee802154/ca8210.c allowed attackers to cause a denial of service (memory consumption) by triggering ca8210_get_platform_data() failures, aka CID-6402939ec86e (bnc#1157162).
CVE-2019-19077: A memory leak in drivers/infiniband/hw/bnxt_re/ib_verbs.c allowed attackers to cause a denial of service (memory consumption), aka CID-4a9d46a9fe14 (bnc#1157171).
CVE-2019-19078: A memory leak in drivers/net/wireless/ath/ath10k/usb.c allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-b8d17e7d93d2 (bnc#1157032).
CVE-2019-19080: Four memory leaks in drivers/net/ethernet/netronome/nfp/flower/main.c allowed attackers to cause a denial of service (memory consumption), aka CID-8572cea1461a (bnc#1157044).
CVE-2019-19081: A memory leak in drivers/net/ethernet/netronome/nfp/flower/main.c allowed attackers to cause a denial of service (memory consumption), aka CID-8ce39eb5a67a (bnc#1157045).
CVE-2019-19082: Memory leaks were found in the *create_resource_pool() functions under drivers/gpu/drm/amd/display/dc, aka CID-104c307147ad (bnc#1157046).
CVE-2019-19083: Memory leaks were found in the *clock_source_create() functions under drivers/gpu/drm/amd/display/dc, aka CID-055e547478a1 (bnc#1157049).
CVE-2019-19227: In the AppleTalk subsystem there was a potential NULL pointer dereference because register_snap_client may return NULL. This could have led to denial of service, aka CID-9804501fa122 (bnc#1157678).
CVE-2019-19318: Mounting a crafted btrfs image twice could have caused a use-after-free (bnc#1158026).
CVE-2019-19319: A slab-out-of-bounds write access could have occured when setxattr was called after mounting of a specially crafted ext4 image (bnc#1158021).
CVE-2019-19332: An out-of-bounds memory write issue was found in the way the KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could have used this flaw to crash the system (bnc#1158827).
CVE-2019-19338: There was an incomplete fix for an issue with Transactional Synchronisation Extensions in the KVM code (bsc#1158954).
CVE-2019-19447: Mounting a crafted ext4 filesystem image, performing some operations, and unmounting could have led to a use-after-free in fs/ext4/super.c (bnc#1158819).
CVE-2019-19523: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79 (bsc#1158823).
CVE-2019-19524: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9 (bsc#1158413).
CVE-2019-19525: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver, aka CID-7fd25e6fc035 (bsc#1158417).
CVE-2019-19526: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver, aka CID-6af3aa57a098 (bsc#1158893).
CVE-2019-19527: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e (bsc#1158900).
CVE-2019-19528: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d (bsc#1158407).
CVE-2019-19529: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcba_usb.c driver, aka CID-4d6636498c41 (bnc#1158381).
CVE-2019-19530: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef (bsc#1158410).
CVE-2019-19531: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver, aka CID-fc05481b2fca (bsc#1158445).
CVE-2019-19532: There were multiple out-of-bounds write bugs that can be caused by a malicious USB HID device, aka CID-d9d4b1e46d95 (bsc#1158824).
CVE-2019-19533: There was an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464 (bsc#1158834).
CVE-2019-19534: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29 (bsc#1158398).
CVE-2019-19535: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042 (bsc#1158903).
CVE-2019-19536: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0 (bsc#1158394).
CVE-2019-19537: There was a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9 (bsc#1158904).
CVE-2019-19543: There was a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c (bnc#1158427).
CVE-2019-19767: There were multiple use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163 (bnc#1159297).
CVE-2019-19927: A slab-out-of-bounds read access occured when mounting a crafted f2fs filesystem image and performing some operations on it (bnc#1160147).
CVE-2019-19965: There was a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5 (bnc#1159911).
CVE-2019-19966: There was a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that could have caused a denial of service, aka CID-dea37a972655 (bnc#1159841).
CVE-2019-20054: There was a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e (bnc#1159910).
CVE-2019-20095: Several memory leaks were found in drivers/net/wireless/marvell/mwifiex/cfg80211.c, aka CID-003b686ace82 (bnc#1159909).
CVE-2019-20096: There was a memory leak in __feat_register_sp() in net/dccp/feat.c, aka CID-1d3ff0950e2b (bnc#1159908).
CVE-2020-7053: There was a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c (bnc#1160966).
CVE-2020-8428: There was a use-after-free bug in fs/namei.c, which allowed local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9 (bnc#1162109).

The following non-security bugs were fixed:

6pack,mkiss: fix possible deadlock (bsc#1051510).
a typo in %kernel_base_conflicts macro name
ACPI / APEI: Do not wait to serialise with oops messages when panic()ing (bsc#1051510).
ACPI / APEI: Switch estatus pool to use vmalloc memory (bsc#1051510).
ACPI / hotplug / PCI: Allocate resources directly under the non-hotplug bridge (bsc#1111666).
ACPI / LPSS: Exclude I2C busses shared with PUNIT from pmc_atom_d3_mask (bsc#1051510).
ACPI / LPSS: Ignore acpi_device_fix_up_power() return value (bsc#1051510).
ACPI / SBS: Fix rare oops when removing modules (bsc#1051510).
ACPI/nfit, device-dax: Identify differentiated memory with a unique numa-node (bsc#1158071).
ACPI: bus: Fix NULL pointer check in acpi_bus_get_private_data() (bsc#1051510).
ACPI: fix acpi_find_child_device() invocation in acpi_preset_companion() (bsc#1051510).
ACPI: OSL: only free map once in osl.c (bsc#1051510).
ACPI: sysfs: Change ACPI_MASKABLE_GPE_MAX to 0x100 (bsc#1051510).
ACPICA: Never run _REG on system_memory and system_IO (bsc#1051510).
ACPICA: Use %d for signed int print formatting instead of %u (bsc#1051510).
af_packet: set defaule value for tmo (bsc#1051510).
ALSA: 6fire: Drop the dead code (git-fixes).
ALSA: control: remove useless assignment in .info callback of PCM chmap element (git-fixes).
ALSA: cs4236: fix error return comparison of an unsigned integer (git-fixes).
ALSA: echoaudio: simplify get_audio_levels (bsc#1051510).
ALSA: fireface: fix return value in error path of isochronous resources reservation (bsc#1051510).
ALSA: firewire-motu: Correct a typo in the clock proc string (git-fixes).
ALSA: hda - Add docking station support for Lenovo Thinkpad T420s (git-fixes).
ALSA: hda - Add mute led support for HP ProBook 645 G4 (git-fixes).
ALSA: hda - Apply sync-write workaround to old Intel platforms, too (bsc#1111666).
ALSA: hda - constify and cleanup static NodeID tables (bsc#1111666).
ALSA: hda - Downgrade error message for single-cmd fallback (git-fixes).
ALSA: hda - Fix pending unsol events at shutdown (git-fixes).
ALSA: hda - fixup for the bass speaker on Lenovo Carbon X1 7th gen (git-fixes).
ALSA: hda/analog - Minor optimization for SPDIF mux connections (git-fixes).
ALSA: hda/ca0132 - Avoid endless loop (git-fixes).
ALSA: hda/ca0132 - Fix work handling in delayed HP detection (git-fixes).
ALSA: hda/ca0132 - Keep power on during processing DSP response (git-fixes).
ALSA: hda/hdmi - Add new pci ids for AMD GPU display audio (git-fixes).
ALSA: hda/hdmi - add retry logic to parse_intel_hdmi() (git-fixes).
ALSA: hda/hdmi - Clear codec->relaxed_resume flag at unbinding (git-fixes).
ALSA: hda/hdmi - fix atpx_present when CLASS is not VGA (bsc#1051510).
ALSA: hda/hdmi - Fix duplicate unref of pci_dev (bsc#1051510).
ALSA: hda/hdmi - fix vgaswitcheroo detection for AMD (git-fixes).
ALSA: hda/realtek - Add Bass Speaker and fixed dac for bass speaker (bsc#1111666).
ALSA: hda/realtek - Add headset Mic no shutup for ALC283 (bsc#1051510).
ALSA: hda/realtek - Add Headset Mic supported for HP cPC (bsc#1111666).
ALSA: hda/realtek - Add new codec supported for ALCS1200A (bsc#1111666).
ALSA: hda/realtek - Add quirk for the bass speaker on Lenovo Yoga X1 7th gen (bsc#1111666).
ALSA: hda/realtek - Apply mic mute LED quirk for Dell E7xx laptops, too (bsc#1111666).
ALSA: hda/realtek - Dell headphone has noise on unmute for ALC236 (git-fixes).
ALSA: hda/realtek - Enable internal speaker of ASUS UX431FLC (git-fixes).
ALSA: hda/realtek - Enable the bass speaker of ASUS UX431FLC (bsc#1111666).
ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop (git-fixes).
ALSA: hda/realtek - Fix inverted bass GPIO pin on Acer 8951G (git-fixes).
ALSA: hda/realtek - Line-out jack does not work on a Dell AIO (bsc#1051510).
ALSA: hda/realtek - More constifications (bsc#1111666).
ALSA: hda/realtek - Move some alc236 pintbls to fallback table (git-fixes).
ALSA: hda/realtek - Move some alc256 pintbls to fallback table (git-fixes).
ALSA: hda/realtek - Set EAPD control to default for ALC222 (bsc#1111666).
ALSA: hda: constify copied structure (bsc#1111666).
ALSA: hda: Constify snd_kcontrol_new items (bsc#1111666).
ALSA: hda: Constify snd_pci_quirk tables (bsc#1111666).
ALSA: hda: correct kernel-doc parameter descriptions (bsc#1111666).
ALSA: hda: Fix racy display power access (bsc#1156928).
ALSA: hda: hdmi - fix port numbering for ICL and TGL platforms (git-fixes).
ALSA: hda: hdmi - remove redundant code comments (git-fixes).
ALSA: hda: More constifications (bsc#1111666).
ALSA: hda: patch_hdmi: remove warnings with empty body (bsc#1111666).
ALSA: hda: patch_realtek: fix empty macro usage in if block (bsc#1111666).
ALSA: i2c/cs8427: Fix int to char conversion (bsc#1051510).
ALSA: ice1724: Fix sleep-in-atomic in Infrasonic Quartet support code (bsc#1051510).
ALSA: intel8x0m: Register irq handler after register initializations (bsc#1051510).
ALSA: oxfw: fix return value in error path of isochronous resources reservation (bsc#1051510).
ALSA: pcm: Avoid possible info leaks from PCM stream buffers (git-fixes).
ALSA: pcm: oss: Avoid potential buffer overflows (git-fixes).
ALSA: pcm: signedness bug in snd_pcm_plug_alloc() (bsc#1051510).
ALSA: pcm: Yet another missing check of non-cached buffer type (bsc#1111666).
ALSA: seq: Do error checks at creating system ports (bsc#1051510).
ALSA: seq: Fix racy access for queue timer in proc read (bsc#1051510).
ALSA: sh: Fix compile warning wrt const (git-fixes).
ALSA: sh: Fix unused variable warnings (bsc#1111666).
ALSA: usb-audio: Add skip_validation option (git-fixes).
ALSA: usb-audio: Apply the sample rate quirk for Bose Companion 5 (bsc#1111666).
ALSA: usb-audio: Fix Focusrite Scarlett 6i6 gen1 - input handling (git-fixes).
ALSA: usb-audio: Fix incorrect NULL check in create_yamaha_midi_quirk() (git-fixes).
ALSA: usb-audio: Fix incorrect size check for processing/extension units (git-fixes).
ALSA: usb-audio: Fix NULL dereference at parsing BADD (git-fixes).
ALSA: usb-audio: fix set_format altsetting sanity check (bsc#1051510).
ALSA: usb-audio: fix sync-ep altsetting sanity check (bsc#1051510).
ALSA: usb-audio: sound: usb: usb true/false for bool return type (git-fixes).
apparmor: fix unsigned len comparison with less than zero (git-fixes).
appledisplay: fix error handling in the scheduled work (git-fixes).
ar5523: check NULL before memcpy() in ar5523_cmd() (bsc#1051510).
ASoC: au8540: use 64-bit arithmetic instead of 32-bit (bsc#1051510).
ASoC: compress: fix unsigned integer overflow check (bsc#1051510).
ASoC: cs4349: Use PM ops 'cs4349_runtime_pm' (bsc#1051510).
ASoC: davinci-mcasp: Handle return value of devm_kasprintf (stable 4.14.y).
ASoC: davinci: Kill BUG_ON() usage (stable 4.14.y).
ASoC: dpcm: Properly initialise hw->rate_max (bsc#1051510).
ASoC: Intel: hdac_hdmi: Limit sampling rates at dai creation (bsc#1051510).
ASoC: Jack: Fix NULL pointer dereference in snd_soc_jack_report (bsc#1051510).
ASoC: kirkwood: fix external clock probe defer (git-fixes).
ASoC: msm8916-wcd-analog: Fix RX1 selection in RDAC2 MUX (git-fixes).
ASoC: msm8916-wcd-analog: Fix selected events for MIC BIAS External1 (bsc#1051510).
ASoC: samsung: i2s: Fix prescaler setting for the secondary DAI (bsc#1111666).
ASoC: sgtl5000: avoid division by zero if lo_vag is zero (bsc#1051510).
ASoC: tegra_sgtl5000: fix device_node refcounting (bsc#1051510).
ASoC: tlv320aic31xx: Handle inverted BCLK in non-DSP modes (stable 4.14.y).
ASoC: tlv320dac31xx: mark expected switch fall-through (stable 4.14.y).
ASoC: wm8962: fix lambda value (git-fixes).
ata: ep93xx: Use proper enums for directions (bsc#1051510).
ath10k: allocate small size dma memory in ath10k_pci_diag_write_mem (bsc#1111666).
ath10k: avoid possible memory access violation (bsc#1111666).
ath10k: Correct error handling of dma_map_single() (bsc#1111666).
ath10k: Correct the DMA direction for management tx buffers (bsc#1111666).
ath10k: fix fw crash by moving chip reset after napi disabled (bsc#1051510).
ath10k: fix kernel panic by moving pci flush after napi_disable (bsc#1051510).
ath10k: fix vdev-start timeout on error (bsc#1051510).
ath10k: limit available channels via DT ieee80211-freq-limit (bsc#1051510).
ath10k: pci: Fix comment on ath10k_pci_dump_memory_sram (bsc#1111666).
ath10k: pci: Only dump ATH10K_MEM_REGION_TYPE_IOREG when safe (bsc#1111666).
ath10k: skip resetting rx filter for WCN3990 (bsc#1111666).
ath10k: wmi: disable softirq's while calling ieee80211_rx (bsc#1051510).
ath6kl: Fix off by one error in scan completion (bsc#1051510).
ath9k: add back support for using active monitor interfaces for tx99 (bsc#1051510).
ath9k: Fix a locking bug in ath9k_add_interface() (bsc#1051510).
ath9k: fix reporting calculated new FFT upper max (bsc#1051510).
ath9k: fix storage endpoint lookup (git-fixes).
ath9k: fix tx99 with monitor mode interface (bsc#1051510).
ath9k_hw: fix uninitialized variable data (bsc#1051510).
atl1e: checking the status of atl1e_write_phy_reg (bsc#1051510).
audit: Allow auditd to set pid to 0 to end auditing (bsc#1158094).
ax88172a: fix information leak on short answers (bsc#1051510).
backlight: lm3639: Unconditionally call led_classdev_unregister (bsc#1051510).
batman-adv: Fix DAT candidate selection on little endian systems (bsc#1051510).
bcma: remove set but not used variable 'sizel' (git-fixes).
blk-mq: avoid sysfs buffer overflow with too many CPU cores (bsc#1159377).
blk-mq: make sure that line break can be printed (bsc#1159377).
Bluetooth: btusb: fix PM leak in error case of setup (bsc#1051510).
Bluetooth: delete a stray unlock (bsc#1051510).
Bluetooth: Fix invalid-free in bcsp_close() (git-fixes).
Bluetooth: Fix memory leak in hci_connect_le_scan (bsc#1051510).
Bluetooth: hci_bcm: Handle specific unknown packets after firmware loading (bsc#1051510).
Bluetooth: hci_core: fix init for HCI_USER_CHANNEL (bsc#1051510).
Bluetooth: L2CAP: Detect if remote is not able to use the whole MPS (bsc#1051510).
bnxt: apply computed clamp value for coalece parameter (bsc#1104745).
bnxt_en: Fix MSIX request logic for RDMA driver (bsc#1104745 ).
bnxt_en: Increase timeout for HWRM_DBG_COREDUMP_XX commands (bsc#1104745).
bnxt_en: Return error if FW returns more data than dump length (bsc#1104745).
bnxt_en: Update firmware interface spec. to 1.10.0.47 (bsc#1157115)
bnxt_en: Update firmware interface spec. to 1.10.0.89 (bsc#1157115)
bnxt_en: Update firmware interface to 1.10.0.69 (bsc#1157115)
bonding: fix active-backup transition after link failure (git-fixes).
bonding: fix potential NULL deref in bond_update_slave_arr (bsc#1051510).
bonding: fix slave stuck in BOND_LINK_FAIL state (networking-stable-19_11_10).
bonding: fix state transition issue in link monitoring (networking-stable-19_11_10).
bonding: fix unexpected IFF_BONDING bit unset (bsc#1051510).
bpf, offload: Unlock on error in bpf_offload_dev_create() (bsc#1109837).
bpf/sockmap: Read psock ingress_msg before sk_receive_queue (bsc#1083647).
bpf/stackmap: Fix deadlock with rq_lock in bpf_get_stack() (bsc#1083647).
bpf: add self-check logic to liveness analysis (bsc#1160618).
bpf: add verifier stats and log_level bit 2 (bsc#1160618).
bpf: fix BTF limits (bsc#1109837).
bpf: fix BTF verification of enums (bsc#1109837).
bpf: Fix incorrect verifier simulation of ARSH under ALU32 (bsc#1083647).
bpf: Fix use after free in subprog's jited symbol removal (bsc#1109837).
bpf: improve stacksafe state comparison (bco#1160618).
bpf: improve verification speed by droping states (bsc#1160618).
bpf: improve verification speed by not remarking live_read (bsc#1160618).
bpf: improve verifier branch analysis (bsc#1160618).
bpf: increase complexity limit and maximum program size (bsc#1160618).
bpf: increase verifier log limit (bsc#1160618).
bpf: Make use of probe_user_write in probe write helper (bsc#1083647).
bpf: Reject indirect var_off stack access in raw mode (bsc#1160618).
bpf: Reject indirect var_off stack access in unpriv mode (bco#1160618).
bpf: Sanity check max value for var_off stack access (bco#1160618).
bpf: skmsg, fix potential psock NULL pointer dereference (bsc#1109837).
bpf: speed up stacksafe check (bco#1160618).
bpf: Support variable offset stack access from helpers (bco#1160618).
bpf: verifier: teach the verifier to reason about the BPF_JSET instruction (bco#1160618).
brcmfmac: fix full timeout waiting for action frame on-channel tx (bsc#1051510).
brcmfmac: fix interface sanity check (git-fixes).
brcmfmac: Fix memory leak in brcmf_p2p_create_p2pdev() (bsc#1111666).
brcmfmac: Fix memory leak in brcmf_usbdev_qinit (git-fixes).
brcmfmac: Fix use after free in brcmf_sdio_readframes() (git-fixes).
brcmfmac: fix wrong strnchr usage (bsc#1111666).
brcmfmac: increase buffer for obtaining firmware capabilities (bsc#1111666).
brcmfmac: reduce timeout for action frame scan (bsc#1051510).
brcmfmac: sdio: Fix OOB interrupt initialization on brcm43362 (bsc#1111666).
brcmfmac: set F2 watermark to 256 for 4373 (bsc#1111666).
brcmfmac: set SDIO F1 MesBusyCtrl for CYW4373 (bsc#1111666).
brcmsmac: AP mode: update beacon when TIM changes (bsc#1051510).
brcmsmac: never log 'tid x is not agg'able' by default (bsc#1051510).
brcmsmac: Use kvmalloc() for ucode allocations (bsc#1111666).
btrfs: abort transaction after failed inode updates in create_subvol (bsc#1161936).
btrfs: add missing extents release on file extent cluster relocation error (bsc#1159483).
btrfs: avoid fallback to transaction commit during fsync of files with holes (bsc#1159569).
btrfs: dev-replace: remove warning for unknown return codes when finished (dependency for bsc#1162067).
btrfs: do not call synchronize_srcu() in inode_tree_del (bsc#1161934).
btrfs: Ensure we trim ranges across block group boundary (bsc#1151910).
btrfs: fix block group remaining RO forever after error during device replace (bsc#1160442).
btrfs: fix btrfs_write_inode vs delayed iput deadlock (bsc#1154243).
btrfs: fix infinite loop during nocow writeback due to race (bsc#1160804).
btrfs: fix integer overflow in calc_reclaim_items_nr (bsc#1160433).
btrfs: fix missing data checksums after replaying a log tree (bsc#1161931).
btrfs: fix negative subv_writers counter and data space leak after buffered write (bsc#1160802).
btrfs: fix removal logic of the tree mod log that leads to use-after-free issues (bsc#1160803).
btrfs: fix selftests failure due to uninitialized i_mode in test inodes (Fix for dependency of bsc#1157692).
btrfs: handle ENOENT in btrfs_uuid_tree_iterate (bsc#1161937).
btrfs: harden agaist duplicate fsid on scanned devices (bsc#1134973).
btrfs: inode: Verify inode mode to avoid NULL pointer dereference (dependency for bsc#1157692).
btrfs: make tree checker detect checksum items with overlapping ranges (bsc#1161931).
btrfs: Move btrfs_check_chunk_valid() to tree-check.[ch] and export it (dependency for bsc#1157692).
btrfs: record all roots for rename exchange on a subvol (bsc#1161933).
btrfs: relocation: fix reloc_root lifespan and access (bsc#1159588).
btrfs: scrub: Require mandatory block group RO for dev-replace (bsc#1162067).
btrfs: send, skip backreference walking for extents with many references (bsc#1162139).
btrfs: simplify inode locking for RWF_NOWAIT (git-fixes).
btrfs: skip log replay on orphaned roots (bsc#1161935).
btrfs: tree-checker: Check chunk item at tree block read time (dependency for bsc#1157692).
btrfs: tree-checker: Check level for leaves and nodes (dependency for bsc#1157692).
btrfs: tree-checker: Enhance chunk checker to validate chunk profile (dependency for bsc#1157692).
btrfs: tree-checker: Fix wrong check on max devid (fixes for dependency of bsc#1157692).
btrfs: tree-checker: get fs_info from eb in block_group_err (dependency for bsc#1157692).
btrfs: tree-checker: get fs_info from eb in check_block_group_item (dependency for bsc#1157692).
btrfs: tree-checker: get fs_info from eb in check_csum_item (dependency for bsc#1157692).
btrfs: tree-checker: get fs_info from eb in check_dev_item (dependency for bsc#1157692).
btrfs: tree-checker: get fs_info from eb in check_dir_item (dependency for bsc#1157692).
btrfs: tree-checker: get fs_info from eb in check_extent_data_item (dependency for bsc#1157692).
btrfs: tree-checker: get fs_info from eb in check_inode_item (dependency for bsc#1157692).
btrfs: tree-checker: get fs_info from eb in check_leaf (dependency for bsc#1157692).
btrfs: tree-checker: get fs_info from eb in check_leaf_item (dependency for bsc#1157692).
btrfs: tree-checker: get fs_info from eb in chunk_err (dependency for bsc#1157692).
btrfs: tree-checker: get fs_info from eb in dev_item_err (dependency for bsc#1157692).
btrfs: tree-checker: get fs_info from eb in dir_item_err (dependency for bsc#1157692).
btrfs: tree-checker: get fs_info from eb in file_extent_err (dependency for bsc#1157692).
btrfs: tree-checker: get fs_info from eb in generic_err (dependency for bsc#1157692).
btrfs: tree-checker: Make btrfs_check_chunk_valid() return EUCLEAN instead of EIO (dependency for bsc#1157692).
btrfs: tree-checker: Make chunk item checker messages more readable (dependency for bsc#1157692).
btrfs: tree-checker: Verify dev item (dependency for bsc#1157692).
btrfs: tree-checker: Verify inode item (dependency for bsc#1157692).
btrfs: volumes: Use more straightforward way to calculate map length (bsc#1151910).
can, slip: Protect tty->disc_data in write_wakeup and close with RCU (bsc#1051510).
can: can_dropped_invalid_skb(): ensure an initialized headroom in outgoing CAN sk_buffs (bsc#1051510).
can: c_can: c_can_poll(): only read status register after status IRQ (git-fixes).
can: c_can: D_CAN: c_can_chip_config(): perform a sofware reset on open (bsc#1051510).
can: gs_usb: gs_usb_probe(): use descriptors of current altsetting (bsc#1051510).
can: mcba_usb: fix use-after-free on disconnect (git-fixes).
can: mscan: mscan_rx_poll(): fix rx path lockup when returning from polling to irq mode (bsc#1051510).
can: peak_usb: fix a potential out-of-sync while decoding packets (git-fixes).
can: peak_usb: fix slab info leak (git-fixes).
can: peak_usb: report bus recovery as well (bsc#1051510).
can: rx-offload: can_rx_offload_irq_offload_fifo(): continue on error (bsc#1051510).
can: rx-offload: can_rx_offload_irq_offload_timestamp(): continue on error (bsc#1051510).
can: rx-offload: can_rx_offload_offload_one(): do not increase the skb_queue beyond skb_queue_len_max (git-fixes).
can: rx-offload: can_rx_offload_offload_one(): increment rx_fifo_errors on queue overflow or OOM (bsc#1051510).
can: rx-offload: can_rx_offload_offload_one(): use ERR_PTR() to propagate error value in case of errors (bsc#1051510).
can: rx-offload: can_rx_offload_queue_sorted(): fix error handling, avoid skb mem leak (git-fixes).
can: rx-offload: can_rx_offload_queue_tail(): fix error handling, avoid skb mem leak (git-fixes).
can: slcan: Fix use-after-free Read in slcan_open (bsc#1051510).
can: usb_8dev: fix use-after-free on disconnect (git-fixes).
CDC-NCM: handle incomplete transfer of MTU (networking-stable-19_11_10).
ceph: add missing check in d_revalidate snapdir handling (bsc#1157183).
ceph: do not try to handle hashed dentries in non-O_CREAT atomic_open (bsc#1157184).
ceph: fix use-after-free in __ceph_remove_cap() (bsc#1154058).
ceph: just skip unrecognized info in ceph_reply_info_extra (bsc#1157182).
cfg80211/mac80211: make ieee80211_send_layer2_update a public function (bsc#1051510).
cfg80211: Avoid regulatory restore when COUNTRY_IE_IGNORE is set (bsc#1051510).
cfg80211: call disconnect_wk when AP stops (bsc#1051510).
cfg80211: check for set_wiphy_params (bsc#1051510).
cfg80211: fix deadlocks in autodisconnect work (bsc#1111666).
cfg80211: fix memory leak in cfg80211_cqm_rssi_update (bsc#1111666).
cfg80211: fix page refcount issue in A-MSDU decap (bsc#1051510).
cfg80211: Prevent regulatory restore during STA disconnect in concurrent interfaces (bsc#1051510).
cfg80211: validate wmm rule when setting (bsc#1111666).
cgroup,writeback: do not switch wbs immediately on dead wbs if the memcg is dead (bsc#1158645).
cgroup: pids: use atomic64_t for pids->limit (bsc#1161514).
cifs: add a helper to find an existing readable handle to a file (bsc#1144333, bsc#1154355).
cifs: add support for flock (bsc#1144333).
cifs: avoid using MID 0xFFFF (bsc#1144333, bsc#1154355).
cifs: Close cached root handle only if it had a lease (bsc#1144333).
cifs: Close open handle after interrupted close (bsc#1144333).
cifs: close the shared root handle on tree disconnect (bsc#1144333).
cifs: create a helper to find a writeable handle by path name (bsc#1144333, bsc#1154355).
cifs: Do not miss cancelled OPEN responses (bsc#1144333).
cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs (bsc#1144333, bsc#1154355).
cifs: Fix lookup of root ses in DFS referral cache (bsc#1144333).
cifs: fix max ea value size (bsc#1144333, bsc#1154355).
cifs: Fix memory allocation in __smb2_handle_cancelled_cmd() (bsc#1144333).
cifs: Fix missed free operations (bsc#1144333, bsc#1154355).
cifs: Fix mount options set in automount (bsc#1144333).
cifs: Fix NULL pointer dereference in mid callback (bsc#1144333).
cifs: Fix NULL-pointer dereference in smb2_push_mandatory_locks (bsc#1144333).
cifs: Fix oplock handling for SMB 2.1+ protocols (bsc#1144333, bsc#1154355).
cifs: Fix potential softlockups while refreshing DFS cache (bsc#1144333).
cifs: Fix retrieval of DFS referrals in cifs_mount() (bsc#1144333).
cifs: Fix retry mid list corruption on reconnects (bsc#1144333, bsc#1154355).
cifs: Fix SMB2 oplock break processing (bsc#1144333, bsc#1154355).
cifs: Fix use after free of file info structures (bsc#1144333, bsc#1154355).
cifs: Fix use-after-free bug in cifs_reconnect() (bsc#1144333).
cifs: Force reval dentry if LOOKUP_REVAL flag is set (bsc#1144333, bsc#1154355).
cifs: Force revalidate inode when dentry is stale (bsc#1144333, bsc#1154355).
cifs: Gracefully handle QueryInfo errors during open (bsc#1144333, bsc#1154355).
cifs: move cifsFileInfo_put logic into a work-queue (bsc#1144333, bsc#1154355).
cifs: prepare SMB2_Flush to be usable in compounds (bsc#1144333, bsc#1154355).
cifs: Properly process SMB3 lease breaks (bsc#1144333).
cifs: remove set but not used variables 'cinode' and 'netfid' (bsc#1144333).
cifs: Respect O_SYNC and O_DIRECT flags during reconnect (bsc#1144333).
cifs: set domainName when a domain-key is used in multiuser (bsc#1144333, bsc#1154355).
cifs: use cifsInodeInfo->open_file_lock while iterating to avoid a panic (bsc#1144333, bsc#1154355).
cifs: use existing handle for compound_op(OP_SET_INFO) when possible (bsc#1144333, bsc#1154355).
cifs: Use kzfree() to zero out the password (bsc#1144333, bsc#1154355).
clk: at91: avoid sleeping early (git-fixes).
clk: Do not try to enable critical clocks if prepare failed (bsc#1051510).
clk: imx: clk-composite-8m: add lock to gate/mux (git-fixes).
clk: pxa: fix one of the pxa RTC clocks (bsc#1051510).
clk: rockchip: fix I2S1 clock gate register for rk3328 (bsc#1051510).
clk: rockchip: fix ID of 8ch clock of I2S1 for rk3328 (bsc#1051510).
clk: rockchip: fix rk3188 sclk_mac_lbtest parameter ordering (bsc#1051510).
clk: rockchip: fix rk3188 sclk_smc gate data (bsc#1051510).
clk: samsung: exynos5420: Preserve CPU clocks configuration during suspend/resume (bsc#1051510).
clk: samsung: exynos5420: Preserve PLL configuration during suspend/resume (git-fixes).
clk: samsung: Use clk_hw API for calling clk framework from clk notifiers (bsc#1051510).
clk: sunxi-ng: a80: fix the zero'ing of bits 16 and 18 (git-fixes).
clk: sunxi: sun9i-mmc: Implement reset callback for reset controls (bsc#1051510).
clocksource/drivers/bcm2835_timer: Fix memory leak of timer (bsc#1051510).
clocksource/drivers/sh_cmt: Fix clocksource width for 32-bit machines (bsc#1051510).
clocksource/drivers/sh_cmt: Fixup for 64-bit machines (bsc#1051510).
compat_ioctl: handle SIOCOUTQNSD (bsc#1051510).
component: fix loop condition to call unbind() if bind() fails (bsc#1051510).
configfs_register_group() shouldn't be (and isn't) called in rmdirable parts (bsc#1051510).
copy/pasted 'Recommends:' instead of 'Provides:', 'Obsoletes:' and 'Conflicts:
Cover up kABI breakage due to DH key verification (bsc#1155331).
cpufreq/pasemi: fix use-after-free in pas_cpufreq_cpu_init() (bsc#1051510).
cpufreq: intel_pstate: Register when ACPI PCCH is present (bsc#1051510).
cpufreq: powernv: fix stack bloat and hard limit on number of CPUs (bsc#1051510).
cpufreq: Skip cpufreq resume if it's not suspended (bsc#1051510).
cpufreq: ti-cpufreq: add missing of_node_put() (bsc#1051510).
cpupower : Fix cpupower working when cpu0 is offline (bsc#1051510).
cpupower : frequency-set -r option misses the last cpu in related cpu list (bsc#1051510).
cpupower: Fix coredump on VMWare (bsc#1051510).
crypto: af_alg - cast ki_complete ternary op to int (bsc#1051510).
crypto: af_alg - Use bh_lock_sock in sk_destruct (bsc#1051510).
crypto: api - Check spawn->alg under lock in crypto_drop_spawn (bsc#1051510).
crypto: api - Fix race condition in crypto_spawn_alg (bsc#1051510).
crypto: atmel-sha - fix error handling when setting hmac key (bsc#1051510).
crypto: caam/qi2 - fix typo in algorithm's driver name (bsc#1111666).
crypto: ccp - fix uninitialized list head (bsc#1051510).
crypto: chelsio - fix writing tfm flags to wrong place (bsc#1051510).
crypto: crypto4xx - fix double-free in crypto4xx_destroy_sdr (bsc#1051510).
crypto: dh - add public key verification test (bsc#1155331).
crypto: dh - fix calculating encoded key size (bsc#1155331).
crypto: dh - fix memory leak (bsc#1155331).
crypto: dh - update test for public key verification (bsc#1155331).
crypto: DRBG - add FIPS 140-2 CTRNG for noise source (bsc#1155334).
crypto: ecdh - add public key verification test (bsc#1155331).
crypto: ecdh - fix big endian bug in ECC library (bsc#1051510).
crypto: ecdh - fix typo of P-192 b value (bsc#1155331).
crypto: fix a memory leak in rsa-kcs1pad's encryption mode (bsc#1051510).
crypto: geode-aes - switch to skcipher for cbc(aes) fallback (bsc#1051510).
crypto: mxc-scc - fix build warnings on ARM64 (bsc#1051510).
crypto: mxs-dcp - Fix AES issues (bsc#1051510).
crypto: mxs-dcp - Fix SHA null hashes and output length (bsc#1051510).
crypto: mxs-dcp - make symbols 'sha1_null_hash' and 'sha256_null_hash' static (bsc#1051510).
crypto: pcrypt - Do not clear MAY_SLEEP flag in original request (bsc#1051510).
crypto: picoxcell - adjust the position of tasklet_init and fix missed tasklet_kill (bsc#1051510).
crypto: reexport crypto_shoot_alg() (bsc#1051510, kABI fix).
crypto: s5p-sss: Fix Fix argument list alignment (bsc#1051510).
crypto: tgr192 - remove unneeded semicolon (bsc#1051510).
cw1200: Fix a signedness bug in cw1200_load_firmware() (bsc#1051510).
cxgb4: fix panic when attaching to ULD fail (networking-stable-19_11_05).
cxgb4: request the TX CIDX updates to status page (bsc#1127354 bsc#1127371).
cxgb4: request the TX CIDX updates to status page (bsc#1127371).
dccp: do not leak jiffies on the wire (networking-stable-19_11_05).
dlm: do not leak kernel pointer to userspace (bsc#1051510).
dlm: fix invalid free (bsc#1051510).
dma-buf: Fix memory leak in sync_file_merge() (git-fixes).
dma-mapping: fix return type of dma_set_max_seg_size() (bsc#1051510).
dmaengine: coh901318: Fix a double-lock bug (bsc#1051510).
dmaengine: coh901318: Remove unused variable (bsc#1051510).
dmaengine: dma-jz4780: Do not depend on MACH_JZ4780 (bsc#1051510).
dmaengine: dma-jz4780: Further residue status fix (bsc#1051510).
dmaengine: ep93xx: Return proper enum in ep93xx_dma_chan_direction (bsc#1051510).
dmaengine: Fix access to uninitialized dma_slave_caps (bsc#1051510).
dmaengine: imx-sdma: fix use-after-free on probe error path (bsc#1051510).
dmaengine: rcar-dmac: set scatter/gather max segment size (bsc#1051510).
dmaengine: timb_dma: Use proper enum in td_prep_slave_sg (bsc#1051510).
docs: move protection-keys.rst to the core-api book (bsc#1078248).
Documentation: debugfs: Document debugfs helper for unsigned long values (git-fixes).
Documentation: x86: convert protection-keys.txt to reST (bsc#1078248).
drivers/base/memory.c: cache blocks in radix tree to accelerate lookup (bsc#1159955 ltc#182993).
drivers/base/memory.c: do not access uninitialized memmaps in soft_offline_page_store() (bsc#1051510).
drivers/base/platform.c: kmemleak ignore a known leak (bsc#1051510).
drivers/regulator: fix a missing check of return value (bsc#1051510).
drm/amd/powerplay: issue no PPSMC_MSG_GetCurrPkgPwr on unsupported (bsc#1113956)
drm/amd/powerplay: remove set but not used variable 'us_mvdd' (bsc#1111666).
drm/amdgpu/{uvd,vcn}: fetch ring's read_ptr after alloc (bsc#1111666).
drm/amdgpu: add function parameter description in 'amdgpu_device_set_cg_state' (bsc#1111666).
drm/amdgpu: fix bad DMA from INTERRUPT_CNTL2 (bsc#1111666).
drm/amdgpu: fix bad DMA from INTERRUPT_CNTL2 (bsc#1114279)
drm/amdgpu: fix ring test failure issue during s3 in vce 3.0 (V2) (bsc#1111666).
drm/amdgpu: remove set but not used variable 'invalid' (bsc#1111666).
drm/dp_mst: correct the shifting in DP_REMOTE_I2C_READ (bsc#1051510).
drm/etnaviv: fix dumping of iommuv2 (bsc#1113722)
drm/fb-helper: Round up bits_per_pixel if possible (bsc#1051510).
drm/i810: Prevent underflow in ioctl (bsc#1114279)
drm/i915/gvt: fix dropping obj reference twice (bsc#1111666).
drm/i915/gvt: Pin vgpu dma address before using (bsc#1112178)
drm/i915/gvt: set guest display buffer as readonly (bsc#1112178)
drm/i915/gvt: use vgpu lock for active state setting (bsc#1112178)
drm/i915/perf: add missing delay for OA muxes configuration (bsc#1111666).
drm/i915/pmu: 'Frequency' is reported as accumulated cycles (bsc#1112178)
drm/i915: Add missing include file (bsc#1051510).
drm/i915: Call dma_set_max_seg_size() in i915_driver_hw_probe() (bsc#1111666).
drm/i915: Do not dereference request if it may have been retired when (bsc#1142635)
drm/i915: Fix and improve MCR selection logic (bsc#1112178)
drm/i915: Fix pid leak with banned clients (bsc#1114279)
drm/i915: Handle vm_mmap error during I915_GEM_MMAP ioctl with WC set (bsc#1111666).
drm/i915: Lock the engine while dumping the active request (bsc#1142635)
drm/i915: Make sure cdclk is high enough for DP audio on VLV/CHV (bsc#1111666).
drm/i915: Reacquire priolist cache after dropping the engine lock (bsc#1129770)
drm/i915: Reacquire priolist cache after dropping the engine lock (bsc#1129770)
drm/i915: Sanity check mmap length against object size (bsc#1111666).
drm/i915: Skip modeset for cdclk changes if possible (bsc#1156928).
drm/msm: fix memleak on release (bsc#1111666).
drm/msm: include linux/sched/task.h (bsc#1112178)
drm/mst: Fix MST sideband up-reply failure handling (bsc#1051510).
drm/nouveau/bar/gf100: ensure BAR is mapped (bsc#1111666).
drm/nouveau/bar/nv50: check bar1 vmm return value (bsc#1111666).
drm/nouveau/mmu: qualify vmm during dtor (bsc#1111666).
drm/omap: fix max fclk divider for omap36xx (bsc#1113722)
drm/qxl: Return error if fbdev is not 32 bpp (bsc#1159028)
drm/qxl: Return error if fbdev is not 32 bpp (bsc#1159028)
drm/radeon: fix bad DMA from INTERRUPT_CNTL2 (git-fixes).
drm/radeon: fix r1xx/r2xx register checker for POT textures (bsc#1114279)
drm/radeon: fix si_enable_smc_cac() failed issue (bsc#1113722)
drm/rect: Avoid division by zero (bsc#1111666).
drm/rect: update kerneldoc for drm_rect_clip_scaled() (bsc#1111666).
drm/rockchip: Round up _before_ giving to the clock framework (bsc#1114279)
drm/sun4i: hdmi: Remove duplicate cleanup calls (bsc#1113956)
drm/sun4i: tcon: Set min division of TCON0_DCLK to 1 (bsc#1111666).
drm/sun4i: tcon: Set RGB DCLK min. divider based on hardware model (bsc#1111666).
drm/ttm: ttm_tt_init_fields() can be static (bsc#1111666).
drm: fix module name in edid_firmware log message (bsc#1113956)
drm: limit to INT_MAX in create_blob ioctl (bsc#1051510).
drm: meson: venc: cvbs: fix CVBS mode matching (bsc#1051510).
drm: msm: mdp4: Adjust indentation in mdp4_dsi_encoder_enable (bsc#1111666).
drm: panel-lvds: Potential Oops in probe error handling (bsc#1114279)
e1000e: Add support for Comet Lake (bsc#1158533).
e1000e: Add support for Tiger Lake (bsc#1158533).
e1000e: Drop unnecessary __E1000_DOWN bit twiddling (bsc#1158049).
e1000e: Increase pause and refresh time (bsc#1158533).
e1000e: Use dev_get_drvdata where possible (bsc#1158049).
e1000e: Use rtnl_lock to prevent race conditions between net and pci/pm (bsc#1158049).
e100: Fix passing zero to 'PTR_ERR' warning in e100_load_ucode_wait (bsc#1051510).
ecryptfs_lookup_interpose(): lower_dentry->d_inode is not stable (bsc#1158646).
ecryptfs_lookup_interpose(): lower_dentry->d_parent is not stable either (bsc#1158647).
EDAC/ghes: Fix locking and memory barrier issues (bsc#1114279). EDAC/ghes: Do not warn when incrementing refcount on 0 (bsc#1114279).
EDAC/ghes: Fix Use after free in ghes_edac remove path (bsc#1114279).
exit: panic before exit_mm() on global init exit (bsc#1161549).
ext4: fix punch hole for inline_data file systems (bsc#1158640).
ext4: update direct I/O read lock pattern for IOCB_NOWAIT (bsc#1158639).
extcon: cht-wc: Return from default case to avoid warnings (bsc#1051510).
extcon: max8997: Fix lack of path setting in USB device mode (bsc#1051510).
fbdev: sbuslib: integer overflow in sbusfb_ioctl_helper() (bsc#1051510).
fbdev: sbuslib: use checked version of put_user() (bsc#1051510).
firestream: fix memory leaks (bsc#1051510).
Fix partial checked out tree build ... so that bisection does not break.
Fix the locking in dcache_readdir() and friends (bsc#1123328).
fjes: fix missed check in fjes_acpi_add (bsc#1051510).
fs: cifs: Fix atime update check vs mtime (bsc#1144333).
ftrace: Avoid potential division by zero in function profiler (bsc#1160784).
ftrace: Introduce PERMANENT ftrace_ops flag (bsc#1120853).
genirq: Prevent NULL pointer dereference in resend_irqs() (bsc#1051510).
genirq: Properly pair kobject_del() with kobject_add() (bsc#1051510).
gpio: Fix error message on out-of-range GPIO in lookup table (bsc#1051510).
gpio: mpc8xxx: Do not overwrite default irq_set_type callback (bsc#1051510).
gpio: syscon: Fix possible NULL ptr usage (bsc#1051510).
gpiolib: acpi: Add Terra Pad 1061 to the run_edge_events_on_boot_blacklist (bsc#1051510).
gsmi: Fix bug in append_to_eventlog sysfs handler (bsc#1051510).
HID: Add ASUS T100CHI keyboard dock battery quirks (bsc#1051510).
HID: Add quirk for Microsoft PIXART OEM mouse (bsc#1051510).
HID: asus: Add T100CHI bluetooth keyboard dock special keys mapping (bsc#1051510).
HID: doc: fix wrong data structure reference for UHID_OUTPUT (bsc#1051510).
HID: Fix assumption that devices have inputs (git-fixes).
HID: hidraw, uhid: Always report EPOLLOUT (bsc#1051510).
HID: hidraw: Fix returning EPOLLOUT from hidraw_poll (bsc#1051510).
HID: intel-ish-hid: fixes incorrect error handling (bsc#1051510).
HID: uhid: Fix returning EPOLLOUT from uhid_char_poll (bsc#1051510).
HID: wacom: generic: Treat serial number and related fields as unsigned (git-fixes).
hidraw: Return EPOLLOUT from hidraw_poll (bsc#1051510).
hwmon: (adt7475) Make volt2reg return same reg as reg2volt input (bsc#1051510).
hwmon: (core) Do not use device managed functions for memory allocations (bsc#1051510).
hwmon: (ina3221) Fix INA3221_CONFIG_MODE macros (bsc#1051510).
hwmon: (nct7802) Fix voltage limits to wrong registers (bsc#1051510).
hwmon: (pwm-fan) Silence error on probe deferral (bsc#1051510).
hwrng: omap - Fix RNG wait loop timeout (bsc#1051510).
hwrng: omap3-rom - Call clk_disable_unprepare() on exit only if not idled (bsc#1051510).
hwrng: stm32 - fix unbalanced pm_runtime_enable (bsc#1051510).
hypfs: Fix error number left in struct pointer member (bsc#1051510).
i2c: imx: do not print error message on probe defer (bsc#1051510).
i2c: of: Try to find an I2C adapter matching the parent (bsc#1129770)
i40e: enable X710 support (bsc#1151067).
IB/hfi1: Do not cancel unused work item (bsc#1114685 ).
IB/mlx5: Fix steering rule of drop and count (bsc#1103991 ).
IB/mlx5: Free mpi in mp_slave mode (bsc#1103991).
IB/mlx5: Remove dead code (bsc#1103991).
IB/mlx5: Support MLX5_CMD_OP_QUERY_LAG as a DEVX general command (bsc#1103991).
ibmveth: Detect unsupported packets before sending to the hypervisor (bsc#1159484 ltc#182983).
ibmvnic: Bound waits for device queries (bsc#1155689 ltc#182047).
ibmvnic: Bound waits for device queries (bsc#1155689 ltc#182047).
ibmvnic: Fix completion structure initialization (bsc#1155689 ltc#182047).
ibmvnic: Fix completion structure initialization (bsc#1155689 ltc#182047).
ibmvnic: Serialize device queries (bsc#1155689 ltc#182047).
ibmvnic: Serialize device queries (bsc#1155689 ltc#182047).
ibmvnic: Terminate waiting device threads after loss of service (bsc#1155689 ltc#182047).
ibmvnic: Terminate waiting device threads after loss of service (bsc#1155689 ltc#182047).
ice: fix potential infinite loop because loop counter being too small (bsc#1118661).
ice: fix stack leakage (bsc#1118661).
idr: Fix idr_alloc_u32 on 32-bit systems (bsc#1051510).
iio: adc: max9611: explicitly cast gain_selectors (bsc#1051510).
iio: adc: max9611: Fix too short conversion time delay (bsc#1051510).
iio: adc: stm32-adc: fix stopping dma (git-fixes).
iio: buffer: align the size of scan bytes to size of the largest element (bsc#1051510).
iio: dac: mcp4922: fix error handling in mcp4922_write_raw (bsc#1051510).
iio: imu: adis16480: assign bias value only if operation succeeded (git-fixes).
iio: imu: adis16480: make sure provided frequency is positive (git-fixes).
iio: imu: adis: assign read val in debugfs hook only if op successful (git-fixes).
iio: imu: adis: assign value only if return code zero in read funcs (git-fixes).
include/linux/bitrev.h: fix constant bitrev (bsc#1114279).
inet: protect against too small mtu values (networking-stable-19_12_16).
inet: stop leaking jiffies on the wire (networking-stable-19_11_05).
Input: aiptek - fix endpoint sanity check (bsc#1051510).
Input: cyttsp4_core - fix use after free bug (bsc#1051510).
Input: ff-memless - kill timer in destroy() (bsc#1051510).
Input: goodix - add upside-down quirk for Teclast X89 tablet (bsc#1051510).
Input: gtco - fix endpoint sanity check (bsc#1051510).
Input: keyspan-remote - fix control-message timeouts (bsc#1051510).
Input: pegasus_notetaker - fix endpoint sanity check (bsc#1051510).
Input: pm8xxx-vib - fix handling of separate enable register (bsc#1051510).
Input: rmi_f54 - read from FIFO in 32 byte blocks (bsc#1051510).
Input: silead - try firmware reload after unsuccessful resume (bsc#1051510).
Input: st1232 - set INPUT_PROP_DIRECT property (bsc#1051510).
Input: sun4i-ts - add a check for devm_thermal_zone_of_sensor_register (bsc#1051510).
Input: sur40 - fix interface sanity checks (bsc#1051510).
Input: synaptics - switch another X1 Carbon 6 to RMI/SMbus (bsc#1051510).
Input: synaptics-rmi4 - clear IRQ enables for F54 (bsc#1051510).
Input: synaptics-rmi4 - destroy F54 poller workqueue when removing (bsc#1051510).
Input: synaptics-rmi4 - disable the relative position IRQ in the F12 driver (bsc#1051510).
Input: synaptics-rmi4 - do not consume more data than we have (F11, F12) (bsc#1051510).
Input: synaptics-rmi4 - do not increment rmiaddr for SMBus transfers (bsc#1051510).
Input: synaptics-rmi4 - fix video buffer size (git-fixes).
Input: synaptics-rmi4 - simplify data read in rmi_f54_work (bsc#1051510).
intel_th: Fix a double put_device() in error path (git-fixes).
iomap: Fix pipe page leakage during splicing (bsc#1158651).
iommu/iova: Init the struct iova to fix the possible memleak (bsc#1160469).
iommu/mediatek: Correct the flush_iotlb_all callback (bsc#1160470).
iommu/vt-d: Fix QI_DEV_IOTLB_PFSID and QI_DEV_EIOTLB_PFSID macros (bsc#1158063).
iommu/vt-d: Unlink device if failed to add to group (bsc#1160756).
iommu: Remove device link to group on failure (bsc#1160755).
ipmi: Do not allow device module unload when in use (bsc#1154768).
ipmi:dmi: Ignore IPMI SMBIOS entries with a zero base address (bsc#1051510).
ipv4: Fix table id reference in fib_sync_down_addr (networking-stable-19_11_10).
ipv4: Return -ENETUNREACH if we can't create route but saddr is valid (networking-stable-19_10_24).
irqdomain: Add the missing assignment of domain->fwnode for named fwnode (bsc#1111666).
iwlegacy: ensure loop counter addr does not wrap and cause an infinite loop (git-fixes).
iwlwifi: api: annotate compressed BA notif array sizes (bsc#1051510).
iwlwifi: change monitor DMA to be coherent (bsc#1161243).
iwlwifi: check kasprintf() return value (bsc#1051510).
iwlwifi: clear persistence bit according to device family (bsc#1111666).
iwlwifi: drop packets with bad status in CD (bsc#1111666).
iwlwifi: mvm: avoid sending too many BARs (bsc#1051510).
iwlwifi: mvm: do not send keys when entering D3 (bsc#1051510).
iwlwifi: mvm: force TCM re-evaluation on TCM resume (bsc#1111666).
iwlwifi: mvm: Send non offchannel traffic via AP sta (bsc#1051510).
iwlwifi: mvm: synchronize TID queue removal (bsc#1051510).
iwlwifi: mvm: use correct FIFO length (bsc#1111666).
iwlwifi: pcie: fit reclaim msg to MAX_MSG_LEN (bsc#1111666).
iwlwifi: pcie: fix erroneous print (bsc#1111666).
iwlwifi: pcie: read correct prph address for newer devices (bsc#1111666).
iwlwifi: trans: Clear persistence bit when starting the FW (bsc#1111666).
ixgbe: fix double clean of Tx descriptors with xdp (bsc#1113994 ).
ixgbevf: Fix secpath usage for IPsec Tx offload (bsc#1113994 ).
kABI fix for 'ipmi: Do not allow device module unload when in use' (bsc#1154768).
kABI fixup alloc_dax_region (bsc#1158071).
kABI fixup for alloc_dax_region (bsc#1158071,bsc#1160678).
kABI workaround for ath10k hw_filter_reset_required field (bsc#1111666).
kABI workaround for ath10k last_wmi_vdev_start_status field (bsc#1051510).
kABI workaround for can/skb.h inclusion (bsc#1051510).
kABI workaround for iwlwifi iwl_rx_cmd_buffer change (bsc#1111666).
kABI workaround for struct mwifiex_power_cfg change (bsc#1051510).
kABI: add _q suffix to exports that take struct dh (bsc#1155331).
kABI: Fix for 'KVM: x86: Introduce vcpu->arch.xsaves_enabled' (bsc#1158066).
kABI: protect struct sctp_ep_common (kabi).
kABI: Protest new fields in BPF structs (bsc#1160618).
kABI: s390: struct subchannel (git-fixes).
kernel/trace: Fix do not unregister tracepoints when register sched_migrate_task fail (bsc#1160787).
kernfs: Fix range checks in kernfs_get_target_path (bsc#1051510).
kexec: bail out upon SIGKILL when allocating memory (git-fixes).
KVM: s390: Do not leak kernel stack data in the KVM_S390_INTERRUPT ioctl (git-fixes).
KVM: s390: fix __insn32_query() inline assembly (git-fixes).
KVM: s390: Test for bad access register and size at the start of S390_MEM_OP (git-fixes).
KVM: s390: vsie: Do not shadow CRYCB when no AP and no keys (git-fixes).
KVM: s390: vsie: Return correct values for Invalid CRYCB format (git-fixes).
KVM: SVM: Guard against DEACTIVATE when performing WBINVD/DF_FLUSH (bsc#1114279).
KVM: SVM: Serialize access to the SEV ASID bitmap (bsc#1114279).
KVM: VMX: Consider PID.PIR to determine if vCPU has pending interrupts (bsc#1158064).
KVM: VMX: Fix conditions for guest IA32_XSS support (bsc#1158065).
KVM: x86/mmu: Take slots_lock when using kvm_mmu_zap_all_fast() (bsc#1158067).
kvm: x86: Host feature SSBD does not imply guest feature SPEC_CTRL_SSBD (bsc#1160476).
KVM: x86: Introduce vcpu->arch.xsaves_enabled (bsc#1158066).
KVM: x86: Remove a spurious export of a static function (bsc#1158954).
leds: Allow to call led_classdev_unregister() unconditionally (bsc#1161674).
leds: class: ensure workqueue is initialized before setting brightness (bsc#1161674).
libnvdimm/namespace: Differentiate between probe mapping and runtime mapping (bsc#1153535).
libnvdimm/pfn: Account for PAGE_SIZE > info-block-size in nd_pfn_init() (bsc#1127682 bsc#1153535 ltc#175033 ltc#181834).
libnvdimm: Export the target_node attribute for regions and namespaces (bsc#1158071).
libnvdimm: Fix devm_nsio_enable() kabi (bsc#1153535).
liquidio: fix race condition in instruction completion processing (bsc#1051510).
livepatch: Allow to distinguish different version of system state changes (bsc#1071995).
livepatch: Basic API to track system state changes (bsc#1071995 ).
livepatch: Keep replaced patches until post_patch callback is called (bsc#1071995).
livepatch: Selftests of the API for tracking system state changes (bsc#1071995).
loop: add ioctl for changing logical block size (bsc#1108043).
loop: fix no-unmap write-zeroes request behavior (bsc#1158637).
lpfc: size cpu map by last cpu id set (bsc#1157160).
mac80211: consider QoS Null frames for STA_NULLFUNC_ACKED (bsc#1051510).
mac80211: Do not send Layer 2 Update frame before authorization (bsc#1051510).
mac80211: fix ieee80211_txq_setup_flows() failure path (bsc#1111666).
mac80211: fix station inactive_time shortly after boot (bsc#1051510).
mac80211: minstrel: fix CCK rate group streams value (bsc#1051510).
mac80211: minstrel: fix sampling/reporting of CCK rates in HT mode (bsc#1051510).
macvlan: do not assume mac_header is set in macvlan_broadcast() (bsc#1051510).
macvlan: schedule bc_work even if error (bsc#1051510).
macvlan: use skb_reset_mac_header() in macvlan_queue_xmit() (bsc#1051510).
mailbox: mailbox-test: fix null pointer if no mmio (bsc#1051510).
mailbox: reset txdone_method TXDONE_BY_POLL if client knows_txdone (git-fixes).
media: au0828: Fix incorrect error messages (bsc#1051510).
media: bdisp: fix memleak on release (git-fixes).
media: cec.h: CEC_OP_REC_FLAG_ values were swapped (bsc#1051510).
media: cec: report Vendor ID after initialization (bsc#1051510).
media: cxusb: detect cxusb_ctrl_msg error in query (bsc#1051510).
media: davinci: Fix implicit enum conversion warning (bsc#1051510).
media: exynos4-is: Fix recursive locking in isp_video_release() (git-fixes).
media: fix: media: pci: meye: validate offset to avoid arbitrary access (bsc#1051510).
media: flexcop-usb: ensure -EIO is returned on error condition (git-fixes).
media: imon: invalid dereference in imon_touch_event (bsc#1051510).
media: isif: fix a NULL pointer dereference bug (bsc#1051510).
media: ov6650: Fix control handler not freed on init error (git-fixes).
media: pci: ivtv: Fix a sleep-in-atomic-context bug in ivtv_yuv_init() (bsc#1051510).
media: pulse8-cec: return 0 when invalidating the logical address (bsc#1051510).
media: pxa_camera: Fix check for pdev->dev.of_node (bsc#1051510).
media: radio: wl1273: fix interrupt masking on release (git-fixes).
media: stkwebcam: Bugfix for wrong return values (bsc#1051510).
media: ti-vpe: vpe: Fix Motion Vector vpdma stride (git-fixes).
media: usbvision: Fix races among open, close, and disconnect (bsc#1051510).
media: uvcvideo: Fix error path in control parsing failure (git-fixes).
media: v4l2-ctrl: fix flags for DO_WHITE_BALANCE (bsc#1051510).
media: v4l2-ioctl.c: zero reserved fields for S/TRY_FMT (bsc#1051510).
media: vim2m: Fix abort issue (git-fixes).
media: vivid: Set vid_cap_streaming and vid_out_streaming to true (bsc#1051510).
mei: bus: prefix device names on bus with the bus name (bsc#1051510).
mei: fix modalias documentation (git-fixes).
mei: samples: fix a signedness bug in amt_host_if_call() (bsc#1051510).
mfd: intel-lpss: Add default I2C device properties for Gemini Lake (bsc#1051510).
mfd: max8997: Enale irq-wakeup unconditionally (bsc#1051510).
mfd: mc13xxx-core: Fix PMIC shutdown when reading ADC values (bsc#1051510).
mfd: palmas: Assign the right powerhold mask for tps65917 (git-fixes).
mfd: ti_am335x_tscadc: Keep ADC interface on if child is wakeup capable (bsc#1051510).
mISDN: Fix type of switch control variable in ctrl_teimanager (bsc#1051510).
missing escaping of backslashes in macro expansions Fixes: f3b74b0ae86b ('rpm/kernel-subpackage-spec: Unify dependency handling.') Fixes: 3fd22e219f77 ('rpm/kernel-subpackage-spec: Fix empty Recommends tag (bsc#1143959)')
mlx5: add parameter to disable enhanced IPoIB (bsc#1142095)
mlxsw: spectrum_flower: Fail in case user specifies multiple mirror actions (bsc#1112374).
mlxsw: spectrum_qdisc: Ignore grafting of invisible FIFO (bsc#1112374).
mlxsw: spectrum_router: Fix determining underlay for a GRE tunnel (bsc#1112374).
mm, memory_hotplug: do not clear numa_node association after hot_remove (bnc#1115026).
mm, thp: Do not make page table dirty unconditionally in touch_p[mu]d() (git fixes (mm/gup)).
mm/compaction.c: clear total_{migrate,free}_scanned before scanning a new zone (git fixes (mm/compaction)).
mm/debug.c: PageAnon() is true for PageKsm() pages (git fixes (mm/debug)).
mm/page-writeback.c: fix range_cyclic writeback vs writepages deadlock (bsc#1159394).
mm: memory_hotplug: use put_device() if device_register fail (bsc#1159955 ltc#182993).
mmc: core: fix wl1251 sdio quirks (git-fixes).
mmc: host: omap_hsmmc: add code for special init of wl1251 to get rid of pandora_wl1251_init_card (git-fixes).
mmc: mediatek: fix cannot receive new request when msdc_cmd_is_ready fail (bsc#1051510).
mmc: mediatek: fix CMD_TA to 2 for MT8173 HS200/HS400 mode (bsc#1051510).
mmc: sdhci-of-at91: fix quirk2 overwrite (git-fixes).
mmc: sdhci-of-esdhc: fix P2020 errata handling (bsc#1051510).
mmc: sdhci-of-esdhc: Revert 'mmc: sdhci-of-esdhc: add erratum A-009204 support' (bsc#1051510).
mmc: sdhci: Add a quirk for broken command queuing (git-fixes).
mmc: sdhci: fix minimum clock rate for v3 controller (bsc#1051510).
mmc: sdhci: Workaround broken command queuing on Intel GLK (git-fixes).
mmc: sdio: fix wl1251 vendor id (git-fixes).
mmc: tegra: fix SDR50 tuning override (bsc#1051510).
moduleparam: fix parameter description mismatch (bsc#1051510).
mqprio: Fix out-of-bounds access in mqprio_dump (bsc#1109837).
mt7601u: fix bbp version check in mt7601u_wait_bbp_ready (bsc#1051510).
mt76x0: init hw capabilities.
mtd: spear_smi: Fix Write Burst mode (bsc#1051510).
mtd: spi-nor: fix silent truncation in spi_nor_read() (bsc#1051510).
mwifex: free rx_cmd skb in suspended state (bsc#1111666).
mwifiex: debugfs: correct histogram spacing, formatting (bsc#1051510).
mwifiex: delete unused mwifiex_get_intf_num() (bsc#1111666).
mwifiex: do no submit URB in suspended state (bsc#1111666).
mwifiex: drop most magic numbers from mwifiex_process_tdls_action_frame() (git-fixes).
mwifiex: Fix NL80211_TX_POWER_LIMITED (bsc#1051510).
mwifiex: fix potential NULL dereference and use after free (bsc#1051510).
mwifiex: update set_mac_address logic (bsc#1111666).
nbd: prevent memory leak (bsc#1158638).
net, sysctl: Fix compiler warning when only cBPF is present (bsc#1109837).
net/ibmvnic: Fix typo in retry check (bsc#1155689 ltc#182047).
net/ibmvnic: Ignore H_FUNCTION return from H_EOI to tolerate XIVE mode (bsc#1089644, ltc#166495, ltc#165544, git-fixes).
net/mlx4_core: Dynamically set guaranteed amount of counters per VF (networking-stable-19_11_05).
net/mlx4_en: fix mlx4 ethtool -N insertion (networking-stable-19_11_25).
net/mlx4_en: Fix wrong limitation for number of TX rings (bsc#1103989).
net/mlx5: Accumulate levels for chains prio namespaces (bsc#1103990).
net/mlx5: FWTrace, Reduce stack usage (bsc#1103990).
net/mlx5: prevent memory leak in mlx5_fpga_conn_create_cq (bsc#1046303).
net/mlx5: Update the list of the PCI supported devices (bsc#1127611).
net/mlx5e: Fix eswitch debug print of max fdb flow (bsc#1103990 ).
net/mlx5e: Fix ethtool self test: link speed (bsc#1103990 ).
net/mlx5e: Fix handling of compressed CQEs in case of low NAPI budget (networking-stable-19_11_05).
net/mlx5e: Fix set vf link state error flow (networking-stable-19_11_25).
net/mlx5e: Fix SFF 8472 eeprom length (git-fixes).
net/mlx5e: Print a warning when LRO feature is dropped or not allowed (bsc#1103990).
net/mlx5e: Query global pause state before setting prio2buffer (bsc#1103990).
net/mlxfw: Fix out-of-memory error in mfa2 flash burning (bsc#1051858).
net/sched: act_pedit: fix WARN() in the traffic path (networking-stable-19_11_25).
net/sched: cbs: Fix not adding cbs instance to list (bsc#1109837).
net/sched: cbs: Set default link speed to 10 Mbps in cbs_set_port_rate (bsc#1109837).
net/smc: avoid fallback in case of non-blocking connect (git-fixes).
net/smc: do not schedule tx_work in SMC_CLOSED state (git-fixes).
net/smc: fix closing of fallback SMC sockets (git-fixes).
net/smc: Fix error path in smc_init (git-fixes).
net/smc: fix ethernet interface refcounting (git-fixes).
net/smc: fix fastopen for non-blocking connect() (git-fixes).
net/smc: fix refcount non-blocking connect() -part 2 (git-fixes).
net/smc: fix refcounting for non-blocking connect() (git-fixes).
net/smc: fix SMCD link group creation with VLAN id (git-fixes).
net/smc: keep vlan_id for SMC-R in smc_listen_work() (git-fixes).
net/smc: original socket family in inet_sock_diag (git-fixes).
net: add READ_ONCE() annotation in __skb_wait_for_more_packets() (networking-stable-19_11_05).
net: add skb_queue_empty_lockless() (networking-stable-19_11_05).
net: annotate accesses to sk->sk_incoming_cpu (networking-stable-19_11_05).
net: annotate lockless accesses to sk->sk_napi_id (networking-stable-19_11_05).
net: avoid potential infinite loop in tc_ctl_action() (networking-stable-19_10_24).
net: bcmgenet: Fix RGMII_MODE_EN value for GENET v1/2/3 (networking-stable-19_10_24).
net: bcmgenet: reset 40nm EPHY on energy detect (networking-stable-19_11_05).
net: bcmgenet: Set phydev->dev_flags only for internal PHYs (networking-stable-19_10_24).
net: bridge: deny dev_set_mac_address() when unregistering (networking-stable-19_12_16).
net: cdc_ncm: Signedness bug in cdc_ncm_set_dgram_size() (git-fixes).
net: dsa: b53: Do not clear existing mirrored port mask (networking-stable-19_11_05).
net: dsa: bcm_sf2: Fix IMP setup for port different than 8 (networking-stable-19_11_05).
net: dsa: fix switch tree list (networking-stable-19_11_05).
net: ethernet: ftgmac100: Fix DMA coherency issue with SW checksum (networking-stable-19_11_05).
net: ethernet: octeon_mgmt: Account for second possible VLAN header (networking-stable-19_11_10).
net: ethernet: ti: cpsw: fix extra rx interrupt (networking-stable-19_12_16).
net: fix data-race in neigh_event_send() (networking-stable-19_11_10).
net: fix sk_page_frag() recursion from memory reclaim (networking-stable-19_11_05).
net: hisilicon: Fix ping latency when deal with high throughput (networking-stable-19_11_05).
net: hns3: change GFP flag during lock period (bsc#1104353 ).
net: hns3: do not query unsupported commands in debugfs (bsc#1104353).
net: hns3: fix ETS bandwidth validation bug (bsc#1104353 ).
net: hns3: fix GFP flag error in hclge_mac_update_stats() (bsc#1126390).
net: hns3: fix some reset handshake issue (bsc#1104353 ).
net: hns3: prevent unnecessary MAC TNL interrupt (bsc#1104353 bsc#1134983).
net: hns: Fix the stray netpoll locks causing deadlock in NAPI path (bsc#1104353).
net: phy: at803x: Change error to EINVAL for invalid MAC (bsc#1051510).
net: phy: bcm7xxx: define soft_reset for 40nm EPHY (bsc#1119113 ).
net: phy: broadcom: Use strlcpy() for ethtool::get_strings (bsc#1051510).
net: phy: Check against net_device being NULL (bsc#1051510).
net: phy: dp83867: Set up RGMII TX delay (bsc#1051510).
net: phy: Fix not to call phy_resume() if PHY is not attached (bsc#1051510).
net: phy: Fix the register offsets in Broadcom iProc mdio mux driver (bsc#1051510).
net: phy: fixed_phy: Fix fixed_phy not checking GPIO (bsc#1051510).
net: phy: marvell: clear wol event before setting it (bsc#1051510).
net: phy: marvell: Use strlcpy() for ethtool::get_strings (bsc#1051510).
net: phy: meson-gxl: check phy_write return value (bsc#1051510).
net: phy: micrel: Use strlcpy() for ethtool::get_strings (bsc#1051510).
net: phy: mscc: read 'vsc8531, edge-slowdown' as an u32 (bsc#1051510).
net: phy: mscc: read 'vsc8531,vddmac' as an u32 (bsc#1051510).
net: phy: xgene: disable clk on error paths (bsc#1051510).
net: phy: xgmiitorgmii: Check phy_driver ready before accessing (bsc#1051510).
net: phy: xgmiitorgmii: Check read_status results (bsc#1051510).
net: phy: xgmiitorgmii: Support generic PHY status read (bsc#1051510).
net: phylink: Fix flow control resolution (bsc#1119113 ).
net: psample: fix skb_over_panic (networking-stable-19_12_03).
net: rtnetlink: prevent underflows in do_setvfinfo() (networking-stable-19_11_25).
net: sched: cbs: Avoid division by zero when calculating the port rate (bsc#1109837).
net: sched: ensure opts_len <= IP_TUNNEL_OPTS_MAX in act_tunnel_key (bsc#1109837).
net: sched: fix dump qlen for sch_mq/sch_mqprio with NOLOCK subqueues (bsc#1109837).
net: sched: fix possible crash in tcf_action_destroy() (bsc#1109837).
net: sched: fix reordering issues (bsc#1109837).
net: sched: fix `tc -s class show` no bstats on class with nolock subqueues (networking-stable-19_12_03).
net: sock_map, fix missing ulp check in sock hash case (bsc#1109837).
net: stmmac: disable/enable ptp_ref_clk in suspend/resume flow (networking-stable-19_10_24).
net: usb: lan78xx: limit size of local TSO packets (bsc#1051510).
net: usb: qmi_wwan: add support for DW5821e with eSIM support (networking-stable-19_11_10).
net: usb: qmi_wwan: add support for Foxconn T77W968 LTE modules (networking-stable-19_11_18).
net: use skb_queue_empty_lockless() in busy poll contexts (networking-stable-19_11_05).
net: use skb_queue_empty_lockless() in poll() handlers (networking-stable-19_11_05).
net: wireless: ti: remove local VENDOR_ID and DEVICE_ID definitions (git-fixes).
net: wireless: ti: wl1251 use new SDIO_VENDOR_ID_TI_WL1251 definition (git-fixes).
net: Zeroing the structure ethtool_wolinfo in ethtool_get_wol() (networking-stable-19_11_05).
netfilter: nf_queue: enqueue skbs with NULL dst (git-fixes).
netns: fix GFP flags in rtnl_net_notifyid() (networking-stable-19_11_05).
nfc: fdp: fix incorrect free object (networking-stable-19_11_10).
nfc: netlink: fix double device reference drop (git-fixes).
nfc: nxp-nci: Fix NULL pointer dereference after I2C communication error (git-fixes).
nfc: pn533: fix bulk-message timeout (bsc#1051510).
nfc: pn544: Adjust indentation in pn544_hci_check_presence (git-fixes).
nfc: port100: handle command failure cleanly (git-fixes).
nfc: st21nfca: fix double free (networking-stable-19_11_10).
nfp: flower: fix memory leak in nfp_flower_spawn_vnic_reprs (bsc#1109837).
nfp: flower: prevent memory leak in nfp_flower_spawn_phy_reprs (bsc#1109837).
nl80211: Fix a GET_KEY reply attribute (bsc#1051510).
nvme-tcp: support C2HData with SUCCESS flag (bsc#1157386).
ocfs2: fix panic due to ocfs2_wq is null (bsc#1158644).
ocfs2: fix passing zero to 'PTR_ERR' warning (bsc#1158649).
openvswitch: drop unneeded BUG_ON() in ovs_flow_cmd_build_info() (networking-stable-19_12_03).
openvswitch: fix flow command message size (git-fixes).
openvswitch: remove another BUG_ON() (networking-stable-19_12_03).
openvswitch: support asymmetric conntrack (networking-stable-19_12_16).
orinoco_usb: fix interface sanity check (git-fixes).
padata: use smp_mb in padata_reorder to avoid orphaned padata jobs (git-fixes).
PCI/ACPI: Correct error message for ASPM disabling (bsc#1051510).
PCI/MSI: Fix incorrect MSI-X masking on resume (bsc#1051510).
PCI/MSI: Return -ENOSPC from pci_alloc_irq_vectors_affinity() (bsc#1051510).
PCI/PM: Clear PCIe PME Status even for legacy power management (bsc#1111666).
PCI/PME: Fix possible use-after-free on remove (git-fixes).
PCI/PTM: Remove spurious 'd' from granularity message (bsc#1051510).
PCI: Apply Cavium ACS quirk to ThunderX2 and ThunderX3 (bsc#1051510).
PCI: dwc: Fix find_next_bit() usage (bsc#1051510).
PCI: Fix Intel ACS quirk UPDCR register address (bsc#1051510).
PCI: pciehp: Avoid returning prematurely from sysfs requests (git-fixes).
PCI: pciehp: Do not disable interrupt twice on suspend (bsc#1111666).
PCI: rcar: Fix missing MACCTLR register setting in initialization sequence (bsc#1051510).
PCI: sysfs: Ignore lockdep for remove attribute (git-fixes).
PCI: tegra: Enable Relaxed Ordering only for Tegra20 & Tegra30 (git-fixes).
perf/x86/amd: Change/fix NMI latency mitigation to use a timestamp (bsc#1142924).
phy: phy-twl4030-usb: fix denied runtime access (git-fixes).
phy: qualcomm: Adjust indentation in read_poll_timeout (bsc#1051510).
pinctl: ti: iodelay: fix error checking on pinctrl_count_index_with_args call (git-fixes).
pinctrl: at91: do not use the same irqchip with multiple gpiochips (git-fixes).
pinctrl: cherryview: Allocate IRQ chip dynamic (git-fixes).
pinctrl: cherryview: Fix irq_valid_mask calculation (bsc#1111666).
pinctrl: lewisburg: Update pin list according to v1.1v6 (bsc#1051510).
pinctrl: lpc18xx: Use define directive for PIN_CONFIG_GPIO_PIN_INT (bsc#1051510).
pinctrl: qcom: spmi-gpio: fix gpio-hog related boot issues (bsc#1051510).
pinctrl: qcom: ssbi-gpio: fix gpio-hog related boot issues (bsc#1051510).
pinctrl: samsung: Fix device node refcount leaks in init code (bsc#1051510).
pinctrl: samsung: Fix device node refcount leaks in S3C24xx wakeup controller init (bsc#1051510).
pinctrl: samsung: Fix device node refcount leaks in S3C64xx wakeup controller init (bsc#1051510).
pinctrl: sh-pfc: r8a7778: Fix duplicate SDSELF_B and SD1_CLK_B (bsc#1051510).
pinctrl: sunxi: Fix a memory leak in 'sunxi_pinctrl_build_state()' (bsc#1051510).
pinctrl: xway: fix gpio-hog related boot issues (bsc#1051510).
pinctrl: zynq: Use define directive for PIN_CONFIG_IO_STANDARD (bsc#1051510).
pktcdvd: remove warning on attempting to register non-passthrough dev (bsc#1051510).
platform/x86: asus-wmi: Fix keyboard brightness cannot be set to 0 (bsc#1051510).
platform/x86: hp-wmi: Fix ACPI errors caused by passing 0 as input size (bsc#1051510).
platform/x86: hp-wmi: Fix ACPI errors caused by too small buffer (bsc#1051510).
platform/x86: hp-wmi: Make buffer for HPWMI_FEATURE2_QUERY 128 bytes (bsc#1051510).
platform/x86: pmc_atom: Add Siemens CONNECT X300 to critclk_systems DMI table (bsc#1051510).
PM / AVS: SmartReflex: NULL check before some freeing functions is not needed (bsc#1051510).
PM / devfreq: Check NULL governor in available_governors_show (git-fixes).
PM / devfreq: exynos-bus: Correct clock enable sequence (bsc#1051510).
PM / devfreq: Lock devfreq in trans_stat_show (git-fixes).
PM / devfreq: passive: fix compiler warning (bsc#1051510).
PM / devfreq: passive: Use non-devm notifiers (bsc#1051510).
PM / Domains: Deal with multiple states but no governor in genpd (bsc#1051510).
PM / hibernate: Check the success of generating md5 digest before hibernation (bsc#1051510).
power: reset: at91-poweroff: do not procede if at91_shdwc is allocated (bsc#1051510).
power: supply: ab8500_fg: silence uninitialized variable warnings (bsc#1051510).
power: supply: twl4030_charger: disable eoc interrupt on linear charge (bsc#1051510).
power: supply: twl4030_charger: fix charging current out-of-bounds (bsc#1051510).
powerpc/archrandom: fix arch_get_random_seed_int() (bsc#1065729).
powerpc/book3s64/hash: Use secondary hash for bolted mapping if the primary is full (bsc#1157778 ltc#182520).
powerpc/bpf: Fix tail call implementation (bsc#1157698).
powerpc/irq: fix stack overflow verification (bsc#1065729).
powerpc/mm: drop #ifdef CONFIG_MMU in is_ioremap_addr() (bsc#1065729).
powerpc/mm: Remove kvm radix prefetch workaround for Power9 DD2.2 (bsc#1061840).
powerpc/papr_scm: Do not enable direct map for a region by default (bsc#1129551).
powerpc/pkeys: remove unused pkey_allows_readwrite (bsc#1065729).
powerpc/powernv: Disable native PCIe port management (bsc#1065729).
powerpc/pseries/lparcfg: Fix display of Maximum Memory (bsc#1162028 ltc#181740).
powerpc/pseries/mobility: notify network peers after migration (bsc#1152631 ltc#181798).
powerpc/pseries: Do not fail hash page table insert for bolted mapping (bsc#1157778 ltc#182520).
powerpc/pseries: Do not opencode HPTE_V_BOLTED (bsc#1157778 ltc#182520).
powerpc/pseries: Drop pointless static qualifier in vpa_debugfs_init() (git-fixes).
powerpc/security: Fix debugfs data leak on 32-bit (bsc#1065729).
powerpc/tools: Do not quote $objdump in scripts (bsc#1065729).
powerpc/xive: Discard ESB load value when interrupt is invalid (bsc#1085030).
powerpc/xive: Skip ioremap() of ESB pages for LSI interrupts (bsc#1085030).
powerpc/xmon: do not access ASDR in VMs (bsc#1065729).
powerpc: Allow 64bit VDSO __kernel_sync_dicache to work across ranges >4GB (bnc#1151927 5.3.17).
powerpc: Allow flush_icache_range to work across ranges >4GB (bnc#1151927 5.3.17).
powerpc: Fix vDSO clock_getres() (bsc#1065729).
ppdev: fix PPGETTIME/PPSETTIME ioctls (bsc#1051510).
ppp: Adjust indentation into ppp_async_input (git-fixes).
prevent active file list thrashing due to refault detection (VM Performance, bsc#1156286).
printk: Export console_printk (bsc#1071995).
pwm: bcm-iproc: Prevent unloading the driver module while in use (git-fixes).
pwm: Clear chip_data in pwm_put() (bsc#1051510).
pwm: clps711x: Fix period calculation (bsc#1051510).
pwm: lpss: Only set update bit if we are actually changing the settings (bsc#1051510).
qede: Disable hardware gro when xdp prog is installed (bsc#1086314 bsc#1086313 bsc#1086301 ).
qede: fix NULL pointer deref in __qede_remove() (networking-stable-19_11_10).
qxl: fix null-pointer crash during suspend (bsc#1111666).
r8152: add device id for Lenovo ThinkPad USB-C Dock Gen 2 (networking-stable-19_11_05).
r8152: add missing endpoint sanity check (bsc#1051510).
random: move FIPS continuous test to output functions (bsc#1155334).
RDMA/bnxt_re: Avoid freeing MR resources if dereg fails (bsc#1050244).
RDMA/bnxt_re: Enable SRIOV VF support on Broadcom's 57500 adapter series (bsc#1154916).
RDMA/bnxt_re: Fix chip number validation Broadcom's Gen P5 series (bsc#1157895).
RDMA/bnxt_re: Fix missing le16_to_cpu (bsc#1157895).
RDMA/bnxt_re: Fix stat push into dma buffer on gen p5 devices (bsc#1157115)
RDMA/efa: Clear the admin command buffer prior to its submission (git-fixes) This change was already picked through Amazon driver repo but was not marked with a Git-commit tag.
RDMA/hns: Bugfix for qpc/cqc timer configuration (bsc#1104427 bsc#1126206).
RDMA/hns: Correct the value of srq_desc_size (bsc#1104427 ).
RDMA/hns: Fix comparison of unsigned long variable 'end' with less than zero (bsc#1104427 bsc#1137236).
RDMA/hns: Fix to support 64K page for srq (bsc#1104427 ).
RDMA/hns: Fix wrong assignment of qp_access_flags (bsc#1104427 ).
RDMA/hns: Prevent memory leaks of eq->buf_list (bsc#1104427 ).
README.BRANCH: Removing myself from the maintainer list
regulator: ab8500: Remove AB8505 USB regulator (bsc#1051510).
regulator: ab8500: Remove SYSCLKREQ from enum ab8505_regulator_id (bsc#1051510).
regulator: rn5t618: fix module aliases (bsc#1051510).
regulator: tps65910: fix a missing check of return value (bsc#1051510).
remoteproc: Check for NULL firmwares in sysfs interface (git-fixes).
reset: fix of_reset_simple_xlate kerneldoc comment (bsc#1051510).
reset: Fix potential use-after-free in __of_reset_control_get() (bsc#1051510).
reset: fix reset_control_get_exclusive kerneldoc comment (bsc#1051510).
reset: fix reset_control_ops kerneldoc comment (bsc#1051510).
resource: fix locking in find_next_iomem_res() (bsc#1114279).
rpm/kernel-binary.spec.in: add COMPRESS_VMLINUX (bnc#1155921) Let COMPRESS_VMLINUX determine the compression used for vmlinux. By default (historically), it is gz.
rpm/kernel-source.spec.in: Fix dependency of kernel-devel (bsc#1154043)
rpm/kernel-subpackage-spec: Exclude kernel-firmware recommends (bsc#1143959) For reducing the dependency on kernel-firmware in sub packages
rpm/kernel-subpackage-spec: Fix empty Recommends tag (bsc#1143959)
rpm/kernel-subpackage-spec: fix kernel-default-base build There were some issues with recent changes to subpackage dependencies handling:
rpm/kernel-subpackage-spec: Unify dependency handling.
rpm/modules.fips: update module list (bsc#1157853)
rsi_91x_usb: fix interface sanity check (git-fixes).
rt2800: remove errornous duplicate condition (git-fixes).
rtc: dt-binding: abx80x: fix resistance scale (bsc#1051510).
rtc: max8997: Fix the returned value in case of error in 'max8997_rtc_read_alarm()' (bsc#1051510).
rtc: msm6242: Fix reading of 10-hour digit (bsc#1051510).
rtc: pcf8523: set xtal load capacitance from DT (bsc#1051510).
rtc: s35390a: Change buf's type to u8 in s35390a_init (bsc#1051510).
rtl8187: Fix warning generated when strncpy() destination length matches the sixe argument (bsc#1051510).
rtl818x: fix potential use after free (bsc#1051510).
rtl8xxxu: fix interface sanity check (git-fixes).
rtlwifi: btcoex: Use proper enumerated types for Wi-Fi only interface (bsc#1111666).
rtlwifi: Remove unnecessary NULL check in rtl_regd_init (bsc#1051510).
rtlwifi: rtl8192de: Fix misleading REG_MCUFWDL information (bsc#1051510).
rtlwifi: rtl8192de: Fix missing callback that tests for hw release of buffer (bsc#1111666).
rtlwifi: rtl8192de: Fix missing code to retrieve RX buffer address (bsc#1051510).
rtlwifi: rtl8192de: Fix missing enable interrupt flag (bsc#1051510).
s390/bpf: fix lcgr instruction encoding (bsc#1051510).
s390/bpf: use 32-bit index for tail calls (bsc#1051510).
s390/cio: avoid calling strlen on null pointer (bsc#1051510).
s390/cio: exclude subchannels with no parent from pseudo check (bsc#1051510).
s390/cio: fix virtio-ccw DMA without PV (git-fixes).
s390/cmm: fix information leak in cmm_timeout_handler() (bsc#1051510).
s390/idle: fix cpu idle time calculation (bsc#1051510).
s390/mm: properly clear _PAGE_NOEXEC bit when it is not supported (bsc#1051510).
s390/process: avoid potential reading of freed stack (bsc#1051510).
s390/qdio: (re-)initialize tiqdio list entries (bsc#1051510).
s390/qdio: do not touch the dsci in tiqdio_add_input_queues() (bsc#1051510).
s390/qeth: clean up page frag creation (git-fixes).
s390/qeth: consolidate skb allocation (git-fixes).
s390/qeth: ensure linear access to packet headers (git-fixes).
s390/qeth: guard against runt packets (git-fixes).
s390/qeth: return proper errno on IO error (bsc#1051510).
s390/setup: fix boot crash for machine without EDAT-1 (bsc#1051510 bsc#1140948).
s390/setup: fix early warning messages (bsc#1051510 bsc#1140948).
s390/topology: avoid firing events before kobjs are created (bsc#1051510).
s390/zcrypt: fix memleak at release (git-fixes).
s390: fix stfle zero padding (bsc#1051510).
s390: vsie: Use effective CRYCBD.31 to check CRYCBD validity (git-fixes).
sched/fair: Add tmp_alone_branch assertion (bnc#1156462).
sched/fair: Fix insertion in rq->leaf_cfs_rq_list (bnc#1156462).
sched/fair: Fix O(nr_cgroups) in the load balancing path (bnc#1156462).
sched/fair: Optimize update_blocked_averages() (bnc#1156462).
sched/fair: WARN() and refuse to set buddy when !se->on_rq (bsc#1158132).
scsi: lpfc: fix build failure with DEBUGFS disabled (bsc#1154601).
scsi: lpfc: Fix Oops in nvme_register with target logout/login (bsc#1151900).
scsi: lpfc: Honor module parameter lpfc_use_adisc (bsc#1153628).
scsi: lpfc: use hdwq assigned cpu for allocation (bsc#1157160).
scsi: qla2xxx: Add a shadow variable to hold disc_state history of fcport (bsc#1158013).
scsi: qla2xxx: Add D-Port Diagnostic reason explanation logs (bsc#1158013).
scsi: qla2xxx: Add debug dump of LOGO payload and ELS IOCB (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548).
scsi: qla2xxx: Added support for MPI and PEP regions for ISP28XX (bsc#1157424, bsc#1157908, bsc#1157169, bsc#1151548).
scsi: qla2xxx: Allow PLOGI in target mode (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548).
scsi: qla2xxx: Change discovery state before PLOGI (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548).
scsi: qla2xxx: Cleanup unused async_logout_done (bsc#1158013).
scsi: qla2xxx: Configure local loop for N2N target (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548).
scsi: qla2xxx: Consolidate fabric scan (bsc#1158013).
scsi: qla2xxx: Correct fcport flags handling (bsc#1158013).
scsi: qla2xxx: Correctly retrieve and interpret active flash region (bsc#1157424, bsc#1157908, bsc#1157169, bsc#1151548).
scsi: qla2xxx: Do not call qlt_async_event twice (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548).
scsi: qla2xxx: Do not defer relogin unconditonally (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548).
scsi: qla2xxx: Drop superfluous INIT_WORK of del_work (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548).
scsi: qla2xxx: Fix fabric scan hang (bsc#1158013).
scsi: qla2xxx: Fix incorrect SFUB length used for Secure Flash Update MB Cmd (bsc#1157424, bsc#1157908, bsc#1157169, bsc#1151548).
scsi: qla2xxx: Fix mtcp dump collection failure (bsc#1158013).
scsi: qla2xxx: Fix PLOGI payload and ELS IOCB dump length (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548).
scsi: qla2xxx: Fix qla2x00_request_irqs() for MSI (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548).
scsi: qla2xxx: Fix RIDA Format-2 (bsc#1158013).
scsi: qla2xxx: fix rports not being mark as lost in sync fabric scan (bsc#1138039).
scsi: qla2xxx: Fix stuck login session using prli_pend_timer (bsc#1158013).
scsi: qla2xxx: Fix stuck session in GNL (bsc#1158013).
scsi: qla2xxx: Fix the endianness of the qla82xx_get_fw_size() return type (bsc#1158013).
scsi: qla2xxx: Fix update_fcport for current_topology (bsc#1158013).
scsi: qla2xxx: Ignore NULL pointer in tcm_qla2xxx_free_mcmd (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548).
scsi: qla2xxx: Ignore PORT UPDATE after N2N PLOGI (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548).
scsi: qla2xxx: Improve readability of the code that handles qla_flt_header (bsc#1158013).
scsi: qla2xxx: Initialize free_work before flushing it (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548).
scsi: qla2xxx: Remove defer flag to indicate immeadiate port loss (bsc#1158013).
scsi: qla2xxx: Send Notify ACK after N2N PLOGI (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548).
scsi: qla2xxx: unregister ports after GPN_FT failure (bsc#1138039).
scsi: qla2xxx: Update driver version to 10.01.00.22-k (bsc#1158013).
scsi: qla2xxx: Use common routine to free fcport struct (bsc#1158013).
scsi: qla2xxx: Use correct number of vectors for online CPUs (bsc#1137223).
scsi: qla2xxx: Use explicit LOGO in target mode (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548).
scsi: qla2xxx: Use get_unaligned_*() instead of open-coding these functions (bsc#1158013).
scsi: zfcp: fix request object use-after-free in send path causing wrong traces (bsc#1051510).
scsi: zfcp: trace channel log even for FCP command responses (git-fixes).
sctp: cache netns in sctp_ep_common (networking-stable-19_12_03).
sctp: change sctp_prot .no_autobind with true (networking-stable-19_10_24).
selftests: net: reuseport_dualstack: fix uninitalized parameter (networking-stable-19_11_05).
serial: 8250_bcm2835aux: Fix line mismatch on driver unbind (bsc#1051510).
serial: max310x: Fix tx_empty() callback (bsc#1051510).
serial: mxs-auart: Fix potential infinite loop (bsc#1051510).
serial: samsung: Enable baud clock for UART reset procedure in resume (bsc#1051510).
serial: uartps: Fix suspend functionality (bsc#1051510).
sfc: Only cancel the PPS workqueue if it exists (networking-stable-19_11_25).
sfc: Remove 'PCIE error reporting unavailable' (bsc#1161472).
signal: Properly set TRACE_SIGNAL_LOSE_INFO in __send_signal (bsc#1157463).
slcan: Fix memory leak in error path (bsc#1051510).
slip: Fix memory leak in slip_open error path (bsc#1051510).
slip: Fix use-after-free Read in slip_open (bsc#1051510).
smb3: Fix crash in SMB2_open_init due to uninitialized field in compounding path (bsc#1144333).
smb3: fix leak in 'open on server' perf counter (bsc#1144333, bsc#1154355).
smb3: Fix persistent handles reconnect (bsc#1144333).
smb3: fix refcount underflow warning on unmount when no directory leases (bsc#1144333).
smb3: fix signing verification of large reads (bsc#1144333, bsc#1154355).
smb3: fix unmount hang in open_shroot (bsc#1144333, bsc#1154355).
smb3: improve handling of share deleted (and share recreated) (bsc#1144333, bsc#1154355).
smb3: Incorrect size for netname negotiate context (bsc#1144333, bsc#1154355).
smb3: remove confusing dmesg when mounting with encryption ('seal') (bsc#1144333).
soc: imx: gpc: fix PDN delay (bsc#1051510).
soc: qcom: wcnss_ctrl: Avoid string overflow (bsc#1051510).
spi: atmel: Fix CS high support (bsc#1051510).
spi: atmel: fix handling of cs_change set on non-last xfer (bsc#1051510).
spi: fsl-lpspi: Prevent FIFO under/overrun by default (bsc#1051510).
spi: mediatek: Do not modify spi_transfer when transfer (bsc#1051510).
spi: mediatek: use correct mata->xfer_len when in fifo transfer (bsc#1051510).
spi: omap2-mcspi: Fix DMA and FIFO event trigger size mismatch (bsc#1051510).
spi: omap2-mcspi: Set FIFO DMA trigger level to word length (bsc#1051510).
spi: pic32: Use proper enum in dmaengine_prep_slave_rg (bsc#1051510).
spi: rockchip: initialize dma_slave_config properly (bsc#1051510).
spi: spidev: Fix OF tree warning logic (bsc#1051510).
staging: comedi: adv_pci1710: fix AI channels 16-31 for PCI-1713 (bsc#1051510).
staging: iio: adt7316: Fix i2c data reading, set the data field (bsc#1051510).
staging: rtl8188eu: fix interface sanity check (bsc#1051510).
staging: rtl8192e: fix potential use after free (bsc#1051510).
staging: rtl8723bs: Add 024c:0525 to the list of SDIO device-ids (bsc#1051510).
staging: rtl8723bs: Drop ACPI device ids (bsc#1051510).
staging: wlan-ng: ensure error return is actually returned (bsc#1051510).
stm class: Fix a double free of stm_source_device (bsc#1051510).
supported.conf:
synclink_gt(): fix compat_ioctl() (bsc#1051510).
tcp: clear tp->packets_out when purging write queue (bsc#1160560).
tcp: exit if nothing to retransmit on RTO timeout (bsc#1160560, stable 4.14.159).
tcp: md5: fix potential overestimation of TCP option space (networking-stable-19_12_16).
tcp_nv: fix potential integer overflow in tcpnv_acked (bsc#1051510).
thermal: Fix deadlock in thermal thermal_zone_device_check (bsc#1051510).
thunderbolt: Fix lockdep circular locking depedency warning (git-fixes).
tipc: Avoid copying bytes beyond the supplied data (bsc#1051510).
tipc: check bearer name with right length in tipc_nl_compat_bearer_enable (bsc#1051510).
tipc: check link name with right length in tipc_nl_compat_link_set (bsc#1051510).
tipc: check msg->req data len in tipc_nl_compat_bearer_disable (bsc#1051510).
tipc: compat: allow tipc commands without arguments (bsc#1051510).
tipc: fix a missing check of genlmsg_put (bsc#1051510).
tipc: fix link name length check (bsc#1051510).
tipc: fix memory leak in tipc_nl_compat_publ_dump (bsc#1051510).
tipc: fix skb may be leaky in tipc_link_input (bsc#1051510).
tipc: fix tipc_mon_delete() oops in tipc_enable_bearer() error path (bsc#1051510).
tipc: fix wrong timeout input for tipc_wait_for_cond() (bsc#1051510).
tipc: handle the err returned from cmd header function (bsc#1051510).
tipc: pass tunnel dev as NULL to udp_tunnel(6)_xmit_skb (bsc#1051510).
tipc: tipc clang warning (bsc#1051510).
tools/power/x86/intel-speed-select: Fix a read overflow in isst_set_tdp_level_msr() (bsc#1111666).
tools: bpftool: fix arguments for p_err() in do_event_pipe() (bsc#1109837).
tpm: add check after commands attribs tab allocation (bsc#1051510).
tracing: Have the histogram compare functions convert to u64 first (bsc#1160210).
tracing: xen: Ordered comparison of function pointers (git-fixes).
tty: serial: fsl_lpuart: use the sg count from dma_map_sg (bsc#1051510).
tty: serial: imx: use the sg count from dma_map_sg (bsc#1051510).
tty: serial: msm_serial: Fix flow control (bsc#1051510).
tty: serial: pch_uart: correct usage of dma_unmap_sg (bsc#1051510).
tun: fix data-race in gro_normal_list() (bsc#1111666).
uaccess: Add non-pagefault user-space write function (bsc#1083647).
ubifs: Correctly initialize c->min_log_bytes (bsc#1158641).
ubifs: Limit the number of pages in shrink_liability (bsc#1158643).
udp: use skb_queue_empty_lockless() (networking-stable-19_11_05).
usb-serial: cp201x: support Mark-10 digital force gauge (bsc#1051510).
usb: adutux: fix interface sanity check (bsc#1051510).
usb: Allow USB device to be warm reset in suspended state (bsc#1051510).
usb: atm: ueagle-atm: add missing endpoint check (bsc#1051510).
usb: chaoskey: fix error case of a timeout (git-fixes).
usb: chipidea: Fix otg event handler (bsc#1051510).
usb: chipidea: host: Disable port power only if previously enabled (bsc#1051510).
usb: chipidea: imx: enable OTG overcurrent in case USB subsystem is already started (bsc#1051510).
usb: core: hub: Improved device recognition on remote wakeup (bsc#1051510).
usb: core: urb: fix URB structure initialization function (bsc#1051510).
usb: documentation: flags on usb-storage versus UAS (bsc#1051510).
usb: dwc3: debugfs: Properly print/set link state for HS (bsc#1051510).
usb: dwc3: do not log probe deferrals; but do log other error codes (bsc#1051510).
usb: dwc3: ep0: Clear started flag on completion (bsc#1051510).
usb: dwc3: gadget: Check ENBLSLPM before sending ep command (bsc#1051510).
usb: dwc3: turn off VBUS when leaving host mode (bsc#1051510).
usb: gadget: f_ecm: Use atomic_t to track in-flight request (bsc#1051510).
usb: gadget: f_ncm: Use atomic_t to track in-flight request (bsc#1051510).
usb: gadget: pch_udc: fix use after free (bsc#1051510).
usb: gadget: udc: fotg210-udc: Fix a sleep-in-atomic-context bug in fotg210_get_status() (bsc#1051510).
usb: gadget: uvc: configfs: Drop leaked references to config items (bsc#1051510).
usb: gadget: uvc: configfs: Prevent format changes after linking header (bsc#1051510).
usb: gadget: uvc: Factor out video USB request queueing (bsc#1051510).
usb: gadget: uvc: Only halt video streaming endpoint in bulk mode (bsc#1051510).
usb: gadget: u_serial: add missing port entry locking (bsc#1051510).
usb: idmouse: fix interface sanity checks (bsc#1051510).
usb: misc: appledisplay: fix backlight update_status return code (bsc#1051510).
usb: mon: Fix a deadlock in usbmon between mmap and read (bsc#1051510).
usb: mtu3: fix dbginfo in qmu_tx_zlp_error_handler (bsc#1051510).
usb: musb: dma: Correct parameter passed to IRQ handler (bsc#1051510).
usb: musb: fix idling for suspend after disconnect interrupt (bsc#1051510).
usb: roles: fix a potential use after free (git-fixes).
usb: serial: ch341: handle unbound port at reset_resume (bsc#1051510).
usb: serial: ftdi_sio: add device IDs for U-Blox C099-F9P (bsc#1051510).
usb: serial: io_edgeport: add missing active-port sanity check (bsc#1051510).
usb: serial: io_edgeport: fix epic endpoint lookup (bsc#1051510).
usb: serial: io_edgeport: handle unbound ports on URB completion (bsc#1051510).
usb: serial: io_edgeport: use irqsave() in USB's complete callback (bsc#1051510).
usb: serial: ir-usb: add missing endpoint sanity check (bsc#1051510).
usb: serial: ir-usb: fix IrLAP framing (bsc#1051510).
usb: serial: ir-usb: fix link-speed handling (bsc#1051510).
usb: serial: keyspan: handle unbound ports (bsc#1051510).
usb: serial: mos7720: fix remote wakeup (git-fixes).
usb: serial: mos7840: add USB ID to support Moxa UPort 2210 (bsc#1051510).
usb: serial: mos7840: fix remote wakeup (git-fixes).
usb: serial: opticon: fix control-message timeouts (bsc#1051510).
usb: serial: option: add support for DW5821e with eSIM support (bsc#1051510).
usb: serial: option: add support for Foxconn T77W968 LTE modules (bsc#1051510).
usb: serial: option: Add support for Quectel RM500Q (bsc#1051510).
usb: serial: quatech2: handle unbound ports (bsc#1051510).
usb: serial: simple: Add Motorola Solutions TETRA MTP3xxx and MTP85xx (bsc#1051510).
usb: serial: suppress driver bind attributes (bsc#1051510).
usb: typec: tcpci: mask event interrupts when remove driver (bsc#1051510).
usb: uas: heed CAPACITY_HEURISTICS (bsc#1051510).
usb: uas: honor flag to avoid CAPACITY16 (bsc#1051510).
usb: xhci-mtk: fix ISOC error when interval is zero (bsc#1051510).
usb: xhci: Fix build warning seen with CONFIG_PM=n (bsc#1051510).
usb: xhci: only set D3hot for pci device (bsc#1051510).
usbip: Fix receive error in vhci-hcd when using scatter-gather (bsc#1051510).
usbip: tools: fix fd leakage in the function of read_attr_usbip_status (git-fixes).
vfio-ccw: Fix misleading comment when setting orb.cmd.c64 (bsc#1051510).
vfio-ccw: Set pa_nr to 0 if memory allocation fails for pa_iova_pfn (bsc#1051510).
vfio: ccw: push down unsupported IDA check (bsc#1156471 LTC#182362).
vfs: fix preadv64v2 and pwritev64v2 compat syscalls with offset == -1 (bsc#1051510).
video/hdmi: Fix AVI bar unpack (git-fixes).
video: backlight: Add devres versions of of_find_backlight (bsc#1090888) Taken for 6010831dde5.
video: backlight: Add of_find_backlight helper in backlight.c (bsc#1090888) Taken for 6010831dde5.
virtio/s390: fix race on airq_areas (bsc#1051510).
virtio_console: allocate inbufs in add_port() only if it is needed (git-fixes).
virtio_ring: fix return code on DMA mapping fails (git-fixes).
vmxnet3: turn off lro when rxcsum is disabled (bsc#1157499).
vsock/virtio: fix sock refcnt holding during the shutdown (git-fixes).
watchdog: meson: Fix the wrong value of left time (bsc#1051510).
watchdog: sama5d4: fix WDD value to be always set to max (bsc#1051510).
wil6210: drop Rx multicast packets that are looped-back to STA (bsc#1111666).
wil6210: fix debugfs memory access alignment (bsc#1111666).
wil6210: fix invalid memory access for rx_buff_mgmt debugfs (bsc#1111666).
wil6210: fix L2 RX status handling (bsc#1111666).
wil6210: fix locking in wmi_call (bsc#1111666).
wil6210: fix RGF_CAF_ICR address for Talyn-MB (bsc#1111666).
wil6210: prevent usage of tx ring 0 for eDMA (bsc#1111666).
wil6210: set edma variables only for Talyn-MB devices (bsc#1111666).
workqueue: Fix pwq ref leak in rescuer_thread() (bsc#1160211).
x86/alternatives: Add int3_emulate_call() selftest (bsc#1153811).
x86/alternatives: Fix int3_emulate_call() selftest stack corruption (bsc#1153811).
x86/kgbd: Use NMI_VECTOR not APIC_DM_NMI (bsc#1114279).
x86/mce/AMD: Allow any CPU to initialize the smca_banks array (bsc#1114279).
x86/MCE/AMD: Allow Reserved types to be overwritten in smca_banks (bsc#1114279).
x86/MCE/AMD: Do not use rdmsr_safe_on_cpu() in smca_configure() (bsc#1114279).
x86/mce: Fix possibly incorrect severity calculation on AMD (bsc#1114279).
x86/mm/pkeys: Fix typo in Documentation/x86/protection-keys.txt (bsc#1078248).
x86/pkeys: Update documentation about availability (bsc#1078248).
x86/resctrl: Fix an imbalance in domain_remove_cpu() (bsc#1114279).
x86/resctrl: Fix potential lockdep warning (bsc#1114279).
x86/resctrl: Fix potential memory leak (bsc#1114279).
x86/resctrl: Prevent NULL pointer dereference when reading mondata (bsc#1114279).
x86/speculation/taa: Fix printing of TAA_MSG_SMT on IBRS_ALL CPUs (bsc#1158068).
x86/speculation: Fix incorrect MDS/TAA mitigation status (bsc#1114279).
x86/speculation: Fix redundant MDS mitigation message (bsc#1114279).
xen-blkfront: switch kcalloc to kvcalloc for large array allocation (bsc#1160917).
xen/blkback: Avoid unmapping unmapped grant pages (bsc#1065600).
xen/blkfront: Adjust indentation in xlvbd_alloc_gendisk (bsc#1065600).
xfrm: Fix transport mode skb control buffer usage (bsc#1161552).
xfs: Fix tail rounding in xfs_alloc_file_space() (bsc#1161087, bsc#1153917).
xfs: Sanity check flags of Q_XQUOTARM call (bsc#1158652).
xhci: handle some XHCI_TRUST_TX_LENGTH quirks cases as default behaviour (bsc#1051510).
xhci: Increase STS_HALT timeout in xhci_suspend() (bsc#1051510).
xsk: Fix registration of Rx-only sockets (bsc#1109837).
xsk: relax UMEM headroom alignment (bsc#1109837).
zd1211rw: fix storage endpoint lookup (git-fixes).

Advisory ID	SUSE-SU-2020:688-1
Released	Fri Mar 13 15:52:53 2020
Summary	Security update for the Linux Kernel
Type	security
Severity	moderate
References	1050549,1051510,1061840,1065600,1065729,1071995,1088810,1105392,1111666,1112178,1112504,1114279,1118338,1133021,1133147,1140025,1142685,1144162,1157424,1157480,1157966,1158013,1159271,1160218,1160979,1161360,1161702,1161907,1162557,1162617,1162618,1162619,1162623,1162928,1162943,1163206,1163383,1163384,1163762,1163774,1163836,1163840,1163841,1163842,1163843,1163844,1163845,1163846,1163849,1163850,1163851,1163852,1163853,1163855,1163856,1163857,1163858,1163859,1163860,1163861,1163862,1163863,1163867,1163869,1163880,1163971,1164051,1164069,1164098,1164115,1164314,1164315,1164388,1164471,1164598,1164632,1164705,1164712,1164727,1164728,1164729,1164730,1164731,1164732,1164733,1164734,1164735,CVE-2020-2732,CVE-2020-8648,CVE-2020-8992

Description:

The SUSE Linux Enterprise 15-SP1 kernel-RT was updated to 4.12.14 to receive various security and bugfixes.
The following security bugs were fixed:

CVE-2020-8992: Fixed an issue in ext4_protect_reserved_inode in fs/ext4/block_validity.c that allowed attackers to cause a soft lockup via a crafted journal size (bsc#1164069).
CVE-2020-8648: Fixed a use-after-free vulnerability in the n_tty_receive_buf_common function in drivers/tty/n_tty.c (bsc#1162928).
CVE-2020-2732: Fixed an issue affecting Intel CPUs where an L2 guest may trick the L0 hypervisor into accessing sensitive L1 resources (bsc#1163971).

The following non-security bugs were fixed:

ACPI: PM: Avoid attaching ACPI PM domain to certain devices (bsc#1051510).
ACPI / video: Add force_none quirk for Dell OptiPlex 9020M (bsc#1051510).
ACPI: video: Do not export a non working backlight interface on MSI MS-7721 boards (bsc#1051510).
ACPI: watchdog: Allow disabling WDAT at boot (bsc#1162557).
ACPI / watchdog: Fix init failure with overlapping register regions (bsc#1162557).
ACPI / watchdog: Set default timeout in probe (bsc#1162557).
ALSA: dummy: Fix PCM format loop in proc output (bsc#1111666).
ALSA: hda: Add JasperLake PCI ID and codec vid (bsc#1111666).
ALSA: hda: Clear RIRB status before reading WP (bsc#1111666).
ALSA: hda: hdmi - add Tigerlake support (bsc#1111666).
ALSA: hda/hdmi - Clean up Intel platform-specific fixup checks (bsc#1111666).
ALSA: hda: hdmi - fix pin setup on Tigerlake (bsc#1111666).
ALSA: hda/realtek - Fixed one of HP ALC671 platform Headset Mic supported (bsc#1111666).
ALSA: hda/realtek - Fix silent output on MSI-GL73 (git-fixes).
ALSA: hda: Reset stream if DMA RUN bit not cleared (bsc#1111666).
ALSA: hda: Use scnprintf() for printing texts for sysfs/procfs (git-fixes).
ALSA: seq: Avoid concurrent access to queue flags (git-fixes).
ALSA: seq: Fix concurrent access to queue current tick/time (git-fixes).
ALSA: usb-audio: Apply sample rate quirk for Audioengine D1 (git-fixes).
ALSA: usb-audio: Fix endianess in descriptor validation (bsc#1111666).
arm64: Revert support for execute-only user mappings (bsc#1160218).
ASoC: sun8i-codec: Fix setting DAI data format (git-fixes).
ata: ahci: Add shutdown to freeze hardware resources of ahci (bsc#1164388).
bcache: add code comment bch_keylist_pop() and bch_keylist_pop_front() (bsc#1163762).
bcache: add code comments for state->pool in __btree_sort() (bsc#1163762).
bcache: add code comments in bch_btree_leaf_dirty() (bsc#1163762).
bcache: add cond_resched() in __bch_cache_cmp() (bsc#1163762).
bcache: add idle_max_writeback_rate sysfs interface (bsc#1163762).
bcache: add more accurate error messages in read_super() (bsc#1163762).
bcache: add readahead cache policy options via sysfs interface (bsc#1163762).
bcache: at least try to shrink 1 node in bch_mca_scan() (bsc#1163762).
bcache: avoid unnecessary btree nodes flushing in btree_flush_write() (bsc#1163762).
bcache: check return value of prio_read() (bsc#1163762).
bcache: deleted code comments for dead code in bch_data_insert_keys() (bsc#1163762).
bcache: do not export symbols (bsc#1163762).
bcache: explicity type cast in bset_bkey_last() (bsc#1163762).
bcache: fix a lost wake-up problem caused by mca_cannibalize_lock (bsc#1163762).
bcache: Fix an error code in bch_dump_read() (bsc#1163762).
bcache: fix deadlock in bcache_allocator (bsc#1163762).
bcache: fix incorrect data type usage in btree_flush_write() (bsc#1163762).
bcache: fix memory corruption in bch_cache_accounting_clear() (bsc#1163762).
bcache: fix static checker warning in bcache_device_free() (bsc#1163762).
bcache: ignore pending signals when creating gc and allocator thread (bsc#1163762, bsc#1112504).
bcache: print written and keys in trace_bcache_btree_write (bsc#1163762).
bcache: reap c->btree_cache_freeable from the tail in bch_mca_scan() (bsc#1163762).
bcache: reap from tail of c->btree_cache in bch_mca_scan() (bsc#1163762).
bcache: remove macro nr_to_fifo_front() (bsc#1163762).
bcache: remove member accessed from struct btree (bsc#1163762).
bcache: remove the extra cflags for request.o (bsc#1163762).
bcache: Revert 'bcache: shrink btree node cache after bch_btree_check()' (bsc#1163762, bsc#1112504).
blk-mq: avoid sysfs buffer overflow with too many CPU cores (bsc#1163840).
blk-mq: make sure that line break can be printed (bsc#1164098).
Bluetooth: Fix race condition in hci_release_sock() (bsc#1051510).
Btrfs: do not double lock the subvol_sem for rename exchange (bsc#1162943).
Btrfs: fix infinite loop during fsync after rename operations (bsc#1163383).
Btrfs: fix race between adding and putting tree mod seq elements and nodes (bsc#1163384).
cdrom: respect device capabilities during opening action (boo#1164632).
chardev: Avoid potential use-after-free in 'chrdev_open()' (bsc#1163849).
cifs: fix mount option display for sec=krb5i (bsc#1161907).
clk: mmp2: Fix the order of timer mux parents (bsc#1051510).
clk: qcom: rcg2: Do not crash if our parent can't be found; return an error (bsc#1051510).
clk: sunxi-ng: add mux and pll notifiers for A64 CPU clock (bsc#1051510).
clk: tegra: Mark fuse clock as critical (bsc#1051510).
clocksource: Prevent double add_timer_on() for watchdog_timer (bsc#1051510).
closures: fix a race on wakeup from closure_sync (bsc#1163762).
Documentation: Document arm64 kpti control (bsc#1162623).
drm/amd/display: Retrain dongles when SINK_COUNT becomes non-zero (bsc#1111666).
drm/amdgpu: add function parameter description in 'amdgpu_gart_bind' (bsc#1051510).
drm/amdgpu: remove 4 set but not used variable in amdgpu_atombios_get_connector_info_from_object_table (bsc#1051510).
drm/amdgpu: remove always false comparison in 'amdgpu_atombios_i2c_process_i2c_ch' (bsc#1051510).
drm/amdgpu: remove set but not used variable 'amdgpu_connector' (bsc#1051510).
drm/amdgpu: remove set but not used variable 'dig' (bsc#1051510).
drm/amdgpu: remove set but not used variable 'dig_connector' (bsc#1051510).
drm/amdgpu: remove set but not used variable 'mc_shared_chmap' (bsc#1051510).
drm/amdgpu: remove set but not used variable 'mc_shared_chmap' from 'gfx_v6_0.c' and 'gfx_v7_0.c' (bsc#1051510).
drm: bridge: dw-hdmi: constify copied structure (bsc#1051510).
drm/nouveau: Fix copy-paste error in nouveau_fence_wait_uevent_handler (bsc#1051510).
drm/nouveau/secboot/gm20b: initialize pointer in gm20b_secboot_new() (bsc#1051510).
drm/rockchip: lvds: Fix indentation of a #define (bsc#1051510).
drm/vmwgfx: prevent memory leak in vmw_cmdbuf_res_add (bsc#1051510).
Enable CONFIG_BLK_DEV_SR_VENDOR (boo#1164632).
enic: prevent waking up stopped tx queues over watchdog reset (bsc#1133147).
ext2: check err when partial != NULL (bsc#1163859).
ext4: check for directory entries too close to block end (bsc#1163861).
ext4: fix a bug in ext4_wait_for_tail_page_commit (bsc#1163841).
ext4: fix checksum errors with indexed dirs (bsc#1160979).
ext4: fix deadlock allocating crypto bounce page from mempool (bsc#1163842).
ext4: fix mount failure with quota configured as module (bsc#1164471).
ext4: Fix mount failure with quota configured as module (bsc#1164471).
ext4: improve explanation of a mount failure caused by a misconfigured kernel (bsc#1163843).
ext4, jbd2: ensure panic when aborting with zero errno (bsc#1163853).
fix autofs regression caused by follow_managed() changes (bsc#1159271).
fix dget_parent() fastpath race (bsc#1159271).
fscrypt: do not set policy for a dead directory (bsc#1163846).
fs/namei.c: fix missing barriers when checking positivity (bsc#1159271).
fs/namei.c: pull positivity check into follow_managed() (bsc#1159271).
fs/open.c: allow opening only regular files during execve() (bsc#1163845).
ftrace: Add comment to why rcu_dereference_sched() is open coded (git-fixes).
ftrace: Protect ftrace_graph_hash with ftrace_sync (git-fixes).
genirq/proc: Return proper error code when irq_set_affinity() fails (bnc#1105392).
gtp: avoid zero size hashtable (networking-stable-20_01_01).
gtp: do not allow adding duplicate tid and ms_addr pdp context (networking-stable-20_01_01).
gtp: fix an use-after-free in ipv4_pdp_find() (networking-stable-20_01_01).
gtp: fix wrong condition in gtp_genl_dump_pdp() (networking-stable-20_01_01).
hotplug/drc-info: Add code to search ibm,drc-info property (bsc#1157480 ltc#181028).
hv_netvsc: Fix offset usage in netvsc_send_table() (bsc#1164598).
hv_netvsc: Fix send_table offset in case of a host bug (bsc#1164598).
hv_netvsc: Fix tx_table init in rndis_set_subchannel() (bsc#1164598).
hv_netvsc: Fix unwanted rx_table reset (bsc#1164598).
hwmon: (k10temp) Add support for AMD family 17h, model 70h CPUs (bsc#1163206).
hwmon: (pmbus/ltc2978) Fix PMBus polling of MFR_COMMON definitions (bsc#1051510).
iommu/amd: Fix IOMMU perf counter clobbering during init (bsc#1162617).
iommu/arm-smmu-v3: Populate VMID field for CMDQ_OP_TLBI_NH_VA (bsc#1164314).
iommu/io-pgtable-arm: Fix race handling in split_blk_unmap() (bsc#1164115).
iwlwifi: do not throw error when trying to remove IGTK (bsc#1051510).
iwlwifi: mvm: fix NVM check for 3168 devices (bsc#1051510).
jbd2: clear JBD2_ABORT flag before journal_reset to update log tail info when load journal (bsc#1163862).
jbd2: do not clear the BH_Mapped flag when forgetting a metadata buffer (bsc#1163836).
jbd2: Fix possible overflow in jbd2_log_space_left() (bsc#1163860).
jbd2: make sure ESHUTDOWN to be recorded in the journal superblock (bsc#1163863).
jbd2: move the clearing of b_modified flag to the journal_unmap_buffer() (bsc#1163880).
jbd2: switch to use jbd2_journal_abort() when failed to submit the commit record (bsc#1163852).
kabi/severities: Whitelist rpaphp_get_drc_props (bsc#1157480 ltc#181028).
kconfig: fix broken dependency in randconfig-generated .config (bsc#1051510).
kernel-binary.spec.in: do not recommend firmware for kvmsmall and azure flavor (boo#1161360).
KVM: Clean up __kvm_gfn_to_hva_cache_init() and its callers (bsc#1133021).
KVM: fix spectrev1 gadgets (bsc#1164705).
KVM: PPC: Book3S HV: Uninit vCPU if vcore creation fails (bsc#1061840).
KVM: PPC: Book3S PR: Fix -Werror=return-type build failure (bsc#1061840).
KVM: PPC: Book3S PR: Free shared page if mmu initialization fails (bsc#1061840).
KVM: SVM: Override default MMIO mask if memory encryption is enabled (bsc#1162618).
KVM: x86: Protect DR-based index computations from Spectre-v1/L1TF attacks (bsc#1164734).
KVM: x86: Protect ioapic_read_indirect() from Spectre-v1/L1TF attacks (bsc#1164728).
KVM: x86: Protect ioapic_write_indirect() from Spectre-v1/L1TF attacks (bsc#1164729).
KVM: x86: Protect kvm_hv_msr_[get|set]_crash_data() from Spectre-v1/L1TF attacks (bsc#1164712).
KVM: x86: Protect kvm_lapic_reg_write() from Spectre-v1/L1TF attacks (bsc#1164730).
KVM: x86: Protect MSR-based index computations from Spectre-v1/L1TF attacks in x86.c (bsc#1164733).
KVM: x86: Protect MSR-based index computations in fixed_msr_to_seg_unit() from Spectre-v1/L1TF attacks (bsc#1164731).
KVM: x86: Protect MSR-based index computations in pmu.h from Spectre-v1/L1TF attacks (bsc#1164732).
KVM: x86: Protect pmu_intel.c from Spectre-v1/L1TF attacks (bsc#1164735).
KVM: x86: Protect x86_decode_insn from Spectre-v1/L1TF attacks (bsc#1164705).
KVM: x86: Refactor picdev_write() to prevent Spectre-v1/L1TF attacks (bsc#1164727).
lcoking/rwsem: Add missing ACQUIRE to read_slowpath sleep loop (bsc#1050549).
lib: crc64: include <linux/crc64.h> for 'crc64_be' (bsc#1163762).
lib/scatterlist.c: adjust indentation in __sg_alloc_table (bsc#1051510).
lib/test_kasan.c: fix memory leak in kmalloc_oob_krealloc_more() (bsc#1051510).
livepatch/samples/selftest: Use klp_shadow_alloc() API correctly (bsc#1071995).
livepatch/selftest: Clean up shadow variable names and type (bsc#1071995).
locking/rwsem: Prevent decrement of reader count before increment (bsc#1050549).
mac80211: Fix TKIP replay protection immediately after key setup (bsc#1051510).
mac80211: mesh: restrict airtime metric to peered established plinks (bsc#1051510).
md/raid0: Fix buffer overflow at debug print (bsc#1164051).
media: af9005: uninitialized variable printked (bsc#1051510).
media: cec: CEC 2.0-only bcast messages were ignored (git-fixes).
media: digitv: do not continue if remote control state can't be read (bsc#1051510).
media: dvb-usb/dvb-usb-urb.c: initialize actlen to 0 (bsc#1051510).
media: exynos4-is: fix wrong mdev and v4l2 dev order in error path (git-fixes).
media: gspca: zero usb_buf (bsc#1051510).
media: iguanair: fix endpoint sanity check (bsc#1051510).
media: ov6650: Fix crop rectangle alignment not passed back (git-fixes).
media: ov6650: Fix incorrect use of JPEG colorspace (git-fixes).
media: pulse8-cec: fix lost cec_transmit_attempt_done() call.
media: uvcvideo: Avoid cyclic entity chains due to malformed USB descriptors (bsc#1051510).
media/v4l2-core: set pages dirty upon releasing DMA buffers (bsc#1051510).
media: v4l2-rect.h: fix v4l2_rect_map_inside() top/left adjustments (bsc#1051510).
mfd: da9062: Fix watchdog compatible string (bsc#1051510).
mfd: dln2: More sanity checking for endpoints (bsc#1051510).
mfd: rn5t618: Mark ADC control register volatile (bsc#1051510).
mmc: spi: Toggle SPI polarity, do not hardcode it (bsc#1051510).
mod_devicetable: fix PHY module format (networking-stable-19_12_28).
mtd: fix mtd_oobavail() incoherent returned value (bsc#1051510).
namei: only return -ECHILD from follow_dotdot_rcu() (bsc#1163851).
net: add sendmsg_locked and sendpage_locked to af_inet6 (bsc#1144162).
net: dst: Force 4-byte alignment of dst_metrics (networking-stable-19_12_28).
net: ena: fix napi handler misbehavior when the napi budget is zero (networking-stable-20_01_01).
net: hisilicon: Fix a BUG trigered by wrong bytes_compl (networking-stable-19_12_28).
net: nfc: nci: fix a possible sleep-in-atomic-context bug in nci_uart_tty_receive() (networking-stable-19_12_28).
net: qlogic: Fix error paths in ql_alloc_large_buffers() (networking-stable-19_12_28).
net: sched: correct flower port blocking (git-fixes).
net: usb: lan78xx: Fix suspend/resume PHY register access error (networking-stable-19_12_28).
new helper: lookup_positive_unlocked() (bsc#1159271).
nvme: fix the parameter order for nvme_get_log in nvme_get_fw_slot_info (bsc#1163774).
PCI: Add DMA alias quirk for Intel VCA NTB (bsc#1051510).
PCI: Do not disable bridge BARs when assigning bus resources (bsc#1051510).
PCI/IOV: Fix memory leak in pci_iov_add_virtfn() (git-fixes).
PCI: rpaphp: Add drc-info support for hotplug slot registration (bsc#1157480 ltc#181028).
PCI: rpaphp: Annotate and correctly byte swap DRC properties (bsc#1157480 ltc#181028).
PCI: rpaphp: Avoid a sometimes-uninitialized warning (bsc#1157480 ltc#181028).
PCI: rpaphp: Correctly match ibm, my-drc-index to drc-name when using drc-info (bsc#1157480 ltc#181028).
PCI: rpaphp: Do not rely on firmware feature to imply drc-info support (bsc#1157480 ltc#181028).
PCI: rpaphp: Fix up pointer to first drc-info entry (bsc#1157480 ltc#181028).
PCI/switchtec: Fix vep_vector_number ioread width (bsc#1051510).
percpu: Separate decrypted varaibles anytime encryption can be enabled (bsc#1114279).
perf/x86/intel: Fix inaccurate period in context switch for auto-reload (bsc#1164315).
powerpc: avoid adjusting memory_limit for capture kernel memory reservation (bsc#1140025 ltc#176086).
powerpc: Enable support for ibm,drc-info devtree property (bsc#1157480 ltc#181028).
powerpc/papr_scm: Fix leaking 'bus_desc.provider_name' in some paths (bsc#1142685 ltc#179509).
powerpc/pseries: Add cpu DLPAR support for drc-info property (bsc#1157480 ltc#181028).
powerpc/pseries: Advance pfn if section is not present in lmb_is_removable() (bsc#1065729).
powerpc/pseries: Allow not having ibm, hypertas-functions::hcall-multi-tce for DDW (bsc#1065729).
powerpc/pseries: Enable support for ibm,drc-info property (bsc#1157480 ltc#181028).
powerpc/pseries: Fix bad drc_index_start value parsing of drc-info entry (bsc#1157480 ltc#181028).
powerpc/pseries: Fix drc-info mappings of logical cpus to drc-index (bsc#1157480 ltc#181028).
powerpc/pseries: Fix vector5 in ibm architecture vector table (bsc#1157480 ltc#181028).
powerpc/pseries/hotplug-memory: Change rc variable to bool (bsc#1065729).
powerpc/pseries: Revert support for ibm,drc-info devtree property (bsc#1157480 ltc#181028).
powerpc/pseries/vio: Fix iommu_table use-after-free refcount warning (bsc#1065729).
powerpc: reserve memory for capture kernel after hugepages init (bsc#1140025 ltc#176086).
powerpc/tm: Fix clearing MSR[TS] in current when reclaiming on signal delivery (bsc#1118338 ltc#173734).
power: supply: ltc2941-battery-gauge: fix use-after-free (bsc#1051510).
pseries/drc-info: Search DRC properties for CPU indexes (bsc#1157480 ltc#181028).
pstore/ram: Write new dumps to start of recycled zones (bsc#1051510).
pwm: omap-dmtimer: Remove PWM chip in .remove before making it unfunctional (git-fixes).
pwm: Remove set but not set variable 'pwm' (git-fixes).
pxa168fb: Fix the function used to release some memory in an error (bsc#1114279)
qede: Fix multicast mac configuration (networking-stable-19_12_28).
qmi_wwan: Add support for Quectel RM500Q (bsc#1051510).
quota: Check that quota is not dirty before release (bsc#1163858).
quota: fix livelock in dquot_writeback_dquots (bsc#1163857).
r8152: get default setting of WOL before initializing (bsc#1051510).
regulator: Fix return value of _set_load() stub (bsc#1051510).
regulator: rk808: Lower log level on optional GPIOs being not available (bsc#1051510).
reiserfs: Fix memory leak of journal device string (bsc#1163867).
reiserfs: Fix spurious unlock in reiserfs_fill_super() error handling (bsc#1163869).
Revert 'locking/pvqspinlock: Do not wait if vCPU is preempted' (bsc#1050549).
rpm/kabi.pl: support new (>=5.4) Module.symvers format (new symbol namespace field)
rpm/kernel-binary.spec.in: Conflict with too old powerpc-utils (jsc#ECO-920, jsc#SLE-11054, jsc#SLE-11322).
rpm/kernel-binary.spec.in: Replace Novell with SUSE
rtc: cmos: Stop using shared IRQ (bsc#1051510).
rtc: hym8563: Return -EINVAL if the time is known to be invalid (bsc#1051510).
rtlwifi: Fix MAX MPDU of VHT capability (git-fixes).
rtlwifi: Remove redundant semicolon in wifi.h (git-fixes).
scsi: qla2xxx: Fix a NULL pointer dereference in an error path (bsc#1157966 bsc#1158013 bsc#1157424).
scsi: qla2xxx: Fix unbound NVME response length (bsc#1157966 bsc#1158013 bsc#1157424).
sctp: fully initialize v4 addr in some functions (networking-stable-19_12_28).
serial: ifx6x60: add missed pm_runtime_disable (bsc#1051510).
serial: pl011: Fix DMA ->flush_buffer() (bsc#1051510).
serial: serial_core: Perform NULL checks for break_ctl ops (bsc#1051510).
serial: stm32: fix transmit_chars when tx is stopped (bsc#1051510).
sh_eth: check sh_eth_cpu_data::dual_port when dumping registers (bsc#1051510).
sh_eth: fix dumping ARSTR (bsc#1051510).
sh_eth: fix invalid context bug while calling auto-negotiation by ethtool (bsc#1051510).
sh_eth: fix invalid context bug while changing link options by ethtool (bsc#1051510).
sh_eth: fix TSU init on SH7734/R8A7740 (bsc#1051510).
sh_eth: fix TXALCR1 offsets (bsc#1051510).
sh_eth: TSU_QTAG0/1 registers the same as TSU_QTAGM0/1 (bsc#1051510).
soc: renesas: rcar-sysc: Add goto to of_node_put() before return (bsc#1051510).
soc/tegra: fuse: Correct straps' address for older Tegra124 device trees (bsc#1051510).
soc: ti: wkup_m3_ipc: Fix race condition with rproc_boot (bsc#1051510).
spi: tegra114: clear packed bit for unpacked mode (bsc#1051510).
spi: tegra114: configure dma burst size to fifo trig level (bsc#1051510).
spi: tegra114: fix for unpacked mode transfers (bsc#1051510).
spi: tegra114: flush fifos (bsc#1051510).
spi: tegra114: terminate dma and reset on transfer timeout (bsc#1051510).
sr_vendor: support Beurer GL50 evo CD-on-a-chip devices (boo#1164632).
staging: vt6656: correct packet types for CTS protect, mode (bsc#1051510).
staging: vt6656: Fix false Tx excessive retries reporting (bsc#1051510).
staging: vt6656: use NULLFUCTION stack on mac80211 (bsc#1051510).
stop_machine: Atomically queue and wake stopper threads (bsc#1088810, bsc#1161702).
stop_machine: Disable preemption after queueing stopper threads (bsc#1088810, bsc#1161702).
stop_machine: Disable preemption when waking two stopper threads (bsc#1088810, bsc#1161702).
stop_machine, sched: Fix migrate_swap() vs. active_balance() deadlock (bsc#1088810, bsc#1161702).
tcp: do not send empty skb from tcp_write_xmit() (networking-stable-20_01_01).
tracing: Annotate ftrace_graph_hash pointer with __rcu (git-fixes).
tracing: Annotate ftrace_graph_notrace_hash pointer with __rcu (git-fixes).
tracing: Fix tracing_stat return values in error handling paths (git-fixes).
tracing: Fix very unlikely race of registering two stat tracers (git-fixes).
tty: n_hdlc: fix build on SPARC (bsc#1051510).
tty/serial: atmel: Add is_half_duplex helper (bsc#1051510).
tty: serial: msm_serial: Fix lockup for sysrq and oops (bsc#1051510).
tty: vt: keyboard: reject invalid keycodes (bsc#1051510).
ubifs: do not trigger assertion on invalid no-key filename (bsc#1163850).
ubifs: Fix deadlock in concurrent bulk-read and writepage (bsc#1163856).
ubifs: Fix FS_IOC_SETFLAGS unexpectedly clearing encrypt flag (bsc#1163855).
ubifs: Reject unsupported ioctl flags explicitly (bsc#1163844).
udp: fix integer overflow while computing available space in sk_rcvbuf (networking-stable-20_01_01).
USB: core: fix check for duplicate endpoints (git-fixes).
USB: EHCI: Do not return -EPIPE when hub is disconnected (git-fixes).
USB: gadget: legacy: set max_speed to super-speed (bsc#1051510).
USB: gadget: Zero ffs_io_data (bsc#1051510).
USB: host: xhci-hub: fix extra endianness conversion (bsc#1051510).
usbip: Fix error path of vhci_recv_ret_submit() (git-fixes).
USB: serial: option: add support for Quectel RM500Q in QDL mode (git-fixes).
USB: serial: option: add Telit ME910G1 0x110a composition (git-fixes).
USB: serial: option: add ZLP support for 0x1bc7/0x9010 (git-fixes).
usb-storage: Disable UAS on JMicron SATA enclosure (bsc#1051510).
vhost/vsock: accept only packets with the right dst_cid (networking-stable-20_01_01).
watchdog: max77620_wdt: fix potential build errors (bsc#1051510).
watchdog: rn5t618_wdt: fix module aliases (bsc#1051510).
watchdog: wdat_wdt: fix get_timeleft call for wdat_wdt (bsc#1162557).
wireless: fix enabling channel 12 for custom regulatory domain (bsc#1051510).
wireless: wext: avoid gcc -O3 warning (bsc#1051510).
x86/amd_nb: Add PCI device IDs for family 17h, model 70h (bsc#1163206).
x86/cpu: Update cached HLE state on write to TSX_CTRL_CPUID_CLEAR (bsc#1162619).
x86/intel_rdt: Split resource group removal in two (bsc#1112178).
x86/intel_rdt: Split resource group removal in two (bsc#1112178).
x86/resctrl: Check monitoring static key in the MBM overflow handler (bsc#1114279).
x86/resctrl: Fix a deadlock due to inaccurate reference (bsc#1112178).
x86/resctrl: Fix a deadlock due to inaccurate reference (bsc#1112178).
x86/resctrl: Fix use-after-free due to inaccurate refcount of rdtgroup (bsc#1112178).
x86/resctrl: Fix use-after-free due to inaccurate refcount of rdtgroup (bsc#1112178).
x86/resctrl: Fix use-after-free when deleting resource groups (bsc#1114279).
xen/balloon: Support xend-based toolstack take two (bsc#1065600).
xen: Enable interrupts when calling _cond_resched() (bsc#1065600).
xhci: Fix memory leak in xhci_add_in_port() (bsc#1051510).
xhci: fix USB3 device initiated resume race with roothub autosuspend (bsc#1051510).
xhci: make sure interrupts are restored to correct state (bsc#1051510).

Advisory ID	SUSE-SU-2020:1123-1
Released	Tue Apr 28 07:49:13 2020
Summary	Security update for the Linux Kernel
Type	security
Severity	important
References	1044231,1051510,1051858,1056686,1060463,1065729,1083647,1085030,1103990,1103992,1104353,1104745,1109837,1109911,1111666,1111974,1112178,1112374,1113956,1114279,1114685,1119680,1120386,1127611,1133021,1134090,1136157,1141895,1144333,1145051,1146539,1157424,1158187,1158983,1159198,1159285,1160659,1161561,1161951,1162171,1162929,1162931,1164078,1164507,1164777,1164780,1164893,1165019,1165111,1165182,1165185,1165211,1165404,1165488,1165527,1165741,1165813,1165823,1165873,1165929,1165949,1165950,1165980,1165984,1165985,1166003,1166101,1166102,1166103,1166104,1166632,1166730,1166731,1166732,1166733,1166734,1166735,1166982,1167005,1167216,1167290,1167316,1167421,1167423,1167627,1167629,1168075,1168273,1168276,1168295,1168367,1168424,1168443,1168552,1168829,1168854,1169013,1169307,1169308,CVE-2019-19768,CVE-2019-19770,CVE-2019-3701,CVE-2019-9458,CVE-2020-10942,CVE-2020-11494,CVE-2020-8647,CVE-2020-8649,CVE-2020-8834,CVE-2020-9383

Description:

The SUSE Linux Enterprise 15 SP1 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:

CVE-2020-8834: KVM on Power8 processors had a conflicting use of HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry plus in kvmppc_{save,restore}_tm, leading to a stack corruption. Because of this, an attacker with the ability to run code in kernel space of a guest VM can cause the host kernel to panic (bnc#1168276).
CVE-2020-11494: An issue was discovered in slc_bump in drivers/net/can/slcan.c, which allowed attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL (bnc#1168424).
CVE-2020-10942: In get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls (bnc#1167629).
CVE-2020-8647: Fixed a use-after-free vulnerability in the vc_do_resize function in drivers/tty/vt/vt.c (bnc#1162929).
CVE-2020-8649: Fixed a use-after-free vulnerability in the vgacon_invert_region function in drivers/video/console/vgacon.c (bnc#1162931).
CVE-2020-9383: Fixed an issue in set_fdc in drivers/block/floppy.c, which leads to a wait_til_ready out-of-bounds read (bnc#1165111).
CVE-2019-9458: In the video driver there was a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed (bnc#1168295).
CVE-2019-3701: Fixed an issue in can_can_gw_rcv, which could cause a system crash (bnc#1120386).
CVE-2019-19768: Fixed a use-after-free in the __blk_add_trace function in kernel/trace/blktrace.c (bnc#1159285).
CVE-2019-19770: Fixed a use-after-free in the debugfs_remove function (bsc#1159198).

The following non-security bugs were fixed:

ACPICA: Introduce ACPI_ACCESS_BYTE_WIDTH() macro (bsc#1051510).
ACPI: watchdog: Fix gas->access_width usage (bsc#1051510).
ahci: Add support for Amazon's Annapurna Labs SATA controller (bsc#1169013).
ALSA: ali5451: remove redundant variable capture_flag (bsc#1051510).
ALSA: core: Add snd_device_get_state() helper (bsc#1051510).
ALSA: core: Replace zero-length array with flexible-array member (bsc#1051510).
ALSA: emu10k1: Fix endianness annotations (bsc#1051510).
ALSA: hda/ca0132 - Add Recon3Di quirk to handle integrated sound on EVGA X99 Classified motherboard (bsc#1051510).
ALSA: hda/ca0132 - Replace zero-length array with flexible-array member (bsc#1051510).
ALSA: hda_codec: Replace zero-length array with flexible-array member (bsc#1051510).
ALSA: hda: default enable CA0132 DSP support (bsc#1051510).
ALSA: hda/realtek - Add Headset Button supported for ThinkPad X1 (bsc#1111666).
ALSA: hda/realtek - Add Headset Mic supported (bsc#1111666).
ALSA: hda/realtek - Add more codec supported Headset Button (bsc#1111666).
ALSA: hda/realtek - a fake key event is triggered by running shutup (bsc#1051510).
ALSA: hda/realtek - Apply quirk for MSI GP63, too (bsc#1111666).
ALSA: hda/realtek - Apply quirk for yet another MSI laptop (bsc#1111666).
ALSA: hda/realtek - Enable headset mic of Acer X2660G with ALC662 (git-fixes).
ALSA: hda/realtek: Enable mute LED on an HP system (bsc#1051510).
ALSA: hda/realtek - Enable the headset of Acer N50-600 with ALC662 (git-fixes).
ALSA: hda/realtek - Enable the headset of ASUS B9450FA with ALC294 (bsc#1111666).
ALSA: hda/realtek - Fix a regression for mute led on Lenovo Carbon X1 (bsc#1111666).
ALSA: hda/realtek: Fix pop noise on ALC225 (git-fixes).
ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master (bsc#1111666).
ALSA: hda/realtek - Remove now-unnecessary XPS 13 headphone noise fixups (bsc#1051510).
ALSA: hda/realtek - Set principled PC Beep configuration for ALC256 (bsc#1051510).
ALSA: hda: remove redundant assignment to variable timeout (bsc#1051510).
ALSA: hda: Use scnprintf() for string truncation (bsc#1051510).
ALSA: hdsp: remove redundant assignment to variable err (bsc#1051510).
ALSA: info: remove redundant assignment to variable c (bsc#1051510).
ALSA: korg1212: fix if-statement empty body warnings (bsc#1051510).
ALSA: line6: Fix endless MIDI read loop (git-fixes).
ALSA: pcm: Fix superfluous snprintf() usage (bsc#1051510).
ALSA: pcm.h: add for_each_pcm_streams() (bsc#1051510).
ALSA: pcm: oss: Avoid plugin buffer overflow (git-fixes).
ALSA: pcm: oss: Remove WARNING from snd_pcm_plug_alloc() checks (git-fixes).
ALSA: pcm: oss: Unlock mutex temporarily for sleeping at read/write (bsc#1051510).
ALSA: pcm: Use a macro for parameter masks to reduce the needed cast (bsc#1051510).
ALSA: seq: oss: Fix running status after receiving sysex (git-fixes).
ALSA: seq: virmidi: Fix running status after receiving sysex (git-fixes).
ALSA: usb-audio: Add boot quirk for MOTU M Series (bsc#1111666).
ALSA: usb-audio: Add clock validity quirk for Denon MC7000/MCX8000 (bsc#1111666).
ALSA: usb-audio: Add delayed_register option (bsc#1051510).
ALSA: usb-audio: add implicit fb quirk for MOTU M Series (bsc#1111666).
ALSA: usb-audio: add quirks for Line6 Helix devices fw>=2.82 (bsc#1111666).
ALSA: usb-audio: Add support for MOTU MicroBook IIc (bsc#1051510).
ALSA: usb-audio: Apply 48kHz fixed rate playback for Jabra Evolve 65 headset (bsc#1111666).
ALSA: usb-audio: Create a registration quirk for Kingston HyperX Amp (0951:16d8) (bsc#1051510).
ALSA: usb-audio: Do not create a mixer element with bogus volume range (bsc#1051510).
ALSA: usb-audio: Fix case when USB MIDI interface has more than one extra endpoint descriptor (bsc#1051510).
ALSA: usb-audio: fix Corsair Virtuoso mixer label collision (bsc#1111666).
ALSA: usb-audio: Fix mixer controls' USB interface for Kingston HyperX Amp (0951:16d8) (bsc#1051510).
ALSA: usb-audio: Fix UAC2/3 effect unit parsing (bsc#1111666).
ALSA: usb-audio: Inform devices that need delayed registration (bsc#1051510).
ALSA: usb-audio: Parse source ID of UAC2 effect unit (bsc#1051510).
ALSA: usb-audio: Rewrite registration quirk handling (bsc#1051510).
ALSA: usb-audio: unlock on error in probe (bsc#1111666).
ALSA: usb-audio: Use lower hex numbers for IDs (bsc#1111666).
ALSA: usb-midi: Replace zero-length array with flexible-array member (bsc#1051510).
ALSA: usx2y: Adjust indentation in snd_usX2Y_hwdep_dsp_status (bsc#1051510).
ALSA: usx2y: use for_each_pcm_streams() macro (bsc#1051510).
ALSA: via82xx: Fix endianness annotations (bsc#1051510).
amdgpu/gmc_v9: save/restore sdpif regs during S3 (bsc#1113956)
apei/ghes: Do not delay GHES polling (bsc#1166982).
ASoC: dapm: Correct DAPM handling of active widgets during shutdown (bsc#1051510).
ASoC: Intel: mrfld: fix incorrect check on p->sink (bsc#1051510).
ASoC: Intel: mrfld: return error codes when an error occurs (bsc#1051510).
ASoC: jz4740-i2s: Fix divider written at incorrect offset in register (bsc#1051510).
ASoC: pcm512x: Fix unbalanced regulator enable call in probe error path (bsc#1051510).
ASoC: pcm: Fix possible buffer overflow in dpcm state sysfs output (bsc#1051510).
ASoC: pcm: update FE/BE trigger order based on the command (bsc#1051510).
ASoC: sun8i-codec: Remove unused dev from codec struct (bsc#1051510).
ASoC: topology: Fix memleak in soc_tplg_link_elems_load() (bsc#1051510).
ath9k: Handle txpower changes even when TPC is disabled (bsc#1051510).
atm: zatm: Fix empty body Clang warnings (bsc#1051510).
b43legacy: Fix -Wcast-function-type (bsc#1051510).
binfmt_elf: Do not move brk for INTERP-less ET_EXEC (bsc#1169013).
binfmt_elf: move brk out of mmap when doing direct loader exec (bsc#1169013).
blk: Fix kabi due to blk_trace_mutex addition (bsc#1159285).
blk-mq: Allow blocking queue tag iter callbacks (bsc#1167316).
blktrace: fix dereference after null check (bsc#1159285).
blktrace: fix trace mutex deadlock (bsc#1159285).
bnxt_en: Fix NTUPLE firmware command failures (bsc#1104745 ).
bnxt_en: Fix TC queue mapping (networking-stable-20_02_05).
bnxt_en: Improve device shutdown method (bsc#1104745 ).
bnxt_en: Issue PCIe FLR in kdump kernel to cleanup pending DMAs (bsc#1134090 jsc#SLE-5954).
bnxt_en: Support all variants of the 5750X chip family (bsc#1167216).
bonding/alb: properly access headers in bond_alb_xmit() (networking-stable-20_02_09).
bpf: Explicitly memset some bpf info structures declared on the stack (bsc#1083647).
bpf: Explicitly memset the bpf_attr structure (bsc#1083647).
bpf, offload: Replace bitwise AND by logical AND in bpf_prog_offload_info_fill (bsc#1109837).
brcmfmac: abort and release host after error (bsc#1111666).
btrfs: Account for trans_block_rsv in may_commit_transaction (bsc#1165949).
btrfs: add a flush step for delayed iputs (bsc#1165949).
btrfs: add assertions for releasing trans handle reservations (bsc#1165949).
btrfs: add btrfs_delete_ref_head helper (bsc#1165949).
btrfs: add enospc debug messages for ticket failure (bsc#1165949).
btrfs: Add enospc_debug printing in metadata_reserve_bytes (bsc#1165949).
btrfs: add new flushing states for the delayed refs rsv (bsc#1165949).
btrfs: add space reservation tracepoint for reserved bytes (bsc#1165949).
btrfs: adjust dirty_metadata_bytes after writeback failure of extent buffer (bsc#1168273).
btrfs: allow us to use up to 90% of the global rsv for unlink (bsc#1165949).
btrfs: always reserve our entire size for the global reserve (bsc#1165949).
btrfs: assert on non-empty delayed iputs (bsc##1165949).
btrfs: be more explicit about allowed flush states (bsc#1165949).
btrfs: call btrfs_create_pending_block_groups unconditionally (bsc#1165949).
btrfs: catch cow on deleting snapshots (bsc#1165949).
btrfs: change the minimum global reserve size (bsc#1165949).
btrfs: check if there are free block groups for commit (bsc#1165949).
btrfs: clean up error handling in btrfs_truncate() (bsc#1165949).
btrfs: cleanup extent_op handling (bsc#1165949).
btrfs: cleanup root usage by btrfs_get_alloc_profile (bsc#1165949).
btrfs: cleanup the target logic in __btrfs_block_rsv_release (bsc#1165949).
btrfs: clear space cache inode generation always (bsc#1165949).
btrfs: delayed-ref: pass delayed_refs directly to btrfs_delayed_ref_lock (bsc#1165949).
btrfs: Do mandatory tree block check before submitting bio (bsc#1168273).
btrfs: do not account global reserve in can_overcommit (bsc#1165949).
btrfs: do not allow reservations if we have pending tickets (bsc#1165949).
btrfs: do not call btrfs_start_delalloc_roots in flushoncommit (bsc#1165949).
btrfs: do not end the transaction for delayed refs in throttle (bsc#1165949).
btrfs: do not enospc all tickets on flush failure (bsc#1165949).
btrfs: do not reset bio->bi_ops while writing bio (bsc#1168273).
btrfs: do not run delayed_iputs in commit (bsc##1165949).
btrfs: do not run delayed refs in the end transaction logic (bsc#1165949).
btrfs: do not use ctl->free_space for max_extent_size (bsc##1165949).
btrfs: do not use global reserve for chunk allocation (bsc#1165949).
btrfs: drop get_extent from extent_page_data (bsc#1168273).
btrfs: drop min_size from evict_refill_and_join (bsc##1165949).
btrfs: drop unused space_info parameter from create_space_info (bsc#1165949).
btrfs: dump block_rsv details when dumping space info (bsc#1165949).
btrfs: export block group accounting helpers (bsc#1165949).
btrfs: export block_rsv_use_bytes (bsc#1165949).
btrfs: export btrfs_block_rsv_add_bytes (bsc#1165949).
btrfs: export __btrfs_block_rsv_release (bsc#1165949).
btrfs: export space_info_add_*_bytes (bsc#1165949).
btrfs: export the block group caching helpers (bsc#1165949).
btrfs: export the caching control helpers (bsc#1165949).
btrfs: export the excluded extents helpers (bsc#1165949).
btrfs: extent_io: add proper error handling to lock_extent_buffer_for_io() (bsc#1168273).
btrfs: extent_io: Handle errors better in btree_write_cache_pages() (bsc#1168273).
btrfs: extent_io: Handle errors better in extent_write_full_page() (bsc#1168273).
btrfs: extent_io: Handle errors better in extent_write_locked_range() (bsc#1168273).
btrfs: extent_io: Handle errors better in extent_writepages() (bsc#1168273).
btrfs: extent_io: Kill dead condition in extent_write_cache_pages() (bsc#1168273).
btrfs: extent_io: Kill the forward declaration of flush_write_bio (bsc#1168273).
btrfs: extent_io: Move the BUG_ON() in flush_write_bio() one level up (bsc#1168273).
btrfs: extent-tree: Add lockdep assert when updating space info (bsc#1165949).
btrfs: extent-tree: Add trace events for space info numbers update (bsc#1165949).
btrfs: extent-tree: Detect bytes_may_use underflow earlier (bsc#1165949).
btrfs: extent-tree: Detect bytes_pinned underflow earlier (bsc#1165949).
btrfs: factor our read/write stage off csum_tree_block into its callers (bsc#1168273).
btrfs: factor out the ticket flush handling (bsc#1165949).
btrfs: fix insert_reserved error handling (bsc##1165949).
btrfs: fix may_commit_transaction to deal with no partial filling (bsc#1165949).
btrfs: fix missing delayed iputs on unmount (bsc#1165949).
btrfs: fix qgroup double free after failure to reserve metadata for delalloc (bsc#1165949).
btrfs: fix race leading to metadata space leak after task received signal (bsc#1165949).
btrfs: fix truncate throttling (bsc#1165949).
btrfs: fix unwritten extent buffers and hangs on future writeback attempts (bsc#1168273).
btrfs: force chunk allocation if our global rsv is larger than metadata (bsc#1165949).
btrfs: Improve global reserve stealing logic (bsc#1165949).
btrfs: introduce an evict flushing state (bsc#1165949).
btrfs: introduce delayed_refs_rsv (bsc#1165949).
btrfs: loop in inode_rsv_refill (bsc#1165949).
btrfs: make btrfs_destroy_delayed_refs use btrfs_delayed_ref_lock (bsc#1165949).
btrfs: make btrfs_destroy_delayed_refs use btrfs_delete_ref_head (bsc#1165949).
btrfs: make caching_thread use btrfs_find_next_key (bsc#1165949).
btrfs: make plug in writing meta blocks really work (bsc#1168273).
btrfs: merge two flush_write_bio helpers (bsc#1168273).
btrfs: migrate btrfs_trans_release_chunk_metadata (bsc#1165949).
btrfs: migrate inc/dec_block_group_ro code (bsc#1165949).
btrfs: migrate nocow and reservation helpers (bsc#1165949).
btrfs: migrate the alloc_profile helpers (bsc#1165949).
btrfs: migrate the block group caching code (bsc#1165949).
btrfs: migrate the block group cleanup code (bsc#1165949).
btrfs: migrate the block group lookup code (bsc#1165949).
btrfs: migrate the block group read/creation code (bsc#1165949).
btrfs: migrate the block group ref counting stuff (bsc#1165949).
btrfs: migrate the block group removal code (bsc#1165949).
btrfs: migrate the block group space accounting helpers (bsc#1165949).
btrfs: migrate the block-rsv code to block-rsv.c (bsc#1165949).
btrfs: migrate the chunk allocation code (bsc#1165949).
btrfs: migrate the delalloc space stuff to it's own home (bsc#1165949).
btrfs: migrate the delayed refs rsv code (bsc#1165949).
btrfs: migrate the dirty bg writeout code (bsc#1165949).
btrfs: migrate the global_block_rsv helpers to block-rsv.c (bsc#1165949).
btrfs: move and export can_overcommit (bsc#1165949).
btrfs: move basic block_group definitions to their own header (bsc#1165949).
btrfs: move btrfs_add_free_space out of a header file (bsc#1165949).
btrfs: move btrfs_block_rsv definitions into it's own header (bsc#1165949).
btrfs: move btrfs_raid_group values to btrfs_raid_attr table (bsc#1165949).
btrfs: move btrfs_space_info_add_*_bytes to space-info.c (bsc#1165949).
btrfs: move dump_space_info to space-info.c (bsc#1165949).
btrfs: move reserve_metadata_bytes and supporting code to space-info.c (bsc#1165949).
btrfs: move space_info to space-info.h (bsc#1165949).
btrfs: move the space_info handling code to space-info.c (bsc#1165949).
btrfs: move the space info update macro to space-info.h (bsc#1165949).
btrfs: move the subvolume reservation stuff out of extent-tree.c (bsc#1165949).
btrfs: only check delayed ref usage in should_end_transaction (bsc#1165949).
btrfs: only check priority tickets for priority flushing (bsc#1165949).
btrfs: only free reserved extent if we didn't insert it (bsc##1165949).
btrfs: only reserve metadata_size for inodes (bsc#1165949).
btrfs: only track ref_heads in delayed_ref_updates (bsc#1165949).
btrfs: Output ENOSPC debug info in inc_block_group_ro (bsc#1165949).
btrfs: pass root to various extent ref mod functions (bsc#1165949).
btrfs: qgroup: Do not hold qgroup_ioctl_lock in btrfs_qgroup_inherit() (bsc#1165823).
btrfs: qgroup: Mark qgroup inconsistent if we're inherting snapshot to a new qgroup (bsc#1165823).
btrfs: refactor block group replication factor calculation to a helper (bsc#1165949).
btrfs: refactor priority_reclaim_metadata_space (bsc#1165949).
btrfs: refactor the ticket wakeup code (bsc#1165949).
btrfs: release metadata before running delayed refs (bsc##1165949).
btrfs: remove bio_flags which indicates a meta block of log-tree (bsc#1168273).
btrfs: Remove btrfs_inode::delayed_iput_count (bsc#1165949).
btrfs: Remove fs_info from do_chunk_alloc (bsc#1165949).
btrfs: remove orig_bytes from reserve_ticket (bsc#1165949).
btrfs: Remove redundant argument of flush_space (bsc#1165949).
btrfs: Remove redundant mirror_num arg (bsc#1168273).
btrfs: Rename bin_search -> btrfs_bin_search (bsc#1168273).
btrfs: rename btrfs_space_info_add_old_bytes (bsc#1165949).
btrfs: rename do_chunk_alloc to btrfs_chunk_alloc (bsc#1165949).
btrfs: rename the btrfs_calc_*_metadata_size helpers (bsc#1165949).
btrfs: replace cleaner_delayed_iput_mutex with a waitqueue (bsc#1165949).
btrfs: reserve delalloc metadata differently (bsc#1165949).
btrfs: reserve extra space during evict (bsc#1165949).
btrfs: reset max_extent_size on clear in a bitmap (bsc##1165949).
btrfs: reset max_extent_size properly (bsc##1165949).
btrfs: rework btrfs_check_space_for_delayed_refs (bsc#1165949).
btrfs: rework wake_all_tickets (bsc#1165949).
btrfs: roll tracepoint into btrfs_space_info_update helper (bsc#1165949).
btrfs: run btrfs_try_granting_tickets if a priority ticket fails (bsc#1165949).
btrfs: run delayed iput at unlink time (bsc#1165949).
btrfs: run delayed iputs before committing (bsc#1165949).
btrfs: set max_extent_size properly (bsc##1165949).
btrfs: sink extent_write_full_page tree argument (bsc#1168273).
btrfs: sink extent_write_locked_range tree parameter (bsc#1168273).
btrfs: sink flush_fn to extent_write_cache_pages (bsc#1168273).
btrfs: sink get_extent parameter to extent_fiemap (bsc#1168273).
btrfs: sink get_extent parameter to extent_readpages (bsc#1168273).
btrfs: sink get_extent parameter to extent_write_full_page (bsc#1168273).
btrfs: sink get_extent parameter to extent_write_locked_range (bsc#1168273).
btrfs: sink get_extent parameter to extent_writepages (bsc#1168273).
btrfs: sink get_extent parameter to get_extent_skip_holes (bsc#1168273).
btrfs: sink writepage parameter to extent_write_cache_pages (bsc#1168273).
btrfs: stop partially refilling tickets when releasing space (bsc#1165949).
btrfs: stop using block_rsv_release_bytes everywhere (bsc#1165949).
btrfs: switch to on-stack csum buffer in csum_tree_block (bsc#1168273).
btrfs: temporarily export btrfs_get_restripe_target (bsc#1165949).
btrfs: temporarily export fragment_free_space (bsc#1165949).
btrfs: temporarily export inc_block_group_ro (bsc#1165949).
btrfs: track DIO bytes in flight (bsc#1165949).
btrfs: tree-checker: Remove comprehensive root owner check (bsc#1168273).
btrfs: unexport can_overcommit (bsc#1165949).
btrfs: unexport the temporary exported functions (bsc#1165949).
btrfs: unify error handling for ticket flushing (bsc#1165949).
btrfs: unify extent_page_data type passed as void (bsc#1168273).
btrfs: update may_commit_transaction to use the delayed refs rsv (bsc#1165949).
btrfs: use btrfs_try_granting_tickets in update_global_rsv (bsc#1165949).
btrfs: wait on caching when putting the bg cache (bsc#1165949).
btrfs: wait on ordered extents on abort cleanup (bsc#1165949).
btrfs: wakeup cleaner thread when adding delayed iput (bsc#1165949).
ceph: canonicalize server path in place (bsc#1168443).
ceph: check POOL_FLAG_FULL/NEARFULL in addition to OSDMAP_FULL/NEARFULL (bsc#1169307).
ceph: remove the extra slashes in the server path (bsc#1168443).
cfg80211: check reg_rule for NULL in handle_channel_custom() (bsc#1051510).
cfg80211: check wiphy driver existence for drvinfo report (bsc#1051510).
cgroup: memcg: net: do not associate sock with unrelated cgroup (bsc#1167290).
cifs: add a debug macro that prints \\server\share for errors (bsc#1144333).
cifs: add missing mount option to /proc/mounts (bsc#1144333).
cifs: add new debugging macro cifs_server_dbg (bsc#1144333).
cifs: add passthrough for smb2 setinfo (bsc#1144333).
cifs: add SMB2_open() arg to return POSIX data (bsc#1144333).
cifs: add smb2 POSIX info level (bsc#1144333).
cifs: add SMB3 change notification support (bsc#1144333).
cifs: add support for fallocate mode 0 for non-sparse files (bsc#1144333).
cifs: Add support for setting owner info, dos attributes, and create time (bsc#1144333).
cifs: Add tracepoints for errors on flush or fsync (bsc#1144333).
cifs: Adjust indentation in smb2_open_file (bsc#1144333).
cifs: allow chmod to set mode bits using special sid (bsc#1144333).
cifs: Avoid doing network I/O while holding cache lock (bsc#1144333).
cifs: call wake_up(server->response_q) inside of cifs_reconnect() (bsc#1144333).
cifs: Clean up DFS referral cache (bsc#1144333).
cifs: create a helper function to parse the query-directory response buffer (bsc#1144333).
cifs: do d_move in rename (bsc#1144333).
cifs: Do not display RDMA transport on reconnect (bsc#1144333).
cifs: do not ignore the SYNC flags in getattr (bsc#1144333).
cifs: do not leak -EAGAIN for stat() during reconnect (bsc#1144333).
cifs: do not use 'pre:' for MODULE_SOFTDEP (bsc#1144333).
cifs: enable change notification for SMB2.1 dialect (bsc#1144333).
cifs: fail i/o on soft mounts if sessionsetup errors out (bsc#1144333).
cifs: fix a comment for the timeouts when sending echos (bsc#1144333).
cifs: fix a white space issue in cifs_get_inode_info() (bsc#1144333).
cifs: fix dereference on ses before it is null checked (bsc#1144333).
cifs: Fix memory allocation in __smb2_handle_cancelled_cmd() (bsc#1144333).
cifs: fix mode bits from dir listing when mounted with modefromsid (bsc#1144333).
cifs: Fix mode output in debugging statements (bsc#1144333).
cifs: Fix mount options set in automount (bsc#1144333).
cifs: fix NULL dereference in match_prepath (bsc#1144333).
cifs: Fix potential deadlock when updating vol in cifs_reconnect() (bsc#1144333).
cifs: fix potential mismatch of UNC paths (bsc#1144333).
cifs: fix rename() by ensuring source handle opened with DELETE bit (bsc#1144333).
cifs: Fix return value in __update_cache_entry (bsc#1144333).
cifs: fix soft mounts hanging in the reconnect code (bsc#1144333).
cifs: fix soft mounts hanging in the reconnect code (bsc#1144333).
cifs: Fix task struct use-after-free on reconnect (bsc#1144333).
cifs: fix unitialized variable poential problem with network I/O cache lock patch (bsc#1144333).
cifs: get mode bits from special sid on stat (bsc#1144333).
cifs: Get rid of kstrdup_const()'d paths (bsc#1144333).
cifs: handle prefix paths in reconnect (bsc#1144333).
cifs: Introduce helpers for finding TCP connection (bsc#1144333).
cifs: log warning message (once) if out of disk space (bsc#1144333).
cifs: make sure we do not overflow the max EA buffer size (bsc#1144333).
cifs: make use of cap_unix(ses) in cifs_reconnect_tcon() (bsc#1144333).
cifs: Merge is_path_valid() into get_normalized_path() (bsc#1144333).
cifs: modefromsid: make room for 4 ACE (bsc#1144333).
cifs: modefromsid: write mode ACE first (bsc#1144333).
cifs: Optimize readdir on reparse points (bsc#1144333).
cifs: plumb smb2 POSIX dir enumeration (bsc#1144333).
cifs: potential unintitliazed error code in cifs_getattr() (bsc#1144333).
cifs: prepare SMB2_query_directory to be used with compounding (bsc#1144333).
cifs: print warning once if mounting with vers=1.0 (bsc#1144333).
cifs: refactor cifs_get_inode_info() (bsc#1144333).
cifs: remove redundant assignment to pointer pneg_ctxt (bsc#1144333).
cifs: remove redundant assignment to variable rc (bsc#1144333).
cifs: remove set but not used variables (bsc#1144333).
cifs: remove set but not used variable 'server' (bsc#1144333).
cifs: remove unused variable (bsc#1144333).
cifs: remove unused variable 'sid_user' (bsc#1144333).
cifs: rename a variable in SendReceive() (bsc#1144333).
cifs: rename posix create rsp (bsc#1144333).
cifs: replace various strncpy with strscpy and similar (bsc#1144333).
cifs: Return directly after a failed build_path_from_dentry() in cifs_do_create() (bsc#1144333).
cifs: set correct max-buffer-size for smb2_ioctl_init() (bsc#1144333).
cifs: smbd: Add messages on RDMA session destroy and reconnection (bsc#1144333).
cifs: smbd: Invalidate and deregister memory registration on re-send for direct I/O (bsc#1144333).
cifs: smbd: Only queue work for error recovery on memory registration (bsc#1144333).
cifs: smbd: Return -EAGAIN when transport is reconnecting (bsc#1144333).
cifs: smbd: Return -ECONNABORTED when trasnport is not in connected state (bsc#1144333).
cifs: smbd: Return -EINVAL when the number of iovs exceeds SMBDIRECT_MAX_SGE (bsc#1144333).
cifs: Use common error handling code in smb2_ioctl_query_info() (bsc#1144333).
cifs: use compounding for open and first query-dir for readdir() (bsc#1144333).
cifs: Use #define in cifs_dbg (bsc#1144333).
cifs: Use memdup_user() rather than duplicating its implementation (bsc#1144333).
cifs: use mod_delayed_work() for server->reconnect if already queued (bsc#1144333).
cifs: use PTR_ERR_OR_ZERO() to simplify code (bsc#1144333).
clk: imx: Align imx sc clock msg structs to 4 (bsc#1111666).
clk: imx: Align imx sc clock msg structs to 4 (git-fixes).
cls_rsvp: fix rsvp_policy (networking-stable-20_02_05).
core: Do not skip generic XDP program execution for cloned SKBs (bsc#1109837).
cpufreq: powernv: Fix unsafe notifiers (bsc#1065729).
cpufreq: powernv: Fix use-after-free (bsc#1065729).
Crypto: chelsio - Fixes a deadlock between rtnl_lock and uld_mutex (bsc#1111666).
Crypto: chelsio - Fixes a hang issue during driver registration (bsc#1111666).
crypto: pcrypt - Fix user-after-free on module unload (git-fixes).
debugfs: add support for more elaborate ->d_fsdata (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198.
debugfs: call debugfs_real_fops() only after debugfs_file_get() (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198.
debugfs: call debugfs_real_fops() only after debugfs_file_get() (bsc#1159198). Prerequisite for bsc#1159198.
debugfs: convert to debugfs_file_get() and -put() (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198.
debugfs: debugfs_real_fops(): drop __must_hold sparse annotation (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198.
debugfs: debugfs_use_start/finish do not exist anymore (bsc#1159198). Prerequisite for bsc#1159198.
debugfs: defer debugfs_fsdata allocation to first usage (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198.
debugfs: defer debugfs_fsdata allocation to first usage (bsc#1159198). Prerequisite for bsc#1159198.
debugfs: fix debugfs_real_fops() build error (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198.
debugfs: implement per-file removal protection (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198.
debugfs: purge obsolete SRCU based removal protection (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198.
debugfs: simplify __debugfs_remove_file() (bsc#1159198). Prerequisite for bsc#1159198.
devlink: report 0 after hitting end in region read (bsc#1109837).
dmaengine: coh901318: Fix a double lock bug in dma_tc_handle() (bsc#1051510).
driver core: platform: fix u32 greater or equal to zero comparison (bsc#1051510).
driver core: platform: Prevent resouce overflow from causing infinite loops (bsc#1051510).
driver core: Print device when resources present in really_probe() (bsc#1051510).
drivers/md/raid5.c: use the new spelling of RWH_WRITE_LIFE_NOT_SET (bsc#1166003).
drivers/md/raid5-ppl.c: use the new spelling of RWH_WRITE_LIFE_NOT_SET (bsc#1166003).
drm/amd/amdgpu: Fix GPR read from debugfs (v2) (bsc#1113956)
drm/amd/display: Add link_rate quirk for Apple 15' MBP 2017 (bsc#1111666).
drm/amd/display: Fix wrongly passed static prefix (bsc#1111666).
drm/amd/display: remove duplicated assignment to grph_obj_type (bsc#1051510).
drm/amd/dm/mst: Ignore payload update failures (bsc#1112178)
drm/amdgpu: fix typo for vcn1 idle check (bsc#1111666).
drm/amdkfd: fix a use after free race with mmu_notifer unregister (bsc#1114279)
drm: atmel-hlcdc: enable clock before configuring timing engine (bsc#1114279)
drm/bridge: dw-hdmi: fix AVI frame colorimetry (bsc#1051510).
drm/etnaviv: fix dumping of iommuv2 (bsc#1114279)
drm/exynos: dsi: fix workaround for the legacy clock name (bsc#1111666).
drm/exynos: dsi: propagate error value and silence meaningless warning (bsc#1111666).
drm/gma500: Fixup fbdev stolen size usage evaluation (bsc#1051510).
drm/i915/gvt: Fix orphan vgpu dmabuf_objs' lifetime (git-fixes).
drm/i915/gvt: Fix unnecessary schedule timer when no vGPU exits (git-fixes).
drm/i915/gvt: Separate display reset from ALL_ENGINES reset (bsc#1114279)
drm/i915: Program MBUS with rmw during initialization (git-fixes).
drm/i915/selftests: Fix return in assert_mmap_offset() (bsc#1114279)
drm/i915/userptr: fix size calculation (bsc#1114279)
drm/i915/userptr: Try to acquire the page lock around (bsc#1114279)
drm/i915/userptr: Try to acquire the page lock around (bsc#1114279)
drm/i915: Wean off drm_pci_alloc/drm_pci_free (bsc#1114279)
drm/lease: fix WARNING in idr_destroy (bsc#1113956)
drm/mediatek: Add gamma property according to hardware capability (bsc#1114279)
drm/mediatek: disable all the planes in atomic_disable (bsc#1114279)
drm/mediatek: handle events when enabling/disabling crtc (bsc#1051510).
drm/mipi_dbi: Fix off-by-one bugs in mipi_dbi_blank() (bsc#1114279)
drm: msm: mdp4: Adjust indentation in mdp4_dsi_encoder_enable (bsc#1114279)
drm/msm: Set dma maximum segment size for mdss (bsc#1051510).
drm/nouveau/disp/nv50-: prevent oops when no channel method map provided (bsc#1051510).
drm/nouveau/gr/gk20a,gm200-: add terminators to method lists read from fw (bsc#1051510).
drm/nouveau/kms/gv100-: Re-set LUT after clearing for modesets (git-fixes).
drm: rcar-du: Recognize 'renesas,vsps' in addition to 'vsps' (bsc#1114279)
drm: remove the newline for CRC source name (bsc#1051510).
drm/sun4i: de2/de3: Remove unsupported VI layer formats (git-fixes).
drm/sun4i: dsi: Use NULL to signify 'no panel' (bsc#1111666).
drm/sun4i: Fix DE2 VI layer format support (git-fixes).
drm/v3d: Replace wait_for macros to remove use of msleep (bsc#1111666).
drm/vc4: Fix HDMI mode validation (git-fixes).
dt-bindings: allow up to four clocks for orion-mdio (bsc#1051510).
EDAC, ghes: Make platform-based whitelisting x86-only (bsc#1158187).
EDAC/mc: Fix use-after-free and memleaks during device removal (bsc#1114279).
efi: Do not attempt to map RCI2 config table if it does not exist (jsc#ECO-366, bsc#1168367).
efi: Export Runtime Configuration Interface table to sysfs (jsc#ECO-366, bsc#1168367).
efi: Fix a race and a buffer overflow while reading efivars via sysfs (bsc#1164893).
efi: x86: move efi_is_table_address() into arch/x86 (jsc#ECO-366, bsc#1168367).
ethtool: Factored out similar ethtool link settings for virtual devices to core (bsc#1136157 ltc#177197).
ext4: Avoid ENOSPC when avoiding to reuse recently deleted inodes (bsc#1165019).
fbdev/g364fb: Fix build failure (bsc#1051510).
fcntl: fix typo in RWH_WRITE_LIFE_NOT_SET r/w hint name (bsc#1166003).
firmware: arm_sdei: fix double-lock on hibernate with shared events (bsc#1111666).
firmware: arm_sdei: fix possible double-lock on hibernate error path (bsc#1111666).
firmware: imx: misc: Align imx sc msg structs to 4 (git-fixes).
firmware: imx: scu: Ensure sequential TX (git-fixes).
firmware: imx: scu-pd: Align imx sc msg structs to 4 (git-fixes).
fix memory leak in large read decrypt offload (bsc#1144333).
fs/cifs/cifssmb.c: use true,false for bool variable (bsc#1144333).
fs: cifs: cifsssmb: remove redundant assignment to variable ret (bsc#1144333).
fs: cifs: Initialize filesystem timestamp ranges (bsc#1144333).
fs: cifs: mute -Wunused-const-variable message (bsc#1144333).
fs/cifs/sess.c: Remove set but not used variable 'capabilities' (bsc#1144333).
fs/cifs/smb2ops.c: use true,false for bool variable (bsc#1144333).
fs/cifs/smb2pdu.c: Make SMB2_notify_init static (bsc#1144333).
fs/xfs: fix f_ffree value for statfs when project quota is set (bsc#1165985).
ftrace/kprobe: Show the maxactive number on kprobe_events (git-fixes).
gtp: make sure only SOCK_DGRAM UDP sockets are accepted (networking-stable-20_01_27).
gtp: use __GFP_NOWARN to avoid memalloc warning (networking-stable-20_02_05).
HID: apple: Add support for recent firmware on Magic Keyboards (bsc#1051510).
HID: core: fix off-by-one memset in hid_report_raw_event() (bsc#1051510).
HID: hiddev: Fix race in in hiddev_disconnect() (git-fixes).
hv_netvsc: Fix memory leak when removing rndis device (networking-stable-20_01_20).
hwmon: (adt7462) Fix an error return in ADT7462_REG_VOLT() (bsc#1051510).
IB/hfi1: Close window for pq and request coliding (bsc#1060463).
IB/hfi1: convert to debugfs_file_get() and -put() (bsc#1159198 bsc#1109911).
ibmvfc: Fix NULL return compiler warning (bsc#1161951 ltc#183551).
ibmvnic: Do not process device remove during device reset (bsc#1065729).
ibmvnic: Warn unknown speed message only when carrier is present (bsc#1065729).
iio: gyro: adis16136: check ret val for non-zero vs less-than-zero (bsc#1051510).
iio: imu: adis16400: check ret val for non-zero vs less-than-zero (bsc#1051510).
iio: imu: adis16480: check ret val for non-zero vs less-than-zero (bsc#1051510).
iio: imu: adis: check ret val for non-zero vs less-than-zero (bsc#1051510).
iio: magnetometer: ak8974: Fix negative raw values in sysfs (bsc#1051510).
Input: add safety guards to input_set_keycode() (bsc#1168075).
Input: avoid BIT() macro usage in the serio.h UAPI header (bsc#1051510).
Input: edt-ft5x06 - work around first register access error (bsc#1051510).
Input: raydium_i2c_ts - fix error codes in raydium_i2c_boot_trigger() (bsc#1051510).
Input: synaptics - enable SMBus on ThinkPad L470 (bsc#1051510).
Input: synaptics - remove the LEN0049 dmi id from topbuttonpad list (bsc#1051510).
Input: synaptics - switch T470s to RMI4 by default (bsc#1051510).
intel_th: Fix user-visible error codes (bsc#1051510).
iommu/amd: Check feature support bit before accessing MSI capability registers (bsc#1166101).
iommu/amd: Only support x2APIC with IVHD type 11h/40h (bsc#1166102).
iommu/amd: Remap the IOMMU device table with the memory encryption mask for kdump (bsc#1141895).
iommu/dma: Fix MSI reservation allocation (bsc#1166730).
iommu/vt-d: dmar: replace WARN_TAINT with pr_warn + add_taint (bsc#1166731).
iommu/vt-d: Fix a bug in intel_iommu_iova_to_phys() for huge page (bsc#1166732).
iommu/vt-d: Fix compile warning from intel-svm.h (bsc#1166103).
iommu/vt-d: Fix the wrong printing in RHSA parsing (bsc#1166733).
iommu/vt-d: Ignore devices with out-of-spec domain number (bsc#1166734).
iommu/vt-d: quirk_ioat_snb_local_iommu: replace WARN_TAINT with pr_warn + add_taint (bsc#1166735).
ipmi: fix hung processes in __get_guid() (bsc#1111666).
ipmi:ssif: Handle a possible NULL pointer reference (bsc#1051510).
ipv4: ensure rcu_read_lock() in cipso_v4_error() (git-fixes).
ipv6: restrict IPV6_ADDRFORM operation (bsc#1109837).
iwlegacy: Fix -Wcast-function-type (bsc#1051510).
iwlwifi: mvm: Do not require PHY_SKU NVM section for 3168 devices (bsc#1166632).
iwlwifi: mvm: Fix thermal zone registration (bsc#1051510).
kABI: fixes for debugfs per-file removal protection backports (bsc#1159198 bsc#1109911).
kABI: restore debugfs_remove_recursive() (bsc#1159198).
kABI workaround for pcie_port_bus_type change (bsc#1161561).
kdump, proc/vmcore: Enable kdumping encrypted memory with SME enabled (bsc#1141895).
kernel/module.c: Only return -EEXIST for modules that have finished loading (bsc#1165488).
kernel/module.c: wakeup processes in module_wq on module unload (bsc#1165488).
kexec: Allocate decrypted control pages for kdump if SME is enabled (bsc#1141895).
KVM: arm64: Store vcpu on the stack during __guest_enter() (bsc#1133021).
KVM: s390: do not clobber registers during guest reset/store status (bsc#1133021).
KVM: s390: ENOTSUPP -> EOPNOTSUPP fixups (bsc#1133021).
KVM: VMX: check descriptor table exits on instruction emulation (bsc#1166104).
l2tp: Allow duplicate session creation with UDP (networking-stable-20_02_05).
libceph: fix alloc_msg_with_page_vector() memory leaks (bsc#1169308).
libnvdimm/pfn_dev: Do not clear device memmap area during generic namespace probe (bsc#1165929 bsc#1165950).
libnvdimm/pfn: fix fsdax-mode namespace info-block zero-fields (bsc#1165929).
libnvdimm: remove redundant __func__ in dev_dbg (bsc#1165929).
lib/raid6: add missing include for raid6test (bsc#1166003).
lib/raid6: add option to skip algo benchmarking (bsc#1166003).
lib/raid6: avoid __attribute_const__ redefinition (bsc#1166003).
lpfc: add support for translating an RSCN rcv into a discovery rescan (bsc#1164777 bsc#1164780 bsc#1165211).
lpfc: add support to generate RSCN events for nport (bsc#1164777 bsc#1164780 bsc#1165211).
mac80211: consider more elements in parsing CRC (bsc#1051510).
mac80211: free peer keys before vif down in mesh (bsc#1051510).
mac80211: mesh: fix RCU warning (bsc#1051510).
mac80211: only warn once on chanctx_conf being NULL (bsc#1051510).
mac80211: rx: avoid RCU list traversal under mutex (bsc#1051510).
macsec: add missing attribute validation for port (bsc#1051510).
macsec: fix refcnt leak in module exit routine (bsc#1051510).
md: add __acquires/__releases annotations to handle_active_stripes (bsc#1166003).
md: add __acquires/__releases annotations to (un)lock_two_stripes (bsc#1166003).
md: add a missing endianness conversion in check_sb_changes (bsc#1166003).
md: add bitmap_abort label in md_run (bsc#1166003).
md: add feature flag MD_FEATURE_RAID0_LAYOUT (bsc#1166003).
md: allow last device to be forcibly removed from RAID1/RAID10 (bsc#1166003).
md: avoid invalid memory access for array sb->dev_roles (bsc#1166003).
md/bitmap: avoid race window between md_bitmap_resize and bitmap_file_clear_bit (bsc#1166003).
md-bitmap: create and destroy wb_info_pool with the change of backlog (bsc#1166003).
md-bitmap: create and destroy wb_info_pool with the change of bitmap (bsc#1166003).
md-bitmap: small cleanups (bsc#1166003).
md/bitmap: use mddev_suspend/resume instead of ->quiesce() (bsc#1166003).
md-cluster/bitmap: do not call md_bitmap_sync_with_cluster during reshaping stage (bsc#1166003).
md-cluster: introduce resync_info_get interface for sanity check (bsc#1166003).
md-cluster/raid10: call update_size in md_reap_sync_thread (bsc#1166003).
md-cluster/raid10: do not call remove_and_add_spares during reshaping stage (bsc#1166003).
md-cluster/raid10: resize all the bitmaps before start reshape (bsc#1166003).
md-cluster/raid10: support add disk under grow mode (bsc#1166003).
md-cluster: remove suspend_info (bsc#1166003).
md-cluster: send BITMAP_NEEDS_SYNC message if reshaping is interrupted (bsc#1166003).
md: convert to kvmalloc (bsc#1166003).
md: do not call spare_active in md_reap_sync_thread if all member devices can't work (bsc#1166003).
md: do not set In_sync if array is frozen (bsc#1166003).
md: fix a typo s/creat/create (bsc#1166003).
md: fix for divide error in status_resync (bsc#1166003).
md: fix spelling typo and add necessary space (bsc#1166003).
md: introduce mddev_create/destroy_wb_pool for the change of member device (bsc#1166003).
md-linear: use struct_size() in kzalloc() (bsc#1166003).
md: Make bio_alloc_mddev use bio_alloc_bioset (bsc#1166003).
md: make sure desc_nr less than MD_SB_DISKS (bsc#1166003).
md: md.c: Return -ENODEV when mddev is NULL in rdev_attr_show (bsc#1166003).
md: no longer compare spare disk superblock events in super_load (bsc#1166003).
md/raid0: Fix an error message in raid0_make_request() (bsc#1166003).
md/raid0/linear: Mark array as 'broken' and fail BIOs if a member is gone (bsc#1166003).
md/raid10: end bio when the device faulty (bsc#1166003).
md/raid10: Fix raid10 replace hang when new added disk faulty (bsc#1166003).
md/raid10: prevent access of uninitialized resync_pages offset (bsc#1166003).
md/raid10: read balance chooses idlest disk for SSD (bsc#1166003).
md/raid10: Use struct_size() in kmalloc() (bsc#1166003).
md/raid1: avoid soft lockup under high load (bsc#1166003).
md/raid1: check rdev before reference in raid1_sync_request func (bsc#1166003).
md/raid1: end bio when the device faulty (bsc#1166003).
md/raid1: fail run raid1 array when active disk less than one (bsc#1166003).
md/raid1: Fix a warning message in remove_wb() (bsc#1166003).
md/raid1: fix potential data inconsistency issue with write behind device (bsc#1166003).
md/raid1: get rid of extra blank line and space (bsc#1166003).
md/raid5: use bio_end_sector to calculate last_sector (bsc#1166003).
md/raid6: fix algorithm choice under larger PAGE_SIZE (bsc#1166003).
md: remove set but not used variable 'bi_rdev' (bsc#1166003).
md: rename wb stuffs (bsc#1166003).
md: return -ENODEV if rdev has no mddev assigned (bsc#1166003).
md: use correct type in super_1_load (bsc#1166003).
md: use correct type in super_1_sync (bsc#1166003).
md: use correct types in md_bitmap_print_sb (bsc#1166003).
media: ov519: add missing endpoint sanity checks (bsc#1168829).
media: ov6650: Fix .get_fmt() V4L2_SUBDEV_FORMAT_TRY support (bsc#1051510).
media: ov6650: Fix some format attributes not under control (bsc#1051510).
media: ov6650: Fix stored crop rectangle not in sync with hardware (bsc#1051510).
media: ov6650: Fix stored frame format not in sync with hardware (bsc#1051510).
media: stv06xx: add missing descriptor sanity checks (bsc#1168854).
media: uvcvideo: Refactor teardown of uvc on USB disconnect (bsc#1164507).
mlxsw: spectrum_qdisc: Include MC TCs in Qdisc counters (bsc#1112374).
mlxsw: spectrum: Wipe xstats.backlog of down ports (bsc#1112374).
mmc: sdhci-of-at91: fix cd-gpios for SAMA5D2 (bsc#1051510).
mwifiex: set needed_headroom, not hard_header_len (bsc#1051510).
net: cxgb3_main: Add CAP_NET_ADMIN check to CHELSIO_GET_MEM (networking-stable-20_01_27).
net: dsa: mv88e6xxx: Preserve priority when setting CPU port (networking-stable-20_01_11).
net: dsa: tag_qca: fix doubled Tx statistics (networking-stable-20_01_20).
net: dsa: tag_qca: Make sure there is headroom for tag (networking-stable-20_02_19).
net: ena: Add PCI shutdown handler to allow safe kexec (bsc#1167421, bsc#1167423).
net/ethtool: Introduce link_ksettings API for virtual network devices (bsc#1136157 ltc#177197).
net: Fix Tx hash bound checking (bsc#1109837).
net: hns3: fix a copying IPv6 address error in hclge_fd_get_flow_tuples() (bsc#1104353).
net: hns: fix soft lockup when there is not enough memory (networking-stable-20_01_20).
net: hsr: fix possible NULL deref in hsr_handle_frame() (networking-stable-20_02_05).
net: ip6_gre: fix moving ip6gre between namespaces (networking-stable-20_01_27).
net, ip6_tunnel: fix namespaces move (networking-stable-20_01_27).
net, ip_tunnel: fix namespaces move (networking-stable-20_01_27).
net: macb: Limit maximum GEM TX length in TSO (networking-stable-20_02_09).
net: macb: Remove unnecessary alignment check for TSO (networking-stable-20_02_09).
net/mlx5: Fix lowest FDB pool size (bsc#1103990).
net/mlx5: IPsec, Fix esp modify function attribute (bsc#1103990 ).
net/mlx5: IPsec, fix memory leak at mlx5_fpga_ipsec_delete_sa_ctx (bsc#1103990).
net/mlx5: Update the list of the PCI supported devices (bsc#1127611).
net/mlxfw: Verify FSM error code translation does not exceed array size (bsc#1051858).
net: mvneta: move rx_dropped and rx_errors in per-cpu stats (networking-stable-20_02_09).
net/nfc: Avoid stalls when nfc_alloc_send_skb() returned NULL (bsc#1051510).
net: nfc: fix bounds checking bugs on 'pipe' (bsc#1051510).
net: rtnetlink: validate IFLA_MTU attribute in rtnl_create_link() (networking-stable-20_01_27).
net_sched: ematch: reject invalid TCF_EM_SIMPLE (networking-stable-20_01_30).
net_sched: fix an OOB access in cls_tcindex (networking-stable-20_02_05).
net_sched: fix a resource leak in tcindex_set_parms() (networking-stable-20_02_09).
net_sched: fix datalen for ematch (networking-stable-20_01_27).
net/sched: flower: add missing validation of TCA_FLOWER_FLAGS (networking-stable-20_02_19).
net_sched: keep alloc_hash updated after hash allocation (git-fixes).
net/sched: matchall: add missing validation of TCA_MATCHALL_FLAGS (networking-stable-20_02_19).
net: sch_prio: When ungrafting, replace with FIFO (networking-stable-20_01_11).
net/smc: add fallback check to connect() (git-fixes).
net/smc: fix cleanup for linkgroup setup failures (git-fixes).
net/smc: fix leak of kernel memory to user space (networking-stable-20_02_19).
net/smc: no peer ID in CLC decline for SMCD (git-fixes).
net/smc: transfer fasync_list in case of fallback (git-fixes).
net: stmmac: Delete txtimer in suspend() (networking-stable-20_02_05).
net: stmmac: dwmac-sunxi: Allow all RGMII modes (networking-stable-20_01_11).
net-sysfs: Fix reference count leak (networking-stable-20_01_27).
net: systemport: Avoid RBUF stuck in Wake-on-LAN mode (networking-stable-20_02_09).
net/tls: fix async operation (bsc#1109837).
net/tls: free the record on encryption error (bsc#1109837).
net/tls: take into account that bpf_exec_tx_verdict() may free the record (bsc#1109837).
net: usb: lan78xx: Add .ndo_features_check (networking-stable-20_01_27).
net: usb: lan78xx: fix possible skb leak (networking-stable-20_01_11).
net/wan/fsl_ucc_hdlc: fix out of bounds write on array utdm_info (networking-stable-20_01_20).
NFC: pn544: Fix a typo in a debug message (bsc#1051510).
NFC: port100: Convert cpu_to_le16(le16_to_cpu(E1) + E2) to use le16_add_cpu() (bsc#1051510).
NFS: send state management on a single connection (bsc#1167005).
nvme: fix a possible deadlock when passthru commands sent to a multipath device (bsc#1158983).
nvme: fix controller removal race with scan work (bsc#1158983).
nvme: Fix parsing of ANA log page (bsc#1166658).
nvme-multipath: also check for a disabled path if there is a single sibling (bsc#1158983).
nvme-multipath: do not select namespaces which are about to be removed (bsc#1158983).
nvme-multipath: factor out a nvme_path_is_disabled helper (bsc#1158983).
nvme-multipath: fix crash in nvme_mpath_clear_ctrl_paths (bsc#1158983).
nvme-multipath: fix possible io hang after ctrl reconnect (bsc#1158983).
nvme-multipath: fix possible I/O hang when paths are updated (bsc#1158983).
nvme-multipath: remove unused groups_only mode in ana log (bsc#1158983).
nvme-multipath: round-robin I/O policy (bsc#1158983).
nvme: resync include/linux/nvme.h with nvmecli (bsc#1156510).
nvme: Translate more status codes to blk_status_t (bsc#1156510).
orinoco: avoid assertion in case of NULL pointer (bsc#1051510).
padata: always acquire cpu_hotplug_lock before pinst->lock (git-fixes).
PCI/AER: Clear device status bits during ERR_COR handling (bsc#1161561).
PCI/AER: Clear device status bits during ERR_FATAL and ERR_NONFATAL (bsc#1161561).
PCI/AER: Clear only ERR_FATAL status bits during fatal recovery (bsc#1161561).
PCI/AER: Clear only ERR_NONFATAL bits during non-fatal recovery (bsc#1161561).
PCI/AER: Do not clear AER bits if error handling is Firmware-First (bsc#1161561).
PCI/AER: Do not read upstream ports below fatal errors (bsc#1161561).
PCI/AER: Factor message prefixes with dev_fmt() (bsc#1161561).
PCI/AER: Factor out ERR_NONFATAL status bit clearing (bsc#1161561).
PCI/AER: Log which device prevents error recovery (bsc#1161561).
PCI/AER: Remove ERR_FATAL code from ERR_NONFATAL path (bsc#1161561).
PCI/AER: Take reference on error devices (bsc#1161561).
PCI/ERR: Always report current recovery status for udev (bsc#1161561).
PCI/ERR: Handle fatal error recovery (bsc#1161561).
PCI/ERR: Remove duplicated include from err.c (bsc#1161561).
PCI/ERR: Run error recovery callbacks for all affected devices (bsc#1161561).
PCI/ERR: Simplify broadcast callouts (bsc#1161561).
PCI/ERR: Use slot reset if available (bsc#1161561).
PCI: portdrv: Initialize service drivers directly (bsc#1161561).
PCI/portdrv: Remove pcie_port_bus_type link order dependency (bsc#1161561).
PCI: Simplify disconnected marking (bsc#1161561).
PCI: Unify device inaccessible (bsc#1161561).
perf/amd/uncore: Replace manual sampling check with CAP_NO_INTERRUPT flag (bsc#1114279).
perf: qcom_l2: fix column exclusion check (git-fixes).
pinctrl: baytrail: Do not clear IRQ flags on direct-irq enabled pins (bsc#1051510).
pinctrl: imx: scu: Align imx sc msg structs to 4 (git-fixes).
pinctrl: sh-pfc: sh7264: Fix CAN function GPIOs (bsc#1051510).
pinctrl: sh-pfc: sh7269: Fix CAN function GPIOs (bsc#1051510).
pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM (networking-stable-20_01_11).
platform/mellanox: fix potential deadlock in the tmfifo driver (bsc#1136333 jsc#SLE-4994).
platform/x86: pmc_atom: Add Lex 2I385SW to critclk_systems DMI table (bsc#1051510).
PM: core: Fix handling of devices deleted during system-wide resume (git-fixes).
powerpc/64: mark start_here_multiplatform as __ref (bsc#1148868).
powerpc/64s: Fix section mismatch warnings from boot code (bsc#1148868).
powerpc/64/tm: Do not let userspace set regs->trap via sigreturn (bsc#1118338 ltc#173734).
powerpc: fix hardware PMU exception bug on PowerVM compatibility mode systems (bsc#1056686).
powerpc/kprobes: Ignore traps that happened in real mode (bsc#1065729).
powerpc/mm: Fix section mismatch warning in stop_machine_change_mapping() (bsc#1148868).
powerpc/pseries: Avoid NULL pointer dereference when drmem is unavailable (bsc#1160659).
powerpc/pseries/ddw: Extend upper limit for huge DMA window for persistent memory (bsc#1142685 ltc#179509).
powerpc/pseries: fix of_read_drc_info_cell() to point at next record (bsc#1165980 ltc#183834).
powerpc/pseries: group lmb operation and memblock's (bsc#1165404 ltc#183498).
powerpc/pseries/iommu: Fix set but not used values (bsc#1142685 ltc#179509).
powerpc/pseries/iommu: Use memory@ nodes in max RAM address calculation (bsc#1142685 ltc#179509).
powerpc/pseries/memory-hotplug: Only update DT once per memory DLPAR request (bsc#1165404 ltc#183498).
powerpc/pseries: update device tree before ejecting hotplug uevents (bsc#1165404 ltc#183498).
powerpc/smp: Use nid as fallback for package_id (bsc#1165813 ltc#184091).
powerpc/vmlinux.lds: Explicitly retain .gnu.hash (bsc#1148868).
powerpc/xive: Replace msleep(x) with msleep(OPAL_BUSY_DELAY_MS) (bsc#1085030).
powerpc/xive: Use XIVE_BAD_IRQ instead of zero to catch non configured IPIs (bsc#1085030).
ptr_ring: add include of linux/mm.h (bsc#1109837).
qmi_wwan: re-add DW5821e pre-production variant (bsc#1051510).
raid10: refactor common wait code from regular read/write request (bsc#1166003).
raid1: factor out a common routine to handle the completion of sync write (bsc#1166003).
raid1: simplify raid1_error function (bsc#1166003).
raid1: use an int as the return value of raise_barrier() (bsc#1166003).
raid5: block failing device if raid will be failed (bsc#1166003).
raid5: do not increment read_errors on EILSEQ return (bsc#1166003).
raid5: do not set STRIPE_HANDLE to stripe which is in batch list (bsc#1166003).
raid5 improve too many read errors msg by adding limits (bsc#1166003).
raid5: need to set STRIPE_HANDLE for batch head (bsc#1166003).
raid5: remove STRIPE_OPS_REQ_PENDING (bsc#1166003).
raid5: remove worker_cnt_per_group argument from alloc_thread_groups (bsc#1166003).
raid5: set write hint for PPL (bsc#1166003).
raid5: use bio_end_sector in r5_next_bio (bsc#1166003).
raid6/test: fix a compilation error (bsc#1166003).
raid6/test: fix a compilation warning (bsc#1166003).
RDMA/cma: Fix unbalanced cm_id reference count during address resolve (bsc#1103992).
RDMA/hfi1: Fix memory leak in _dev_comp_vect_mappings_create (bsc#1114685).
RDMA/uverbs: Verify MR access flags (bsc#1103992).
remoteproc: Initialize rproc_class before use (bsc#1051510).
rtlwifi: rtl8192de: Fix missing callback that tests for hw release of buffer (git-fixes).
rtlwifi: rtl_pci: Fix -Wcast-function-type (bsc#1051510).
rxrpc: Fix insufficient receive notification generation (networking-stable-20_02_05).
s390/mm: fix dynamic pagetable upgrade for hugetlbfs (bsc#1165182 LTC#184102).
s390/pci: Fix unexpected write combine on resource (git-fixes).
s390/qeth: fix potential deadlock on workqueue flush (bsc#1165185 LTC#184108).
s390/uv: Fix handling of length extensions (git-fixes).
scsi: fc: Update Descriptor definition and add RDF and Link Integrity FPINs (bsc#1164777 bsc#1164780 bsc#1165211).
scsi: fnic: do not queue commands during fwreset (bsc#1146539).
scsi: ibmvfc: Add failed PRLI to cmd_status lookup array (bsc#1161951 ltc#183551).
scsi: ibmvfc: Avoid loss of all paths during SVC node reboot (bsc#1161951 ltc#183551).
scsi: ibmvfc: Byte swap status and error codes when logging (bsc#1161951 ltc#183551).
scsi: ibmvfc: Clean up transport events (bsc#1161951 ltc#183551).
scsi: ibmvfc: constify dev_pm_ops structures (bsc#1161951 ltc#183551).
scsi: ibmvfc: Do not call fc_block_scsi_eh() on host reset (bsc#1161951 ltc#183551).
scsi: ibmvfc: Fix NULL return compiler warning (bsc#1161951 ltc#183551).
scsi: ibmvfc: ibmvscsi: ibmvscsi_tgt: constify vio_device_id (bsc#1161951 ltc#183551).
scsi: ibmvfc: Mark expected switch fall-throughs (bsc#1161951 ltc#183551).
scsi: ibmvfc: Remove 'failed' from logged errors (bsc#1161951 ltc#183551).
scsi: ibmvfc: Remove unneeded semicolons (bsc#1161951 ltc#183551).
scsi: ibmvscsi: change strncpy+truncation to strlcpy (bsc#1161951 ltc#183551).
scsi: ibmvscsi: constify dev_pm_ops structures (bsc#1161951 ltc#183551).
scsi: ibmvscsi: Do not use rc uninitialized in ibmvscsi_do_work (bsc#1161951 ltc#183551).
scsi: ibmvscsi: fix tripping of blk_mq_run_hw_queue WARN_ON (bsc#1161951 ltc#183551).
scsi: ibmvscsi: Improve strings handling (bsc#1161951 ltc#183551).
scsi: ibmvscsi: redo driver work thread to use enum action states (bsc#1161951 ltc#183551).
scsi: ibmvscsi: Wire up host_reset() in the driver's scsi_host_template (bsc#1161951 ltc#183551).
scsi: lpfc: add RDF registration and Link Integrity FPIN logging (bsc#1164777 bsc#1164780 bsc#1165211).
scsi: lpfc: Change default SCSI LUN QD to 64 (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654).
scsi: lpfc: Clean up hba max_lun_queue_depth checks (bsc#1164777 bsc#1164780 bsc#1165211).
scsi: lpfc: Copyright updates for 12.6.0.4 patches (bsc#1164777 bsc#1164780 bsc#1165211).
scsi: lpfc: Fix broken Credit Recovery after driver load (bsc#1164777 bsc#1164780 bsc#1165211).
scsi: lpfc: Fix compiler warning on frame size (bsc#1164777 bsc#1164780 bsc#1165211).
scsi: lpfc: Fix coverity errors in fmdi attribute handling (bsc#1164777 bsc#1164780 bsc#1165211).
scsi: lpfc: Fix crash after handling a pci error (bsc#1164777 bsc#1164780 bsc#1165211).
scsi: lpfc: Fix crash in target side cable pulls hitting WAIT_FOR_UNREG (bsc#1164777 bsc#1164780 bsc#1165211).
scsi: lpfc: Fix disablement of FC-AL on lpe35000 models (bsc#1164777 bsc#1164780 bsc#1165211).
scsi: lpfc: Fix driver nvme rescan logging (bsc#1164777 bsc#1164780 bsc#1165211).
scsi: lpfc: Fix erroneous cpu limit of 128 on I/O statistics (bsc#1164777 bsc#1164780 bsc#1165211).
scsi: lpfc: Fix Fabric hostname registration if system hostname changes (bsc#1164777 bsc#1164780 bsc#1165211).
scsi: lpfc: Fix improper flag check for IO type (bsc#1164777 bsc#1164780 bsc#1165211).
scsi: lpfc: Fix incomplete NVME discovery when target (bsc#1164777 bsc#1164780 bsc#1165211).
scsi: lpfc: Fix kasan slab-out-of-bounds error in lpfc_unreg_login (bsc#1164777 bsc#1164780 bsc#1165211).
scsi: lpfc: Fix lockdep error - register non-static key (bsc#1164777 bsc#1164780 bsc#1165211).
scsi: lpfc: Fix lpfc_io_buf resource leak in lpfc_get_scsi_buf_s4 error path (bsc#1164777 bsc#1164780 bsc#1165211).
scsi: lpfc: Fix lpfc overwrite of sg_cnt field in nvmefc_tgt_fcp_req (bsc#1164777 bsc#1164780 bsc#1165211).
scsi: lpfc: Fix MDS Latency Diagnostics Err-drop rates (bsc#1164777 bsc#1164780 bsc#1165211).
scsi: lpfc: Fix memory leak on lpfc_bsg_write_ebuf_set func (bsc#1164777 bsc#1164780 bsc#1165211).
scsi: lpfc: Fix missing check for CSF in Write Object Mbox Rsp (bsc#1164777 bsc#1164780 bsc#1165211).
scsi: lpfc: Fix ras_log via debugfs (bsc#1164777 bsc#1164780 bsc#1165211).
scsi: lpfc: Fix registration of ELS type support in fdmi (bsc#1164777 bsc#1164780 bsc#1165211).
scsi: lpfc: Fix release of hwq to clear the eq relationship (bsc#1164777 bsc#1164780 bsc#1165211).
scsi: lpfc: Fix: Rework setting of fdmi symbolic node name registration (bsc#1164777 bsc#1164780 bsc#1165211).
scsi: lpfc: Fix RQ buffer leakage when no IOCBs available (bsc#1164777 bsc#1164780 bsc#1165211).
scsi: lpfc: Fix scsi host template for SLI3 vports (bsc#1164777 bsc#1164780 bsc#1165211).
scsi: lpfc: fix spelling mistake 'Notication' -> 'Notification' (bsc#1164777 bsc#1164780 bsc#1165211).
scsi: lpfc: fix spelling mistakes of asynchronous (bsc#1164777 bsc#1164780 bsc#1165211).
scsi: lpfc: Fix unmap of dpp bars affecting next driver load (bsc#1164777 bsc#1164780 bsc#1165211).
scsi: lpfc: Fix update of wq consumer index in lpfc_sli4_wq_release (bsc#1164777 bsc#1164780 bsc#1165211).
scsi: lpfc: Make debugfs ktime stats generic for NVME and SCSI (bsc#1164777 bsc#1164780 bsc#1165211).
scsi: lpfc: Make lpfc_defer_acc_rsp static (bsc#1164777 bsc#1164780 bsc#1165211).
scsi: lpfc: Remove handler for obsolete ELS - Read Port Status (RPS) (bsc#1164777 bsc#1164780 bsc#1165211).
scsi: lpfc: Remove prototype FIPS/DSS options from SLI-3 (bsc#1164777 bsc#1164780 bsc#1165211).
scsi: lpfc: Update lpfc version to 12.8.0.0 (bsc#1164777 bsc#1164780 bsc#1165211).
scsi: qla2xxx: Add 16.0GT for PCI String (bsc#1157424).
scsi: qla2xxx: Add beacon LED config sysfs interface (bsc#1157424).
scsi: qla2xxx: Add changes in preparation for vendor extended FDMI/RDP (bsc#1157424).
scsi: qla2xxx: Add deferred queue for processing ABTS and RDP (bsc#1157424).
scsi: qla2xxx: Add endianizer macro calls to fc host stats (bsc#1157424).
scsi: qla2xxx: Add fixes for mailbox command (bsc#1157424).
scsi: qla2xxx: add more FW debug information (bsc#1157424).
scsi: qla2xxx: Add ql2xrdpenable module parameter for RDP (bsc#1157424).
scsi: qla2xxx: Add sysfs node for D-Port Diagnostics AEN data (bsc#1157424).
scsi: qla2xxx: Add vendor extended FDMI commands (bsc#1157424).
scsi: qla2xxx: Add vendor extended RDP additions and amendments (bsc#1157424).
scsi: qla2xxx: Avoid setting firmware options twice in 24xx_update_fw_options (bsc#1157424).
scsi: qla2xxx: Check locking assumptions at runtime in qla2x00_abort_srb() (bsc#1157424).
scsi: qla2xxx: Cleanup ELS/PUREX iocb fields (bsc#1157424).
scsi: qla2xxx: Convert MAKE_HANDLE() from a define into an inline function (bsc#1157424).
scsi: qla2xxx: Correction to selection of loopback/echo test (bsc#1157424).
scsi: qla2xxx: Display message for FCE enabled (bsc#1157424).
scsi: qla2xxx: Fix control flags for login/logout IOCB (bsc#1157424).
scsi: qla2xxx: Fix FCP-SCSI FC4 flag passing error (bsc#1157424).
scsi: qla2xxx: fix FW resource count values (bsc#1157424).
scsi: qla2xxx: Fix I/Os being passed down when FC device is being deleted (bsc#1157424).
scsi: qla2xxx: Fix NPIV instantiation after FW dump (bsc#1157424).
scsi: qla2xxx: Fix qla2x00_echo_test() based on ISP type (bsc#1157424).
scsi: qla2xxx: Fix RDP respond data format (bsc#1157424).
scsi: qla2xxx: Fix RDP response size (bsc#1157424).
scsi: qla2xxx: Fix sparse warning reported by kbuild bot (bsc#1157424).
scsi: qla2xxx: Fix sparse warnings triggered by the PCI state checking code (bsc#1157424).
scsi: qla2xxx: Force semaphore on flash validation failure (bsc#1157424).
scsi: qla2xxx: Handle cases for limiting RDP response payload length (bsc#1157424).
scsi: qla2xxx: Handle NVME status iocb correctly (bsc#1157424).
scsi: qla2xxx: Improved secure flash support messages (bsc#1157424).
scsi: qla2xxx: Move free of fcport out of interrupt context (bsc#1157424).
scsi: qla2xxx: Print portname for logging in qla24xx_logio_entry() (bsc#1157424).
scsi: qla2xxx: Remove restriction of FC T10-PI and FC-NVMe (bsc#1157424).
scsi: qla2xxx: Return appropriate failure through BSG Interface (bsc#1157424).
scsi: qla2xxx: Save rscn_gen for new fcport (bsc#1157424).
scsi: qla2xxx: Serialize fc_port alloc in N2N (bsc#1157424).
scsi: qla2xxx: Set Nport ID for N2N (bsc#1157424).
scsi: qla2xxx: Show correct port speed capabilities for RDP command (bsc#1157424).
scsi: qla2xxx: Simplify the code for aborting SCSI commands (bsc#1157424).
scsi: qla2xxx: Suppress endianness complaints in qla2x00_configure_local_loop() (bsc#1157424).
scsi: qla2xxx: Update BPM enablement semantics (bsc#1157424).
scsi: qla2xxx: Update driver version to 10.01.00.24-k (bsc#1157424).
scsi: qla2xxx: Update driver version to 10.01.00.25-k (bsc#1157424).
scsi: qla2xxx: Use a dedicated interrupt handler for 'handshake-required' ISPs (bsc#1157424).
scsi: qla2xxx: Use correct ISP28xx active FW region (bsc#1157424).
scsi: qla2xxx: Use endian macros to assign static fields in fwdump header (bsc#1157424).
scsi: qla2xxx: Use FC generic update firmware options routine for ISP27xx (bsc#1157424).
scsi: qla2xxx: Use QLA_FW_STOPPED macro to propagate flag (bsc#1157424).
scsi: tcm_qla2xxx: Make qlt_alloc_qfull_cmd() set cmd->se_cmd.map_tag (bsc#1157424).
sctp: free cmd->obj.chunk for the unprocessed SCTP_CMD_REPLY (networking-stable-20_01_11).
smb3: add debug messages for closing unmatched open (bsc#1144333).
smb3: Add defines for new information level, FileIdInformation (bsc#1144333).
smb3: add dynamic tracepoints for flush and close (bsc#1144333).
smb3: add missing flag definitions (bsc#1144333).
smb3: Add missing reparse tags (bsc#1144333).
smb3: add missing worker function for SMB3 change notify (bsc#1144333).
smb3: add mount option to allow forced caching of read only share (bsc#1144333).
smb3: add mount option to allow RW caching of share accessed by only 1 client (bsc#1144333).
smb3: add one more dynamic tracepoint missing from strict fsync path (bsc#1144333).
smb3: add some more descriptive messages about share when mounting cache=ro (bsc#1144333).
smb3: allow decryption keys to be dumped by admin for debugging (bsc#1144333).
smb3: allow disabling requesting leases (bsc#1144333).
smb3: allow parallelizing decryption of reads (bsc#1144333).
smb3: allow skipping signature verification for perf sensitive configurations (bsc#1144333).
SMB3: Backup intent flag missing from some more ops (bsc#1144333).
smb3: cleanup some recent endian errors spotted by updated sparse (bsc#1144333).
smb3: display max smb3 requests in flight at any one time (bsc#1144333).
smb3: dump in_send and num_waiters stats counters by default (bsc#1144333).
smb3: enable offload of decryption of large reads via mount option (bsc#1144333).
smb3: fix default permissions on new files when mounting with modefromsid (bsc#1144333).
smb3: fix mode passed in on create for modetosid mount option (bsc#1144333).
smb3: fix performance regression with setting mtime (bsc#1144333).
smb3: fix potential null dereference in decrypt offload (bsc#1144333).
smb3: fix problem with null cifs super block with previous patch (bsc#1144333).
smb3: Fix regression in time handling (bsc#1144333).
smb3: improve check for when we send the security descriptor context on create (bsc#1144333).
smb3: log warning if CSC policy conflicts with cache mount option (bsc#1144333).
smb3: missing ACL related flags (bsc#1144333).
smb3: only offload decryption of read responses if multiple requests (bsc#1144333).
smb3: pass mode bits into create calls (bsc#1144333).
smb3: print warning once if posix context returned on open (bsc#1144333).
smb3: query attributes on file close (bsc#1144333).
smb3: remove noisy debug message and minor cleanup (bsc#1144333).
smb3: remove unused flag passed into close functions (bsc#1144333).
staging: ccree: use signal safe completion wait (git-fixes).
staging: rtl8188eu: Fix potential overuse of kernel memory (bsc#1051510).
staging: rtl8188eu: Fix potential security hole (bsc#1051510).
staging: rtl8723bs: Fix potential overuse of kernel memory (bsc#1051510).
staging: rtl8723bs: Fix potential security hole (bsc#1051510).
SUNRPC: Fix svcauth_gss_proxy_init() (bsc#1103992).
swiotlb: do not panic on mapping failures (bsc#1162171).
swiotlb: remove the overflow buffer (bsc#1162171).
tcp_bbr: improve arithmetic division in bbr_update_bw() (networking-stable-20_01_27).
tcp: clear tp->data_segs{in|out} in tcp_disconnect() (networking-stable-20_02_05).
tcp: clear tp->delivered in tcp_disconnect() (networking-stable-20_02_05).
tcp: clear tp->segs_{in|out} in tcp_disconnect() (networking-stable-20_02_05).
tcp: clear tp->total_retrans in tcp_disconnect() (networking-stable-20_02_05).
tcp: fix marked lost packets not being retransmitted (networking-stable-20_01_20).
tcp: fix 'old stuff' D-SACK causing SACK to be treated as D-SACK (networking-stable-20_01_11).
thunderbolt: Prevent crash if non-active NVMem file is read (git-fixes).
tick: broadcast-hrtimer: Fix a race in bc_set_next (bsc#1044231).
tools lib traceevent: Do not free tep->cmdlines in add_new_comm() on failure (git-fixes).
tools: Update include/uapi/linux/fcntl.h copy from the kernel (bsc#1166003).
tpm: ibmvtpm: Wait for buffer to be set before proceeding (bsc#1065729).
ttyprintk: fix a potential deadlock in interrupt context issue (git-fixes).
tun: add mutex_unlock() call and napi.skb clearing in tun_get_user() (bsc#1109837).
USB: audio-v2: Add uac2_effect_unit_descriptor definition (bsc#1051510).
USB: cdc-acm: fix rounding error in TIOCSSERIAL (git-fixes).
USB: core: add endpoint-blacklist quirk (git-fixes).
USB: core: hub: do error out if usb_autopm_get_interface() fails (git-fixes).
USB: core: port: do error out if usb_autopm_get_interface() fails (git-fixes).
USB: Disable LPM on WD19's Realtek Hub (git-fixes).
USB: dwc2: Fix in ISOC request length checking (git-fixes).
USB: Fix novation SourceControl XL after suspend (git-fixes).
USB: gadget: composite: Fix bMaxPower for SuperSpeedPlus (git-fixes).
USB: host: xhci-plat: add a shutdown (git-fixes).
USB: host: xhci: update event ring dequeue pointer on purpose (git-fixes).
USB: hub: Do not record a connect-change event during reset-resume (git-fixes).
usbip: Fix uninitialized symbol 'nents' in stub_recv_cmd_submit() (git-fixes).
USB: misc: iowarrior: add support for 2 OEMed devices (git-fixes).
USB: misc: iowarrior: add support for the 100 device (git-fixes).
USB: misc: iowarrior: add support for the 28 and 28L devices (git-fixes).
USB: musb: Disable pullup at init (git-fixes).
USB: quirks: add NO_LPM quirk for Logitech Screen Share (git-fixes).
USB: quirks: add NO_LPM quirk for RTL8153 based ethernet adapters (git-fixes).
USB: quirks: blacklist duplicate ep on Sound Devices USBPre2 (git-fixes).
USB: serial: option: add ME910G1 ECM composition 0x110b (git-fixes).
USB: serial: pl2303: add device-id for HP LD381 (git-fixes).
USB: storage: Add quirk for Samsung Fit flash (git-fixes).
USB: uas: fix a plug & unplug racing (git-fixes).
USB: xhci: apply XHCI_SUSPEND_DELAY to AMD XHCI controller 1022:145c (git-fixes).
uvcvideo: Refactor teardown of uvc on USB disconnect (bsc#1164507)
vgacon: Fix a UAF in vgacon_invert_region (bsc#1114279)
virtio-blk: fix hw_queue stopped on arbitrary error (git-fixes).
virtio-blk: improve virtqueue error to BLK_STS (bsc#1167627).
virtio_ring: fix unmap of indirect descriptors (bsc#1162171).
vlan: fix memory leak in vlan_dev_set_egress_priority (networking-stable-20_01_11).
vlan: vlan_changelink() should propagate errors (networking-stable-20_01_11).
vxlan: fix tos value before xmit (networking-stable-20_01_11).
x86/cpu/amd: Enable the fixed Instructions Retired counter IRPERF (bsc#1114279).
x86/ioremap: Add an ioremap_encrypted() helper (bsc#1141895).
x86/kdump: Export the SME mask to vmcoreinfo (bsc#1141895).
x86/mce/amd: Fix kobject lifetime (bsc#1114279).
x86/mce/amd: Publish the bank pointer only after setup has succeeded (bsc#1114279).
x86/mce: Fix logic and comments around MSR_PPIN_CTL (bsc#1114279).
x86/mm: Split vmalloc_sync_all() (bsc#1165741).
x86/pkeys: Manually set X86_FEATURE_OSPKE to preserve existing changes (bsc#1114279).
xfs: also remove cached ACLs when removing the underlying attr (bsc#1165873).
xfs: bulkstat should copy lastip whenever userspace supplies one (bsc#1165984).
xhci: apply XHCI_PME_STUCK_QUIRK to Intel Comet Lake platforms (git-fixes).
xhci: Do not open code __print_symbolic() in xhci trace events (git-fixes).
xhci: fix runtime pm enabling for quirky Intel hosts (bsc#1051510).
xhci: Force Maximum Packet size for Full-speed bulk devices to valid range (bsc#1051510).

Advisory ID	SUSE-RU-2020:2330-1
Released	Wed Aug 26 07:27:43 2020
Summary	Recommended update for ibmrtpkgs
Type	recommended
Severity	moderate
References	1173678

Description:

This update for ibmrtpkgs fixes the following issues:

Fixes an issues when numa balancing causes significant performance problems on real time SLE. (bsc#1173678)

Advisory ID	SUSE-SU-2020:2487-1
Released	Fri Sep 4 08:06:01 2020
Summary	Security update for the Linux Kernel
Type	security
Severity	important
References	1051510,1058115,1065600,1065729,1071995,1082555,1083647,1085030,1089895,1090036,1103990,1103991,1103992,1104745,1109837,1111666,1112178,1112374,1113956,1114279,1124278,1127354,1127355,1127371,1133021,1137325,1142685,1144333,1145929,1148868,1150660,1151794,1151927,1152489,1152624,1154824,1157169,1158265,1158983,1159037,1159058,1159199,1160388,1160947,1161016,1162002,1162063,1163309,1163403,1163897,1164284,1164780,1164871,1165183,1165478,1165741,1166780,1166860,1166861,1166862,1166864,1166866,1166867,1166868,1166870,1166940,1166969,1166978,1166985,1167104,1167288,1167574,1167851,1167867,1168081,1168202,1168332,1168486,1168670,1168760,1168762,1168763,1168764,1168765,1168789,1168881,1168884,1168952,1168959,1169020,1169057,1169194,1169390,1169514,1169525,1169625,1169762,1169771,1169795,1170011,1170056,1170125,1170145,1170284,1170345,1170442,1170457,1170522,1170592,1170617,1170618,1170620,1170621,1170770,1170778,1170791,1170901,1171078,1171098,1171118,1171124,1171189,1171191,1171195,1171202,1171205,1171214,1171217,1171218,1171219,1171220,1171244,1171293,1171417,1171424,1171527,1171529,1171530,1171558,1171599,1171600,1171601,1171602,1171604,1171605,1171606,1171607,1171608,1171609,1171610,1171611,1171612,1171613,1171614,1171615,1171616,1171617,1171618,1171619,1171620,1171621,1171622,1171623,1171624,1171625,1171626,1171662,1171679,1171691,1171692,1171694,1171695,1171732,1171736,1171739,1171743,1171753,1171759,1171817,1171835,1171841,1171868,1171904,1171948,1171949,1171951,1171952,1171979,1171982,1171983,1171988,1172017,1172096,1172097,1172098,1172099,1172101,1172102,1172103,1172104,1172127,1172130,1172185,1172188,1172199,1172201,1172202,1172221,1172247,1172249,1172251,1172257,1172317,1172342,1172343,1172344,1172366,1172378,1172391,1172397,1172453,1172458,1172484,1172537,1172538,1172687,1172719,1172759,1172775,1172781,1172782,1172783,1172871,1172872,1172999,1173060,1173074,1173146,1173265,1173280,1173284,1173428,1173514,1173567,1173573,1173746,1173818,1173820,1173825,1173826,1173833,1173838,1173839,1173845,1173857,1174113,1174115,1174122,1174123,1174186,1174187,1174296,1174343,1174356,1174409,1174438,1174462,CVE-2018-1000199,CVE-2019-19462,CVE-2019-20806,CVE-2019-20810,CVE-2019-20812,CVE-2019-20908,CVE-2019-9455,CVE-2020-0305,CVE-2020-0543,CVE-2020-10135,CVE-2020-10690,CVE-2020-10711,CVE-2020-10720,CVE-2020-10732,CVE-2020-10751,CVE-2020-10757,CVE-2020-10766,CVE-2020-10767,CVE-2020-10768,CVE-2020-10769,CVE-2020-10773,CVE-2020-10781,CVE-2020-11669,CVE-2020-12114,CVE-2020-12464,CVE-2020-12652,CVE-2020-12653,CVE-2020-12654,CVE-2020-12655,CVE-2020-12656,CVE-2020-12657,CVE-2020-12659,CVE-2020-12769,CVE-2020-12771,CVE-2020-12888,CVE-2020-13143,CVE-2020-13974,CVE-2020-14416,CVE-2020-15393,CVE-2020-15780

Description:

The SUSE Linux Enterprise 15 SP1 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:

CVE-2020-10135: Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key (bnc#1171988).
CVE-2020-0305: In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1174462).
CVE-2019-20908: An issue was discovered in drivers/firmware/efi/efi.c where incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032 (bnc#1173567).
CVE-2020-10781: zram sysfs resource consumption was fixed (bnc#1173074).
CVE-2020-15780: An issue was discovered in drivers/acpi/acpi_configfs.c where injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30 (bnc#1173573).
CVE-2020-15393: usbtest_disconnect in drivers/usb/misc/usbtest.c had a memory leak, aka CID-28ebeb8db770 (bnc#1173514).
CVE-2020-12771: btree_gc_coalesce in drivers/md/bcache/btree.c had a deadlock if a coalescing operation fails (bnc#1171732).
CVE-2020-12888: The VFIO PCI driver mishandled attempts to access disabled memory space (bnc#1171868).
CVE-2020-10769: A buffer over-read flaw was found in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allowed a local attacker with user privileges to cause a denial of service (bnc#1173265).
CVE-2020-10773: A kernel stack information leak on s390/s390x was fixed (bnc#1172999).
CVE-2020-14416: A race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002).
CVE-2020-10766: Fixed an issue which allowed an attacker with a local account to disable SSBD protection (bnc#1172781).
CVE-2020-10767: Fixed an issue where Indirect Branch Prediction Barrier was disabled in certain circumstances, leaving the system open to a spectre v2 style attack (bnc#1172782).
CVE-2020-10768: Fixed an issue with the prctl() function, where indirect branch speculation could be enabled even though it was diabled before (bnc#1172783).
CVE-2020-13974: Fixed a integer overflow in drivers/tty/vt/keyboard.c, if k_ascii is called several times in a row (bnc#1172775).
CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1154824).
CVE-2020-13143: Fixed an out-of-bounds read in gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c (bsc#1171982).
CVE-2020-12769: Fixed an issue which could have allowed attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one (bsc#1171983).
CVE-2020-12659: Fixed an out-of-bounds write (by a user with the CAP_NET_ADMIN capability) due to improper headroom validation (bsc#1171214).
CVE-2020-12657: An a use-after-free in block/bfq-iosched.c (bsc#1171205).
CVE-2020-12656: Fixed an improper handling of certain domain_release calls leadingch could have led to a memory leak (bsc#1171219).
CVE-2020-12655: Fixed an issue which could have allowed attackers to trigger a sync of excessive duration via an XFS v5 image with crafted metadata (bsc#1171217).
CVE-2020-12654: Fixed an issue in he wifi driver which could have allowed a remote AP to trigger a heap-based buffer overflow (bsc#1171202).
CVE-2020-12653: Fixed an issue in the wifi driver which could have allowed local users to gain privileges or cause a denial of service (bsc#1171195).
CVE-2020-12652: Fixed an issue which could have allowed local users to hold an incorrect lock during the ioctl operation and trigger a race condition (bsc#1171218).
CVE-2020-12464: Fixed a use-after-free due to a transfer without a reference (bsc#1170901).
CVE-2020-12114: Fixed a pivot_root race condition which could have allowed local users to cause a denial of service (panic) by corrupting a mountpoint reference counter (bsc#1171098).
CVE-2020-11669: Fixed an issue where arch/powerpc/kernel/idle_book3s.S did not have save/restore functionality for PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR, and PNV_POWERSAVE_AMOR (bnc#1169390).
CVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access (bsc#1172317).
CVE-2020-10751: Fixed an improper implementation in SELinux LSM hook where it was assumed that an skb would only contain a single netlink message (bsc#1171189).
CVE-2020-10732: Fixed kernel data leak in userspace coredumps due to uninitialized data (bsc#1171220).
CVE-2020-10720: Fixed a use-after-free read in napi_gro_frags() (bsc#1170778).
CVE-2020-10711: Fixed a null pointer dereference in SELinux subsystem which could have allowed a remote network user to crash the kernel resulting in a denial of service (bsc#1171191).
CVE-2020-10690: Fixed the race between the release of ptp_clock and cdev (bsc#1170056).
CVE-2019-9455: Fixed a pointer leak due to a WARN_ON statement in a video driver. This could lead to local information disclosure with System execution privileges needed (bsc#1170345).
CVE-2019-20812: Fixed an issue in prb_calc_retire_blk_tmo() which could have resulted in a denial of service (bsc#1172453).
CVE-2019-20806: Fixed a null pointer dereference which may had lead to denial of service (bsc#1172199).
CVE-2019-19462: Fixed an issue which could have allowed local user to cause denial of service (bsc#1158265).
CVE-2019-20810: go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c did not call snd_card_free for a failure path, which caused a memory leak, aka CID-9453264ef586 (bnc#1172458).
CVE-2018-1000199: Fixed a potential local code execution via ptrace (bsc#1089895).

The following non-security bugs were fixed:

ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe() (bsc#1051510).
ACPI: GED: add support for _Exx / _Lxx handler methods (bsc#1111666).
ACPI: GED: use correct trigger type field in _Exx / _Lxx handling (bsc#1111666).
ACPI: NFIT: Fix unlock on error in scrub_show() (bsc#1171753).
ACPI: PM: Avoid using power resources if there are none for D0 (bsc#1051510).
ACPI: sysfs: Fix pm_profile_attr type (bsc#1111666).
ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile() (bsc#1051510).
ACPI: video: Use native backlight on Acer Aspire 5783z (bsc#1111666).
ACPI: video: Use native backlight on Acer TravelMate 5735Z (bsc#1111666).
acpi/x86: ignore unspecified bit positions in the ACPI global lock field (bsc#1051510).
Add br_netfilter to kernel-default-base (bsc#1169020)
Add commit for git-fix that's not a fix This commit cleans up debug code but does not fix anything, and it relies on a new kernel function that isn't yet in this version of SLE.
agp/intel: Reinforce the barrier after GTT updates (bsc#1051510).
ALSA: ctxfi: Remove unnecessary cast in kfree (bsc#1051510).
ALSA: doc: Document PC Beep Hidden Register on Realtek ALC256 (bsc#1051510).
ALSA: dummy: Fix PCM format loop in proc output (bsc#1111666).
ALSA: es1688: Add the missed snd_card_free() (bsc#1051510).
ALSA: hda: Add driver blacklist (bsc#1051510).
ALSA: hda: Add ElkhartLake HDMI codec vid (bsc#1111666).
ALSA: hda: add sienna_cichlid audio asic id for sienna_cichlid up (bsc#1111666).
ALSA: hda: Always use jackpoll helper for jack update after resume (bsc#1051510).
ALSA: hda: call runtime_allow() for all hda controllers (bsc#1051510).
ALSA: hda: Do not release card at firmware loading error (bsc#1051510).
ALSA: hda: Explicitly permit using autosuspend if runtime PM is supported (bsc#1051510).
ALSA: hda: Fix potential access overflow in beep helper (bsc#1051510).
ALSA: hda/hdmi - enable runtime pm for newer AMD display audio (bsc#1111666).
ALSA: hda/hdmi: fix race in monitor detection during probe (bsc#1051510).
ALSA: hda/hdmi: fix without unlocked before return (bsc#1051510).
ALSA: hda: Honor PM disablement in PM freeze and thaw_noirq ops (bsc#1051510).
ALSA: hda: Keep the controller initialization even if no codecs found (bsc#1051510).
ALSA: hda - let hs_mic be picked ahead of hp_mic (bsc#1111666).
ALSA: hda: Match both PCI ID and SSID for driver blacklist (bsc#1111666).
ALSA: hda/realtek - Add a model for Thinkpad T570 without DAC workaround (bsc#1172017).
ALSA: hda/realtek - add a pintbl quirk for several Lenovo machines (bsc#1111666).
ALSA: hda/realtek - Add COEF workaround for ASUS ZenBook UX431DA (git-fixes).
ALSA: hda/realtek - Add HP new mute led supported for ALC236 (git-fixes).
ALSA: hda/realtek - Add LED class support for micmute LED (bsc#1111666).
ALSA: hda/realtek - Add more fixup entries for Clevo machines (git-fixes).
ALSA: hda/realtek - Add new codec supported for ALC245 (bsc#1051510).
ALSA: hda/realtek - Add new codec supported for ALC287 (git-fixes).
ALSA: hda/realtek: Add quirk for Samsung Notebook (git-fixes).
ALSA: hda/realtek - Add supported new mute Led for HP (git-fixes).
ALSA: hda/realtek - Enable headset mic of ASUS GL503VM with ALC295 (git-fixes).
ALSA: hda/realtek - Enable headset mic of ASUS UX550GE with ALC295 (git-fixes).
ALSA: hda/realtek: Enable headset mic of ASUS UX581LV with ALC295 (git-fixes).
ALSA: hda/realtek - Enable micmute LED on and HP system (bsc#1111666).
ALSA: hda/realtek - Enable Speaker for ASUS UX533 and UX534 (bsc#1111666).
ALSA: hda/realtek - Enable the headset mic on Asus FX505DT (bsc#1051510).
ALSA: hda/realtek - Fix S3 pop noise on Dell Wyse (git-fixes).
ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Xtreme (bsc#1111666).
ALSA: hda/realtek - Fix unexpected init_amp override (bsc#1051510).
ALSA: hda/realtek - Fix unused variable warning w/o CONFIG_LEDS_TRIGGER_AUDIO (bsc#1111666).
ALSA: hda/realtek - Introduce polarity for micmute LED GPIO (bsc#1111666).
ALSA: hda/realtek - Limit int mic boost for Thinkpad T530 (git-fixes bsc#1171293).
ALSA: hda/realtek - Two front mics on a Lenovo ThinkCenter (bsc#1051510).
ALSA: hda: Release resources at error in delayed probe (bsc#1051510).
ALSA: hda: Remove ASUS ROG Zenith from the blacklist (bsc#1051510).
ALSA: hda: Skip controller resume if not needed (bsc#1051510).
ALSA: hwdep: fix a left shifting 1 by 31 UB bug (git-fixes).
ALSA: ice1724: Fix invalid access for enumerated ctl items (bsc#1051510).
ALSA: iec1712: Initialize STDSP24 properly when using the model=staudio option (git-fixes).
ALSA: lx6464es - add support for LX6464ESe pci express variant (bsc#1111666).
ALSA: opl3: fix infoleak in opl3 (bsc#1111666).
ALSA: opti9xx: shut up gcc-10 range warning (bsc#1051510).
ALSA: pcm: disallow linking stream to itself (bsc#1111666).
ALSA: pcm: fix incorrect hw_base increase (git-fixes).
ALSA: pcm: oss: Fix regression by buffer overflow fix (bsc#1051510).
ALSA: pcm: oss: Place the plugin buffer overflow checks correctly (bsc#1170522).
ALSA: rawmidi: Fix racy buffer resize under concurrent accesses (git-fixes).
ALSA: usb-audio: Add connector notifier delegation (bsc#1051510).
ALSA: usb-audio: Add control message quirk delay for Kingston HyperX headset (git-fixes).
ALSA: usb-audio: Add duplex sound support for USB devices using implicit feedback (bsc#1111666).
ALSA: usb-audio: add mapping for ASRock TRX40 Creator (git-fixes).
ALSA: usb-audio: Add mixer workaround for TRX40 and co (bsc#1051510).
ALSA: usb-audio: Add Pioneer DJ DJM-900NXS2 support (bsc#1111666).
ALSA: usb-audio: Add quirk for Focusrite Scarlett 2i2 (bsc#1051510).
ALSA: usb-audio: add quirk for MacroSilicon MS2109 (bsc#1111666).
ALSA: usb-audio: Add static mapping table for ALC1220-VB-based mobos (bsc#1051510).
ALSA: usb-audio: Add vendor, product and profile name for HP Thunderbolt Dock (bsc#1111666).
ALSA: usb-audio: Apply async workaround for Scarlett 2i4 2nd gen (bsc#1051510).
ALSA: usb-audio: Check mapping at creating connector controls, too (bsc#1051510).
ALSA: usb-audio: Clean up quirk entries with macros (bsc#1111666).
ALSA: usb-audio: Correct a typo of NuPrime DAC-10 USB ID (bsc#1051510).
ALSA: usb-audio: Do not create jack controls for PCM terminals (bsc#1051510).
ALSA: usb-audio: Do not override ignore_ctl_error value from the map (bsc#1051510).
ALSA: usb-audio: Filter error from connector kctl ops, too (bsc#1051510).
ALSA: usb-audio: Fix inconsistent card PM state after resume (bsc#1111666).
ALSA: usb-audio: Fix packet size calculation (bsc#1111666).
ALSA: usb-audio: Fix racy list management in output queue (bsc#1111666).
ALSA: usb-audio: Fix usb audio refcnt leak when getting spdif (bsc#1051510).
ALSA: usb-audio: Improve frames size computation (bsc#1111666).
ALSA: usb-audio: Manage auto-pm of all bundled interfaces (bsc#1111666).
ALSA: usb-audio: mixer: volume quirk for ESS Technology Asus USB DAC (git-fixes).
ALSA: usb-audio: Quirks for Gigabyte TRX40 Aorus Master onboard audio (git-fixes).
ALSA: usb-audio: Use the new macro for HP Dock rename quirks (bsc#1111666).
ALSA: usx2y: Fix potential NULL dereference (bsc#1051510).
amdgpu: a NULL ->mm does not mean a thread is a kthread (git-fixes).
arm64: map FDT as RW for early_init_dt_scan() (jsc#SLE-12423).
ASoC: codecs: hdac_hdmi: Fix incorrect use of list_for_each_entry (bsc#1051510).
ASoC: dapm: connect virtual mux with default value (bsc#1051510).
ASoC: dapm: fixup dapm kcontrol widget (bsc#1051510).
ASoC: dpcm: allow start or stop during pause for backend (bsc#1051510).
ASoC: fix regwmask (bsc#1051510).
ASoC: Intel: atom: Take the drv->lock mutex before calling sst_send_slot_map() (bsc#1051510).
ASoC: msm8916-wcd-digital: Reset RX interpolation path after use (bsc#1051510).
ASoC: samsung: Prevent clk_get_rate() calls in atomic context (bsc#1111666).
ASoC: topology: Check return value of pcm_new_ver (bsc#1051510).
ASoC: topology: use name_prefix for new kcontrol (bsc#1051510).
ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb (bsc#1111666).
ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx (bsc#1111666).
ath9k: Fix use-after-free Write in ath9k_htc_rx_msg (bsc#1111666).
ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb (bsc#1111666).
ax25: fix setsockopt(SO_BINDTODEVICE) (networking-stable-20_05_27).
b43: Fix connection problem with WPA3 (bsc#1111666).
b43legacy: Fix case where channel status is corrupted (bsc#1051510).
b43_legacy: Fix connection problem with WPA3 (bsc#1111666).
batman-adv: Avoid spurious warnings from bat_v neigh_cmp implementation (bsc#1051510).
batman-adv: Do not schedule OGM for disabled interface (bsc#1051510).
batman-adv: fix batadv_nc_random_weight_tq (git-fixes).
batman-adv: Fix refcnt leak in batadv_show_throughput_override (git-fixes).
batman-adv: Fix refcnt leak in batadv_store_throughput_override (git-fixes).
batman-adv: Fix refcnt leak in batadv_v_ogm_process (git-fixes).
batman-adv: prevent TT request storms by not sending inconsistent TT TLVLs (bsc#1051510).
bcache: avoid unnecessary btree nodes flushing in btree_flush_write() (git fixes (block drivers)).
bcache: Fix an error code in bch_dump_read() (git fixes (block drivers)).
bcache: fix incorrect data type usage in btree_flush_write() (git fixes (block drivers)).
bcache: Revert 'bcache: shrink btree node cache after bch_btree_check()' (git fixes (block drivers)).
be2net: fix link failure after ethtool offline test (git-fixes).
blk-mq: honor IO scheduler for multiqueue devices (bsc#1165478).
blk-mq: simplify blk_mq_make_request() (bsc#1165478).
block, bfq: fix use-after-free in bfq_idle_slice_timer_body (bsc#1168760).
block/drbd: delete invalid function drbd_md_mark_dirty_ (bsc#1171527).
block: drbd: remove a stray unlock in __drbd_send_protocol() (bsc#1171599).
block: fix busy device checking in blk_drop_partitions again (bsc#1171948).
block: fix busy device checking in blk_drop_partitions (bsc#1171948).
block: fix memleak of bio integrity data (git fixes (block drivers)).
block: keep bdi->io_pages in sync with max_sectors_kb for stacked devices (bsc#1168762).
block: nr_sects_write(): Disable preemption on seqcount write (bsc#1173818).
block: remove QUEUE_FLAG_STACKABLE (git fixes (block drivers)).
block: remove the bd_openers checks in blk_drop_partitions (bsc#1171948).
block: sed-opal: fix sparse warning: convert __be64 data (git fixes (block drivers)).
Bluetooth: Add SCO fallback for invalid LMP parameters error (bsc#1111666).
Bluetooth: RFCOMM: fix ODEBUG bug in rfcomm_dev_ioctl (bsc#1051510).
bnxt_en: Fix AER reset logic on 57500 chips (git-fixes).
bnxt_en: Fix ethtool selftest crash under error conditions (git-fixes).
bnxt_en: Fix handling FRAG_ERR when NVM_INSTALL_UPDATE cmd fails (git-fixes).
bnxt_en: Fix ipv6 RFS filter matching logic (git-fixes).
bnxt_en: fix memory leaks in bnxt_dcbnl_ieee_getets() (networking-stable-20_03_28).
bnxt_en: fix NULL dereference in case SR-IOV configuration fails (git-fixes).
bnxt_en: Fix VF anti-spoof filter setup (networking-stable-20_05_12).
bnxt_en: Fix VLAN acceleration handling in bnxt_fix_features() (networking-stable-20_05_12).
bnxt_en: Improve AER slot reset (networking-stable-20_05_12).
bnxt_en: Reduce BNXT_MSIX_VEC_MAX value to supported CQs per PF (bsc#1104745).
bnxt_en: reinitialize IRQs when MTU is modified (networking-stable-20_03_14).
bnxt_en: Return error if bnxt_alloc_ctx_mem() fails (bsc#1104745 ).
bnxt_en: Return error when allocating zero size context memory (bsc#1104745).
bonding/alb: make sure arp header is pulled before accessing it (networking-stable-20_03_14).
bpf: Fix sk_psock refcnt leak when receiving message (bsc#1083647).
bpf: Forbid XADD on spilled pointers for unprivileged users (bsc#1083647).
brcmfmac: abort and release host after error (bsc#1051510).
brcmfmac: fix wrong location to get firmware feature (bsc#1111666).
brcmfmac: Transform compatible string for FW loading (bsc#1169771).
btrfs: add assertions for tree == inode->io_tree to extent IO helpers (bsc#1174438).
btrfs: add new helper btrfs_lock_and_flush_ordered_range (bsc#1174438).
btrfs: Always use a cached extent_state in btrfs_lock_and_flush_ordered_range (bsc#1174438).
btrfs: do not zero f_bavail if we have available space (bsc#1168081).
btrfs: do not zero f_bavail if we have available space (bsc#1168081).
btrfs: drop argument tree from btrfs_lock_and_flush_ordered_range (bsc#1174438).
Btrfs: fix deadlock with memory reclaim during scrub (bsc#1172127).
btrfs: fix extent_state leak in btrfs_lock_and_flush_ordered_range (bsc#1174438).
btrfs: fix failure of RWF_NOWAIT write into prealloc extent beyond eof (bsc#1174438).
btrfs: fix hang on snapshot creation after RWF_NOWAIT write (bsc#1174438).
btrfs: fix log context list corruption after rename whiteout error (bsc#1172342).
btrfs: fix partial loss of prealloc extent past i_size after fsync (bsc#1172343).
btrfs: fix RWF_NOWAIT write not failling when we need to cow (bsc#1174438).
btrfs: fix RWF_NOWAIT writes blocking on extent locks and waiting for IO (bsc#1174438).
btrfs: qgroup: Fix a bug that prevents qgroup to be re-enabled after disable (bsc#1172247).
btrfs: relocation: add error injection points for cancelling balance (bsc#1171417).
btrfs: relocation: Check cancel request after each data page read (bsc#1171417).
btrfs: relocation: Check cancel request after each extent found (bsc#1171417).
btrfs: relocation: Clear the DEAD_RELOC_TREE bit for orphan roots to prevent runaway balance (bsc#1171417).
btrfs: relocation: Fix reloc root leakage and the NULL pointer reference caused by the leakage (bsc#1171417).
btrfs: relocation: Work around dead relocation stage loop (bsc#1171417).
btrfs: reloc: clear DEAD_RELOC_TREE bit for orphan roots to prevent runaway balance (bsc#1171417 bsc#1160947 bsc#1172366).
btrfs: reloc: fix reloc root leak and NULL pointer dereference (bsc#1171417 bsc#1160947 bsc#1172366).
btrfs: Return EAGAIN if we can't start no snpashot write in check_can_nocow (bsc#1174438).
Btrfs: setup a nofs context for memory allocation at btrfs_create_tree() (bsc#1172127).
Btrfs: setup a nofs context for memory allocation at __btrfs_set_acl (bsc#1172127).
btrfs: use correct count in btrfs_file_write_iter() (bsc#1174438).
btrfs: Use newly introduced btrfs_lock_and_flush_ordered_range (bsc#1174438).
Btrfs: use nofs context when initializing security xattrs to avoid deadlock (bsc#1172127).
btrfs: volumes: Remove ENOSPC-prone btrfs_can_relocate() (bsc#1171124).
bus: sunxi-rsb: Return correct data when mixing 16-bit and 8-bit reads (bsc#1111666).
can: add missing attribute validation for termination (networking-stable-20_03_14).
carl9170: remove P2P_GO support (bsc#1111666).
cdc-acm: close race betrween suspend() and acm_softint (git-fixes).
CDC-ACM: heed quirk also in error handling (git-fixes).
cdc-acm: introduce a cool down (git-fixes).
ceph: check if file lock exists before sending unlock request (bsc#1168789).
ceph: convert mdsc->cap_dirty to a per-session list (bsc#1167104).
ceph: demote quotarealm lookup warning to a debug message (bsc#1171692).
ceph: fix double unlock in handle_cap_export() (bsc#1171694).
ceph: fix endianness bug when handling MDS session feature bits (bsc#1171695).
ceph: request expedited service on session's last cap flush (bsc#1167104).
cgroup, blkcg: Prepare some symbols for module and !CONFIG_CGROUP usages (bsc#1173857).
cgroup, netclassid: periodically release file_lock on classid updating (networking-stable-20_03_14).
char/random: Add a newline at the end of the file (jsc#SLE-12423).
CIFS: Allocate crypto structures on the fly for calculating signatures of incoming packets (bsc#1144333).
CIFS: Allocate encryption header through kmalloc (bsc#1144333).
CIFS: allow unlock flock and OFD lock across fork (bsc#1144333).
CIFS: check new file size when extending file by fallocate (bsc#1144333).
CIFS: cifspdu.h: Replace zero-length array with flexible-array member (bsc#1144333).
CIFS: clear PF_MEMALLOC before exiting demultiplex thread (bsc#1144333).
CIFS: do not share tcons with DFS (bsc#1144333).
CIFS: dump the session id and keys also for SMB2 sessions (bsc#1144333).
CIFS: ensure correct super block for DFS reconnect (bsc#1144333).
CIFS: Fix bug which the return value by asynchronous read is error (bsc#1144333).
CIFS: fix uninitialised lease_key in open_shroot() (bsc#1144333).
cifs: get rid of unused parameter in reconn_setup_dfs_targets() (bsc#1144333).
cifs: handle hostnames that resolve to same ip in failover (bsc#1144333 bsc#1161016).
CIFS: ignore cached share root handle closing errors (bsc#1166780).
CIFS: improve read performance for page size 64KB & cache=strict & vers=2.1+ (bsc#1144333).
CIFS: Increment num_remote_opens stats counter even in case of smb2_query_dir_first (bsc#1144333).
CIFS: minor update to comments around the cifs_tcp_ses_lock mutex (bsc#1144333).
CIFS: protect updating server->dstaddr with a spinlock (bsc#1144333).
cifs: set up next DFS target before generic_ip_connect() (bsc#1144333 bsc#1161016).
CIFS: smb2pdu.h: Replace zero-length array with flexible-array member (bsc#1144333).
CIFS: smbd: Calculate the correct maximum packet size for segmented SMBDirect send/receive (bsc#1144333).
CIFS: smbd: Check and extend sender credits in interrupt context (bsc#1144333).
CIFS: smbd: Check send queue size before posting a send (bsc#1144333).
CIFS: smbd: Do not schedule work to send immediate packet on every receive (bsc#1144333).
CIFS: smbd: Merge code to track pending packets (bsc#1144333).
CIFS: smbd: Properly process errors on ib_post_send (bsc#1144333).
CIFS: smbd: Update receive credits before sending and deal with credits roll back on failure before sending (bsc#1144333).
CIFS: Warn less noisily on default mount (bsc#1144333).
clk: Add clk_hw_unregister_composite helper function definition (bsc#1051510).
clk: bcm2835: Fix return type of bcm2835_register_gate (bsc#1051510).
clk: clk-flexgen: fix clock-critical handling (bsc#1051510).
clk: imx6ull: use OSC clock during AXI rate change (bsc#1051510).
clk: imx: make mux parent strings const (bsc#1051510).
clk: mediatek: correct the clocks for MT2701 HDMI PHY module (bsc#1051510).
clk: qcom: rcg: Return failure for RCG update (bsc#1051510).
clk: sunxi: Fix incorrect usage of round_down() (bsc#1051510).
clk: sunxi-ng: a64: Fix gate bit of DSI DPHY (bsc#1051510).
clocksource/drivers/hyper-v: Set TSC clocksource as default w/ InvariantTSC (bsc#1170620, bsc#1170621).
clocksource: dw_apb_timer: Make CPU-affiliation being optional (bsc#1111666).
clocksource: dw_apb_timer_of: Fix missing clockevent timers (bsc#1051510).
compat_ioctl: block: handle BLKREPORTZONE/BLKRESETZONE (git fixes (block drivers)).
compat_ioctl: block: handle Persistent Reservations (git fixes (block drivers)).
component: Silence bind error on -EPROBE_DEFER (bsc#1051510).
config: Enable CONFIG_RCU_BOOST
configfs: Fix bool initialization/comparison (bsc#1051510).
copy_{to,from}_user(): consolidate object size checks (git fixes).
coresight: do not use the BIT() macro in the UAPI header (git fixes (block drivers)).
cpufreq: Register drivers only after CPU devices have been registered (bsc#1051510).
cpufreq: s3c64xx: Remove pointless NULL check in s3c64xx_cpufreq_driver_init (bsc#1051510).
cpuidle: Do not unset the driver if it is there already (bsc#1051510).
crypto: algboss - do not wait during notifier callback (bsc#1111666).
crypto: algif_skcipher - Cap recv SG list at ctx->used (bsc#1111666).
crypto: arm64/sha-ce - implement export/import (bsc#1051510).
crypto: caam - update xts sector size for large input length (bsc#1111666).
crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated (bsc#1111666).
crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated (git-fixes).
crypto: ccp - AES CFB mode is a stream cipher (git-fixes).
crypto: ccp - Clean up and exit correctly on allocation failure (git-fixes).
crypto: ccp - Cleanup misc_dev on sev_exit() (bsc#1114279).
crypto: ccp - Cleanup sp_dev_master in psp_dev_destroy() (bsc#1114279).
Crypto/chcr: fix for ccm(aes) failed test (bsc#1111666).
crypto: chelsio/chtls: properly set tp->lsndtime (bsc#1111666).
crypto: mxs-dcp - fix scatterlist linearization for hash (bsc#1051510).
crypto: talitos - fix IPsec cipher in length (git-fixes).
crypto: talitos - reorder code in talitos_edesc_alloc() (git-fixes).
crypto: tcrypt - fix printed skcipher [a]sync mode (bsc#1051510).
cxgb4: fix MPS index overwrite when setting MAC address (bsc#1127355).
cxgb4: fix Txq restart check during backpressure (bsc#1127354 bsc#1127371).
debugfs: Add debugfs_create_xul() for hexadecimal unsigned long (git-fixes).
debugfs: Check module state before warning in {full/open}_proxy_open() (bsc#1173746).
debugfs_lookup(): switch to lookup_one_len_unlocked() (bsc#1171979).
Deprecate NR_UNSTABLE_NFS, use NR_WRITEBACK (bsc#1163403).
devinet: fix memleak in inetdev_init() (networking-stable-20_06_07).
devlink: fix return value after hitting end in region read (bsc#1109837).
devlink: validate length of param values (bsc#1109837).
devlink: validate length of region addr/len (bsc#1109837).
/dev/mem: Add missing memory barriers for devmem_inode (git-fixes).
/dev/mem: Revoke mappings when a driver claims the region (git-fixes).
dmaengine: dmatest: Fix iteration non-stop logic (bsc#1051510).
dmaengine: ste_dma40: fix unneeded variable warning (bsc#1051510).
dmaengine: tegra210-adma: Fix an error handling path in 'tegra_adma_probe()' (bsc#1111666).
dm btree: increase rebalance threshold in __rebalance2() (git fixes (block drivers)).
dm cache: fix a crash due to incorrect work item cancelling (git fixes (block drivers)).
dm crypt: fix benbi IV constructor crash if used in authenticated mode (git fixes (block drivers)).
dm: fix potential for q->make_request_fn NULL pointer (git fixes (block drivers)).
dm mpath: switch paths in dm_blk_ioctl() code path (bsc#1167574).
dm-raid1: fix invalid return value from dm_mirror (bsc#1172378).
dm space map common: fix to ensure new block isn't already in use (git fixes (block drivers)).
dm: various cleanups to md->queue initialization code (git fixes).
dm verity fec: fix hash block number in verity_fec_decode (git fixes (block drivers)).
dm verity fec: fix memory leak in verity_fec_dtr (git fixes (block drivers)).
dm writecache: fix data corruption when reloading the target (git fixes (block drivers)).
dm writecache: fix incorrect flush sequence when doing SSD mode commit (git fixes (block drivers)).
dm writecache: verify watermark during resume (git fixes (block drivers)).
dm zoned: fix invalid memory access (git fixes (block drivers)).
dm zoned: reduce overhead of backing device checks (git fixes (block drivers)).
dm zoned: remove duplicate nr_rnd_zones increase in dmz_init_zone() (git fixes (block drivers)).
dm zoned: support zone sizes smaller than 128MiB (git fixes (block drivers)).
dp83640: reverse arguments to list_add_tail (git-fixes).
dpaa_eth: fix usage as DSA master, try 3 (networking-stable-20_05_27).
driver-core, libnvdimm: Let device subsystems add local lockdep coverage (bsc#1171753).
drivers: hv: Add a module description line to the hv_vmbus driver (bsc#1172249, bsc#1172251).
Drivers: hv: Change flag to write log level in panic msg to false (bsc#1170617, bsc#1170618).
drivers/net/ibmvnic: Update VNIC protocol version reporting (bsc#1065729).
drivers: soc: ti: knav_qmss_queue: Make knav_gp_range_ops static (bsc#1051510).
drivers: w1: add hwmon support structures (jsc#SLE-11048).
drivers: w1: add hwmon temp support for w1_therm (jsc#SLE-11048).
drivers: w1: refactor w1_slave_show to make the temp reading functionality separate (jsc#SLE-11048).
drm: amd/acp: fix broken menu structure (bsc#1114279) * context changes
drm: amd/display: fix Kconfig help text (bsc#1113956) * only fix DEBUG_KERNEL_DC
drm/amdgpu: Correctly initialize thermal controller for GPUs with Powerplay table v0 (e.g Hawaii) (bsc#1111666).
drm/amdgpu: Fix oops when pp_funcs is unset in ACPI event (bsc#1111666).
drm/amd/powerplay: force the trim of the mclk dpm_levels if OD is (bsc#1113956)
drm/atomic: Take the atomic toys away from X (bsc#1112178) * context changes
drm/bochs: downgrade pci_request_region failure from error to warning (bsc#1051510).
drm: bridge: adv7511: Extend list of audio sample rates (bsc#1111666).
drm/crc: Actually allow to change the crc source (bsc#1114279) * offset changes
drm/dp_mst: Fix clearing payload state on topology disable (bsc#1051510).
drm/dp_mst: Increase ACT retry timeout to 3s (bsc#1113956) * context changes
drm/dp_mst: Reformat drm_dp_check_act_status() a bit (bsc#1051510).
drm_dp_mst_topology: fix broken drm_dp_sideband_parse_remote_dpcd_read() (bsc#1051510).
drm/drm_dp_mst:remove set but not used variable 'origlen' (bsc#1051510).
drm/edid: Fix off-by-one in DispID DTD pixel clock (bsc#1114279)
drm: encoder_slave: fix refcouting error for modules (bsc#1111666).
drm: encoder_slave: fix refcouting error for modules (bsc#1114279)
drm/etnaviv: fix perfmon domain interation (bsc#1113956)
drm/etnaviv: rework perfmon query infrastructure (bsc#1112178)
drm/i915: Apply Wa_1406680159:icl,ehl as an engine workaround (bsc#1112178) * rename gt/intel_workarounds.c to intel_workarounds.c * context changes
drm/i915/gvt: Init DPLL/DDI vreg for virtual display instead of (bsc#1114279)
drm/i915: HDCP: fix Ri prime check done during link check (bsc#1112178) * rename display/intel_hdmi.c to intel_hdmi.c * context changes
drm/i915/icl+: Fix hotplug interrupt disabling after storm detection (bsc#1112178)
drm/i915: properly sanity check batch_start_offset (bsc#1114279) * renamed display/intel_fbc.c -> intel_fb.c * renamed gt/intel_rc6.c -> intel_pm.c * context changes
drm/i915: Whitelist context-local timestamp in the gen9 cmdparser (bsc#1111666).
drm/mediatek: Check plane visibility in atomic_update (bsc#1113956) * context changes
drm/meson: Delete an error message in meson_dw_hdmi_bind() (bsc#1051510).
drm/msm/dpu: fix error return code in dpu_encoder_init (bsc#1111666).
drm/msm: stop abusing dma_map/unmap for cache (bsc#1051510).
drm/msm: Use the correct dma_sync calls harder (bsc#1051510).
drm/msm: Use the correct dma_sync calls in msm_gem (bsc#1051510).
drm: NULL pointer dereference [null-pointer-deref] (CWE 476) problem (bsc#1114279)
drm: panel-orientation-quirks: Add quirk for Asus T101HA panel (bsc#1111666).
drm: panel-orientation-quirks: Use generic orientation-data for Acer S1003 (bsc#1111666).
drm/qxl: qxl_release leak in qxl_draw_dirty_fb() (bsc#1051510).
drm/qxl: qxl_release leak in qxl_hw_surface_alloc() (bsc#1051510).
drm/qxl: qxl_release use after free (bsc#1051510).
drm/qxl: Use correct notify port address when creating cursor ring (bsc#1113956)
drm/radeon: fix double free (bsc#1113956)
drm/radeon: fix fb_div check in ni_init_smc_spll_table() (bsc#1113956)
drm: Remove PageReserved manipulation from drm_pci_alloc (bsc#1114279) * offset changes
drm/sun4i: dsi: Allow binding the host without a panel (bsc#1113956)
drm/sun4i: dsi: Avoid hotplug race with DRM driver bind (bsc#1113956)
drm/sun4i: dsi: Remove incorrect use of runtime PM (bsc#1113956) * context changes
drm/sun4i: dsi: Remove unused drv from driver context (bsc#1113956) * context changes * keep include of sun4i_drv.h
drm/sun4i: hdmi ddc clk: Fix size of m divider (bsc#1111666).
drm/tegra: hub: Do not enable orphaned window group (bsc#1111666).
drm/vkms: Hold gem object while still in-use (bsc#1113956) * context changes
dump_stack: avoid the livelock of the dump_lock (git fixes (block drivers)).
e1000: Distribute switch variables for initialization (bsc#1111666).
e1000e: Disable TSO for buffer overrun workaround (bsc#1051510).
e1000e: Do not wake up the system via WOL if device wakeup is disabled (bsc#1051510).
e1000e: Relax condition to trigger reset for ME workaround (bsc#1111666).
EDAC/amd64: Read back the scrub rate PCI register on F15h (bsc#1114279).
EDAC, sb_edac: Add support for systems with segmented PCI buses (bsc#1169525).
efi/random: Increase size of firmware supplied randomness (jsc#SLE-12423).
efi/random: Treat EFI_RNG_PROTOCOL output as bootloader randomness (jsc#SLE-12423).
efi: READ_ONCE rng seed size before munmap (jsc#SLE-12423).
efi: Reorder pr_notice() with add_device_randomness() call (jsc#SLE-12423).
evm: Check also if *tfm is an error pointer in init_desc() (bsc#1051510).
evm: Fix a small race in init_desc() (bsc#1051510).
ext4: add cond_resched() to __ext4_find_entry() (bsc#1166862).
ext4: Check for non-zero journal inum in ext4_calculate_overhead (bsc#1167288).
ext4: do not assume that mmp_nodename/bdevname have NUL (bsc#1166860).
ext4: do not zeroout extents beyond i_disksize (bsc#1167851).
ext4: fix a data race at inode->i_blocks (bsc#1171835).
ext4: fix a data race in EXT4_I(inode)->i_disksize (bsc#1166861).
ext4: fix extent_status fragmentation for plain files (bsc#1171949).
ext4: fix incorrect group count in ext4_fill_super error message (bsc#1168765).
ext4: fix incorrect inodes per group in error message (bsc#1168764).
ext4: fix partial cluster initialization when splitting extent (bsc#1173839).
ext4: fix potential race between online resizing and write operations (bsc#1166864).
ext4: fix potential race between s_flex_groups online resizing and access (bsc#1166867).
ext4: fix potential race between s_group_info online resizing and access (bsc#1166866).
ext4: fix race between ext4_sync_parent() and rename() (bsc#1173838).
ext4: fix race between writepages and enabling EXT4_EXTENTS_FL (bsc#1166870).
ext4: fix support for inode sizes > 1024 bytes (bsc#1164284).
ext4, jbd2: ensure panic by fix a race between jbd2 abort and ext4 error handlers (bsc#1173833).
ext4: potential crash on allocation error in ext4_alloc_flex_bg_array() (bsc#1166940).
ext4: rename s_journal_flag_rwsem to s_writepages_rwsem (bsc#1166868).
ext4: use non-movable memory for superblock readahead (bsc#1171952).
ext4: validate the debug_want_extra_isize mount option at parse time (bsc#1163897).
extcon: adc-jack: Fix an error handling path in 'adc_jack_probe()' (bsc#1051510).
fanotify: fix ignore mask logic for events on child and on dir (bsc#1172719).
fanotify: fix merging marks masks with FAN_ONDIR (bsc#1171679).
fat: fix uninit-memory access for partial initialized inode (bsc#1051510).
fat: work around race with userspace's read via blockdev while mounting (bsc#1051510).
fbcon: fix null-ptr-deref in fbcon_switch (bsc#1114279) * rename drivers/video/fbdev/core to drivers/video/console * context changes
fbdev: potential information leak in do_fb_ioctl() (bsc#1114279)
fbmem: Adjust indentation in fb_prepare_logo and fb_blank (bsc#1114279)
fdt: add support for rng-seed (jsc#SLE-12423).
fdt: Update CRC check for rng-seed (jsc#SLE-12423).
fib: add missing attribute validation for tun_id (networking-stable-20_03_14).
firmware: imx: scu: Fix corruption of header (git-fixes).
firmware: imx: scu: Fix possible memory leak in imx_scu_probe() (bsc#1111666).
firmware: qcom: scm: fix compilation error when disabled (bsc#1051510).
Fix boot crash with MD (bsc#1174343)
fix multiplication overflow in copy_fdtable() (bsc#1173825).
fpga: dfl: afu: Corrected error handling levels (git-fixes).
fq_codel: fix TCA_FQ_CODEL_DROP_BATCH_SIZE sanity checks (networking-stable-20_05_12).
fs/cifs: fix gcc warning in sid_to_id (bsc#1144333).
fs/seq_file.c: simplify seq_file iteration code and interface (bsc#1170125).
gpiolib: Document that GPIO line names are not globally unique (bsc#1051510).
gpio: tegra: mask GPIO IRQs during IRQ shutdown (bsc#1051510).
gpu: host1x: Detach driver on unregister (bsc#1111666).
gpu: ipu-v3: pre: do not trigger update if buffer address does not change (bsc#1111666).
gre: fix uninit-value in __iptunnel_pull_header (networking-stable-20_03_14).
HID: hid-input: clear unmapped usages (git-fixes).
HID: hyperv: Add a module description line (bsc#1172249, bsc#1172251).
HID: i2c-hid: add Trekstor Primebook C11B to descriptor override (git-fixes).
HID: i2c-hid: override HID descriptors for certain devices (git-fixes).
HID: magicmouse: do not set up autorepeat (git-fixes).
HID: multitouch: add eGalaxTouch P80H84 support (bsc#1051510).
HID: sony: Fix for broken buttons on DS3 USB dongles (bsc#1051510).
HID: wacom: Read HID_DG_CONTACTMAX directly for non-generic devices (git-fixes).
hrtimer: Annotate lockless access to timer->state (git fixes (block drivers)).
hsr: add restart routine into hsr_get_node_list() (networking-stable-20_03_28).
hsr: check protocol version in hsr_newlink() (networking-stable-20_04_17).
hsr: fix general protection fault in hsr_addr_is_self() (networking-stable-20_03_28).
hsr: set .netnsok flag (networking-stable-20_03_28).
hsr: use rcu_read_lock() in hsr_get_node_{list/status}() (networking-stable-20_03_28).
hv_netvsc: Fix netvsc_start_xmit's return type (git-fixes).
hwmon: (acpi_power_meter) Fix potential memory leak in acpi_power_meter_add() (bsc#1111666).
hwmon: (emc2103) fix unable to change fan pwm1_enable attribute (bsc#1111666).
hwmon: (max6697) Make sure the OVERT mask is set correctly (bsc#1111666).
i2c: acpi: Force bus speed to 400KHz if a Silead touchscreen is present (git-fixes).
i2c: acpi: put device when verifying client fails (git-fixes).
i2c: algo-pca: Add 0x78 as SCL stuck low status for PCA9665 (bsc#1111666).
i2c: brcmstb: remove unused struct member (git-fixes).
i2c: core: Allow empty id_table in ACPI case as well (git-fixes).
i2c: core: decrease reference count of device node in i2c_unregister_device (git-fixes).
i2c: dev: Fix the race between the release of i2c_dev and cdev (bsc#1051510).
i2c: eg20t: Load module automatically if ID matches (bsc#1111666).
i2c: fix missing pm_runtime_put_sync in i2c_device_probe (git-fixes).
i2c-hid: properly terminate i2c_hid_dmi_desc_override_table array (git-fixes).
i2c: hix5hd2: add missed clk_disable_unprepare in remove (bsc#1051510).
i2c: i801: Do not add ICH_RES_IO_SMI for the iTCO_wdt device (git-fixes).
i2c: iproc: Stop advertising support of SMBUS quick cmd (git-fixes).
i2c: isch: Remove unnecessary acpi.h include (git-fixes).
i2c: jz4780: silence log flood on txabrt (bsc#1051510).
i2c: mlxcpld: check correct size of maximum RECV_LEN packet (bsc#1111666).
i2c: mux: demux-pinctrl: Fix an error handling path in 'i2c_demux_pinctrl_probe()' (bsc#1051510).
i2c: st: fix missing struct parameter description (bsc#1051510).
i40e: reduce stack usage in i40e_set_fc (git-fixes).
IB/hfi1: Do not destroy hfi1_wq when the device is shut down (bsc#1174409).
IB/hfi1: Do not destroy link_wq when the device is shut down (bsc#1174409).
IB/mlx5: Fix missing congestion control debugfs on rep rdma device (bsc#1103991).
ibmveth: Fix max MTU limit (bsc#1173428 ltc#186397).
ibmvfc: do not send implicit logouts prior to NPIV login (bsc#1169625 ltc#184611).
ibmvnic: continue to init in CRQ reset returns H_CLOSED (bsc#1173280 ltc#185369).
ibmvnic: Flush existing work items before device removal (bsc#1065729).
ibmvnic: Harden device login requests (bsc#1170011 ltc#183538).
ibmvnic: Skip fatal error reset after passive init (bsc#1171078 ltc#184239).
iio:ad7797: Use correct attribute_group (bsc#1051510).
iio: adc: stm32-adc: fix device used to request dma (bsc#1051510).
iio: adc: stm32-adc: fix sleep in atomic context (git-fixes).
iio: adc: stm32-adc: Use dma_request_chan() instead dma_request_slave_channel() (bsc#1051510).
iio: buffer: Do not allow buffers without any channels enabled to be activated (bsc#1051510).
iio: dac: vf610: Fix an error handling path in 'vf610_dac_probe()' (bsc#1051510).
iio:health:afe4404 Fix timestamp alignment and prevent data leak (bsc#1111666).
iio:humidity:hdc100x Fix alignment and data leak issues (bsc#1111666).
iio:magnetometer:ak8974: Fix alignment and data leak issues (bsc#1111666).
iio: mma8452: Add missed iio_device_unregister() call in mma8452_probe() (bsc#1111666).
iio: potentiostat: lmp9100: fix iio_triggered_buffer_{predisable,postenable} positions (bsc#1051510).
iio: pressure: bmp280: Tolerate IRQ before registering (bsc#1051510).
iio:pressure:ms5611 Fix buffer element alignment (bsc#1111666).
iio: pressure: zpa2326: handle pm_runtime_get_sync failure (bsc#1111666).
iio: sca3000: Remove an erroneous 'get_device()' (bsc#1051510).
iio: xilinx-xadc: Fix ADC-B powerdown (bsc#1051510).
iio: xilinx-xadc: Fix clearing interrupt when enabling trigger (bsc#1051510).
iio: xilinx-xadc: Fix sequencer configuration for aux channels in simultaneous mode (bsc#1051510).
ima: Directly assign the ima_default_policy pointer to ima_rules (bsc#1051510).
ima: Fix ima digest hash table key calculation (bsc#1051510).
ima: Fix return value of ima_write_policy() (git-fixes).
include/asm-generic/topology.h: guard cpumask_of_node() macro argument (bsc#1148868).
Input: evdev - call input_flush_device() on release(), not flush() (bsc#1051510).
Input: hyperv-keyboard - add module description (bsc#1172249, bsc#1172251).
Input: i8042 - add Acer Aspire 5738z to nomux list (bsc#1051510).
Input: i8042 - add Lenovo XiaoXin Air 12 to i8042 nomux list (bsc#1111666).
Input: i8042 - add ThinkPad S230u to i8042 reset list (bsc#1051510).
input: i8042 - Remove special PowerPC handling (git-fixes).
Input: raydium_i2c_ts - use true and false for boolean values (bsc#1051510).
Input: synaptics - add a second working PNP_ID for Lenovo T470s (bsc#1111666).
Input: synaptics - enable RMI on HP Envy 13-ad105ng (bsc#1051510).
Input: synaptics-rmi4 - fix error return code in rmi_driver_probe() (bsc#1051510).
Input: synaptics-rmi4 - really fix attn_data use-after-free (git-fixes).
Input: usbtouchscreen - add support for BonXeon TP (bsc#1051510).
Input: xpad - add custom init packet for Xbox One S controllers (bsc#1051510).
intel_idle: Graceful probe failure when MWAIT is disabled (bsc#1174115).
intel_th: Fix a NULL dereference when hub driver is not loaded (bsc#1111666).
intel_th: pci: Add Elkhart Lake CPU support (bsc#1051510).
iommu/amd: Call domain_flush_complete() in update_domain() (bsc#1172096).
iommu/amd: Do not flush Device Table in iommu_map_page() (bsc#1172097).
iommu/amd: Do not loop forever when trying to increase address space (bsc#1172098).
iommu/amd: Fix legacy interrupt remapping for x2APIC-enabled system (bsc#1172099).
iommu/amd: Fix over-read of ACPI UID from IVRS table (bsc#1172101).
iommu/amd: Fix race in increase_address_space()/fetch_pte() (bsc#1172102).
iommu/amd: Fix the configuration of GCR3 table root pointer (bsc#1169057).
iommu/amd: Update Device Table in increase_address_space() (bsc#1172103).
iommu: Fix reference count leak in iommu_group_alloc (bsc#1172397).
ip6_tunnel: Allow rcv/xmit even if remote address is a local address (bsc#1166978).
ipmi: fix hung processes in __get_guid() (git-fixes).
ipv4: fix a RCU-list lock in fib_triestat_seq_show (networking-stable-20_04_02).
ipv6/addrconf: call ipv6_mc_up() for non-Ethernet interface (networking-stable-20_03_14).
ipv6: do not auto-add link-local address to lag ports (networking-stable-20_04_09).
ipv6: fix IPV6_ADDRFORM operation logic (bsc#1171662).
ipv6: Fix nlmsg_flags when splitting a multipath route (networking-stable-20_03_01).
ipv6: fix restrict IPV6_ADDRFORM operation (bsc#1171662).
ipv6: Fix route replacement with dev-only route (networking-stable-20_03_01).
ipvlan: add cond_resched_rcu() while processing muticast backlog (networking-stable-20_03_14).
ipvlan: call dev_change_flags when ipvlan mode is reset (git-fixes).
ipvlan: do not add hardware address of master to its unicast filter list (bsc#1137325).
ipvlan: do not deref eth hdr before checking it's set (networking-stable-20_03_14).
ipvlan: do not use cond_resched_rcu() in ipvlan_process_multicast() (networking-stable-20_03_14).
irqchip/bcm2835: Quiesce IRQs left enabled by bootloader (bsc#1051510).
irqdomain: Fix a memory leak in irq_domain_push_irq() (bsc#1051510).
iwlwifi: pcie: actually release queue memory in TVQM (bsc#1051510).
ixgbe: do not check firmware errors (bsc#1170284).
ixgbevf: Remove limit of 10 entries for unicast filter list (git-fixes).
jbd2: avoid leaking transaction credits when unreserving handle (bsc#1173845).
jbd2: Preserve kABI when adding j_abort_mutex (bsc#1173833).
kabi fix for (bsc#1168202).
kabi fix for early XHCI debug (git-fixes).
kabi for for md: improve handling of bio with REQ_PREFLUSH in md_flush_request() (git-fixes).
kabi: hv: prevent struct device_node to become defined (bsc#1172871).
kabi: ppc64le: prevent struct dma_map_ops to become defined (jsc#SLE-12423).
kABI: protect struct mlx5_cmd_work_ent (kabi).
kABI: reintroduce inet_hashtables.h include to l2tp_ip (kabi).
kabi/severities: Do not track KVM internal symbols.
kabi/severities: Ingnore get_dev_data() The function is internal to the AMD IOMMU driver and must not be called by any third party.
kabi workaround for snd_rawmidi buffer_ref field addition (git-fixes).
kernfs: fix barrier usage in __kernfs_new_node() (bsc#1111666).
KEYS: reaching the keys quotas correctly (bsc#1051510).
KVM: arm64: Change hyp_panic()s dependency on tpidr_el2 (bsc#1133021).
KVM: arm64: Stop save/restoring host tpidr_el1 on VHE (bsc#1133021).
KVM: Check validity of resolved slot when searching memslots (bsc#1172104).
KVM: nVMX: Do not reread VMCS-agnostic state when switching VMCS (bsc#1114279).
KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02 (bsc#1114279).
KVM: s390: vsie: Fix delivery of addressing exceptions (git-fixes).
KVM: s390: vsie: Fix possible race when shadowing region 3 tables (git-fixes).
KVM: s390: vsie: Fix region 1 ASCE sanity shadow address checks (git-fixes).
KVM: SVM: Fix potential memory leak in svm_cpu_init() (bsc#1171736).
KVM x86: Extend AMD specific guest behavior to Hygon virtual CPUs (bsc#1152489).
KVM: x86: Fix APIC page invalidation race (bsc#1174122).
kvm: x86: Fix L1TF mitigation for shadow MMU (bsc#1171904).
KVM: x86/mmu: Set mmio_value to '0' if reserved #PF can't be generated (bsc#1171904).
KVM: x86: only do L1TF workaround on affected processors (bsc#1171904).
l2tp: add sk_family checks to l2tp_validate_socket (networking-stable-20_06_07).
l2tp: Allow management of tunnels and session in user namespace (networking-stable-20_04_17).
l2tp: do not use inet_hash()/inet_unhash() (networking-stable-20_06_07).
libata: Remove extra scsi_host_put() in ata_scsi_add_hosts() (bsc#1051510).
libata: Return correct status in sata_pmp_eh_recover_pm() when ATA_DFLAG_DETACH is set (bsc#1051510).
libceph: do not omit recovery_deletes in target_copy() (bsc#1174113).
libceph: ignore pool overlay and cache logic on redirects (bsc#1173146).
libfs: fix infoleak in simple_attr_read() (bsc#1168881).
libnvdimm/bus: Fix wait_nvdimm_bus_probe_idle() ABBA deadlock (bsc#1171753).
libnvdimm/bus: Prepare the nd_ioctl() path to be re-entrant (bsc#1171753).
libnvdimm/bus: Stop holding nvdimm_bus_list_mutex over __nd_ioctl() (bsc#1171753).
libnvdimm: cover up changes in struct nvdimm_bus (bsc#1171753).
libnvdimm: cover up nd_pfn_sb changes (bsc#1171759).
libnvdimm/dax: Pick the right alignment default when creating dax devices (bsc#1171759).
libnvdimm/label: Remove the dpa align check (bsc#1171759).
libnvdimm/of_pmem: Provide a unique name for bus provider (bsc#1171739).
libnvdimm/pfn_dev: Add a build check to make sure we notice when struct page size change (bsc#1171743).
libnvdimm/pfn_dev: Add page size and struct page size to pfn superblock (bsc#1171759).
libnvdimm/pfn: Prevent raw mode fallback if pfn-infoblock valid (bsc#1171743).
libnvdimm/pmem: Advance namespace seed for specific probe errors (bsc#1171743).
libnvdimm/region: Initialize bad block for volatile namespaces (bnc#1151927 5.3.6).++ kernel-source-rt.spec (revision 4)Release: <RELEASE>.g93af9dfProvides: %name-srchash-93af9df3581407689c1ac5b0aa06fcfb62b08f1c
libnvdimm/region: Rewrite _probe_success() to _advance_seeds() (bsc#1171743).
libnvdimm: Use PAGE_SIZE instead of SZ_4K for align check (bsc#1171759).
lib: raid6: fix awk build warnings (git fixes (block drivers)).
lib/raid6/test: fix build on distros whose /bin/sh is not bash (git fixes (block drivers)).
lib/stackdepot.c: fix global out-of-bounds in stack_slabs (git fixes (block drivers)).
livepatch: Apply vmlinux-specific KLP relocations early (bsc#1071995).
livepatch: Disallow vmlinux.ko (bsc#1071995).
livepatch: Make klp_apply_object_relocs static (bsc#1071995).
livepatch: Prevent module-specific KLP rela sections from referencing vmlinux symbols (bsc#1071995).
livepatch: Remove .klp.arch (bsc#1071995).
locks: print unsigned ino in /proc/locks (bsc#1171951).
loop: replace kill_bdev with invalidate_bdev (bsc#1173820).
lpfc_debugfs: get rid of pointless access_ok() (bsc#1172687 bsc#1171530).
lpfc: Synchronize NVME transport and lpfc driver devloss_tmo (bcs#1173060).
mac80211: add ieee80211_is_any_nullfunc() (bsc#1051510).
mac80211: add option for setting control flags (bsc#1111666).
mac80211: Do not send mesh HWMP PREQ if HWMP is disabled (bsc#1051510).
mac80211_hwsim: Use kstrndup() in place of kasprintf() (bsc#1051510).
mac80211: mesh: fix discovery timer re-arming issue / crash (bsc#1051510).
mac80211: set IEEE80211_TX_CTRL_PORT_CTRL_PROTO for nl80211 TX (bsc#1111666).
macsec: avoid to set wrong mtu (bsc#1051510).
macsec: restrict to ethernet devices (networking-stable-20_03_28).
macvlan: add cond_resched() during multicast processing (networking-stable-20_03_14).
macvlan: fix null dereference in macvlan_device_event() (bsc#1051510).
mailbox: imx: Disable the clock on devm_mbox_controller_register() failure (git-fixes).
md: Avoid namespace collision with bitmap API (git fixes (block drivers)).
md: improve handling of bio with REQ_PREFLUSH in md_flush_request() (git-fixes).
md/raid0: Fix an error message in raid0_make_request() (git fixes (block drivers)).
md/raid10: prevent access of uninitialized resync_pages offset (git-fixes).
mdraid: fix read/write bytes accounting (bsc#1172537).
md: use memalloc scope APIs in mddev_suspend()/mddev_resume() (bsc#1166985)).
media: cec: silence shift wrapping warning in __cec_s_log_addrs() (git-fixes).
media: dib0700: fix rc endpoint lookup (bsc#1051510).
media: dvb: return -EREMOTEIO on i2c transfer failure (bsc#1051510).
media: flexcop-usb: fix endpoint sanity check (git-fixes).
media: go7007: Fix URB type for interrupt handling (bsc#1051510).
media: platform: fcp: Set appropriate DMA parameters (bsc#1051510).
media: si2157: Better check for running tuner in init (bsc#1111666).
media: tda10071: fix unsigned sign extension overflow (bsc#1051510).
media: ti-vpe: cal: fix disable_irqs to only the intended target (git-fixes).
media: usbtv: fix control-message timeouts (bsc#1051510).
media: v4l2-core: fix entity initialization in device_register_subdev (bsc#1051510).
media: vsp1: tidyup VI6_HGT_LBn_H() macro (bsc#1051510).
media: xirlink_cit: add missing descriptor sanity checks (bsc#1051510).
mei: release me_cl object reference (bsc#1051510).
mfd: dln2: Fix sanity checking for endpoints (bsc#1051510).
misc: pci_endpoint_test: Fix to support > 10 pci-endpoint-test devices (bsc#1051510).
mlxsw: core: Do not use WQ_MEM_RECLAIM for mlxsw ordered workqueue (git-fixes).
mlxsw: core: Do not use WQ_MEM_RECLAIM for mlxsw workqueue (git-fixes).
mlxsw: Fix some IS_ERR() vs NULL bugs (networking-stable-20_04_27).
mlxsw: pci: Return error on PCI reset timeout (git-fixes).
mlxsw: spectrum_acl_tcam: Position vchunk in a vregion list properly (networking-stable-20_05_12).
mlxsw: spectrum: Disallow prio-tagged packets when PVID is removed (git-fixes).
mlxsw: spectrum_dpipe: Add missing error path (git-fixes).
mlxsw: spectrum_flower: Do not stop at FLOW_ACTION_VLAN_MANGLE (networking-stable-20_04_09).
mlxsw: spectrum_mr: Fix list iteration in error path (bsc#1112374).
mlxsw: spectrum: Prevent force of 56G (git-fixes).
mlxsw: spectrum_router: Refresh nexthop neighbour when it becomes dead (git-fixes).
mlxsw: spectrum_router: Remove inappropriate usage of WARN_ON() (git-fixes).
mlxsw: spectrum_switchdev: Add MDB entries in prepare phase (git-fixes).
mlxsw: spectrum_switchdev: Do not treat static FDB entries as sticky (git-fixes).
mmc: atmel-mci: Fix debugfs on 64-bit platforms (git-fixes).
mmc: block: Fix request completion in the CQE timeout path (bsc#1111666).
mmc: block: Fix use-after-free issue for rpmb (bsc#1111666).
mmc: core: Check request type before completing the request (git-fixes).
mmc: core: Fix recursive locking issue in CQE recovery path (git-fixes).
mmc: cqhci: Avoid false 'cqhci: CQE stuck on' by not open-coding timeout loop (git-fixes).
mmc: dw_mmc: Fix debugfs on 64-bit platforms (git-fixes).
mmc: fix compilation of user API (bsc#1051510).
mmc: meson-gx: make sure the descriptor is stopped on errors (git-fixes).
mmc: meson-gx: simplify interrupt handler (git-fixes).
mmc: renesas_sdhi: limit block count to 16 bit for old revisions (git-fixes).
mmc: sdhci: do not enable card detect interrupt for gpio cd type (bsc#1111666).
mmc: sdhci-esdhc-imx: fix the mask for tuning start point (bsc#1051510).
mmc: sdhci-msm: Clear tuning done flag while hs400 tuning (bsc#1051510).
mmc: sdhci-msm: Set SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12 quirk (bsc#1111666).
mmc: sdhci-of-at91: fix memleak on clk_get failure (git-fixes).
mmc: sdhci-pci: Fix eMMC driver strength for BYT-based controllers (bsc#1051510).
mmc: sdhci-xenon: fix annoying 1.8V regulator warning (bsc#1051510).
mmc: sdio: Fix potential NULL pointer error in mmc_sdio_init_card() (bsc#1051510).
mmc: tmio: fix access width of Block Count Register (git-fixes).
mm/filemap.c: do not initiate writeback if mapping has no dirty pages (bsc#1168884).
mm: limit boost_watermark on small zones (git fixes (mm/pgalloc)).
mm/memory_hotplug.c: only respect mem= parameter during boot stage (bsc#1065600).
mm: replace PF_LESS_THROTTLE with PF_LOCAL_THROTTLE (bsc#1163403).
mm: thp: handle page cache THP correctly in PageTransCompoundMap (git fixes (block drivers)).
mtd: cfi: fix deadloop in cfi_cmdset_0002.c do_write_buffer (bsc#1051510).
mtd: spi-nor: cadence-quadspi: add a delay in write sequence (git-fixes).
mtd: spi-nor: enable 4B opcodes for mx66l51235l (git-fixes).
mtd: spi-nor: fsl-quadspi: Do not let -EINVAL on the bus (git-fixes).
mvpp2: remove misleading comment (git-fixes).
mwifiex: avoid -Wstringop-overflow warning (bsc#1051510).
mwifiex: Fix memory corruption in dump_station (bsc#1051510).
net: bcmgenet: correct per TX/RX ring statistics (networking-stable-20_04_27).
net: be more gentle about silly gso requests coming from user (networking-stable-20_06_07).
net: check untrusted gso_size at kernel entry (networking-stable-20_06_07).
net/cxgb4: Check the return from t4_query_params properly (git-fixes).
net: dsa: b53: Fix ARL register definitions (networking-stable-20_04_27).
net: dsa: b53: Rework ARL bin logic (networking-stable-20_04_27).
net: dsa: bcm_sf2: Do not register slave MDIO bus with OF (networking-stable-20_04_09).
net: dsa: bcm_sf2: Ensure correct sub-node is parsed (networking-stable-20_04_09).
net: dsa: bcm_sf2: Fix node reference count (git-fixes).
net: dsa: bcm_sf2: Fix overflow checks (git-fixes).
net: dsa: Fix duplicate frames flooded by learning (networking-stable-20_03_28).
net: dsa: loop: Add module soft dependency (networking-stable-20_05_16).
net: dsa: mt7530: fix roaming from DSA user ports (networking-stable-20_05_27).
net: dsa: mv88e6xxx: fix lockup on warm boot (networking-stable-20_03_14).
net: ena: add intr_moder_rx_interval to struct ena_com_dev and use it (git-fixes).
net: ena: add missing ethtool TX timestamping indication (git-fixes).
net: ena: avoid memory access violation by validating req_id properly (git-fixes).
net: ena: do not wake up tx queue when down (git-fixes).
net: ena: ena-com.c: prevent NULL pointer dereference (git-fixes).
net: ena: ethtool: use correct value for crc32 hash (git-fixes).
net: ena: fix continuous keep-alive resets (git-fixes).
net: ena: fix corruption of dev_idx_to_host_tbl (git-fixes).
net: ena: fix default tx interrupt moderation interval (git-fixes).
net: ena: fix incorrect default RSS key (git-fixes).
net: ena: fix incorrectly saving queue numbers when setting RSS indirection table (git-fixes).
net: ena: fix issues in setting interrupt moderation params in ethtool (git-fixes).
net: ena: fix potential crash when rxfh key is NULL (git-fixes).
net: ena: fix retrieval of nonadaptive interrupt moderation intervals (git-fixes).
net: ena: fix uses of round_jiffies() (git-fixes).
net: ena: make ena rxfh support ETH_RSS_HASH_NO_CHANGE (git-fixes).
net: ena: reimplement set/get_coalesce() (git-fixes).
net: ena: rss: do not allocate key when not supported (git-fixes).
net: ena: rss: fix failure to get indirection table (git-fixes).
net: ena: rss: store hash function as values and not bits (git-fixes).
net/ethernet: add Google GVE driver (jsc#SLE-10538)
net: fec: add phy_reset_after_clk_enable() support (git-fixes).
net: fec: validate the new settings in fec_enet_set_coalesce() (networking-stable-20_03_14).
net: fib_rules: Correctly set table field when table number exceeds 8 bits (networking-stable-20_03_01).
netfilter: connlabels: prefer static lock initialiser (git-fixes).
netfilter: conntrack: sctp: use distinct states for new SCTP connections (bsc#1159199).
netfilter: ctnetlink: netns exit must wait for callbacks (bsc#1169795).
netfilter: not mark a spinlock as __read_mostly (git-fixes).
net: fix a potential recursive NETDEV_FEAT_CHANGE (networking-stable-20_05_16).
net: fix race condition in __inet_lookup_established() (bsc#1151794).
net: fq: add missing attribute validation for orphan mask (networking-stable-20_03_14).
net: hns3: fix 'tc qdisc del' failed issue (bsc#1109837).
net: inet_csk: Fix so_reuseport bind-address cache in tb->fast* (networking-stable-20_05_27).
net: ipip: fix wrong address family in init error path (networking-stable-20_05_27).
net, ip_tunnel: fix interface lookup with no key (networking-stable-20_04_02).
net: ipv4: devinet: Fix crash when add/del multicast IP with autojoin (networking-stable-20_04_17).
net: ipv6: do not consider routes via gateways for anycast address check (networking-stable-20_04_17).
net: ipvlan: Fix ipvlan device tso disabled while NETIF_F_IP_CSUM is set (git-fixes).
netlink: Use netlink header as base to calculate bad attribute offset (networking-stable-20_03_14).
net: macsec: preserve ingress frame ordering (networking-stable-20_05_12).
net: memcg: fix lockdep splat in inet_csk_accept() (networking-stable-20_03_14).
net: memcg: late association of sock to memcg (networking-stable-20_03_14).
net/mlx4_core: drop useless LIST_HEAD (git-fixes).
net/mlx4_core: fix a memory leak bug (git-fixes).
net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc() (networking-stable-20_05_12).
net/mlx4_en: avoid indirect call in TX completion (networking-stable-20_04_27).
net/mlx5: Add command entry handling completion (networking-stable-20_05_27).
net/mlx5: Add new fields to Port Type and Speed register (bsc#1171118).
net/mlx5: Avoid panic when setting vport rate (git-fixes).
net/mlx5: Continue driver initialization despite debugfs failure (git-fixes).
net/mlx5e: ethtool, Fix a typo in WOL function names (git-fixes).
net/mlx5e: Fix traffic duplication in ethtool steering (git-fixes).
net/mlx5e: Remove unnecessary clear_bit()s (git-fixes).
net/mlx5e: Update netdev txq on completions during closure (networking-stable-20_05_27).
net/mlx5: Expose link speed directly (bsc#1171118).
net/mlx5: Expose port speed when possible (bsc#1171118).
net/mlx5: Fix command entry leak in Internal Error State (networking-stable-20_05_12).
net/mlx5: Fix crash upon suspend/resume (networking-stable-20_06_07).
net/mlx5: Fix failing fw tracer allocation on s390 (bsc#1103990 ).
net/mlx5: Fix forced completion access non initialized command entry (networking-stable-20_05_12).
net: mvmdio: allow up to four clocks to be specified for orion-mdio (git-fixes).
net: mvneta: Fix the case where the last poll did not process all rx (networking-stable-20_03_28).
net: mvpp2: prs: Do not override the sign bit in SRAM parser shift (git-fixes).
net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node (networking-stable-20_04_27).
net/packet: tpacket_rcv: do not increment ring index on drop (networking-stable-20_03_14).
net: phy: fix aneg restart in phy_ethtool_set_eee (networking-stable-20_05_16).
net: phy: micrel: kszphy_resume(): add delay after genphy_resume() before accessing PHY registers (bsc#1051510).
net: phy: restore mdio regs in the iproc mdio driver (networking-stable-20_03_01).
netprio_cgroup: Fix unlimited memory leak of v2 cgroups (networking-stable-20_05_16).
net: qede: stop adding events on an already destroyed workqueue (git-fixes).
net: qed: fix excessive QM ILT lines consumption (git-fixes).
net: qed: fix NVMe login fails over VFs (git-fixes).
net: qmi_wwan: add support for ASKEY WWHC050 (networking-stable-20_03_28).
net: qrtr: Fix passing invalid reference to qrtr_local_enqueue() (networking-stable-20_05_27).
net: revert default NAPI poll timeout to 2 jiffies (networking-stable-20_04_17).
net: revert 'net: get rid of an signed integer overflow in ip_idents_reserve()' (networking-stable-20_05_27).
net_sched: cls_route: remove the right filter from hashtable (networking-stable-20_03_28).
net sched: fix reporting the first-time use timestamp (networking-stable-20_05_27).
net_sched: sch_skbprio: add message validation to skbprio_change() (bsc#1109837).
net: stricter validation of untrusted gso packets (networking-stable-20_05_12).
net/tls: Fix sk_psock refcnt leak in bpf_exec_tx_verdict() (networking-stable-20_05_12).
net/tls: Fix sk_psock refcnt leak when in tls_data_ready() (networking-stable-20_05_12).
net: usb: qmi_wwan: add support for DW5816e (networking-stable-20_05_12).
net: usb: qmi_wwan: add Telit 0x1050 composition (networking-stable-20_06_07).
net: usb: qmi_wwan: add Telit LE910C1-EUX composition (networking-stable-20_06_07).
net: vmxnet3: fix possible buffer overflow caused by bad DMA value in vmxnet3_get_rss() (bsc#1172484).
net/x25: Fix x25_neigh refcnt leak when receiving frame (networking-stable-20_04_27).
nfc: add missing attribute validation for SE API (networking-stable-20_03_14).
nfc: add missing attribute validation for vendor subcommand (networking-stable-20_03_14).
nfc: fdp: Fix a signedness bug in fdp_nci_send_patch() (bsc#1051510).
nfc: pn544: Fix occasional HW initialization failure (networking-stable-20_03_01).
nfc: st21nfca: add missed kfree_skb() in an error path (bsc#1051510).
nfp: abm: fix a memory leak bug (bsc#1109837).
nfp: bpf: fix code-gen bug on BPF_ALU | BPF_XOR | BPF_K (git-fixes).
nfsd4: fix up replay_matches_cache() (git-fixes).
nfsd: Ensure CLONE persists data and metadata changes to the target file (git-fixes).
nfsd: fix delay timer on 32-bit architectures (git-fixes).
nfsd: fix jiffies/time_t mixup in LRU list (git-fixes).
nfs: Directory page cache pages need to be locked when read (git-fixes).
nfsd: memory corruption in nfsd4_lock() (git-fixes).
nfs: Do not call generic_error_remove_page() while holding locks (bsc#1170457).
NFS: Fix an RCU lock leak in nfs4_refresh_delegation_stateid() (bsc#1170592).
nfs: Fix memory leaks and corruption in readdir (git-fixes).
nfs: Fix O_DIRECT accounting of number of bytes read/written (git-fixes).
nfs: Fix potential posix_acl refcnt leak in nfs3_set_acl (git-fixes).
nfs: fix racey wait in nfs_set_open_stateid_locked (bsc#1170592).
nfs/flexfiles: Use the correct TCP timeout for flexfiles I/O (git-fixes).
nfs/pnfs: Fix pnfs_generic_prepare_to_resend_writes() (git-fixes).
nfs: Revalidate the file size on a fatal write error (git-fixes).
NFSv4.0: nfs4_do_fsinfo() should not do implicit lease renewals (git-fixes).
NFSv4: Do not allow a cached open with a revoked delegation (git-fixes).
NFSv4: Fix leak of clp->cl_acceptor string (git-fixes).
NFSv4/pnfs: Return valid stateids in nfs_layout_find_inode_by_stateid() (git-fixes).
NFSv4: Retry CLOSE and DELEGRETURN on NFS4ERR_OLD_STATEID (bsc#1170592).
NFSv4: try lease recovery on NFS4ERR_EXPIRED (git-fixes).
NFSv4.x: Drop the slot if nfs4_delegreturn_prepare waits for layoutreturn (git-fixes).
nilfs2: fix null pointer dereference at nilfs_segctor_do_construct() (bsc#1173857).
nl80211: fix NL80211_ATTR_CHANNEL_WIDTH attribute type (bsc#1111666).
nl802154: add missing attribute validation for dev_type (networking-stable-20_03_14).
nl802154: add missing attribute validation (networking-stable-20_03_14).
nvdimm: Avoid race between probe and reading device attributes (bsc#1170442).
nvme: check for NVME_CTRL_LIVE in nvme_report_ns_ids() (bcs#1171558 bsc#1159058).
nvme: do not update multipath disk information if the controller is down (bcs#1171558 bsc#1159058).
nvme: fail cancelled commands with NVME_SC_HOST_PATH_ERROR (bsc#1158983 bsc#1172538).
nvme-fc: Fail transport errors with NVME_SC_HOST_PATH (bsc#1158983 bsc#1172538).
nvme-fc: print proper nvme-fc devloss_tmo value (bsc#1172391).
nvme-tcp: fail command with NVME_SC_HOST_PATH_ERROR send failed (bsc#1158983 bsc#1172538).
objtool: Add is_static_jump() helper (bsc#1169514).
objtool: Add relocation check for alternative sections (bsc#1169514).
objtool: Clean instruction state before each function validation (bsc#1169514).
objtool: Fix stack offset tracking for indirect CFAs (bsc#1169514).
objtool: Fix switch table detection in .text.unlikely (bsc#1169514).
objtool: Ignore empty alternatives (bsc#1169514).
objtool: Make BP scratch register warning more robust (bsc#1169514).
ocfs2: no need try to truncate file beyond i_size (bsc#1171841).
OMAP: DSS2: remove non-zero check on variable r (bsc#1114279)
overflow: Fix -Wtype-limits compilation warnings (git fixes).
overflow.h: Add arithmetic shift helper (git fixes).
p54usb: add AirVasT USB stick device-id (bsc#1051510).
padata: ensure the reorder timer callback runs on the correct CPU (git-fixes).
padata: Remove broken queue flushing (git-fixes).
padata: reorder work kABI fixup (git-fixes).
Partially revert 'kfifo: fix kfifo_alloc() and kfifo_init()' (git fixes (block drivers)).
partitions/efi: Fix partition name parsing in GUID partition entry (bsc#1168763).
PCI/AER: Remove HEST/FIRMWARE_FIRST parsing for AER ownership (bsc#1174356).
PCI/AER: Use only _OSC to determine AER ownership (bsc#1174356).
PCI: Allow pci_resize_resource() for devices on root bus (bsc#1051510).
PCI/ASPM: Clear the correct bits when enabling L1 substates (bsc#1051510).
PCI: endpoint: Fix clearing start entry in configfs (bsc#1051510).
PCI: Fix pci_register_host_bridge() device_register() error handling (bsc#1051510).
PCI: Generalize multi-function power dependency device links (bsc#1111666).
PCI: hv: Add support for protocol 1.3 and support PCI_BUS_RELATIONS2 (bsc#1172201, bsc#1172202).
PCI: hv: Change pci_protocol_version to per-hbus (bsc#1172871, bsc#1172872).
PCI: hv: Decouple the func definition in hv_dr_state from VSP message (bsc#1172201, bsc#1172202).
PCI: hv: Fix the PCI HyperV probe failure path to release resource properly (bsc#1172871, bsc#1172872).
PCI: hv: Introduce hv_msi_entry (bsc#1172871, bsc#1172872).
PCI: hv: Move hypercall related definitions into tlfs header (bsc#1172871, bsc#1172872).
PCI: hv: Move retarget related structures into tlfs header (bsc#1172871, bsc#1172872).
PCI: hv: Reorganize the code in preparation of hibernation (bsc#1172871, bsc#1172872).
PCI: hv: Retry PCI bus D0 entry on invalid device state (bsc#1172871, bsc#1172872).
PCI: pciehp: Fix indefinite wait on sysfs requests (git-fixes).
PCI: pciehp: Fix MSI interrupt race (bsc#1159037).
PCI: pciehp: Support interrupts sent from D3hot (git-fixes).
PCI/PM: Call .bridge_d3() hook only if non-NULL (git-fixes).
PCI: Program MPS for RCiEP devices (bsc#1051510).
PCI/PTM: Inherit Switch Downstream Port PTM settings from Upstream Port (bsc#1051510).
pci: Revive pci_dev __aer_firmware_first* fields for kABI (bsc#1174356).
PCI/switchtec: Fix init_completion race condition with poll_wait() (bsc#1051510).
pcm_native: result of put_user() needs to be checked (bsc#1111666).
perf: Allocate context task_ctx_data for child event (git-fixes).
perf/cgroup: Fix perf cgroup hierarchy support (git-fixes).
perf: Copy parent's address filter offsets on clone (git-fixes).
perf/core: Add sanity check to deal with pinned event failure (git-fixes).
perf/core: Avoid freeing static PMU contexts when PMU is unregistered (git-fixes).
perf/core: Correct event creation with PERF_FORMAT_GROUP (git-fixes).
perf/core: Do not WARN() for impossible ring-buffer sizes (git-fixes).
perf/core: Fix ctx_event_type in ctx_resched() (git-fixes).
perf/core: Fix error handling in perf_event_alloc() (git-fixes).
perf/core: Fix exclusive events' grouping (git-fixes).
perf/core: Fix group scheduling with mixed hw and sw events (git-fixes).
perf/core: Fix impossible ring-buffer sizes warning (git-fixes).
perf/core: Fix locking for children siblings group read (git-fixes).
perf/core: Fix perf_event_read_value() locking (git-fixes).
perf/core: Fix perf_pmu_unregister() locking (git-fixes).
perf/core: Fix perf_sample_regs_user() mm check (git-fixes).
perf/core: Fix possible Spectre-v1 indexing for ->aux_pages (git-fixes).
perf/core: Fix race between close() and fork() (git-fixes).
perf/core: Fix the address filtering fix (git-fixes).
perf/core: Fix use-after-free in uprobe_perf_close() (git-fixes).
perf/core: Force USER_DS when recording user stack data (git-fixes).
perf/core: Restore mmap record type correctly (git-fixes).
perf: Fix header.size for namespace events (git-fixes).
perf/ioctl: Add check for the sample_period value (git-fixes).
perf, pt, coresight: Fix address filters for vmas with non-zero offset (git-fixes).
perf: Return proper values for user stack errors (git-fixes).
perf/x86/amd: Constrain Large Increment per Cycle events (git-fixes).
perf/x86/amd/ibs: Fix reading of the IBS OpData register and thus precise RIP validity (git-fixes).
perf/x86/amd/ibs: Fix sample bias for dispatched micro-ops (git-fixes).
perf/x86/amd/ibs: Handle erratum #420 only on the affected CPU family (10h) (git-fixes).
perf/x86/amd/iommu: Make the 'amd_iommu_attr_groups' symbol static (git-fixes).
perf/x86/amd/uncore: Do not set 'ThreadMask' and 'SliceMask' for non-L3 PMCs (git-fixes stable).
perf/x86/amd/uncore: Set the thread mask for F17h L3 PMCs (git-fixes).
perf/x86/amd/uncore: Set ThreadMask and SliceMask for L3 Cache perf events (git-fixes stable).
perf/x86: Enable free running PEBS for REGS_USER/INTR (git-fixes).
perf/x86: Fix incorrect PEBS_REGS (git-fixes).
perf/x86/intel: Add generic branch tracing check to intel_pmu_has_bts() (git-fixes).
perf/x86/intel: Add proper condition to run sched_task callbacks (git-fixes).
perf/x86/intel/bts: Fix the use of page_private() (git-fixes).
perf/x86/intel: Fix PT PMI handling (git-fixes).
perf/x86/intel: Move branch tracing setup to the Intel-specific source file (git-fixes).
perf/x86/intel/uncore: Add Node ID mask (git-fixes).
perf/x86/intel/uncore: Fix PCI BDF address of M3UPI on SKX (git-fixes).
perf/x86/intel/uncore: Handle invalid event coding for free-running counter (git-fixes).
perf/x86/uncore: Fix event group support (git-fixes).
pid: Improve the comment about waiting in zap_pid_ns_processes (git fixes)).
pinctrl: baytrail: Enable pin configuration setting for GPIO chip (git-fixes).
pinctrl: cherryview: Add missing spinlock usage in chv_gpio_irq_handler (git-fixes).
pinctrl: core: Remove extra kref_get which blocks hogs being freed (bsc#1051510).
pinctrl: freescale: imx: Fix an error handling path in 'imx_pinctrl_probe()' (bsc#1051510).
pinctrl: imxl: Fix an error handling path in 'imx1_pinctrl_core_probe()' (bsc#1051510).
pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs (bsc#1051510).
pinctrl: sunrisepoint: Fix PAD lock register offset for SPT-H (git-fixes).
platform/x86: asus-nb-wmi: Do not load on Asus T100TA and T200TA (bsc#1051510).
platform/x86: dell-laptop: do not register micmute LED if there is no token (bsc#1111666).
platform/x86: hp-wmi: Convert simple_strtoul() to kstrtou32() (bsc#1111666).
PM / Domains: Allow genpd users to specify default active wakeup behavior (git-fixes).
pNFS: Ensure we do clear the return-on-close layout stateid on fatal errors (git-fixes).
pnp: Use list_for_each_entry() instead of open coding (git fixes).
powerpc/64s: Do not let DT CPU features set FSCR_DSCR (bsc#1065729).
powerpc/64s: Save FSCR to init_task.thread.fscr after feature init (bsc#1065729).
powerpc: Add attributes for setjmp/longjmp (bsc#1065729).
powerpc/book3s64: Export has_transparent_hugepage() related functions (bsc#1171759).
powerpc/book3s64/pkeys: Fix pkey_access_permitted() for execute disable pkey (bsc#1065729).
powerpc/fadump: fix race between pstore write and fadump crash trigger (bsc#1168959 ltc#185010).
powerpc/hash64/devmap: Use H_PAGE_THP_HUGE when setting up huge devmap PTE entries (bsc#1065729).
powerpc/pci/of: Parse unassigned resources (bsc#1065729).
powerpc/setup_64: Set cache-line-size based on cache-block-size (bsc#1065729).
powerpc/sstep: Fix DS operand in ld encoding to appropriate value (bsc#1065729).
powerpc/xive: Clear the page tables for the ESB IO mapping (bsc#1085030).
powerpc/xmon: Reset RCU and soft lockup watchdogs (bsc#1065729).
power: supply: bq24257_charger: Replace depends on REGMAP_I2C with select (bsc#1051510).
power: supply: lp8788: Fix an error handling path in 'lp8788_charger_probe()' (bsc#1051510).
power: supply: smb347-charger: IRQSTAT_D is volatile (bsc#1051510).
power: vexpress: add suppress_bind_attrs to true (bsc#1111666).
pppoe: only process PADT targeted at local interfaces (networking-stable-20_05_16).
pwm: bcm2835: Dynamically allocate base (bsc#1051510).
pwm: meson: Fix confusing indentation (bsc#1051510).
pwm: pca9685: Fix PWM/GPIO inter-operation (bsc#1051510).
pwm: rcar: Fix late Runtime PM enablement (bsc#1051510).
pwm: renesas-tpu: Fix late Runtime PM enablement (bsc#1051510).
pxa168fb: fix release function mismatch in probe failure (bsc#1051510).
qede: Fix race between rdma destroy workqueue and link change event (networking-stable-20_03_01).
qed: reduce maximum stack frame size (git-fixes).
qlcnic: fix missing release in qlcnic_83xx_interrupt_test (git-fixes).
qmi_wwan: unconditionally reject 2 ep interfaces (bsc#1051510).
r8152: check disconnect status after long sleep (networking-stable-20_03_14).
r8152: support additional Microsoft Surface Ethernet Adapter variant (networking-stable-20_05_27).
raid5: remove gfp flags from scribble_alloc() (bsc#1166985).
raid6/ppc: Fix build for clang (git fixes (block drivers)).
random: always use batched entropy for get_random_u{32,64} (bsc#1164871).
rcu: locking and unlocking need to always be at least barriers (git fixes (block drivers)).
RDMA/efa: Fix setting of wrong bit in get/set_feature commands (bsc#1111666)
RDMA/efa: Set maximum pkeys device attribute (bsc#1111666)
RDMA/efa: Support remote read access in MR registration (bsc#1111666)
RDMA/efa: Unified getters/setters for device structs bitmask access (bsc#1111666)
README.BRANCH: Add Takashi Iwai as primary maintainer.
README.BRANCH: Replace Matt Fleming with Davidlohr Bueso as maintainer.
regmap: debugfs: Do not sleep while atomic for fast_io regmaps (bsc#1111666).
resolve KABI warning for perf-pt-coresight (git-fixes).
Revert 'ALSA: hda/realtek: Fix pop noise on ALC225' (git-fixes).
Revert 'bcache: ignore pending signals when creating gc and allocator thread' (git fixes (block drivers)).
Revert commit e918e570415c ('tpm_tis: Remove the HID IFX0102') (bsc#1111666).
Revert 'dm crypt: use WQ_HIGHPRI for the IO and crypt workqueues' (git fixes (block drivers)).
Revert 'drm/panel: simple: Add support for Sharp LQ150X1LG11 panels' (bsc#1114279) * offset changes
Revert 'HID: i2c-hid: add Trekstor Primebook C11B to descriptor override' Depends on 9b5c747685982d22efffeafc5ec601bd28f6d78b, which was also reverted.
Revert 'HID: i2c-hid: override HID descriptors for certain devices' This broke i2c-hid.ko's build, there is no way around it without a big file rename or renaming the kernel module.
Revert 'i2c-hid: properly terminate i2c_hid_dmi_desc_override_table' Fixed 9b5c747685982d22efffeafc5ec601bd28f6d78b, which was also reverted.
Revert 'ipc,sem: remove uneeded sem_undo_list lock usage in exit_sem()' (bsc#1172221).
Revert 'RDMA/cma: Simplify rdma_resolve_addr() error flow' (bsc#1103992).
Revert 'thermal: mediatek: fix register index error' (bsc#1111666).
Revert 'tools lib traceevent: Remove unneeded qsort and uses memmove'
rtlwifi: Fix a double free in _rtl_usb_tx_urb_setup() (bsc#1051510).
rtnetlink: Fix memory(net_device) leak when ->newlink fails (git-fixes).
s390/bpf: Maintain 8-byte stack alignment (bsc#1169194).
s390/cio: avoid duplicated 'ADD' uevents (git-fixes).
s390/cio: generate delayed uevent for vfio-ccw subchannels (git-fixes).
s390/cpuinfo: fix wrong output when CPU0 is offline (git-fixes).
s390/cpum_cf: Add new extended counters for IBM z15 (bsc#1169762 LTC#185291).
s390/diag: fix display of diagnose call statistics (git-fixes).
s390: fix syscall_get_error for compat processes (git-fixes).
s390/ftrace: fix potential crashes when switching tracers (git-fixes).
s390/gmap: return proper error code on ksm unsharing (git-fixes).
s390/ism: fix error return code in ism_probe() (git-fixes).
s390/pci: do not set affinity for floating irqs (git-fixes).
s390/pci: Fix possible deadlock in recover_store() (bsc#1165183 LTC#184103).
s390/pci: Recover handle in clp_set_pci_fn() (bsc#1165183 LTC#184103).
s390/qdio: consistently restore the IRQ handler (git-fixes).
s390/qdio: lock device while installing IRQ handler (git-fixes).
s390/qdio: put thinint indicator after early error (git-fixes).
s390/qdio: tear down thinint indicator after early error (git-fixes).
s390/qeth: cancel RX reclaim work earlier (git-fixes).
s390/qeth: do not return -ENOTSUPP to userspace (git-fixes).
s390/qeth: do not warn for napi with 0 budget (git-fixes).
s390/qeth: fix error handling for isolation mode cmds (git-fixes).
s390/qeth: fix off-by-one in RX copybreak check (git-fixes).
s390/qeth: fix promiscuous mode after reset (git-fixes).
s390/qeth: fix qdio teardown after early init error (git-fixes).
s390/qeth: handle error due to unsupported transport mode (git-fixes).
s390/qeth: handle error when backing RX buffer (git-fixes).
s390/qeth: lock the card while changing its hsuid (git-fixes).
s390/qeth: support net namespaces for L3 devices (git-fixes).
s390/time: Fix clk type in get_tod_clock (git-fixes).
sch_choke: avoid potential panic in choke_reset() (networking-stable-20_05_12).
sch_sfq: validate silly quantum values (networking-stable-20_05_12).
scripts/decodecode: fix trapping instruction formatting (bsc#1065729).
scripts/dtc: Remove redundant YYLOC global declaration (bsc#1160388).
scripts/git_sort/git_sort.py: add bluetooth/bluetooth-next.git repository
scsi: aacraid: fix a signedness bug (bsc#1174296).
scsi: bnx2i: fix potential use after free (bsc#1171600).
scsi: core: avoid repetitive logging of device offline messages (bsc#1145929).
scsi: core: Handle drivers which set sg_tablesize to zero (bsc#1171601) This commit also required: > scsi: core: avoid preallocating big SGL for data
scsi: core: kABI fix offline_already (bsc#1145929).
scsi: core: save/restore command resid for error handling (bsc#1171602).
scsi: core: scsi_trace: Use get_unaligned_be*() (bsc#1171604).
scsi: core: try to get module before removing device (bsc#1171605).
scsi: csiostor: Adjust indentation in csio_device_reset (bsc#1171606).
scsi: csiostor: Do not enable IRQs too early (bsc#1171607).
scsi: esas2r: unlock on error in esas2r_nvram_read_direct() (bsc#1171608).
scsi: fnic: fix invalid stack access (bsc#1171609).
scsi: fnic: fix msix interrupt allocation (bsc#1171610).
scsi: hisi_sas: fix calls to dma_set_mask_and_coherent() (bsc#1174296).
scsi: ibmvscsi: Do not send host info in adapter info MAD after LPM (bsc#1172759 ltc#184814).
scsi: ibmvscsi: Fix WARN_ON during event pool release (bsc#1170791 ltc#185128).
scsi: iscsi: Avoid potential deadlock in iscsi_if_rx func (bsc#1171611).
scsi: iscsi: Fix a potential deadlock in the timeout handler (bsc#1171612).
scsi: iscsi: qla4xxx: fix double free in probe (bsc#1171613).
scsi: lpfc: Add an internal trace log buffer (bsc#1172687 bsc#1171530).
scsi: lpfc: Add blk_io_poll support for latency improvment (bsc#1172687 bsc#1171530).
scsi: lpfc: Add support to display if adapter dumps are available (bsc#1172687 bsc#1171530).
scsi: lpfc: Allow applications to issue Common Set Features mailbox command (bsc#1172687 bsc#1171530).
scsi: lpfc: Avoid another null dereference in lpfc_sli4_hba_unset() (bsc#1172687 bsc#1171530).
scsi: lpfc: Change default queue allocation for reduced memory consumption (bsc#1164780).
scsi: lpfc: fix: Coverity: lpfc_cmpl_els_rsp(): Null pointer dereferences (bsc#1171614).
scsi: lpfc: Fix crash in target side cable pulls hitting WAIT_FOR_UNREG (bsc#1171615).
scsi: lpfc: Fix inconsistent indenting (bsc#1158983).
scsi: lpfc: Fix interrupt assignments when multiple vectors are supported on same CPU (bsc#1158983).
scsi: lpfc: Fix kdump hang on PPC (bsc#1172687 bsc#1171530).
scsi: lpfc: Fix language in 0373 message to reflect non-error message (bsc#1172687 bsc#1171530).
scsi: lpfc: Fix less-than-zero comparison of unsigned value (bsc#1158983).
scsi: lpfc: Fix lpfc_nodelist leak when processing unsolicited event (bsc#1164780).
scsi: lpfc: Fix MDS Diagnostic Enablement definition (bsc#1164780).
scsi: lpfc: Fix missing MDS functionality (bsc#1172687 bsc#1171530).
scsi: lpfc: Fix negation of else clause in lpfc_prep_node_fc4type (bsc#1164780).
scsi: lpfc: Fix noderef and address space warnings (bsc#1164780).
scsi: lpfc: Fix NVMe rport deregister and registration during ADISC (bsc#1172687 bsc#1171530).
scsi: lpfc: Fix oops due to overrun when reading SLI3 data (bsc#1172687 bsc#1171530).
scsi: lpfc: Fix shost refcount mismatch when deleting vport (bsc#1172687 bsc#1171530).
scsi: lpfc: Fix stack trace seen while setting rrq active (bsc#1172687 bsc#1171530).
scsi: lpfc: Fix unused assignment in lpfc_sli4_bsg_link_diag_test (bsc#1172687 bsc#1171530).
scsi: lpfc: Maintain atomic consistency of queue_claimed flag (bsc#1164780).
scsi: lpfc: remove duplicate unloading checks (bsc#1164780).
scsi: lpfc: Remove re-binding of nvme rport during registration (bsc#1164780).
scsi: lpfc: Remove redundant initialization to variable rc (bsc#1164780).
scsi: lpfc: Remove unnecessary lockdep_assert_held calls (bsc#1164780).
scsi: lpfc: Update lpfc version to 12.8.0.1 (bsc#1164780).
scsi: lpfc: Update lpfc version to 12.8.0.2 (bsc#1158983).
scsi: megaraid_sas: Do not initiate OCR if controller is not in ready state (bsc#1171616).
scsi: megaraid_sas: Fix a compilation warning (bsc#1174296).
scsi: mpt3sas: Fix double free in attach error handling (bsc#1174296).
scsi: qedf: Add port_id getter (bsc#1150660).
scsi: qla2xxx: add ring buffer for tracing debug logs (bsc#1157169).
scsi: qla2xxx: check UNLOADING before posting async work (bsc#1157169).
scsi: qla2xxx: Delete all sessions before unregister local nvme port (bsc#1157169).
scsi: qla2xxx: Do not log message when reading port speed via sysfs (bsc#1157169).
scsi: qla2xxx: Fix a condition in qla2x00_find_all_fabric_devs() (bsc#1174296).
scsi: qla2xxx: Fix hang when issuing nvme disconnect-all in NPIV (bsc#1157169).
scsi: qla2xxx: Fix regression warnings (bsc#1157169).
scsi: qla2xxx: Remove non functional code (bsc#1157169).
scsi: qla2xxx: Set NVMe status code for failed NVMe FCP request (bsc#1158983).
scsi: qla2xxx: set UNLOADING before waiting for session deletion (bsc#1157169).
scsi: qla4xxx: Adjust indentation in qla4xxx_mem_free (bsc#1171617).
scsi: qla4xxx: fix double free bug (bsc#1171618).
scsi: sd: Clear sdkp->protection_type if disk is reformatted without PI (bsc#1171619).
scsi: sg: add sg_remove_request in sg_common_write (bsc#1171620).
scsi: tracing: Fix handling of TRANSFER LENGTH == 0 for READ(6) and WRITE(6) (bsc#1171621).
scsi: ufs: change msleep to usleep_range (bsc#1171622).
scsi: ufs: Clean up ufshcd_scale_clks() and clock scaling error out path (bsc#1171623).
scsi: ufs: Fix ufshcd_hold() caused scheduling while atomic (bsc#1171624).
scsi: ufs: Fix ufshcd_probe_hba() reture value in case ufshcd_scsi_add_wlus() fails (bsc#1171625).
scsi: ufs: Recheck bkops level if bkops is disabled (bsc#1171626).
scsi: zfcp: fix missing erp_lock in port recovery trigger for point-to-point (git-fixes).
sctp: Do not add the shutdown timer if its already been added (networking-stable-20_05_27).
sctp: fix possibly using a bad saddr with a given dst (networking-stable-20_04_02).
sctp: fix refcount bug in sctp_wfree (networking-stable-20_04_02).
sctp: move the format error check out of __sctp_sf_do_9_1_abort (networking-stable-20_03_01).
sctp: Start shutdown on association restart if in SHUTDOWN-SENT state and socket is closed (networking-stable-20_05_27).
selftests/powerpc: Fix build errors in powerpc ptrace selftests (boo#1124278).
Separate one more kABI fixup from the functional change:
seq_file: fix problem when seeking mid-record (bsc#1170125).
serdev: ttyport: restore client ops on deregistration (bsc#1051510).
serial: uartps: Move the spinlock after the read of the tx empty (git-fixes).
sfc: detach from cb_page in efx_copy_channel() (networking-stable-20_03_14).
signal/pid_namespace: Fix reboot_pid_ns to use send_sig not force_sig (bsc#1172185).
slcan: not call free_netdev before rtnl_unlock in slcan_open (networking-stable-20_03_28).
slip: make slhc_compress() more robust against malicious packets (networking-stable-20_03_14).
smb3: Additional compression structures (bsc#1144333).
smb3: Add new compression flags (bsc#1144333).
smb3: change noisy error message to FYI (bsc#1144333).
smb3: enable swap on SMB3 mounts (bsc#1144333).
smb3: Minor cleanup of protocol definitions (bsc#1144333).
smb3: remove overly noisy debug line in signing errors (bsc#1144333).
smb3: smbdirect support can be configured by default (bsc#1144333).
smb3: use SMB2_SIGNATURE_SIZE define (bsc#1144333).
spi: bcm2835: Fix 3-wire mode if DMA is enabled (git-fixes).
spi: bcm63xx-hsspi: Really keep pll clk enabled (bsc#1051510).
spi: bcm-qspi: when tx/rx buffer is NULL set to 0 (bsc#1051510).
spi: dw: Add SPI Rx-done wait method to DMA-based transfer (bsc#1051510).
spi: dw: Add SPI Tx-done wait method to DMA-based transfer (bsc#1051510).
spi: dw: use 'smp_mb()' to avoid sending spi data error (bsc#1051510).
spi: dw: Zero DMA Tx and Rx configurations on stack (bsc#1051510).
spi: fix initial SPI_SR value in spi-fsl-dspi (bsc#1111666).
spi: fsl: do not map irq during probe (git-fixes).
spi: fsl: use platform_get_irq() instead of of_irq_to_resource() (git-fixes).
spi: pxa2xx: Add CS control clock quirk (bsc#1051510).
spi: pxa2xx: Apply CS clk quirk to BXT (bsc#1111666).
spi: qup: call spi_qup_pm_resume_runtime before suspending (bsc#1051510).
spi: spidev: fix a race between spidev_release and spidev_remove (bsc#1111666).
spi: spi-fsl-dspi: Replace interruptible wait queue with a simple completion (git-fixes).
spi: spi-mem: Fix Dual/Quad modes on Octal-capable devices (bsc#1111666).
spi: spi-s3c64xx: Fix system resume support (git-fixes).
spi: spi-sun6i: sun6i_spi_transfer_one(): fix setting of clock rate (bsc#1111666).
spi/zynqmp: remove entry that causes a cs glitch (bsc#1051510).
staging: comedi: dt2815: fix writing hi byte of analog output (bsc#1051510).
staging: comedi: Fix comedi_device refcnt leak in comedi_open (bsc#1051510).
staging: comedi: verify array index is correct before using it (bsc#1111666).
staging: iio: ad2s1210: Fix SPI reading (bsc#1051510).
staging: rtl8188eu: Add ASUS USB-N10 Nano B1 to device table (bsc#1051510).
staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK (bsc#1051510).
staging: sm750fb: add missing case while setting FB_VISUAL (bsc#1051510).
staging: vt6656: Do not set RCR_MULTICAST or RCR_BROADCAST by default (git-fixes).
staging: vt6656: Fix drivers TBTT timing counter (git-fixes).
staging: vt6656: Fix pairwise key entry save (git-fixes).
staging: vt6656: fix sign of rx_dbm to bb_pre_ed_rssi (bsc#1051510).
staging: wlan-ng: fix ODEBUG bug in prism2sta_disconnect_usb (bsc#1051510).
staging: wlan-ng: fix use-after-free Read in hfa384x_usbin_callback (bsc#1051510).
SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202).
SUNRPC: expiry_time should be seconds not timeval (git-fixes).
SUNRPC: Fix a potential buffer overflow in 'svc_print_xprts()' (git-fixes).
SUNRPC: The TCP back channel mustn't disappear while requests are outstanding (bsc#1152624).
supported.conf: Add br_netfilter to base (bsc#1169020).
svcrdma: Fix double svc_rdma_send_ctxt_put() in an error path (bsc#1103992).
svcrdma: Fix leak of transport addresses (git-fixes).
svcrdma: Fix trace point use-after-free race (bsc#1103992 ).
taskstats: fix data-race (bsc#1172188).
tcp: cache line align MAX_TCP_HEADER (networking-stable-20_04_27).
tcp: repair: fix TCP_QUEUE_SEQ implementation (networking-stable-20_03_28).
team: add missing attribute validation for array index (networking-stable-20_03_14).
team: add missing attribute validation for port ifindex (networking-stable-20_03_14).
team: fix hang in team_mode_get() (networking-stable-20_04_27).
tg3: driver sleeps indefinitely when EEH errors exceed eeh_max_freezes (bsc#1173284).
thermal: devfreq_cooling: inline all stubs for CONFIG_DEVFREQ_THERMAL=n (bsc#1051510).
timers: Add a function to start/reduce a timer (networking-stable-20_05_27).
tools lib traceevent: Remove unneeded qsort and uses memmove instead (git-fixes).
tpm: ibmvtpm: retry on H_CLOSED in tpm_ibmvtpm_send() (bsc#1065729).
tpm_tis: extra chip->ops check on error path in tpm_tis_core_init (bsc#1111666).
tpm_tis: Remove the HID IFX0102 (bsc#1111666).
tpm/tpm_tis: Free IRQ if probing fails (bsc#1082555).
tpm/tpm_tis: Free IRQ if probing fails (git-fixes).
tracing: Add a vmalloc_sync_mappings() for safe measure (git-fixes).
tracing: Disable trace_printk() on post poned tests (git-fixes).
tracing: Fix event trigger to accept redundant spaces (git-fixes).
tracing: Fix the race between registering 'snapshot' event trigger and triggering 'snapshot' operation (git-fixes).
tty: evh_bytechan: Fix out of bounds accesses (bsc#1051510).
tty: hvc_console, fix crashes on parallel open/close (git-fixes).
tty: n_gsm: Fix bogus i++ in gsm_data_kick (bsc#1051510).
tty: n_gsm: Fix SOF skipping (bsc#1051510).
tty: n_gsm: Fix waking up upper tty layer when room available (bsc#1051510).
tty: rocket, avoid OOB access (git-fixes).
tty/serial: atmel: manage shutdown in case of RS485 or ISO7816 mode (bsc#1051510).
tty: serial: imx: setup the correct sg entry for tx dma (bsc#1051510).
tun: Do not put_page() for all negative return values from XDP program (bsc#1109837).
tunnel: Propagate ECT(1) when decapsulating as recommended by RFC6040 (networking-stable-20_05_12).
UAS: fix deadlock in error handling and PM flushing work (git-fixes).
UAS: no use logging any details in case of ENODEV (git-fixes).
ubifs: remove broken lazytime support (bsc#1173826).
Update config files: Build w1 bus on arm64 (jsc#SLE-11048)
USB: Add USB_QUIRK_DELAY_CTRL_MSG and USB_QUIRK_DELAY_INIT for Corsair K70 RGB RAPIDFIRE (git-fixes).
usb: add USB_QUIRK_DELAY_INIT for Logitech C922 (git-fixes).
USB: c67x00: fix use after free in c67x00_giveback_urb (bsc#1111666).
USB: cdc-acm: restore capability check order (git-fixes).
usb: chipidea: core: add wakeup support for extcon (bsc#1111666).
USB: core: Fix misleading driver bug report (bsc#1051510).
usb: dwc2: Fix shutdown callback in platform (bsc#1111666).
usb: dwc2: gadget: move gadget resume after the core is in L0 state (bsc#1051510).
USB: dwc3: do not set gadget->is_otg flag (git-fixes).
USB: dwc3: gadget: Do link recovery for SS and SSP (git-fixes).
usb: dwc3: gadget: introduce cancelled_list (git-fixes).
usb: dwc3: gadget: never call ->complete() from ->ep_queue() (git-fixes).
usb: dwc3: gadget: Properly handle ClearFeature(halt) (git-fixes).
usb: dwc3: gadget: Properly handle failed kick_transfer (git-fixes).
USB: early: Handle AMD's spec-compliant identifiers, too (git-fixes).
USB: ehci: reopen solution for Synopsys HC bug (git-fixes).
USB: f_fs: Clear OS Extended descriptor counts to zero in ffs_data_reset() (git-fixes).
USB: gadget: audio: Fix a missing error return value in audio_bind() (git-fixes).
USB: gadget: composite: Inform controller driver of self-powered (git-fixes).
USB: gadget: f_fs: Fix use after free issue as part of queue failure (bsc#1051510).
usb: gadget: fix potential double-free in m66592_probe (bsc#1111666).
USB: gadget: legacy: fix error return code in cdc_bind() (git-fixes).
USB: gadget: legacy: fix error return code in gncm_bind() (git-fixes).
USB: gadget: legacy: fix redundant initialization warnings (bsc#1051510).
usb: gadget: lpc32xx_udc: do not dereference ep pointer before null check (bsc#1051510).
USB: gadget: net2272: Fix a memory leak in an error handling path in 'net2272_plat_probe()' (git-fixes).
usb: gadget: udc: atmel: fix uninitialized read in debug printk (bsc#1111666).
USB: gadget: udc: atmel: Fix vbus disconnect handling (git-fixes).
USB: gadget: udc: atmel: Make some symbols static (git-fixes).
usb: gadget: udc: atmel: remove outdated comment in usba_ep_disable() (bsc#1111666).
USB: gadget: udc: bdc: Remove unnecessary NULL checks in bdc_req_complete (git-fixes).
usb: gadget: udc: Potential Oops in error handling code (bsc#1111666).
USB: gadget: udc: s3c2410_udc: Remove pointless NULL check in s3c2410_udc_nuke (bsc#1051510).
usb: host: ehci-exynos: Fix error check in exynos_ehci_probe() (bsc#1111666).
USB: host: ehci-mxc: Add error handling in ehci_mxc_drv_probe() (bsc#1051510).
USB: host: xhci-plat: keep runtime active when removing host (git-fixes).
USB: hub: Fix handling of connect changes during sleep (git-fixes).
USB: musb: fix crash with highmen PIO and usbmon (bsc#1051510).
usb: musb: Fix runtime PM imbalance on error (bsc#1051510).
usb: musb: start session in resume for host port (bsc#1051510).
USBnet: silence an unnecessary warning (bsc#1170770).
usbnet: smsc95xx: Fix use-after-free after removal (bsc#1111666).
USB: ohci-sm501: Add missed iounmap() in remove (bsc#1111666).
USB: serial: ch341: add new Product ID for CH340 (bsc#1111666).
USB: serial: cypress_m8: enable Simply Automated UPB PIM (bsc#1111666).
USB: serial: garmin_gps: add sanity checking for data length (git-fixes).
USB: serial: io_edgeport: fix slab-out-of-bounds read in edge_interrupt_callback (bsc#1051510).
USB: serial: iuu_phoenix: fix memory corruption (bsc#1111666).
USB: serial: option: add BroadMobi BM806U (git-fixes).
USB: serial: option: add GosunCn GM500 series (bsc#1111666).
USB: serial: option: add Quectel EG95 LTE modem (bsc#1111666).
USB: serial: option: add support for ASKEY WWHC050 (git-fixes).
USB: serial: option: add Telit LE910C1-EUX compositions (bsc#1051510).
USB: serial: option: add Wistron Neweb D19Q1 (git-fixes).
USB: serial: qcserial: add DW5816e QDL support (bsc#1051510).
USB: serial: qcserial: Add DW5816e support (git-fixes).
USB: serial: usb_wwan: do not resubmit rx urb on fatal errors (bsc#1051510).
USB: serial: usb_wwan: do not resubmit rx urb on fatal errors (git-fixes).
USB: sisusbvga: Change port variable from signed to unsigned (git-fixes).
usb-storage: Add unusual_devs entry for JMicron JMS566 (git-fixes).
USB: uas: add quirk for LaCie 2Big Quadra (git-fixes).
USB: xhci: Fix NULL pointer dereference when enqueuing trbs from urb sg list (git-fixes).
vfio/pci: Fix SR-IOV VF handling with MMIO blocking (bsc#1174123).
vfs: Fix EOVERFLOW testing in put_compat_statfs64 (bnc#1151927 5.3.6).
video: fbdev: sis: Remove unnecessary parentheses and commented code (bsc#1114279)
video: fbdev: w100fb: Fix a potential double free (bsc#1051510).
virtio-blk: handle block_device_operations callbacks after hot unplug (git fixes (block drivers)).
virtio: virtio_console: add missing MODULE_DEVICE_TABLE() for rproc serial (git-fixes).
vmxnet3: add geneve and vxlan tunnel offload support (bsc#1172484).
vmxnet3: add support to get/set rx flow hash (bsc#1172484).
vmxnet3: allow rx flow hash ops only when rss is enabled (bsc#1172484).
vmxnet3: avoid format strint overflow warning (bsc#1172484).
vmxnet3: prepare for version 4 changes (bsc#1172484).
vmxnet3: Remove always false conditional statement (bsc#1172484).
vmxnet3: remove redundant initialization of pointer 'rq' (bsc#1172484).
vmxnet3: remove unused flag 'rxcsum' from struct vmxnet3_adapter (bsc#1172484).
vmxnet3: Replace msleep(1) with usleep_range() (bsc#1172484).
vmxnet3: update to version 4 (bsc#1172484).
vmxnet3: use correct hdr reference when packet is encapsulated (bsc#1172484).
vrf: Check skb for XFRM_TRANSFORMED flag (networking-stable-20_04_27).
vsock: fix timeout in vsock_accept() (networking-stable-20_06_07).
vt: ioctl, switch VT_IS_IN_USE and VT_BUSY to inlines (git-fixes).
vt: selection, introduce vc_is_sel (git-fixes).
vt: vt_ioctl: fix race in VT_RESIZEX (git-fixes).
vt: vt_ioctl: fix use-after-free in vt_in_use() (git-fixes).
vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console (git-fixes).
vxlan: Avoid infinite loop when suppressing NS messages with invalid options (git-fixes).
vxlan: check return value of gro_cells_init() (networking-stable-20_03_28).
w1: Add subsystem kernel public interface (jsc#SLE-11048).
w1: Fix slave count on 1-Wire bus (resend) (jsc#SLE-11048).
w1: keep balance of mutex locks and refcnts (jsc#SLE-11048).
w1: omap-hdq: cleanup to add missing newline for some dev_dbg (bsc#1051510).
w1: use put_device() if device_register() fail (jsc#SLE-11048).
watchdog: reset last_hw_keepalive time at start (git-fixes).
watchdog: sp805: fix restart handler (bsc#1111666).
wcn36xx: Fix error handling path in 'wcn36xx_probe()' (bsc#1051510).
wil6210: add general initialization/size checks (bsc#1111666).
wil6210: check rx_buff_mgmt before accessing it (bsc#1111666).
wil6210: ignore HALP ICR if already handled (bsc#1111666).
wil6210: make sure Rx ring sizes are correlated (git-fixes).
wil6210: remove reset file from debugfs (git-fixes).
wimax/i2400m: Fix potential urb refcnt leak (bsc#1051510).
work around mvfs bug (bsc#1162063).
workqueue: do not use wq_select_unbound_cpu() for bound works (bsc#1172130).
x86/apic: Install an empty physflat_init_apic_ldr (bsc#1163309).
x86/cpu/amd: Make erratum #1054 a legacy erratum (bsc#1114279).
x86/entry/64: Fix unwind hints in kernel exit path (bsc#1058115).
x86/entry/64: Fix unwind hints in register clearing code (bsc#1058115).
x86/entry/64: Fix unwind hints in rewind_stack_do_exit() (bsc#1058115).
x86/entry/64: Fix unwind hints in __switch_to_asm() (bsc#1058115).
x86/events/intel/ds: Add PERF_SAMPLE_PERIOD into PEBS_FREERUNNING_FLAGS (git-fixes).
x86: Fix early boot crash on gcc-10, third try (bsc#1114279).
x86/hyperv: Allow guests to enable InvariantTSC (bsc#1170621, bsc#1170620).
x86/Hyper-V: Free hv_panic_page when fail to register kmsg dump (bsc#1170617, bsc#1170618).
x86/Hyper-V: Report crash data in die() when panic_on_oops is set (bsc#1170617, bsc#1170618).
x86/Hyper-V: Report crash register data or kmsg before running crash kernel (bsc#1170617, bsc#1170618).
x86/Hyper-V: Report crash register data when sysctl_record_panic_msg is not set (bsc#1170617, bsc#1170618).
x86: hyperv: report value of misc_features (git fixes).
x86/Hyper-V: Trigger crash enlightenment only once during system crash (bsc#1170617, bsc#1170618).
x86/Hyper-V: Unload vmbus channel in hv panic callback (bsc#1170617, bsc#1170618).
x86/kprobes: Avoid kretprobe recursion bug (bsc#1114279).
x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned (bsc#1172257).
x86/reboot/quirks: Add MacBook6,1 reboot quirk (bsc#1114279).
x86/resctrl: Fix invalid attempt at removing the default resource group (git-fixes).
x86/resctrl: Preserve CDP enable over CPU hotplug (bsc#1114279).
x86/unwind/orc: Do not skip the first frame for inactive tasks (bsc#1058115).
x86/unwind/orc: Fix error handling in __unwind_start() (bsc#1058115).
x86/unwind/orc: Fix error path for bad ORC entry type (bsc#1058115).
x86/unwind/orc: Fix unwind_get_return_address_ptr() for inactive tasks (bsc#1058115).
x86/unwind/orc: Prevent unwinding before ORC initialization (bsc#1058115).
x86/unwind: Prevent false warnings for non-current tasks (bsc#1058115).
x86/xen: fix booting 32-bit pv guest (bsc#1071995).
x86/xen: Make the boot CPU idle task reliable (bsc#1071995).
x86/xen: Make the secondary CPU idle tasks reliable (bsc#1071995).
xen/blkfront: fix memory allocation flags in blkfront_setup_indirect() (bsc#1168486).
xen/pci: reserve MCFG areas earlier (bsc#1170145).
xfrm: Always set XFRM_TRANSFORMED in xfrm{4,6}_output_finish (networking-stable-20_04_27).
xfrm: fix error in comment (git fixes).
xfs: clear PF_MEMALLOC before exiting xfsaild thread (git-fixes).
xfs: Correctly invert xfs_buftarg LRU isolation logic (git-fixes).
xfs: do not ever return a stale pointer from __xfs_dir3_free_read (git-fixes).
xhci: Fix incorrect EP_STATE_MASK (git-fixes).
xprtrdma: Fix completion wait during device removal (git-fixes).

Advisory ID	SUSE-SU-2020:2631-1
Released	Mon Sep 14 18:34:43 2020
Summary	Security update for the Linux Kernel
Type	security
Severity	important
References	1065729,1071995,1074701,1083548,1085030,1085235,1085308,1087078,1100394,1102640,1105412,1111666,1112178,1113956,1120163,1133021,1144333,1169790,1171688,1172108,1172247,1172418,1172428,1172781,1172782,1172783,1172871,1172872,1172963,1173485,1173798,1173954,1174003,1174026,1174070,1174161,1174205,1174247,1174298,1174299,1174387,1174484,1174547,1174549,1174550,1174625,1174658,1174685,1174689,1174699,1174734,1174757,1174771,1174840,1174841,1174843,1174844,1174845,1174852,1174873,1174887,1174904,1174926,1174968,1175062,1175063,1175064,1175065,1175066,1175067,1175112,1175127,1175128,1175149,1175199,1175213,1175228,1175232,1175284,1175393,1175394,1175396,1175397,1175398,1175399,1175400,1175401,1175402,1175403,1175404,1175405,1175406,1175407,1175408,1175409,1175410,1175411,1175412,1175413,1175414,1175415,1175416,1175417,1175418,1175419,1175420,1175421,1175422,1175423,1175440,1175493,1175515,1175518,1175526,1175550,1175654,1175666,1175668,1175669,1175670,1175767,1175768,1175769,1175770,1175771,1175772,1175786,1175873,1175992,CVE-2020-14314,CVE-2020-14331,CVE-2020-14356,CVE-2020-16166,CVE-2020-24394

Description:

The SUSE Linux Enterprise 15 SP1 realtime kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

CVE-2020-14314: Fixed a potential negative array index in do_split() (bsc#1173798).
CVE-2020-14356: Fixed a null pointer dereference in cgroupv2 subsystem which could have led to privilege escalation (bsc#1175213).
CVE-2020-14331: Fixed a missing check in vgacon scrollback handling (bsc#1174205).
CVE-2020-16166: Fixed a potential issue which could have allowed remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG (bsc#1174757).
CVE-2020-24394: Fixed an issue which could set incorrect permissions on new filesystem objects when the filesystem lacks ACL support (bsc#1175518).

The following non-security bugs were fixed:

af_key: pfkey_dump needs parameter validation (git-fixes).
agp/intel: Fix a memory leak on module initialisation failure (git-fixes).
ACPI: kABI fixes for subsys exports (bsc#1174968).
ACPI / LPSS: Resume BYT/CHT I2C controllers from resume_noirq (bsc#1174968).
ACPI / LPSS: Use acpi_lpss_* instead of acpi_subsys_* functions for hibernate (bsc#1174968).
ACPI: PM: Introduce 'poweroff' callbacks for ACPI PM domain and LPSS (bsc#1174968).
ACPI: PM: Simplify and fix PM domain hibernation callbacks (bsc#1174968).
ALSA: core: pcm_iec958: fix kernel-doc (bsc#1111666).
ALSA: echoaduio: Drop superfluous volatile modifier (bsc#1111666).
ALSA: echoaudio: Fix potential Oops in snd_echo_resume() (bsc#1111666).
ALSA: hda: Add support for Loongson 7A1000 controller (bsc#1111666).
ALSA: hda/ca0132 - Add new quirk ID for Recon3D (bsc#1111666).
ALSA: hda/ca0132 - Fix AE-5 microphone selection commands (bsc#1111666).
ALSA: hda/ca0132 - Fix ZxR Headphone gain control get value (bsc#1111666).
ALSA: hda: fix NULL pointer dereference during suspend (git-fixes).
ALSA: hda: fix snd_hda_codec_cleanup() documentation (bsc#1111666).
ALSA: hda - fix the micmute led status for Lenovo ThinkCentre AIO (bsc#1111666).
ALSA: hda/realtek: Add alc269/alc662 pin-tables for Loongson-3 laptops (bsc#1111666).
ALSA: hda/realtek: Add model alc298-samsung-headphone (git-fixes).
ALSA: hda/realtek: Add mute LED and micmute LED support for HP systems (bsc#1111666).
ALSA: hda/realtek - Add quirk for Lenovo Carbon X1 8th gen (bsc#1111666).
ALSA: hda/realtek - Add quirk for MSI GE63 laptop (bsc#1111666).
ALSA: hda/realtek - Add quirk for MSI GL63 (bsc#1111666).
ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion (git-fixes).
ALSA: hda/realtek: Add quirk for Samsung Galaxy Flex Book (git-fixes).
ALSA: hda/realtek - change to suitable link model for ASUS platform (bsc#1111666).
ALSA: hda/realtek - Check headset type by unplug and resume (bsc#1111666).
ALSA: hda/realtek - Enable audio jacks of Acer vCopperbox with ALC269VC (bsc#1111666).
ALSA: hda/realtek: Enable headset mic of Acer C20-820 with ALC269VC (bsc#1111666).
ALSA: hda/realtek: Enable headset mic of Acer TravelMate B311R-31 with ALC256 (bsc#1111666).
ALSA: hda/realtek: Enable headset mic of Acer Veriton N4660G with ALC269VC (bsc#1111666).
ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G14(G401) series with ALC289 (bsc#1111666).
ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G15(GA502) series with ALC289 (bsc#1111666).
ALSA: hda/realtek - Enable Speaker for ASUS UX563 (bsc#1111666).
ALSA: hda/realtek: Fix add a 'ultra_low_power' function for intel reference board (alc256) (bsc#1111666).
ALSA: hda/realtek: Fixed ALC298 sound bug by adding quirk for Samsung Notebook Pen S (bsc#1111666).
ALSA: hda/realtek - Fixed HP right speaker no sound (bsc#1111666).
ALSA: hda/realtek - Fix Lenovo Thinkpad X1 Carbon 7th quirk subdevice id (bsc#1111666).
ALSA: hda/realtek: Fix pin default on Intel NUC 8 Rugged (bsc#1111666).
ALSA: hda/realtek - Fix unused variable warning (bsc#1111666).
ALSA: hda/realtek: typo_fix: enable headset mic of ASUS ROG Zephyrus G14(GA401) series with ALC289 (bsc#1111666).
ALSA: hda - reverse the setting value in the micmute_led_set (bsc#1111666).
ALSA: hda: Workaround for spurious wakeups on some Intel platforms (git-fixes).
ALSA: pci: delete repeated words in comments (bsc#1111666).
ALSA: seq: oss: Serialize ioctls (bsc#1111666).
ALSA: usb-audio: Add capture support for Saffire 6 (USB 1.1) (git-fixes).
ALSA: usb-audio: add quirk for Pioneer DDJ-RB (bsc#1111666).
ALSA: usb-audio: add startech usb audio dock name (bsc#1111666).
ALSA: usb-audio: Add support for Lenovo ThinkStation P620 (bsc#1111666).
ALSA: usb-audio: Creative USB X-Fi Pro SB1095 volume knob support (bsc#1111666).
ALSA: usb-audio: Disable Lenovo P620 Rear line-in volume control (bsc#1111666).
ALSA: usb-audio: endpoint : remove needless check before usb_free_coherent() (bsc#1111666).
ALSA: usb-audio: fix overeager device match for MacroSilicon MS2109 (bsc#1174625).
ALSA: usb-audio: fix spelling mistake 'buss' -> 'bus' (bsc#1111666).
ALSA: usb-audio: ignore broken processing/extension unit (git-fixes).
ALSA: usb-audio: Update documentation comment for MS2109 quirk (git-fixes).
ALSA: usb-audio: work around streaming quirk for MacroSilicon MS2109 (bsc#1111666).
ALSA: usb/line6: remove 'defined but not used' warning (bsc#1111666).
arm64: Add MIDR encoding for HiSilicon Taishan CPUs (bsc#1174547).
arm64: Add MIDR encoding for NVIDIA CPUs (bsc#1174547).
arm64: add sysfs vulnerability show for meltdown (bsc#1174547).
arm64: Add sysfs vulnerability show for spectre-v1 (bsc#1174547).
arm64: add sysfs vulnerability show for spectre-v2 (bsc#1174547).
arm64: add sysfs vulnerability show for speculative store bypass (bsc#1174547).
arm64: Advertise mitigation of Spectre-v2, or lack thereof (bsc#1174547).
arm64: Always enable spectre-v2 vulnerability detection (bsc#1174547).
arm64: Always enable ssb vulnerability detection (bsc#1174547).
arm64: backtrace: Do not bother trying to unwind the userspace stack (bsc#1175397).
arm64: capabilities: Add NVIDIA Denver CPU to bp_harden list (bsc#1174547).
arm64: capabilities: Merge duplicate Cavium erratum entries (bsc#1174547).
arm64: capabilities: Merge entries for ARM64_WORKAROUND_CLEAN_CACHE (bsc#1174547).
arm64: cpufeature: Enable Qualcomm Falkor/Kryo errata 1003 (bsc#1175398).
arm64: Do not mask out PTE_RDONLY in pte_same() (bsc#1175393).
arm64: enable generic CPU vulnerabilites support (bsc#1174547).
arm64: Ensure VM_WRITE|VM_SHARED ptes are clean by default (bsc#1175394).
arm64: errata: Do not define type field twice for arm64_errata entries (bsc#1174547).
arm64: errata: Update stale comment (bsc#1174547).
arm64: Get rid of __smccc_workaround_1_hvc_* (bsc#1174547).
arm64: kpti: Avoid rewriting early page tables when KASLR is enabled (bsc#1174547).
arm64: kpti: Update arm64_kernel_use_ng_mappings() when forced on (bsc#1174547).
arm64: kpti: Whitelist Cortex-A CPUs that do not implement the CSV3 field (bsc#1174547).
arm64: kpti: Whitelist HiSilicon Taishan v110 CPUs (bsc#1174547).
arm64: KVM: Avoid setting the upper 32 bits of VTCR_EL2 to 1 (bsc#1133021).
arm64: KVM: Guests can skip __install_bp_hardening_cb()s HYP work (bsc#1174547).
arm64: KVM: Use SMCCC_ARCH_WORKAROUND_1 for Falkor BP hardening (bsc#1174547).
arm64: mm: Fix pte_mkclean, pte_mkdirty semantics (bsc#1175526).
arm64: Provide a command line to disable spectre_v2 mitigation (bsc#1174547).
arm64: Silence clang warning on mismatched value/register sizes (bsc#1175396).
arm64/speculation: Support 'mitigations=' cmdline option (bsc#1174547).
arm64: ssbs: Do not treat CPUs with SSBS as unaffected by SSB (bsc#1174547).
arm64: ssbs: Fix context-switch when SSBS is present on all CPUs (bsc#1175669).
arm64/sve: Fix wrong free for task->thread.sve_state (bsc#1175400).
arm64: tlbflush: avoid writing RES0 bits (bsc#1175402).
arm64: Use firmware to detect CPUs that are not affected by Spectre-v2 (bsc#1174547).
ARM: KVM: invalidate BTB on guest exit for Cortex-A12/A17 (bsc#1133021).
ARM: KVM: invalidate icache on guest exit for Cortex-A15 (bsc#1133021).
ARM: spectre-v2: KVM: invalidate icache on guest exit for Brahma B15 (bsc#1133021).
ASoC: hda/tegra: Set buffer alignment to 128 bytes (bsc#1111666).
ASoC: intel: Fix memleak in sst_media_open (git-fixes).
ASoC: rt5670: Correct RT5670_LDO_SEL_MASK (git-fixes).
AX.25: Fix out-of-bounds read in ax25_connect() (git-fixes).
AX.25: Prevent integer overflows in connect and sendmsg (git-fixes).
AX.25: Prevent out-of-bounds read in ax25_sendmsg() (git-fixes).
ax88172a: fix ax88172a_unbind() failures (git-fixes).
b43: Remove uninitialized_var() usage (git-fixes).
block: Fix use-after-free in blkdev_get() (bsc#1174843).
Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt() (bsc#1111666).
Bluetooth: Fix update of connection state in `hci_encrypt_cfm` (git-fixes).
Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt() (bsc#1111666).
Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt() (bsc#1111666).
bonding: fix active-backup failover for current ARP slave (bsc#1174771).
bonding: fix a potential double-unregister (git-fixes).
bonding: show saner speed for broadcast mode (git-fixes).
bpf: Fix map leak in HASH_OF_MAPS map (git-fixes).
brcmfmac: keep SDIO watchdog running when console_interval is non-zero (bsc#1111666).
brcmfmac: set state of hanger slot to FREE when flushing PSQ (bsc#1111666).
brcmfmac: To fix Bss Info flag definition Bug (bsc#1111666).
btrfs: change timing for qgroup reserved space for ordered extents to fix reserved space leak (bsc#1172247).
btrfs: file: reserve qgroup space after the hole punch range is locked (bsc#1172247).
btrfs: fix a block group ref counter leak after failure to remove block group (bsc#1175149).
btrfs: fix block group leak when removing fails (bsc#1175149).
btrfs: fix bytes_may_use underflow when running balance and scrub in parallel (bsc#1175149).
btrfs: fix corrupt log due to concurrent fsync of inodes with shared extents (bsc#1175149).
btrfs: fix data block group relocation failure due to concurrent scrub (bsc#1175149).
btrfs: fix double free on ulist after backref resolution failure (bsc#1175149).
btrfs: fix fatal extent_buffer readahead vs releasepage race (bsc#1175149).
btrfs: fix memory leaks after failure to lookup checksums during inode logging (bsc#1175550).
btrfs: fix page leaks after failure to lock page for delalloc (bsc#1175149).
btrfs: fix race between block group removal and block group creation (bsc#1175149).
btrfs: fix space_info bytes_may_use underflow after nocow buffered write (bsc#1175149).
btrfs: fix space_info bytes_may_use underflow during space cache writeout (bsc#1175149).
btrfs: fix wrong file range cleanup after an error filling dealloc range (bsc#1175149).
btrfs: inode: fix NULL pointer dereference if inode does not need compression (bsc#1174484).
btrfs: inode: move qgroup reserved space release to the callers of insert_reserved_file_extent() (bsc#1172247).
btrfs: inode: refactor the parameters of insert_reserved_file_extent() (bsc#1172247).
btrfs: make btrfs_ordered_extent naming consistent with btrfs_file_extent_item (bsc#1172247).
btrfs: Open code btrfs_write_and_wait_marked_extents (bsc#1175149).
btrfs: qgroup: allow to unreserve range without releasing other ranges (bsc#1120163).
btrfs: qgroup: fix data leak caused by race between writeback and truncate (bsc#1172247).
btrfs: qgroup: remove ASYNC_COMMIT mechanism in favor of reserve retry-after-EDQUOT (bsc#1120163).
btrfs: qgroup: try to flush qgroup space when we get -EDQUOT (bsc#1120163).
btrfs: Rename and export clear_btree_io_tree (bsc#1175149).
btrfs: treat RWF_{,D}SYNC writes as sync for CRCs (bsc#1175493).
bus: hisi_lpc: Add .remove method to avoid driver unbind crash (bsc#1174658).
bus: hisi_lpc: Do not fail probe for unrecognised child devices (bsc#1174658).
bus: hisi_lpc: Unregister logical PIO range to avoid potential use-after-free (bsc#1174658).
cdc-acm: Add DISABLE_ECHO quirk for Microchip/SMSC chip (git-fixes).
cfg80211: check vendor command doit pointer before use (git-fixes).
cifs: document and cleanup dfs mount (bsc#1144333 bsc#1172428).
cifs: Fix an error pointer dereference in cifs_mount() (bsc#1144333 bsc#1172428).
cifs: fix double free error on share and prefix (bsc#1144333 bsc#1172428).
cifs: handle empty list of targets in cifs_reconnect() (bsc#1144333 bsc#1172428).
cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1144333 bsc#1172428).
cifs: merge __{cifs,smb2}_reconnect[_tcon]() into cifs_tree_connect() (bsc#1144333 bsc#1172428).
cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#1144333 bsc#1172428).
cifs: reduce number of referral requests in DFS link lookups (bsc#1144333 bsc#1172428).
cifs: rename reconn_inval_dfs_target() (bsc#1144333 bsc#1172428).
clk: at91: clk-generated: check best_rate against ranges (bsc#1111666).
clk: clk-atlas6: fix return value check in atlas6_clk_init() (bsc#1111666).
clk: iproc: round clock rate to the closest (bsc#1111666).
clk: spear: Remove uninitialized_var() usage (git-fixes).
clk: st: Remove uninitialized_var() usage (git-fixes).
config: arm64: enable CONFIG_IOMMU_DEFAULT_PASSTHROUGH References: bsc#1174549
console: newport_con: fix an issue about leak related system resources (git-fixes).
crypto: ccp - Fix use of merged scatterlists (git-fixes).
crypto: cpt - do not sleep of CRYPTO_TFM_REQ_MAY_SLEEP was not specified (git-fixes).
crypto: qat - fix double free in qat_uclo_create_batch_init_list (git-fixes).
crypto: rockchip - fix scatterlist nents error (git-fixes).
crypto: stm32/crc32 - fix ext4 chksum BUG_ON() (git-fixes).
crypto: talitos - check AES key size (git-fixes).
crypto: talitos - fix ablkcipher for CONFIG_VMAP_STACK (git-fixes).
crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req() (git-fixes).
dev: Defer free of skbs in flush_backlog (git-fixes).
devres: keep both device name and resource name in pretty name (git-fixes).
dlm: Fix kobject memleak (bsc#1175768).
dlm: remove BUG() before panic() (bsc#1174844).
dmaengine: fsl-edma: Fix NULL pointer exception in fsl_edma_tx_handler (git-fixes).
Documentation/networking: Add net DIM documentation (bsc#1174852).
dpaa2-eth: Fix passing zero to 'PTR_ERR' warning (bsc#1175403).
dpaa2-eth: free already allocated channels on probe defer (bsc#1175404).
dpaa2-eth: prevent array underflow in update_cls_rule() (bsc#1175405).
dpaa_eth: add dropped frames to percpu ethtool stats (bsc#1174550).
dpaa_eth: add newline in dev_err() msg (bsc#1174550).
dpaa_eth: avoid timestamp read on error paths (bsc#1175406).
dpaa_eth: change DMA device (bsc#1174550).
dpaa_eth: cleanup skb_to_contig_fd() (bsc#1174550).
dpaa_eth: defer probing after qbman (bsc#1174550).
dpaa_eth: extend delays in ndo_stop (bsc#1174550).
dpaa_eth: fix DMA mapping leak (bsc#1174550).
dpaa_eth: Fix one possible memleak in dpaa_eth_probe (bsc#1174550).
dpaa_eth: FMan erratum A050385 workaround (bsc#1174550).
dpaa_eth: perform DMA unmapping before read (bsc#1175407).
dpaa_eth: register a device link for the qman portal used (bsc#1174550).
dpaa_eth: remove netdev_err() for user errors (bsc#1174550).
dpaa_eth: remove redundant code (bsc#1174550).
dpaa_eth: simplify variables used in dpaa_cleanup_tx_fd() (bsc#1174550).
dpaa_eth: use a page to store the SGT (bsc#1174550).
dpaa_eth: use fd information in dpaa_cleanup_tx_fd() (bsc#1174550).
dpaa_eth: use only one buffer pool per interface (bsc#1174550).
dpaa_eth: use page backed rx buffers (bsc#1174550).
driver core: Avoid binding drivers to dead devices (git-fixes).
Drivers: hv: vmbus: Fix virt_to_hvpfn() for X86_PAE (git-fixes).
Drivers: hv: vmbus: Only notify Hyper-V for die events that are oops (bsc#1175127, bsc#1175128).
drivers/perf: hisi: Fix typo in events attribute array (bsc#1175408).
drivers/perf: hisi: Fixup one DDRC PMU register offset (bsc#1175410).
drivers/perf: hisi: Fix wrong value for all counters enable (bsc#1175409).
drm: Added orientation quirk for ASUS tablet model T103HAF (bsc#1111666).
drm/amd/display: fix pow() crashing when given base 0 (git-fixes).
drm/amdgpu: avoid dereferencing a NULL pointer (bsc#1111666).
drm/amdgpu: Fix bug where DPM is not enabled after hibernate and resume (bsc#1111666).
drm/amdgpu: Fix NULL dereference in dpm sysfs handlers (bsc#1113956)
drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl() (git-fixes).
drm/amdgpu: Replace invalid device ID with a valid device ID (bsc#1113956)
drm/arm: fix unintentional integer overflow on left shift (git-fixes).
drm/bridge: dw-hdmi: Do not cleanup i2c adapter and ddc ptr in (bsc#1113956)
drm/bridge: sil_sii8620: initialize return of sii8620_readb (git-fixes).
drm/dbi: Fix SPI Type 1 (9-bit) transfer (bsc#1113956)
drm/debugfs: fix plain echo to connector 'force' attribute (bsc#1111666).
drm/etnaviv: Fix error path on failure to enable bus clk (git-fixes).
drm/etnaviv: fix ref count leak via pm_runtime_get_sync (bsc#1111666).
drm: fix drm_dp_mst_port refcount leaks in drm_dp_mst_allocate_vcpi (bsc#1112178)
drm: hold gem reference until object is no longer accessed (bsc#1113956)
drm/imx: fix use after free (git-fixes).
drm/imx: imx-ldb: Disable both channels for split mode in enc->disable() (git-fixes).
drm/imx: tve: fix regulator_disable error path (git-fixes).
drm/mipi: use dcs write for mipi_dsi_dcs_set_tear_scanline (git-fixes).
drm/msm: ratelimit crtc event overflow error (bsc#1111666).
drm/nouveau/fbcon: fix module unload when fbcon init has failed for some reason (git-fixes).
drm/nouveau/fbcon: zero-initialise the mode_cmd2 structure (git-fixes).
drm/nouveau: fix multiple instances of reference count leaks (bsc#1111666).
drm/panel: otm8009a: Drop unnessary backlight_device_unregister() (git-fixes).
drm: panel: simple: Fix bpc for LG LB070WV8 panel (git-fixes).
drm/radeon: disable AGP by default (bsc#1111666).
drm/radeon: fix array out-of-bounds read and write issues (git-fixes).
drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync (bsc#1111666).
drm/rockchip: fix VOP_WIN_GET macro (bsc#1175411).
drm/ttm/nouveau: do not call tt destroy callback on alloc failure (bsc#1175232).
drm/vmwgfx: Fix two list_for_each loop exit tests (bsc#1111666).
drm/vmwgfx: Use correct vmw_legacy_display_unit pointer (bsc#1111666).
efi/memreserve: deal with memreserve entries in unmapped memory (bsc#1174685).
ext4: check journal inode extents more carefully (bsc#1173485).
ext4: do not allow overlapping system zones (bsc#1173485).
ext4: fix checking of directory entry validity for inline directories (bsc#1175771).
ext4: fix EXT_MAX_EXTENT/INDEX to check for zeroed eh_max (bsc#1174840).
ext4: handle error of ext4_setup_system_zone() on remount (bsc#1173485).
fat: do not allow to mount if the FAT length == 0 (bsc#1174845).
fbdev: Detect integer underflow at 'struct fbcon_ops'->clear_margins. (bsc#1112178)
firmware: google: check if size is valid when decoding VPD data (git-fixes).
firmware: google: increment VPD key_len properly (git-fixes).
fpga: dfl: fix bug in port reset handshake (git-fixes).
fsl/fman: add API to get the device behind a fman port (bsc#1174550).
fsl/fman: detect FMan erratum A050385 (bsc#1174550).
fsl/fman: do not touch liodn base regs reserved on non-PAMU SoCs (bsc#1174550).
fsl/fman: remove unused struct member (bsc#1174550).
fuse: fix memleak in cuse_channel_open (bsc#1174926).
fuse: fix missing unlock_page in fuse_writepage() (bsc#1174904).
fuse: Fix parameter for FS_IOC_{GET,SET}FLAGS (bsc#1175062).
fuse: fix weird page warning (bsc#1175063).
fuse: flush dirty data/metadata before non-truncate setattr (bsc#1175064).
fuse: truncate pending writes on O_TRUNC (bsc#1175065).
fuse: verify attributes (bsc#1175066).
fuse: verify nlink (bsc#1175067).
genetlink: remove genl_bind (networking-stable-20_07_17).
go7007: add sanity checking for endpoints (git-fixes).
gpu: host1x: debug: Fix multiple channels emitting messages simultaneously (bsc#1111666).
HID: hiddev: fix mess in hiddev_open() (git-fixes).
HISI LPC: Re-Add ACPI child enumeration support (bsc#1174658).
HISI LPC: Stop using MFD APIs (bsc#1174658).
hv_netvsc: do not use VF device if link is down (git-fixes).
hv_netvsc: Fix error handling in netvsc_attach() (git-fixes).
hv_netvsc: Fix extra rcu_read_unlock in netvsc_recv_callback() (git-fixes).
hv_netvsc: Fix the queue_mapping in netvsc_vf_xmit() (git-fixes).
hv_netvsc: Fix unwanted wakeup in netvsc_attach() (git-fixes).
hv_netvsc: Remove 'unlikely' from netvsc_select_queue (git-fixes).
i2c: rcar: slave: only send STOP event when we have been addressed (bsc#1111666).
i40e: Fix crash during removing i40e driver (git-fixes).
i40e: Set RX_ONLY mode for unicast promiscuous on VLAN (git-fixes).
ibmveth: Fix use of ibmveth in a bridge (bsc#1174387 ltc#187506).
ibmvnic: Fix IRQ mapping disposal in error path (bsc#1175112 ltc#187459).
ibmvnic fix NULL tx_pools and rx_tools issue at do_reset (bsc#1175873 ltc#187922).
include/linux/poison.h: remove obsolete comment (git fixes (poison)).
Input: psmouse - add a newline when printing 'proto' by sysfs (git-fixes).
Input: sentelic - fix error return when fsp_reg_write fails (bsc#1111666).
integrity: remove redundant initialization of variable ret (git-fixes).
io-mapping: indicate mapping failure (git-fixes).
ip6_gre: fix null-ptr-deref in ip6gre_init_net() (git-fixes).
ip6_gre: fix use-after-free in ip6gre_tunnel_lookup() (networking-stable-20_06_28).
ip6_tunnel: allow not to count pkts on tstats by passing dev as NULL (bsc#1175515).
ip_tunnel: allow not to count pkts on tstats by setting skb's dev to NULL (bsc#1175515).
ip_tunnel: Emit events for post-register MTU changes (git-fixes).
ip_tunnel: fix use-after-free in ip_tunnel_lookup() (networking-stable-20_06_28).
ip_tunnel: restore binding to ifaces with a large mtu (git-fixes).
ipv4: fill fl4_icmp_{type,code} in ping_v4_sendmsg (networking-stable-20_07_17).
ipv4: Silence suspicious RCU usage warning (git-fixes).
ipv6: fix memory leaks on IPV6_ADDRFORM path (git-fixes).
ipvlan: fix device features (git-fixes).
ipvs: allow connection reuse for unconfirmed conntrack (git-fixes).
ipvs: fix refcount usage for conns in ops mode (git-fixes).
ipvs: fix the connection sync failed in some cases (bsc#1174699).
irqchip/gic: Atomically update affinity (bsc#1111666).
iwlegacy: Check the return value of pcie_capability_read_*() (bsc#1111666).
jbd2: add the missing unlock_buffer() in the error path of jbd2_write_superblock() (bsc#1175772).
kABI: genetlink: remove genl_bind (kabi).
kernel/cpu_pm: Fix uninitted local in cpu_pm (git fixes (kernel/pm)).
kernel/relay.c: fix memleak on destroy relay channel (git-fixes).
kernfs: do not call fsnotify() with name without a parent (bsc#1175770).
KVM: arm64: Ensure 'params' is initialised when looking up sys register (bsc#1133021).
KVM: arm64: Stop clobbering x0 for HVC_SOFT_RESTART (bsc#1133021).
KVM: arm/arm64: Fix young bit from mmu notifier (bsc#1133021).
KVM: arm/arm64: vgic: Do not rely on the wrong pending table (bsc#1133021).
KVM: arm/arm64: vgic-its: Fix restoration of unmapped collections (bsc#1133021).
KVM: arm: Fix DFSR setting for non-LPAE aarch32 guests (bsc#1133021).
KVM: arm: Make inject_abt32() inject an external abort instead (bsc#1133021).
kvm: Change offset in kvm_write_guest_offset_cached to unsigned (bsc#1133021).
KVM: Check for a bad hva before dropping into the ghc slow path (bsc#1133021).
KVM: PPC: Book3S PR: Remove uninitialized_var() usage (bsc#1065729).
l2tp: remove skb_dst_set() from l2tp_xmit_skb() (networking-stable-20_07_17).
leds: 88pm860x: fix use-after-free on unbind (git-fixes).
leds: core: Flush scheduled work for system suspend (git-fixes).
leds: da903x: fix use-after-free on unbind (git-fixes).
leds: lm3533: fix use-after-free on unbind (git-fixes).
leds: lm355x: avoid enum conversion warning (git-fixes).
leds: wm831x-status: fix use-after-free on unbind (git-fixes).
lib/dim: Fix -Wunused-const-variable warnings (bsc#1174852).
lib: dimlib: fix help text typos (bsc#1174852).
lib: logic_pio: Add logic_pio_unregister_range() (bsc#1174658).
lib: logic_pio: Avoid possible overlap for unregistering regions (bsc#1174658).
lib: logic_pio: Fix RCU usage (bsc#1174658).
linux/dim: Add completions count to dim_sample (bsc#1174852).
linux/dim: Fix overflow in dim calculation (bsc#1174852).
linux/dim: Move implementation to .c files (bsc#1174852).
linux/dim: Move logic to dim.h (bsc#1174852).
linux/dim: Remove 'net' prefix from internal DIM members (bsc#1174852).
linux/dim: Rename externally exposed macros (bsc#1174852).
linux/dim: Rename externally used net_dim members (bsc#1174852).
linux/dim: Rename net_dim_sample() to net_dim_update_sample() (bsc#1174852).
liquidio: Fix wrong return value in cn23xx_get_pf_num() (git-fixes).
llc: make sure applications use ARPHRD_ETHER (networking-stable-20_07_17).
mac80211: mesh: Free ie data when leaving mesh (git-fixes).
mac80211: mesh: Free pending skb when destroying a mpath (git-fixes).
MAINTAINERS: add entry for Dynamic Interrupt Moderation (bsc#1174852).
md-cluster: Fix potential error pointer dereference in resize_bitmaps() (git-fixes).
md/raid5: Fix Force reconstruct-write io stuck in degraded raid5 (git-fixes).
media: budget-core: Improve exception handling in budget_register() (git-fixes).
media: exynos4-is: Add missed check for pinctrl_lookup_state() (git-fixes).
media: firewire: Using uninitialized values in node_probe() (git-fixes).
media: omap3isp: Add missed v4l2_ctrl_handler_free() for preview_init_entities() (git-fixes).
media: vpss: clean up resources in init (git-fixes).
mfd: arizona: Ensure 32k clock is put on driver unbind and error (git-fixes).
mfd: dln2: Run event handler loop under spinlock (git-fixes).
mfd: rk808: Fix RK818 ID template (bsc#1175412).
mld: fix memory leak in ipv6_mc_destroy_dev() (networking-stable-20_06_28).
mm: filemap: clear idle flag for writes (bsc#1175769).
mm/migrate.c: add missing flush_dcache_page for non-mapped page migrate (git fixes (mm/migrate)).
mm/mmu_notifier: use hlist_add_head_rcu() (git fixes (mm/mmu_notifiers)).
mm: remove VM_BUG_ON(PageSlab()) from page_mapcount() (git fixes (mm/compaction)).
mm/rmap.c: do not reuse anon_vma if we just want a copy (git fixes (mm/rmap)).
mm/shmem.c: cast the type of unmap_start to u64 (git fixes (mm/shmem)).
mm, thp: fix defrag setting if newline is not used (git fixes (mm/thp)).
mm/vunmap: add cond_resched() in vunmap_pmd_range (bsc#1175654 ltc#184617).
mtd: spi-nor: Fix an error code in spi_nor_read_raw() (bsc#1175413).
mtd: spi-nor: fix kernel-doc for spi_nor::info (bsc#1175414).
mtd: spi-nor: fix kernel-doc for spi_nor::reg_proto (bsc#1175415).
mtd: spi-nor: fix silent truncation in spi_nor_read_raw() (bsc#1175416).
mwifiex: Prevent memory corruption handling keys (git-fixes).
net: Added pointer check for dst->ops->neigh_lookup in dst_neigh_lookup_skb (git-fixes).
net: bridge: enfore alignment for ethernet address (networking-stable-20_06_28).
net: core: reduce recursion limit value (networking-stable-20_06_28).
net: Do not clear the sock TX queue in sk_set_socket() (networking-stable-20_06_28).
net: dsa: b53: check for timeout (git-fixes).
net: ena: Add first_interrupt field to napi struct (bsc#1174852).
net: ena: add reserved PCI device ID (bsc#1174852).
net: ena: add support for reporting of packet drops (bsc#1174852).
net: ena: add support for the rx offset feature (bsc#1174852).
net: ena: add support for traffic mirroring (bsc#1174852).
net: ena: add unmask interrupts statistics to ethtool (bsc#1174852).
net: ena: allow setting the hash function without changing the key (bsc#1174852).
net: ena: avoid unnecessary admin command when RSS function set fails (bsc#1174852).
net: ena: avoid unnecessary rearming of interrupt vector when busy-polling (bsc#1174852).
net: ena: change default RSS hash function to Toeplitz (bsc#1174852).
net: ena: change num_queues to num_io_queues for clarity and consistency (bsc#1174852).
net: ena: changes to RSS hash key allocation (bsc#1174852).
net: ena: Change WARN_ON expression in ena_del_napi_in_range() (bsc#1174852).
net: ena: clean up indentation issue (bsc#1174852).
net: ena: cosmetic: change ena_com_stats_admin stats to u64 (bsc#1174852).
net: ena: cosmetic: code reorderings (bsc#1174852).
net: ena: cosmetic: extract code to ena_indirection_table_set() (bsc#1174852).
net: ena: cosmetic: fix line break issues (bsc#1174852).
net: ena: cosmetic: fix spacing issues (bsc#1174852).
net: ena: cosmetic: fix spelling and grammar mistakes in comments (bsc#1174852).
net: ena: cosmetic: minor code changes (bsc#1174852).
net: ena: cosmetic: remove unnecessary code (bsc#1174852).
net: ena: cosmetic: remove unnecessary spaces and tabs in ena_com.h macros (bsc#1174852).
net: ena: cosmetic: rename ena_update_tx/rx_rings_intr_moderation() (bsc#1174852).
net: ena: cosmetic: satisfy gcc warning (bsc#1174852).
net: ena: cosmetic: set queue sizes to u32 for consistency (bsc#1174852).
net: ena: drop superfluous prototype (bsc#1174852).
net: ena: enable support of rss hash key and function changes (bsc#1174852).
net: ena: enable the interrupt_moderation in driver_supported_features (bsc#1174852).
net: ena: ethtool: clean up minor indentation issue (bsc#1174852).
net: ena: ethtool: get_channels: use combined only (bsc#1174852).
net: ena: ethtool: remove redundant non-zero check on rc (bsc#1174852).
net: ena: ethtool: support set_channels callback (bsc#1174852).
net/ena: Fix build warning in ena_xdp_set() (bsc#1174852).
net: ena: fix ena_com_comp_status_to_errno() return value (bsc#1174852).
net: ena: fix error returning in ena_com_get_hash_function() (bsc#1174852).
net: ena: fix incorrect setting of the number of msix vectors (bsc#1174852).
net: ena: fix incorrect update of intr_delay_resolution (bsc#1174852).
net: ena: fix request of incorrect number of IRQ vectors (bsc#1174852).
net: ena: fix update of interrupt moderation register (bsc#1174852).
net: ena: Fix using plain integer as NULL pointer in ena_init_napi_in_range (bsc#1174852).
net: ena: implement XDP drop support (bsc#1174852).
net: ena: Implement XDP_TX action (bsc#1174852).
net: ena: make ethtool -l show correct max number of queues (bsc#1174852).
net: ena: Make missed_tx stat incremental (bsc#1083548).
net: ena: Make some functions static (bsc#1174852).
net: ena: move llq configuration from ena_probe to ena_device_init() (bsc#1174852).
net: ena: multiple queue creation related cleanups (bsc#1174852).
net: ena: Prevent reset after device destruction (bsc#1083548).
net: ena: reduce driver load time (bsc#1174852).
net: ena: remove all old adaptive rx interrupt moderation code from ena_com (bsc#1174852).
net: ena: remove code duplication in ena_com_update_nonadaptive_moderation_interval _*() (bsc#1174852).
net: ena: remove code that does nothing (bsc#1174852).
net: ena: remove ena_restore_ethtool_params() and relevant fields (bsc#1174852).
net: ena: remove old adaptive interrupt moderation code from ena_netdev (bsc#1174852).
net: ena: remove redundant print of number of queues (bsc#1174852).
net: ena: remove set but not used variable 'hash_key' (bsc#1174852).
net: ena: remove set but not used variable 'rx_ring' (bsc#1174852).
net: ena: rename ena_com_free_desc to make API more uniform (bsc#1174852).
net: ena: Select DIMLIB for ENA_ETHERNET (bsc#1174852).
net: ena: simplify ena_com_update_intr_delay_resolution() (bsc#1174852).
net: ena: support new LLQ acceleration mode (bsc#1174852).
net: ena: switch to dim algorithm for rx adaptive interrupt moderation (bsc#1174852).
net: ena: use explicit variable size for clarity (bsc#1174852).
net: ena: use SHUTDOWN as reset reason when closing interface (bsc#1174852).
net: ena: xdp: update napi budget for DROP and ABORTED (bsc#1174852).
net: ena: xdp: XDP_TX: fix memory leak (bsc#1174852).
net: ethernet: broadcom: have drivers select DIMLIB as needed (bsc#1174852).
net: ethernet: stmmac: Disable hardware multicast filter (git-fixes).
net: fec: correct the error path for regulator disable in probe (git-fixes).
netfilter: x_tables: add counters allocation wrapper (git-fixes).
netfilter: x_tables: cap allocations at 512 mbyte (git-fixes).
netfilter: x_tables: limit allocation requests for blob rule heads (git-fixes).
net: Fix a documentation bug wrt. ip_unprivileged_port_start (git-fixes).
net: fix memleak in register_netdevice() (networking-stable-20_06_28).
net: Fix the arp error in some cases (networking-stable-20_06_28).
net: gre: recompute gre csum for sctp over gre tunnels (git-fixes).
net: hns3: add autoneg and change speed support for fibre port (bsc#1174070).
net: hns3: add support for FEC encoding control (bsc#1174070).
net: hns3: add support for multiple media type (bsc#1174070).
net: hns3: fix a not link up issue when fibre port supports autoneg (bsc#1174070).
net: hns3: fix for FEC configuration (bsc#1174070).
net: hns3: fix port capbility updating issue (bsc#1174070).
net: hns3: fix port setting handle for fibre port (bsc#1174070).
net: hns3: fix selftest fail issue for fibre port with autoneg on (bsc#1174070).
net: hns3: restore the MAC autoneg state after reset (bsc#1174070).
net: increment xmit_recursion level in dev_direct_xmit() (networking-stable-20_06_28).
net: ip6_gre: Request headroom in __gre6_xmit() (git-fixes).
net: lan78xx: add missing endpoint sanity check (git-fixes).
net: lan78xx: fix transfer-buffer memory leak (git-fixes).
net: make symbol 'flush_works' static (git-fixes).
net: netsec: Fix signedness bug in netsec_probe() (bsc#1175417).
net: netsec: initialize tx ring on ndo_open (bsc#1175418).
net: phy: Check harder for errors in get_phy_id() (bsc#1111666).
net: Set fput_needed iff FDPUT_FPUT is set (git-fixes).
net: socionext: Fix a signedness bug in ave_probe() (bsc#1175419).
net: socionext: replace napi_alloc_frag with the netdev variant on init (bsc#1175420).
net: stmmac: dwmac1000: provide multicast filter fallback (git-fixes).
net: udp: Fix wrong clean up for IS_UDPLITE macro (git-fixes).
net: update net_dim documentation after rename (bsc#1174852).
net: usb: ax88179_178a: fix packet alignment padding (networking-stable-20_06_28).
net: usb: qmi_wwan: add support for Quectel EG95 LTE modem (networking-stable-20_07_17).
netvsc: unshare skb in VF rx handler (git-fixes).
net/xfrm: fix compress vs decompress serialization (bsc#1174298)
net/xfrm/input: Protect queue with lock (bsc#1174299)
nfc: nci: add missed destroy_workqueue in nci_register_device (git-fixes).
NTB: Fix an error in get link status (git-fixes).
ntb_netdev: fix sleep time mismatch (git-fixes).
NTB: ntb_transport: Use scnprintf() for avoiding potential buffer overflow (git-fixes).
nvme: explicitly update mpath disk capacity on revalidation (git-fixes).
nvme: fix possible deadlock when I/O is blocked (git-fixes).
nvme-multipath: do not fall back to __nvme_find_path() for non-optimized paths (bsc#1172108).
nvme-multipath: fix logic for non-optimized paths (bsc#1172108).
nvme-multipath: round-robin: eliminate 'fallback' variable (bsc#1172108).
nvme: multipath: round-robin: fix single non-optimized path case (bsc#1172108).
ocfs2: add trimfs dlm lock resource (bsc#1175228).
ocfs2: add trimfs lock to avoid duplicated trims in cluster (bsc#1175228).
ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963).
ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963).
ocfs2: change slot number type s16 to u16 (bsc#1175786).
ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963).
ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963).
ocfs2: fix remounting needed after setfacl command (bsc#1173954).
ocfs2: fix the application IO timeout when fstrim is running (bsc#1175228).
ocfs2: fix value of OCFS2_INVALID_SLOT (bsc#1175767).
ocfs2: load global_inode_alloc (bsc#1172963).
ocfs2: load global_inode_alloc (bsc#1172963).
omapfb: dss: Fix max fclk divider for omap36xx (bsc#1113956)
openvswitch: Prevent kernel-infoleak in ovs_ct_put_key() (git-fixes).
PCI/ASPM: Add missing newline in sysfs 'policy' (git-fixes).
PCI: dwc: Move interrupt acking into the proper callback (bsc#1175666).
PCI: Fix pci_cfg_wait queue locking problem (git-fixes).
PCI: Fix 'try' semantics of bus and slot reset (git-fixes).
PCI: hotplug: ACPI: Fix context refcounting in acpiphp_grab_context() (git-fixes).
PCI: hv: Fix a timing issue which causes kdump to fail occasionally (bsc#1172871, bsc#1172872, git-fixes).
PCI: Release IVRS table in AMD ACS quirk (git-fixes).
PCI: switchtec: Add missing __iomem and __user tags to fix sparse warnings (git-fixes).
PCI: switchtec: Add missing __iomem tag to fix sparse warnings (git-fixes).
phy: sun4i-usb: fix dereference of pointer phy0 before it is null checked (git-fixes).
pinctrl: single: fix function name in documentation (git-fixes).
pinctrl-single: fix pcs_parse_pinconf() return value (git-fixes).
platform/x86: intel-hid: Fix return value check in check_acpi_dev() (git-fixes).
platform/x86: intel-vbtn: Fix return value check in check_acpi_dev() (git-fixes).
PM / CPU: replace raw_notifier with atomic_notifier (git fixes (kernel/pm)).
PM / devfreq: rk3399_dmc: Add missing of_node_put() (bsc#1175668).
PM / devfreq: rk3399_dmc: Disable devfreq-event device when fails.
PM / devfreq: rk3399_dmc: Fix kernel oops when rockchip,pmu is absent (bsc#1175668).
powerpc/64s: Do not init FSCR_DSCR in __init_FSCR() (bsc#1065729).
powerpc/64s: Fix early_init_mmu section mismatch (bsc#1065729).
powerpc: Allow 4224 bytes of stack expansion for the signal frame (bsc#1065729).
powerpc/book3s64/pkeys: Use PVR check instead of cpu feature (bsc#1065729).
powerpc/boot: Fix CONFIG_PPC_MPC52XX references (bsc#1065729).
powerpc/eeh: Fix pseries_eeh_configure_bridge() (bsc#1174689).
powerpc/nvdimm: Use HCALL error as the return value (bsc#1175284).
powerpc/nvdimm: use H_SCM_QUERY hcall on H_OVERLAP error (bsc#1175284).
powerpc/perf: Fix missing is_sier_aviable() during build (bsc#1065729).
powerpc/pseries: Do not initiate shutdown when system is running on UPS (bsc#1175440 ltc#187574).
powerpc/pseries/hotplug-cpu: Remove double free in error path (bsc#1065729).
powerpc/pseries/hotplug-cpu: wait indefinitely for vCPU death (bsc#1085030 ltC#165630).
powerpc/pseries: PCIE PHB reset (bsc#1174689).
powerpc/pseries: remove cede offline state for CPUs (bsc#1065729).
powerpc/rtas: do not online CPUs for partition suspend (bsc#1065729).
powerpc/vdso: Fix vdso cpu truncation (bsc#1065729).
power: supply: check if calc_soc succeeded in pm860x_init_battery (git-fixes).
propagate_one(): mnt_set_mountpoint() needs mount_lock (bsc#1174841).
pseries: Fix 64 bit logical memory block panic (bsc#1065729).
pwm: bcm-iproc: handle clk_get_rate() return (git-fixes).
rds: Prevent kernel-infoleak in rds_notify_queue_get() (git-fixes).
regulator: gpio: Honor regulator-boot-on property (git-fixes).
rocker: fix incorrect error handling in dma_rings_init (networking-stable-20_06_28).
rtlwifi: rtl8192cu: Remove uninitialized_var() usage (git-fixes).
s390, dcssblk: kaddr and pfn can be NULL to ->direct_access() (bsc#1174873).
sched: consistently handle layer3 header accesses in the presence of VLANs (networking-stable-20_07_17).
scsi: dh: Add Fujitsu device to devinfo and dh lists (bsc#1174026).
scsi: Fix trivial spelling (bsc#1171688 bsc#1174003).
scsi: qla2xxx: Add more BUILD_BUG_ON() statements (bsc#1171688 bsc#1174003).
scsi: qla2xxx: Address a set of sparse warnings (bsc#1171688 bsc#1174003).
scsi: qla2xxx: Allow ql2xextended_error_logging special value 1 to be set anytime (bsc#1171688 bsc#1174003).
scsi: qla2xxx: Cast explicitly to uint16_t / uint32_t (bsc#1171688 bsc#1174003).
scsi: qla2xxx: Change in PUREX to handle FPIN ELS requests (bsc#1171688 bsc#1174003).
scsi: qla2xxx: Change {RD,WRT}_REG_*() function names from upper case into lower case (bsc#1171688 bsc#1174003).
scsi: qla2xxx: Change two hardcoded constants into offsetof() / sizeof() expressions (bsc#1171688 bsc#1174003).
scsi: qla2xxx: Check if FW supports MQ before enabling (bsc#1171688 bsc#1174003).
scsi: qla2xxx: Check the size of struct fcp_hdr at compile time (bsc#1171688 bsc#1174003).
scsi: qla2xxx: Fix a Coverity complaint in qla2100_fw_dump() (bsc#1171688 bsc#1174003).
scsi: qla2xxx: Fix endianness annotations in header files (bsc#1171688 bsc#1174003).
scsi: qla2xxx: Fix endianness annotations in source files (bsc#1171688 bsc#1174003).
scsi: qla2xxx: Fix failure message in qlt_disable_vha() (bsc#1171688 bsc#1174003).
scsi: qla2xxx: Fix issue with adapter's stopping state (bsc#1171688 bsc#1174003).
scsi: qla2xxx: Fix login timeout (bsc#1171688 bsc#1174003).
scsi: qla2xxx: Fix MPI failure AEN (8200) handling (bsc#1171688 bsc#1174003).
scsi: qla2xxx: Fix null pointer access during disconnect from subsystem (bsc#1171688 bsc#1174003).
scsi: qla2xxx: Fix spelling of a variable name (bsc#1171688 bsc#1174003).
scsi: qla2xxx: Fix the code that reads from mailbox registers (bsc#1171688 bsc#1174003).
scsi: qla2xxx: Fix warning after FC target reset (bsc#1171688 bsc#1174003).
scsi: qla2xxx: Fix WARN_ON in qla_nvme_register_hba (bsc#1171688 bsc#1174003).
scsi: qla2xxx: Flush all sessions on zone disable (bsc#1171688 bsc#1174003).
scsi: qla2xxx: Flush I/O on zone disable (bsc#1171688 bsc#1174003).
scsi: qla2xxx: Increase the size of struct qla_fcp_prio_cfg to FCP_PRIO_CFG_SIZE (bsc#1171688 bsc#1174003).
scsi: qla2xxx: Indicate correct supported speeds for Mezz card (bsc#1171688 bsc#1174003).
scsi: qla2xxx: Initialize 'n' before using it (bsc#1171688 bsc#1174003).
scsi: qla2xxx: Introduce a function for computing the debug message prefix (bsc#1171688 bsc#1174003).
scsi: qla2xxx: Keep initiator ports after RSCN (bsc#1171688 bsc#1174003).
scsi: qla2xxx: make 1-bit bit-fields unsigned int (bsc#1171688 bsc#1174003).
scsi: qla2xxx: Make a gap in struct qla2xxx_offld_chain explicit (bsc#1171688 bsc#1174003).
scsi: qla2xxx: Make __qla2x00_alloc_iocbs() initialize 32 bits of request_t.handle (bsc#1171688 bsc#1174003).
scsi: qla2xxx: Make qla2x00_restart_isp() easier to read (bsc#1171688 bsc#1174003).
scsi: qla2xxx: Make qla82xx_flash_wait_write_finish() easier to read (bsc#1171688 bsc#1174003).
scsi: qla2xxx: Make qlafx00_process_aen() return void (bsc#1171688 bsc#1174003).
scsi: qla2xxx: Make qla_set_ini_mode() return void (bsc#1171688 bsc#1174003).
scsi: qla2xxx: Reduce noisy debug message (bsc#1171688 bsc#1174003).
scsi: qla2xxx: Remove an unused function (bsc#1171688 bsc#1174003).
scsi: qla2xxx: Remove a superfluous cast (bsc#1171688 bsc#1174003).
scsi: qla2xxx: Remove return value from qla_nvme_ls() (bsc#1171688 bsc#1174003).
scsi: qla2xxx: Remove the __packed annotation from struct fcp_hdr and fcp_hdr_le (bsc#1171688 bsc#1174003).
scsi: qla2xxx: SAN congestion management implementation (bsc#1171688 bsc#1174003).
scsi: qla2xxx: Simplify the functions for dumping firmware (bsc#1171688 bsc#1174003).
scsi: qla2xxx: Sort BUILD_BUG_ON() statements alphabetically (bsc#1171688 bsc#1174003).
scsi: qla2xxx: Split qla2x00_configure_local_loop() (bsc#1171688 bsc#1174003).
scsi: qla2xxx: Use ARRAY_SIZE() instead of open-coding it (bsc#1171688 bsc#1174003).
scsi: qla2xxx: Use make_handle() instead of open-coding it (bsc#1171688 bsc#1174003).
scsi: qla2xxx: Use MBX_TOV_SECONDS for mailbox command timeout values (bsc#1171688 bsc#1174003).
scsi: qla2xxx: Use register names instead of register offsets (bsc#1171688 bsc#1174003).
scsi: qla2xxx: Use true, false for ha->fw_dumped (bsc#1171688 bsc#1174003).
scsi: qla2xxx: Use true, false for need_mpi_reset (bsc#1171688 bsc#1174003).
scsi: smartpqi: add bay identifier (bsc#1172418).
scsi: smartpqi: add gigabyte controller (bsc#1172418).
scsi: smartpqi: add id support for SmartRAID 3152-8i (bsc#1172418).
scsi: smartpqi: add inquiry timeouts (bsc#1172418).
scsi: smartpqi: add module param for exposure order (bsc#1172418).
scsi: smartpqi: add module param to hide vsep (bsc#1172418).
scsi: smartpqi: add new pci ids (bsc#1172418).
scsi: smartpqi: add pci ids for fiberhome controller (bsc#1172418).
scsi: smartpqi: add RAID bypass counter (bsc#1172418).
scsi: smartpqi: add sysfs entries (bsc#1172418).
scsi: smartpqi: Align driver syntax with oob (bsc#1172418).
scsi: smartpqi: avoid crashing kernel for controller issues (bsc#1172418).
scsi: smartpqi: bump version (bsc#1172418).
scsi: smartpqi: bump version (bsc#1172418).
scsi: smartpqi: bump version to 1.2.16-010 (bsc#1172418).
scsi: smartpqi: change TMF timeout from 60 to 30 seconds (bsc#1172418).
scsi: smartpqi: correct hang when deleting 32 lds (bsc#1172418).
scsi: smartpqi: correct REGNEWD return status (bsc#1172418).
scsi: smartpqi: correct syntax issue (bsc#1172418).
scsi: smartpqi: fix call trace in device discovery (bsc#1172418).
scsi: smartpqi: fix controller lockup observed during force reboot (bsc#1172418).
scsi: smartpqi: fix LUN reset when fw bkgnd thread is hung (bsc#1172418).
scsi: smartpqi: fix problem with unique ID for physical device (bsc#1172418).
scsi: smartpqi: identify physical devices without issuing INQUIRY (bsc#1172418).
scsi: smartpqi: properly set both the DMA mask and the coherent DMA mask (bsc#1172418).
scsi: smartpqi: remove unused manifest constants (bsc#1172418).
scsi: smartpqi: Reporting unhandled SCSI errors (bsc#1172418).
scsi: smartpqi: support device deletion via sysfs (bsc#1172418).
scsi: smartpqi: update copyright (bsc#1172418).
scsi: smartpqi: update logical volume size after expansion (bsc#1172418).
scsi: smartpqi: Use scnprintf() for avoiding potential buffer overflow (bsc#1172418).
scsi: storvsc: Correctly set number of hardware queues for IDE disk (git-fixes).
scsi: target/iblock: fix WRITE SAME zeroing (bsc#1169790).
sctp: Do not advertise IPv4 addresses if ipv6only is set on the socket (networking-stable-20_06_28).
selftests/livepatch: fix mem leaks in test-klp-shadow-vars (bsc#1071995).
selftests/livepatch: more verification in test-klp-shadow-vars (bsc#1071995).
selftests/livepatch: rework test-klp-shadow-vars (bsc#1071995).
selftests/livepatch: simplify test-klp-callbacks busy target tests (bsc#1071995).
serial: 8250: change lock order in serial8250_do_startup() (git-fixes).
serial: pl011: Do not leak amba_ports entry on driver register error (git-fixes).
serial: pl011: Fix oops on -EPROBE_DEFER (git-fixes).
soc: fsl: qbman: allow registering a device link for the portal user (bsc#1174550).
soc: fsl: qbman_portals: add APIs to retrieve the probing status (bsc#1174550).
spi: davinci: Remove uninitialized_var() usage (git-fixes).
spi: lantiq: fix: Rx overflow error in full duplex mode (git-fixes).
spi: nxp-fspi: Ensure width is respected in spi-mem operations (bsc#1175421).
spi: spi-fsl-dspi: Fix 16-bit word order in 32-bit XSPI mode (bsc#1175422).
spi: spi-mem: export spi_mem_default_supports_op() (bsc#1175421).
spi: sun4i: update max transfer size reported (git-fixes).
staging: comedi: addi_apci_1032: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes).
staging: comedi: ni_6527: fix INSN_CONFIG_DIGITAL_TRIG support (git-fixes).
staging: fsl-dpaa2: ethsw: Add missing netdevice check (bsc#1175423).
staging: rtl8192u: fix a dubious looking mask before a shift (git-fixes).
Staging: rtl8723bs: prevent buffer overflow in update_sta_support_rate() (git-fixes).
staging/speakup: fix get_word non-space look-ahead (git-fixes).
tcp_cubic: fix spurious HYSTART_DELAY exit upon drop in min RTT (networking-stable-20_06_28).
tcp: grow window for OOO packets only for SACK flows (networking-stable-20_06_28).
tcp: make sure listeners do not initialize congestion-control state (networking-stable-20_07_17).
tcp: md5: add missing memory barriers in tcp_md5_do_add()/tcp_md5_hash_key() (networking-stable-20_07_17).
tcp: md5: do not send silly options in SYNCOOKIES (networking-stable-20_07_17).
tcp: md5: refine tcp_md5_do_add()/tcp_md5_hash_key() barriers (networking-stable-20_07_17).
tracepoint: Mark __tracepoint_string's __used (git-fixes).
tracing: Use trace_sched_process_free() instead of exit() for pid tracing (git-fixes).
tty: serial: fsl_lpuart: add imx8qxp support (bsc#1175670).
tty: serial: fsl_lpuart: free IDs allocated by IDA (bsc#1175670).
USB: iowarrior: fix up report size handling for some devices (git-fixes).
usbip: tools: fix module name in man page (git-fixes).
USB: serial: cp210x: enable usb generic throttle/unthrottle (git-fixes).
USB: serial: cp210x: re-enable auto-RTS on open (git-fixes).
USB: serial: iuu_phoenix: fix led-activity helpers (git-fixes).
usb: xhci: Fix ASM2142/ASM3142 DMA addressing (git-fixes).
usb: xhci-mtk: fix the failure of bandwidth allocation (git-fixes).
VFS: Check rename_lock in lookup_fast() (bsc#1174734).
video: fbdev: sm712fb: fix an issue about iounmap for a wrong address (git-fixes).
video: pxafb: Fix the function used to balance a 'dma_alloc_coherent()' call (git-fixes).
vlan: consolidate VLAN parsing code and limit max parsing depth (networking-stable-20_07_17).
vmxnet3: use correct tcp hdr length when packet is encapsulated (bsc#1175199).
vt_compat_ioctl(): clean up, use compat_ptr() properly (git-fixes).
vt: vt_ioctl: remove unnecessary console allocation checks (git-fixes).
watchdog: f71808e_wdt: clear watchdog timeout occurred flag (bsc#1111666).
watchdog: f71808e_wdt: indicate WDIOF_CARDRESET support in watchdog_info.options (bsc#1111666).
watchdog: f71808e_wdt: remove use of wrong watchdog_info option (bsc#1111666).
wl1251: fix always return 0 error (git-fixes).
x86/hyper-v: Fix overflow bug in fill_gva_list() (git-fixes).
x86/hyperv: Make hv_vcpu_is_preempted() visible (git-fixes).
xfrm: check id proto in validate_tmpl() (git-fixes).
xfrm: clean up xfrm protocol checks (git-fixes).
xfrm_user: uncoditionally validate esn replay attribute struct (git-fixes).
xfs: fix inode allocation block res calculation precedence (git-fixes).
xfs: fix reflink quota reservation accounting error (git-fixes).
xhci: Fix enumeration issue when setting max packet size for FS devices (git-fixes).

Advisory ID	SUSE-RU-2020:2962-1
Released	Tue Oct 20 13:26:04 2020
Summary	Recommended update for crash
Type	recommended
Severity	moderate
References	1174543

Description:

This update of crash fixes the following issue:

rebuilt with new signing key. (bsc#1174543)

Advisory ID	SUSE-SU-2020:3014-1
Released	Fri Oct 23 09:33:42 2020
Summary	Security update for the Linux Kernel
Type	security
Severity	important
References	1055186,1058115,1065600,1065729,1094244,1112178,1113956,1136666,1140683,1152148,1154366,1163524,1165629,1166965,1167527,1169972,1170232,1171558,1171688,1171742,1172073,1172538,1172873,1173060,1173115,1174748,1174899,1175228,1175520,1175667,1175691,1175749,1175882,1176011,1176022,1176038,1176069,1176235,1176242,1176278,1176316,1176317,1176318,1176319,1176320,1176321,1176381,1176395,1176400,1176410,1176423,1176482,1176507,1176536,1176544,1176545,1176546,1176548,1176659,1176698,1176699,1176700,1176721,1176722,1176725,1176732,1176788,1176789,1176869,1176877,1176935,1176946,1176950,1176962,1176966,1176990,1177027,1177030,1177041,1177042,1177043,1177044,1177121,1177206,1177258,1177291,1177293,1177294,1177295,1177296,1177340,1177511,CVE-2020-0404,CVE-2020-0427,CVE-2020-0431,CVE-2020-0432,CVE-2020-14381,CVE-2020-14386,CVE-2020-14390,CVE-2020-1749,CVE-2020-25212,CVE-2020-25284,CVE-2020-25641,CVE-2020-25643,CVE-2020-25645,CVE-2020-26088

Description:

The SUSE Linux Enterprise 15 SP1 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:

CVE-2020-25643: Added range checks in ppp_cp_parse_cr() (bsc#1177206).
CVE-2020-25641: Allowed for_each_bvec to support zero len bvec (bsc#1177121).
CVE-2020-25645: Added transport ports in route lookup for geneve (bsc#1177511).
CVE-2020-0404: Fixed a linked list corruption due to an unusual root cause (bsc#1176423).
CVE-2020-0427: Fixed an out of bounds read due to a use after free (bsc#1176725).
CVE-2020-0431: Fixed an out of bounds write due to a missing bounds check (bsc#1176722).
CVE-2020-0432: Fixed an out of bounds write due to an integer overflow (bsc#1176721).
CVE-2020-14381: Fixed requeue paths such that filp was valid when dropping the references (bsc#1176011).
CVE-2020-14386: Fixed a memory corruption which could have been exploited to gain root privileges from unprivileged processes (bsc#1176069).
CVE-2020-14390: Fixed an out-of-bounds memory write leading to memory corruption or a denial of service when changing screen size (bnc#1176235).
CVE-2020-1749: Use ip6_dst_lookup_flow instead of ip6_dst_lookup (bsc#1165629).
CVE-2020-25212: Fixed getxattr kernel panic and memory overflow (bsc#1176381).
CVE-2020-25284: Fixed an incomplete permission checking for access to rbd devices, which could have been leveraged by local attackers to map or unmap rbd block devices (bsc#1176482).
CVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket creation could have been used by local attackers to create raw sockets, bypassing security mechanisms (bsc#1176990).

The following non-security bugs were fixed:

ALSA: firewire-digi00x: exclude Avid Adrenaline from detection (git-fixes).
ALSA; firewire-tascam: exclude Tascam FE-8 from detection (git-fixes).
ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion NT950XCJ-X716A (git-fixes).
ALSA: hda/realtek - Improved routing for Thinkpad X1 7th/8th Gen (git-fixes).
arm64: KVM: Do not generate UNDEF when LORegion feature is present (jsc#SLE-4084).
arm64: KVM: regmap: Fix unexpected switch fall-through (jsc#SLE-4084).
asm-generic: fix -Wtype-limits compiler warnings (bsc#1112178).
ASoC: tegra: Fix reference count leaks (git-fixes).
batman-adv: Avoid uninitialized chaddr when handling DHCP (git-fixes).
batman-adv: bla: use netif_rx_ni when not in interrupt context (git-fixes).
bcache: allocate meta data pages as compound pages (bsc#1172873).
bcache: Convert pr_ uses to a more typical style (git fixes (block drivers)).
bcache: fix overflow in offset_to_stripe() (git fixes (block drivers)).
bcm63xx_enet: correct clock usage (git-fixes).
bcm63xx_enet: do not write to random DMA channel on BCM6345 (git-fixes).
bitfield.h: do not compile-time validate _val in FIELD_FIT (git fixes (bitfield)).
blktrace: fix debugfs use after free (git fixes (block drivers)).
block: add docs for gendisk / request_queue refcount helpers (git fixes (block drivers)).
block: check queue's limits.discard_granularity in __blkdev_issue_discard() (bsc#1152148).
block: improve discard bio alignment in __blkdev_issue_discard() (bsc#1152148).
block: revert back to synchronous request_queue removal (git fixes (block drivers)).
block: Use non _rcu version of list functions for tag_set_list (git-fixes).
bnxt_en: Fix completion ring sizing with TPA enabled (networking-stable-20_07_29).
bonding: check error value of register_netdevice() immediately (git-fixes).
bonding: check return value of register_netdevice() in bond_newlink() (git-fixes).
bonding: use nla_get_u64 to extract the value for IFLA_BOND_AD_ACTOR_SYSTEM (git-fixes).
btrfs: require only sector size alignment for parent eb bytenr (bsc#1176789).
btrfs: tree-checker: fix the error message for transid error (bsc#1176788).
ceph: do not allow setlease on cephfs (bsc#1177041).
ceph: fix potential mdsc use-after-free crash (bsc#1177042).
ceph: fix use-after-free for fsc->mdsc (bsc#1177043).
ceph: handle zero-length feature mask in session messages (bsc#1177044).
cfg80211: regulatory: reject invalid hints (bsc#1176699).
char: virtio: Select VIRTIO from VIRTIO_CONSOLE (bsc#1175667).
cifs: Fix leak when handling lease break for cached root fid (bsc#1176242).
cifs/smb3: Fix data inconsistent when punch hole (bsc#1176544).
cifs/smb3: Fix data inconsistent when zero file range (bsc#1176536).
clk: Add (devm_)clk_get_optional() functions (git-fixes).
constrants: fix malformed XML Closing tag of an element is '', not ''. Fixes: 8b37de2eb835 ('rpm/constraints.in: Increase memory for kernel-docs')
cpufreq: intel_pstate: Fix EPP setting via sysfs in active mode (bsc#1176966).
Created new preempt kernel flavor (jsc#SLE-11309) Configs are cloned from the respective $arch/default configs. All changed configs appart from CONFIG_PREEMPT->y are a result of dependencies, namely many lock/unlock primitives are no longer inlined in the preempt kernel. TREE_RCU has been also changed to PREEMPT_RCU which is the default implementation for PREEMPT kernel.
device property: Fix the secondary firmware node handling in set_primary_fwnode() (git-fixes).
dmaengine: at_hdmac: check return value of of_find_device_by_node() in at_dma_xlate() (git-fixes).
dmaengine: of-dma: Fix of_dma_router_xlate's of_dma_xlate handling (git-fixes).
dmaengine: pl330: Fix burst length if burst size is smaller than bus width (git-fixes).
dm crypt: avoid truncating the logical block size (git fixes (block drivers)).
dm: fix redundant IO accounting for bios that need splitting (git fixes (block drivers)).
dm integrity: fix a deadlock due to offloading to an incorrect workqueue (git fixes (block drivers)).
dm integrity: fix integrity recalculation that is improperly skipped (git fixes (block drivers)).
dm: report suspended device during destroy (git fixes (block drivers)).
dm rq: do not call blk_mq_queue_stopped() in dm_stop_queue() (git fixes (block drivers)).
dm: use noio when sending kobject event (git fixes (block drivers)).
dm writecache: add cond_resched to loop in persistent_memory_claim() (git fixes (block drivers)).
dm writecache: correct uncommitted_block when discarding uncommitted entry (git fixes (block drivers)).
dm zoned: assign max_io_len correctly (git fixes (block drivers)).
Drivers: hv: balloon: Remove dependencies on guest page size (git-fixes).
Drivers: hv: Specify receive buffer size using Hyper-V page size (bsc#1176877).
Drivers: hv: vmbus: Add timeout to vmbus_wait_for_unload (git-fixes).
Drivers: hv: vmbus: Remove the undesired put_cpu_ptr() in hv_synic_cleanup() (git-fixes).
drivers/net/wan/x25_asy: Fix to make it work (networking-stable-20_07_29).
drm/amd/display: fix ref count leak in amdgpu_drm_ioctl (git-fixes).
drm/amdgpu/display: fix ref count leak when pm_runtime_get_sync fails (git-fixes).
drm/amdgpu: Fix buffer overflow in INFO ioctl (git-fixes).
drm/amdgpu: fix ref count leak in amdgpu_driver_open_kms (git-fixes).
drm/amdkfd: Fix reference count leaks (git-fixes).
drm/amd/pm: correct Vega10 swctf limit setting (git-fixes).
drm/amd/pm: correct Vega12 swctf limit setting (git-fixes).
drm/ast: Initialize DRAM type before posting GPU (bsc#1113956) * context changes
drm/msm/adreno: fix updating ring fence (git-fixes).
drm/msm/gpu: make ringbuffer readonly (bsc#1112178) * context changes
drm/nouveau/drm/noveau: fix reference count leak in nouveau_fbcon_open (git-fixes).
drm/nouveau: Fix reference count leak in nouveau_connector_detect (git-fixes).
drm/nouveau: fix reference count leak in nv50_disp_atomic_commit (git-fixes).
drm/radeon: fix multiple reference count leak (git-fixes).
drm/radeon: Prefer lower feedback dividers (git-fixes).
drm/xen-front: Fix misused IS_ERR_OR_NULL checks (bsc#1065600).
EDAC: Fix reference count leaks (bsc#1112178).
fbcon: prevent user font height or width change from causing (bsc#1112178)
Fix error in kabi fix for: NFSv4: Fix OPEN / CLOSE race (bsc#1176950).
fsl/fman: check dereferencing null pointer (git-fixes).
fsl/fman: fix dereference null return value (git-fixes).
fsl/fman: fix eth hash table allocation (git-fixes).
fsl/fman: fix unreachable code (git-fixes).
fsl/fman: use 32-bit unsigned integer (git-fixes).
ftrace: Setup correct FTRACE_FL_REGS flags for module (git-fixes).
gtp: add missing gtp_encap_disable_sock() in gtp_encap_enable() (git-fixes).
gtp: fix Illegal context switch in RCU read-side critical section (git-fixes).
gtp: fix use-after-free in gtp_newlink() (git-fixes).
HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage() (git-fixes).
hippi: Fix a size used in a 'pci_free_consistent()' in an error handling path (git-fixes).
hsr: use netdev_err() instead of WARN_ONCE() (bsc#1176659).
hv_balloon: Balloon up according to request page number (git-fixes).
hv_balloon: Use a static page for the balloon_up send buffer (git-fixes).
hv_netvsc: Allow scatter-gather feature to be tunable (git-fixes).
hv_netvsc: Fix a warning of suspicious RCU usage (git-fixes).
hv_netvsc: flag software created hash value (git-fixes).
hv_utils: drain the timesync packets on onchannelcallback (bsc#1176877).
hv_utils: return error if host timesysnc update is stale (bsc#1176877).
i2c: core: Do not fail PRP0001 enumeration when no ID table exist (git-fixes).
i2c: rcar: in slave mode, clear NACK earlier (git-fixes).
ibmvnic: add missing parenthesis in do_reset() (bsc#1176700 ltc#188140).
include: add additional sizes (bsc#1094244 ltc#168122).
iommu/amd: Fix IOMMU AVIC not properly update the is_run bit in IRTE (bsc#1177293).
iommu/amd: Fix potential @entry null deref (bsc#1177294).
iommu/amd: Print extended features in one line to fix divergent log levels (bsc#1176316).
iommu/amd: Re-factor guest virtual APIC (de-)activation code (bsc#1177291).
iommu/amd: Restore IRTE.RemapEn bit after programming IRTE (bsc#1176317).
iommu/amd: Restore IRTE.RemapEn bit for amd_iommu_activate_guest_mode (bsc#1177295).
iommu/amd: Use cmpxchg_double() when updating 128-bit IRTE (bsc#1176318).
iommu/exynos: add missing put_device() call in exynos_iommu_of_xlate() (bsc#1177296).
iommu/omap: Check for failure of a call to omap_iommu_dump_ctx (bsc#1176319).
iommu/vt-d: Correctly calculate agaw in domain_init() (bsc#1176400).
iommu/vt-d: Serialize IOMMU GCMD register modifications (bsc#1176320).
kabi: hide new parameter of ip6_dst_lookup_flow() (bsc#1165629).
kabi: mask changes to struct ipv6_stub (bsc#1165629).
kernel-docs: Change Requires on python-Sphinx to earlier than version 3 References: bsc#1166965 From 3 on the internal API that the build system uses was rewritten in an incompatible way. See https://github.com/sphinx-doc/sphinx/issues/7421 and https://bugzilla.suse.com/show_bug.cgi?id=1166965#c16 for some details.
KVM: arm64: Change 32-bit handling of VM system registers (jsc#SLE-4084).
KVM: arm64: Cleanup __activate_traps and __deactive_traps for VHE and non-VHE (jsc#SLE-4084).
KVM: arm64: Configure c15, PMU, and debug register traps on cpu load/put for VHE (jsc#SLE-4084).
KVM: arm64: Defer saving/restoring 32-bit sysregs to vcpu load/put (jsc#SLE-4084).
KVM: arm64: Defer saving/restoring 64-bit sysregs to vcpu load/put on VHE (jsc#SLE-4084).
KVM: arm64: Directly call VHE and non-VHE FPSIMD enabled functions (jsc#SLE-4084).
KVM: arm64: Do not deactivate VM on VHE systems (jsc#SLE-4084).
KVM: arm64: Do not save the host ELR_EL2 and SPSR_EL2 on VHE systems (jsc#SLE-4084).
KVM: arm64: Factor out fault info population and gic workarounds (jsc#SLE-4084).
KVM: arm64: Fix order of vcpu_write_sys_reg() arguments (jsc#SLE-4084).
KVM: arm64: Forbid kprobing of the VHE world-switch code (jsc#SLE-4084).
KVM: arm64: Improve debug register save/restore flow (jsc#SLE-4084).
KVM: arm64: Introduce framework for accessing deferred sysregs (jsc#SLE-4084).
KVM: arm64: Introduce separate VHE/non-VHE sysreg save/restore functions (jsc#SLE-4084).
KVM: arm64: Introduce VHE-specific kvm_vcpu_run (jsc#SLE-4084).
KVM: arm64: Move common VHE/non-VHE trap config in separate functions (jsc#SLE-4084).
KVM: arm64: Move debug dirty flag calculation out of world switch (jsc#SLE-4084).
KVM: arm64: Move HCR_INT_OVERRIDE to default HCR_EL2 guest flag (jsc#SLE-4084).
KVM: arm64: Move userspace system registers into separate function (jsc#SLE-4084).
KVM: arm64: Prepare to handle deferred save/restore of 32-bit registers (jsc#SLE-4084).
KVM: arm64: Prepare to handle deferred save/restore of ELR_EL1 (jsc#SLE-4084).
KVM: arm64: Remove kern_hyp_va() use in VHE switch function (jsc#SLE-4084).
KVM: arm64: Remove noop calls to timer save/restore from VHE switch (jsc#SLE-4084).
KVM: arm64: Rework hyp_panic for VHE and non-VHE (jsc#SLE-4084).
KVM: arm64: Rewrite sysreg alternatives to static keys (jsc#SLE-4084).
KVM: arm64: Rewrite system register accessors to read/write functions (jsc#SLE-4084).
KVM: arm64: Slightly improve debug save/restore functions (jsc#SLE-4084).
KVM: arm64: Unify non-VHE host/guest sysreg save and restore functions (jsc#SLE-4084).
KVM: arm64: Write arch.mdcr_el2 changes since last vcpu_load on VHE (jsc#SLE-4084).
KVM: arm/arm64: Avoid vcpu_load for other vcpu ioctls than KVM_RUN (jsc#SLE-4084).
KVM: arm/arm64: Avoid VGICv3 save/restore on VHE with no IRQs (jsc#SLE-4084).
KVM: arm/arm64: Get rid of vcpu->arch.irq_lines (jsc#SLE-4084).
KVM: arm/arm64: Handle VGICv3 save/restore from the main VGIC code on VHE (jsc#SLE-4084).
KVM: arm/arm64: Move vcpu_load call after kvm_vcpu_first_run_init (jsc#SLE-4084).
KVM: arm/arm64: Move VGIC APR save/restore to vgic put/load (jsc#SLE-4084).
KVM: arm/arm64: Prepare to handle deferred save/restore of SPSR_EL1 (jsc#SLE-4084).
KVM: arm/arm64: Remove leftover comment from kvm_vcpu_run_vhe (jsc#SLE-4084).
KVM: introduce kvm_arch_vcpu_async_ioctl (jsc#SLE-4084).
KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_fpu (jsc#SLE-4084).
KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_mpstate (jsc#SLE-4084).
KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_regs (jsc#SLE-4084).
KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl (jsc#SLE-4084).
KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_run (jsc#SLE-4084).
KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_fpu (jsc#SLE-4084).
KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_guest_debug (jsc#SLE-4084).
KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_mpstate (jsc#SLE-4084).
KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_regs (jsc#SLE-4084).
KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_sregs (jsc#SLE-4084).
KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_translate (jsc#SLE-4084).
KVM: PPC: Fix compile error that occurs when CONFIG_ALTIVEC=n (jsc#SLE-4084).
KVM: Prepare for moving vcpu_load/vcpu_put into arch specific code (jsc#SLE-4084).
KVM: SVM: Add a dedicated INVD intercept routine (bsc#1112178).
KVM: SVM: Fix disable pause loop exit/pause filtering capability on SVM (bsc#1176321).
KVM: SVM: fix svn_pin_memory()'s use of get_user_pages_fast() (bsc#1112178).
KVM: Take vcpu->mutex outside vcpu_load (jsc#SLE-4084).
libceph: allow setting abort_on_full for rbd (bsc#1169972).
libnvdimm: cover up nvdimm_security_ops changes (bsc#1171742).
libnvdimm: cover up struct nvdimm changes (bsc#1171742).
libnvdimm/security, acpi/nfit: unify zero-key for all security commands (bsc#1171742).
libnvdimm/security: fix a typo (bsc#1171742 bsc#1167527).
libnvdimm/security: Introduce a 'frozen' attribute (bsc#1171742).
lib/raid6: use vdupq_n_u8 to avoid endianness warnings (git fixes (block drivers)).
md: raid0/linear: fix dereference before null check on pointer mddev (git fixes (block drivers)).
media: davinci: vpif_capture: fix potential double free (git-fixes).
media: pci: ttpci: av7110: fix possible buffer overflow caused by bad DMA value in debiirq() (git-fixes).
mfd: intel-lpss: Add Intel Emmitsburg PCH PCI IDs (git-fixes).
mlx4: disable device on shutdown (git-fixes).
mlxsw: core: Free EMAD transactions using kfree_rcu() (git-fixes).
mlxsw: core: Increase scope of RCU read-side critical section (git-fixes).
mm: Avoid calling build_all_zonelists_init under hotplug context (bsc#1154366).
mmc: cqhci: Add cqhci_deactivate() (git-fixes).
mmc: sdhci-pci: Fix SDHCI_RESET_ALL for CQHCI for Intel GLK-based controllers (git-fixes).
mm/page_alloc.c: fix a crash in free_pages_prepare() (git fixes (mm/pgalloc)).
mm/vmalloc.c: move 'area->pages' after if statement (git fixes (mm/vmalloc)).
mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo (bsc#1175691).
net: dsa: b53: Fix sparse warnings in b53_mmap.c (git-fixes).
net: dsa: b53: Use strlcpy() for ethtool::get_strings (git-fixes).
net: dsa: mv88e6xxx: fix 6085 frame mode masking (git-fixes).
net: dsa: mv88e6xxx: Fix interrupt masking on removal (git-fixes).
net: dsa: mv88e6xxx: Fix name of switch 88E6141 (git-fixes).
net: dsa: mv88e6xxx: fix shift of FID bits in mv88e6185_g1_vtu_loadpurge() (git-fixes).
net: dsa: mv88e6xxx: Unregister MDIO bus on error path (git-fixes).
net: dsa: qca8k: Allow overwriting CPU port setting (git-fixes).
net: dsa: qca8k: Enable RXMAC when bringing up a port (git-fixes).
net: dsa: qca8k: Force CPU port to its highest bandwidth (git-fixes).
net: ethernet: aquantia: Fix wrong return value (git-fixes).
net: ethernet: mlx4: Fix memory allocation in mlx4_buddy_init() (git-fixes).
net: fs_enet: do not call phy_stop() in interrupts (git-fixes).
net: initialize fastreuse on inet_inherit_port (networking-stable-20_08_15).
net: lan78xx: Bail out if lan78xx_get_endpoints fails (git-fixes).
net: lan78xx: replace bogus endpoint lookup (networking-stable-20_08_08).
net: lio_core: fix potential sign-extension overflow on large shift (git-fixes).
net/mlx5: Add meaningful return codes to status_to_err function (git-fixes).
net/mlx5e: Fix error path of device attach (git-fixes).
net/mlx5: E-Switch, Use correct flags when configuring vlan (git-fixes).
net/mlx5e: vxlan: Use RCU for vxlan table lookup (git-fixes).
net/mlx5e: XDP, Avoid checksum complete when XDP prog is loaded (git-fixes).
net/mlx5: Fix a bug of using ptp channel index as pin index (git-fixes).
net: mvneta: fix mtu change on port without link (git-fixes).
net: mvpp2: fix memory leak in mvpp2_rx (git-fixes).
net-next: ax88796: Do not free IRQ in ax_remove() (already freed in ax_close()) (git-fixes).
net/nfc/rawsock.c: add CAP_NET_RAW check (networking-stable-20_08_15).
net: qca_spi: Avoid packet drop during initial sync (git-fixes).
net: qca_spi: Make sure the QCA7000 reset is triggered (git-fixes).
net: qcom/emac: add missed clk_disable_unprepare in error path of emac_clks_phase1_init (git-fixes).
net: refactor bind_bucket fastreuse into helper (networking-stable-20_08_15).
net: smc91x: Fix possible memory leak in smc_drv_probe() (git-fixes).
net/smc: fix dmb buffer shortage (git-fixes).
net/smc: fix restoring of fallback changes (git-fixes).
net/smc: fix sock refcounting in case of termination (git-fixes).
net/smc: improve close of terminated socket (git-fixes).
net/smc: Prevent kernel-infoleak in __smc_diag_dump() (git-fixes).
net/smc: remove freed buffer from list (git-fixes).
net/smc: reset sndbuf_desc if freed (git-fixes).
net/smc: set rx_off for SMCR explicitly (git-fixes).
net/smc: switch smcd_dev_list spinlock to mutex (git-fixes).
net/smc: tolerate future SMCD versions (git-fixes).
net: spider_net: Fix the size used in a 'dma_free_coherent()' call (git-fixes).
net: stmmac: call correct function in stmmac_mac_config_rx_queues_routing() (git-fixes).
net: stmmac: Disable ACS Feature for GMAC >= 4 (git-fixes).
net: stmmac: do not stop NAPI processing when dropping a packet (git-fixes).
net: stmmac: dwmac4: fix flow control issue (git-fixes).
net: stmmac: dwmac_lib: fix interchanged sleep/timeout values in DMA reset function (git-fixes).
net: stmmac: dwmac-meson8b: Add missing boundary to RGMII TX clock array (git-fixes).
net: stmmac: dwmac-meson8b: fix internal RGMII clock configuration (git-fixes).
net: stmmac: dwmac-meson8b: fix setting the RGMII TX clock on Meson8b (git-fixes).
net: stmmac: dwmac-meson8b: Fix the RGMII TX delay on Meson8b/8m2 SoCs (git-fixes).
net: stmmac: dwmac-meson8b: only configure the clocks in RGMII mode (git-fixes).
net: stmmac: dwmac-meson8b: propagate rate changes to the parent clock (git-fixes).
net: stmmac: Fix error handling path in 'alloc_dma_rx_desc_resources()' (git-fixes).
net: stmmac: Fix error handling path in 'alloc_dma_tx_desc_resources()' (git-fixes).
net: stmmac: Fix RX packet size > 8191 (git-fixes).
net: stmmac: rename dwmac4_tx_queue_routing() to match reality (git-fixes).
net: stmmac: set MSS for each tx DMA channel (git-fixes).
net: stmmac: Use correct values in TQS/RQS fields (git-fixes).
net-sysfs: add a newline when printing 'tx_timeout' by sysfs (networking-stable-20_07_29).
net: systemport: Fix software statistics for SYSTEMPORT Lite (git-fixes).
net: systemport: Fix sparse warnings in bcm_sysport_insert_tsb() (git-fixes).
net: tulip: de4x5: Drop redundant MODULE_DEVICE_TABLE() (git-fixes).
net: ucc_geth - fix Oops when changing number of buffers in the ring (git-fixes).
NFS: On fatal writeback errors, we need to call nfs_inode_remove_request() (bsc#1177340).
NFS: Revalidate the file mapping on all fatal writeback errors (bsc#1177340).
NFSv4: don't mark all open state for recovery when handling recallable state revoked flag (bsc#1176935).
nvme: add a Identify Namespace Identification Descriptor list quirk (bsc#1174748).
nvme-fc: set max_segments to lldd max value (bsc#1176038).
nvme-pci: override the value of the controller's numa node (bsc#1176507).
obsolete_kmp: provide newer version than the obsoleted one (boo#1170232).
ocfs2: give applications more IO opportunities during fstrim (bsc#1175228).
PCI: Fix pci_create_slot() reference count leak (git-fixes).
PCI: qcom: Add missing ipq806x clocks in PCIe driver (git-fixes).
PCI: qcom: Add missing reset for ipq806x (git-fixes).
PCI: qcom: Add support for tx term offset for rev 2.1.0 (git-fixes).
PCI: qcom: Define some PARF params needed for ipq8064 SoC (git-fixes).
PCI: rcar: Fix incorrect programming of OB windows (git-fixes).
PM: sleep: core: Fix the handling of pending runtime resume requests (git-fixes).
powerpc/64s: Blacklist functions invoked on a trap (bsc#1094244 ltc#168122).
powerpc/64s: Fix HV NMI vs HV interrupt recoverability test (bsc#1094244 ltc#168122).
powerpc/64s: Fix unrelocated interrupt trampoline address test (bsc#1094244 ltc#168122).
powerpc/64s: Include header file to fix a warning (bsc#1094244 ltc#168122).
powerpc/64s: machine check do not trace real-mode handler (bsc#1094244 ltc#168122).
powerpc/64s: sreset panic if there is no debugger or crash dump handlers (bsc#1094244 ltc#168122).
powerpc/64s: system reset interrupt preserve HSRRs (bsc#1094244 ltc#168122).
powerpc: Add cputime_to_nsecs() (bsc#1065729).
powerpc/book3s64/radix: Add kernel command line option to disable radix GTSE (bsc#1055186 ltc#153436).
powerpc/book3s64/radix: Fix boot failure with large amount of guest memory (bsc#1176022 ltc#187208).
powerpc: Implement ftrace_enabled() helpers (bsc#1094244 ltc#168122).
powerpc/init: Do not advertise radix during client-architecture-support (bsc#1055186 ltc#153436 ).
powerpc/kernel: Cleanup machine check function declarations (bsc#1065729).
powerpc/kernel: Enables memory hot-remove after reboot on pseries guests (bsc#1177030 ltc#187588).
powerpc/mm: Enable radix GTSE only if supported (bsc#1055186 ltc#153436).
powerpc/mm: Limit resize_hpt_for_hotplug() call to hash guests only (bsc#1177030 ltc#187588).
powerpc/mm: Move book3s64 specifics in subdirectory mm/book3s64 (bsc#1176022 ltc#187208).
powerpc/powernv: Remove real mode access limit for early allocations (bsc#1176022 ltc#187208).
powerpc/prom: Enable Radix GTSE in cpu pa-features (bsc#1055186 ltc#153436).
powerpc/pseries/le: Work around a firmware quirk (bsc#1094244 ltc#168122).
powerpc/pseries: lift RTAS limit for radix (bsc#1176022 ltc#187208).
powerpc/pseries: Limit machine check stack to 4GB (bsc#1094244 ltc#168122).
powerpc/pseries: Machine check use rtas_call_unlocked() with args on stack (bsc#1094244 ltc#168122).
powerpc/pseries: radix is not subject to RMA limit, remove it (bsc#1176022 ltc#187208).
powerpc/pseries/ras: Avoid calling rtas_token() in NMI paths (bsc#1094244 ltc#168122).
powerpc/pseries/ras: Fix FWNMI_VALID off by one (bsc#1094244 ltc#168122).
powerpc/pseries/ras: fwnmi avoid modifying r3 in error case (bsc#1094244 ltc#168122).
powerpc/pseries/ras: fwnmi sreset should not interlock (bsc#1094244 ltc#168122).
powerpc/traps: Do not trace system reset (bsc#1094244 ltc#168122).
powerpc/traps: fix recoverability of machine check handling on book3s/32 (bsc#1094244 ltc#168122).
powerpc/traps: Make unrecoverable NMIs die instead of panic (bsc#1094244 ltc#168122).
powerpc/xmon: Use `dcbf` inplace of `dcbi` instruction for 64bit Book3S (bsc#1065729).
rcu: Do RCU GP kthread self-wakeup from softirq and interrupt (git fixes (rcu)).
rpadlpar_io: Add MODULE_DESCRIPTION entries to kernel modules (bsc#1176869 ltc#188243).
rpm/check-for-config-changes: Ignore CONFIG_CC_VERSION_TEXT
rpm/check-for-config-changes: Ignore CONFIG_LD_VERSION
rpm/constraints.in: Increase memory for kernel-docs References: https://build.opensuse.org/request/show/792664
rpm/constraints.in: recognize also kernel-source-azure (bsc#1176732)
rpm: drop execute permissions on source files Sometimes a source file with execute permission appears in upstream repository and makes it into our kernel-source packages. This is caught by OBS build checks and may even result in build failures. Sanitize the source tree by removing execute permissions from all C source and header files.
rpm/kabi.pl: account for namespace field being moved last Upstream is moving the namespace field in Module.symvers last in order to preserve backwards compatibility with kmod tools (depmod, etc). Fix the kabi.pl script to expect the namespace field last. Since split() ignores trailing empty fields and delimeters, switch to using tr to count how many fields/tabs are in a line. Also, in load_symvers(), pass LIMIT of -1 to split() so it does not strip trailing empty fields, as namespace is an optional field.
rpm/kernel-binary.spec.in: Also sign ppc64 kernels (jsc#SLE-15857 jsc#SLE-13618).
rpm/kernel-cert-subpackage: add CA check on key enrollment (bsc#1173115)
rpm/kernel-obs-build.spec.in: add dm-crypt for building with cryptsetup Co-Authored-By: Adam Spiers
rpm/kernel-obs-build.spec.in: Enable overlayfs Overlayfs is needed for podman or docker builds when no more specific driver can be used (like lvm or btrfs). As the default build fs is ext4 currently, we need overlayfs kernel modules to be available.
rpm/kernel-source.spec.in: Add obsolete_rebuilds (boo#1172073).
rpm/kernel-source.spec.in: Also use bz compression (boo#1175882).
rpm/macros.kernel-source: pass -c proerly in kernel module package (bsc#1176698)
rpm/mkspec-dtb: add mt76 based dtb package
rpm/package-descriptions: garbege collection remove old ARM and Xen flavors.
rtlwifi: rtl8192cu: Prevent leaking urb (git-fixes).
rxrpc: Fix race between recvmsg and sendmsg on immediate call failure (networking-stable-20_08_08).
rxrpc: Fix sendmsg() returning EPIPE due to recvmsg() returning ENODATA (networking-stable-20_07_29).
s390/mm: fix huge pte soft dirty copying (git-fixes).
s390/qeth: do not process empty bridge port events (git-fixes).
s390/qeth: integrate RX refill worker with NAPI (git-fixes).
s390/qeth: tolerate pre-filled RX buffer (git-fixes).
sched/deadline: Initialize ->dl_boosted (bsc#1112178).
scsi: fcoe: Memory leak fix in fcoe_sysfs_fcf_del() (bsc#1174899).
scsi: hisi_sas: Fix a timeout race of driver internal and SMP IO (bsc#1140683).
scsi: ibmvfc: Avoid link down on FS9100 canister reboot (bsc#1176962 ltc#188304).
scsi: ibmvfc: Use compiler attribute defines instead of __attribute__() (bsc#1176962 ltc#188304).
scsi: iscsi: iscsi_tcp: Avoid holding spinlock while calling getpeername() (bsc#1177258).
scsi: libfc: Fix for double free() (bsc#1174899).
scsi: libfc: free response frame from GPN_ID (bsc#1174899).
scsi: libfc: Free skb in fc_disc_gpn_id_resp() for valid cases (bsc#1174899).
scsi: lpfc: Add and rename a whole bunch of function parameter descriptions (bsc#1171558 bsc#1136666).
scsi: lpfc: Add dependency on CPU_FREQ (git-fixes).
scsi: lpfc: Add description for lpfc_release_rpi()'s 'ndlpl param (bsc#1171558 bsc#1136666).
scsi: lpfc: Add missing misc_deregister() for lpfc_init() (bsc#1171558 bsc#1136666).
scsi: lpfc: Ensure variable has the same stipulations as code using it (bsc#1171558 bsc#1136666).
scsi: lpfc: Fix a bunch of kerneldoc misdemeanors (bsc#1171558 bsc#1136666).
scsi: lpfc: Fix FCoE speed reporting (bsc#1171558 bsc#1136666).
scsi: lpfc: Fix kerneldoc parameter formatting/misnaming/missing issues (bsc#1171558 bsc#1136666).
scsi: lpfc: Fix LUN loss after cable pull (bsc#1171558 bsc#1136666).
scsi: lpfc: Fix no message shown for lpfc_hdw_queue out of range value (bsc#1171558 bsc#1136666).
scsi: lpfc: Fix oops when unloading driver while running mds diags (bsc#1171558 bsc#1136666).
scsi: lpfc: Fix retry of PRLI when status indicates its unsupported (bsc#1171558 bsc#1136666).
scsi: lpfc: Fix RSCN timeout due to incorrect gidft counter (bsc#1171558 bsc#1136666).
scsi: lpfc: Fix setting IRQ affinity with an empty CPU mask (git-fixes).
scsi: lpfc: Fix some function parameter descriptions (bsc#1171558 bsc#1136666).
scsi: lpfc: Fix typo in comment for ULP (bsc#1171558 bsc#1136666).
scsi: lpfc: Fix-up around 120 documentation issues (bsc#1171558 bsc#1136666).
scsi: lpfc: Fix-up formatting/docrot where appropriate (bsc#1171558 bsc#1136666).
scsi: lpfc: Fix validation of bsg reply lengths (bsc#1171558 bsc#1136666).
scsi: lpfc: NVMe remote port devloss_tmo from lldd (bsc#1171558 bsc#1136666 bsc#1173060).
scsi: lpfc: nvmet: Avoid hang / use-after-free again when destroying targetport (bsc#1171558 bsc#1136666).
scsi: lpfc: Provide description for lpfc_mem_alloc()'s 'align' param (bsc#1171558 bsc#1136666).
scsi: lpfc: Quieten some printks (bsc#1171558 bsc#1136666).
scsi: lpfc: Remove unused variable 'pg_addr' (bsc#1171558 bsc#1136666).
scsi: lpfc: Update lpfc version to 12.8.0.3 (bsc#1171558 bsc#1136666).
scsi: lpfc: Use __printf() format notation (bsc#1171558 bsc#1136666).
scsi: qla2xxx: Add IOCB resource tracking (bsc#1176946 bsc#1175520 bsc#1172538).
scsi: qla2xxx: Add rport fields in debugfs (bsc#1176946 bsc#1175520 bsc#1172538).
scsi: qla2xxx: Add SLER and PI control support (bsc#1176946 bsc#1175520 bsc#1172538).
scsi: qla2xxx: Allow dev_loss_tmo setting for FC-NVMe devices (bsc#1176946 bsc#1175520 bsc#1172538).
scsi: qla2xxx: Correct the check for sscanf() return value (bsc#1176946 bsc#1175520 bsc#1172538).
scsi: qla2xxx: Fix buffer-buffer credit extraction error (bsc#1176946 bsc#1175520 bsc#1172538).
scsi: qla2xxx: Fix crash on session cleanup with unload (bsc#1176946 bsc#1175520 bsc#1172538).
scsi: qla2xxx: Fix inconsistent format argument type in qla_dbg.c (bsc#1176946 bsc#1175520 bsc#1172538).
scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c (bsc#1176946 bsc#1175520 bsc#1172538).
scsi: qla2xxx: Fix inconsistent format argument type in tcm_qla2xxx.c (bsc#1176946 bsc#1175520 bsc#1172538).
scsi: qla2xxx: Fix I/O errors during LIP reset tests (bsc#1176946 bsc#1175520 bsc#1172538).
scsi: qla2xxx: Fix I/O failures during remote port toggle testing (bsc#1176946 bsc#1175520 bsc#1172538).
scsi: qla2xxx: Fix memory size truncation (bsc#1176946 bsc#1175520 bsc#1172538).
scsi: qla2xxx: Fix MPI reset needed message (bsc#1176946 bsc#1175520 bsc#1172538).
scsi: qla2xxx: Fix point-to-point (N2N) device discovery issue (bsc#1176946 bsc#1175520 bsc#1172538).
scsi: qla2xxx: Fix regression on sparc64 (git-fixes).
scsi: qla2xxx: Fix reset of MPI firmware (bsc#1176946 bsc#1175520 bsc#1172538).
scsi: qla2xxx: Fix the return value (bsc#1171688).
scsi: qla2xxx: Fix the size used in a 'dma_free_coherent()' call (bsc#1171688).
scsi: qla2xxx: Fix wrong return value in qla_nvme_register_hba() (bsc#1171688).
scsi: qla2xxx: Fix wrong return value in qlt_chk_unresolv_exchg() (bsc#1171688).
scsi: qla2xxx: Handle incorrect entry_type entries (bsc#1171688).
scsi: qla2xxx: Honor status qualifier in FCP_RSP per spec (bsc#1176946 bsc#1175520 bsc#1172538).
scsi: qla2xxx: Log calling function name in qla2x00_get_sp_from_handle() (bsc#1171688).
scsi: qla2xxx: Make tgt_port_database available in initiator mode (bsc#1176946 bsc#1175520 bsc#1172538).
scsi: qla2xxx: Performance tweak (bsc#1176946 bsc#1175520 bsc#1172538).
scsi: qla2xxx: Reduce duplicate code in reporting speed (bsc#1176946 bsc#1175520 bsc#1172538).
scsi: qla2xxx: Remove pci-dma-compat wrapper API (bsc#1171688).
scsi: qla2xxx: Remove redundant variable initialization (bsc#1171688).
scsi: qla2xxx: Remove superfluous memset() (bsc#1171688).
scsi: qla2xxx: Remove unneeded variable 'rval' (bsc#1176946 bsc#1175520 bsc#1172538).
scsi: qla2xxx: Setup debugfs entries for remote ports (bsc#1176946 bsc#1175520 bsc#1172538).
scsi: qla2xxx: Simplify return value logic in qla2x00_get_sp_from_handle() (bsc#1171688).
scsi: qla2xxx: Suppress two recently introduced compiler warnings (git-fixes).
scsi: qla2xxx: Update version to 10.02.00.102-k (bsc#1176946 bsc#1175520 bsc#1172538).
scsi: qla2xxx: Update version to 10.02.00.103-k (bsc#1176946 bsc#1175520 bsc#1172538).
scsi: qla2xxx: Warn if done() or free() are called on an already freed srb (bsc#1171688).
Set CONFIG_HAVE_KVM_VCPU_ASYNC_IOCTL=y (jsc#SLE-4084).
Set VIRTIO_CONSOLE=y (bsc#1175667).
sign also s390x kernel images (bsc#1163524)
SMB3: Honor persistent/resilient handle flags for multiuser mounts (bsc#1176546).
SMB3: Honor 'seal' flag for multiuser mounts (bsc#1176545).
SMB3: warn on confusing error scenario with sec=krb5 (bsc#1176548).
stmmac: Do not access tx_q->dirty_tx before netif_tx_lock (git-fixes).
tcp: apply a floor of 1 for RTT samples from TCP timestamps (networking-stable-20_08_08).
thermal: ti-soc-thermal: Fix bogus thermal shutdowns for omap4430 (git-fixes).
USB: cdc-acm: rework notification_buffer resizing (git-fixes).
USB: core: fix slab-out-of-bounds Read in read_descriptors (git-fixes).
USB: Fix out of sync data toggle if a configured device is reconfigured (git-fixes).
USB: gadget: f_ncm: add bounds checks to ncm_unwrap_ntb() (git-fixes).
USB: gadget: f_tcm: Fix some resource leaks in some error paths (git-fixes).
USB: gadget: u_f: add overflow checks to VLA macros (git-fixes).
USB: gadget: u_f: Unbreak offset calculation in VLAs (git-fixes).
USB: host: ohci-exynos: Fix error handling in exynos_ohci_probe() (git-fixes).
USB: hso: check for return value in hso_serial_common_create() (networking-stable-20_08_08).
USB: Ignore UAS for JMicron JMS567 ATA/ATAPI Bridge (git-fixes).
usblp: fix race between disconnect() and read() (git-fixes).
USB: lvtest: return proper error code in probe (git-fixes).
usbnet: ipheth: fix potential null pointer dereference in ipheth_carrier_set (git-fixes).
USB: quirks: Add no-lpm quirk for another Raydium touchscreen (git-fixes).
USB: quirks: Add USB_QUIRK_IGNORE_REMOTE_WAKEUP quirk for BYD zhaoxin notebook (git-fixes).
USB: quirks: Ignore duplicate endpoint on Sound Devices MixPre-D (git-fixes).
USB: rename USB quirk to USB_QUIRK_ENDPOINT_IGNORE (git-fixes).
USB: serial: ftdi_sio: add IDs for Xsens Mti USB converter (git-fixes).
USB: serial: ftdi_sio: clean up receive processing (git-fixes).
USB: serial: ftdi_sio: fix break and sysrq handling (git-fixes).
USB: serial: ftdi_sio: make process-packet buffer unsigned (git-fixes).
USB: serial: option: add support for SIM7070/SIM7080/SIM7090 modules (git-fixes).
USB: serial: option: support dynamic Quectel USB compositions (git-fixes).
USB: serial: qcserial: add EM7305 QDL product ID (git-fixes).
USB: sisusbvga: Fix a potential UB casued by left shifting a negative value (git-fixes).
USB: storage: Add unusual_uas entry for Sony PSZ drives (git-fixes).
USB: typec: ucsi: acpi: Check the _DEP dependencies (git-fixes).
USB: uas: Add quirk for PNY Pro Elite (git-fixes).
USB: UAS: fix disconnect by unplugging a hub (git-fixes).
USB: xhci: define IDs for various ASMedia host controllers (git-fixes).
USB: xhci: Fix ASMedia ASM1142 DMA addressing (git-fixes).
USB: yurex: Fix bad gfp argument (git-fixes).
virtio-blk: free vblk-vqs in error path of virtblk_probe() (git fixes (block drivers)).
vrf: prevent adding upper devices (git-fixes).
vxge: fix return of a free'd memblock on a failed dma mapping (git-fixes).
vxlan: Ensure FDB dump is performed under RCU (git-fixes).
x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task (bsc#1112178).
x86/hyperv: Create and use Hyper-V page definitions (git-fixes).
x86/mce/inject: Fix a wrong assignment of i_mce.status (bsc#1112178).
x86/unwind/orc: Fix ORC for newly forked tasks (bsc#1058115).
xen/balloon: fix accounting in alloc_xenballooned_pages error path (bsc#1065600).
xen/balloon: make the balloon wait interruptible (bsc#1065600).
xen: do not reschedule in preemption off sections (bsc#1175749).
xhci: Do warm-reset when both CAS and XDEV_RESUME are set (git-fixes).

Advisory ID	SUSE-SU-2020:3513-1
Released	Wed Nov 25 10:47:01 2020
Summary	Security update for the Linux Kernel
Type	security
Severity	important
References	1055014,1058115,1061843,1065600,1065729,1066382,1077428,1112178,1131277,1134760,1163592,1167030,1170415,1170446,1171558,1172873,1173432,1174748,1175306,1175721,1176354,1176485,1176560,1176713,1176723,1176855,1176907,1176983,1177086,1177101,1177271,1177281,1177410,1177411,1177470,1177685,1177687,1177703,1177719,1177724,1177725,1177740,1177749,1177750,1177753,1177754,1177755,1177762,1177766,1177819,1177820,1177855,1177856,1177861,1178003,1178027,1178123,1178166,1178185,1178187,1178188,1178202,1178234,1178330,1178393,1178589,1178591,1178622,1178686,1178765,1178782,1178838,927455,CVE-2020-0430,CVE-2020-12351,CVE-2020-12352,CVE-2020-14351,CVE-2020-16120,CVE-2020-25285,CVE-2020-25656,CVE-2020-25668,CVE-2020-25704,CVE-2020-25705,CVE-2020-8694

Description:

The SUSE Linux Enterprise 15 SP1 RT kernel was updated to receive various security and bug fixes.

The following security bugs were fixed:

CVE-2020-25705: A flaw in the way reply ICMP packets are limited in was found that allowed to quickly scan open UDP ports. This flaw allowed an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software and services that rely on UDP source port randomization (like DNS) are indirectly affected as well. Kernel versions may be vulnerable to this issue (bsc#1175721, bsc#1178782).
CVE-2020-8694: Insufficient access control for some Intel(R) Processors may have allowed an authenticated user to potentially enable information disclosure via local access (bsc#1170415).
CVE-2020-25704: Fixed a memory leak in perf_event_parse_addr_filter() (bsc#1178393).
CVE-2020-25668: Fixed a use-after-free in con_font_op() (bsc#1178123).
CVE-2020-25656: Fixed a concurrency use-after-free in vt_do_kdgkb_ioctl (bnc#1177766).
CVE-2020-25285: Fixed a race condition between hugetlb sysctl handlers in mm/hugetlb.c (bnc#1176485).
CVE-2020-0430: Fixed an OOB read in skb_headlen of /include/linux/skbuff.h (bnc#1176723).
CVE-2020-14351: Fixed a race in the perf_mmap_close() function (bsc#1177086).
CVE-2020-16120: Fixed permission check to open real file when using overlayfs. It was possible to have a file not readable by an unprivileged user be copied to a mountpoint controlled by that user and then be able to access the file (bsc#1177470).
CVE-2020-12351: Fixed a type confusion while processing AMP packets aka 'BleedingTooth' aka 'BadKarma' (bsc#1177724).
CVE-2020-12352: Fixed an information leak when processing certain AMP packets aka 'BleedingTooth' (bsc#1177725).

The following non-security bugs were fixed:

9P: Cast to loff_t before multiplying (git-fixes).
acpi-cpufreq: Honor _PSD table setting on new AMD CPUs (git-fixes).
ACPI: debug: do not allow debugging when ACPI is disabled (git-fixes).
ACPI: dock: fix enum-conversion warning (git-fixes).
ACPI / extlog: Check for RDMSR failure (git-fixes).
ACPI: NFIT: Fix comparison to '-ENXIO' (git-fixes).
ACPI: video: use ACPI backlight for HP 635 Notebook (git-fixes).
ALSA: bebob: potential info leak in hwdep_read() (git-fixes).
ALSA: compress_offload: remove redundant initialization (git-fixes).
ALSA: core: init: use DECLARE_COMPLETION_ONSTACK() macro (git-fixes).
ALSA: core: pcm: simplify locking for timers (git-fixes).
ALSA: core: timer: clarify operator precedence (git-fixes).
ALSA: core: timer: remove redundant assignment (git-fixes).
ALSA: ctl: Workaround for lockdep warning wrt card->ctl_files_rwlock (git-fixes).
ALSA: hda: auto_parser: remove shadowed variable declaration (git-fixes).
ALSA: hda - Do not register a cb func if it is registered already (git-fixes).
ALSA: hda - Fix the return value if cb func is already registered (git-fixes).
ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link() (git-fixes).
ALSA: hda/realtek - Add mute Led support for HP Elitebook 845 G7 (git-fixes).
ALSA: hda/realtek: Enable audio jacks of ASUS D700SA with ALC887 (git-fixes).
ALSA: hda/realtek - The front Mic on a HP machine does not work (git-fixes).
ALSA: hda: use semicolons rather than commas to separate statements (git-fixes).
ALSA: mixart: Correct comment wrt obsoleted tasklet usage (git-fixes).
ALSA: rawmidi: (cosmetic) align function parameters (git-fixes).
ALSA: seq: oss: Avoid mutex lock for a long-time ioctl (git-fixes).
ALSA: usb-audio: Add mixer support for Pioneer DJ DJM-250MK2 (git-fixes).
ALSA: usb-audio: endpoint.c: fix repeated word 'there' (git-fixes).
ALSA: usb-audio: fix spelling mistake 'Frequence' -> 'Frequency' (git-fixes).
ASoC: qcom: lpass-cpu: fix concurrency issue (git-fixes).
ASoC: qcom: lpass-platform: fix memory leak (git-fixes).
ata: sata_rcar: Fix DMA boundary mask (git-fixes).
ath10k: check idx validity in __ath10k_htt_rx_ring_fill_n() (git-fixes).
ath10k: Fix the size used in a 'dma_free_coherent()' call in an error handling path (git-fixes).
ath10k: fix VHT NSS calculation when STBC is enabled (git-fixes).
ath10k: provide survey info as accumulated data (git-fixes).
ath10k: start recovery process when payload length exceeds max htc length for sdio (git-fixes).
ath6kl: prevent potential array overflow in ath6kl_add_new_sta() (git-fixes).
ath6kl: wmi: prevent a shift wrapping bug in ath6kl_wmi_delete_pstream_cmd() (git-fixes).
ath9k: Fix potential out of bounds in ath9k_htc_txcompletion_cb() (git-fixes).
ath9k: hif_usb: fix race condition between usb_get_urb() and usb_kill_anchored_urbs() (git-fixes).
backlight: sky81452-backlight: Fix refcount imbalance on error (git-fixes).
blacklist.conf: 11d6761218d1 mm, memcg: fix error return value of mem_cgroup_css_alloc()
blk-mq: order adding requests to hctx->dispatch and checking SCHED_RESTART (bsc#1177750).
block: ensure bdi->io_pages is always initialized (bsc#1177749).
Bluetooth: MGMT: Fix not checking if BT_HS is enabled (git-fixes).
Bluetooth: Only mark socket zapped after unlocking (git-fixes).
bnxt: do not enable NAPI until rings are ready (networking-stable-20_09_11).
bnxt_en: Check for zero dir entries in NVRAM (networking-stable-20_09_11).
bpf: Zero-fill re-used per-cpu map element (git-fixes).
brcm80211: fix possible memleak in brcmf_proto_msgbuf_attach (git-fixes).
brcmfmac: check ndev pointer (git-fixes).
brcmsmac: fix memory leak in wlc_phy_attach_lcnphy (git-fixes).
btrfs: check the right error variable in btrfs_del_dir_entries_in_log (bsc#1177687).
btrfs: do not force read-only after error in drop snapshot (bsc#1176354).
btrfs: do not set the full sync flag on the inode during page release (bsc#1177687).
btrfs: fix incorrect updating of log root tree (bsc#1177687).
btrfs: fix race between page release and a fast fsync (bsc#1177687).
btrfs: only commit delayed items at fsync if we are logging a directory (bsc#1177687).
btrfs: only commit the delayed inode when doing a full fsync (bsc#1177687).
btrfs: qgroup: fix qgroup meta rsv leak for subvolume operations (bsc#1177856).
btrfs: qgroup: fix wrong qgroup metadata reserve for delayed inode (bsc#1177855).
btrfs: reduce contention on log trees when logging checksums (bsc#1177687).
btrfs: release old extent maps during page release (bsc#1177687).
btrfs: remove no longer needed use of log_writers for the log root tree (bsc#1177687).
btrfs: remove root usage from can_overcommit (bsc#1131277).
btrfs: stop incremening log_batch for the log root tree when syncing log (bsc#1177687).
btrfs: take overcommit into account in inc_block_group_ro (bsc#1176560).
btrfs: tree-checker: fix false alert caused by legacy btrfs root item (bsc#1177861).
bus/fsl_mc: Do not rely on caller to provide non NULL mc_io (git-fixes).
can: can_create_echo_skb(): fix echo skb generation: always use skb_clone() (git-fixes).
can: c_can: reg_map_{c,d}_can: mark as __maybe_unused (git-fixes).
can: dev: __can_get_echo_skb(): fix real payload length return value for RTR frames (git-fixes).
can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context (git-fixes).
can: flexcan: flexcan_chip_stop(): add error handling and propagate error value (git-fixes).
can: peak_canfd: pucan_handle_can_rx(): fix echo management when loopback is on (git-fixes).
can: peak_usb: add range checking in decode operations (git-fixes).
can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping (git-fixes).
can: rx-offload: do not call kfree_skb() from IRQ context (git-fixes).
can: softing: softing_card_shutdown(): add braces around empty body in an 'if' statement (git-fixes).
ceph: fix memory leak in ceph_cleanup_snapid_map() (bsc#1178234).
ceph: map snapid to anonymous bdev ID (bsc#1178234).
ceph: promote to unsigned long long before shifting (bsc#1178187).
clk: at91: clk-main: update key before writing AT91_CKGR_MOR (git-fixes).
clk: at91: remove the checking of parent_name (git-fixes).
clk: bcm2835: add missing release if devm_clk_hw_register fails (git-fixes).
clk: imx8mq: Fix usdhc parents order (git-fixes).
clk: ti: clockdomain: fix static checker warning (git-fixes).
coredump: fix crash when umh is disabled (bsc#1177753).
crypto: algif_skcipher - EBUSY on aio should be an error (git-fixes).
crypto: bcm - Verify GCM/CCM key length in setkey (git-fixes).
crypto: ccp - fix error handling (git-fixes).
crypto: ixp4xx - Fix the size used in a 'dma_free_coherent()' call (git-fixes).
crypto: mediatek - Fix wrong return value in mtk_desc_ring_alloc() (git-fixes).
crypto: omap-sham - fix digcnt register handling with export/import (git-fixes).
cxl: Rework error message for incompatible slots (bsc#1055014 git-fixes).
cypto: mediatek - fix leaks in mtk_desc_ring_alloc (git-fixes).
device property: Do not clear secondary pointer for shared primary firmware node (git-fixes).
device property: Keep secondary firmware node secondary by type (git-fixes).
dmaengine: dma-jz4780: Fix race in jz4780_dma_tx_status (git-fixes).
drbd: code cleanup by using sendpage_ok() to check page for kernel_sendpage() (bsc#1172873).
drm/amd/display: Do not invoke kgdb_breakpoint() unconditionally (git-fixes).
drm/amd/display: HDMI remote sink need mode validation for Linux (git-fixes).
drm/amdgpu: do not map BO in reserved region (git-fixes).
drm/amdgpu: prevent double kfree ttm->sg (git-fixes).
drm/bridge/synopsys: dsi: add support for non-continuous HS clock (git-fixes).
drm/brige/megachips: Add checking if ge_b850v3_lvds_init() is working correctly (git-fixes).
drm/gma500: fix error check (git-fixes).
drm/i915: Break up error capture compression loops with cond_resched() (git-fixes).
drm/i915: Force VT'd workarounds when running as a guest OS (git-fixes).
drm/imx: tve remove extraneous type qualifier (git-fixes).
drm/msm: Drop debug print in _dpu_crtc_setup_lm_bounds() (git-fixes).
drm/nouveau/mem: guard against NULL pointer access in mem_del (git-fixes).
drm/ttm: fix eviction valuable range check (git-fixes).
drm/vc4: drv: Add error handding for bind (git-fixes).
Drop sysctl files for dropped archs, add ppc64le and arm64 (bsc#1178838).
EDAC/i5100: Fix error handling order in i5100_init_one() (bsc#1112178).
eeprom: at25: set minimum read/write access stride to 1 (git-fixes).
efivarfs: Replace invalid slashes with exclamation marks in dentries (git-fixes).
Fix use after free in get_capset_info callback (git-fixes).
ftrace: Fix recursion check for NMI test (git-fixes).
ftrace: Handle tracing when switching between context (git-fixes).
gre6: Fix reception with IP6_TNL_F_RCV_DSCP_COPY (networking-stable-20_08_24).
gtp: add GTPA_LINK info to msg sent to userspace (networking-stable-20_09_11).
HID: roccat: add bounds checking in kone_sysfs_write_settings() (git-fixes).
HID: wacom: Avoid entering wacom_wac_pen_report for pad / battery (git-fixes).
hv_netvsc: Add XDP support (bsc#1177819, bsc#1177820).
hv_netvsc: Fix XDP refcnt for synthetic and VF NICs (bsc#1177819, bsc#1177820).
hyperv_fb: Update screen_info after removing old framebuffer (bsc#1175306).
i2c: imx: Fix external abort on interrupt in exit paths (git-fixes).
ibmveth: Identify ingress large send packets (bsc#1178185 ltc#188897).
ibmveth: Switch order of ibmveth_helper calls (bsc#1061843 git-fixes).
ibmvnic: fix ibmvnic_set_mac (bsc#1066382 ltc#160943 git-fixes).
ibmvnic: save changed mac address to adapter->mac_addr (bsc#1134760 ltc#177449 git-fixes).
icmp: randomize the global rate limiter (git-fixes).
iio:accel:bma180: Fix use of true when should be iio_shared_by enum (git-fixes).
iio:adc:max1118 Fix alignment of timestamp and data leak issues (git-fixes).
iio:adc:ti-adc0832 Fix alignment issue with timestamp (git-fixes).
iio:adc:ti-adc12138 Fix alignment issue with timestamp (git-fixes).
iio:dac:ad5592r: Fix use of true for IIO_SHARED_BY_TYPE (git-fixes).
iio:gyro:itg3200: Fix timestamp alignment and prevent data leak (git-fixes).
iio:light:si1145: Fix timestamp alignment and prevent data leak (git-fixes).
iio:magn:hmc5843: Fix passing true where iio_shared_by enum required (git-fixes).
ima: Remove semicolon at the end of ima_get_binary_runtime_size() (git-fixes).
include/linux/swapops.h: correct guards for non_swap_entry() (git-fixes (mm/swap)).
Input: ep93xx_keypad - fix handling of platform_get_irq() error (git-fixes).
Input: i8042 - add nopnp quirk for Acer Aspire 5 A515 (git-fixes).
Input: imx6ul_tsc - clean up some errors in imx6ul_tsc_resume() (git-fixes).
Input: omap4-keypad - fix handling of platform_get_irq() error (git-fixes).
Input: sun4i-ps2 - fix handling of platform_get_irq() error (git-fixes).
Input: twl4030_keypad - fix handling of platform_get_irq() error (git-fixes).
iomap: Make sure iomap_end is called after iomap_begin (bsc#1177754).
ip: fix tos reflection in ack and reset packets (networking-stable-20_09_24).
ipv4: Restore flowi4_oif update before call to xfrm_lookup_route (git-fixes).
iwlwifi: mvm: split a print to avoid a WARNING in ROC (git-fixes).
kbuild: enforce -Werror=return-type (bsc#1177281).
kthread_worker: prevent queuing delayed work from timer_fn when it is being canceled (git-fixes).
leds: bcm6328, bcm6358: use devres LED registering function (git-fixes).
leds: mt6323: move period calculation (git-fixes).
libceph: clear con->out_msg on Policy::stateful_server faults (bsc#1178188).
libceph: use sendpage_ok() in ceph_tcp_sendpage() (bsc#1172873).
lib/crc32.c: fix trivial typo in preprocessor condition (git-fixes).
mac80211: handle lack of sband->bitrates in rates (git-fixes).
mailbox: avoid timer start from callback (git-fixes).
media: ati_remote: sanity check for both endpoints (git-fixes).
media: bdisp: Fix runtime PM imbalance on error (git-fixes).
media: exynos4-is: Fix a reference count leak due to pm_runtime_get_sync (git-fixes).
media: exynos4-is: Fix a reference count leak (git-fixes).
media: exynos4-is: Fix several reference count leaks due to pm_runtime_get_sync (git-fixes).
media: firewire: fix memory leak (git-fixes).
media: m5mols: Check function pointer in m5mols_sensor_power (git-fixes).
media: media/pci: prevent memory leak in bttv_probe (git-fixes).
media: omap3isp: Fix memleak in isp_probe (git-fixes).
media: platform: fcp: Fix a reference count leak (git-fixes).
media: platform: Improve queue set up flow for bug fixing (git-fixes).
media: platform: s3c-camif: Fix runtime PM imbalance on error (git-fixes).
media: platform: sti: hva: Fix runtime PM imbalance on error (git-fixes).
media: Revert 'media: exynos4-is: Add missed check for pinctrl_lookup_state()' (git-fixes).
media: s5p-mfc: Fix a reference count leak (git-fixes).
media: saa7134: avoid a shift overflow (git-fixes).
media: st-delta: Fix reference count leak in delta_run_work (git-fixes).
media: sti: Fix reference count leaks (git-fixes).
media: tc358743: initialize variable (git-fixes).
media: ti-vpe: Fix a missing check and reference count leak (git-fixes).
media: tuner-simple: fix regression in simple_set_radio_freq (git-fixes).
media: tw5864: check status of tw5864_frameinterval_get (git-fixes).
media: usbtv: Fix refcounting mixup (git-fixes).
media: uvcvideo: Ensure all probed info is returned to v4l2 (git-fixes).
media: vsp1: Fix runtime PM imbalance on error (git-fixes).
memcg: fix NULL pointer dereference in __mem_cgroup_usage_unregister_event (bsc#1177703).
memory: fsl-corenet-cf: Fix handling of platform_get_irq() error (git-fixes).
memory: omap-gpmc: Fix a couple off by ones (git-fixes).
mfd: sm501: Fix leaks in probe() (git-fixes).
mic: vop: copy data to kernel space then write to io memory (git-fixes).
misc: mic: scif: Fix error handling path (git-fixes).
misc: rtsx: Fix memory leak in rtsx_pci_probe (git-fixes).
misc: vop: add round_up(x,4) for vring_size to avoid kernel panic (git-fixes).
mlx5 PPC ringsize workaround (bsc#1173432).
mlx5: remove support for ib_get_vector_affinity (bsc#1174748).
mmc: sdhci-of-esdhc: Handle pulse width detection erratum for more SoCs (git-fixes).
mmc: sdhci-of-esdhc: set timeout to max before tuning (git-fixes).
mmc: sdio: Check for CISTPL_VERS_1 buffer size (git-fixes).
mm/huge_memory.c: use head to check huge zero page (git-fixes (mm/thp)).
mm: hugetlb: switch to css_tryget() in hugetlb_cgroup_charge_cgroup() (git-fixes (mm/hugetlb)).
mm/ksm.c: do not WARN if page is still mapped in remove_stable_node() (git-fixes (mm/hugetlb)).
mm/memcg: fix refcount error while moving and swapping (bsc#1178686).
mm: memcg: switch to css_tryget() in get_mem_cgroup_from_mm() (bsc#1177685).
mm/mempolicy.c: fix out of bounds write in mpol_parse_str() (git-fixes (mm/mempolicy)).
mm/mempolicy.c: use match_string() helper to simplify the code (git-fixes (mm/mempolicy)).
mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking page tables prot_numa (git-fixes (mm/numa)).
mm/page_owner.c: remove drain_all_pages from init_early_allocated_pages (git-fixes (mm/debug)).
mm/page-writeback.c: avoid potential division by zero in wb_min_max_ratio() (git-fixes (mm/writeback)).
mm/page-writeback.c: improve arithmetic divisions (git-fixes (mm/writeback)).
mm/page-writeback.c: use div64_ul() for u64-by-unsigned-long divide (git-fixes (mm/writeback)).
mm/rmap: fixup copying of soft dirty and uffd ptes (git-fixes (mm/rmap)).
mm/zsmalloc.c: fix build when CONFIG_COMPACTION=n (git-fixes (mm/zsmalloc)).
mm/zsmalloc.c: fix race condition in zs_destroy_pool (git-fixes (mm/zsmalloc)).
mm/zsmalloc.c: fix the migrated zspage statistics (git-fixes (mm/zsmalloc)).
mm/zsmalloc.c: migration can leave pages in ZS_EMPTY indefinitely (git-fixes (mm/zsmalloc)).
Move the upstreamed bluetooth fix into sorted section
mtd: lpddr: Fix bad logic in print_drs_error (git-fixes).
mtd: lpddr: fix excessive stack usage with clang (git-fixes).
mtd: mtdoops: Do not write panic data twice (git-fixes).
mwifiex: do not call del_timer_sync() on uninitialized timer (git-fixes).
mwifiex: Do not use GFP_KERNEL in atomic context (git-fixes).
mwifiex: fix double free (git-fixes).
mwifiex: remove function pointer check (git-fixes).
mwifiex: Remove unnecessary braces from HostCmd_SET_SEQ_NO_BSS_INFO (git-fixes).
net: add WARN_ONCE in kernel_sendpage() for improper zero-copy send (bsc#1172873).
net: disable netpoll on fresh napis (networking-stable-20_09_11).
net: fec: Fix phy_device lookup for phy_reset_after_clk_enable() (git-fixes).
net: fec: Fix PHY init after phy_reset_after_clk_enable() (git-fixes).
net: Fix potential wrong skb->protocol in skb_vlan_untag() (networking-stable-20_08_24).
net: hns: Fix memleak in hns_nic_dev_probe (networking-stable-20_09_11).
net: introduce helper sendpage_ok() in include/linux/net.h (bsc#1172873).
net: ipv6: fix kconfig dependency warning for IPV6_SEG6_HMAC (networking-stable-20_09_24).
netlabel: fix problems with mapping removal (networking-stable-20_09_11).
net/mlx5e: Take common TIR context settings into a function (bsc#1177740).
net/mlx5e: Turn on HW tunnel offload in all TIRs (bsc#1177740).
net: phy: Avoid NPD upon phy_detach() when driver is unbound (networking-stable-20_09_24).
net: qrtr: fix usage of idr in port assignment to socket (networking-stable-20_08_24).
net: systemport: Fix memleak in bcm_sysport_probe (networking-stable-20_09_11).
net: usb: dm9601: Add USB ID of Keenetic Plus DSL (networking-stable-20_09_11).
net: usb: qmi_wwan: add Cellient MPL200 card (git-fixes).
net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition (git-fixes).
net: usb: rtl8150: set random MAC address when set_ethernet_addr() fails (git-fixes).
net: wireless: nl80211: fix out-of-bounds access in nl80211_del_key() (git-fixes).
nfc: Ensure presence of NFC_ATTR_FIRMWARE_NAME attribute in nfc_genl_fw_download() (git-fixes).
nl80211: fix non-split wiphy information (git-fixes).
NTB: hw: amd: fix an issue about leak system resources (git-fixes).
nvme: do not update disk info for multipathed device (bsc#1171558).
nvme-rdma: fix crash due to incorrect cqe (bsc#1174748).
nvme-rdma: fix crash when connect rejected (bsc#1174748).
nvme-tcp: check page by sendpage_ok() before calling kernel_sendpage() (bsc#1172873).
p54: avoid accessing the data mapped to streaming DMA (git-fixes).
pinctrl: intel: Set default bias in case no particular value given (git-fixes).
platform/x86: mlx-platform: Remove PSU EEPROM configuration (git-fixes).
powerpc/dma: Fix dma_map_ops::get_required_mask (bsc#1065729).
powerpc: Fix undetected data corruption with P9N DD2.1 VSX CI load emulation (bsc#1065729).
powerpc/hwirq: Remove stale forward irq_chip declaration (bsc#1065729).
powerpc/icp-hv: Fix missing of_node_put() in success path (bsc#1065729).
powerpc/irq: Drop forward declaration of struct irqaction (bsc#1065729).
powerpc/perf/hv-gpci: Fix starting index value (bsc#1065729).
powerpc/powernv/dump: Fix race while processing OPAL dump (bsc#1065729).
powerpc/powernv/elog: Fix race while processing OPAL error log event (bsc#1065729).
powerpc/pseries/cpuidle: add polling idle for shared processor guests (bsc#1178765 ltc#188968).
powerpc/pseries: explicitly reschedule during drmem_lmb list traversal (bsc#1077428 ltc#163882 git-fixes).
powerpc/pseries: Fix missing of_node_put() in rng_init() (bsc#1065729).
powerpc/vnic: Extend 'failover pending' window (bsc#1176855 ltc#187293).
power: supply: test_power: add missing newlines when printing parameters by sysfs (git-fixes).
pty: do tty_flip_buffer_push without port->lock in pty_write (git-fixes).
pwm: lpss: Add range limit check for the base_unit register value (git-fixes).
pwm: lpss: Fix off by one error in base_unit math in pwm_lpss_prepare() (git-fixes).
regulator: defer probe when trying to get voltage from unresolved supply (git-fixes).
regulator: resolve supply after creating regulator (git-fixes).
ring-buffer: Fix recursion protection transitions between interrupt context (git-fixes).
ring-buffer: Return 0 on success from ring_buffer_resize() (git-fixes).
rpm/kernel-module-subpackage: make Group tag optional (bsc#1163592)
rtl8xxxu: prevent potential memory leak (git-fixes).
scsi: ibmvfc: Fix error return in ibmvfc_probe() (bsc#1065729).
scsi: ibmvscsi: Fix potential race after loss of transport (bsc#1178166 ltc#188226).
scsi: libiscsi: use sendpage_ok() in iscsi_tcp_segment_map() (bsc#1172873).
sctp: not disable bh in the whole sctp_get_port_local() (networking-stable-20_09_11).
spi: fsl-espi: Only process interrupts for expected events (git-fixes).
staging: comedi: cb_pcidas: Allow 2-channel commands for AO subdevice (git-fixes).
staging: octeon: Drop on uncorrectable alignment or FCS error (git-fixes).
staging: octeon: repair 'fixed-link' support (git-fixes).
tg3: Fix soft lockup when tg3_reset_task() fails (networking-stable-20_09_11).
thunderbolt: Add the missed ida_simple_remove() in ring_request_msix() (git-fixes).
tipc: fix memory leak caused by tipc_buf_append() (git-fixes).
tipc: fix shutdown() of connectionless socket (networking-stable-20_09_11).
tipc: fix shutdown() of connection oriented socket (networking-stable-20_09_24).
tipc: fix the skb_unshare() in tipc_buf_append() (git-fixes).
tipc: fix uninit skb->data in tipc_nl_compat_dumpit() (networking-stable-20_08_24).
tipc: use skb_unshare() instead in tipc_buf_append() (networking-stable-20_09_24).
tty: ipwireless: fix error handling (git-fixes).
tty: serial: earlycon dependency (git-fixes).
tty: serial: fsl_lpuart: fix lpuart32_poll_get_char (git-fixes).
USB: Add NO_LPM quirk for Kingston flash drive (git-fixes).
USB: adutux: fix debugging (git-fixes).
usb: cdc-acm: add quirk to blacklist ETAS ES58X devices (git-fixes).
USB: cdc-acm: fix cooldown mechanism (git-fixes).
usb: cdc-acm: handle broken union descriptors (git-fixes).
usb: cdc-wdm: Make wdm_flush() interruptible and add wdm_fsync() (git-fixes).
usb: core: Solve race condition in anchor cleanup functions (git-fixes).
usb: dwc2: Fix INTR OUT transfers in DDMA mode (git-fixes).
usb: dwc2: Fix parameter type in function pointer prototype (git-fixes).
usb: dwc3: core: add phy cleanup for probe error handling (git-fixes).
usb: dwc3: core: do not trigger runtime pm when remove driver (git-fixes).
usb: dwc3: ep0: Fix ZLP for OUT ep0 requests (git-fixes).
usb: gadget: f_ncm: allow using NCM in SuperSpeed Plus gadgets (git-fixes).
usb: gadget: f_ncm: fix ncm_bitrate for SuperSpeed and above (git-fixes).
usb: gadget: function: printer: fix use-after-free in __lock_acquire (git-fixes).
usb: gadget: u_ether: enable qmult on SuperSpeed Plus as well (git-fixes).
USB: host: fsl-mph-dr-of: check return of dma_set_mask() (git-fixes).
USB: mtu3: fix panic in mtu3_gadget_stop() (git-fixes).
usb: ohci: Default to per-port over-current protection (git-fixes).
USB: serial: option: add LE910Cx compositions 0x1203, 0x1230, 0x1231 (git-fixes).
USB: serial: option: add Quectel EC200T module support (git-fixes).
USB: serial: option: add Telit FN980 composition 0x1055 (git-fixes).
usb: serial: qcserial: fix altsetting probing (git-fixes).
USB: typec: tcpm: During PR_SWAP, source caps should be sent only after tSwapSourceStart (git-fixes).
USB: typec: tcpm: reset hard_reset_count for any disconnect (git-fixes).
vfs: fix FIGETBSZ ioctl on an overlayfs file (bsc#1178202).
video: fbdev: pvr2fb: initialize variables (git-fixes).
video: fbdev: sis: fix null ptr dereference (git-fixes).
video: fbdev: vga16fb: fix setting of pixclock because a pass-by-value error (git-fixes).
video: hyperv: hyperv_fb: Obtain screen resolution from Hyper-V host (bsc#1175306).
video: hyperv: hyperv_fb: Support deferred IO for Hyper-V frame buffer driver (bsc#1175306).
video: hyperv: hyperv_fb: Use physical memory for fb on HyperV Gen 1 VMs (bsc#1175306).
VMCI: check return value of get_user_pages_fast() for errors (git-fixes).
vt: Disable KD_FONT_OP_COPY (bsc#1178589).
w1: mxc_w1: Fix timeout resolution problem leading to bus error (git-fixes).
watchdog: iTCO_wdt: Export vendorsupport (bsc#1177101).
watchdog: iTCO_wdt: Make ICH_RES_IO_SMI optional (bsc#1177101).
wcn36xx: Fix reported 802.11n rx_highest rate wcn3660/wcn3680 (git-fixes).
writeback: Avoid skipping inode writeback (bsc#1177755).
writeback: Fix sync livelock due to b_dirty_time processing (bsc#1177755).
writeback: Protect inode->i_io_list with inode->i_lock (bsc#1177755).
x86/apic: Unify duplicated local apic timer clockevent initialization (bsc#1112178).
x86, fakenuma: Fix invalid starting node ID (git-fixes (mm/x86/fakenuma)).
x86/fpu: Allow multiple bits in clearcpuid= parameter (bsc#1112178).
x86/kexec: Use up-to-dated screen_info copy to fill boot params (bsc#1175306).
x86/unwind/orc: Fix inactive tasks with stack pointer in %sp on GCC 10 compiled kernels (bsc#1058115 bsc#1176907).
x86/xen: disable Firmware First mode for correctable memory errors (bsc#1176713).
xen/blkback: use lateeoi irq binding (XSA-332 bsc#1177411).
xen/events: add a new 'late EOI' evtchn framework (XSA-332 bsc#1177411).
xen/events: add a proper barrier to 2-level uevent unmasking (XSA-332 bsc#1177411).
xen/events: avoid removing an event channel while handling it (XSA-331 bsc#1177410).
xen/events: block rogue events for some time (XSA-332 bsc#1177411).
xen/events: defer eoi in case of excessive number of events (XSA-332 bsc#1177411).
xen/events: do not use chip_data for legacy IRQs (XSA-332 bsc#1065600).
xen/events: fix race in evtchn_fifo_unmask() (XSA-332 bsc#1177411).
xen/events: switch user event channels to lateeoi model (XSA-332 bsc#1177411).
xen/events: use a common cpu hotplug hook for event channels (XSA-332 bsc#1177411).
xen/gntdev.c: Mark pages as dirty (bsc#1065600).
xen/netback: use lateeoi irq binding (XSA-332 bsc#1177411).
xen/pciback: use lateeoi irq binding (XSA-332 bsc#1177411).
xen/scsiback: use lateeoi irq binding (XSA-332 bsc#1177411).
XEN uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN data pointer which contains XEN specific information (XSA-332 bsc#1065600).
xfs: avoid infinite loop when cancelling CoW blocks after writeback failure (bsc#1178027).
xfs: do not update mtime on COW faults (bsc#1167030).
xfs: fix a missing unlock on error in xfs_fs_map_blocks (git-fixes).
xfs: fix flags argument to rmap lookup when converting shared file rmaps (git-fixes).
xfs: fix rmap key and record comparison functions (git-fixes).
xfs: flush new eof page on truncate to avoid post-eof corruption (git-fixes).
xfs: limit entries returned when counting fsmap records (git-fixes).

Advisory ID	SUSE-SU-2020:3798-1
Released	Mon Dec 14 18:55:22 2020
Summary	Security update for the Linux Kernel
Type	security
Severity	important
References	1050242,1050536,1050545,1050549,1056653,1056657,1056787,1064802,1066129,1067665,1103990,1103992,1104389,1104393,1109837,1110096,1111666,1112178,1112374,1118657,1122971,1136460,1136461,1139944,1158775,1170139,1170630,1172542,1172694,1174726,1174852,1175916,1176109,1176558,1176559,1176956,1177304,1177397,1177666,1177805,1177808,1177819,1177820,1178182,1178270,1178589,1178590,1178634,1178635,1178669,1178853,1178854,1178878,1178886,1178897,1178940,1178962,1179107,1179140,1179141,1179204,1179211,1179213,1179259,1179403,1179406,1179418,1179419,1179421,1179424,1179426,1179427,1179429,1179520,1179578,1179601,1179616,1179663,1179666,1179670,1179671,1179672,1179673,1179711,1179713,1179714,1179715,1179716,1179722,1179723,1179724,CVE-2018-20669,CVE-2019-20934,CVE-2020-15436,CVE-2020-15437,CVE-2020-25669,CVE-2020-27777,CVE-2020-27786,CVE-2020-28915,CVE-2020-28974,CVE-2020-29371,CVE-2020-4788

Description:

The SUSE Linux Enterprise 15-SP1 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:

CVE-2018-20669: Fixed an improper check i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c (bsc#1122971).
CVE-2019-20934: Fixed a use-after-free in show_numa_stats() because NUMA fault statistics were inappropriately freed, aka CID-16d51a590a8c (bsc#1179663).
CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141).
CVE-2020-15437: Fixed a null pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140).
CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182).
CVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107)
CVE-2020-27786: Fixed a use after free in kernel midi subsystem snd_rawmidi_kernel_read1() (bsc#1179601).
CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886).
CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095 (bsc#1178589).
CVE-2020-29371: Fixed uninitialized memory leaks to userspace (bsc#1179429).
CVE-2020-4788: Fixed an issue with IBM Power9 processors could have allowed a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances (bsc#1177666).

The following non-security bugs were fixed:

ACPI: GED: fix -Wformat (git-fixes).
ALSA: ctl: fix error path at adding user-defined element set (git-fixes).
ALSA: firewire: Clean up a locking issue in copy_resp_to_buf() (git-fixes).
ALSA: hda/realtek: Add mute LED quirk to yet another HP x360 model (git-fixes).
ALSA: hda/realtek - Add new codec supported for ALC897 (git-fixes).
ALSA: hda/realtek: Add some Clove SSID in the ALC293(ALC1220) (git-fixes).
ALSA: hda/realtek: Enable headset of ASUS UX482EG & B9400CEA with ALC294 (git-fixes).
ALSA: mixart: Fix mutex deadlock (git-fixes).
ALSA: usb-audio: US16x08: fix value count for level meters (git-fixes).
arm64: KVM: Fix system register enumeration (bsc#1174726).
arm/arm64: KVM: Add PSCI version selection API (bsc#1174726).
ASoC: qcom: lpass-platform: Fix memory leak (git-fixes).
ath10k: Acquire tx_lock in tx error paths (git-fixes).
Avoid a GCC warning about '/*' within a comment.
batman-adv: set .owner to THIS_MODULE (git-fixes).
Bluetooth: btusb: Fix and detect most of the Chinese Bluetooth controllers (git-fixes).
Bluetooth: hci_bcm: fix freeing not-requested IRQ (git-fixes).
bnxt_en: Fix race when modifying pause settings (bsc#1050242 ).
bnxt_en: Protect bnxt_set_eee() and bnxt_set_pauseparam() with mutex (bsc#1050242).
btmrvl: Fix firmware filename for sd8997 chipset (bsc#1172694).
btrfs: account ticket size at add/delete time (bsc#1178897).
btrfs: add helper to obtain number of devices with ongoing dev-replace (bsc#1178897).
btrfs: check rw_devices, not num_devices for balance (bsc#1178897).
btrfs: do not delete mismatched root refs (bsc#1178962).
btrfs: fix btrfs_calc_reclaim_metadata_size calculation (bsc#1178897).
btrfs: fix force usage in inc_block_group_ro (bsc#1178897).
btrfs: fix invalid removal of root ref (bsc#1178962).
btrfs: fix reclaim counter leak of space_info objects (bsc#1178897).
btrfs: fix reclaim_size counter leak after stealing from global reserve (bsc#1178897).
btrfs: kill min_allocable_bytes in inc_block_group_ro (bsc#1178897).
btrfs: qgroup: do not commit transaction when we already hold the handle (bsc#1178634).
btrfs: rework arguments of btrfs_unlink_subvol (bsc#1178962).
btrfs: split dev-replace locking helpers for read and write (bsc#1178897).
can: af_can: prevent potential access of uninitialized member in canfd_rcv() (git-fixes).
can: af_can: prevent potential access of uninitialized member in can_rcv() (git-fixes).
can: dev: can_restart(): post buffer from the right context (git-fixes).
can: gs_usb: fix endianess problem with candleLight firmware (git-fixes).
can: m_can: fix nominal bitiming tseg2 min for version >= 3.1 (git-fixes).
can: m_can: m_can_handle_state_change(): fix state change (git-fixes).
can: m_can: m_can_stop(): set device to software init mode before closing (git-fixes).
can: mcba_usb: mcba_usb_start_xmit(): first fill skb, then pass to can_put_echo_skb() (git-fixes).
can: peak_usb: fix potential integer overflow on shift of a int (git-fixes).
ceph: add check_session_state() helper and make it global (bsc#1179259).
ceph: check session state after bumping session->s_seq (bsc#1179259).
ceph: fix race in concurrent __ceph_remove_cap invocations (bsc#1178635).
cifs: add NULL check for ses->tcon_ipc (bsc#1178270).
cifs: allow syscalls to be restarted in __smb_send_rqst() (bsc#1176956).
cifs: fix check of tcon dfs in smb1 (bsc#1178270).
cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211).
cifs: fix potential use-after-free in cifs_echo_request() (bsc#1139944).
cifs: remove bogus debug code (bsc#1179427).
cifs: Return the error from crypt_message when enc/dec key not found (bsc#1179426).
Convert trailing spaces and periods in path components (bsc#1179424).
coredump: fix core_pattern parse error (git-fixes).
cxgb4: Fix offset when clearing filter byte counters (bsc#1064802 bsc#1066129).
docs: ABI: stable: remove a duplicated documentation (git-fixes).
docs: ABI: sysfs-c2port: remove a duplicated entry (git-fixes).
Drivers: hv: vmbus: Remove the unused 'tsc_page' from struct hv_context (git-fixes).
drm/i915/gvt: Set ENHANCED_FRAME_CAP bit (git-fixes).
drm/sun4i: dw-hdmi: fix error return code in sun8i_dw_hdmi_bind() (git-fixes).
efi: cper: Fix possible out-of-bounds access (git-fixes).
efi/efivars: Add missing kobject_put() in sysfs entry creation error path (git-fixes).
efi/esrt: Fix reference count leak in esre_create_sysfs_entry (git-fixes).
efi: provide empty efi_enter_virtual_mode implementation (git-fixes).
efivarfs: fix memory leak in efivarfs_create() (git-fixes).
efivarfs: revert 'fix memory leak in efivarfs_create()' (git-fixes).
efi/x86: Do not panic or BUG() on non-critical error conditions (git-fixes).
efi/x86: Free efi_pgd with free_pages() (bsc#1112178).
efi/x86: Ignore the memory attributes table on i386 (git-fixes).
efi/x86: Map the entire EFI vendor string before copying it (git-fixes).
ext4: correctly report 'not supported' for {usr,grp}jquota when !CONFIG_QUOTA (bsc#1179672).
ext4: fix bogus warning in ext4_update_dx_flag() (bsc#1179716).
ext4: fix error handling code in add_new_gdb (bsc#1179722).
ext4: fix invalid inode checksum (bsc#1179723).
ext4: fix leaking sysfs kobject after failed mount (bsc#1179670).
ext4: limit entries returned when counting fsmap records (bsc#1179671).
ext4: unlock xattr_sem properly in ext4_inline_data_truncate() (bsc#1179673).
fs: Do not invalidate page buffers in block_write_full_page() (bsc#1179711).
fs/proc/array.c: allow reporting eip/esp for all coredumping threads (bsc#1050549).
fuse: fix page dereference after free (bsc#1179213).
futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#1067665).
futex: Handle transient 'ownerless' rtmutex state correctly (bsc#1067665).
hv_balloon: disable warning when floor reached (git-fixes).
hv_netvsc: deal with bpf API differences in 4.12 (bsc#1177819, bsc#1177820).
hv_netvsc: make recording RSS hash depend on feature flag (bsc#1178853, bsc#1178854).
hv_netvsc: record hardware hash in skb (bsc#1178853, bsc#1178854).
i2c: qup: Fix error return code in qup_i2c_bam_schedule_desc() (git-fixes).
i40iw: Fix error handling in i40iw_manage_arp_cache() (bsc#1111666)
i40iw: fix null pointer dereference on a null wqe pointer (bsc#1111666)
i40iw: Report correct firmware version (bsc#1111666)
IB/cma: Fix ports memory leak in cma_configfs (bsc#1111666)
IB/core: Set qp->real_qp before it may be accessed (bsc#1111666)
IB/hfi1: Add missing INVALIDATE opcodes for trace (bsc#1111666)
IB/hfi1: Add RcvShortLengthErrCnt to hfi1stats (bsc#1111666)
IB/hfi1: Add software counter for ctxt0 seq drop (bsc#1111666)
IB/hfi1: Avoid hardlockup with flushlist_lock (bsc#1111666)
IB/hfi1: Call kobject_put() when kobject_init_and_add() fails (bsc#1111666)
IB/hfi1: Check for error on call to alloc_rsm_map_table (bsc#1111666)
IB/hfi1: Close PSM sdma_progress sleep window (bsc#1111666)
IB/hfi1: Define variables as unsigned long to fix KASAN warning (bsc#1111666)
IB/hfi1: Ensure full Gen3 speed in a Gen4 system (bsc#1111666)
IB/hfi1: Fix memory leaks in sysfs registration and unregistration (bsc#1111666)
IB/hfi1: Fix Spectre v1 vulnerability (bsc#1111666)
IB/hfi1: Handle port down properly in pio (bsc#1111666)
IB/hfi1: Handle wakeup of orphaned QPs for pio (bsc#1111666)
IB/hfi1: Insure freeze_work work_struct is canceled on shutdown (bsc#1111666)
IB/hfi1, qib: Ensure RCU is locked when accessing list (bsc#1111666)
IB/{hfi1, qib}: Fix WC.byte_len calculation for UD_SEND_WITH_IMM (bsc#1111666)
IB/hfi1: Remove unused define (bsc#1111666)
IB/hfi1: Silence txreq allocation warnings (bsc#1111666)
IB/hfi1: Validate page aligned for a given virtual address (bsc#1111666)
IB/hfi1: Wakeup QPs orphaned on wait list after flush (bsc#1111666)
IB/ipoib: drop useless LIST_HEAD (bsc#1111666)
IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode (bsc#1111666)
IB/ipoib: Fix for use-after-free in ipoib_cm_tx_start (bsc#1111666)
IB/iser: Fix dma_nents type definition (bsc#1111666)
IB/iser: Pass the correct number of entries for dma mapped SGL (bsc#1111666)
IB/mad: Fix use-after-free in ib mad completion handling (bsc#1111666)
IB/mlx4: Add and improve logging (bsc#1111666)
IB/mlx4: Add support for MRA (bsc#1111666)
IB/mlx4: Adjust delayed work when a dup is observed (bsc#1111666)
IB/mlx4: Fix leak in id_map_find_del (bsc#1111666)
IB/mlx4: Fix memory leak in add_gid error flow (bsc#1111666)
IB/mlx4: Fix race condition between catas error reset and aliasguid flows (bsc#1111666)
IB/mlx4: Fix starvation in paravirt mux/demux (bsc#1111666)
IB/mlx4: Follow mirror sequence of device add during device removal (bsc#1111666)
IB/mlx4: Remove unneeded NULL check (bsc#1111666)
IB/mlx4: Test return value of calls to ib_get_cached_pkey (bsc#1111666)
IB/mlx5: Add missing XRC options to QP optional params mask (bsc#1111666)
IB/mlx5: Compare only index part of a memory window rkey (bsc#1111666)
IB/mlx5: Do not override existing ip_protocol (bsc#1111666)
IB/mlx5: Fix clean_mr() to work in the expected order (bsc#1111666)
IB/mlx5: Fix implicit MR release flow (bsc#1111666)
IB/mlx5: Fix outstanding_pi index for GSI qps (bsc#1111666)
IB/mlx5: Fix RSS Toeplitz setup to be aligned with the HW specification (bsc#1111666)
IB/mlx5: Fix unreg_umr to ignore the mkey state (bsc#1111666)
IB/mlx5: Improve ODP debugging messages (bsc#1111666)
IB/mlx5: Move MRs to a kernel PD when freeing them to the MR cache (bsc#1111666)
IB/mlx5: Prevent concurrent MR updates during invalidation (bsc#1111666)
IB/mlx5: Reset access mask when looping inside page fault handler (bsc#1111666)
IB/mlx5: Set correct write permissions for implicit ODP MR (bsc#1111666)
IB/mlx5: Use direct mkey destroy command upon UMR unreg failure (bsc#1111666)
IB/mlx5: Use fragmented QP's buffer for in-kernel users (bsc#1111666)
IB/mlx5: WQE dump jumps over first 16 bytes (bsc#1111666)
IB/mthca: fix return value of error branch in mthca_init_cq() (bsc#1111666)
IB/qib: Call kobject_put() when kobject_init_and_add() fails (bsc#1111666)
IB/qib: Fix an error code in qib_sdma_verbs_send() (bsc#1111666)
IB/{qib, hfi1, rdmavt}: Correct ibv_devinfo max_mr value (bsc#1111666)
IB/qib: Remove a set-but-not-used variable (bsc#1111666)
IB/rdmavt: Convert timers to use timer_setup() (bsc#1111666)
IB/rdmavt: Fix alloc_qpn() WARN_ON() (bsc#1111666)
IB/rdmavt: Fix sizeof mismatch (bsc#1111666)
IB/rdmavt: Reset all QPs when the device is shut down (bsc#1111666)
IB/rxe: Fix incorrect cache cleanup in error flow (bsc#1111666)
IB/rxe: Make counters thread safe (bsc#1111666)
IB/srpt: Fix memory leak in srpt_add_one (bsc#1111666)
IB/umad: Avoid additional device reference during open()/close() (bsc#1111666)
IB/umad: Avoid destroying device while it is accessed (bsc#1111666)
IB/umad: Do not check status of nonseekable_open() (bsc#1111666)
IB/umad: Fix kernel crash while unloading ib_umad (bsc#1111666)
IB/umad: Refactor code to use cdev_device_add() (bsc#1111666)
IB/umad: Simplify and avoid dynamic allocation of class (bsc#1111666)
IB/usnic: Fix out of bounds index check in query pkey (bsc#1111666)
IB/uverbs: Fix OOPs upon device disassociation (bsc#1111666)
igc: Fix returning wrong statistics (bsc#1118657).
iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting tablet-mode (git-fixes).
iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum (git-fixes).
inet_diag: Fix error path to cancel the meseage in inet_req_diag_fill() (git-fixes).
Input: adxl34x - clean up a data type in adxl34x_probe() (git-fixes).
Input: i8042 - fix error return code in i8042_setup_aux() (git-fixes).
iw_cxgb4: fix ECN check on the passive accept (bsc#1111666)
iw_cxgb4: only reconnect with MPAv1 if the peer aborts (bsc#1111666)
kABI: add back flush_dcache_range (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
kABI fix for g2d (git-fixes).
kABI workaround for usermodehelper changes (bsc#1179406).
kgdb: Fix spurious true from in_dbg_master() (git-fixes).
KVM: arm64: Add missing #include of - in guest.c (bsc#1174726).
KVM: arm64: Factor out core register ID enumeration (bsc#1174726).
KVM: arm64: Filter out invalid core register IDs in KVM_GET_REG_LIST (bsc#1174726).
KVM: arm64: Refactor kvm_arm_num_regs() for easier maintenance (bsc#1174726).
KVM: arm64: Reject ioctl access to FPSIMD V-regs on SVE vcpus (bsc#1174726).
KVM host: kabi fixes for psci_version (bsc#1174726).
libnvdimm/nvdimm/flush: Allow architecture to override the flush barrier (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
locking/lockdep: Add debug_locks check in __lock_downgrade() (bsc#1050549).
locking/percpu-rwsem: Use this_cpu_{inc,dec}() for read_count (bsc#1050549).
locktorture: Print ratio of acquisitions, not failures (bsc#1050549).
mac80211: always wind down STA state (git-fixes).
mac80211: free sta in sta_info_insert_finish() on errors (git-fixes).
mac80211: minstrel: fix tx status processing corner case (git-fixes).
mac80211: minstrel: remove deferred sampling code (git-fixes).
media: mtk-mdp: Fix a refcounting bug on error in init (git-fixes).
media: s5p-g2d: Fix a memory leak in an error handling path in 'g2d_probe()' (git-fixes).
media: uvcvideo: Set media controller entity functions (git-fixes).
media: uvcvideo: Silence shift-out-of-bounds warning (git-fixes).
mlxsw: core: Fix memory leak on module removal (bsc#1112374).
mm: always have io_remap_pfn_range() set pgprot_decrypted() (bsc#1112178).
mm/userfaultfd: do not access vma->vm_mm after calling handle_userfault() (bsc#1179204).
net: DCB: Validate DCB_ATTR_DCB_BUFFER argument (bsc#1103990 ).
net: ena: Capitalize all log strings and improve code readability (bsc#1177397).
net: ena: Change license into format to SPDX in all files (bsc#1177397).
net: ena: Change log message to netif/dev function (bsc#1177397).
net: ena: Change RSS related macros and variables names (bsc#1177397).
net: ena: ethtool: Add new device statistics (bsc#1177397).
net: ena: ethtool: add stats printing to XDP queues (bsc#1177397).
net: ena: ethtool: convert stat_offset to 64 bit resolution (bsc#1177397).
net: ena: Fix all static chekers' warnings (bsc#1177397).
net: ena: fix packet's addresses for rx_offset feature (bsc#1174852).
net: ena: handle bad request id in ena_netdev (git-fixes).
net: ena: Remove redundant print of placement policy (bsc#1177397).
net: ena: xdp: add queue counters for xdp actions (bsc#1177397).
netfilter: nat: can't use dst_hold on noref dst (bsc#1178878).
net/mlx4_core: Fix init_hca fields offset (git-fixes).
net: qede: fix PTP initialization on recovery (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
net: qede: fix use-after-free on recovery and AER handling (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
net: qed: fix async event callbacks unregistering (bsc#1104393 bsc#1104389).
net: qed: fix 'maybe uninitialized' warning (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
net_sched: fix a memory leak in atm_tc_init() (bsc#1056657 bsc#1056653 bsc#1056787).
net/smc: fix valid DMBE buffer sizes (git-fixes).
net: thunderx: use spin_lock_bh in nicvf_set_rx_mode_task() (bsc#1110096).
net/tls: Fix kmap usage (bsc#1109837).
net/tls: missing received data after fast remote close (bsc#1109837).
net/x25: prevent a couple of overflows (bsc#1178590).
nfc: s3fwrn5: use signed integer for parsing GPIO numbers (git-fixes).
nfp: use correct define to return NONE fec (bsc#1109837).
NFS: mark nfsiod as CPU_INTENSIVE (bsc#1177304).
NFS: only invalidate dentrys that are clearly invalid (bsc#1178669 bsc#1170139).
NFSv4.1: fix handling of backchannel binding in BIND_CONN_TO_SESSION (bsc#1170630).
ocfs2: initialize ip_next_orphan (bsc#1179724).
PCI: pci-hyperv: Fix build errors on non-SYSFS config (git-fixes).
pinctrl: amd: fix incorrect way to disable debounce filter (git-fixes).
pinctrl: amd: use higher precision for 512 RtcClk (git-fixes).
pinctrl: aspeed: Fix GPI only function problem (git-fixes).
platform/x86: toshiba_acpi: Fix the wrong variable assignment (git-fixes).
powerpc/32: define helpers to get L1 cache sizes (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
powerpc/64: flush_inval_dcache_range() becomes flush_dcache_range() (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
powerpc/64: reuse PPC32 static inline flush_dcache_range() (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
powerpc: Chunk calls to flush_dcache_range in arch_*_memory (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964 git-fixes).
powerpc: define helpers to get L1 icache sizes (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
powerpc/mm: Flush cache on memory hot(un)plug (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
powerpc/perf: Fix crash with is_sier_available when pmu is not set (bsc#1179578 ltc#189313).
powerpc/pmem: Add flush routines using new pmem store and sync instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
powerpc/pmem: Add new instructions for persistent storage and sync (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
powerpc/pmem: Avoid the barrier in flush routines (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
powerpc/pmem: Fix kernel crash due to wrong range value usage in flush_dcache_range (jsc#SLE-16497 bsc#1176109 ltc#187964).
powerpc/pmem: Initialize pmem device on newer hardware (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
powerpc/pmem: Restrict papr_scm to P8 and above (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
powerpc/pmem: Update ppc64 to use the new barrier instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
qed: fix error return code in qed_iwarp_ll2_start() (bsc#1050536 bsc#1050545).
qed: suppress 'do not support RoCE & iWARP' flooding on HW init (bsc#1050536 bsc#1050545).
qed: suppress false-positives interrupt error messages on HW init (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
quota: clear padding in v2r1_mem2diskdqb() (bsc#1179714).
RDMA/bnxt_re: Fix lifetimes in bnxt_re_task (bsc#1111666)
RDMA/bnxt_re: Fix Send Work Entry state check while polling completions (bsc#1111666)
RDMA/bnxt_re: Fix sizeof mismatch for allocation of pbl_tbl. (bsc#1111666)
RDMA/bnxt_re: Fix stack-out-of-bounds in bnxt_qplib_rcfw_send_message (bsc#1111666)
RDMA/cma: add missed unregister_pernet_subsys in init failure (bsc#1111666)
RDMA/cm: Add missing locking around id.state in cm_dup_req_handler (bsc#1111666)
RDMA/cma: Fix false error message (bsc#1111666)
RDMA/cma: fix null-ptr-deref Read in cma_cleanup (bsc#1111666)
RDMA/cma: Protect bind_list and listen_list while finding matching cm id (bsc#1111666)
RDMA/cm: Fix checking for allowed duplicate listens (bsc#1111666)
RDMA/cm: Remove a race freeing timewait_info (bsc#1111666)
RDMA/cm: Update num_paths in cma_resolve_iboe_route error flow (bsc#1111666)
RDMA/core: Do not depend device ODP capabilities on kconfig option (bsc#1111666)
RDMA/core: Fix invalid memory access in spec_filter_size (bsc#1111666)
RDMA/core: Fix locking in ib_uverbs_event_read (bsc#1111666)
RDMA/core: Fix protection fault in ib_mr_pool_destroy (bsc#1111666)
RDMA/core: Fix race between destroy and release FD object (bsc#1111666)
RDMA/core: Fix race when resolving IP address (bsc#1111666)
RDMA/core: Prevent mixed use of FDs between shared ufiles (bsc#1111666)
RDMA/cxgb3: Delete and properly mark unimplemented resize CQ function (bsc#1111666)
RDMA: Directly cast the sockaddr union to sockaddr (bsc#1111666)
RDMA/hns: Correct the value of HNS_ROCE_HEM_CHUNK_LEN (bsc#1111666)
RDMA/hns: Correct typo of hns_roce_create_cq() (bsc#1111666)
RDMA/hns: Remove unsupported modify_port callback (bsc#1111666)
RDMA/hns: Set the unsupported wr opcode (bsc#1111666)
RDMA/i40iw: fix a potential NULL pointer dereference (bsc#1111666)
RDMA/i40iw: Set queue pair state when being queried (bsc#1111666)
RDMA/ipoib: Fix ABBA deadlock with ipoib_reap_ah() (bsc#1111666)
RDMA/ipoib: Remove check for ETH_SS_TEST (bsc#1111666)
RDMA/ipoib: Return void from ipoib_ib_dev_stop() (bsc#1111666)
RDMA/ipoib: Set rtnl_link_ops for ipoib interfaces (bsc#1111666)
RDMA/iwcm: Fix a lock inversion issue (bsc#1111666)
RDMA/iwcm: Fix iwcm work deallocation (bsc#1111666)
RDMA/iwcm: move iw_rem_ref() calls out of spinlock (bsc#1111666)
RDMA/iw_cxgb4: Avoid freeing skb twice in arp failure case (bsc#1111666)
RDMA/iw_cxgb4: Fix the unchecked ep dereference (bsc#1111666)
RDMA/mad: Fix possible memory leak in ib_mad_post_receive_mads() (bsc#1111666)
RDMA/mlx4: Initialize ib_spec on the stack (bsc#1111666)
RDMA/mlx4: Read pkey table length instead of hardcoded value (bsc#1111666)
RDMA/mlx5: Clear old rate limit when closing QP (bsc#1111666)
RDMA/mlx5: Delete unreachable handle_atomic code by simplifying SW completion (bsc#1111666)
RDMA/mlx5: Fix access to wrong pointer while performing flush due to error (bsc#1111666)
RDMA/mlx5: Fix a race with mlx5_ib_update_xlt on an implicit MR (bsc#1111666)
RDMA/mlx5: Fix function name typo 'fileds' -> 'fields' (bsc#1111666)
RDMA/mlx5: Return proper error value (bsc#1111666)
RDMA/mlx5: Set GRH fields in query QP on RoCE (bsc#1111666)
RDMA/mlx5: Verify that QP is created with RQ or SQ (bsc#1111666)
RDMA/nes: Remove second wait queue initialization call (bsc#1111666)
RDMA/netlink: Do not always generate an ACK for some netlink operations (bsc#1111666)
RDMA/ocrdma: Fix out of bounds index check in query pkey (bsc#1111666)
RDMA/ocrdma: Remove unsupported modify_port callback (bsc#1111666)
RDMA/pvrdma: Fix missing pci disable in pvrdma_pci_probe() (bsc#1111666)
RDMA/qedr: Endianness warnings cleanup (bsc#1111666)
RDMA/qedr: Fix doorbell setting (bsc#1111666)
RDMA/qedr: Fix KASAN: use-after-free in ucma_event_handler+0x532 (bsc#1050545).
RDMA/qedr: Fix memory leak in iWARP CM (bsc#1050545 ).
RDMA/qedr: Fix memory leak in user qp and mr (bsc#1111666)
RDMA/qedr: Fix reported firmware version (bsc#1111666)
RDMA/qedr: Fix use of uninitialized field (bsc#1111666)
RDMA/qedr: Remove unsupported modify_port callback (bsc#1111666)
RDMA/qedr: SRQ's bug fixes (bsc#1111666)
RDMA/qib: Delete extra line (bsc#1111666)
RDMA/qib: Remove all occurrences of BUG_ON() (bsc#1111666)
RDMA/qib: Validate ->show()/store() callbacks before calling them (bsc#1111666)
RDMA/rxe: Drop pointless checks in rxe_init_ports (bsc#1111666)
RDMA/rxe: Fill in wc byte_len with IB_WC_RECV_RDMA_WITH_IMM (bsc#1111666)
RDMA/rxe: Fix configuration of atomic queue pair attributes (bsc#1111666)
RDMA/rxe: Fix memleak in rxe_mem_init_user (bsc#1111666)
RDMA/rxe: Fix slab-out-bounds access which lead to kernel crash later (bsc#1111666)
RDMA/rxe: Fix soft lockup problem due to using tasklets in softirq (bsc#1111666)
RDMA/rxe: Fix the parent sysfs read when the interface has 15 chars (bsc#1111666)
RDMA/rxe: Prevent access to wr->next ptr afrer wr is posted to send queue (bsc#1111666)
RDMA/rxe: Remove unused rxe_mem_map_pages (bsc#1111666)
RDMA/rxe: Remove useless rxe_init_device_param assignments (bsc#1111666)
RDMA/rxe: Return void from rxe_init_port_param() (bsc#1111666)
RDMA/rxe: Return void from rxe_mem_init_dma() (bsc#1111666)
RDMA/rxe: Set default vendor ID (bsc#1111666)
RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices (bsc#1111666)
RDMA/rxe: Skip dgid check in loopback mode (bsc#1111666)
RDMA/rxe: Use for_each_sg_page iterator on umem SGL (bsc#1111666)
RDMA/srp: Rework SCSI device reset handling (bsc#1111666)
RDMA/srpt: Fix typo in srpt_unregister_mad_agent docstring (bsc#1111666)
RDMA/srpt: Report the SCSI residual to the initiator (bsc#1111666)
RDMA/ucma: Add missing locking around rdma_leave_multicast() (bsc#1111666)
RDMA/ucma: Put a lock around every call to the rdma_cm layer (bsc#1111666)
RDMA/uverbs: Make the event_queue fds return POLLERR when disassociated (bsc#1111666)
RDMA/vmw_pvrdma: Fix memory leak on pvrdma_pci_remove (bsc#1111666)
RDMA/vmw_pvrdma: Use atomic memory allocation in create AH (bsc#1111666)
reboot: fix overflow parsing reboot cpu number (bsc#1179421).
regulator: avoid resolve_supply() infinite recursion (git-fixes).
regulator: fix memory leak with repeated set_machine_constraints() (git-fixes).
regulator: ti-abb: Fix array out of bound read access on the first transition (git-fixes).
regulator: workaround self-referent regulators (git-fixes).
reiserfs: Fix oops during mount (bsc#1179715).
reiserfs: Initialize inode keys properly (bsc#1179713).
Revert 'cdc-acm: hardening against malicious devices' (git-fixes).
Revert 'kernel/reboot.c: convert simple_strtoul to kstrtoint' (bsc#1179418).
RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen() (bsc#1111666)
rxe: correctly calculate iCRC for unaligned payloads (bsc#1111666)
rxe: fix error completion wr_id and qp_num (bsc#1111666)
s390/bpf: Fix multiple tail calls (git-fixes).
s390/cio: add cond_resched() in the slow_eval_known_fn() loop (bsc#1177805 LTC#188737).
s390/cpuinfo: show processor physical address (git-fixes).
s390/cpum_cf,perf: change DFLT_CCERROR counter name (bsc#1175916 LTC#187937).
s390/cpum_sf.c: fix file permission for cpum_sfb_size (git-fixes).
s390/dasd: fix null pointer dereference for ERP requests (git-fixes).
s390/dasd: Fix zero write for FBA devices (bsc#1177808 LTC#188739).
s390: kernel/uv: handle length extension properly (bsc#1178940 LTC#189323).
s390/pci: fix CPU address in MSI for directed IRQ (git-fixes).
s390/qeth: fix af_iucv notification race (git-fixes).
s390/qeth: fix tear down of async TX buffers (git-fixes).
s390/qeth: make af_iucv TX notification call more robust (git-fixes).
s390/stp: add locking to sysfs functions (git-fixes).
s390/zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl (git-fixes).
sched/core: Fix PI boosting between RT and DEADLINE tasks (bsc#1112178).
sched/x86: SaveFLAGS on context switch (bsc#1112178).
scripts/git_sort/git_sort.py: add ceph maintainers git tree
scsi: lpfc: Fix initial FLOGI failure due to BBSCN not supported (git-fixes).
scsi: RDMA/srpt: Fix a credit leak for aborted commands (bsc#1111666)
SMB3: Honor 'handletimeout' flag for multiuser mounts (bsc#1176558).
SMB3: Honor lease disabling for multiuser mounts (git-fixes).
SMB3: Honor 'posix' flag for multiuser mounts (bsc#1176559).
splice: only read in as much information as there is pipe buffer space (bsc#1179520).
Staging: rtl8188eu: rtw_mlme: Fix uninitialized variable authmode (git-fixes).
staging: rtl8723bs: Add 024c:0627 to the list of SDIO device-ids (git-fixes).
SUNRPC: fix copying of multiple pages in gss_read_proxy_verf() (bsc#1103992).
svcrdma: fix bounce buffers for unaligned offsets and multiple pages (bsc#1103992).
svcrdma: Fix page leak in svc_rdma_recv_read_chunk() (bsc#1103992).
tcp: Set INET_ECN_xmit configuration in tcp_reinit_congestion_control (bsc#1109837).
time: Prevent undefined behaviour in timespec64_to_ns() (git-fixes).
tracing: Fix out of bounds write in get_trace_buf (bsc#1179403).
tty: Fix ->pgrp locking in tiocspgrp() (git-fixes).
tty: serial: imx: keep console clocks always on (git-fixes).
Update references in patches.suse/net-smc-tolerate-future-smcd-versions (bsc#1172542 LTC#186070 git-fixes).
USB: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode (git-fixes).
USB: core: driver: fix stray tabs in error messages (git-fixes).
USB: core: Fix regression in Hercules audio card (git-fixes).
USB: gadget: f_fs: Use local copy of descriptors for userspace copy (git-fixes).
USB: gadget: Fix memleak in gadgetfs_fill_super (git-fixes).
USB: gadget: f_midi: Fix memleak in f_midi_alloc (git-fixes).
USB: host: ehci-tegra: Fix error handling in tegra_ehci_probe() (git-fixes).
USB: host: xhci-mtk: avoid runtime suspend when removing hcd (git-fixes).
USB: serial: cyberjack: fix write-URB completion race (git-fixes).
USB: serial: ftdi_sio: add support for FreeCalypso JTAG+UART adapters (git-fixes).
USB: serial: kl5kUSB105: fix memleak on open (git-fixes).
USB: serial: option: add Cellient MPL200 card (git-fixes).
USB: serial: option: Add Telit FT980-KS composition (git-fixes).
USB: serial: option: fix Quectel BG96 matching (git-fixes).
USB: serial: pl2303: add device-id for HP GC device (git-fixes).
usermodehelper: reset umask to default before executing user process (bsc#1179406).
video: hyperv_fb: Fix the cache type when mapping the VRAM (git-fixes).
x86/hyperv: Clarify comment on x2apic mode (git-fixes).
x86/hyperv: Make vapic support x2apic mode (git-fixes).
x86/microcode/intel: Check patch signature before saving microcode for early loading (bsc#1112178).
x86/PCI: Avoid AMD FCH XHCI USB PME# from D0 defect (git-fixes).
x86/PCI: Fix intel_mid_pci.c build error when ACPI is not enabled (git-fixes).
x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs (git-fixes).
x86/resctrl: Add necessary kernfs_put() calls to prevent refcount leak (bsc#1112178).
x86/resctrl: Remove superfluous kernfs_get() calls to prevent refcount leak (bsc#1112178).
x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP (bsc#1112178).
x86/speculation: Fix prctl() when spectre_v2_user={seccomp,prctl},ibpb (bsc#1112178).
x86/sysfb_efi: Add quirks for some devices with swapped width and height (git-fixes).
xfrm: Fix memleak on xfrm state destroy (bsc#1158775).
xfs: revert 'xfs: fix rmap key and record comparison functions' (git-fixes).

Advisory ID	SUSE-SU-2021:95-1
Released	Tue Jan 12 19:14:53 2021
Summary	Security update for the Linux Kernel
Type	security
Severity	important
References	1040855,1044120,1044767,1055117,1065729,1094840,1109695,1112178,1115431,1138374,1144912,1152457,1163727,1164780,1171078,1172145,1172538,1174784,1178401,1178762,1179014,1179015,1179045,1179082,1179107,1179142,1179419,1179444,1179745,1179810,1179888,1179895,1179896,1179960,1179963,1180027,1180029,1180031,1180052,1180086,1180117,1180258,1180506,1180559,CVE-2020-0444,CVE-2020-0465,CVE-2020-0466,CVE-2020-27068,CVE-2020-27777,CVE-2020-27825,CVE-2020-29660,CVE-2020-29661,CVE-2020-36158

Description:

The SUSE Linux Enterprise 15 SP1 RT kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559).
CVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960).
CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).
CVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086).
CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029).
CVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027).
CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745).
CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745).
CVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107).

The following non-security bugs were fixed:

ACPI: PNP: compare the string length in the matching_id() (git-fixes).
ACPICA: Disassembler: create buffer fields in ACPI_PARSE_LOAD_PASS1 (git-fixes).
ACPICA: Do not increment operation_region reference counts for field units (git-fixes).
ALSA: ca0106: fix error code handling (git-fixes).
ALSA: ctl: allow TLV read operation for callback type of element in locked case (git-fixes).
ALSA: hda - Fix silent audio output and corrupted input on MSI X570-A PRO (git-fixes).
ALSA: hda/ca0132 - Change Input Source enum strings (git-fixes).
ALSA: hda/ca0132 - Fix AE-5 rear headphone pincfg (git-fixes).
ALSA: hda/generic: Add option to enforce preferred_dacs pairs (git-fixes).
ALSA: hda/hdmi: always check pin power status in i915 pin fixup (git-fixes).
ALSA: hda/realtek - Couldn't detect Mic if booting with headset plugged (git-fixes).
ALSA: hda/realtek - Enable headset mic of ASUS Q524UQK with ALC255 (git-fixes).
ALSA: hda/realtek: Enable front panel headset LED on Lenovo ThinkStation P520 (git-fixes).
ALSA: hda: Add NVIDIA codec IDs 9a & 9d through a0 to patch table (git-fixes).
ALSA: hda: Fix potential race in unsol event handler (git-fixes).
ALSA: hda: Fix regressions on clear and reconfig sysfs (git-fixes).
ALSA: info: Drop WARN_ON() from buffer NULL sanity check (git-fixes).
ALSA: isa/wavefront: prevent out of bounds write in ioctl (git-fixes).
ALSA: line6: Perform sanity check for each URB creation (git-fixes).
ALSA: pcm: oss: Fix a few more UBSAN fixes (git-fixes).
ALSA: pcm: oss: Fix potential out-of-bounds shift (git-fixes).
ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw sanity check (git-fixes).
ALSA: timer: Limit max amount of slave instances (git-fixes).
ALSA: usb-audio: Add delay quirk for all Logitech USB devices (git-fixes).
ALSA: usb-audio: Add delay quirk for H570e USB headsets (git-fixes).
ALSA: usb-audio: Add implicit feedback quirk for MODX (git-fixes).
ALSA: usb-audio: Add implicit feedback quirk for Qu-16 (git-fixes).
ALSA: usb-audio: Add implicit feedback quirk for Zoom UAC-2 (git-fixes).
ALSA: usb-audio: add quirk for Denon DCD-1500RE (git-fixes).
ALSA: usb-audio: add quirk for Samsung USBC Headset (AKG) (git-fixes).
ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Alpha S (git-fixes).
ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Flight S (git-fixes).
ALSA: usb-audio: add usb vendor id as DSD-capable for Khadas devices (git-fixes).
ALSA: usb-audio: Disable sample read check if firmware does not give back (git-fixes).
ALSA: usb-audio: Fix control 'access overflow' errors from chmap (git-fixes).
ALSA: usb-audio: Fix OOB access of mixer element list (git-fixes).
ALSA: usb-audio: Fix potential out-of-bounds shift (git-fixes).
ALSA: usb-audio: Fix race against the error recovery URB submission (git-fixes).
ASoC: arizona: Fix a wrong free in wm8997_probe (git-fixes).
ASoC: cx2072x: Fix doubly definitions of Playback and Capture streams (git-fixes).
ASoC: fsl_asrc_dma: Fix dma_chan leak when config DMA channel failed (git-fixes).
ASoC: jz4740-i2s: add missed checks for clk_get() (git-fixes).
ASoC: pcm3168a: The codec does not support S32_LE (git-fixes).
ASoC: pcm: DRAIN support reactivation (git-fixes).
ASoC: rt5677: Mark reg RT5677_PWR_ANLG2 as volatile (git-fixes).
ASoC: sti: fix possible sleep-in-atomic (git-fixes).
ASoC: wm8904: fix regcache handling (git-fixes).
ASoC: wm8998: Fix PM disable depth imbalance on error (git-fixes).
ASoC: wm_adsp: Do not generate kcontrols without READ flags (git-fixes).
ASoC: wm_adsp: remove 'ctl' from list on error in wm_adsp_create_control() (git-fixes).
ata/libata: Fix usage of page address by page_address in ata_scsi_mode_select_xlat function (git-fixes).
ath10k: Fix an error handling path (git-fixes).
ath10k: fix backtrace on coredump (git-fixes).
ath10k: fix get invalid tx rate for Mesh metric (git-fixes).
ath10k: fix offchannel tx failure when no ath10k_mac_tx_frm_has_freq (git-fixes).
ath10k: Release some resources in an error handling path (git-fixes).
ath10k: Remove msdu from idr when management pkt send fails (git-fixes).
ath6kl: fix enum-conversion warning (git-fixes).
ath9k_htc: Discard undersized packets (git-fixes).
ath9k_htc: Modify byte order for an error message (git-fixes).
ath9k_htc: Silence undersized packet warnings (git-fixes).
ath9k_htc: Use appropriate rs_datalen type (git-fixes).
backlight: lp855x: Ensure regulators are disabled on probe failure (git-fixes).
Bluetooth: add a mutex lock to avoid UAF in do_enale_set (git-fixes).
Bluetooth: btusb: Fix detection of some fake CSR controllers with a bcdDevice val of 0x0134 (git-fixes).
Bluetooth: Fix advertising duplicated flags (git-fixes).
Bluetooth: Fix null pointer dereference in hci_event_packet() (git-fixes).
Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt() (git-fixes).
btrfs: fix use-after-free on readahead extent after failure to create it (bsc#1179963).
btrfs: remove a BUG_ON() from merge_reloc_roots() (bsc#1174784).
bus: fsl-mc: fix error return code in fsl_mc_object_allocate() (git-fixes).
can: mcp251x: add error check when wq alloc failed (git-fixes).
can: softing: softing_netdev_open(): fix error handling (git-fixes).
cfg80211: initialize rekey_data (git-fixes).
cfg80211: regulatory: Fix inconsistent format argument (git-fixes).
cirrus: cs89x0: remove set but not used variable 'lp' (git-fixes).
cirrus: cs89x0: use devm_platform_ioremap_resource() to simplify code (git-fixes).
clk: at91: usb: continue if clk_hw_round_rate() return zero (git-fixes).
clk: mvebu: a3700: fix the XTAL MODE pin to MPP1_9 (git-fixes).
clk: qcom: Allow constant ratio freq tables for rcg (git-fixes).
clk: qcom: msm8916: Fix the address location of pll->config_reg (git-fixes).
clk: s2mps11: Fix a resource leak in error handling paths in the probe function (git-fixes).
clk: samsung: exynos5433: Add IGNORE_UNUSED flag to sclk_i2s1 (git-fixes).
clk: sunxi-ng: Make sure divider tables have sentinel (git-fixes).
clk: tegra: Fix duplicated SE clock entry (git-fixes).
clk: tegra: Fix Tegra PMC clock out parents (git-fixes).
clk: ti: composite: fix memory leak (git-fixes).
clk: ti: dra7-atl-clock: Remove ti_clk_add_alias call (git-fixes).
clk: ti: Fix memleak in ti_fapll_synth_setup (git-fixes).
clocksource/drivers/asm9260: Add a check for of_clk_get (git-fixes).
cpufreq: highbank: Add missing MODULE_DEVICE_TABLE (git-fixes).
cpufreq: loongson1: Add missing MODULE_ALIAS (git-fixes).
cpufreq: scpi: Add missing MODULE_ALIAS (git-fixes).
cpufreq: st: Add missing MODULE_DEVICE_TABLE (git-fixes).
crypto: af_alg - avoid undefined behavior accessing salg_name (git-fixes).
crypto: omap-aes - Fix PM disable depth imbalance in omap_aes_probe (git-fixes).
crypto: qat - fix status check in qat_hal_put_rel_rd_xfer() (git-fixes).
crypto: talitos - Fix return type of current_desc_hdr() (git-fixes).
cw1200: fix missing destroy_workqueue() on error in cw1200_init_common (git-fixes).
drivers: base: Fix NULL pointer exception in __platform_driver_probe() if a driver developer is foolish (git-fixes).
drivers: soc: ti: knav_qmss_queue: Fix error return code in knav_queue_probe (git-fixes).
drm/amd/display: remove useless if/else (git-fixes).
drm/amdgpu: fix build_coefficients() argument (git-fixes).
drm/dp_aux_dev: check aux_dev before use in drm_dp_aux_dev_get_by_minor() (git-fixes).
drm/gma500: fix double free of gma_connector (git-fixes).
drm/meson: dw-hdmi: Register a callback to disable the regulator (git-fixes).
drm/msm/dpu: Add newline to printks (git-fixes).
drm/msm/dsi_phy_10nm: implement PHY disabling (git-fixes).
drm/omap: dmm_tiler: fix return error code in omap_dmm_probe() (git-fixes).
drm/rockchip: Avoid uninitialized use of endpoint id in LVDS (git-fixes).
epoll: Keep a reference on files added to the check list (bsc#1180031).
extcon: max77693: Fix modalias string (git-fixes).
firmware: qcom: scm: Ensure 'a0' status code is treated as signed (git-fixes).
fix regression in 'epoll: Keep a reference on files added to the check list' (bsc#1180031, git-fixes).
forcedeth: use per cpu to collect xmit/recv statistics (git-fixes).
geneve: change from tx_error to tx_dropped on missing metadata (git-fixes).
genirq/irqdomain: Add an irq_create_mapping_affinity() function (bsc#1065729).
gpio: arizona: handle pm_runtime_get_sync failure case (git-fixes).
gpio: gpio-grgpio: fix possible sleep-in-atomic-context bugs in grgpio_irq_map/unmap() (git-fixes).
gpio: max77620: Add missing dependency on GPIOLIB_IRQCHIP (git-fixes).
gpio: max77620: Fixup debounce delays (git-fixes).
gpio: max77620: Use correct unit for debounce times (git-fixes).
gpio: mpc8xxx: Add platform device to gpiochip->parent (git-fixes).
gpio: mvebu: fix potential user-after-free on probe (git-fixes).
gpiolib: acpi: Add honor_wakeup module-option + quirk mechanism (git-fixes).
gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2 10 BYT + AXP288 model (git-fixes).
gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2 10 CHT + AXP288 model (git-fixes).
gpiolib: acpi: Correct comment for HP x2 10 honor_wakeup quirk (git-fixes).
gpiolib: acpi: Rework honor_wakeup option into an ignore_wake option (git-fixes).
gpiolib: acpi: Turn dmi_system_id table into a generic quirk table (git-fixes).
gpiolib: fix up emulated open drain outputs (git-fixes).
HID: Add another Primax PIXART OEM mouse quirk (git-fixes).
HID: apple: Disable Fn-key key-re-mapping on clone keyboards (git-fixes).
HID: core: check whether Usage Page item is after Usage ID items (git-fixes).
HID: core: Correctly handle ReportSize being zero (git-fixes).
HID: cypress: Support Varmilo Keyboards' media hotkeys (git-fixes).
HID: Fix slab-out-of-bounds read in hid_field_extract (bsc#1180052).
HID: hid-sensor-hub: Fix issue with devices with no report ID (git-fixes).
HID: Improve Windows Precision Touchpad detection (git-fixes).
HID: intel-ish-hid: fix wrong error handling in ishtp_cl_alloc_tx_ring() (git-fixes).
HID: logitech-hidpp: Silence intermittent get_battery_capacity errors (git-fixes).
HSI: omap_ssi: Do not jump to free ID in ssi_add_controller() (git-fixes).
hwmon: (aspeed-pwm-tacho) Avoid possible buffer overflow (git-fixes).
hwmon: (jc42) Fix name to have no illegal characters (git-fixes).
i2c: algo: pca: Reapply i2c bus settings after reset (git-fixes).
i2c: i801: Fix resume bug (git-fixes).
i2c: piix4: Detect secondary SMBus controller on AMD AM4 chipsets (git-fixes).
i2c: pxa: clear all master action bits in i2c_pxa_stop_message() (git-fixes).
i2c: pxa: fix i2c_pxa_scream_blue_murder() debug output (git-fixes).
ibmvnic: add some debugs (bsc#1179896 ltc#190255).
ibmvnic: avoid memset null scrq msgs (bsc#1044767 ltc#155231 git-fixes).
ibmvnic: continue fatal error reset after passive init (bsc#1171078 ltc#184239 git-fixes).
ibmvnic: delay next reset if hard reset fails (bsc#1094840 ltc#167098 git-fixes).
ibmvnic: enhance resetting status check during module exit (bsc#1065729).
ibmvnic: fix call_netdevice_notifiers in do_reset (bsc#1115431 ltc#171853 git-fixes).
ibmvnic: fix NULL pointer dereference in reset_sub_crq_queues (bsc#1040855 ltc#155067 git-fixes).
ibmvnic: fix: NULL pointer dereference (bsc#1044767 ltc#155231 git-fixes).
ibmvnic: notify peers when failover and migration happen (bsc#1044120 ltc#155423 git-fixes).
ibmvnic: restore adapter state on failed reset (bsc#1152457 ltc#174432 git-fixes).
iio: adc: max1027: Reset the device at probe time (git-fixes).
iio: adc: rockchip_saradc: fix missing clk_disable_unprepare() on error in rockchip_saradc_resume (git-fixes).
iio: bmp280: fix compensation of humidity (git-fixes).
iio: buffer: Fix demux update (git-fixes).
iio: dac: ad5592r: fix unbalanced mutex unlocks in ad5592r_read_raw() (git-fixes).
iio: fix center temperature of bmc150-accel-core (git-fixes).
iio: humidity: hdc100x: fix IIO_HUMIDITYRELATIVE channel reporting (git-fixes).
iio: light: bh1750: Resolve compiler warning and make code more readable (git-fixes).
iio: srf04: fix wrong limitation in distance measuring (git-fixes).
iio:imu:bmi160: Fix too large a buffer (git-fixes).
iio:pressure:mpl3115: Force alignment of buffer (git-fixes).
inet_ecn: Fix endianness of checksum update when setting ECT(1) (git-fixes).
Input: ads7846 - fix integer overflow on Rt calculation (git-fixes).
Input: ads7846 - fix race that causes missing releases (git-fixes).
Input: ads7846 - fix unaligned access on 7845 (git-fixes).
Input: atmel_mxt_ts - disable IRQ across suspend (git-fixes).
Input: cm109 - do not stomp on control URB (git-fixes).
Input: cros_ec_keyb - send 'scancodes' in addition to key events (git-fixes).
Input: cyapa_gen6 - fix out-of-bounds stack access (git-fixes).
Input: goodix - add upside-down quirk for Teclast X98 Pro tablet (git-fixes).
Input: i8042 - add Acer laptops to the i8042 reset list (git-fixes).
Input: i8042 - add ByteSpeed touchpad to noloop table (git-fixes).
Input: i8042 - add Entroware Proteus EL07R4 to nomux and reset lists (git-fixes).
Input: i8042 - allow insmod to succeed on devices without an i8042 controller (git-fixes).
Input: omap4-keypad - fix runtime PM error handling (git-fixes).
Input: synaptics - enable InterTouch for ThinkPad X1E 1st gen (git-fixes).
Input: trackpoint - add new trackpoint variant IDs (git-fixes).
Input: trackpoint - enable Synaptics trackpoints (git-fixes).
Input: xpad - support Ardwiino Controllers (git-fixes).
ipw2x00: Fix -Wcast-function-type (git-fixes).
irqchip/alpine-msi: Fix freeing of interrupts on allocation error path (git-fixes).
iwlwifi: mvm: fix kernel panic in case of assert during CSA (git-fixes).
iwlwifi: mvm: fix unaligned read of rx_pkt_status (git-fixes).
iwlwifi: pcie: limit memory read spin time (git-fixes).
kABI workaround for dsa/b53 changes (git-fixes).
kABI workaround for HD-audio generic parser (git-fixes).
kABI workaround for net/ipvlan changes (git-fixes).
kABI: ath10k: move a new structure member to the end (git-fixes).
kABI: genirq: add back irq_create_mapping (bsc#1065729).
kernel-source.spec: Fix build with rpm 4.16 (boo#1179015). RPM_BUILD_ROOT is cleared before %%install. Do the unpack into RPM_BUILD_ROOT in %%install
kernel-{binary,source}.spec.in: do not create loop symlinks (bsc#1179082)
KVM: x86: reinstate vendor-agnostic check on SPEC_CTRL cpuid bits (bsc#1112178).
mac80211: allow rx of mesh eapol frames with default rx key (git-fixes).
mac80211: Check port authorization in the ieee80211_tx_dequeue() case (git-fixes).
mac80211: do not set set TDLS STA bandwidth wider than possible (git-fixes).
mac80211: fix authentication with iwlwifi/mvm (git-fixes).
mac80211: fix use of skb payload instead of header (git-fixes).
mac80211: mesh: fix mesh_pathtbl_init() error path (git-fixes).
matroxfb: avoid -Warray-bounds warning (git-fixes).
md-cluster: fix rmmod issue when md_cluster convert bitmap to none (bsc#1163727).
md-cluster: fix safemode_delay value when converting to clustered bitmap (bsc#1163727).
md-cluster: fix wild pointer of unlock_all_bitmaps() (bsc#1163727).
md/bitmap: fix memory leak of temporary bitmap (bsc#1163727).
md/bitmap: md_bitmap_get_counter returns wrong blocks (bsc#1163727).
md/bitmap: md_bitmap_read_sb uses wrong bitmap blocks (bsc#1163727).
md/cluster: block reshape with remote resync job (bsc#1163727).
md/cluster: fix deadlock when node is doing resync job (bsc#1163727).
md/raid5: fix oops during stripe resizing (git-fixes).
media: am437x-vpfe: Setting STD to current value is not an error (git-fixes).
media: cec-funcs.h: add status_req checks (git-fixes).
media: cx88: Fix some error handling path in 'cx8800_initdev()' (git-fixes).
media: gspca: Fix memory leak in probe (git-fixes).
media: i2c: mt9v032: fix enum mbus codes and frame sizes (git-fixes).
media: i2c: ov2659: Fix missing 720p register config (git-fixes).
media: i2c: ov2659: fix s_stream return value (git-fixes).
media: msi2500: assign SPI bus number dynamically (git-fixes).
media: mtk-vcodec: add missing put_device() call in mtk_vcodec_release_dec_pm() (git-fixes).
media: platform: add missing put_device() call in mtk_jpeg_probe() and mtk_jpeg_remove() (git-patches).
media: pvrusb2: Fix oops on tear-down when radio support is not present (git-fixes).
media: saa7146: fix array overflow in vidioc_s_audio() (git-fixes).
media: si470x-i2c: add missed operations in remove (git-fixes).
media: siano: fix memory leak of debugfs members in smsdvb_hotplug (git-fixes).
media: solo6x10: fix missing snd_card_free in error handling case (git-fixes).
media: sti: bdisp: fix a possible sleep-in-atomic-context bug in bdisp_device_run() (git-fixes).
media: sunxi-cir: ensure IR is handled when it is continuous (git-fixes).
media: ti-vpe: vpe: ensure buffers are cleaned up properly in abort cases (git-fixes).
media: ti-vpe: vpe: fix a v4l2-compliance failure about frame sequence number (git-fixes).
media: ti-vpe: vpe: fix a v4l2-compliance failure about invalid sizeimage (git-fixes).
media: ti-vpe: vpe: fix a v4l2-compliance failure causing a kernel panic (git-fixes).
media: ti-vpe: vpe: fix a v4l2-compliance warning about invalid pixel format (git-fixes).
media: ti-vpe: vpe: Make sure YUYV is set as default format (git-fixes).
media: v4l2-async: Fix trivial documentation typo (git-fixes).
media: v4l2-core: fix touch support in v4l_g_fmt (git-fixes).
media: v4l2-device.h: Explicitly compare grp{id,mask} to zero in v4l2_device macros (git-fixes).
mei: bus: do not clean driver pointer (git-fixes).
mei: protect mei_cl_mtu from null dereference (git-fixes).
memstick: fix a double-free bug in memstick_check (git-fixes).
memstick: r592: Fix error return in r592_probe() (git-fixes).
mfd: rt5033: Fix errorneous defines (git-fixes).
mfd: wm8994: Fix driver operation if loaded as modules (git-fixes).
mm,memory_failure: always pin the page in madvise_inject_error (bsc#1180258).
Move upstreamed bt fixes into sorted section
mwifiex: fix mwifiex_shutdown_sw() causing sw reset failure (git-fixes).
net: aquantia: Fix aq_vec_isr_legacy() return value (git-fixes).
net: aquantia: fix LRO with FCS error (git-fixes).
net: dsa: b53: Always use dev->vlan_enabled in b53_configure_vlan() (git-fixes).
net: dsa: b53: Ensure the default VID is untagged (git-fixes).
net: dsa: b53: Fix default VLAN ID (git-fixes).
net: dsa: b53: Properly account for VLAN filtering (git-fixes).
net: dsa: bcm_sf2: Do not assume DSA master supports WoL (git-fixes).
net: dsa: bcm_sf2: potential array overflow in bcm_sf2_sw_suspend() (git-fixes).
net: dsa: qca8k: remove leftover phy accessors (git-fixes).
net: ethernet: ti: cpsw: fix runtime_pm while add/kill vlan (git-fixes).
net: hisilicon: Fix signedness bug in hix5hd2_dev_probe() (git-fixes).
net: macb: add missing barriers when reading descriptors (git-fixes).
net: macb: fix dropped RX frames due to a race (git-fixes).
net: macb: fix error format in dev_err() (git-fixes).
net: macb: fix random memory corruption on RX with 64-bit DMA (git-fixes).
net: pasemi: fix an use-after-free in pasemi_mac_phy_init() (git-fixes).
net: phy: Avoid multiple suspends (git-fixes).
net: seeq: Fix the function used to release some memory in an error handling path (git-fixes).
net: sh_eth: fix a missing check of of_get_phy_mode (git-fixes).
net: sonic: replace dev_kfree_skb in sonic_send_packet (git-fixes).
net: sonic: return NETDEV_TX_OK if failed to map buffer (git-fixes).
net: stmmac: fix csr_clk can't be zero issue (git-fixes).
net: stmmac: Fix reception of Broadcom switches tags (git-fixes).
net: usb: sr9800: fix uninitialized local variable (git-fixes).
net:ethernet:aquantia: Extra spinlocks removed (git-fixes).
nfc: s3fwrn5: add missing release on skb in s3fwrn5_recv_frame (git-fixes).
nfc: s3fwrn5: Release the nfc firmware (git-fixes).
nfc: st95hf: Fix memleak in st95hf_in_send_cmd (git-fixes).
NFS: fix nfs_path in case of a rename retry (git-fixes).
NFSD: Add missing NFSv2 .pc_func methods (git-fixes).
NFSv4.2: fix client's attribute cache management for copy_file_range (git-fixes).
NFSv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag (git-fixes).
ocfs2: fix unbalanced locking (bsc#1180506).
orinoco: Move context allocation after processing the skb (git-fixes).
parport: load lowlevel driver if ports not found (git-fixes).
PCI/ASPM: Allow ASPM on links to PCIe-to-PCI/PCI-X Bridges (git-fixes).
PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge (git-fixes).
PCI: Do not disable decoding when mmio_always_on is set (git-fixes).
PCI: Fix pci_slot_release() NULL pointer dereference (git-fixes).
phy: Revert toggling reset changes (git-fixes).
pinctrl: amd: fix __iomem annotation in amd_gpio_irq_handler() (git-fixes).
pinctrl: amd: fix npins for uart0 in kerncz_groups (git-fixes).
pinctrl: amd: remove debounce filter setting in IRQ type setting (git-fixes).
pinctrl: baytrail: Avoid clearing debounce value when turning it off (git-fixes).
pinctrl: falcon: add missing put_device() call in pinctrl_falcon_probe() (git-fixes).
pinctrl: merrifield: Set default bias in case no particular value given (git-fixes).
pinctrl: sh-pfc: sh7734: Fix duplicate TCLK1_B (git-fixes).
platform/x86: acer-wmi: add automatic keyboard background light toggle key as KEY_LIGHTS_TOGGLE (git-fixes).
platform/x86: dell-smbios-base: Fix error return code in dell_smbios_init (git-fixes).
platform/x86: mlx-platform: Fix item counter assignment for MSN2700, MSN24xx systems (git-fixes).
platform/x86: mlx-platform: remove an unused variable (git-fixes).
platform/x86: mlx-platform: Remove PSU EEPROM from default platform configuration (git-fixes).
platform/x86: mlx-platform: Remove PSU EEPROM from MSN274x platform configuration (git-fixes).
PM / hibernate: memory_bm_find_bit(): Tighten node optimisation (git-fixes).
PM: ACPI: Output correct message on target power state (git-fixes).
PM: hibernate: Freeze kernel threads in software_resume() (git-fixes).
PM: hibernate: remove the bogus call to get_gendisk() in software_resume() (git-fixes).
pNFS/flexfiles: Fix list corruption if the mirror count changes (git-fixes).
power: supply: bq24190_charger: fix reference leak (git-fixes).
power: supply: bq27xxx_battery: Silence deferred-probe error (git-fixes).
powerpc/64: Set up a kernel stack for secondaries before cpu_restore() (bsc#1065729).
powerpc/64s/pseries: Fix hash tlbiel_all_isa300 for guest kernels (bsc#1179888 ltc#190253).
powerpc/64s: Fix hash ISA v3.0 TLBIEL instruction generation (bsc#1055117 ltc#159753 git-fixes bsc#1179888 ltc#190253).
powerpc/pci: Fix broken INTx configuration via OF (bsc#1172145 ltc#184630).
powerpc/pci: Remove legacy debug code (bsc#1172145 ltc#184630 git-fixes).
powerpc/pci: Remove LSI mappings on device teardown (bsc#1172145 ltc#184630).
powerpc/pci: Use of_irq_parse_and_map_pci() helper (bsc#1172145 ltc#184630).
powerpc/pseries/hibernation: remove redundant cacheinfo update (bsc#1138374 ltc#178199 git-fixes).
powerpc/pseries: Pass MSI affinity to irq_create_mapping() (bsc#1065729).
powerpc/smp: Add __init to init_big_cores() (bsc#1109695 ltc#171067 git-fixes).
powerpc/xmon: Change printk() to pr_cont() (bsc#1065729).
powerpc: Convert to using %pOF instead of full_name (bsc#1172145 ltc#184630).
powerpc: Fix incorrect stw{, ux, u, x} instructions in __set_pte_at (bsc#1065729).
ppp: remove the PPPIOCDETACH ioctl (git-fixes).
pwm: lp3943: Dynamically allocate PWM chip base (git-fixes).
radeon: insert 10ms sleep in dce5_crtc_load_lut (git-fixes).
ravb: Fix use-after-free ravb_tstamp_skb (git-fixes).
regmap: debugfs: check count when read regmap file (git-fixes).
regmap: dev_get_regmap_match(): fix string comparison (git-fixes).
regmap: Remove duplicate `type` field from regmap `regcache_sync` trace event (git-fixes).
regulator: max8907: Fix the usage of uninitialized variable in max8907_regulator_probe() (git-fixes).
regulator: pfuze100-regulator: Variable 'val' in pfuze100_regulator_probe() could be uninitialized (git-fixes).
regulator: ti-abb: Fix timeout in ti_abb_wait_txdone/ti_abb_clear_all_txdone (git-fixes).
remoteproc: Fix wrong rvring index computation (git-fixes).
rfkill: Fix incorrect check to avoid NULL pointer dereference (git-fixes).
rtc: 88pm860x: fix possible race condition (git-fixes).
rtc: hym8563: enable wakeup when applicable (git-fixes).
rtl8xxxu: fix RTL8723BU connection failure issue after warm reboot (git-fixes).
rtlwifi: fix memory leak in rtl92c_set_fw_rsvdpagepkt() (git-fixes).
s390/dasd: fix hanging device offline processing (bsc#1144912).
scripts/lib/SUSE/MyBS.pm: properly close prjconf Macros: section
scsi: lpfc: Add FDMI Vendor MIB support (bsc#1164780).
scsi: lpfc: Convert abort handling to SLI-3 and SLI-4 handlers (bsc#1164780).
scsi: lpfc: Convert SCSI I/O completions to SLI-3 and SLI-4 handlers (bsc#1164780).
scsi: lpfc: Convert SCSI path to use common I/O submission path (bsc#1164780).
scsi: lpfc: Correct null ndlp reference on routine exit (bsc#1164780).
scsi: lpfc: Drop nodelist reference on error in lpfc_gen_req() (bsc#1164780).
scsi: lpfc: Enable common send_io interface for SCSI and NVMe (bsc#1164780).
scsi: lpfc: Enable common wqe_template support for both SCSI and NVMe (bsc#1164780).
scsi: lpfc: Enlarge max_sectors in scsi host templates (bsc#1164780).
scsi: lpfc: Extend the RDF FPIN Registration descriptor for additional events (bsc#1164780).
scsi: lpfc: Fix duplicate wq_create_version check (bsc#1164780).
scsi: lpfc: Fix fall-through warnings for Clang (bsc#1164780).
scsi: lpfc: Fix FLOGI/PLOGI receive race condition in pt2pt discovery (bsc#1164780).
scsi: lpfc: Fix invalid sleeping context in lpfc_sli4_nvmet_alloc() (bsc#1164780).
scsi: lpfc: Fix memory leak on lcb_context (bsc#1164780).
scsi: lpfc: Fix missing prototype for lpfc_nvmet_prep_abort_wqe() (bsc#1164780).
scsi: lpfc: Fix missing prototype warning for lpfc_fdmi_vendor_attr_mi() (bsc#1164780).
scsi: lpfc: Fix NPIV discovery and Fabric Node detection (bsc#1164780).
scsi: lpfc: Fix NPIV Fabric Node reference counting (bsc#1164780).
scsi: lpfc: Fix pointer defereference before it is null checked issue (bsc#1164780).
scsi: lpfc: Fix refcounting around SCSI and NVMe transport APIs (bsc#1164780).
scsi: lpfc: Fix removal of SCSI transport device get and put on dev structure (bsc#1164780).
scsi: lpfc: Fix scheduling call while in softirq context in lpfc_unreg_rpi (bsc#1164780).
scsi: lpfc: Fix set but not used warnings from Rework remote port lock handling (bsc#1164780).
scsi: lpfc: Fix set but unused variables in lpfc_dev_loss_tmo_handler() (bsc#1164780).
scsi: lpfc: Fix spelling mistake 'Cant' -> 'Can't' (bsc#1164780).
scsi: lpfc: Fix variable 'vport' set but not used in lpfc_sli4_abts_err_handler() (bsc#1164780).
scsi: lpfc: lpfc_attr: Demote kernel-doc format for redefined functions (bsc#1164780).
scsi: lpfc: lpfc_attr: Fix-up a bunch of kernel-doc misdemeanours (bsc#1164780).
scsi: lpfc: lpfc_debugfs: Fix a couple of function documentation issues (bsc#1164780).
scsi: lpfc: lpfc_scsi: Fix a whole host of kernel-doc issues (bsc#1164780).
scsi: lpfc: Refactor WQE structure definitions for common use (bsc#1164780).
scsi: lpfc: Reject CT request for MIB commands (bsc#1164780).
scsi: lpfc: Remove dead code on second !ndlp check (bsc#1164780).
scsi: lpfc: Remove ndlp when a PLOGI/ADISC/PRLI/REG_RPI ultimately fails (bsc#1164780).
scsi: lpfc: Remove set but not used 'qp' (bsc#1164780).
scsi: lpfc: Remove unneeded variable 'status' in lpfc_fcp_cpu_map_store() (bsc#1164780).
scsi: lpfc: Removed unused macros in lpfc_attr.c (bsc#1164780).
scsi: lpfc: Rework locations of ndlp reference taking (bsc#1164780).
scsi: lpfc: Rework remote port lock handling (bsc#1164780).
scsi: lpfc: Rework remote port ref counting and node freeing (bsc#1164780).
scsi: lpfc: Unsolicited ELS leaves node in incorrect state while dropping it (bsc#1164780).
scsi: lpfc: Update changed file copyrights for 2020 (bsc#1164780).
scsi: lpfc: Update lpfc version to 12.8.0.4 (bsc#1164780).
scsi: lpfc: Update lpfc version to 12.8.0.5 (bsc#1164780).
scsi: lpfc: Update lpfc version to 12.8.0.6 (bsc#1164780).
scsi: lpfc: Use generic power management (bsc#1164780).
scsi: qla2xxx: Change post del message from debug level to log level (bsc#1172538 bsc#1179142 bsc#1179810).
scsi: qla2xxx: Convert to DEFINE_SHOW_ATTRIBUTE (bsc#1172538 bsc#1179142 bsc#1179810).
scsi: qla2xxx: Do not check for fw_started while posting NVMe command (bsc#1172538 bsc#1179142 bsc#1179810).
scsi: qla2xxx: Do not consume srb greedily (bsc#1172538 bsc#1179142 bsc#1179810).
scsi: qla2xxx: Drop TARGET_SCF_LOOKUP_LUN_FROM_TAG (bsc#1172538 bsc#1179142 bsc#1179810).
scsi: qla2xxx: Fix compilation issue in PPC systems (bsc#1172538 bsc#1179142 bsc#1179810).
scsi: qla2xxx: Fix crash during driver load on big endian machines (bsc#1172538 bsc#1179142 bsc#1179810).
scsi: qla2xxx: Fix device loss on 4G and older HBAs (bsc#1172538 bsc#1179142 bsc#1179810).
scsi: qla2xxx: Fix flash update in 28XX adapters on big endian machines (bsc#1172538 bsc#1179142 bsc#1179810).
scsi: qla2xxx: Fix FW initialization error on big endian machines (bsc#1172538 bsc#1179142 bsc#1179810).
scsi: qla2xxx: Fix N2N and NVMe connect retry failure (bsc#1172538 bsc#1179142 bsc#1179810).
scsi: qla2xxx: Fix return of uninitialized value in rval (bsc#1172538 bsc#1179142 bsc#1179810).
scsi: qla2xxx: Fix the call trace for flush workqueue (bsc#1172538 bsc#1179142 bsc#1179810).
scsi: qla2xxx: Handle aborts correctly for port undergoing deletion (bsc#1172538 bsc#1179142 bsc#1179810).
scsi: qla2xxx: Handle incorrect entry_type entries (bsc#1172538 bsc#1179142 bsc#1179810).
scsi: qla2xxx: If fcport is undergoing deletion complete I/O with retry (bsc#1172538 bsc#1179142 bsc#1179810).
scsi: qla2xxx: Initialize variable in qla8044_poll_reg() (bsc#1172538 bsc#1179142 bsc#1179810).
scsi: qla2xxx: Limit interrupt vectors to number of CPUs (bsc#1172538 bsc#1179142 bsc#1179810).
scsi: qla2xxx: Move sess cmd list/lock to driver (bsc#1172538 bsc#1179142 bsc#1179810).
scsi: qla2xxx: Remove in_interrupt() from qla82xx-specific code (bsc#1172538 bsc#1179142 bsc#1179810).
scsi: qla2xxx: Remove in_interrupt() from qla83xx-specific code (bsc#1172538 bsc#1179142 bsc#1179810).
scsi: qla2xxx: remove incorrect sparse #ifdef (bsc#1172538 bsc#1179142 bsc#1179810).
scsi: qla2xxx: Remove trailing semicolon in macro definition (bsc#1172538 bsc#1179142 bsc#1179810).
scsi: qla2xxx: Return EBUSY on fcport deletion (bsc#1172538 bsc#1179142 bsc#1179810).
scsi: qla2xxx: Tear down session if FW say it is down (bsc#1172538 bsc#1179142 bsc#1179810).
scsi: qla2xxx: Update version to 10.02.00.104-k (bsc#1172538 bsc#1179142 bsc#1179810).
scsi: qla2xxx: Use constant when it is known (bsc#1172538 bsc#1179142 bsc#1179810).
scsi: Remove unneeded break statements (bsc#1164780).
scsi: storvsc: Fix error return in storvsc_probe() (git-fixes).
scsi: target: tcm_qla2xxx: Remove BUG_ON(in_interrupt()) (bsc#1172538 bsc#1179142 bsc#1179810).
serial: 8250_omap: Avoid FIFO corruption caused by MDR1 access (git-fixes).
serial: 8250_pci: Add Realtek 816a and 816b (git-fixes).
serial: amba-pl011: Make sure we initialize the port.lock spinlock (git-fixes).
serial: ar933x_uart: set UART_CS_{RX,TX}_READY_ORIDE (git-fixes).
serial: txx9: add missing platform_driver_unregister() on error in serial_txx9_init (git-fixes).
serial_core: Check for port state when tty is in error state (git-fixes).
soc/tegra: fuse: Fix index bug in get_process_id (git-fixes).
soc: imx: gpc: fix power up sequencing (git-fixes).
soc: mediatek: Check if power domains can be powered on at boot time (git-fixes).
soc: qcom: smp2p: Safely acquire spinlock without IRQs (git-fixes).
soc: ti: Fix reference imbalance in knav_dma_probe (git-fixes).
soc: ti: knav_qmss: fix reference leak in knav_queue_probe (git-fixes).
spi: Add call to spi_slave_abort() function when spidev driver is released (git-fixes).
spi: bcm63xx-hsspi: fix missing clk_disable_unprepare() on error in bcm63xx_hsspi_resume (git-fixes).
spi: davinci: Fix use-after-free on unbind (git-fixes).
spi: dw: Enable interrupts in accordance with DMA xfer mode (git-fixes).
spi: dw: Fix Rx-only DMA transfers (git-fixes).
spi: dw: Return any value retrieved from the dma_transfer callback (git-fixes).
spi: Fix memory leak on splited transfers (git-fixes).
spi: img-spfi: fix potential double release (git-fixes).
spi: img-spfi: fix reference leak in img_spfi_resume (git-fixes).
spi: pic32: Do not leak DMA channels in probe error path (git-fixes).
spi: pxa2xx: Add missed security checks (git-fixes).
spi: spi-cavium-thunderx: Add missing pci_release_regions() (git-fixes).
spi: spi-loopback-test: Fix out-of-bounds read (git-fixes).
spi: spi-mem: Fix passing zero to 'PTR_ERR' warning (git-fixes).
spi: spi-mem: fix reference leak in spi_mem_access_start (git-fixes).
spi: spi-ti-qspi: fix reference leak in ti_qspi_setup (git-fixes).
spi: spidev: fix a potential use-after-free in spidev_release() (git-fixes).
spi: st-ssc4: add missed pm_runtime_disable (git-fixes).
spi: st-ssc4: Fix unbalanced pm_runtime_disable() in probe error path (git-fixes).
spi: tegra114: fix reference leak in tegra spi ops (git-fixes).
spi: tegra20-sflash: fix reference leak in tegra_sflash_resume (git-fixes).
spi: tegra20-slink: add missed clk_unprepare (git-fixes).
spi: tegra20-slink: fix reference leak in slink ops of tegra20 (git-fixes).
staging: comedi: check validity of wMaxPacketSize of usb endpoints found (git-fixes).
staging: comedi: gsc_hpdi: check dma_alloc_coherent() return value (git-fixes).
staging: comedi: mf6x4: Fix AI end-of-conversion detection (git-fixes).
staging: olpc_dcon: add a missing dependency (git-fixes).
staging: olpc_dcon: Do not call platform_device_unregister() in dcon_probe() (git-fixes).
staging: rtl8188eu: Add device code for TP-Link TL-WN727N v5.21 (git-fixes).
staging: rtl8188eu: Add device id for MERCUSYS MW150US v2 (git-fixes).
staging: rtl8188eu: fix possible null dereference (git-fixes).
staging: rtl8192u: fix multiple memory leaks on error path (git-fixes).
staging: vt6656: set usb_set_intfdata on driver fail (git-fixes).
staging: wlan-ng: fix out of bounds read in prism2sta_probe_usb() (git-fixes).
staging: wlan-ng: properly check endpoint types (git-fixes).
sunrpc: fixed rollback in rpc_gssd_dummy_populate() (git-fixes).
SUNRPC: Properly set the @subbuf parameter of xdr_buf_subsegment() (git-fixes).
SUNRPC: The RDMA back channel mustn't disappear while requests are outstanding (git-fixes).
thunderbolt: Use 32-bit writes when writing ring producer/consumer (git-fixes).
timer: Fix wheel index calculation on last level (git fixes)
timer: Prevent base->clk from moving backward (git-fixes)
tty: always relink the port (git-fixes).
tty: link tty and port before configuring it as console (git-fixes).
tty: synclink_gt: Adjust indentation in several functions (git-fixes).
tty: synclinkmp: Adjust indentation in several functions (git-fixes).
tty:serial:mvebu-uart:fix a wrong return (git-fixes).
uapi/if_ether.h: move __UAPI_DEF_ETHHDR libc define (git-fixes).
uapi/if_ether.h: prevent redefinition of struct ethhdr (git-fixes).
usb: add RESET_RESUME quirk for Snapscan 1212 (git-fixes).
usb: chipidea: ci_hdrc_imx: Pass DISABLE_DEVICE_STREAMING flag to imx6ul (git-fixes).
usb: dummy-hcd: Fix uninitialized array use in init() (git-fixes).
usb: dwc2: Fix IN FIFO allocation (git-fixes).
usb: dwc3: remove the call trace of USBx_GFLADJ (git-fixes).
usb: ehci-omap: Fix PM disable depth umbalance in ehci_hcd_omap_probe (git-fixes).
usb: Fix: Do not skip endpoint descriptors with maxpacket=0 (git-fixes).
usb: fsl: Check memory resource before releasing it (git-fixes).
usb: gadget: composite: Fix possible double free memory bug (git-fixes).
usb: gadget: configfs: fix concurrent issue between composite APIs (git-fixes).
usb: gadget: configfs: Fix missing spin_lock_init() (git-fixes).
usb: gadget: f_acm: add support for SuperSpeed Plus (git-fixes).
usb: gadget: f_midi: setup SuperSpeed Plus descriptors (git-fixes).
usb: gadget: f_rndis: fix bitrate for SuperSpeed and above (git-fixes).
usb: gadget: ffs: ffs_aio_cancel(): Save/restore IRQ flags (git-fixes).
usb: gadget: fix wrong endpoint desc (git-fixes).
usb: gadget: goku_udc: fix potential crashes in probe (git-fixes).
usb: gadget: net2280: fix memory leak on probe error handling paths (git-fixes).
usb: gadget: serial: fix Tx stall after buffer overflow (git-fixes).
usb: gadget: udc: fix possible sleep-in-atomic-context bugs in gr_probe() (git-fixes).
usb: gadget: udc: gr_udc: fix memleak on error handling path in gr_ep_init() (git-fixes).
usb: hso: Fix debug compile warning on sparc32 (git-fixes).
usb: ldusb: use unsigned size format specifiers (git-fixes).
usb: musb: omap2430: Get rid of musb .set_vbus for omap2430 glue (git-fixes).
usb: oxu210hp-hcd: Fix memory leak in oxu_create (git-fixes).
usb: serial: ch341: add new Product ID for CH341A (git-fixes).
usb: serial: ch341: sort device-id entries (git-fixes).
usb: serial: digi_acceleport: clean up modem-control handling (git-fixes).
usb: serial: digi_acceleport: clean up set_termios (git-fixes).
usb: serial: digi_acceleport: fix write-wakeup deadlocks (git-fixes).
usb: serial: digi_acceleport: remove in_interrupt() usage.
usb: serial: digi_acceleport: remove redundant assignment to pointer priv (git-fixes).
usb: serial: digi_acceleport: rename tty flag variable (git-fixes).
usb: serial: digi_acceleport: use irqsave() in USB's complete callback (git-fixes).
usb: serial: keyspan_pda: fix dropped unthrottle interrupts (git-fixes).
usb: serial: keyspan_pda: fix stalled writes (git-fixes).
usb: serial: keyspan_pda: fix tx-unthrottle use-after-free (git-fixes).
usb: serial: keyspan_pda: fix write deadlock (git-fixes).
usb: serial: keyspan_pda: fix write unthrottling (git-fixes).
usb: serial: keyspan_pda: fix write-wakeup use-after-free (git-fixes).
usb: serial: mos7720: fix parallel-port state restore (git-fixes).
usb: serial: option: add Fibocom NL668 variants (git-fixes).
usb: serial: option: add interface-number sanity check to flag handling (git-fixes).
usb: serial: option: add support for Thales Cinterion EXS82 (git-fixes).
usb: Skip endpoints with 0 maxpacket length (git-fixes).
usb: UAS: introduce a quirk to set no_write_same (git-fixes).
usb: usbfs: Suppress problematic bind and unbind uevents (git-fixes).
usblp: poison URBs upon disconnect (git-fixes).
usbnet: ipheth: fix connectivity with iOS 14 (git-fixes).
video: fbdev: neofb: fix memory leak in neo_scan_monitor() (git-fixes).
vt: do not hardcode the mem allocation upper bound (git-fixes).
vt: Reject zero-sized screen buffer size (git-fixes).
watchdog: coh901327: add COMMON_CLK dependency (git-fixes).
watchdog: da9062: do not ping the hw during stop() (git-fixes).
watchdog: da9062: No need to ping manually before setting timeout (git-fixes).
watchdog: qcom: Avoid context switch in restart handler (git-fixes).
watchdog: sirfsoc: Add missing dependency on HAS_IOMEM (git-fixes).
wimax: fix duplicate initializer warning (git-fixes).
wireless: Use linux/stddef.h instead of stddef.h (git-fixes).
wireless: Use offsetof instead of custom macro (git-fixes).
x86/apic: Fix integer overflow on 10 bit left shift of cpu_khz (bsc#1112178).
x86/insn-eval: Use new for_each_insn_prefix() macro to loop over prefixes bytes (bsc#1112178).
x86/mm/ident_map: Check for errors from ident_pud_init() (bsc#1112178).
x86/mm/mem_encrypt: Fix definition of PMD_FLAGS_DEC_WP (bsc#1112178).
x86/resctrl: Fix incorrect local bandwidth when mba_sc is enabled (bsc#1112178).
x86/resctrl: Remove unused struct mbm_state::chunks_bw (bsc#1112178).
x86/tracing: Introduce a static key for exception tracing (bsc#1179895).
x86/traps: Simplify pagefault tracing logic (bsc#1179895).
x86/uprobes: Do not use prefixes.nbytes when looping over prefixes.bytes (bsc#1112178).
xhci: Give USB2 ports time to enter U3 in bus suspend (git-fixes).
xprtrdma: fix incorrect header size calculations (git-fixes).

Advisory ID	SUSE-RU-2021:598-1
Released	Thu Feb 25 10:30:23 2021
Summary	Recommended update for go
Type	recommended
Severity	moderate
References	1164903,1172608,1175132

Description:

This update for go fixes the following issues:
Update to current stable go1.15 (bsc#1175132)

Ensure 'Provides: golang(API) = %{api_version}' is consistent to improve package resolution for common go dependency expressions 'BuildRequires: golang(API) >= 1.x' and BuildRequires: go >= 1.x OBS projects that contain go code often have prjconf entries 'Prefer: go' which selects go metapackage over go1.x packages. When go metapackage Provides: version is lower than go1.x versions, 'Prefer: go' is not effective and build failures occur with errors unresolvable: have choice for golang(API) >= 1.13: go1.13 go1.14 Edits and changelog Jeff Kowalczyk (bsc#1172608)

Unify '{version'} and '{short_version}' as '{api_version}' for 'Provides: golang(API) = %{api_version}'
Use both 'BuildRequires: go%{api_version}' and 'Requires: go%{api_version}' to trigger build errors if go1.x is unavailable
Add aarch64 to supported systems for go-race via %define tsan_arch x86_64 aarch64
Add tsan_arch x86_64 aarch64 for suse_version >= 1500 and sle_version >= 150000, formerly conditional on suse_version >= 1315
Ensure %ifarch %{tsan_arch} always evaluates (nil does not work) via dummy tsan_arch on systems where go-race is not supported

Update to current stable go1.14 (bsc#1164903)

Remove redundant Provides: go-doc=%{version} per rpmlint warning

Change suse_version >= 1315 (was 1550) defines short_version 1.12 go1.12 packages are available for SLE-12.

Advisory ID	SUSE-RU-2021:716-1
Released	Fri Mar 5 17:22:27 2021
Summary	Recommended update for go
Type	recommended
Severity	moderate
References	1182345

Description:

This update for go fixes the following issues:

Update to current stable go1.16 (bsc#1182345)

Advisory ID	SUSE-RU-2021:1015-1
Released	Tue Apr 6 10:13:53 2021
Summary	Recommended update for lttng-modules
Type	recommended
Severity	moderate
References	1182570

Description:

This update for lttng-modules fixes the following issue:

package is rebuilt with the new secure boot key.

Advisory ID	SUSE-RU-2021:1016-1
Released	Tue Apr 6 10:14:07 2021
Summary	Recommended update for crash
Type	recommended
Severity	moderate
References	1182570

Description:

This update for crash fixes the following issue:

package is rebuilt with the new secure boot key.

Advisory ID	SUSE-RU-2021:1410-1
Released	Wed Apr 28 16:33:22 2021
Summary	Recommended update for lttng-modules
Type	recommended
Severity	moderate
References	1182570

Description:

This update for lttng-modules fixes the following issue:

package is rebuilt with the new secure boot key.

Advisory ID	SUSE-RU-2021:2350-1
Released	Thu Jul 15 10:09:04 2021
Summary	Recommended update for lttng-modules
Type	recommended
Severity	moderate
References	1182570

Description:

This update for lttng-modules rebuilds it with the a new UEFI signing key. (bsc#1182570)

Advisory ID	SUSE-RU-2021:3026-1
Released	Mon Sep 13 11:40:38 2021
Summary	Recommended update for oracleasm
Type	recommended
Severity	moderate
References	1189119

Description:

This update for oracleasm fixes the following issues:

Added 4 upstream commits/patches, as requested by support (bsc#1189119): - Fix incorrectly set flag - Fix memory leak - Add 'ENXIO' handling - Tracing update

Advisory ID	SUSE-RU-2022:321-1
Released	Thu Feb 3 12:55:16 2022
Summary	Recommended update for go
Type	recommended
Severity	moderate
References	1190649

Description:

This update for go fixes the following issues:

Update the go wrapper package to switch to the current stable go1.17 (bsc#1190649)
Add golang Provides for RH/Fedora compatibility

Advisory ID	SUSE-RU-2022:1579-1
Released	Mon May 9 17:22:05 2022
Summary	Recommended update for MozillaFirefox
Type	recommended
Severity	important
References	1198970,CVE-2022-29909,CVE-2022-29911,CVE-2022-29912,CVE-2022-29914,CVE-2022-29916,CVE-2022-29917

Description:

This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 91.9.0 ESR
MFSA 2022-17 (bsc#1198970)

CVE-2022-29914: Fullscreen notification bypass using popups
CVE-2022-29909: Bypassing permission prompt in nested browsing contexts
CVE-2022-29916: Leaking browser history with CSS variables
CVE-2022-29911: iframe Sandbox bypass
CVE-2022-29912: Reader mode bypassed SameSite cookies
CVE-2022-29917: Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9

Advisory ID	SUSE-RU-2022:1595-1
Released	Tue May 10 05:30:16 2022
Summary	Recommended update for libnss_nis
Type	recommended
Severity	important
References	1197768

Description:

This update for libnss_nis fixes the following issues:

Fix build issues occurring on SUSE Linux Enterprise 15 Service Pack 4 (bsc#1197768)

Advisory ID	SUSE-SU-2022:1617-1
Released	Tue May 10 14:40:12 2022
Summary	Security update for gzip
Type	security
Severity	important
References	1198062,1198922,CVE-2022-1271

Description:

This update for gzip fixes the following issues:

CVE-2022-1271: Fix escaping of malicious filenames. (bsc#1198062)

Advisory ID	SUSE-RU-2022:1627-1
Released	Tue May 10 15:55:42 2022
Summary	Recommended update for cluster-glue
Type	recommended
Severity	moderate
References	1197681

Description:

This update for cluster-glue fixes the following issues:

Fix for comment in external ec2 (bsc#1197681)
Support IMDSv2 in EC2 stonith agent. (jsc#SLE-23490, jsc#SLE-23491, jsc#SLE-23492, jsc#SLE-23494)

Advisory ID	SUSE-SU-2022:1644-1
Released	Thu May 12 07:57:26 2022
Summary	Security update for clamav
Type	security
Severity	important
References	1199242,1199244,1199245,1199246,1199274,CVE-2022-20770,CVE-2022-20771,CVE-2022-20785,CVE-2022-20792,CVE-2022-20796

Description:

This update for clamav fixes the following issues:

CVE-2022-20770: Fixed a possible infinite loop vulnerability in the CHM file parser (bsc#1199242).
CVE-2022-20796: Fixed a possible NULL-pointer dereference crash in the scan verdict cache check (bsc#1199246).
CVE-2022-20771: Fixed a possible infinite loop vulnerability in the TIFF file parser (bsc#1199244).
CVE-2022-20785: Fixed a possible memory leak in the HTML file parser / Javascript normalizer (bsc#1199245).
CVE-2022-20792: Fixed a possible multi-byte heap buffer overflow write vulnerability in the signature database load module (bsc#1199274).

Advisory ID	SUSE-RU-2022:1655-1
Released	Fri May 13 15:36:10 2022
Summary	Recommended update for pam
Type	recommended
Severity	moderate
References	1197794

Description:

This update for pam fixes the following issue:

Do not include obsolete header files (bsc#1197794)

Advisory ID	SUSE-RU-2022:1656-1
Released	Fri May 13 15:38:02 2022
Summary	Recommended update for llvm7
Type	recommended
Severity	moderate
References	1197775

Description:

This update for llvm7 fixes the following issues:

Backport fixes and changes from Factory. (bsc#1197775)
Drop RUNPATH from packaged binaries, instead set LD_LIBRARY_PATH for building and testing to simulate behavior of actual package.
Fix build with linux-glibc-devel 5.13.

Advisory ID	SUSE-RU-2022:1658-1
Released	Fri May 13 15:40:20 2022
Summary	Recommended update for libpsl
Type	recommended
Severity	important
References	1197771

Description:

This update for libpsl fixes the following issues:

Fix libpsl compilation issues (bsc#1197771)

Advisory ID	SUSE-RU-2022:1659-1
Released	Fri May 13 15:41:32 2022
Summary	Recommended update for cups
Type	recommended
Severity	moderate
References	1189517,1195115

Description:

This update for cups fixes the following issues:

CUPS printservice takes much longer than before with a big number of printers (bsc#1189517)
CUPS PreserveJobHistory doesn't work with seconds (bsc#1195115)

Advisory ID	SUSE-RU-2022:1660-1
Released	Fri May 13 15:42:21 2022
Summary	Recommended update for publicsuffix
Type	recommended
Severity	low
References	1198068

Description:

This update for publicsuffix fixes the following issue:

Update to version 20220405 (bsc#1198068)

Advisory ID	SUSE-RU-2022:1661-1
Released	Mon May 16 09:24:18 2022
Summary	Recommended update for rust, rust1.60
Type	recommended
Severity	moderate
References

Description:

This update for rust, rust1.60 fixes the following issues:
rust1.60 is shipped with this update.
Version 1.60.0 (2022-04-07) ========================== Language --------

Stabilize cfg(panic = '...') for either 'unwind' or 'abort'.
Stabilize cfg(target_has_atomic = '...') for each integer size and 'ptr'.

Compiler --------

Enable combining +crt-static and relocation-model=pic on x86_64-unknown-linux-gnu
Fixes wrong unreachable_pub lints on nested and glob public reexport
Stabilize -Z instrument-coverage as -C instrument-coverage
Stabilize -Z print-link-args as --print link-args
Add new Tier 3 target mips64-openwrt-linux-musl\*
Add new Tier 3 target armv7-unknown-linux-uclibceabi (softfloat)\*
Fix invalid removal of newlines from doc comments
Add kernel target for RustyHermit
Deny mixing bin crate type with lib crate types
Make rustc use RUST_BACKTRACE=full by default
Refer to Rust's platform support page for more information on Rust's tiered platform support.

Libraries ---------

Guarantee call order for sort_by_cached_key
Improve Duration::try_from_secs_f32/f64 accuracy by directly processing exponent and mantissa
Make Instant::{duration_since, elapsed, sub} saturating
Remove non-monotonic clocks workarounds in Instant::now
Make BuildHasherDefault, iter::Empty and future::Pending covariant

Stabilized APIs --------------

Arc::new_cyclic
Rc::new_cyclic
slice::EscapeAscii
<[u8]>::escape_ascii
u8::escape_ascii
Vec::spare_capacity_mut
MaybeUninit::assume_init_drop
MaybeUninit::assume_init_read
i8::abs_diff
i16::abs_diff
i32::abs_diff
i64::abs_diff
i128::abs_diff
isize::abs_diff
u8::abs_diff
u16::abs_diff
u32::abs_diff
u64::abs_diff
u128::abs_diff
usize::abs_diff
Display for io::ErrorKind
From for ExitCode]
Not for ! (the 'never' type)
_Op_Assign<$t> for Wrapping<$t>
arch::is_aarch64_feature_detected!

Cargo -----

Port cargo from toml-rs to toml_edit
Stabilize -Ztimings as --timings
Stabilize namespaced and weak dependency features.
Accept more cargo:rustc-link-arg-* types from build script output.
cargo-new should not add ignore rule on Cargo.lock inside subdirs

Misc ----

Ship docs on Tier 2 platforms by reusing the closest Tier 1 platform docs
Drop rustc-docs from complete profile
bootstrap: tidy up flag handling for llvm build

Compatibility Notes -------------------

Mitigations for platforms with non-monotonic clocks have been removed from Instant::now. On platforms that don't provide monotonic clocks, an instant is not guaranteed to be greater than an earlier instant anymore.
Instant::{duration_since, elapsed, sub} do not panic anymore on underflow, saturating to 0 instead. In the real world the panic happened mostly on platforms with buggy monotonic clock implementations rather than catching programming errors like reversing the start and end times. Such programming errors will now results in 0 rather than a panic.

Advisory ID	SUSE-OU-2022:1663-1
Released	Mon May 16 09:51:22 2022
Summary	Optional update for SUSE Package Hub
Type	optional
Severity	moderate
References

Description:

This optional update provides the following changes:

Provide binaries for non x86_64 architectures directly to SUSE Package Hub.
There are no visible changes for the final user.
Affected source packages: meanwhile

Advisory ID	SUSE-SU-2022:1670-1
Released	Mon May 16 10:06:30 2022
Summary	Security update for openldap2
Type	security
Severity	important
References	1199240,CVE-2022-29155

Description:

This update for openldap2 fixes the following issues:

CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240).

Advisory ID	SUSE-SU-2022:1678-1
Released	Mon May 16 10:19:03 2022
Summary	Security update for jackson-databind, jackson-dataformats-binary, jackson-annotations, jackson-bom, jackson-core
Type	security
Severity	important
References	1177616,1182481,1197132,CVE-2020-25649,CVE-2020-28491,CVE-2020-36518

Description:

This update for jackson-databind, jackson-dataformats-binary, jackson-annotations, jackson-bom, jackson-core fixes the following issues:
Security issues fixed:

CVE-2020-36518: Fixed a Java stack overflow exception and denial of service via a large depth of nested objects in jackson-databind. (bsc#1197132)
CVE-2020-25649: Fixed an insecure entity expansion in jackson-databind which was vulnerable to XML external entity (XXE). (bsc#1177616)
CVE-2020-28491: Fixed a bug which could cause `java.lang.OutOfMemoryError` exception in jackson-dataformats-binary. (bsc#1182481)

Non security fixes:
jackson-annotations - update from version 2.10.2 to version 2.13.0:
+ Build with source/target levels 8 + Add 'mvnw' wrapper + 'JsonSubType.Type' should accept array of names + Jackson version alignment with Gradle 6 + Add '@JsonIncludeProperties' + Add '@JsonTypeInfo(use=DEDUCTION)' + Ability to use '@JsonAnyGetter' on fields + Add '@JsonKey' annotation + Allow repeated calls to 'SimpleObjectIdResolver.bindItem()' for same mapping + Add 'namespace' property for '@JsonProperty' (for XML module) + Add target 'ElementType.ANNOTATION_TYPE' for '@JsonEnumDefaultValue' + 'JsonPattern.Value.pattern' retained as '', never (accidentally) exposed as 'null' + Rewrite to use `ant` for building in order to be able to use it in packages that have to be built before maven
jackson-bom - update from version 2.10.2 to version 2.13.0:
+ Configure moditect plugin with '11' + jackson-bom manages the version of 'junit:junit' + Drop 'jackson-datatype-hibernate3' (support for Hibernate 3.x datatypes) + Removed 'jakarta' classifier variants of JAXB/JSON-P/JAX-RS modules due to the addition of new Jakarta artifacts (Jakarta-JSONP, Jakarta-xmlbind-annotations, Jakarta-rs-providers) + Add version for 'jackson-datatype-jakarta-jsonp' module (introduced after 2.12.2) + Add (beta) version for 'jackson-dataformat-toml' + Jakarta 9 artifact versions are missing from jackson-bom + Add default settings for 'gradle-module-metadata-maven-plugin' (gradle metadata) + Add default settings for 'build-helper-maven-plugin' + Drop 'jackson-module-scala_2.10' entry (not released for Jackson 2.12 or later) + Add override for 'version.plugin.bundle' (for 5.1.1) to help build on JDK 15+ + Add missing version for jackson-datatype-eclipse-collections jackson-core - update from version 2.10.2 to version 2.13.0:
+ Build with source and target levels 8 + Misleading exception for input source when processing byte buffer with start offset + Escape contents of source document snippet for 'JsonLocation._appendSourceDesc()' + Add 'StreamWriteException' type to eventually replace 'JsonGenerationException' + Replace 'getCurrentLocation()'/'getTokenLocation()' with 'currentLocation()'/'currentTokenLocation()' in 'JsonParser' + Replace 'JsonGenerator.writeObject()' (and related) with 'writePOJO()' + Replace 'getCurrentValue()'/'setCurrentValue()' with 'currentValue()'/'assignCurrentValue()' in 'JsonParser'/'JsonGenerator + Introduce O(n^1.5) BigDecimal parser implementation + ByteQuadsCanonicalizer.addName(String, int, int) has incorrect handling for case of q2 == null + UTF32Reader ArrayIndexOutOfBoundsException + Improve exception/JsonLocation handling for binary content: don't show content, include byte offset + Fix an issue with the TokenFilter unable to ignore properties when deserializing. + Optimize array allocation by 'JsonStringEncoder' + Add 'mvnw' wrapper + (partial) Optimize array allocation by 'JsonStringEncoder' + Add back accidentally removed 'JsonStringEncoder' related methods in 'BufferRecyclers' (like 'getJsonStringEncoder()') + 'ArrayOutOfBoundException' at 'WriterBasedJsonGenerator.writeString(Reader, int)' + Allow 'optional-padding' for 'Base64Variant' + More customizable TokenFilter inclusion (using 'Tokenfilter.Inclusion') + Publish Gradle Module Metadata + Add 'StreamReadCapability' for further format-based/format-agnostic handling improvements + Add 'JsonParser.isExpectedNumberIntToken()' convenience method + Add 'StreamWriteCapability' for further format-based/format-agnostic handling improvements + Add 'JsonParser.getNumberValueExact()' to allow precision-retaining buffering + Limit initial allocated block size by 'ByteArrayBuilder' to max block size + Add 'JacksonException' as parent class of 'JsonProcessingException' + Make 'JsonWriteContext.reset()' and 'JsonReadContext.reset()' methods public + Deprecate 'JsonParser.getCurrentTokenId()' (use '#currentTokenId()' instead) + Full 'LICENSE' included in jar for easier access by compliancy tools + Fix NPE in 'writeNumber(String)' method of 'UTF8JsonGenerator', 'WriterBasedJsonGenerator' + Add a String Array write method in the Streaming API + Synchronize variants of 'JsonGenerator#writeNumberField' with 'JsonGenerator#writeNumber' + Add JsonGenerator#writeNumber(char[], int, int) method + Do not clear aggregated contents of 'TextBuffer' when 'releaseBuffers()' called + 'FilteringGeneratorDelegate' does not handle 'writeString(Reader, int)' + Optionally allow leading decimal in float tokens + Rewrite to use ant for building in order to be able to use it in packages that have to be built before maven + Parsing JSON with 'ALLOW_MISSING_VALUE' enabled results in endless stream of 'VALUE_NULL' tokens + Handle case when system property access is restricted + 'FilteringGeneratorDelegate' does not handle 'writeString(Reader, int)' + DataFormatMatcher#getMatchedFormatName throws NPE when no match exists + 'JsonParser.getCurrentLocation()' byte/char offset update incorrectly for big payloads
jackson-databind - update from version 2.10.5.1 to version 2.13.0:
+ '@JsonValue' with integer for enum does not deserialize correctly + 'AnnotatedMethod.getValue()/setValue()' doesn't have useful exception message + Add 'DatabindException' as intermediate subtype of 'JsonMappingException' + Jackson does not support deserializing new Java 9 unmodifiable collections + Allocate TokenBuffer instance via context objects (to allow format-specific buffer types) + Add mechanism for setting default 'ContextAttributes' for 'ObjectMapper' + Add 'DeserializationContext.readTreeAsValue()' methods for more convenient conversions for deserializers to use + Clean up support of typed 'unmodifiable', 'singleton' Maps/Sets/Collections + Extend internal bitfield of 'MapperFeature' to be 'long' + Add 'removeMixIn()' method in 'MapperBuilder' + Backport 'MapperBuilder' lambda-taking methods: 'withConfigOverride()', 'withCoercionConfig()', 'withCoercionConfigDefaults()' + configOverrides(boolean.class) silently ignored, whereas .configOverride(Boolean.class) works for both primitives and boxed boolean values + Dont track unknown props in buffer if 'ignoreAllUnknown' is true + Should allow deserialization of java.time types via opaque 'JsonToken.VALUE_EMBEDDED_OBJECT' + Optimize 'AnnotatedConstructor.call()' case by passing explicit null + Add AnnotationIntrospector.XmlExtensions interface for decoupling javax dependencies + Custom SimpleModule not included in list returned by ObjectMapper.getRegisteredModuleIds() after registration + Use more limiting default visibility settings for JDK types (java.*, javax.*) + Deep merge for 'JsonNode' using 'ObjectReader.readTree()' + IllegalArgumentException: Conflicting setter definitions for property with more than 2 setters + Serializing java.lang.Thread fails on JDK 11 and above + String-based 'Map' key deserializer is not deterministic when there is no single arg constructor + Add ArrayNode#set(int index, primitive_type value) + JsonStreamContext 'currentValue' wrongly references to '@JsonTypeInfo' annotated object + DOM 'Node' serialization omits the default namespace declaration + Support 'suppressed' property when deserializing 'Throwable' + 'AnnotatedMember.equals()' does not work reliably + Add 'MapperFeature.APPLY_DEFAULT_VALUES', initially for Scala module + For an absent property Jackson injects 'NullNode' instead of 'null' to a JsonNode-typed constructor argument of a '@ConstructorProperties'-annotated constructor + 'XMLGregorianCalendar' doesn't work with default typing + Content 'null' handling not working for root values + StdDeserializer rejects blank (all-whitespace) strings for ints + 'USE_BASE_TYPE_AS_DEFAULT_IMPL' not working with 'DefaultTypeResolverBuilder' + Add PropertyNamingStrategies.UpperSnakeCaseStrategy (and UPPER_SNAKE_CASE constant) + StackOverflowError when serializing JsonProcessingException + Support for BCP 47 'java.util.Locale' serialization/deserialization + String property deserializes null as 'null' for JsonTypeInfo.As.EXISTING_PROPERTY + Can not deserialize json to enum value with Object-/Array-valued input, '@JsonCreator' + Fix to avoid problem with 'BigDecimalNode', scale of 'Integer.MIN_VALUE' + Extend handling of 'FAIL_ON_NULL_FOR_PRIMITIVES' to cover coercion from (Empty) String via 'AsNull' + Add 'mvnw' wrapper + (regression) Factory method generic type resolution does not use Class-bound type parameter + Deserialization of 'empty' subtype with DEDUCTION failed + Merge findInjectableValues() results in AnnotationIntrospectorPair + READ_UNKNOWN_ENUM_VALUES_USING_DEFAULT_VALUE doesn't work with empty strings + 'TypeFactory' cannot convert 'Collection' sub-type without type parameters to canonical form and back + Fix for [modules-java8#207]: prevent fail on secondary Java 8 date/time types + EXTERNAL_PROPERTY does not work well with '@JsonCreator' and 'FAIL_ON_UNKNOWN_PROPERTIES' + String property deserializes null as 'null' for 'JsonTypeInfo.As.EXTERNAL_PROPERTY' + Property ignorals cause 'BeanDeserializer 'to forget how to read from arrays (not copying '_arrayDelegateDeserializer') + UntypedObjectDeserializer' mixes multiple unwrapped collections (related to #2733) + Two cases of incorrect error reporting about DeserializationFeature + Bug in polymorphic deserialization with '@JsonCreator', '@JsonAnySetter', 'JsonTypeInfo.As.EXTERNAL_PROPERTY' + Polymorphic subtype deduction ignores 'defaultImpl' attribute + MismatchedInputException: Cannot deserialize instance of 'com.fasterxml.jackson.databind.node.ObjectNode' out of VALUE_NULL token + Missing override for 'hasAsKey()' in 'AnnotationIntrospectorPair' + Creator lookup fails with 'InvalidDefinitionException' for conflict between single-double/single-Double arg constructor + 'MapDeserializer' forcing 'JsonMappingException' wrapping even if WRAP_EXCEPTIONS set to false + Auto-detection of constructor-based creator method skipped if there is an annotated factory-based creator method (regression from 2.11) + 'ObjectMapper.treeToValue()' no longer invokes 'JsonDeserializer.getNullValue()' + DeserializationProblemHandler is not invoked when trying to deserialize String + Fix failing 'double' JsonCreators in jackson 2.12.0 + Conflicting in POJOPropertiesCollector when having namingStrategy + Breaking API change in 'BasicClassIntrospector' (2.12.0) + 'JsonNode.requiredAt()' does NOT fail on some path expressions + Exception thrown when 'Collections.synchronizedList()' is serialized with type info, deserialized + Add option to resolve type from multiple existing properties, '@JsonTypeInfo(use=DEDUCTION)' + '@JsonIgnoreProperties' does not prevent Exception Conflicting getter/setter definitions for property + Deserialization Not Working Right with Generic Types and Builders + Add '@JsonIncludeProperties(propertyNames)' (reverse of '@JsonIgnoreProperties') + '@JsonAnyGetter' should be allowed on a field + Allow handling of single-arg constructor as property based by default + Allow case insensitive deserialization of String value into 'boolean'/'Boolean' (esp for Excel) + Allow use of '@JsonFormat(with=JsonFormat.Feature .ACCEPT_CASE_INSENSITIVE_PROPERTIES)' on Class + Abstract class included as part of known type ids for error message when using JsonSubTypes + Distinguish null from empty string for UUID deserialization + 'ReferenceType' does not expose valid containedType + Add 'CoercionConfig[s]' mechanism for configuring allowed coercions + 'JsonProperty.Access.READ_ONLY' does not work with 'getter-as-setter' 'Collection's + Support 'BigInteger' and 'BigDecimal' creators in 'StdValueInstantiator' + 'JsonProperty.Access.READ_ONLY' fails with collections when a property name is specified + 'BigDecimal' precision not retained for polymorphic deserialization + Support use of 'Void' valued properties ('MapperFeature.ALLOW_VOID_VALUED_PROPERTIES') + Explicitly fail (de)serialization of 'java.time.*' types in absence of registered custom (de)serializers + Improve description included in by 'DeserializationContext.handleUnexpectedToken()' + Support for JDK 14 record types ('java.lang.Record') + 'PropertyNamingStrategy' class initialization depends on its subclass, this can lead to class loading deadlock + 'FAIL_ON_IGNORED_PROPERTIES' does not throw on 'READONLY' properties with an explicit name + Add Gradle Module Metadata for version alignment with Gradle 6 + Allow 'JsonNode' auto-convert into 'ArrayNode' if duplicates found (for XML) + Allow values of 'untyped' auto-convert into 'List' if duplicates found (for XML) + Add 'ValueInstantiator.createContextual(...) + Support multiple names in 'JsonSubType.Type' + Disabling 'FAIL_ON_INVALID_SUBTYPE' breaks polymorphic deserialization of Enums + Explicitly fail (de)serialization of 'org.joda.time.*' types in absence of registered custom (de)serializers + Trailing zeros are stripped when deserializing BigDecimal values inside a @JsonUnwrapped property + Extract getter/setter/field name mangling from 'BeanUtil' into pluggable 'AccessorNamingStrategy' + Throw 'InvalidFormatException' instead of 'MismatchedInputException' for ACCEPT_FLOAT_AS_INT coercion failures + Add '@JsonKey' annotation (similar to '@JsonValue') for customizable serialization of Map keys + 'MapperFeature.ACCEPT_CASE_INSENSITIVE_ENUMS' should work for enum as keys + Add support for disabling special handling of 'Creator properties' wrt alphabetic property ordering + Add 'JsonNode.canConvertToExactIntegral()' to indicate whether floating-point/BigDecimal values could be converted to integers losslessly + Improve static factory method generic type resolution logic + Allow preventing 'Enum from integer' coercion using new 'CoercionConfig' system + '@JsonValue' not considered when evaluating inclusion + Make some java platform modules optional + Add support for serializing 'java.sql.Blob' + 'AnnotatedCreatorCollector' should avoid processing synthetic static (factory) methods + Add errorprone static analysis profile to detect bugs at build time + Problem with implicit creator name detection for constructor detection + Add 'BeanDeserializerBase.isCaseInsensitive()' + Refactoring of 'CollectionDeserializer' to solve CSV array handling issues + Full 'LICENSE' included in jar for easier access by compliancy tools + Fix type resolution for static methods (regression in 2.11.3) + '@JsonCreator' on constructor not compatible with '@JsonIdentityInfo', 'PropertyGenerator' + Add debug improvements about 'ClassUtil.getClassMethods()' + Cannot detect creator arguments of mixins for JDK types + Add 'JsonFormat.Shape' awareness for UUID serialization ('UUIDSerializer') + Json serialization fails or a specific case that contains generics and static methods with generic parameters (2.11.1 -> 2.11.2 regression) + 'ObjectMapper.activateDefaultTypingAsProperty()' is not using parameter 'PolymorphicTypeValidator' + Problem deserialization 'raw generic' fields (like 'Map') in 2.11.2 + Fix issues with 'MapLikeType.isTrueMapType()', 'CollectionLikeType.isTrueCollectionType()' + Parser/Generator features not set when using 'ObjectMapper.createParser()', 'createGenerator()' + Polymorphic subtypes not registering on copied ObjectMapper (2.11.1) + Failure to read AnnotatedField value in Jackson 2.11 + 'TypeFactory.constructType()' does not take 'TypeBindings' correctly + Builder Deserialization with JsonCreator Value vs Array + JsonCreator on static method in Enum and Enum used as key in map fails randomly + 'StdSubtypeResolver' is not thread safe (possibly due to copy not being made with 'ObjectMapper.copy()') + 'Conflicting setter definitions for property' exception for 'Map' subtype during deserialization + Fail to deserialize local Records + Rearranging of props when property-based generator is in use leads to incorrect output + Jackson doesn't respect 'CAN_OVERRIDE_ACCESS_MODIFIERS=false' for deserializer properties + 'DeserializationFeature.UNWRAP_SINGLE_VALUE_ARRAYS' don't support 'Map' type field + JsonParser from MismatchedInputException cannot getText() for floating-point value + i-I case conversion problem in Turkish locale with case-insensitive deserialization + '@JsonInject' fails on trying to find deserializer even if inject-only + Polymorphic deserialization should handle case-insensitive Type Id property name if 'MapperFeature.ACCEPT_CASE_INSENSITIVE_PROPERTIES' is enabled + TreeTraversingParser and UTF8StreamJsonParser create contexts differently + Support use of '@JsonAlias' for enum values + 'declaringClass' of 'enum-as-POJO' not removed for 'ObjectMapper' with a naming strategy + Fix 'JavaType.isEnumType()' to support sub-classes + BeanDeserializerBuilder Protected Factory Method for Extension + Support '@JsonSerialize(keyUsing)' and '@JsonDeserialize(keyUsing)' on Key class + Add 'SerializationFeature.WRITE_SELF_REFERENCES_AS_NULL' + 'ObjectMapper.registerSubtypes(NamedType...)' doesn't allow registering same POJO for two different type ids + 'DeserializationContext.handleMissingInstantiator()' throws 'MismatchedInputException' for non-static inner classes + Incorrect 'JsonStreamContext' for 'TokenBuffer' and 'TreeTraversingParser' + Add 'AnnotationIntrospector.findRenameByField()' to support Kotlin's 'is-getter' naming convention + Use '@JsonProperty(index)' for sorting properties on serialization + Java 8 'Optional' not working with '@JsonUnwrapped' on unwrappable type + Add 'MapperFeature.BLOCK_UNSAFE_POLYMORPHIC_BASE_TYPES' to allow blocking use of unsafe base type for polymorphic deserialization + 'ObjectMapper.setSerializationInclusion()' is ignored for 'JsonAnyGetter' + 'ValueInstantiationException' when deserializing using a builder and 'UNWRAP_SINGLE_VALUE_ARRAYS' + JsonIgnoreProperties(ignoreUnknown = true) does not work on field and method level + Failure to resolve generic type parameters on serialization + JsonParser cannot getText() for input stream on MismatchedInputException + ObjectReader readValue lacks Class argument + Change default textual serialization of 'java.util.Date'/'Calendar' to include colon in timezone offset + Add 'ObjectMapper.createParser()' and 'createGenerator()' methods + Allow serialization of 'Properties' with non-String values + Add new factory method for creating custom 'EnumValues' to pass to 'EnumDeserializer + 'IllegalArgumentException' thrown for mismatched subclass deserialization + Add convenience methods for creating 'List', 'Map' valued 'ObjectReader's (ObjectMapper.readerForListOf()) + 'SerializerProvider.findContentValueSerializer()' methods jackson-dataformats-binary - update from version 2.10.1 to version 2.13.0: + (cbor) Should validate UTF-8 multi-byte validity for short decode path too + (ion) Deprecate 'CloseSafeUTF8Writer', remove use + (smile) Make 'SmileFactory' support 'JsonFactory.Feature.CANONICALIZE_FIELD_NAMES' + (cbor) Make 'CBORFactory' support 'JsonFactory.Feature.CANONICALIZE_FIELD_NAMES' + (cbor) Handle case of BigDecimal with Integer.MIN_VALUE for scale gracefully + (cbor) Uncaught exception in CBORParser._nextChunkedByte2 (by ossfuzzer) + (cbor) Another uncaught exception in CBORParser._nextChunkedByte2 (by ossfuzzer) + (smile) Add 'SmileGenerator.Feature.LENIENT_UTF_ENCODING' for lenient handling of broken Unicode surrogate pairs on writing + (avro) Add 'logicalType' support for some 'java.time' types; add 'AvroJavaTimeModule' for native ser/deser + Support base64 strings in 'getBinaryValue()' for CBOR and Smile + (cbor) 'ArrayIndexOutOfBounds' for truncated UTF-8 name + (avro) Generate logicalType switch + (smile) 'ArrayIndexOutOfBounds' for truncated UTF-8 name + (ion) 'jackson-dataformat-ion' does not handle null.struct deserialization correctly + 'Ion-java' dep 1.4.0 -> 1.8.0 + Minor change to Ion module registration names (fully-qualified) + (cbor) Uncaught exception in CBORParser._nextChunkedByte2 (by ossfuzzer) + (cbor) Uncaught exception in CBORParser._findDecodedFromSymbols() (by ossfuzzer) + (smile) Uncaught validation problem wrt Smile 'BigDecimal' type + (smile) ArrayIndexOutOfBoundsException for malformed Smile header + (cbor) Failed to handle case of alleged String with length of Integer.MAX_VALUE + (smile) Allocate byte[] lazily for longer Smile binary data payloads + (cbor) CBORParser need to validate zero-length byte[] for BigInteger + (smile) Handle invalid chunked-binary-format length gracefully + (smile) Allocate byte[] lazily for longer Smile binary data payloads (7-bit encoded) + (smile) ArrayIndexOutOfBoundsException in SmileParser._decodeShortUnicodeValue() + (smile) Handle sequence of Smile header markers without recursion + (cbor) CBOR loses 'Map' entries with specific 'long' Map key values (32-bit boundary) + (ion) Ion Polymorphic deserialization in 2.12 breaks wrt use of Native Type Ids when upgrading from 2.8 + (cbor) 'ArrayIndexOutOfBoundsException' in 'CBORParser' for invalid UTF-8 String + (cbor) Handle invalid CBOR content like '[0x84]' (incomplete array) + (ion) Respect 'WRITE_ENUMS_USING_TO_STRING' in 'EnumAsIonSymbolSerializer' + (ion) Add support for generating IonSexps + (ion) Add support for deserializing IonTimestamps and IonBlobs + (ion) Add 'IonObjectMapper.builderForBinaryWriters()' / '.builderforTextualWriters()' convenience methods + (ion) Enabling pretty-printing fails Ion serialization + (ion) Allow disabling native type ids in IonMapper + (smile) Small bug in byte-alignment for long field names in Smile, symbol table reuse + (ion) Add 'IonFactory.getIonSystem()' accessor + (ion) Optimize 'IonParser.getNumberType()' using 'IonReader.getIntegerSize()' + (cbor) Add 'CBORGenerator.Feature.LENIENT_UTF_ENCODING' for lenient handling of Unicode surrogate pairs on writing + (cbor) Add support for decoding unassigned 'simple values' (type 7) + Add Gradle Module Metadata (https://blog.gradle.org/alignment-with-gradle-module-metadata) + (avro) Cache record names to avoid hitting class loader + (avro) Avro null deserialization + (ion) Add 'IonFactory.getIonSystem()' accessor + (avro) Add 'AvroGenerator.canWriteBinaryNatively()' to support binary writes, fix 'java.util.UUID' representation + (ion) Allow 'IonObjectMapper' with class name annotation introspector to deserialize generic subtypes + Remove dependencies upon Jackson 1.X and Avro's JacksonUtils + 'jackson-databind' should not be full dependency for (cbor, protobuf, smile) modules + 'CBORGenerator.Feature.WRITE_MINIMAL_INTS' does not write most compact form for all integers + 'AvroGenerator' overrides 'getOutputContext()' properly + (ion) Add 'IonFactory.getIonSystem()' accessor + (avro) Fix schema evolution involving maps of non-scalar + (protobuf) Parsing a protobuf message doesn't properly skip unknown fields + (ion) IonObjectMapper close()s the provided IonWriter unnecessarily + ion-java dependency 1.4.0 -> 1.5.1

Advisory ID	SUSE-SU-2022:1689-1
Released	Mon May 16 14:09:01 2022
Summary	Security update for containerd, docker
Type	security
Severity	important
References	1193930,1196441,1197284,1197517,CVE-2021-43565,CVE-2022-23648,CVE-2022-24769,CVE-2022-27191

Description:

This update for containerd, docker fixes the following issues:

CVE-2022-24769: Fixed incorrect default inheritable capabilities (bsc#1197517).
CVE-2022-23648: Fixed directory traversal issue (bsc#1196441).
CVE-2022-27191: Fixed a crash in a golang.org/x/crypto/ssh server (bsc#1197284).
CVE-2021-43565: Fixed a panic in golang.org/x/crypto by empty plaintext packet (bsc#1193930).

Advisory ID	SUSE-SU-2022:1693-1
Released	Tue May 17 09:13:13 2022
Summary	Security update for pidgin
Type	security
Severity	important
References	1199025,CVE-2022-26491

Description:

This update for pidgin fixes the following issues:

CVE-2022-26491: Fixed MITM vulnerability when DNSSEC wasn't used (bsc#1199025).

Advisory ID	SUSE-RU-2022:1703-1
Released	Tue May 17 12:13:36 2022
Summary	Recommended update for hwdata
Type	recommended
Severity	important
References	1196332

Description:

This update for hwdata fixes the following issues:

Updated pci, usb and vendor ids (bsc#1196332)

Advisory ID	SUSE-OU-2022:1706-1
Released	Tue May 17 17:34:30 2022
Summary	Optional update for SUSE Package Hub
Type	optional
Severity	moderate
References

Description:

This optional update provides the following changes:

Provide binaries for non x86_64 architectures directly to SUSE Package Hub.
There are no visible changes for the final user.
Affected source packages: libgadu

Advisory ID	SUSE-RU-2022:1709-1
Released	Tue May 17 17:35:47 2022
Summary	Recommended update for libcbor
Type	recommended
Severity	important
References	1197743

Description:

This update for libcbor fixes the following issues:

Fix build errors occuring on SUSE Linux Enterprise 15 Service Pack 4

Advisory ID	SUSE-OU-2022:1712-1
Released	Tue May 17 17:38:36 2022
Summary	Optional update for SUSE Package Hub
Type	optional
Severity	moderate
References

Description:

This optional update provides the following changes:

Provide binaries for non x86_64 architectures directly to SUSE Package Hub.
There are no visible changes for the final user.
Affected source packages: libchamplain cogl clutter clutter-gtk

Advisory ID	SUSE-SU-2022:1718-1
Released	Tue May 17 17:44:43 2022
Summary	Security update for e2fsprogs
Type	security
Severity	important
References	1198446,CVE-2022-1304

Description:

This update for e2fsprogs fixes the following issues:

CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault and possibly arbitrary code execution. (bsc#1198446)

Advisory ID	SUSE-SU-2022:1719-1
Released	Tue May 17 17:45:16 2022
Summary	Security update for MozillaThunderbird
Type	security
Severity	important
References	1198970,CVE-2022-1520,CVE-2022-29909,CVE-2022-29911,CVE-2022-29912,CVE-2022-29913,CVE-2022-29914,CVE-2022-29916,CVE-2022-29917

Description:

This update for MozillaThunderbird fixes the following issues:
Various security fixes MFSA 2022-18 (bsc#1198970):

CVE-2022-1520: Incorrect security status shown after viewing an attached email (bmo#1745019).
CVE-2022-29914: Fullscreen notification bypass using popups (bmo#1746448).
CVE-2022-29909: Bypassing permission prompt in nested browsing contexts (bmo#1755081).
CVE-2022-29916: Leaking browser history with CSS variables (bmo#1760674).
CVE-2022-29911: iframe sandbox bypass (bmo#1761981).
CVE-2022-29912: Reader mode bypassed SameSite cookies (bmo#1692655).
CVE-2022-29913: Speech Synthesis feature not properly disabled (bmo#1764778).
CVE-2022-29917: Memory safety bugs fixed in Thunderbird 91.9 (bmo#1684739, bmo#1706441, bmo#1753298, bmo#1762614, bmo#1762620).

Advisory ID	SUSE-RU-2022:1720-1
Released	Tue May 17 17:46:03 2022
Summary	Recommended update for python-rtslib-fb
Type	recommended
Severity	important
References	1199090

Description:

This update for python-rtslib-fb fixes the following issues:

Update parameters description.
Enable the 'disable_emulate_legacy_capacity' parameter. (bsc#1199090)

Advisory ID	SUSE-SU-2022:1727-1
Released	Wed May 18 16:54:08 2022
Summary	Security update for ucode-intel
Type	security
Severity	moderate
References	1198717,1199423,CVE-2022-21151

Description:

This update for ucode-intel fixes the following issues:
Updated to Intel CPU Microcode 20220510 release. (bsc#1199423) Updated to Intel CPU Microcode 20220419 release. (bsc#1198717)

CVE-2022-21151: Processor optimization removal or modification of security-critical code for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access (bsc#1199423).

Advisory ID	SUSE-SU-2022:1730-1
Released	Wed May 18 16:56:21 2022
Summary	Security update for libslirp
Type	security
Severity	important
References	1187364,1187366,1187367,1198773,CVE-2021-3592,CVE-2021-3594,CVE-2021-3595

Description:

This update for libslirp fixes the following issues:

CVE-2021-3592: Fixed invalid pointer initialization may lead to information disclosure (bootp) (bsc#1187364).
CVE-2021-3594: Fixed invalid pointer initialization may lead to information disclosure (udp) (bsc#1187367).
CVE-2021-3595: Fixed invalid pointer initialization may lead to information disclosure (tftp) (bsc#1187366).
Fix a dhcp regression [bsc#1198773]

Advisory ID	SUSE-OU-2022:1734-1
Released	Thu May 19 09:12:21 2022
Summary	Optional update for SUSE Package Hub
Type	optional
Severity	moderate
References

Description:

This optional update provides the following changes:

Provide binaries for non x86_64 architectures directly to SUSE Package Hub.
There are no visible changes for the final user.
Affected source packages: lpsolve

Advisory ID	SUSE-OU-2022:1736-1
Released	Thu May 19 09:13:16 2022
Summary	Optional update for SUSE Package Hub
Type	optional
Severity	moderate
References

Description:

This optional update provides the following changes:

Provide binaries for non x86_64 architectures directly to SUSE Package Hub.
There are no visible changes for the final user.
Affected source packages: mysql-connector-cpp

Advisory ID	SUSE-OU-2022:1739-1
Released	Thu May 19 09:15:05 2022
Summary	Optional update for SUSE Package Hub
Type	optional
Severity	moderate
References

Description:

This optional update provides the following changes:

Provide binaries for non x86_64 architectures directly to SUSE Package Hub.
There are no visible changes for the final user.
Affected source packages: libGLw motif

Advisory ID	SUSE-OU-2022:1741-1
Released	Thu May 19 11:19:39 2022
Summary	Optional update for SUSE Package Hub
Type	optional
Severity	moderate
References

Description:

This optional update provides the following changes:

Provide binaries for non x86_64 architectures directly to SUSE Package Hub.
There are no visible changes for the final user.
Affected source packages: libotr

Advisory ID	SUSE-OU-2022:1742-1
Released	Thu May 19 11:20:25 2022
Summary	Optional update for SUSE Package Hub
Type	optional
Severity	moderate
References

Description:

This optional update provides the following changes:

Provide binaries for non x86_64 architectures directly to SUSE Package Hub.
There are no visible changes for the final user.
Affected source packages: libmpeg2

Advisory ID	SUSE-OU-2022:1743-1
Released	Thu May 19 11:21:02 2022
Summary	Optional update for SUSE Package Hub
Type	optional
Severity	moderate
References

Description:

This optional update provides the following changes:

Provide binaries for non x86_64 architectures directly to SUSE Package Hub.
There are no visible changes for the final user.
Affected source packages: tbb

Advisory ID	SUSE-SU-2022:1748-1
Released	Thu May 19 11:36:05 2022
Summary	Security update for MozillaFirefox
Type	security
Severity	important
References	1198970,CVE-2022-29909,CVE-2022-29911,CVE-2022-29912,CVE-2022-29914,CVE-2022-29916,CVE-2022-29917

Description:

This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 91.9.0 ESR (MFSA 2022-17)(bsc#1198970):

CVE-2022-29914: Fullscreen notification bypass using popups
CVE-2022-29909: Bypassing permission prompt in nested browsing contexts
CVE-2022-29916: Leaking browser history with CSS variables
CVE-2022-29911: iframe Sandbox bypass
CVE-2022-29912: Reader mode bypassed SameSite cookies
CVE-2022-29917: Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9

Advisory ID	SUSE-SU-2022:1755-1
Released	Thu May 19 16:39:41 2022
Summary	Security update for php7
Type	security
Severity	low
References	1197644

Description:

This update for php7 fixes the following issues:

Fixed filter_var bypass vulnerability (bsc#1197644).

Advisory ID	SUSE-RU-2022:1761-1
Released	Fri May 20 09:00:46 2022
Summary	Recommended update for go
Type	recommended
Severity	moderate
References	1193742

Description:

This update for go fixes the following issues:
Updated wrapper package to current stable go1.18 (bsc#1193742).

Advisory ID	SUSE-OU-2022:1767-1
Released	Fri May 20 12:35:42 2022
Summary	Optional update for SUSE Package Hub
Type	optional
Severity	moderate
References

Description:

This optional update provides the following changes:

Provide binaries for non x86_64 architectures directly to SUSE Package Hub.
There are no visible changes for the final user.
Affected source packages: rasqal redland raptor

Advisory ID	SUSE-RU-2022:1814-1
Released	Mon May 23 14:04:13 2022
Summary	Recommended update for sapconf
Type	recommended
Severity	moderate
References	1185702,1188743,1192841

Description:

This update for sapconf fixes the following issues:
Version update from 5.0.3 to 5.0.4:

Change block device handling to handle multipath devices correctly. Only the DM multipath devices (mpath) will be used for the settings, but not its paths (bsc#1188743)
Fixed wrong comparison used for setting force_latency (bsc#1185702)
SAP Note 1771258 v6 updates nofile values to 1048576 (bsc#1192841)

Advisory ID	SUSE-RU-2022:1820-1
Released	Mon May 23 17:04:18 2022
Summary	Recommended update for rzsz
Type	recommended
Severity	low
References	1197852

Description:

This update for rzsz fixes the following issue:

Fix build with the latest gettext (bsc#1197852)

Advisory ID	SUSE-RU-2022:1821-1
Released	Tue May 24 08:01:58 2022
Summary	Recommended update for read-only-root-fs
Type	recommended
Severity	low
References	1156421,1161264,1176052

Description:

This update for read-only-root-fs fixes the following issues:

Add required mount for /etc for systemd udevd.
Workaround for /var being RO during systemd journal flush. (bsc#1156421)
Better check for already existing etc overlay. (bsc#1161264)
Adjust btrfs maintenance sysconfig to not use the read-only root filesystem. (bsc#1176052)

Advisory ID	SUSE-RU-2022:1824-1
Released	Tue May 24 10:31:13 2022
Summary	Recommended update for dhcp
Type	recommended
Severity	moderate
References	1198657

Description:

This update for dhcp fixes the following issues:

Properly handle DHCRELAY(6)_OPTIONS (bsc#1198657)

Advisory ID	SUSE-RU-2022:1826-1
Released	Tue May 24 10:32:40 2022
Summary	Recommended update for nut
Type	recommended
Severity	important
References	1197789

Description:

This update for nut fixes the following issues:

Fix package build requirements (bsc#1197789)

Advisory ID	SUSE-RU-2022:1827-1
Released	Tue May 24 10:46:48 2022
Summary	Recommended update for xf86-video-vesa
Type	recommended
Severity	moderate
References	1193539

Description:

This update for xf86-video-vesa fixes the following issues:

Disallow vesa driver on the system with simpledrmfb (bsc#1193539):

Advisory ID	SUSE-RU-2022:1828-1
Released	Tue May 24 10:47:38 2022
Summary	Recommended update for oath-toolkit
Type	recommended
Severity	important
References	1197790

Description:

This update for oath-toolkit fixes the following issues:

Fix build issues occurring on SUSE Linux Enterprise 15 Service Pack 4 (bsc#1197790)

Advisory ID	SUSE-SU-2022:1829-1
Released	Tue May 24 10:58:04 2022
Summary	Security update for go1.18
Type	security
Severity	moderate
References	1193742,1199413,CVE-2022-29526

Description:

This update for go1.18 fixes the following issues:

CVE-2022-29526: Fixed faccessat() system call operation that checked the wrong group (bsc#1199413).

go1.18.2 (released 2022-05-10) (bsc#1193742).

Advisory ID	SUSE-SU-2022:1830-1
Released	Tue May 24 11:27:00 2022
Summary	Security update for MozillaFirefox
Type	security
Severity	important
References	1199768,CVE-2022-1529,CVE-2022-1802

Description:

This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 91.9.1 ESR - MFSA 2022-19 (bsc#1199768):

CVE-2022-1802: Prototype pollution in Top-Level Await implementation
CVE-2022-1529: Untrusted input used in JavaScript object indexing, leading to prototype pollution

Advisory ID	SUSE-RU-2022:1837-1
Released	Wed May 25 10:28:43 2022
Summary	Recommended update for suse-hpc, trilinos
Type	recommended
Severity	moderate
References	1197781

Description:

This update for suse-hpc, trilinos fixes the following issues:

Update to version 0.5.20211210
Add an 'Obsoletes:/Provides:' for a bogus package name that was released to SLE/Leap by accident.
Tie %python_flavor to python3 on Leap/SLE 15-SP3 (bsc#1197781).
Lower disk and memory constraints to match actual requirements.
Add openmpi4 non-HPC flavor

Advisory ID	SUSE-RU-2022:1843-1
Released	Wed May 25 15:25:44 2022
Summary	Recommended update for suse-build-key
Type	recommended
Severity	moderate
References	1198504

Description:

This update for suse-build-key fixes the following issues:

still ship the old ptf key in the documentation directory (bsc#1198504)

Advisory ID	SUSE-RU-2022:1850-1
Released	Thu May 26 08:32:57 2022
Summary	Recommended update for perl-XML-LibXML
Type	recommended
Severity	moderate
References	1197798

Description:

This update for perl-XML-LibXML fixes the following issues:

Allow compile against latest version available of libxml in SP4 so perl-XML-LibXSLT compiles cleanly. (bsc#1197798)

This update has no customer visible change.

Advisory ID	SUSE-RU-2022:1851-1
Released	Thu May 26 08:59:55 2022
Summary	Recommended update for gcc8
Type	recommended
Severity	moderate
References	1197716

Description:

This update for gcc8 fixes the following issues:

Fix build against SP4. (bsc#1197716)
Remove bogus fixed include bits/statx.h from glibc 2.30 (bsc#1197716)

Advisory ID	SUSE-SU-2022:1861-1
Released	Thu May 26 12:07:40 2022
Summary	Security update for cups
Type	security
Severity	important
References	1199474,CVE-2022-26691

Description:

This update for cups fixes the following issues:

CVE-2022-26691: Fixed an authentication bypass and code execution vulnerability (bsc#1199474)

Advisory ID	SUSE-SU-2022:1862-1
Released	Thu May 26 12:41:44 2022
Summary	Security update for go1.17
Type	security
Severity	moderate
References	1190649,1199413,CVE-2022-29526

Description:

This update for go1.17 fixes the following issues:

CVE-2022-29526: Fixed faccessat() system call operation that checked the wrong group (bsc#1199413).

go1.17.10 (released 2022-05-10) (bsc#1190649).

Advisory ID	SUSE-OU-2022:1863-1
Released	Fri May 27 09:06:37 2022
Summary	Optional update for ckermit
Type	optional
Severity	low
References	1197708

Description:

This optional update for ckermit fixes the following issues:
There are no visible changes for the final user.

Solve a source build issue (FTBFS) after the removal of `libio` with `glibc-2.28`. (bsc#1197708)

Advisory ID	SUSE-RU-2022:1864-1
Released	Fri May 27 09:07:30 2022
Summary	Recommended update for leveldb
Type	recommended
Severity	low
References	1197742

Description:

This update for leveldb fixes the following issue:

fix tests (bsc#1197742)

Advisory ID	SUSE-RU-2022:1865-1
Released	Fri May 27 09:08:32 2022
Summary	Recommended update for xiterm
Type	recommended
Severity	low
References	1197864

Description:

This update for xiterm fixes the following issues:

Remove use of obsolete XSI STREAMS interface. (bsc#1197864)

Advisory ID	SUSE-RU-2022:1867-1
Released	Fri May 27 09:13:41 2022
Summary	Recommended update for v4l-utils
Type	recommended
Severity	low
References	1197861

Description:

This update for v4l-utils fixes the following issues:

fix build (bsc#1197861)

Advisory ID	SUSE-RU-2022:1868-1
Released	Fri May 27 09:14:45 2022
Summary	Recommended update for openwsman
Type	recommended
Severity	low
References	1197792

Description:

This update for openwsman fixes the following issue:

fix FTBFS with newer libcurl in SLE 15-SP4 (bsc#1197792)

Advisory ID	SUSE-RU-2022:1871-1
Released	Fri May 27 10:54:05 2022
Summary	Recommended update for nftables
Type	recommended
Severity	moderate
References	1197606

Description:

This update for nftables fixes the following issues:

Fix rare crashes that could occur e.g. in firewalld (bsc#1197606)

Advisory ID	SUSE-RU-2022:1872-1
Released	Fri May 27 10:54:41 2022
Summary	Recommended update for oprofile
Type	recommended
Severity	important
References	1197793

Description:

This update for oprofile fixes the following issues:

Resolve build issues due to binutils 2.34 api changes (bsc#1197793)

Advisory ID	SUSE-RU-2022:1875-1
Released	Mon May 30 00:10:24 2022
Summary	Recommended update for grpc
Type	recommended
Severity	low
References	1197726

Description:

This update for grpc fixes the following issues:

grpc won't compile on SP4(bsc#1197726)
Add conditional to build without python2 if needed

Advisory ID	SUSE-RU-2022:1876-1
Released	Mon May 30 00:11:47 2022
Summary	Recommended update for csync
Type	recommended
Severity	low
References	1197711

Description:

This update for csync fixes the following issues:

Detect libssh version. (bsc#1197711)

Advisory ID	SUSE-SU-2022:1882-1
Released	Mon May 30 12:37:13 2022
Summary	Security update for tiff
Type	security
Severity	important
References	1195964,1195965,1197066,1197068,1197072,1197073,1197074,1197631,CVE-2022-0561,CVE-2022-0562,CVE-2022-0865,CVE-2022-0891,CVE-2022-0908,CVE-2022-0909,CVE-2022-0924,CVE-2022-1056

Description:

This update for tiff fixes the following issues:

CVE-2022-0561: Fixed null source pointer passed as an argument to memcpy() within TIFFFetchStripThing() in tif_dirread.c (bsc#1195964).
CVE-2022-0562: Fixed null source pointer passed as an argument to memcpy() within TIFFReadDirectory() in tif_dirread.c (bsc#1195965).
CVE-2022-0865: Fixed assertion failure in TIFFReadAndRealloc (bsc#1197066).
CVE-2022-0909: Fixed divide by zero error in tiffcrop that could have led to a denial-of-service via a crafted tiff file (bsc#1197072).
CVE-2022-0924: Fixed out-of-bounds read error in tiffcp that could have led to a denial-of-service via a crafted tiff file (bsc#1197073).
CVE-2022-0908: Fixed null source pointer passed as an argument to memcpy in TIFFFetchNormalTag() (bsc#1197074).
CVE-2022-1056: Fixed out-of-bounds read error in tiffcrop that could have led to a denial-of-service via a crafted tiff file (bsc#1197631).
CVE-2022-0891: Fixed heap buffer overflow in extractImageSection (bsc#1197068).

Advisory ID	SUSE-RU-2022:1887-1
Released	Tue May 31 09:24:18 2022
Summary	Recommended update for grep
Type	recommended
Severity	moderate
References	1040589

Description:

This update for grep fixes the following issues:

Make profiling deterministic. (bsc#1040589, SLE-24115)

Advisory ID	SUSE-SU-2022:1888-1
Released	Tue May 31 10:44:41 2022
Summary	Security update for helm-mirror
Type	security
Severity	moderate
References	1156646,1197728,CVE-2019-18658

Description:

This update for helm-mirror fixes the following issues:

Updated to version 0.3.1: - CVE-2019-18658: Fixed a potential symbolic link issue in helm that could be used to leak sensitive files (bsc#1156646).

Advisory ID	SUSE-SU-2022:1895-1
Released	Tue May 31 14:51:12 2022
Summary	Security update for postgresql13
Type	security
Severity	important
References	1199475,CVE-2022-1552

Description:

This update for postgresql13 fixes the following issues:

CVE-2022-1552: Confine additional operations within 'security restricted operation' sandboxes (bsc#1199475).

Advisory ID	SUSE-SU-2022:1898-1
Released	Tue May 31 18:03:55 2022
Summary	Security update for fribidi
Type	security
Severity	moderate
References	1196147,1196148,1196150,CVE-2022-25308,CVE-2022-25309,CVE-2022-25310

Description:

This update for fribidi fixes the following issues:

CVE-2022-25308: Fixed stack out of bounds read (bsc#1196147).
CVE-2022-25309: Fixed heap-buffer-overflow in fribidi_cap_rtl_to_unicode (bsc#1196148).
CVE-2022-25310: Fixed NULL pointer dereference in fribidi_remove_bidi_marks (bsc#1196150).

Advisory ID	SUSE-RU-2022:1899-1
Released	Wed Jun 1 10:43:22 2022
Summary	Recommended update for libtirpc
Type	recommended
Severity	important
References	1198176

Description:

This update for libtirpc fixes the following issues:

Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176)

Advisory ID	SUSE-RU-2022:1900-1
Released	Wed Jun 1 10:45:21 2022
Summary	Recommended update for rabbitmq-c
Type	recommended
Severity	moderate
References	1198202

Description:

This update for rabbitmq-c fixes the following issues:

Resolve package build issues (bsc#1198202)

Advisory ID	SUSE-RU-2022:1904-1
Released	Wed Jun 1 14:16:50 2022
Summary	Recommended update for libbluray
Type	recommended
Severity	important
References	1199463

Description:

This update for libbluray fixes the following issues:

Implement the new java.io.FileSystem.isInvalid method that entered all supported java versions with April 2022 CPU (bsc#1199463)

Advisory ID	SUSE-RU-2022:1907-1
Released	Wed Jun 1 14:20:29 2022
Summary	Recommended update for hunspell
Type	recommended
Severity	moderate
References	1199209

Description:

This update for hunspell fixes the following issues:

Add requirement for english dictionary (bsc#1199209)

Advisory ID	SUSE-SU-2022:1908-1
Released	Wed Jun 1 15:31:33 2022
Summary	Security update for postgresql14
Type	security
Severity	important
References	1199475,CVE-2022-1552

Description:

This update for postgresql14 fixes the following issues:

CVE-2022-1552: Confine additional operations within 'security restricted operation' sandboxes (bsc#1199475).

Advisory ID	SUSE-RU-2022:1909-1
Released	Wed Jun 1 16:25:35 2022
Summary	Recommended update for glibc
Type	recommended
Severity	moderate
References	1198751

Description:

This update for glibc fixes the following issues:

Add the correct name for the IBM Z16 (bsc#1198751).

Advisory ID	SUSE-RU-2022:1913-1
Released	Thu Jun 2 10:05:26 2022
Summary	Recommended update for aws-iam-authenticator
Type	recommended
Severity	moderate
References	1197703

Description:

This update for aws-iam-authenticator fixes the following issues:

Update in SLE-15 (bsc#1197703)

Update to version 0.5.3 * Bump Go to 1.15 in Travis (#361) * Update aws sdk go v1.37.1 (#360) * (arn): validate partition against all partitions returned by the aws sdk (#348) * Document AccessKeyId from UserInfo (#332) * Support IPv6 listen address (#352) * Added user agent to AWS SDK (#359) * Remove Chris Hein from OWNERS (#351) * Add instructions for the release process (#346)
from version 0.5.2 * Added partition flag (#341) * Update link to Kops docs site (#338) * Security Improvements on the example yaml (#335) * Fix RBAC on example file: service account requires get to ConfigMap (#334) * Add AccessKeyID as variable for username (#337) * Added server side AWS account ID log redaction (#327)
from version 0.5.1 * Update examples/README (#317) * Changelog gen (#318) * Fix CRD mapper blocking all others because caches never sync and revamp backend-mode flag (#303) * Update aws-sdk-go to version v1.30.0 (#306) * Bump k8s.io/ dependencies to 1.16.8 (#305) * chown aws-iam-authenticator to avoid permission denied (#302) * Indentation and unit test improvements (#298) * Adding Rate limiting ec2:DescribeInstances API along with Batching for high TPS (#292) * Restrict ClusterRole to readonly IAMIdentityMapping access (#287) * added selector to spec and changed from extenstions to apps/v1 (#291) * Add AWS AccessKeyID as an extra field in UserInfo (#286) * Allow server port customization (#278)
from version 0.5.0 * Remove DNS-1123 validation of usernames and groups (#260) * switch to use regional sts endpoint & imdsV2 (#283) * Add AWS Access Key ID to log (#282) * Require to pass in interface instead of the concrete type (#279) * Refactor to allow configurable backends (configmap, eks configmap, crd) (#269) * Update go version (#255) * Adding session name parameter to TokenGenerator (#272) * Rename prometheus metrics to match new project name (#249) * Remove inactive approvers, add wongma7 (#266) * Update aws-sdk-go to v1.23.11 (257) * Added go module download check (#259) * Updating goreleaser yaml to fix deprecated options (#252) * Remove deprecated language from README (#244) * Lowercase ARN inside doMapping and log about it (#239) * IAMIdentityMapping CRD Implementation (#116) * Adding micahhausler as approver (#237) * add support for passing externalID to assume role (#228) * Update README.md (#231) * Using sigs.k8s.io domain instead of github.com (#223) * Refactored EC2 API calls to be testable (#226) * Include aws request ID when logging errors (#178)
Remove global Go project variables
Set GO111MODULE=off to force use of vendored modules
Update Go build paths

Advisory ID	SUSE-RU-2022:1915-1
Released	Thu Jun 2 10:06:03 2022
Summary	Recommended update for autoyast2
Type	recommended
Severity	moderate
References	1199000,1199165

Description:

This update for autoyast2 fixes the following issues:

Fix detection disk serial and size in the 'disks' ERB helper (bsc#1199000)
Fix rules validation when using a dialog (bsc#1199165)

Advisory ID	SUSE-SU-2022:1919-1
Released	Thu Jun 2 12:04:09 2022
Summary	Security update for udisks2
Type	security
Severity	moderate
References	1190606,CVE-2021-3802

Description:

This update for udisks2 fixes the following issues:

CVE-2021-3802: Fixed denial of service vulnerability caused by insecure defaults in user-accessible mount helpers (bsc#1190606).

Advisory ID	SUSE-SU-2022:1920-1
Released	Thu Jun 2 13:04:48 2022
Summary	Security update for MozillaFirefox
Type	security
Severity	important
References	1200027,CVE-2022-31736,CVE-2022-31737,CVE-2022-31738,CVE-2022-31739,CVE-2022-31740,CVE-2022-31741,CVE-2022-31742,CVE-2022-31747

Description:

This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 91.10.0 ESR (MFSA 2022-21)(bsc#1200027)

CVE-2022-31736: Cross-Origin resource's length leaked
CVE-2022-31737: Heap buffer overflow in WebGL
CVE-2022-31738: Browser window spoof using fullscreen mode
CVE-2022-31739: Attacker-influenced path traversal when saving downloaded files
CVE-2022-31740: Register allocation problem in WASM on arm64
CVE-2022-31741: Uninitialized variable leads to invalid memory read
CVE-2022-31742: Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information
CVE-2022-31747: Memory safety bugs fixed in Firefox 101 and Firefox ESR 91.10

Advisory ID	SUSE-SU-2022:1923-1
Released	Thu Jun 2 14:04:06 2022
Summary	Security update for kernel-firmware
Type	security
Severity	important
References	1195786,1199459,1199470,CVE-2021-26312,CVE-2021-26339,CVE-2021-26342,CVE-2021-26347,CVE-2021-26348,CVE-2021-26349,CVE-2021-26350,CVE-2021-26364,CVE-2021-26372,CVE-2021-26373,CVE-2021-26375,CVE-2021-26376,CVE-2021-26378,CVE-2021-26388,CVE-2021-33139,CVE-2021-33155,CVE-2021-46744

Description:

This update for kernel-firmware fixes the following issues:
Update to version 20220411 (git commit f219d616f42b, bsc#1199459):

CVE-2021-26373, CVE-2021-26347, CVE-2021-26376, CVE-2021-26350, CVE-2021-26375, CVE-2021-26378, CVE-2021-26372, CVE-2021-26339, CVE-2021-26348, CVE-2021-26342, CVE-2021-26388, CVE-2021-26349, CVE-2021-26364, CVE-2021-26312: Update AMD cpu microcode

Update to version 20220309 (git commit cd01f857da28, bsc#1199470):

CVE-2021-46744: Ciphertext Side Channels on AMD SEV

Update Intel Bluetooth firmware (INTEL-SA-00604, bsc#1195786):

CVE-2021-33139, CVE-2021-33155: Improper conditions check in the firmware for some Intel Wireless Bluetooth and Killer Bluetooth products may allow an authenticated user to potentially cause denial of service via adjacent access.

Advisory ID	SUSE-RU-2022:1924-1
Released	Thu Jun 2 14:12:03 2022
Summary	Recommended update for mutter
Type	recommended
Severity	moderate
References	1199382

Description:

This update for mutter fixes the following issues:

Fix SIGSEGV in meta_context_terminate (bsc#1199382 glgo#GNOME/mutter#2267).
Update to version 41.5: + Fix X11 wayland drops ending up in the wrong wayland client. + Allow forcing EGLStream backend. + Updated translations.

Advisory ID	SUSE-SU-2022:1925-1
Released	Thu Jun 2 14:35:20 2022
Summary	Security update for patch
Type	security
Severity	moderate
References	1080985,1111572,1142041,1198106,CVE-2018-6952,CVE-2019-13636

Description:

This update for patch fixes the following issues:
Security issues fixed:

CVE-2019-13636: Fixed follow symlinks unless --follow-symlinks is given. This increases the security against malicious patches (bsc#1142041).
CVE-2018-6952: Fixed swapping fakelines in pch_swap. This bug was causing a double free leading to a crash (bsc#1080985).

Bugfixes:

Abort when cleaning up fails. This bug could cause an infinite loop when a patch wouldn't apply, leading to a segmentation fault (bsc#1111572).
Pass the correct stat to backup files. This bug would occasionally cause backup files to be missing when all hunks failed to apply (bsc#1198106).

Advisory ID	SUSE-SU-2022:1928-1
Released	Thu Jun 2 17:34:05 2022
Summary	Security update for php8
Type	security
Severity	low
References	1197644

Description:

This update for php8 fixes the following issues:

Fixed filter_var bypass vulnerability (bsc#1197644).

Advisory ID	SUSE-SU-2022:1929-1
Released	Thu Jun 2 17:34:19 2022
Summary	Security update for redis
Type	security
Severity	moderate
References	1198952,1198953,CVE-2022-24735,CVE-2022-24736

Description:

This update for redis fixes the following issues:

CVE-2022-24735: Fixed Lua code injection (bsc#1198952).
CVE-2022-24736: Fixed Lua NULL pointer dereference (bsc#1198953).

Advisory ID	SUSE-SU-2022:1930-1
Released	Thu Jun 2 17:34:37 2022
Summary	Security update for libarchive
Type	security
Severity	moderate
References	1022528,1188572,1189528,1197634,CVE-2017-5601,CVE-2021-36976,CVE-2022-26280

Description:

This update for libarchive fixes the following issues:

CVE-2022-26280: Fixed out-of-bounds read via the component zipx_lzma_alone_init (bsc#1197634).
CVE-2021-36976: Fixed use-after-free in copy_string (called from do_uncompress_block and process_block) (bsc#1188572).
CVE-2017-5601: Fixed out-of-bounds memory access preventing denial-of-service (bsc#1197634, bsc#1189528).

Advisory ID	SUSE-SU-2022:1934-1
Released	Fri Jun 3 14:57:53 2022
Summary	Security update for openvpn
Type	security
Severity	moderate
References	1123557,1197341,CVE-2022-0547

Description:

This update for openvpn fixes the following issues:

CVE-2022-0547: Fixed possible authentication bypass in external authentication plug-in (bsc#1197341).

By default the --suppress-timestamps flag is not needed (bsc#1123557).

Advisory ID	SUSE-RU-2022:2001-1
Released	Mon Jun 6 20:52:04 2022
Summary	Recommended update for s3fs
Type	recommended
Severity	moderate
References	1198900

Description:

This update for s3fs fixes the following issues:

Update to version 1.91 (bsc#1198900) * Fix RowFlush can not upload last part smaller than 5MB using NoCacheMultipartPost * Fix IAM role retrieval from IMDSv2 * Add option to allow unsigned payloads * Fix mixupload return EntityTooSmall while a copypart is less than 5MB after split * Allow compilation on Windows via MSYS2 * Handle utimensat UTIME_NOW and UTIME_OMIT special values * Preserve sub-second precision in more situations * Always flush open files with O_CREAT flag * Fixed not to call Flush even if the file size is increased * Include climits to support musl libc

Update to version 1.90 + Don't ignore nomultipart when storage is low + Fix POSIX compatibility issues found by pjdfstest + Fail CheckBucket when S3 returns PermanentRedirect + Do not create zero-byte object when creating file + Allow arbitrary size AWS secret keys + Fix race conditions + Set explicit Content-Length: 0 when initiating MPU + Set CURLOPT_UNRESTRICTED_AUTH when authenticating + Add jitter to avoid thundering herd + Loosen CheckBucket to check only the bucket + Add support for AWS-style environment variables

Advisory ID	SUSE-SU-2022:2004-1
Released	Tue Jun 7 16:34:20 2022
Summary	Security update for go1.17
Type	security
Severity	important
References	1190649,1200134,1200135,1200136,1200137,CVE-2022-29804,CVE-2022-30580,CVE-2022-30629,CVE-2022-30634

Description:

This update for go1.17 fixes the following issues:
Update to go1.17.11 (released 2022-06-01) (bsc#1190649):

CVE-2022-30634: Fixed crypto/rand rand.Read hangs with extremely large buffers (bsc#1200134).
CVE-2022-30629: Fixed crypto/tls session tickets lack random ticket_age_add (bsc#1200135).
CVE-2022-29804: Fixed path/filepath Clean(`.\c:`) returns `c:` on Windows (bsc#1200137).
CVE-2022-30580: Fixed os/exec empty Cmd.Path can result in running unintended binary on Windows (bsc#1200136).

Advisory ID	SUSE-SU-2022:2005-1
Released	Tue Jun 7 16:34:46 2022
Summary	Security update for go1.18
Type	security
Severity	important
References	1193742,1200134,1200135,1200136,1200137,CVE-2022-29804,CVE-2022-30580,CVE-2022-30629,CVE-2022-30634

Description:

This update for go1.18 fixes the following issues:
Update to go1.18.3 (released 2022-06-01) (bsc#1193742):

CVE-2022-30634: Fixed crypto/rand rand.Read hangs with extremely large buffers (bsc#1200134).
CVE-2022-30629: Fixed crypto/tls session tickets lack random ticket_age_add (bsc#1200135).
CVE-2022-29804: Fixed path/filepath Clean(`.\c:`) returns `c:` on Windows (bsc#1200137).
CVE-2022-30580: Fixed os/exec empty Cmd.Path can result in running unintended binary on Windows (bsc#1200136).

Advisory ID	SUSE-RU-2022:2014-1
Released	Tue Jun 7 19:08:55 2022
Summary	Recommended update for scap-security-guide
Type	recommended
Severity	moderate
References

Description:

This update for scap-security-guide fixes the following issues:
scap-security-guide was updated to 0.1.61 (jsc#ECO-3319):

Stop building PCI-DSS-centric XCCDF benchmark for RHEL 7
Introduce OL9 product
Implement handling of logical expressions in platform definitions

Please note that SUSE supports only the DISA STIG, HIPAA and PCI-DSS profiles for SUSE Linux Enterprise Server 12 and 15.

Advisory ID	SUSE-RU-2022:2016-1
Released	Wed Jun 8 16:26:36 2022
Summary	Recommended update for vulkan
Type	recommended
Severity	low
References	1197862

Description:

This update for vulkan fixes the following issue:

Disable RPATH to make the inherited package run on SLE-15-SP4. (bsc#1197862)

Advisory ID	SUSE-RU-2022:2017-1
Released	Wed Jun 8 16:27:06 2022
Summary	Recommended update for icewm
Type	recommended
Severity	low
References	1197729

Description:

This update for icewm fixes the following issues:

A later glib2 update will cause icewm fail to build. (bsc#1197729)

Advisory ID	SUSE-RU-2022:2018-1
Released	Wed Jun 8 16:47:04 2022
Summary	Recommended update for build
Type	recommended
Severity	moderate
References	1197298,1197699,1198740

Description:

This update for build fixes the following issues:

Update SLE 15 SP4 and Leap 15.4 build config (bsc#1198740)
Use aio=io_uring if available (bsc#1197699) (build#814)
Add arm32 and loongarch definitions (build#808)
Add compatibility code to initvm
Use upstream way of binfmt argv0 preservation (bsc#1197298) (build#809)
Add template support for Build::SimpleJSON
minor documentation updates
docker: Add support for --root and --installroot global zypper options
debian cross build support via multi-arch (obsoleting cbinstall remnants)
Tumbleweed config synced
documentation updates
smaller bugfixes

regression fix from last release, avoid calling shutdown handler twice when building in vm

Changes:
* pbuild: add --debug option for building debuginfo packages * rename --debug to --debuginfo to be more exact. * docu: add buildflags:ccachtype and OBS-DoNotAppendProfileToContainername
Fixes:
* Avoid shutdown of host when using nspawn
Features:
* download_assets: add --outdir --clean --show-dir-srcmd5 parameters support multiple --arch arguments * asset support for golang modules * add support for LXC 4. * new shortcuts for rpm building: --rpm-noprep, --rpm-build-in-place, --rpm-build-in-place-noprep for building directly from upstream git repositories without any tar ball. * mount securityfs if not mounted by kernel-obs-build * collect steal time during VM builds in statistics. * declare armv8 and armv7 compatible * support OBS Debuginfo build flag for Red Hat variants * setup rpmmacros for all build types and earlier * Kiwi builds - Always append the profile name to kiwi container names * Dockerfile build - improve registry handling - initial Dockerfile.dapper support - support 'curl' commands in docker builds - strip known domains from container name - support container alias names * introducing --verbose option, currently only showing kernel messages. * support cpio creation for special files * handle QEMU >= 6.0 on POWER9
Changes:
* Use git+https instead of git-https as url schema * add oops=panic kernel parameter * Updated distribution configurations (esp. Leap 15.4 and Tumbleweed) * new preinstallimages are using zstd by default * source subdirectories are used in git managed sources
Minor improvements
* change sccache default size limit * speed up improvements in - vm shutdown - rpm preinstall - avoid calling external commands in a loop - using zstd for preinstallimages - no more unpacking progress indicators to avoid slowdown - virtio handling * fixed vm-type=qemu * multiple smaller bugfixes and speed improvements

renamed tumbleweed config to tumbleweed
synced tumbleweed config changes
initial config for Leap 15.4
docker build environment * Use /.dockerenv as marker for docker environment * support privileged docker/nspawn mode * move --cap-add=SYS_ADMIN --cap-add=MKNOD to privileged mode * initvm: do not attempt to mount /proc and binfmt_misc handler if present
pbuild * rename --hide-timestamps to --no-timestamps * reuse options from older builds * revised --single build mode * support ccache
Unify ccache and sccache handling

Features:

deb zstd support (for Ubuntu 21.10)
support KVM builds with enabled network
modulemd support improvements
Support a 'Distmacro' directive for recipe parser-only macros

Fixes:

Load selinux policy when using a preinstall image
Use the pax format for preinstall images if bsdtar is available
Add %riscv to std_macros
Fix combine_configs dropping newlines

pbuild:

Implement SCC calculation
Improve --shell-after-build and --single options
initial documentation of pbuild
Bugfixes
Fix unpacking of deb/arch archives without bsdtar
fixed regression in multiline macro evaluation from 20th August release

Features:

cross architecture build support (for rpm and kiwi)
modulemd meta data support
pbuild to build multiple source packages (initial release, can not be considered stable yet)
supporting external asset stores for source files
support multiple post build checks placed in the directory: /usr/lib/build/post-build-checks/
sccache support
New --shell-after-fail option
allow to disable squashfs in SimpleImage
supporting aarch64 kernel on armv?l distributions
kiwi: Add support for OBS-RemoteAsset and OBS-CopyToImage directives
container: FROM scratch build support

Improvements:

supporting kvm builds as non-root user
Extend stage selection support for rpm builds
various distribution config updates
Support 'BuildFlags: cumulaterpms' (was done only via suse_version before)

Fixes:

container builds * support newer podman versions * supporting multiple containers for multi-stage builds
Supporting URL's in Flatpak manifests
epoch handling in debian builds
catch more cases where a failed build is marked as host error
fixing wrong status reporting when a job got killed
hugetlbfs handling fixes
try mounting selinuxfs in VM
Also create the /sys dir when preinstalling (to satisfy dracut)
various XML parser fixes
and many minor ones

Advisory ID	SUSE-RU-2022:2019-1
Released	Wed Jun 8 16:50:07 2022
Summary	Recommended update for gcc11
Type	recommended
Severity	moderate
References	1192951,1193659,1195283,1196861,1197065

Description:

This update for gcc11 fixes the following issues:
Update to the GCC 11.3.0 release.

includes SLS hardening backport on x86_64. [bsc#1195283]
includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861]
fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065]
use --with-cpu rather than specifying --with-arch/--with-tune
Fix D memory corruption in -M output.
Fix ICE in is_this_parameter with coroutines. [bsc#1193659]
fixes issue with debug dumping together with -o /dev/null
fixes libgccjit issue showing up in emacs build [bsc#1192951]
Package mwaitintrin.h

Advisory ID	SUSE-RU-2022:2024-1
Released	Thu Jun 9 10:13:12 2022
Summary	Recommended update for python-azure-agent
Type	recommended
Severity	moderate
References	1198258

Description:

This update for python-azure-agent fixes the following issues:

Reset the dhcp config when deprovisioning and instance to ensure instances from aVM image created from that instance send host information to the DHCP server. (bsc#1198258)

Advisory ID	SUSE-SU-2022:2035-1
Released	Fri Jun 10 10:16:40 2022
Summary	Security update for grub2
Type	security
Severity	important
References	1191184,1191185,1191186,1193282,1197948,1198460,1198493,1198495,1198496,1198581,CVE-2021-3695,CVE-2021-3696,CVE-2021-3697,CVE-2022-28733,CVE-2022-28734,CVE-2022-28735,CVE-2022-28736

Description:

This update for grub2 fixes the following issues:
This update provides security fixes and hardenings for Boothole 3 / Boothole 2022 (bsc#1198581)

CVE-2021-3695: Fixed that a crafted PNG grayscale image could lead to out-of-bounds write in heap (bsc#1191184)
CVE-2021-3696: Fixed that a crafted PNG image could lead to out-of-bound write during huffman table handling (bsc#1191185)
CVE-2021-3697: Fixed that a crafted JPEG image could lead to buffer underflow write in the heap (bsc#1191186)
CVE-2022-28733: Fixed fragmentation math in net/ip (bsc#1198460)
CVE-2022-28734: Fixed an out-of-bound write for split http headers (bsc#1198493)
CVE-2022-28735: Fixed some verifier framework changes (bsc#1198495)
CVE-2022-28736: Fixed a use-after-free in chainloader command (bsc#1198496)
Update SBAT security contact (bsc#1193282)
Bump grub's SBAT generation to 2

Use boot disks in OpenFirmware, fixing regression caused when the root LV is completely in the boot LUN (bsc#1197948)

Advisory ID	SUSE-SU-2022:2044-1
Released	Fri Jun 10 13:37:07 2022
Summary	Security update for google-gson
Type	security
Severity	important
References	1199064,CVE-2022-25647

Description:

This update for google-gson fixes the following issues:

CVE-2022-25647: Fixed deserialization of untrusted data (bsc#1199064).

Advisory ID	SUSE-SU-2022:2047-1
Released	Mon Jun 13 09:19:06 2022
Summary	Security update for netty3
Type	security
Severity	moderate
References	1193672,1197787,CVE-2021-43797

Description:

This update for netty3 fixes the following issues:

CVE-2021-43797: Fixed a potential HTTP request smuggling issue due to insufficient validation against control characters (bsc#1193672).

Advisory ID	SUSE-RU-2022:2049-1
Released	Mon Jun 13 09:23:52 2022
Summary	Recommended update for binutils
Type	recommended
Severity	moderate
References	1191908,1198422

Description:

This update for binutils fixes the following issues:

Revert back to old behaviour of not ignoring the in-section content of to be relocated fields on x86-64, even though that's a RELA architecture. Compatibility with buggy object files generated by old tools. [bsc#1198422]
Fix a problem in crash not accepting some of our .ko.debug files. (bsc#1191908)

Advisory ID	SUSE-SU-2022:2054-1
Released	Mon Jun 13 10:39:42 2022
Summary	Security update for u-boot
Type	security
Severity	important
References	1199623,1200363,1200364,CVE-2022-30552,CVE-2022-30767,CVE-2022-30790

Description:

This update for u-boot fixes the following issues:

CVE-2022-30552: A large buffer overflow could have lead to a denial of service in the IP Packet deframentation code.

(bsc#1200363)

CVE-2022-30790: A Hole Descriptor Overwrite could have lead to an arbitrary out of bounds write primitive.

(bsc#1200364)

CVE-2022-30767: Fixed an unbounded memcpy with a failed length check leading to a buffer overflow (bsc#1199623).

Advisory ID	SUSE-RU-2022:2060-1
Released	Mon Jun 13 15:26:16 2022
Summary	Recommended update for geronimo-specs
Type	recommended
Severity	moderate
References	1200426

Description:

This recommended update for geronimo-specs provides the following fix:

Ship geronimo-annotation-1_0-api to SUSE Manager server as it is now needed by google-gson. (bsc#1200426)

Advisory ID	SUSE-SU-2022:2062-1
Released	Mon Jun 13 15:34:16 2022
Summary	Security update for MozillaThunderbird
Type	security
Severity	important
References	1199768,1200027,CVE-2022-1529,CVE-2022-1802,CVE-2022-1834,CVE-2022-31736,CVE-2022-31737,CVE-2022-31738,CVE-2022-31739,CVE-2022-31740,CVE-2022-31741,CVE-2022-31742,CVE-2022-31747

Description:

This update for MozillaThunderbird fixes the following issues:
Update to Mozilla Thunderbird 91.9.1
MFSA 2022-19 (bsc#1199768):

CVE-2022-1802: Prototype pollution in Top-Level Await implementation (bmo#1770137).
CVE-2022-1529: Untrusted input used in JavaScript object indexing, leading to prototype pollution (bmo#1770048).

Update to Mozilla Thunderbird 91.10
MFSA 2022-22 (bsc#1200027):

CVE-2022-31736: Cross-Origin resource's length leaked (bmo#1735923)
CVE-2022-31737: Heap buffer overflow in WebGL (bmo#1743767)
CVE-2022-31738: Browser window spoof using fullscreen mode (bmo#1756388)
CVE-2022-31739: Attacker-influenced path traversal when saving downloaded files (bmo#1765049)
CVE-2022-31740: Register allocation problem in WASM on arm64 (bmo#1766806)
CVE-2022-31741: Uninitialized variable leads to invalid memory read (bmo#1767590)
CVE-2022-1834: Braille space character caused incorrect sender email to be shown for a digitally signed email (bmo#1767816)
CVE-2022-31742: Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information (bmo#1730434)
CVE-2022-31747: Memory safety bugs fixed in Thunderbird 91.10 (bmo#1760765, bmo#1765610, bmo#1766283, bmo#1767365, bmo#1768559, bmo#1768734)

Advisory ID	SUSE-SU-2022:2071-1
Released	Tue Jun 14 11:56:59 2022
Summary	Security update for webkit2gtk3
Type	security
Severity	important
References	1199287,1200106,CVE-2022-26700,CVE-2022-26709,CVE-2022-26716,CVE-2022-26717,CVE-2022-26719,CVE-2022-30293

Description:

This update for webkit2gtk3 fixes the following issues:
Update to version 2.36.3 (bsc#1200106)

CVE-2022-30293: Fixed heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer (bsc#1199287).
CVE-2022-26700: Fixed memory corruption issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106).
CVE-2022-26709: Fixed use after free issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106).
CVE-2022-26716: Fixed use after free issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106).
CVE-2022-26717: Fixed memory corruption issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106).
CVE-2022-26719: Fixed memory corruption issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106).

Advisory ID	SUSE-OU-2022:2086-1
Released	Wed Jun 15 09:45:24 2022
Summary	Optional update for SUSE Package Hub
Type	optional
Severity	moderate
References

Description:

This optional update provides the following changes:

Provide binaries for non x86_64 architectures directly to SUSE Package Hub.
There are no visible changes for the final user.
Affected source packages: os-prober

Advisory ID	SUSE-OU-2022:2087-1
Released	Wed Jun 15 09:46:37 2022
Summary	Optional update for SUSE Package Hub
Type	optional
Severity	moderate
References

Description:

This optional update provides the following changes:

Provide binaries for non x86_64 architectures directly to SUSE Package Hub.
There are no visible changes for the final user.
Affected source packages: rp-pppoe linux-atm ppp

Advisory ID	SUSE-RU-2022:2088-1
Released	Wed Jun 15 11:10:41 2022
Summary	Recommended update for firewalld
Type	recommended
Severity	moderate
References	1191837

Description:

This update for firewalld fixes the following issues:

Fixes setting the default zone to external during installation problem (bsc#1191837)

Advisory ID	SUSE-RU-2022:2090-1
Released	Wed Jun 15 12:38:34 2022
Summary	Recommended update for regionServiceClientConfigAzure
Type	recommended
Severity	moderate
References	1199668

Description:

This update for regionServiceClientConfigAzure fixes the following issues:

Update to version 2.0.0 (bsc#1199668) - Move the certs to /usr from /var to accomodate ro filesystem of SLE-Micro - Fix source url in spec file

Advisory ID	SUSE-RU-2022:2093-1
Released	Wed Jun 15 17:08:05 2022
Summary	Recommended update for open-vm-tools
Type	recommended
Severity	moderate
References	1196803,1196804

Description:

This update for open-vm-tools fixes the following issues:

Update to 12.0.0 (build 19345655) (bsc#1196803)
Update open-vm-tools 12.0.0. (jsc#SLE-24097)
Support for managing Salt Minion through guest variables. A new open-vm-tools-salt-minion rpm is added to handle this support.
New ComponentMgr plugin to manage (add, remove, monitor) components on the guest VM.
Patch to fix potential Fail to Build from Source. (bsc#1196804)
Build vmhgfs with either libfuse2 or libfuse3.

Advisory ID	SUSE-RU-2022:2094-1
Released	Wed Jun 15 17:08:50 2022
Summary	Recommended update for fence-agents
Type	recommended
Severity	important
References	1198872

Description:

This update for fence-agents fixes the following issues:

Fix and issue where 'fence-agents' is broken in GCP due to missing '--zone' parameter (bsc#1198872)

Advisory ID	SUSE-SU-2022:2102-1
Released	Thu Jun 16 15:18:23 2022
Summary	Security update for vim
Type	security
Severity	important
References	1070955,1191770,1192167,1192902,1192903,1192904,1193466,1193905,1194093,1194216,1194217,1194388,1194872,1194885,1195004,1195203,1195332,1195354,1196361,1198596,1198748,1199331,1199333,1199334,1199651,1199655,1199693,1199745,1199747,1199936,1200010,1200011,1200012,CVE-2017-17087,CVE-2021-3778,CVE-2021-3796,CVE-2021-3872,CVE-2021-3875,CVE-2021-3903,CVE-2021-3927,CVE-2021-3928,CVE-2021-3968,CVE-2021-3973,CVE-2021-3974,CVE-2021-3984,CVE-2021-4019,CVE-2021-4069,CVE-2021-4136,CVE-2021-4166,CVE-2021-4192,CVE-2021-4193,CVE-2021-46059,CVE-2022-0128,CVE-2022-0213,CVE-2022-0261,CVE-2022-0318,CVE-2022-0319,CVE-2022-0351,CVE-2022-0359,CVE-2022-0361,CVE-2022-0392,CVE-2022-0407,CVE-2022-0413,CVE-2022-0696,CVE-2022-1381,CVE-2022-1420,CVE-2022-1616,CVE-2022-1619,CVE-2022-1620,CVE-2022-1733,CVE-2022-1735,CVE-2022-1771,CVE-2022-1785,CVE-2022-1796,CVE-2022-1851,CVE-2022-1897,CVE-2022-1898,CVE-2022-1927

Description:

This update for vim fixes the following issues:

CVE-2017-17087: Fixed information leak via .swp files (bsc#1070955).
CVE-2021-3875: Fixed heap-based buffer overflow (bsc#1191770).
CVE-2021-3903: Fixed heap-based buffer overflow (bsc#1192167).
CVE-2021-3968: Fixed heap-based buffer overflow (bsc#1192902).
CVE-2021-3973: Fixed heap-based buffer overflow (bsc#1192903).
CVE-2021-3974: Fixed use-after-free (bsc#1192904).
CVE-2021-4069: Fixed use-after-free in ex_open()in src/ex_docmd.c (bsc#1193466).
CVE-2021-4136: Fixed heap-based buffer overflow (bsc#1193905).
CVE-2021-4166: Fixed out-of-bounds read (bsc#1194093).
CVE-2021-4192: Fixed use-after-free (bsc#1194217).
CVE-2021-4193: Fixed out-of-bounds read (bsc#1194216).
CVE-2022-0128: Fixed out-of-bounds read (bsc#1194388).
CVE-2022-0213: Fixed heap-based buffer overflow (bsc#1194885).
CVE-2022-0261: Fixed heap-based buffer overflow (bsc#1194872).
CVE-2022-0318: Fixed heap-based buffer overflow (bsc#1195004).
CVE-2022-0359: Fixed heap-based buffer overflow in init_ccline() in ex_getln.c (bsc#1195203).
CVE-2022-0392: Fixed heap-based buffer overflow (bsc#1195332).
CVE-2022-0407: Fixed heap-based buffer overflow (bsc#1195354).
CVE-2022-0696: Fixed NULL pointer dereference (bsc#1196361).
CVE-2022-1381: Fixed global heap buffer overflow in skip_range (bsc#1198596).
CVE-2022-1420: Fixed out-of-range pointer offset (bsc#1198748).
CVE-2022-1616: Fixed use-after-free in append_command (bsc#1199331).
CVE-2022-1619: Fixed heap-based Buffer Overflow in function cmdline_erase_chars (bsc#1199333).
CVE-2022-1620: Fixed NULL pointer dereference in function vim_regexec_string (bsc#1199334).
CVE-2022-1733: Fixed heap-based buffer overflow in cindent.c (bsc#1199655).
CVE-2022-1735: Fixed heap-based buffer overflow (bsc#1199651).
CVE-2022-1771: Fixed stack exhaustion (bsc#1199693).
CVE-2022-1785: Fixed out-of-bounds write (bsc#1199745).
CVE-2022-1796: Fixed use-after-free in find_pattern_in_path (bsc#1199747).
CVE-2022-1851: Fixed out-of-bounds read (bsc#1199936).
CVE-2022-1897: Fixed out-of-bounds write (bsc#1200010).
CVE-2022-1898: Fixed use-after-free (bsc#1200011).
CVE-2022-1927: Fixed buffer over-read (bsc#1200012).

Advisory ID	SUSE-SU-2022:2108-1
Released	Thu Jun 16 15:25:55 2022
Summary	Security update for rubygem-actionpack-5_1, rubygem-activesupport-5_1
Type	security
Severity	important
References	1185780,1196182,CVE-2021-22904,CVE-2022-23633

Description:

This update for rubygem-actionpack-5_1 and rubygem-activesupport-5_1 fixes the following issues:

CVE-2021-22904: Fixed possible DoS Vulnerability in Action Controller Token Authentication (bsc#1185780)
CVE-2022-23633: Fixed possible exposure of information vulnerability in Action Pack (bsc#1196182)

Advisory ID	SUSE-feature-2022:2114-1
Released	Fri Jun 17 18:11:32 2022
Summary	Feature update for build
Type	feature
Severity	moderate
References

Description:

This feature update for build provides the following changes:
Support the Multi Factor Authentication in osc (jsc#SLE-24657, jsc#SLE-24652, jsc#SLE-24653)

Upgrade build from version 20220422 to version 20220613: * deb: defer dpkg triggers until all packages are installed, and disable man-db altogether * Add support of Debian Source format 3.0 (quilt) and changelog modification * Stop building aarch64_ilp32 baselibs for aarch64

Advisory ID	SUSE-RU-2022:2119-1
Released	Mon Jun 20 13:06:46 2022
Summary	Recommended update for salt
Type	recommended
Severity	important
References	1199149

Description:

This update for salt fixes the following issue:

Make sure SaltCacheLoader use correct fileclient (bsc#1199149)
Fixes for Python 3.10 * Use the same logic in `_compat.py` and `entrypoints.py` to load the same `importlib.metadata.`

Advisory ID	SUSE-SU-2022:2140-1
Released	Mon Jun 20 14:58:38 2022
Summary	Security update for node_exporter
Type	security
Severity	important
References	1190535,1196338,CVE-2022-21698

Description:

This security update for golang-github-prometheus-node_exporter provides:
Update golang-github-prometheus-node_exporter from version 1.1.2 to version 1.3.0 (bsc#1196338, jsc#SLE-24238, jsc#SLE-24239)

CVE-2022-21698: Denial of service using InstrumentHandlerCounter
Update vendor tarball with prometheus/client_golang 1.11.1
Update to 1.3.0 * [CHANGE] Add path label to rapl collector #2146 * [CHANGE] Exclude filesystems under /run/credentials #2157 * [CHANGE] Add TCPTimeouts to netstat default filter #2189 * [FEATURE] Add lnstat collector for metrics from /proc/net/stat/ #1771 * [FEATURE] Add darwin powersupply collector #1777 * [FEATURE] Add support for monitoring GPUs on Linux #1998 * [FEATURE] Add Darwin thermal collector #2032 * [FEATURE] Add os release collector #2094 * [FEATURE] Add netdev.address-info collector #2105 * [FEATURE] Add clocksource metrics to time collector #2197 * [ENHANCEMENT] Support glob textfile collector directories #1985 * [ENHANCEMENT] ethtool: Expose node_ethtool_info metric #2080 * [ENHANCEMENT] Use include/exclude flags for ethtool filtering #2165 * [ENHANCEMENT] Add flag to disable guest CPU metrics #2123 * [ENHANCEMENT] Add DMI collector #2131 * [ENHANCEMENT] Add threads metrics to processes collector #2164 * [ENHANCMMENT] Reduce timer GC delays in the Linux filesystem collector #2169 * [ENHANCMMENT] Add TCPTimeouts to netstat default filter #2189 * [ENHANCMMENT] Use SysctlTimeval for boottime collector on BSD #2208 * [BUGFIX] ethtool: Sanitize metric names #2093 * [BUGFIX] Fix ethtool collector for multiple interfaces #2126 * [BUGFIX] Fix possible panic on macOS #2133 * [BUGFIX] Collect flag_info and bug_info only for one core #2156 * [BUGFIX] Prevent duplicate ethtool metric names #2187
Update to 1.2.2 * Bug fixes Fix processes collector long int parsing #2112
Update to 1.2.1 * Removed Remove obsolete capture permission denied error fix already included upstream * Bug fixes Fix zoneinfo parsing prometheus/procfs#386 Fix nvme collector log noise #2091 Fix rapl collector log noise #2092
Update to 1.2.0 * Changes Rename filesystem collector flags to match other collectors #2012 Make node_exporter print usage to STDOUT #203 * Features Add conntrack statistics metrics #1155 Add ethtool stats collector #1832 Add flag to ignore network speed if it is unknown #1989 Add tapestats collector for Linux #2044 Add nvme collector #2062 * Enhancements Add ErrorLog plumbing to promhttp #1887 Add more Infiniband counters #2019 netclass: retrieve interface names and filter before parsing #2033 Add time zone offset metric #2060 * Bug fixes Handle errors from disabled PSI subsystem #1983 Fix panic when using backwards compatible flags #2000 Fix wrong value for OpenBSD memory buffer cache #2015 Only initiate collectors once #2048 Handle small backwards jumps in CPU idle #2067
Capture permission denied error for 'energy_uj' file (bsc#1190535)

Advisory ID	SUSE-RU-2022:2156-1
Released	Wed Jun 22 17:08:41 2022
Summary	Recommended updates for python3-dnspython and python3-zypp-plugin:
Type	recommended
Severity	important
References

Description:

Add python3-dnspython and python3-zypp-plugin to unrestricted channels.

Advisory ID	SUSE-RU-2022:2157-1
Released	Wed Jun 22 17:11:26 2022
Summary	Recommended update for binutils
Type	recommended
Severity	moderate
References	1198458

Description:

This update for binutils fixes the following issues:

For building the shim 15.6~rc1 and later versions aarch64 image, objcopy needs to support efi-app-aarch64 target. (bsc#1198458)

Advisory ID	SUSE-SU-2022:2192-1
Released	Mon Jun 27 17:13:25 2022
Summary	Security update for rubygem-rack
Type	security
Severity	critical
References	1200748,1200750,CVE-2022-30122,CVE-2022-30123

Description:

This update for rubygem-rack fixes the following issues:

CVE-2022-30122: Fixed crafted multipart POST request may cause a DoS (bsc#1200748)
CVE-2022-30123: Fixed crafted requests can cause shell escape sequences (bsc#1200750)

Advisory ID	SUSE-SU-2022:2260-1
Released	Mon Jul 4 16:28:51 2022
Summary	Security update for qemu
Type	security
Severity	important
References	1197084,1198035,1198037,1198711,1198712,1199015,1199018,1199625,1199924,CVE-2021-4206,CVE-2021-4207,CVE-2022-26353,CVE-2022-26354

Description:

This update for qemu fixes the following issues:

CVE-2022-26354: Fixed missing virtqueue detach on error can lead to memory leak (bsc#1198712)
CVE-2022-26353: Fixed map leaking on error during receive (bsc#1198711)
CVE-2021-4207: Fixed double fetch in qxl_cursor() can lead to heap buffer overflow (bsc#1198037)
CVE-2021-4206: Fixed integer overflow in cursor_alloc() can lead to heap buffer overflow (bsc#1198035)

Advisory ID	SUSE-SU-2022:2268-1
Released	Tue Jul 5 15:03:44 2022
Summary	Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP4)
Type	security
Severity	important
References	1196959,1197335,1198590,1199602,1200266,1200268,CVE-2021-39698,CVE-2022-1016,CVE-2022-1280,CVE-2022-1966,CVE-2022-1972,CVE-2022-30594,CVE-2022-32250

Description:

This update for the Linux Kernel 5.14.21-150400_22 fixes several issues.
The following security issues were fixed:

CVE-2022-32250: Fixed an use-after-free bug in the netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue. (bnc#1200015)
CVE-2022-1972: Fixed a buffer overflow in nftable that could lead to privilege escalation. (bsc#1200019)
CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505).
CVE-2022-1280: Fixed a use-after-free vulnerability in drm_lease_held in drivers/gpu/drm/drm_lease.c (bnc#1197914).
CVE-2022-1280: Fixed a use-after-free vulnerability in drm_lease_held in drivers/gpu/drm/drm_lease.c (bnc#1197914).
CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197227)
CVE-2021-39698: Fixed a possible memory corruption due to a use after free in aio_poll_complete_work. This could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1196956)

Advisory ID	SUSE-SU-2022:2277-1
Released	Wed Jul 6 05:33:48 2022
Summary	Security update for haproxy
Type	security
Severity	moderate
References	1196408,CVE-2022-0711

Description:

This update for haproxy fixes the following issues:

CVE-2022-0711: haproxy: Denial of service via set-cookie2 header (bsc#1196408).

Advisory ID	SUSE-SU-2022:2291-1
Released	Wed Jul 6 13:04:37 2022
Summary	Security update for python310
Type	security
Severity	important
References	1198511,CVE-2015-20107

Description:

This update for python310 fixes the following issues:

CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511).

Update to 3.10.5: - Core and Builtins - gh-93418: Fixed an assert where an f-string has an equal sign '=' following an expression, but there's no trailing brace. For example, f'{i='. - gh-91924: Fix __ltrace__ debug feature if the stdout encoding is not UTF-8. Patch by Victor Stinner. - gh-93061: Backward jumps after async for loops are no longer given dubious line numbers. - gh-93065: Fix contextvars HAMT implementation to handle iteration over deep trees. - The bug was discovered and fixed by Eli Libman. See MagicStack/immutables#84 for more details. - gh-92311: Fixed a bug where setting frame.f_lineno to jump over a list comprehension could misbehave or crash. - gh-92112: Fix crash triggered by an evil custom mro() on a metaclass. - gh-92036: Fix a crash in subinterpreters related to the garbage collector. When a subinterpreter is deleted, untrack all objects tracked by its GC. To prevent a crash in deallocator functions expecting objects to be tracked by the GC, leak a strong reference to these objects on purpose, so they are never deleted and their deallocator functions are not called. Patch by Victor Stinner. - gh-91421: Fix a potential integer overflow in _Py_DecodeUTF8Ex. - bpo-47212: Raise IndentationError instead of SyntaxError for a bare except with no following indent. Improve SyntaxError locations for an un-parenthesized generator used as arguments. Patch by Matthieu Dartiailh. - bpo-47182: Fix a crash when using a named unicode character like '\N{digit nine}' after the main interpreter has been initialized a second time. - bpo-47117: Fix a crash if we fail to decode characters in interactive mode if the tokenizer buffers are uninitialized. Patch by Pablo Galindo. - bpo-39829: Removed the __len__() call when initializing a list and moved initializing to list_extend. Patch by Jeremiah Pascual. - bpo-46962: Classes and functions that unconditionally declared their docstrings ignoring the --without-doc-strings compilation flag no longer do so. - The classes affected are ctypes.UnionType, pickle.PickleBuffer, testcapi.RecursingInfinitelyError, and types.GenericAlias. - The functions affected are 24 methods in ctypes. - Patch by Oleg Iarygin. - bpo-36819: Fix crashes in built-in encoders with error handlers that return position less or equal than the starting position of non-encodable characters. - Library - gh-93156: Accessing the pathlib.PurePath.parents sequence of an absolute path using negative index values produced incorrect results. - gh-89973: Fix re.error raised in fnmatch if the pattern contains a character range with upper bound lower than lower bound (e.g. [c-a]). Now such ranges are interpreted as empty ranges. - gh-93010: In a very special case, the email package tried to append the nonexistent InvalidHeaderError to the defect list. It should have been InvalidHeaderDefect. - gh-92839: Fixed crash resulting from calling bisect.insort() or bisect.insort_left() with the key argument not equal to None. - gh-91581: utcfromtimestamp() no longer attempts to resolve fold in the pure Python implementation, since the fold is never 1 in UTC. In addition to being slightly faster in the common case, this also prevents some errors when the timestamp is close to datetime.min. Patch by Paul Ganssle. - gh-92530: Fix an issue that occurred after interrupting threading.Condition.notify(). - gh-92049: Forbid pickling constants re._constants.SUCCESS etc. Previously, pickling did not fail, but the result could not be unpickled. - bpo-47029: Always close the read end of the pipe used by multiprocessing.Queue after the last write of buffered data to the write end of the pipe to avoid BrokenPipeError at garbage collection and at multiprocessing.Queue.close() calls. Patch by Géry Ogam. - gh-91401: Provide a fail-safe way to disable subprocess use of vfork() via a private subprocess._USE_VFORK attribute. While there is currently no known need for this, if you find a need please only set it to False. File a CPython issue as to why you needed it and link to that from a comment in your code. This attribute is documented as a footnote in 3.11. - gh-91910: Add missing f prefix to f-strings in error messages from the multiprocessing and asyncio modules. - gh-91810: ElementTree method write() and function tostring() now use the text file's encoding ('UTF-8' if not available) instead of locale encoding in XML declaration when encoding='unicode' is specified. - gh-91832: Add required attribute to argparse.Action repr output. - gh-91700: Compilation of regular expression containing a conditional expression (?(group)...) now raises an appropriate re.error if the group number refers to not defined group. Previously an internal RuntimeError was raised. - gh-91676: Fix unittest.IsolatedAsyncioTestCase to shutdown the per test event loop executor before returning from its run method so that a not yet stopped or garbage collected executor state does not persist beyond the test. - gh-90568: Parsing \N escapes of Unicode Named Character Sequences in a regular expression raises now re.error instead of TypeError. - gh-91595: Fix the comparison of character and integer inside Tools.gdb.libpython.write_repr(). Patch by Yu Liu. - gh-90622: Worker processes for concurrent.futures.ProcessPoolExecutor are no longer spawned on demand (a feature added in 3.9) when the multiprocessing context start method is 'fork' as that can lead to deadlocks in the child processes due to a fork happening while threads are running. - gh-91575: Update case-insensitive matching in the re module to the latest Unicode version. - gh-91581: Remove an unhandled error case in the C implementation of calls to datetime.fromtimestamp with no time zone (i.e. getting a local time from an epoch timestamp). This should have no user-facing effect other than giving a possibly more accurate error message when called with timestamps that fall on 10000-01-01 in the local time. Patch by Paul Ganssle. - bpo-47260: Fix os.closerange() potentially being a no-op in a Linux seccomp sandbox. - bpo-39064: zipfile.ZipFile now raises zipfile.BadZipFile instead of ValueError when reading a corrupt zip file in which the central directory offset is negative. - bpo-47151: When subprocess tries to use vfork, it now falls back to fork if vfork returns an error. This allows use in situations where vfork isn't allowed by the OS kernel. - bpo-27929: Fix asyncio.loop.sock_connect() to only resolve names for socket.AF_INET or socket.AF_INET6 families. Resolution may not make sense for other families, like socket.AF_BLUETOOTH and socket.AF_UNIX. - bpo-43323: Fix errors in the email module if the charset itself contains undecodable/unencodable characters. - bpo-47101: hashlib.algorithms_available now lists only algorithms that are provided by activated crypto providers on OpenSSL 3.0. Legacy algorithms are not listed unless the legacy provider has been loaded into the default OSSL context. - bpo-46787: Fix concurrent.futures.ProcessPoolExecutor exception memory leak - bpo-45393: Fix the formatting for await x and not x in the operator precedence table when using the help() system. - bpo-46415: Fix ipaddress.ip_{address,interface,network} raising TypeError instead of ValueError if given invalid tuple as address parameter. - bpo-28249: Set doctest.DocTest.lineno to None when object does not have __doc__. - bpo-45138: Fix a regression in the sqlite3 trace callback where bound parameters were not expanded in the passed statement string. The regression was introduced in Python 3.10 by bpo-40318. Patch by Erlend E. Aasland. - bpo-44493: Add missing terminated NUL in sockaddr_un's length - This was potentially observable when using non-abstract AF_UNIX datagram sockets to processes written in another programming language. - bpo-42627: Fix incorrect parsing of Windows registry proxy settings - bpo-36073: Raise ProgrammingError instead of segfaulting on recursive usage of cursors in sqlite3 converters. Patch by Sergey Fedoseev. - Documentation - gh-86438: Clarify that -W and PYTHONWARNINGS are matched literally and case-insensitively, rather than as regular expressions, in warnings. - gh-92240: Added release dates for 'What's New in Python 3.X' for 3.0, 3.1, 3.2, 3.8 and 3.10 - gh-91888: Add a new gh role to the documentation to link to GitHub issues. - gh-91783: Document security issues concerning the use of the function shutil.unpack_archive() - gh-91547: Remove 'Undocumented modules' page. - bpo-44347: Clarify the meaning of dirs_exist_ok, a kwarg of shutil.copytree(). - bpo-38668: Update the introduction to documentation for os.path to remove warnings that became irrelevant after the implementations of PEP 383 and PEP 529. - bpo-47138: Pin Jinja to a version compatible with Sphinx version 3.2.1. - bpo-46962: All docstrings in code snippets are now wrapped into PyDoc_STR() to follow the guideline of PEP 7's Documentation Strings paragraph. Patch by Oleg Iarygin. - bpo-26792: Improve the docstrings of runpy.run_module() and runpy.run_path(). Original patch by Andrew Brezovsky. - bpo-40838: Document that inspect.getdoc(), inspect.getmodule(), and inspect.getsourcefile() might return None. - bpo-45790: Adjust inaccurate phrasing in Defining Extension Types: Tutorial about the ob_base field and the macros used to access its contents. - bpo-42340: Document that in some circumstances KeyboardInterrupt may cause the code to enter an inconsistent state. Provided a sample workaround to avoid it if needed. - bpo-41233: Link the errnos referenced in Doc/library/exceptions.rst to their respective section in Doc/library/errno.rst, and vice versa. Previously this was only done for EINTR and InterruptedError. Patch by Yan 'yyyyyyyan' Orestes. - bpo-38056: Overhaul the Error Handlers documentation in codecs. - bpo-13553: Document tkinter.Tk args. - Tests - gh-92886: Fixing tests that fail when running with optimizations (-O) in test_imaplib.py. - gh-92670: Skip test_shutil.TestCopy.test_copyfile_nonexistent_dir test on AIX as the test uses a trailing slash to force the OS consider the path as a directory, but on AIX the trailing slash has no effect and is considered as a file. - gh-91904: Fix initialization of PYTHONREGRTEST_UNICODE_GUARD which prevented running regression tests on non-UTF-8 locale. - gh-91607: Fix test_concurrent_futures to test the correct multiprocessing start method context in several cases where the test logic mixed this up. - bpo-47205: Skip test for sched_getaffinity() and sched_setaffinity() error case on FreeBSD. - bpo-47104: Rewrite asyncio.to_thread() tests to use unittest.IsolatedAsyncioTestCase. - bpo-29890: Add tests for ipaddress.IPv4Interface and ipaddress.IPv6Interface construction with tuple arguments. Original patch and tests by louisom. - Tools/Demos - gh-91583: Fix regression in the code generated by Argument Clinic for functions with the defining_class parameter.

Update to 3.10.4: - bpo-46968: Check for the existence of the 'sys/auxv.h' header in faulthandler to avoid compilation problems in systems where this header doesn't exist. Patch by Pablo Galindo - bpo-23691: Protect the re.finditer() iterator from re-entering. - bpo-42369: Fix thread safety of zipfile._SharedFile.tell() to avoid a 'zipfile.BadZipFile: Bad CRC-32 for file' exception when reading a ZipFile from multiple threads. - bpo-38256: Fix binascii.crc32() when it is compiled to use zlib'c crc32 to work properly on inputs 4+GiB in length instead of returning the wrong result. The workaround prior to this was to always feed the function data in increments smaller than 4GiB or to just call the zlib module function. - bpo-39394: A warning about inline flags not at the start of the regular expression now contains the position of the flag. - bpo-47061: Deprecate the various modules listed by PEP 594: - aifc, asynchat, asyncore, audioop, cgi, cgitb, chunk, crypt, imghdr, msilib, nntplib, nis, ossaudiodev, pipes, smtpd, sndhdr, spwd, sunau, telnetlib, uu, xdrlib - bpo-2604: Fix bug where doctests using globals would fail when run multiple times. - bpo-45997: Fix asyncio.Semaphore re-aquiring FIFO order. - bpo-47022: The asynchat, asyncore and smtpd modules have been deprecated since at least Python 3.6. Their documentation and deprecation warnings and have now been updated to note they will removed in Python 3.12 (PEP 594). - bpo-46421: Fix a unittest issue where if the command was invoked as python -m unittest and the filename(s) began with a dot (.), a ValueError is returned. - bpo-40296: Fix supporting generic aliases in pydoc.

Update to 3.10.3: - bpo-46940: Avoid overriding AttributeError metadata information for nested attribute access calls. Patch by Pablo Galindo. - bpo-46852: Rename the private undocumented float.__set_format__() method to float.__setformat__() to fix a typo introduced in Python 3.7. The method is only used by test_float. Patch by Victor Stinner. - bpo-46794: Bump up the libexpat version into 2.4.6 - bpo-46820: Fix parsing a numeric literal immediately (without spaces) followed by 'not in' keywords, like in 1not in x. Now the parser only emits a warning, not a syntax error. - bpo-46762: Fix an assert failure in debug builds when a '<', '>', or '=' is the last character in an f-string that's missing a closing right brace. - bpo-46724: Make sure that all backwards jumps use the JUMP_ABSOLUTE instruction, rather than JUMP_FORWARD with an argument of (2**32)+offset. - bpo-46732: Correct the docstring for the __bool__() method. Patch by Jelle Zijlstra. - bpo-46707: Avoid potential exponential backtracking when producing some syntax errors involving lots of brackets. Patch by Pablo Galindo. - bpo-40479: Add a missing call to va_end() in Modules/_hashopenssl.c. - bpo-46615: When iterating over sets internally in setobject.c, acquire strong references to the resulting items from the set. This prevents crashes in corner-cases of various set operations where the set gets mutated. - bpo-45773: Remove two invalid 'peephole' optimizations from the bytecode compiler. - bpo-43721: Fix docstrings of getter, setter, and deleter to clarify that they create a new copy of the property. - bpo-46503: Fix an assert when parsing some invalid N escape sequences in f-strings. - bpo-46417: Fix a race condition on setting a type __bases__ attribute: the internal function add_subclass() now gets the PyTypeObject.tp_subclasses member after calling PyWeakref_NewRef() which can trigger a garbage collection which can indirectly modify PyTypeObject.tp_subclasses. Patch by Victor Stinner. - bpo-46383: Fix invalid signature of _zoneinfo's module_free function to resolve a crash on wasm32-emscripten platform. - bpo-46070: Py_EndInterpreter() now explicitly untracks all objects currently tracked by the GC. Previously, if an object was used later by another interpreter, calling PyObject_GC_UnTrack() on the object crashed if the previous or the next object of the PyGC_Head structure became a dangling pointer. Patch by Victor Stinner. - bpo-46339: Fix a crash in the parser when retrieving the error text for multi-line f-strings expressions that do not start in the first line of the string. Patch by Pablo Galindo - bpo-46240: Correct the error message for unclosed parentheses when the tokenizer doesn't reach the end of the source when the error is reported. Patch by Pablo Galindo - bpo-46091: Correctly calculate indentation levels for lines with whitespace character that are ended by line continuation characters. Patch by Pablo Galindo - bpo-43253: Fix a crash when closing transports where the underlying socket handle is already invalid on the Proactor event loop. - bpo-47004: Apply bugfixes from importlib_metadata 4.11.3, including bugfix for EntryPoint.extras, which was returning match objects and not the extras strings. - bpo-46985: Upgrade pip wheel bundled with ensurepip (pip 22.0.4) - bpo-46968: faulthandler: On Linux 5.14 and newer, dynamically determine size of signal handler stack size CPython allocates using getauxval(AT_MINSIGSTKSZ). This changes allows for Python extension's request to Linux kernel to use AMX_TILE instruction set on Sapphire Rapids Xeon processor to succeed, unblocking use of the ISA in frameworks. - bpo-46955: Expose asyncio.base_events.Server as asyncio.Server. Patch by Stefan Zabka. - bpo-23325: The signal module no longer assumes that SIG_IGN and SIG_DFL are small int singletons. - bpo-46932: Update bundled libexpat to 2.4.7 - bpo-25707: Fixed a file leak in xml.etree.ElementTree.iterparse() when the iterator is not exhausted. Patch by Jacob Walls. - bpo-44886: Inherit asyncio proactor datagram transport from asyncio.DatagramTransport. - bpo-46827: Support UDP sockets in asyncio.loop.sock_connect() for selector-based event loops. Patch by Thomas Grainger. - bpo-46811: Make test suite support Expat >=2.4.5 - bpo-46252: Raise TypeError if ssl.SSLSocket is passed to transport-based APIs. - bpo-46784: Fix libexpat symbols collisions with user dynamically loaded or statically linked libexpat in embedded Python. - bpo-39327: shutil.rmtree() can now work with VirtualBox shared folders when running from the guest operating-system. - bpo-46756: Fix a bug in urllib.request.HTTPPasswordMgr.find_user_password() and urllib.request.HTTPPasswordMgrWithPriorAuth.is_authenticated() which allowed to bypass authorization. For example, access to URI example.org/foobar was allowed if the user was authorized for URI example.org/foo. - bpo-46643: In typing.get_type_hints(), support evaluating stringified ParamSpecArgs and ParamSpecKwargs annotations. Patch by Gregory Beauregard. - bpo-45863: When the tarfile module creates a pax format archive, it will put an integer representation of timestamps in the ustar header (if possible) for the benefit of older unarchivers, in addition to the existing full-precision timestamps in the pax extended header. - bpo-46676: Make typing.ParamSpec args and kwargs equal to themselves. Patch by Gregory Beauregard. - bpo-46672: Fix NameError in asyncio.gather() when initial type check fails. - bpo-46655: In typing.get_type_hints(), support evaluating bare stringified TypeAlias annotations. Patch by Gregory Beauregard. - bpo-45948: Fixed a discrepancy in the C implementation of the xml.etree.ElementTree module. Now, instantiating an xml.etree.ElementTree.XMLParser with a target=None keyword provides a default xml.etree.ElementTree.TreeBuilder target as the Python implementation does. - bpo-46521: Fix a bug in the codeop module that was incorrectly identifying invalid code involving string quotes as valid code. - bpo-46581: Brings ParamSpec propagation for GenericAlias in line with Concatenate (and others). - bpo-46591: Make the IDLE doc URL on the About IDLE dialog clickable. - bpo-46400: expat: Update libexpat from 2.4.1 to 2.4.4 - bpo-46487: Add the get_write_buffer_limits method to asyncio.transports.WriteTransport and to the SSL transport. - bpo-45173: Note the configparser deprecations will be removed in Python 3.12. - bpo-46539: In typing.get_type_hints(), support evaluating stringified ClassVar and Final annotations inside Annotated. Patch by Gregory Beauregard. - bpo-46491: Allow typing.Annotated to wrap typing.Final and typing.ClassVar. Patch by Gregory Beauregard. - bpo-46436: Fix command-line option -d/--directory in module http.server which is ignored when combined with command-line option --cgi. Patch by Géry Ogam. - bpo-41403: Make mock.patch() raise a TypeError with a relevant error message on invalid arg. Previously it allowed a cryptic AttributeError to escape. - bpo-46474: In importlib.metadata.EntryPoint.pattern, avoid potential REDoS by limiting ambiguity in consecutive whitespace. - bpo-46469: asyncio generic classes now return types.GenericAlias in __class_getitem__ instead of the same class. - bpo-46434: pdb now gracefully handles help when __doc__ is missing, for example when run with pregenerated optimized .pyc files. - bpo-46333: The __eq__() and __hash__() methods of typing.ForwardRef now honor the module parameter of typing.ForwardRef. Forward references from different modules are now differentiated. - bpo-46246: Add missing __slots__ to importlib.metadata.DeprecatedList. Patch by Arie Bovenberg. - bpo-46266: Improve day constants in calendar. - Now all constants (MONDAY ... SUNDAY) are documented, tested, and added to __all__. - bpo-46232: The ssl module now handles certificates with bit strings in DN correctly. - bpo-43118: Fix a bug in inspect.signature() that was causing it to fail on some subclasses of classes with a __text_signature__ referencing module globals. Patch by Weipeng Hong. - bpo-26552: Fixed case where failing asyncio.ensure_future() did not close the coroutine. Patch by Kumar Aditya. - bpo-21987: Fix an issue with tarfile.TarFile.getmember() getting a directory name with a trailing slash. - bpo-20392: Fix inconsistency with uppercase file extensions in MimeTypes.guess_type(). Patch by Kumar Aditya. - bpo-46080: Fix exception in argparse help text generation if a argparse.BooleanOptionalAction argument's default is argparse.SUPPRESS and it has help specified. Patch by Felix Fontein. - bpo-44439: Fix .write() method of a member file in ZipFile, when the input data is an object that supports the buffer protocol, the file length may be wrong. - bpo-45703: When a namespace package is imported before another module from the same namespace is created/installed in a different sys.path location while the program is running, calling the importlib.invalidate_caches() function will now also guarantee the new module is noticed. - bpo-24959: Fix bug where unittest sometimes drops frames from tracebacks of exceptions raised in tests. - bpo-44791: Fix substitution of ParamSpec in Concatenate with different parameter expressions. Substitution with a list of types returns now a tuple of types. Substitution with Concatenate returns now a Concatenate with concatenated lists of arguments. - bpo-14156: argparse.FileType now supports an argument of '-' in binary mode, returning the .buffer attribute of sys.stdin/sys.stdout as appropriate. Modes including 'x' and 'a' are treated equivalently to 'w' when argument is '-'. Patch contributed by Josh Rosenberg - bpo-46463: Fixes escape4chm.py script used when building the CHM documentation file - bpo-46913: Fix test_faulthandler.test_sigfpe() if Python is built with undefined behavior sanitizer (UBSAN): disable UBSAN on the faulthandler_sigfpe() function. Patch by Victor Stinner. - bpo-46708: Prevent default asyncio event loop policy modification warning after test_asyncio execution. - bpo-46678: The function make_legacy_pyc in Lib/test/support/import_helper.py no longer fails when PYTHONPYCACHEPREFIX is set to a directory on a different device from where tempfiles are stored. - bpo-46616: Ensures test_importlib.test_windows cleans up registry keys after completion. - bpo-44359: test_ftplib now silently ignores socket errors to prevent logging unhandled threading exceptions. Patch by Victor Stinner. - bpo-46542: Fix a Python crash in test_lib2to3 when using Python built in debug mode: limit the recursion limit. Patch by Victor Stinner. - bpo-46576: test_peg_generator now disables compiler optimization when testing compilation of its own C extensions to significantly speed up the testing on non-debug builds of CPython. - bpo-46542: Fix test_json tests checking for RecursionError: modify these tests to use support.infinite_recursion(). Patch by Victor Stinner. - bpo-13886: Skip test_builtin PTY tests on non-ASCII characters if the readline module is loaded. The readline module changes input() behavior, but test_builtin is not intented to test the readline module. Patch by Victor Stinner. - bpo-38472: Fix GCC detection in setup.py when cross-compiling. The C compiler is now run with LC_ALL=C. Previously, the detection failed with a German locale. - bpo-46513: configure no longer uses AC_C_CHAR_UNSIGNED macro and pyconfig.h no longer defines reserved symbol __CHAR_UNSIGNED__. - bpo-45296: Clarify close, quit, and exit in IDLE. In the File menu, 'Close' and 'Exit' are now 'Close Window' (the current one) and 'Exit' is now 'Exit IDLE' (by closing all windows). In Shell, 'quit()' and 'exit()' mean 'close Shell'. If there are no other windows, this also exits IDLE. - bpo-45447: Apply IDLE syntax highlighting to pyi files. Patch by Alex Waygood and Terry Jan Reedy. - bpo-46433: The internal function _PyType_GetModuleByDef now correctly handles inheritance patterns involving static types. - bpo-14916: Fixed bug in the tokenizer that prevented PyRun_InteractiveOne from parsing from the provided FD.

Advisory ID	SUSE-SU-2022:2292-1
Released	Wed Jul 6 13:05:01 2022
Summary	Security update for php7
Type	security
Severity	important
References	1193041,1200628,1200645,CVE-2021-21707,CVE-2022-31625,CVE-2022-31626

Description:

This update for php7 fixes the following issues:

CVE-2021-21707: Fixed a special character breaks path in xml parsing. (bsc#1193041)
CVE-2022-31625: Fixed uninitialized pointers free in Postgres extension. (bsc#1200645)
CVE-2022-31626: Fixed buffer overflow via user-supplied password when using pdo_mysql extension with mysqlnd driver. (bsc#1200628)

Advisory ID	SUSE-SU-2022:2294-1
Released	Wed Jul 6 13:34:15 2022
Summary	Security update for expat
Type	security
Severity	important
References	1196025,1196026,1196168,1196169,1196171,1196784,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315

Description:

This update for expat fixes the following issues:

CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025).
Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784).
CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026).
CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168).
CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169).
CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171).

Advisory ID	SUSE-SU-2022:2295-1
Released	Wed Jul 6 13:34:38 2022
Summary	Security update for 389-ds
Type	security
Severity	important
References	1195324,1199889,CVE-2021-4091,CVE-2022-1949

Description:

This update for 389-ds fixes the following issues:

CVE-2021-4091: Fixed double free in psearch (bsc#1195324).
CVE-2022-1949: Fixed full access control bypass with simple crafted query (bsc#1199889).

Advisory ID	SUSE-SU-2022:2296-1
Released	Wed Jul 6 13:35:00 2022
Summary	Security update for xen
Type	security
Severity	important
References	1027519,1199965,1199966,CVE-2022-26362,CVE-2022-26363,CVE-2022-26364

Description:

This update for xen fixes the following issues:

CVE-2022-26362: Fixed race condition in typeref acquisition (bsc#1199965)
CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (bsc#1199966)

Advisory ID	SUSE-SU-2022:2297-1
Released	Wed Jul 6 13:35:19 2022
Summary	Security update for python-Twisted
Type	security
Severity	important
References	1196739,CVE-2022-21716

Description:

This update for python-Twisted fixes the following issues:

CVE-2022-21716: Fixed that ssh server accepts an infinite amount of data using all the available memory (bsc#1196739).

Advisory ID	SUSE-SU-2022:2298-1
Released	Wed Jul 6 13:35:44 2022
Summary	Security update for liblouis
Type	security
Severity	important
References	1197085,1200120,CVE-2022-26981,CVE-2022-31783

Description:

This update for liblouis fixes the following issues:

CVE-2022-26981: fix buffer overrun in compilePassOpcode (bsc#1197085).
CVE-2022-31783: prevent an invalid memory write in compileRule (bsc#1200120).

Advisory ID	SUSE-RU-2022:2299-1
Released	Wed Jul 6 13:36:05 2022
Summary	Recommended update for yast2-kdump
Type	recommended
Severity	moderate
References

Description:

This update for yast2-kdump fixes the following issues:

Do not limit to kdumptool MaxLow when using fadump. (jsc#SLE-21644)

Advisory ID	SUSE-RU-2022:2300-1
Released	Wed Jul 6 13:36:19 2022
Summary	Recommended update for open-iscsi
Type	recommended
Severity	moderate
References	1198457,1199264

Description:

This update for open-iscsi fixes the following issues:

Set initiatorname in %post (at end of install), for cases where root is read-only at startup time (bsc#1198457)

Update to latest upstream, including: Added 'distclean' to Makefile targets. Ensure Makefile '.PHONY' targets set up correctly. Fix an iscsid logout bug generating a false error and cleanup logout error messages. Updated/fixed test script. Updated build system. Syntax error in ibft-rule-generator. (bsc#1199264)

Advisory ID	SUSE-SU-2022:2301-1
Released	Wed Jul 6 13:36:39 2022
Summary	Security update for ImageMagick
Type	security
Severity	moderate
References	1200387,1200388,1200389,CVE-2022-32545,CVE-2022-32546,CVE-2022-32547

Description:

This update for ImageMagick fixes the following issues:
- CVE-2022-32545: Fixed an outside the range of representable values of type. (bsc#1200388) - CVE-2022-32546: Fixed an outside the range of representable values of type. (bsc#1200389) - CVE-2022-32547: Fixed a load of misaligned address at MagickCore/property.c. (bsc#1200387)

Advisory ID	SUSE-SU-2022:2302-1
Released	Wed Jul 6 13:37:15 2022
Summary	Security update for apache2
Type	security
Severity	important
References	1198913,1200338,1200340,1200341,1200345,1200348,1200350,1200352,CVE-2022-26377,CVE-2022-28614,CVE-2022-28615,CVE-2022-29404,CVE-2022-30522,CVE-2022-30556,CVE-2022-31813

Description:

This update for apache2 fixes the following issues:
- CVE-2022-26377: Fixed possible request smuggling in mod_proxy_ajp (bsc#1200338) - CVE-2022-28614: Fixed read beyond bounds via ap_rwrite() (bsc#1200340) - CVE-2022-28615: Fixed read beyond bounds in ap_strcmp_match() (bsc#1200341) - CVE-2022-29404: Fixed denial of service in mod_lua r:parsebody (bsc#1200345) - CVE-2022-30556: Fixed information disclosure in mod_lua with websockets (bsc#1200350) - CVE-2022-30522: Fixed mod_sed denial of service (bsc#1200352) - CVE-2022-31813: Fixed mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism (bsc#1200348)

Advisory ID	SUSE-SU-2022:2303-1
Released	Wed Jul 6 13:37:48 2022
Summary	Security update for php8
Type	security
Severity	important
References	1193041,1200628,1200645,CVE-2021-21707,CVE-2022-31625,CVE-2022-31626

Description:

This update for php8 fixes the following issues:

CVE-2021-21707: Fixed a special character that breaks path in xml parsing. (bsc#1193041)
CVE-2022-31625: Fixed uninitialized pointers free in Postgres extension. (bsc#1200645)
CVE-2022-31626: Fixed buffer overflow via user-supplied password when using pdo_mysql extension with mysqlnd driver. (bsc#1200628)

Advisory ID	SUSE-SU-2022:2304-1
Released	Wed Jul 6 13:38:14 2022
Summary	Security update for salt
Type	security
Severity	important
References	1200566,CVE-2022-22967

Description:

This update for salt fixes the following issues:

CVE-2022-22967: Fixed missing check for PAM_ACCT_MGM return value that could be used to bypass authentication when using PAM (bsc#1200566)

Advisory ID	SUSE-SU-2022:2305-1
Released	Wed Jul 6 13:38:42 2022
Summary	Security update for curl
Type	security
Severity	important
References	1200734,1200735,1200736,1200737,CVE-2022-32205,CVE-2022-32206,CVE-2022-32207,CVE-2022-32208

Description:

This update for curl fixes the following issues:

CVE-2022-32205: Set-Cookie denial of service (bsc#1200734)
CVE-2022-32206: HTTP compression denial of service (bsc#1200735)
CVE-2022-32207: Unpreserved file permissions (bsc#1200736)
CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737)

Advisory ID	SUSE-SU-2022:2306-1
Released	Wed Jul 6 13:49:24 2022
Summary	Security update for openssl-3
Type	security
Severity	important
References	1185637,1199166,1199167,1199168,1199169,1200550,1201099,CVE-2022-1292,CVE-2022-1343,CVE-2022-1434,CVE-2022-1473,CVE-2022-2068,CVE-2022-2097

Description:

This update for openssl-3 fixes the following issues:

CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550)
CVE-2022-1292: Properly sanitise shell metacharacters in c_rehash script. (bsc#1199166)
CVE-2022-1343: Fixed incorrect signature verification in OCSP_basic_verify (bsc#1199167).
CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099).
CVE-2022-1434: Fixed incorrect MAC key used in the RC4-MD5 ciphersuite (bsc#1199168).
CVE-2022-1473: Fixed resource leakage when decoding certificates and keys (bsc#1199169).

Advisory ID	SUSE-SU-2022:2307-1
Released	Wed Jul 6 14:04:19 2022
Summary	Security update for ldb, samba
Type	security
Severity	moderate
References	1080338,1118508,1173429,1195896,1196224,1196308,1196788,1197995,1198255,1199247,1199362,CVE-2021-3670

Description:

This update for ldb, samba fixes the following issues:
ldb was updated to version 2.4.2 to fix:

Fix for CVE-2021-3670, ensure that the LDB request has not timed out during filter processing as the LDAP server MaxQueryDuration is otherwise not honoured.

samba was updated to fix:

Revert NIS support removal; (bsc#1199247);

Use requires_eq macro to require the libldb2 version available at samba-dsdb-modules build time; (bsc#1199362);

Add missing samba-client requirement to samba-winbind package; (bsc#1198255);

Update to 4.15.7

Share and server swapped in smbget password prompt; (bso#14831);
Durable handles won't reconnect if the leased file is written to; (bso#15022);
rmdir silently fails if directory contains unreadable files and hide unreadable is yes; (bso#15023);
SMB2_CLOSE_FLAGS_FULL_INFORMATION fails to return information on renamed file handle; (bso#15038);
vfs_shadow_copy2 breaks 'smbd async dosmode' sync fallback; (bso#14957);
shadow_copy2 fails listing snapshotted dirs with shadow:fixinodes; (bso#15035);
PAM Kerberos authentication incorrectly fails with a clock skew error; (bso#15046);
username map - samba erroneously applies unix group memberships to user account entries; (bso#15041);
NT_STATUS_ACCESS_DENIED translates into EPERM instead of EACCES in SMBC_server_internal; (bso#14983);
Simple bind doesn't work against an RODC (with non-preloaded users); (bso#13879);
Crash of winbind on RODC; (bso#14641);
uncached logon on RODC always fails once; (bso#14865);
KVNO off by 100000; (bso#14951);
LDAP simple binds should honour 'old password allowed period'; (bso#15001);
wbinfo -a doesn't work reliable with upn names; (bso#15003);
Simple bind doesn't work against an RODC (with non-preloaded users); (bso#13879);
Uninitialized litemask in variable in vfs_gpfs module; (bso#15027);
Regression: create krb5 conf = yes doesn't work with a single KDC; (bso#15016);

Add provides to samba-client-libs package to fix upgrades from previous versions; (bsc#1197995);

Add missing samba-libs requirement to samba-winbind package; (bsc#1198255);

Update to 4.15.6

Renaming file on DFS root fails with NT_STATUS_OBJECT_PATH_NOT_FOUND; (bso#14169);
Samba does not response STATUS_INVALID_PARAMETER when opening 2 objects with same lease key; (bso#14737);
NT error code is not set when overwriting a file during rename in libsmbclient; (bso#14938);
Fix ldap simple bind with TLS auditing; (bso#14996);
net ads info shows LDAP Server: 0.0.0.0 depending on contacted server; (bso#14674);
Problem when winbind renews Kerberos; (bso#14979); (bsc#1196224);
pam_winbind will not allow gdm login if password about to expire; (bso#8691);
virusfilter_vfs_openat: Not scanned: Directory or special file; (bso#14971);
DFS fix for AIX broken; (bso#13631);
Solaris and AIX acl modules: wrong function arguments; (bso#14974);
Function aixacl_sys_acl_get_file not declared / coredump; (bso#7239);
Regression: Samba 4.15.2 on macOS segfaults intermittently during strcpy in tdbsam_getsampwnam; (bso#14900);
Fix a use-after-free in SMB1 server; (bso#14989);
smb2_signing_decrypt_pdu() may not decrypt with gnutls_aead_cipher_decrypt() from gnutls before 3.5.2; (bso#14968);
Changing the machine password against an RODC likely destroys the domain join; (bso#14984);
authsam_make_user_info_dc() steals memory from its struct ldb_message *msg argument; (bso#14993);
Use Heimdal 8.0 (pre) rather than an earlier snapshot; (bso#14995);
Samba autorid fails to map AD users if id rangesize fits in the id range only once; (bso#14967);

Other SUSE fixes:

Fix mismatched version of libldb2; (bsc#1196788).
Drop obsolete SuSEfirewall2 service files.
Drop obsolete Samba fsrvp v0->v1 state upgrade functionality; (bsc#1080338).
Fix ntlm authentications with 'winbind use default domain = yes'; (bso#13126); (bsc#1173429); (bsc#1196308).
Fix samba-ad-dc status warning notification message by disabling systemd notifications in bgqd; (bsc#1195896); (bso#14947).
libldb version mismatch in Samba dsdb component; (bsc#1118508);

Advisory ID	SUSE-SU-2022:2313-1
Released	Wed Jul 6 16:13:05 2022
Summary	Security update for MozillaFirefox
Type	security
Severity	important
References	1200793,CVE-2022-2200,CVE-2022-31744,CVE-2022-34468,CVE-2022-34470,CVE-2022-34472,CVE-2022-34478,CVE-2022-34479,CVE-2022-34481,CVE-2022-34484

Description:

This update for MozillaFirefox fixes the following issues:
Update to Firefox Extended Support Release 91.11.0 ESR (MFSA 2022-25) (bsc#1200793):

CVE-2022-2200: Undesired attributes could be set as part of prototype pollution (bmo#1771381)
CVE-2022-31744: CSP bypass enabling stylesheet injection (bmo#1757604)
CVE-2022-34468: CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI (bmo#1768537)
CVE-2022-34470: Use-after-free in nsSHistory (bmo#1765951)
CVE-2022-34472: Unavailable PAC file resulted in OCSP requests being blocked (bmo#1770123)
CVE-2022-34478: Microsoft protocols can be attacked if a user accepts a prompt (bmo#1773717)
CVE-2022-34479: A popup window could be resized in a way to overlay the address bar with web content (bmo#1745595)
CVE-2022-34481: Potential integer overflow in ReplaceElementsAt (bmo#1497246)
CVE-2022-34484: Memory safety bugs fixed in Firefox 102 and Firefox ESR 91.11 (bmo#1763634, bmo#1772651)

Advisory ID	SUSE-SU-2022:2320-1
Released	Thu Jul 7 10:04:33 2022
Summary	Security update for MozillaThunderbird
Type	security
Severity	important
References	1200793,CVE-2022-2200,CVE-2022-2226,CVE-2022-31744,CVE-2022-34468,CVE-2022-34470,CVE-2022-34472,CVE-2022-34478,CVE-2022-34479,CVE-2022-34481,CVE-2022-34484

Description:

This update for MozillaThunderbird fixes the following issues:
- CVE-2022-2200: Undesired attributes could be set as part of prototype pollution (bmo#1771381) - CVE-2022-2226: An email with a mismatching OpenPGP signature date was accepted as valid (bmo#1775441) - CVE-2022-31744: CSP bypass enabling stylesheet injection (bmo#1757604) - CVE-2022-34468: CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI (bmo#1768537) - CVE-2022-34470: Use-after-free in nsSHistory (bmo#1765951) - CVE-2022-34472: Unavailable PAC file resulted in OCSP requests being blocked (bmo#1770123) - CVE-2022-34478: Microsoft protocols can be attacked if a user accepts a prompt (bmo#1773717) - CVE-2022-34479: A popup window could be resized in a way to overlay the address bar with web content (bmo#1745595) - CVE-2022-34481: Potential integer overflow in ReplaceElementsAt (bmo#1497246) - CVE-2022-34484: Memory safety bugs fixed in Thunderbird 91.11 and Thunderbird 102 (bmo#1763634, bmo#1772651)

Advisory ID	SUSE-SU-2022:2321-1
Released	Thu Jul 7 11:02:05 2022
Summary	Security update for openssl-1_0_0
Type	security
Severity	moderate
References	1199166,1200550,CVE-2022-1292,CVE-2022-2068

Description:

This update for openssl-1_0_0 fixes the following issues:

CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166).
CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550)

Advisory ID	SUSE-SU-2022:2322-1
Released	Thu Jul 7 11:34:54 2022
Summary	Security update for fwupd
Type	security
Severity	important
References	1198581

Description:

This update of fwupd fixes the following issue:

rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581)

Advisory ID	SUSE-RU-2022:2323-1
Released	Thu Jul 7 12:16:58 2022
Summary	Recommended update for systemd-presets-branding-SLE
Type	recommended
Severity	low
References

Description:

This update for systemd-presets-branding-SLE fixes the following issues:

Enable suseconnect-keepalive.timer for SUSEConnect (jsc#SLE-23312)

Advisory ID	SUSE-SU-2022:2325-1
Released	Thu Jul 7 13:52:57 2022
Summary	Security update for resource-agents
Type	security
Severity	important
References	1146691,1196164,1197956,1199766

Description:

This update for resource-agents fixes the following issues:

Fixed predictable log file in /tmp in mariadb.in (bsc#1146691).
Allow aws-vpc-move-ip to specify an interface label to distinguish the IP address (bsc#1199766)
Implement options to disable DAD and to allow sending NA in the background (bsc#1196164)
Imporove error message if monpassword was not set (bsc#1197956)

Advisory ID	SUSE-RU-2022:2330-1
Released	Thu Jul 7 15:32:05 2022
Summary	Recommended update for lifecycle-data-sle-module-live-patching
Type	recommended
Severity	low
References	1020320

Description:

This update for lifecycle-data-sle-module-live-patching fixes the following issues:

Added data for 4_12_14-150000_150_89, 4_12_14-150100_197_111, 5_3_18-150200_24_112, 5_3_18-150300_59_60, 5_3_18-150300_59_63. (bsc#1020320)

Advisory ID	SUSE-SU-2022:2340-1
Released	Fri Jul 8 16:04:13 2022
Summary	Security update for fwupdate
Type	security
Severity	important
References	1198581

Description:

This update of fwupdate fixes the following issue:

rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581)

Advisory ID	SUSE-SU-2022:2341-1
Released	Fri Jul 8 16:09:12 2022
Summary	Security update for containerd, docker and runc
Type	security
Severity	important
References	1192051,1199460,1199565,1200088,1200145,CVE-2022-29162,CVE-2022-31030

Description:

This update for containerd, docker and runc fixes the following issues:
containerd:

CVE-2022-31030: Fixed denial of service via invocation of the ExecSync API (bsc#1200145)

docker:

Update to Docker 20.10.17-ce. See upstream changelog online at https://docs.docker.com/engine/release-notes/#201017. (bsc#1200145)

runc:
Update to runc v1.1.3.
Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.3.

Our seccomp `-ENOSYS` stub now correctly handles multiplexed syscalls on s390 and s390x. This solves the issue where syscalls the host kernel did not support would return `-EPERM` despite the existence of the `-ENOSYS` stub code (this was due to how s390x does syscall multiplexing).
Retry on dbus disconnect logic in libcontainer/cgroups/systemd now works as intended; this fix does not affect runc binary itself but is important for libcontainer users such as Kubernetes.
Inability to compile with recent clang due to an issue with duplicate constants in libseccomp-golang.
When using systemd cgroup driver, skip adding device paths that don't exist, to stop systemd from emitting warnings about those paths.
Socket activation was failing when more than 3 sockets were used.
Various CI fixes.
Allow to bind mount /proc/sys/kernel/ns_last_pid to inside container.
Fixed issues with newer syscalls (namely faccessat2) on older kernels on s390(x) caused by that platform's syscall multiplexing semantics. (bsc#1192051 bsc#1199565)

Update to runc v1.1.2.
Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.2.
Security issue fixed:

CVE-2022-29162: A bug was found in runc where runc exec --cap executed processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment. (bsc#1199460)

`runc spec` no longer sets any inheritable capabilities in the created example OCI spec (`config.json`) file.

Update to runc v1.1.1.
Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.1.

runc run/start can now run a container with read-only /dev in OCI spec, rather than error out. (#3355)
runc exec now ensures that --cgroup argument is a sub-cgroup. (#3403) libcontainer systemd v2 manager no longer errors out if one of the files listed in /sys/kernel/cgroup/delegate do not exist in container's cgroup. (#3387, #3404)
Loosen OCI spec validation to avoid bogus 'Intel RDT is not supported' error. (#3406)
libcontainer/cgroups no longer panics in cgroup v1 managers if stat of /sys/fs/cgroup/unified returns an error other than ENOENT. (#3435)

Update to runc v1.1.0.
Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0.

libcontainer will now refuse to build without the nsenter package being correctly compiled (specifically this requires CGO to be enabled). This should avoid folks accidentally creating broken runc binaries (and incorrectly importing our internal libraries into their projects). (#3331)

Update to runc v1.1.0~rc1.
Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0-rc.1.

Add support for RDMA cgroup added in Linux 4.11.
runc exec now produces exit code of 255 when the exec failed. This may help in distinguishing between runc exec failures (such as invalid options, non-running container or non-existent binary etc.) and failures of the command being executed.
runc run: new --keep option to skip removal exited containers artefacts. This might be useful to check the state (e.g. of cgroup controllers) after the container hasexited.
seccomp: add support for SCMP_ACT_KILL_PROCESS and SCMP_ACT_KILL_THREAD (the latter is just an alias for SCMP_ACT_KILL).
seccomp: add support for SCMP_ACT_NOTIFY (seccomp actions). This allows users to create sophisticated seccomp filters where syscalls can be efficiently emulated by privileged processes on the host.
checkpoint/restore: add an option (--lsm-mount-context) to set a different LSM mount context on restore.
intelrdt: support ClosID parameter.
runc exec --cgroup: an option to specify a (non-top) in-container cgroup to use for the process being executed.
cgroup v1 controllers now support hybrid hierarchy (i.e. when on a cgroup v1 machine a cgroup2 filesystem is mounted to /sys/fs/cgroup/unified, runc run/exec now adds the container to the appropriate cgroup under it).
sysctl: allow slashes in sysctl names, to better match sysctl(8)'s behaviour.
mounts: add support for bind-mounts which are inaccessible after switching the user namespace. Note that this does not permit the container any additional access to the host filesystem, it simply allows containers to have bind-mounts configured for paths the user can access but have restrictive access control settings for other users.
Add support for recursive mount attributes using mount_setattr(2). These have the same names as the proposed mount(8) options -- just prepend r to the option name (such as rro).
Add runc features subcommand to allow runc users to detect what features runc has been built with. This includes critical information such as supported mount flags, hook names, and so on. Note that the output of this command is subject to change and will not be considered stable until runc 1.2 at the earliest. The runtime-spec specification for this feature is being developed in opencontainers/runtime-spec#1130.
system: improve performance of /proc/$pid/stat parsing.
cgroup2: when /sys/fs/cgroup is configured as a read-write mount, change the ownership of certain cgroup control files (as per /sys/kernel/cgroup/delegate) to allow for proper deferral to the container process.
runc checkpoint/restore: fixed for containers with an external bind mount which destination is a symlink.
cgroup: improve openat2 handling for cgroup directory handle hardening. runc delete -f now succeeds (rather than timing out) on a paused container.
runc run/start/exec now refuses a frozen cgroup (paused container in case of exec). Users can disable this using --ignore-paused.
Update version data embedded in binary to correctly include the git commit of the release.

Advisory ID	SUSE-SU-2022:2354-1
Released	Mon Jul 11 12:21:13 2022
Summary	Security update for freerdp
Type	security
Severity	critical
References	1198919,1198921,CVE-2022-24882,CVE-2022-24883

Description:

This update for freerdp fixes the following issues:

CVE-2022-24882: Fixed incorrect check parameters in NTLM (bsc#1198919).
CVE-2022-24883: Fixed authentication against invalid SAM files (bsc#1198921).

Advisory ID	SUSE-RU-2022:2355-1
Released	Mon Jul 11 12:44:33 2022
Summary	Recommended update for python-cryptography
Type	recommended
Severity	moderate
References	1198331,CVE-2020-25659

Description:

This update for python-cryptography fixes the following issues:
python-cryptography was updated to 3.3.2.
update to 3.3.0:

BACKWARDS INCOMPATIBLE: The GCM and AESGCM now require 64-bit to 1024-bit (8 byte to 128 byte) initialization vectors. This change is to conform with an upcoming OpenSSL release that will no longer support sizes outside this window.
BACKWARDS INCOMPATIBLE: When deserializing asymmetric keys we now raise ValueError rather than UnsupportedAlgorithm when an unsupported cipher is used. This change is to conform with an upcoming OpenSSL release that will no longer distinguish between error types.
BACKWARDS INCOMPATIBLE: We no longer allow loading of finite field Diffie-Hellman parameters of less than 512 bits in length. This change is to conform with an upcoming OpenSSL release that no longer supports smaller sizes. These keys were already wildly insecure and should not have been used in any application outside of testing.
Added the recover_data_from_signature() function to RSAPublicKey for recovering the signed data from an RSA signature.

Update to 3.2.1:
Disable blinding on RSA public keys to address an error with some versions of OpenSSL.
update to 3.2 (bsc#1178168, CVE-2020-25659):

CVE-2020-25659: Attempted to make RSA PKCS#1v1.5 decryption more constant time, to protect against Bleichenbacher vulnerabilities. Due to limitations imposed by our API, we cannot completely mitigate this vulnerability.
Added basic support for PKCS7 signing (including SMIME) via PKCS7SignatureBuilder.

update to 3.1:

**BACKWARDS INCOMPATIBLE:** Removed support for ``idna`` based :term:`U-label` parsing in various X.509 classes. This support was originally deprecated in version 2.1 and moved to an extra in 2.5.
``backend`` arguments to functions are no longer required and the default backend will automatically be selected if no ``backend`` is provided.
Added initial support for parsing certificates from PKCS7 files with :func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_pem_pkcs7_certificates` and :func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_der_pkcs7_certificates` .
Calling ``update`` or ``update_into`` on :class:`~cryptography.hazmat.primitives.ciphers.CipherContext` with ``data`` longer than 2\ :sup:`31` bytes no longer raises an ``OverflowError``. This also resolves the same issue in :doc:`/fernet`.

update to 3.0:

RSA generate_private_key() no longer accepts public_exponent values except 65537 and 3 (the latter for legacy purposes).
X.509 certificate parsing now enforces that the version field contains a valid value, rather than deferring this check until version is accessed.
Deprecated support for Python 2
Added support for OpenSSH serialization format for ec, ed25519, rsa and dsa private keys: load_ssh_private_key() for loading and OpenSSH for writing.
Added support for OpenSSH certificates to load_ssh_public_key().
Added encrypt_at_time() and decrypt_at_time() to Fernet.
Added support for the SubjectInformationAccess X.509 extension.
Added support for parsing SignedCertificateTimestamps in OCSP responses.
Added support for parsing attributes in certificate signing requests via get_attribute_for_oid().
Added support for encoding attributes in certificate signing requests via add_attribute().
On OpenSSL 1.1.1d and higher cryptography now uses OpenSSL’s built-in CSPRNG instead of its own OS random engine because these versions of OpenSSL properly reseed on fork.
Added initial support for creating PKCS12 files with serialize_key_and_certificates().

Update to 2.9:

BACKWARDS INCOMPATIBLE: Support for Python 3.4 has been removed due to low usage and maintenance burden.
BACKWARDS INCOMPATIBLE: Support for OpenSSL 1.0.1 has been removed. Users on older version of OpenSSL will need to upgrade.
BACKWARDS INCOMPATIBLE: Support for LibreSSL 2.6.x has been removed.
Removed support for calling public_bytes() with no arguments, as per our deprecation policy. You must now pass encoding and format.
BACKWARDS INCOMPATIBLE: Reversed the order in which rfc4514_string() returns the RDNs as required by RFC 4514.
Added support for parsing single_extensions in an OCSP response.
NameAttribute values can now be empty strings.

Advisory ID	SUSE-SU-2022:2357-1
Released	Mon Jul 11 20:34:20 2022
Summary	Security update for python3
Type	security
Severity	important
References	1198511,CVE-2015-20107

Description:

This update for python3 fixes the following issues:

CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511).

Advisory ID	SUSE-RU-2022:2358-1
Released	Tue Jul 12 04:21:59 2022
Summary	Recommended update for augeas
Type	recommended
Severity	moderate
References	1197443

Description:

This update for augeas fixes the following issues:

Fix handling of keywords in new sysctl.conf (bsc#1197443)

Advisory ID	SUSE-SU-2022:2359-1
Released	Tue Jul 12 09:37:11 2022
Summary	Security update for squid
Type	security
Severity	important
References	1200907,CVE-2021-46784

Description:

This update for squid fixes the following issues:

CVE-2021-46784: Fixed DoS when processing gopher server responses. (bsc#1200907)

Update to 5.6: - Improve handling of Gopher responses
Changes in 5.5: - fixes regression Bug 5192: esi_parser default is incorrect - Bug 5177: clientca certificates sent to https_port clients - Bug 5090: Must(!request->pinnedConnection()) violation - Kid restart leads to persistent queue overflows, delays/timeouts

Advisory ID	SUSE-SU-2022:2360-1
Released	Tue Jul 12 12:01:39 2022
Summary	Security update for pcre2
Type	security
Severity	important
References	1199232,CVE-2022-1586

Description:

This update for pcre2 fixes the following issues:

CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232)

Advisory ID	SUSE-SU-2022:2361-1
Released	Tue Jul 12 12:05:01 2022
Summary	Security update for pcre
Type	security
Severity	important
References	1199232,CVE-2022-1586

Description:

This update for pcre fixes the following issues:

CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232)

Advisory ID	SUSE-RU-2022:2363-1
Released	Tue Jul 12 13:27:39 2022
Summary	Recommended update for rust1.59
Type	recommended
Severity	moderate
References	1196496

Description:

This update for rust1.59 fixes the following issues:

For building requires gcc by default to enable linking to work correctly (bsc#1196496)

Advisory ID	SUSE-RU-2022:2364-1
Released	Tue Jul 12 13:55:20 2022
Summary	Recommended update for mdadm
Type	recommended
Severity	moderate
References	1197158

Description:

This update for mdadm fixes the following issue:

Resource RAID failed during cluster patch, Mdadm gets floating point error (bsc#1197158)

Advisory ID	SUSE-SU-2022:2370-1
Released	Tue Jul 12 15:24:01 2022
Summary	Security update for xorg-x11-server
Type	security
Severity	important
References	1194179,1194181,1200076,574,CVE-2022-2319,CVE-2022-2320

Description:

This update for xorg-x11-server fixes the following issues:

CVE-2022-2319: Fixed out-of-bounds access in _CheckSetSections() (ZDI-CAN-16062) (bsc#1194179).
CVE-2022-2320: Fixed out-of-bounds access in CheckSetDeviceIndicators() (ZDI-CAN-16070) (bsc#1194181).
Fix Xserver crash on keyboard remapping (bsc#1200076)

Advisory ID	SUSE-SU-2022:2375-1
Released	Tue Jul 12 15:26:43 2022
Summary	Security update for xorg-x11-server
Type	security
Severity	important
References	1194179,1194181,CVE-2022-2319,CVE-2022-2320

Description:

This update for xorg-x11-server fixes the following issues:

CVE-2022-2319: Fixed out-of-bounds access in _CheckSetSections() (ZDI-CAN-16062) (bsc#1194179).
CVE-2022-2320: Fixed out-of-bounds access in CheckSetDeviceIndicators() (ZDI-CAN-16070) (bsc#1194181).

Advisory ID	SUSE-SU-2022:2378-1
Released	Wed Jul 13 10:27:03 2022
Summary	Security update for cifs-utils
Type	security
Severity	important
References	1197216,CVE-2022-27239

Description:

This update for cifs-utils fixes the following issues:

CVE-2022-27239: Fixed a buffer overflow in the command line ip option (bsc#1197216).

Advisory ID	SUSE-RU-2022:2386-1
Released	Wed Jul 13 14:48:19 2022
Summary	- Update in SLE-15 (bsc#1189411, bsc#1191482)
Type	recommended
Severity	important
References

Description:

This update for azure-cli, azurecli-core, python-azure-core, python-azure-batch, python-azure-mgmt-compute, python-azure-mgmt-containerregistry, python-azure-mgmt-databoxedge, python-azure-mgmt-network, python-azure-mgmt-security, python-azure-sdk, python-msrest, python-azure-ai-formrecognizer, python-azure-synapse-managedprivateendpoints, python-azure-synapse-monitoring, python-azure-template contains the following fixes:
Changes in azure-cli, azurecli-core: - Update in SLE-15. (bsc#1189411, bsc#1191482) - Fix regression in patch to disable update check. (bsc#1192671)

New upstream release 2.17.1:
For detailed information about changes see the HISTORY.rst file provided with this package

Changes in python-azure-core: - Update from 1.9.0 to 1.22.1. (bsc#1189411, bsc#1191482) For detailed information about changes see the CHANGELOG.md file provided with this package
Changes in python-azure-batch: - Update in SLE-15 (bsc#1189411, bsc#1191482)

New upstream release
Version 10.0.0
For detailed information about changes see the CHANGELOG.md file provided with this package

Only build Python3 flavors for distributions 15 and greater

Changes in python-azure-ai-formrecognizer: - Inclusion in SLE-15 .(bsc#1189411, bsc#1191482)
Changes in python-azure-mgmt-compute: - Update in SLE-15 (bsc#1189411, bsc#1191482)

New upstream release
Version 18.0.0
For detailed information about changes see the CHANGELOG.md file provided with this package

Version 17.0.0

Changes in python-azure-mgmt-containerregistry: - Update in SLE-15 (bsc#1189411, bsc#1191482)

New upstream release
Version 3.0.0rc16
For detailed information about changes see the CHANGELOG.md file provided with this package

Changes in python-azure-mgmt-databoxedge: - Update in SLE-15 (bsc#1189411, bsc#1191482)

New upstream release
Version 0.2.0
For detailed information about changes see the CHANGELOG.md file provided with this package
Rename HISTORY.rst to CHANGELOG.md in %files section
Rename README.rst to README.md in %files section
Changes in python-azure-mgmt-network: - Update in SLE-15 (bsc#1189411, bsc#1191482)

New upstream release
Version 17.0.0
For detailed information about changes see the CHANGELOG.md file provided with this package
Changes in python-azure-mgmt-security: - Update in SLE-15 (bsc#1189411, bsc#1191482)

New upstream release
Version 0.6.0
For detailed information about changes see the CHANGELOG.md file provided with this package

Changes in python-azure-synapse-managedprivateendpoints: - Inclusion in SLE-15 .(bsc#1189411, bsc#1191482)
Changes in python-azure-synapse-monitoring: - Inclusion in SLE-15 .(bsc#1189411, bsc#1191482)
Changes in python-azure-template: - Inclusion in SLE-15 .(bsc#1189411, bsc#1191482)
Changes in python-azure-sdk:
Update in SLE-15 (bsc#1189411, bsc#1191482)

Add python-azure-sdk (Python2) to Obsoletes
Add additional packages from the Azure SDK to Requires
python-azure-ai-formrecognizer
python-azure-synapse-managedprivateendpoints
python-azure-synapse-monitoring
python-azure-template
Remove all version constraints in Requires

Only build Python3 flavors for distributions 15 and greater Changes in python-msrest: - Update from 0.6.19 to 0.6.21. (bsc#1189411, bsc#1191482) For detailed information about changes see the CHANGELOG.md file provided with this package

Advisory ID	SUSE-RU-2022:2387-1
Released	Wed Jul 13 15:41:33 2022
Summary	Recommended update for rust, rust1.61
Type	recommended
Severity	moderate
References

Description:

This update for rust, rust1.61 fixes the following issues:
This updates ships rust1.61.
Version 1.61.0 (2022-05-19) ========================== Language --------

`const fn` signatures can now include generic trait bounds
`const fn` signatures can now use `impl Trait` in argument and return position
Function pointers can now be created, cast, and passed around in a `const fn`
Recursive calls can now set the value of a function's opaque `impl Trait` return type

Compiler --------

Linking modifier syntax in `#[link]` attributes and on the command line, as well as the `whole-archive` modifier specifically, are now supported
The `char` type is now described as UTF-32 in debuginfo
he [`#[target_feature]`][target_feature] attribute [can now be used with aarch64 features
X86 [`#[target_feature = 'adx']` is now stable

Libraries ---------

`ManuallyDrop` is now documented to have the same layout as `T`
`#[ignore = '…']` messages are printed when running tests
Consistently show absent stdio handles on Windows as NULL handles
Make `std::io::stdio::lock()` return `'static` handles. Previously, the creation of locked handles to stdin/stdout/stderr would borrow the handles being locked, which prevented writing `let out = std::io::stdout().lock();` because `out` would outlive the return value of `stdout()`. Such code now works, eliminating a common pitfall that affected many Rust users.
`Vec::from_raw_parts` is now less restrictive about its inputs
`std::thread::available_parallelism` now takes cgroup quotas into account. Since `available_parallelism` is often used to create a thread pool for parallel computation, which may be CPU-bound for performance, `available_parallelism` will return a value consistent with the ability to use that many threads continuously, if possible. For instance, in a container with 8 virtual CPUs but quotas only allowing for 50% usage, `available_parallelism` will return 4.

Stabilized APIs ---------------

`Pin::static_mut`
`Pin::static_ref`
`Vec::retain_mut`
`VecDeque::retain_mut`
`Write` for `Cursor<[u8; N]>`
`std::os::unix::net::SocketAddr::from_pathname`
`std::process::ExitCode` and `std::process::Termination`. The stabilization of these two APIs now makes it possible for programs to return errors from `main` with custom exit codes.
`std::thread::JoinHandle::is_finished`]

These APIs are now usable in const contexts:

`<*const T>::offset` and `<*mut T>::offset`
`<*const T>::wrapping_offset` and `<*mut T>::wrapping_offset`
`<*const T>::add` and `<*mut T>::add`
`<*const T>::sub` and `<*mut T>::sub`
`<*const T>::wrapping_add` and `<*mut T>::wrapping_add`
`<*const T>::wrapping_sub` and `<*mut T>::wrapping_sub`
`<[T]>::as_mut_ptr`
`<[T]>::as_ptr_range`
`<[T]>::as_mut_ptr_range`

Cargo -----
No feature changes, but see compatibility notes.
Compatibility Notes -------------------

Previously native static libraries were linked as `whole-archive` in some cases, but now rustc tries not to use `whole-archive` unless explicitly requested. This change may result in linking errors in some cases. To fix such errors, native libraries linked from the command line, build scripts, or [`#[link]` attributes][link-attr] need to - (more common) either be reordered to respect dependencies between them (if `a` depends on `b` then `a` should go first and `b` second) - (less common) or be updated to use the [`+whole-archive`] modifier.
Catching a second unwind from FFI code while cleaning up from a Rust panic now causes the process to abort
Proc macros no longer see `ident` matchers wrapped in groups
The number of `#` in `r#` raw string literals is now required to be less than 256
When checking that a dyn type satisfies a trait bound, supertrait bounds are now enforced
`cargo vendor` now only accepts one value for each `--sync` flag
`cfg` predicates in `all()` and `any()` are always evaluated to detect errors, instead of short-circuiting. The compatibility considerations here arise in nightly-only code that used the short-circuiting behavior of `all` to write something like `cfg(all(feature = 'nightly', syntax-requiring-nightly))`, which will now fail to compile. Instead, use either `cfg_attr(feature = 'nightly', ...)` or nested uses of `cfg`.
bootstrap: static-libstdcpp is now enabled by default, and can now be disabled when llvm-tools is enabled

Advisory ID	SUSE-feature-2022:2390-1
Released	Wed Jul 13 16:52:47 2022
Summary	Feature update for build, obs-scm-bridge, obs-service-tar_scm, osc
Type	feature
Severity	moderate
References	1197298,1197699,1198740,1200148

Description:

This feature update for build, obs-scm-bridge, obs-service-tar_scm, osc fixes the following issues:
Support the Multi Factor Authentication and the git based workflow. (jsc#SLE-24657, jsc#SLE-24652, jsc#SLE-24653)
Please, see the following details changes for more information.

Upgrade build from version 20210120 to 20220613 as obs-scm-bridge dependency (jsc#SLE-24657, jsc#SLE-24652, jsc#SLE-24653)

Stop building aarch64_ilp32 baselibs for aarch64
avod aio=io_uring for now on SLE15-SP4 workers
Update SLE 15 SP4 and Leap 15.4 build config (bsc#1198740)
Use aio=io_uring if available (bsc#1197699)
debian cross build support via multi-arch (obsoleting cbinstall remnants)
Tumbleweed config synced
documentation updates
rename --debug to --debuginfo to be more exact.
docu: add buildflags:ccachtype and OBS-DoNotAppendProfileToContainername
Use git+https instead of git-https as url schema
add oops=panic kernel parameter
Updated distribution configurations (esp. Leap 15.4 and Tumbleweed)
new preinstallimages are using zstd by default
source subdirectories are used in git managed sources
supporting kvm builds as non-root user
Extend stage selection support for rpm builds
various distribution config updates
Support 'BuildFlags: cumulaterpms' (was done only via suse_version before)
docker: * Add support for --root and --installroot global zypper options * improve registry handling * initial Dockerfile.dapper support * support 'curl' commands in docker builds * strip known domains from container name * support container alias names
pbuild: * add --debug option for building debuginfo packages * Use /.dockerenv as marker for docker environment * support privileged docker/nspawn mode * move --cap-add=SYS_ADMIN --cap-add=MKNOD to privileged mode * initvm: do not attempt to mount /proc and binfmt_misc handler if present * rename --hide-timestamps to --no-timestamps * reuse options from older builds * revised --single build mode * support ccache * Implement SCC calculation * Improve --shell-after-build and --single options * initial documentation of pbuild
Kiwi: * always append the profile name to kiwi container names * Add support for OBS-RemoteAsset and OBS-CopyToImage directives
container builds: * support newer podman versions * supporting multiple containers for multi-stage builds * FROM scratch build support
Other fixes: * Avoid shutdown of host when using nspawn * change sccache default size limit * speed up improvements in - vm shutdown - rpm preinstall - avoid calling external commands in a loop - using zstd for preinstallimages - no more unpacking progress indicators to avoid slowdown - virtio handling * fixed vm-type=qemu * multiple smaller bugfixes and speed improvements * Load selinux policy when using a preinstall image * Use the pax format for preinstall images if bsdtar is available * Add %riscv to std_macros * Fix combine_configs dropping newlines * epoch handling in debian builds * catch more cases where a failed build is marked as host error * fixing wrong status reporting when a job got killed * hugetlbfs handling fixes * try mounting selinuxfs in VM * Create the /sys dir when preinstalling (to satisfy dracut)
Features: * Add arm32 and loongarch definitions * Add compatibility code to initvm * Use upstream way of binfmt argv0 preservation (bsc#1197298) * Add template support for Build::SimpleJSON * download_assets: add --outdir --clean --show-dir-srcmd5 parameters support multiple --arch arguments * asset support for golang modules * add support for LXC 4. * new shortcuts for rpm building: --rpm-noprep, --rpm-build-in-place, --rpm-build-in-place-noprep for building directly from upstream git repositories without any tar ball. * mount securityfs if not mounted by kernel-obs-build * collect steal time during VM builds in statistics. * declare armv8 and armv7 compatible * support OBS Debuginfo build flag for Red Hat variants * setup rpmmacros for all build types and earlier * introducing --verbose option, currently only showing kernel messages. * support cpio creation for special files * handle QEMU >= 6.0 on POWER9 * deb zstd support (for Ubuntu 21.10) * support KVM builds with enabled network * modulemd support improvements * Support a 'Distmacro' directive for recipe parser-only macros * initial config for Leap 15.4 * Unify ccache and sccache handling * Fix unpacking of deb/arch archives without bsdtar * cross architecture build support (for rpm and kiwi) * modulemd meta data support * supporting external asset stores for source files * support multiple post build checks placed in the directory: /usr/lib/build/post-build-checks/ * sccache support * New --shell-after-fail option * allow to disable squashfs in SimpleImage * supporting aarch64 kernel on armv?l distributions * Supporting URL's in Flatpak manifests

Provide obs-scm-bridge on version 0.2: (jsc#SLE-24657, jsc#SLE-24652, jsc#SLE-24653) * no shallow clone when used with osc * support for LFS fetch * Fixes for _config file export and path handling * Fix a traceback when a project or a package is managed in scm, print a warning instead.
Update osc from version 0.172.0 to 0.179.0 (jsc#SLE-24657, jsc#SLE-24652, jsc#SLE-24653)

0.179.0 - signature (ssh key) authetication fixes (RSA key support, skip binary files) - commandline: handle calls without arguments gracefully - use percent-quoted url for download url generation - osc co/up: highlight pending requests' header - get_results(): fix check for empty details - another exception for github URLs for 'osc add' - update Sphinx configuration, documentation fixes - make Sphinx optional in setup.py not to break package builds - support flavors in aggregatepac - check if repos provided to aggregatepac command exist - several coding style fixes
0.178.0 - EXPERIMENTAL: git repository handling * init command is working inside of a git repository * downloadassets command fetches references assets from build description * checkout is cloning from git - EXPERIMENTAL: signature (ssh key) authetication * allow to configure 'sshkey' option in the config * try to guess ssh key from the keys added to ssh-agent * rename OscHTTPBasicAuthHandler to OscHTTPAuthHandler * simplify bad auth retry workaround needed for old python versions - add support for building preinstall images - add support for building Helm charts - show the md5s that are failing to validate after fetching a package - add missing space to copypac completion - never require login in the help command - linkdiff: raise an exception when an added file is missing - run tests via calling 'setup.py test' - several coding style fixes
spec file: - run tests via calling 'setup.py test' - disabled tests in debian.rules
0.177.0 * switch to python3 in osc-wrapper and make python3 explicit * allow formatting of the sccache uri * show repository state and details * a few minor fixes and improvements in credentials handling * order credential managers by priority * kernel keyring is now supported as credential manager * support regex based name filtering in core.get_prj_results() * revision parsing parseRevisionOption(): cleanup and make logic consistent * use sr_ids[0] for superseding (fixes issues with superseding requests containing many packages * download logs and metadata in subdirs named by packages when osc getbinaries is issued on project level or in multibuild case
spec file: * recommed python-keyring-keyutils for new kernel keyring backend
0.176.0 * add -F option to osc submitreq * add --verbose option to build command * fix getbinaries command to fetch also multibuild packages * fix getbinaries -M/--multibuild-package option usage * skip fetching metadata and logs in the getbinaries command * do not download a bdep with a hdrmd5 from the api by default * re-download file from API when hdrmd5 doesn't match * honor --download-api-only option * remove Windows from the supported operating systems * fix license in setup.py * add py3.10 and py3.11 to the classifiers in setup.py * use the latest version of COPYING file from gnu.org * fix crash on terminal resize during download * do not fail with a traceback in case of a config error * preserve oscrc symlink when writing conf file * escape % character in binary download URLs * fix printing paths to built debian packages
0.175.1: * Modified SPEC file to be more compatible with KOJI and COPR. ** Modified SPEC file to use python3 for CentOS/RHEL 7 ** Modified SPEC file use fedora/rhel version macros. ** Changed perl to sed in %install section of SPEC file.
0.175.0: * do not crash when running 'osc search --binary --verbose foo' * don't run source services when building outside of an OSC package working copy * fix XDG_CONFIG_HOME * offer a force ('f') choice in metafile.edit's error handling code path * fix XPath used in search requests * add support for creating a workflow token via 'osc token' * handle missing os.sysconf more gracefully * detachbranch: remove _link when link target got removed * improve error message in case of an URLError * fix downloading from mirrors * avoid sending entire projects on 'osc mr' * fix hdmrd5 check of local cached files * improve logic for conffile mode handling
0.174.0: * fix password deletion via 'osc config -d pass' * support changing the password store via 'osc config --select-password-store') * support slash syntax in osc browse ('osc browse prj/pkg' is equivalent to 'osc browse prj pkg') * fix the commit of a frozen package wc * fix local product builds using obsrepositories:/ directives * print a meaningful message when trying to a commit a non-existent package
force Mageia >= 8 builds to python3; python2 is deprecated in Mageia 8 and up.
0.173.0: * add showlinked command to show all references of packages linking to a given one * add build --shell-after-build flag. It can also be set via .oscrc. * add build --stage flag. Useful for example for fixing file lists and just running the install section to see the result of it (use --stage=i=). Check the help for more details. * allow to run build script as non-root, by setting su-wrapper empty => osc is not guessing anymore if user builds are wanted * add support for cross arch local build using a sysroot * support slash notation in 'osc creq -a args' * add '--force' option to the 'osc add' command (can be used to override the exclude_glob config option) * support the commit of arbitrary sized files * add support for sccache
Install macros.osc to %{_rpmmacrodir}, not to /etc/rpm.

Update obs-service-tar_scm from version 0.10.22.1615538418.07a353d to version 0.10.30.1641990734.bdad8f9 (bsc#1200148)

Update to version 0.10.30.1641990734.bdad8f9: * fixes for python2.7 compatibility * fix test cases * fix various linter problems with pylint 2.11.1 * disable consider-using-f-string in pylint * added TC for _stash_pop_required * assertTarIsDeeply now more verbose in case of failure * remove tearDown/Trace from testenv.py * fix regression to keep local changes when running in osc * various fixes to make linter happy * fix tests for python 2.7
Update to version 0.10.29.1634038025.85bfc3f: * fix test cases * fix various linter problems with pylint 2.11.1 * disable consider-using-f-string in pylint * added TC for _stash_pop_required * assertTarIsDeeply now more verbose in case of failure * remove tearDown/Trace from testenv.py * fix regression to keep local changes when running in osc
Update to version 0.10.28.1632141620.a8837d3: * fix missing 'checkout' when running in osc * fix breakage on version detection * change locale
Update to version 0.10.27.1626072657.0fb7a03: * [ci] enhanced github actions for multiple python versions * Create main.yml * Change date format from short to %Y%m%d.
Update to version 0.10.26.1624258505.aed4969: * almalinux in spec file * fix include filters for obscpio files * fix python interpreter for mageia 8 * TarScm: use owner/group root in .obscpio files
Update to version 0.10.26.1623775884.87f49a8: * fixed include/exclude filtering * add '--' to git log command if file/dir equal revision exists * add '--source' to git log command * disabled consider-using-with in .pylint*rc * package .gitignore files * Fix version _none_ generate tarball with '-' * Prevent KeyError in check_for_branch_request method * removed skipped test case (obsolete since 5 yrs) * testing for obscpio/obsinfo * fix regression - obsinfo included the version string * Revert 'remove useless variables' * remove useless variables * added param --without-version * extracted dstname to _dstname * cleanup TarSCM/tasks.py for pylint * add date/time to logging output for better debugging * Fix typos

Advisory ID	SUSE-SU-2022:2395-1
Released	Thu Jul 14 10:21:26 2022
Summary	Security update for virglrenderer
Type	security
Severity	important
References	1195389,CVE-2022-0135

Description:

This update for virglrenderer fixes the following issues:

CVE-2022-0135: Fix OOB in read_transfer_data. (bsc#1195389)

Advisory ID	SUSE-SU-2022:2396-1
Released	Thu Jul 14 11:57:58 2022
Summary	Security update for logrotate
Type	security
Severity	important
References	1192449,1199652,1200278,1200802,CVE-2022-1348

Description:

This update for logrotate fixes the following issues:
Security issues fixed:

CVE-2022-1348: Fixed insecure permissions for state file creation (bsc#1199652).
Improved coredump handing for SUID binaries (bsc#1192449).

Non-security issues fixed:

Fixed 'logrotate emits unintended warning: keyword size not properly separated, found 0x3d' (bsc#1200278, bsc#1200802).

Advisory ID	SUSE-RU-2022:2399-1
Released	Thu Jul 14 15:47:55 2022
Summary	Recommended update for scap-security-guide
Type	recommended
Severity	moderate
References

Description:

This update for scap-security-guide fixes the following issues:
ComplianceAsCode was updated to 0.1.62 (jsc#ECO-3319):

Update rhel8 stig to v1r6
OL7 STIG v2r7 update
Initial definition of ANSSI BP28 minmal profile for SUSE Linux Enterprise

Advisory ID	SUSE-SU-2022:2400-1
Released	Thu Jul 14 16:56:39 2022
Summary	Security update for oracleasm
Type	security
Severity	important
References	1198581

Description:

This update of oracleasm fixes the following issue:

rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581)

Advisory ID	SUSE-SU-2022:2402-1
Released	Thu Jul 14 16:58:22 2022
Summary	Security update for python-PyJWT
Type	security
Severity	important
References	1199756,CVE-2022-29217

Description:

This update for python-PyJWT fixes the following issues:

CVE-2022-29217: Fixed key confusion through non-blocklisted public key format (bsc#1199756).

Advisory ID	SUSE-RU-2022:2406-1
Released	Fri Jul 15 11:49:01 2022
Summary	Recommended update for glibc
Type	recommended
Severity	moderate
References	1197718,1199140,1200334,1200855

Description:

This update for glibc fixes the following issues:

powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334)
Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718)
i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718)
rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051)

This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit).

Advisory ID	SUSE-RU-2022:2421-1
Released	Fri Jul 15 17:37:05 2022
Summary	Recommended update for release-notes-sles-for-sap
Type	recommended
Severity	low
References	1200271,1201315

Description:

This update for release-notes-sles-for-sap fixes the following issues:

Trento is fully supported remove it from tech preview section. (bsc#1201315)
Added note about provider hook scripts. (bsc#1200271)

Advisory ID	SUSE-RU-2022:2426-1
Released	Mon Jul 18 09:27:51 2022
Summary	Recommended update for rsyslog
Type	recommended
Severity	moderate
References	1198939

Description:

This update for rsyslog fixes the following issues:

Remove inotify watch descriptor in imfile on inode change detected (bsc#1198939)

Advisory ID	SUSE-RU-2022:2447-1
Released	Wed Jul 20 05:15:27 2022
Summary	Recommended update for virt-manager
Type	recommended
Severity	important
References	1196806,1200422,1200691

Description:

This update for virt-manager fixes the following issues:

Add support for AMD Secure Encrypted Virtualization-Encrypted State (SEV-ES) (bsc#1196806, jsc#SLE-18732)
Add firmware features to description tooltip when mouse hovers over the selected firmware file
SLES 15 SP4 GMC --os-variant tag shouldn't be mandatory on s390x (bsc#1200691, bsc#1200422)
Make package xorriso a required dependency

Advisory ID	SUSE-SU-2022:2448-1
Released	Wed Jul 20 10:15:30 2022
Summary	Security update for dovecot23
Type	security
Severity	important
References	1201267,CVE-2022-30550

Description:

This update for dovecot23 fixes the following issues:

CVE-2022-30550: Fixed privilege escalation in dovecot when similar master and non-master passdbs are used (bsc#1201267).

Advisory ID	SUSE-RU-2022:2454-1
Released	Wed Jul 20 15:28:09 2022
Summary	Recommended update for SAPHanaSR
Type	recommended
Severity	important
References	1198780,1198897

Description:

This update for SAPHanaSR fixes the following issues:

Version bump to 0.160.1
fix HANA_CALL function to support MCOS environments again (bsc#1198780)
fix SAPHanaSR-replay-archive to handle hb_report archives again (bsc#1198897)
add HANA_CALL_TIMEOUT parameter back to the resource agents and read the setting from the cluster configuration, if available. Defaults to '60'. Related to github issue#36
add new HA/DR provider hook susTkOver (jsc#SLE-16347)
add new hook script for SAP HANA System Replication Scale-Up Cost Optimized Scenario. (jsc#SLE-18613)
add a new instance parameter 'REMOVE_SAP_SOCKETS'. It is an optional parameter and defaults to 'true'. Now you can control, if the RA should remove the unix domain sockets related to sapstartsrv before (re-)start sapstartsrv or if it should try to adjust the permissions and ownership of these files instead.

Advisory ID	SUSE-RU-2022:2456-1
Released	Wed Jul 20 15:29:59 2022
Summary	Recommended update for cloud-regionsrv-client
Type	recommended
Severity	moderate
References	1199668

Description:

This update for cloud-regionsrv-client fixes the following issues:

Update to version 10.0.4 (bsc#1199668) - Store the update server certs in the '/etc' path instead of '/usr' to accomodate read only setup of SLE-Micro

Advisory ID	SUSE-RU-2022:2458-1
Released	Wed Jul 20 16:15:15 2022
Summary	Recommended update for regionServiceClientConfigEC2
Type	recommended
Severity	moderate
References	1199668

Description:

This update for regionServiceClientConfigEC2 fixes the following issues:

Update to version 4.0.0 (bsc#1199668) - Move cert location to usr form var to accomodate ro filesystem of SLE-Micro - Fix source location in spec file

Advisory ID	SUSE-RU-2022:2459-1
Released	Wed Jul 20 16:16:13 2022
Summary	Recommended update for regionServiceClientConfigGCE
Type	recommended
Severity	moderate
References	1199668

Description:

This update for regionServiceClientConfigGCE fixes the following issues:

Update to version 4.0.0 (bsc#1199668) - Move the cert location to /usr for compatibility with ro setup of SLE-Micro - Fix url in spec file to pint to the proper location of the source

Advisory ID	SUSE-RU-2022:2469-1
Released	Thu Jul 21 04:38:31 2022
Summary	Recommended update for systemd
Type	recommended
Severity	important
References	1137373,1181658,1194708,1195157,1197570,1198732,1200170,1201276

Description:

This update for systemd fixes the following issues:

Make {/etc,/usr/lib}/systemd/network owned by both udev and systemd-network. The configuration files put in these directories are read by both udevd and systemd-networkd (bsc#1201276)
Allow control characters in environment variable values (bsc#1200170)
Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570)
Fix parsing error in s390 udev rules conversion script (bsc#1198732)
core/device: device_coldplug(): don't set DEVICE_DEAD
core/device: do not downgrade device state if it is already enumerated
core/device: drop unnecessary condition

Advisory ID	SUSE-RU-2022:2473-1
Released	Thu Jul 21 09:21:30 2022
Summary	Recommended update for firewalld
Type	recommended
Severity	moderate
References	1198814

Description:

This update for firewalld fixes the following issues:

Fix regression introduced in previous patch (an api change to a function also needed backporting) (bsc#1198814)

Advisory ID	SUSE-RU-2022:2490-1
Released	Thu Jul 21 14:33:55 2022
Summary	Recommended update for release-notes-sles
Type	recommended
Severity	important
References	1197001,1198415,1200070,1200422,1200669,1200927,933411

Description:

This update for release-notes-sles fixes the following issues:
Update the release notes to version 15.4.20220714 (bsc#933411)

Provided information on a solution for a qemu error (bsc#1200422)
Provided information about improved AES-GCM performance (jsc#SLE-18132)
Provided information about iotop (bsc#1200669)
Updated information to include product version (bsc#1200927)
Provided information about removing driver versions from modinfo (bsc#1200070)
Updated information on LPM and DPAR (bsc#1198415)
Provided information on the libmodman removal (jsc#SLE-20923)
Provided information on the removal of pam_ldap and nss_ldap (jsc#SLE-11448)
Provided information about virt-manager SEV detection (jsc#SLE-14424)
Provided information about NFS readahead size reduction (bsc#1197001)

Advisory ID	SUSE-SU-2022:2491-1
Released	Thu Jul 21 14:34:35 2022
Summary	Security update for nodejs16
Type	security
Severity	important
References	1201325,1201326,1201327,1201328,CVE-2022-32212,CVE-2022-32213,CVE-2022-32214,CVE-2022-32215

Description:

This update for nodejs16 fixes the following issues:

CVE-2022-32212: Fixed DNS rebinding in --inspect via invalid IP addresses (bsc#1201328).
CVE-2022-32213: Fixed HTTP request smuggling due to flawed parsing of Transfer-Encoding (bsc#1201325).
CVE-2022-32214: Fixed HTTP request smuggling due to improper delimiting of header fields (bsc#1201326).
CVE-2022-32215: Fixed HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding (bsc#1201327).

Advisory ID	SUSE-RU-2022:2493-1
Released	Thu Jul 21 14:35:08 2022
Summary	Recommended update for rpm-config-SUSE
Type	recommended
Severity	moderate
References	1193282

Description:

This update for rpm-config-SUSE fixes the following issues:

Add SBAT values macros for other packages (bsc#1193282)

Advisory ID	SUSE-RU-2022:2494-1
Released	Thu Jul 21 15:16:42 2022
Summary	Recommended update for glibc
Type	recommended
Severity	important
References	1200855,1201560,1201640

Description:

This update for glibc fixes the following issues:

Remove tunables from static tls surplus patch which caused crashes (bsc#1200855)
i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788)

Advisory ID	SUSE-SU-2022:2517-1
Released	Thu Jul 21 17:37:31 2022
Summary	Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP4)
Type	security
Severity	important
References	1199697,1200059,1200608,CVE-2022-1729,CVE-2022-20154,CVE-2022-21499

Description:

This update for the Linux Kernel 5.14.21-150400_22 fixes several issues.
The following security issues were fixed:

CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599).
CVE-2022-21499: Reinforced the kernel lockdown feature, until now it's been trivial to break out of it with kgdb or kdb (bsc#1199426).
CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507).

Advisory ID	SUSE-SU-2022:2520-1
Released	Thu Jul 21 18:34:49 2022
Summary	Security update for the Linux Kernel
Type	security
Severity	important
References	1055117,1061840,1065729,1071995,1089644,1103269,1118212,1121726,1137728,1156395,1157038,1157923,1175667,1179439,1179639,1180814,1183682,1183872,1184318,1184924,1187716,1188885,1189998,1190137,1190208,1190336,1190497,1190768,1190786,1190812,1191271,1191663,1192483,1193064,1193277,1193289,1193431,1193556,1193629,1193640,1193787,1193823,1193852,1194086,1194111,1194191,1194409,1194501,1194523,1194526,1194583,1194585,1194586,1194625,1194765,1194826,1194869,1195099,1195287,1195478,1195482,1195504,1195651,1195668,1195669,1195775,1195823,1195826,1195913,1195915,1195926,1195944,1195957,1195987,1196079,1196114,1196130,1196213,1196306,1196367,1196400,1196426,1196478,1196514,1196570,1196723,1196779,1196830,1196836,1196866,1196868,1196869,1196901,1196930,1196942,1196960,1197016,1197157,1197227,1197243,1197292,1197302,1197303,1197304,1197362,1197386,1197501,1197601,1197661,1197675,1197761,1197817,1197819,1197820,1197888,1197889,1197894,1197915,1197917,1197918,1197920,1197921,1197922,1197926,1198009,1198010,1198012,1198013,1198014,1198015,1198016,1198017,1198018,1198019,1198020,1198021,1198022,1198023,1198024,1198027,1198030,1198034,1198058,1198217,1198379,1198400,1198402,1198410,1198412,1198413,1198438,1198484,1198577,1198585,1198660,1198802,1198803,1198806,1198811,1198826,1198829,1198835,1198968,1198971,1199011,1199024,1199035,1199046,1199052,1199063,1199163,1199173,1199260,1199314,1199390,1199426,1199433,1199439,1199482,1199487,1199505,1199507,1199605,1199611,1199626,1199631,1199650,1199657,1199674,1199736,1199793,1199839,1199875,1199909,1200015,1200019,1200045,1200046,1200144,1200205,1200211,1200259,1200263,1200284,1200315,1200343,1200420,1200442,1200475,1200502,1200567,1200569,1200571,1200599,1200600,1200608,1200611,1200619,1200692,1200762,1200763,1200806,1200807,1200808,1200809,1200810,1200812,1200813,1200815,1200816,1200820,1200821,1200822,1200824,1200825,1200827,1200828,1200829,1200830,1200845,1200882,1200925,1201050,1201080,1201160,1201171,1201177,1201193,1201196,1201218,1201222,1201228,1201251,1201381,1201471,1201524,CVE-2021-26341,CVE-2021-33061,CVE-2021-4204,CVE-2021-44879,CVE-2021-45402,CVE-2022-0264,CVE-2022-0494,CVE-2022-0617,CVE-2022-1012,CVE-2022-1016,CVE-2022-1184,CVE-2022-1198,CVE-2022-1205,CVE-2022-1462,CVE-2022-1508,CVE-2022-1651,CVE-2022-1652,CVE-2022-1671,CVE-2022-1679,CVE-2022-1729,CVE-2022-1734,CVE-2022-1789,CVE-2022-1852,CVE-2022-1966,CVE-2022-1972,CVE-2022-1974,CVE-2022-1998,CVE-2022-20132,CVE-2022-20154,CVE-2022-21123,CVE-2022-21125,CVE-2022-21127,CVE-2022-21166,CVE-2022-21180,CVE-2022-21499,CVE-2022-2318,CVE-2022-23222,CVE-2022-26365,CVE-2022-26490,CVE-2022-29582,CVE-2022-29900,CVE-2022-29901,CVE-2022-30594,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742,CVE-2022-33743,CVE-2022-33981,CVE-2022-34918

Description:

The SUSE Linux Enterprise 15 SP4 kernel was updated.
The following security bugs were fixed:

CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657).
CVE-2022-34918: Fixed a buffer overflow with nft_set_elem_init() that could be used by a local attacker to escalate privileges (bnc#1201171).
CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050).
CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599).
CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer handler in net/rose/rose_timer.c that allow attackers to crash the system without any privileges (bsc#1201251).
CVE-2022-1462: Fixed an out-of-bounds read flaw in the TeleTYpe subsystem (bnc#1198829).
CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762).
CVE-2022-33743: Fixed a Denial of Service related to XDP (bsc#1200763).
CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bnc#1199487).
CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bnc#1200619).
CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692)
CVE-2022-1012: Fixed information leak caused by small table perturb size in the TCP source port generation algorithm (bsc#1199482).
CVE-2022-1998: Fixed a use after free in the file system notify functionality (bnc#1200284).
CVE-2022-1966: Fixed a use-after-free vulnerability in the Netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue. (bnc#1200015)
CVE-2022-1852: Fixed a null-ptr-deref in the kvm module which can lead to DoS. (bsc#1199875)
CVE-2022-1789: Fixed a NULL pointer dereference when shadow paging is enabled. (bnc#1199674)
CVE-2022-1508: Fixed an out-of-bounds read flaw that could cause the system to crash. (bsc#1198968)
CVE-2022-1671: Fixed a null-ptr-deref bugs in net/rxrpc/server_key.c, unprivileged users could easily trigger it via ioctl. (bsc#1199439)
CVE-2022-1651: Fixed a bug in ACRN Device Model emulates virtual NICs in VM. This flaw may allow a local privileged attacker to leak kernel unauthorized information and also cause a denial of service problem. (bsc#1199433)
CVE-2022-29582: Fixed a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race condition perhaps can only be exploited infrequently. (bnc#1198811)
CVE-2022-0494: Fixed a kernel information leak flaw in the scsi_ioctl function. This flaw allowed a local attacker with a special user privilege to create issues with confidentiality. (bnc#1197386)
CVE-2021-4204: Fixed a vulnerability that allows local attackers to escalate privileges on affected installations via ebpf. (bnc#1194111)
CVE-2022-23222: Fixed a bug that allowed local users to gain privileges. (bnc#1194765)
CVE-2022-0264: Fixed a vulnerability in the Linux kernel's eBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel. (bnc#1194826)
CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197227)
CVE-2022-1205: Fixed null pointer dereference and use-after-free vulnerabilities that allow an attacker to crash the linux kernel by simulating Amateur Radio. (bsc#1198027)
CVE-2022-1198: Fixed an use-after-free vulnerability that allow an attacker to crash the linux kernel by simulating Amateur Radio (bsc#1198030).
CVE-2022-1972: Fixed a buffer overflow in nftable that could lead to privilege escalation. (bsc#1200019)
CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507).
CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063).
CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505).
CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426).
CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144)
CVE-2022-21499: Reinforce the kernel lockdown feature, until now it's been trivial to break out of it with kgdb or kdb. (bsc#1199426)
CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when mounting and operating on a corrupted image. (bsc#1198577)
CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605)
CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987).
CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079)
CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could crash the system or corrupt the system memory. (bsc#1196830)
CVE-2021-45402: The check_alu_op function in kernel/bpf/verifier.c did not properly update bounds while handling the mov32 instruction, which allowed local users to obtain potentially sensitive address information (bsc#1196130).

The following non-security bugs were fixed:

ACPI: APEI: fix return value of __setup handlers (git-fixes).
ACPI/APEI: Limit printable size of BERT table data (git-fixes).
ACPI: battery: Add device HID and quirk for Microsoft Surface Go 3 (git-fixes).
ACPI: bus: Avoid using CPPC if not supported by firmware (bsc#1199793).
ACPICA: Avoid cache flush inside virtual machines (git-fixes).
ACPICA: Avoid walking the ACPI Namespace if it is not there (git-fixes).
ACPI: CPPC: Assume no transition latency if no PCCT (git-fixes).
ACPI: CPPC: Avoid out of bounds access when parsing _CPC data (git-fixes).
ACPI: docs: enumeration: Amend PWM enumeration ASL example (git-fixes).
ACPI: docs: enumeration: Discourage to use custom _DSM methods (git-fixes).
ACPI: docs: enumeration: Remove redundant .owner assignment (git-fixes).
ACPI: docs: enumeration: Update UART serial bus resource documentation (git-fixes).
ACPI/IORT: Check node revision for PMCG resources (git-fixes).
ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default (git-fixes).
ACPI: PM: Revert 'Only mark EC GPE for wakeup on Intel systems' (git-fixes).
ACPI: PM: s2idle: Cancel wakeup before dispatching EC GPE (git-fixes).
ACPI: processor idle: Allow playing dead in C3 state (git-fixes).
ACPI: processor: idle: Avoid falling back to C3 type C-states (git-fixes).
ACPI: processor idle: Check for architectural support for LPI (git-fixes).
ACPI: processor: idle: fix lockup regression on 32-bit ThinkPad T40 (git-fixes).
ACPI: properties: Consistently return -ENOENT if there are no more references (git-fixes).
ACPI: property: Release subnode properties with data nodes (git-fixes).
ACPI: sysfs: Fix BERT error region memory mapping (git-fixes).
ACPI: video: Change how we determine if brightness key-presses are handled (git-fixes).
ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU (git-fixes).
ACPI / x86: Work around broken XSDT on Advantech DAC-BJ01 board (git-fixes).
af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register (git-fixes).
aio: Fix incorrect usage of eventfd_signal_allowed() (git-fixes).
ALSA: cmipci: Restore aux vol on suspend/resume (git-fixes).
ALSA: core: Add snd_card_free_on_error() helper (git-fixes).
ALSA: cs4236: fix an incorrect NULL check on list iterator (git-fixes).
ALSA: ctxfi: Add SB046x PCI ID (git-fixes).
ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction (git-fixes).
ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes (git-fixes).
ALSA: hda: Add AlderLake-PS variant PCI ID (git-fixes).
ALSA: hda: Add PCI and HDMI IDs for Intel Raptor Lake (git-fixes).
ALSA: hda: Avoid unsol event during RPM suspending (git-fixes).
ALSA: hda/conexant - Fix loopback issue with CX20632 (git-fixes).
ALSA: hda/conexant: Fix missing beep setup (git-fixes).
ALSA: hda: Fix discovery of i915 graphics PCI device (bsc#1200611).
ALSA: hda: Fix driver index handling at re-binding (git-fixes).
ALSA: hda: Fix missing codec probe on Shenker Dock 15 (git-fixes).
ALSA: hda: Fix regression on forced probe mask option (git-fixes).
ALSA: hda: Fix signedness of sscanf() arguments (git-fixes).
ALSA: hda - fix unused Realtek function when PM is not enabled (git-fixes).
ALSA: hda/hdmi: fix warning about PCM count when used with SOF (git-fixes).
ALSA: hda/i915: Fix one too many pci_dev_put() (git-fixes).
ALSA: hda/i915 - skip acomp init if no matching display (git-fixes).
ALSA: hda: intel-dspcfg: use SOF for UpExtreme and UpExtreme11 boards (git-fixes).
ALSA: hda: intel-dsp-config: update AlderLake PCI IDs (git-fixes).
ALSA: hda: intel-nhlt: remove use of __func__ in dev_dbg (git-fixes).
ALSA: hda/realtek: Add alc256-samsung-headphone fixup (git-fixes).
ALSA: hda/realtek - Add HW8326 support (git-fixes).
ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220 quirks (git-fixes).
ALSA: hda/realtek: Add mute LED quirk for HP Omen laptop (git-fixes).
ALSA: hda/realtek - Add new type for ALC245 (git-fixes).
ALSA: hda/realtek: Add quirk for ASUS GA402 (git-fixes).
ALSA: hda/realtek: Add quirk for ASUS GU603 (git-fixes).
ALSA: hda/realtek: Add quirk for Clevo NP50PNJ (git-fixes).
ALSA: hda/realtek: Add quirk for Clevo NP70PNJ (git-fixes).
ALSA: hda/realtek: Add quirk for Clevo NP70PNP (git-fixes).
ALSA: hda/realtek: Add quirk for Clevo NS50PU (git-fixes).
ALSA: hda/realtek: Add quirk for Clevo PD50PNT (git-fixes).
ALSA: hda/realtek: Add quirk for Clevo PD70PNT (git-fixes).
ALSA: hda/realtek: Add quirk for Dell Latitude 7520 (git-fixes).
ALSA: hda/realtek: Add quirk for HP Dev One (git-fixes).
ALSA: hda/realtek: Add quirk for Legion Y9000X 2019 (git-fixes).
ALSA: hda/realtek: add quirk for Lenovo Thinkpad X12 speakers (git-fixes).
ALSA: hda/realtek: Add quirk for the Framework Laptop (git-fixes).
ALSA: hda/realtek: Add quirk for TongFang devices with pop noise (git-fixes).
ALSA: hda/realtek: Add quirk for Yoga Duet 7 13ITL6 speakers (git-fixes).
ALSA: hda/realtek - ALC897 headset MIC no sound (git-fixes).
ALSA: hda/realtek: Apply fixup for Lenovo Yoga Duet 7 properly (git-fixes).
ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9520 laptop (git-fixes).
ALSA: hda/realtek: Enable headset mic on Lenovo P360 (git-fixes).
ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020 (git-fixes).
ALSA: hda/realtek: Fix deadlock by COEF mutex (bsc#1195913).
ALSA: hda/realtek: Fix for quirk to enable speaker output on the Lenovo Yoga DuetITL 2021 (git-fixes).
ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (git-fixes).
ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS (git-fixes).
ALSA: hda: realtek: Fix race at concurrent COEF updates (git-fixes).
ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine (git-fixes).
ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machines (git-fixes).
ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after reboot from Windows (git-fixes).
ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer chipset) (git-fixes).
ALSA: hda: Set max DMA segment size (git-fixes).
ALSA: hda: Skip codec shutdown in case the codec is not registered (git-fixes).
ALSA: hda/via: Fix missing beep setup (git-fixes).
ALSA: intel_hdmi: Fix reference to PCM buffer address (git-fixes).
ALSA: memalloc: Fix dma_need_sync() checks (bsc#1195913).
ALSA: memalloc: invalidate SG pages before sync (bsc#1195913).
ALSA: oss: Fix PCM OSS buffer allocation overflow (git-fixes).
ALSA: pci: fix reading of swapped values from pcmreg in AC97 codec (git-fixes).
ALSA: pcm: Add stream lock during PCM reset ioctl operations (git-fixes).
ALSA: pcm: Check for null pointer of pointer substream before dereferencing it (git-fixes).
ALSA: pcm: Fix races among concurrent hw_params and hw_free calls (git-fixes).
ALSA: pcm: Fix races among concurrent prealloc proc writes (git-fixes).
ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls (git-fixes).
ALSA: pcm: Fix races among concurrent read/write and buffer changes (git-fixes).
ALSA: pcm: Test for 'silence' field in struct 'pcm_format_data' (git-fixes).
ALSA: spi: Add check for clk_enable() (git-fixes).
ALSA: usb-audio: add mapping for MSI MAG X570S Torpedo MAX (git-fixes).
ALSA: usb-audio: add mapping for new Corsair Virtuoso SE (git-fixes).
ALSA: usb-audio: Add missing ep_idx in fixed EP quirks (git-fixes).
ALSA: usb-audio: Add mute TLV for playback volumes on RODE NT-USB (git-fixes).
ALSA: usb-audio: Add quirk bits for enabling/disabling generic implicit fb (git-fixes).
ALSA: usb-audio: Cancel pending work at closing a MIDI substream (git-fixes).
ALSA: usb-audio: Cap upper limits of buffer/period bytes for implicit fb (git-fixes).
ALSA: usb-audio: Clear MIDI port active flag after draining (git-fixes).
ALSA: usb-audio: Configure sync endpoints before data (git-fixes).
ALSA: usb-audio: Correct quirk for VF0770 (git-fixes).
ALSA: usb-audio: Do not abort resume upon errors (bsc#1195913).
ALSA: usb-audio: Do not get sample rate for MCT Trigger 5 USB-to-HDMI (git-fixes).
ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant (git-fixes).
ALSA: usb-audio: Increase max buffer size (git-fixes).
ALSA: usb-audio: initialize variables that could ignore errors (git-fixes).
ALSA: usb-audio: Limit max buffer and period sizes per time (git-fixes).
ALSA: usb-audio: Move generic implicit fb quirk entries into quirks.c (git-fixes).
ALSA: usb-audio: Optimize TEAC clock quirk (git-fixes).
ALSA: usb-audio: Restore Rane SL-1 quirk (git-fixes).
ALSA: usb-audio: revert to IMPLICIT_FB_FIXED_DEV for M-Audio FastTrack Ultra (git-fixes).
ALSA: usb-audio: Set up (implicit) sync for Saffire 6 (git-fixes).
ALSA: usb-audio: Skip generic sync EP parse for secondary EP (git-fixes).
ALSA: usb-audio: US16x08: Move overflow check before array access (git-fixes).
ALSA: usb-audio: Workaround for clock setup on TEAC devices (git-fixes).
ALSA: wavefront: Proper check of get_user() error (git-fixes).
ALSA: x86: intel_hdmi_audio: enable pm_runtime and set autosuspend delay (git-fixes).
ALSA: x86: intel_hdmi_audio: use pm_runtime_resume_and_get() (git-fixes).
alx: acquire mutex for alx_reinit in alx_change_mtu (git-fixes).
amd/display: set backlight only if required (git-fixes).
arch/arm64: Fix topology initialization for core scheduling (git-fixes).
arm64: Add Cortex-A510 CPU part definition (git-fixes).
arm64: Add part number for Arm Cortex-A78AE (git-fixes).
arm64: Add support for user sub-page fault probing (git-fixes)
arm64: alternatives: mark patch_alternative() as `noinstr` (git-fixes).
arm64: avoid fixmap race condition when create pud mapping (git-fixes).
arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall (git-fixes).
arm64: Correct wrong label in macro __init_el2_gicv3 (git-fixes).
arm64: defconfig: build imx-sdma as a module (git-fixes).
arm64: do not abuse pfn_valid() to ensure presence of linear map (git-fixes).
arm64: Do not defer reserve_crashkernel() for platforms with no DMA memory zones (git-fixes).
arm64: Do not include __READ_ONCE() block in assembly files (git-fixes).
arm64: dts: agilex: use the compatible 'intel,socfpga-agilex-hsotg' (git-fixes).
arm64: dts: armada-3720-turris-mox: Add missing ethernet0 alias (git-fixes).
arm64: dts: broadcom: bcm4908: use proper TWD binding (git-fixes).
arm64: dts: broadcom: Fix sata nodename (git-fixes).
arm64: dts: imx8mm-beacon: Enable RTS-CTS on UART3 (git-fixes).
arm64: dts: imx8mm-venice: fix spi2 pin configuration (git-fixes)
arm64: dts: imx8mn-beacon: Enable RTS-CTS on UART3 (git-fixes).
arm64: dts: imx8mn-ddr4-evk: Describe the 32.768 kHz PMIC clock (git-fixes)
arm64: dts: imx8mn: Fix SAI nodes (git-fixes)
arm64: dts: imx8mp-evk: correct eqos pad settings (git-fixes).
arm64: dts: imx8mp-evk: correct gpio-led pad settings (git-fixes).
arm64: dts: imx8mp-evk: correct I2C1 pad settings (git-fixes).
arm64: dts: imx8mp-evk: correct I2C3 pad settings (git-fixes).
arm64: dts: imx8mp-evk: correct mmc pad settings (git-fixes).
arm64: dts: imx8mp-evk: correct the uart2 pinctl value (git-fixes).
arm64: dts: imx8mp-evk: correct vbus pad settings (git-fixes).
arm64: dts: imx8mp-phyboard-pollux-rdk: correct eqos pad settings (git-fixes).
arm64: dts: imx8mp-phyboard-pollux-rdk: correct i2c2 & mmc settings (git-fixes).
arm64: dts: imx8mp-phyboard-pollux-rdk: correct uart pad settings (git-fixes).
arm64: dts: imx8mq: fix lcdif port node (git-fixes).
arm64: dts: imx8qm: Correct SCU clock controller's compatible (git-fixes)
arm64: dts: imx: Fix imx8*-var-som touchscreen property sizes (git-fixes).
arm64: dts: juno: Remove GICv2m dma-range (git-fixes).
arm64: dts: ls1028a-qds: move rtc node to the correct i2c bus (git-fixes).
arm64: dts: ls1043a: Update i2c dma properties (git-fixes).
arm64: dts: ls1046a: Update i2c node dma properties (git-fixes).
arm64: dts: marvell: armada-37xx: Remap IO space to bus address 0x0 (git-fixes).
arm64: dts: marvell: espressobin-ultra: enable front USB3 port (git-fixes).
arm64: dts: marvell: espressobin-ultra: fix SPI-NOR config (git-fixes).
arm64: dts: meson-g12: add ATF BL32 reserved-memory region (git-fixes).
arm64: dts: meson-g12b-odroid-n2: fix typo 'dio2133' (git-fixes).
arm64: dts: meson-g12: drop BL32 region from SEI510/SEI610 (git-fixes).
arm64: dts: meson-gx: add ATF BL32 reserved-memory region (git-fixes).
arm64: dts: meson: remove CPU opps below 1GHz for G12B boards (git-fixes).
arm64: dts: meson: remove CPU opps below 1GHz for SM1 boards (git-fixes).
arm64: dts: meson-sm1-bananapi-m5: fix wrong GPIO domain for GPIOE_2 (git-fixes).
arm64: dts: meson-sm1-bananapi-m5: fix wrong GPIO pin labeling for CON1 (git-fixes).
arm64: dts: meson-sm1-odroid: fix boot loop after reboot (git-fixes).
arm64: dts: meson-sm1-odroid: use correct enable-gpio pin for tf-io regulator (git-fixes).
arm64: dts: mt8192: Fix nor_flash status disable typo (git-fixes).
arm64: dts: ns2: Fix spi-cpol and spi-cpha property (git-fixes).
arm64: dts: qcom: ipq8074: fix the sleep clock frequency (git-fixes).
arm64: dts: qcom: msm8916-huawei-g7: Clarify installation instructions (git-fixes).
arm64: dts: qcom: msm8994: Fix BLSP[12]_DMA channels count (git-fixes).
arm64: dts: qcom: msm8994: Fix CPU6/7 reg values (git-fixes).
arm64: dts: qcom: msm8994: Fix the cont_splash_mem address (git-fixes).
arm64: dts: qcom: msm8996: Drop flags for mdss irqs (git-fixes).
arm64: dts: qcom: msm8996: remove snps,dw-pcie compatibles (git-fixes).
arm64: dts: qcom: pm8350c: stop depending on thermal_zones label (git-fixes).
arm64: dts: qcom: pmr735a: stop depending on thermal_zones label (git-fixes).
arm64: dts: qcom: qrb5165-rb5: Fix can-clock node name (git-fixes).
arm64: dts: qcom: sdm845-db845c: add wifi variant property (git-fixes).
arm64: dts: qcom: sdm845: Drop flags for mdss irqs (git-fixes).
arm64: dts: qcom: sdm845: fix microphone bias properties and values (git-fixes).
arm64: dts: qcom: sdm845: remove snps,dw-pcie compatibles (git-fixes).
arm64: dts: qcom: sdm845-xiaomi-beryllium: fix typo in panel's vddio-supply property (git-fixes).
arm64: dts: qcom: sm8150: Correct TCS configuration for apps rsc (git-fixes).
arm64: dts: qcom: sm8250: Drop flags for mdss irqs (git-fixes).
arm64: dts: qcom: sm8250: Fix MSI IRQ for PCIe1 and PCIe2 (git-fixes).
arm64: dts: qcom: sm8250: fix PCIe bindings to follow schema (git-fixes).
arm64: dts: qcom: sm8350: Correct TCS configuration for apps rsc (git-fixes).
arm64: dts: qcom: sm8350: Correct UFS symbol clocks (git-fixes).
arm64: dts: qcom: sm8350: Describe GCC dependency clocks (git-fixes).
arm64: dts: qcom: sm8350: Shorten camera-thermal-bottom name (git-fixes).
arm64: dts: renesas: Fix thermal bindings (git-fixes).
arm64: dts: renesas: ulcb-kf: fix wrong comment (git-fixes).
arm64: dts: rockchip: align pl330 node name with dtschema (git-fixes).
arm64: dts: rockchip: fix rk3399-puma eMMC HS400 signal integrity (git-fixes).
arm64: dts: rockchip: fix rk3399-puma-haikou USB OTG mode (git-fixes).
arm64: dts: rockchip: Fix SDIO regulator supply properties on rk3399-firefly (git-fixes).
arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399 (git-fixes).
arm64: dts: rockchip: reorder rk3399 hdmi clocks (git-fixes).
arm64: dts: rockchip: Switch RK3399-Gru DP to SPDIF output (git-fixes).
arm64: dts: ti: j7200-main: Fix 'dtbs_check' serdes_ln_ctrl node (git-fixes).
arm64: dts: ti: j721e-main: Fix 'dtbs_check' in serdes_ln_ctrl node (git-fixes).
arm64: dts: ti: k3-am64: Fix gic-v3 compatible regs (git-fixes).
arm64: dts: ti: k3-am64-main: Remove support for HS400 speed mode (git-fixes).
arm64: dts: ti: k3-am64-mcu: remove incorrect UART base clock rates (git-fixes).
arm64: dts: ti: k3-am65: Fix gic-v3 compatible regs (git-fixes).
arm64: dts: ti: k3-j7200: Fix gic-v3 compatible regs (git-fixes).
arm64: dts: ti: k3-j721e: Fix gic-v3 compatible regs (git-fixes).
arm64: Enable repeat tlbi workaround on KRYO4XX gold CPUs (git-fixes).
arm64: Ensure execute-only permissions are not allowed without EPAN (git-fixes)
arm64: fix clang warning about TRAMP_VALIAS (git-fixes).
arm64: fix types in copy_highpage() (git-fixes).
arm64: ftrace: consistently handle PLTs (git-fixes).
arm64: ftrace: fix branch range checks (git-fixes).
arm64: kasan: fix include error in MTE functions (git-fixes).
arm64: kvm: keep the field workaround_flags in structure kvm_vcpu_arch (git-fixes).
arm64: Mark start_backtrace() notrace and NOKPROBE_SYMBOL (git-fixes)
arm64: mm: Drop 'const' from conditional arm64_dma_phys_limit definition (git-fixes).
arm64: mm: fix p?d_leaf() (git-fixes).
arm64: module: remove (NOLOAD) from linker script (git-fixes).
arm64: mte: Ensure the cleared tags are visible before setting the PTE (git-fixes).
arm64: paravirt: Use RCU read locks to guard stolen_time (git-fixes).
arm64: patch_text: Fixup last cpu should be master (git-fixes).
arm64: prevent instrumentation of bp hardening callbacks (git-fixes).
arm64: signal: nofpsimd: Do not allocate fp/simd context when not available (git-fixes).
arm64: stackleak: fix current_top_of_stack() (git-fixes).
arm64: supported.conf: mark PHY_FSL_IMX8MQ_USB as supported (bsc#1199909)
arm64: tegra: Add missing DFLL reset on Tegra210 (git-fixes).
arm64: tegra: Adjust length of CCPLEX cluster MMIO region (git-fixes).
arm64: Update config files. (bsc#1199909) Add pfuze100 regulator as module
arm64: vdso: fix makefile dependency on vdso.so (git-fixes).
ARM: 9178/1: fix unmet dependency on BITREVERSE for HAVE_ARCH_BITREVERSE (git-fixes).
ARM: 9182/1: mmu: fix returns from early_param() and __setup() functions (git-fixes).
ARM: 9187/1: JIVE: fix return value of __setup handler (git-fixes).
ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame() (git-fixes).
ARM: 9196/1: spectre-bhb: enable for Cortex-A15 (git-fixes).
ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2 (git-fixes).
ARM: at91: fix soc detection for SAM9X60 SiPs (git-fixes).
ARM: at91: pm: use proper compatible for sama5d2's rtc (git-fixes).
ARM: at91: pm: use proper compatibles for sam9x60's rtc and rtt (git-fixes).
ARM: boot: dts: bcm2711: Fix HVS register range (git-fixes).
ARM: cns3xxx: Fix refcount leak in cns3xxx_init (git-fixes).
ARM: configs: multi_v5_defconfig: re-enable CONFIG_V4L_PLATFORM_DRIVERS (git-fixes).
ARM: configs: multi_v5_defconfig: re-enable DRM_PANEL and FB_xxx (git-fixes).
ARM: config: u8500: Re-enable AB8500 battery charging (git-fixes).
ARM: davinci: da850-evm: Avoid NULL pointer dereference (git-fixes).
ARM: Do not use NOCROSSREFS directive with ld.lld (git-fixes).
ARM: dts: am3517-evm: Fix misc pinmuxing (git-fixes).
ARM: dts: aspeed: Add ADC for AST2600 and enable for Rainier and Everest (git-fixes).
ARM: dts: aspeed: Add secure boot controller node (git-fixes).
ARM: dts: aspeed: Add video engine to g6 (git-fixes).
ARM: dts: aspeed: ast2600-evb: Enable RX delay for MAC0/MAC1 (git-fixes).
ARM: dts: aspeed: Fix AST2600 quad spi group (git-fixes).
ARM: dts: aspeed-g6: fix SPI1/SPI2 quad pin group (git-fixes).
ARM: dts: aspeed-g6: remove FWQSPID group in pinctrl dtsi (git-fixes).
ARM: dts: at91: fix pinctrl phandles (git-fixes).
ARM: dts: at91: Map MCLK for wm8731 on at91sam9g20ek (git-fixes).
ARM: dts: at91: sam9x60ek: fix eeprom compatible and size (git-fixes).
ARM: dts: at91: sama5d2: Fix PMERRLOC resource size (git-fixes).
ARM: dts: at91: sama5d2_icp: fix eeprom compatibles (git-fixes).
ARM: dts: at91: sama5d4_xplained: fix pinctrl phandle name (git-fixes).
ARM: dts: bcm2711: Add the missing L1/L2 cache information (git-fixes).
ARM: dts: bcm2711-rpi-400: Fix GPIO line names (git-fixes).
ARM: dts: bcm2835-rpi-b: Fix GPIO line names (git-fixes).
ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT (git-fixes).
ARM: dts: bcm2837: Add the missing L1/L2 cache information (git-fixes).
ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED (git-fixes).
ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C (git-fixes).
ARM: dts: BCM5301X: update CRU block description (git-fixes).
ARM: dts: BCM5301X: Update pin controller node name (git-fixes).
ARM: dts: ci4x10: Adapt to changes in imx6qdl.dtsi regarding fec clocks (git-fixes).
ARM: dts: dra7: Fix suspend warning for vpe powerdomain (git-fixes).
ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM (git-fixes).
ARM: dts: exynos: add missing HDMI supplies on SMDK5250 (git-fixes).
ARM: dts: exynos: add missing HDMI supplies on SMDK5420 (git-fixes).
ARM: dts: exynos: fix UART3 pins configuration in Exynos5250 (git-fixes).
ARM: dts: Fix boot regression on Skomer (git-fixes).
ARM: dts: Fix mmc order for omap3-gta04 (git-fixes).
ARM: dts: Fix OpenBMC flash layout label addresses (git-fixes).
ARM: dts: Fix timer regression for beagleboard revision c (git-fixes).
ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group (git-fixes).
ARM: dts: imx6dl-colibri: Fix I2C pinmuxing (git-fixes).
ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue (git-fixes).
ARM: dts: imx6qdl: correct PU regulator ramp delay (git-fixes).
ARM: dts: imx6qdl-udoo: Properly describe the SD card detect (git-fixes).
ARM: dts: imx6ull-colibri: fix vqmmc regulator (git-fixes).
ARM: dts: imx7: Move hsic_phy power domain to HSIC PHY node (git-fixes).
ARM: dts: imx7ulp: Fix 'assigned-clocks-parents' typo (git-fixes).
ARM: dts: imx7: Use audio_mclk_post_div instead audio_mclk_root_clk (git-fixes).
ARM: dts: imx8mm-venice-gw{71xx,72xx,73xx}: fix OTG controller OC (git-fixes)
ARM: dts: imx: Add missing LVDS decoder on M53Menlo (git-fixes).
ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35 (git-fixes).
ARM: dts: meson8b: Fix the UART device-tree schema validation (git-fixes).
ARM: dts: meson8: Fix the UART device-tree schema validation (git-fixes).
ARM: dts: meson: Fix the UART compatible strings (git-fixes).
ARM: dts: ox820: align interrupt controller node name with dtschema (git-fixes).
ARM: dts: qcom: fix gic_irq_domain_translate warnings for msm8960 (git-fixes).
ARM: dts: qcom: ipq4019: fix sleep clock (git-fixes).
ARM: dts: qcom: msm8974: Drop flags for mdss irqs (git-fixes).
ARM: dts: qcom: sdx55: fix IPA interconnect definitions (git-fixes).
ARM: dts: rockchip: fix a typo on rk3288 crypto-controller (git-fixes).
ARM: dts: rockchip: reorder rk322x hmdi clocks (git-fixes).
ARM: dts: s5pv210: align DMA channels with dtschema (git-fixes).
ARM: dts: s5pv210: Correct interrupt name for bluetooth in Aries (git-fixes).
ARM: dts: s5pv210: Remove spi-cs-high on panel in Aries (git-fixes).
ARM: dts: socfpga: align interrupt controller node name with dtschema (git-fixes).
ARM: dts: socfpga: change qspi to 'intel,socfpga-qspi' (git-fixes).
ARM: dts: spear1340: Update serial node properties (git-fixes).
ARM: dts: spear13xx: Update SPI dma properties (git-fixes).
ARM: dts: stm32: fix AV96 board SAI2 pin muxing on stm32mp15 (git-fixes).
ARM: dts: stm32: Fix PHY post-reset delay on Avenger96 (git-fixes).
ARM: dts: sun8i: v3s: Move the csi1 block to follow address order (git-fixes).
ARM: dts: suniv: F1C100: fix watchdog compatible (git-fixes).
ARM: dts: switch timer config to common devkit8000 devicetree (git-fixes).
ARM: dts: Use 32KiHz oscillator on devkit8000 (git-fixes).
ARM: exynos: Fix refcount leak in exynos_map_pmu (git-fixes).
ARM: fix build warning in proc-v7-bugs.c (git-fixes).
ARM: fix co-processor register typo (git-fixes).
ARM: Fix kgdb breakpoint for Thumb2 (git-fixes).
ARM: Fix refcount leak in axxia_boot_secondary (git-fixes).
ARM: fix Thumb2 regression with Spectre BHB (git-fixes).
ARM: ftrace: avoid redundant loads or clobbering IP (git-fixes).
ARM: ftrace: ensure that ADR takes the Thumb bit into account (git-fixes).
ARM: hisi: Add missing of_node_put after of_find_compatible_node (git-fixes).
ARM: iop32x: offset IRQ numbers by 1 (git-fixes).
ARM: kprobes: Make space for instruction pointer on stack (bsc#1193277).
ARM: mediatek: select arch timer for mt7629 (git-fixes).
ARM: meson: Fix refcount leak in meson_smp_prepare_cpus (git-fixes).
ARM: mmp: Fix failure to remove sram device (git-fixes).
ARM: mstar: Select HAVE_ARM_ARCH_TIMER (git-fixes).
ARM: mxs_defconfig: Enable the framebuffer (git-fixes).
ARM: omap1: ams-delta: remove camera leftovers (git-fixes).
ARM: OMAP1: clock: Fix UART rate reporting algorithm (git-fixes).
ARM: OMAP2+: adjust the location of put_device() call in omapdss_init_of (git-fixes).
ARM: OMAP2+: Fix refcount leak in omap_gic_of_init (git-fixes).
ARM: OMAP2+: hwmod: Add of_node_put() before break (git-fixes).
ARM: pxa: maybe fix gpio lookup tables (git-fixes).
ARM: socfpga: fix missing RESET_CONTROLLER (git-fixes).
ARM: Spectre-BHB: provide empty stub for non-config (git-fixes).
ARM: tegra: tamonten: Fix I2C3 pad setting (git-fixes).
ARM: vexpress/spc: Avoid negative array index when !SMP (git-fixes).
ASoC: amd: Fix reference to PCM buffer address (git-fixes).
ASoC: amd: vg: fix for pm resume callback sequence (git-fixes).
ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe (git-fixes).
ASoC: atmel-classd: Remove endianness flag on class d component (git-fixes).
ASoC: atmel: Fix error handling in sam9x5_wm8731_driver_probe (git-fixes).
ASoC: atmel: Fix error handling in snd_proto_probe (git-fixes).
ASoC: atmel-pdmic: Remove endianness flag on pdmic component (git-fixes).
ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek (git-fixes).
ASoC: atmel_ssc_dai: Handle errors for clk_enable (git-fixes).
ASoC: codecs: Check for error pointer after calling devm_regmap_init_mmio (git-fixes).
ASoC: codecs: lpass-rx-macro: fix sidetone register offsets (git-fixes).
ASoC: codecs: rx-macro: fix accessing array out of bounds for enum type (git-fixes).
ASoC: codecs: rx-macro: fix accessing compander for aux (git-fixes).
ASoC: codecs: va-macro: fix accessing array out of bounds for enum type (git-fixes).
ASoC: codecs: wc938x: fix accessing array out of bounds for enum type (git-fixes).
ASoC: codecs: wcd934x: Add missing of_node_put() in wcd934x_codec_parse_data (git-fixes).
ASoC: codecs: wcd934x: do not switch off SIDO Buck when codec is in use (git-fixes).
ASoC: codecs: wcd934x: fix kcontrol max values (git-fixes).
ASoC: codecs: wcd934x: fix return value of wcd934x_rx_hph_mode_put (git-fixes).
ASoC: codecs: wcd938x: fix return value of mixer put function (git-fixes).
ASoC: cpcap: Check for NULL pointer after calling of_get_child_by_name (git-fixes).
ASoC: cs35l36: Update digital volume TLV (git-fixes).
ASoC: cs4265: Fix the duplicated control name (git-fixes).
ASoC: cs42l51: Correct minimum value for SX volume control (git-fixes).
ASoC: cs42l52: Correct TLV for Bypass Volume (git-fixes).
ASoC: cs42l52: Fix TLV scales for mixer controls (git-fixes).
ASoC: cs42l56: Correct typo in minimum level for SX volume controls (git-fixes).
ASoC: cs53l30: Correct number of volume levels on SX controls (git-fixes).
ASoC: da7219: Fix change notifications for tone generator frequency (git-fixes).
ASoC: dapm: Do not fold register value changes into notifications (git-fixes).
ASoC: dmaengine: do not use a NULL prepare_slave_config() callback (git-fixes).
ASoC: dmaengine: Restore NULL prepare_slave_config() callback (git-fixes).
ASoC: dwc-i2s: Handle errors for clk_enable (git-fixes).
ASoC: es8328: Fix event generation for deemphasis control (git-fixes).
ASoC: fsi: Add check for clk_enable (git-fixes).
ASoC: fsl: Add missing error handling in pcm030_fabric_probe (git-fixes).
ASoC: fsl: Fix refcount leak in imx_sgtl5000_probe (git-fixes).
ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition (git-fixes).
ASoC: fsl_spdif: Disable TX clock when stop (git-fixes).
ASoC: fsl: Use dev_err_probe() helper (git-fixes).
ASoC: hdmi-codec: Fix OOB memory accesses (git-fixes).
ASoC: imx-es8328: Fix error return code in imx_es8328_probe() (git-fixes).
ASoC: imx-hdmi: Fix refcount leak in imx_hdmi_probe (git-fixes).
ASoC: Intel: bytcr_rt5640: Add quirk for the HP Pro Tablet 408 (git-fixes).
ASoC: intel: skylake: Set max DMA segment size (git-fixes).
ASoC: Intel: soc-acpi: correct device endpoints for max98373 (git-fixes).
ASoC: Intel: sof_sdw: fix quirks for 2022 HP Spectre x360 13' (git-fixes).
ASoC: madera: Add dependencies on MFD (git-fixes).
ASoC: max9759: fix underflow in speaker_gain_control_put() (git-fixes).
ASoC: max98090: Generate notifications on changes for custom control (git-fixes).
ASoC: max98090: Move check for invalid values before casting in max98090_put_enab_tlv() (git-fixes).
ASoC: max98090: Reject invalid values in custom control put() (git-fixes).
ASoC: max98357a: remove dependency on GPIOLIB (git-fixes).
ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe (git-fixes).
ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe (git-fixes).
ASoC: mediatek: mt6358: add missing EXPORT_SYMBOLs (git-fixes).
ASoC: mediatek: mt8192-mt6359: Fix error handling in mt8192_mt6359_dev_probe (git-fixes).
ASoC: mediatek: use of_device_get_match_data() (git-fixes).
ASoC: meson: Fix event generation for AUI ACODEC mux (git-fixes).
ASoC: meson: Fix event generation for AUI CODEC mux (git-fixes).
ASoC: meson: Fix event generation for G12A tohdmi mux (git-fixes).
ASoC: msm8916-wcd-analog: Fix error handling in pm8916_wcd_analog_spmi_probe (git-fixes).
ASoC: msm8916-wcd-digital: Check failure for devm_snd_soc_register_component (git-fixes).
ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare() in msm8916_wcd_digital_probe (git-fixes).
ASoC: mxs: Fix error handling in mxs_sgtl5000_probe (git-fixes).
ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe (git-fixes).
ASoC: mxs-saif: Handle errors for clk_enable (git-fixes).
ASoC: nau8822: Add operation for internal PLL off and on (git-fixes).
ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw() (git-fixes).
ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range() (git-fixes).
ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_sx() (git-fixes).
ASoC: ops: Fix stereo change notifications in snd_soc_put_xr_sx() (git-fixes).
ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() (git-fixes).
ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() (git-fixes).
ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() (git-fixes).
ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min (git-fixes).
ASoC: ops: Validate input values in snd_soc_put_volsw_range() (git-fixes).
ASoC: qcom: Actually clear DMA interrupt register for HDMI (git-fixes).
ASoC: rk3328: fix disabling mclk on pclk probe failure (git-fixes).
ASoC: rk817: Fix missing clk_disable_unprepare() in rk817_platform_probe (git-fixes).
ASoC: rk817: Use devm_clk_get() in rk817_platform_probe (git-fixes).
ASoC: rockchip: i2s: Fix missing clk_disable_unprepare() in rockchip_i2s_probe (git-fixes).
ASoC: rsnd: care default case on rsnd_ssiu_busif_err_status_clear() (git-fixes).
ASoC: rsnd: care return value from rsnd_node_fixed_index() (git-fixes).
ASoC: rt1015p: remove dependency on GPIOLIB (git-fixes).
ASoC: rt5514: Fix event generation for 'DSP Voice Wake Up' control (git-fixes).
ASoC: rt5645: Fix errorenous cleanup order (git-fixes).
ASoC: rt5663: check the return value of devm_kzalloc() in rt5663_parse_dp() (git-fixes).
ASoC: rt5668: do not block workqueue if card is unbound (git-fixes).
ASoC: rt5682: do not block workqueue if card is unbound (git-fixes).
ASoC: samsung: Fix refcount leak in aries_audio_probe (git-fixes).
ASoC: samsung: Use dev_err_probe() helper (git-fixes).
ASoC: simple-card: fix probe failure on platform component (git-fixes).
ASoC: simple-card-utils: Set sysclk on all components (git-fixes).
ASoC: soc-compress: Change the check for codec_dai (git-fixes).
ASoC: soc-compress: prevent the potentially use of null pointer (git-fixes).
ASoC: soc-core: skip zero num_dai component in searching dai name (git-fixes).
ASoC: soc-dapm: fix two incorrect uses of list iterator (git-fixes).
ASoC: soc-ops: fix error handling (git-fixes).
ASoC: SOF: Add missing of_node_put() in imx8m_probe (git-fixes).
ASoC: SOF: Fix NULL pointer exception in sof_pci_probe callback (git-fixes).
ASoC: SOF: hda: Set max DMA segment size (git-fixes).
ASoC: SOF: Intel: enable DMI L1 for playback streams (git-fixes).
ASoC: SOF: Intel: Fix build error without SND_SOC_SOF_PCI_DEV (git-fixes).
ASoC: SOF: Intel: Fix NULL ptr dereference when ENOMEM (git-fixes).
ASoC: SOF: Intel: match sdw version on link_slaves_found (git-fixes).
ASoC: SOF: topology: remove redundant code (git-fixes).
ASoC: sti: Fix deadlock via snd_pcm_stop_xrun() call (git-fixes).
ASoC: tas2770: Insert post reset delay (git-fixes).
ASoC: ti: davinci-i2s: Add check for clk_enable() (git-fixes).
ASoC: ti: j721e-evm: Fix refcount leak in j721e_soc_probe_* (git-fixes).
ASoC: topology: Allow TLV control to be either read or write (git-fixes).
ASoC: topology: Correct error handling in soc_tplg_dapm_widget_create() (git-fixes).
ASoC: topology: Optimize soc_tplg_dapm_graph_elems_load behavior (git-fixes).
ASoC: tscs454: Add endianness flag in snd_soc_component_driver (git-fixes).
ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() (git-fixes).
ASoC: wm8350: Handle error for wm8350_register_irq (git-fixes).
ASoC: wm8958: Fix change notifications for DSP controls (git-fixes).
ASoC: wm8962: Fix suspend while playing music (git-fixes).
ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put() (git-fixes).
ASoC: xilinx: xlnx_formatter_pcm: Handle sysclk setting (git-fixes).
ASoC: xilinx: xlnx_formatter_pcm: Make buffer bytes multiple of period bytes (git-fixes).
assoc_array: Fix BUG_ON during garbage collect (git-fixes).
asus-wmi: Add dgpu disable method (bsc#1198058).
asus-wmi: Add egpu enable method (bsc#1198058).
asus-wmi: Add panel overdrive functionality (bsc#1198058).
asus-wmi: Add support for platform_profile (bsc#1198058).
ata: libata: add qc->flags in ata_qc_complete_template tracepoint (git-fixes).
ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs (git-fixes).
ata: libata-core: Disable TRIM on M88V29 (git-fixes).
ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() (git-fixes).
ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files (git-fixes).
ata: pata_hpt37x: disable primary channel on HPT371 (git-fixes).
ata: pata_hpt37x: fix PCI clock detection (git-fixes).
ata: pata_marvell: Check the 'bmdma_addr' beforing reading (git-fixes).
ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe (git-fixes).
ata: sata_dwc_460ex: Fix crash due to OOB write (git-fixes).
ath10k: Fix error handling in ath10k_setup_msa_resources (git-fixes).
ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern (git-fixes).
ath10k: skip ath10k_halt during suspend for driver state RESTARTING (git-fixes).
ath11k: acquire ab->base_lock in unassign when finding the peer by addr (git-fixes).
ath11k: disable spectral scan during spectral deinit (git-fixes).
ath11k: Do not check arvif->is_started before sending management frames (git-fixes).
ath11k: fix kernel panic during unload/load ath11k modules (git-fixes).
ath11k: mhi: use mhi_sync_power_up() (git-fixes).
ath11k: pci: fix crash on suspend if board file is not found (git-fixes).
ath11k: set correct NL80211_FEATURE_DYNAMIC_SMPS for WCN6855 (git-fixes).
ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (git-fixes).
ath9k: fix ar9003_get_eepmisc (git-fixes).
ath9k: fix QCA9561 PA bias level (git-fixes).
ath9k: Fix usage of driver-private space in tx_info (git-fixes).
ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix (git-fixes).
ath9k_htc: fix uninit value bugs (git-fixes).
ath9k: Properly clear TX status area before reporting to mac80211 (git-fixes).
atl1c: fix tx timeout after link flap on Mikrotik 10/25G NIC (git-fixes).
atm: eni: Add check for dma_map_single (git-fixes).
atm: firestream: check the return value of ioremap() in fs_init() (git-fixes).
atomics: Fix atomic64_{read_acquire,set_release} fallbacks (git-fixes).
audit: ensure userspace is penalized the same as the kernel when under pressure (git-fixes).
audit: improve audit queue handling when 'audit=1' on cmdline (git-fixes).
audit: improve robustness of the audit queue handling (git-fixes).
auxdisplay: lcd2s: Fix lcd2s_redefine_char() feature (git-fixes).
auxdisplay: lcd2s: Fix memory leak in ->remove() (git-fixes).
auxdisplay: lcd2s: Use proper API to free the instance of charlcd object (git-fixes).
ax25: Fix NULL pointer dereference in ax25_kill_by_device (git-fixes).
ax25: improve the incomplete fix to avoid UAF and NPD bugs (git-fixes).
b43: Fix assigning negative value to unsigned variable (git-fixes).
b43legacy: Fix assigning negative value to unsigned variable (git-fixes).
bareudp: use ipv6_mod_enabled to check if IPv6 enabled (git-fixes).
batman-adv: Do not expect inter-netns unique iflink indices (git-fixes).
batman-adv: Do not skb_split skbuffs with frag_list (git-fixes).
batman-adv: Request iflink once in batadv_get_real_netdevice (git-fixes).
batman-adv: Request iflink once in batadv-on-batadv check (git-fixes).
bcache: avoid journal no-space deadlock by reserving 1 journal bucket (git-fixes).
bcache: avoid unnecessary soft lockup in kworker update_writeback_rate() (bsc#1197362).
bcache: fixup multiple threads crash (git-fixes).
bcache: fix use-after-free problem in bcache_device_free() (git-fixes).
bcache: improve multithreaded bch_btree_check() (git-fixes).
bcache: improve multithreaded bch_sectors_dirty_init() (git-fixes).
bcache: memset on stack variables in bch_btree_check() and bch_sectors_dirty_init() (git-fixes).
bcache: remove incremental dirty sector counting for bch_sectors_dirty_init() (git-fixes).
bfq: Allow current waker to defend against a tentative one (bsc#1195915).
bfq: Avoid false marking of bic as stably merged (bsc#1197926).
bfq: Avoid merging queues with different parents (bsc#1197926).
bfq: Do not let waker requests skip proper accounting (bsc#1184318).
bfq: Drop pointless unlock-lock pair (bsc#1197926).
bfq: Fix warning in bfqq_request_over_limit() (bsc#1200812).
bfq: Get rid of __bio_blkcg() usage (bsc#1197926).
bfq: Limit number of requests consumed by each cgroup (bsc#1184318).
bfq: Limit waker detection in time (bsc#1184318).
bfq: Make sure bfqg for which we are queueing requests is online (bsc#1197926).
bfq: Relax waker detection for shared queues (bsc#1184318).
bfq: Remove pointless bfq_init_rq() calls (bsc#1197926).
bfq: Split shared queues on move between cgroups (bsc#1197926).
bfq: Store full bitmap depth in bfq_data (bsc#1184318).
bfq: Track number of allocated requests in bfq_entity (bsc#1184318).
bfq: Track whether bfq_group is still online (bsc#1197926).
bfq: Update cgroup information before merging bio (bsc#1197926).
binfmt_flat: do not stop relocating GOT entries prematurely on riscv (git-fixes).
bitfield: add explicit inclusions to the example (git-fixes).
blkcg: Remove extra blkcg_bio_issue_init (bsc#1194585).
blk-cgroup: move blkcg_{get,set}_fc_appid out of line (bsc#1200045).
blk-cgroup: set blkg iostat after percpu stat aggregation (bsc#1198018).
blk-iolatency: Fix inflight count imbalances and IO hangs on offline (bsc#1200825).
blk-mq: cancel blk-mq dispatch work in both blk_cleanup_queue and disk_release() (bsc#1198034).
blk-mq: do not touch ->tagset in blk_mq_get_sq_hctx (bsc#1200824).
blk-mq: do not update io_ticks with passthrough requests (bsc#1200816).
blk-mq: fix tag_get wait task can't be awakened (bsc#1200263).
blk-mq: Fix wrong wakeup batch configuration which will cause hang (bsc#1200263).
blktrace: fix use after free for struct blk_trace (bsc#1198017).
block: assign bi_bdev for cloned bios in blk_rq_prep_clone (bsc#1198016).
block: avoid to quiesce queue in elevator_init_mq (bsc#1198013).
block, bfq: fix UAF problem in bfqg_stats_init() (bsc#1194583).
block: bio-integrity: Advance seed correctly for larger interval sizes (git-fixes).
block: Check ADMIN before NICE for IOPRIO_CLASS_RT (bsc#1198012).
block: do not delete queue kobject before its children (bsc#1198019).
block: do not merge across cgroup boundaries if blkcg is enabled (bsc#1198020).
block: fix async_depth sysfs interface for mq-deadline (bsc#1198015).
block: fix bio_clone_blkg_association() to associate with proper blkcg_gq (bsc#1200259).
block: Fix handling of offline queues in blk_mq_alloc_request_hctx() (git-fixes).
block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) (bsc#1194586).
block: Fix the maximum minor value is blk_alloc_ext_minor() (bsc#1198021).
block: Fix up kabi after blkcg merge fix (bsc#1198020).
block: Hold invalidate_lock in BLKRESETZONE ioctl (bsc#1198010).
block: limit request dispatch loop duration (bsc#1198022).
block/mq-deadline: Improve request accounting further (bsc#1198009).
block: Provide blk_mq_sched_get_icq() (bsc#1184318).
block: update io_ticks when io hang (bsc#1197817).
block/wbt: fix negative inflight counter when remove scsi device (bsc#1197819).
Bluetooth: btintel: Fix WBS setting for Intel legacy ROM products (git-fixes).
Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt (git-fixes).
Bluetooth: btusb: Add another Realtek 8761BU (git-fixes).
Bluetooth: btusb: Add missing Chicony device for Realtek RTL8723BE (bsc#1196779).
Bluetooth: btusb: Add one more Bluetooth part for the Realtek RTL8852AE (git-fixes).
Bluetooth: btusb: Whitespace fixes for btusb_setup_csr() (git-fixes).
Bluetooth: call hci_le_conn_failed with hdev lock in hci_le_conn_failed (git-fixes).
Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout (git-fixes).
Bluetooth: Fix not checking for valid hdev on bt_dev_{info,warn,err,dbg} (git-fixes).
Bluetooth: Fix the creation of hdev->name (git-fixes).
Bluetooth: Fix use after free in hci_send_acl (git-fixes).
Bluetooth: hci_qca: Use del_timer_sync() before freeing (git-fixes).
Bluetooth: hci_serdev: call init_rwsem() before p->open() (git-fixes).
Bluetooth: use hdev lock for accept_list and reject_list in conn req (git-fixes).
Bluetooth: use hdev lock in activate_scan for hci_is_adv_monitoring (git-fixes).
Bluetooth: use memset avoid memory leaks (git-fixes).
bnx2x: fix napi API usage sequence (bsc#1198217).
bnxt_en: Do not destroy health reporters during reset (bsc#1199736).
bnxt_en: Eliminate unintended link toggle during FW reset (bsc#1199736).
bnxt_en: Fix active FEC reporting to ethtool (git-fixes).
bnxt_en: Fix devlink fw_activate (jsc#SLE-18978).
bnxt_en: Fix incorrect multicast rx mask setting when not requested (git-fixes).
bnxt_en: Fix occasional ethtool -t loopback test failures (git-fixes).
bnxt_en: Fix offline ethtool selftest with RDMA enabled (git-fixes).
bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag (git-fixes).
bnxt_en: Fix unnecessary dropping of RX packets (git-fixes).
bnxt_en: Increase firmware message response DMA wait time (git-fixes).
bnxt_en: Prevent XDP redirect from running when stopping TX queue (git-fixes).
bnxt_en: reserve space inside receive page for skb_shared_info (git-fixes).
bnxt_en: Restore the resets_reliable flag in bnxt_open() (jsc#SLE-18978).
bnxt_en: Synchronize tx when xdp redirects happen on same ring (git-fixes).
bonding: fix data-races around agg_select_timer (git-fixes).
bonding: force carrier update when releasing slave (git-fixes).
bonding: pair enable_port with slave_arr_updates (git-fixes).
bpf: Add check_func_arg_reg_off function (git-fixes).
bpf: add config to allow loading modules with BTF mismatches (bsc#1194501).
bpf: Avoid races in __bpf_prog_run() for 32bit arches (git-fixes).
bpf: Disallow negative offset in check_ptr_off_reg (git-fixes).
bpf: Fix comment for helper bpf_current_task_under_cgroup() (git-fixes).
bpf: Fix kernel address leakage in atomic cmpxchg's r0 aux reg (git-fixes).
bpf: Fix PTR_TO_BTF_ID var_off check (git-fixes).
bpf: Fix UAF due to race between btf_try_get_module and load_module (git-fixes).
bpf: Mark PTR_TO_FUNC register initially with zero offset (git-fixes).
bpf: Resolve to prog->aux->dst_prog->type only for BPF_PROG_TYPE_EXT (git-fixes).
bpf: selftests: adapt bpf_iter_task_vma to get_inode_dev() (bsc#1198585).
bpf, selftests: Fix racing issue in btf_skc_cls_ingress test (git-fixes).
bpf, selftests: Update test case for atomic cmpxchg on r0 with pointer (git-fixes).
bpftool: Fix memory leak in prog_dump() (git-fixes).
bpftool: Remove inclusion of utilities.mak from Makefiles (git-fixes).
bpftool: Remove unused includes to bpf/bpf_gen_internal.h (git-fixes).
bpftool: Remove useless #include to perf-sys.h from map_perf_ring.c (git-fixes).
brcmfmac: firmware: Allocate space for default boardrev in nvram (git-fixes).
brcmfmac: firmware: Fix crash in brcm_alt_fw_path (git-fixes).
brcmfmac: pcie: Declare missing firmware files in pcie.c (git-fixes).
brcmfmac: pcie: Fix crashes due to early IRQs (git-fixes).
brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path (git-fixes).
brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio (git-fixes).
brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant (git-fixes).
btrfs: add a BTRFS_FS_ERROR helper (bsc#1197915).
btrfs: add btrfs_set_item_*_nr() helpers (bsc#1197915).
btrfs: add helper to truncate inode items when logging inode (bsc#1197915).
btrfs: add missing run of delayed items after unlink during log replay (bsc#1197915).
btrfs: add ro compat flags to inodes (bsc#1197915).
btrfs: always update the logged transaction when logging new names (bsc#1197915).
btrfs: assert that extent buffers are write locked instead of only locked (bsc#1197915).
btrfs: avoid attempt to drop extents when logging inode for the first time (bsc#1197915).
btrfs: avoid expensive search when dropping inode items from log (bsc#1197915).
btrfs: avoid expensive search when truncating inode items from the log (bsc#1197915).
btrfs: Avoid live-lock in search_ioctl() on hardware with sub-page (git-fixes)
btrfs: avoid search for logged i_size when logging inode if possible (bsc#1197915).
btrfs: avoid unnecessarily logging directories that had no changes (bsc#1197915).
btrfs: avoid unnecessary lock and leaf splits when updating inode in the log (bsc#1197915).
btrfs: avoid unnecessary log mutex contention when syncing log (bsc#1197915).
btrfs: change error handling for btrfs_delete_*_in_log (bsc#1197915).
btrfs: change handle_fs_error in recover_log_trees to aborts (bsc#1197915).
btrfs: check if a log tree exists at inode_logged() (bsc#1197915).
btrfs: constify and cleanup variables in comparators (bsc#1197915).
btrfs: do not commit delayed inode when logging a file in full sync mode (bsc#1197915).
btrfs: do not log new dentries when logging that a new name exists (bsc#1197915).
btrfs: do not pin logs too early during renames (bsc#1197915).
btrfs: drop the _nr from the item helpers (bsc#1197915).
btrfs: eliminate some false positives when checking if inode was logged (bsc#1197915).
btrfs: factor out the copying loop of dir items from log_dir_items() (bsc#1197915).
btrfs: fix lost prealloc extents beyond eof after full fsync (bsc#1197915).
btrfs: fix lzo_decompress_bio() kmap leakage (bsc#1193852).
btrfs: fix memory leak in __add_inode_ref() (bsc#1197915).
btrfs: fix missing last dir item offset update when logging directory (bsc#1197915).
btrfs: fix re-dirty process of tree-log nodes (bsc#1197915).
btrfs: improve the batch insertion of delayed items (bsc#1197915).
btrfs: insert items in batches when logging a directory when possible (bsc#1197915).
btrfs: introduce btrfs_lookup_match_dir (bsc#1197915).
btrfs: introduce item_nr token variant helpers (bsc#1197915).
btrfs: keep track of the last logged keys when logging a directory (bsc#1197915).
btrfs: loop only once over data sizes array when inserting an item batch (bsc#1197915).
btrfs: make btrfs_file_extent_inline_item_len take a slot (bsc#1197915).
btrfs: only copy dir index keys when logging a directory (bsc#1197915).
btrfs: remove no longer needed checks for NULL log context (bsc#1197915).
btrfs: remove no longer needed full sync flag check at inode_logged() (bsc#1197915).
btrfs: remove no longer needed logic for replaying directory deletes (bsc#1197915).
btrfs: remove redundant log root assignment from log_dir_items() (bsc#1197915).
btrfs: remove root argument from add_link() (bsc#1197915).
btrfs: remove root argument from btrfs_log_inode() and its callees (bsc#1197915).
btrfs: remove root argument from btrfs_unlink_inode() (bsc#1197915).
btrfs: remove root argument from check_item_in_log() (bsc#1197915).
btrfs: remove root argument from drop_one_dir_item() (bsc#1197915).
btrfs: remove the btrfs_item_end() helper (bsc#1197915).
btrfs: remove unnecessary list head initialization when syncing log (bsc#1197915).
btrfs: remove unneeded return variable in btrfs_lookup_file_extent (bsc#1197915).
btrfs: rename btrfs_item_end_nr to btrfs_item_data_end (bsc#1197915).
btrfs: stop doing GFP_KERNEL memory allocations in the ref verify tool (bsc#1197915).
btrfs: unexport setup_items_for_insert() (bsc#1197915).
btrfs: unify lookup return value when dir entry is missing (bsc#1197915).
btrfs: update comment at log_conflicting_inodes() (bsc#1197915).
btrfs: use btrfs_item_size_nr/btrfs_item_offset_nr everywhere (bsc#1197915).
btrfs: use btrfs_next_leaf instead of btrfs_next_item when slots > nritems (bsc#1197915).
btrfs: use single bulk copy operations when logging directories (bsc#1197915).
bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove() (git-fixes).
bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() (git-fixes).
bus: ti-sysc: Fix warnings for unbind for serial (git-fixes).
bus: ti-sysc: Make omap3 gpt12 quirk handling SoC specific (git-fixes).
caif_virtio: fix race between virtio_device_ready() and ndo_open() (git-fixes).
can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path (git-fixes).
can: etas_es58x: change opened_channel_cnt's type from atomic_t to u8 (git-fixes).
can: etas_es58x: es58x_fd_rx_event_msg(): initialize rx_event_msg before calling es58x_check_msg_len() (git-fixes).
can: grcan: grcan_close(): fix deadlock (git-fixes).
can: grcan: grcan_probe(): fix broken system id check for errata workaround needs (git-fixes).
can: grcan: only use the NAPI poll budget for RX (git-fixes).
can: grcan: use ofdev->dev when allocating DMA memory (git-fixes).
can: gs_usb: change active_channels's type from atomic_t to u8 (git-fixes).
can: isotp: fix error path in isotp_sendmsg() to unlock wait queue (git-fixes).
can: isotp: fix potential CAN frame reception race in isotp_rcv() (git-fixes).
can: isotp: restore accidentally removed MSG_PEEK feature (git-fixes).
can: isotp: return -EADDRNOTAVAIL when reading from unbound socket (git-fixes).
can: isotp: set default value for N_As to 50 micro seconds (git-fixes).
can: isotp: stop timeout monitoring when no first frame was sent (git-fixes).
can: isotp: support MSG_TRUNC flag when reading from socket (git-fixes).
can: m_can: m_can_tx_handler(): fix use after free of skb (git-fixes).
can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path (git-fixes).
can: mcba_usb: properly check endpoint type (git-fixes).
can: mcp251xfd: mcp251xfd_register_get_dev_id(): fix return of error value (git-fixes).
can: mcp251xfd: silence clang's -Wunaligned-access warning (git-fixes).
can: rcar_canfd: add __maybe_unused annotation to silence warning (git-fixes).
can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device when fully ready (git-fixes).
can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path (git-fixes).
can: xilinx_can: mark bit timing constants as const (git-fixes).
carl9170: fix missing bit-wise or operator for tx_params (git-fixes).
carl9170: tx: fix an incorrect use of list iterator (git-fixes).
CDC-NCM: avoid overflow in sanity checking (git-fixes).
ceph: fix setting of xattrs on async created inodes (bsc#1199611).
certs/blacklist_hashes.c: fix const confusion in certs blacklist (git-fixes).
cfg80211: declare MODULE_FIRMWARE for regulatory.db (git-fixes).
cfg80211: do not add non transmitted BSS to 6GHz scanned channels (git-fixes).
cfg80211: fix race in netlink owner interface destruction (git-fixes).
cfg80211: hold bss_lock while updating nontrans_list (git-fixes).
cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug (bsc#1196869).
cgroup/cpuset: Fix 'suspicious RCU usage' lockdep warning (bsc#1196868).
cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (bsc#1199839).
cgroup-v1: Correct privileges check in release_agent writes (bsc#1196723).
char: tpm: cr50_i2c: Suppress duplicated error message in .remove() (git-fixes).
char: xillybus: fix a refcount leak in cleanup_dev() (git-fixes).
cifs: add WARN_ON for when chan_count goes below minimum (bsc#1193629).
cifs: adjust DebugData to use chans_need_reconnect for conn status (bsc#1193629).
cifs: alloc_path_with_tree_prefix: do not append sep. if the path is empty (bsc#1193629).
cifs: avoid parallel session setups on same channel (bsc#1193629).
cifs: avoid race during socket reconnect between send and recv (bsc#1193629).
cifs: call cifs_reconnect when a connection is marked (bsc#1193629).
cifs: call helper functions for marking channels for reconnect (bsc#1193629).
cifs: change smb2_query_info_compound to use a cached fid, if available (bsc#1193629).
cifs: check for smb1 in open_cached_dir() (bsc#1193629).
cifs: check reconnects for channels of active tcons too (bsc#1193629).
cifs: Check the IOCB_DIRECT flag, not O_DIRECT (bsc#1193629).
cifs: cifs_ses_mark_for_reconnect should also update reconnect bits (bsc#1193629).
cifs: clean up an inconsistent indenting (bsc#1193629).
cifs: convert the path to utf16 in smb2_query_info_compound (bsc#1193629).
cifs: destage any unwritten data to the server before calling copychunk_write (bsc#1193629).
cifs: do not build smb1ops if legacy support is disabled (bsc#1193629).
cifs: do not call cifs_dfs_query_info_nonascii_quirk() if nodfs was set (bsc#1193629).
cifs: do not skip link targets when an I/O fails (bsc#1194625).
cifs: do not use tcpStatus after negotiate completes (bsc#1193629).
cifs: do not use uninitialized data in the owner/group sid (bsc#1193629).
cifs: fix bad fids sent over wire (bsc#1197157).
cifs: fix confusing unneeded warning message on smb2.1 and earlier (bsc#1193629).
cifs: fix double free race when mount fails in cifs_get_root() (bsc#1193629).
cifs: fix FILE_BOTH_DIRECTORY_INFO definition (bsc#1193629).
cifs: fix handlecache and multiuser (bsc#1193629).
cifs: fix hang on cifs_get_next_mid() (bsc#1193629).
cifs: fix incorrect use of list iterator after the loop (bsc#1193629).
cifs: fix minor compile warning (bsc#1193629).
cifs: fix NULL ptr dereference in refresh_mounts() (bsc#1193629).
cifs: fix potential deadlock in direct reclaim (bsc#1193629).
cifs: fix potential double free during failed mount (bsc#1193629).
cifs: fix potential race with cifsd thread (bsc#1193629).
cifs: fix set of group SID via NTSD xattrs (bsc#1193629).
cifs: fix signed integer overflow when fl_end is OFFSET_MAX (bsc#1193629).
cifs: Fix smb311_update_preauth_hash() kernel-doc comment (bsc#1193629).
cifs: fix the cifs_reconnect path for DFS (bsc#1193629).
cifs: fix the connection state transitions with multichannel (bsc#1193629).
cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (bsc#1193629).
cifs: fix workstation_name for multiuser mounts (bsc#1193629).
cifs: force new session setup and tcon for dfs (bsc#1193629).
cifs: free ntlmsspblob allocated in negotiate (bsc#1193629).
cifs: maintain a state machine for tcp/smb/tcon sessions (bsc#1193629).
cifs: make status checks in version independent callers (bsc#1193629).
cifs: mark sessions for reconnection in helper function (bsc#1193629).
cifs: modefromsids must add an ACE for authenticated users (bsc#1193629).
cifs: move definition of cifs_fattr earlier in cifsglob.h (bsc#1193629).
cifs: move superblock magic defitions to magic.h (bsc#1193629).
cifs: potential buffer overflow in handling symlinks (bsc#1193629).
cifs: print TIDs as hex (bsc#1193629).
cifs: protect all accesses to chan_* with chan_lock (bsc#1193629).
cifs: quirk for STATUS_OBJECT_NAME_INVALID returned for non-ASCII dfs refs (bsc#1193629).
cifs: reconnect only the connection and not smb session where possible (bsc#1193629).
cifs: release cached dentries only if mount is complete (bsc#1193629).
cifs: remove check of list iterator against head past the loop body (bsc#1193629).
cifs: remove redundant assignment to pointer p (bsc#1193629).
cifs: remove repeated debug message on cifs_put_smb_ses() (bsc#1193629).
cifs: remove repeated state change in dfs tree connect (bsc#1193629).
cifs: remove unused variable ses_selected (bsc#1193629).
cifs: return ENOENT for DFS lookup_cache_entry() (bsc#1193629).
cifs: return the more nuanced writeback error on close() (bsc#1193629).
cifs: serialize all mount attempts (bsc#1193629).
cifs: set the CREATE_NOT_FILE when opening the directory in use_cached_dir() (bsc#1193629).
cifs: skip trailing separators of prefix paths (bsc#1193629).
cifs: smbd: fix typo in comment (bsc#1193629).
cifs: Split the smb3_add_credits tracepoint (bsc#1193629).
cifs: take cifs_tcp_ses_lock for status checks (bsc#1193629).
cifs: track individual channel status using chans_need_reconnect (bsc#1193629).
cifs: unlock chan_lock before calling cifs_put_tcp_session (bsc#1193629).
cifs: update internal module number (bsc#1193629).
cifs: update tcpStatus during negotiate and sess setup (bsc#1193629).
cifs: use a different reconnect helper for non-cifsd threads (bsc#1193629).
cifs: use correct lock type in cifs_reconnect() (bsc#1193629).
cifs: Use kzalloc instead of kmalloc/memset (bsc#1193629).
cifs: use new enum for ses_status (bsc#1193629).
cifs: use the chans_need_reconnect bitmap for reconnect status (bsc#1193629).
cifs: verify that tcon is valid before dereference in cifs_kill_sb (bsc#1193629).
cifs: version operations for smb20 unneeded when legacy support disabled (bsc#1193629).
cifs: we do not need a spinlock around the tree access during umount (bsc#1193629).
cifs: when extending a file with falloc we should make files not-sparse (bsc#1193629).
cifs: writeback fix (bsc#1193629).
clk: actions: Terminate clk_div_table with sentinel element (git-fixes).
clk: at91: generated: consider range when calculating best rate (git-fixes).
clk: at91: sama7g5: fix parents of PDMCs' GCLK (git-fixes).
clk: bcm2835: fix bcm2835_clock_choose_div (git-fixes).
clk: bcm2835: Remove unused variable (git-fixes).
clk: clps711x: Terminate clk_div_table with sentinel element (git-fixes).
clk: Enforce that disjoints limits are invalid (git-fixes).
clk: Fix clk_hw_get_clk() when dev is NULL (git-fixes).
clk: hisilicon: Terminate clk_div_table with sentinel element (git-fixes).
clk: imx7d: Remove audio_mclk_root_clk (git-fixes).
clk: imx8mp: fix usb_root_clk parent (git-fixes).
clk: imx: Add check for kcalloc (git-fixes).
clk: imx: off by one in imx_lpcg_parse_clks_from_dt() (git-fixes).
clk: imx: scu: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage (git-fixes).
clk: Initialize orphan req_rate (git-fixes).
clk: jz4725b: fix mmc0 clock gating (git-fixes).
clk: loongson1: Terminate clk_div_table with sentinel element (git-fixes).
clk: nxp: Remove unused variable (git-fixes).
clk: qcom: clk-rcg2: Update logic to calculate D value for RCG (git-fixes).
clk: qcom: clk-rcg2: Update the frac table for pixel clock (git-fixes).
clk: qcom: gcc-msm8994: Fix gpll4 width (git-fixes).
clk: qcom: ipq8074: fix PCI-E clock oops (git-fixes).
clk: qcom: ipq8074: Use floor ops for SDCC1 clock (git-fixes).
clk: renesas: r9a06g032: Fix the RTC hclock description (git-fixes).
clk: rockchip: drop CLK_SET_RATE_PARENT from dclk_vop* on rk3568 (git-fixes).
clk: si5341: fix reported clk_rate when output divider is 2 (git-fixes).
clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() (git-fixes).
clk: tegra: Add missing reset deassertion (git-fixes).
clk: tegra: tegra124-emc: Fix missing put_device() call in emc_ensure_emc_driver (git-fixes).
clk: ti: Preserve node in ti_dt_clocks_register() (git-fixes).
clk: uniphier: Fix fixed-rate initialization (git-fixes).
clocksource: acpi_pm: fix return value of __setup handler (git-fixes).
clocksource/drivers/exynos_mct: Handle DTS with higher number of interrupts (git-fixes).
clocksource/drivers/exynos_mct: Refactor resources allocation (git-fixes).
clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value (git-fixes).
clocksource/drivers/sp804: Avoid error on multiple instances (git-fixes).
clocksource/drivers/timer-microchip-pit64b: Use notrace (git-fixes).
clocksource/drivers/timer-of: Check return value of of_iomap in timer_of_base_init() (git-fixes).
clocksource/drivers/timer-ti-dm: Fix regression from errata i940 fix (git-fixes).
clocksource: hyper-v: unexport __init-annotated hv_init_clocksource() (bsc#1201218).
comedi: drivers: ni_routes: Use strcmp() instead of memcmp() (git-fixes).
comedi: vmk80xx: fix expression for tx buffer size (git-fixes).
copy_process(): Move fd_install() out of sighand->siglock critical section (bsc#1199626).
cpufreq: intel_pstate: Add Ice Lake server to out-of-band IDs (bsc#1201228).
cpufreq: qcom-cpufreq-nvmem: fix reading of PVS Valid fuse (git-fixes).
cpuidle,intel_idle: Fix CPUIDLE_FLAG_IRQ_ENABLE (git-fixes).
cpuidle: intel_idle: Update intel_idle() kerneldoc comment (git-fixes).
cpuset: Fix the bug that subpart_cpus updated wrongly in update_cpumask() (bsc#1196866).
cputime, cpuacct: Include guest time in user time in (git-fixes)
crypto: amlogic - call finalize with bh disabled (git-fixes).
crypto: api - Move cryptomgr soft dependency into algapi (git-fixes).
crypto: arm/aes-neonbs-cbc - Select generic cbc and aes (git-fixes).
crypto: authenc - Fix sleep in atomic context in decrypt_tail (git-fixes).
crypto: caam - fix i.MX6SX entropy delay value (git-fixes).
crypto: cavium/nitrox - do not cast parameter in bit operations (git-fixes).
crypto: ccp - ccp_dmaengine_unregister release dma channels (git-fixes).
crypto: ccree - do not attempt 0 len DMA mappings (git-fixes).
crypto: ccree - Fix use after free in cc_cipher_exit() (git-fixes).
crypto: ccree - use fine grained DMA mapping dir (git-fixes).
crypto: cryptd - Protect per-CPU resource by disabling BH (git-fixes).
crypto: ecrdsa - Fix incorrect use of vli_cmp (git-fixes).
crypto: engine - check if BH is disabled during completion (git-fixes).
crypto: gemini - call finalize with bh disabled (git-fixes).
crypto: hisilicon/qm - cleanup warning in qm_vf_read_qos (git-fixes).
crypto: hisilicon/sec - fix the aead software fallback for engine (git-fixes).
crypto: hisilicon/sec - not need to enable sm4 extra mode at HW V3 (git-fixes).
crypto: marvell/cesa - ECB does not IV (git-fixes).
crypto: mxs-dcp - Fix scatterlist processing (git-fixes).
crypto: octeontx2 - remove CONFIG_DM_CRYPT check (git-fixes).
crypto: qat - disable registration of algorithms (git-fixes).
crypto: qat - do not cast parameter in bit operations (git-fixes).
crypto: qcom-rng - ensure buffer for generate is completely filled (git-fixes).
crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ (git-fixes).
crypto: rockchip - ECB does not need IV (git-fixes).
crypto: rsa-pkcs1pad - correctly get hash from source scatterlist (git-fixes).
crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete() (git-fixes).
crypto: rsa-pkcs1pad - only allow with rsa (git-fixes).
crypto: rsa-pkcs1pad - restore signature length check (git-fixes).
crypto: stm32 - fix reference leak in stm32_crc_remove (git-fixes).
crypto: sun8i-ce - call finalize with bh disabled (git-fixes).
crypto: sun8i-ss - call finalize with bh disabled (git-fixes).
crypto: sun8i-ss - handle zero sized sg (git-fixes).
crypto: sun8i-ss - really disable hash on A80 (git-fixes).
crypto: sun8i-ss - rework handling of IV (git-fixes).
crypto: vmx - add missing dependencies (git-fixes).
crypto: x86/chacha20 - Avoid spurious jumps to other functions (git-fixes).
crypto: x86 - eliminate anonymous module_init and module_exit (git-fixes).
crypto: xts - Add softdep on ecb (git-fixes).
dax: fix cache flush on PMD-mapped pages (bsc#1200830).
devlink: Add 'enable_iwarp' generic device param (bsc#1200502).
dim: initialize all struct fields (git-fixes).
display/amd: decrease message verbosity about watermarks table failure (git-fixes).
dma: at_xdmac: fix a missing check on list iterator (git-fixes).
dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace (git-fixes).
dma-buf: heaps: Fix potential spectre v1 gadget (git-fixes).
dma-debug: fix return value of __setup handlers (git-fixes).
dma-direct: avoid redundant memory sync for swiotlb (git-fixes).
dmaengine: dw-edma: Fix unaligned 64bit access (git-fixes).
dmaengine: hisi_dma: fix MSI allocate fail when reload hisi_dma (git-fixes).
dmaengine: idxd: add missing callback function to support DMA_INTERRUPT (git-fixes).
dmaengine: idxd: add RO check for wq max_batch_size write (git-fixes).
dmaengine: idxd: add RO check for wq max_transfer_size write (git-fixes).
dmaengine: idxd: check GENCAP config support for gencfg register (git-fixes).
dmaengine: idxd: fix device cleanup on disable (git-fixes).
dmaengine: idxd: Fix the error handling path in idxd_cdev_register() (git-fixes).
dmaengine: idxd: restore traffic class defaults after wq reset (git-fixes).
dmaengine: idxd: set DMA_INTERRUPT cap bit (git-fixes).
dmaengine: idxd: skip clearing device context when device is read-only (git-fixes).
dmaengine: imx-sdma: Fix error checking in sdma_event_remap (git-fixes).
dmaengine: mediatek:Fix PM usage reference leak of mtk_uart_apdma_alloc_chan_resources (git-fixes).
dmaengine: ptdma: fix concurrency issue with multiple dma transfer (jsc#SLE-21315).
dmaengine: ptdma: Fix the error handling path in pt_core_init() (git-fixes).
dmaengine: ptdma: handle the cases based on DMA is complete (jsc#SLE-21315).
dmaengine: Revert 'dmaengine: shdma: Fix runtime PM imbalance on error' (git-fixes).
dmaengine: shdma: Fix runtime PM imbalance on error (git-fixes).
dmaengine: sh: rcar-dmac: Check for error num after dma_set_max_seg_size (git-fixes).
dmaengine: sh: rcar-dmac: Check for error num after setting mask (git-fixes).
dmaengine: stm32-dmamux: Fix PM disable depth imbalance in stm32_dmamux_probe (git-fixes).
dmaengine: stm32-mdma: fix chan initialization in stm32_mdma_irq_handler() (git-fixes).
dmaengine: stm32-mdma: remove GISR1 register (git-fixes).
dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type (git-fixes).
dma-mapping: remove bogus test for pfn_valid from dma_map_resource (git-fixes).
dma/pool: create dma atomic pool only if dma zone has managed pages (bsc#1197501).
dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS (git-fixes).
dm: fix use-after-free in dm_cleanup_zoned_dev() (git-fixes).
dm integrity: fix error code in dm_integrity_ctr() (git-fixes).
dm integrity: set journal entry unused when shrinking device (git-fixes).
dm mirror log: round up region bitmap size to BITS_PER_LONG (git-fixes).
dm mpath: only use ktime_get_ns() in historical selector (git-fixes).
dm verity: set DM_TARGET_IMMUTABLE feature flag (git-fixes).
doc/ip-sysctl: add bc_forwarding (git-fixes).
docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0 (git-fixes).
Documentation: add link to stable release candidate tree (git-fixes).
Documentation: dd: Use ReST lists for return values of driver_deferred_probe_check_state() (git-fixes).
Documentation: Fix duplicate statement about raw_spinlock_t type (git-fixes).
Documentation: update stable tree link (git-fixes).
do not call utsname() after ->nsproxy is NULL (bsc#1201196).
drbd: fix an invalid memory access caused by incorrect use of list iterator (git-fixes).
drbd: fix duplicate array initializer (git-fixes).
drbd: Fix five use after free bugs in get_initial_state (git-fixes).
drbd: remove assign_p_sizes_qlim (git-fixes).
drbd: use bdev_alignment_offset instead of queue_alignment_offset (git-fixes).
drbd: use bdev based limit helpers in drbd_send_sizes (git-fixes).
driver base: fix an unlikely reference counting issue in __add_memory_block() (git-fixes).
driver base: fix compaction sysfs file leak (git-fixes).
driver: base: fix UAF when driver_attach failed (git-fixes).
driver core: dd: fix return value of __setup handler (git-fixes).
driver core: fix deadlock in __device_attach (git-fixes).
driver core: Fix wait_for_device_probe() and deferred_probe_timeout interaction (git-fixes).
driver core: Free DMA range map when device is released (git-fixes).
driver: hv: Compare cpumasks and not their weights in init_vp_index() (git-fixes).
driver: hv: log when enabling crash_kexec_post_notifiers (git-fixes).
driver: hv: Rename 'alloced' to 'allocated' (git-fixes).
driver: hv: utils: Make use of the helper macro LIST_HEAD() (git-fixes).
driver: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj (git-fixes).
driver: hv: vmbus: Fix potential crash on module unload (git-fixes).
driver: hv: vmbus: Use struct_size() helper in kmalloc() (git-fixes).
driver: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers (git-fixes).
driver: net: xgene: Fix regression in CRC stripping (git-fixes).
drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c (git-fixes).
drivers: mmc: sdhci_am654: Add the quirk to set TESTCD bit (git-fixes).
drivers: staging: rtl8192bs: Fix deadlock in rtw_joinbss_event_prehandle() (git-fixes).
drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() (git-fixes).
drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() (git-fixes).
drivers: staging: rtl8723bs: Fix deadlock in rtw_surveydone_event_callback() (git-fixes).
drivers: tty: serial: Fix deadlock in sa1100_set_termios() (git-fixes).
drivers: usb: host: Fix deadlock in oxu_bus_suspend() (git-fixes).
drm: add a locked version of drm_is_current_master (git-fixes).
drm: Add orientation quirk for GPD Win Max (git-fixes).
drm/amd: Add USBC connector ID (git-fixes).
drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj (git-fixes).
drm/amd: avoid suspend on dGPUs w/ s2idle support when runtime PM enabled (git-fixes).
drm/amd: Check if ASPM is enabled from PCIe subsystem (git-fixes).
drm/amd/display: Add affected crtcs to atomic state for dsc mst unplug (git-fixes).
drm/amd/display: Add pstate verification and recovery for DCN31 (git-fixes).
drm/amd/display: Add signal type check when verify stream backends same (git-fixes).
drm/amd/display: Avoid reading audio pattern past AUDIO_CHANNELS_COUNT (git-fixes).
drm/amd/display: Cap OLED brightness per max frame-average luminance (git-fixes).
drm/amd/display: Cap pflip irqs per max otg number (git-fixes).
drm/amd/display: Check if modulo is 0 before dividing (git-fixes).
drm/amd/display: DCN3.1: do not mark as kernel-doc (git-fixes).
drm/amd/display: Disabling Z10 on DCN31 (git-fixes).
drm/amd/display: do not ignore alpha property on pre-multiplied mode (git-fixes).
drm/amd/display: Do not reinitialize DMCUB on s0ix resume (git-fixes).
drm/amd/display: Enable power gating before init_pipes (git-fixes).
drm/amd/display: FEC check in timing validation (git-fixes).
drm/amd/display: Fix allocate_mst_payload assert on resume (git-fixes).
drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes() (git-fixes).
drm/amd/display: fix audio format not updated after edid updated (git-fixes).
drm/amd/display: Fix memory leak (git-fixes).
drm/amd/display: Fix memory leak in dcn21_clock_source_create (bsc#1190786)
drm/amd/display: Fix OLED brightness control on eDP (git-fixes).
drm/amd/display: Fix p-state allow debug index on dcn31 (git-fixes).
drm/amd/display: fix yellow carp wm clamping (git-fixes).
drm/amd/display: Force link_rate as LINK_RATE_RBR2 for 2018 15' Apple Retina panels (git-fixes).
drm/amd/display: For vblank_disable_immediate, check PSR is really used (git-fixes).
drm/amd/display: Protect update_bw_bounding_box FPU code (git-fixes).
drm/amd/display: Read Golden Settings Table from VBIOS (git-fixes).
drm/amd/display: Remove vupdate_int_entry definition (git-fixes).
drm/amd/display: Revert FEC check in validation (git-fixes).
drm/amd/display: Update VTEM Infopacket definition (git-fixes).
drm/amd/display: Update watermark values for DCN301 (git-fixes).
drm/amd/display: Use adjusted DCN301 watermarks (git-fixes).
drm/amd/display: Use PSR version selected during set_psr_caps (git-fixes).
drm/amd/display: watermark latencies is not enough on DCN31 (git-fixes).
drm/amdgpu: add beige goby PCI ID (git-fixes).
drm/amdgpu: bypass tiling flag check in virtual display case (v2) (git-fixes).
drm/amdgpu: check vm ready by amdgpu_vm->evicting flag (git-fixes).
drm/amdgpu: conduct a proper cleanup of PDB bo (git-fixes).
drm/amdgpu/cs: make commands with 0 chunks illegal behaviour (git-fixes).
drm/amdgpu: disable MMHUB PG for Picasso (git-fixes).
drm/amdgpu/display: add support for multiple backlights (git-fixes).
drm/amdgpu: do not do resets on APUs which do not support it (git-fixes).
drm/amdgpu: do not enable asic reset for raven2 (git-fixes).
drm/amdgpu: do not set s3 and s0ix at the same time (git-fixes).
drm/amdgpu: do not use BACO for reset in S3 (git-fixes).
drm/amdgpu: do not use passthrough mode in Xen dom0 (git-fixes).
drm/amdgpu: Drop inline from amdgpu_ras_eeprom_max_record_count (git-fixes).
drm/amdgpu: Enable gfxoff quirk on MacBook Pro (git-fixes).
drm/amdgpu: Ensure HDA function is suspended before ASIC reset (git-fixes).
drm/amdgpu: explicitly check for s0ix when evicting resources (git-fixes).
drm/amdgpu: fix amdgpu_ras_block_late_init error handler (bsc#1190497)
drm/amdgpu: fix logic inversion in check (git-fixes).
drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire() (git-fixes).
drm/amdgpu: Fix recursive locking warning (git-fixes).
drm/amdgpu: fix suspend/resume hang regression (git-fixes).
drm/amdgpu/sdma: Fix incorrect calculations of the wptr of the doorbells (git-fixes).
drm/amdgpu: skipping SDMA hw_init and hw_fini for S0ix (git-fixes).
drm/amdgpu/smu10: fix SoC/fclk units in auto mode (git-fixes).
drm/amdgpu: suppress the warning about enum value 'AMD_IP_BLOCK_TYPE_NUM' (git-fixes).
drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo (git-fixes).
drm/amdgpu: unify BO evicting method in amdgpu_ttm (git-fixes).
drm/amdgpu: update VCN codec support for Yellow Carp (git-fixes).
drm/amdgpu/vcn: Fix the register setting for vcn1 (git-fixes).
drm/amdgpu/vcn: improve vcn dpg stop procedure (git-fixes).
drm/amdgpu: vi: disable ASPM on Intel Alder Lake based systems (bsc#1190786)
drm/amdkfd: add pinned BOs to kfd_bo_list (git-fixes).
drm/amdkfd: Check for potential null return of kmalloc_array() (git-fixes).
drm/amdkfd: Create file descriptor after client is added to smi_clients list (git-fixes).
drm/amdkfd: Do not take process mutex for svm ioctls (git-fixes).
drm/amdkfd: Fix GWS queue count (bsc#1190786)
drm/amdkfd: Fix Incorrect VMIDs passed to HWS (git-fixes).
drm/amdkfd: make CRAT table missing message informational only (git-fixes).
drm/amdkfd: remove unused function (git-fixes).
drm/amdkfd: Separate pinned BOs destruction from general routine (bsc#1195287).
drm/amdkfd: Use mmget_not_zero in MMU notifier (git-fixes).
drm/amd/pm: correct the MGpuFanBoost support for Beige Goby (git-fixes).
drm/amd/pm: correct the sequence of sending gpu reset msg (git-fixes).
drm/amd/pm: correct UMD pstate clocks for Dimgrey Cavefish and Beige Goby (git-fixes).
drm/amd/pm: enable pm sysfs write for one VF mode (git-fixes).
drm/amd/pm: fix hwmon node of power1_label create issue (git-fixes).
drm/amd/pm: Fix missing thermal throttler status (git-fixes).
drm/amd/pm: fix some OEM SKU specific stability issues (git-fixes).
drm/amd/pm: return -ENOTSUPP if there is no get_dpm_ultimate_freq function (git-fixes).
drm/amd/pm: update smartshift powerboost calc for smu12 (git-fixes).
drm/amd/pm: update smartshift powerboost calc for smu13 (git-fixes).
drm/amd/pm: use bitmap_{from,to}_arr32 where appropriate (git-fixes).
drm/ast: Create threshold values for AST2600 (bsc#1190786)
drm/atomic: Do not pollute crtc_state->mode_blob with error pointers (git-fixes).
drm/atomic: Force bridge self-refresh-exit on CRTC switch (git-fixes).
drm: avoid circular locks in drm_mode_getconnector (git-fixes).
drm/blend: fix typo in the comment (git-fixes).
drm/bridge: Add missing pm_runtime_disable() in __dw_mipi_dsi_probe (git-fixes).
drm/bridge: Add missing pm_runtime_put_sync (git-fixes).
drm/bridge: adv7511: clean up CEC adapter when probe fails (git-fixes).
drm: bridge: adv7511: Fix ADV7535 HPD enablement (git-fixes).
drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (git-fixes).
drm/bridge: analogix_dp: Support PSR-exit to disable transition (git-fixes).
drm/bridge: anx7625: Fix overflow issue on reading EDID (git-fixes).
drm/bridge: cdns-dsi: Make sure to to create proper aliases for dt (git-fixes).
drm/bridge: dw-hdmi: use safe format when first in bridge chain (git-fixes).
drm/bridge: Fix error handling in analogix_dp_probe (git-fixes).
drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev (git-fixes).
drm: bridge: fix unmet dependency on DRM_KMS_HELPER for DRM_PANEL_BRIDGE (git-fixes).
drm: bridge: icn6211: Fix HFP_HSW_HBP_HI and HFP_MIN handling (bsc#1190786)
drm: bridge: icn6211: Fix register layout (git-fixes).
drm: bridge: it66121: Fix the register page length (git-fixes).
drm/bridge: nwl-dsi: Fix PM disable depth imbalance in nwl_dsi_probe (git-fixes).
drm/bridge: sn65dsi83: Fix an error handling path in (bsc#1190786)
drm/bridge: ti-sn65dsi83: Handle dsi_lanes == 0 as invalid (git-fixes).
drm/bridge: ti-sn65dsi86: Properly undo autosuspend (git-fixes).
drm/cma-helper: Set VM_DONTEXPAND for mmap (git-fixes).
drm/connector: Fix typo in output format (bsc#1190786)
drm/doc: overview before functions for drm_writeback.c (git-fixes).
drm/dp: Fix OOB read when handling Post Cursor2 register (bsc#1190786)
drm/edid: Always set RGB444 (git-fixes).
drm/edid: check basic audio support on CEA extension block (git-fixes).
drm/edid: Do not clear formats if using deep color (git-fixes).
drm/edid: fix CEA extension byte #3 parsing (bsc#1190786)
drm/edid: fix invalid EDID extension block filtering (git-fixes).
drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem (git-fixes).
drm/fb-helper: Mark screen buffers in system memory with FBINFO_VIRTFB (git-fixes).
drm/fourcc: fix integer type usage in uapi header (git-fixes).
drm/i915/adlp: Fix TypeC PHY-ready status readout (git-fixes).
drm/i915: Allow !join_mbus cases for adlp+ dbuf configuration (bsc#1193640).
drm/i915: Check EDID for HDR static metadata when choosing blc (bsc#1190497)
drm/i915: Correctly populate use_sagv_wm for all pipes (git-fixes).
drm/i915/dg2: Print PHY name properly on calibration error (git-fixes).
drm/i915: Disable DRRS on IVB/HSW port != A (git-fixes).
drm/i915/display: Fix HPD short pulse handling for eDP (git-fixes).
drm/i915/display: Move DRRS code its own file (git-fixes).
drm/i915/display/psr: Unset enable_psr2_sel_fetch if other checks in intel_psr2_config_valid() fails (git-fixes).
drm/i915/display: split out dpt out of intel_display.c (git-fixes).
drm/i915/dmc: Add MMIO range restrictions (git-fixes).
drm/i915/dsi: fix VBT send packet port selection for ICL+ (git-fixes).
drm/i915: Fix bw atomic check when switching between SAGV vs. no SAGV (git-fixes).
drm/i915: Fix CFI violation with show_dynamic_id() (git-fixes).
drm/i915: Fix dbuf slice config lookup (git-fixes bsc#1193640).
drm/i915: Fix mbus join config lookup (git-fixes bsc#1193640).
drm/i915: Fix PSF GV point mask when SAGV is not possible (git-fixes).
drm/i915: Fix race in __i915_vma_remove_closed (bsc#1190497)
drm/i915: Fix SEL_FETCH_PLANE_*(PIPE_B+) register addresses (bsc#1190497)
drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency() (git-fixes).
drm/i915/gem: add missing boundary check in vm_access (git-fixes).
drm/i915/gem: add missing else (git-fixes).
drm/i915/guc/slpc: Correct the param count for unset param (git-fixes).
drm/i915/gvt: clean up kernel-doc in gtt.c (git-fixes).
drm/i915/gvt: Make DRM_I915_GVT depend on X86 (git-fixes).
drm/i915: Implement w/a 22010492432 for adl-s (git-fixes).
drm/i915: Keep gem ctx->vm alive until the final put (bsc#1190497)
drm/i915/opregion: check port number bounds for SWSCI display power state (git-fixes).
drm/i915/overlay: Prevent divide by zero bugs in scaling (git-fixes).
drm/i915: Populate pipe dbuf slices more accurately during readout (bsc#1193640).
drm/i915/reset: Fix error_state_read ptr + offset use (git-fixes).
drm/i915: s/JSP2/ICP2/ PCH (git-fixes).
drm/i915: Treat SAGV block time 0 as SAGV disabled (git-fixes).
drm/i915/ttm: ensure we unmap when purging (git-fixes).
drm/i915/ttm: tweak priority hint selection (git-fixes).
drm/i915: Widen the QGV point mask (git-fixes).
drm/i915: Workaround broken BIOS DBUF configuration on TGL/RKL (bsc#1193640).
drm/imx: dw_hdmi-imx: Fix bailout in error cases of probe (git-fixes).
drm: imx: fix compiler warning with gcc-12 (git-fixes).
drm/imx: Fix memory leak in imx_pd_connector_get_modes (git-fixes).
drm/imx: imx-ldb: Check for null pointer after calling kmemdup (git-fixes).
drm/imx: parallel-display: Remove bus flags check in imx_pd_bridge_atomic_check() (git-fixes).
drm/kmb: Fix for build errors with Warray-bounds (git-fixes).
drm/komeda: Fix an undefined behavior bug in komeda_plane_add() (git-fixes).
drm/komeda: return early if drm_universal_plane_init() fails (git-fixes).
drm: mali-dp: potential dereference of null pointer (git-fixes).
drm/mediatek: Add vblank register/unregister callback functions (bsc#1190768)
drm/mediatek: dpi: Use mt8183 output formats for mt8192 (git-fixes).
drm/mediatek: Fix mtk_cec_mask() (git-fixes).
drm/mediatek: mtk_dsi: Reset the dsi0 hardware (git-fixes).
drm/meson: Fix error handling when afbcd.ops->init fails (git-fixes).
drm/meson: Make use of the helper function devm_platform_ioremap_resourcexxx() (git-fixes).
drm/meson: osd_afbcd: Add an exit callback to struct meson_afbcd_ops (git-fixes).
drm/meson: split out encoder from meson_dw_hdmi (git-fixes).
drm/msm/a6xx: Fix missing ARRAY_SIZE() check (git-fixes).
drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init (git-fixes).
drm/msm: add missing include to msm_drv.c (git-fixes).
drm/msm: Add missing put_task_struct() in debugfs path (git-fixes).
drm/msm/disp: check the return value of kzalloc() (git-fixes).
drm/msm/disp/dpu1: set mdp clk to the maximum frequency in opp table (bsc#1190768)
drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume (git-fixes).
drm/msm/dp: add fail safe mode outside of event_mutex context (git-fixes).
drm/msm/dp: always add fail-safe mode into connector mode list (git-fixes).
drm/msm/dp: Always clear mask bits to disable interrupts at dp_ctrl_reset_irq_ctrl() (git-fixes).
drm/msm/dp: check core_initialized before disable interrupts at dp_display_unbind() (git-fixes).
drm/msm/dp: do not initialize phy until plugin interrupt received (bsc#1190497)
drm/msm/dp: do not stop transmitting phy test pattern during DP phy compliance test (git-fixes).
drm/msm/dp: dp_link_parse_sink_count() return immediately if aux read failed (git-fixes).
drm/msm/dp: fix error check return value of irq_of_parse_and_map() (git-fixes).
drm/msm/dp: fix event thread stuck in wait_event after kthread_stop() (git-fixes).
drm/msm/dp: force link training for display resolution change (git-fixes).
drm/msm/dp: Modify prototype of encoder based API (git-fixes).
drm/msm/dp: populate connector of struct dp_panel (git-fixes).
drm/msm/dp: remove fail safe mode related code (git-fixes).
drm/msm/dp: reset DP controller before transmit phy test pattern (git-fixes).
drm/msm/dp: stop event kernel thread when DP unbind (bsc#1190768)
drm/msm/dp: stop link training after link training 2 failed (git-fixes).
drm/msm/dp: tear down main link at unplug handle immediately (bsc#1190768)
drm/msm/dpu: add DSPP blocks teardown (git-fixes).
drm/msm/dpu: adjust display_v_end for eDP and DP (git-fixes).
drm/msm/dpu: fix dp audio condition (git-fixes).
drm/msm/dpu: fix error check return value of irq_of_parse_and_map() (bsc#1190768)
drm/msm/dpu: handle pm_runtime_get_sync() errors in bind path (git-fixes).
drm/msm/dsi: fix address for second DSI PHY on SDM660 (git-fixes).
drm/msm/dsi: fix error checks and return values for DSI xmit functions (git-fixes).
drm/msm/dsi: Remove spurious IRQF_ONESHOT flag (git-fixes).
drm/msm/dsi: Use connector directly in msm_dsi_manager_connector_init() (git-fixes).
drm/msm/dsi: Use 'ref' fw clock instead of global name for VCO parent (git-fixes).
drm/msm: Fix double pm_runtime_disable() call (git-fixes).
drm: msm: fix error check return value of irq_of_parse_and_map() (git-fixes).
drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() (git-fixes).
drm/msm: Fix range size vs end confusion (git-fixes).
drm/msm/hdmi: check return value after calling platform_get_resource_byname() (git-fixes).
drm/msm/hdmi: fix error check return value of irq_of_parse_and_map() (git-fixes).
drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (git-fixes).
drm/msm/mdp5: check the return of kzalloc() (git-fixes).
drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected (git-fixes).
drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected (git-fixes).
drm/msm: properly add and remove internal bridges (bsc#1190768)
drm/msm: remove unused plane_property field from msm_drm_private (bsc#1190768)
drm/msm: return an error pointer in msm_gem_prime_get_sg_table() (git-fixes).
drm/msm: Switch ordering of runpm put vs devfreq_idle (git-fixes).
drm/msm: use for_each_sgtable_sg to iterate over scatterlist (git-fixes).
drm/nouveau/acr: Fix undefined behavior in nvkm_acr_hsfw_load_bl() (git-fixes).
drm/nouveau/backlight: Just set all backlight types as RAW (git-fixes).
drm/nouveau/clk: Fix an incorrect NULL check on list iterator (git-fixes).
drm/nouveau: Fix a potential theorical leak in nouveau_get_backlight_name() (git-fixes).
drm/nouveau: fix off by one in BIOS boundary checking (git-fixes).
drm/nouveau/kms/nv50-: atom: fix an incorrect NULL check on list iterator (git-fixes).
drm/nouveau/pmu: Add missing callbacks for Tegra devices (git-fixes).
drm/nouveau/pmu/gm200-: use alternate falcon reset sequence (git-fixes).
drm/nouveau/subdev/bus: Ratelimit logging for fault errors (git-fixes).
drm/nouveau/tegra: Stop using iommu_present() (git-fixes).
drm: panel-orientation-quirks: Add quirk for the 1Netbook OneXPlayer (git-fixes).
drm/panel: panel-simple: Fix proper bpc for AM-1280800N3TZQW-T00H (git-fixes).
drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised (git-fixes).
drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare (git-fixes).
drm/panel: simple: Add missing bus flags for Innolux G070Y2-L01 (git-fixes).
drm/panel: simple: Assign data from panel_dpi_probe() correctly (git-fixes).
drm/panel: simple: Fix Innolux G070Y2-L01 BPP settings (git-fixes).
drm/panfrost: Check for error num after setting mask (git-fixes).
drm/plane: Move range check for format_count earlier (git-fixes).
drm/radeon: fix a possible null pointer dereference (git-fixes).
drm/radeon: Fix backlight control on iMac 12,1 (git-fixes).
drm/rockchip: dw_hdmi: Do not leave clock enabled in error case (git-fixes).
drm/rockchip: vop: Correct RK3399 VOP register fields (git-fixes).
drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (git-fixes).
drm/selftests/test-drm_dp_mst_helper: Fix memory leak in sideband_msg_req_encode_decode (git-fixes).
drm/simpledrm: Add 'panel orientation' property on non-upright mounted LCD panels (git-fixes).
drm: sti: do not use kernel-doc markers (git-fixes).
drm/sun4i: Fix crash during suspend after component bind failure (git-fixes).
drm/sun4i: mixer: Fix P010 and P210 format numbers (git-fixes).
drm/sun4i: Remove obsolete references to PHYS_OFFSET (bsc#1190786)
drm/syncobj: flatten dma_fence_chains on transfer (git-fixes).
drm/tegra: Add back arm_iommu_detach_device() (git-fixes).
drm/tegra: Fix reference leak in tegra_dsi_ganged_probe (git-fixes).
drm: use the lookup lock in drm_is_current_master (git-fixes).
drm/v3d/v3d_drv: Check for error num after setting mask (git-fixes).
drm/vc4: crtc: Fix runtime_pm reference counting (git-fixes).
drm/vc4: Fix deadlock on DSI device attach error (git-fixes).
drm/vc4: hdmi: Add debugfs prefix (bsc#1199163).
drm/vc4: hdmi: Allow DBLCLK modes even if horz timing is odd (git-fixes).
drm/vc4: hdmi: Fix build error for implicit function declaration (git-fixes).
drm/vc4: hdmi: Fix HPD GPIO detection (git-fixes).
drm/vc4: hdmi: Make sure the device is powered with CEC (git-fixes).
drm/vc4: hdmi: Split the CEC disable / enable functions in two (git-fixes).
drm/vc4: hvs: Fix frame count register readout (git-fixes).
drm/vc4: hvs: Reset muxes at probe time (git-fixes).
drm/vc4: txp: Do not set TXP_VSTART_AT_EOF (git-fixes).
drm/vc4: txp: Force alpha to be 0xff if it's disabled (git-fixes).
drm/vc4: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage (git-fixes).
drm/virtio: Ensure that objs is not NULL in virtio_gpu_array_put_free() (git-fixes).
drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (git-fixes).
drm/vmwgfx: Disable command buffers on svga3 without gbobjects (git-fixes).
drm/vmwgfx: Fix fencing on SVGAv3 (git-fixes).
drm/vmwgfx: Initialize drm_mode_fb_cmd2 (git-fixes).
drm/vmwgfx: Remove unused compile options (bsc#1190786)
drm/vmwgfx: validate the screen formats (git-fixes).
drm/vrr: Set VRR capable prop only if it is attached to connector (git-fixes).
dt-bindings: arm: bcm: fix BCM53012 and BCM53016 SoC strings (git-fixes).
dt-bindings: can: tcan4x5x: fix mram-cfg RX FIFO config (git-fixes).
dt-bindings: display: sitronix, st7735r: Fix backlight in example (git-fixes).
dt-bindings: gpio: altera: correct interrupt-cells (git-fixes).
dt-bindings: memory: mtk-smi: No need mediatek,larb-id for mt8167 (git-fixes).
dt-bindings: mtd: nand-controller: Fix a comment in the examples (git-fixes).
dt-bindings: mtd: nand-controller: Fix the reg property description (git-fixes).
dt-bindings: net: xgmac_mdio: Remove unsupported 'bus-frequency' (git-fixes).
dt-bindings: PCI: xilinx-cpm: Fix reg property order (git-fixes).
dt-bindings: phy: uniphier-usb3hs: Fix incorrect clock-names and reset-names (git-fixes).
dt-bindings: pinctrl: aspeed-g6: remove FWQSPID group (git-fixes).
dt-bindings: pinctrl: pinctrl-microchip-sgpio: Fix example (git-fixes).
dt-bindings: spi: mxic: The interrupt property is not mandatory (git-fixes).
dt-bindings: usb: ehci: Increase the number of PHYs (git-fixes).
dt-bindings: usb: hcd: correct usb-device path (git-fixes).
dt-bindings: usb: ohci: Increase the number of PHYs (git-fixes).
dt-bindings: watchdog: Require samsung,syscon-phandle for Exynos7 (git-fixes).
e1000e: Correct NVM checksum verification flow (bsc#1191663).
e1000e: Fix possible HW unit hang after an s0ix exit (jsc#SLE-18382).
e1000e: Fix possible overflow in LTR decoding (git-fixes).
e1000e: Handshake with CSME starts from ADL platforms (git-fixes).
e1000e: Separate ADP board type from TGP (git-fixes).
EDAC/altera: Fix deferred probing (bsc#1190497).
EDAC/amd64: Add new register offset support and related changes (jsc#SLE-19026).
EDAC/amd64: Set memory type per DIMM (jsc#SLE-19026).
EDAC: Fix calculation of returned address and next offset in edac_align_ptr() (bsc#1190497).
EDAC/synopsys: Read the error count from the correct register (bsc#1190497).
EDAC/xgene: Fix deferred probing (bsc#1190497).
eeprom: ee1004: limit i2c reads to I2C_SMBUS_BLOCK_MAX (git-fixes).
efi: Add missing prototype for efi_capsule_setup_info (git-fixes).
efi: Do not import certificates from UEFI Secure Boot for T2 Macs (git-fixes).
efi: fix return value of __setup handlers (git-fixes).
efivars: Respect 'block' flag in efivar_entry_set_safe() (git-fixes).
epic100: fix use after free on rmmod (git-fixes).
ethernet/sfc: remove redundant rc variable (bsc#1196306).
exec: Force single empty string when argv is empty (bsc#1200571).
ext2: correct max file size computing (bsc#1197820).
ext4: avoid trim error on fs with small groups (bsc#1191271).
ext4: destroy ext4_fc_dentry_cachep kmemcache on module removal (bsc#1197917).
ext4: fix an use-after-free issue about data=journal writeback mode (bsc#1195482).
ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1200810).
ext4: fix bug_on in __es_tree_search (bsc#1200809).
ext4: fix ext4_fc_stats trace point (git-fixes).
ext4: fix race condition between ext4_write and ext4_convert_inline_data (bsc#1200807).
ext4: limit length to bitmap_maxbytes - blocksize in punch_hole (bsc#1200806).
ext4: make variable 'count' signed (bsc#1200820).
ext4: reject the 'commit' option on ext2 filesystems (bsc#1200808).
extcon: Modify extcon device to be created after driver data is set (git-fixes).
extcon: ptn5150: Add queue work sync before driver release (git-fixes).
faddr2line: Fix overlapping text section failures, the sequel (git-fixes).
fbcon: Avoid 'cap' set but not used warning (bsc#1190786)
fbcon: Consistently protect deferred_takeover with console_lock() (git-fixes).
firewire: core: extend card->lock in fw_core_handle_bus_reset (git-fixes).
firewire: fix potential uaf in outbound_phy_packet_callback() (git-fixes).
firewire: remove check of list iterator against head past the loop body (git-fixes).
firmware: arm_ffa: Fix uuid parameter to ffa_partition_probe (git-fixes).
firmware: arm_ffa: Remove incorrect assignment of driver_data (git-fixes).
firmware: arm_scmi: Fix list protocols enumeration in the base protocol (git-fixes).
firmware: arm_scmi: Fix sorting of retrieved clock rates (git-fixes).
firmware: arm_scmi: Remove space in MODULE_ALIAS name (git-fixes).
firmware: arm_scmi: Validate BASE_DISCOVER_LIST_PROTOCOLS response (git-fixes).
firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle (git-fixes).
firmware: google: Properly state IOMEM dependency (git-fixes).
firmware: qcom: scm: Remove reassignment to desc following initializer (git-fixes).
firmware: stratix10-svc: add missing callback parameter on RSU (git-fixes).
firmware: stratix10-svc: fix a missing check on list iterator (git-fixes).
firmware: sysfb: fix platform-device leak in error path (git-fixes).
firmware: ti_sci: Fix compilation failure when CONFIG_TI_SCI_PROTOCOL is not defined (git-fixes).
firmware: use kernel credentials when reading firmware (git-fixes).
fs: fd tables have to be multiples of BITS_PER_LONG (bsc#1200827).
fs: fix fd table size alignment properly (bsc#1200882).
fs: handle circular mappings correctly (bsc#1197918).
fsl_lpuart: Do not enable interrupts too early (git-fixes).
fsnotify: Do not insert unmergeable events in hashtable (bsc#1197922).
fsnotify: fix fsnotify hooks in pseudo filesystems (bsc#1195944 bsc#1195478).
fsnotify: fix wrong lockdep annotations (bsc#1200815).
ftrace: Clean up hash direct_functions on register failures (git-fixes).
fuse: fix fileattr op failure (bsc#1197292).
gen_init_cpio: fix short read file handling (bsc#1193289).
genirq/affinity: Consider that CPUs on nodes can be (git-fixes)
genirq: Synchronize interrupt thread startup (git-fixes)
gianfar: ethtool: Fix refcount leak in gfar_get_ts_info (git-fixes).
gma500: fix an incorrect NULL check on list iterator (git-fixes).
gpio: adp5588: Remove support for platform setup and teardown callbacks (git-fixes).
gpio: aggregator: Fix calling into sleeping GPIO controllers (git-fixes).
gpio: dwapb: Do not print error on -EPROBE_DEFER (git-fixes).
gpio: gpio-vf610: do not touch other bits when set the target bit (git-fixes).
gpiolib: acpi: Convert ACPI value of debounce to microseconds (git-fixes).
gpiolib: acpi: use correct format characters (git-fixes).
gpiolib: Never return internal error codes to user space (git-fixes).
gpiolib: of: fix bounds check for 'gpio-reserved-ranges' (git-fixes).
gpio: mvebu: drop pwm base assignment (git-fixes).
gpio: mvebu/pwm: Refuse requests with inverted polarity (git-fixes).
gpio: pca953x: fix irq_stat not updated when irq is disabled (irq_mask not set) (git-fixes).
gpio: pca953x: use the correct register address to do regcache sync (git-fixes).
gpio: Return EPROBE_DEFER if gc->to_irq is NULL (git-fixes).
gpio: Revert regression in sysfs-gpio (gpiolib.c) (git-fixes).
gpio: sifive: use the correct register to read output values (git-fixes).
gpio: tegra186: Fix chip_data type confusion (git-fixes).
gpio: ts4900: Do not set DAT and OE together (git-fixes).
gpio: visconti: Fix fwnode of GPIO IRQ (git-fixes).
gpio: winbond: Fix error code in winbond_gpio_get() (git-fixes).
gpu: host1x: Fix a memory leak in 'host1x_remove()' (git-fixes).
gpu: ipu-v3: Fix dev_dbg frequency output (git-fixes).
gup: Turn fault_in_pages_{readable,writeable} into fault_in_{readable,writeable} (git-fixes).
gve: Fix GFP flags when allocing pages (git-fixes).
gve: fix the wrong AdminQ buffer queue index check (git-fixes).
habanalabs: Add check for pci_enable_device (git-fixes).
habanalabs: fix possible memory leak in MMU DR fini (git-fixes).
hamradio: fix macro redefine warning (git-fixes).
hex2bin: fix access beyond string end (git-fixes).
HID: add mapping for KEY_ALL_APPLICATIONS (git-fixes).
HID: add mapping for KEY_DICTATE (git-fixes).
HID: Add support for open wheel and no attachment to T300 (git-fixes).
HID:Add support for UGTABLET WP5540 (git-fixes).
HID: amd_sfh: Add illuminance mask to limit ALS max value (git-fixes).
HID: amd_sfh: Correct the structure field name (git-fixes).
HID: amd_sfh: Modify the bus name (git-fixes).
HID: amd_sfh: Modify the hid name (git-fixes).
HID: bigben: fix slab-out-of-bounds Write in bigben_probe (git-fixes).
hide appended member supports_dynamic_smps_6ghz (git-fixes).
HID: elan: Fix potential double free in elan_input_configured (git-fixes).
HID: hid-led: fix maximum brightness for Dream Cheeky (git-fixes).
HID: hid-thrustmaster: fix OOB read in thrustmaster_interrupts (git-fixes).
HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports (git-fixes).
HID: intel-ish-hid: Use dma_alloc_coherent for firmware update (git-fixes).
HID: logitech-dj: add new lightspeed receiver id (git-fixes).
HID: multitouch: add quirks to enable Lenovo X12 trackpoint (git-fixes).
HID: multitouch: Add support for Google Whiskers Touchpad (git-fixes).
HID: multitouch: fix Dell Precision 7550 and 7750 button type (bsc#1197243).
HID: vivaldi: fix sysfs attributes leak (git-fixes).
hinic: fix bug of wq out of bound access (git-fixes).
hv_balloon: rate-limit 'Unhandled message' warning (git-fixes).
hv_netvsc: Add check for kvmalloc_array (git-fixes).
hv_utils: Add comment about max VMbus packet size in VSS driver (git-fixes).
hwmon: (dell-smm) Speed up setting of fan speed (git-fixes).
hwmon: (f71882fg) Fix negative temperature (git-fixes).
hwmon: Handle failure to register sensor with thermal zone correctly (git-fixes).
hwmon: (ibmaem) do not call platform_device_del() if platform_device_add() fails (git-fixes).
hwmon: (ltq-cputemp) restrict it to SOC_XWAY (git-fixes).
hwmon: (pmbus) Add mutex to regulator ops (git-fixes).
hwmon: (pmbus) Add Vin unit off handling (git-fixes).
hwmon: (pmbus) Check PEC support before reading other registers (git-fixes).
hwmon: (pmbus) Clear pmbus fault/warning bits after read (git-fixes).
hwmon: (pmbus) disable PEC if not enabled (git-fixes).
hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING (git-fixes).
hwmon: (tmp401) Add OF device ID table (git-fixes).
hwrng: atmel - disable trng on failure path (git-fixes).
hwrng: cavium - Check health status while reading random data (git-fixes).
hwrng: cavium - HW_RANDOM_CAVIUM should depend on ARCH_THUNDER (git-fixes).
hwrng: nomadik - Change clk_disable to clk_disable_unprepare (git-fixes).
hwrng: omap3-rom - fix using wrong clk_disable() in omap_rom_rng_runtime_resume() (git-fixes).
i2c: at91: Initialize dma_buf in at91_twi_xfer() (git-fixes).
i2c: at91: use dma safe buffers (git-fixes).
i2c: bcm2835: Avoid clock stretching timeouts (git-fixes).
i2c: bcm2835: Fix the error handling in 'bcm2835_i2c_probe()' (git-fixes).
i2c: bcm2835: Use platform_get_irq() to get the interrupt (git-fixes).
i2c: brcmstb: fix support for DSL and CM variants (git-fixes).
i2c: cadence: Increase timeout per message if necessary (git-fixes).
i2c: designware: Use standard optional ref clock implementation (git-fixes).
i2c: dev: Force case user pointers in compat_i2cdev_ioctl() (git-fixes).
i2c: ismt: prevent memory corruption in ismt_access() (git-fixes).
i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging (git-fixes).
i2c: meson: Fix wrong speed use from probe (git-fixes).
i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe() (git-fixes).
i2c: mux: demux-pinctrl: do not deactivate a master that is not active (git-fixes).
i2c: npcm7xx: Add check for platform_driver_register (git-fixes).
i2c: npcm: Correct register access width (git-fixes).
i2c: npcm: Fix timeout calculation (git-fixes).
i2c: npcm: Handle spurious interrupts (git-fixes).
i2c: piix4: Add EFCH MMIO support for SMBus port select (git-fixes).
i2c: piix4: Add EFCH MMIO support to region request and release (git-fixes).
i2c: piix4: Add EFCH MMIO support to SMBus base address detect (git-fixes).
i2c: piix4: Enable EFCH MMIO for Family 17h+ (git-fixes).
i2c: piix4: Move port I/O region request/release code into functions (git-fixes).
i2c: piix4: Move SMBus controller base address detect into function (git-fixes).
i2c: piix4: Move SMBus port selection into function (git-fixes).
i2c: piix4: Replace hardcoded memory map size with a #define (git-fixes).
i2c: qcom-cci: do not delete an unregistered adapter (git-fixes).
i2c: qcom-cci: do not put a device tree node before i2c_add_adapter() (git-fixes).
i2c: rcar: fix PM ref counts in probe error paths (git-fixes).
i2c: xiic: Make bus names unique (git-fixes).
i40e: do not reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb (git-fixes).
i40e: Fix for failed to init adminq while VF reset (git-fixes).
i40e: Fix issue when maximum queues is exceeded (git-fixes).
i40e: Fix queues reservation for XDP (git-fixes).
i40e: Fix reset bw limit when DCB enabled with 1 TC (git-fixes).
i40e: Fix reset path while removing the driver (git-fixes).
i40e: fix unsigned stat widths (git-fixes).
i40e: i40e_main: fix a missing check on list iterator (git-fixes).
i40e: Increase delay to 1 s after global EMP reset (git-fixes).
i40e: remove dead stores on XSK hotpath (jsc#SLE-18378).
i40e: respect metadata on XSK Rx to skb (git-fixes).
i40e: stop disabling VFs due to PF error responses (jsc#SLE-18378).
iavf: Add waiting so the port is initialized in remove (jsc#SLE-18385).
iavf: Fix deadlock in iavf_reset_task (jsc#SLE-18385).
iavf: Fix double free in iavf_reset_task (jsc#SLE-18385).
iavf: Fix handling of vlan strip virtual channel messages (jsc#SLE-18385).
iavf: Fix hang during reboot/shutdown (jsc#SLE-18385).
iavf: Fix __IAVF_RESETTING state usage (jsc#SLE-18385).
iavf: Fix init state closure on remove (jsc#SLE-18385).
iavf: Fix locking for VIRTCHNL_OP_GET_OFFLOAD_VLAN_V2_CAPS (jsc#SLE-18385).
iavf: Fix missing check for running netdev (git-fixes).
iavf: Fix race in init state (jsc#SLE-18385).
iavf: Rework mutexes for better synchronisation (jsc#SLE-18385 stable-5.14.6).
IB/cma: Allow XRC INI QPs to set their local ACK timeout (git-fixes).
IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (git-fixes).
IB/cm: Release previously acquired reference counter in the cm_id_priv (git-fixes).
IB/hfi1: Allow larger MTU without AIP (git-fixes).
IB/hfi1: Fix AIP early init panic (git-fixes).
IB/hfi1: Fix alloc failure with larger txqueuelen (git-fixes).
IB/hfi1: Fix panic with larger ipoib send_queue_size (jsc#SLE-19242).
IB/hfi1: Fix tstats alloc and dealloc (git-fixes).
IB/mlx5: Expose NDR speed through MAD (bsc#1196930).
ibmvnic: do not release napi in __ibmvnic_open() (bsc#1195668 ltc#195811).
ibmvnic: fix race between xmit and reset (bsc#1197302 ltc#197259).
ibmvnic: Properly dispose of all skbs during a failover (bsc#1200925).
ibmvnic: schedule failover only if vioctl fails (bsc#1196400 ltc#195815).
IB/qib: Fix duplicate sysfs directory name (git-fixes).
IB/rdmavt: add lock to call to rvt_error_qp to prevent a race condition (git-fixes).
IB/rdmavt: Validate remote_addr during loopback atomic tests (git-fixes).
ice: allow creating VFs for !CONFIG_NET_SWITCHDEV (jsc#SLE-18375).
ice: check the return of ice_ptp_gettimex64 (git-fixes).
ice: clear cmd_type_offset_bsz for TX rings (jsc#SLE-18375).
ice: Clear default forwarding VSI during VSI release (git-fixes).
ice: clear stale Tx queue settings before configuring (git-fixes).
ice: do not allow to run ice_send_event_to_aux() in atomic ctx (git-fixes).
ice: do not reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb (git-fixes).
ice: Do not use GFP_KERNEL in atomic context (git-fixes).
ice: enable parsing IPSEC SPI headers for RSS (git-fixes).
ice: fix an error code in ice_cfg_phy_fec() (git-fixes).
ice: fix concurrent reset and removal of VFs (git-fixes).
ice: fix crash in switchdev mode (jsc#SLE-18375).
ice: Fix curr_link_speed advertised speed (git-fixes).
ice: Fix incorrect locking in ice_vc_process_vf_msg() (jsc#SLE-18375).
ice: fix IPIP and SIT TSO offload (git-fixes).
ice: fix NULL pointer dereference in ice_update_vsi_tx_ring_stats() (jsc#SLE-18375).
ice: fix PTP stale Tx timestamps cleanup (git-fixes).
ice: fix setting l4 port flag when adding filter (jsc#SLE-18375).
ice: fix use-after-free when deinitializing mailbox snapshot (git-fixes).
ice: initialize local variable 'tlv' (git-fixes).
ice: kabi protect ice_pf (bsc#1200502).
ice: Protect vf_state check by cfg_lock in ice_vc_process_vf_msg() (jsc#SLE-18375).
ice: respect metadata on XSK Rx to skb (git-fixes).
ice: synchronize_rcu() when terminating rings (git-fixes).
ice: xsk: Fix indexing in ice_tx_xsk_pool() (jsc#SLE-18375).
ice: xsk: fix VSI state check in ice_xsk_wakeup() (git-fixes).
igb: refactor XDP registration (git-fixes).
igc: avoid kernel warning when changing RX ring parameters (git-fixes).
igc: do not reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb (git-fixes).
igc: Fix BUG: scheduling while atomic (git-fixes).
igc: Fix infinite loop in release_swfw_sync (git-fixes).
igc: Fix suspending when PTM is active (jsc#SLE-18377).
igc: igc_read_phy_reg_gpy: drop premature return (git-fixes).
igc: igc_write_phy_reg_gpy: drop premature return (git-fixes).
iio:accel:bma180: rearrange iio trigger get and register (git-fixes).
iio: accel: fxls8962af: add padding to regmap for SPI (git-fixes).
iio:accel:kxcjk-1013: rearrange iio trigger get and register (git-fixes).
iio: accel: mma8452: ignore the return value of reset operation (git-fixes).
iio: accel: mma8452: use the correct logic to get mma8452_data (git-fixes).
iio:accel:mxc4005: rearrange iio trigger get and register (git-fixes).
iio: adc: ad7124: fix mask used for setting AIN_BUFP and AIN_BUFM bits (git-fixes).
iio: adc: ad7124: Remove shift from scan_type (git-fixes).
iio: adc: Add check for devm_request_threaded_irq (git-fixes).
iio: adc: adi-axi-adc: Fix refcount leak in adi_axi_adc_attach_client (git-fixes).
iio: adc: axp288: Override TS pin bias current for some models (git-fixes).
iio: adc: men_z188_adc: Fix a resource leak in an error handling path (git-fixes).
iio: adc: sc27xx: Fine tune the scale calibration values (git-fixes).
iio: adc: sc27xx: fix read big scale voltage not right (git-fixes).
iio: adc: stm32: Fix ADCs iteration in irq handler (git-fixes).
iio: adc: stm32: Fix IRQs on STM32F4 by removing custom spurious IRQs message (git-fixes).
iio: adc: stm32: fix maximum clock rate for stm32mp15x (git-fixes).
iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check (git-fixes).
iio: adc: ti-ads131e08: add missing fwnode_handle_put() in ads131e08_alloc_channels() (git-fixes).
iio: adc: tsc2046: fix memory corruption by preventing array overflow (git-fixes).
iio: adc: vf610: fix conversion mode sysfs node name (git-fixes).
iio: afe: rescale: Fix boolean logic bug (git-fixes).
iio: afe: rescale: use s64 for temporary scale calculations (git-fixes).
iio: buffer: Fix file related error handling in IIO_BUFFER_GET_FD_IOCTL (git-fixes).
iio:chemical:ccs811: rearrange iio trigger get and register (git-fixes).
iio: dac: ad5446: Fix read_raw not returning set value (git-fixes).
iio: dac: ad5592r: Fix the missing return value (git-fixes).
iio: dummy: iio_simple_dummy: check the return value of kstrdup() (git-fixes).
iio: Fix error handling for PM (git-fixes).
iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (git-fixes).
iio:humidity:hts221: rearrange iio trigger get and register (git-fixes).
iio:imu:adis16480: fix buffering for devices with no burst mode (git-fixes).
iio:imu:bmi160: disable regulator in error path (git-fixes).
iio: imu: inv_icm42600: Fix I2C init possible nack (git-fixes).
iio: imu: st_lsm6dsx: wait for settling time in st_lsm6dsx_read_oneshot (git-fixes).
iio: inkern: apply consumer scale on IIO_VAL_INT cases (git-fixes).
iio: inkern: apply consumer scale when no channel scale is available (git-fixes).
iio: inkern: make a best effort on offset calculation (git-fixes).
iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on() (git-fixes).
iio: magnetometer: yas530: Fix memchr_inv() misuse (git-fixes).
iio: mma8452: Fix probe failing when an i2c_device_id is used (git-fixes).
iio: mma8452: fix probe fail when device tree compatible is used (git-fixes).
iio: proximity: vl53l0x: Fix return value check of wait_for_completion_timeout (git-fixes).
iio: st_sensors: Add a local lock for protecting odr (git-fixes).
iio: trigger: sysfs: fix use-after-free on remove (git-fixes).
ima: Allow template selection with ima_template[_fmt]= after ima_hash= (git-fixes).
ima: Do not print policy rule with inactive LSM labels (git-fixes).
ima: fix reference leak in asymmetric_verify() (git-fixes).
ima: Remove ima_policy file before directory (git-fixes).
init: call time_init() before rand_initialize() (git-fixes).
init: Initialize noop_backing_dev_info early (bsc#1200822).
init/main.c: return 1 from handled __setup() functions (git-fixes).
initramfs: Check timestamp to prevent broken cpio archive (bsc#1193289).
inotify: show inotify mask flags in proc fdinfo (bsc#1200600).
Input: add bounds checking to input_set_capability() (git-fixes).
Input: aiptek - properly check endpoint type (git-fixes).
Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag (git-fixes).
Input: clear BTN_RIGHT/MIDDLE on buttonpads (git-fixes).
Input: elan_i2c: Add deny list for Lenovo Yoga Slim 7 (bsc#1193064).
Input: elan_i2c - fix regulator enable count imbalance after suspend/resume (git-fixes).
Input: elan_i2c - move regulator_[en|dis]able() out of elan_[en|dis]able_power() (git-fixes).
Input: gpio-keys - cancel delayed work only in case of GPIO (git-fixes).
Input: ili210x - fix reset timing (git-fixes).
Input: omap4-keypad - fix pm_runtime_get_sync() error checking (git-fixes).
Input: samsung-keypad - properly state IOMEM dependency (git-fixes).
Input: soc_button_array - also add Lenovo Yoga Tablet2 1051F to dmi_use_low_level_irq (git-fixes).
Input: sparcspkr - fix refcount leak in bbc_beep_probe (git-fixes).
Input: stmfts - do not leave device disabled in stmfts_input_open (git-fixes).
Input: stmfts - fix reference leak in stmfts_input_open (git-fixes).
Input: synaptics - enable InterTouch on ThinkPad T14/P14s Gen 1 AMD (git-fixes).
Input: synaptics: retry query upon error (bsc#1194086).
Input: wm97xx: Simplify resource management (git-fixes).
Input: zinitix - do not report shadow fingers (git-fixes).
integrity: check the return value of audit_log_start() (git-fixes).
iocost: do not reset the inuse weight of under-weighted debtors (git-fixes).
iocost: Fix divide-by-zero on donation from low hweight cgroup (bsc#1198014).
iomap: iomap_write_failed fix (bsc#1200829).
iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() (git-fixes).
iommu/amd: Increase timeout waiting for GA log enablement (bsc#1199052).
iommu/amd: Remove useless irq affinity notifier (git-fixes).
iommu/amd: Restore GA log/tail pointer on host resume (git-fixes).
iommu/amd: X2apic mode: mask/unmask interrupts on suspend/resume (git-fixes).
iommu/amd: X2apic mode: re-enable after resume (git-fixes).
iommu/amd: X2apic mode: setup the INTX registers on mask/unmask (git-fixes).
iommu: arm-smmu: disable large page mappings for Nvidia arm-smmu (bsc#1198826).
iommu/arm-smmu-qcom: Fix TTBR0 read (git-fixes).
iommu: Extend mutex lock scope in iommu_probe_device() (git-fixes).
iommu/ioasid: Introduce a helper to check for valid PASIDs (jsc#SLE-24350).
iommu/io-pgtable-arm: Fix table descriptor paddr formatting (git-fixes).
iommu/io-pgtable-arm-v7s: Add error handle for page table allocation failure (git-fixes).
iommu/iova: Fix race between FQ timeout and teardown (git-fixes).
iommu/sva: Assign a PASID to mm on PASID allocation and free it on mm exit (jsc#SLE-24350).
iommu/sva: Rename CONFIG_IOMMU_SVA_LIB to CONFIG_IOMMU_SVA (jsc#SLE-24350).
iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() (git-fixes).
ionic: add FW_STOPPING state (git-fixes).
ionic: Allow flexibility for error reporting on dev commands (git-fixes).
ionic: better handling of RESET event (git-fixes).
ionic: catch transition back to RUNNING with fw_generation 0 (git-fixes).
ionic: Cleanups in the Tx hotpath code (git-fixes).
ionic: Correctly print AQ errors if completions are not received (git-fixes).
ionic: disable napi when ionic_lif_init() fails (git-fixes).
ionic: Do not send reset commands if FW isn't running (git-fixes).
ionic: fix missing pci_release_regions() on error in ionic_probe() (git-fixes).
ionic: fix type complaint in ionic_dev_cmd_clean() (git-fixes).
ionic: fix up printing of timeout error (git-fixes).
ionic: Prevent filter add/del err msgs when the device is not available (git-fixes).
ionic: Query FW when getting VF info via ndo_get_vf_config (git-fixes).
ionic: remove the dbid_inuse bitmap (git-fixes).
ionic: replace set_vf data with union (git-fixes).
ionic: start watchdog after all is setup (git-fixes).
ionic: stretch heartbeat detection (git-fixes).
io_uring: add more locking annotations for submit (bsc#1199011).
io_uring: avoid touching inode in rw prep (bsc#1199011).
io_uring: be smarter about waking multiple CQ ring waiters (bsc#1199011).
io_uring: cache __io_free_req()'d requests (bsc#1199011).
io_uring: clean io-wq callbacks (bsc#1199011).
io_uring: clean up tctx_task_work() (bsc#1199011).
io_uring: deduplicate open iopoll check (bsc#1199011).
io_uring: do not halt iopoll too early (bsc#1199011).
io_uring: drop exec checks from io_req_task_submit (bsc#1199011).
io_uring: extract a helper for ctx quiesce (bsc#1199011).
io_uring: Fix undefined-behaviour in io_issue_sqe (bsc#1199011).
io_uring: improve ctx hang handling (bsc#1199011).
io_uring: inline fixed part of io_file_get() (bsc#1199011).
io_uring: inline io_free_req_deferred (bsc#1199011).
io_uring: inline io_poll_remove_waitqs (bsc#1199011).
io_uring: inline struct io_comp_state (bsc#1199011).
io_uring: kill unused IO_IOPOLL_BATCH (bsc#1199011).
io_uring: move io_fallback_req_func() (bsc#1199011).
io_uring: move io_put_task() definition (bsc#1199011).
io_uring: move io_rsrc_node_alloc() definition (bsc#1199011).
io_uring: optimise io_cqring_wait() hot path (bsc#1199011).
io_uring: optimise putting task struct (bsc#1199011).
io_uring: refactor io_alloc_req (bsc#1199011).
io_uring: remove extra argument for overflow flush (bsc#1199011).
io_uring: remove file batch-get optimisation (bsc#1199011).
io_uring: remove IRQ aspect of io_ring_ctx completion lock (bsc#1199011).
io_uring: remove redundant args from cache_free (bsc#1199011).
io_uring: remove unnecessary PF_EXITING check (bsc#1199011).
io_uring: rename io_file_supports_async() (bsc#1199011).
io_uring: run linked timeouts from task_work (bsc#1199011).
io_uring: run regular file completions from task_work (bsc#1199011).
io_uring: run timeouts from task_work (bsc#1199011).
io_uring: use inflight_entry instead of compl.list (bsc#1199011).
io_uring: use kvmalloc for fixed files (bsc#1199011).
io-wq: get rid of FIXED worker flag (bsc#1199011).
io-wq: make worker creation resilient against signals (bsc#1199011).
io-wq: move nr_running and worker_refs out of wqe->lock protection (bsc#1199011).
io-wq: only exit on fatal signals (bsc#1199011).
io-wq: provide a way to limit max number of workers (bsc#1199011).
io-wq: split bounded and unbounded work into separate lists (bsc#1199011).
io-wq: wqe and worker locks no longer need to be IRQ safe (bsc#1199011).
ipc/sem: do not sleep with a spin lock held (bsc#1198412).
ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (git-fixes).
ipmi: bail out if init_srcu_struct fails (git-fixes).
ipmi: Fix pr_fmt to avoid compilation issues (git-fixes).
ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module (git-fixes).
ipmi:ssif: Check for NULL msg when handling events and messages (git-fixes).
ipvs: add sysctl_run_estimation to support disable estimation (bsc#1195504).
ipw2x00: Fix potential NULL dereference in libipw_xmit() (git-fixes).
irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (git-fixes).
irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value (git-fixes).
irqchip/aspeed-scu-ic: Fix irq_of_parse_and_map() return value (git-fixes).
irqchip/exiu: Fix acknowledgment of edge triggered interrupts (git-fixes).
irqchip/gic, gic-v3: Prevent GSI to SGI translations (git-fixes).
irqchip/gic/realview: Fix refcount leak in realview_gic_of_init (git-fixes).
irqchip/gic-v3: Ensure pseudo-NMIs have an ISB between ack and handling (git-fixes).
irqchip/gic-v3: Fix error handling in gic_populate_ppi_partitions (git-fixes).
irqchip/gic-v3: Fix GICR_CTLR.RWP polling (git-fixes).
irqchip/gic-v3: Fix refcount leak in gic_populate_ppi_partitions (git-fixes).
irqchip/gic-v4: Wait for GICR_VPENDBASER.Dirty to clear before descheduling (git-fixes).
irqchip: irq-xtensa-mx: fix initial IRQ affinity (git-fixes).
irqchip/nvic: Release nvic_base upon failure (git-fixes).
irqchip/qcom-pdc: Fix broken locking (git-fixes).
irqchip/realtek-rtl: Fix refcount leak in map_interrupts (git-fixes).
irqchip/realtek-rtl: Service all pending interrupts (git-fixes).
isdn: hfcpci: check the return value of dma_set_mask() in setup_hw() (git-fixes).
ivtv: fix incorrect device_caps for ivtvfb (git-fixes).
iwlwifi: do not advertise TWT support (git-fixes).
iwlwifi: Fix -EIO error code that is never returned (git-fixes).
iwlwifi: fix use-after-free (git-fixes).
iwlwifi: iwl-dbg: Use del_timer_sync() before freeing (git-fixes).
iwlwifi: mvm: align locking in D3 test debugfs (git-fixes).
iwlwifi: mvm: check debugfs_dir ptr before use (git-fixes).
iwlwifi: mvm: Correctly set fragmented EBS (git-fixes).
iwlwifi: mvm: Do not call iwl_mvm_sta_from_mac80211() with NULL sta (git-fixes).
iwlwifi: mvm: do not crash on invalid rate w/o STA (git-fixes).
iwlwifi: mvm: do not iterate unadded vifs when handling FW SMPS req (git-fixes).
iwlwifi: mvm: do not send SAR GEO command for 3160 devices (git-fixes).
iwlwifi: mvm: Fix an error code in iwl_mvm_up() (git-fixes).
iwlwifi: mvm: fix assert 1F04 upon reconfig (git-fixes).
iwlwifi: mvm: move only to an enabled channel (git-fixes).
iwlwifi: pcie: fix locking when 'HW not ready' (git-fixes).
iwlwifi: pcie: gen2: fix locking when 'HW not ready' (git-fixes).
iwlwifi: yoyo: remove DBGI_SRAM address reset writing (git-fixes).
ixgbe: do not reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb (git-fixes).
ixgbe: ensure IPsec VF - PF compatibility (git-fixes).
ixgbe: respect metadata on XSK Rx to skb (git-fixes).
ixgbe: xsk: change !netif_carrier_ok() handling in ixgbe_xmit_zc() (git-fixes).
jbd2: Fake symbols defined under CONFIG_JBD2_DEBUG (bsc#1198971).
jfs: fix divide error in dbNextAG (bsc#1200828).
kABI: fix change of iscsi_host_remove() arguments (bsc#1198410).
kABI: Fix kABI after 'x86/mm/cpa: Generalize __set_memory_enc_pgtable()' (jsc#SLE-19924).
kABI fix of sysctl_run_estimation (git-fixes).
kABI: fix removal of iscsi_destroy_conn (bsc#1198410).
kABI: fix rndis_parameters locking (git-fixes).
kABI: ivtv: restore caps member (git-fixes).
kabi/severities: add exception for bcache symboles
kabi/severities: allow dropping a few invalid exported symbols (bsc#1201218)
kabi/severities: Ignore arch/x86/kvm except for kvm_x86_ops Handle this like in previous SLE kernels.
kABI workaround for fxls8962af iio accel drivers (git-fixes).
kABI workaround for pci quirks (git-fixes).
kconfig: fix failing to generate auto.conf (git-fixes).
kconfig: let 'shell' return enough output for deep path names (git-fixes).
kernel/fork: Initialize mm's PASID (jsc#SLE-24350).
kernel/resource: Introduce request_mem_region_muxed() (git-fixes).
kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add] (git-fixes).
KEYS: asymmetric: enforce that sig algo matches key algo (git-fixes).
KEYS: asymmetric: properly validate hash_algo and encoding (git-fixes).
KEYS: fix length validation in keyctl_pkey_params_get_2() (git-fixes).
KEYS: trusted: Avoid calling null function trusted_key_exit (git-fixes).
KEYS: trusted: Fix trusted key backends when building as module (git-fixes).
KEYS: trusted: tpm2: Fix migratable logic (git-fixes).
kprobes: Add kretprobe_find_ret_addr() for searching return address (bsc#1193277).
kprobes: Enable stacktrace from pt_regs in kretprobe handler (bsc#1193277).
kprobes: treewide: Cleanup the error messages for kprobes (bsc#1193277).
kprobes: treewide: Make it harder to refer kretprobe_trampoline directly (bsc#1193277).
kprobes: treewide: Remove trampoline_address from kretprobe_trampoline_handler() (bsc#1193277).
kprobes: treewide: Replace arch_deref_entry_point() with dereference_symbol_descriptor() (bsc#1193277).
kprobes: treewide: Use 'kprobe_opcode_t *' for the code address in get_optimized_kprobe() (bsc#1193277).
kselftest/arm64: bti: force static linking (git-fixes).
kunit: tool: Import missing importlib.abc (git-fixes).
KVM: arm64: Avoid consuming a stale esr value when SError occur (git-fixes).
KVM: arm64: Drop unused workaround_flags vcpu field (git-fixes).
KVM: arm64: pkvm: Use the mm_ops indirection for cache maintenance (git-fixes).
KVM: arm64: Use shadow SPSR_EL1 when injecting exceptions on !VHE (git-fixes).
KVM: Clean up benign vcpu->cpu data races when kicking vCPUs (git-fixes).
KVM: Ensure local memslot copies operate on up-to-date arch-specific data (git-fixes).
KVM: fix wrong exception emulation in check_rdtsc (git-fixes).
KVM: LAPIC: Drop pending LAPIC timer injection when canceling the timer (git-fixes).
KVM: nVMX: Abide to KVM_REQ_TLB_FLUSH_GUEST request on nested vmentry/vmexit (git-fixes).
KVM: nVMX: Clear IDT vectoring on nested VM-Exit for double/triple fault (git-fixes).
KVM: nVMX: Do not clear CR3 load/store exiting bits if L1 wants 'em (git-fixes).
KVM: nVMX: Emulate guest TLB flush on nested VM-Enter with new vpid12 (git-fixes).
KVM: nVMX: Ensure vCPU honors event request if posting nested IRQ fails (git-fixes).
KVM: nVMX: Flush current VPID (L1 vs. L2) for KVM_REQ_TLB_FLUSH_GUEST (git-fixes).
KVM: nVMX: Leave most VM-Exit info fields unmodified on failed VM-Entry (git-fixes).
KVM: PPC: Fix TCE handling for VFIO (bsc#1061840 git-fixes).
KVM: s390: Ensure kvm_arch_no_poll() is read once when blocking vCPU (git-fixes).
KVM: s390: pv: add macros for UVC CC values (git-fixes).
KVM: s390: pv: avoid stalls when making pages secure (git-fixes).
KVM: s390: vsie/gmap: reduce gmap_rmap overhead (git-fixes).
KVM: selftests: Do not skip L2's VMCALL in SMM test for SVM guest (bsc#1194523).
KVM: selftests: Re-enable access_tracking_perf_test (bsc#1194526).
KVM: SEV: accept signals in sev_lock_two_vms (bsc#1194526).
KVM: SEV: do not take kvm->lock when destroying (bsc#1194526).
KVM: SEV: Fall back to vmalloc for SEV-ES scratch area if necessary (bsc#1194526).
KVM: SEV: Mark nested locking of kvm->lock (bsc#1194526).
KVM: SEV: Return appropriate error codes if SEV-ES scratch setup fails (bsc#1194526).
KVM: SVM: Allow AVIC support on system w/ physical APIC ID > 255 (bsc#1193823).
KVM: SVM: Do not terminate SEV-ES guests on GHCB validation failure (bsc#1194526).
KVM: SVM: drop unnecessary code in svm_hv_vmcb_dirty_nested_enlightenments() (git-fixes).
KVM: SVM: Emulate #INIT in response to triple fault shutdown (git-fixes).
KVM: SVM: Fix kvm_cache_regs.h inclusions for is_guest_mode() (git-fixes).
KVM: SVM: hyper-v: Enable Enlightened MSR-Bitmap support for real (git-fixes).
KVM: SVM: Never reject emulation due to SMAP errata for !SEV guests (git-fixes).
KVM: SVM: Use kzalloc for sev ioctl interfaces to prevent kernel data leak (git-fixes).
KVM: VMX: Do not unblock vCPU w/ Posted IRQ if IRQs are disabled in guest (git-fixes).
KVM: VMX: Fold ept_update_paging_mode_cr0() back into vmx_set_cr0() (git-fixes).
KVM: VMX: Invert handling of CR0.WP for EPT without unrestricted guest (git-fixes).
KVM: VMX: Read Posted Interrupt 'control' exactly once per loop iteration (git-fixes).
KVM: VMX: Refresh list of user return MSRs after setting guest CPUID (git-fixes).
KVM: VMX: Remove defunct 'nr_active_uret_msrs' field (git-fixes).
KVM: VMX: Set failure code in prepare_vmcs02() (git-fixes).
KVM: VMX: Skip pointless MSR bitmap update when setting EFER (git-fixes).
KVM: VMX: Wake vCPU when delivering posted IRQ even if vCPU == this vCPU (git-fixes).
KVM: x86: Assume a 64-bit hypercall for guests with protected state (git-fixes).
kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (git-fixes).
KVM: x86: Do not force set BSP bit when local APIC is managed by userspace (git-fixes).
KVM: x86: Do not mark all registers as avail/dirty during RESET/INIT (git-fixes).
KVM: x86: do not print when fail to read/write pv eoi memory (git-fixes).
KVM: x86: Drop guest CPUID check for host initiated writes to MSR_IA32_PERF_CAPABILITIES (git-fixes).
KVM: x86: Drop WARNs that assert a triple fault never 'escapes' from L2 (git-fixes).
KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor() (git-fixes).
KVM: X86: Ensure that dirty PDPTRs are loaded (git-fixes).
KVM: x86: Exit to userspace if emulation prepared a completion callback (git-fixes).
KVM: x86: Fix emulation in writing cr8 (git-fixes).
KVM: X86: Fix missed remote tlb flush in rmap_write_protect() (git-fixes).
KVM: x86: Fix uninitialized eoi_exit_bitmap usage in vcpu_load_eoi_exitmap() (git-fixes).
KVM: x86: Handle 32-bit wrap of EIP for EMULTYPE_SKIP with flat code seg (git-fixes).
KVM: x86: hyper-v: Fix the maximum number of sparse banks for XMM fast TLB flush hypercalls (git-fixes).
KVM: x86: Ignore sparse banks size for an 'all CPUs', non-sparse IPI req (git-fixes).
KVM: x86: Mark all registers as avail/dirty at vCPU creation (git-fixes).
KVM: x86: Migrate the PIT only if vcpu0 is migrated, not any BSP (git-fixes).
KVM: x86/mmu: Check for present SPTE when clearing dirty bit in TDP MMU (git-fixes).
KVM: x86/mmu: Complete prefetch for trailing SPTEs for direct, legacy MMU (git-fixes).
KVM: x86/mmu: Fix TLB flush range when handling disconnected pt (git-fixes).
KVM: x86/mmu: Fix write-protection of PTs mapped by the TDP MMU (git-fixes).
KVM: x86/mmu: Passing up the error state of mmu_alloc_shadow_roots() (git-fixes).
KVM: x86/mmu: Pass parameter flush as false in kvm_tdp_mmu_zap_collapsible_sptes() (git-fixes).
KVM: x86/mmu: Remove spurious TLB flushes in TDP MMU zap collapsible path (git-fixes).
KVM: x86/mmu: Skip tlb flush if it has been done in zap_gfn_range() (git-fixes).
KVM: x86/mmu: Update number of zapped pages even if page list is stable (git-fixes).
KVM: x86/mmu: Use yield-safe TDP MMU root iter in MMU notifier unmapping (git-fixes).
KVM: x86: nSVM: restore the L1 host state prior to resuming nested guest on SMM exit (git-fixes).
KVM: x86: nSVM: skip eax alignment check for non-SVM instructions (git-fixes).
KVM: x86: nSVM: test eax for 4K alignment for GP errata workaround (git-fixes).
KVM: x86: Pend KVM_REQ_APICV_UPDATE during vCPU creation to fix a race (git-fixes).
KVM: x86/pmu: Fix reserved bits for AMD PerfEvtSeln register (git-fixes).
KVM: x86/pmu: Use AMD64_RAW_EVENT_MASK for PERF_TYPE_RAW (git-fixes).
KVM: x86: Register Processor Trace interrupt hook iff PT enabled in guest (git-fixes).
KVM: x86/svm: Clear reserved bits written to PerfEvtSeln MSRs (git-fixes).
KVM: x86: SVM: do not set VMLOAD/VMSAVE intercepts on vCPU reset (git-fixes).
KVM: x86: SVM: fix avic spec based definitions again (bsc#1193823 jsc#SLE-24549).
KVM: x86: SVM: move avic definitions from AMD's spec to svm.h (bsc#1193823 jsc#SLE-24549).
KVM: X86: Synchronize the shadow pagetable before link it (git-fixes).
KVM: x86: Update vCPU's runtime CPUID on write to MSR_IA32_XSS (git-fixes).
KVM: x86: Wait for IPIs to be delivered when handling Hyper-V TLB flush hypercall (git-fixes).
lib: bitmap: fix many kernel-doc warnings (git-fixes).
libbpf: Free up resources used by inner map definition (git-fixes).
lib/iov_iter: initialize 'flags' in new pipe_buffer (git-fixes).
libsubcmd: Fix use-after-free for realloc(..., 0) (git-fixes).
linux/dim: Fix divide by 0 in RDMA DIM (git-fixes).
list: fix a data-race around ep->rdllist (git-fixes).
list: introduce list_is_head() helper and re-use it in list.h (git-fixes).
list: test: Add a test for list_is_head() (git-fixes).
livepatch: Do not block removal of patches that are safe to unload (bsc#1071995).
locking: Make owner_on_cpu() into linux/sched.h (bsc#1190137 bsc#1189998).
locking: Remove rt_rwlock_is_contended() (bsc#1190137 bsc#1189998).
locking/rtmutex: Add rt_mutex_lock_nest_lock() and rt_mutex_lock_killable() (bsc#1190137 bsc#1189998).
locking/rtmutex: Squash self-deadlock check for ww_rt_mutex (bsc#1190137 bsc#1189998).
locking/rwlocks: introduce write_lock_nested (bsc#1189998).
LSM: general protection fault in legacy_parse_param (git-fixes).
lz4: fix LZ4_decompress_safe_partial read out of bound (git-fixes).
mac80211: fix EAPoL rekey fail in 802.3 rx path (git-fixes).
mac80211: fix forwarded mesh frames AC and queue selection (git-fixes).
mac80211: fix potential double free on mesh join (git-fixes).
mac80211: fix rx reordering with non explicit / psmp ack policy (git-fixes).
mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (git-fixes).
mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work (git-fixes).
mac80211_hwsim: report NOACK frames in tx_status (git-fixes).
mac80211: minstrel_ht: fix where rate stats are stored (fixes debugfs output) (git-fixes).
mac80211: mlme: check for null after calling kmemdup (git-fixes).
mac80211: refuse aggregations sessions before authorized (git-fixes).
mac80211: Remove a couple of obsolete TODO (git-fixes).
mac80211: Reset MBSSID parameters upon connection (git-fixes).
mac80211: treat some SAE auth steps as final (git-fixes).
mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (git-fixes).
macvlan: Fix leaking skb in source mode with nodst option (git-fixes).
mailbox: change mailbox-mpfs compatible string (git-fixes).
mailbox: imx: fix crash in resume on i.mx8ulp (git-fixes).
mailbox: imx: fix wakeup failure from freeze mode (git-fixes).
mailbox: tegra-hsp: Flush whole channel (git-fixes).
maple: fix wrong return value of maple_bus_init() (git-fixes).
md: Do not set mddev private to NULL in raid0 pers->free (git-fixes).
md: fix an incorrect NULL check in does_sb_need_changing (git-fixes).
md: fix an incorrect NULL check in md_reload_sb (git-fixes).
md: fix double free of io_acct_set bioset (git-fixes).
md: fix update super 1.0 on rdev size change (git-fixes).
md: Move alloc/free acct bioset in to personality (git-fixes).
md/raid5: play nice with PREEMPT_RT (bsc#1189998).
media: aspeed: Correct value for h-total-pixels (git-fixes).
media: atmel: atmel-isc-base: report frame sizes as full supported range (git-fixes).
media: atmel: atmel-isc: Fix PM disable depth imbalance in atmel_isc_probe (git-fixes).
media: atmel: atmel-sama5d2-isc: fix wrong mask in YUYV format check (git-fixes).
media: atmel: atmel-sama7g5-isc: fix ispck leftover (git-fixes).
media: atomisp: fix bad usage at error handling logic (git-fixes).
media: atomisp: fix dummy_ptr check to avoid duplicate active_bo (git-fixes).
media: atomisp_gmin_platform: Add DMI quirk to not turn AXP ELDO2 regulator off on some boards (git-fixes).
media: bttv: fix WARNING regression on tunerless devices (git-fixes).
media: camss: csid-170: do not enable unused irqs (git-fixes).
media: camss: csid-170: fix non-10bit formats (git-fixes).
media: camss: csid-170: remove stray comment (git-fixes).
media: camss: csid-170: set the right HALT_CMD when disabled (git-fixes).
media: camss: vfe-170: fix 'VFE halt timeout' error (git-fixes).
media: ccs-core.c: fix failure to call clk_disable_unprepare (git-fixes).
media: cec-adap.c: fix is_configuring state (git-fixes).
media: cedrus: h264: Fix neighbour info buffer size (git-fixes).
media: cedrus: H265: Fix neighbour info buffer size (git-fixes).
media: coda: Fix missing put_device() call in coda_get_vdoa_data (git-fixes).
media: cx25821: Fix the warning when removing the module (git-fixes).
media: cx88-mpeg: clear interrupt status register before streaming video (git-fixes).
media: davinci: Make use of the helper function devm_platform_ioremap_resource() (git-fixes).
media: davinci: vpif: fix unbalanced runtime PM enable (git-fixes).
media: davinci: vpif: fix unbalanced runtime PM get (git-fixes).
media: davinci: vpif: fix use-after-free on driver unbind (git-fixes).
media: doc: pixfmt-rgb: Fix V4L2_PIX_FMT_BGR24 format description (git-fixes).
media: doc: pixfmt-yuv: Fix V4L2-PIX-FMT-Y10P format (git-fixes).
media: em28xx: initialize refcount before kref_get (git-fixes).
media: gpio-ir-tx: fix transmit with long spaces on Orange Pi PC (git-fixes).
media: hantro: Empty encoder capture buffers by default (git-fixes).
media: hantro: Fix overfill bottom register field name (git-fixes).
media: hantro: HEVC: Fix tile info buffer value computation (git-fixes).
media: hantro: HEVC: unconditionnaly set pps_{cb/cr}_qp_offset values (git-fixes).
media: hdpvr: initialize dev->worker at hdpvr_register_videodev (git-fixes).
media: i2c: max9286: fix kernel oops when removing module (git-fixes).
media: i2c: max9286: Use dev_err_probe() helper (git-fixes).
media: i2c: max9286: Use 'maxim,gpio-poc' property (git-fixes).
media: i2c: ov5648: Fix lockdep error (git-fixes).
media: i2c: ov5648: fix wrong pointer passed to IS_ERR() and PTR_ERR() (git-fixes).
media: i2c: rdacm2x: properly set subdev entity function (git-fixes).
media: imon: reorganize serialization (git-fixes).
media: imx-jpeg: fix a bug of accessing array out of bounds (git-fixes).
media: imx-jpeg: Prevent decoding NV12M jpegs into single-planar buffers (git-fixes).
media: iommu/mediatek: Add device_link between the consumer and the larb devices (git-fixes).
media: iommu/mediatek: Return ENODEV if the device is NULL (git-fixes).
media: iommu/mediatek-v1: Free the existed fwspec if the master dev already has (git-fixes).
media: ir_toy: free before error exiting (git-fixes).
media: media-entity.h: Fix documentation for media_create_intf_link (git-fixes).
media: mexon-ge2d: fixup frames size in registers (git-fixes).
media: mtk-vcodec: potential dereference of null pointer (git-fixes).
media: omap3isp: Use struct_group() for memcpy() region (git-fixes).
media: ov5640: Fix set format, v4l2_mbus_pixelcode not updated (git-fixes).
media: ov5648: Do not pack controls struct (git-fixes).
media: ov6650: Add try support to selection API operations (git-fixes).
media: ov6650: Fix crop rectangle affected by set format (git-fixes).
media: ov6650: Fix set format try processing path (git-fixes).
media: ov7670: remove ov7670_power_off from ov7670_remove (git-fixes).
media: pci: cx23885: Fix the error handling in cx23885_initdev() (git-fixes).
media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init (git-fixes).
media: Revert 'media: em28xx: add missing em28xx_close_extension' (git-fixes).
media: rga: fix possible memory leak in rga_probe (git-fixes).
media: rkvdec: h264: Fix bit depth wrap in pps packet (git-fixes).
media: rkvdec: h264: Fix dpb_valid implementation (git-fixes).
media: rkvdec: Stop overclocking the decoder (git-fixes).
media: rockchip/rga: do proper error checking in probe (git-fixes).
media: saa7134: fix incorrect use to determine if list is empty (git-fixes).
media: staging: media: imx: imx7-mipi-csis: Make subdev name unique (git-fixes).
media: staging: media: rkvdec: Make use of the helper function devm_platform_ioremap_resource() (git-fixes).
media: staging: media: zoran: calculate the right buffer number for zoran_reap_stat_com (git-fixes).
media: staging: media: zoran: fix usage of vb2_dma_contig_set_max_seg_size (git-fixes).
media: staging: media: zoran: fix various V4L2 compliance errors (git-fixes).
media: staging: media: zoran: move videodev alloc (git-fixes).
media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED (git-fixes).
media: ti-vpe: cal: Fix a NULL pointer dereference in cal_ctx_v4l2_init_formats() (git-fixes).
media: usb: go7007: s2250-board: fix leak in probe() (git-fixes).
media: uvcvideo: Fix missing check to determine if element is found in list (git-fixes).
media: v4l2-core: Initialize h264 scaling matrix (git-fixes).
media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls (git-fixes).
media: v4l: Avoid unaligned access warnings when printing 4cc modifiers (git-fixes).
media: venus: hfi: avoid null dereference in deinit (git-fixes).
media: venus: hfi_cmds: List HDR10 property as unsupported for v1 and v3 (git-fixes).
media: videobuf2: Fix the size printk format (git-fixes).
media: video/hdmi: handle short reads of hdmi info frame (git-fixes).
media: vidtv: Check for null return of vzalloc (git-fixes).
mei: avoid iterator usage outside of list_for_each_entry (git-fixes).
mei: hbm: drop capability response on early shutdown (git-fixes).
mei: me: add Alder Lake N device id (git-fixes).
mei: me: add raptor lake point S DID (git-fixes).
mei: me: disable driver on the ign firmware (git-fixes).
memblock: fix memblock_phys_alloc() section mismatch error (git-fixes).
memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe (git-fixes).
memory: emif: Add check for setup_interrupts (git-fixes).
memory: emif: check the pointer temp in get_device_details() (git-fixes).
memory: fsl_ifc: populate child nodes of buses and mfd devices (git-fixes).
memory: mtk-smi: Add error handle for smi_probe (git-fixes).
memory: renesas-rpc-if: Fix HF/OSPI data transfer in Manual Mode (git-fixes).
memory: renesas-rpc-if: fix platform-device leak in error path (git-fixes).
memory: samsung: exynos5422-dmc: Avoid some over memory allocation (git-fixes).
memory: samsung: exynos5422-dmc: Fix refcount leak in of_get_dram_timings (git-fixes).
mfd: asic3: Add missing iounmap() on error asic3_mfd_probe (git-fixes).
mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe() (git-fixes).
mfd: exynos-lpass: Drop unneeded syscon.h include (git-fixes).
mfd: ipaq-micro: Fix error check return value of platform_get_irq() (git-fixes).
mfd: mc13xxx: Add check for mc13xxx_irq_request (git-fixes).
mgag200 fix memmapsl configuration in GCTL6 register (git-fixes).
misc: alcor_pci: Fix an error handling path (git-fixes).
misc: atmel-ssc: Fix IRQ check in ssc_probe (git-fixes).
misc: fastrpc: avoid double fput() on failed usercopy (git-fixes).
misc: fastrpc: fix an incorrect NULL check on list iterator (git-fixes).
misc: ocxl: fix possible double free in ocxl_file_register_afu (git-fixes).
misc: rtsx: set NULL intfdata when probe fails (git-fixes).
misc: sgi-gru: Do not cast parameter in bit operations (git-fixes).
mISDN: Fix memory leak in dsp_pipeline_build() (git-fixes).
mlx5: kabi protect lag_mp (git-fixes).
mlxsw: spectrum: Protect driver from buggy firmware (git-fixes).
mm: Add fault_in_subpage_writeable() to probe at sub-page granularity (git-fixes)
mmc: block: Check for errors after write on SPI (git-fixes).
mmc: block: Fix CQE recovery reset success (git-fixes).
mmc: block: fix read single on recovery logic (git-fixes).
mmc: core: Allows to override the timeout value for ioctl() path (git-fixes).
mmc: core: Fixup support for writeback-cache for eMMC and SD (git-fixes).
mmc: core: Set HS clock speed before sending HS CMD13 (git-fixes).
mmc: core: Wait for command setting 'Power Off Notification' bit to complete (git-fixes).
mmc: davinci_mmc: Handle error for clk_enable (git-fixes).
mm: Change CONFIG option for mm->pasid field (jsc#SLE-24350).
mmc: host: Return an error when ->enable_sdio_irq() ops is missing (git-fixes).
mmc: jz4740: Apply DMA engine limits to maximum segment size (git-fixes).
mm/cma: provide option to opt out from exposing pages on activation failure (bsc#1195099 ltc#196102).
mmc: mediatek: wait dma stop bit reset to 0 (git-fixes).
mmc: meson: Fix usage of meson_mmc_post_req() (git-fixes).
mmc: mmci: stm32: correctly check all elements of sg list (git-fixes).
mmc: renesas_sdhi: do not overwrite TAP settings when HS400 tuning is complete (git-fixes).
mmc: rtsx: add 74 Clocks in power on flow (git-fixes).
mmc: rtsx: Fix build errors/warnings for unused variable (git-fixes).
mmc: rtsx: Let MMC core handle runtime PM (git-fixes).
mmc: rtsx: Use pm_runtime_{get,put}() to handle runtime PM (git-fixes).
mmc: sdhci_am654: Fix the driver data of AM64 SoC (git-fixes).
mmc: sdhci-msm: Reset GCC_SDCC_BCR register for SDHC (git-fixes).
mmc: sdhci-of-esdhc: Check for error num after setting mask (git-fixes).
mmc: sdhci-pci-o2micro: Fix card detect by dealing with debouncing (git-fixes).
mmc: sunxi-mmc: Fix DMA descriptors allocated above 32 bits (git-fixes).
mm: fs: fix lru_cache_disabled race in bh_lru (bsc#1197761).
mm: Fully initialize invalidate_lock, amend lock class later (bsc#1197921).
mm: memcg: synchronize objcg lists with a dedicated spinlock (bsc#1198402).
mm/page_alloc: always attempt to allocate at least one page during bulk allocation (git fixes (mm/pgalloc)).
mm/page_alloc.c: do not warn allocation failure on zone DMA if no managed pages (bsc#1197501).
mm, page_alloc: fix build_zonerefs_node() (git-fixes).
mm/scatterlist: replace the !preemptible warning in sg_miter_stop() (bsc#1189998).
mm/slub: add missing TID updates on slab deactivation (git-fixes).
mm, thp: fix incorrect unmap behavior for private pages (bsc#1198024).
mm, thp: lock filemap when truncating page cache (bsc#1198023).
mm/vmalloc: fix comments about vmap_area struct (git-fixes).
mm_zone: add function to check if managed dma zone exists (bsc#1197501).
modpost: fix removing numeric suffixes (git-fixes).
modpost: fix section mismatch check for exported init/exit sections (git-fixes).
modpost: fix undefined behavior of is_arm_mapping_symbol() (git-fixes).
modpost: restore the warning message for missing symbol versions (git-fixes).
mptcp: add missing documented NL params (git-fixes).
mt76: connac: fix sta_rec_wtbl tag len (git-fixes).
mt76: dma: initialize skip_unmap in mt76_dma_rx_fill (git-fixes).
mt76: do not attempt to reorder received 802.3 packets without agg session (git-fixes).
mt76: fix encap offload ethernet type check (git-fixes).
mt76: fix monitor mode crash with sdio driver (git-fixes).
mt76: Fix undefined behavior due to shift overflowing the constant (git-fixes).
mt76: mt7603: check sta_rates pointer in mt7603_sta_rate_tbl_update (git-fixes).
mt76: mt7615: check sta_rates pointer in mt7615_sta_rate_tbl_update (git-fixes).
mt76: mt7615: fix a leftover race in runtime-pm (git-fixes).
mt76: mt7615: Fix assigning negative values to unsigned variable (git-fixes).
mt76: mt7915: fix injected MPDU transmission to not use HW A-MSDU (git-fixes).
mt76: mt7915: use proper aid value in mt7915_mcu_sta_basic_tlv (git-fixes).
mt76: mt7915: use proper aid value in mt7915_mcu_wtbl_generic_tlv in sta mode (git-fixes).
mt76: mt7921: accept rx frames with non-standard VHT MCS10-11 (git-fixes).
mt76: mt7921e: fix possible probe failure after reboot (bsc#1198835).
mt76: mt7921: fix a leftover race in runtime-pm (git-fixes).
mt76: mt7921: fix crash when startup fails (git-fixes).
mt76: mt7921: fix mt7921_queues_acq implementation (git-fixes).
mt76: mt7921: Fix the error handling path of mt7921_pci_probe() (git-fixes).
mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write (git-fixes).
mtd: mchp23k256: Add SPI ID table (git-fixes).
mtd: mchp48l640: Add SPI ID table (git-fixes).
mtd: onenand: Check for error irq (git-fixes).
mtd: parsers: qcom: Fix kernel panic on skipped partition (git-fixes).
mtd: parsers: qcom: Fix missing free for pparts in cleanup (git-fixes).
mtd: phram: Prevent divide by zero bug in phram_setup() (git-fixes).
mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init (git-fixes).
mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status (git-fixes).
mtd: rawnand: cadence: fix possible null-ptr-deref in cadence_nand_dt_probe() (git-fixes).
mtd: rawnand: denali: Use managed device resources (git-fixes).
mtd: rawnand: fix ecc parameters for mt7622 (git-fixes).
mtd: rawnand: Fix return value check of wait_for_completion_timeout (git-fixes).
mtd: rawnand: gpmi: do not leak PM reference in error path (git-fixes).
mtd: rawnand: gpmi: fix controller timings setting (git-fixes).
mtd: rawnand: gpmi: Fix setting busy timeout setting (git-fixes).
mtd: rawnand: ingenic: Fix missing put_device in ingenic_ecc_get (git-fixes).
mtd: rawnand: intel: fix possible null-ptr-deref in ebu_nand_probe() (git-fixes).
mtd: rawnand: pl353: Set the nand chip node as the flash node (git-fixes).
mtd: rawnand: qcom: Fix clock sequencing in qcom_nandc_probe() (git-fixes).
mtd: rawnand: qcom: fix memory corruption that causes panic (git-fixes).
mtd: spinand: gigadevice: fix Quad IO for GD5F1GQ5UExxG (git-fixes).
mtd: spi-nor: core: Check written SR value in spi_nor_write_16bit_sr_and_check() (git-fixes).
mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue (git-fixes).
n64cart: convert bi_disk to bi_bdev->bd_disk fix build (git-fixes).
natsemi: sonic: stop calling netdev_boot_setup_check (git-fixes).
net: asix: add proper error handling of usb read errors (git-fixes).
net: atlantic: Avoid out-of-bounds indexing (git-fixes).
net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg (git-fixes).
net: axienet: setup mdio unconditionally (git-fixes).
net: bnxt_ptp: fix compilation error (bsc#1199736).
net: dev: Always serialize on Qdisc::busylock in __dev_xmit_skb() on PREEMPT_RT (bsc#1189998).
net: dev: Change the order of the arguments for the contended condition (bsc#1189998).
net: dpaa2-eth: fix use-after-free in dpaa2_eth_remove (git-fixes).
net: dpaa_eth: remove dead select in menuconfig FSL_DPAA_ETH (git-fixes).
net: dsa: be compatible with masters which unregister on shutdown (git-fixes).
net: dsa: hellcreek: be compatible with masters which unregister on shutdown (git-fixes).
net: dsa: microchip: ksz8863: be compatible with masters which unregister on shutdown (git-fixes).
net: dsa: xrs700x: be compatible with masters which unregister on shutdown (git-fixes).
net: ethernet: lantiq_etop: fix build errors/warnings (git-fixes).
net: ethernet: mediatek: add missing of_node_put() in mtk_sgmii_init() (git-fixes).
net: ethernet: mtk_eth_soc: fix misuse of mem alloc interface netdev[napi]_alloc_frag (git-fixes).
net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry() (git-fixes).
net: ethernet: ti: am65-cpsw-nuss: Fix some refcount leaks (git-fixes).
netfilter: conntrack: move synack init code to helper (bsc#1199035).
netfilter: conntrack: re-init state for retransmitted syn-ack (bsc#1199035).
netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options (bsc#1199035).
netfilter: nf_conntrack_tcp: re-init for syn packets only (bsc#1199035).
net: handle ARPHRD_PIMREG in dev_is_mac_header_xmit() (git-fixes).
net: hns3: add NULL pointer check for hns3_set/get_ringparam() (git-fixes).
net: hns3: add return value for mailbox handling in PF (bsc#1190336).
net: hns3: add validity check for message data length (git-fixes).
net: hns3: add vlan list lock to protect vlan list (git-fixes).
net: hns3: align the debugfs output to the left (git-fixes).
net: hns3: clear inited state and stop client after failed to register netdev (git-fixes).
net: hns3: fix bug when PF set the duplicate MAC address for VFs (git-fixes).
net: hns3: fix phy can not link up when autoneg off and reset (git-fixes).
net: hns3: fix port base vlan add fail when concurrent with reset (git-fixes).
net: hns3: fix software vlan talbe of vlan 0 inconsistent with hardware (git-fixes).
net: hns3: handle empty unknown interrupt for VF (git-fixes).
net: hns3: modify the return code of hclge_get_ring_chain_from_mbx (git-fixes).
net: hns3: refine the process when PF set VF VLAN (git-fixes).
net/ibmvnic: Cleanup workaround doing an EOI after partition migration (bsc#1089644 ltc#166495 ltc#165544 git-fixes).
net/ice: Add support for enable_iwarp and enable_roce devlink param (bsc#1200502).
net/ice: Fix boolean assignment (bsc#1200502).
net/ice: Remove unused enum (bsc#1200502).
net: ipa: disable HOLB drop when updating timer (git-fixes).
net: ipa: HOLB register sometimes must be written twice (git-fixes).
net/ipa: ipa_resource: Fix wrong for loop range (git-fixes).
net: ipv6: unexport __init-annotated seg6_hmac_init() (bsc#1201218).
net: ipv6: unexport __init-annotated seg6_hmac_net_init() (bsc#1201218).
net: macb: Align the dma and coherent dma masks (git-fixes).
net: mana: Add counter for packet dropped by XDP (bsc#1195651).
net: mana: Add counter for XDP_TX (bsc#1195651).
net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651).
net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651).
net: mana: Reuse XDP dropped page (bsc#1195651).
net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651).
net: marvell: mvpp2: increase MTU limit when XDP enabled (git-fixes).
net: marvell: prestera: fix double free issue on err path (git-fixes).
net: mdio: do not defer probe forever if PHY IRQ provider is missing (git-fixes).
net: mdio: unexport __init-annotated mdio_bus_init() (bsc#1201218).
net/mlx5: Avoid double clear or set of sync reset requested (git-fixes).
net/mlx5: Bridge, ensure dev_name is null-terminated (git-fixes).
net/mlx5: Bridge, Fix devlink deadlock on net namespace deletion (git-fixes).
net/mlx5: Bridge, take rtnl lock in init error handler (git-fixes).
net/mlx5: DR, Cache STE shadow memory (git-fixes).
net/mlx5: DR, Do not allow match on IP w/o matching on full ethertype/ip_version (git-fixes).
net/mlx5: DR, Fix slab-out-of-bounds in mlx5_cmd_dr_create_fte (jsc#SLE-19253).
net/mlx5: DR, Fix the threshold that defines when pool sync is initiated (git-fixes).
net/mlx5e: Add missing increment of count (jsc#SLE-19253).
net/mlx5e: Avoid field-overflowing memcpy() (git-fixes).
net/mlx5e: Avoid implicit modify hdr for decap drop rule (jsc#SLE-19253).
net/mlx5e: CT: Fix queued up restore put() executing after relevant ft release (git-fixes).
net/mlx5e: Do not treat small ceil values as unlimited in HTB offload (git-fixes).
net/mlx5e: Fix broken SKB allocation in HW-GRO (jsc#SLE-19253).
net/mlx5e: Fix handling of wrong devices during bond netevent (git-fixes).
net/mlx5e: Fix module EEPROM query (git-fixes).
net/mlx5e: Fix the calling of update_buffer_lossy() API (git-fixes).
net/mlx5e: Fix trust state reset in reload (git-fixes).
net/mlx5e: Fix wrong calculation of header index in HW_GRO (jsc#SLE-19253).
net/mlx5e: Fix wrong return value on ioctl EEPROM query failure (git-fixes).
net/mlx5e: Fix wrong source vport matching on tunnel rule (jsc#SLE-19253).
net/mlx5e: IPsec: Fix crypto offload for non TCP/UDP encapsulated traffic (git-fixes).
net/mlx5e: IPsec: Fix tunnel mode crypto offload for non TCP/UDP traffic (git-fixes).
net/mlx5e: kTLS, Use CHECKSUM_UNNECESSARY for device-offloaded packets (git-fixes).
net/mlx5e: Lag, Do not skip fib events on current dst (git-fixes).
net/mlx5e: Lag, Fix fib_info pointer assignment (git-fixes).
net/mlx5e: Lag, Fix use-after-free in fib event handler (git-fixes).
net/mlx5e: Lag, Only handle events from highest priority multipath entry (git-fixes).
net/mlx5e: MPLSoUDP decap, fix check for unsupported matches (git-fixes).
net/mlx5e: SHAMPO, reduce TIR indication (jsc#SLE-19253).
net/mlx5: E-Switch, Fix uninitialized variable modact (git-fixes).
net/mlx5e: TC, Reject rules with drop and modify hdr action (git-fixes).
net/mlx5e: TC, Reject rules with forward and drop actions (git-fixes).
net/mlx5e: Use struct_group() for memcpy() region (git-fixes).
net/mlx5: Fix a race on command flush flow (git-fixes).
net/mlx5: Fix deadlock in sync reset flow (git-fixes).
net/mlx5: Fix matching on inner TTC (jsc#SLE-19253).
net/mlx5: Fix offloading with ESWITCH_IPV4_TTL_MODIFY_ENABLE (jsc#SLE-19253).
net/mlx5: Fix possible deadlock on rule deletion (git-fixes).
net/mlx5: Fix size field in bufferx_reg struct (git-fixes).
net/mlx5: Fix slab-out-of-bounds while reading resource dump menu (git-fixes).
net/mlx5: Fix tc max supported prio for nic mode (git-fixes).
net/mlx5: Fix wrong limitation of metadata match on ecpf (git-fixes).
net/mlx5: Update the list of the PCI supported devices (git-fixes).
net/mlx5: Use del_timer_sync in fw reset flow of halting poll (git-fixes).
net: mvmdio: fix compilation warning (git-fixes).
net: netvsc: remove break after return (git-fixes).
net: phy: ax88772a: fix lost pause advertisement configuration (git-fixes).
net: phy: broadcom: Fix brcm_fet_config_init() (git-fixes).
net: phy: correct spelling error of media in documentation (git-fixes).
net: phy: DP83822: clear MISR2 register to disable interrupts (git-fixes).
net: phy: dp83867: retrigger SGMII AN when link change (git-fixes).
net: phy: Fix race condition on link status change (git-fixes).
net: phy: marvell10g: fix return value on error (git-fixes).
net: phy: marvell: Fix invalid comparison in the resume and suspend functions (git-fixes).
net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs (git-fixes).
net: phy: marvell: Fix RGMII Tx/Rx delays setting in 88e1121-compatible PHYs (git-fixes).
net: phy: mediatek: remove PHY mode check on MT7531 (git-fixes).
net: phy: meson-gxl: fix interrupt handling in forced mode (git-fixes).
net: phy: meson-gxl: improve link-up behavior (git-fixes).
net: phy: micrel: Allow probing without .driver_data (git-fixes).
net: phy: micrel: Do not use kszphy_suspend/resume for KSZ8061 (git-fixes).
net: phy: micrel: Pass .probe for KS8737 (git-fixes).
net: phy: mscc: Add MODULE_FIRMWARE macros (git-fixes).
net: phy: mscc-miim: reject clause 45 register accesses (git-fixes).
net: qlogic: check the return value of dma_alloc_coherent() in qed_vf_hw_prepare() (git-fixes).
net: rose: fix UAF bugs caused by timer handler (git-fixes).
net: sfc: add missing xdp queue reinitialization (git-fixes).
net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe() (git-fixes).
net: sfc: fix memory leak due to ptp channel (git-fixes).
net: sfc: fix using uninitialized xdp tx_queue (git-fixes).
net/smc: Avoid warning of possible recursive locking (git-fixes).
net/smc: fix connection leak (git-fixes).
net/smc: fixes for converting from 'struct smc_cdc_tx_pend **' to 'struct smc_wr_tx_pend_priv *' (git-fixes).
net/smc: Fix NULL pointer dereference in smc_pnet_find_ib() (git-fixes).
net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error cause by server (git-fixes).
net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error generated by client (git-fixes).
net/smc: non blocking recvmsg() return -EAGAIN when no data and signal_pending (git-fixes).
net/smc: postpone sk_refcnt increment in connect() (git-fixes).
net/smc: remove redundant re-assignment of pointer link (git-fixes).
net/smc: Remove unused function declaration (git-fixes).
net/smc: Reset conn->lgr when link group registration fails (git-fixes).
net/smc: set ini->smcrv2.ib_dev_v2 to NULL if SMC-Rv2 is unavailable (git-fixes).
net/smc: sync err code when tcp connection was refused (git-fixes).
net/smc: Transfer remaining wait queue entries during fallback (git-fixes).
net/smc: Transitional solution for clcsock race issue (git-fixes).
net/smc: Use a mutex for locking 'struct smc_pnettable' (git-fixes).
net/smc: use memcpy instead of snprintf to avoid out of bounds read (git-fixes).
net: stmmac: fix gcc-10 -Wrestrict warning (git-fixes).
net: stmmac: Fix signed/unsigned wreckage (git-fixes).
net: stmmac: socfpga: add runtime suspend/resume callback for stratix10 platform (git-fixes).
net: usb: aqc111: Fix out-of-bounds accesses in RX fixup (git-fixes).
net: usb: asix: do not force pause frames support (git-fixes).
net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (git-fixes).
net: usb: ax88179_178a: Fix packet receiving (git-fixes).
net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990 (git-fixes).
net: usb: qmi_wwan: Add support for Dell DW5829e (git-fixes).
Netvsc: Call hv_unmap_memory() in the netvsc_device_remove() (bsc#1183682).
net/x25: Fix null-ptr-deref caused by x25_disconnect (git-fixes).
net: xfrm: unexport __init-annotated xfrm4_protocol_init() (bsc#1201218).
nfc: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx (git-fixes).
nfc: nci: add flush_workqueue to prevent uaf (git-fixes).
nfc: nci: fix sleep in atomic context bugs caused by nci_skb_alloc (git-fixes).
nfc: netlink: fix sleep in atomic bug when firmware download timeout (git-fixes).
nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (git-fixes).
nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred (git-fixes).
nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs (git-fixes).
nfc: NULL out the dev->rfkill to prevent UAF (git-fixes).
NFC: nxp-nci: Do not issue a zero length i2c_master_read() (git-fixes).
nfc: pn533: Fix buggy cleanup order (git-fixes).
nfc: port100: fix use-after-free in port100_send_complete (git-fixes).
nfc: st21nfca: fix incorrect sizing calculations in EVT_TRANSACTION (git-fixes).
nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION (git-fixes).
nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling (git-fixes).
nfp: checking parameter process for rx-usecs/tx-usecs is invalid (git-fixes).
nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac() (git-fixes).
nfp: flower: fix ida_idx not being released (git-fixes).
NFS: Avoid duplicate uncached readdir calls on eof (git-fixes).
NFSD: allow delegation state ids to be revoked and then freed (bsc#1192483).
NFSD: allow lock state ids to be revoked and then freed (bsc#1192483).
NFSD: allow open state ids to be revoked and then freed (bsc#1192483).
nfsd: destroy percpu stats counters after reply cache shutdown (git-fixes).
NFSD: do not admin-revoke NSv4.0 state ids (bsc#1192483).
NFSD: Fix a write performance regression (bsc#1197016).
NFSD: fix crash on COPY_NOTIFY with special stateid (git-fixes).
NFSD: Fix nsfd startup race (again) (git-fixes).
nfsd: Fix null-ptr-deref in nfsd_fill_super() (git-fixes).
NFSD: Fix READDIR buffer overflow (git-fixes).
NFSD: Fix the behavior of READ near OFFSET_MAX (bsc#1195957).
NFSD: Fix verifier returned in stable WRITEs (git-fixes).
NFSD: Fix zero-length NFSv3 WRITEs (git-fixes).
NFSD: more robust allocation failure handling in nfsd_file_cache_init (git-fixes).
NFSD: nfsd4_setclientid_confirm mistakenly expires confirmed client (git-fixes).
NFS: Do not loop forever in nfs_do_recoalesce() (git-fixes).
NFS: Do not overfill uncached readdir pages (git-fixes).
NFS: Do not report EINTR/ERESTARTSYS as mapping errors (git-fixes).
NFS: Do not report ENOSPC write errors twice (git-fixes).
NFS: Do not report errors from nfs_pageio_complete() more than once (git-fixes).
NFS: Do not report flush errors in nfs_write_end() (git-fixes).
NFS: Do not report writeback errors in nfs_getattr() (git-fixes).
NFS: Do not skip directory entries when doing uncached readdir (git-fixes).
NFS: do not store 'struct cred *' in struct nfs_access_entry (git-fixes).
NFSD: prepare for supporting admin-revocation of state (bsc#1192483).
NFSD: Replace use of rwsem with errseq_t (bsc#1196960).
NFS: Ensure the server had an up to date ctime before hardlinking (git-fixes).
NFS: Ensure the server had an up to date ctime before renaming (git-fixes).
NFS: fix broken handling of the softreval mount option (git-fixes).
NFS: Fix initialisation of nfs_client cl_flags field (git-fixes).
NFS: fsync() should report filesystem errors over EINTR/ERESTARTSYS (git-fixes).
NFS: Further fixes to the writeback error handling (git-fixes).
NFS: limit use of ACCESS cache for negative responses (bsc#1196570).
NFS: Memory allocation failures are not server fatal errors (git-fixes).
NFS: NFSv2/v3 clients should never be setting NFS_CAP_XATTR (git-fixes).
NFS: pass cred explicitly for access tests (git-fixes).
NFS: Remove an incorrect revalidation in nfs4_update_changeattr_locked() (git-fixes).
NFS: Return valid errors from nfs2/3_decode_dirent() (git-fixes).
NFS: Use of mapping_set_error() results in spurious errors (git-fixes).
NFSv4.1: do not retry BIND_CONN_TO_SESSION on session error (git-fixes).
NFSv4.1 mark qualified async operations as MOVEABLE tasks (git-fixes).
NFSv42: Do not fail clone() unless the OP_CLONE operation failed (git-fixes).
NFSv42: Fix pagecache invalidation after COPY/CLONE (git-fixes).
NFSv4: Do not invalidate inode attributes on delegation return (git-fixes).
NFSv4: Fix another issue with a list iterator pointing to the head (git-fixes).
NFSv4: fix open failure with O_ACCMODE flag (git-fixes).
NFSv4: nfs_atomic_open() can race when looking up a non-regular file (git-fixes).
NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout (git-fixes).
nl80211: correctly check NL80211_ATTR_REG_ALPHA2 size (git-fixes).
nl80211: fix locking in nl80211_set_tx_bitrate_mask() (git-fixes).
nl80211: Handle nla_memdup failures in handle_nan_filter (git-fixes).
nl80211: show SSID for P2P_GO interfaces (git-fixes).
nl80211: Update bss channel on channel switch for P2P_CLIENT (git-fixes).
nl80211: validate S1G channel width (git-fixes).
ntb_hw_switchtec: Fix bug with more than 32 partitions (git-fixes).
ntb_hw_switchtec: Fix pff ioread to read into mmio_part_cfg_all (git-fixes).
ntb: intel: fix port config status offset for SPR (git-fixes).
n_tty: wake up poll(POLLRDNORM) on receiving data (git-fixes).
nvme: add verbose error logging (bsc#1200567). Update config files.
nvme: also mark passthrough-only namespaces ready in nvme_update_ns_info (git-fixes).
nvme: do not return an error from nvme_configure_metadata (git-fixes).
nvme: expose cntrltype and dctype through sysfs (jsc#SLE-23643).
nvme: fix a possible use-after-free in controller reset during load (git-fixes).
nvme-multipath: use vmalloc for ANA log buffer (bsc#1193787).
nvme: send uevent on connection up (jsc#SLE-23643).
objtool: Add frame-pointer-specific function ignore (bsc#1193277).
objtool: Fix code relocs vs weak symbols (git-fixes).
objtool: Fix type of reloc::addend (git-fixes).
objtool: Ignore unwind hints for ignored functions (bsc#1193277).
ocfs2: fix crash when initialize filecheck kobj fails (bsc#1197920).
octeontx2-af: Add a 'rvu_free_bitmap()' function (gix-fixes).
octeontx2-af: Fix some memory leaks in the error handling path of 'cgx_lmac_init()' (git-fixes).
of: base: Fix phandle argument length mismatch error message (git-fixes).
of: base: Improve argument length mismatch error (git-fixes).
of/fdt: Do not worry about non-memory region overlap for no-map (git-fixes).
of: overlay: do not break notify on NOTIFY_{OK|STOP} (git-fixes).
of: Support more than one crash kernel regions for kexec -s (git-fixes).
of: unittest: 64 bit dma address test requires arch support (git-fixes).
of: unittest: fix warning on PowerPC frame size warning (git-fixes).
of: unittest: update text of expected warnings (git-fixes).
pahole 1.22 required for full BTF features. also recommend pahole for kernel-source to make the kernel buildable with standard config
PCI: aardvark: Add support for DEVCAP2, DEVCTL2, LNKCAP2 and LNKCTL2 registers on emulated bridge (git-fixes).
PCI: aardvark: Add support for ERR interrupt on emulated bridge (git-fixes).
PCI: aardvark: Add support for masking MSI interrupts (git-fixes).
PCI: aardvark: Add support for PME interrupts (git-fixes).
PCI: aardvark: Assert PERST# when unbinding driver (git-fixes).
PCI: aardvark: Clear all MSIs at setup (git-fixes).
PCI: aardvark: Comment actions in driver remove method (git-fixes).
PCI: aardvark: Disable bus mastering when unbinding driver (git-fixes).
PCI: aardvark: Disable common PHY when unbinding driver (git-fixes).
PCI: aardvark: Disable link training when unbinding driver (git-fixes).
PCI: aardvark: Do not mask irq when mapping (git-fixes).
PCI: aardvark: Drop __maybe_unused from advk_pcie_disable_phy() (git-fixes).
PCI: aardvark: Enable MSI-X support (git-fixes).
PCI: aardvark: Fix memory leak in driver unbind (git-fixes).
PCI: aardvark: Fix reading MSI interrupt number (git-fixes).
PCI: aardvark: Fix reading PCI_EXP_RTSTA_PME bit on emulated bridge (git-fixes).
PCI: aardvark: Fix setting MSI address (git-fixes).
PCI: aardvark: Fix support for MSI interrupts (git-fixes).
PCI: aardvark: Fix support for PME requester on emulated bridge (git-fixes).
PCI: aardvark: Make msi_domain_info structure a static driver structure (git-fixes).
PCI: aardvark: Make MSI irq_chip structures static driver structures (git-fixes).
PCI: aardvark: Mask all interrupts when unbinding driver (git-fixes).
PCI: aardvark: Optimize writing PCI_EXP_RTCTL_PMEIE and PCI_EXP_RTSTA_PME on emulated bridge (git-fixes).
PCI: aardvark: Refactor unmasking summary MSI interrupt (git-fixes).
PCI: aardvark: Remove irq_mask_ack() callback for INTx interrupts (git-fixes).
PCI: aardvark: Replace custom PCIE_CORE_INT_* macros with PCI_INTERRUPT_* (git-fixes).
PCI: aardvark: Rewrite IRQ code to chained IRQ handler (git-fixes).
PCI: aardvark: Update comment about link going down after link-up (git-fixes).
PCI: aardvark: Use dev_fwnode() instead of of_node_to_fwnode(dev->of_node) (git-fixes).
PCI: aardvark: Use separate INTA interrupt for emulated root bridge (git-fixes).
PCI/ACPI: Allow D3 only if Root Port can signal and wake from D3 (git-fixes).
PCI: Add ACS quirk for Pericom PI7C9X2G switches (bsc#1199390).
PCI/AER: Clear MULTI_ERR_COR/UNCOR_RCV bits (git-fixes).
PCI: Avoid broken MSI on SB600 USB devices (git-fixes).
PCI: cadence: Fix find_first_zero_bit() limit (git-fixes).
PCI: dwc: Fix setting error return on MSI DMA mapping failure (git-fixes).
PCI: endpoint: Fix alignment fault error in copy tests (git-fixes).
PCI: endpoint: Fix misused goto label (git-fixes).
PCI: fu740: Force 2.5GT/s for initial device probe (git-fixes).
PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314).
PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1200845).
PCI: hv: Fix interrupt mapping for multi-MSI (bsc#1200845).
PCI: hv: Fix multi-MSI to allow more than one MSI vector (bsc#1200845).
PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA topology (git-fixes).
PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() (bsc#1200845).
PCI: imx6: Allow to probe when dw_pcie_wait_for_link() fails (git-fixes).
PCI: imx6: Fix PERST# start-up sequence (git-fixes).
PCI: Mark all AMD Navi10 and Navi14 GPU ATS as broken (git-fixes).
PCI: microchip: Fix potential race in interrupt handling (git-fixes).
PCI: mvebu: Fix configuring secondary bus of PCIe Root Port via emulated bridge (git-fixes).
PCI: mvebu: Fix device enumeration regression (git-fixes).
PCI: mvebu: Fix support for bus mastering and PCI_COMMAND on emulated bridge (git-fixes).
PCI: mvebu: Fix support for PCI_BRIDGE_CTL_BUS_RESET on emulated bridge (git-fixes).
PCI: mvebu: Setup PCIe controller to Root Complex mode (git-fixes).
PCI: pci-bridge-emul: Add definitions for missing capabilities registers (git-fixes).
PCI: pci-bridge-emul: Add description for class_revision field (git-fixes).
PCI: pciehp: Add Qualcomm quirk for Command Completed erratum (git-fixes).
PCI: pciehp: Clear cmd_busy bit in polling mode (git-fixes).
PCI/PM: Power up all devices during runtime resume (git-fixes).
PCI: qcom: Fix runtime PM imbalance on probe errors (git-fixes).
PCI: qcom: Fix unbalanced PHY init on probe errors (git-fixes).
PCI: rockchip: Fix find_first_zero_bit() limit (git-fixes).
PCI/switchtec: Add Gen4 automotive device IDs (git-fixes).
PCI: Work around Intel I210 ROM BAR overlap defect (git-fixes).
pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (git-fixes).
perf: Copy perf_event_attr::sig_data on modification (git fixes).
perf/core: Do not pass task around when ctx sched in (git-fixes).
perf/core: Fix address filter parser for multiple filters (git fixes).
perf/core: Fix cgroup event list management (git fixes).
perf/core: Fix perf_cgroup_switch() (git fixes).
perf/core: Fix perf_mmap fail when CONFIG_PERF_USE_VMALLOC enabled (git fixes).
perf: Fix list corruption in perf_cgroup_switch() (git fixes).
perf/x86/intel/pt: Fix address filter config for 32-bit kernel (git fixes).
perf/x86/intel/pt: Fix crash with stop filters in single-range mode (git fixes).
perf/x86/intel/uncore: Make uncore_discovery clean for 64 bit addresses (bsc#1197304).
perf/x86/intel: Update the FRONTEND MSR mask on Sapphire Rapids (git fixes).
phy: amlogic: fix error path in phy_g12a_usb3_pcie_probe() (git-fixes).
phy: amlogic: meson8b-usb2: fix shared reset control use (git-fixes).
phy: amlogic: meson8b-usb2: Use dev_err_probe() (git-fixes).
phy: amlogic: phy-meson-gxl-usb2: fix shared reset controller use (git-fixes).
phy: aquantia: Fix AN when higher speeds than 1G are not advertised (git-fixes).
phy: broadcom: Kconfig: Fix PHY_BRCM_USB config option (git-fixes).
phy: dphy: Correct clk_pre parameter (git-fixes).
phy: dphy: Correct lpx parameter and its derivatives(ta_{get,go,sure}) (git-fixes).
phy: mapphone-mdm6600: Fix PM error handling in phy_mdm6600_probe (git-fixes).
phy: phy-brcm-usb: fixup BCM4908 support (git-fixes).
phy: qcom-qmp: fix pipe-clock imbalance on power-on failure (git-fixes).
phy: qcom-qmp: fix reset-controller leak on probe errors (git-fixes).
phy: qcom-qmp: fix struct clk leak on probe errors (git-fixes).
phy: samsung: exynos5250-sata: fix missing device put in probe error paths (git-fixes).
phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe (git-fixes).
phy: stm32: fix a refcount leak in stm32_usbphyc_pll_enable() (git-fixes).
phy: ti: Add missing pm_runtime_disable() in serdes_am654_probe (git-fixes).
phy: ti: Fix missing sentinel for clk_div_table (git-fixes).
phy: ti: omap-usb2: Fix error handling in omap_usb2_enable_clocks (git-fixes).
phy: usb: Leave some clocks running during suspend (git-fixes).
phy: xilinx: zynqmp: Fix bus width setting for SGMII (git-fixes).
pinctrl: bcm2835: Fix a few error paths (git-fixes).
pinctrl: bcm63xx: fix unmet dependency on REGMAP for GPIO_REGMAP (git-fixes).
pinctrl: fix loop in k210_pinconf_get_drive() (git-fixes).
pinctrl: intel: Fix a glitch when updating IRQ flags on a preconfigured line (git-fixes).
pinctrl: intel: fix unexpected interrupt (git-fixes).
pinctrl: k210: Fix bias-pull-up (git-fixes).
pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init (git-fixes).
pinctrl: mediatek: moore: Fix build error (git-fixes).
pinctrl: mediatek: mt8195: enable driver on mtk platforms (git-fixes).
pinctrl: mediatek: mt8365: fix IES control pins (git-fixes).
pinctrl: mediatek: paris: Fix 'argument' argument type for mtk_pinconf_get() (git-fixes).
pinctrl: mediatek: paris: Fix PIN_CONFIG_BIAS_* readback (git-fixes).
pinctrl: mediatek: paris: Fix pingroup pin config state readback (git-fixes).
pinctrl: mediatek: paris: Skip custom extra pin config dump for virtual GPIOs (git-fixes).
pinctrl: microchip-sgpio: lock RMW access (git-fixes).
pinctrl: microchip sgpio: use reset driver (git-fixes).
pinctrl: mvebu: Fix irq_of_parse_and_map() return value (git-fixes).
pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe (git-fixes).
pinctrl: npcm: Fix broken references to chip->parent_device (git-fixes).
pinctrl: nuvoton: npcm7xx: Rename DS() macro to DSTR() (git-fixes).
pinctrl: nuvoton: npcm7xx: Use %zu printk format for ARRAY_SIZE() (git-fixes).
pinctrl: pinconf-generic: Print arguments for bias-pull-* (git-fixes).
pinctrl: pinctrl-aspeed-g6: remove FWQSPID group in pinctrl (git-fixes).
pinctrl: pistachio: fix use of irq_of_parse_and_map() (git-fixes).
pinctrl: renesas: checker: Fix miscalculation of number of states (git-fixes).
pinctrl: renesas: core: Fix possible null-ptr-deref in sh_pfc_map_resources() (git-fixes).
pinctrl: renesas: r8a77470: Reduce size for narrow VIN1 channel (git-fixes).
pinctrl: renesas: r8a779a0: Fix GPIO function on I2C-capable pins (git-fixes).
pinctrl: renesas: rzn1: Fix possible null-ptr-deref in sh_pfc_map_resources() (git-fixes).
pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe (git-fixes).
pinctrl: rockchip: fix RK3308 pinmux bits (git-fixes).
pinctrl: samsung: drop pin banks references on error paths (git-fixes).
pinctrl: samsung: fix missing GPIOLIB on ARM64 Exynos config (git-fixes).
pinctrl: stm32: Do not call stm32_gpio_get() for edge triggered IRQs in EOI (git-fixes).
pinctrl: stm32: Keep pinctrl block clock enabled when LEVEL IRQ requested (git-fixes).
pinctrl: sunxi: fix f1c100s uart2 function (git-fixes).
pinctrl: sunxi: Fix H616 I2S3 pin data (git-fixes).
pinctrl: sunxi: Use unique lockdep classes for IRQs (git-fixes).
pinctrl: tegra: tegra194: drop unused pin groups (git-fixes).
pinctrl: tigerlake: Revert 'Add Alder Lake-M ACPI ID' (git-fixes).
ping: fix the sk_bound_dev_if match in ping_lookup (bsc#1195826).
ping: remove pr_err from ping_lookup (bsc#1195826).
pipe: Fix missing lock in pipe_resize_ring() (git-fixes).
platform/chrome: cros_ec_debugfs: detach log reader wq from devm (git-fixes).
platform/chrome: cros_ec: fix error handling in cros_ec_register() (git-fixes).
platform/chrome: cros_ec_typec: Check for EC device (git-fixes).
platform/chrome: Re-introduce cros_ec_cmd_xfer and use it for ioctls (git-fixes).
platform: finally disallow IRQ0 in platform_get_irq() and its ilk (git-fixes).
platform/surface: aggregator: Fix initialization order when compiling as builtin module (git-fixes).
platform/surface: surface3-wmi: Simplify resource management (git-fixes).
platform/x86: Add Intel Software Defined Silicon driver (jsc#SLE-18938).
platform/x86: asus-wmi: Add support for custom fan curves (bsc#1198058).
platform/x86: asus-wmi: Delete impossible condition (bsc#1198058).
platform/x86: asus-wmi: Fix driver not binding when fan curve control probe fails (git-fixes).
platform/x86: asus-wmi: Fix regression when probing for fan curve control (bsc#1198058).
platform/x86: asus-wmi: Fix 'unsigned 'retval' is never less than zero' smatch warning (bsc#1198058).
platform/x86: asus-wmi: Potential buffer overflow in asus_wmi_evaluate_method_buf() (git-fixes).
platform/x86: gigabyte-wmi: Add support for B450M DS3H-CF (git-fixes).
platform/x86: gigabyte-wmi: Add Z690M AORUS ELITE AX DDR4 support (git-fixes).
platform/x86: huawei-wmi: check the return value of device_create_file() (git-fixes).
platform/x86: intel-hid: fix _DSM function index handling (git-fixes).
platform/x86/intel/sdsi: Fix bug in multi packet reads (jsc#SLE-18901).
platform/x86/intel/sdsi: Handle leaky bucket (jsc#SLE-18901).
platform/x86/intel/sdsi: Poll on ready bit for writes (jsc#SLE-18901).
platform/x86: panasonic-laptop: de-obfuscate button codes (git-fixes).
platform/x86: panasonic-laptop: do not report duplicate brightness key-presses (git-fixes).
platform/x86: panasonic-laptop: filter out duplicate volume up/down/mute keypresses (git-fixes).
platform/x86: panasonic-laptop: revert 'Resolve hotkey double trigger bug' (git-fixes).
platform/x86: panasonic-laptop: sort includes alphabetically (git-fixes).
platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative (git-fixes).
platform/x86: touchscreen_dmi: Add info for the RWC NANOTE P8 AY07J 2-in-1 (git-fixes).
PM: core: keep irq flags in device_pm_check_callbacks() (git-fixes).
PM / devfreq: exynos-ppmu: Fix refcount leak in of_get_devfreq_events (git-fixes).
PM / devfreq: rk3399_dmc: Disable edev on remove() (git-fixes).
PM: domains: Fix initialization of genpd's next_wakeup (git-fixes).
PM: domains: Fix sleep-in-atomic bug caused by genpd_debug_remove() (git-fixes).
PM: hibernate: fix __setup handler error handling (git-fixes).
PM: hibernate: Remove register_nosave_region_late() (git-fixes).
PM: s2idle: ACPI: Fix wakeup interrupts handling (git-fixes).
PM: suspend: fix return value of __setup handler (git-fixes).
PM: wakeup: simplify the output logic of pm_show_wakelocks() (git-fixes).
pNFS: Avoid a live lock condition in pnfs_update_layout() (git-fixes).
pNFS: Do not keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE (git-fixes).
powerpc/64: Move paca allocation later in boot (bsc#1190812).
powerpc/64s: Add CPU_FTRS_POWER10 to ALWAYS mask (jsc#SLE-13521 git-fixes).
powerpc/64s: Add CPU_FTRS_POWER9_DD2_2 to CPU_FTRS_ALWAYS mask (bsc#1061840 git-fixes).
powerpc/64s: Do not use DSISR for SLB faults (bsc#1194869).
powerpc/64s/radix: Fix huge vmap false positive (bsc#1156395).
powerpc: add link stack flush mitigation status in debugfs (bsc#1157038 bsc#1157923 ltc#182612 git-fixes).
powerpc/bpf: Update ldimm64 instructions during extra pass (bsc#1194869).
powerpc: Do not select HAVE_IRQ_EXIT_ON_IRQ_STACK (bsc#1194869).
powerpc: Enable the DAWR on POWER9 DD2.3 and above (bsc#1055117 ltc#159753).
powerpc/fadump: fix PT_LOAD segment for boot memory area (bsc#1103269 ltc#169948 git-fixes).
powerpc/fadump: opt out from freeing pages on cma activation failure (bsc#1195099 ltc#196102).
powerpc/fadump: register for fadump as early as possible (bsc#1179439 ltc#190038).
powerpc/idle: Fix return value of __setup() handler (bsc#1065729).
powerpc/lib/sstep: Fix 'sthcx' instruction (bsc#1156395).
powerpc/mce: Modify the real address error logging messages (jsc#SLE-18194).
powerpc/mm/numa: skip NUMA_NO_NODE onlining in parse_numa_properties() (bsc#1179639 ltc#189002 git-fixes).
powerpc/perf: Do not use perf_hw_context for trace IMC PMU (bsc#1156395).
powerpc/perf: Fix power10 event alternatives (jsc#SLE-13513 git-fixes).
powerpc/perf: Fix power9 event alternatives (bsc#1137728, LTC#178106, git-fixes).
powerpc/perf: Fix power_pmu_disable to call clear_pmi_irq_pending only if PMI is pending (bsc#1156395).
powerpc/perf: Fix the threshold compare group constraint for power10 (bsc#1194869).
powerpc/perf: Fix the threshold compare group constraint for power9 (bsc#1065729).
powerpc/powernv: Add __init attribute to eligible functions (bsc#1188885 ltc#193722 git-fixes).
powerpc/powernv: Get L1D flush requirements from device-tree (bsc#1188885 ltc#193722 git-fixes).
powerpc/powernv: Get STF barrier requirements from device-tree (bsc#1188885 ltc#193722 git-fixes).
powerpc/powernv: Remove POWER9 PVR version check for entry and uaccess flushes (bsc#1188885 ltc#193722 git-fixes).
powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729).
powerpc/pseries: Parse control memory access error (jsc#SLE-18194).
powerpc/pseries: read the lpar name from the firmware (bsc#1187716 ltc#193451).
powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (bsc#1200343 ltc#198477).
powerpc: Set crashkernel offset to mid of RMA region (bsc#1190812).
powerpc/sysdev: fix incorrect use to determine if list is empty (bsc#1065729).
powerpc/tm: Fix more userspace r13 corruption (bsc#1065729).
powerpc/vdso: Fix incorrect CFI in gettimeofday.S (bsc#1199173 ltc#197388).
powerpc/vdso: Remove cvdso_call_time macro (bsc#1199173 ltc#197388).
powerpc/xive: Add a debugfs file to dump EQs (bsc#1194409 ltc#195810).
powerpc/xive: Add some error handling code to 'xive_spapr_init()' (git-fixes).
powerpc/xive: Change the debugfs file 'xive' into a directory (bsc#1194409 ltc#195810).
powerpc/xive: Export XIVE IPI information for online-only processors (bsc#1194409 ltc#195810).
powerpc/xive: Fix refcount leak in xive_spapr_init (git-fixes).
powerpc/xive: fix return value of __setup handler (bsc#1065729).
powerpc/xive: Introduce an helper to print out interrupt characteristics (bsc#1194409 ltc#195810).
powerpc/xive: Introduce xive_core_debugfs_create() (bsc#1194409 ltc#195810).
powerpc/xive: Rename the 'cpus' debugfs file to 'ipis' (bsc#1194409 ltc#195810).
power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe (git-fixes).
power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init (git-fixes).
power: supply: axp20x_battery: properly report current when discharging (git-fixes).
power: supply: axp288-charger: Set Vhold to 4.4V (git-fixes).
power: supply: axp288_fuel_gauge: Drop BIOS version check from 'T3 MRD' DMI quirk (git-fixes).
power: supply: axp288_fuel_gauge: Fix battery reporting on the One Mix 1 (git-fixes).
power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false return (git-fixes).
power: supply: sbs-charger: Do not cancel work that is not initialized (git-fixes).
power: supply: wm8350-power: Add missing free in free_charger_irq (git-fixes).
power: supply: wm8350-power: Handle error for wm8350_register_irq (git-fixes).
pps: clients: gpio: Propagate return value from pps_gpio_probe (git-fixes).
printk: Add panic_in_progress helper (bsc#1197894).
printk: disable optimistic spin during panic (bsc#1197894).
proc: bootconfig: Add null pointer check (git-fixes).
proc: fix documentation and description of pagemap (git-fixes).
procfs: prevent unprivileged processes accessing fdinfo dir (git-fixes).
psi: fix 'defined but not used' warnings when (git-fixes)
ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE (bsc#1198413).
pvpanic: Fix typos in the comments (git-fixes).
pwm: lp3943: Fix duty calculation in case period was clamped (git-fixes).
pwm: lpc18xx-sct: Initialize driver data and hardware before pwmchip_add() (git-fixes).
pwm: raspberrypi-poe: Fix endianness in firmware struct (git-fixes).
qed: display VF trust config (git-fixes).
qede: confirm skb is allocated before using (git-fixes).
qed: fix ethtool register dump (jsc#SLE-19001).
qed: return status of qed_iov_get_link (git-fixes).
qla2xxx: add ->map_queues support for nvme (bsc#1195823).
qlcnic: dcb: default to returning -EOPNOTSUPP (git-fixes).
raid5: introduce MD_BROKEN (git-fixes).
random: check for signal_pending() outside of need_resched() check (git-fixes).
random: wake up /dev/random writers after zap (git-fixes).
random: wire up fops->splice_{read,write}_iter() (git-fixes).
ray_cs: Check ioremap return value (git-fixes).
RDMA/cma: Do not change route.addr.src_addr outside state checks (git-fixes).
RDMA/cma: Use correct address when leaving multicast group (git-fixes).
RDMA/core: Fix ib_qp_usecnt_dec() called when error (jsc#SLE-19249).
RDMA/core: Set MR type in ib_reg_user_mr (git-fixes).
RDMA/hfi1: Fix use-after-free bug for mm struct (git-fixes).
RDMA/ib_srp: Fix a deadlock (git-fixes).
RDMA/irdma: Fix netdev notifications for vlan's (git-fixes).
RDMA/irdma: Fix Passthrough mode in VM (git-fixes).
RDMA/irdma: Fix possible crash due to NULL netdev in notifier (git-fixes).
RDMA/irdma: Flush iWARP QP if modified to ERR from RTR state (git-fixes).
RDMA/irdma: Prevent some integer underflows (git-fixes).
RDMA/irdma: Reduce iWARP QP destroy time (git-fixes).
RDMA/irdma: Remove incorrect masking of PD (git-fixes).
RDMA/irdma: Set protocol based on PF rdma_mode flag (bsc#1200502).
RDMA/mlx4: Do not continue event handler after memory allocation failure (git-fixes).
RDMA/mlx5: Add a missing update of cache->last_add (git-fixes).
RDMA/mlx5: Do not remove cache MRs when a delay is needed (git-fixes).
RDMA/mlx5: Fix memory leak in error flow for subscribe event routine (git-fixes).
RDMA/mlx5: Fix the flow of a miss in the allocation of a cache ODP MR (git-fixes).
RDMA/nldev: Prevent underflow in nldev_stat_set_counter_dynamic_doit() (jsc#SLE-19249).
RDMA/rtrs-clt: Fix possible double free in error case (git-fixes).
RDMA/rtrs-clt: Move free_permit from free_clt to rtrs_clt_close (git-fixes).
RDMA/rxe: Change variable and function argument to proper type (jsc#SLE-19249).
RDMA/rxe: Check the last packet by RXE_END_MASK (git-fixes).
RDMA/rxe: Fix ref error in rxe_av.c (jsc#SLE-19249).
RDMA/siw: Fix a condition race issue in MPA request processing (git-fixes).
RDMA/siw: Fix broken RDMA Read Fence/Resume logic (git-fixes).
RDMA/siw: Fix refcounting leak in siw_create_qp() (jsc#SLE-19249).
RDMA/ucma: Protect mc during concurrent multicast leaves (git-fixes).
regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips (git-fixes).
regmap-irq: Fix offset/index mismatch in read_sub_irq_data() (git-fixes).
regmap-irq: Update interrupt clear register for proper reset (git-fixes).
regulator: atc260x: Fix missing active_discharge_on setting (git-fixes).
regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET (git-fixes).
regulator: core: fix false positive in regulator_late_cleanup() (git-fixes).
regulator: da9121: Fix uninit-value in da9121_assign_chip_model() (git-fixes).
regulator: mt6315: Enforce regulator-compatible, not name (git-fixes).
regulator: mt6315-regulator: fix invalid allowed mode (git-fixes).
regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt (git-fixes).
regulator: qcom_smd: fix for_each_child.cocci warnings (git-fixes).
regulator: qcom_smd: Fix up PM8950 regulator configuration (git-fixes).
regulator: rpi-panel: Handle I2C errors/timing to the Atmel (git-fixes).
regulator: scmi: Fix refcount leak in scmi_regulator_probe (git-fixes).
regulator: wm8994: Add an off-on delay for WM8994 variant (git-fixes).
remoteproc: Fix count check in rproc_coredump_write() (git-fixes).
remoteproc: imx_rproc: Ignore create mem entry for resource table (git-fixes).
remoteproc: qcom: Fix missing of_node_put in adsp_alloc_memory_region (git-fixes).
remoteproc: qcom_q6v5_mss: Fix some leaks in q6v5_alloc_memory_region (git-fixes).
remoteproc: qcom_wcnss: Add missing of_node_put() in wcnss_alloc_memory_region (git-fixes).
reset: tegra-bpmp: Restore Handle errors in BPMP response (git-fixes).
Revert 'drm/amd/display: Fix DCN3 B0 DP Alt Mapping' (git-fixes).
Revert 'drm/amdgpu/display: set vblank_disable_immediate for DC' (git-fixes).
Revert 'svm: Add warning message for AVIC IPI invalid target' (git-fixes).
rfkill: make new event layout opt-in (git-fixes).
rfkill: uapi: fix RFKILL_IOCTL_MAX_SIZE ioctl request definition (git-fixes).
riscv: Fix fill_callchain return value (git fixes).
rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value (git-fixes).
rpmsg: qcom_smd: Fix redundant channel->registered assignment (git-fixes).
rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails (git-fixes).
rpmsg: virtio: Fix possible double free in rpmsg_probe() (git-fixes).
rpmsg: virtio: Fix possible double free in rpmsg_virtio_add_ctrl_dev() (git-fixes).
rpmsg: virtio: Fix the unregistration of the device rpmsg_ctrl (git-fixes).
rtc: check if __rtc_read_time was successful (git-fixes).
rtc: fix use-after-free on device removal (git-fixes).
rtc: ftrtc010: Fix error handling in ftrtc010_rtc_probe (git-fixes).
rtc: ftrtc010: Use platform_get_irq() to get the interrupt (git-fixes).
rtc: mc146818-lib: fix locking in mc146818_set_time (git-fixes).
rtc: mc146818-lib: Fix the AltCentury for AMD platforms (git-fixes).
rtc: mt6397: check return value after calling platform_get_resource() (git-fixes).
rtc: mxc: Silence a clang warning (git-fixes).
rtc: pcf2127: fix bug when reading alarm registers (git-fixes).
rtc: pl031: fix rtc features null pointer dereference (git-fixes).
rtc: sun6i: Fix time overflow handling (git-fixes).
rtc: wm8350: Handle error for wm8350_register_irq (git-fixes).
rtl818x: Prevent using not initialized queues (git-fixes).
rtlwifi: Use pr_warn instead of WARN_ONCE (git-fixes).
rtw88: 8821c: fix debugfs rssi value (git-fixes).
rtw88: 8821c: support RFE type4 wifi NIC (git-fixes).
rtw88: Disable PCIe ASPM while doing NAPI poll on 8821CE (git-fixes).
rtw88: rtw8821c: enable rfe 6 devices (git-fixes).
s390/crypto: fix scatterwalk_unmap() callers in AES-GCM (git-fixes).
s390/ctcm: fix potential memory leak (git-fixes).
s390/ctcm: fix variable dereferenced before check (git-fixes).
s390/dasd: fix data corruption for ESE devices (git-fixes).
s390/dasd: Fix read for ESE with blksize 4k (git-fixes).
s390/dasd: Fix read inconsistency for ESE DASD devices (git-fixes).
s390/dasd: prevent double format of tracks for ESE devices (git-fixes).
s390/entry: fix duplicate tracking of irq nesting level (git-fixes).
s390/extable: fix exception table sorting (git-fixes).
s390/kexec_file: fix error handling when applying relocations (git-fixes).
s390/kexec: fix memory leak of ipl report buffer (git-fixes).
s390/kexec: fix return code handling (git-fixes).
s390/lcs: fix variable dereferenced before check (git-fixes).
s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST flag (git-fixes).
s390/module: fix loading modules with a lot of relocations (git-fixes).
s390/nmi: handle guarded storage validity failures for KVM guests (git-fixes).
s390/nmi: handle vector validity failures for KVM guests (git-fixes).
s390/perf: obtain sie_block from the right address (bsc#1200315 LTC#198473).
s390/setup: avoid reserving memory above identity mapping (git-fixes).
s390/smp: sort out physical vs virtual pointers usage (git-fixes).
sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl (git-fixes).
sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl (git-fixes).
sc16is7xx: Fix for incorrect data being transmitted (git-fixes).
sched/core: Export pelt_thermal_tp (git-fixes)
sched/core: Fix forceidle balancing (git-fixes)
sched/core: Mitigate race (git-fixes)
sched/cpuacct: Fix charge percpu cpuusage (git-fixes)
sched/cpuacct: Fix user/system in shown cpuacct.usage* (git-fixes)
sched/debug: Remove mpol_get/put and task_lock/unlock from (git-fixes)
sched: Define and initialize a flag to identify valid PASID in the task (jsc#SLE-24350).
sched/fair: Consider CPU affinity when allowing NUMA imbalance in find_idlest_group() (bnc#1193431).
sched/fair: Fix fault in reweight_entity (git fixes (sched/core)).
sched/fair: Revise comment about lb decision matrix (git-fixes)
sched: Fix balance_push() vs __sched_setscheduler() (git-fixes)
sched: Fix yet more sched_fork() races (git fixes (sched/core)).
sched/membarrier: Fix membarrier-rseq fence command missing (git-fixes)
sched/numa: Adjust imb_numa_nr to a better approximation of memory channels (bnc#1193431).
sched/numa: Apply imbalance limitations consistently (bnc#1193431).
sched/numa: Do not swap tasks between nodes when spare capacity is available (bnc#1193431).
sched/numa: Initialise numa_migrate_retry (bnc#1193431).
sched/pasid: Add a kABI workaround (jsc#SLE-24350).
sched/pelt: Fix attach_entity_load_avg() corner case (git-fixes)
sched/pelt: Relax the sync of util_sum with util_avg (git-fixes)
sched/psi: report zeroes for CPU full at the system level (git-fixes)
sched/rt: Plug rt_mutex_setprio() vs push_rt_task() race (git-fixes)
sched/rt: Try to restart rt period timer when rt runtime (git-fixes)
sched/scs: Reset task stack state in bringup_cpu() (git-fixes)
sched/sugov: Ignore 'busy' filter when rq is capped by (git-fixes)
sched: Teach the forced-newidle balancer about CPU affinity (git-fixes)
scripts/faddr2line: Fix overlapping text section failures (git-fixes).
scsi: block: pm: Always set request queue runtime active in blk_post_runtime_resume() (bsc#1198802).
scsi: block: PM fix blk_post_runtime_resume() args (bsc#1198802).
scsi: core: Query VPD size before getting full page (git-fixes).
scsi: dc395x: Fix a missing check on list iterator (git-fixes).
scsi: elx: efct: Do not use GFP_KERNEL under spin lock (git-fixes).
scsi: fnic: Fix a tracing statement (git-fixes).
scsi: fnic: Replace DMA mask of 64 bits with 47 bits (bsc#1199631).
scsi: hisi_sas: Add more logs for runtime suspend/resume (bsc#1198802).
scsi: hisi_sas: Change permission of parameter prot_mask (git-fixes).
scsi: hisi_sas: Fix rescan after deleting a disk (git-fixes).
scsi: hisi_sas: Fix some issues related to asd_sas_port->phy_list (bsc#1198802).
scsi: hisi_sas: Increase debugfs_dump_index after dump is completed (bsc#1198806).
scsi: hisi_sas: Initialise devices in .slave_alloc callback (bsc#1198802).
scsi: hisi_sas: Limit users changing debugfs BIST count value (bsc#1198803).
scsi: hisi_sas: Remove unused variable and check in hisi_sas_send_ata_reset_each_phy() (git-fixes).
scsi: hisi_sas: Wait for phyup in hisi_sas_control_phy() (bsc#1198802).
scsi: ibmvfc: Allocate/free queue resource only during probe/remove (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes).
scsi: ibmvfc: Store vhost pointer during subcrq allocation (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes).
scsi: iscsi: Add helper functions to manage iscsi_cls_conn (bsc#1198410).
scsi: iscsi: Add helper to remove a session from the kernel (bsc#1198410).
scsi: iscsi: Allow iscsi_if_stop_conn() to be called from kernel (bsc#1198410).
scsi: iscsi: Clean up bound endpoints during shutdown (bsc#1198410).
scsi: iscsi: Fix HW conn removal use after free (bsc#1198410).
scsi: iscsi: Fix session removal on shutdown (bsc#1198410).
scsi: libiscsi: Teardown iscsi_cls_conn gracefully (bsc#1198410).
scsi: libsas: Add flag SAS_HA_RESUMING (bsc#1198802).
scsi: libsas: Add spin_lock/unlock() to protect asd_sas_port->phy_list (bsc#1198802).
scsi: libsas: Defer works of new phys during suspend (bsc#1198802).
scsi: libsas: Do not always drain event workqueue for HA resume (bsc#1198802).
scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands (git-fixes).
scsi: libsas: Insert PORTE_BROADCAST_RCVD event for resuming host (bsc#1198802).
scsi: libsas: Keep host active while processing events (bsc#1198802).
scsi: libsas: Refactor sas_queue_deferred_work() (bsc#1198802).
scsi: libsas: Resume host while sending SMP I/Os (bsc#1198802).
scsi: lpfc: Add more logging of cmd and cqe information for aborted NVMe cmds (bsc#1201193).
scsi: lpfc: Address NULL pointer dereference after starget_to_rport() (bsc#1201193).
scsi: lpfc: Add support for ATTO Fibre Channel devices (bsc#1201193).
scsi: lpfc: Add support for VMID tagging of NVMe I/Os (bsc#1201193).
scsi: lpfc: Allow reduced polling rate for nvme_admin_async_event cmd completion (bsc#1201193).
scsi: lpfc: Alter FPIN stat accounting logic (bsc#1200045).
scsi: lpfc: Change FA-PWWN detection methodology (bsc#1200045).
scsi: lpfc: Change VMID registration to be based on fabric parameters (bsc#1200045).
scsi: lpfc: Clear fabric topology flag before initiating a new FLOGI (bsc#1200045).
scsi: lpfc: Commonize VMID code location (bsc#1201193).
scsi: lpfc: Copyright updates for 14.2.0.0 patches (bsc#1197675).
scsi: lpfc: Copyright updates for 14.2.0.2 patches (bsc#1200045).
scsi: lpfc: Correct BDE DMA address assignment for GEN_REQ_WQE (bsc#1200045).
scsi: lpfc: Correct BDE type for XMIT_SEQ64_WQE in lpfc_ct_reject_event() (bsc#1201193).
scsi: lpfc: Correct CRC32 calculation for congestion stats (bsc#1200045).
scsi: lpfc: Decrement outstanding gidft_inp counter if lpfc_err_lost_link() (bsc#1200045).
scsi: lpfc: Drop lpfc_no_handler() (bsc#1197675).
scsi: lpfc: Expand setting ELS_ID field in ELS_REQUEST64_WQE (bsc#1200045).
scsi: lpfc: Fill in missing ndlp kref puts in error paths (bsc#1200045).
scsi: lpfc: Fix additional reference counting in lpfc_bsg_rport_els() (bsc#1200045).
scsi: lpfc: Fix broken SLI4 abort path (bsc#1197675).
scsi: lpfc: Fix call trace observed during I/O with CMF enabled (bsc#1200045).
scsi: lpfc: Fix diagnostic fw logging after a function reset (bsc#1200045).
scsi: lpfc: Fix dmabuf ptr assignment in lpfc_ct_reject_event() (bsc#1200045).
scsi: lpfc: Fix element offset in __lpfc_sli_release_iocbq_s4() (bsc#1200045).
scsi: lpfc: Fix field overload in lpfc_iocbq data structure (bsc#1200045).
scsi: lpfc: Fix locking for lpfc_sli_iocbq_lookup() (bsc#1197675).
scsi: lpfc: Fix ndlp put following a LOGO completion (bsc#1200045).
scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI (bsc#1200045).
scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology (bsc#1201193).
scsi: lpfc: Fix queue failures when recovering from PCI parity error (bsc#1197675 bsc#1196478).
scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp() (bsc#1200045).
scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock (bsc#1200045).
scsi: lpfc: Fix split code for FLOGI on FCoE (bsc#1200045).
scsi: lpfc: Fix typos in comments (bsc#1197675).
scsi: lpfc: Fix unload hang after back to back PCI EEH faults (bsc#1197675 bsc#1196478).
scsi: lpfc: Improve PCI EEH Error and Recovery Handling (bsc#1197675 bsc#1196478).
scsi: lpfc: Inhibit aborts if external loopback plug is inserted (bsc#1200045).
scsi: lpfc: Introduce FC_RSCN_MEMENTO flag for tracking post RSCN completion (bsc#1200045).
scsi: lpfc: Kill lpfc_bus_reset_handler() (bsc#1197675).
scsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg() (bsc#1200045).
scsi: lpfc: Move MI module parameter check to handle dynamic disable (bsc#1200045).
scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT (bsc#1200045).
scsi: lpfc: Reduce log messages seen after firmware download (bsc#1197675).
scsi: lpfc: Refactor cleanup of mailbox commands (bsc#1200045).
scsi: lpfc: Register for Application Services FC-4 type in Fabric topology (bsc#1200045).
scsi: lpfc: Remove failing soft_wwn support (bsc#1197675).
scsi: lpfc: Remove false FDMI NVMe FC-4 support for NPIV ports (bsc#1200045).
scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled (bsc#1197675).
scsi: lpfc: Remove redundant flush_workqueue() call (bsc#1197675).
scsi: lpfc: Remove redundant lpfc_sli_prep_wqe() call (bsc#1200045).
scsi: lpfc: Remove unnecessary null ndlp check in lpfc_sli_prep_wqe() (bsc#1200045).
scsi: lpfc: Remove unnecessary NULL pointer assignment for ELS_RDF path (bsc#1200045).
scsi: lpfc: Remove unneeded variable (bsc#1200045).
scsi: lpfc: Requeue SCSI I/O to upper layer when fw reports link down (bsc#1200045).
scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is aborted (bsc#1201193).
scsi: lpfc: Resolve some cleanup issues following abort path refactoring (bsc#1201193).
scsi: lpfc: Resolve some cleanup issues following SLI path refactoring (bsc#1201193).
scsi: lpfc: Revise FDMI reporting of supported port speed for trunk groups (bsc#1200045).
scsi: lpfc: Rework FDMI initialization after link up (bsc#1200045).
scsi: lpfc: Rework lpfc_vmid_get_appid() to be protocol independent (bsc#1201193).
scsi: lpfc: SLI path split: Introduce lpfc_prep_wqe (bsc#1197675).
scsi: lpfc: SLI path split: Refactor Abort paths (bsc#1197675).
scsi: lpfc: SLI path split: Refactor base ELS paths and the FLOGI path (bsc#1197675).
scsi: lpfc: SLI path split: Refactor BSG paths (bsc#1197675).
scsi: lpfc: SLI path split: Refactor CT paths (bsc#1197675).
scsi: lpfc: SLI path split: Refactor fast and slow paths to native SLI4 (bsc#1197675).
scsi: lpfc: SLI path split: Refactor FDISC paths (bsc#1197675).
scsi: lpfc: SLI path split: Refactor lpfc_iocbq (bsc#1197675).
scsi: lpfc: SLI path split: Refactor LS_ACC paths (bsc#1197675).
scsi: lpfc: SLI path split: Refactor LS_RJT paths (bsc#1197675).
scsi: lpfc: SLI path split: Refactor misc ELS paths (bsc#1197675).
scsi: lpfc: SLI path split: Refactor PLOGI/PRLI/ADISC/LOGO paths (bsc#1197675).
scsi: lpfc: SLI path split: Refactor SCSI paths (bsc#1197675).
scsi: lpfc: SLI path split: Refactor the RSCN/SCR/RDF/EDC/FARPR paths (bsc#1197675).
scsi: lpfc: SLI path split: Refactor VMID paths (bsc#1197675).
scsi: lpfc: Transition to NPR state upon LOGO cmpl if link down or aborted (bsc#1200045).
scsi: lpfc: Tweak message log categories for ELS/FDMI/NVMe rescan (bsc#1200045).
scsi: lpfc: Update fc_prli_sent outstanding only after guaranteed IOCB submit (bsc#1200045).
scsi: lpfc: Update lpfc version to 14.2.0.0 (bsc#1197675).
scsi: lpfc: Update lpfc version to 14.2.0.1 (bsc#1197675).
scsi: lpfc: Update lpfc version to 14.2.0.2 (bsc#1200045).
scsi: lpfc: Update lpfc version to 14.2.0.3 (bsc#1200045).
scsi: lpfc: Update lpfc version to 14.2.0.4 (bsc#1201193).
scsi: lpfc: Update stat accounting for READ_STATUS mbox command (bsc#1200045).
scsi: lpfc: Use fc_block_rport() (bsc#1197675).
scsi: lpfc: Use irq_set_affinity() (bsc#1197675).
scsi: lpfc: Use kcalloc() (bsc#1197675).
scsi: lpfc: Use list_for_each_entry_safe() in rscn_recovery_check() (bsc#1200045).
scsi: lpfc: Use rport as argument for lpfc_chk_tgt_mapped() (bsc#1197675).
scsi: lpfc: Use rport as argument for lpfc_send_taskmgmt() (bsc#1197675).
scsi: lpfc: Use sg_dma_address() and sg_dma_len() macros for NVMe I/O (bsc#1200045).
scsi: lpfc: Zero SLI4 fcp_cmnd buffer's fcpCntl0 field (bsc#1200045).
scsi: mpt3sas: Fix incorrect 4GB boundary check (git-fixes).
scsi: mpt3sas: Fix use after free in _scsih_expander_node_remove() (git-fixes).
scsi: mpt3sas: Page fault in reply q processing (git-fixes).
scsi: mpt3sas: Use cached ATA Information VPD page (git-fixes).
scsi: mvsas: Add spin_lock/unlock() to protect asd_sas_port->phy_list (bsc#1198802).
scsi: nvme-fc: Add new routine nvme_fc_io_getuuid() (bsc#1201193).
scsi: pm8001: Fix abort all task initialization (git-fixes).
scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req() (git-fixes).
scsi: pm8001: Fix command initialization in pm80XX_send_read_log() (git-fixes).
scsi: pm8001: Fix le32 values handling in pm80xx_chip_sata_req() (git-fixes).
scsi: pm8001: Fix le32 values handling in pm80xx_chip_ssp_io_req() (git-fixes).
scsi: pm8001: Fix le32 values handling in pm80xx_set_sas_protocol_timer_config() (git-fixes).
scsi: pm8001: Fix NCQ NON DATA command completion handling (git-fixes).
scsi: pm8001: Fix NCQ NON DATA command task initialization (git-fixes).
scsi: pm8001: Fix payload initialization in pm80xx_encrypt_update() (git-fixes).
scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config() (git-fixes).
scsi: pm80xx: Enable upper inbound, outbound queues (git-fixes).
scsi: pm80xx: Mask and unmask upper interrupt vectors 32-63 (git-fixes).
scsi: qedi: Fix ABBA deadlock in qedi_process_tmf_resp() and qedi_process_cmd_cleanup_resp() (git-fixes).
scsi: qedi: Use QEDI_MODE_NORMAL for error handling (bsc#1198410).
scsi: qla2xxx: Add a new v2 dport diagnostic feature (bsc#1201160).
scsi: qla2xxx: Add debug prints in the device remove path (bsc#1201160).
scsi: qla2xxx: Add devids and conditionals for 28xx (bsc#1195823).
scsi: qla2xxx: Add ql2xnvme_queues module param to configure number of NVMe queues (bsc#1195823).
scsi: qla2xxx: Add qla2x00_async_done() for async routines (bsc#1195823).
scsi: qla2xxx: Add retry for exec firmware (bsc#1195823).
scsi: qla2xxx: Check for firmware dump already collected (bsc#1195823).
scsi: qla2xxx: edif: Add bsg interface to read doorbell events (bsc#1201160).
scsi: qla2xxx: edif: Add retry for ELS passthrough (bsc#1201160).
scsi: qla2xxx: edif: bsg refactor (bsc#1201160).
scsi: qla2xxx: edif: Fix clang warning (bsc#1195823).
scsi: qla2xxx: edif: Fix inconsistent check of db_flags (bsc#1195823).
scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription (bsc#1201160).
scsi: qla2xxx: edif: Fix n2n discovery issue with secure target (bsc#1201160).
scsi: qla2xxx: edif: Fix n2n login retry for secure device (bsc#1201160).
scsi: qla2xxx: edif: Fix no login after app start (bsc#1201160).
scsi: qla2xxx: edif: Fix no logout on delete for N2N (bsc#1201160).
scsi: qla2xxx: edif: Fix potential stuck session in sa update (bsc#1201160).
scsi: qla2xxx: edif: Fix session thrash (bsc#1201160).
scsi: qla2xxx: edif: Fix slow session teardown (bsc#1201160).
scsi: qla2xxx: edif: Reduce connection thrash (bsc#1195823).
scsi: qla2xxx: edif: Reduce disruption due to multiple app start (bsc#1201160).
scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing (bsc#1201160).
scsi: qla2xxx: edif: Reduce N2N thrashing at app_start time (bsc#1201160).
scsi: qla2xxx: edif: Remove old doorbell interface (bsc#1201160).
scsi: qla2xxx: edif: Remove unneeded variable (bsc#1200046).
scsi: qla2xxx: edif: Replace list_for_each_safe with list_for_each_entry_safe (bsc#1195823).
scsi: qla2xxx: edif: Send LOGO for unexpected IKE message (bsc#1201160).
scsi: qla2xxx: edif: Synchronize NPIV deletion with authentication application (bsc#1201160).
scsi: qla2xxx: edif: Tear down session if keys have been removed (bsc#1201160).
scsi: qla2xxx: edif: Tweak trace message (bsc#1195823).
scsi: qla2xxx: edif: Wait for app to ack on sess down (bsc#1201160).
scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts (bsc#1201160).
scsi: qla2xxx: Fix crash during module load unload test (bsc#1197661).
scsi: qla2xxx: Fix device reconnect in loop topology (bsc#1195823).
scsi: qla2xxx: Fix disk failure to rediscover (bsc#1197661).
scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection (bsc#1201160).
scsi: qla2xxx: Fix excessive I/O error messages by default (bsc#1201160).
scsi: qla2xxx: Fix hang due to session stuck (bsc#1197661).
scsi: qla2xxx: Fix incorrect reporting of task management failure (bsc#1197661).
scsi: qla2xxx: Fix laggy FC remote port session recovery (bsc#1197661).
scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation tests (bsc#1201160).
scsi: qla2xxx: Fix losing FCP-2 targets on long port disable with I/Os (bsc#1201160).
scsi: qla2xxx: Fix losing target when it reappears during delete (bsc#1201160).
scsi: qla2xxx: Fix loss of NVMe namespaces after driver reload test (bsc#1197661).
scsi: qla2xxx: Fix missed DMA unmap for aborted commands (bsc#1200046).
scsi: qla2xxx: Fix missed DMA unmap for NVMe ls requests (bsc#1197661).
scsi: qla2xxx: Fix N2N inconsistent PLOGI (bsc#1197661).
scsi: qla2xxx: Fix premature hw access after PCI error (bsc#1195823).
scsi: qla2xxx: Fix scheduling while atomic (bsc#1195823).
scsi: qla2xxx: Fix stuck session in gpdb (bsc#1195823).
scsi: qla2xxx: Fix stuck session of PRLI reject (bsc#1197661).
scsi: qla2xxx: Fix T10 PI tag escape and IP guard options for 28XX adapters (bsc#1195823).
scsi: qla2xxx: Fix typos in comments (bsc#1197661).
scsi: qla2xxx: Fix warning for missing error code (bsc#1195823).
scsi: qla2xxx: Fix warning message due to adisc being flushed (bsc#1195823).
scsi: qla2xxx: Fix wrong FDMI data for 64G adapter (bsc#1195823).
scsi: qla2xxx: Implement ref count for SRB (bsc#1195823).
scsi: qla2xxx: Increase max limit of ql2xnvme_queues (bsc#1197661).
scsi: qla2xxx: Reduce false trigger to login (bsc#1197661).
scsi: qla2xxx: Refactor asynchronous command initialization (bsc#1195823).
scsi: qla2xxx: Remove a declaration (bsc#1195823).
scsi: qla2xxx: Remove free_sg command flag (bsc#1200046).
scsi: qla2xxx: Remove setting of 'req' and 'rsp' parameters (bsc#1201160).
scsi: qla2xxx: Remove unneeded flush_workqueue() (bsc#1200046).
scsi: qla2xxx: Remove unused qla_sess_op_cmd_list from scsi_qla_host_t (bsc#1195823).
scsi: qla2xxx: Remove unused 'ql_dm_tgt_ex_pct' parameter (bsc#1201160).
scsi: qla2xxx: Stop using the SCSI pointer (bsc#1197661).
scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() (bsc#1195823).
scsi: qla2xxx: Turn off multi-queue for 8G adapters (bsc#1201160).
scsi: qla2xxx: Update version to 10.02.07.200-k (bsc#1195823).
scsi: qla2xxx: Update version to 10.02.07.300-k (bsc#1195823).
scsi: qla2xxx: Update version to 10.02.07.400-k (bsc#1197661).
scsi: qla2xxx: Update version to 10.02.07.500-k (bsc#1201160).
scsi: qla2xxx: Update version to 10.02.07.600-k (bsc#1201160).
scsi: qla2xxx: Update version to 10.02.07.700-k (bsc#1201160).
scsi: qla2xxx: Use correct feature type field during RFF_ID processing (bsc#1197661).
scsi: qla2xxx: Use named initializers for port_state_str (bsc#1197661).
scsi: qla2xxx: Use named initializers for q_dev_state (bsc#1197661).
scsi: qla2xxx: Wind down adapter after PCIe error (bsc#1201160).
scsi: scsi_transport_fc: Fix FPIN Link Integrity statistics counters (git-fixes).
scsi: sr: Do not leak information in ioctl (git-fixes).
scsi: ufs: core: Exclude UECxx from SFR dump list (git-fixes).
scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (git-fixes).
scsi: ufs: qcom: Fix ufs_qcom_resume() (git-fixes).
scsi: virtio-scsi: Eliminate anonymous module_init and module_exit (git-fixes).
scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() (git-fixes).
selftest: KVM: Add open sev dev helper (bsc#1194526).
selftests/bpf: Remove unused variable in tc_tunnel prog (git-fixes).
selftests: firmware: Fix the request_firmware_into_buf() test for XZ format (git-fixes).
selftests: firmware: Use smaller dictionary for XZ compression (git-fixes).
selftests: fix check for circular KVM_CAP_VM_MOVE_ENC_CONTEXT_FROM (bsc#1194526).
selftests: KVM: Add /x86_64/sev_migrate_tests to .gitignore (bsc#1194526).
selftests: KVM: Fix check for !POLLIN in demand_paging_test (bsc#1194526).
selftests: kvm: Remove absent target file (git-fixes).
selftests: KVM: sev_migrate_tests: Fix sev_ioctl() (bsc#1194526).
selftests: kvm/x86: Fix the warning in lib/x86_64/processor.c (bsc#1194526).
selftests/powerpc: Add test for real address error handling (jsc#SLE-18194).
serial: 8250: Also set sticky MCR bits in console restoration (git-fixes).
serial: 8250_aspeed_vuart: add PORT_ASPEED_VUART port type (git-fixes).
serial: 8250_aspeed_vuart: Fix potential NULL dereference in aspeed_vuart_probe (git-fixes).
serial: 8250: core: Remove unneeded linux/pm_runtime.h (git-fixes).
serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device (git-fixes).
serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485 (git-fixes).
serial: 8250: Fix race condition in RTS-after-send handling (git-fixes).
serial: 8250: fix XOFF/XON sending when DMA is used (git-fixes).
serial: 8250_lpss: Balance reference count for PCI DMA device (git-fixes).
serial: 8250_mid: Balance reference count for PCI DMA device (git-fixes).
serial: 8250_mtk: Fix register address for XON/XOFF character (git-fixes).
serial: 8250_mtk: Fix UART_EFR register address (git-fixes).
serial: 8250: pxa: Remove unneeded linux/pm_runtime.h (git-fixes).
serial: core: Fix the definition name in the comment of UPF_* flags (git-fixes).
serial: cpm_uart: Fix build error without CONFIG_SERIAL_CPM_CONSOLE (git-fixes).
serial: digicolor-usart: Do not allow CS5-6 (git-fixes).
serial: imx: fix overrun interrupts in DMA mode (git-fixes).
serial: meson: acquire port->lock in startup() (git-fixes).
serial: msm_serial: disable interrupts in __msm_console_write() (git-fixes).
serial: pch: do not overwrite xmit->buf[0] by x_char (git-fixes).
serial: rda-uart: Do not allow CS5-6 (git-fixes).
serial: samsung_tty: do not unlock port->lock for uart_write_wakeup() (git-fixes).
serial: sh-sci: Do not allow CS5-6 (git-fixes).
serial: sifive: Report actual baud base rather than fixed 115200 (git-fixes).
serial: sifive: Sanitize CSIZE and c_iflag (git-fixes).
serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 (git-fixes).
serial: stm32-usart: Correct CSIZE, bits, and parity (git-fixes).
serial: txx9: Do not allow CS5-6 (git-fixes).
sfc: Do not free an empty page_ring (git-fixes).
sfc: fallback for lack of xdp tx queues (bsc#1196306).
sfc: last resort fallback for lack of xdp tx queues (bsc#1196306).
sfc: Use swap() instead of open coding it (bsc#1196306).
sfc: use swap() to make code cleaner (bsc#1196306).
skbuff: fix coalescing for page_pool fragment recycling (bsc#1190336).
slimbus: qcom: Fix IRQ check in qcom_slim_probe (git-fixes).
slip: fix macro redefine warning (git-fixes).
smb3: add mount parm nosparse (bsc#1193629).
smb3: add trace point for lease not found issue (bsc#1193629).
smb3: add trace point for oplock not found (bsc#1193629).
smb3: check for null tcon (bsc#1193629).
smb3: cleanup and clarify status of tree connections (bsc#1193629).
smb3: do not set rc when used and unneeded in query_info_compound (bsc#1193629).
SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op (bsc#1193629).
smb3: fix incorrect session setup check for multiuser mounts (bsc#1193629).
smb3: fix ksmbd bigendian bug in oplock break, and move its struct to smbfs_common (bsc#1193629).
smb3: fix snapshot mount option (bsc#1193629).
smb3 improve error message when mount options conflict with posix (bsc#1193629).
smb3: move defines for ioctl protocol header and SMB2 sizes to smbfs_common (bsc#1193629).
smb3: move defines for query info and query fsinfo to smbfs_common (bsc#1193629).
smb3 move more common protocol header definitions to smbfs_common (bsc#1193629).
smb3: send NTLMSSP version information (bsc#1193629).
smp: Fix offline cpu check in flush_smp_call_function_queue() (git-fixes).
smsc911x: allow using IRQ0 (git-fixes).
soc: aspeed: lpc-ctrl: Block error printing on probe defer cases (git-fixes).
soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe (git-fixes).
soc: bcm: Check for NULL return of devm_kzalloc() (git-fixes).
soc: fsl: Correct MAINTAINERS database (QUICC ENGINE LIBRARY) (git-fixes).
soc: fsl: Correct MAINTAINERS database (SOC) (git-fixes).
soc: fsl: guts: Add a missing memory allocation failure check (git-fixes).
soc: fsl: guts: Revert commit 3c0d64e867ed (git-fixes).
soc: fsl: qe: Check of ioremap return value (git-fixes).
soc: mediatek: pm-domains: Add wakeup capacity support in power domain (git-fixes).
soc: qcom: aoss: Expose send for generic usecase (git-fixes).
soc: qcom: aoss: Fix missing put_device call in qmp_get (git-fixes).
soc: qcom: aoss: remove spurious IRQF_ONESHOT flags (git-fixes).
soc: qcom: llcc: Add MODULE_DEVICE_TABLE() (git-fixes).
soc: qcom: ocmem: Fix missing put_device() call in of_get_ocmem (git-fixes).
soc: qcom: rpmpd: Check for null return of devm_kcalloc (git-fixes).
soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc (git-fixes).
soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc (git-fixes).
soc: rockchip: Fix refcount leak in rockchip_grf_init (git-fixes).
soc: ti: ti_sci_pm_domains: Check for null return of devm_kcalloc (git-fixes).
soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe (git-fixes).
sound/oss/dmasound: fix build when drivers are mixed =y/=m (git-fixes).
sound/oss/dmasound: fix 'dmasound_setup' defined but not used (git-fixes).
soundwire: intel: fix wrong register name in intel_shim_wake (git-fixes).
soundwire: intel: prevent pm_runtime resume prior to system suspend (git-fixes).
soundwire: qcom: adjust autoenumeration timeout (git-fixes).
speakup-dectlk: Restore pitch setting (git-fixes).
spi: atmel-quadspi: Fix the buswidth adjustment between spi-mem and controller (git-fixes).
spi: bcm-qspi: fix MSPI only access with bcm_qspi_exec_mem_op() (git-fixes).
spi: cadence-quadspi: fix incorrect supports_op() return value (git-fixes).
spi: cadence-quadspi: fix protocol setup for non-1-1-X operations (git-fixes).
spi: core: add dma_map_dev for __spi_unmap_msg() (git-fixes).
spi: Fix erroneous sgs value with min_t() (git-fixes).
spi: Fix invalid sgs value (git-fixes).
spi: Fix Tegra QSPI example (git-fixes).
spi: img-spfi: Fix pm_runtime_get_sync() error checking (git-fixes).
spi: mxic: Fix the transmit path (git-fixes).
spi: pxa2xx-pci: Balance reference count for PCI DMA device (git-fixes).
spi: qcom-qspi: Add minItems to interconnect-names (git-fixes).
spi: rockchip: Fix error in getting num-cs property (git-fixes).
spi: rockchip: fix missing error on unsupported SPI_CS_HIGH (git-fixes).
spi: rockchip: Preset cs-high and clk polarity in setup progress (git-fixes).
spi: rockchip: Stop spi slave dma receiver when cs inactive (git-fixes).
spi: rockchip: terminate dma transmission when slave abort (git-fixes).
spi: spi-cadence: Fix kernel-doc format for resume/suspend (git-fixes).
spi: spi-fsl-qspi: check return value after calling platform_get_resource_byname() (git-fixes).
spi: spi-mtk-nor: initialize spi controller after resume (git-fixes).
spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction (git-fixes).
spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout (git-fixes).
spi: spi-zynqmp-gqspi: Handle error for dma_set_mask (git-fixes).
spi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op() (git-fixes).
spi: stm32-qspi: Fix wait_cmd timeout in APM mode (git-fixes).
spi: tegra114: Add missing IRQ check in tegra_spi_probe (git-fixes).
spi: tegra20: Use of_device_get_match_data() (git-fixes).
spi: tegra210-quad: Fix missin IRQ check in tegra_qspi_probe (git-fixes).
sr9700: sanity check for packet length (bsc#1196836).
staging: fbtft: fb_st7789v: reset display before initialization (git-fixes).
staging: fbtft: Fix error path in fbtft_driver_module_init() (git-fixes).
staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() (git-fixes).
staging: gdm724x: fix use after free in gdm_lte_rx() (git-fixes).
staging:iio:adc:ad7280a: Fix handing of device address bit reversing (git-fixes).
staging: most: dim2: force fcnt=3 on Renesas GEN3 (git-fixes).
staging: most: dim2: use device release method (git-fixes).
staging: most: dim2: use if statements instead of ?: expressions (git-fixes).
staging: mt7621-dts: fix formatting (git-fixes).
staging: mt7621-dts: fix LEDs and pinctrl on GB-PC1 devicetree (git-fixes).
staging: mt7621-dts: fix pinctrl-0 items to be size-1 items on ethernet (git-fixes).
staging: mt7621-dts: fix pinctrl properties for ethernet (git-fixes).
staging: rtl8712: fix a potential memory leak in r871xu_drv_init() (git-fixes).
staging: rtl8712: fix uninit-value in r871xu_drv_init() (git-fixes).
staging: rtl8712: fix uninit-value in usb_read8() and friends (git-fixes).
staging: rtl8723bs: Fix access-point mode deadlock (git-fixes).
staging: vc04_services: shut up out-of-range warning (git-fixes).
staging: vchiq_arm: Avoid NULL ptr deref in vchiq_dump_platform_instances (git-fixes).
staging: vchiq_core: handle NULL result of find_service_by_handle (git-fixes).
staging: vchiq: Move certain declarations to vchiq_arm.h (git-fixes).
staging: vchiq: Move vchiq char driver to its own file (git-fixes).
staging: vchiq: Refactor vchiq cdev code (git-fixes).
staging: wfx: fix an error handling in wfx_init_common() (git-fixes).
stddef: Introduce DECLARE_FLEX_ARRAY() helper (git-fixes).
stm: ltdc: fix two incorrect NULL checks on list iterator (bsc#1190786)
SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367).
SUNRPC: Do not dereference non-socket transports in sysfs (git-fixes).
SUNRPC: Do not dereference non-socket transports in sysfs - kabi fix (git-fixes).
SUNRPC do not resend a task on an offlined transport (git-fixes).
SUNRPC: Ensure gss-proxy connects on setup (git-fixes).
SUNRPC: Ensure that the gssproxy client can start in a connected state (git-fixes).
SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() (git-fixes).
SUNRPC: Fix the svc_deferred_event trace class (git-fixes).
SUNRPC: Handle ENOMEM in call_transmit_status() (git-fixes).
SUNRPC: Handle low memory situations in call_status() (git-fixes).
SUNRPC release the transport of a relocated task with an assigned transport (git-fixes).
SUNRPC: svc_tcp_sendmsg() should handle errors from xdr_alloc_bvec() (git-fixes).
SUNRPC: Trap RDMA segment overflows (git-fixes).
SUNRPC: use different lock keys for INET6 and LOCAL (git-fixes).
supported.conf: add intel_sdsi
supported.conf: mark pfuze100 regulator as supported (bsc#1199909)
supported.conf: Support TPM TIS SPI driver (jsc#SLE-24093)
surface: surface3_power: Fix battery readings on batteries without a serial number (git-fixes).
swiotlb: max mapping size takes min align mask into account (bsc#1197303).
sysrq: do not omit current cpu when showing backtrace of all active CPUs (git-fixes).
thermal/core: Fix memory leak in __thermal_cooling_device_register() (git-fixes).
thermal: core: Fix TZ_GET_TRIP NULL pointer dereference (git-fixes).
thermal: devfreq_cooling: use local ops instead of global ops (git-fixes).
thermal/drivers/bcm2711: Do not clamp temperature at zero (git-fixes).
thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe (git-fixes).
thermal/drivers/imx_sc_thermal: Fix refcount leak in imx_sc_thermal_probe (git-fixes).
thermal/drivers/int340x: Improve the tcc offset saving for suspend/resume (git-fixes).
thermal: int340x: Check for NULL after calling kmemdup() (git-fixes).
thermal: int340x: Fix attr.show callback prototype (git-fixes).
thermal: int340x: fix memory leak in int3400_notify() (git-fixes).
thermal: int340x: Increase bitmap size (git-fixes).
thunderbolt: Use different lane for second DisplayPort tunnel (git-fixes).
tick/nohz: unexport __init-annotated tick_nohz_full_setup() (bsc#1201218).
tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (bsc#1190786)
timekeeping: Mark NMI safe time accessors as notrace (git-fixes)
timers: Fix warning condition in __run_timers() (git-fixes)
TOMOYO: fix __setup handlers return values (git-fixes).
tools arch x86: Add Intel SDSi provisiong tool (jsc#SLE-18938).
tools: bpftool: Complete metrics list in 'bpftool prog profile' doc (git-fixes).
tools: bpftool: Document and add bash completion for -L, -B options (git-fixes).
tools: bpftool: Update and synchronise option list in doc and help msg (git-fixes).
tpm: Fix buffer access in tpm2_get_tpm_pt() (git-fixes).
tpm: Fix error handling in async work (git-fixes).
tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (bsc#1065729).
tpm: use try_get_ops() in tpm-space.c (git-fixes).
tps6598x: clear int mask on probe failure (git-fixes).
tracing: Do not inc err_log entry count if entry allocation fails (git-fixes).
tracing: Dump stacktrace trigger to the corresponding instance (git-fixes).
tracing: Fix potential double free in create_var_ref() (git-fixes).
tracing: Fix return value of __setup handlers (git-fixes).
tracing: Fix return value of trace_pid_write() (git-fixes).
tracing: Fix smatch warning for null glob in event_hist_trigger_parse() (git-fixes).
tracing: Have trace event string test handle zero length strings (git-fixes).
tracing: Have traceon and traceoff trigger honor the instance (git-fixes).
tracing/histogram: Fix a potential memory leak for kstrdup() (git-fixes).
tracing/histogram: Fix sorting on old 'cpu' value (git-fixes).
tracing/osnoise: Force quiescent states while tracing (git-fixes).
tracing: Propagate is_signed to expression (git-fixes).
tracing: Show kretprobe unknown indicator only for kretprobe_trampoline (bsc#1193277).
tty: Fix a possible resource leak in icom_probe (git-fixes).
tty: fix deadlock caused by calling printk() under tty_port->lock (git-fixes).
tty: goldfish: Fix free_irq() on remove (git-fixes).
tty: goldfish: Introduce gf_ioread32()/gf_iowrite32() (git-fixes).
tty: goldfish: Use tty_port_destroy() to destroy port (git-fixes).
tty: n_gsm: Debug output allocation must use GFP_ATOMIC (git-fixes).
tty: n_gsm: Do not ignore write return value in gsmld_output() (git-fixes).
tty: n_gsm: fix deadlock in gsmtty_open() (git-fixes).
tty: n_gsm: fix encoding of control signal octet bit DV (git-fixes).
tty: n_gsm: fix NULL pointer access due to DLCI release (git-fixes).
tty: n_gsm: Fix packet data hex dump output (git-fixes).
tty: n_gsm: fix proper link termination after failed open (git-fixes).
tty: n_gsm: fix wrong modem processing in convergence layer type 2 (git-fixes).
tty: n_gsm: fix wrong tty control line for flow control (git-fixes).
tty: n_tty: do not look ahead for EOL character past the end of the buffer (git-fixes).
tty: n_tty: Restore EOF push handling behavior (git-fixes).
tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe() (git-fixes).
tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get (git-fixes).
tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe (git-fixes).
tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() (git-fixes).
u64_stats: Disable preemption on 32bit UP+SMP PREEMPT_RT during updates (bsc#1189998).
uapi/linux/stddef.h: Add include guards (jsc#SLE-18978).
ucounts: Enforce RLIMIT_NPROC not RLIMIT_NPROC+1 (bsc#1194191).
udmabuf: validate ubuf->pagecount (git-fixes).
udp_tunnel: Fix end of loop test in udp_tunnel_nic_unregister() (git-fixes).
usb: cdc-wdm: fix reading stuck on device close (git-fixes).
usb: cdns3: Fix issue for clear halt endpoint (git-fixes).
usb: cdnsp: fix cdnsp_decode_trb function to properly handle ret value (git-fixes).
usb: cdnsp: Fixed setting last_trb incorrectly (git-fixes).
usb: chipidea: udc: check request status before setting device address (git-fixes).
usb: core: Do not hold the device lock while sleeping in do_proc_control() (git-fixes).
usb: core: hcd: Add support for deferring roothub registration (git-fixes).
usb: dwc2: drd: fix soft connect when gadget is unconfigured (git-fixes).
usb: dwc2: Fix memory leak in dwc2_hcd_init (git-fixes).
usb: dwc2: gadget: do not reset gadget's driver->bus (git-fixes).
usb: dwc2: gadget: do not try to disable ep0 in dwc2_hsotg_suspend (git-fixes).
usb: dwc3: core: Fix tx/rx threshold settings (git-fixes).
usb: dwc3: core: Only handle soft-reset in DCTL (git-fixes).
usb: dwc3: Decouple USB 2.0 L1 & L2 events (git-fixes).
usb: dwc3: gadget: Change to dev_dbg() when queuing to inactive gadget/ep (git-fixes).
usb: dwc3: gadget: ep_queue simplify isoc start condition (git-fixes).
usb: dwc3: gadget: Fix IN endpoint max packet size allocation (git-fixes).
usb: dwc3: gadget: Give some time to schedule isoc (git-fixes).
usb: dwc3: gadget: Ignore Update Transfer cmd params (git-fixes).
usb: dwc3: gadget: Let the interrupt handler disable bottom halves (git-fixes).
usb: dwc3: gadget: move cmd_endtransfer to extra function (git-fixes).
usb: dwc3: gadget: Move null pinter check to proper place (git-fixes).
usb: dwc3: gadget: Prevent core from processing stale TRBs (git-fixes).
usb: dwc3: gadget: Prevent repeat pullup() (git-fixes).
usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback (git-fixes).
usb: dwc3: gadget: Return proper request status (git-fixes).
usb: dwc3: gadget: Skip checking Update Transfer status (git-fixes).
usb: dwc3: gadget: Skip reading GEVNTSIZn (git-fixes).
usb: dwc3: gadget: Wait for ep0 xfers to complete during dequeue (git-fixes).
usb: dwc3: Issue core soft reset before enabling run/stop (git-fixes).
usb: dwc3: omap: fix 'unbalanced disables for smps10_out1' on omap5evm (git-fixes).
usb: dwc3: pci: Add 'snps,dis_u2_susphy_quirk' for Intel Bay Trail (git-fixes).
usb: dwc3: pci: add support for the Intel Meteor Lake-P (git-fixes).
usb: dwc3: pci: add support for the Intel Raptor Lake-S (git-fixes).
usb: dwc3: pci: Fix Bay Trail phy GPIO mappings (git-fixes).
usb: dwc3: pci: Fix pm_runtime_get_sync() error checking (git-fixes).
usb: dwc3: pci: Set the swnode from inside dwc3_pci_quirks() (git-fixes).
usb: dwc3: Try usb-role-switch first in dwc3_drd_init (git-fixes).
usb: dwc3: xilinx: fix uninitialized return value (git-fixes).
usb: ehci: add pci device support for Aspeed platforms (git-fixes).
usb: ehci-omap: drop unused ehci_read() function (git-fixes).
usb: f_fs: Fix use-after-free for epfile (git-fixes).
usb: Fix xhci event ring dequeue pointer ERDP update issue (git-fixes).
usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind() (git-fixes).
usb: gadget: eliminate anonymous module_init and module_exit (git-fixes).
usb: gadget: f_fs: change ep->ep safe in ffs_epfile_io() (git-fixes).
usb: gadget: f_fs: change ep->status safe in ffs_epfile_io() (git-fixes).
USB: gadget: Fix double-free bug in raw_gadget driver (git-fixes).
usb: gadget: Fix non-unique driver names in raw-gadget driver (git-fixes).
usb: gadget: fix race when gadget driver register via ioctl (git-fixes).
usb: gadget: Fix use-after-free bug by not setting udc->dev.driver (git-fixes).
usb: gadget: f_uac2: Define specific wTerminalType (git-fixes).
usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe (git-fixes).
usb: gadget: rndis: add spinlock for rndis response list (git-fixes).
usb: gadget: rndis: check size of RNDIS_MSG_SET command (git-fixes).
usb: gadget: rndis: prevent integer overflow in rndis_set_response() (git-fixes).
usb: gadget: tegra-xudc: Do not program SPARAM (git-fixes).
usb: gadget: tegra-xudc: Fix control endpoint's definitions (git-fixes).
usb: gadget: udc: renesas_usb3: Fix host to USB_ROLE_NONE transition (git-fixes).
usb: gadget: u_ether: fix regression in setting fixed MAC address (git-fixes).
usb: gadget: uvc: allow for application to cleanly shutdown (git-fixes).
usb: gadget: uvc: Fix crash when encoding data for usb request (git-fixes).
usb: gadget: uvc: rename function to be more consistent (git-fixes).
usb: gadget: validate endpoint index for xilinx udc (git-fixes).
usb: gadget: validate interface OS descriptor requests (git-fixes).
USB: hcd-pci: Fully suspend across freeze/thaw cycle (git-fixes).
usb: hcd-pci: Use PCI_STD_NUM_BARS when checking standard BARs (git-fixes).
USB: host: isp116x: check return value after calling platform_get_resource() (git-fixes).
usb: isp1760: Fix out-of-bounds array access (git-fixes).
usb: misc: fix improper handling of refcount in uss720_probe() (git-fixes).
usb: mtu3: fix USB 3.0 dual-role-switch from device to host (git-fixes).
usb: musb: Fix missing of_node_put() in omap2430_probe (git-fixes).
usbnet: fix memory allocation in helpers (git-fixes).
USB: new quirk for Dell Gen 2 devices (git-fixes).
usb: phy: generic: Get the vbus supply (git-fixes).
usb: quirks: add a Realtek card reader (git-fixes).
usb: quirks: add STRING quirk for VCOM device (git-fixes).
usb: raw-gadget: fix handling of dual-direction-capable endpoints (git-fixes).
usb: serial: ch341: add support for GW Instek USB2.0-Serial devices (git-fixes).
usb: serial: cp210x: add CPI Bulk Coin Recycler id (git-fixes).
usb: serial: cp210x: add NCR Retail IO box id (git-fixes).
usb: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (git-fixes).
usb: serial: ftdi_sio: add support for Brainboxes US-159/235/320 (git-fixes).
USB: serial: io_ti: add Agilent E5805A support (git-fixes).
usb: serial: option: add Fibocom L610 modem (git-fixes).
usb: serial: option: add Fibocom MA510 modem (git-fixes).
USB: serial: option: add Quectel BG95 modem (git-fixes).
USB: serial: option: add Quectel EM05-G modem (git-fixes).
USB: serial: option: add Quectel RM500K module support (git-fixes).
USB: serial: option: add support for Cinterion MV31 with new baseline (git-fixes).
usb: serial: option: add support for Cinterion MV32-WA/MV32-WB (git-fixes).
usb: serial: option: add support for DW5829e (git-fixes).
usb: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions (git-fixes).
USB: serial: option: add Telit LE910Cx 0x1250 composition (git-fixes).
usb: serial: option: add Telit LE910R1 compositions (git-fixes).
usb: serial: option: add ZTE MF286D modem (git-fixes).
usb: serial: pl2303: add device id for HP LM930 Display (git-fixes).
usb: serial: pl2303: add IBM device IDs (git-fixes).
USB: serial: pl2303: add support for more HXN (G) types (git-fixes).
usb: serial: pl2303: fix GS type detection (git-fixes).
usb: serial: pl2303: fix type detection for odd device (git-fixes).
usb: serial: qcserial: add support for Sierra Wireless EM7590 (git-fixes).
usb: serial: simple: add Nokia phone driver (git-fixes).
usb: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS (git-fixes).
usb: storage: karma: fix rio_karma_init return (git-fixes).
usb: storage: ums-realtek: fix error code in rts51x_read_mem() (git-fixes).
usb: typec: mux: Check dev_set_name() return value (git-fixes).
usb: typec: tcpci: Do not skip cleanup in .remove() on error (git-fixes).
usb: typec: tcpci_mt6360: Update for BMC PHY setting (git-fixes).
usb: typec: tipd: Forward plug orientation to typec subsystem (git-fixes).
usb: typec: ucsi: Fix reuse of completion structure (git-fixes).
usb: typec: ucsi: Fix role swapping (git-fixes).
usb: ulpi: Call of_node_put correctly (git-fixes).
usb: ulpi: Move of_node_put to ulpi_dev_release (git-fixes).
usb: usbip: add missing device lock on tweak configuration cmd (git-fixes).
usb: usbip: eliminate anonymous module_init and module_exit (git-fixes).
usb: usbip: fix a refcount leak in stub_probe() (git-fixes).
usb: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c (git-fixes).
usb: usbtmc: Fix bug in pipe direction for control transfers (git-fixes).
usb: xhci: tegra:Fix PM usage reference leak of tegra_xusb_unpowergate_partitions (git-fixes).
usb: zaurus: support another broken Zaurus (git-fixes).
use jobs not processors in the constraints jobs is the number of vcpus available to the build, while processors is the total processor count of the machine the VM is running on.
vdpasim: allow to enable a vq repeatedly (git-fixes).
veth: Ensure eth header is in skb's linear part (git-fixes).
veth: fix races around rq->rx_notify_masked (git-fixes).
vfio/ccw: Remove unneeded GFP_DMA (git-fixes).
vhost_vdpa: do not setup irq offloading when irq_num 0 (git-fixes).
vhost/vsock: do not check owner in vhost_vsock_stop() while releasing (git-fixes).
vhost/vsock: fix incorrect used length reported to the guest (git-fixes).
video: fbdev: atari: Atari 2 bpp (STe) palette bugfix (git-fixes).
video: fbdev: atmel_lcdfb: fix an error code in atmel_lcdfb_probe() (git-fixes).
video: fbdev: cirrusfb: check pixclock to avoid divide by zero (git-fixes).
video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (git-fixes).
video: fbdev: controlfb: Fix COMPILE_TEST build (git-fixes).
video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name() (git-fixes).
video: fbdev: matroxfb: set maxvram of vbG200eW to the same as vbG200 to avoid black screen (git-fixes).
video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow (git-fixes).
video: fbdev: omapfb: acx565akm: replace snprintf with sysfs_emit (git-fixes).
video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of (git-fixes).
video: fbdev: omapfb: panel-dsi-cm: Use sysfs_emit() instead of snprintf() (git-fixes).
video: fbdev: omapfb: panel-tpo-td043mtea1: Use sysfs_emit() instead of snprintf() (git-fixes).
video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() (git-fixes).
video: fbdev: sm712fb: Fix crash in smtcfb_read() (git-fixes).
video: fbdev: sm712fb: Fix crash in smtcfb_write() (git-fixes).
video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() (git-fixes).
video: fbdev: udlfb: properly check endpoint type (bsc#1190497)
video: fbdev: udlfb: replace snprintf in show functions with sysfs_emit (git-fixes).
video: fbdev: w100fb: Reset global state (git-fixes).
virtio-blk: Do not use MAX_DISCARD_SEGMENTS if max_discard_seg is zero (git-fixes).
virtio_blk: eliminate anonymous module_init and module_exit (git-fixes).
virtio_blk: fix the discard_granularity and discard_alignment queue limits (git-fixes).
virtio_console: break out of buf poll on remove (git-fixes).
virtio_console: eliminate anonymous module_init and module_exit (git-fixes).
virtio: fix virtio transitional ids (git-fixes).
virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed (git-fixes).
virtio-net: fix for skb_over_panic inside big mode (git-fixes).
virtio-net: fix race between ndo_open() and virtio_device_ready() (git-fixes).
virtio_net: fix wrong buf address calculation when using xdp (git-fixes).
virtio_net: fix xdp_rxq_info bug after suspend/resume (git-fixes).
virtio-net: realign page_to_skb() after merges (git-fixes).
virtio: pci: Fix an error handling path in vp_modern_probe() (git-fixes).
virtio-pci: Remove wrong address verification in vp_del_vqs() (git-fixes).
VMCI: Fix the description of vmci_check_host_caps() (git-fixes).
vringh: Fix loop descriptors check in the indirect cases (git-fixes).
vsprintf: Fix %pK with kptr_restrict == 0 (bsc#1197889).
vsprintf: Fix potential unaligned access (bsc#1198379).
vt_ioctl: add array_index_nospec to VT_ACTIVATE (git-fixes).
vt_ioctl: fix array_index_nospec in vt_setactivate (git-fixes).
vxcan: enable local echo for sent CAN frames (git-fixes).
w1: w1_therm: fixes w1_seq for ds28ea00 sensors (git-fixes).
watchdog: rti-wdt: Add missing pm_runtime_disable() in probe function (git-fixes).
watchdog: rti-wdt: Fix pm_runtime_get_sync() error checking (git-fixes).
Watchdog: sp5100_tco: Add initialization using EFCH MMIO (bsc#1199260).
watchdog: sp5100_tco: Add support for get_timeleft (bsc#1199260).
Watchdog: sp5100_tco: Enable Family 17h+ CPUs (bsc#1199260).
Watchdog: sp5100_tco: Move timer initialization into function (bsc#1199260).
Watchdog: sp5100_tco: Refactor MMIO base address initialization (bsc#1199260).
watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe (git-fixes).
watchdog: wdat_wdt: Stop watchdog when rebooting the system (git-fixes).
watch_queue: Actually free the watch (git-fixes).
watch_queue: Fix NULL dereference in error cleanup (git-fixes).
watch_queue: Free the page array when watch_queue is dismantled (git-fixes).
wcn36xx: Differentiate wcn3660 from wcn3620 (git-fixes).
wifi: mac80211: fix use-after-free in chanctx code (git-fixes).
wilc1000: fix crash observed in AP mode with cfg80211_register_netdevice() (git-fixes).
wireguard: queueing: use CFI-safe ptr_ring cleanup function (git-fixes).
wireguard: selftests: rename DEBUG_PI_LIST to DEBUG_PLIST (git-fixes).
wireguard: socket: free skb in send6 when ipv6 is disabled (git-fixes).
wireguard: socket: ignore v6 endpoints when ipv6 is disabled (git-fixes).
writeback: Avoid skipping inode writeback (bsc#1200813).
writeback: Fix inode->i_io_list not be protected by inode->i_lock error (bsc#1200821).
x86/boot: Add setup_indirect support in early_memremap_is_setup_data() (bsc#1190497).
x86/boot: Fix memremap of setup_indirect structures (bsc#1190497).
x86/cc: Move arch/x86/{kernel/cc_platform.c coco/core.c} (jsc#SLE-19924).
x86/coco: Add API to handle encryption mask (jsc#SLE-19924).
x86/coco: Explicitly declare type of confidential computing platform (jsc#SLE-19924).
x86/cpu: Add Xeon Icelake-D to list of CPUs that support PPIN (bsc#1190497).
x86/cpufeatures: Re-enable ENQCMD (jsc#SLE-24350).
x86/cpu: Load microcode during restore_processor_state() (bsc#1190497).
x86/entry: Remove skip_r11rcx (bsc#1201524).
x86/fpu: Clear PASID when copying fpstate (jsc#SLE-24350).
x86/ibt,xen: Sprinkle the ENDBR (bsc#1201471).
x86/kprobes: Add UNWIND_HINT_FUNC on kretprobe_trampoline() (bsc#1193277).
x86/kprobes: Fixup return address in generic trampoline handler (bsc#1193277).
x86/kprobes: Push a fake return address at kretprobe_trampoline (bsc#1193277).
x86/kvmclock: Fix Hyper-V Isolated VM s boot issue when vCPUs 64 (bsc#1183682).
x86/kvm: Do not waste memory if kvmclock is disabled (bsc#1183682).
x86/MCE/AMD: Allow thresholding interface updates after init (bsc#1190497).
x86/mm/cpa: Generalize __set_memory_enc_pgtable() (jsc#SLE-19924).
x86/module: Fix the paravirt vs alternative order (bsc#1190497).
x86/pm: Save the MSR validity status at context setup (bsc#1190497).
x86/ptrace: Fix xfpregs_set() incorrect xmm clearing (bsc#1190497).
x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1190497).
x86/traps: Demand-populate PASID MSR via #GP (jsc#SLE-24350).
x86/traps: Mark do_int3() NOKPROBE_SYMBOL (bsc#1190497).
x86/tsx: Use MSR_TSX_CTRL to clear CPUID bits (bsc#1190497).
x86/unwind: kABI workaround for unwind_state changes (bsc#1193277).
x86/unwind: Recover kretprobe trampoline entry (bsc#1193277).
xen/blkfront: fix comment for need_copy (git-fixes).
xen: fix is_xen_pmu() (git-fixes).
xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue (bsc#1201381).
xen: unexport __init-annotated xen_xlate_map_ballooned_pages() (bsc#1201218).
xen/x86: obtain full video frame buffer address for Dom0 also under EFI (bsc#1193556).
xen/x86: obtain upper 32 bits of video frame buffer address for Dom0 (bsc#1193556).
xfs: drop async cache flushes from CIL commits (bsc#1195669).
xhci: Allow host runtime PM as default for Intel Alder Lake N xHCI (git-fixes).
xhci: Enable runtime PM on second Alderlake controller (git-fixes).
xhci: fix garbage USBSTS being logged in some cases (git-fixes).
xhci: fix runtime PM imbalance in USB2 resume (git-fixes).
xhci: fix uninitialized string returned by xhci_decode_ctrl_ctx() (git-fixes).
xhci: increase usb U3 U0 link resume timeout from 100ms to 500ms (git-fixes).
xhci: make xhci_handshake timeout for xhci_reset() adjustable (git-fixes).
xhci-pci: Allow host runtime PM as default for Intel Meteor Lake xHCI (git-fixes).
xhci-pci: Allow host runtime PM as default for Intel Raptor Lake xHCI (git-fixes).
xhci: Prevent futile URB re-submissions due to incorrect return value (git-fixes).
xhci: re-initialize the HC during resume if HCE was set (git-fixes).
xhci: stop polling roothubs after shutdown (git-fixes).
xhci: turn off port power in shutdown (git-fixes).
xsk: Do not write NULL in SW ring at allocation failure (jsc#SLE-18375).
zsmalloc: decouple class actions from zspage works (bsc#1189998).
zsmalloc: introduce obj_allocated (bsc#1189998).
zsmalloc: introduce some helper functions (bsc#1189998).
zsmalloc: move huge compressed obj from page to zspage (bsc#1189998).
zsmalloc: remove zspage isolation for migration (bsc#1189998).
zsmalloc: rename zs_stat_type to class_stat_type (bsc#1189998).
zsmalloc: replace get_cpu_var with local_lock (bsc#1189998).
zsmalloc: replace per zpage lock with poolmigrate_lock (bsc#1189998).
zsmalloc: Stop using slab fields in struct page (bsc#1189998 bsc#1190208).

Advisory ID	SUSE-SU-2022:2523-1
Released	Fri Jul 22 09:36:50 2022
Summary	Security update for webkit2gtk3
Type	security
Severity	important
References	1201221,CVE-2022-22662,CVE-2022-22677,CVE-2022-26710

Description:

This update for webkit2gtk3 fixes the following issues:
Update to version 2.36.4 (bsc#1201221):

CVE-2022-22662: Processing maliciously crafted web content may disclose sensitive user information.
CVE-2022-22677: The video in a webRTC call may be interrupted if the audio capture gets interrupted.
CVE-2022-26710: Processing maliciously crafted web content may lead to arbitrary code execution.

Advisory ID	SUSE-SU-2022:2530-1
Released	Fri Jul 22 16:00:44 2022
Summary	Security update for java-1_8_0-openjdk
Type	security
Severity	important
References	1198671,1198672,1198673,1198674,1198675,CVE-2022-21426,CVE-2022-21434,CVE-2022-21443,CVE-2022-21476,CVE-2022-21496

Description:

This update for java-1_8_0-openjdk fixes the following issues:
Update to version jdk8u332 - April 2022 CPU (icedtea-3.23.0)

CVE-2022-21426: Better XPath expression handling (bsc#1198672)
CVE-2022-21443: Improved Object Identification (bsc#1198675)
CVE-2022-21434: Better invocation handler handling (bsc#1198674)
CVE-2022-21476: Improve Santuario processing (bsc#1198671)
CVE-2022-21496: Improve URL supports (bsc#1198673)

And further Security fixes, Import of OpenJDK 8 u332, Backports and Bug fixes.

Advisory ID	SUSE-SU-2022:2532-1
Released	Fri Jul 22 17:23:16 2022
Summary	Security update for python-M2Crypto
Type	security
Severity	important
References	1178829,CVE-2020-25657

Description:

This update for python-M2Crypto fixes the following issues:

CVE-2020-25657: Fixed Bleichenbacher timing attacks in the RSA decryption API (bsc#1178829).

Advisory ID	SUSE-SU-2022:2533-1
Released	Fri Jul 22 17:37:15 2022
Summary	Security update for mozilla-nss
Type	security
Severity	important
References	1192079,1192080,1192086,1192087,1192228,1198486,1200027,CVE-2022-31741

Description:

This update for mozilla-nss fixes the following issues:
Various FIPS 140-3 related fixes were backported from SUSE Linux Enterprise 15 SP4:

Makes the PBKDF known answer test compliant with NIST SP800-132. (bsc#1192079).
FIPS: Add on-demand integrity tests through sftk_FIPSRepeatIntegrityCheck() (bsc#1198980).
FIPS: mark algorithms as approved/non-approved according to security policy (bsc#1191546, bsc#1201298).
FIPS: remove hard disabling of unapproved algorithms. This requirement is now fulfilled by the service level indicator (bsc#1200325).
Run test suite at build time, and make it pass (bsc#1198486).
FIPS: skip algorithms that are hard disabled in FIPS mode.
Prevent expired PayPalEE cert from failing the tests.
Allow checksumming to be disabled, but only if we entered FIPS mode due to NSS_FIPS being set, not if it came from /proc.
FIPS: Make the PBKDF known answer test compliant with NIST SP800-132.
Update FIPS validation string to version-release format.
FIPS: remove XCBC MAC from list of FIPS approved algorithms.
Enable NSS_ENABLE_FIPS_INDICATORS and set NSS_FIPS_MODULE_ID for build.
FIPS: claim 3DES unapproved in FIPS mode (bsc#1192080).
FIPS: allow testing of unapproved algorithms (bsc#1192228).
FIPS: add version indicators. (bmo#1729550, bsc#1192086).
FIPS: fix some secret clearing (bmo#1697303, bsc#1192087).

Version update to NSS 3.79:

Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls.
Update mercurial in clang-format docker image.
Use of uninitialized pointer in lg_init after alloc fail.
selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo.
Add SECMOD_LockedModuleHasRemovableSlots.
Fix secasn1d parsing of indefinite SEQUENCE inside indefinite GROUP.
Added RFC8422 compliant TLS <= 1.2 undefined/compressed ECPointFormat extension alerts.
TLS 1.3 Server: Send protocol_version alert on unsupported ClientHello.legacy_version.
Correct invalid record inner and outer content type alerts.
NSS does not properly import or export pkcs12 files with large passwords and pkcs5v2 encoding.
improve error handling after nssCKFWInstance_CreateObjectHandle.
Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple.
NSS 3.79 should depend on NSPR 4.34

Version update to NSS 3.78.1:

Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple

Version update to NSS 3.78:

Added TLS 1.3 zero-length inner plaintext checks and tests, zero-length record/fragment handling tests.
Reworked overlong record size checks and added TLS1.3 specific boundaries.
Add ECH Grease Support to tstclnt
Add a strict variant of moz::pkix::CheckCertHostname.
Change SSL_REUSE_SERVER_ECDHE_KEY default to false.
Make SEC_PKCS12EnableCipher succeed
Update zlib in NSS to 1.2.12.

Version update to NSS 3.77:

Fix link to TLS page on wireshark wiki
Add two D-TRUST 2020 root certificates.
Add Telia Root CA v2 root certificate.
Remove expired explicitly distrusted certificates from certdata.txt.
support specific RSA-PSS parameters in mozilla::pkix
Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate.
Remove token member from NSSSlot struct.
Provide secure variants of mpp_pprime and mpp_make_prime.
Support UTF-8 library path in the module spec string.
Update nssUTF8_Length to RFC 3629 and fix buffer overrun.
Update googletest to 1.11.0
Add SetTls13GreaseEchSize to experimental API.
TLS 1.3 Illegal legacy_version handling/alerts.
Fix calculation of ECH HRR Transcript.
Allow ld path to be set as environment variable.
Ensure we don't read uninitialized memory in ssl gtests.
Fix DataBuffer Move Assignment.
internal_error alert on Certificate Request with sha1+ecdsa in TLS 1.3
rework signature verification in mozilla::pkix

Version update to NSS 3.76.1

Remove token member from NSSSlot struct.
Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots.
Check return value of PK11Slot_GetNSSToken.
Use Wycheproof JSON for RSASSA-PSS
Add SHA256 fingerprint comments to old certdata.txt entries.
Avoid truncating files in nss-release-helper.py.
Throw illegal_parameter alert for illegal extensions in handshake message.

Version update to NSS 3.75

Make DottedOIDToCode.py compatible with python3.
Avoid undefined shift in SSL_CERT_IS while fuzzing.
Remove redundant key type check.
Update ABI expectations to match ECH changes.
Enable CKM_CHACHA20.
check return on NSS_NoDB_Init and NSS_Shutdown.
Run ECDSA test vectors from bltest as part of the CI tests.
Add ECDSA test vectors to the bltest command line tool.
Allow to build using clang's integrated assembler.
Allow to override python for the build.
test HKDF output rather than input.
Use ASSERT macros to end failed tests early.
move assignment operator for DataBuffer.
Add test cases for ECH compression and unexpected extensions in SH.
Update tests for ECH-13.
Tidy up error handling.
Add tests for ECH HRR Changes.
Server only sends GREASE HRR extension if enabled by preference.
Update generation of the Associated Data for ECH-13.
When ECH is accepted, reject extensions which were only advertised in the Outer Client Hello.
Allow for compressed, non-contiguous, extensions.
Scramble the PSK extension in CHOuter.
Split custom extension handling for ECH.
Add ECH-13 HRR Handling.
Client side ECH padding.
Stricter ClientHelloInner Decompression.
Remove ECH_inner extension, use new enum format.
Update the version number for ECH-13 and adjust the ECHConfig size.

Version update to NSS 3.74

mozilla::pkix: support SHA-2 hashes in CertIDs in OCSP responses
Ensure clients offer consistent ciphersuites after HRR
NSS does not properly restrict server keys based on policy
Set nssckbi version number to 2.54
Replace Google Trust Services LLC (GTS) R4 root certificate
Replace Google Trust Services LLC (GTS) R3 root certificate
Replace Google Trust Services LLC (GTS) R2 root certificate
Replace Google Trust Services LLC (GTS) R1 root certificate
Replace GlobalSign ECC Root CA R4
Remove Expired Root Certificates - DST Root CA X3
Remove Expiring Cybertrust Global Root and GlobalSign root certificates
Add renewed Autoridad de Certificacion Firmaprofesional CIF A62634068 root certificate
Add iTrusChina ECC root certificate
Add iTrusChina RSA root certificate
Add ISRG Root X2 root certificate
Add Chunghwa Telecom's HiPKI Root CA - G1 root certificate
Avoid a clang 13 unused variable warning in opt build
Check for missing signedData field
Ensure DER encoded signatures are within size limits

enable key logging option (boo#1195040)

Version update to NSS 3.73.1:

Add SHA-2 support to mozilla::pkix's OSCP implementation

Version update to NSS 3.73

check for missing signedData field.
Ensure DER encoded signatures are within size limits.
NSS needs FiPS 140-3 version indicators.
pkix_CacheCert_Lookup doesn't return cached certs
sunset Coverity from NSS

Fixed MFSA 2021-51 (bsc#1193170) CVE-2021-43527: Memory corruption via DER-encoded DSA and RSA-PSS signatures
Version update to NSS 3.72

Fix nsinstall parallel failure.
Increase KDF cache size to mitigate perf regression in about:logins

Version update to NSS 3.71

Set nssckbi version number to 2.52.
Respect server requirements of tlsfuzzer/test-tls13-signature-algorithms.py
Import of PKCS#12 files with Camellia encryption is not supported
Add HARICA Client ECC Root CA 2021.
Add HARICA Client RSA Root CA 2021.
Add HARICA TLS ECC Root CA 2021.
Add HARICA TLS RSA Root CA 2021.
Add TunTrust Root CA certificate to NSS.

Version update to NSS 3.70

Update test case to verify fix.
Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max
Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback
Avoid using a lookup table in nssb64d.
Use HW accelerated SHA2 on AArch64 Big Endian.
Change default value of enableHelloDowngradeCheck to true.
Cache additional PBE entries.
Read HPKE vectors from official JSON.

Version update to NSS 3.69.1:

Disable DTLS 1.0 and 1.1 by default
integrity checks in key4.db not happening on private components with AES_CBC

NSS 3.69:

Disable DTLS 1.0 and 1.1 by default (backed out again)
integrity checks in key4.db not happening on private components with AES_CBC (backed out again)
SSL handling of signature algorithms ignores environmental invalid algorithms.
sqlite 3.34 changed it's open semantics, causing nss failures.
Gtest update changed the gtest reports, losing gtest details in all.sh reports.
NSS incorrectly accepting 1536 bit DH primes in FIPS mode
SQLite calls could timeout in starvation situations.
Coverity/cpp scanner errors found in nss 3.67
Import the NSS documentation from MDN in nss/doc.
NSS using a tempdir to measure sql performance not active

Version Update to 3.68.4 (bsc#1200027)

CVE-2022-31741: Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. (bmo#1767590)

Mozilla NSPR was updated to version 4.34:

add an API that returns a preferred loopback IP on hosts that have two IP stacks available.

Advisory ID	SUSE-RU-2022:2545-1
Released	Mon Jul 25 12:48:52 2022
Summary	Recommended update for system-role-common-criteria
Type	recommended
Severity	moderate
References	1194279

Description:

This update for system-role-common-criteria fixes the following issues:

Restore UI layout after Common Criteria confirmation (bsc#1194279)

Advisory ID	SUSE-SU-2022:2546-1
Released	Mon Jul 25 14:43:22 2022
Summary	Security update for gpg2
Type	security
Severity	important
References	1196125,1201225,CVE-2022-34903

Description:

This update for gpg2 fixes the following issues:

CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225).
Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125)

Advisory ID	SUSE-RU-2022:2548-1
Released	Tue Jul 26 13:48:28 2022
Summary	Critical update for python-cssselect
Type	recommended
Severity	critical
References

Description:

This update for python-cssselect implements packages to the unrestrictied repository.

Advisory ID	SUSE-SU-2022:2550-1
Released	Tue Jul 26 14:00:21 2022
Summary	Security update for git
Type	security
Severity	important
References	1201431,CVE-2022-29187

Description:

This update for git fixes the following issues:

CVE-2022-29187: Incomplete fix for CVE-2022-24765: potential command injection via git worktree (bsc#1201431).

Advisory ID	SUSE-SU-2022:2552-1
Released	Tue Jul 26 14:55:40 2022
Summary	Security update for libxml2
Type	security
Severity	important
References	1196490,1199132,CVE-2022-23308,CVE-2022-29824

Description:

This update for libxml2 fixes the following issues:
Update to 2.9.14:

CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132).

Update to version 2.9.13:

CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes. (bsc#1196490)

Advisory ID	SUSE-SU-2022:2561-1
Released	Wed Jul 27 14:18:56 2022
Summary	Security update for mariadb
Type	security
Severity	important
References	1195076,1195325,1195334,1195339,1196016,1198603,1198604,1198605,1198606,1198607,1198609,1198610,1198611,1198612,1198613,1198628,1198629,1198630,1198631,1198632,1198633,1198634,1198635,1198636,1198637,1198638,1198639,1198640,1199928,CVE-2021-46657,CVE-2021-46658,CVE-2021-46659,CVE-2021-46661,CVE-2021-46663,CVE-2021-46664,CVE-2021-46665,CVE-2021-46668,CVE-2021-46669,CVE-2022-24048,CVE-2022-24050,CVE-2022-24051,CVE-2022-24052,CVE-2022-27376,CVE-2022-27377,CVE-2022-27378,CVE-2022-27379,CVE-2022-27380,CVE-2022-27381,CVE-2022-27382,CVE-2022-27383,CVE-2022-27384,CVE-2022-27386,CVE-2022-27387,CVE-2022-27444,CVE-2022-27445,CVE-2022-27446,CVE-2022-27447,CVE-2022-27448,CVE-2022-27449,CVE-2022-27451,CVE-2022-27452,CVE-2022-27455,CVE-2022-27456,CVE-2022-27457,CVE-2022-27458

Description:

This update for mariadb fixes the following issues:

Added mariadb-galera (jsc#SLE-22245)

Update to 10.6.8 (bsc#1199928):

CVE-2021-46669 (bsc#1199928)
CVE-2022-27376 (bsc#1198628)
CVE-2022-27377 (bsc#1198603)
CVE-2022-27378 (bsc#1198604)
CVE-2022-27379 (bsc#1198605)
CVE-2022-27380 (bsc#1198606)
CVE-2022-27381 (bsc#1198607)
CVE-2022-27382 (bsc#1198609)
CVE-2022-27383 (bsc#1198610)
CVE-2022-27384 (bsc#1198611)
CVE-2022-27386 (bsc#1198612)
CVE-2022-27387 (bsc#1198613)
CVE-2022-27444 (bsc#1198634)
CVE-2022-27445 (bsc#1198629)
CVE-2022-27446 (bsc#1198630)
CVE-2022-27447 (bsc#1198631)
CVE-2022-27448 (bsc#1198632)
CVE-2022-27449 (bsc#1198633)
CVE-2022-27451 (bsc#1198639)
CVE-2022-27452 (bsc#1198640)
CVE-2022-27455 (bsc#1198638)
CVE-2022-27456 (bsc#1198635)
CVE-2022-27457 (bsc#1198636)
CVE-2022-27458 (bsc#1198637)

The following issue is not affecting this package: CVE-2022-21427

Update to 10.6.7 (bsc#1196016):

CVE-2021-46665, CVE-2021-46664, CVE-2021-46661, CVE-2021-46668, CVE-2021-46663

Update to 10.6.6:

CVE-2022-24052, CVE-2022-24051, CVE-2022-24050, CVE-2022-24048, CVE-2021-46659 (bsc#1195339)

The following issues have been fixed already but didn't have CVE references:

CVE-2021-46658 (bsc#1195334)
CVE-2021-46657 (bsc#1195325)

Non security fixes:

Skip failing tests for s390x, fixes bsc#1195076

External refernences:

https://mariadb.com/kb/en/library/mariadb-1068-release-notes
https://mariadb.com/kb/en/library/mariadb-1068-changelog
https://mariadb.com/kb/en/library/mariadb-1067-release-notes
https://mariadb.com/kb/en/library/mariadb-1067-changelog
https://mariadb.com/kb/en/library/mariadb-1066-release-notes
https://mariadb.com/kb/en/library/mariadb-1066-changelog

Advisory ID	SUSE-SU-2022:2566-1
Released	Wed Jul 27 15:04:49 2022
Summary	Security update for pcre2
Type	security
Severity	important
References	1199235,CVE-2022-1587

Description:

This update for pcre2 fixes the following issues:

CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235).

Advisory ID	SUSE-RU-2022:2573-1
Released	Thu Jul 28 04:24:19 2022
Summary	Recommended update for libzypp, zypper
Type	recommended
Severity	moderate
References	1194550,1197684,1199042

Description:

This update for libzypp, zypper fixes the following issues:
libzypp:

appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684)
zypp-rpm: flush rpm script output buffer before sending endOfScriptTag
PluginRepoverification: initial version hooked into repo::Downloader and repo refresh
Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived (bsc#1199042)
singletrans: no dry-run commit if doing just download-only
Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were removed at the beginning of the repo.
Fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER

zypper:

Basic JobReport for 'cmdout/monitor'
versioncmp: if verbose, also print the edition 'parts' which are compared
Make sure MediaAccess is closed on exception (bsc#1194550)
Display plus-content hint conditionally
Honor the NO_COLOR environment variable when auto-detecting whether to use color
Define table columns which should be sorted natural [case insensitive]
lr/ls: Use highlight color on name and alias as well

Advisory ID	SUSE-SU-2022:2581-1
Released	Thu Jul 28 17:12:36 2022
Summary	Security update for libguestfs
Type	security
Severity	moderate
References	1201064,CVE-2022-2211

Description:

This update for libguestfs fixes the following issues:

CVE-2022-2211: Fixed a buffer overflow in get_keys (bsc#1201064).

Advisory ID	SUSE-SU-2022:2583-1
Released	Fri Jul 29 10:42:06 2022
Summary	Security update for aws-iam-authenticator
Type	security
Severity	important
References	1201395,CVE-2022-2385

Description:

This update for aws-iam-authenticator fixes the following issues:

CVE-2022-2385: Fixed AccessKeyID validation bypass (bsc#1201395).

Advisory ID	SUSE-RU-2022:2588-1
Released	Fri Jul 29 12:08:18 2022
Summary	Recommended update for fence-agents
Type	recommended
Severity	moderate
References	1195891

Description:

This update for fence-agents fixes the following issue:

Azure fence agent doesn't work correctly on SLES15 SP3 - fence_azure_arm fails with error 'MSIAuthentication' object has no attribute 'get_token' (bsc#1195891)

Advisory ID	SUSE-SU-2022:2592-1
Released	Fri Jul 29 13:34:21 2022
Summary	Security update for rubygem-tzinfo
Type	security
Severity	important
References	1201835,CVE-2022-31163

Description:

This update for rubygem-tzinfo fixes the following issues:

CVE-2022-31163: Fixed relative path traversal vulnerability that allows TZInfo::Timezone.get to load arbitrary files (bsc#1201835).

Advisory ID	SUSE-RU-2022:2593-1
Released	Fri Jul 29 13:48:28 2022
Summary	Recommended update for perl-IO-Socket-SSL
Type	recommended
Severity	moderate
References	1200295

Description:

This update for perl-IO-Socket-SSL fixes the following issues:

Follow system crypto-policies 'PROFILE=SYSTEM' on OpenSSL ciphers (bsc#1200295)

Advisory ID	SUSE-SU-2022:2595-1
Released	Fri Jul 29 16:00:42 2022
Summary	Security update for mozilla-nss
Type	security
Severity	important
References	1192079,1192080,1192086,1192087,1192228,1198486,1200027,CVE-2022-31741

Description:

This update for mozilla-nss fixes the following issues:
Various FIPS 140-3 related fixes were backported from SUSE Linux Enterprise 15 SP4:

Makes the PBKDF known answer test compliant with NIST SP800-132. (bsc#1192079).
FIPS: Add on-demand integrity tests through sftk_FIPSRepeatIntegrityCheck() (bsc#1198980).
FIPS: mark algorithms as approved/non-approved according to security policy (bsc#1191546, bsc#1201298).
FIPS: remove hard disabling of unapproved algorithms. This requirement is now fulfilled by the service level indicator (bsc#1200325).
Run test suite at build time, and make it pass (bsc#1198486).
FIPS: skip algorithms that are hard disabled in FIPS mode.
Prevent expired PayPalEE cert from failing the tests.
Allow checksumming to be disabled, but only if we entered FIPS mode due to NSS_FIPS being set, not if it came from /proc.
FIPS: Make the PBKDF known answer test compliant with NIST SP800-132.
Update FIPS validation string to version-release format.
FIPS: remove XCBC MAC from list of FIPS approved algorithms.
Enable NSS_ENABLE_FIPS_INDICATORS and set NSS_FIPS_MODULE_ID for build.
FIPS: claim 3DES unapproved in FIPS mode (bsc#1192080).
FIPS: allow testing of unapproved algorithms (bsc#1192228).
FIPS: add version indicators. (bmo#1729550, bsc#1192086).
FIPS: fix some secret clearing (bmo#1697303, bsc#1192087).

Version update to NSS 3.79:

Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls.
Update mercurial in clang-format docker image.
Use of uninitialized pointer in lg_init after alloc fail.
selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo.
Add SECMOD_LockedModuleHasRemovableSlots.
Fix secasn1d parsing of indefinite SEQUENCE inside indefinite GROUP.
Added RFC8422 compliant TLS <= 1.2 undefined/compressed ECPointFormat extension alerts.
TLS 1.3 Server: Send protocol_version alert on unsupported ClientHello.legacy_version.
Correct invalid record inner and outer content type alerts.
NSS does not properly import or export pkcs12 files with large passwords and pkcs5v2 encoding.
improve error handling after nssCKFWInstance_CreateObjectHandle.
Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple.
NSS 3.79 should depend on NSPR 4.34

Version update to NSS 3.78.1:

Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple

Version update to NSS 3.78:

Added TLS 1.3 zero-length inner plaintext checks and tests, zero-length record/fragment handling tests.
Reworked overlong record size checks and added TLS1.3 specific boundaries.
Add ECH Grease Support to tstclnt
Add a strict variant of moz::pkix::CheckCertHostname.
Change SSL_REUSE_SERVER_ECDHE_KEY default to false.
Make SEC_PKCS12EnableCipher succeed
Update zlib in NSS to 1.2.12.

Version update to NSS 3.77:

Fix link to TLS page on wireshark wiki
Add two D-TRUST 2020 root certificates.
Add Telia Root CA v2 root certificate.
Remove expired explicitly distrusted certificates from certdata.txt.
support specific RSA-PSS parameters in mozilla::pkix
Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate.
Remove token member from NSSSlot struct.
Provide secure variants of mpp_pprime and mpp_make_prime.
Support UTF-8 library path in the module spec string.
Update nssUTF8_Length to RFC 3629 and fix buffer overrun.
Update googletest to 1.11.0
Add SetTls13GreaseEchSize to experimental API.
TLS 1.3 Illegal legacy_version handling/alerts.
Fix calculation of ECH HRR Transcript.
Allow ld path to be set as environment variable.
Ensure we don't read uninitialized memory in ssl gtests.
Fix DataBuffer Move Assignment.
internal_error alert on Certificate Request with sha1+ecdsa in TLS 1.3
rework signature verification in mozilla::pkix

Version update to NSS 3.76.1

Remove token member from NSSSlot struct.
Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots.
Check return value of PK11Slot_GetNSSToken.
Use Wycheproof JSON for RSASSA-PSS
Add SHA256 fingerprint comments to old certdata.txt entries.
Avoid truncating files in nss-release-helper.py.
Throw illegal_parameter alert for illegal extensions in handshake message.

Version update to NSS 3.75

Make DottedOIDToCode.py compatible with python3.
Avoid undefined shift in SSL_CERT_IS while fuzzing.
Remove redundant key type check.
Update ABI expectations to match ECH changes.
Enable CKM_CHACHA20.
check return on NSS_NoDB_Init and NSS_Shutdown.
Run ECDSA test vectors from bltest as part of the CI tests.
Add ECDSA test vectors to the bltest command line tool.
Allow to build using clang's integrated assembler.
Allow to override python for the build.
test HKDF output rather than input.
Use ASSERT macros to end failed tests early.
move assignment operator for DataBuffer.
Add test cases for ECH compression and unexpected extensions in SH.
Update tests for ECH-13.
Tidy up error handling.
Add tests for ECH HRR Changes.
Server only sends GREASE HRR extension if enabled by preference.
Update generation of the Associated Data for ECH-13.
When ECH is accepted, reject extensions which were only advertised in the Outer Client Hello.
Allow for compressed, non-contiguous, extensions.
Scramble the PSK extension in CHOuter.
Split custom extension handling for ECH.
Add ECH-13 HRR Handling.
Client side ECH padding.
Stricter ClientHelloInner Decompression.
Remove ECH_inner extension, use new enum format.
Update the version number for ECH-13 and adjust the ECHConfig size.

Version update to NSS 3.74

mozilla::pkix: support SHA-2 hashes in CertIDs in OCSP responses
Ensure clients offer consistent ciphersuites after HRR
NSS does not properly restrict server keys based on policy
Set nssckbi version number to 2.54
Replace Google Trust Services LLC (GTS) R4 root certificate
Replace Google Trust Services LLC (GTS) R3 root certificate
Replace Google Trust Services LLC (GTS) R2 root certificate
Replace Google Trust Services LLC (GTS) R1 root certificate
Replace GlobalSign ECC Root CA R4
Remove Expired Root Certificates - DST Root CA X3
Remove Expiring Cybertrust Global Root and GlobalSign root certificates
Add renewed Autoridad de Certificacion Firmaprofesional CIF A62634068 root certificate
Add iTrusChina ECC root certificate
Add iTrusChina RSA root certificate
Add ISRG Root X2 root certificate
Add Chunghwa Telecom's HiPKI Root CA - G1 root certificate
Avoid a clang 13 unused variable warning in opt build
Check for missing signedData field
Ensure DER encoded signatures are within size limits

enable key logging option (boo#1195040)

Version update to NSS 3.73.1:

Add SHA-2 support to mozilla::pkix's OSCP implementation

Version update to NSS 3.73

check for missing signedData field.
Ensure DER encoded signatures are within size limits.
NSS needs FiPS 140-3 version indicators.
pkix_CacheCert_Lookup doesn't return cached certs
sunset Coverity from NSS

Fixed MFSA 2021-51 (bsc#1193170) CVE-2021-43527: Memory corruption via DER-encoded DSA and RSA-PSS signatures
Version update to NSS 3.72

Fix nsinstall parallel failure.
Increase KDF cache size to mitigate perf regression in about:logins

Version update to NSS 3.71

Set nssckbi version number to 2.52.
Respect server requirements of tlsfuzzer/test-tls13-signature-algorithms.py
Import of PKCS#12 files with Camellia encryption is not supported
Add HARICA Client ECC Root CA 2021.
Add HARICA Client RSA Root CA 2021.
Add HARICA TLS ECC Root CA 2021.
Add HARICA TLS RSA Root CA 2021.
Add TunTrust Root CA certificate to NSS.

Version update to NSS 3.70

Update test case to verify fix.
Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max
Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback
Avoid using a lookup table in nssb64d.
Use HW accelerated SHA2 on AArch64 Big Endian.
Change default value of enableHelloDowngradeCheck to true.
Cache additional PBE entries.
Read HPKE vectors from official JSON.

Version update to NSS 3.69.1:

Disable DTLS 1.0 and 1.1 by default
integrity checks in key4.db not happening on private components with AES_CBC

NSS 3.69:

Disable DTLS 1.0 and 1.1 by default (backed out again)
integrity checks in key4.db not happening on private components with AES_CBC (backed out again)
SSL handling of signature algorithms ignores environmental invalid algorithms.
sqlite 3.34 changed it's open semantics, causing nss failures.
Gtest update changed the gtest reports, losing gtest details in all.sh reports.
NSS incorrectly accepting 1536 bit DH primes in FIPS mode
SQLite calls could timeout in starvation situations.
Coverity/cpp scanner errors found in nss 3.67
Import the NSS documentation from MDN in nss/doc.
NSS using a tempdir to measure sql performance not active

Version Update to 3.68.4 (bsc#1200027)

CVE-2022-31741: Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. (bmo#1767590)

Advisory ID	SUSE-SU-2022:2597-1
Released	Fri Jul 29 16:12:04 2022
Summary	Security update for xen
Type	security
Severity	important
References	1027519,1199965,1199966,1200549,1201394,1201469,CVE-2022-21123,CVE-2022-21125,CVE-2022-21166,CVE-2022-23816,CVE-2022-23825,CVE-2022-26362,CVE-2022-26363,CVE-2022-26364,CVE-2022-29900,CVE-2022-33745

Description:

This update for xen fixes the following issues:

CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (XSA-402) (bsc#1199966).
CVE-2022-21123, CVE-2022-21125, CVE-2022-21166: Fixed MMIO stale data vulnerabilities on x86 (XSA-404) (bsc#1200549).
CVE-2022-26362: Fixed a race condition in typeref acquisition (XSA-401) (bsc#1199965).
CVE-2022-33745: Fixed insufficient TLB flush for x86 PV guests in shadow mode (XSA-408) (bsc#1201394).
CVE-2022-23816, CVE-2022-23825, CVE-2022-29900: Fixed RETBLEED vulnerability, arbitrary speculative code execution with return instructions (XSA-407) (bsc#1201469).

Fixed several upstream bugs (bsc#1027519).

Advisory ID	SUSE-SU-2022:2609-1
Released	Mon Aug 1 09:48:13 2022
Summary	Security update for booth
Type	security
Severity	important
References	1201946,CVE-2022-2553

Description:

This update for booth fixes the following issues:

CVE-2022-2553: authfile directive in booth config file is completely ignored (bsc#1201946).

Advisory ID	SUSE-SU-2022:2611-1
Released	Mon Aug 1 09:57:27 2022
Summary	Security update for MozillaFirefox
Type	security
Severity	important
References	1201758,CVE-2022-36318,CVE-2022-36319

Description:

This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 91.12.0 ESR (bsc#1201758):

CVE-2022-36319: Mouse Position spoofing with CSS transforms
CVE-2022-36318: Directory indexes for bundled resources reflected URL parameters

Advisory ID	SUSE-RU-2022:2613-1
Released	Mon Aug 1 10:28:50 2022
Summary	Recommended update for python-parallax
Type	recommended
Severity	moderate
References	1200833

Description:

This update for python-parallax fixes the following issues:

Don't use ssh if a command is running on local (bsc#1200833)

Advisory ID	SUSE-SU-2022:2615-1
Released	Mon Aug 1 10:41:57 2022
Summary	Security update for the Linux Kernel
Type	security
Severity	important
References	1055117,1061840,1065729,1071995,1089644,1103269,1118212,1121726,1137728,1156395,1157038,1157923,1175667,1179439,1179639,1180814,1183682,1183872,1184318,1184924,1187716,1188885,1189998,1190137,1190208,1190336,1190497,1190768,1190786,1190812,1191271,1191663,1192483,1193064,1193277,1193289,1193431,1193556,1193629,1193640,1193787,1193823,1193852,1194086,1194111,1194191,1194409,1194501,1194523,1194526,1194583,1194585,1194586,1194625,1194765,1194826,1194869,1195099,1195287,1195478,1195482,1195504,1195651,1195668,1195669,1195775,1195823,1195826,1195913,1195915,1195926,1195944,1195957,1195987,1196079,1196114,1196130,1196213,1196306,1196367,1196400,1196426,1196478,1196514,1196570,1196723,1196779,1196830,1196836,1196866,1196868,1196869,1196901,1196930,1196942,1196960,1197016,1197157,1197227,1197243,1197292,1197302,1197303,1197304,1197362,1197386,1197501,1197601,1197661,1197675,1197761,1197817,1197819,1197820,1197888,1197889,1197894,1197915,1197917,1197918,1197920,1197921,1197922,1197926,1198009,1198010,1198012,1198013,1198014,1198015,1198016,1198017,1198018,1198019,1198020,1198021,1198022,1198023,1198024,1198027,1198030,1198034,1198058,1198217,1198379,1198400,1198402,1198412,1198413,1198438,1198484,1198577,1198585,1198660,1198802,1198803,1198806,1198811,1198826,1198835,1198968,1198971,1199011,1199024,1199035,1199046,1199052,1199063,1199163,1199173,1199260,1199314,1199390,1199426,1199433,1199439,1199482,1199487,1199505,1199507,1199605,1199611,1199626,1199631,1199650,1199657,1199674,1199736,1199793,1199839,1199875,1199909,1200015,1200019,1200045,1200046,1200144,1200205,1200211,1200259,1200263,1200284,1200315,1200343,1200420,1200442,1200475,1200502,1200567,1200569,1200571,1200572,1200599,1200600,1200608,1200611,1200619,1200692,1200762,1200763,1200806,1200807,1200808,1200809,1200810,1200812,1200815,1200816,1200820,1200822,1200824,1200825,1200827,1200828,1200829,1200830,1200845,1200882,1200925,1201050,1201160,1201171,1201177,1201193,1201196,1201218,1201222,1201228,1201251,150300,CVE-2021-26341,CVE-2021-33061,CVE-2021-4204,CVE-2021-44879,CVE-2021-45402,CVE-2022-0264,CVE-2022-0494,CVE-2022-0617,CVE-2022-1012,CVE-2022-1016,CVE-2022-1184,CVE-2022-1198,CVE-2022-1205,CVE-2022-1508,CVE-2022-1651,CVE-2022-1652,CVE-2022-1671,CVE-2022-1679,CVE-2022-1729,CVE-2022-1734,CVE-2022-1789,CVE-2022-1852,CVE-2022-1966,CVE-2022-1972,CVE-2022-1974,CVE-2022-1998,CVE-2022-20132,CVE-2022-20154,CVE-2022-21123,CVE-2022-21125,CVE-2022-21127,CVE-2022-21166,CVE-2022-21180,CVE-2022-21499,CVE-2022-2318,CVE-2022-23222,CVE-2022-26365,CVE-2022-26490,CVE-2022-29582,CVE-2022-29900,CVE-2022-29901,CVE-2022-30594,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742,CVE-2022-33743,CVE-2022-33981,CVE-2022-34918

Description:

The SUSE Linux Enterprise 15 SP4 kernel was updated.
The following security bugs were fixed:

CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657).
CVE-2022-34918: Fixed a buffer overflow with nft_set_elem_init() that could be used by a local attacker to escalate privileges (bnc#1201171).
CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050).
CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599).
CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer handler in net/rose/rose_timer.c that allow attackers to crash the system without any privileges (bsc#1201251).
CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762).
CVE-2022-33743: Fixed a Denial of Service related to XDP (bsc#1200763).
CVE-2022-1966: Fixed a use-after-free vulnerability in the Netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue. (bnc#1200015)
CVE-2022-1852: Fixed a null-ptr-deref in the kvm module which can lead to DoS. (bsc#1199875)
CVE-2022-1789: Fixed a NULL pointer dereference when shadow paging is enabled. (bnc#1199674)
CVE-2022-1508: Fixed an out-of-bounds read flaw that could cause the system to crash. (bsc#1198968)
CVE-2022-1671: Fixed a null-ptr-deref bugs in net/rxrpc/server_key.c, unprivileged users could easily trigger it via ioctl. (bsc#1199439)
CVE-2022-1651: Fixed a bug in ACRN Device Model emulates virtual NICs in VM. This flaw may allow a local privileged attacker to leak kernel unauthorized information and also cause a denial of service problem. (bsc#1199433)
CVE-2022-29582: Fixed a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race condition perhaps can only be exploited infrequently. (bnc#1198811)
CVE-2022-0494: Fixed a kernel information leak flaw in the scsi_ioctl function. This flaw allowed a local attacker with a special user privilege to create issues with confidentiality. (bnc#1197386)
CVE-2021-4204: Fixed a vulnerability that allows local attackers to escalate privileges on affected installations via ebpf. (bnc#1194111)
CVE-2022-23222: Fixed a bug that allowed local users to gain privileges. (bnc#1194765)
CVE-2022-0264: Fixed a vulnerability in the Linux kernel's eBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel. (bnc#1194826)
CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197227)
CVE-2022-1205: Fixed null pointer dereference and use-after-free vulnerabilities that allow an attacker to crash the linux kernel by simulating Amateur Radio. (bsc#1198027)
CVE-2022-1198: Fixed an use-after-free vulnerability that allow an attacker to crash the linux kernel by simulating Amateur Radio (bsc#1198030).
CVE-2022-1972: Fixed a buffer overflow in nftable that could lead to privilege escalation. (bsc#1200019)
CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507).
CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063).
CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505).
CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426).
CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144)
CVE-2022-21499: Reinforce the kernel lockdown feature, until now it's been trivial to break out of it with kgdb or kdb. (bsc#1199426)
CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when mounting and operating on a corrupted image. (bsc#1198577)
CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605)
CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987).
CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079)
CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could crash the system or corrupt the system memory. (bsc#1196830)
CVE-2021-45402: The check_alu_op function in kernel/bpf/verifier.c did not properly update bounds while handling the mov32 instruction, which allowed local users to obtain potentially sensitive address information (bsc#1196130).
CVE-2022-1679: Fixed use-after-free in ath9k in ath9k_hif_usb_rx_cb (bsc#1199487).
CVE-2022-20132: Fixed several potential out of bounds reads via malicious HID device (bsc#1200619).
CVE-2022-1012: Fixed an information leak in net/ipv4/tcp.c (bsc#1199482).
CVE-2022-33981: Fixed use-after-free in floppy driver (bnc#1200692).
CVE-2022-1998: Fixed use-after-free in fanotify (bnc#1200284).

The following non-security bugs were fixed:

ACPI: APEI: fix return value of __setup handlers (git-fixes).
ACPI/APEI: Limit printable size of BERT table data (git-fixes).
ACPI: battery: Add device HID and quirk for Microsoft Surface Go 3 (git-fixes).
ACPI: bus: Avoid using CPPC if not supported by firmware (bsc#1199793).
ACPICA: Avoid cache flush inside virtual machines (git-fixes).
ACPICA: Avoid walking the ACPI Namespace if it is not there (git-fixes).
ACPI: CPPC: Assume no transition latency if no PCCT (git-fixes).
ACPI: CPPC: Avoid out of bounds access when parsing _CPC data (git-fixes).
ACPI: docs: enumeration: Amend PWM enumeration ASL example (git-fixes).
ACPI: docs: enumeration: Discourage to use custom _DSM methods (git-fixes).
ACPI: docs: enumeration: Remove redundant .owner assignment (git-fixes).
ACPI: docs: enumeration: Update UART serial bus resource documentation (git-fixes).
ACPI/IORT: Check node revision for PMCG resources (git-fixes).
ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default (git-fixes).
ACPI: PM: Revert 'Only mark EC GPE for wakeup on Intel systems' (git-fixes).
ACPI: PM: s2idle: Cancel wakeup before dispatching EC GPE (git-fixes).
ACPI: processor idle: Allow playing dead in C3 state (git-fixes).
ACPI: processor: idle: Avoid falling back to C3 type C-states (git-fixes).
ACPI: processor idle: Check for architectural support for LPI (git-fixes).
ACPI: processor: idle: fix lockup regression on 32-bit ThinkPad T40 (git-fixes).
ACPI: properties: Consistently return -ENOENT if there are no more references (git-fixes).
ACPI: property: Release subnode properties with data nodes (git-fixes).
ACPI: sysfs: Fix BERT error region memory mapping (git-fixes).
ACPI: video: Change how we determine if brightness key-presses are handled (git-fixes).
ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU (git-fixes).
ACPI / x86: Work around broken XSDT on Advantech DAC-BJ01 board (git-fixes).
Add missing recommends of kernel-install-tools to kernel-source-vanilla (bsc#1200442)
Add references to IBM bugs
Add various fsctl structs (bsc#1193629).
Adjust cifssb maximum read size (bsc#1193629).
af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register (git-fixes).
aio: Fix incorrect usage of eventfd_signal_allowed() (git-fixes).
ALSA: cmipci: Restore aux vol on suspend/resume (git-fixes).
ALSA: core: Add snd_card_free_on_error() helper (git-fixes).
ALSA: cs4236: fix an incorrect NULL check on list iterator (git-fixes).
ALSA: ctxfi: Add SB046x PCI ID (git-fixes).
ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction (git-fixes).
ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes (git-fixes).
ALSA: hda: Add AlderLake-PS variant PCI ID (git-fixes).
ALSA: hda: Add PCI and HDMI IDs for Intel Raptor Lake (git-fixes).
ALSA: hda: Avoid unsol event during RPM suspending (git-fixes).
ALSA: hda/conexant - Fix loopback issue with CX20632 (git-fixes).
ALSA: hda/conexant: Fix missing beep setup (git-fixes).
ALSA: hda: Fix discovery of i915 graphics PCI device (bsc#1200611).
ALSA: hda: Fix driver index handling at re-binding (git-fixes).
ALSA: hda: Fix missing codec probe on Shenker Dock 15 (git-fixes).
ALSA: hda: Fix regression on forced probe mask option (git-fixes).
ALSA: hda: Fix signedness of sscanf() arguments (git-fixes).
ALSA: hda - fix unused Realtek function when PM is not enabled (git-fixes).
ALSA: hda/hdmi: fix warning about PCM count when used with SOF (git-fixes).
ALSA: hda/i915: Fix one too many pci_dev_put() (git-fixes).
ALSA: hda/i915 - skip acomp init if no matching display (git-fixes).
ALSA: hda: intel-dspcfg: use SOF for UpExtreme and UpExtreme11 boards (git-fixes).
ALSA: hda: intel-dsp-config: update AlderLake PCI IDs (git-fixes).
ALSA: hda: intel-nhlt: remove use of __func__ in dev_dbg (git-fixes).
ALSA: hda/realtek: Add alc256-samsung-headphone fixup (git-fixes).
ALSA: hda/realtek - Add HW8326 support (git-fixes).
ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220 quirks (git-fixes).
ALSA: hda/realtek: Add mute LED quirk for HP Omen laptop (git-fixes).
ALSA: hda/realtek - Add new type for ALC245 (git-fixes).
ALSA: hda/realtek: Add quirk for ASUS GA402 (git-fixes).
ALSA: hda/realtek: Add quirk for ASUS GU603 (git-fixes).
ALSA: hda/realtek: Add quirk for Clevo NP50PNJ (git-fixes).
ALSA: hda/realtek: Add quirk for Clevo NP70PNJ (git-fixes).
ALSA: hda/realtek: Add quirk for Clevo NP70PNP (git-fixes).
ALSA: hda/realtek: Add quirk for Clevo NS50PU (git-fixes).
ALSA: hda/realtek: Add quirk for Clevo PD50PNT (git-fixes).
ALSA: hda/realtek: Add quirk for Clevo PD70PNT (git-fixes).
ALSA: hda/realtek: Add quirk for Dell Latitude 7520 (git-fixes).
ALSA: hda/realtek: Add quirk for HP Dev One (git-fixes).
ALSA: hda/realtek: Add quirk for Legion Y9000X 2019 (git-fixes).
ALSA: hda/realtek: add quirk for Lenovo Thinkpad X12 speakers (git-fixes).
ALSA: hda/realtek: Add quirk for the Framework Laptop (git-fixes).
ALSA: hda/realtek: Add quirk for TongFang devices with pop noise (git-fixes).
ALSA: hda/realtek: Add quirk for Yoga Duet 7 13ITL6 speakers (git-fixes).
ALSA: hda/realtek - ALC897 headset MIC no sound (git-fixes).
ALSA: hda/realtek: Apply fixup for Lenovo Yoga Duet 7 properly (git-fixes).
ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9520 laptop (git-fixes).
ALSA: hda/realtek: Enable headset mic on Lenovo P360 (git-fixes).
ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020 (git-fixes).
ALSA: hda/realtek: Fix deadlock by COEF mutex (bsc#1195913).
ALSA: hda/realtek: Fix for quirk to enable speaker output on the Lenovo Yoga DuetITL 2021 (git-fixes).
ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (git-fixes).
ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS (git-fixes).
ALSA: hda: realtek: Fix race at concurrent COEF updates (git-fixes).
ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine (git-fixes).
ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machines (git-fixes).
ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after reboot from Windows (git-fixes).
ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer chipset) (git-fixes).
ALSA: hda: Set max DMA segment size (git-fixes).
ALSA: hda: Skip codec shutdown in case the codec is not registered (git-fixes).
ALSA: hda/via: Fix missing beep setup (git-fixes).
ALSA: intel_hdmi: Fix reference to PCM buffer address (git-fixes).
ALSA: memalloc: Fix dma_need_sync() checks (bsc#1195913).
ALSA: memalloc: invalidate SG pages before sync (bsc#1195913).
ALSA: oss: Fix PCM OSS buffer allocation overflow (git-fixes).
ALSA: pci: fix reading of swapped values from pcmreg in AC97 codec (git-fixes).
ALSA: pcm: Add stream lock during PCM reset ioctl operations (git-fixes).
ALSA: pcm: Check for null pointer of pointer substream before dereferencing it (git-fixes).
ALSA: pcm: Fix races among concurrent hw_params and hw_free calls (git-fixes).
ALSA: pcm: Fix races among concurrent prealloc proc writes (git-fixes).
ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls (git-fixes).
ALSA: pcm: Fix races among concurrent read/write and buffer changes (git-fixes).
ALSA: pcm: Test for 'silence' field in struct 'pcm_format_data' (git-fixes).
ALSA: spi: Add check for clk_enable() (git-fixes).
ALSA: usb-audio: add mapping for MSI MAG X570S Torpedo MAX (git-fixes).
ALSA: usb-audio: add mapping for new Corsair Virtuoso SE (git-fixes).
ALSA: usb-audio: Add missing ep_idx in fixed EP quirks (git-fixes).
ALSA: usb-audio: Add mute TLV for playback volumes on RODE NT-USB (git-fixes).
ALSA: usb-audio: Add quirk bits for enabling/disabling generic implicit fb (git-fixes).
ALSA: usb-audio: Cancel pending work at closing a MIDI substream (git-fixes).
ALSA: usb-audio: Cap upper limits of buffer/period bytes for implicit fb (git-fixes).
ALSA: usb-audio: Clear MIDI port active flag after draining (git-fixes).
ALSA: usb-audio: Configure sync endpoints before data (git-fixes).
ALSA: usb-audio: Correct quirk for VF0770 (git-fixes).
ALSA: usb-audio: Do not abort resume upon errors (bsc#1195913).
ALSA: usb-audio: Do not get sample rate for MCT Trigger 5 USB-to-HDMI (git-fixes).
ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant (git-fixes).
ALSA: usb-audio: Increase max buffer size (git-fixes).
ALSA: usb-audio: initialize variables that could ignore errors (git-fixes).
ALSA: usb-audio: Limit max buffer and period sizes per time (git-fixes).
ALSA: usb-audio: Move generic implicit fb quirk entries into quirks.c (git-fixes).
ALSA: usb-audio: Optimize TEAC clock quirk (git-fixes).
ALSA: usb-audio: Restore Rane SL-1 quirk (git-fixes).
ALSA: usb-audio: revert to IMPLICIT_FB_FIXED_DEV for M-Audio FastTrack Ultra (git-fixes).
ALSA: usb-audio: Set up (implicit) sync for Saffire 6 (git-fixes).
ALSA: usb-audio: Skip generic sync EP parse for secondary EP (git-fixes).
ALSA: usb-audio: US16x08: Move overflow check before array access (git-fixes).
ALSA: usb-audio: Workaround for clock setup on TEAC devices (git-fixes).
ALSA: wavefront: Proper check of get_user() error (git-fixes).
ALSA: x86: intel_hdmi_audio: enable pm_runtime and set autosuspend delay (git-fixes).
ALSA: x86: intel_hdmi_audio: use pm_runtime_resume_and_get() (git-fixes).
alx: acquire mutex for alx_reinit in alx_change_mtu (git-fixes).
amd/display: set backlight only if required (git-fixes).
arch/arm64: Fix topology initialization for core scheduling (git-fixes).
arm64: Add Cortex-A510 CPU part definition (git-fixes).
arm64: Add part number for Arm Cortex-A78AE (git-fixes).
arm64: Add support for user sub-page fault probing (git-fixes)
arm64: alternatives: mark patch_alternative() as `noinstr` (git-fixes).
arm64: avoid fixmap race condition when create pud mapping (git-fixes).
arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall (git-fixes).
arm64: Correct wrong label in macro __init_el2_gicv3 (git-fixes).
arm64: defconfig: build imx-sdma as a module (git-fixes).
arm64: do not abuse pfn_valid() to ensure presence of linear map (git-fixes).
arm64: Do not defer reserve_crashkernel() for platforms with no DMA memory zones (git-fixes).
arm64: Do not include __READ_ONCE() block in assembly files (git-fixes).
arm64: dts: agilex: use the compatible 'intel,socfpga-agilex-hsotg' (git-fixes).
arm64: dts: armada-3720-turris-mox: Add missing ethernet0 alias (git-fixes).
arm64: dts: broadcom: bcm4908: use proper TWD binding (git-fixes).
arm64: dts: broadcom: Fix sata nodename (git-fixes).
arm64: dts: imx8mm-beacon: Enable RTS-CTS on UART3 (git-fixes).
arm64: dts: imx8mm-venice: fix spi2 pin configuration (git-fixes)
arm64: dts: imx8mn-beacon: Enable RTS-CTS on UART3 (git-fixes).
arm64: dts: imx8mn-ddr4-evk: Describe the 32.768 kHz PMIC clock (git-fixes)
arm64: dts: imx8mn: Fix SAI nodes (git-fixes)
arm64: dts: imx8mp-evk: correct eqos pad settings (git-fixes).
arm64: dts: imx8mp-evk: correct gpio-led pad settings (git-fixes).
arm64: dts: imx8mp-evk: correct I2C1 pad settings (git-fixes).
arm64: dts: imx8mp-evk: correct I2C3 pad settings (git-fixes).
arm64: dts: imx8mp-evk: correct mmc pad settings (git-fixes).
arm64: dts: imx8mp-evk: correct the uart2 pinctl value (git-fixes).
arm64: dts: imx8mp-evk: correct vbus pad settings (git-fixes).
arm64: dts: imx8mp-phyboard-pollux-rdk: correct eqos pad settings (git-fixes).
arm64: dts: imx8mp-phyboard-pollux-rdk: correct i2c2 & mmc settings (git-fixes).
arm64: dts: imx8mp-phyboard-pollux-rdk: correct uart pad settings (git-fixes).
arm64: dts: imx8mq: fix lcdif port node (git-fixes).
arm64: dts: imx8qm: Correct SCU clock controller's compatible (git-fixes)
arm64: dts: imx: Fix imx8*-var-som touchscreen property sizes (git-fixes).
arm64: dts: juno: Remove GICv2m dma-range (git-fixes).
arm64: dts: ls1028a-qds: move rtc node to the correct i2c bus (git-fixes).
arm64: dts: ls1043a: Update i2c dma properties (git-fixes).
arm64: dts: ls1046a: Update i2c node dma properties (git-fixes).
arm64: dts: marvell: armada-37xx: Remap IO space to bus address 0x0 (git-fixes).
arm64: dts: marvell: espressobin-ultra: enable front USB3 port (git-fixes).
arm64: dts: marvell: espressobin-ultra: fix SPI-NOR config (git-fixes).
arm64: dts: meson-g12: add ATF BL32 reserved-memory region (git-fixes).
arm64: dts: meson-g12b-odroid-n2: fix typo 'dio2133' (git-fixes).
arm64: dts: meson-g12: drop BL32 region from SEI510/SEI610 (git-fixes).
arm64: dts: meson-gx: add ATF BL32 reserved-memory region (git-fixes).
arm64: dts: meson: remove CPU opps below 1GHz for G12B boards (git-fixes).
arm64: dts: meson: remove CPU opps below 1GHz for SM1 boards (git-fixes).
arm64: dts: meson-sm1-bananapi-m5: fix wrong GPIO domain for GPIOE_2 (git-fixes).
arm64: dts: meson-sm1-bananapi-m5: fix wrong GPIO pin labeling for CON1 (git-fixes).
arm64: dts: meson-sm1-odroid: fix boot loop after reboot (git-fixes).
arm64: dts: meson-sm1-odroid: use correct enable-gpio pin for tf-io regulator (git-fixes).
arm64: dts: mt8192: Fix nor_flash status disable typo (git-fixes).
arm64: dts: ns2: Fix spi-cpol and spi-cpha property (git-fixes).
arm64: dts: qcom: ipq8074: fix the sleep clock frequency (git-fixes).
arm64: dts: qcom: msm8916-huawei-g7: Clarify installation instructions (git-fixes).
arm64: dts: qcom: msm8994: Fix BLSP[12]_DMA channels count (git-fixes).
arm64: dts: qcom: msm8994: Fix CPU6/7 reg values (git-fixes).
arm64: dts: qcom: msm8994: Fix the cont_splash_mem address (git-fixes).
arm64: dts: qcom: msm8996: Drop flags for mdss irqs (git-fixes).
arm64: dts: qcom: msm8996: remove snps,dw-pcie compatibles (git-fixes).
arm64: dts: qcom: pm8350c: stop depending on thermal_zones label (git-fixes).
arm64: dts: qcom: pmr735a: stop depending on thermal_zones label (git-fixes).
arm64: dts: qcom: qrb5165-rb5: Fix can-clock node name (git-fixes).
arm64: dts: qcom: sdm845-db845c: add wifi variant property (git-fixes).
arm64: dts: qcom: sdm845: Drop flags for mdss irqs (git-fixes).
arm64: dts: qcom: sdm845: fix microphone bias properties and values (git-fixes).
arm64: dts: qcom: sdm845: remove snps,dw-pcie compatibles (git-fixes).
arm64: dts: qcom: sdm845-xiaomi-beryllium: fix typo in panel's vddio-supply property (git-fixes).
arm64: dts: qcom: sm8150: Correct TCS configuration for apps rsc (git-fixes).
arm64: dts: qcom: sm8250: Drop flags for mdss irqs (git-fixes).
arm64: dts: qcom: sm8250: Fix MSI IRQ for PCIe1 and PCIe2 (git-fixes).
arm64: dts: qcom: sm8250: fix PCIe bindings to follow schema (git-fixes).
arm64: dts: qcom: sm8350: Correct TCS configuration for apps rsc (git-fixes).
arm64: dts: qcom: sm8350: Correct UFS symbol clocks (git-fixes).
arm64: dts: qcom: sm8350: Describe GCC dependency clocks (git-fixes).
arm64: dts: qcom: sm8350: Shorten camera-thermal-bottom name (git-fixes).
arm64: dts: renesas: Fix thermal bindings (git-fixes).
arm64: dts: renesas: ulcb-kf: fix wrong comment (git-fixes).
arm64: dts: rockchip: align pl330 node name with dtschema (git-fixes).
arm64: dts: rockchip: fix rk3399-puma eMMC HS400 signal integrity (git-fixes).
arm64: dts: rockchip: fix rk3399-puma-haikou USB OTG mode (git-fixes).
arm64: dts: rockchip: Fix SDIO regulator supply properties on rk3399-firefly (git-fixes).
arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399 (git-fixes).
arm64: dts: rockchip: reorder rk3399 hdmi clocks (git-fixes).
arm64: dts: rockchip: Switch RK3399-Gru DP to SPDIF output (git-fixes).
arm64: dts: ti: j7200-main: Fix 'dtbs_check' serdes_ln_ctrl node (git-fixes).
arm64: dts: ti: j721e-main: Fix 'dtbs_check' in serdes_ln_ctrl node (git-fixes).
arm64: dts: ti: k3-am64: Fix gic-v3 compatible regs (git-fixes).
arm64: dts: ti: k3-am64-main: Remove support for HS400 speed mode (git-fixes).
arm64: dts: ti: k3-am64-mcu: remove incorrect UART base clock rates (git-fixes).
arm64: dts: ti: k3-am65: Fix gic-v3 compatible regs (git-fixes).
arm64: dts: ti: k3-j7200: Fix gic-v3 compatible regs (git-fixes).
arm64: dts: ti: k3-j721e: Fix gic-v3 compatible regs (git-fixes).
arm64: Enable repeat tlbi workaround on KRYO4XX gold CPUs (git-fixes).
arm64: Ensure execute-only permissions are not allowed without EPAN (git-fixes)
arm64: fix clang warning about TRAMP_VALIAS (git-fixes).
arm64: fix types in copy_highpage() (git-fixes).
arm64: ftrace: consistently handle PLTs (git-fixes).
arm64: ftrace: fix branch range checks (git-fixes).
arm64: kasan: fix include error in MTE functions (git-fixes).
arm64: kvm: keep the field workaround_flags in structure kvm_vcpu_arch (git-fixes).
arm64: Mark start_backtrace() notrace and NOKPROBE_SYMBOL (git-fixes)
arm64: mm: Drop 'const' from conditional arm64_dma_phys_limit definition (git-fixes).
arm64: mm: fix p?d_leaf() (git-fixes).
arm64: module: remove (NOLOAD) from linker script (git-fixes).
arm64: mte: Ensure the cleared tags are visible before setting the PTE (git-fixes).
arm64: paravirt: Use RCU read locks to guard stolen_time (git-fixes).
arm64: patch_text: Fixup last cpu should be master (git-fixes).
arm64: prevent instrumentation of bp hardening callbacks (git-fixes).
arm64: signal: nofpsimd: Do not allocate fp/simd context when not available (git-fixes).
arm64: stackleak: fix current_top_of_stack() (git-fixes).
arm64: supported.conf: mark PHY_FSL_IMX8MQ_USB as supported (bsc#1199909)
arm64: tegra: Add missing DFLL reset on Tegra210 (git-fixes).
arm64: tegra: Adjust length of CCPLEX cluster MMIO region (git-fixes).
arm64: Update config files. (bsc#1199909) Add pfuze100 regulator as module
arm64: vdso: fix makefile dependency on vdso.so (git-fixes).
ARM: 9178/1: fix unmet dependency on BITREVERSE for HAVE_ARCH_BITREVERSE (git-fixes).
ARM: 9182/1: mmu: fix returns from early_param() and __setup() functions (git-fixes).
ARM: 9187/1: JIVE: fix return value of __setup handler (git-fixes).
ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame() (git-fixes).
ARM: 9196/1: spectre-bhb: enable for Cortex-A15 (git-fixes).
ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2 (git-fixes).
ARM: at91: fix soc detection for SAM9X60 SiPs (git-fixes).
ARM: at91: pm: use proper compatible for sama5d2's rtc (git-fixes).
ARM: at91: pm: use proper compatibles for sam9x60's rtc and rtt (git-fixes).
ARM: boot: dts: bcm2711: Fix HVS register range (git-fixes).
ARM: cns3xxx: Fix refcount leak in cns3xxx_init (git-fixes).
ARM: configs: multi_v5_defconfig: re-enable CONFIG_V4L_PLATFORM_DRIVERS (git-fixes).
ARM: configs: multi_v5_defconfig: re-enable DRM_PANEL and FB_xxx (git-fixes).
ARM: config: u8500: Re-enable AB8500 battery charging (git-fixes).
ARM: davinci: da850-evm: Avoid NULL pointer dereference (git-fixes).
ARM: Do not use NOCROSSREFS directive with ld.lld (git-fixes).
ARM: dts: am3517-evm: Fix misc pinmuxing (git-fixes).
ARM: dts: aspeed: Add ADC for AST2600 and enable for Rainier and Everest (git-fixes).
ARM: dts: aspeed: Add secure boot controller node (git-fixes).
ARM: dts: aspeed: Add video engine to g6 (git-fixes).
ARM: dts: aspeed: ast2600-evb: Enable RX delay for MAC0/MAC1 (git-fixes).
ARM: dts: aspeed: Fix AST2600 quad spi group (git-fixes).
ARM: dts: aspeed-g6: fix SPI1/SPI2 quad pin group (git-fixes).
ARM: dts: aspeed-g6: remove FWQSPID group in pinctrl dtsi (git-fixes).
ARM: dts: at91: fix pinctrl phandles (git-fixes).
ARM: dts: at91: Map MCLK for wm8731 on at91sam9g20ek (git-fixes).
ARM: dts: at91: sam9x60ek: fix eeprom compatible and size (git-fixes).
ARM: dts: at91: sama5d2: Fix PMERRLOC resource size (git-fixes).
ARM: dts: at91: sama5d2_icp: fix eeprom compatibles (git-fixes).
ARM: dts: at91: sama5d4_xplained: fix pinctrl phandle name (git-fixes).
ARM: dts: bcm2711: Add the missing L1/L2 cache information (git-fixes).
ARM: dts: bcm2711-rpi-400: Fix GPIO line names (git-fixes).
ARM: dts: bcm2835-rpi-b: Fix GPIO line names (git-fixes).
ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT (git-fixes).
ARM: dts: bcm2837: Add the missing L1/L2 cache information (git-fixes).
ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED (git-fixes).
ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C (git-fixes).
ARM: dts: BCM5301X: update CRU block description (git-fixes).
ARM: dts: BCM5301X: Update pin controller node name (git-fixes).
ARM: dts: ci4x10: Adapt to changes in imx6qdl.dtsi regarding fec clocks (git-fixes).
ARM: dts: dra7: Fix suspend warning for vpe powerdomain (git-fixes).
ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM (git-fixes).
ARM: dts: exynos: add missing HDMI supplies on SMDK5250 (git-fixes).
ARM: dts: exynos: add missing HDMI supplies on SMDK5420 (git-fixes).
ARM: dts: exynos: fix UART3 pins configuration in Exynos5250 (git-fixes).
ARM: dts: Fix boot regression on Skomer (git-fixes).
ARM: dts: Fix mmc order for omap3-gta04 (git-fixes).
ARM: dts: Fix OpenBMC flash layout label addresses (git-fixes).
ARM: dts: Fix timer regression for beagleboard revision c (git-fixes).
ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group (git-fixes).
ARM: dts: imx6dl-colibri: Fix I2C pinmuxing (git-fixes).
ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue (git-fixes).
ARM: dts: imx6qdl: correct PU regulator ramp delay (git-fixes).
ARM: dts: imx6qdl-udoo: Properly describe the SD card detect (git-fixes).
ARM: dts: imx6ull-colibri: fix vqmmc regulator (git-fixes).
ARM: dts: imx7: Move hsic_phy power domain to HSIC PHY node (git-fixes).
ARM: dts: imx7ulp: Fix 'assigned-clocks-parents' typo (git-fixes).
ARM: dts: imx7: Use audio_mclk_post_div instead audio_mclk_root_clk (git-fixes).
ARM: dts: imx8mm-venice-gw{71xx,72xx,73xx}: fix OTG controller OC (git-fixes)
ARM: dts: imx: Add missing LVDS decoder on M53Menlo (git-fixes).
ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35 (git-fixes).
ARM: dts: meson8b: Fix the UART device-tree schema validation (git-fixes).
ARM: dts: meson8: Fix the UART device-tree schema validation (git-fixes).
ARM: dts: meson: Fix the UART compatible strings (git-fixes).
ARM: dts: ox820: align interrupt controller node name with dtschema (git-fixes).
ARM: dts: qcom: fix gic_irq_domain_translate warnings for msm8960 (git-fixes).
ARM: dts: qcom: ipq4019: fix sleep clock (git-fixes).
ARM: dts: qcom: msm8974: Drop flags for mdss irqs (git-fixes).
ARM: dts: qcom: sdx55: fix IPA interconnect definitions (git-fixes).
ARM: dts: rockchip: fix a typo on rk3288 crypto-controller (git-fixes).
ARM: dts: rockchip: reorder rk322x hmdi clocks (git-fixes).
ARM: dts: s5pv210: align DMA channels with dtschema (git-fixes).
ARM: dts: s5pv210: Correct interrupt name for bluetooth in Aries (git-fixes).
ARM: dts: s5pv210: Remove spi-cs-high on panel in Aries (git-fixes).
ARM: dts: socfpga: align interrupt controller node name with dtschema (git-fixes).
ARM: dts: socfpga: change qspi to 'intel,socfpga-qspi' (git-fixes).
ARM: dts: spear1340: Update serial node properties (git-fixes).
ARM: dts: spear13xx: Update SPI dma properties (git-fixes).
ARM: dts: stm32: fix AV96 board SAI2 pin muxing on stm32mp15 (git-fixes).
ARM: dts: stm32: Fix PHY post-reset delay on Avenger96 (git-fixes).
ARM: dts: sun8i: v3s: Move the csi1 block to follow address order (git-fixes).
ARM: dts: suniv: F1C100: fix watchdog compatible (git-fixes).
ARM: dts: switch timer config to common devkit8000 devicetree (git-fixes).
ARM: dts: Use 32KiHz oscillator on devkit8000 (git-fixes).
ARM: exynos: Fix refcount leak in exynos_map_pmu (git-fixes).
ARM: fix build warning in proc-v7-bugs.c (git-fixes).
ARM: fix co-processor register typo (git-fixes).
ARM: Fix kgdb breakpoint for Thumb2 (git-fixes).
ARM: Fix refcount leak in axxia_boot_secondary (git-fixes).
ARM: fix Thumb2 regression with Spectre BHB (git-fixes).
ARM: ftrace: avoid redundant loads or clobbering IP (git-fixes).
ARM: ftrace: ensure that ADR takes the Thumb bit into account (git-fixes).
ARM: hisi: Add missing of_node_put after of_find_compatible_node (git-fixes).
ARM: iop32x: offset IRQ numbers by 1 (git-fixes).
ARM: kprobes: Make space for instruction pointer on stack (bsc#1193277).
ARM: mediatek: select arch timer for mt7629 (git-fixes).
ARM: meson: Fix refcount leak in meson_smp_prepare_cpus (git-fixes).
ARM: mmp: Fix failure to remove sram device (git-fixes).
ARM: mstar: Select HAVE_ARM_ARCH_TIMER (git-fixes).
ARM: mxs_defconfig: Enable the framebuffer (git-fixes).
ARM: omap1: ams-delta: remove camera leftovers (git-fixes).
ARM: OMAP1: clock: Fix UART rate reporting algorithm (git-fixes).
ARM: OMAP2+: adjust the location of put_device() call in omapdss_init_of (git-fixes).
ARM: OMAP2+: Fix refcount leak in omap_gic_of_init (git-fixes).
ARM: OMAP2+: hwmod: Add of_node_put() before break (git-fixes).
ARM: pxa: maybe fix gpio lookup tables (git-fixes).
ARM: socfpga: fix missing RESET_CONTROLLER (git-fixes).
ARM: Spectre-BHB: provide empty stub for non-config (git-fixes).
ARM: tegra: tamonten: Fix I2C3 pad setting (git-fixes).
ARM: vexpress/spc: Avoid negative array index when !SMP (git-fixes).
ASoC: amd: Fix reference to PCM buffer address (git-fixes).
ASoC: amd: vg: fix for pm resume callback sequence (git-fixes).
ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe (git-fixes).
ASoC: atmel-classd: Remove endianness flag on class d component (git-fixes).
ASoC: atmel: Fix error handling in sam9x5_wm8731_driver_probe (git-fixes).
ASoC: atmel: Fix error handling in snd_proto_probe (git-fixes).
ASoC: atmel-pdmic: Remove endianness flag on pdmic component (git-fixes).
ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek (git-fixes).
ASoC: atmel_ssc_dai: Handle errors for clk_enable (git-fixes).
ASoC: codecs: Check for error pointer after calling devm_regmap_init_mmio (git-fixes).
ASoC: codecs: lpass-rx-macro: fix sidetone register offsets (git-fixes).
ASoC: codecs: rx-macro: fix accessing array out of bounds for enum type (git-fixes).
ASoC: codecs: rx-macro: fix accessing compander for aux (git-fixes).
ASoC: codecs: va-macro: fix accessing array out of bounds for enum type (git-fixes).
ASoC: codecs: wc938x: fix accessing array out of bounds for enum type (git-fixes).
ASoC: codecs: wcd934x: Add missing of_node_put() in wcd934x_codec_parse_data (git-fixes).
ASoC: codecs: wcd934x: do not switch off SIDO Buck when codec is in use (git-fixes).
ASoC: codecs: wcd934x: fix kcontrol max values (git-fixes).
ASoC: codecs: wcd934x: fix return value of wcd934x_rx_hph_mode_put (git-fixes).
ASoC: codecs: wcd938x: fix return value of mixer put function (git-fixes).
ASoC: cpcap: Check for NULL pointer after calling of_get_child_by_name (git-fixes).
ASoC: cs35l36: Update digital volume TLV (git-fixes).
ASoC: cs4265: Fix the duplicated control name (git-fixes).
ASoC: cs42l51: Correct minimum value for SX volume control (git-fixes).
ASoC: cs42l52: Correct TLV for Bypass Volume (git-fixes).
ASoC: cs42l52: Fix TLV scales for mixer controls (git-fixes).
ASoC: cs42l56: Correct typo in minimum level for SX volume controls (git-fixes).
ASoC: cs53l30: Correct number of volume levels on SX controls (git-fixes).
ASoC: da7219: Fix change notifications for tone generator frequency (git-fixes).
ASoC: dapm: Do not fold register value changes into notifications (git-fixes).
ASoC: dmaengine: do not use a NULL prepare_slave_config() callback (git-fixes).
ASoC: dmaengine: Restore NULL prepare_slave_config() callback (git-fixes).
ASoC: dwc-i2s: Handle errors for clk_enable (git-fixes).
ASoC: es8328: Fix event generation for deemphasis control (git-fixes).
ASoC: fsi: Add check for clk_enable (git-fixes).
ASoC: fsl: Add missing error handling in pcm030_fabric_probe (git-fixes).
ASoC: fsl: Fix refcount leak in imx_sgtl5000_probe (git-fixes).
ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition (git-fixes).
ASoC: fsl_spdif: Disable TX clock when stop (git-fixes).
ASoC: fsl: Use dev_err_probe() helper (git-fixes).
ASoC: hdmi-codec: Fix OOB memory accesses (git-fixes).
ASoC: imx-es8328: Fix error return code in imx_es8328_probe() (git-fixes).
ASoC: imx-hdmi: Fix refcount leak in imx_hdmi_probe (git-fixes).
ASoC: Intel: bytcr_rt5640: Add quirk for the HP Pro Tablet 408 (git-fixes).
ASoC: intel: skylake: Set max DMA segment size (git-fixes).
ASoC: Intel: soc-acpi: correct device endpoints for max98373 (git-fixes).
ASoC: Intel: sof_sdw: fix quirks for 2022 HP Spectre x360 13' (git-fixes).
ASoC: madera: Add dependencies on MFD (git-fixes).
ASoC: max9759: fix underflow in speaker_gain_control_put() (git-fixes).
ASoC: max98090: Generate notifications on changes for custom control (git-fixes).
ASoC: max98090: Move check for invalid values before casting in max98090_put_enab_tlv() (git-fixes).
ASoC: max98090: Reject invalid values in custom control put() (git-fixes).
ASoC: max98357a: remove dependency on GPIOLIB (git-fixes).
ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe (git-fixes).
ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe (git-fixes).
ASoC: mediatek: mt6358: add missing EXPORT_SYMBOLs (git-fixes).
ASoC: mediatek: mt8192-mt6359: Fix error handling in mt8192_mt6359_dev_probe (git-fixes).
ASoC: mediatek: use of_device_get_match_data() (git-fixes).
ASoC: meson: Fix event generation for AUI ACODEC mux (git-fixes).
ASoC: meson: Fix event generation for AUI CODEC mux (git-fixes).
ASoC: meson: Fix event generation for G12A tohdmi mux (git-fixes).
ASoC: msm8916-wcd-analog: Fix error handling in pm8916_wcd_analog_spmi_probe (git-fixes).
ASoC: msm8916-wcd-digital: Check failure for devm_snd_soc_register_component (git-fixes).
ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare() in msm8916_wcd_digital_probe (git-fixes).
ASoC: mxs: Fix error handling in mxs_sgtl5000_probe (git-fixes).
ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe (git-fixes).
ASoC: mxs-saif: Handle errors for clk_enable (git-fixes).
ASoC: nau8822: Add operation for internal PLL off and on (git-fixes).
ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw() (git-fixes).
ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range() (git-fixes).
ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_sx() (git-fixes).
ASoC: ops: Fix stereo change notifications in snd_soc_put_xr_sx() (git-fixes).
ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() (git-fixes).
ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() (git-fixes).
ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() (git-fixes).
ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min (git-fixes).
ASoC: ops: Validate input values in snd_soc_put_volsw_range() (git-fixes).
ASoC: qcom: Actually clear DMA interrupt register for HDMI (git-fixes).
ASoC: rk3328: fix disabling mclk on pclk probe failure (git-fixes).
ASoC: rk817: Fix missing clk_disable_unprepare() in rk817_platform_probe (git-fixes).
ASoC: rk817: Use devm_clk_get() in rk817_platform_probe (git-fixes).
ASoC: rockchip: i2s: Fix missing clk_disable_unprepare() in rockchip_i2s_probe (git-fixes).
ASoC: rsnd: care default case on rsnd_ssiu_busif_err_status_clear() (git-fixes).
ASoC: rsnd: care return value from rsnd_node_fixed_index() (git-fixes).
ASoC: rt1015p: remove dependency on GPIOLIB (git-fixes).
ASoC: rt5514: Fix event generation for 'DSP Voice Wake Up' control (git-fixes).
ASoC: rt5645: Fix errorenous cleanup order (git-fixes).
ASoC: rt5663: check the return value of devm_kzalloc() in rt5663_parse_dp() (git-fixes).
ASoC: rt5668: do not block workqueue if card is unbound (git-fixes).
ASoC: rt5682: do not block workqueue if card is unbound (git-fixes).
ASoC: samsung: Fix refcount leak in aries_audio_probe (git-fixes).
ASoC: samsung: Use dev_err_probe() helper (git-fixes).
ASoC: simple-card: fix probe failure on platform component (git-fixes).
ASoC: simple-card-utils: Set sysclk on all components (git-fixes).
ASoC: soc-compress: Change the check for codec_dai (git-fixes).
ASoC: soc-compress: prevent the potentially use of null pointer (git-fixes).
ASoC: soc-core: skip zero num_dai component in searching dai name (git-fixes).
ASoC: soc-dapm: fix two incorrect uses of list iterator (git-fixes).
ASoC: soc-ops: fix error handling (git-fixes).
ASoC: SOF: Add missing of_node_put() in imx8m_probe (git-fixes).
ASoC: SOF: Fix NULL pointer exception in sof_pci_probe callback (git-fixes).
ASoC: SOF: hda: Set max DMA segment size (git-fixes).
ASoC: SOF: Intel: enable DMI L1 for playback streams (git-fixes).
ASoC: SOF: Intel: Fix build error without SND_SOC_SOF_PCI_DEV (git-fixes).
ASoC: SOF: Intel: Fix NULL ptr dereference when ENOMEM (git-fixes).
ASoC: SOF: Intel: match sdw version on link_slaves_found (git-fixes).
ASoC: SOF: topology: remove redundant code (git-fixes).
ASoC: sti: Fix deadlock via snd_pcm_stop_xrun() call (git-fixes).
ASoC: tas2770: Insert post reset delay (git-fixes).
ASoC: ti: davinci-i2s: Add check for clk_enable() (git-fixes).
ASoC: ti: j721e-evm: Fix refcount leak in j721e_soc_probe_* (git-fixes).
ASoC: topology: Allow TLV control to be either read or write (git-fixes).
ASoC: topology: Correct error handling in soc_tplg_dapm_widget_create() (git-fixes).
ASoC: topology: Optimize soc_tplg_dapm_graph_elems_load behavior (git-fixes).
ASoC: tscs454: Add endianness flag in snd_soc_component_driver (git-fixes).
ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() (git-fixes).
ASoC: wm8350: Handle error for wm8350_register_irq (git-fixes).
ASoC: wm8958: Fix change notifications for DSP controls (git-fixes).
ASoC: wm8962: Fix suspend while playing music (git-fixes).
ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put() (git-fixes).
ASoC: xilinx: xlnx_formatter_pcm: Handle sysclk setting (git-fixes).
ASoC: xilinx: xlnx_formatter_pcm: Make buffer bytes multiple of period bytes (git-fixes).
assoc_array: Fix BUG_ON during garbage collect (git-fixes).
asus-wmi: Add dgpu disable method (bsc#1198058).
asus-wmi: Add egpu enable method (bsc#1198058).
asus-wmi: Add panel overdrive functionality (bsc#1198058).
asus-wmi: Add support for platform_profile (bsc#1198058).
ata: libata: add qc->flags in ata_qc_complete_template tracepoint (git-fixes).
ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs (git-fixes).
ata: libata-core: Disable TRIM on M88V29 (git-fixes).
ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() (git-fixes).
ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files (git-fixes).
ata: pata_hpt37x: disable primary channel on HPT371 (git-fixes).
ata: pata_hpt37x: fix PCI clock detection (git-fixes).
ata: pata_marvell: Check the 'bmdma_addr' beforing reading (git-fixes).
ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe (git-fixes).
ata: sata_dwc_460ex: Fix crash due to OOB write (git-fixes).
ath10k: Fix error handling in ath10k_setup_msa_resources (git-fixes).
ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern (git-fixes).
ath10k: skip ath10k_halt during suspend for driver state RESTARTING (git-fixes).
ath11k: acquire ab->base_lock in unassign when finding the peer by addr (git-fixes).
ath11k: disable spectral scan during spectral deinit (git-fixes).
ath11k: Do not check arvif->is_started before sending management frames (git-fixes).
ath11k: fix kernel panic during unload/load ath11k modules (git-fixes).
ath11k: mhi: use mhi_sync_power_up() (git-fixes).
ath11k: pci: fix crash on suspend if board file is not found (git-fixes).
ath11k: set correct NL80211_FEATURE_DYNAMIC_SMPS for WCN6855 (git-fixes).
ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (git-fixes).
ath9k: fix ar9003_get_eepmisc (git-fixes).
ath9k: fix QCA9561 PA bias level (git-fixes).
ath9k: Fix usage of driver-private space in tx_info (git-fixes).
ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix (git-fixes).
ath9k_htc: fix uninit value bugs (git-fixes).
ath9k: Properly clear TX status area before reporting to mac80211 (git-fixes).
atl1c: fix tx timeout after link flap on Mikrotik 10/25G NIC (git-fixes).
atm: eni: Add check for dma_map_single (git-fixes).
atm: firestream: check the return value of ioremap() in fs_init() (git-fixes).
atomics: Fix atomic64_{read_acquire,set_release} fallbacks (git-fixes).
audit: ensure userspace is penalized the same as the kernel when under pressure (git-fixes).
audit: improve audit queue handling when 'audit=1' on cmdline (git-fixes).
audit: improve robustness of the audit queue handling (git-fixes).
auxdisplay: lcd2s: Fix lcd2s_redefine_char() feature (git-fixes).
auxdisplay: lcd2s: Fix memory leak in ->remove() (git-fixes).
auxdisplay: lcd2s: Use proper API to free the instance of charlcd object (git-fixes).
ax25: Fix NULL pointer dereference in ax25_kill_by_device (git-fixes).
ax25: improve the incomplete fix to avoid UAF and NPD bugs (git-fixes).
b43: Fix assigning negative value to unsigned variable (git-fixes).
b43legacy: Fix assigning negative value to unsigned variable (git-fixes).
bareudp: use ipv6_mod_enabled to check if IPv6 enabled (git-fixes).
batman-adv: Do not expect inter-netns unique iflink indices (git-fixes).
batman-adv: Do not skb_split skbuffs with frag_list (git-fixes).
batman-adv: Request iflink once in batadv_get_real_netdevice (git-fixes).
batman-adv: Request iflink once in batadv-on-batadv check (git-fixes).
bcache: avoid journal no-space deadlock by reserving 1 journal bucket (git-fixes).
bcache: avoid unnecessary soft lockup in kworker update_writeback_rate() (bsc#1197362).
bcache: fixup multiple threads crash (git-fixes).
bcache: fix use-after-free problem in bcache_device_free() (git-fixes).
bcache: improve multithreaded bch_btree_check() (git-fixes).
bcache: improve multithreaded bch_sectors_dirty_init() (git-fixes).
bcache: memset on stack variables in bch_btree_check() and bch_sectors_dirty_init() (git-fixes).
bcache: remove incremental dirty sector counting for bch_sectors_dirty_init() (git-fixes).
bfq: Allow current waker to defend against a tentative one (bsc#1195915).
bfq: Avoid false marking of bic as stably merged (bsc#1197926).
bfq: Avoid merging queues with different parents (bsc#1197926).
bfq: Do not let waker requests skip proper accounting (bsc#1184318).
bfq: Drop pointless unlock-lock pair (bsc#1197926).
bfq: Fix warning in bfqq_request_over_limit() (bsc#1200812).
bfq: Get rid of __bio_blkcg() usage (bsc#1197926).
bfq: Limit number of requests consumed by each cgroup (bsc#1184318).
bfq: Limit waker detection in time (bsc#1184318).
bfq: Make sure bfqg for which we are queueing requests is online (bsc#1197926).
bfq: Relax waker detection for shared queues (bsc#1184318).
bfq: Remove pointless bfq_init_rq() calls (bsc#1197926).
bfq: Split shared queues on move between cgroups (bsc#1197926).
bfq: Store full bitmap depth in bfq_data (bsc#1184318).
bfq: Track number of allocated requests in bfq_entity (bsc#1184318).
bfq: Track whether bfq_group is still online (bsc#1197926).
bfq: Update cgroup information before merging bio (bsc#1197926).
binfmt_flat: do not stop relocating GOT entries prematurely on riscv (git-fixes).
bitfield: add explicit inclusions to the example (git-fixes).
blkcg: Remove extra blkcg_bio_issue_init (bsc#1194585).
blk-cgroup: move blkcg_{get,set}_fc_appid out of line (bsc#1200045).
blk-cgroup: set blkg iostat after percpu stat aggregation (bsc#1198018).
blk-iolatency: Fix inflight count imbalances and IO hangs on offline (bsc#1200825).
blk-mq: cancel blk-mq dispatch work in both blk_cleanup_queue and disk_release() (bsc#1198034).
blk-mq: do not touch ->tagset in blk_mq_get_sq_hctx (bsc#1200824).
blk-mq: do not update io_ticks with passthrough requests (bsc#1200816).
blk-mq: fix tag_get wait task can't be awakened (bsc#1200263).
blk-mq: Fix wrong wakeup batch configuration which will cause hang (bsc#1200263).
blktrace: fix use after free for struct blk_trace (bsc#1198017).
block: assign bi_bdev for cloned bios in blk_rq_prep_clone (bsc#1198016).
block: avoid to quiesce queue in elevator_init_mq (bsc#1198013).
block, bfq: fix UAF problem in bfqg_stats_init() (bsc#1194583).
block: bio-integrity: Advance seed correctly for larger interval sizes (git-fixes).
block: Check ADMIN before NICE for IOPRIO_CLASS_RT (bsc#1198012).
block: do not delete queue kobject before its children (bsc#1198019).
block: do not merge across cgroup boundaries if blkcg is enabled (bsc#1198020).
block: fix async_depth sysfs interface for mq-deadline (bsc#1198015).
block: fix bio_clone_blkg_association() to associate with proper blkcg_gq (bsc#1200259).
block: Fix handling of offline queues in blk_mq_alloc_request_hctx() (git-fixes).
block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) (bsc#1194586).
block: Fix the maximum minor value is blk_alloc_ext_minor() (bsc#1198021).
block: Fix up kabi after blkcg merge fix (bsc#1198020).
block: Hold invalidate_lock in BLKRESETZONE ioctl (bsc#1198010).
block: limit request dispatch loop duration (bsc#1198022).
block/mq-deadline: Improve request accounting further (bsc#1198009).
block: Provide blk_mq_sched_get_icq() (bsc#1184318).
block: update io_ticks when io hang (bsc#1197817).
block/wbt: fix negative inflight counter when remove scsi device (bsc#1197819).
Bluetooth: btintel: Fix WBS setting for Intel legacy ROM products (git-fixes).
Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt (git-fixes).
Bluetooth: btusb: Add another Realtek 8761BU (git-fixes).
Bluetooth: btusb: Add missing Chicony device for Realtek RTL8723BE (bsc#1196779).
Bluetooth: btusb: Add one more Bluetooth part for the Realtek RTL8852AE (git-fixes).
Bluetooth: btusb: Whitespace fixes for btusb_setup_csr() (git-fixes).
Bluetooth: call hci_le_conn_failed with hdev lock in hci_le_conn_failed (git-fixes).
Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout (git-fixes).
Bluetooth: Fix not checking for valid hdev on bt_dev_{info,warn,err,dbg} (git-fixes).
Bluetooth: Fix the creation of hdev->name (git-fixes).
Bluetooth: Fix use after free in hci_send_acl (git-fixes).
Bluetooth: hci_qca: Use del_timer_sync() before freeing (git-fixes).
Bluetooth: hci_serdev: call init_rwsem() before p->open() (git-fixes).
Bluetooth: use hdev lock for accept_list and reject_list in conn req (git-fixes).
Bluetooth: use hdev lock in activate_scan for hci_is_adv_monitoring (git-fixes).
Bluetooth: use memset avoid memory leaks (git-fixes).
bnx2x: fix napi API usage sequence (bsc#1198217).
bnxt_en: Do not destroy health reporters during reset (bsc#1199736).
bnxt_en: Eliminate unintended link toggle during FW reset (bsc#1199736).
bnxt_en: Fix active FEC reporting to ethtool (git-fixes).
bnxt_en: Fix devlink fw_activate (jsc#SLE-18978).
bnxt_en: Fix incorrect multicast rx mask setting when not requested (git-fixes).
bnxt_en: Fix occasional ethtool -t loopback test failures (git-fixes).
bnxt_en: Fix offline ethtool selftest with RDMA enabled (git-fixes).
bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag (git-fixes).
bnxt_en: Fix unnecessary dropping of RX packets (git-fixes).
bnxt_en: Increase firmware message response DMA wait time (git-fixes).
bnxt_en: Prevent XDP redirect from running when stopping TX queue (git-fixes).
bnxt_en: reserve space inside receive page for skb_shared_info (git-fixes).
bnxt_en: Restore the resets_reliable flag in bnxt_open() (jsc#SLE-18978).
bnxt_en: Synchronize tx when xdp redirects happen on same ring (git-fixes).
bonding: fix data-races around agg_select_timer (git-fixes).
bonding: force carrier update when releasing slave (git-fixes).
bonding: pair enable_port with slave_arr_updates (git-fixes).
bpf: Add check_func_arg_reg_off function (git-fixes).
bpf: add config to allow loading modules with BTF mismatches (bsc#1194501).
bpf: Avoid races in __bpf_prog_run() for 32bit arches (git-fixes).
bpf: Disallow negative offset in check_ptr_off_reg (git-fixes).
bpf: Fix comment for helper bpf_current_task_under_cgroup() (git-fixes).
bpf: Fix kernel address leakage in atomic cmpxchg's r0 aux reg (git-fixes).
bpf: Fix PTR_TO_BTF_ID var_off check (git-fixes).
bpf: Fix UAF due to race between btf_try_get_module and load_module (git-fixes).
bpf: Mark PTR_TO_FUNC register initially with zero offset (git-fixes).
bpf: Resolve to prog->aux->dst_prog->type only for BPF_PROG_TYPE_EXT (git-fixes).
bpf: selftests: adapt bpf_iter_task_vma to get_inode_dev() (bsc#927455 bsc#1198585).
bpf, selftests: Fix racing issue in btf_skc_cls_ingress test (git-fixes).
bpf, selftests: Update test case for atomic cmpxchg on r0 with pointer (git-fixes).
bpftool: Fix memory leak in prog_dump() (git-fixes).
bpftool: Remove inclusion of utilities.mak from Makefiles (git-fixes).
bpftool: Remove unused includes to bpf/bpf_gen_internal.h (git-fixes).
bpftool: Remove useless #include to perf-sys.h from map_perf_ring.c (git-fixes).
brcmfmac: firmware: Allocate space for default boardrev in nvram (git-fixes).
brcmfmac: firmware: Fix crash in brcm_alt_fw_path (git-fixes).
brcmfmac: pcie: Declare missing firmware files in pcie.c (git-fixes).
brcmfmac: pcie: Fix crashes due to early IRQs (git-fixes).
brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path (git-fixes).
brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio (git-fixes).
brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant (git-fixes).
btrfs: add a BTRFS_FS_ERROR helper (bsc#1197915).
btrfs: add btrfs_set_item_*_nr() helpers (bsc#1197915).
btrfs: add helper to truncate inode items when logging inode (bsc#1197915).
btrfs: add missing run of delayed items after unlink during log replay (bsc#1197915).
btrfs: add ro compat flags to inodes (bsc#1197915).
btrfs: always update the logged transaction when logging new names (bsc#1197915).
btrfs: assert that extent buffers are write locked instead of only locked (bsc#1197915).
btrfs: avoid attempt to drop extents when logging inode for the first time (bsc#1197915).
btrfs: avoid expensive search when dropping inode items from log (bsc#1197915).
btrfs: avoid expensive search when truncating inode items from the log (bsc#1197915).
btrfs: Avoid live-lock in search_ioctl() on hardware with sub-page (git-fixes)
btrfs: avoid search for logged i_size when logging inode if possible (bsc#1197915).
btrfs: avoid unnecessarily logging directories that had no changes (bsc#1197915).
btrfs: avoid unnecessary lock and leaf splits when updating inode in the log (bsc#1197915).
btrfs: avoid unnecessary log mutex contention when syncing log (bsc#1197915).
btrfs: change error handling for btrfs_delete_*_in_log (bsc#1197915).
btrfs: change handle_fs_error in recover_log_trees to aborts (bsc#1197915).
btrfs: check if a log tree exists at inode_logged() (bsc#1197915).
btrfs: constify and cleanup variables in comparators (bsc#1197915).
btrfs: do not commit delayed inode when logging a file in full sync mode (bsc#1197915).
btrfs: do not log new dentries when logging that a new name exists (bsc#1197915).
btrfs: do not pin logs too early during renames (bsc#1197915).
btrfs: drop the _nr from the item helpers (bsc#1197915).
btrfs: eliminate some false positives when checking if inode was logged (bsc#1197915).
btrfs: factor out the copying loop of dir items from log_dir_items() (bsc#1197915).
btrfs: fix lost prealloc extents beyond eof after full fsync (bsc#1197915).
btrfs: fix lzo_decompress_bio() kmap leakage (bsc#1193852).
btrfs: fix memory leak in __add_inode_ref() (bsc#1197915).
btrfs: fix missing last dir item offset update when logging directory (bsc#1197915).
btrfs: fix re-dirty process of tree-log nodes (bsc#1197915).
btrfs: improve the batch insertion of delayed items (bsc#1197915).
btrfs: insert items in batches when logging a directory when possible (bsc#1197915).
btrfs: introduce btrfs_lookup_match_dir (bsc#1197915).
btrfs: introduce item_nr token variant helpers (bsc#1197915).
btrfs: keep track of the last logged keys when logging a directory (bsc#1197915).
btrfs: loop only once over data sizes array when inserting an item batch (bsc#1197915).
btrfs: make btrfs_file_extent_inline_item_len take a slot (bsc#1197915).
btrfs: only copy dir index keys when logging a directory (bsc#1197915).
btrfs: remove no longer needed checks for NULL log context (bsc#1197915).
btrfs: remove no longer needed full sync flag check at inode_logged() (bsc#1197915).
btrfs: remove no longer needed logic for replaying directory deletes (bsc#1197915).
btrfs: remove redundant log root assignment from log_dir_items() (bsc#1197915).
btrfs: remove root argument from add_link() (bsc#1197915).
btrfs: remove root argument from btrfs_log_inode() and its callees (bsc#1197915).
btrfs: remove root argument from btrfs_unlink_inode() (bsc#1197915).
btrfs: remove root argument from check_item_in_log() (bsc#1197915).
btrfs: remove root argument from drop_one_dir_item() (bsc#1197915).
btrfs: remove the btrfs_item_end() helper (bsc#1197915).
btrfs: remove unnecessary list head initialization when syncing log (bsc#1197915).
btrfs: remove unneeded return variable in btrfs_lookup_file_extent (bsc#1197915).
btrfs: rename btrfs_item_end_nr to btrfs_item_data_end (bsc#1197915).
btrfs: stop doing GFP_KERNEL memory allocations in the ref verify tool (bsc#1197915).
btrfs: unexport setup_items_for_insert() (bsc#1197915).
btrfs: unify lookup return value when dir entry is missing (bsc#1197915).
btrfs: update comment at log_conflicting_inodes() (bsc#1197915).
btrfs: use btrfs_item_size_nr/btrfs_item_offset_nr everywhere (bsc#1197915).
btrfs: use btrfs_next_leaf instead of btrfs_next_item when slots > nritems (bsc#1197915).
btrfs: use single bulk copy operations when logging directories (bsc#1197915).
bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove() (git-fixes).
bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() (git-fixes).
bus: ti-sysc: Fix warnings for unbind for serial (git-fixes).
bus: ti-sysc: Make omap3 gpt12 quirk handling SoC specific (git-fixes).
caif_virtio: fix race between virtio_device_ready() and ndo_open() (git-fixes).
can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path (git-fixes).
can: etas_es58x: change opened_channel_cnt's type from atomic_t to u8 (git-fixes).
can: etas_es58x: es58x_fd_rx_event_msg(): initialize rx_event_msg before calling es58x_check_msg_len() (git-fixes).
can: grcan: grcan_close(): fix deadlock (git-fixes).
can: grcan: grcan_probe(): fix broken system id check for errata workaround needs (git-fixes).
can: grcan: only use the NAPI poll budget for RX (git-fixes).
can: grcan: use ofdev->dev when allocating DMA memory (git-fixes).
can: gs_usb: change active_channels's type from atomic_t to u8 (git-fixes).
can: isotp: fix error path in isotp_sendmsg() to unlock wait queue (git-fixes).
can: isotp: fix potential CAN frame reception race in isotp_rcv() (git-fixes).
can: isotp: restore accidentally removed MSG_PEEK feature (git-fixes).
can: isotp: return -EADDRNOTAVAIL when reading from unbound socket (git-fixes).
can: isotp: set default value for N_As to 50 micro seconds (git-fixes).
can: isotp: stop timeout monitoring when no first frame was sent (git-fixes).
can: isotp: support MSG_TRUNC flag when reading from socket (git-fixes).
can: m_can: m_can_tx_handler(): fix use after free of skb (git-fixes).
can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path (git-fixes).
can: mcba_usb: properly check endpoint type (git-fixes).
can: mcp251xfd: mcp251xfd_register_get_dev_id(): fix return of error value (git-fixes).
can: mcp251xfd: silence clang's -Wunaligned-access warning (git-fixes).
can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device when fully ready (git-fixes).
can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path (git-fixes).
can: xilinx_can: mark bit timing constants as const (git-fixes).
carl9170: fix missing bit-wise or operator for tx_params (git-fixes).
carl9170: tx: fix an incorrect use of list iterator (git-fixes).
CDC-NCM: avoid overflow in sanity checking (git-fixes).
ceph: fix setting of xattrs on async created inodes (bsc#1199611).
certs/blacklist_hashes.c: fix const confusion in certs blacklist (git-fixes).
cfg80211: declare MODULE_FIRMWARE for regulatory.db (git-fixes).
cfg80211: do not add non transmitted BSS to 6GHz scanned channels (git-fixes).
cfg80211: fix race in netlink owner interface destruction (git-fixes).
cfg80211: hold bss_lock while updating nontrans_list (git-fixes).
cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug (bsc#1196869).
cgroup/cpuset: Fix 'suspicious RCU usage' lockdep warning (bsc#1196868).
cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (bsc#1199839).
cgroup-v1: Correct privileges check in release_agent writes (bsc#1196723).
char: tpm: cr50_i2c: Suppress duplicated error message in .remove() (git-fixes).
char: xillybus: fix a refcount leak in cleanup_dev() (git-fixes).
cifs: add WARN_ON for when chan_count goes below minimum (bsc#1193629).
cifs: adjust DebugData to use chans_need_reconnect for conn status (bsc#1193629).
cifs: alloc_path_with_tree_prefix: do not append sep. if the path is empty (bsc#1193629).
cifs: avoid parallel session setups on same channel (bsc#1193629).
cifs: avoid race during socket reconnect between send and recv (bsc#1193629).
cifs: call cifs_reconnect when a connection is marked (bsc#1193629).
cifs: call helper functions for marking channels for reconnect (bsc#1193629).
cifs: change smb2_query_info_compound to use a cached fid, if available (bsc#1193629).
cifs: check for smb1 in open_cached_dir() (bsc#1193629).
cifs: check reconnects for channels of active tcons too (bsc#1193629).
cifs: Check the IOCB_DIRECT flag, not O_DIRECT (bsc#1193629).
cifs: cifs_ses_mark_for_reconnect should also update reconnect bits (bsc#1193629).
cifs: clean up an inconsistent indenting (bsc#1193629).
cifs: convert the path to utf16 in smb2_query_info_compound (bsc#1193629).
cifs: destage any unwritten data to the server before calling copychunk_write (bsc#1193629).
cifs: do not build smb1ops if legacy support is disabled (bsc#1193629).
cifs: do not call cifs_dfs_query_info_nonascii_quirk() if nodfs was set (bsc#1193629).
cifs: do not skip link targets when an I/O fails (bsc#1194625).
cifs: do not use tcpStatus after negotiate completes (bsc#1193629).
cifs: do not use uninitialized data in the owner/group sid (bsc#1193629).
cifs: fix bad fids sent over wire (bsc#1197157).
cifs: fix confusing unneeded warning message on smb2.1 and earlier (bsc#1193629).
cifs: fix double free race when mount fails in cifs_get_root() (bsc#1193629).
cifs: fix FILE_BOTH_DIRECTORY_INFO definition (bsc#1193629).
cifs: fix handlecache and multiuser (bsc#1193629).
cifs: fix hang on cifs_get_next_mid() (bsc#1193629).
cifs: fix incorrect use of list iterator after the loop (bsc#1193629).
cifs: fix minor compile warning (bsc#1193629).
cifs: fix NULL ptr dereference in refresh_mounts() (bsc#1193629).
cifs: fix potential deadlock in direct reclaim (bsc#1193629).
cifs: fix potential double free during failed mount (bsc#1193629).
cifs: fix potential race with cifsd thread (bsc#1193629).
cifs: fix set of group SID via NTSD xattrs (bsc#1193629).
cifs: fix signed integer overflow when fl_end is OFFSET_MAX (bsc#1193629).
cifs: Fix smb311_update_preauth_hash() kernel-doc comment (bsc#1193629).
cifs: fix the cifs_reconnect path for DFS (bsc#1193629).
cifs: fix the connection state transitions with multichannel (bsc#1193629).
cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (bsc#1193629).
cifs: fix workstation_name for multiuser mounts (bsc#1193629).
cifs: force new session setup and tcon for dfs (bsc#1193629).
cifs: free ntlmsspblob allocated in negotiate (bsc#1193629).
cifs: maintain a state machine for tcp/smb/tcon sessions (bsc#1193629).
cifs: make status checks in version independent callers (bsc#1193629).
cifs: mark sessions for reconnection in helper function (bsc#1193629).
cifs: modefromsids must add an ACE for authenticated users (bsc#1193629).
cifs: move definition of cifs_fattr earlier in cifsglob.h (bsc#1193629).
cifs: move superblock magic defitions to magic.h (bsc#1193629).
cifs: potential buffer overflow in handling symlinks (bsc#1193629).
cifs: print TIDs as hex (bsc#1193629).
cifs: protect all accesses to chan_* with chan_lock (bsc#1193629).
cifs: quirk for STATUS_OBJECT_NAME_INVALID returned for non-ASCII dfs refs (bsc#1193629).
cifs: reconnect only the connection and not smb session where possible (bsc#1193629).
cifs: release cached dentries only if mount is complete (bsc#1193629).
cifs: remove check of list iterator against head past the loop body (bsc#1193629).
cifs: remove redundant assignment to pointer p (bsc#1193629).
cifs: remove repeated debug message on cifs_put_smb_ses() (bsc#1193629).
cifs: remove repeated state change in dfs tree connect (bsc#1193629).
cifs: remove unused variable ses_selected (bsc#1193629).
cifs: return ENOENT for DFS lookup_cache_entry() (bsc#1193629).
cifs: return the more nuanced writeback error on close() (bsc#1193629).
cifs: serialize all mount attempts (bsc#1193629).
cifs: set the CREATE_NOT_FILE when opening the directory in use_cached_dir() (bsc#1193629).
cifs: skip trailing separators of prefix paths (bsc#1193629).
cifs: smbd: fix typo in comment (bsc#1193629).
cifs: Split the smb3_add_credits tracepoint (bsc#1193629).
cifs: take cifs_tcp_ses_lock for status checks (bsc#1193629).
cifs: track individual channel status using chans_need_reconnect (bsc#1193629).
cifs: unlock chan_lock before calling cifs_put_tcp_session (bsc#1193629).
cifs: update internal module number (bsc#1193629).
cifs: update tcpStatus during negotiate and sess setup (bsc#1193629).
cifs: use a different reconnect helper for non-cifsd threads (bsc#1193629).
cifs: use correct lock type in cifs_reconnect() (bsc#1193629).
cifs: Use kzalloc instead of kmalloc/memset (bsc#1193629).
cifs: use new enum for ses_status (bsc#1193629).
cifs: use the chans_need_reconnect bitmap for reconnect status (bsc#1193629).
cifs: verify that tcon is valid before dereference in cifs_kill_sb (bsc#1193629).
cifs: version operations for smb20 unneeded when legacy support disabled (bsc#1193629).
cifs: we do not need a spinlock around the tree access during umount (bsc#1193629).
cifs: when extending a file with falloc we should make files not-sparse (bsc#1193629).
cifs: writeback fix (bsc#1193629).
clk: actions: Terminate clk_div_table with sentinel element (git-fixes).
clk: at91: generated: consider range when calculating best rate (git-fixes).
clk: at91: sama7g5: fix parents of PDMCs' GCLK (git-fixes).
clk: bcm2835: fix bcm2835_clock_choose_div (git-fixes).
clk: bcm2835: Remove unused variable (git-fixes).
clk: clps711x: Terminate clk_div_table with sentinel element (git-fixes).
clk: Enforce that disjoints limits are invalid (git-fixes).
clk: Fix clk_hw_get_clk() when dev is NULL (git-fixes).
clk: hisilicon: Terminate clk_div_table with sentinel element (git-fixes).
clk: imx7d: Remove audio_mclk_root_clk (git-fixes).
clk: imx8mp: fix usb_root_clk parent (git-fixes).
clk: imx: Add check for kcalloc (git-fixes).
clk: imx: off by one in imx_lpcg_parse_clks_from_dt() (git-fixes).
clk: imx: scu: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage (git-fixes).
clk: Initialize orphan req_rate (git-fixes).
clk: jz4725b: fix mmc0 clock gating (git-fixes).
clk: loongson1: Terminate clk_div_table with sentinel element (git-fixes).
clk: nxp: Remove unused variable (git-fixes).
clk: qcom: clk-rcg2: Update logic to calculate D value for RCG (git-fixes).
clk: qcom: clk-rcg2: Update the frac table for pixel clock (git-fixes).
clk: qcom: gcc-msm8994: Fix gpll4 width (git-fixes).
clk: qcom: ipq8074: fix PCI-E clock oops (git-fixes).
clk: qcom: ipq8074: Use floor ops for SDCC1 clock (git-fixes).
clk: renesas: r9a06g032: Fix the RTC hclock description (git-fixes).
clk: rockchip: drop CLK_SET_RATE_PARENT from dclk_vop* on rk3568 (git-fixes).
clk: si5341: fix reported clk_rate when output divider is 2 (git-fixes).
clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() (git-fixes).
clk: tegra: Add missing reset deassertion (git-fixes).
clk: tegra: tegra124-emc: Fix missing put_device() call in emc_ensure_emc_driver (git-fixes).
clk: ti: Preserve node in ti_dt_clocks_register() (git-fixes).
clk: uniphier: Fix fixed-rate initialization (git-fixes).
clocksource: acpi_pm: fix return value of __setup handler (git-fixes).
clocksource/drivers/exynos_mct: Handle DTS with higher number of interrupts (git-fixes).
clocksource/drivers/exynos_mct: Refactor resources allocation (git-fixes).
clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value (git-fixes).
clocksource/drivers/sp804: Avoid error on multiple instances (git-fixes).
clocksource/drivers/timer-microchip-pit64b: Use notrace (git-fixes).
clocksource/drivers/timer-of: Check return value of of_iomap in timer_of_base_init() (git-fixes).
clocksource/drivers/timer-ti-dm: Fix regression from errata i940 fix (git-fixes).
clocksource: hyper-v: unexport __init-annotated hv_init_clocksource() (bsc#1201218).
comedi: drivers: ni_routes: Use strcmp() instead of memcmp() (git-fixes).
comedi: vmk80xx: fix expression for tx buffer size (git-fixes).
copy_process(): Move fd_install() out of sighand->siglock critical section (bsc#1199626).
cpufreq-fix-memory-leak-in-sun50i_cpufreq_nvmem_prob.patch: (git-fixes).
cpufreq: intel_pstate: Add Ice Lake server to out-of-band IDs (bsc#1201228).
cpufreq: qcom-cpufreq-nvmem: fix reading of PVS Valid fuse (git-fixes).
cpuidle,intel_idle: Fix CPUIDLE_FLAG_IRQ_ENABLE (git-fixes).
cpuidle: intel_idle: Update intel_idle() kerneldoc comment (git-fixes).
cpuset: Fix the bug that subpart_cpus updated wrongly in update_cpumask() (bsc#1196866).
cputime, cpuacct: Include guest time in user time in (git-fixes)
crypto: amlogic - call finalize with bh disabled (git-fixes).
crypto: api - Move cryptomgr soft dependency into algapi (git-fixes).
crypto: arm/aes-neonbs-cbc - Select generic cbc and aes (git-fixes).
crypto: authenc - Fix sleep in atomic context in decrypt_tail (git-fixes).
crypto: caam - fix i.MX6SX entropy delay value (git-fixes).
crypto: cavium/nitrox - do not cast parameter in bit operations (git-fixes).
crypto: ccp - ccp_dmaengine_unregister release dma channels (git-fixes).
crypto: ccree - do not attempt 0 len DMA mappings (git-fixes).
crypto: ccree - Fix use after free in cc_cipher_exit() (git-fixes).
crypto: ccree - use fine grained DMA mapping dir (git-fixes).
crypto: cryptd - Protect per-CPU resource by disabling BH (git-fixes).
crypto: ecrdsa - Fix incorrect use of vli_cmp (git-fixes).
crypto: engine - check if BH is disabled during completion (git-fixes).
crypto: gemini - call finalize with bh disabled (git-fixes).
crypto: hisilicon/qm - cleanup warning in qm_vf_read_qos (git-fixes).
crypto: hisilicon/sec - fix the aead software fallback for engine (git-fixes).
crypto: hisilicon/sec - not need to enable sm4 extra mode at HW V3 (git-fixes).
crypto: marvell/cesa - ECB does not IV (git-fixes).
crypto: mxs-dcp - Fix scatterlist processing (git-fixes).
crypto: octeontx2 - remove CONFIG_DM_CRYPT check (git-fixes).
crypto: qat - disable registration of algorithms (git-fixes).
crypto: qat - do not cast parameter in bit operations (git-fixes).
crypto: qcom-rng - ensure buffer for generate is completely filled (git-fixes).
crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ (git-fixes).
crypto: rockchip - ECB does not need IV (git-fixes).
crypto: rsa-pkcs1pad - correctly get hash from source scatterlist (git-fixes).
crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete() (git-fixes).
crypto: rsa-pkcs1pad - only allow with rsa (git-fixes).
crypto: rsa-pkcs1pad - restore signature length check (git-fixes).
crypto: stm32 - fix reference leak in stm32_crc_remove (git-fixes).
crypto: sun8i-ce - call finalize with bh disabled (git-fixes).
crypto: sun8i-ss - call finalize with bh disabled (git-fixes).
crypto: sun8i-ss - handle zero sized sg (git-fixes).
crypto: sun8i-ss - really disable hash on A80 (git-fixes).
crypto: sun8i-ss - rework handling of IV (git-fixes).
crypto: vmx - add missing dependencies (git-fixes).
crypto: x86/chacha20 - Avoid spurious jumps to other functions (git-fixes).
crypto: x86 - eliminate anonymous module_init and module_exit (git-fixes).
crypto: xts - Add softdep on ecb (git-fixes).
dax: fix cache flush on PMD-mapped pages (bsc#1200830).
devlink: Add 'enable_iwarp' generic device param (bsc#1200502).
dim: initialize all struct fields (git-fixes).
display/amd: decrease message verbosity about watermarks table failure (git-fixes).
dma: at_xdmac: fix a missing check on list iterator (git-fixes).
dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace (git-fixes).
dma-buf: heaps: Fix potential spectre v1 gadget (git-fixes).
dma-debug: fix return value of __setup handlers (git-fixes).
dma-direct: avoid redundant memory sync for swiotlb (git-fixes).
dmaengine: dw-edma: Fix unaligned 64bit access (git-fixes).
dmaengine: hisi_dma: fix MSI allocate fail when reload hisi_dma (git-fixes).
dmaengine: idxd: add missing callback function to support DMA_INTERRUPT (git-fixes).
dmaengine: idxd: add RO check for wq max_batch_size write (git-fixes).
dmaengine: idxd: add RO check for wq max_transfer_size write (git-fixes).
dmaengine: idxd: check GENCAP config support for gencfg register (git-fixes).
dmaengine: idxd: fix device cleanup on disable (git-fixes).
dmaengine: idxd: Fix the error handling path in idxd_cdev_register() (git-fixes).
dmaengine: idxd: restore traffic class defaults after wq reset (git-fixes).
dmaengine: idxd: set DMA_INTERRUPT cap bit (git-fixes).
dmaengine: idxd: skip clearing device context when device is read-only (git-fixes).
dmaengine: imx-sdma: Fix error checking in sdma_event_remap (git-fixes).
dmaengine: mediatek:Fix PM usage reference leak of mtk_uart_apdma_alloc_chan_resources (git-fixes).
dmaengine: ptdma: fix concurrency issue with multiple dma transfer (jsc#SLE-21315).
dmaengine: ptdma: Fix the error handling path in pt_core_init() (git-fixes).
dmaengine: ptdma: handle the cases based on DMA is complete (jsc#SLE-21315).
dmaengine: Revert 'dmaengine: shdma: Fix runtime PM imbalance on error' (git-fixes).
dmaengine: shdma: Fix runtime PM imbalance on error (git-fixes).
dmaengine: sh: rcar-dmac: Check for error num after dma_set_max_seg_size (git-fixes).
dmaengine: sh: rcar-dmac: Check for error num after setting mask (git-fixes).
dmaengine: stm32-dmamux: Fix PM disable depth imbalance in stm32_dmamux_probe (git-fixes).
dmaengine: stm32-mdma: fix chan initialization in stm32_mdma_irq_handler() (git-fixes).
dmaengine: stm32-mdma: remove GISR1 register (git-fixes).
dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type (git-fixes).
dma-mapping: remove bogus test for pfn_valid from dma_map_resource (git-fixes).
dma/pool: create dma atomic pool only if dma zone has managed pages (bsc#1197501).
dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS (git-fixes).
dm: fix use-after-free in dm_cleanup_zoned_dev() (git-fixes).
dm integrity: fix error code in dm_integrity_ctr() (git-fixes).
dm integrity: set journal entry unused when shrinking device (git-fixes).
dm mirror log: round up region bitmap size to BITS_PER_LONG (git-fixes).
dm mpath: only use ktime_get_ns() in historical selector (git-fixes).
dm verity: set DM_TARGET_IMMUTABLE feature flag (git-fixes).
doc/ip-sysctl: add bc_forwarding (git-fixes).
docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0 (git-fixes).
Documentation: add link to stable release candidate tree (git-fixes).
Documentation: dd: Use ReST lists for return values of driver_deferred_probe_check_state() (git-fixes).
Documentation: Fix duplicate statement about raw_spinlock_t type (git-fixes).
Documentation: update stable tree link (git-fixes).
do not call utsname() after ->nsproxy is NULL (bsc#1201196).
drbd: fix an invalid memory access caused by incorrect use of list iterator (git-fixes).
drbd: fix duplicate array initializer (git-fixes).
drbd: Fix five use after free bugs in get_initial_state (git-fixes).
drbd: remove assign_p_sizes_qlim (git-fixes).
drbd: use bdev_alignment_offset instead of queue_alignment_offset (git-fixes).
drbd: use bdev based limit helpers in drbd_send_sizes (git-fixes).
driver base: fix an unlikely reference counting issue in __add_memory_block() (git-fixes).
driver base: fix compaction sysfs file leak (git-fixes).
driver: base: fix UAF when driver_attach failed (git-fixes).
driver core: dd: fix return value of __setup handler (git-fixes).
driver core: fix deadlock in __device_attach (git-fixes).
driver core: Fix wait_for_device_probe() and deferred_probe_timeout interaction (git-fixes).
driver core: Free DMA range map when device is released (git-fixes).
driver: hv: Compare cpumasks and not their weights in init_vp_index() (git-fixes).
driver: hv: log when enabling crash_kexec_post_notifiers (git-fixes).
driver: hv: Rename 'alloced' to 'allocated' (git-fixes).
driver: hv: utils: Make use of the helper macro LIST_HEAD() (git-fixes).
driver: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj (git-fixes).
driver: hv: vmbus: Fix potential crash on module unload (git-fixes).
driver: hv: vmbus: Use struct_size() helper in kmalloc() (git-fixes).
driver: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers (git-fixes).
driver: net: xgene: Fix regression in CRC stripping (git-fixes).
drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c (git-fixes).
drivers: mmc: sdhci_am654: Add the quirk to set TESTCD bit (git-fixes).
drivers: staging: rtl8192bs: Fix deadlock in rtw_joinbss_event_prehandle() (git-fixes).
drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() (git-fixes).
drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() (git-fixes).
drivers: staging: rtl8723bs: Fix deadlock in rtw_surveydone_event_callback() (git-fixes).
drivers: tty: serial: Fix deadlock in sa1100_set_termios() (git-fixes).
drivers: usb: host: Fix deadlock in oxu_bus_suspend() (git-fixes).
drm: add a locked version of drm_is_current_master (git-fixes).
drm: Add orientation quirk for GPD Win Max (git-fixes).
drm/amd: Add USBC connector ID (git-fixes).
drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj (git-fixes).
drm/amd: avoid suspend on dGPUs w/ s2idle support when runtime PM enabled (git-fixes).
drm/amd: Check if ASPM is enabled from PCIe subsystem (git-fixes).
drm/amd/display: Add affected crtcs to atomic state for dsc mst unplug (git-fixes).
drm/amd/display: Add pstate verification and recovery for DCN31 (git-fixes).
drm/amd/display: Add signal type check when verify stream backends same (git-fixes).
drm/amd/display: Avoid reading audio pattern past AUDIO_CHANNELS_COUNT (git-fixes).
drm/amd/display: Cap OLED brightness per max frame-average luminance (git-fixes).
drm/amd/display: Cap pflip irqs per max otg number (git-fixes).
drm/amd/display: Check if modulo is 0 before dividing (git-fixes).
drm/amd/display: DCN3.1: do not mark as kernel-doc (git-fixes).
drm/amd/display: Disabling Z10 on DCN31 (git-fixes).
drm/amd/display: do not ignore alpha property on pre-multiplied mode (git-fixes).
drm/amd/display: Do not reinitialize DMCUB on s0ix resume (git-fixes).
drm/amd/display: Enable power gating before init_pipes (git-fixes).
drm/amd/display: FEC check in timing validation (git-fixes).
drm/amd/display: Fix allocate_mst_payload assert on resume (git-fixes).
drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes() (git-fixes).
drm/amd/display: fix audio format not updated after edid updated (git-fixes).
drm/amd/display: Fix memory leak (git-fixes).
drm/amd/display: Fix memory leak in dcn21_clock_source_create (bsc#1190786)
drm/amd/display: Fix OLED brightness control on eDP (git-fixes).
drm/amd/display: Fix p-state allow debug index on dcn31 (git-fixes).
drm/amd/display: fix yellow carp wm clamping (git-fixes).
drm/amd/display: Force link_rate as LINK_RATE_RBR2 for 2018 15' Apple Retina panels (git-fixes).
drm/amd/display: For vblank_disable_immediate, check PSR is really used (git-fixes).
drm/amd/display: Protect update_bw_bounding_box FPU code (git-fixes).
drm/amd/display: Read Golden Settings Table from VBIOS (git-fixes).
drm/amd/display: Remove vupdate_int_entry definition (git-fixes).
drm/amd/display: Revert FEC check in validation (git-fixes).
drm/amd/display: Update VTEM Infopacket definition (git-fixes).
drm/amd/display: Update watermark values for DCN301 (git-fixes).
drm/amd/display: Use adjusted DCN301 watermarks (git-fixes).
drm/amd/display: Use PSR version selected during set_psr_caps (git-fixes).
drm/amd/display: watermark latencies is not enough on DCN31 (git-fixes).
drm/amdgpu: add beige goby PCI ID (git-fixes).
drm/amdgpu: bypass tiling flag check in virtual display case (v2) (git-fixes).
drm/amdgpu: check vm ready by amdgpu_vm->evicting flag (git-fixes).
drm/amdgpu: conduct a proper cleanup of PDB bo (git-fixes).
drm/amdgpu/cs: make commands with 0 chunks illegal behaviour (git-fixes).
drm/amdgpu: disable MMHUB PG for Picasso (git-fixes).
drm/amdgpu/display: add support for multiple backlights (git-fixes).
drm/amdgpu: do not do resets on APUs which do not support it (git-fixes).
drm/amdgpu: do not enable asic reset for raven2 (git-fixes).
drm/amdgpu: do not set s3 and s0ix at the same time (git-fixes).
drm/amdgpu: do not use BACO for reset in S3 (git-fixes).
drm/amdgpu: do not use passthrough mode in Xen dom0 (git-fixes).
drm/amdgpu: Drop inline from amdgpu_ras_eeprom_max_record_count (git-fixes).
drm/amdgpu: Enable gfxoff quirk on MacBook Pro (git-fixes).
drm/amdgpu: Ensure HDA function is suspended before ASIC reset (git-fixes).
drm/amdgpu: explicitly check for s0ix when evicting resources (git-fixes).
drm/amdgpu: fix amdgpu_ras_block_late_init error handler (bsc#1190497)
drm/amdgpu: fix logic inversion in check (git-fixes).
drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire() (git-fixes).
drm/amdgpu: Fix recursive locking warning (git-fixes).
drm/amdgpu: fix suspend/resume hang regression (git-fixes).
drm/amdgpu/sdma: Fix incorrect calculations of the wptr of the doorbells (git-fixes).
drm/amdgpu: skipping SDMA hw_init and hw_fini for S0ix (git-fixes).
drm/amdgpu/smu10: fix SoC/fclk units in auto mode (git-fixes).
drm/amdgpu: suppress the warning about enum value 'AMD_IP_BLOCK_TYPE_NUM' (git-fixes).
drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo (git-fixes).
drm/amdgpu: unify BO evicting method in amdgpu_ttm (git-fixes).
drm/amdgpu: update VCN codec support for Yellow Carp (git-fixes).
drm/amdgpu/vcn: Fix the register setting for vcn1 (git-fixes).
drm/amdgpu/vcn: improve vcn dpg stop procedure (git-fixes).
drm/amdgpu: vi: disable ASPM on Intel Alder Lake based systems (bsc#1190786)
drm/amdkfd: add pinned BOs to kfd_bo_list (git-fixes).
drm/amdkfd: Check for potential null return of kmalloc_array() (git-fixes).
drm/amdkfd: Create file descriptor after client is added to smi_clients list (git-fixes).
drm/amdkfd: Do not take process mutex for svm ioctls (git-fixes).
drm/amdkfd: Fix GWS queue count (bsc#1190786)
drm/amdkfd: Fix Incorrect VMIDs passed to HWS (git-fixes).
drm/amdkfd: make CRAT table missing message informational only (git-fixes).
drm/amdkfd: remove unused function (git-fixes).
drm/amdkfd: Separate pinned BOs destruction from general routine (bsc#1195287).
drm/amdkfd: Use mmget_not_zero in MMU notifier (git-fixes).
drm/amd/pm: correct the MGpuFanBoost support for Beige Goby (git-fixes).
drm/amd/pm: correct the sequence of sending gpu reset msg (git-fixes).
drm/amd/pm: correct UMD pstate clocks for Dimgrey Cavefish and Beige Goby (git-fixes).
drm/amd/pm: enable pm sysfs write for one VF mode (git-fixes).
drm/amd/pm: fix hwmon node of power1_label create issue (git-fixes).
drm/amd/pm: Fix missing thermal throttler status (git-fixes).
drm/amd/pm: fix some OEM SKU specific stability issues (git-fixes).
drm/amd/pm: return -ENOTSUPP if there is no get_dpm_ultimate_freq function (git-fixes).
drm/amd/pm: update smartshift powerboost calc for smu12 (git-fixes).
drm/amd/pm: update smartshift powerboost calc for smu13 (git-fixes).
drm/amd/pm: use bitmap_{from,to}_arr32 where appropriate (git-fixes).
drm/ast: Create threshold values for AST2600 (bsc#1190786)
drm/atomic: Do not pollute crtc_state->mode_blob with error pointers (git-fixes).
drm/atomic: Force bridge self-refresh-exit on CRTC switch (git-fixes).
drm: avoid circular locks in drm_mode_getconnector (git-fixes).
drm/blend: fix typo in the comment (git-fixes).
drm/bridge: Add missing pm_runtime_disable() in __dw_mipi_dsi_probe (git-fixes).
drm/bridge: Add missing pm_runtime_put_sync (git-fixes).
drm/bridge: adv7511: clean up CEC adapter when probe fails (git-fixes).
drm: bridge: adv7511: Fix ADV7535 HPD enablement (git-fixes).
drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (git-fixes).
drm/bridge: analogix_dp: Support PSR-exit to disable transition (git-fixes).
drm/bridge: anx7625: Fix overflow issue on reading EDID (git-fixes).
drm/bridge: cdns-dsi: Make sure to to create proper aliases for dt (git-fixes).
drm/bridge: dw-hdmi: use safe format when first in bridge chain (git-fixes).
drm/bridge: Fix error handling in analogix_dp_probe (git-fixes).
drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev (git-fixes).
drm: bridge: fix unmet dependency on DRM_KMS_HELPER for DRM_PANEL_BRIDGE (git-fixes).
drm: bridge: icn6211: Fix HFP_HSW_HBP_HI and HFP_MIN handling (bsc#1190786)
drm: bridge: icn6211: Fix register layout (git-fixes).
drm: bridge: it66121: Fix the register page length (git-fixes).
drm/bridge: nwl-dsi: Fix PM disable depth imbalance in nwl_dsi_probe (git-fixes).
drm/bridge: sn65dsi83: Fix an error handling path in (bsc#1190786)
drm/bridge: ti-sn65dsi83: Handle dsi_lanes == 0 as invalid (git-fixes).
drm/bridge: ti-sn65dsi86: Properly undo autosuspend (git-fixes).
drm/cma-helper: Set VM_DONTEXPAND for mmap (git-fixes).
drm/connector: Fix typo in output format (bsc#1190786)
drm/doc: overview before functions for drm_writeback.c (git-fixes).
drm/dp: Fix OOB read when handling Post Cursor2 register (bsc#1190786)
drm/edid: Always set RGB444 (git-fixes).
drm/edid: check basic audio support on CEA extension block (git-fixes).
drm/edid: Do not clear formats if using deep color (git-fixes).
drm/edid: fix CEA extension byte #3 parsing (bsc#1190786)
drm/edid: fix invalid EDID extension block filtering (git-fixes).
drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem (git-fixes).
drm/fb-helper: Mark screen buffers in system memory with FBINFO_VIRTFB (git-fixes).
drm/fourcc: fix integer type usage in uapi header (git-fixes).
drm/i915/adlp: Fix TypeC PHY-ready status readout (git-fixes).
drm/i915: Allow !join_mbus cases for adlp+ dbuf configuration (bsc#1193640).
drm/i915: Check EDID for HDR static metadata when choosing blc (bsc#1190497)
drm/i915: Correctly populate use_sagv_wm for all pipes (git-fixes).
drm/i915/dg2: Print PHY name properly on calibration error (git-fixes).
drm/i915: Disable DRRS on IVB/HSW port != A (git-fixes).
drm/i915/display: Fix HPD short pulse handling for eDP (git-fixes).
drm/i915/display: Move DRRS code its own file (git-fixes).
drm/i915/display/psr: Unset enable_psr2_sel_fetch if other checks in intel_psr2_config_valid() fails (git-fixes).
drm/i915/display: split out dpt out of intel_display.c (git-fixes).
drm/i915/dmc: Add MMIO range restrictions (git-fixes).
drm/i915/dsi: fix VBT send packet port selection for ICL+ (git-fixes).
drm/i915: Fix bw atomic check when switching between SAGV vs. no SAGV (git-fixes).
drm/i915: Fix CFI violation with show_dynamic_id() (git-fixes).
drm/i915: Fix dbuf slice config lookup (git-fixes bsc#1193640).
drm/i915: Fix mbus join config lookup (git-fixes bsc#1193640).
drm/i915: Fix PSF GV point mask when SAGV is not possible (git-fixes).
drm/i915: Fix race in __i915_vma_remove_closed (bsc#1190497)
drm/i915: Fix SEL_FETCH_PLANE_*(PIPE_B+) register addresses (bsc#1190497)
drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency() (git-fixes).
drm/i915/gem: add missing boundary check in vm_access (git-fixes).
drm/i915/gem: add missing else (git-fixes).
drm/i915/guc/slpc: Correct the param count for unset param (git-fixes).
drm/i915/gvt: clean up kernel-doc in gtt.c (git-fixes).
drm/i915/gvt: Make DRM_I915_GVT depend on X86 (git-fixes).
drm/i915: Implement w/a 22010492432 for adl-s (git-fixes).
drm/i915: Keep gem ctx->vm alive until the final put (bsc#1190497)
drm/i915/opregion: check port number bounds for SWSCI display power state (git-fixes).
drm/i915/overlay: Prevent divide by zero bugs in scaling (git-fixes).
drm/i915: Populate pipe dbuf slices more accurately during readout (bsc#1193640).
drm/i915/reset: Fix error_state_read ptr + offset use (git-fixes).
drm/i915: s/JSP2/ICP2/ PCH (git-fixes).
drm/i915: Treat SAGV block time 0 as SAGV disabled (git-fixes).
drm/i915/ttm: ensure we unmap when purging (git-fixes).
drm/i915/ttm: tweak priority hint selection (git-fixes).
drm/i915: Widen the QGV point mask (git-fixes).
drm/i915: Workaround broken BIOS DBUF configuration on TGL/RKL (bsc#1193640).
drm/imx: dw_hdmi-imx: Fix bailout in error cases of probe (git-fixes).
drm: imx: fix compiler warning with gcc-12 (git-fixes).
drm/imx: Fix memory leak in imx_pd_connector_get_modes (git-fixes).
drm/imx: imx-ldb: Check for null pointer after calling kmemdup (git-fixes).
drm/imx: parallel-display: Remove bus flags check in imx_pd_bridge_atomic_check() (git-fixes).
drm/kmb: Fix for build errors with Warray-bounds (git-fixes).
drm/komeda: Fix an undefined behavior bug in komeda_plane_add() (git-fixes).
drm/komeda: return early if drm_universal_plane_init() fails (git-fixes).
drm: mali-dp: potential dereference of null pointer (git-fixes).
drm/mediatek: Add vblank register/unregister callback functions (bsc#1190768)
drm/mediatek: dpi: Use mt8183 output formats for mt8192 (git-fixes).
drm/mediatek: Fix mtk_cec_mask() (git-fixes).
drm/mediatek: mtk_dsi: Reset the dsi0 hardware (git-fixes).
drm/meson: Fix error handling when afbcd.ops->init fails (git-fixes).
drm/meson: Make use of the helper function devm_platform_ioremap_resourcexxx() (git-fixes).
drm/meson: osd_afbcd: Add an exit callback to struct meson_afbcd_ops (git-fixes).
drm/meson: split out encoder from meson_dw_hdmi (git-fixes).
drm/msm/a6xx: Fix missing ARRAY_SIZE() check (git-fixes).
drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init (git-fixes).
drm/msm: add missing include to msm_drv.c (git-fixes).
drm/msm: Add missing put_task_struct() in debugfs path (git-fixes).
drm/msm/disp: check the return value of kzalloc() (git-fixes).
drm/msm/disp/dpu1: set mdp clk to the maximum frequency in opp table (bsc#1190768)
drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume (git-fixes).
drm/msm/dp: add fail safe mode outside of event_mutex context (git-fixes).
drm/msm/dp: always add fail-safe mode into connector mode list (git-fixes).
drm/msm/dp: Always clear mask bits to disable interrupts at dp_ctrl_reset_irq_ctrl() (git-fixes).
drm/msm/dp: check core_initialized before disable interrupts at dp_display_unbind() (git-fixes).
drm/msm/dp: do not initialize phy until plugin interrupt received (bsc#1190497)
drm/msm/dp: do not stop transmitting phy test pattern during DP phy compliance test (git-fixes).
drm/msm/dp: dp_link_parse_sink_count() return immediately if aux read failed (git-fixes).
drm/msm/dp: fix error check return value of irq_of_parse_and_map() (git-fixes).
drm/msm/dp: fix event thread stuck in wait_event after kthread_stop() (git-fixes).
drm/msm/dp: force link training for display resolution change (git-fixes).
drm/msm/dp: Modify prototype of encoder based API (git-fixes).
drm/msm/dp: populate connector of struct dp_panel (git-fixes).
drm/msm/dp: remove fail safe mode related code (git-fixes).
drm/msm/dp: reset DP controller before transmit phy test pattern (git-fixes).
drm/msm/dp: stop event kernel thread when DP unbind (bsc#1190768)
drm/msm/dp: stop link training after link training 2 failed (git-fixes).
drm/msm/dp: tear down main link at unplug handle immediately (bsc#1190768)
drm/msm/dpu: add DSPP blocks teardown (git-fixes).
drm/msm/dpu: adjust display_v_end for eDP and DP (git-fixes).
drm/msm/dpu: fix dp audio condition (git-fixes).
drm/msm/dpu: fix error check return value of irq_of_parse_and_map() (bsc#1190768)
drm/msm/dpu: handle pm_runtime_get_sync() errors in bind path (git-fixes).
drm/msm/dsi: fix address for second DSI PHY on SDM660 (git-fixes).
drm/msm/dsi: fix error checks and return values for DSI xmit functions (git-fixes).
drm/msm/dsi: Remove spurious IRQF_ONESHOT flag (git-fixes).
drm/msm/dsi: Use connector directly in msm_dsi_manager_connector_init() (git-fixes).
drm/msm/dsi: Use 'ref' fw clock instead of global name for VCO parent (git-fixes).
drm/msm: Fix double pm_runtime_disable() call (git-fixes).
drm: msm: fix error check return value of irq_of_parse_and_map() (git-fixes).
drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() (git-fixes).
drm/msm: Fix range size vs end confusion (git-fixes).
drm/msm/hdmi: check return value after calling platform_get_resource_byname() (git-fixes).
drm/msm/hdmi: fix error check return value of irq_of_parse_and_map() (git-fixes).
drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (git-fixes).
drm/msm/mdp5: check the return of kzalloc() (git-fixes).
drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected (git-fixes).
drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected (git-fixes).
drm/msm: properly add and remove internal bridges (bsc#1190768)
drm/msm: remove unused plane_property field from msm_drm_private (bsc#1190768)
drm/msm: return an error pointer in msm_gem_prime_get_sg_table() (git-fixes).
drm/msm: Switch ordering of runpm put vs devfreq_idle (git-fixes).
drm/msm: use for_each_sgtable_sg to iterate over scatterlist (git-fixes).
drm/nouveau/acr: Fix undefined behavior in nvkm_acr_hsfw_load_bl() (git-fixes).
drm/nouveau/backlight: Just set all backlight types as RAW (git-fixes).
drm/nouveau/clk: Fix an incorrect NULL check on list iterator (git-fixes).
drm/nouveau: Fix a potential theorical leak in nouveau_get_backlight_name() (git-fixes).
drm/nouveau: fix off by one in BIOS boundary checking (git-fixes).
drm/nouveau/kms/nv50-: atom: fix an incorrect NULL check on list iterator (git-fixes).
drm/nouveau/pmu: Add missing callbacks for Tegra devices (git-fixes).
drm/nouveau/pmu/gm200-: use alternate falcon reset sequence (git-fixes).
drm/nouveau/subdev/bus: Ratelimit logging for fault errors (git-fixes).
drm/nouveau/tegra: Stop using iommu_present() (git-fixes).
drm: panel-orientation-quirks: Add quirk for the 1Netbook OneXPlayer (git-fixes).
drm/panel: panel-simple: Fix proper bpc for AM-1280800N3TZQW-T00H (git-fixes).
drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised (git-fixes).
drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare (git-fixes).
drm/panel: simple: Add missing bus flags for Innolux G070Y2-L01 (git-fixes).
drm/panel: simple: Assign data from panel_dpi_probe() correctly (git-fixes).
drm/panel: simple: Fix Innolux G070Y2-L01 BPP settings (git-fixes).
drm/panfrost: Check for error num after setting mask (git-fixes).
drm/plane: Move range check for format_count earlier (git-fixes).
drm/radeon: fix a possible null pointer dereference (git-fixes).
drm/radeon: Fix backlight control on iMac 12,1 (git-fixes).
drm/rockchip: dw_hdmi: Do not leave clock enabled in error case (git-fixes).
drm/rockchip: vop: Correct RK3399 VOP register fields (git-fixes).
drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (git-fixes).
drm/selftests/test-drm_dp_mst_helper: Fix memory leak in sideband_msg_req_encode_decode (git-fixes).
drm/simpledrm: Add 'panel orientation' property on non-upright mounted LCD panels (git-fixes).
drm: sti: do not use kernel-doc markers (git-fixes).
drm/sun4i: Fix crash during suspend after component bind failure (git-fixes).
drm/sun4i: mixer: Fix P010 and P210 format numbers (git-fixes).
drm/sun4i: Remove obsolete references to PHYS_OFFSET (bsc#1190786)
drm/syncobj: flatten dma_fence_chains on transfer (git-fixes).
drm/tegra: Add back arm_iommu_detach_device() (git-fixes).
drm/tegra: Fix reference leak in tegra_dsi_ganged_probe (git-fixes).
drm: use the lookup lock in drm_is_current_master (git-fixes).
drm/v3d/v3d_drv: Check for error num after setting mask (git-fixes).
drm/vc4: crtc: Fix runtime_pm reference counting (git-fixes).
drm/vc4: Fix deadlock on DSI device attach error (git-fixes).
drm/vc4: hdmi: Add debugfs prefix (bsc#1199163).
drm/vc4: hdmi: Allow DBLCLK modes even if horz timing is odd (git-fixes).
drm/vc4: hdmi: Fix build error for implicit function declaration (git-fixes).
drm/vc4: hdmi: Fix HPD GPIO detection (git-fixes).
drm/vc4: hdmi: Make sure the device is powered with CEC (git-fixes).
drm/vc4: hdmi: Split the CEC disable / enable functions in two (git-fixes).
drm/vc4: hvs: Fix frame count register readout (git-fixes).
drm/vc4: hvs: Reset muxes at probe time (git-fixes).
drm/vc4: txp: Do not set TXP_VSTART_AT_EOF (git-fixes).
drm/vc4: txp: Force alpha to be 0xff if it's disabled (git-fixes).
drm/vc4: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage (git-fixes).
drm/virtio: Ensure that objs is not NULL in virtio_gpu_array_put_free() (git-fixes).
drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (git-fixes).
drm/vmwgfx: Disable command buffers on svga3 without gbobjects (git-fixes).
drm/vmwgfx: Fix fencing on SVGAv3 (git-fixes).
drm/vmwgfx: Initialize drm_mode_fb_cmd2 (git-fixes).
drm/vmwgfx: Remove unused compile options (bsc#1190786)
drm/vmwgfx: validate the screen formats (git-fixes).
drm/vrr: Set VRR capable prop only if it is attached to connector (git-fixes).
dt-bindings: arm: bcm: fix BCM53012 and BCM53016 SoC strings (git-fixes).
dt-bindings: can: tcan4x5x: fix mram-cfg RX FIFO config (git-fixes).
dt-bindings: display: sitronix, st7735r: Fix backlight in example (git-fixes).
dt-bindings: gpio: altera: correct interrupt-cells (git-fixes).
dt-bindings: memory: mtk-smi: No need mediatek,larb-id for mt8167 (git-fixes).
dt-bindings: mtd: nand-controller: Fix a comment in the examples (git-fixes).
dt-bindings: mtd: nand-controller: Fix the reg property description (git-fixes).
dt-bindings: net: xgmac_mdio: Remove unsupported 'bus-frequency' (git-fixes).
dt-bindings: PCI: xilinx-cpm: Fix reg property order (git-fixes).
dt-bindings: phy: uniphier-usb3hs: Fix incorrect clock-names and reset-names (git-fixes).
dt-bindings: pinctrl: aspeed-g6: remove FWQSPID group (git-fixes).
dt-bindings: pinctrl: pinctrl-microchip-sgpio: Fix example (git-fixes).
dt-bindings: spi: mxic: The interrupt property is not mandatory (git-fixes).
dt-bindings: usb: ehci: Increase the number of PHYs (git-fixes).
dt-bindings: usb: hcd: correct usb-device path (git-fixes).
dt-bindings: usb: ohci: Increase the number of PHYs (git-fixes).
dt-bindings: watchdog: Require samsung,syscon-phandle for Exynos7 (git-fixes).
e1000e: Correct NVM checksum verification flow (bsc#1191663).
e1000e: Fix possible HW unit hang after an s0ix exit (jsc#SLE-18382).
e1000e: Fix possible overflow in LTR decoding (git-fixes).
e1000e: Handshake with CSME starts from ADL platforms (git-fixes).
e1000e: Separate ADP board type from TGP (git-fixes).
EDAC/altera: Fix deferred probing (bsc#1190497).
EDAC/amd64: Add new register offset support and related changes (jsc#SLE-19026).
EDAC/amd64: Set memory type per DIMM (jsc#SLE-19026).
EDAC: Fix calculation of returned address and next offset in edac_align_ptr() (bsc#1190497).
EDAC/synopsys: Read the error count from the correct register (bsc#1190497).
EDAC/xgene: Fix deferred probing (bsc#1190497).
eeprom: ee1004: limit i2c reads to I2C_SMBUS_BLOCK_MAX (git-fixes).
efi: Add missing prototype for efi_capsule_setup_info (git-fixes).
efi: Do not import certificates from UEFI Secure Boot for T2 Macs (git-fixes).
efi: fix return value of __setup handlers (git-fixes).
efivars: Respect 'block' flag in efivar_entry_set_safe() (git-fixes).
enable DRM_BOCHS as module (bsc#1200572)
epic100: fix use after free on rmmod (git-fixes).
ethernet/sfc: remove redundant rc variable (bsc#1196306).
exec: Force single empty string when argv is empty (bsc#1200571).
ext2: correct max file size computing (bsc#1197820).
ext4: avoid trim error on fs with small groups (bsc#1191271).
ext4: destroy ext4_fc_dentry_cachep kmemcache on module removal (bsc#1197917).
ext4: fix an use-after-free issue about data=journal writeback mode (bsc#1195482).
ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1200810).
ext4: fix bug_on in __es_tree_search (bsc#1200809).
ext4: fix ext4_fc_stats trace point (git-fixes).
ext4: fix race condition between ext4_write and ext4_convert_inline_data (bsc#1200807).
ext4: limit length to bitmap_maxbytes - blocksize in punch_hole (bsc#1200806).
ext4: make variable 'count' signed (bsc#1200820).
ext4: reject the 'commit' option on ext2 filesystems (bsc#1200808).
extcon: Modify extcon device to be created after driver data is set (git-fixes).
extcon: ptn5150: Add queue work sync before driver release (git-fixes).
faddr2line: Fix overlapping text section failures, the sequel (git-fixes).
fbcon: Avoid 'cap' set but not used warning (bsc#1190786)
fbcon: Consistently protect deferred_takeover with console_lock() (git-fixes).
firewire: core: extend card->lock in fw_core_handle_bus_reset (git-fixes).
firewire: fix potential uaf in outbound_phy_packet_callback() (git-fixes).
firewire: remove check of list iterator against head past the loop body (git-fixes).
firmware: arm_ffa: Fix uuid parameter to ffa_partition_probe (git-fixes).
firmware: arm_ffa: Remove incorrect assignment of driver_data (git-fixes).
firmware: arm_scmi: Fix list protocols enumeration in the base protocol (git-fixes).
firmware: arm_scmi: Fix sorting of retrieved clock rates (git-fixes).
firmware: arm_scmi: Remove space in MODULE_ALIAS name (git-fixes).
firmware: arm_scmi: Validate BASE_DISCOVER_LIST_PROTOCOLS response (git-fixes).
firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle (git-fixes).
firmware: google: Properly state IOMEM dependency (git-fixes).
firmware: qcom: scm: Remove reassignment to desc following initializer (git-fixes).
firmware: stratix10-svc: add missing callback parameter on RSU (git-fixes).
firmware: stratix10-svc: fix a missing check on list iterator (git-fixes).
firmware: sysfb: fix platform-device leak in error path (git-fixes).
firmware: ti_sci: Fix compilation failure when CONFIG_TI_SCI_PROTOCOL is not defined (git-fixes).
firmware: use kernel credentials when reading firmware (git-fixes).
Fix a warning about a malformed kernel doc comment in cifs (bsc#1193629).
fs: fd tables have to be multiples of BITS_PER_LONG (bsc#1200827).
fs: fix fd table size alignment properly (bsc#1200882).
fs: handle circular mappings correctly (bsc#1197918).
fsl_lpuart: Do not enable interrupts too early (git-fixes).
fsnotify: Do not insert unmergeable events in hashtable (bsc#1197922).
fsnotify: fix fsnotify hooks in pseudo filesystems (bsc#1195944 bsc#1195478).
fsnotify: fix wrong lockdep annotations (bsc#1200815).
ftrace: Clean up hash direct_functions on register failures (git-fixes).
fuse: fix fileattr op failure (bsc#1197292).
gen_init_cpio: fix short read file handling (bsc#1193289).
genirq/affinity: Consider that CPUs on nodes can be (git-fixes)
genirq: Synchronize interrupt thread startup (git-fixes)
gianfar: ethtool: Fix refcount leak in gfar_get_ts_info (git-fixes).
gma500: fix an incorrect NULL check on list iterator (git-fixes).
gpio: adp5588: Remove support for platform setup and teardown callbacks (git-fixes).
gpio: aggregator: Fix calling into sleeping GPIO controllers (git-fixes).
gpio: dwapb: Do not print error on -EPROBE_DEFER (git-fixes).
gpio: gpio-vf610: do not touch other bits when set the target bit (git-fixes).
gpiolib: acpi: Convert ACPI value of debounce to microseconds (git-fixes).
gpiolib: acpi: use correct format characters (git-fixes).
gpiolib: Never return internal error codes to user space (git-fixes).
gpiolib: of: fix bounds check for 'gpio-reserved-ranges' (git-fixes).
gpio: mvebu: drop pwm base assignment (git-fixes).
gpio: mvebu/pwm: Refuse requests with inverted polarity (git-fixes).
gpio: pca953x: fix irq_stat not updated when irq is disabled (irq_mask not set) (git-fixes).
gpio: pca953x: use the correct register address to do regcache sync (git-fixes).
gpio: Return EPROBE_DEFER if gc->to_irq is NULL (git-fixes).
gpio: Revert regression in sysfs-gpio (gpiolib.c) (git-fixes).
gpio: sifive: use the correct register to read output values (git-fixes).
gpio: tegra186: Fix chip_data type confusion (git-fixes).
gpio: ts4900: Do not set DAT and OE together (git-fixes).
gpio: visconti: Fix fwnode of GPIO IRQ (git-fixes).
gpio: winbond: Fix error code in winbond_gpio_get() (git-fixes).
gpu: host1x: Fix a memory leak in 'host1x_remove()' (git-fixes).
gpu: ipu-v3: Fix dev_dbg frequency output (git-fixes).
gup: Turn fault_in_pages_{readable,writeable} into fault_in_{readable,writeable} (git-fixes).
gve: Fix GFP flags when allocing pages (git-fixes).
gve: fix the wrong AdminQ buffer queue index check (git-fixes).
habanalabs: Add check for pci_enable_device (git-fixes).
habanalabs: fix possible memory leak in MMU DR fini (git-fixes).
hamradio: fix macro redefine warning (git-fixes).
hex2bin: fix access beyond string end (git-fixes).
HID: add mapping for KEY_ALL_APPLICATIONS (git-fixes).
HID: add mapping for KEY_DICTATE (git-fixes).
HID: Add support for open wheel and no attachment to T300 (git-fixes).
HID:Add support for UGTABLET WP5540 (git-fixes).
HID: amd_sfh: Add illuminance mask to limit ALS max value (git-fixes).
HID: amd_sfh: Correct the structure field name (git-fixes).
HID: amd_sfh: Modify the bus name (git-fixes).
HID: amd_sfh: Modify the hid name (git-fixes).
HID: bigben: fix slab-out-of-bounds Write in bigben_probe (git-fixes).
hide appended member supports_dynamic_smps_6ghz (git-fixes).
HID: elan: Fix potential double free in elan_input_configured (git-fixes).
HID: hid-led: fix maximum brightness for Dream Cheeky (git-fixes).
HID: hid-thrustmaster: fix OOB read in thrustmaster_interrupts (git-fixes).
HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports (git-fixes).
HID: intel-ish-hid: Use dma_alloc_coherent for firmware update (git-fixes).
HID: logitech-dj: add new lightspeed receiver id (git-fixes).
HID: multitouch: add quirks to enable Lenovo X12 trackpoint (git-fixes).
HID: multitouch: Add support for Google Whiskers Touchpad (git-fixes).
HID: multitouch: fix Dell Precision 7550 and 7750 button type (bsc#1197243).
HID: vivaldi: fix sysfs attributes leak (git-fixes).
hinic: fix bug of wq out of bound access (git-fixes).
hv_balloon: rate-limit 'Unhandled message' warning (git-fixes).
hv_netvsc: Add check for kvmalloc_array (git-fixes).
hv_utils: Add comment about max VMbus packet size in VSS driver (git-fixes).
hwmon: (dell-smm) Speed up setting of fan speed (git-fixes).
hwmon: (f71882fg) Fix negative temperature (git-fixes).
hwmon: Handle failure to register sensor with thermal zone correctly (git-fixes).
hwmon: (ibmaem) do not call platform_device_del() if platform_device_add() fails (git-fixes).
hwmon: (ltq-cputemp) restrict it to SOC_XWAY (git-fixes).
hwmon: (pmbus) Add mutex to regulator ops (git-fixes).
hwmon: (pmbus) Add Vin unit off handling (git-fixes).
hwmon: (pmbus) Check PEC support before reading other registers (git-fixes).
hwmon: (pmbus) Clear pmbus fault/warning bits after read (git-fixes).
hwmon: (pmbus) disable PEC if not enabled (git-fixes).
hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING (git-fixes).
hwmon: (tmp401) Add OF device ID table (git-fixes).
hwrng: atmel - disable trng on failure path (git-fixes).
hwrng: cavium - Check health status while reading random data (git-fixes).
hwrng: cavium - HW_RANDOM_CAVIUM should depend on ARCH_THUNDER (git-fixes).
hwrng: nomadik - Change clk_disable to clk_disable_unprepare (git-fixes).
hwrng: omap3-rom - fix using wrong clk_disable() in omap_rom_rng_runtime_resume() (git-fixes).
i2c: at91: Initialize dma_buf in at91_twi_xfer() (git-fixes).
i2c: at91: use dma safe buffers (git-fixes).
i2c: bcm2835: Avoid clock stretching timeouts (git-fixes).
i2c: bcm2835: Fix the error handling in 'bcm2835_i2c_probe()' (git-fixes).
i2c: bcm2835: Use platform_get_irq() to get the interrupt (git-fixes).
i2c: brcmstb: fix support for DSL and CM variants (git-fixes).
i2c: cadence: Increase timeout per message if necessary (git-fixes).
i2c: designware: Use standard optional ref clock implementation (git-fixes).
i2c: dev: Force case user pointers in compat_i2cdev_ioctl() (git-fixes).
i2c: ismt: prevent memory corruption in ismt_access() (git-fixes).
i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging (git-fixes).
i2c: meson: Fix wrong speed use from probe (git-fixes).
i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe() (git-fixes).
i2c: mux: demux-pinctrl: do not deactivate a master that is not active (git-fixes).
i2c: npcm7xx: Add check for platform_driver_register (git-fixes).
i2c: npcm: Correct register access width (git-fixes).
i2c: npcm: Fix timeout calculation (git-fixes).
i2c: npcm: Handle spurious interrupts (git-fixes).
i2c: piix4: Add EFCH MMIO support for SMBus port select (git-fixes).
i2c: piix4: Add EFCH MMIO support to region request and release (git-fixes).
i2c: piix4: Add EFCH MMIO support to SMBus base address detect (git-fixes).
i2c: piix4: Enable EFCH MMIO for Family 17h+ (git-fixes).
i2c: piix4: Move port I/O region request/release code into functions (git-fixes).
i2c: piix4: Move SMBus controller base address detect into function (git-fixes).
i2c: piix4: Move SMBus port selection into function (git-fixes).
i2c: piix4: Replace hardcoded memory map size with a #define (git-fixes).
i2c: qcom-cci: do not delete an unregistered adapter (git-fixes).
i2c: qcom-cci: do not put a device tree node before i2c_add_adapter() (git-fixes).
i2c: rcar: fix PM ref counts in probe error paths (git-fixes).
i2c: xiic: Make bus names unique (git-fixes).
i40e: do not reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb (git-fixes).
i40e: Fix for failed to init adminq while VF reset (git-fixes).
i40e: Fix issue when maximum queues is exceeded (git-fixes).
i40e: Fix queues reservation for XDP (git-fixes).
i40e: Fix reset bw limit when DCB enabled with 1 TC (git-fixes).
i40e: Fix reset path while removing the driver (git-fixes).
i40e: fix unsigned stat widths (git-fixes).
i40e: i40e_main: fix a missing check on list iterator (git-fixes).
i40e: Increase delay to 1 s after global EMP reset (git-fixes).
i40e: remove dead stores on XSK hotpath (jsc#SLE-18378).
i40e: respect metadata on XSK Rx to skb (git-fixes).
i40e: stop disabling VFs due to PF error responses (jsc#SLE-18378).
iavf: Add waiting so the port is initialized in remove (jsc#SLE-18385).
iavf: Fix deadlock in iavf_reset_task (jsc#SLE-18385).
iavf: Fix double free in iavf_reset_task (jsc#SLE-18385).
iavf: Fix handling of vlan strip virtual channel messages (jsc#SLE-18385).
iavf: Fix hang during reboot/shutdown (jsc#SLE-18385).
iavf: Fix __IAVF_RESETTING state usage (jsc#SLE-18385).
iavf: Fix init state closure on remove (jsc#SLE-18385).
iavf: Fix locking for VIRTCHNL_OP_GET_OFFLOAD_VLAN_V2_CAPS (jsc#SLE-18385).
iavf: Fix missing check for running netdev (git-fixes).
iavf: Fix race in init state (jsc#SLE-18385).
iavf: Rework mutexes for better synchronisation (jsc#SLE-18385 stable-5.14.6).
IB/cma: Allow XRC INI QPs to set their local ACK timeout (git-fixes).
IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (git-fixes).
IB/cm: Release previously acquired reference counter in the cm_id_priv (git-fixes).
IB/hfi1: Allow larger MTU without AIP (git-fixes).
IB/hfi1: Fix AIP early init panic (git-fixes).
IB/hfi1: Fix alloc failure with larger txqueuelen (git-fixes).
IB/hfi1: Fix panic with larger ipoib send_queue_size (jsc#SLE-19242).
IB/hfi1: Fix tstats alloc and dealloc (git-fixes).
IB/mlx5: Expose NDR speed through MAD (bsc#1196930).
ibmvnic: do not release napi in __ibmvnic_open() (bsc#1195668 ltc#195811).
ibmvnic: fix race between xmit and reset (bsc#1197302 ltc#197259).
ibmvnic: Properly dispose of all skbs during a failover (bsc#1200925).
ibmvnic: schedule failover only if vioctl fails (bsc#1196400 ltc#195815).
IB/qib: Fix duplicate sysfs directory name (git-fixes).
IB/rdmavt: add lock to call to rvt_error_qp to prevent a race condition (git-fixes).
IB/rdmavt: Validate remote_addr during loopback atomic tests (git-fixes).
ice: allow creating VFs for !CONFIG_NET_SWITCHDEV (jsc#SLE-18375).
ice: check the return of ice_ptp_gettimex64 (git-fixes).
ice: clear cmd_type_offset_bsz for TX rings (jsc#SLE-18375).
ice: Clear default forwarding VSI during VSI release (git-fixes).
ice: clear stale Tx queue settings before configuring (git-fixes).
ice: do not allow to run ice_send_event_to_aux() in atomic ctx (git-fixes).
ice: do not reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb (git-fixes).
ice: Do not use GFP_KERNEL in atomic context (git-fixes).
ice: enable parsing IPSEC SPI headers for RSS (git-fixes).
ice: fix an error code in ice_cfg_phy_fec() (git-fixes).
ice: fix concurrent reset and removal of VFs (git-fixes).
ice: fix crash in switchdev mode (jsc#SLE-18375).
ice: Fix curr_link_speed advertised speed (git-fixes).
ice: Fix incorrect locking in ice_vc_process_vf_msg() (jsc#SLE-18375).
ice: fix IPIP and SIT TSO offload (git-fixes).
ice: fix NULL pointer dereference in ice_update_vsi_tx_ring_stats() (jsc#SLE-18375).
ice: fix PTP stale Tx timestamps cleanup (git-fixes).
ice: fix setting l4 port flag when adding filter (jsc#SLE-18375).
ice: fix use-after-free when deinitializing mailbox snapshot (git-fixes).
ice: initialize local variable 'tlv' (git-fixes).
ice: kabi protect ice_pf (bsc#1200502).
ice: Protect vf_state check by cfg_lock in ice_vc_process_vf_msg() (jsc#SLE-18375).
ice: respect metadata on XSK Rx to skb (git-fixes).
ice: synchronize_rcu() when terminating rings (git-fixes).
ice: xsk: Fix indexing in ice_tx_xsk_pool() (jsc#SLE-18375).
ice: xsk: fix VSI state check in ice_xsk_wakeup() (git-fixes).
igb: refactor XDP registration (git-fixes).
igc: avoid kernel warning when changing RX ring parameters (git-fixes).
igc: do not reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb (git-fixes).
igc: Fix BUG: scheduling while atomic (git-fixes).
igc: Fix infinite loop in release_swfw_sync (git-fixes).
igc: Fix suspending when PTM is active (jsc#SLE-18377).
igc: igc_read_phy_reg_gpy: drop premature return (git-fixes).
igc: igc_write_phy_reg_gpy: drop premature return (git-fixes).
iio:accel:bma180: rearrange iio trigger get and register (git-fixes).
iio: accel: fxls8962af: add padding to regmap for SPI (git-fixes).
iio:accel:kxcjk-1013: rearrange iio trigger get and register (git-fixes).
iio: accel: mma8452: ignore the return value of reset operation (git-fixes).
iio: accel: mma8452: use the correct logic to get mma8452_data (git-fixes).
iio:accel:mxc4005: rearrange iio trigger get and register (git-fixes).
iio: adc: ad7124: fix mask used for setting AIN_BUFP and AIN_BUFM bits (git-fixes).
iio: adc: ad7124: Remove shift from scan_type (git-fixes).
iio: adc: Add check for devm_request_threaded_irq (git-fixes).
iio: adc: adi-axi-adc: Fix refcount leak in adi_axi_adc_attach_client (git-fixes).
iio: adc: axp288: Override TS pin bias current for some models (git-fixes).
iio: adc: men_z188_adc: Fix a resource leak in an error handling path (git-fixes).
iio: adc: sc27xx: Fine tune the scale calibration values (git-fixes).
iio: adc: sc27xx: fix read big scale voltage not right (git-fixes).
iio: adc: stm32: Fix ADCs iteration in irq handler (git-fixes).
iio: adc: stm32: Fix IRQs on STM32F4 by removing custom spurious IRQs message (git-fixes).
iio: adc: stm32: fix maximum clock rate for stm32mp15x (git-fixes).
iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check (git-fixes).
iio: adc: ti-ads131e08: add missing fwnode_handle_put() in ads131e08_alloc_channels() (git-fixes).
iio: adc: tsc2046: fix memory corruption by preventing array overflow (git-fixes).
iio: adc: vf610: fix conversion mode sysfs node name (git-fixes).
iio: afe: rescale: Fix boolean logic bug (git-fixes).
iio: afe: rescale: use s64 for temporary scale calculations (git-fixes).
iio: buffer: Fix file related error handling in IIO_BUFFER_GET_FD_IOCTL (git-fixes).
iio:chemical:ccs811: rearrange iio trigger get and register (git-fixes).
iio: dac: ad5446: Fix read_raw not returning set value (git-fixes).
iio: dac: ad5592r: Fix the missing return value (git-fixes).
iio: dummy: iio_simple_dummy: check the return value of kstrdup() (git-fixes).
iio: Fix error handling for PM (git-fixes).
iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (git-fixes).
iio:humidity:hts221: rearrange iio trigger get and register (git-fixes).
iio:imu:adis16480: fix buffering for devices with no burst mode (git-fixes).
iio:imu:bmi160: disable regulator in error path (git-fixes).
iio: imu: inv_icm42600: Fix I2C init possible nack (git-fixes).
iio: imu: st_lsm6dsx: wait for settling time in st_lsm6dsx_read_oneshot (git-fixes).
iio: inkern: apply consumer scale on IIO_VAL_INT cases (git-fixes).
iio: inkern: apply consumer scale when no channel scale is available (git-fixes).
iio: inkern: make a best effort on offset calculation (git-fixes).
iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on() (git-fixes).
iio: magnetometer: yas530: Fix memchr_inv() misuse (git-fixes).
iio: mma8452: Fix probe failing when an i2c_device_id is used (git-fixes).
iio: mma8452: fix probe fail when device tree compatible is used (git-fixes).
iio: proximity: vl53l0x: Fix return value check of wait_for_completion_timeout (git-fixes).
iio: st_sensors: Add a local lock for protecting odr (git-fixes).
iio: trigger: sysfs: fix use-after-free on remove (git-fixes).
ima: Allow template selection with ima_template[_fmt]= after ima_hash= (git-fixes).
ima: Do not print policy rule with inactive LSM labels (git-fixes).
ima: fix reference leak in asymmetric_verify() (git-fixes).
ima: Remove ima_policy file before directory (git-fixes).
init: call time_init() before rand_initialize() (git-fixes).
init: Initialize noop_backing_dev_info early (bsc#1200822).
init/main.c: return 1 from handled __setup() functions (git-fixes).
initramfs: Check timestamp to prevent broken cpio archive (bsc#1193289).
inotify: show inotify mask flags in proc fdinfo (bsc#1200600).
Input: add bounds checking to input_set_capability() (git-fixes).
Input: aiptek - properly check endpoint type (git-fixes).
Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag (git-fixes).
Input: clear BTN_RIGHT/MIDDLE on buttonpads (git-fixes).
Input: elan_i2c: Add deny list for Lenovo Yoga Slim 7 (bsc#1193064).
Input: elan_i2c - fix regulator enable count imbalance after suspend/resume (git-fixes).
Input: elan_i2c - move regulator_[en|dis]able() out of elan_[en|dis]able_power() (git-fixes).
Input: gpio-keys - cancel delayed work only in case of GPIO (git-fixes).
Input: ili210x - fix reset timing (git-fixes).
Input: omap4-keypad - fix pm_runtime_get_sync() error checking (git-fixes).
Input: samsung-keypad - properly state IOMEM dependency (git-fixes).
Input: soc_button_array - also add Lenovo Yoga Tablet2 1051F to dmi_use_low_level_irq (git-fixes).
Input: sparcspkr - fix refcount leak in bbc_beep_probe (git-fixes).
Input: stmfts - do not leave device disabled in stmfts_input_open (git-fixes).
Input: stmfts - fix reference leak in stmfts_input_open (git-fixes).
Input: synaptics - enable InterTouch on ThinkPad T14/P14s Gen 1 AMD (git-fixes).
Input: synaptics: retry query upon error (bsc#1194086).
Input: wm97xx: Simplify resource management (git-fixes).
Input: zinitix - do not report shadow fingers (git-fixes).
integrity: check the return value of audit_log_start() (git-fixes).
iocost: do not reset the inuse weight of under-weighted debtors (git-fixes).
iocost: Fix divide-by-zero on donation from low hweight cgroup (bsc#1198014).
iomap: iomap_write_failed fix (bsc#1200829).
iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() (git-fixes).
iommu/amd: Increase timeout waiting for GA log enablement (bsc#1199052).
iommu/amd: Remove useless irq affinity notifier (git-fixes).
iommu/amd: Restore GA log/tail pointer on host resume (git-fixes).
iommu/amd: X2apic mode: mask/unmask interrupts on suspend/resume (git-fixes).
iommu/amd: X2apic mode: re-enable after resume (git-fixes).
iommu/amd: X2apic mode: setup the INTX registers on mask/unmask (git-fixes).
iommu: arm-smmu: disable large page mappings for Nvidia arm-smmu (bsc#1198826).
iommu/arm-smmu-qcom: Fix TTBR0 read (git-fixes).
iommu: Extend mutex lock scope in iommu_probe_device() (git-fixes).
iommu/ioasid: Introduce a helper to check for valid PASIDs (jsc#SLE-24350).
iommu/io-pgtable-arm: Fix table descriptor paddr formatting (git-fixes).
iommu/io-pgtable-arm-v7s: Add error handle for page table allocation failure (git-fixes).
iommu/iova: Fix race between FQ timeout and teardown (git-fixes).
iommu/sva: Assign a PASID to mm on PASID allocation and free it on mm exit (jsc#SLE-24350).
iommu/sva: Rename CONFIG_IOMMU_SVA_LIB to CONFIG_IOMMU_SVA (jsc#SLE-24350).
iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() (git-fixes).
ionic: add FW_STOPPING state (git-fixes).
ionic: Allow flexibility for error reporting on dev commands (git-fixes).
ionic: better handling of RESET event (git-fixes).
ionic: catch transition back to RUNNING with fw_generation 0 (git-fixes).
ionic: Cleanups in the Tx hotpath code (git-fixes).
ionic: Correctly print AQ errors if completions are not received (git-fixes).
ionic: disable napi when ionic_lif_init() fails (git-fixes).
ionic: Do not send reset commands if FW isn't running (git-fixes).
ionic: fix missing pci_release_regions() on error in ionic_probe() (git-fixes).
ionic: fix type complaint in ionic_dev_cmd_clean() (git-fixes).
ionic: fix up printing of timeout error (git-fixes).
ionic: Prevent filter add/del err msgs when the device is not available (git-fixes).
ionic: Query FW when getting VF info via ndo_get_vf_config (git-fixes).
ionic: remove the dbid_inuse bitmap (git-fixes).
ionic: replace set_vf data with union (git-fixes).
ionic: start watchdog after all is setup (git-fixes).
ionic: stretch heartbeat detection (git-fixes).
io_uring: add more locking annotations for submit (bsc#1199011).
io_uring: avoid touching inode in rw prep (bsc#1199011).
io_uring: be smarter about waking multiple CQ ring waiters (bsc#1199011).
io_uring: cache __io_free_req()'d requests (bsc#1199011).
io_uring: clean io-wq callbacks (bsc#1199011).
io_uring: clean up tctx_task_work() (bsc#1199011).
io_uring: deduplicate open iopoll check (bsc#1199011).
io_uring: do not halt iopoll too early (bsc#1199011).
io_uring: drop exec checks from io_req_task_submit (bsc#1199011).
io_uring: extract a helper for ctx quiesce (bsc#1199011).
io_uring: Fix undefined-behaviour in io_issue_sqe (bsc#1199011).
io_uring: improve ctx hang handling (bsc#1199011).
io_uring: inline fixed part of io_file_get() (bsc#1199011).
io_uring: inline io_free_req_deferred (bsc#1199011).
io_uring: inline io_poll_remove_waitqs (bsc#1199011).
io_uring: inline struct io_comp_state (bsc#1199011).
io_uring: kill unused IO_IOPOLL_BATCH (bsc#1199011).
io_uring: move io_fallback_req_func() (bsc#1199011).
io_uring: move io_put_task() definition (bsc#1199011).
io_uring: move io_rsrc_node_alloc() definition (bsc#1199011).
io_uring: optimise io_cqring_wait() hot path (bsc#1199011).
io_uring: optimise putting task struct (bsc#1199011).
io_uring: refactor io_alloc_req (bsc#1199011).
io_uring: remove extra argument for overflow flush (bsc#1199011).
io_uring: remove file batch-get optimisation (bsc#1199011).
io_uring: remove IRQ aspect of io_ring_ctx completion lock (bsc#1199011).
io_uring: remove redundant args from cache_free (bsc#1199011).
io_uring: remove unnecessary PF_EXITING check (bsc#1199011).
io_uring: rename io_file_supports_async() (bsc#1199011).
io_uring: run linked timeouts from task_work (bsc#1199011).
io_uring: run regular file completions from task_work (bsc#1199011).
io_uring: run timeouts from task_work (bsc#1199011).
io_uring: use inflight_entry instead of compl.list (bsc#1199011).
io_uring: use kvmalloc for fixed files (bsc#1199011).
io-wq: get rid of FIXED worker flag (bsc#1199011).
io-wq: make worker creation resilient against signals (bsc#1199011).
io-wq: move nr_running and worker_refs out of wqe->lock protection (bsc#1199011).
io-wq: only exit on fatal signals (bsc#1199011).
io-wq: provide a way to limit max number of workers (bsc#1199011).
io-wq: split bounded and unbounded work into separate lists (bsc#1199011).
io-wq: wqe and worker locks no longer need to be IRQ safe (bsc#1199011).
ipc/sem: do not sleep with a spin lock held (bsc#1198412).
ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (git-fixes).
ipmi: bail out if init_srcu_struct fails (git-fixes).
ipmi: Fix pr_fmt to avoid compilation issues (git-fixes).
ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module (git-fixes).
ipmi:ssif: Check for NULL msg when handling events and messages (git-fixes).
ipvs: add sysctl_run_estimation to support disable estimation (bsc#1195504).
ipw2x00: Fix potential NULL dereference in libipw_xmit() (git-fixes).
irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (git-fixes).
irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value (git-fixes).
irqchip/aspeed-scu-ic: Fix irq_of_parse_and_map() return value (git-fixes).
irqchip/exiu: Fix acknowledgment of edge triggered interrupts (git-fixes).
irqchip/gic, gic-v3: Prevent GSI to SGI translations (git-fixes).
irqchip/gic/realview: Fix refcount leak in realview_gic_of_init (git-fixes).
irqchip/gic-v3: Ensure pseudo-NMIs have an ISB between ack and handling (git-fixes).
irqchip/gic-v3: Fix error handling in gic_populate_ppi_partitions (git-fixes).
irqchip/gic-v3: Fix GICR_CTLR.RWP polling (git-fixes).
irqchip/gic-v3: Fix refcount leak in gic_populate_ppi_partitions (git-fixes).
irqchip/gic-v4: Wait for GICR_VPENDBASER.Dirty to clear before descheduling (git-fixes).
irqchip: irq-xtensa-mx: fix initial IRQ affinity (git-fixes).
irqchip/nvic: Release nvic_base upon failure (git-fixes).
irqchip/qcom-pdc: Fix broken locking (git-fixes).
irqchip/realtek-rtl: Fix refcount leak in map_interrupts (git-fixes).
irqchip/realtek-rtl: Service all pending interrupts (git-fixes).
isdn: hfcpci: check the return value of dma_set_mask() in setup_hw() (git-fixes).
ivtv: fix incorrect device_caps for ivtvfb (git-fixes).
iwlwifi: do not advertise TWT support (git-fixes).
iwlwifi: Fix -EIO error code that is never returned (git-fixes).
iwlwifi: fix use-after-free (git-fixes).
iwlwifi: iwl-dbg: Use del_timer_sync() before freeing (git-fixes).
iwlwifi: mvm: align locking in D3 test debugfs (git-fixes).
iwlwifi: mvm: check debugfs_dir ptr before use (git-fixes).
iwlwifi: mvm: Correctly set fragmented EBS (git-fixes).
iwlwifi: mvm: Do not call iwl_mvm_sta_from_mac80211() with NULL sta (git-fixes).
iwlwifi: mvm: do not crash on invalid rate w/o STA (git-fixes).
iwlwifi: mvm: do not iterate unadded vifs when handling FW SMPS req (git-fixes).
iwlwifi: mvm: do not send SAR GEO command for 3160 devices (git-fixes).
iwlwifi: mvm: Fix an error code in iwl_mvm_up() (git-fixes).
iwlwifi: mvm: fix assert 1F04 upon reconfig (git-fixes).
iwlwifi: mvm: move only to an enabled channel (git-fixes).
iwlwifi: pcie: fix locking when 'HW not ready' (git-fixes).
iwlwifi: pcie: gen2: fix locking when 'HW not ready' (git-fixes).
iwlwifi: yoyo: remove DBGI_SRAM address reset writing (git-fixes).
ixgbe: do not reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb (git-fixes).
ixgbe: ensure IPsec VF - PF compatibility (git-fixes).
ixgbe: respect metadata on XSK Rx to skb (git-fixes).
ixgbe: xsk: change !netif_carrier_ok() handling in ixgbe_xmit_zc() (git-fixes).
jbd2: Fake symbols defined under CONFIG_JBD2_DEBUG (bsc#1198971).
jfs: fix divide error in dbNextAG (bsc#1200828).
kABI: Fix kABI after 'x86/mm/cpa: Generalize __set_memory_enc_pgtable()' (jsc#SLE-19924).
kABI fix of sysctl_run_estimation (git-fixes).
kABI: fix rndis_parameters locking (git-fixes).
kABI: ivtv: restore caps member (git-fixes).
kabi/severities: allow dropping a few invalid exported symbols (bsc#1201218)
kabi/severities: Ignore arch/x86/kvm except for kvm_x86_ops Handle this like in previous SLE kernels.
kABI workaround for fxls8962af iio accel drivers (git-fixes).
kABI workaround for pci quirks (git-fixes).
kconfig: fix failing to generate auto.conf (git-fixes).
kconfig: let 'shell' return enough output for deep path names (git-fixes).
kernel/fork: Initialize mm's PASID (jsc#SLE-24350).
kernel/resource: Introduce request_mem_region_muxed() (git-fixes).
kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add] (git-fixes).
KEYS: asymmetric: enforce that sig algo matches key algo (git-fixes).
KEYS: asymmetric: properly validate hash_algo and encoding (git-fixes).
KEYS: fix length validation in keyctl_pkey_params_get_2() (git-fixes).
KEYS: trusted: Avoid calling null function trusted_key_exit (git-fixes).
KEYS: trusted: Fix trusted key backends when building as module (git-fixes).
KEYS: trusted: tpm2: Fix migratable logic (git-fixes).
kprobes: Add kretprobe_find_ret_addr() for searching return address (bsc#1193277).
kprobes: Enable stacktrace from pt_regs in kretprobe handler (bsc#1193277).
kprobes: treewide: Cleanup the error messages for kprobes (bsc#1193277).
kprobes: treewide: Make it harder to refer kretprobe_trampoline directly (bsc#1193277).
kprobes: treewide: Remove trampoline_address from kretprobe_trampoline_handler() (bsc#1193277).
kprobes: treewide: Replace arch_deref_entry_point() with dereference_symbol_descriptor() (bsc#1193277).
kprobes: treewide: Use 'kprobe_opcode_t *' for the code address in get_optimized_kprobe() (bsc#1193277).
kselftest/arm64: bti: force static linking (git-fixes).
kunit: tool: Import missing importlib.abc (git-fixes).
KVM: arm64: Avoid consuming a stale esr value when SError occur (git-fixes).
KVM: arm64: Drop unused workaround_flags vcpu field (git-fixes).
KVM: arm64: pkvm: Use the mm_ops indirection for cache maintenance (git-fixes).
KVM: arm64: Use shadow SPSR_EL1 when injecting exceptions on !VHE (git-fixes).
KVM: Clean up benign vcpu->cpu data races when kicking vCPUs (git-fixes).
KVM: Ensure local memslot copies operate on up-to-date arch-specific data (git-fixes).
KVM: fix wrong exception emulation in check_rdtsc (git-fixes).
KVM: LAPIC: Drop pending LAPIC timer injection when canceling the timer (git-fixes).
KVM: nVMX: Abide to KVM_REQ_TLB_FLUSH_GUEST request on nested vmentry/vmexit (git-fixes).
KVM: nVMX: Clear IDT vectoring on nested VM-Exit for double/triple fault (git-fixes).
KVM: nVMX: Do not clear CR3 load/store exiting bits if L1 wants 'em (git-fixes).
KVM: nVMX: Emulate guest TLB flush on nested VM-Enter with new vpid12 (git-fixes).
KVM: nVMX: Ensure vCPU honors event request if posting nested IRQ fails (git-fixes).
KVM: nVMX: Flush current VPID (L1 vs. L2) for KVM_REQ_TLB_FLUSH_GUEST (git-fixes).
KVM: nVMX: Leave most VM-Exit info fields unmodified on failed VM-Entry (git-fixes).
KVM: PPC: Fix TCE handling for VFIO (bsc#1061840 git-fixes).
KVM: s390: Ensure kvm_arch_no_poll() is read once when blocking vCPU (git-fixes).
KVM: s390: pv: add macros for UVC CC values (git-fixes).
KVM: s390: pv: avoid stalls when making pages secure (git-fixes).
KVM: s390: vsie/gmap: reduce gmap_rmap overhead (git-fixes).
KVM: selftests: Do not skip L2's VMCALL in SMM test for SVM guest (bsc#1194523).
KVM: selftests: Re-enable access_tracking_perf_test (bsc#1194526).
KVM: SEV: accept signals in sev_lock_two_vms (bsc#1194526).
KVM: SEV: do not take kvm->lock when destroying (bsc#1194526).
KVM: SEV: Fall back to vmalloc for SEV-ES scratch area if necessary (bsc#1194526).
KVM: SEV: Mark nested locking of kvm->lock (bsc#1194526).
KVM: SEV: Return appropriate error codes if SEV-ES scratch setup fails (bsc#1194526).
KVM: SVM: Allow AVIC support on system w/ physical APIC ID > 255 (bsc#1193823).
KVM: SVM: Do not terminate SEV-ES guests on GHCB validation failure (bsc#1194526).
KVM: SVM: drop unnecessary code in svm_hv_vmcb_dirty_nested_enlightenments() (git-fixes).
KVM: SVM: Emulate #INIT in response to triple fault shutdown (git-fixes).
KVM: SVM: Fix kvm_cache_regs.h inclusions for is_guest_mode() (git-fixes).
KVM: SVM: hyper-v: Enable Enlightened MSR-Bitmap support for real (git-fixes).
KVM: SVM: Never reject emulation due to SMAP errata for !SEV guests (git-fixes).
KVM: SVM: Use kzalloc for sev ioctl interfaces to prevent kernel data leak (git-fixes).
KVM: VMX: Do not unblock vCPU w/ Posted IRQ if IRQs are disabled in guest (git-fixes).
KVM: VMX: Fold ept_update_paging_mode_cr0() back into vmx_set_cr0() (git-fixes).
KVM: VMX: Invert handling of CR0.WP for EPT without unrestricted guest (git-fixes).
KVM: VMX: Read Posted Interrupt 'control' exactly once per loop iteration (git-fixes).
KVM: VMX: Refresh list of user return MSRs after setting guest CPUID (git-fixes).
KVM: VMX: Remove defunct 'nr_active_uret_msrs' field (git-fixes).
KVM: VMX: Set failure code in prepare_vmcs02() (git-fixes).
KVM: VMX: Skip pointless MSR bitmap update when setting EFER (git-fixes).
KVM: VMX: Wake vCPU when delivering posted IRQ even if vCPU == this vCPU (git-fixes).
KVM: x86: Assume a 64-bit hypercall for guests with protected state (git-fixes).
kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (git-fixes).
KVM: x86: Do not force set BSP bit when local APIC is managed by userspace (git-fixes).
KVM: x86: Do not mark all registers as avail/dirty during RESET/INIT (git-fixes).
KVM: x86: do not print when fail to read/write pv eoi memory (git-fixes).
KVM: x86: Drop guest CPUID check for host initiated writes to MSR_IA32_PERF_CAPABILITIES (git-fixes).
KVM: x86: Drop WARNs that assert a triple fault never 'escapes' from L2 (git-fixes).
KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor() (git-fixes).
KVM: X86: Ensure that dirty PDPTRs are loaded (git-fixes).
KVM: x86: Exit to userspace if emulation prepared a completion callback (git-fixes).
KVM: x86: Fix emulation in writing cr8 (git-fixes).
KVM: X86: Fix missed remote tlb flush in rmap_write_protect() (git-fixes).
KVM: x86: Fix uninitialized eoi_exit_bitmap usage in vcpu_load_eoi_exitmap() (git-fixes).
KVM: x86: Handle 32-bit wrap of EIP for EMULTYPE_SKIP with flat code seg (git-fixes).
KVM: x86: hyper-v: Fix the maximum number of sparse banks for XMM fast TLB flush hypercalls (git-fixes).
KVM: x86: Ignore sparse banks size for an 'all CPUs', non-sparse IPI req (git-fixes).
KVM: x86: Mark all registers as avail/dirty at vCPU creation (git-fixes).
KVM: x86: Migrate the PIT only if vcpu0 is migrated, not any BSP (git-fixes).
KVM: x86/mmu: Check for present SPTE when clearing dirty bit in TDP MMU (git-fixes).
KVM: x86/mmu: Complete prefetch for trailing SPTEs for direct, legacy MMU (git-fixes).
KVM: x86/mmu: Fix TLB flush range when handling disconnected pt (git-fixes).
KVM: x86/mmu: Fix write-protection of PTs mapped by the TDP MMU (git-fixes).
KVM: x86/mmu: Passing up the error state of mmu_alloc_shadow_roots() (git-fixes).
KVM: x86/mmu: Pass parameter flush as false in kvm_tdp_mmu_zap_collapsible_sptes() (git-fixes).
KVM: x86/mmu: Remove spurious TLB flushes in TDP MMU zap collapsible path (git-fixes).
KVM: x86/mmu: Skip tlb flush if it has been done in zap_gfn_range() (git-fixes).
KVM: x86/mmu: Update number of zapped pages even if page list is stable (git-fixes).
KVM: x86/mmu: Use yield-safe TDP MMU root iter in MMU notifier unmapping (git-fixes).
KVM: x86: nSVM: restore the L1 host state prior to resuming nested guest on SMM exit (git-fixes).
KVM: x86: nSVM: skip eax alignment check for non-SVM instructions (git-fixes).
KVM: x86: nSVM: test eax for 4K alignment for GP errata workaround (git-fixes).
KVM: x86: Pend KVM_REQ_APICV_UPDATE during vCPU creation to fix a race (git-fixes).
KVM: x86/pmu: Fix reserved bits for AMD PerfEvtSeln register (git-fixes).
KVM: x86/pmu: Use AMD64_RAW_EVENT_MASK for PERF_TYPE_RAW (git-fixes).
KVM: x86: Register Processor Trace interrupt hook iff PT enabled in guest (git-fixes).
KVM: x86/svm: Clear reserved bits written to PerfEvtSeln MSRs (git-fixes).
KVM: x86: SVM: do not set VMLOAD/VMSAVE intercepts on vCPU reset (git-fixes).
KVM: x86: SVM: fix avic spec based definitions again (bsc#1193823 jsc#SLE-24549).
KVM: x86: SVM: move avic definitions from AMD's spec to svm.h (bsc#1193823 jsc#SLE-24549).
KVM: X86: Synchronize the shadow pagetable before link it (git-fixes).
KVM: x86: Update vCPU's runtime CPUID on write to MSR_IA32_XSS (git-fixes).
KVM: x86: Wait for IPIs to be delivered when handling Hyper-V TLB flush hypercall (git-fixes).
lib: bitmap: fix many kernel-doc warnings (git-fixes).
libbpf: Free up resources used by inner map definition (git-fixes).
lib/iov_iter: initialize 'flags' in new pipe_buffer (git-fixes).
libsubcmd: Fix use-after-free for realloc(..., 0) (git-fixes).
linux/dim: Fix divide by 0 in RDMA DIM (git-fixes).
list: fix a data-race around ep->rdllist (git-fixes).
list: introduce list_is_head() helper and re-use it in list.h (git-fixes).
list: test: Add a test for list_is_head() (git-fixes).
livepatch: Do not block removal of patches that are safe to unload (bsc#1071995).
locking: Make owner_on_cpu() into linux/sched.h (bsc#1190137 bsc#1189998).
locking: Remove rt_rwlock_is_contended() (bsc#1190137 bsc#1189998).
locking/rtmutex: Add rt_mutex_lock_nest_lock() and rt_mutex_lock_killable() (bsc#1190137 bsc#1189998).
locking/rtmutex: Squash self-deadlock check for ww_rt_mutex (bsc#1190137 bsc#1189998).
locking/rwlocks: introduce write_lock_nested (bsc#1189998).
LSM: general protection fault in legacy_parse_param (git-fixes).
lz4: fix LZ4_decompress_safe_partial read out of bound (git-fixes).
mac80211: fix EAPoL rekey fail in 802.3 rx path (git-fixes).
mac80211: fix forwarded mesh frames AC and queue selection (git-fixes).
mac80211: fix potential double free on mesh join (git-fixes).
mac80211: fix rx reordering with non explicit / psmp ack policy (git-fixes).
mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (git-fixes).
mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work (git-fixes).
mac80211_hwsim: report NOACK frames in tx_status (git-fixes).
mac80211: minstrel_ht: fix where rate stats are stored (fixes debugfs output) (git-fixes).
mac80211: mlme: check for null after calling kmemdup (git-fixes).
mac80211: refuse aggregations sessions before authorized (git-fixes).
mac80211: Remove a couple of obsolete TODO (git-fixes).
mac80211: Reset MBSSID parameters upon connection (git-fixes).
mac80211: treat some SAE auth steps as final (git-fixes).
mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (git-fixes).
macros.kernel-source: Fix conditional expansion. Fixes: bb95fef3cf19 ('rpm: Use bash for %() expansion (jsc#SLE-18234).')
macvlan: Fix leaking skb in source mode with nodst option (git-fixes).
mailbox: change mailbox-mpfs compatible string (git-fixes).
mailbox: imx: fix crash in resume on i.mx8ulp (git-fixes).
mailbox: imx: fix wakeup failure from freeze mode (git-fixes).
mailbox: tegra-hsp: Flush whole channel (git-fixes).
maple: fix wrong return value of maple_bus_init() (git-fixes).
md: Do not set mddev private to NULL in raid0 pers->free (git-fixes).
md: fix an incorrect NULL check in does_sb_need_changing (git-fixes).
md: fix an incorrect NULL check in md_reload_sb (git-fixes).
md: fix double free of io_acct_set bioset (git-fixes).
md: fix update super 1.0 on rdev size change (git-fixes).
md: Move alloc/free acct bioset in to personality (git-fixes).
md/raid5: play nice with PREEMPT_RT (bsc#1189998).
media: aspeed: Correct value for h-total-pixels (git-fixes).
media: atmel: atmel-isc-base: report frame sizes as full supported range (git-fixes).
media: atmel: atmel-isc: Fix PM disable depth imbalance in atmel_isc_probe (git-fixes).
media: atmel: atmel-sama5d2-isc: fix wrong mask in YUYV format check (git-fixes).
media: atmel: atmel-sama7g5-isc: fix ispck leftover (git-fixes).
media: atomisp: fix bad usage at error handling logic (git-fixes).
media: atomisp: fix dummy_ptr check to avoid duplicate active_bo (git-fixes).
media: atomisp_gmin_platform: Add DMI quirk to not turn AXP ELDO2 regulator off on some boards (git-fixes).
media: bttv: fix WARNING regression on tunerless devices (git-fixes).
media: camss: csid-170: do not enable unused irqs (git-fixes).
media: camss: csid-170: fix non-10bit formats (git-fixes).
media: camss: csid-170: remove stray comment (git-fixes).
media: camss: csid-170: set the right HALT_CMD when disabled (git-fixes).
media: camss: vfe-170: fix 'VFE halt timeout' error (git-fixes).
media: ccs-core.c: fix failure to call clk_disable_unprepare (git-fixes).
media: cec-adap.c: fix is_configuring state (git-fixes).
media: cedrus: h264: Fix neighbour info buffer size (git-fixes).
media: cedrus: H265: Fix neighbour info buffer size (git-fixes).
media: coda: Fix missing put_device() call in coda_get_vdoa_data (git-fixes).
media: cx25821: Fix the warning when removing the module (git-fixes).
media: cx88-mpeg: clear interrupt status register before streaming video (git-fixes).
media: davinci: Make use of the helper function devm_platform_ioremap_resource() (git-fixes).
media: davinci: vpif: fix unbalanced runtime PM enable (git-fixes).
media: davinci: vpif: fix unbalanced runtime PM get (git-fixes).
media: davinci: vpif: fix use-after-free on driver unbind (git-fixes).
media: doc: pixfmt-rgb: Fix V4L2_PIX_FMT_BGR24 format description (git-fixes).
media: doc: pixfmt-yuv: Fix V4L2-PIX-FMT-Y10P format (git-fixes).
media: em28xx: initialize refcount before kref_get (git-fixes).
media: gpio-ir-tx: fix transmit with long spaces on Orange Pi PC (git-fixes).
media: hantro: Empty encoder capture buffers by default (git-fixes).
media: hantro: Fix overfill bottom register field name (git-fixes).
media: hantro: HEVC: Fix tile info buffer value computation (git-fixes).
media: hantro: HEVC: unconditionnaly set pps_{cb/cr}_qp_offset values (git-fixes).
media: hdpvr: initialize dev->worker at hdpvr_register_videodev (git-fixes).
media: i2c: max9286: fix kernel oops when removing module (git-fixes).
media: i2c: max9286: Use dev_err_probe() helper (git-fixes).
media: i2c: max9286: Use 'maxim,gpio-poc' property (git-fixes).
media: i2c: ov5648: Fix lockdep error (git-fixes).
media: i2c: ov5648: fix wrong pointer passed to IS_ERR() and PTR_ERR() (git-fixes).
media: i2c: rdacm2x: properly set subdev entity function (git-fixes).
media: imon: reorganize serialization (git-fixes).
media: imx-jpeg: fix a bug of accessing array out of bounds (git-fixes).
media: imx-jpeg: Prevent decoding NV12M jpegs into single-planar buffers (git-fixes).
media: iommu/mediatek: Add device_link between the consumer and the larb devices (git-fixes).
media: iommu/mediatek: Return ENODEV if the device is NULL (git-fixes).
media: iommu/mediatek-v1: Free the existed fwspec if the master dev already has (git-fixes).
media: ir_toy: free before error exiting (git-fixes).
media: media-entity.h: Fix documentation for media_create_intf_link (git-fixes).
media: mexon-ge2d: fixup frames size in registers (git-fixes).
media: mtk-vcodec: potential dereference of null pointer (git-fixes).
media: omap3isp: Use struct_group() for memcpy() region (git-fixes).
media: ov5640: Fix set format, v4l2_mbus_pixelcode not updated (git-fixes).
media: ov5648: Do not pack controls struct (git-fixes).
media: ov6650: Add try support to selection API operations (git-fixes).
media: ov6650: Fix crop rectangle affected by set format (git-fixes).
media: ov6650: Fix set format try processing path (git-fixes).
media: ov7670: remove ov7670_power_off from ov7670_remove (git-fixes).
media: pci: cx23885: Fix the error handling in cx23885_initdev() (git-fixes).
media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init (git-fixes).
media: Revert 'media: em28xx: add missing em28xx_close_extension' (git-fixes).
media: rga: fix possible memory leak in rga_probe (git-fixes).
media: rkvdec: h264: Fix bit depth wrap in pps packet (git-fixes).
media: rkvdec: h264: Fix dpb_valid implementation (git-fixes).
media: rkvdec: Stop overclocking the decoder (git-fixes).
media: rockchip/rga: do proper error checking in probe (git-fixes).
media: saa7134: fix incorrect use to determine if list is empty (git-fixes).
media: staging: media: imx: imx7-mipi-csis: Make subdev name unique (git-fixes).
media: staging: media: rkvdec: Make use of the helper function devm_platform_ioremap_resource() (git-fixes).
media: staging: media: zoran: calculate the right buffer number for zoran_reap_stat_com (git-fixes).
media: staging: media: zoran: fix usage of vb2_dma_contig_set_max_seg_size (git-fixes).
media: staging: media: zoran: fix various V4L2 compliance errors (git-fixes).
media: staging: media: zoran: move videodev alloc (git-fixes).
media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED (git-fixes).
media: ti-vpe: cal: Fix a NULL pointer dereference in cal_ctx_v4l2_init_formats() (git-fixes).
media: usb: go7007: s2250-board: fix leak in probe() (git-fixes).
media: uvcvideo: Fix missing check to determine if element is found in list (git-fixes).
media: v4l2-core: Initialize h264 scaling matrix (git-fixes).
media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls (git-fixes).
media: v4l: Avoid unaligned access warnings when printing 4cc modifiers (git-fixes).
media: venus: hfi: avoid null dereference in deinit (git-fixes).
media: venus: hfi_cmds: List HDR10 property as unsupported for v1 and v3 (git-fixes).
media: videobuf2: Fix the size printk format (git-fixes).
media: video/hdmi: handle short reads of hdmi info frame (git-fixes).
media: vidtv: Check for null return of vzalloc (git-fixes).
mei: avoid iterator usage outside of list_for_each_entry (git-fixes).
mei: hbm: drop capability response on early shutdown (git-fixes).
mei: me: add Alder Lake N device id (git-fixes).
mei: me: add raptor lake point S DID (git-fixes).
mei: me: disable driver on the ign firmware (git-fixes).
memblock: fix memblock_phys_alloc() section mismatch error (git-fixes).
memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe (git-fixes).
memory: emif: Add check for setup_interrupts (git-fixes).
memory: emif: check the pointer temp in get_device_details() (git-fixes).
memory: fsl_ifc: populate child nodes of buses and mfd devices (git-fixes).
memory: mtk-smi: Add error handle for smi_probe (git-fixes).
memory: renesas-rpc-if: Fix HF/OSPI data transfer in Manual Mode (git-fixes).
memory: renesas-rpc-if: fix platform-device leak in error path (git-fixes).
memory: samsung: exynos5422-dmc: Avoid some over memory allocation (git-fixes).
memory: samsung: exynos5422-dmc: Fix refcount leak in of_get_dram_timings (git-fixes).
mfd: asic3: Add missing iounmap() on error asic3_mfd_probe (git-fixes).
mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe() (git-fixes).
mfd: exynos-lpass: Drop unneeded syscon.h include (git-fixes).
mfd: ipaq-micro: Fix error check return value of platform_get_irq() (git-fixes).
mfd: mc13xxx: Add check for mc13xxx_irq_request (git-fixes).
mgag200 fix memmapsl configuration in GCTL6 register (git-fixes).
misc: alcor_pci: Fix an error handling path (git-fixes).
misc: atmel-ssc: Fix IRQ check in ssc_probe (git-fixes).
misc: fastrpc: avoid double fput() on failed usercopy (git-fixes).
misc: fastrpc: fix an incorrect NULL check on list iterator (git-fixes).
misc: ocxl: fix possible double free in ocxl_file_register_afu (git-fixes).
misc: rtsx: set NULL intfdata when probe fails (git-fixes).
misc: sgi-gru: Do not cast parameter in bit operations (git-fixes).
mISDN: Fix memory leak in dsp_pipeline_build() (git-fixes).
mlx5: kabi protect lag_mp (git-fixes).
mlxsw: spectrum: Protect driver from buggy firmware (git-fixes).
mm: Add fault_in_subpage_writeable() to probe at sub-page granularity (git-fixes)
mmc: block: Check for errors after write on SPI (git-fixes).
mmc: block: fix read single on recovery logic (git-fixes).
mmc: core: Allows to override the timeout value for ioctl() path (git-fixes).
mmc: core: Fixup support for writeback-cache for eMMC and SD (git-fixes).
mmc: core: Set HS clock speed before sending HS CMD13 (git-fixes).
mmc: core: Wait for command setting 'Power Off Notification' bit to complete (git-fixes).
mmc: davinci_mmc: Handle error for clk_enable (git-fixes).
mm: Change CONFIG option for mm->pasid field (jsc#SLE-24350).
mmc: host: Return an error when ->enable_sdio_irq() ops is missing (git-fixes).
mmc: jz4740: Apply DMA engine limits to maximum segment size (git-fixes).
mm/cma: provide option to opt out from exposing pages on activation failure (bsc#1195099 ltc#196102).
mmc: mediatek: wait dma stop bit reset to 0 (git-fixes).
mmc: meson: Fix usage of meson_mmc_post_req() (git-fixes).
mmc: mmci: stm32: correctly check all elements of sg list (git-fixes).
mmc: renesas_sdhi: do not overwrite TAP settings when HS400 tuning is complete (git-fixes).
mmc: rtsx: add 74 Clocks in power on flow (git-fixes).
mmc: rtsx: Fix build errors/warnings for unused variable (git-fixes).
mmc: rtsx: Let MMC core handle runtime PM (git-fixes).
mmc: rtsx: Use pm_runtime_{get,put}() to handle runtime PM (git-fixes).
mmc: sdhci_am654: Fix the driver data of AM64 SoC (git-fixes).
mmc: sdhci-msm: Reset GCC_SDCC_BCR register for SDHC (git-fixes).
mmc: sdhci-of-esdhc: Check for error num after setting mask (git-fixes).
mmc: sdhci-pci-o2micro: Fix card detect by dealing with debouncing (git-fixes).
mmc: sunxi-mmc: Fix DMA descriptors allocated above 32 bits (git-fixes).
mm: fs: fix lru_cache_disabled race in bh_lru (bsc#1197761).
mm: Fully initialize invalidate_lock, amend lock class later (bsc#1197921).
mm: memcg: synchronize objcg lists with a dedicated spinlock (bsc#1198402).
mm/page_alloc: always attempt to allocate at least one page during bulk allocation (git fixes (mm/pgalloc)).
mm/page_alloc.c: do not warn allocation failure on zone DMA if no managed pages (bsc#1197501).
mm, page_alloc: fix build_zonerefs_node() (git-fixes).
mm/scatterlist: replace the !preemptible warning in sg_miter_stop() (bsc#1189998).
mm/slub: add missing TID updates on slab deactivation (git-fixes).
mm, thp: fix incorrect unmap behavior for private pages (bsc#1198024).
mm, thp: lock filemap when truncating page cache (bsc#1198023).
mm/vmalloc: fix comments about vmap_area struct (git-fixes).
mm_zone: add function to check if managed dma zone exists (bsc#1197501).
modpost: fix removing numeric suffixes (git-fixes).
modpost: fix section mismatch check for exported init/exit sections (git-fixes).
modpost: fix undefined behavior of is_arm_mapping_symbol() (git-fixes).
modpost: restore the warning message for missing symbol versions (git-fixes).
Move upstreamed ALSA fix into sorted section
Move upstreamed x86 patches into sorted section
mptcp: add missing documented NL params (git-fixes).
mt76: connac: fix sta_rec_wtbl tag len (git-fixes).
mt76: dma: initialize skip_unmap in mt76_dma_rx_fill (git-fixes).
mt76: do not attempt to reorder received 802.3 packets without agg session (git-fixes).
mt76: fix encap offload ethernet type check (git-fixes).
mt76: fix monitor mode crash with sdio driver (git-fixes).
mt76: Fix undefined behavior due to shift overflowing the constant (git-fixes).
mt76: mt7603: check sta_rates pointer in mt7603_sta_rate_tbl_update (git-fixes).
mt76: mt7615: check sta_rates pointer in mt7615_sta_rate_tbl_update (git-fixes).
mt76: mt7615: fix a leftover race in runtime-pm (git-fixes).
mt76: mt7615: Fix assigning negative values to unsigned variable (git-fixes).
mt76: mt7915: fix injected MPDU transmission to not use HW A-MSDU (git-fixes).
mt76: mt7915: use proper aid value in mt7915_mcu_sta_basic_tlv (git-fixes).
mt76: mt7915: use proper aid value in mt7915_mcu_wtbl_generic_tlv in sta mode (git-fixes).
mt76: mt7921: accept rx frames with non-standard VHT MCS10-11 (git-fixes).
mt76: mt7921e: fix possible probe failure after reboot (bsc#1198835).
mt76: mt7921: fix a leftover race in runtime-pm (git-fixes).
mt76: mt7921: fix crash when startup fails (git-fixes).
mt76: mt7921: fix mt7921_queues_acq implementation (git-fixes).
mt76: mt7921: Fix the error handling path of mt7921_pci_probe() (git-fixes).
mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write (git-fixes).
mtd: mchp23k256: Add SPI ID table (git-fixes).
mtd: mchp48l640: Add SPI ID table (git-fixes).
mtd: onenand: Check for error irq (git-fixes).
mtd: parsers: qcom: Fix kernel panic on skipped partition (git-fixes).
mtd: parsers: qcom: Fix missing free for pparts in cleanup (git-fixes).
mtd: phram: Prevent divide by zero bug in phram_setup() (git-fixes).
mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init (git-fixes).
mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status (git-fixes).
mtd: rawnand: cadence: fix possible null-ptr-deref in cadence_nand_dt_probe() (git-fixes).
mtd: rawnand: denali: Use managed device resources (git-fixes).
mtd: rawnand: fix ecc parameters for mt7622 (git-fixes).
mtd: rawnand: Fix return value check of wait_for_completion_timeout (git-fixes).
mtd: rawnand: gpmi: do not leak PM reference in error path (git-fixes).
mtd: rawnand: gpmi: fix controller timings setting (git-fixes).
mtd: rawnand: gpmi: Fix setting busy timeout setting (git-fixes).
mtd: rawnand: ingenic: Fix missing put_device in ingenic_ecc_get (git-fixes).
mtd: rawnand: intel: fix possible null-ptr-deref in ebu_nand_probe() (git-fixes).
mtd: rawnand: pl353: Set the nand chip node as the flash node (git-fixes).
mtd: rawnand: qcom: Fix clock sequencing in qcom_nandc_probe() (git-fixes).
mtd: rawnand: qcom: fix memory corruption that causes panic (git-fixes).
mtd: spinand: gigadevice: fix Quad IO for GD5F1GQ5UExxG (git-fixes).
mtd: spi-nor: core: Check written SR value in spi_nor_write_16bit_sr_and_check() (git-fixes).
mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue (git-fixes).
n64cart: convert bi_disk to bi_bdev->bd_disk fix build (git-fixes).
natsemi: sonic: stop calling netdev_boot_setup_check (git-fixes).
net: asix: add proper error handling of usb read errors (git-fixes).
net: atlantic: Avoid out-of-bounds indexing (git-fixes).
net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg (git-fixes).
net: axienet: setup mdio unconditionally (git-fixes).
net: bnxt_ptp: fix compilation error (bsc#1199736).
net: dev: Always serialize on Qdisc::busylock in __dev_xmit_skb() on PREEMPT_RT (bsc#1189998).
net: dev: Change the order of the arguments for the contended condition (bsc#1189998).
net: dpaa2-eth: fix use-after-free in dpaa2_eth_remove (git-fixes).
net: ethernet: lantiq_etop: fix build errors/warnings (git-fixes).
net: ethernet: mediatek: add missing of_node_put() in mtk_sgmii_init() (git-fixes).
net: ethernet: mtk_eth_soc: fix misuse of mem alloc interface netdev[napi]_alloc_frag (git-fixes).
net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry() (git-fixes).
net: ethernet: ti: am65-cpsw-nuss: Fix some refcount leaks (git-fixes).
netfilter: conntrack: move synack init code to helper (bsc#1199035).
netfilter: conntrack: re-init state for retransmitted syn-ack (bsc#1199035).
netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options (bsc#1199035).
netfilter: nf_conntrack_tcp: re-init for syn packets only (bsc#1199035).
net: handle ARPHRD_PIMREG in dev_is_mac_header_xmit() (git-fixes).
net: hns3: add NULL pointer check for hns3_set/get_ringparam() (git-fixes).
net: hns3: add return value for mailbox handling in PF (bsc#1190336).
net: hns3: add validity check for message data length (git-fixes).
net: hns3: add vlan list lock to protect vlan list (git-fixes).
net: hns3: align the debugfs output to the left (git-fixes).
net: hns3: clear inited state and stop client after failed to register netdev (git-fixes).
net: hns3: fix bug when PF set the duplicate MAC address for VFs (git-fixes).
net: hns3: fix phy can not link up when autoneg off and reset (git-fixes).
net: hns3: fix port base vlan add fail when concurrent with reset (git-fixes).
net: hns3: fix software vlan talbe of vlan 0 inconsistent with hardware (git-fixes).
net: hns3: handle empty unknown interrupt for VF (git-fixes).
net: hns3: modify the return code of hclge_get_ring_chain_from_mbx (git-fixes).
net: hns3: refine the process when PF set VF VLAN (git-fixes).
net/ibmvnic: Cleanup workaround doing an EOI after partition migration (bsc#1089644 ltc#166495 ltc#165544 git-fixes).
net/ice: Add support for enable_iwarp and enable_roce devlink param (bsc#1200502).
net/ice: Fix boolean assignment (bsc#1200502).
net/ice: Remove unused enum (bsc#1200502).
net: ipa: disable HOLB drop when updating timer (git-fixes).
net: ipa: HOLB register sometimes must be written twice (git-fixes).
net/ipa: ipa_resource: Fix wrong for loop range (git-fixes).
net: ipv6: unexport __init-annotated seg6_hmac_init() (bsc#1201218).
net: ipv6: unexport __init-annotated seg6_hmac_net_init() (bsc#1201218).
net: macb: Align the dma and coherent dma masks (git-fixes).
net: mana: Add counter for packet dropped by XDP (bsc#1195651).
net: mana: Add counter for XDP_TX (bsc#1195651).
net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651).
net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651).
net: mana: Reuse XDP dropped page (bsc#1195651).
net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651).
net: marvell: mvpp2: increase MTU limit when XDP enabled (git-fixes).
net: marvell: prestera: fix double free issue on err path (git-fixes).
net: mdio: do not defer probe forever if PHY IRQ provider is missing (git-fixes).
net: mdio: unexport __init-annotated mdio_bus_init() (bsc#1201218).
net/mlx5: Avoid double clear or set of sync reset requested (git-fixes).
net/mlx5: Bridge, ensure dev_name is null-terminated (git-fixes).
net/mlx5: Bridge, Fix devlink deadlock on net namespace deletion (git-fixes).
net/mlx5: Bridge, take rtnl lock in init error handler (git-fixes).
net/mlx5: DR, Cache STE shadow memory (git-fixes).
net/mlx5: DR, Do not allow match on IP w/o matching on full ethertype/ip_version (git-fixes).
net/mlx5: DR, Fix slab-out-of-bounds in mlx5_cmd_dr_create_fte (jsc#SLE-19253).
net/mlx5: DR, Fix the threshold that defines when pool sync is initiated (git-fixes).
net/mlx5e: Add missing increment of count (jsc#SLE-19253).
net/mlx5e: Avoid field-overflowing memcpy() (git-fixes).
net/mlx5e: Avoid implicit modify hdr for decap drop rule (jsc#SLE-19253).
net/mlx5e: CT: Fix queued up restore put() executing after relevant ft release (git-fixes).
net/mlx5e: Do not treat small ceil values as unlimited in HTB offload (git-fixes).
net/mlx5e: Fix broken SKB allocation in HW-GRO (jsc#SLE-19253).
net/mlx5e: Fix handling of wrong devices during bond netevent (git-fixes).
net/mlx5e: Fix module EEPROM query (git-fixes).
net/mlx5e: Fix the calling of update_buffer_lossy() API (git-fixes).
net/mlx5e: Fix trust state reset in reload (git-fixes).
net/mlx5e: Fix wrong calculation of header index in HW_GRO (jsc#SLE-19253).
net/mlx5e: Fix wrong return value on ioctl EEPROM query failure (git-fixes).
net/mlx5e: Fix wrong source vport matching on tunnel rule (jsc#SLE-19253).
net/mlx5e: IPsec: Fix crypto offload for non TCP/UDP encapsulated traffic (git-fixes).
net/mlx5e: IPsec: Fix tunnel mode crypto offload for non TCP/UDP traffic (git-fixes).
net/mlx5e: kTLS, Use CHECKSUM_UNNECESSARY for device-offloaded packets (git-fixes).
net/mlx5e: Lag, Do not skip fib events on current dst (git-fixes).
net/mlx5e: Lag, Fix fib_info pointer assignment (git-fixes).
net/mlx5e: Lag, Fix use-after-free in fib event handler (git-fixes).
net/mlx5e: Lag, Only handle events from highest priority multipath entry (git-fixes).
net/mlx5e: MPLSoUDP decap, fix check for unsupported matches (git-fixes).
net/mlx5e: SHAMPO, reduce TIR indication (jsc#SLE-19253).
net/mlx5: E-Switch, Fix uninitialized variable modact (git-fixes).
net/mlx5e: TC, Reject rules with drop and modify hdr action (git-fixes).
net/mlx5e: TC, Reject rules with forward and drop actions (git-fixes).
net/mlx5e: Use struct_group() for memcpy() region (git-fixes).
net/mlx5: Fix a race on command flush flow (git-fixes).
net/mlx5: Fix deadlock in sync reset flow (git-fixes).
net/mlx5: Fix matching on inner TTC (jsc#SLE-19253).
net/mlx5: Fix offloading with ESWITCH_IPV4_TTL_MODIFY_ENABLE (jsc#SLE-19253).
net/mlx5: Fix possible deadlock on rule deletion (git-fixes).
net/mlx5: Fix size field in bufferx_reg struct (git-fixes).
net/mlx5: Fix slab-out-of-bounds while reading resource dump menu (git-fixes).
net/mlx5: Fix tc max supported prio for nic mode (git-fixes).
net/mlx5: Fix wrong limitation of metadata match on ecpf (git-fixes).
net/mlx5: Update the list of the PCI supported devices (git-fixes).
net/mlx5: Use del_timer_sync in fw reset flow of halting poll (git-fixes).
net: mvmdio: fix compilation warning (git-fixes).
net: netvsc: remove break after return (git-fixes).
net: phy: ax88772a: fix lost pause advertisement configuration (git-fixes).
net: phy: broadcom: Fix brcm_fet_config_init() (git-fixes).
net: phy: correct spelling error of media in documentation (git-fixes).
net: phy: DP83822: clear MISR2 register to disable interrupts (git-fixes).
net: phy: dp83867: retrigger SGMII AN when link change (git-fixes).
net: phy: Fix race condition on link status change (git-fixes).
net: phy: marvell10g: fix return value on error (git-fixes).
net: phy: marvell: Fix invalid comparison in the resume and suspend functions (git-fixes).
net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs (git-fixes).
net: phy: marvell: Fix RGMII Tx/Rx delays setting in 88e1121-compatible PHYs (git-fixes).
net: phy: mediatek: remove PHY mode check on MT7531 (git-fixes).
net: phy: meson-gxl: fix interrupt handling in forced mode (git-fixes).
net: phy: meson-gxl: improve link-up behavior (git-fixes).
net: phy: micrel: Allow probing without .driver_data (git-fixes).
net: phy: micrel: Do not use kszphy_suspend/resume for KSZ8061 (git-fixes).
net: phy: micrel: Pass .probe for KS8737 (git-fixes).
net: phy: mscc: Add MODULE_FIRMWARE macros (git-fixes).
net: phy: mscc-miim: reject clause 45 register accesses (git-fixes).
net: qlogic: check the return value of dma_alloc_coherent() in qed_vf_hw_prepare() (git-fixes).
net: rose: fix UAF bugs caused by timer handler (git-fixes).
net: sfc: add missing xdp queue reinitialization (git-fixes).
net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe() (git-fixes).
net: sfc: fix memory leak due to ptp channel (git-fixes).
net: sfc: fix using uninitialized xdp tx_queue (git-fixes).
net/smc: Avoid warning of possible recursive locking (git-fixes).
net/smc: fix connection leak (git-fixes).
net/smc: fixes for converting from 'struct smc_cdc_tx_pend **' to 'struct smc_wr_tx_pend_priv *' (git-fixes).
net/smc: Fix NULL pointer dereference in smc_pnet_find_ib() (git-fixes).
net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error cause by server (git-fixes).
net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error generated by client (git-fixes).
net/smc: non blocking recvmsg() return -EAGAIN when no data and signal_pending (git-fixes).
net/smc: postpone sk_refcnt increment in connect() (git-fixes).
net/smc: remove redundant re-assignment of pointer link (git-fixes).
net/smc: Remove unused function declaration (git-fixes).
net/smc: Reset conn->lgr when link group registration fails (git-fixes).
net/smc: set ini->smcrv2.ib_dev_v2 to NULL if SMC-Rv2 is unavailable (git-fixes).
net/smc: sync err code when tcp connection was refused (git-fixes).
net/smc: Transfer remaining wait queue entries during fallback (git-fixes).
net/smc: Transitional solution for clcsock race issue (git-fixes).
net/smc: Use a mutex for locking 'struct smc_pnettable' (git-fixes).
net/smc: use memcpy instead of snprintf to avoid out of bounds read (git-fixes).
net: stmmac: fix gcc-10 -Wrestrict warning (git-fixes).
net: stmmac: Fix signed/unsigned wreckage (git-fixes).
net: stmmac: socfpga: add runtime suspend/resume callback for stratix10 platform (git-fixes).
net: usb: aqc111: Fix out-of-bounds accesses in RX fixup (git-fixes).
net: usb: asix: do not force pause frames support (git-fixes).
net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (git-fixes).
net: usb: ax88179_178a: Fix packet receiving (git-fixes).
net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990 (git-fixes).
net: usb: qmi_wwan: Add support for Dell DW5829e (git-fixes).
Netvsc: Call hv_unmap_memory() in the netvsc_device_remove() (bsc#1183682).
net/x25: Fix null-ptr-deref caused by x25_disconnect (git-fixes).
net: xfrm: unexport __init-annotated xfrm4_protocol_init() (bsc#1201218).
nfc: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx (git-fixes).
nfc: nci: add flush_workqueue to prevent uaf (git-fixes).
nfc: nci: fix sleep in atomic context bugs caused by nci_skb_alloc (git-fixes).
nfc: netlink: fix sleep in atomic bug when firmware download timeout (git-fixes).
nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (git-fixes).
nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred (git-fixes).
nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs (git-fixes).
nfc: NULL out the dev->rfkill to prevent UAF (git-fixes).
NFC: nxp-nci: Do not issue a zero length i2c_master_read() (git-fixes).
nfc: pn533: Fix buggy cleanup order (git-fixes).
nfc: port100: fix use-after-free in port100_send_complete (git-fixes).
nfc: st21nfca: fix incorrect sizing calculations in EVT_TRANSACTION (git-fixes).
nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION (git-fixes).
nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling (git-fixes).
nfp: checking parameter process for rx-usecs/tx-usecs is invalid (git-fixes).
nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac() (git-fixes).
nfp: flower: fix ida_idx not being released (git-fixes).
NFS: Avoid duplicate uncached readdir calls on eof (git-fixes).
NFSD: allow delegation state ids to be revoked and then freed (bsc#1192483).
NFSD: allow lock state ids to be revoked and then freed (bsc#1192483).
NFSD: allow open state ids to be revoked and then freed (bsc#1192483).
nfsd: destroy percpu stats counters after reply cache shutdown (git-fixes).
NFSD: do not admin-revoke NSv4.0 state ids (bsc#1192483).
NFSD: Fix a write performance regression (bsc#1197016).
NFSD: fix crash on COPY_NOTIFY with special stateid (git-fixes).
NFSD: Fix nsfd startup race (again) (git-fixes).
nfsd: Fix null-ptr-deref in nfsd_fill_super() (git-fixes).
NFSD: Fix READDIR buffer overflow (git-fixes).
NFSD: Fix the behavior of READ near OFFSET_MAX (bsc#1195957).
NFSD: Fix verifier returned in stable WRITEs (git-fixes).
NFSD: Fix zero-length NFSv3 WRITEs (git-fixes).
NFSD: more robust allocation failure handling in nfsd_file_cache_init (git-fixes).
NFSD: nfsd4_setclientid_confirm mistakenly expires confirmed client (git-fixes).
NFS: Do not loop forever in nfs_do_recoalesce() (git-fixes).
NFS: Do not overfill uncached readdir pages (git-fixes).
NFS: Do not report EINTR/ERESTARTSYS as mapping errors (git-fixes).
NFS: Do not report ENOSPC write errors twice (git-fixes).
NFS: Do not report errors from nfs_pageio_complete() more than once (git-fixes).
NFS: Do not report flush errors in nfs_write_end() (git-fixes).
NFS: Do not report writeback errors in nfs_getattr() (git-fixes).
NFS: Do not skip directory entries when doing uncached readdir (git-fixes).
NFS: do not store 'struct cred *' in struct nfs_access_entry (git-fixes).
NFSD: prepare for supporting admin-revocation of state (bsc#1192483).
NFSD: Replace use of rwsem with errseq_t (bsc#1196960).
NFS: Ensure the server had an up to date ctime before hardlinking (git-fixes).
NFS: Ensure the server had an up to date ctime before renaming (git-fixes).
NFS: fix broken handling of the softreval mount option (git-fixes).
NFS: Fix initialisation of nfs_client cl_flags field (git-fixes).
NFS: fsync() should report filesystem errors over EINTR/ERESTARTSYS (git-fixes).
NFS: Further fixes to the writeback error handling (git-fixes).
NFS: limit use of ACCESS cache for negative responses (bsc#1196570).
NFS: Memory allocation failures are not server fatal errors (git-fixes).
NFS: NFSv2/v3 clients should never be setting NFS_CAP_XATTR (git-fixes).
NFS: pass cred explicitly for access tests (git-fixes).
NFS: Remove an incorrect revalidation in nfs4_update_changeattr_locked() (git-fixes).
NFS: Return valid errors from nfs2/3_decode_dirent() (git-fixes).
NFS: Use of mapping_set_error() results in spurious errors (git-fixes).
NFSv4.1: do not retry BIND_CONN_TO_SESSION on session error (git-fixes).
NFSv4.1 mark qualified async operations as MOVEABLE tasks (git-fixes).
NFSv42: Do not fail clone() unless the OP_CLONE operation failed (git-fixes).
NFSv42: Fix pagecache invalidation after COPY/CLONE (git-fixes).
NFSv4: Do not invalidate inode attributes on delegation return (git-fixes).
NFSv4: Fix another issue with a list iterator pointing to the head (git-fixes).
NFSv4: fix open failure with O_ACCMODE flag (git-fixes).
NFSv4: nfs_atomic_open() can race when looking up a non-regular file (git-fixes).
NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout (git-fixes).
nl80211: correctly check NL80211_ATTR_REG_ALPHA2 size (git-fixes).
nl80211: fix locking in nl80211_set_tx_bitrate_mask() (git-fixes).
nl80211: Handle nla_memdup failures in handle_nan_filter (git-fixes).
nl80211: show SSID for P2P_GO interfaces (git-fixes).
nl80211: Update bss channel on channel switch for P2P_CLIENT (git-fixes).
nl80211: validate S1G channel width (git-fixes).
ntb_hw_switchtec: Fix bug with more than 32 partitions (git-fixes).
ntb_hw_switchtec: Fix pff ioread to read into mmio_part_cfg_all (git-fixes).
ntb: intel: fix port config status offset for SPR (git-fixes).
n_tty: wake up poll(POLLRDNORM) on receiving data (git-fixes).
nvme: add verbose error logging (bsc#1200567). Update config files.
nvme: also mark passthrough-only namespaces ready in nvme_update_ns_info (git-fixes).
nvme: do not return an error from nvme_configure_metadata (git-fixes).
nvme: expose cntrltype and dctype through sysfs (jsc#SLE-23643).
nvme: fix a possible use-after-free in controller reset during load (git-fixes).
nvme-multipath: use vmalloc for ANA log buffer (bsc#1193787).
nvme: send uevent on connection up (jsc#SLE-23643).
objtool: Add frame-pointer-specific function ignore (bsc#1193277).
objtool: Fix code relocs vs weak symbols (git-fixes).
objtool: Fix type of reloc::addend (git-fixes).
objtool: Ignore unwind hints for ignored functions (bsc#1193277).
ocfs2: fix crash when initialize filecheck kobj fails (bsc#1197920).
of: base: Fix phandle argument length mismatch error message (git-fixes).
of: base: Improve argument length mismatch error (git-fixes).
of/fdt: Do not worry about non-memory region overlap for no-map (git-fixes).
of: overlay: do not break notify on NOTIFY_{OK|STOP} (git-fixes).
of: Support more than one crash kernel regions for kexec -s (git-fixes).
of: unittest: 64 bit dma address test requires arch support (git-fixes).
of: unittest: fix warning on PowerPC frame size warning (git-fixes).
of: unittest: update text of expected warnings (git-fixes).
pahole 1.22 required for full BTF features. also recommend pahole for kernel-source to make the kernel buildable with standard config
PCI: aardvark: Add support for DEVCAP2, DEVCTL2, LNKCAP2 and LNKCTL2 registers on emulated bridge (git-fixes).
PCI: aardvark: Add support for ERR interrupt on emulated bridge (git-fixes).
PCI: aardvark: Add support for masking MSI interrupts (git-fixes).
PCI: aardvark: Add support for PME interrupts (git-fixes).
PCI: aardvark: Assert PERST# when unbinding driver (git-fixes).
PCI: aardvark: Clear all MSIs at setup (git-fixes).
PCI: aardvark: Comment actions in driver remove method (git-fixes).
PCI: aardvark: Disable bus mastering when unbinding driver (git-fixes).
PCI: aardvark: Disable common PHY when unbinding driver (git-fixes).
PCI: aardvark: Disable link training when unbinding driver (git-fixes).
PCI: aardvark: Do not mask irq when mapping (git-fixes).
PCI: aardvark: Drop __maybe_unused from advk_pcie_disable_phy() (git-fixes).
PCI: aardvark: Enable MSI-X support (git-fixes).
PCI: aardvark: Fix memory leak in driver unbind (git-fixes).
PCI: aardvark: Fix reading MSI interrupt number (git-fixes).
PCI: aardvark: Fix reading PCI_EXP_RTSTA_PME bit on emulated bridge (git-fixes).
PCI: aardvark: Fix setting MSI address (git-fixes).
PCI: aardvark: Fix support for MSI interrupts (git-fixes).
PCI: aardvark: Fix support for PME requester on emulated bridge (git-fixes).
PCI: aardvark: Make msi_domain_info structure a static driver structure (git-fixes).
PCI: aardvark: Make MSI irq_chip structures static driver structures (git-fixes).
PCI: aardvark: Mask all interrupts when unbinding driver (git-fixes).
PCI: aardvark: Optimize writing PCI_EXP_RTCTL_PMEIE and PCI_EXP_RTSTA_PME on emulated bridge (git-fixes).
PCI: aardvark: Refactor unmasking summary MSI interrupt (git-fixes).
PCI: aardvark: Remove irq_mask_ack() callback for INTx interrupts (git-fixes).
PCI: aardvark: Replace custom PCIE_CORE_INT_* macros with PCI_INTERRUPT_* (git-fixes).
PCI: aardvark: Rewrite IRQ code to chained IRQ handler (git-fixes).
PCI: aardvark: Update comment about link going down after link-up (git-fixes).
PCI: aardvark: Use dev_fwnode() instead of of_node_to_fwnode(dev->of_node) (git-fixes).
PCI: aardvark: Use separate INTA interrupt for emulated root bridge (git-fixes).
PCI/ACPI: Allow D3 only if Root Port can signal and wake from D3 (git-fixes).
PCI: Add ACS quirk for Pericom PI7C9X2G switches (bsc#1199390).
PCI/AER: Clear MULTI_ERR_COR/UNCOR_RCV bits (git-fixes).
PCI: Avoid broken MSI on SB600 USB devices (git-fixes).
PCI: cadence: Fix find_first_zero_bit() limit (git-fixes).
PCI: dwc: Fix setting error return on MSI DMA mapping failure (git-fixes).
PCI: endpoint: Fix alignment fault error in copy tests (git-fixes).
PCI: endpoint: Fix misused goto label (git-fixes).
PCI: fu740: Force 2.5GT/s for initial device probe (git-fixes).
PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314).
PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1200845).
PCI: hv: Fix interrupt mapping for multi-MSI (bsc#1200845).
PCI: hv: Fix multi-MSI to allow more than one MSI vector (bsc#1200845).
PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA topology (git-fixes).
PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() (bsc#1200845).
PCI: imx6: Allow to probe when dw_pcie_wait_for_link() fails (git-fixes).
PCI: imx6: Fix PERST# start-up sequence (git-fixes).
PCI: Mark all AMD Navi10 and Navi14 GPU ATS as broken (git-fixes).
PCI: microchip: Fix potential race in interrupt handling (git-fixes).
PCI: mvebu: Fix configuring secondary bus of PCIe Root Port via emulated bridge (git-fixes).
PCI: mvebu: Fix device enumeration regression (git-fixes).
PCI: mvebu: Fix support for bus mastering and PCI_COMMAND on emulated bridge (git-fixes).
PCI: mvebu: Fix support for PCI_BRIDGE_CTL_BUS_RESET on emulated bridge (git-fixes).
PCI: mvebu: Setup PCIe controller to Root Complex mode (git-fixes).
PCI: pci-bridge-emul: Add definitions for missing capabilities registers (git-fixes).
PCI: pci-bridge-emul: Add description for class_revision field (git-fixes).
PCI: pciehp: Add Qualcomm quirk for Command Completed erratum (git-fixes).
PCI: pciehp: Clear cmd_busy bit in polling mode (git-fixes).
PCI/PM: Power up all devices during runtime resume (git-fixes).
PCI: qcom: Fix runtime PM imbalance on probe errors (git-fixes).
PCI: qcom: Fix unbalanced PHY init on probe errors (git-fixes).
PCI: rockchip: Fix find_first_zero_bit() limit (git-fixes).
PCI/switchtec: Add Gen4 automotive device IDs (git-fixes).
PCI: Work around Intel I210 ROM BAR overlap defect (git-fixes).
pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (git-fixes).
perf: Copy perf_event_attr::sig_data on modification (git fixes).
perf/core: Do not pass task around when ctx sched in (git-fixes).
perf/core: Fix address filter parser for multiple filters (git fixes).
perf/core: Fix cgroup event list management (git fixes).
perf/core: Fix perf_cgroup_switch() (git fixes).
perf/core: Fix perf_mmap fail when CONFIG_PERF_USE_VMALLOC enabled (git fixes).
perf: Fix list corruption in perf_cgroup_switch() (git fixes).
perf/x86/intel/pt: Fix address filter config for 32-bit kernel (git fixes).
perf/x86/intel/pt: Fix crash with stop filters in single-range mode (git fixes).
perf/x86/intel/uncore: Make uncore_discovery clean for 64 bit addresses (bsc#1197304).
perf/x86/intel: Update the FRONTEND MSR mask on Sapphire Rapids (git fixes).
phy: amlogic: fix error path in phy_g12a_usb3_pcie_probe() (git-fixes).
phy: amlogic: meson8b-usb2: fix shared reset control use (git-fixes).
phy: amlogic: meson8b-usb2: Use dev_err_probe() (git-fixes).
phy: amlogic: phy-meson-gxl-usb2: fix shared reset controller use (git-fixes).
phy: aquantia: Fix AN when higher speeds than 1G are not advertised (git-fixes).
phy: broadcom: Kconfig: Fix PHY_BRCM_USB config option (git-fixes).
phy: dphy: Correct clk_pre parameter (git-fixes).
phy: dphy: Correct lpx parameter and its derivatives(ta_{get,go,sure}) (git-fixes).
phy: mapphone-mdm6600: Fix PM error handling in phy_mdm6600_probe (git-fixes).
phy: phy-brcm-usb: fixup BCM4908 support (git-fixes).
phy: qcom-qmp: fix pipe-clock imbalance on power-on failure (git-fixes).
phy: qcom-qmp: fix reset-controller leak on probe errors (git-fixes).
phy: qcom-qmp: fix struct clk leak on probe errors (git-fixes).
phy: samsung: exynos5250-sata: fix missing device put in probe error paths (git-fixes).
phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe (git-fixes).
phy: stm32: fix a refcount leak in stm32_usbphyc_pll_enable() (git-fixes).
phy: ti: Add missing pm_runtime_disable() in serdes_am654_probe (git-fixes).
phy: ti: Fix missing sentinel for clk_div_table (git-fixes).
phy: ti: omap-usb2: Fix error handling in omap_usb2_enable_clocks (git-fixes).
phy: usb: Leave some clocks running during suspend (git-fixes).
phy: xilinx: zynqmp: Fix bus width setting for SGMII (git-fixes).
pinctrl: bcm2835: Fix a few error paths (git-fixes).
pinctrl: bcm63xx: fix unmet dependency on REGMAP for GPIO_REGMAP (git-fixes).
pinctrl: fix loop in k210_pinconf_get_drive() (git-fixes).
pinctrl: intel: Fix a glitch when updating IRQ flags on a preconfigured line (git-fixes).
pinctrl: intel: fix unexpected interrupt (git-fixes).
pinctrl: k210: Fix bias-pull-up (git-fixes).
pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init (git-fixes).
pinctrl: mediatek: moore: Fix build error (git-fixes).
pinctrl: mediatek: mt8195: enable driver on mtk platforms (git-fixes).
pinctrl: mediatek: mt8365: fix IES control pins (git-fixes).
pinctrl: mediatek: paris: Fix 'argument' argument type for mtk_pinconf_get() (git-fixes).
pinctrl: mediatek: paris: Fix PIN_CONFIG_BIAS_* readback (git-fixes).
pinctrl: mediatek: paris: Fix pingroup pin config state readback (git-fixes).
pinctrl: mediatek: paris: Skip custom extra pin config dump for virtual GPIOs (git-fixes).
pinctrl: microchip-sgpio: lock RMW access (git-fixes).
pinctrl: microchip sgpio: use reset driver (git-fixes).
pinctrl: mvebu: Fix irq_of_parse_and_map() return value (git-fixes).
pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe (git-fixes).
pinctrl: npcm: Fix broken references to chip->parent_device (git-fixes).
pinctrl: nuvoton: npcm7xx: Rename DS() macro to DSTR() (git-fixes).
pinctrl: nuvoton: npcm7xx: Use %zu printk format for ARRAY_SIZE() (git-fixes).
pinctrl: pinconf-generic: Print arguments for bias-pull-* (git-fixes).
pinctrl: pinctrl-aspeed-g6: remove FWQSPID group in pinctrl (git-fixes).
pinctrl: pistachio: fix use of irq_of_parse_and_map() (git-fixes).
pinctrl: renesas: checker: Fix miscalculation of number of states (git-fixes).
pinctrl: renesas: core: Fix possible null-ptr-deref in sh_pfc_map_resources() (git-fixes).
pinctrl: renesas: r8a77470: Reduce size for narrow VIN1 channel (git-fixes).
pinctrl: renesas: r8a779a0: Fix GPIO function on I2C-capable pins (git-fixes).
pinctrl: renesas: rzn1: Fix possible null-ptr-deref in sh_pfc_map_resources() (git-fixes).
pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe (git-fixes).
pinctrl: rockchip: fix RK3308 pinmux bits (git-fixes).
pinctrl: samsung: drop pin banks references on error paths (git-fixes).
pinctrl: samsung: fix missing GPIOLIB on ARM64 Exynos config (git-fixes).
pinctrl: stm32: Do not call stm32_gpio_get() for edge triggered IRQs in EOI (git-fixes).
pinctrl: stm32: Keep pinctrl block clock enabled when LEVEL IRQ requested (git-fixes).
pinctrl: sunxi: fix f1c100s uart2 function (git-fixes).
pinctrl: sunxi: Fix H616 I2S3 pin data (git-fixes).
pinctrl: sunxi: Use unique lockdep classes for IRQs (git-fixes).
pinctrl: tegra: tegra194: drop unused pin groups (git-fixes).
pinctrl: tigerlake: Revert 'Add Alder Lake-M ACPI ID' (git-fixes).
ping: fix the sk_bound_dev_if match in ping_lookup (bsc#1195826).
ping: remove pr_err from ping_lookup (bsc#1195826).
pipe: Fix missing lock in pipe_resize_ring() (git-fixes).
platform/chrome: cros_ec_debugfs: detach log reader wq from devm (git-fixes).
platform/chrome: cros_ec: fix error handling in cros_ec_register() (git-fixes).
platform/chrome: cros_ec_typec: Check for EC device (git-fixes).
platform/chrome: Re-introduce cros_ec_cmd_xfer and use it for ioctls (git-fixes).
platform: finally disallow IRQ0 in platform_get_irq() and its ilk (git-fixes).
platform/surface: aggregator: Fix initialization order when compiling as builtin module (git-fixes).
platform/surface: surface3-wmi: Simplify resource management (git-fixes).
platform/x86: Add Intel Software Defined Silicon driver (jsc#SLE-18938).
platform/x86: asus-wmi: Add support for custom fan curves (bsc#1198058).
platform/x86: asus-wmi: Delete impossible condition (bsc#1198058).
platform/x86: asus-wmi: Fix driver not binding when fan curve control probe fails (git-fixes).
platform/x86: asus-wmi: Fix regression when probing for fan curve control (bsc#1198058).
platform/x86: asus-wmi: Fix 'unsigned 'retval' is never less than zero' smatch warning (bsc#1198058).
platform/x86: asus-wmi: Potential buffer overflow in asus_wmi_evaluate_method_buf() (git-fixes).
platform/x86: gigabyte-wmi: Add support for B450M DS3H-CF (git-fixes).
platform/x86: gigabyte-wmi: Add Z690M AORUS ELITE AX DDR4 support (git-fixes).
platform/x86: huawei-wmi: check the return value of device_create_file() (git-fixes).
platform/x86: intel-hid: fix _DSM function index handling (git-fixes).
platform/x86/intel/sdsi: Fix bug in multi packet reads (jsc#SLE-18901).
platform/x86/intel/sdsi: Handle leaky bucket (jsc#SLE-18901).
platform/x86/intel/sdsi: Poll on ready bit for writes (jsc#SLE-18901).
platform/x86: panasonic-laptop: de-obfuscate button codes (git-fixes).
platform/x86: panasonic-laptop: do not report duplicate brightness key-presses (git-fixes).
platform/x86: panasonic-laptop: filter out duplicate volume up/down/mute keypresses (git-fixes).
platform/x86: panasonic-laptop: revert 'Resolve hotkey double trigger bug' (git-fixes).
platform/x86: panasonic-laptop: sort includes alphabetically (git-fixes).
platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative (git-fixes).
platform/x86: touchscreen_dmi: Add info for the RWC NANOTE P8 AY07J 2-in-1 (git-fixes).
PM: core: keep irq flags in device_pm_check_callbacks() (git-fixes).
PM / devfreq: exynos-ppmu: Fix refcount leak in of_get_devfreq_events (git-fixes).
PM / devfreq: rk3399_dmc: Disable edev on remove() (git-fixes).
PM: domains: Fix initialization of genpd's next_wakeup (git-fixes).
PM: domains: Fix sleep-in-atomic bug caused by genpd_debug_remove() (git-fixes).
PM: hibernate: fix __setup handler error handling (git-fixes).
PM: hibernate: Remove register_nosave_region_late() (git-fixes).
PM: s2idle: ACPI: Fix wakeup interrupts handling (git-fixes).
PM: suspend: fix return value of __setup handler (git-fixes).
PM: wakeup: simplify the output logic of pm_show_wakelocks() (git-fixes).
pNFS: Avoid a live lock condition in pnfs_update_layout() (git-fixes).
pNFS: Do not keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE (git-fixes).
powerpc/64: Move paca allocation later in boot (bsc#1190812).
powerpc/64s: Add CPU_FTRS_POWER10 to ALWAYS mask (jsc#SLE-13521 git-fixes).
powerpc/64s: Add CPU_FTRS_POWER9_DD2_2 to CPU_FTRS_ALWAYS mask (bsc#1061840 git-fixes).
powerpc/64s: Do not use DSISR for SLB faults (bsc#1194869).
powerpc/64s/radix: Fix huge vmap false positive (bsc#1156395).
powerpc: add link stack flush mitigation status in debugfs (bsc#1157038 bsc#1157923 ltc#182612 git-fixes).
powerpc/bpf: Update ldimm64 instructions during extra pass (bsc#1194869).
powerpc: Do not select HAVE_IRQ_EXIT_ON_IRQ_STACK (bsc#1194869).
powerpc: Enable the DAWR on POWER9 DD2.3 and above (bsc#1055117 ltc#159753).
powerpc/fadump: fix PT_LOAD segment for boot memory area (bsc#1103269 ltc#169948 git-fixes).
powerpc/fadump: opt out from freeing pages on cma activation failure (bsc#1195099 ltc#196102).
powerpc/fadump: register for fadump as early as possible (bsc#1179439 ltc#190038).
powerpc/idle: Fix return value of __setup() handler (bsc#1065729).
powerpc/lib/sstep: Fix 'sthcx' instruction (bsc#1156395).
powerpc/mce: Modify the real address error logging messages (jsc#SLE-18194).
powerpc/mm/numa: skip NUMA_NO_NODE onlining in parse_numa_properties() (bsc#1179639 ltc#189002 git-fixes).
powerpc/perf: Do not use perf_hw_context for trace IMC PMU (bsc#1156395).
powerpc/perf: Fix power10 event alternatives (jsc#SLE-13513 git-fixes).
powerpc/perf: Fix power9 event alternatives (bsc#1137728, LTC#178106, git-fixes).
powerpc/perf: Fix power_pmu_disable to call clear_pmi_irq_pending only if PMI is pending (bsc#1156395).
powerpc/perf: Fix the threshold compare group constraint for power10 (bsc#1194869).
powerpc/perf: Fix the threshold compare group constraint for power9 (bsc#1065729).
powerpc/powernv: Add __init attribute to eligible functions (bsc#1188885 ltc#193722 git-fixes).
powerpc/powernv: Get L1D flush requirements from device-tree (bsc#1188885 ltc#193722 git-fixes).
powerpc/powernv: Get STF barrier requirements from device-tree (bsc#1188885 ltc#193722 git-fixes).
powerpc/powernv: Remove POWER9 PVR version check for entry and uaccess flushes (bsc#1188885 ltc#193722 git-fixes).
powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729).
powerpc/pseries: Parse control memory access error (jsc#SLE-18194).
powerpc/pseries: read the lpar name from the firmware (bsc#1187716 ltc#193451).
powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (bsc#1200343 ltc#198477).
powerpc: Set crashkernel offset to mid of RMA region (bsc#1190812).
powerpc/sysdev: fix incorrect use to determine if list is empty (bsc#1065729).
powerpc/tm: Fix more userspace r13 corruption (bsc#1065729).
powerpc/vdso: Fix incorrect CFI in gettimeofday.S (bsc#1199173 ltc#197388).
powerpc/vdso: Remove cvdso_call_time macro (bsc#1199173 ltc#197388).
powerpc/xive: Add a debugfs file to dump EQs (bsc#1194409 ltc#195810).
powerpc/xive: Add some error handling code to 'xive_spapr_init()' (git-fixes).
powerpc/xive: Change the debugfs file 'xive' into a directory (bsc#1194409 ltc#195810).
powerpc/xive: Export XIVE IPI information for online-only processors (bsc#1194409 ltc#195810).
powerpc/xive: Fix refcount leak in xive_spapr_init (git-fixes).
powerpc/xive: fix return value of __setup handler (bsc#1065729).
powerpc/xive: Introduce an helper to print out interrupt characteristics (bsc#1194409 ltc#195810).
powerpc/xive: Introduce xive_core_debugfs_create() (bsc#1194409 ltc#195810).
powerpc/xive: Rename the 'cpus' debugfs file to 'ipis' (bsc#1194409 ltc#195810).
power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe (git-fixes).
power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init (git-fixes).
power: supply: axp20x_battery: properly report current when discharging (git-fixes).
power: supply: axp288-charger: Set Vhold to 4.4V (git-fixes).
power: supply: axp288_fuel_gauge: Drop BIOS version check from 'T3 MRD' DMI quirk (git-fixes).
power: supply: axp288_fuel_gauge: Fix battery reporting on the One Mix 1 (git-fixes).
power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false return (git-fixes).
power: supply: sbs-charger: Do not cancel work that is not initialized (git-fixes).
power: supply: wm8350-power: Add missing free in free_charger_irq (git-fixes).
power: supply: wm8350-power: Handle error for wm8350_register_irq (git-fixes).
pps: clients: gpio: Propagate return value from pps_gpio_probe (git-fixes).
printk: Add panic_in_progress helper (bsc#1197894).
printk: disable optimistic spin during panic (bsc#1197894).
proc: bootconfig: Add null pointer check (git-fixes).
proc: fix documentation and description of pagemap (git-fixes).
procfs: prevent unprivileged processes accessing fdinfo dir (git-fixes).
psi: fix 'defined but not used' warnings when (git-fixes)
ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE (bsc#1198413).
pvpanic: Fix typos in the comments (git-fixes).
pwm: lp3943: Fix duty calculation in case period was clamped (git-fixes).
pwm: lpc18xx-sct: Initialize driver data and hardware before pwmchip_add() (git-fixes).
pwm: raspberrypi-poe: Fix endianness in firmware struct (git-fixes).
qed: display VF trust config (git-fixes).
qede: confirm skb is allocated before using (git-fixes).
qed: fix ethtool register dump (jsc#SLE-19001).
qed: return status of qed_iov_get_link (git-fixes).
qla2xxx: add ->map_queues support for nvme (bsc#1195823).
qlcnic: dcb: default to returning -EOPNOTSUPP (git-fixes).
raid5: introduce MD_BROKEN (git-fixes).
random: check for signal_pending() outside of need_resched() check (git-fixes).
random: wake up /dev/random writers after zap (git-fixes).
random: wire up fops->splice_{read,write}_iter() (git-fixes).
ray_cs: Check ioremap return value (git-fixes).
RDMA/cma: Do not change route.addr.src_addr outside state checks (git-fixes).
RDMA/cma: Use correct address when leaving multicast group (git-fixes).
RDMA/core: Fix ib_qp_usecnt_dec() called when error (jsc#SLE-19249).
RDMA/core: Set MR type in ib_reg_user_mr (git-fixes).
RDMA/hfi1: Fix use-after-free bug for mm struct (git-fixes).
RDMA/ib_srp: Fix a deadlock (git-fixes).
RDMA/irdma: Fix netdev notifications for vlan's (git-fixes).
RDMA/irdma: Fix Passthrough mode in VM (git-fixes).
RDMA/irdma: Fix possible crash due to NULL netdev in notifier (git-fixes).
RDMA/irdma: Flush iWARP QP if modified to ERR from RTR state (git-fixes).
RDMA/irdma: Prevent some integer underflows (git-fixes).
RDMA/irdma: Reduce iWARP QP destroy time (git-fixes).
RDMA/irdma: Remove incorrect masking of PD (git-fixes).
RDMA/irdma: Set protocol based on PF rdma_mode flag (bsc#1200502).
RDMA/mlx4: Do not continue event handler after memory allocation failure (git-fixes).
RDMA/mlx5: Add a missing update of cache->last_add (git-fixes).
RDMA/mlx5: Do not remove cache MRs when a delay is needed (git-fixes).
RDMA/mlx5: Fix memory leak in error flow for subscribe event routine (git-fixes).
RDMA/mlx5: Fix the flow of a miss in the allocation of a cache ODP MR (git-fixes).
RDMA/nldev: Prevent underflow in nldev_stat_set_counter_dynamic_doit() (jsc#SLE-19249).
RDMA/rtrs-clt: Fix possible double free in error case (git-fixes).
RDMA/rtrs-clt: Move free_permit from free_clt to rtrs_clt_close (git-fixes).
RDMA/rxe: Change variable and function argument to proper type (jsc#SLE-19249).
RDMA/rxe: Check the last packet by RXE_END_MASK (git-fixes).
RDMA/rxe: Fix ref error in rxe_av.c (jsc#SLE-19249).
RDMA/siw: Fix a condition race issue in MPA request processing (git-fixes).
RDMA/siw: Fix broken RDMA Read Fence/Resume logic (git-fixes).
RDMA/siw: Fix refcounting leak in siw_create_qp() (jsc#SLE-19249).
RDMA/ucma: Protect mc during concurrent multicast leaves (git-fixes).
regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips (git-fixes).
regmap-irq: Fix offset/index mismatch in read_sub_irq_data() (git-fixes).
regmap-irq: Update interrupt clear register for proper reset (git-fixes).
regulator: atc260x: Fix missing active_discharge_on setting (git-fixes).
regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET (git-fixes).
regulator: core: fix false positive in regulator_late_cleanup() (git-fixes).
regulator: da9121: Fix uninit-value in da9121_assign_chip_model() (git-fixes).
regulator: mt6315: Enforce regulator-compatible, not name (git-fixes).
regulator: mt6315-regulator: fix invalid allowed mode (git-fixes).
regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt (git-fixes).
regulator: qcom_smd: fix for_each_child.cocci warnings (git-fixes).
regulator: qcom_smd: Fix up PM8950 regulator configuration (git-fixes).
regulator: rpi-panel: Handle I2C errors/timing to the Atmel (git-fixes).
regulator: scmi: Fix refcount leak in scmi_regulator_probe (git-fixes).
regulator: wm8994: Add an off-on delay for WM8994 variant (git-fixes).
remoteproc: Fix count check in rproc_coredump_write() (git-fixes).
remoteproc: imx_rproc: Ignore create mem entry for resource table (git-fixes).
remoteproc: qcom: Fix missing of_node_put in adsp_alloc_memory_region (git-fixes).
remoteproc: qcom_q6v5_mss: Fix some leaks in q6v5_alloc_memory_region (git-fixes).
remoteproc: qcom_wcnss: Add missing of_node_put() in wcnss_alloc_memory_region (git-fixes).
reset: tegra-bpmp: Restore Handle errors in BPMP response (git-fixes).
Revert 'drm/amd/display: Fix DCN3 B0 DP Alt Mapping' (git-fixes).
Revert 'svm: Add warning message for AVIC IPI invalid target' (git-fixes).
rfkill: make new event layout opt-in (git-fixes).
rfkill: uapi: fix RFKILL_IOCTL_MAX_SIZE ioctl request definition (git-fixes).
riscv: Fix fill_callchain return value (git fixes).
rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value (git-fixes).
rpmsg: qcom_smd: Fix redundant channel->registered assignment (git-fixes).
rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails (git-fixes).
rpmsg: virtio: Fix possible double free in rpmsg_probe() (git-fixes).
rpmsg: virtio: Fix possible double free in rpmsg_virtio_add_ctrl_dev() (git-fixes).
rpmsg: virtio: Fix the unregistration of the device rpmsg_ctrl (git-fixes).
rtc: check if __rtc_read_time was successful (git-fixes).
rtc: fix use-after-free on device removal (git-fixes).
rtc: ftrtc010: Fix error handling in ftrtc010_rtc_probe (git-fixes).
rtc: ftrtc010: Use platform_get_irq() to get the interrupt (git-fixes).
rtc: mc146818-lib: fix locking in mc146818_set_time (git-fixes).
rtc: mc146818-lib: Fix the AltCentury for AMD platforms (git-fixes).
rtc: mt6397: check return value after calling platform_get_resource() (git-fixes).
rtc: mxc: Silence a clang warning (git-fixes).
rtc: pcf2127: fix bug when reading alarm registers (git-fixes).
rtc: pl031: fix rtc features null pointer dereference (git-fixes).
rtc: sun6i: Fix time overflow handling (git-fixes).
rtc: wm8350: Handle error for wm8350_register_irq (git-fixes).
rtl818x: Prevent using not initialized queues (git-fixes).
rtlwifi: Use pr_warn instead of WARN_ONCE (git-fixes).
rtw88: 8821c: fix debugfs rssi value (git-fixes).
rtw88: 8821c: support RFE type4 wifi NIC (git-fixes).
rtw88: Disable PCIe ASPM while doing NAPI poll on 8821CE (git-fixes).
rtw88: rtw8821c: enable rfe 6 devices (git-fixes).
s390/crypto: fix scatterwalk_unmap() callers in AES-GCM (git-fixes).
s390/ctcm: fix potential memory leak (git-fixes).
s390/ctcm: fix variable dereferenced before check (git-fixes).
s390-dasd-fix-data-corruption-for-ESE-devices (bsc#1200205 LTC#198456).
s390/dasd: fix data corruption for ESE devices (git-fixes).
s390-dasd-Fix-read-for-ESE-with-blksize-4k (bsc#1200211 LTC#198457).
s390/dasd: Fix read for ESE with blksize 4k (git-fixes).
s390-dasd-Fix-read-inconsistency-for-ESE-DASD-devices (bsc#1200211 LTC#198457).
s390/dasd: Fix read inconsistency for ESE DASD devices (git-fixes).
s390-dasd-prevent-double-format-of-tracks-for-ESE-devices (bsc#1200205 LTC#198456).
s390/dasd: prevent double format of tracks for ESE devices (git-fixes).
s390/entry: fix duplicate tracking of irq nesting level (git-fixes).
s390/extable: fix exception table sorting (git-fixes).
s390/kexec_file: fix error handling when applying relocations (git-fixes).
s390/kexec: fix memory leak of ipl report buffer (git-fixes).
s390/kexec: fix return code handling (git-fixes).
s390/lcs: fix variable dereferenced before check (git-fixes).
s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST flag (git-fixes).
s390/module: fix loading modules with a lot of relocations (git-fixes).
s390/nmi: handle guarded storage validity failures for KVM guests (git-fixes).
s390/nmi: handle vector validity failures for KVM guests (git-fixes).
s390/perf: obtain sie_block from the right address (bsc#1200315 LTC#198473).
s390/setup: avoid reserving memory above identity mapping (git-fixes).
s390/smp: sort out physical vs virtual pointers usage (git-fixes).
sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl (git-fixes).
sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl (git-fixes).
sc16is7xx: Fix for incorrect data being transmitted (git-fixes).
sched/core: Export pelt_thermal_tp (git-fixes)
sched/core: Fix forceidle balancing (git-fixes)
sched/core: Mitigate race (git-fixes)
sched/cpuacct: Fix charge percpu cpuusage (git-fixes)
sched/cpuacct: Fix user/system in shown cpuacct.usage* (git-fixes)
sched/debug: Remove mpol_get/put and task_lock/unlock from (git-fixes)
sched: Define and initialize a flag to identify valid PASID in the task (jsc#SLE-24350).
sched/fair: Consider CPU affinity when allowing NUMA imbalance in find_idlest_group() (bnc#1193431).
sched/fair: Fix fault in reweight_entity (git fixes (sched/core)).
sched/fair: Revise comment about lb decision matrix (git-fixes)
sched: Fix balance_push() vs __sched_setscheduler() (git-fixes)
sched: Fix yet more sched_fork() races (git fixes (sched/core)).
sched/membarrier: Fix membarrier-rseq fence command missing (git-fixes)
sched/numa: Adjust imb_numa_nr to a better approximation of memory channels (bnc#1193431).
sched/numa: Apply imbalance limitations consistently (bnc#1193431).
sched/numa: Do not swap tasks between nodes when spare capacity is available (bnc#1193431).
sched/numa: Initialise numa_migrate_retry (bnc#1193431).
sched/pasid: Add a kABI workaround (jsc#SLE-24350).
sched/pelt: Fix attach_entity_load_avg() corner case (git-fixes)
sched/pelt: Relax the sync of util_sum with util_avg (git-fixes)
sched/psi: report zeroes for CPU full at the system level (git-fixes)
sched/rt: Plug rt_mutex_setprio() vs push_rt_task() race (git-fixes)
sched/rt: Try to restart rt period timer when rt runtime (git-fixes)
sched/scs: Reset task stack state in bringup_cpu() (git-fixes)
sched/sugov: Ignore busy filter when rq is capped by (git-fixes)
sched: Teach the forced-newidle balancer about CPU affinity (git-fixes)
scripts/faddr2line: Fix overlapping text section failures (git-fixes).
scsi: block: pm: Always set request queue runtime active in blk_post_runtime_resume() (bsc#1198802).
scsi: block: PM fix blk_post_runtime_resume() args (bsc#1198802).
scsi: core: Query VPD size before getting full page (git-fixes).
scsi: dc395x: Fix a missing check on list iterator (git-fixes).
scsi: elx: efct: Do not use GFP_KERNEL under spin lock (git-fixes).
scsi: fnic: Fix a tracing statement (git-fixes).
scsi: fnic: Replace DMA mask of 64 bits with 47 bits (bsc#1199631).
scsi: hisi_sas: Add more logs for runtime suspend/resume (bsc#1198802).
scsi: hisi_sas: Change permission of parameter prot_mask (git-fixes).
scsi: hisi_sas: Fix rescan after deleting a disk (git-fixes).
scsi: hisi_sas: Fix some issues related to asd_sas_port-phy_list (bsc#1198802).
scsi: hisi_sas: Increase debugfs_dump_index after dump is completed (bsc#1198806).
scsi: hisi_sas: Initialise devices in .slave_alloc callback (bsc#1198802).
scsi: hisi_sas: Limit users changing debugfs BIST count value (bsc#1198803).
scsi: hisi_sas: Remove unused variable and check in hisi_sas_send_ata_reset_each_phy() (git-fixes).
scsi: hisi_sas: Wait for phyup in hisi_sas_control_phy() (bsc#1198802).
scsi: ibmvfc: Allocate/free queue resource only during probe/remove (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes).
scsi: ibmvfc: Store vhost pointer during subcrq allocation (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes).
scsi: libsas: Add flag SAS_HA_RESUMING (bsc#1198802).
scsi: libsas: Add spin_lock/unlock() to protect asd_sas_port->phy_list (bsc#1198802).
scsi: libsas: Defer works of new phys during suspend (bsc#1198802).
scsi: libsas: Do not always drain event workqueue for HA resume (bsc#1198802).
scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands (git-fixes).
scsi: libsas: Insert PORTE_BROADCAST_RCVD event for resuming host (bsc#1198802).
scsi: libsas: Keep host active while processing events (bsc#1198802).
scsi: libsas: Refactor sas_queue_deferred_work() (bsc#1198802).
scsi: libsas: Resume host while sending SMP I/Os (bsc#1198802).
scsi: lpfc: Add more logging of cmd and cqe information for aborted NVMe cmds (bsc#1201193).
scsi: lpfc: Address NULL pointer dereference after starget_to_rport() (bsc#1201193).
scsi: lpfc: Add support for ATTO Fibre Channel devices (bsc#1201193).
scsi: lpfc: Add support for VMID tagging of NVMe I/Os (bsc#1201193).
scsi: lpfc: Allow reduced polling rate for nvme_admin_async_event cmd completion (bsc#1201193).
scsi: lpfc: Alter FPIN stat accounting logic (bsc#1200045).
scsi: lpfc: Change FA-PWWN detection methodology (bsc#1200045).
scsi: lpfc: Change VMID registration to be based on fabric parameters (bsc#1200045).
scsi: lpfc: Clear fabric topology flag before initiating a new FLOGI (bsc#1200045).
scsi: lpfc: Commonize VMID code location (bsc#1201193).
scsi: lpfc: Copyright updates for 14.2.0.0 patches (bsc#1197675).
scsi: lpfc: Copyright updates for 14.2.0.2 patches (bsc#1200045).
scsi: lpfc: Correct BDE DMA address assignment for GEN_REQ_WQE (bsc#1200045).
scsi: lpfc: Correct BDE type for XMIT_SEQ64_WQE in lpfc_ct_reject_event() (bsc#1201193).
scsi: lpfc: Correct CRC32 calculation for congestion stats (bsc#1200045).
scsi: lpfc: Decrement outstanding gidft_inp counter if lpfc_err_lost_link() (bsc#1200045).
scsi: lpfc: Drop lpfc_no_handler() (bsc#1197675).
scsi: lpfc: Expand setting ELS_ID field in ELS_REQUEST64_WQE (bsc#1200045).
scsi: lpfc: Fill in missing ndlp kref puts in error paths (bsc#1200045).
scsi: lpfc: Fix additional reference counting in lpfc_bsg_rport_els() (bsc#1200045).
scsi: lpfc: Fix broken SLI4 abort path (bsc#1197675).
scsi: lpfc: Fix call trace observed during I/O with CMF enabled (bsc#1200045).
scsi: lpfc: Fix diagnostic fw logging after a function reset (bsc#1200045).
scsi: lpfc: Fix dmabuf ptr assignment in lpfc_ct_reject_event() (bsc#1200045).
scsi: lpfc: Fix element offset in __lpfc_sli_release_iocbq_s4() (bsc#1200045).
scsi: lpfc: Fix field overload in lpfc_iocbq data structure (bsc#1200045).
scsi: lpfc: Fix locking for lpfc_sli_iocbq_lookup() (bsc#1197675).
scsi: lpfc: Fix ndlp put following a LOGO completion (bsc#1200045).
scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI (bsc#1200045).
scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology (bsc#1201193).
scsi: lpfc: Fix queue failures when recovering from PCI parity error (bsc#1197675 bsc#1196478).
scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp() (bsc#1200045).
scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock (bsc#1200045).
scsi: lpfc: Fix split code for FLOGI on FCoE (bsc#1200045).
scsi: lpfc: Fix typos in comments (bsc#1197675).
scsi: lpfc: Fix unload hang after back to back PCI EEH faults (bsc#1197675 bsc#1196478).
scsi: lpfc: Improve PCI EEH Error and Recovery Handling (bsc#1197675 bsc#1196478).
scsi: lpfc: Inhibit aborts if external loopback plug is inserted (bsc#1200045).
scsi: lpfc: Introduce FC_RSCN_MEMENTO flag for tracking post RSCN completion (bsc#1200045).
scsi: lpfc: Kill lpfc_bus_reset_handler() (bsc#1197675).
scsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg() (bsc#1200045).
scsi: lpfc: Move MI module parameter check to handle dynamic disable (bsc#1200045).
scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT (bsc#1200045).
scsi: lpfc: Reduce log messages seen after firmware download (bsc#1197675).
scsi: lpfc: Refactor cleanup of mailbox commands (bsc#1200045).
scsi: lpfc: Register for Application Services FC-4 type in Fabric topology (bsc#1200045).
scsi: lpfc: Remove failing soft_wwn support (bsc#1197675).
scsi: lpfc: Remove false FDMI NVMe FC-4 support for NPIV ports (bsc#1200045).
scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled (bsc#1197675).
scsi: lpfc: Remove redundant flush_workqueue() call (bsc#1197675).
scsi: lpfc: Remove redundant lpfc_sli_prep_wqe() call (bsc#1200045).
scsi: lpfc: Remove unnecessary null ndlp check in lpfc_sli_prep_wqe() (bsc#1200045).
scsi: lpfc: Remove unnecessary NULL pointer assignment for ELS_RDF path (bsc#1200045).
scsi: lpfc: Remove unneeded variable (bsc#1200045).
scsi: lpfc: Requeue SCSI I/O to upper layer when fw reports link down (bsc#1200045).
scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is aborted (bsc#1201193).
scsi: lpfc: Resolve some cleanup issues following abort path refactoring (bsc#1201193).
scsi: lpfc: Resolve some cleanup issues following SLI path refactoring (bsc#1201193).
scsi: lpfc: Revise FDMI reporting of supported port speed for trunk groups (bsc#1200045).
scsi: lpfc: Rework FDMI initialization after link up (bsc#1200045).
scsi: lpfc: Rework lpfc_vmid_get_appid() to be protocol independent (bsc#1201193).
scsi: lpfc: SLI path split: Introduce lpfc_prep_wqe (bsc#1197675).
scsi: lpfc: SLI path split: Refactor Abort paths (bsc#1197675).
scsi: lpfc: SLI path split: Refactor base ELS paths and the FLOGI path (bsc#1197675).
scsi: lpfc: SLI path split: Refactor BSG paths (bsc#1197675).
scsi: lpfc: SLI path split: Refactor CT paths (bsc#1197675).
scsi: lpfc: SLI path split: Refactor fast and slow paths to native SLI4 (bsc#1197675).
scsi: lpfc: SLI path split: Refactor FDISC paths (bsc#1197675).
scsi: lpfc: SLI path split: Refactor lpfc_iocbq (bsc#1197675).
scsi: lpfc: SLI path split: Refactor LS_ACC paths (bsc#1197675).
scsi: lpfc: SLI path split: Refactor LS_RJT paths (bsc#1197675).
scsi: lpfc: SLI path split: Refactor misc ELS paths (bsc#1197675).
scsi: lpfc: SLI path split: Refactor PLOGI/PRLI/ADISC/LOGO paths (bsc#1197675).
scsi: lpfc: SLI path split: Refactor SCSI paths (bsc#1197675).
scsi: lpfc: SLI path split: Refactor the RSCN/SCR/RDF/EDC/FARPR paths (bsc#1197675).
scsi: lpfc: SLI path split: Refactor VMID paths (bsc#1197675).
scsi: lpfc: Transition to NPR state upon LOGO cmpl if link down or aborted (bsc#1200045).
scsi: lpfc: Tweak message log categories for ELS/FDMI/NVMe rescan (bsc#1200045).
scsi: lpfc: Update fc_prli_sent outstanding only after guaranteed IOCB submit (bsc#1200045).
scsi: lpfc: Update lpfc version to 14.2.0.0 (bsc#1197675).
scsi: lpfc: Update lpfc version to 14.2.0.1 (bsc#1197675).
scsi: lpfc: Update lpfc version to 14.2.0.2 (bsc#1200045).
scsi: lpfc: Update lpfc version to 14.2.0.3 (bsc#1200045).
scsi: lpfc: Update lpfc version to 14.2.0.4 (bsc#1201193).
scsi: lpfc: Update stat accounting for READ_STATUS mbox command (bsc#1200045).
scsi: lpfc: Use fc_block_rport() (bsc#1197675).
scsi: lpfc: Use irq_set_affinity() (bsc#1197675).
scsi: lpfc: Use kcalloc() (bsc#1197675).
scsi: lpfc: Use list_for_each_entry_safe() in rscn_recovery_check() (bsc#1200045).
scsi: lpfc: Use rport as argument for lpfc_chk_tgt_mapped() (bsc#1197675).
scsi: lpfc: Use rport as argument for lpfc_send_taskmgmt() (bsc#1197675).
scsi: lpfc: Use sg_dma_address() and sg_dma_len() macros for NVMe I/O (bsc#1200045).
scsi: lpfc: Zero SLI4 fcp_cmnd buffer's fcpCntl0 field (bsc#1200045).
scsi: mpt3sas: Fix incorrect 4GB boundary check (git-fixes).
scsi: mpt3sas: Fix use after free in _scsih_expander_node_remove() (git-fixes).
scsi: mpt3sas: Page fault in reply q processing (git-fixes).
scsi: mpt3sas: Use cached ATA Information VPD page (git-fixes).
scsi: mvsas: Add spin_lock/unlock() to protect asd_sas_port->phy_list (bsc#1198802).
scsi: nvme-fc: Add new routine nvme_fc_io_getuuid() (bsc#1201193).
scsi: pm8001: Fix abort all task initialization (git-fixes).
scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req() (git-fixes).
scsi: pm8001: Fix command initialization in pm80XX_send_read_log() (git-fixes).
scsi: pm8001: Fix le32 values handling in pm80xx_chip_sata_req() (git-fixes).
scsi: pm8001: Fix le32 values handling in pm80xx_chip_ssp_io_req() (git-fixes).
scsi: pm8001: Fix le32 values handling in pm80xx_set_sas_protocol_timer_config() (git-fixes).
scsi: pm8001: Fix NCQ NON DATA command completion handling (git-fixes).
scsi: pm8001: Fix NCQ NON DATA command task initialization (git-fixes).
scsi: pm8001: Fix payload initialization in pm80xx_encrypt_update() (git-fixes).
scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config() (git-fixes).
scsi: pm80xx: Enable upper inbound, outbound queues (git-fixes).
scsi: pm80xx: Mask and unmask upper interrupt vectors 32-63 (git-fixes).
scsi: qedi: Fix ABBA deadlock in qedi_process_tmf_resp() and qedi_process_cmd_cleanup_resp() (git-fixes).
scsi: qla2xxx: Add a new v2 dport diagnostic feature (bsc#1201160).
scsi: qla2xxx: Add debug prints in the device remove path (bsc#1201160).
scsi: qla2xxx: Add devids and conditionals for 28xx (bsc#1195823).
scsi: qla2xxx: Add ql2xnvme_queues module param to configure number of NVMe queues (bsc#1195823).
scsi: qla2xxx: Add qla2x00_async_done() for async routines (bsc#1195823).
scsi: qla2xxx: Add retry for exec firmware (bsc#1195823).
scsi: qla2xxx: Check for firmware dump already collected (bsc#1195823).
scsi: qla2xxx: edif: Add bsg interface to read doorbell events (bsc#1201160).
scsi: qla2xxx: edif: Add retry for ELS passthrough (bsc#1201160).
scsi: qla2xxx: edif: bsg refactor (bsc#1201160).
scsi: qla2xxx: edif: Fix clang warning (bsc#1195823).
scsi: qla2xxx: edif: Fix inconsistent check of db_flags (bsc#1195823).
scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription (bsc#1201160).
scsi: qla2xxx: edif: Fix n2n discovery issue with secure target (bsc#1201160).
scsi: qla2xxx: edif: Fix n2n login retry for secure device (bsc#1201160).
scsi: qla2xxx: edif: Fix no login after app start (bsc#1201160).
scsi: qla2xxx: edif: Fix no logout on delete for N2N (bsc#1201160).
scsi: qla2xxx: edif: Fix potential stuck session in sa update (bsc#1201160).
scsi: qla2xxx: edif: Fix session thrash (bsc#1201160).
scsi: qla2xxx: edif: Fix slow session teardown (bsc#1201160).
scsi: qla2xxx: edif: Reduce connection thrash (bsc#1195823).
scsi: qla2xxx: edif: Reduce disruption due to multiple app start (bsc#1201160).
scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing (bsc#1201160).
scsi: qla2xxx: edif: Reduce N2N thrashing at app_start time (bsc#1201160).
scsi: qla2xxx: edif: Remove old doorbell interface (bsc#1201160).
scsi: qla2xxx: edif: Remove unneeded variable (bsc#1200046).
scsi: qla2xxx: edif: Replace list_for_each_safe with list_for_each_entry_safe (bsc#1195823).
scsi: qla2xxx: edif: Send LOGO for unexpected IKE message (bsc#1201160).
scsi: qla2xxx: edif: Synchronize NPIV deletion with authentication application (bsc#1201160).
scsi: qla2xxx: edif: Tear down session if keys have been removed (bsc#1201160).
scsi: qla2xxx: edif: Tweak trace message (bsc#1195823).
scsi: qla2xxx: edif: Wait for app to ack on sess down (bsc#1201160).
scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts (bsc#1201160).
scsi: qla2xxx: Fix crash during module load unload test (bsc#1197661).
scsi: qla2xxx: Fix device reconnect in loop topology (bsc#1195823).
scsi: qla2xxx: Fix disk failure to rediscover (bsc#1197661).
scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection (bsc#1201160).
scsi: qla2xxx: Fix excessive I/O error messages by default (bsc#1201160).
scsi: qla2xxx: Fix hang due to session stuck (bsc#1197661).
scsi: qla2xxx: Fix incorrect reporting of task management failure (bsc#1197661).
scsi: qla2xxx: Fix laggy FC remote port session recovery (bsc#1197661).
scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation tests (bsc#1201160).
scsi: qla2xxx: Fix losing FCP-2 targets on long port disable with I/Os (bsc#1201160).
scsi: qla2xxx: Fix losing target when it reappears during delete (bsc#1201160).
scsi: qla2xxx: Fix loss of NVMe namespaces after driver reload test (bsc#1197661).
scsi: qla2xxx: Fix missed DMA unmap for aborted commands (bsc#1200046).
scsi: qla2xxx: Fix missed DMA unmap for NVMe ls requests (bsc#1197661).
scsi: qla2xxx: Fix N2N inconsistent PLOGI (bsc#1197661).
scsi: qla2xxx: Fix premature hw access after PCI error (bsc#1195823).
scsi: qla2xxx: Fix scheduling while atomic (bsc#1195823).
scsi: qla2xxx: Fix stuck session in gpdb (bsc#1195823).
scsi: qla2xxx: Fix stuck session of PRLI reject (bsc#1197661).
scsi: qla2xxx: Fix T10 PI tag escape and IP guard options for 28XX adapters (bsc#1195823).
scsi: qla2xxx: Fix typos in comments (bsc#1197661).
scsi: qla2xxx: Fix warning for missing error code (bsc#1195823).
scsi: qla2xxx: Fix warning message due to adisc being flushed (bsc#1195823).
scsi: qla2xxx: Fix wrong FDMI data for 64G adapter (bsc#1195823).
scsi: qla2xxx: Implement ref count for SRB (bsc#1195823).
scsi: qla2xxx: Increase max limit of ql2xnvme_queues (bsc#1197661).
scsi: qla2xxx: Reduce false trigger to login (bsc#1197661).
scsi: qla2xxx: Refactor asynchronous command initialization (bsc#1195823).
scsi: qla2xxx: Remove a declaration (bsc#1195823).
scsi: qla2xxx: Remove free_sg command flag (bsc#1200046).
scsi: qla2xxx: Remove setting of 'req' and 'rsp' parameters (bsc#1201160).
scsi: qla2xxx: Remove unneeded flush_workqueue() (bsc#1200046).
scsi: qla2xxx: Remove unused qla_sess_op_cmd_list from scsi_qla_host_t (bsc#1195823).
scsi: qla2xxx: Remove unused 'ql_dm_tgt_ex_pct' parameter (bsc#1201160).
scsi: qla2xxx: Stop using the SCSI pointer (bsc#1197661).
scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() (bsc#1195823).
scsi: qla2xxx: Turn off multi-queue for 8G adapters (bsc#1201160).
scsi: qla2xxx: Update version to 10.02.07.200-k (bsc#1195823).
scsi: qla2xxx: Update version to 10.02.07.300-k (bsc#1195823).
scsi: qla2xxx: Update version to 10.02.07.400-k (bsc#1197661).
scsi: qla2xxx: Update version to 10.02.07.500-k (bsc#1201160).
scsi: qla2xxx: Update version to 10.02.07.600-k (bsc#1201160).
scsi: qla2xxx: Update version to 10.02.07.700-k (bsc#1201160).
scsi: qla2xxx: Use correct feature type field during RFF_ID processing (bsc#1197661).
scsi: qla2xxx: Use named initializers for port_state_str (bsc#1197661).
scsi: qla2xxx: Use named initializers for q_dev_state (bsc#1197661).
scsi: qla2xxx: Wind down adapter after PCIe error (bsc#1201160).
scsi: scsi_transport_fc: Fix FPIN Link Integrity statistics counters (git-fixes).
scsi: sr: Do not leak information in ioctl (git-fixes).
scsi: ufs: core: Exclude UECxx from SFR dump list (git-fixes).
scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (git-fixes).
scsi: ufs: qcom: Fix ufs_qcom_resume() (git-fixes).
scsi: virtio-scsi: Eliminate anonymous module_init and module_exit (git-fixes).
scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() (git-fixes).
selftest: KVM: Add open sev dev helper (bsc#1194526).
selftests/bpf: Remove unused variable in tc_tunnel prog (git-fixes).
selftests: firmware: Fix the request_firmware_into_buf() test for XZ format (git-fixes).
selftests: firmware: Use smaller dictionary for XZ compression (git-fixes).
selftests: fix check for circular KVM_CAP_VM_MOVE_ENC_CONTEXT_FROM (bsc#1194526).
selftests: KVM: Add /x86_64/sev_migrate_tests to .gitignore (bsc#1194526).
selftests: KVM: Fix check for !POLLIN in demand_paging_test (bsc#1194526).
selftests: kvm: Remove absent target file (git-fixes).
selftests: KVM: sev_migrate_tests: Fix sev_ioctl() (bsc#1194526).
selftests: kvm/x86: Fix the warning in lib/x86_64/processor.c (bsc#1194526).
selftests/powerpc: Add test for real address error handling (jsc#SLE-18194).
serial: 8250: Also set sticky MCR bits in console restoration (git-fixes).
serial: 8250_aspeed_vuart: add PORT_ASPEED_VUART port type (git-fixes).
serial: 8250_aspeed_vuart: Fix potential NULL dereference in aspeed_vuart_probe (git-fixes).
serial: 8250: core: Remove unneeded linux/pm_runtime.h (git-fixes).
serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device (git-fixes).
serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485 (git-fixes).
serial: 8250: Fix race condition in RTS-after-send handling (git-fixes).
serial: 8250: fix XOFF/XON sending when DMA is used (git-fixes).
serial: 8250_lpss: Balance reference count for PCI DMA device (git-fixes).
serial: 8250_mid: Balance reference count for PCI DMA device (git-fixes).
serial: 8250_mtk: Fix register address for XON/XOFF character (git-fixes).
serial: 8250_mtk: Fix UART_EFR register address (git-fixes).
serial: 8250: pxa: Remove unneeded linux/pm_runtime.h (git-fixes).
serial: core: Fix the definition name in the comment of UPF_* flags (git-fixes).
serial: cpm_uart: Fix build error without CONFIG_SERIAL_CPM_CONSOLE (git-fixes).
serial: digicolor-usart: Do not allow CS5-6 (git-fixes).
serial: imx: fix overrun interrupts in DMA mode (git-fixes).
serial: meson: acquire port->lock in startup() (git-fixes).
serial: msm_serial: disable interrupts in __msm_console_write() (git-fixes).
serial: pch: do not overwrite xmit->buf[0] by x_char (git-fixes).
serial: rda-uart: Do not allow CS5-6 (git-fixes).
serial: samsung_tty: do not unlock port->lock for uart_write_wakeup() (git-fixes).
serial: sh-sci: Do not allow CS5-6 (git-fixes).
serial: sifive: Report actual baud base rather than fixed 115200 (git-fixes).
serial: sifive: Sanitize CSIZE and c_iflag (git-fixes).
serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 (git-fixes).
serial: stm32-usart: Correct CSIZE, bits, and parity (git-fixes).
serial: txx9: Do not allow CS5-6 (git-fixes).
sfc: Do not free an empty page_ring (git-fixes).
sfc: fallback for lack of xdp tx queues (bsc#1196306).
sfc: last resort fallback for lack of xdp tx queues (bsc#1196306).
sfc: Use swap() instead of open coding it (bsc#1196306).
sfc: use swap() to make code cleaner (bsc#1196306).
skbuff: fix coalescing for page_pool fragment recycling (bsc#1190336).
slimbus: qcom: Fix IRQ check in qcom_slim_probe (git-fixes).
slip: fix macro redefine warning (git-fixes).
smb3: add mount parm nosparse (bsc#1193629).
smb3: add trace point for lease not found issue (bsc#1193629).
smb3: add trace point for oplock not found (bsc#1193629).
smb3: check for null tcon (bsc#1193629).
smb3: cleanup and clarify status of tree connections (bsc#1193629).
smb3: do not set rc when used and unneeded in query_info_compound (bsc#1193629).
SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op (bsc#1193629).
smb3: fix incorrect session setup check for multiuser mounts (bsc#1193629).
smb3: fix ksmbd bigendian bug in oplock break, and move its struct to smbfs_common (bsc#1193629).
smb3: fix snapshot mount option (bsc#1193629).
[smb3] improve error message when mount options conflict with posix (bsc#1193629).
smb3: move defines for ioctl protocol header and SMB2 sizes to smbfs_common (bsc#1193629).
smb3: move defines for query info and query fsinfo to smbfs_common (bsc#1193629).
[smb3] move more common protocol header definitions to smbfs_common (bsc#1193629).
smb3: send NTLMSSP version information (bsc#1193629).
smp: Fix offline cpu check in flush_smp_call_function_queue() (git-fixes).
smsc911x: allow using IRQ0 (git-fixes).
soc: aspeed: lpc-ctrl: Block error printing on probe defer cases (git-fixes).
soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe (git-fixes).
soc: bcm: Check for NULL return of devm_kzalloc() (git-fixes).
soc: fsl: Correct MAINTAINERS database (QUICC ENGINE LIBRARY) (git-fixes).
soc: fsl: Correct MAINTAINERS database (SOC) (git-fixes).
soc: fsl: guts: Add a missing memory allocation failure check (git-fixes).
soc: fsl: guts: Revert commit 3c0d64e867ed (git-fixes).
soc: fsl: qe: Check of ioremap return value (git-fixes).
soc: mediatek: pm-domains: Add wakeup capacity support in power domain (git-fixes).
soc: qcom: aoss: Expose send for generic usecase (git-fixes).
soc: qcom: aoss: Fix missing put_device call in qmp_get (git-fixes).
soc: qcom: aoss: remove spurious IRQF_ONESHOT flags (git-fixes).
soc: qcom: llcc: Add MODULE_DEVICE_TABLE() (git-fixes).
soc: qcom: ocmem: Fix missing put_device() call in of_get_ocmem (git-fixes).
soc: qcom: rpmpd: Check for null return of devm_kcalloc (git-fixes).
soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc (git-fixes).
soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc (git-fixes).
soc: rockchip: Fix refcount leak in rockchip_grf_init (git-fixes).
soc: ti: ti_sci_pm_domains: Check for null return of devm_kcalloc (git-fixes).
soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe (git-fixes).
sound/oss/dmasound: fix build when drivers are mixed =y/=m (git-fixes).
sound/oss/dmasound: fix 'dmasound_setup' defined but not used (git-fixes).
soundwire: intel: fix wrong register name in intel_shim_wake (git-fixes).
soundwire: intel: prevent pm_runtime resume prior to system suspend (git-fixes).
soundwire: qcom: adjust autoenumeration timeout (git-fixes).
speakup-dectlk: Restore pitch setting (git-fixes).
spi: atmel-quadspi: Fix the buswidth adjustment between spi-mem and controller (git-fixes).
spi: bcm-qspi: fix MSPI only access with bcm_qspi_exec_mem_op() (git-fixes).
spi: cadence-quadspi: fix incorrect supports_op() return value (git-fixes).
spi: cadence-quadspi: fix protocol setup for non-1-1-X operations (git-fixes).
spi: core: add dma_map_dev for __spi_unmap_msg() (git-fixes).
spi: Fix erroneous sgs value with min_t() (git-fixes).
spi: Fix invalid sgs value (git-fixes).
spi: Fix Tegra QSPI example (git-fixes).
spi: img-spfi: Fix pm_runtime_get_sync() error checking (git-fixes).
spi: mxic: Fix the transmit path (git-fixes).
spi: pxa2xx-pci: Balance reference count for PCI DMA device (git-fixes).
spi: qcom-qspi: Add minItems to interconnect-names (git-fixes).
spi: rockchip: Fix error in getting num-cs property (git-fixes).
spi: rockchip: fix missing error on unsupported SPI_CS_HIGH (git-fixes).
spi: rockchip: Preset cs-high and clk polarity in setup progress (git-fixes).
spi: rockchip: Stop spi slave dma receiver when cs inactive (git-fixes).
spi: rockchip: terminate dma transmission when slave abort (git-fixes).
spi: spi-cadence: Fix kernel-doc format for resume/suspend (git-fixes).
spi: spi-fsl-qspi: check return value after calling platform_get_resource_byname() (git-fixes).
spi: spi-mtk-nor: initialize spi controller after resume (git-fixes).
spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction (git-fixes).
spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout (git-fixes).
spi: spi-zynqmp-gqspi: Handle error for dma_set_mask (git-fixes).
spi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op() (git-fixes).
spi: stm32-qspi: Fix wait_cmd timeout in APM mode (git-fixes).
spi: tegra114: Add missing IRQ check in tegra_spi_probe (git-fixes).
spi: tegra20: Use of_device_get_match_data() (git-fixes).
spi: tegra210-quad: Fix missin IRQ check in tegra_qspi_probe (git-fixes).
sr9700: sanity check for packet length (bsc#1196836).
staging: fbtft: fb_st7789v: reset display before initialization (git-fixes).
staging: fbtft: Fix error path in fbtft_driver_module_init() (git-fixes).
staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() (git-fixes).
staging: gdm724x: fix use after free in gdm_lte_rx() (git-fixes).
staging:iio:adc:ad7280a: Fix handing of device address bit reversing (git-fixes).
staging: most: dim2: force fcnt=3 on Renesas GEN3 (git-fixes).
staging: most: dim2: use device release method (git-fixes).
staging: most: dim2: use if statements instead of ?: expressions (git-fixes).
staging: mt7621-dts: fix formatting (git-fixes).
staging: mt7621-dts: fix LEDs and pinctrl on GB-PC1 devicetree (git-fixes).
staging: mt7621-dts: fix pinctrl-0 items to be size-1 items on ethernet (git-fixes).
staging: mt7621-dts: fix pinctrl properties for ethernet (git-fixes).
staging: rtl8712: fix a potential memory leak in r871xu_drv_init() (git-fixes).
staging: rtl8712: fix uninit-value in r871xu_drv_init() (git-fixes).
staging: rtl8712: fix uninit-value in usb_read8() and friends (git-fixes).
staging: rtl8723bs: Fix access-point mode deadlock (git-fixes).
staging: vc04_services: shut up out-of-range warning (git-fixes).
staging: vchiq_arm: Avoid NULL ptr deref in vchiq_dump_platform_instances (git-fixes).
staging: vchiq_core: handle NULL result of find_service_by_handle (git-fixes).
staging: vchiq: Move certain declarations to vchiq_arm.h (git-fixes).
staging: vchiq: Move vchiq char driver to its own file (git-fixes).
staging: vchiq: Refactor vchiq cdev code (git-fixes).
staging: wfx: fix an error handling in wfx_init_common() (git-fixes).
stddef: Introduce DECLARE_FLEX_ARRAY() helper (git-fixes).
stm: ltdc: fix two incorrect NULL checks on list iterator (bsc#1190786)
SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367).
SUNRPC: Do not dereference non-socket transports in sysfs (git-fixes).
SUNRPC: Do not dereference non-socket transports in sysfs - kabi fix (git-fixes).
SUNRPC do not resend a task on an offlined transport (git-fixes).
SUNRPC: Ensure gss-proxy connects on setup (git-fixes).
SUNRPC: Ensure that the gssproxy client can start in a connected state (git-fixes).
SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() (git-fixes).
SUNRPC: Fix the svc_deferred_event trace class (git-fixes).
SUNRPC: Handle ENOMEM in call_transmit_status() (git-fixes).
SUNRPC: Handle low memory situations in call_status() (git-fixes).
SUNRPC release the transport of a relocated task with an assigned transport (git-fixes).
SUNRPC: svc_tcp_sendmsg() should handle errors from xdr_alloc_bvec() (git-fixes).
SUNRPC: Trap RDMA segment overflows (git-fixes).
SUNRPC: use different lock keys for INET6 and LOCAL (git-fixes).
supported.conf: add intel_sdsi
supported.conf: mark pfuze100 regulator as supported (bsc#1199909)
supported.conf: Support TPM TIS SPI driver (jsc#SLE-24093)
surface: surface3_power: Fix battery readings on batteries without a serial number (git-fixes).
swiotlb: max mapping size takes min align mask into account (bsc#1197303).
sysrq: do not omit current cpu when showing backtrace of all active CPUs (git-fixes).
thermal/core: Fix memory leak in __thermal_cooling_device_register() (git-fixes).
thermal: core: Fix TZ_GET_TRIP NULL pointer dereference (git-fixes).
thermal: devfreq_cooling: use local ops instead of global ops (git-fixes).
thermal/drivers/bcm2711: Do not clamp temperature at zero (git-fixes).
thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe (git-fixes).
thermal/drivers/imx_sc_thermal: Fix refcount leak in imx_sc_thermal_probe (git-fixes).
thermal/drivers/int340x: Improve the tcc offset saving for suspend/resume (git-fixes).
thermal: int340x: Check for NULL after calling kmemdup() (git-fixes).
thermal: int340x: Fix attr.show callback prototype (git-fixes).
thermal: int340x: fix memory leak in int3400_notify() (git-fixes).
thermal: int340x: Increase bitmap size (git-fixes).
thunderbolt: Use different lane for second DisplayPort tunnel (git-fixes).
tick/nohz: unexport __init-annotated tick_nohz_full_setup() (bsc#1201218).
tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (bsc#1190786)
timekeeping: Mark NMI safe time accessors as notrace (git-fixes)
timers: Fix warning condition in __run_timers() (git-fixes)
TOMOYO: fix __setup handlers return values (git-fixes).
tools arch x86: Add Intel SDSi provisiong tool (jsc#SLE-18938).
tools: bpftool: Complete metrics list in 'bpftool prog profile' doc (git-fixes).
tools: bpftool: Document and add bash completion for -L, -B options (git-fixes).
tools: bpftool: Update and synchronise option list in doc and help msg (git-fixes).
tpm: Fix buffer access in tpm2_get_tpm_pt() (git-fixes).
tpm: Fix error handling in async work (git-fixes).
tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (bsc#1065729).
tpm: use try_get_ops() in tpm-space.c (git-fixes).
tps6598x: clear int mask on probe failure (git-fixes).
tracing: Do not inc err_log entry count if entry allocation fails (git-fixes).
tracing: Dump stacktrace trigger to the corresponding instance (git-fixes).
tracing: Fix potential double free in create_var_ref() (git-fixes).
tracing: Fix return value of __setup handlers (git-fixes).
tracing: Fix return value of trace_pid_write() (git-fixes).
tracing: Fix smatch warning for null glob in event_hist_trigger_parse() (git-fixes).
tracing: Have trace event string test handle zero length strings (git-fixes).
tracing: Have traceon and traceoff trigger honor the instance (git-fixes).
tracing/histogram: Fix a potential memory leak for kstrdup() (git-fixes).
tracing/histogram: Fix sorting on old 'cpu' value (git-fixes).
tracing/osnoise: Force quiescent states while tracing (git-fixes).
tracing: Propagate is_signed to expression (git-fixes).
tracing: Show kretprobe unknown indicator only for kretprobe_trampoline (bsc#1193277).
tty: Fix a possible resource leak in icom_probe (git-fixes).
tty: fix deadlock caused by calling printk() under tty_port->lock (git-fixes).
tty: goldfish: Fix free_irq() on remove (git-fixes).
tty: goldfish: Introduce gf_ioread32()/gf_iowrite32() (git-fixes).
tty: goldfish: Use tty_port_destroy() to destroy port (git-fixes).
tty: n_gsm: Debug output allocation must use GFP_ATOMIC (git-fixes).
tty: n_gsm: Do not ignore write return value in gsmld_output() (git-fixes).
tty: n_gsm: fix deadlock in gsmtty_open() (git-fixes).
tty: n_gsm: fix encoding of control signal octet bit DV (git-fixes).
tty: n_gsm: fix NULL pointer access due to DLCI release (git-fixes).
tty: n_gsm: Fix packet data hex dump output (git-fixes).
tty: n_gsm: fix proper link termination after failed open (git-fixes).
tty: n_gsm: fix wrong modem processing in convergence layer type 2 (git-fixes).
tty: n_gsm: fix wrong tty control line for flow control (git-fixes).
tty: n_tty: do not look ahead for EOL character past the end of the buffer (git-fixes).
tty: n_tty: Restore EOF push handling behavior (git-fixes).
tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe() (git-fixes).
tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get (git-fixes).
tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe (git-fixes).
tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() (git-fixes).
u64_stats: Disable preemption on 32bit UP+SMP PREEMPT_RT during updates (bsc#1189998).
uapi/linux/stddef.h: Add include guards (jsc#SLE-18978).
ucounts: Enforce RLIMIT_NPROC not RLIMIT_NPROC+1 (bsc#1194191).
udmabuf: validate ubuf->pagecount (git-fixes).
udp_tunnel: Fix end of loop test in udp_tunnel_nic_unregister() (git-fixes).
usb: cdc-wdm: fix reading stuck on device close (git-fixes).
usb: cdns3: Fix issue for clear halt endpoint (git-fixes).
usb: cdnsp: fix cdnsp_decode_trb function to properly handle ret value (git-fixes).
usb: cdnsp: Fixed setting last_trb incorrectly (git-fixes).
usb: chipidea: udc: check request status before setting device address (git-fixes).
usb: core: Do not hold the device lock while sleeping in do_proc_control() (git-fixes).
usb: core: hcd: Add support for deferring roothub registration (git-fixes).
usb: dwc2: drd: fix soft connect when gadget is unconfigured (git-fixes).
usb: dwc2: Fix memory leak in dwc2_hcd_init (git-fixes).
usb: dwc2: gadget: do not reset gadget's driver->bus (git-fixes).
usb: dwc2: gadget: do not try to disable ep0 in dwc2_hsotg_suspend (git-fixes).
usb: dwc3: core: Fix tx/rx threshold settings (git-fixes).
usb: dwc3: core: Only handle soft-reset in DCTL (git-fixes).
usb: dwc3: Decouple USB 2.0 L1 & L2 events (git-fixes).
usb: dwc3: gadget: Change to dev_dbg() when queuing to inactive gadget/ep (git-fixes).
usb: dwc3: gadget: ep_queue simplify isoc start condition (git-fixes).
usb: dwc3: gadget: Fix IN endpoint max packet size allocation (git-fixes).
usb: dwc3: gadget: Give some time to schedule isoc (git-fixes).
usb: dwc3: gadget: Ignore Update Transfer cmd params (git-fixes).
usb: dwc3: gadget: Let the interrupt handler disable bottom halves (git-fixes).
usb: dwc3: gadget: move cmd_endtransfer to extra function (git-fixes).
usb: dwc3: gadget: Move null pinter check to proper place (git-fixes).
usb: dwc3: gadget: Prevent core from processing stale TRBs (git-fixes).
usb: dwc3: gadget: Prevent repeat pullup() (git-fixes).
usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback (git-fixes).
usb: dwc3: gadget: Return proper request status (git-fixes).
usb: dwc3: gadget: Skip checking Update Transfer status (git-fixes).
usb: dwc3: gadget: Skip reading GEVNTSIZn (git-fixes).
usb: dwc3: gadget: Wait for ep0 xfers to complete during dequeue (git-fixes).
usb: dwc3: Issue core soft reset before enabling run/stop (git-fixes).
usb: dwc3: omap: fix 'unbalanced disables for smps10_out1' on omap5evm (git-fixes).
usb: dwc3: pci: Add 'snps,dis_u2_susphy_quirk' for Intel Bay Trail (git-fixes).
usb: dwc3: pci: add support for the Intel Meteor Lake-P (git-fixes).
usb: dwc3: pci: add support for the Intel Raptor Lake-S (git-fixes).
usb: dwc3: pci: Fix Bay Trail phy GPIO mappings (git-fixes).
usb: dwc3: pci: Fix pm_runtime_get_sync() error checking (git-fixes).
usb: dwc3: pci: Set the swnode from inside dwc3_pci_quirks() (git-fixes).
usb: dwc3: Try usb-role-switch first in dwc3_drd_init (git-fixes).
usb: dwc3: xilinx: fix uninitialized return value (git-fixes).
usb: ehci: add pci device support for Aspeed platforms (git-fixes).
usb: ehci-omap: drop unused ehci_read() function (git-fixes).
usb: f_fs: Fix use-after-free for epfile (git-fixes).
usb: Fix xhci event ring dequeue pointer ERDP update issue (git-fixes).
usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind() (git-fixes).
usb: gadget: eliminate anonymous module_init and module_exit (git-fixes).
usb: gadget: f_fs: change ep->ep safe in ffs_epfile_io() (git-fixes).
usb: gadget: f_fs: change ep->status safe in ffs_epfile_io() (git-fixes).
USB: gadget: Fix double-free bug in raw_gadget driver (git-fixes).
usb: gadget: Fix non-unique driver names in raw-gadget driver (git-fixes).
usb: gadget: fix race when gadget driver register via ioctl (git-fixes).
usb: gadget: Fix use-after-free bug by not setting udc->dev.driver (git-fixes).
usb: gadget: f_uac2: Define specific wTerminalType (git-fixes).
usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe (git-fixes).
usb: gadget: rndis: add spinlock for rndis response list (git-fixes).
usb: gadget: rndis: check size of RNDIS_MSG_SET command (git-fixes).
usb: gadget: rndis: prevent integer overflow in rndis_set_response() (git-fixes).
usb: gadget: tegra-xudc: Do not program SPARAM (git-fixes).
usb: gadget: tegra-xudc: Fix control endpoint's definitions (git-fixes).
usb: gadget: udc: renesas_usb3: Fix host to USB_ROLE_NONE transition (git-fixes).
usb: gadget: u_ether: fix regression in setting fixed MAC address (git-fixes).
usb: gadget: uvc: allow for application to cleanly shutdown (git-fixes).
usb: gadget: uvc: Fix crash when encoding data for usb request (git-fixes).
usb: gadget: uvc: rename function to be more consistent (git-fixes).
usb: gadget: validate endpoint index for xilinx udc (git-fixes).
usb: gadget: validate interface OS descriptor requests (git-fixes).
usb: hcd-pci: Fully suspend across freeze/thaw cycle (git-fixes).
usb: hcd-pci: Use PCI_STD_NUM_BARS when checking standard BARs (git-fixes).
usb: host: isp116x: check return value after calling platform_get_resource() (git-fixes).
usb: isp1760: Fix out-of-bounds array access (git-fixes).
usb: misc: fix improper handling of refcount in uss720_probe() (git-fixes).
usb: mtu3: fix USB 3.0 dual-role-switch from device to host (git-fixes).
usb: musb: Fix missing of_node_put() in omap2430_probe (git-fixes).
usbnet: fix memory allocation in helpers (git-fixes).
usb: new quirk for Dell Gen 2 devices (git-fixes).
usb: phy: generic: Get the vbus supply (git-fixes).
usb: quirks: add a Realtek card reader (git-fixes).
usb: quirks: add STRING quirk for VCOM device (git-fixes).
usb: raw-gadget: fix handling of dual-direction-capable endpoints (git-fixes).
usb: serial: ch341: add support for GW Instek USB2.0-Serial devices (git-fixes).
usb: serial: cp210x: add CPI Bulk Coin Recycler id (git-fixes).
usb: serial: cp210x: add NCR Retail IO box id (git-fixes).
usb: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (git-fixes).
usb: serial: ftdi_sio: add support for Brainboxes US-159/235/320 (git-fixes).
usb: serial: io_ti: add Agilent E5805A support (git-fixes).
usb: serial: option: add Fibocom L610 modem (git-fixes).
usb: serial: option: add Fibocom MA510 modem (git-fixes).
usb: serial: option: add Quectel BG95 modem (git-fixes).
USB: serial: option: add Quectel EM05-G modem (git-fixes).
USB: serial: option: add Quectel RM500K module support (git-fixes).
usb: serial: option: add support for Cinterion MV31 with new baseline (git-fixes).
usb: serial: option: add support for Cinterion MV32-WA/MV32-WB (git-fixes).
usb: serial: option: add support for DW5829e (git-fixes).
usb: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions (git-fixes).
USB: serial: option: add Telit LE910Cx 0x1250 composition (git-fixes).
usb: serial: option: add Telit LE910R1 compositions (git-fixes).
usb: serial: option: add ZTE MF286D modem (git-fixes).
usb: serial: pl2303: add device id for HP LM930 Display (git-fixes).
usb: serial: pl2303: add IBM device IDs (git-fixes).
USB: serial: pl2303: add support for more HXN (G) types (git-fixes).
usb: serial: pl2303: fix GS type detection (git-fixes).
usb: serial: pl2303: fix type detection for odd device (git-fixes).
usb: serial: qcserial: add support for Sierra Wireless EM7590 (git-fixes).
usb: serial: simple: add Nokia phone driver (git-fixes).
usb: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS (git-fixes).
usb: storage: karma: fix rio_karma_init return (git-fixes).
usb: storage: ums-realtek: fix error code in rts51x_read_mem() (git-fixes).
usb: typec: mux: Check dev_set_name() return value (git-fixes).
usb: typec: tcpci: Do not skip cleanup in .remove() on error (git-fixes).
usb: typec: tcpci_mt6360: Update for BMC PHY setting (git-fixes).
usb: typec: tipd: Forward plug orientation to typec subsystem (git-fixes).
usb: typec: ucsi: Fix reuse of completion structure (git-fixes).
usb: typec: ucsi: Fix role swapping (git-fixes).
usb: ulpi: Call of_node_put correctly (git-fixes).
usb: ulpi: Move of_node_put to ulpi_dev_release (git-fixes).
usb: usbip: add missing device lock on tweak configuration cmd (git-fixes).
usb: usbip: eliminate anonymous module_init and module_exit (git-fixes).
usb: usbip: fix a refcount leak in stub_probe() (git-fixes).
usb: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c (git-fixes).
usb: usbtmc: Fix bug in pipe direction for control transfers (git-fixes).
usb: xhci: tegra:Fix PM usage reference leak of tegra_xusb_unpowergate_partitions (git-fixes).
usb: zaurus: support another broken Zaurus (git-fixes).
vdpasim: allow to enable a vq repeatedly (git-fixes).
veth: Ensure eth header is in skb's linear part (git-fixes).
veth: fix races around rq->rx_notify_masked (git-fixes).
vfio/ccw: Remove unneeded GFP_DMA (git-fixes).
vhost_vdpa: do not setup irq offloading when irq_num 0 (git-fixes).
vhost/vsock: do not check owner in vhost_vsock_stop() while releasing (git-fixes).
vhost/vsock: fix incorrect used length reported to the guest (git-fixes).
video: fbdev: atari: Atari 2 bpp (STe) palette bugfix (git-fixes).
video: fbdev: atmel_lcdfb: fix an error code in atmel_lcdfb_probe() (git-fixes).
video: fbdev: cirrusfb: check pixclock to avoid divide by zero (git-fixes).
video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (git-fixes).
video: fbdev: controlfb: Fix COMPILE_TEST build (git-fixes).
video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name() (git-fixes).
video: fbdev: matroxfb: set maxvram of vbG200eW to the same as vbG200 to avoid black screen (git-fixes).
video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow (git-fixes).
video: fbdev: omapfb: acx565akm: replace snprintf with sysfs_emit (git-fixes).
video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of (git-fixes).
video: fbdev: omapfb: panel-dsi-cm: Use sysfs_emit() instead of snprintf() (git-fixes).
video: fbdev: omapfb: panel-tpo-td043mtea1: Use sysfs_emit() instead of snprintf() (git-fixes).
video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() (git-fixes).
video: fbdev: sm712fb: Fix crash in smtcfb_read() (git-fixes).
video: fbdev: sm712fb: Fix crash in smtcfb_write() (git-fixes).
video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() (git-fixes).
video: fbdev: udlfb: properly check endpoint type (bsc#1190497)
video: fbdev: udlfb: replace snprintf in show functions with sysfs_emit (git-fixes).
video: fbdev: w100fb: Reset global state (git-fixes).
virtio-blk: Do not use MAX_DISCARD_SEGMENTS if max_discard_seg is zero (git-fixes).
virtio_blk: eliminate anonymous module_init and module_exit (git-fixes).
virtio_blk: fix the discard_granularity and discard_alignment queue limits (git-fixes).
virtio_console: break out of buf poll on remove (git-fixes).
virtio_console: eliminate anonymous module_init and module_exit (git-fixes).
virtio: fix virtio transitional ids (git-fixes).
virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed (git-fixes).
virtio-net: fix for skb_over_panic inside big mode (git-fixes).
virtio-net: fix race between ndo_open() and virtio_device_ready() (git-fixes).
virtio_net: fix wrong buf address calculation when using xdp (git-fixes).
virtio_net: fix xdp_rxq_info bug after suspend/resume (git-fixes).
virtio-net: realign page_to_skb() after merges (git-fixes).
virtio: pci: Fix an error handling path in vp_modern_probe() (git-fixes).
virtio-pci: Remove wrong address verification in vp_del_vqs() (git-fixes).
VMCI: Fix the description of vmci_check_host_caps() (git-fixes).
vringh: Fix loop descriptors check in the indirect cases (git-fixes).
vsprintf: Fix %pK with kptr_restrict == 0 (bsc#1197889).
vsprintf: Fix potential unaligned access (bsc#1198379).
vt_ioctl: add array_index_nospec to VT_ACTIVATE (git-fixes).
vt_ioctl: fix array_index_nospec in vt_setactivate (git-fixes).
vxcan: enable local echo for sent CAN frames (git-fixes).
w1: w1_therm: fixes w1_seq for ds28ea00 sensors (git-fixes).
watchdog: rti-wdt: Add missing pm_runtime_disable() in probe function (git-fixes).
watchdog: rti-wdt: Fix pm_runtime_get_sync() error checking (git-fixes).
Watchdog: sp5100_tco: Add initialization using EFCH MMIO (bsc#1199260).
watchdog: sp5100_tco: Add support for get_timeleft (bsc#1199260).
Watchdog: sp5100_tco: Enable Family 17h+ CPUs (bsc#1199260).
Watchdog: sp5100_tco: Move timer initialization into function (bsc#1199260).
Watchdog: sp5100_tco: Refactor MMIO base address initialization (bsc#1199260).
watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe (git-fixes).
watchdog: wdat_wdt: Stop watchdog when rebooting the system (git-fixes).
watch_queue: Actually free the watch (git-fixes).
watch_queue: Fix NULL dereference in error cleanup (git-fixes).
watch_queue: Free the page array when watch_queue is dismantled (git-fixes).
wcn36xx: Differentiate wcn3660 from wcn3620 (git-fixes).
wifi: mac80211: fix use-after-free in chanctx code (git-fixes).
wilc1000: fix crash observed in AP mode with cfg80211_register_netdevice() (git-fixes).
wireguard: queueing: use CFI-safe ptr_ring cleanup function (git-fixes).
wireguard: selftests: rename DEBUG_PI_LIST to DEBUG_PLIST (git-fixes).
wireguard: socket: free skb in send6 when ipv6 is disabled (git-fixes).
wireguard: socket: ignore v6 endpoints when ipv6 is disabled (git-fixes).
writeback: Avoid skipping inode writeback (bsc#1200813).
writeback: Fix inode->i_io_list not be protected by inode->i_lock error (bsc#1200821).
x86/boot: Add setup_indirect support in early_memremap_is_setup_data() (bsc#1190497).
x86/boot: Fix memremap of setup_indirect structures (bsc#1190497).
x86/cc: Move arch/x86/{kernel/cc_platform.c coco/core.c} (jsc#SLE-19924).
x86/coco: Add API to handle encryption mask (jsc#SLE-19924).
x86/coco: Explicitly declare type of confidential computing platform (jsc#SLE-19924).
x86/cpu: Add Xeon Icelake-D to list of CPUs that support PPIN (bsc#1190497).
x86/cpufeatures: Re-enable ENQCMD (jsc#SLE-24350).
x86/cpu: Load microcode during restore_processor_state() (bsc#1190497).
x86/fpu: Clear PASID when copying fpstate (jsc#SLE-24350).
x86/kprobes: Add UNWIND_HINT_FUNC on kretprobe_trampoline() (bsc#1193277).
x86/kprobes: Fixup return address in generic trampoline handler (bsc#1193277).
x86/kprobes: Push a fake return address at kretprobe_trampoline (bsc#1193277).
x86/kvmclock: Fix Hyper-V Isolated VM boot issue when vCPUs 64 (bsc#1183682).
x86/kvm: Do not waste memory if kvmclock is disabled (bsc#1183682).
x86/MCE/AMD: Allow thresholding interface updates after init (bsc#1190497).
x86/mm/cpa: Generalize __set_memory_enc_pgtable() (jsc#SLE-19924).
x86/module: Fix the paravirt vs alternative order (bsc#1190497).
x86/pm: Save the MSR validity status at context setup (bsc#1190497).
x86/ptrace: Fix xfpregs_set() incorrect xmm clearing (bsc#1190497).
x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1190497).
x86/traps: Demand-populate PASID MSR via #GP (jsc#SLE-24350).
x86/traps: Mark do_int3() NOKPROBE_SYMBOL (bsc#1190497).
x86/tsx: Use MSR_TSX_CTRL to clear CPUID bits (bsc#1190497).
x86/unwind: kABI workaround for unwind_state changes (bsc#1193277).
x86/unwind: Recover kretprobe trampoline entry (bsc#1193277).
xen/blkfront: fix comment for need_copy (git-fixes).
xen: fix is_xen_pmu() (git-fixes).
xen: unexport __init-annotated xen_xlate_map_ballooned_pages() (bsc#1201218).
xen/x86: obtain full video frame buffer address for Dom0 also under EFI (bsc#1193556).
xen/x86: obtain upper 32 bits of video frame buffer address for Dom0 (bsc#1193556).
xfs: drop async cache flushes from CIL commits (bsc#1195669).
xhci: Allow host runtime PM as default for Intel Alder Lake N xHCI (git-fixes).
xhci: Enable runtime PM on second Alderlake controller (git-fixes).
xhci: fix garbage USBSTS being logged in some cases (git-fixes).
xhci: fix runtime PM imbalance in USB2 resume (git-fixes).
xhci: fix uninitialized string returned by xhci_decode_ctrl_ctx() (git-fixes).
xhci: increase usb U3 U0 link resume timeout from 100ms to 500ms (git-fixes).
xhci: make xhci_handshake timeout for xhci_reset() adjustable (git-fixes).
xhci-pci: Allow host runtime PM as default for Intel Meteor Lake xHCI (git-fixes).
xhci-pci: Allow host runtime PM as default for Intel Raptor Lake xHCI (git-fixes).
xhci: Prevent futile URB re-submissions due to incorrect return value (git-fixes).
xhci: re-initialize the HC during resume if HCE was set (git-fixes).
xhci: stop polling roothubs after shutdown (git-fixes).
xhci: turn off port power in shutdown (git-fixes).
xsk: Do not write NULL in SW ring at allocation failure (jsc#SLE-18375).
zsmalloc: decouple class actions from zspage works (bsc#1189998).
zsmalloc: introduce obj_allocated (bsc#1189998).
zsmalloc: introduce some helper functions (bsc#1189998).
zsmalloc: move huge compressed obj from page to zspage (bsc#1189998).
zsmalloc: remove zspage isolation for migration (bsc#1189998).
zsmalloc: rename zs_stat_type to class_stat_type (bsc#1189998).
zsmalloc: replace get_cpu_var with local_lock (bsc#1189998).
zsmalloc: replace per zpage lock with pool migrate_lock (bsc#1189998).
zsmalloc: Stop using slab fields in struct page (bsc#1189998 bsc#1190208).

Advisory ID	SUSE-RU-2022:2616-1
Released	Mon Aug 1 10:43:46 2022
Summary	Recommended update for scap-security-guide
Type	recommended
Severity	moderate
References

Description:

This update for scap-security-guide fixes the following issues:

Fix the build for RHEL 7 and clones (python-setuptools is used)

Advisory ID	SUSE-SU-2022:2619-1
Released	Mon Aug 1 16:01:28 2022
Summary	Security update for gimp
Type	security
Severity	moderate
References	1199653,CVE-2022-30067

Description:

This update for gimp fixes the following issues:

CVE_2022-30067: Fixed an out of memory when reading. (bsc#1199653)

Advisory ID	SUSE-RU-2022:2625-1
Released	Tue Aug 2 12:15:42 2022
Summary	Recommended update for dracut
Type	recommended
Severity	important
References	1177461,1184970,1187654,1195047,1195508,1195604,1196267,1197635,1197967,1200236,1200251,1200360

Description:

This update for dracut fixes the following issues:

fix(bluetooth): accept compressed firmwares in inst_multiple (bsc#1200236)
fix(bluetooth): make hostonly configuration files optional (bsc#1195047)
fix(convertfs): ignore commented lines in fstab (bsc#1200251)
fix(crypt): remove quotes from cryptsetupopts (bsc#1197635)
fix(dracut-install): copy files preserving ownership attributes (bsc#1197967)
fix(dracut-systemd): do not require vconsole-setup.service (bsc#1195508)
fix(integrity): do not display any error if there is no IMA certificate (bsc#1187654)
fix(iscsi): remove unneeded iscsi NOP-disable code (bsc#1196267)
fix(lvm): restore setting LVM_MD_PV_ACTIVATED (bsc#1195604)
fix(network-legacy): support rd.net.timeout.dhcp (bsc#1200360)
fix(nfs): /var is not mounted during the transactional-update run (bsc#1184970)
fix(nfs): give /run/rpcbind ownership to rpc user (bsc#1177461)

Advisory ID	SUSE-RU-2022:2626-1
Released	Tue Aug 2 12:20:09 2022
Summary	Recommended update for openCryptoki
Type	recommended
Severity	important
References	1199862

Description:

This update for openCryptoki fixes the following issues:

Add the installation of the configuration file p11sak_defined_attrs.conf (bsc#1199862)

Advisory ID	SUSE-RU-2022:2630-1
Released	Wed Aug 3 07:05:51 2022
Summary	Recommended update for crmsh
Type	recommended
Severity	moderate
References	1198180,1199325,1199412,1199634,1201312

Description:

This update for crmsh fixes the following issues:

Fix 'unexpected output' error when using `crmadmin -S` (bsc#1199412)
Stop and disable csync2.socket on removed node (bsc#1199325)
cibconfig: enable 'related:' prefix to show the objects by given ra type
crm report: Read data in a safe way, to avoid UnicodeDecodeError(bsc#1198180)
crm report: use sudo when under non root and hacluster user (bsc#1199634)
ui_cluster: Add examples for 'cluster init' and 'cluster join'
utils: use options `-o` and `-n` to compare files instead of strings for crm_diff (bsc#1201312)

Advisory ID	SUSE-SU-2022:2632-1
Released	Wed Aug 3 09:51:00 2022
Summary	Security update for permissions
Type	security
Severity	important
References	1198720,1200747,1201385

Description:

This update for permissions fixes the following issues:

apptainer: fix starter-suid location (bsc#1198720)
static permissions: remove deprecated bind / named chroot entries (bsc#1200747)
postfix: add postlog setgid for maildrop binary (bsc#1201385)

Advisory ID	SUSE-SU-2022:2633-1
Released	Wed Aug 3 10:33:50 2022
Summary	Security update for mokutil
Type	security
Severity	moderate
References	1198458

Description:

This update for mokutil fixes the following issues:

Adds SBAT revocation support to mokutil. (bsc#1198458)

New options added (see manpage):

mokutil --set-sbat-policy (latest | previous | delete) to set the SBAT acceptance policy.

mokutil --list-sbat-revocations

To list the current SBAT revocations.

Advisory ID	SUSE-RU-2022:2640-1
Released	Wed Aug 3 10:43:44 2022
Summary	Recommended update for yaml-cpp
Type	recommended
Severity	moderate
References	1160171,1178331,1178332,1200624

Description:

This update for yaml-cpp fixes the following issue:

Version 0.6.3 changed ABI without changing SONAME. Re-add symbol from the old ABI to prevent ABI breakage and crash of applications compiled with 0.6.1 (bsc#1200624, bsc#1178332, bsc#1178331, bsc#1160171).

Advisory ID	SUSE-SU-2022:2646-1
Released	Wed Aug 3 12:41:33 2022
Summary	Security update for python-numpy
Type	security
Severity	moderate
References	1193911,CVE-2021-41495

Description:

This update for python-numpy fixes the following issues:

CVE-2021-41495: Fixed Null Pointer Dereference in numpy.sort (bsc#1193911).

Advisory ID	SUSE-SU-2022:2647-1
Released	Wed Aug 3 13:44:01 2022
Summary	Security update for tiff
Type	security
Severity	low
References	1201174,1201175,1201176,CVE-2022-2056,CVE-2022-2057,CVE-2022-2058

Description:

This update for tiff fixes the following issues:

CVE-2022-2056: Fixed a division by zero denial of service (bsc#1201176).
CVE-2022-2057: Fixed a division by zero denial of service (bsc#1201175).
CVE-2022-2058: Fixed a division by zero denial of service (bsc#1201174).

Advisory ID	SUSE-SU-2022:2650-1
Released	Wed Aug 3 15:09:21 2022
Summary	Security update for java-1_8_0-ibm
Type	security
Severity	important
References	1191912,1194931,1198670,1198671,1198672,1198673,1198674,1198675,1201643,CVE-2021-35561,CVE-2022-21299,CVE-2022-21426,CVE-2022-21434,CVE-2022-21443,CVE-2022-21449,CVE-2022-21476,CVE-2022-21496

Description:

This update for java-1_8_0-ibm fixes the following issues:
Update to Java 8.0 Service Refresh 7 Fix Pack 10 [bsc#1201643]

CVE-2022-21476 (bsc#1198671), CVE-2022-21449 (bsc#1198670), CVE-2022-21496 (bsc#1198673), CVE-2022-21434 (bsc#1198674), CVE-2022-21426 (bsc#1198672), CVE-2022-21443 (bsc#1198675), CVE-2021-35561 (bsc#1191912), CVE-2022-21299 (bsc#1194931).

Advisory ID	SUSE-SU-2022:2655-1
Released	Wed Aug 3 15:47:49 2022
Summary	Security update for postgresql-jdbc
Type	security
Severity	moderate
References	1197356,CVE-2022-26520

Description:

This update for postgresql-jdbc fixes the following issues:

CVE-2022-26520: Fixed arbitrary File Write Vulnerability (bsc#1197356)

Advisory ID	SUSE-SU-2022:2656-1
Released	Wed Aug 3 19:04:23 2022
Summary	Security update for drbd
Type	security
Severity	important
References	1198581

Description:

This update of drbd fixes the following issue:

rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581)

Advisory ID	SUSE-SU-2022:2657-1
Released	Wed Aug 3 21:04:36 2022
Summary	Security update for oracleasm
Type	security
Severity	important
References	1198581

Description:

This update of oracleasm fixes the following issue:

rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581)

Advisory ID	SUSE-SU-2022:2658-1
Released	Wed Aug 3 21:04:57 2022
Summary	Security update for keylime
Type	security
Severity	important
References	1199253,1200885,1201466,1201866,CVE-2022-1053,CVE-2022-31250

Description:

This update for keylime fixes the following issues:
Update to version 6.3.2, including fixes for:

CVE-2022-1053: Fixed Tenant and Verifier might not use the same registrar data (bsc#1199253).
CVE-2022-31250: Fixed %post scriplet allows for privilege escalation from keylime user to root (bsc#1200885).

Advisory ID	SUSE-SU-2022:2659-1
Released	Wed Aug 3 21:05:25 2022
Summary	Security update for ldb, samba
Type	security
Severity	important
References	1196224,1198255,1199247,1199734,1200556,1200964,1201490,1201492,1201493,1201495,1201496,CVE-2022-2031,CVE-2022-32742,CVE-2022-32744,CVE-2022-32745,CVE-2022-32746

Description:

This update for ldb, samba fixes the following issues:

CVE-2022-32746: Fixed a use-after-free occurring in database audit logging (bsc#1201490).
CVE-2022-32745: Fixed a remote server crash with an LDAP add or modify request (bsc#1201492).
CVE-2022-2031: Fixed AD restrictions bypass associated with changing passwords (bsc#1201495).
CVE-2022-32742: Fixed a memory leak in SMB1 (bsc#1201496).
CVE-2022-32744: Fixed an arbitrary password change request for any AD user (bsc#1201493).

The following non-security bug were fixed:
ldb was updated to version 2.4.3:

Fix build problems, waf produces incorrect names for python extensions; (bso#15071);

samba was updated to 4.15.8:

Use pathref fd instead of io fd in vfs_default_durable_cookie; (bso#15042);
Setting fruit:resource = stream in vfs_fruit causes a panic; (bso#15099);
Add support for bind 9.18; (bso#14986);
logging dsdb audit to specific files does not work; (bso#15076);
vfs_gpfs with vfs_shadowcopy2 fail to restore file if original file had been deleted; (bso#15069);
netgroups support removed; (bso#15087); (bsc#1199247);
net ads info shows LDAP Server: 0.0.0.0 depending on contacted server; (bso#14674); (bsc#1199734);
waf produces incorrect names for python extensions with Python 3.11; (bso#15071);
smbclient commands del & deltree fail with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556);
vfs_gpfs recalls=no option prevents listing files; (bso#15055);
waf produces incorrect names for python extensions with Python 3.11; (bso#15071);
Compile error in source3/utils/regedit_hexedit.c; (bso#15091);
ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link; (bso#15108);
smbd doesn't handle UPNs for looking up names; (bso#15054);
Out-by-4 error in smbd read reply max_send clamp; (bso#14443);

Move pdb backends from package samba-libs to package samba-client-libs and remove samba-libs requirement from samba-winbind; (bsc#1200964); (bsc#1198255);
Use the canonical realm name to refresh the Kerberos tickets; (bsc#1196224); (bso#14979);
Fix smbclient commands del & deltree failing with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556).

Advisory ID	SUSE-SU-2022:2660-1
Released	Wed Aug 3 21:06:01 2022
Summary	Security update for java-17-openjdk
Type	security
Severity	important
References	1201684,1201685,1201692,1201694,CVE-2022-21540,CVE-2022-21541,CVE-2022-21549,CVE-2022-34169

Description:

This update for java-17-openjdk fixes the following issues:
Update to upstream tag jdk-17.0.4+8 (July 2022 CPU)

CVE-2022-21540: Improve class compilation (bsc#1201694)
CVE-2022-21541: Enhance MethodHandle invocations (bsc#1201692)
CVE-2022-34169: Improve Xalan supports (bsc#1201684)
CVE-2022-21549: java.util.random does not correctly sample exponential or Gaussian distributions (bsc#1201685)

Advisory ID	SUSE-SU-2022:2661-1
Released	Wed Aug 3 21:07:23 2022
Summary	Security update for u-boot
Type	security
Severity	important
References	1201214,1201745,CVE-2022-33967,CVE-2022-34835

Description:

This update for u-boot fixes the following issues:

CVE-2022-33967: Fixed heap overflow in squashfs filesystem implementation (bsc#1201745).
CVE-2022-34835: Fixed stack buffer overflow vulnerability in i2c md command (bsc#1201214).

Advisory ID	SUSE-SU-2022:2664-1
Released	Thu Aug 4 09:22:06 2022
Summary	Security update for harfbuzz
Type	security
Severity	important
References	1200900,CVE-2022-33068

Description:

This update for harfbuzz fixes the following issues:

CVE-2022-33068: Fixed a integer overflow in hb-ot-shape-fallback.cc (bsc#1200900).

Advisory ID	SUSE-RU-2022:2668-1
Released	Thu Aug 4 10:23:44 2022
Summary	Recommended update for ldns
Type	recommended
Severity	moderate
References	1200843

Description:

This update of ldns fixes the following issue:

ldns is shipped to the unsupported packagehub module as dependency of unbound. (bsc#1200843)

Advisory ID	SUSE-SU-2022:2671-1
Released	Thu Aug 4 14:05:32 2022
Summary	Security update for go1.17
Type	security
Severity	important
References	1190649,1201434,1201436,1201437,1201440,1201443,1201444,1201445,1201447,1201448,1202035,CVE-2022-1705,CVE-2022-1962,CVE-2022-28131,CVE-2022-30630,CVE-2022-30631,CVE-2022-30632,CVE-2022-30633,CVE-2022-30635,CVE-2022-32148,CVE-2022-32189

Description:

This update for go1.17 fixes the following issues:
Update to go version 1.17.13 (bsc#1190649):

CVE-2022-32189: encoding/gob, math/big: decoding big.Float and big.Rat can panic (bsc#1202035).
CVE-2022-30635: encoding/gob: stack exhaustion in Decoder.Decode (bsc#1201444).
CVE-2022-30631: compress/gzip: stack exhaustion in Reader.Read (bsc#1201437).
CVE-2022-1962: go/parser: stack exhaustion in all Parse* functions (bsc#1201448).
CVE-2022-28131: encoding/xml: stack exhaustion in Decoder.Skip (bsc#1201443).
CVE-2022-1705: net/http: improper sanitization of Transfer-Encoding header (bsc#1201434)
CVE-2022-30630: io/fs: stack exhaustion in Glob (bsc#1201447).
CVE-2022-32148: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (bsc#1201436)
CVE-2022-30632: path/filepath: stack exhaustion in Glob (bsc#1201445).
CVE-2022-30633: encoding/xml: stack exhaustion in Unmarshal (bsc#1201440).

Advisory ID	SUSE-SU-2022:2672-1
Released	Thu Aug 4 14:06:24 2022
Summary	Security update for go1.18
Type	security
Severity	important
References	1193742,1201434,1201436,1201437,1201440,1201443,1201444,1201445,1201447,1201448,1202035,CVE-2022-1705,CVE-2022-1962,CVE-2022-28131,CVE-2022-30630,CVE-2022-30631,CVE-2022-30632,CVE-2022-30633,CVE-2022-30635,CVE-2022-32148,CVE-2022-32189

Description:

This update for go1.18 fixes the following issues:
Update to go version 1.18.5 (bsc#1193742):

CVE-2022-32189: encoding/gob, math/big: decoding big.Float and big.Rat can panic (bsc#1202035).
CVE-2022-1705: net/http: improper sanitization of Transfer-Encoding header (bsc#1201434)
CVE-2022-32148: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (bsc#1201436)
CVE-2022-30631: compress/gzip: stack exhaustion in Reader.Read (bsc#1201437).
CVE-2022-30633: encoding/xml: stack exhaustion in Unmarshal (bsc#1201440).
CVE-2022-28131: encoding/xml: stack exhaustion in Decoder.Skip (bsc#1201443).
CVE-2022-30635: encoding/gob: stack exhaustion in Decoder.Decode (bsc#1201444).
CVE-2022-30632: path/filepath: stack exhaustion in Glob (bsc#1201445).
CVE-2022-30630: io/fs: stack exhaustion in Glob (bsc#1201447).
CVE-2022-1962: go/parser: stack exhaustion in all Parse* functions (bsc#1201448).

Advisory ID	SUSE-SU-2022:2673-1
Released	Thu Aug 4 14:07:09 2022
Summary	Security update for python-ujson
Type	security
Severity	moderate
References	1201254,1201255,CVE-2022-31116,CVE-2022-31117

Description:

This update for python-ujson fixes the following issues:

CVE-2022-31116: Fixed improper decoding of escaped surrogate characters (bsc#1201255).
CVE-2022-31117: Fixed a double free while reallocating a buffer for string decoding (bsc#1201254).

Advisory ID	SUSE-RU-2022:2677-1
Released	Fri Aug 5 04:00:59 2022
Summary	Recommended update for hwinfo
Type	recommended
Severity	important
References	1199948

Description:

This update for hwinfo fixes the following issues:

Keep NVMe's namespace output consistency when the option `nvme_core.multipath=1` (bsc#1199948)

Advisory ID	SUSE-SU-2022:2680-1
Released	Fri Aug 5 11:14:45 2022
Summary	Security update for buildah
Type	security
Severity	moderate
References	1197870,CVE-2022-27651

Description:

This update for buildah fixes the following issues:

CVE-2022-27651: Fixed incorrect default inheritable capabilities for linux container (bsc#1197870).

Update to version 1.25.1.
The following non-security bugs were fixed:

add workaround for https://bugzilla.opensuse.org/show_bug.cgi?id=1183043

Advisory ID	SUSE-SU-2022:2681-1
Released	Fri Aug 5 11:19:46 2022
Summary	Security update for wavpack
Type	security
Severity	low
References	1201716,CVE-2022-2476

Description:

This update for wavpack fixes the following issues:

CVE-2022-2476: Fixed a Null pointer dereference in wvunpack (bsc#1201716).

Advisory ID	SUSE-SU-2022:2687-1
Released	Fri Aug 5 13:13:00 2022
Summary	Security update for fwupd
Type	security
Severity	moderate
References	1193921,1198581

Description:

This update for fwupd fixes the following issues:

Ignore non-PCI NVMe devices (e.g. NVMe-over-Fabrics) when probing (bsc#1193921)
package was rebuilt with new UEFI secure boot key. (bsc#1198581)

Advisory ID	SUSE-RU-2022:2688-1
Released	Fri Aug 5 13:27:32 2022
Summary	Recommended update for rmt-server
Type	recommended
Severity	moderate
References	1191552

Description:

This update for rmt-server fixes the following issues:
Version 2.8.0

Forwarding information of registered systems to SCC more efficiently in batches
Syncing the systems' most recent last seen timestamps to SCC
Optional '--no-confirmation' switch to skip user confirmation when cleaning repository data
Fix 'rmt-cli systems list --csv -a' for RMTs with millions of systems (bsc#1191552)
Enable users with old versions of RMT to sync systems with SCC by default

Advisory ID	SUSE-RU-2022:2690-1
Released	Fri Aug 5 17:05:42 2022
Summary	Recommended update for rust, rust1.62
Type	recommended
Severity	moderate
References

Description:

This update for rust, rust1.62 fixes the following issues:
This update delivers rust1.62.

Improve support for wasi targets

Version 1.62.1 (2022-07-19) ==========================
Rust 1.62.1 addresses a few recent regressions in the compiler and standard library, and also mitigates a CPU vulnerability on Intel SGX.

The compiler fixed unsound function coercions involving `impl Trait` return types.
The compiler fixed an incremental compilation bug with `async fn` lifetimes.
Windows added a fallback for overlapped I/O in synchronous reads and writes.
The `x86_64-fortanix-unknown-sgx` target added a mitigation for the MMIO stale data vulnerability,

advisory [INTEL-SA-00615].

Experimental support for wasi targets

Version 1.62.0 (2022-06-30) ==========================
Language --------

Stabilize `#[derive(Default)]` on enums with a `#[default]` variant
Teach flow sensitive checks that visibly uninhabited call expressions never return
Fix constants not getting dropped if part of a diverging expression
Support unit struct/enum variant in destructuring assignment][95380
Remove mutable_borrow_reservation_conflict lint and allow the code pattern

Compiler --------

linker: Stop using whole-archive on dependencies of dylibs
Make `unaligned_references` lint deny-by-default This lint is also a future compatibility lint, and is expected to eventually become a hard error.
Only add codegen backend to dep info if -Zbinary-dep-depinfo is used
Reject `#[thread_local]` attribute on non-static items
Add tier 3 `aarch64-pc-windows-gnullvm` and `x86_64-pc-windows-gnullvm` targets\*
Implement a lint to warn about unused macro rules
Promote `x86_64-unknown-none` target to Tier 2 * Refer to Rust's [platform support page][platform-support-doc] for more information on Rust's tiered platform support.

Libraries ---------

Windows: Use a pipe relay for chaining pipes
Replace Linux Mutex and Condvar with futex based ones.
Replace RwLock by a futex based one on Linux
std: directly use pthread in UNIX parker implementation

Stabilized APIs ---------------

`bool::then_some`
`f32::total_cmp`
`f64::total_cmp`
`Stdin::lines`
`windows::CommandExt::raw_arg`
`impl Default for AssertUnwindSafe`
`From> for Rc<[u8]>` rc-u8-from-str
`From> for Arc<[u8]>` arc-u8-from-str
`FusedIterator for EncodeWide`
RDM intrinsics on aarch64 stdarch/1285

Clippy ------

Create clippy lint against unexpectedly late drop for temporaries in match scrutinee expressions

Cargo -----

Added the `cargo add` command for adding dependencies to `Cargo.toml` from the command-line. [docs](https://doc.rust-lang.org/nightly/cargo/commands/cargo-add.html)
Package ID specs now support `name@version` syntax in addition to the previous `name:version` to align with the behavior in `cargo add` and other tools. `cargo install` and `cargo yank` also now support this syntax so the version does not need to passed as a separate flag.
The `git` and `registry` directories in Cargo's home directory (usually `~/.cargo`) are now marked as cache directories so that they are not included in backups or content indexing (on Windows).
Added automatic `@` argfile support, which will use 'response files' if the command-line to `rustc` exceeds the operating system's limit.

Compatibility Notes -------------------

`cargo test` now passes `--target` to `rustdoc` if the specified target is the same as the host target.
rustdoc: doctests are now run on unexported `macro_rules!` macros, matching other private items
rustdoc: Remove .woff font files
Enforce Copy bounds for repeat elements while considering lifetimes
Windows: Fix potentinal unsoundness by aborting if `File` reads or writes cannot complete synchronously.

Advisory ID	SUSE-SU-2022:2691-1
Released	Fri Aug 5 18:12:17 2022
Summary	Security update for python-M2Crypto
Type	security
Severity	important
References	1178829,CVE-2020-25657

Description:

This update for python-M2Crypto fixes the following issues:

CVE-2020-25657: Fixed Bleichenbacher timing attacks in the RSA decryption API (bsc#1178829).

Advisory ID	SUSE-SU-2022:2692-1
Released	Sun Aug 7 15:05:02 2022
Summary	Security update for crash
Type	security
Severity	important
References	1198581

Description:

This update of crash fixes the following issue:

rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581)

Advisory ID	SUSE-RU-2022:2703-1
Released	Tue Aug 9 09:09:13 2022
Summary	Recommended update for python-google-resumable-media
Type	recommended
Severity	moderate
References	1197841

Description:

This update for python-google-resumable-media fixes the following issues:

Fix testsuite invocation (bsc#1197841)

Advisory ID	SUSE-RU-2022:2705-1
Released	Tue Aug 9 09:10:15 2022
Summary	Recommended update for yast2-sap-ha
Type	recommended
Severity	moderate
References	1158843,1186618,1190774,1197290,1199029,1200427

Description:

This update for yast2-sap-ha fixes the following issues:

Introduce a new function refresh_all_proposals. This reads the proposal for the modules watchdog and fence. This is neccessary when reading an earlier configuration.
Use .gsub instead of File.basename to find all modules files. (bsc#1197290)
system/watchdog.rb searches watchdog modules with .ko extension but we ship .ko.xz (bsc#1197290)
softdog missing in Yast while configuring HA for SAP Products (bsc#1199029)
kmod-compat has broken dependencies (bsc#1186618)
'SUSE SAP HA Yast wizard for HANA does not configure the HANA hooks. (bsc#1190774)
Add SAPHanaSR via global.ini as proposoed.
Fix for broken gettext support (bsc#1158843)
YaST2 sap_ha tool does not allow digits at the beginning of site names (bsc#1200427)

Advisory ID	SUSE-RU-2022:2706-1
Released	Tue Aug 9 09:17:54 2022
Summary	Recommended update for postgresql
Type	recommended
Severity	moderate
References	1195680

Description:

This update for postgresql fixes the following issues:

Fix the pg_server_requires macro on older rpm versions (SLE-12)
Avoid a dependency on awk in postgresql-script.
Move the dependency of llvmjit-devel on clang and llvm to the implementation packages where we can depend on the correct versions.
Fix postgresql_has_llvm usage
First round of changes to make it easier to build extensions for - add postgresql-llvmjit-devel subpackage: This package will pull in clang and llvm if the distro has a recent enough version, otherwise it will just pull postgresql-server-devel. - add postgresql macros to the postgresql-server-devel package those cover all the variables from pg_config and some macros to remove repitition from the spec files
Bump version to 14. (bsc#1195680)

Advisory ID	SUSE-SU-2022:2707-1
Released	Tue Aug 9 10:18:18 2022
Summary	Security update for java-11-openjdk
Type	security
Severity	important
References	1201684,1201692,1201694,CVE-2022-21540,CVE-2022-21541,CVE-2022-34169

Description:

This update for java-11-openjdk fixes the following issues:
Update to upstream tag jdk-11.0.16+8 (July 2022 CPU)

CVE-2022-21540: Improve class compilation (bsc#1201694)
CVE-2022-21541: Enhance MethodHandle invocations (bsc#1201692)
CVE-2022-34169: Improve Xalan supports (bsc#1201684)

Advisory ID	SUSE-RU-2022:2711-1
Released	Tue Aug 9 12:35:23 2022
Summary	Recommended update for libnvme, nvme-cli
Type	recommended
Severity	moderate
References	1199503,1199504,1199956,1199990,1199994,1200044

Description:

This update for libnvme, nvme-cli fixes the following issues:

Reduce log noise and export error codes (bsc#1199994 bsc#1199503)
Apply configuration from JSON file (bsc#1199503)

fabrics: Already connected uses a different error code (bsc#1199994)
fabrics: skip connect if the transport types don't match (bsc#1199994)
nvme-print: Show ANA state only for one namespace (bsc#1200044 bsc#1199956 bsc#1199990)
fabrics: Honor config file for connect-all (bsc#1199504)

Advisory ID	SUSE-SU-2022:2713-1
Released	Tue Aug 9 12:38:05 2022
Summary	Security update for bind
Type	security
Severity	important
References	1192146,1197135,1197136,1199044,1200685,CVE-2021-25219,CVE-2021-25220,CVE-2022-0396

Description:

This update for bind fixes the following issues:

CVE-2021-25219: Fixed flaw that allowed abusing lame cache to severely degrade resolver performance (bsc#1192146).
CVE-2021-25220: Fixed potentially incorrect answers by cached forwarders (bsc#1197135).
CVE-2022-0396: Fixed a incorrect handling of TCP connection slots time frame leading to deny of service (bsc#1197136).

The following non-security bugs were fixed:

Update to release 9.16.31 (jsc#SLE-24600).
Logrotation broken since dropping chroot (bsc#1200685).
A non-existent initialization script (eg a leftorver 'createNamedConfInclude' in /etc/sysconfig/named) may cause named not to start. A warning message is printed in named.prep and the fact is ignored. Also, the return value of a failed script was not handled properly causing a failed script to not prevent named to start. This is now fixed properly. [bsc#1199044, vendor-files.tar.bz2]

Advisory ID	SUSE-SU-2022:2717-1
Released	Tue Aug 9 12:54:16 2022
Summary	Security update for ncurses
Type	security
Severity	moderate
References	1198627,CVE-2022-29458

Description:

This update for ncurses fixes the following issues:

CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627).

Advisory ID	SUSE-SU-2022:2722-1
Released	Tue Aug 9 13:14:14 2022
Summary	Security update for the Linux Kernel
Type	security
Severity	important
References	1190256,1190497,1198410,1198829,1199086,1199291,1199364,1199665,1199670,1200015,1200465,1200494,1200644,1200651,1201258,1201323,1201381,1201391,1201427,1201458,1201471,1201524,1201592,1201593,1201595,1201596,1201635,1201651,1201675,1201691,1201705,1201725,1201846,1201930,1201954,1201958,CVE-2021-33655,CVE-2022-1462,CVE-2022-21505,CVE-2022-29581,CVE-2022-32250

Description:

The SUSE Linux Enterprise 15 SP4 Azure kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:

CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635).
CVE-2022-1462: Fixed an out-of-bounds read flaw in the TeleTYpe subsystem (bnc#1198829).
CVE-2022-21505: Fixed kexec lockdown bypass with IMA policy (bsc#1201458).
CVE-2022-29581: Fixed improper update of Reference Count in net/sched that could cause root privilege escalation (bnc#1199665).
CVE-2022-32250: Fixed an use-after-free bug in the netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue (bnc#1200015, bnc#1200494).

The following non-security bugs were fixed:

9p: Fix refcounting during full path walks for fid lookups (git-fixes).
9p: fix fid refcount leak in v9fs_vfs_atomic_open_dotl (git-fixes).
9p: fix fid refcount leak in v9fs_vfs_get_link (git-fixes).
ACPI: CPPC: Only probe for _CPC if CPPC v2 is acked (git-fixes).
ACPI: video: Fix acpi_video_handles_brightness_key_presses() (git-fixes).
ALSA: hda - Add fixup for Dell Latitidue E5430 (git-fixes).
ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model (git-fixes).
ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop (git-fixes).
ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221 (git-fixes).
ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (git-fixes).
ALSA: hda/realtek: Add quirk for Clevo L140PU (git-fixes).
ALSA: hda/realtek: Fix headset mic for Acer SF313-51 (git-fixes).
ALSA: hda/realtek: fix mute/micmute LEDs for HP machines (git-fixes).
ALSA: usb-audio: Add quirk for Fiero SC-01 (fw v1.0.0) (git-fixes).
ALSA: usb-audio: Add quirk for Fiero SC-01 (git-fixes).
ALSA: usb-audio: Add quirks for MacroSilicon MS2100/MS2106 devices (git-fixes).
ALSA: usb-audio: Workarounds for Behringer UMC 204/404 HD (git-fixes).
ARM: 9209/1: Spectre-BHB: avoid pr_info() every time a CPU comes out of idle (git-fixes).
ARM: 9210/1: Mark the FDT_FIXED sections as shareable (git-fixes).
ARM: 9213/1: Print message about disabled Spectre workarounds only once (git-fixes).
ARM: 9214/1: alignment: advance IT state after emulating Thumb instruction (git-fixes).
ARM: 9216/1: Fix MAX_DMA_ADDRESS overflow (git-fixes).
ARM: dts: at91: sama5d2: Fix typo in i2s1 node (git-fixes).
ARM: dts: imx6qdl-ts7970: Fix ngpio typo and count (git-fixes).
ARM: dts: stm32: use the correct clock source for CEC on stm32mp151 (git-fixes).
ARM: dts: sunxi: Fix SPI NOR campatible on Orange Pi Zero (git-fixes).
ASoC: Intel: Skylake: Correct the handling of fmt_config flexible array (git-fixes).
ASoC: Intel: Skylake: Correct the ssp rate discovery in skl_get_ssp_clks() (git-fixes).
ASoC: Intel: bytcr_wm5102: Fix GPIO related probe-ordering problem (git-fixes).
ASoC: Intel: sof_sdw: handle errors on card registration (git-fixes).
ASoC: Realtek/Maxim SoundWire codecs: disable pm_runtime on remove (git-fixes).
ASoC: Remove unused hw_write_t type (git-fixes).
ASoC: SOF: Intel: hda-loader: Clarify the cl_dsp_init() flow (git-fixes).
ASoC: codecs: rt700/rt711/rt711-sdca: initialize workqueues in probe (git-fixes).
ASoC: codecs: rt700/rt711/rt711-sdca: resume bus/codec in .set_jack_detect (git-fixes).
ASoC: cs47l15: Fix event generation for low power mux control (git-fixes).
ASoC: dapm: Initialise kcontrol data for mux/demux controls (git-fixes).
ASoC: madera: Fix event generation for OUT1 demux (git-fixes).
ASoC: madera: Fix event generation for rate controls (git-fixes).
ASoC: ops: Fix off by one in range control validation (git-fixes).
ASoC: rt5682: Avoid the unexpected IRQ event during going to suspend (git-fixes).
ASoC: rt5682: Fix deadlock on resume (git-fixes).
ASoC: rt5682: Re-detect the combo jack after resuming (git-fixes).
ASoC: rt5682: fix an incorrect NULL check on list iterator (git-fixes).
ASoC: rt5682: move clk related code to rt5682_i2c_probe (git-fixes).
ASoC: rt7*-sdw: harden jack_detect_handler (git-fixes).
ASoC: rt711-sdca-sdw: fix calibrate mutex initialization (git-fixes).
ASoC: rt711-sdca: Add endianness flag in snd_soc_component_driver (git-fixes).
ASoC: rt711-sdca: fix kernel NULL pointer dereference when IO error (git-fixes).
ASoC: rt711: Add endianness flag in snd_soc_component_driver (git-fixes).
ASoC: rt711: fix calibrate mutex initialization (git-fixes).
ASoC: sgtl5000: Fix noise on shutdown/remove (git-fixes).
ASoC: tas2764: Add post reset delays (git-fixes).
ASoC: tas2764: Correct playback volume range (git-fixes).
ASoC: tas2764: Fix amp gain register offset & default (git-fixes).
ASoC: tas2764: Fix and extend FSYNC polarity handling (git-fixes).
ASoC: wcd938x: Fix event generation for some controls (git-fixes).
ASoC: wm5110: Fix DRE control (git-fixes).
Bluetooth: Add bt_skb_sendmmsg helper (git-fixes).
Bluetooth: Add bt_skb_sendmsg helper (git-fixes).
Bluetooth: Fix bt_skb_sendmmsg not allocating partial chunks (git-fixes).
Bluetooth: Fix passing NULL to PTR_ERR (git-fixes).
Bluetooth: RFCOMM: Replace use of memcpy_from_msg with bt_skb_sendmmsg (git-fixes).
Bluetooth: SCO: Fix sco_send_frame returning skb->len (git-fixes).
Bluetooth: SCO: Replace use of memcpy_from_msg with bt_skb_sendmsg (git-fixes).
Bluetooth: btusb: Add the new support IDs for WCN6855 (git-fixxes).
Documentation: add description for net.core.gro_normal_batch (git-fixes).
Documentation: add description for net.sctp.ecn_enable (git-fixes).
Documentation: add description for net.sctp.intl_enable (git-fixes).
Documentation: add description for net.sctp.reconf_enable (git-fixes).
Documentation: fix udp_wmem_min in ip-sysctl.rst (git-fixes).
Documentation: move watch_queue to core-api (git-fixes).
Input: cpcap-pwrbutton - handle errors from platform_get_irq() (git-fixes).
Input: i8042 - Apply probe defer to more ASUS ZenBook models (bsc#1190256).
KVM: emulate: do not adjust size of fastop and setcc subroutines (bsc#1201930).
KVM: selftests: Make sure kvm_create_max_vcpus test won't hit RLIMIT_NOFILE (git-fixes).
KVM: selftests: Silence compiler warning in the kvm_page_table_test (git-fixes).
NFC: nxp-nci: do not print header length mismatch on i2c error (git-fixes).
VMCI: Add support for ARM64 (bsc#1199291, jsc#SLE-24635).
VMCI: Check exclusive_vectors when freeing interrupt 1 (bsc#1199291, jsc#SLE-24635).
VMCI: Fix some error handling paths in vmci_guest_probe_device() (bsc#1199291, jsc#SLE-24635).
VMCI: Release notification_bitmap in error path (bsc#1199291, jsc#SLE-24635).
VMCI: dma dg: add MMIO access to registers (bsc#1199291, jsc#SLE-24635).
VMCI: dma dg: add support for DMA datagrams receive (bsc#1199291, jsc#SLE-24635).
VMCI: dma dg: add support for DMA datagrams sends (bsc#1199291, jsc#SLE-24635).
VMCI: dma dg: allocate send and receive buffers for DMA datagrams (bsc#1199291, jsc#SLE-24635).
VMCI: dma dg: detect DMA datagram capability (bsc#1199291, jsc#SLE-24635).
VMCI: dma dg: register dummy IRQ handlers for DMA datagrams (bsc#1199291, jsc#SLE-24635).
VMCI: dma dg: set OS page size (bsc#1199291, jsc#SLE-24635).
VMCI: dma dg: whitespace formatting change for vmci register defines (bsc#1199291, jsc#SLE-24635).
XArray: Update the LRU list in xas_split() (git-fixes).
arm64: Add HWCAP for self-synchronising virtual counter (git-fixes)
arm64: Add cavium_erratum_23154_cpus missing sentinel (jsc#SLE-24682).
arm64: cpufeature: add HWCAP for FEAT_AFP (git-fixes)
arm64: dts: broadcom: bcm4908: Fix cpu node for smp boot (git-fixes).
arm64: dts: broadcom: bcm4908: Fix timer node for BCM4906 SoC (git-fixes)
arm64: dts: broadcom: bcm4908: Fix timer node for BCM4906 SoC (git-fixes).
arm64: dts: rockchip: Assign RK3399 VDU clock rate (git-fixes).
arm64: mm: Do not invalidate FROM_DEVICE buffers at start of DMA transfer (git-fixes)
arm_pmu: Validate single/group leader events (git-fixes).
asm-generic: remove a broken and needless ifdef conditional (git-fixes).
batman-adv: Use netif_rx() (git-fixes).
bcmgenet: add WOL IRQ check (git-fixes).
be2net: Fix buffer overflow in be_get_module_eeprom (bsc#1201323).
bitfield.h: Fix 'type of reg too small for mask' test (git-fixes).
blk-mq: add one API for waiting until quiesce is done (bsc#1201651).
blk-mq: fix kabi support concurrent queue quiesce unquiesce (bsc#1201651).
blk-mq: support concurrent queue quiesce/unquiesce (bsc#1201651).
can: bcm: use call_rcu() instead of costly synchronize_rcu() (git-fixes).
can: grcan: grcan_probe(): remove extra of_node_get() (git-fixes).
can: gs_usb: gs_usb_open/close(): fix memory leak (git-fixes).
can: m_can: m_can_chip_config(): actually enable internal timestamping (git-fixes).
can: mcp251xfd: mcp251xfd_regmap_crc_read(): improve workaround handling for mcp2517fd (git-fixes).
can: mcp251xfd: mcp251xfd_regmap_crc_read(): update workaround broken CRC on TBC register (git-fixes).
can: rcar_canfd: add __maybe_unused annotation to silence warning (git-fixes).
ceph: fix up non-directory creation in SGID directories (bsc#1201595).
cifs: fix reconnect on smb3 mount types (bsc#1201427).
configfs: fix a race in configfs_{,un}register_subsystem() (git-fixes).
cpufreq: mediatek: Unregister platform device on exit (git-fixes).
cpufreq: mediatek: Use module_init and add module_exit (git-fixes).
cpufreq: pmac32-cpufreq: Fix refcount leak bug (git-fixes).
cpuidle: PSCI: Move the `has_lpi` check to the beginning of the (git-fixes)
crypto: hisilicon/qm - modify the uacce mode check (bsc#1201391).
crypto: octeontx2 - Avoid stack variable overflow (jsc#SLE-24682).
crypto: octeontx2 - CN10K CPT to RNM workaround (jsc#SLE-24682).
crypto: octeontx2 - Use swap() instead of swap_engines() (jsc#SLE-24682).
crypto: octeontx2 - add apis for custom engine groups (jsc#SLE-24682).
crypto: octeontx2 - add synchronization between mailbox accesses (jsc#SLE-24682).
crypto: octeontx2 - fix missing unlock (jsc#SLE-24682).
crypto: octeontx2 - increase CPT HW instruction queue length (jsc#SLE-24682).
crypto: octeontx2 - out of bounds access in otx2_cpt_dl_custom_egrp_delete() (jsc#SLE-24682).
crypto: octeontx2 - parameters for custom engine groups (jsc#SLE-24682).
crypto: octeontx2 - select CONFIG_NET_DEVLINK (jsc#SLE-24682).
crypto: octeontx2 - use swap() to make code cleaner (jsc#SLE-24682).
crypto: qat - fix memory leak in RSA (git-fixes).
crypto: qat - remove dma_free_coherent() for DH (git-fixes).
crypto: qat - remove dma_free_coherent() for RSA (git-fixes).
crypto: qat - set CIPHER capability for DH895XCC (git-fixes).
crypto: qat - set to zero DH parameters before free (git-fixes).
crypto: testmgr - allow ecdsa-nist in FIPS mode (jsc#SLE-21132,bsc#1201258).
device property: Add fwnode_irq_get_byname (jsc#SLE-24569)
device property: Check fwnode->secondary when finding properties (git-fixes).
dm: do not stop request queue after the dm device is suspended (bsc#1201651).
dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC (git-fixes).
dma-debug: make things less spammy under memory pressure (git-fixes).
dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly (git-fixes).
dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (git-fixes).
dmaengine: lgm: Fix an error handling path in intel_ldma_probe() (git-fixes).
dmaengine: pl330: Fix lockdep warning about non-static key (git-fixes).
dmaengine: qcom: bam_dma: fix runtime PM underflow (git-fixes).
dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate (git-fixes).
dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate (git-fixes).
docs: firmware-guide: ACPI: Add named interrupt doc (jsc#SLE-24569)
docs: net: dsa: add more info about the other arguments to get_tag_protocol (git-fixes).
docs: net: dsa: delete port_mdb_dump (git-fixes).
docs: net: dsa: document change_tag_protocol (git-fixes).
docs: net: dsa: document port_fast_age (git-fixes).
docs: net: dsa: document port_setup and port_teardown (git-fixes).
docs: net: dsa: document the shutdown behavior (git-fixes).
docs: net: dsa: document the teardown method (git-fixes).
docs: net: dsa: re-explain what port_fdb_dump actually does (git-fixes).
docs: net: dsa: remove port_vlan_dump (git-fixes).
docs: net: dsa: rename tag_protocol to get_tag_protocol (git-fixes).
docs: net: dsa: update probing documentation (git-fixes).
dpaa2-eth: Initialize mutex used in one step timestamping path (git-fixes).
dpaa2-eth: destroy workqueue at the end of remove function (git-fixes).
dpaa2-eth: unregister the netdev before disconnecting from the PHY (git-fixes).
drbd: fix potential silent data corruption (git-fixes).
drivers: net: smc911x: Check for error irq (git-fixes).
drm/amd/display: Fix by adding FPU protection for dcn30_internal_validate_bw (git-fixes).
drm/amd/display: Ignore First MST Sideband Message Return Error (git-fixes).
drm/amd/display: Only use depth 36 bpp linebuffers on DCN display engines (git-fixes).
drm/amd/display: Set min dcfclk if pipe count is 0 (git-fixes).
drm/amd/vcn: fix an error msg on vcn 3.0 (git-fixes).
drm/amdgpu: To flush tlb for MMHUB of RAVEN series (git-fixes).
drm/i915/dg2: Add Wa_22011100796 (git-fixes).
drm/i915/gt: Serialize GRDOM access between multiple engine resets (git-fixes).
drm/i915/gt: Serialize TLB invalidates with GT resets (git-fixes).
drm/i915/gvt: IS_ERR() vs NULL bug in intel_gvt_update_reg_whitelist() (git-fixes).
drm/i915/selftests: fix a couple IS_ERR() vs NULL tests (git-fixes).
drm/i915/uc: correctly track uc_fw init failure (git-fixes).
drm/i915: Fix a race between vma / object destruction and unbinding (git-fixes).
drm/i915: Require the vm mutex for i915_vma_bind() (git-fixes).
drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector() (git-fixes).
drm/imx/dcss: Add missing of_node_put() in fail path (git-fixes).
drm/mediatek: Detect CMDQ execution timeout (git-fixes).
drm/mediatek: Remove the pointer of struct cmdq_client (git-fixes).
drm/mediatek: Use mailbox rx_callback instead of cmdq_task_cb (git-fixes).
drm/panfrost: Fix shrinker list corruption by madvise IOCTL (git-fixes).
drm/panfrost: Put mapping instead of shmem obj on panfrost_mmu_map_fault_addr() error (git-fixes).
drm/ttm: fix locking in vmap/vunmap TTM GEM helpers (git-fixes).
dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo (git-fixes).
dt-bindings: gpio: Add Tegra241 support (jsc#SLE-24571)
dt-bindings: soc: qcom: smd-rpm: Add compatible for MSM8953 SoC (git-fixes).
dt-bindings: soc: qcom: smd-rpm: Fix missing MSM8936 compatible (git-fixes).
e1000e: Enable GPT clock before sending message to CSME (git-fixes).
efi/x86: use naked RET on mixed mode call wrapper (git-fixes).
erofs: fix deadlock when shrink erofs slab (git-fixes).
ethernet: Fix error handling in xemaclite_of_probe (git-fixes).
ethtool: Fix get module eeprom fallback (bsc#1201323).
exfat: Define NLS_NAME_* as bit flags explicitly (bsc#1201725).
exfat: Downgrade ENAMETOOLONG error message to debug messages (bsc#1201725).
exfat: Drop superfluous new line for error messages (bsc#1201725).
exfat: Expand exfat_err() and co directly to pr_*() macro (bsc#1201725).
exfat: Return ENAMETOOLONG consistently for oversized paths (bsc#1201725).
exfat: fix i_blocks for files truncated over 4 GiB (git-fixes).
exfat: fix referencing wrong parent directory information after renaming (git-fixes).
exfat: reuse exfat_inode_info variable instead of calling EXFAT_I() (git-fixes).
exfat: use updated exfat_chain directly during renaming (git-fixes).
export: fix string handling of namespace in EXPORT_SYMBOL_NS (git-fixes).
fat: add ratelimit to fat*_ent_bread() (git-fixes).
fbcon: Disallow setting font bigger than screen size (git-fixes).
fbcon: Prevent that screen size is smaller than font size (git-fixes).
fbdev: fbmem: Fix logo center image dx issue (git-fixes).
fbmem: Check virtual screen sizes in fb_set_var() (git-fixes).
fix race between exit_itimers() and /proc/pid/timers (git-fixes).
fjes: Check for error irq (git-fixes).
fsl/fman: Check for null pointer after calling devm_ioremap (git-fixes).
fsl/fman: Fix missing put_device() call in fman_port_probe (git-fixes).
fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1201593).
fuse: make sure reclaim does not write the inode (bsc#1201592).
gpio: gpio-xilinx: Fix integer overflow (git-fixes).
gpio: pca953x: only use single read/write for No AI mode (git-fixes).
gpio: pca953x: use the correct range when do regmap sync (git-fixes).
gpio: pca953x: use the correct register address when regcache sync during init (git-fixes).
gpio: tegra186: Add IRQ per bank for Tegra241 (jsc#SLE-24571)
gpio: tegra186: Add support for Tegra241 (jsc#SLE-24571)
gve: Recording rx queue before sending to napi (git-fixes).
hwmon: (occ) Prevent power cap command overwriting poll response (git-fixes).
hwmon: (occ) Remove sequence numbering and checksum calculation (git-fixes).
hwrng: cavium - fix NULL but dereferenced coccicheck error (jsc#SLE-24682).
i2c: cadence: Change large transfer count reset logic to be unconditional (git-fixes).
i2c: cadence: Unregister the clk notifier in error path (git-fixes).
i2c: mlxcpld: Fix register setting for 400KHz frequency (git-fixes).
i2c: piix4: Fix a memory leak in the EFCH MMIO support (git-fixes).
i2c: smbus: Check for parent device before dereference (git-fixes).
i2c: smbus: Use device_*() functions instead of of_*() (jsc#SLE-24569)
i2c: tegra: Add SMBus block read function (jsc#SLE-24569)
i2c: tegra: Add the ACPI support (jsc#SLE-24569)
i2c: tegra: use i2c_timings for bus clock freq (jsc#SLE-24569)
ice: Avoid RTNL lock when re-creating auxiliary device (git-fixes).
ice: Fix error with handling of bonding MTU (git-fixes).
ice: Fix race condition during interface enslave (git-fixes).
ice: stop disabling VFs due to PF error responses (git-fixes).
ida: do not use BUG_ON() for debugging (git-fixes).
ima: Fix a potential integer overflow in ima_appraise_measurement (git-fixes).
ima: Fix potential memory leak in ima_init_crypto() (git-fixes).
ima: force signature verification when CONFIG_KEXEC_SIG is configured (git-fixes).
inet_diag: fix kernel-infoleak for UDP sockets (git-fixes).
iov_iter: Fix iter_xarray_get_pages{,_alloc}() (git-fixes).
iov_iter: fix build issue due to possible type mis-match (git-fixes).
irqchip/gic-v3: Workaround Marvell erratum 38545 when reading IAR (jsc#SLE-24682).
irqchip/sifive-plic: Add missing thead,c900-plic match string (git-fixes).
irqchip: or1k-pic: Undefine mask_ack for level triggered hardware (git-fixes).
ixgbevf: Require large buffers for build_skb on 82599VF (git-fixes).
kABI workaround for phy_device changes (git-fixes).
kABI workaround for rtsx_usb (git-fixes).
kABI workaround for snd-soc-rt5682-* (git-fixes).
kABI: fix adding field to scsi_device (git-fixes).
kABI: fix adding field to ufs_hba (git-fixes).
kABI: fix change of iscsi_host_remove() arguments (bsc#1198410).
kABI: fix removal of iscsi_destroy_conn (bsc#1198410).
kABI: i2c: smbus: restore of_ alert variant (jsc#SLE-24569). kABI fix for 'i2c: smbus: Use device_*() functions instead of of_*()'
kabi/severities: Exclude ppc kvm
kabi/severities: add intel ice
kabi/severities: add stmmac network driver local symbols
kabi/severities: ignore dropped symbol rt5682_headset_detect
kasan: fix tag for large allocations when using CONFIG_SLAB (git fixes (mm/kasan)).
kernel-obs-build: include qemu_fw_cfg (boo#1201705)
kselftest/cgroup: fix test_stress.sh to use OUTPUT dir (git-fixes).
kselftest/vm: fix tests build with old libc (git-fixes).
kselftest: Fix vdso_test_abi return status (git-fixes).
kselftest: signal all child processes (git-fixes).
kvm/emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930).
kvm: selftests: do not use bitfields larger than 32-bits for PTEs (git-fixes).
l3mdev: l3mdev_master_upper_ifindex_by_index_rcu should be using netdev_master_upper_dev_get_rcu (git-fixes).
landlock: Add clang-format exceptions (git-fixes).
landlock: Change landlock_add_rule(2) argument check ordering (git-fixes).
landlock: Change landlock_restrict_self(2) check ordering (git-fixes).
landlock: Create find_rule() from unmask_layers() (git-fixes).
landlock: Define access_mask_t to enforce a consistent access mask size (git-fixes).
landlock: Fix landlock_add_rule(2) documentation (git-fixes).
landlock: Fix same-layer rule unions (git-fixes).
landlock: Format with clang-format (git-fixes).
landlock: Reduce the maximum number of layers to 16 (git-fixes).
landlock: Use square brackets around 'landlock-ruleset' (git-fixes).
libceph: fix potential use-after-free on linger ping and resends (bsc#1201596).
lockdep: Correct lock_classes index mapping (git-fixes).
locking/lockdep: Avoid potential access of invalid memory in lock_class (git-fixes).
locking/lockdep: Iterate lock_classes directly when reading lockdep files (git-fixes).
loop: Use pr_warn_once() for loop_control_remove() warning (git-fixes).
loop: use sysfs_emit() in the sysfs xxx show() (git-fixes).
macsec: always read MACSEC_SA_ATTR_PN as a u64 (git-fixes).
macsec: fix NULL deref in macsec_add_rxsa (git-fixes).
macsec: fix error message in macsec_add_rxsa and _txsa (git-fixes).
macsec: limit replay window size with XPN (git-fixes).
md: bcache: check the return value of kzalloc() in detached_dev_do_request() (git-fixes).
memcg: page_alloc: skip bulk allocator for __GFP_ACCOUNT (git fixes (mm/pgalloc)).
memregion: Fix memregion_free() fallback definition (git-fixes).
minix: fix bug when opening a file with O_DIRECT (git-fixes).
misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer (git-fixes).
misc: rtsx_usb: set return value in rsp_buf alloc err path (git-fixes).
misc: rtsx_usb: use separate command and response buffers (git-fixes).
mm/large system hash: avoid possible NULL deref in alloc_large_system_hash (git fixes (mm/pgalloc)).
mm/secretmem: avoid letting secretmem_users drop to zero (git fixes (mm/secretmem)).
mm/vmalloc: fix numa spreading for large hash tables (git fixes (mm/vmalloc)).
mm/vmalloc: make sure to dump unpurged areas in /proc/vmallocinfo (git fixes (mm/vmalloc)).
mm/vmalloc: repair warn_alloc()s in __vmalloc_area_node() (git fixes (mm/vmalloc)).
mm: do not try to NUMA-migrate COW pages that have other uses (git fixes (mm/numa)).
mm: swap: get rid of livelock in swapin readahead (git fixes (mm/swap)).
mt76: mt7921: get rid of mt7921_mac_set_beacon_filter (git-fixes).
mtd: rawnand: gpmi: validate controller clock rate (git-fixes).
natsemi: xtensa: fix section mismatch warnings (git-fixes).
nbd: fix possible overflow on 'first_minor' in nbd_dev_add() (git-fixes).
net/fsl: xgmac_mdio: Add workaround for erratum A-009885 (git-fixes).
net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module (git-fixes).
net/qla3xxx: fix an error code in ql_adapter_up() (git-fixes).
net: ag71xx: Fix a potential double free in error handling paths (git-fixes).
net: altera: set a couple error code in probe() (git-fixes).
net: amd-xgbe: Fix skb data length underflow (git-fixes).
net: amd-xgbe: disable interrupts during pci removal (git-fixes).
net: amd-xgbe: ensure to reset the tx_timer_active flag (git-fixes).
net: annotate data-races on txq->xmit_lock_owner (git-fixes).
net: axienet: Fix TX ring slot available check (git-fixes).
net: axienet: Wait for PhyRstCmplt after core reset (git-fixes).
net: axienet: add missing memory barriers (git-fixes).
net: axienet: fix for TX busy handling (git-fixes).
net: axienet: fix number of TX ring slots for available check (git-fixes).
net: axienet: increase default TX ring size to 128 (git-fixes).
net: axienet: increase reset timeout (git-fixes).
net: axienet: limit minimum TX ring size (git-fixes).
net: bcm4908: Handle dma_set_coherent_mask error codes (git-fixes).
net: bcmgenet: Do not claim WOL when its not available (git-fixes).
net: bcmgenet: skip invalid partial checksums (git-fixes).
net: chelsio: cxgb3: check the return value of pci_find_capability() (git-fixes).
net: cpsw: Properly initialise struct page_pool_params (git-fixes).
net: cpsw: avoid alignment faults by taking NET_IP_ALIGN into account (git-fixes).
net: dpaa_eth: remove dead select in menuconfig FSL_DPAA_ETH (git-fixes).
net: dsa: ar9331: register the mdiobus under devres (git-fixes).
net: dsa: bcm_sf2: do not use devres for mdiobus (git-fixes).
net: dsa: be compatible with masters which unregister on shutdown (git-fixes).
net: dsa: felix: do not use devres for mdiobus (git-fixes).
net: dsa: hellcreek: be compatible with masters which unregister on shutdown (git-fixes).
net: dsa: lan9303: add VLAN IDs to master device (git-fixes).
net: dsa: lan9303: fix reset on probe (git-fixes).
net: dsa: lantiq_gswip: do not use devres for mdiobus (git-fixes).
net: dsa: microchip: ksz8863: be compatible with masters which unregister on shutdown (git-fixes).
net: dsa: mt7530: fix incorrect test in mt753x_phylink_validate() (git-fixes).
net: dsa: mt7530: fix kernel bug in mdiobus_free() when unbinding (git-fixes).
net: dsa: mt7530: make NET_DSA_MT7530 select MEDIATEK_GE_PHY (git-fixes).
net: dsa: mv88e6xxx: do not use devres for mdiobus (git-fixes).
net: dsa: mv88e6xxx: fix use-after-free in mv88e6xxx_mdios_unregister (git-fixes).
net: dsa: mv88e6xxx: flush switchdev FDB workqueue before removing VLAN (git-fixes).
net: dsa: xrs700x: be compatible with masters which unregister on shutdown (git-fixes).
net: ethernet: lpc_eth: Handle error for clk_enable (git-fixes).
net: ethernet: mtk_eth_soc: fix error checking in mtk_mac_config() (git-fixes).
net: ethernet: mtk_eth_soc: fix return values and refactor MDIO ops (git-fixes).
net: ethernet: ti: cpts: Handle error for clk_enable (git-fixes).
net: fec: only clear interrupt of handling queue in fec_enet_rx_queue() (git-fixes).
net: ieee802154: ca8210: Fix lifs/sifs periods (git-fixes).
net: ieee802154: ca8210: Stop leaking skb's (git-fixes).
net: ieee802154: hwsim: Ensure proper channel selection at probe time (git-fixes).
net: ieee802154: mcr20a: Fix lifs/sifs periods (git-fixes).
net: ipa: add an interconnect dependency (git-fixes).
net: ipa: fix atomic update in ipa_endpoint_replenish() (git-fixes).
net: ipa: prevent concurrent replenish (git-fixes).
net: ipa: use a bitmap for endpoint replenish_enabled (git-fixes).
net: ks8851: Check for error irq (git-fixes).
net: lantiq_xrx200: fix statistics of received bytes (git-fixes).
net: ll_temac: check the return value of devm_kmalloc() (git-fixes).
net: macb: Fix lost RX packet wakeup race in NAPI receive (git-fixes).
net: macsec: Fix offload support for NETDEV_UNREGISTER event (git-fixes).
net: macsec: Verify that send_sci is on when setting Tx sci explicitly (git-fixes).
net: marvell: mvpp2: Fix the computation of shared CPUs (git-fixes).
net: marvell: prestera: Add missing of_node_put() in prestera_switch_set_base_mac_addr (git-fixes).
net: marvell: prestera: fix incorrect return of port_find (git-fixes).
net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE (git-fixes).
net: mscc: ocelot: fix backwards compatibility with single-chain tc-flower offload (git-fixes).
net: mscc: ocelot: fix mutex lock error during ethtool stats read (git-fixes).
net: mscc: ocelot: fix using match before it is set (git-fixes).
net: mv643xx_eth: process retval from of_get_mac_address (git-fixes).
net: mvpp2: fix XDP rx queues registering (git-fixes).
net: phy: Do not trigger state machine while in suspend (git-fixes).
net: phylink: Force link down and retrigger resolve on interface change (git-fixes).
net: phylink: Force retrigger in case of latched link-fail indicator (git-fixes).
net: rose: fix UAF bug caused by rose_t0timer_expiry (git-fixes).
net: sfp: fix high power modules without diagnostic monitoring (git-fixes).
net: sfp: ignore disabled SFP node (git-fixes).
net: sparx5: Fix add vlan when invalid operation (git-fixes).
net: sparx5: Fix get_stat64 crash in tcpdump (git-fixes).
net: stmmac: Add platform level debug register dump feature (git-fixes).
net: stmmac: Avoid DMA_CHAN_CONTROL write if no Split Header support (git-fixes).
net: stmmac: configure PTP clock source prior to PTP initialization (git-fixes).
net: stmmac: dump gmac4 DMA registers correctly (git-fixes).
net: stmmac: dwmac-rk: fix oob read in rk_gmac_setup (git-fixes).
net: stmmac: dwmac-visconti: Fix bit definitions for ETHER_CLK_SEL (git-fixes).
net: stmmac: dwmac-visconti: Fix clock configuration for RMII mode (git-fixes).
net: stmmac: dwmac-visconti: Fix value of ETHER_CLK_SEL_FREQ_SEL_2P5M (git-fixes).
net: stmmac: dwmac-visconti: No change to ETHER_CLOCK_SEL for unexpected speed request (git-fixes).
net: stmmac: ensure PTP time register reads are consistent (git-fixes).
net: stmmac: fix return value of __setup handler (git-fixes).
net: stmmac: fix tc flower deletion for VLAN priority Rx steering (git-fixes).
net: stmmac: properly handle with runtime pm in stmmac_dvr_remove() (git-fixes).
net: stmmac: ptp: fix potentially overflowing expression (git-fixes).
net: stmmac: retain PTP clock time during SIOCSHWTSTAMP ioctls (git-fixes).
net: stmmac: skip only stmmac_ptp_register when resume from suspend (git-fixes).
net: sxgbe: fix return value of __setup handler (git-fixes).
net: systemport: Add global locking for descriptor lifecycle (git-fixes).
net: usb: Correct PHY handling of smsc95xx (git-fixes).
net: usb: Correct reset handling of smsc95xx (git-fixes).
net: usb: qmi_wwan: add Telit 0x1060 composition (git-fixes).
net: usb: qmi_wwan: add Telit 0x1070 composition (git-fixes).
netdevsim: do not overwrite read only ethtool parms (git-fixes).
nfp: Fix memory leak in nfp_cpp_area_cache_add() (git-fixes).
nilfs2: fix incorrect masking of permission flags for symlinks (git-fixes).
nilfs2: fix lockdep warnings during disk space reclamation (git-fixes).
nilfs2: fix lockdep warnings in page operations for btree nodes (git-fixes).
nouveau/svm: Fix to migrate all requested pages (git-fixes).
nvme-auth: retry command if DNR bit is not set (bsc#1201675).
nvme: add APIs for stopping/starting admin queue (bsc#1201651).
nvme: apply nvme API to quiesce/unquiesce admin queue (bsc#1201651).
nvme: consider also host_iface when checking ip options (bsc#1199670).
nvme: implement In-Band authentication (jsc#SLE-20183).
nvme: kabi fixes for in-band authentication (bsc#1199086).
nvme: loop: clear NVME_CTRL_ADMIN_Q_STOPPED after admin queue is reallocated (bsc#1201651).
nvme: paring quiesce/unquiesce (bsc#1201651).
nvme: prepare for pairing quiescing and unquiescing (bsc#1201651).
nvme: wait until quiesce is done (bsc#1201651).
nvmet-auth: expire authentication sessions (jsc#SLE-20183).
nvmet: implement basic In-Band Authentication (jsc#SLE-20183).
octeontx2-af: Add a 'rvu_free_bitmap()' function (gix-fixes).
octeontx2-af: Do not fixup all VF action entries (git-fixes).
octeontx2-af: Fix a memleak bug in rvu_mbox_init() (git-fixes).
octeontx2-af: Fix some memory leaks in the error handling path of 'cgx_lmac_init()' (git-fixes).
octeontx2-af: cn10k: Do not enable RPM loopback for LPC interfaces (git-fixes).
octeontx2-pf: Forward error codes to VF (git-fixes).
optee: add error checks in optee_ffa_do_call_with_arg() (git-fixes).
page_alloc: fix invalid watemark check on a negative value (git fixes (mm/pgalloc)).
perf/amd/ibs: Add support for L3 miss filtering (jsc#SLE-24578).
perf/amd/ibs: Advertise zen4_ibs_extensions as pmu capability attribute (jsc#SLE-24578).
perf/amd/ibs: Cascade pmu init functions' return value (jsc#SLE-24578).
perf/amd/ibs: Use ->is_visible callback for dynamic attributes (jsc#SLE-24578).
pinctrl: armada-37xx: Convert to use dev_err_probe() (git-fixes).
pinctrl: armada-37xx: Make use of the devm_platform_ioremap_resource() (git-fixes).
pinctrl: armada-37xx: Use temporary variable for struct device (git-fixes).
pinctrl: aspeed: Fix potential NULL dereference in aspeed_pinmux_set_mux() (git-fixes).
pinctrl: sunxi: a83t: Fix NAND function name for some pins (git-fixes).
pinctrl: sunxi: sunxi_pconf_set: use correct offset (git-fixes).
platform/x86: hp-wmi: Ignore Sanitization Mode event (git-fixes).
power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe (git-fixes).
powerpc/mobility: wait for memory transfer to complete (bsc#1201846 ltc#198761).
powerpc/pseries/mobility: set NMI watchdog factor during an LPM (bsc#1201846 ltc#198761).
powerpc/pseries: Interface to represent PAPR firmware attributes (bsc#1200465 ltc#197256 jsc#SLE-18130).
powerpc/pseries: Rename TYPE1_AFFINITY to FORM1_AFFINITY (bsc#1200465 ltc#197256 jsc#SLE-18130).
powerpc/pseries: rename min_common_depth to primary_domain_index (bsc#1200465 ltc#197256 jsc#SLE-18130).
powerpc/watchdog: introduce a NMI watchdog's factor (bsc#1201846 ltc#198761).
ppp: ensure minimum packet size in ppp_write() (git-fixes).
qede: validate non LSO skb length (git-fixes).
r8152: fix a WOL issue (git-fixes).
r8169: fix accessing unset transport header (git-fixes).
random: document add_hwgenerator_randomness() with other input functions (git-fixes).
random: fix typo in comments (git-fixes).
raw: Fix a data-race around sysctl_raw_l3mdev_accept (git-fixes).
reset: Fix devm bulk optional exclusive control getter (git-fixes).
rocker: fix a sleeping in atomic bug (git-fixes).
rpm/kernel-binary.spec.in: Require dwarves >= 1.22 on SLE15-SP3 or newer Dwarves 1.22 or newer is required to build kernels with BTF information embedded in modules.
rpm/modules.fips: add ecdsa_generic (jsc#SLE-21132,bsc#1201258).
samples/landlock: Add clang-format exceptions (git-fixes).
samples/landlock: Fix path_list memory leak (git-fixes).
samples/landlock: Format with clang-format (git-fixes).
scripts/dtc: Call pkg-config POSIXly correct (git-fixes).
scripts/gdb: change kernel config dumping method (git-fixes).
scripts: sphinx-pre-install: Fix ctex support on Debian (git-fixes).
scripts: sphinx-pre-install: add required ctex dependency (git-fixes).
scsi: avoid to quiesce sdev->request_queue two times (bsc#1201651).
scsi: core: sd: Add silence_suspend flag to suppress some PM messages (git-fixes).
scsi: iscsi: Add helper functions to manage iscsi_cls_conn (bsc#1198410).
scsi: iscsi: Add helper to remove a session from the kernel (bsc#1198410).
scsi: iscsi: Allow iscsi_if_stop_conn() to be called from kernel (bsc#1198410).
scsi: iscsi: Clean up bound endpoints during shutdown (bsc#1198410).
scsi: iscsi: Exclude zero from the endpoint ID range (git-fixes).
scsi: iscsi: Fix HW conn removal use after free (bsc#1198410).
scsi: iscsi: Fix session removal on shutdown (bsc#1198410).
scsi: libiscsi: Teardown iscsi_cls_conn gracefully (bsc#1198410).
scsi: lpfc: Fix mailbox command failure during driver initialization (git-fixes).
scsi: make sure that request queue queiesce and unquiesce balanced (bsc#1201651).
scsi: megaraid: Clear READ queue map's nr_queues (git-fixes).
scsi: qedi: Use QEDI_MODE_NORMAL for error handling (bsc#1198410).
scsi: qla2xxx: Check correct variable in qla24xx_async_gffid() (bsc#1201958).
scsi: qla2xxx: Fix discovery issues in FC-AL topology (bsc#1201958).
scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201958).
scsi: qla2xxx: Fix incorrect display of max frame size (bsc#1201958).
scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1201958).
scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201958).
scsi: qla2xxx: Update manufacturer details (bsc#1201958).
scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958).
scsi: qla2xxx: Zero undefined mailbox IN registers (bsc#1201958).
scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201958).
scsi: scsi_debug: Do not call kcalloc() if size arg is zero (git-fixes).
scsi: scsi_debug: Fix type in min_t to avoid stack OOB (git-fixes).
scsi: scsi_debug: Fix zone transition to full condition (git-fixes).
scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() (git-fixes).
scsi: sd: Fix potential NULL pointer dereference (git-fixes).
scsi: sd: Fix sd_do_mode_sense() buffer length handling (git-fixes).
scsi: ufs: Fix a deadlock in the error handler (git-fixes).
scsi: ufs: Fix runtime PM messages never-ending cycle (git-fixes).
scsi: ufs: Remove dead code (git-fixes).
scsi: ufs: core: scsi_get_lba() error fix (git-fixes).
seccomp: Invalidate seccomp mode to catch death failures (git-fixes).
selftest/net/forwarding: declare NETIFS p9 p10 (git-fixes).
selftest/powerpc: Add PAPR sysfs attributes sniff test (bsc#1200465 ltc#197256 jsc#SLE-18130).
selftest/vm: fix map_fixed_noreplace test failure (git-fixes).
selftest/vm: verify mmap addr in mremap_test (git-fixes).
selftest/vm: verify remap destination address in mremap_test (git-fixes).
selftests, x86: fix how check_cc.sh is being invoked (git-fixes).
selftests/exec: Add non-regular to TEST_GEN_PROGS (git-fixes).
selftests/exec: Remove pipe from TEST_GEN_FILES (git-fixes).
selftests/fib_tests: Rework fib_rp_filter_test() (git-fixes).
selftests/ftrace: Do not trace do_softirq because of PREEMPT_RT (git-fixes).
selftests/ftrace: make kprobe profile testcase description unique (git-fixes).
selftests/landlock: Add clang-format exceptions (git-fixes).
selftests/landlock: Add tests for O_PATH (git-fixes).
selftests/landlock: Add tests for unknown access rights (git-fixes).
selftests/landlock: Extend access right tests to directories (git-fixes).
selftests/landlock: Extend tests for minimal valid attribute size (git-fixes).
selftests/landlock: Format with clang-format (git-fixes).
selftests/landlock: Fully test file rename with 'remove' access (git-fixes).
selftests/landlock: Make tests build with old libc (git-fixes).
selftests/landlock: Normalize array assignment (git-fixes).
selftests/landlock: Test landlock_create_ruleset(2) argument check ordering (git-fixes).
selftests/memfd: clean up mapping in mfd_fail_write (git-fixes).
selftests/memfd: remove unused variable (git-fixes).
selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test (git-fixes).
selftests/net: so_txtime: fix parsing of start time stamp on 32 bit systems (git-fixes).
selftests/net: so_txtime: usage(): fix documentation of default clock (git-fixes).
selftests/net: timestamping: Fix bind_phc check (git-fixes).
selftests/net: udpgso_bench_tx: fix dst ip argument (git-fixes).
selftests/powerpc/spectre_v2: Return skip code when miss_percent is high (git-fixes).
selftests/powerpc: Add a test of sigreturning to the kernel (git-fixes).
selftests/resctrl: Fix null pointer dereference on open failed (git-fixes).
selftests/rseq: Change type of rseq_offset to ptrdiff_t (git-fixes).
selftests/rseq: Fix ppc32 missing instruction selection 'u' and 'x' for load/store (git-fixes).
selftests/rseq: Fix ppc32 offsets by using long rather than off_t (git-fixes).
selftests/rseq: Fix ppc32: wrong rseq_cs 32-bit field pointer on big endian (git-fixes).
selftests/rseq: Fix warnings about #if checks of undefined tokens (git-fixes).
selftests/rseq: Fix: work-around asm goto compiler bugs (git-fixes).
selftests/rseq: Introduce rseq_get_abi() helper (git-fixes).
selftests/rseq: Introduce thread pointer getters (git-fixes).
selftests/rseq: Remove arm/mips asm goto compiler work-around (git-fixes).
selftests/rseq: Remove useless assignment to cpu variable (git-fixes).
selftests/rseq: Remove volatile from __rseq_abi (git-fixes).
selftests/rseq: Uplift rseq selftests for compatibility with glibc-2.35 (git-fixes).
selftests/rseq: introduce own copy of rseq uapi header (git-fixes).
selftests/rseq: remove ARRAY_SIZE define from individual tests (git-fixes).
selftests/rseq: x86-32: use %gs segment selector for accessing rseq thread area (git-fixes).
selftests/rseq: x86-64: use %fs segment selector for accessing rseq thread area (git-fixes).
selftests/seccomp: Do not call read() on TTY from background pgrp (git-fixes).
selftests/seccomp: Fix seccomp failure by adding missing headers (git-fixes).
selftests/sgx: Treat CC as one argument (git-fixes).
selftests/vm/transhuge-stress: fix ram size thinko (git-fixes).
selftests/vm: make charge_reserved_hugetlb.sh work with existing cgroup setting (git-fixes).
selftests/x86: Add validity check and allow field splitting (git-fixes).
selftests/zram01.sh: Fix compression ratio calculation (git-fixes).
selftests/zram: Adapt the situation that /dev/zram0 is being used (git-fixes).
selftests/zram: Skip max_comp_streams interface on newer kernel (git-fixes).
selftests: Add duplicate config only for MD5 VRF tests (git-fixes).
selftests: Fix IPv6 address bind tests (git-fixes).
selftests: Fix raw socket bind tests with VRF (git-fixes).
selftests: add ping test with ping_group_range tuned (git-fixes).
selftests: cgroup: Make cg_create() use 0755 for permission instead of 0644 (git-fixes).
selftests: cgroup: Test open-time cgroup namespace usage for migration checks (git-fixes).
selftests: cgroup: Test open-time credential usage for migration checks (git-fixes).
selftests: clone3: clone3: add case CLONE3_ARGS_NO_TEST (git-fixes).
selftests: fixup build warnings in pidfd / clone3 tests (git-fixes).
selftests: forwarding: fix error message in learning_test (git-fixes).
selftests: forwarding: fix flood_unicast_test when h2 supports IFF_UNICAST_FLT (git-fixes).
selftests: forwarding: fix learning_test when h1 supports IFF_UNICAST_FLT (git-fixes).
selftests: futex: Use variable MAKE instead of make (git-fixes).
selftests: gpio: fix gpio compiling error (git-fixes).
selftests: harness: avoid false negatives if test has no ASSERTs (git-fixes).
selftests: icmp_redirect: pass xfail=0 to log_test() (git-fixes).
selftests: mirror_gre_bridge_1q: Avoid changing PVID while interface is operational (git-fixes).
selftests: mlxsw: resource_scale: Fix return value (git-fixes).
selftests: mlxsw: tc_police_scale: Make test more robust (git-fixes).
selftests: mlxsw: vxlan_flooding: Prevent flooding of unwanted packets (git-fixes).
selftests: mptcp: add csum mib check for mptcp_connect (git-fixes).
selftests: mptcp: fix diag instability (git-fixes).
selftests: mptcp: fix ipv6 routing setup (git-fixes).
selftests: mptcp: more stable diag tests (git-fixes).
selftests: net: Correct case name (git-fixes).
selftests: net: Correct ping6 expected rc from 2 to 1 (git-fixes).
selftests: net: Fix a typo in udpgro_fwd.sh (git-fixes).
selftests: net: tls: remove unused variable and code (git-fixes).
selftests: net: udpgro_fwd.sh: explicitly checking the available ping feature (git-fixes).
selftests: net: using ping6 for IPv6 in udpgro_fwd.sh (git-fixes).
selftests: netfilter: add a vrf+conntrack testcase (git-fixes).
selftests: netfilter: correct PKTGEN_SCRIPT_PATHS in nft_concat_range.sh (git-fixes).
selftests: netfilter: disable rp_filter on router (git-fixes).
selftests: netfilter: fix exit value for nft_concat_range (git-fixes).
selftests: nft_concat_range: add test for reload with no element add/del (git-fixes).
selftests: ocelot: tc_flower_chains: specify conform-exceed action for policer (git-fixes).
selftests: openat2: Add missing dependency in Makefile (git-fixes).
selftests: openat2: Print also errno in failure messages (git-fixes).
selftests: openat2: Skip testcases that fail with EOPNOTSUPP (git-fixes).
selftests: pmtu.sh: Kill nettest processes launched in subshell (git-fixes).
selftests: pmtu.sh: Kill tcpdump processes launched by subshell (git-fixes).
selftests: rtc: Increase test timeout so that all tests run (git-fixes).
selftests: skip mincore.check_file_mmap when fs lacks needed support (git-fixes).
selftests: test_vxlan_under_vrf: Fix broken test case (git-fixes).
selftests: vm: Makefile: rename TARGETS to VMTARGETS (git-fixes).
selftests: vm: fix clang build error multiple output files (git-fixes).
selftests: x86: fix [-Wstringop-overread] warn in test_process_vm_readv() (git-fixes).
serial: 8250: Fix PM usage_count for console handover (git-fixes).
serial: 8250: fix return error code in serial8250_request_std_resource() (git-fixes).
serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle (git-fixes).
serial: sc16is7xx: Clear RS485 bits in the shutdown (git-fixes).
serial: stm32: Clear prev values before setting RTS delays (git-fixes).
smsc95xx: Ignore -ENODEV errors when device is unplugged (git-fixes).
soc: ixp4xx/npe: Fix unused match warning (git-fixes).
spi: Add Tegra234 QUAD SPI compatible (jsc#SLE-24570)
spi: amd: Limit max transfer and message size (git-fixes).
spi: bcm2835: bcm2835_spi_handle_err(): fix NULL pointer deref for non DMA transfers (git-fixes).
spi: tegra210-quad: add acpi support (jsc#SLE-24570)
spi: tegra210-quad: add new chips to compatible (jsc#SLE-24570)
spi: tegra210-quad: combined sequence mode (jsc#SLE-24570)
spi: tegra210-quad: use device_reset method (jsc#SLE-24570)
spi: tegra210-quad: use devm call for cdata memory (jsc#SLE-24570)
supported.conf: mark drivers/nvme/common as supported (jsc#SLE-20183)
supported.conf: mark marvell octeontx2 crypto driver as supported (jsc#SLE-24682) Mark rvu_cptpf.ko and rvu_cptvf.ko as supported.
supported.conf: rvu_mbox as supported (jsc#SLE-24682)
sysctl: Fix data races in proc_dointvec() (git-fixes).
sysctl: Fix data races in proc_dointvec_jiffies() (git-fixes).
sysctl: Fix data races in proc_dointvec_minmax() (git-fixes).
sysctl: Fix data races in proc_douintvec() (git-fixes).
sysctl: Fix data races in proc_douintvec_minmax() (git-fixes).
sysctl: Fix data races in proc_doulongvec_minmax() (git-fixes).
sysctl: Fix data-races in proc_dointvec_ms_jiffies() (git-fixes).
sysctl: Fix data-races in proc_dou8vec_minmax() (git-fixes).
tee: fix put order in teedev_close_context() (git-fixes).
tee: optee: do not check memref size on return from Secure World (git-fixes).
tee: tee_get_drvdata(): fix description of return value (git-fixes).
testing/selftests/mqueue: Fix mq_perf_tests to free the allocated cpu set (git-fixes).
testing: nvdimm: asm/mce.h is not needed in nfit.c (git-fixes).
testing: nvdimm: iomap: make __nfit_test_ioremap a macro (git-fixes).
tests: fix idmapped mount_setattr test (git-fixes).
tools include UAPI: Sync sound/asound.h copy with the kernel sources (git-fixes).
tools/nolibc: fix incorrect truncation of exit code (git-fixes).
tools/nolibc: i386: fix initial stack alignment (git-fixes).
tools/nolibc: x86-64: Fix startup code bug (git-fixes).
tools/testing/scatterlist: add missing defines (git-fixes).
tty: n_gsm: Modify CR,PF bit when config requester (git-fixes).
tty: n_gsm: Save dlci address open status when config requester (git-fixes).
tty: n_gsm: fix buffer over-read in gsm_dlci_data() (git-fixes).
tty: n_gsm: fix decoupled mux resource (git-fixes).
tty: n_gsm: fix encoding of command/response bit (git-fixes).
tty: n_gsm: fix frame reception handling (git-fixes).
tty: n_gsm: fix incorrect UA handling (git-fixes).
tty: n_gsm: fix insufficient txframe size (git-fixes).
tty: n_gsm: fix invalid gsmtty_write_room() result (git-fixes).
tty: n_gsm: fix invalid use of MSC in advanced option (git-fixes).
tty: n_gsm: fix malformed counter for out of frame data (git-fixes).
tty: n_gsm: fix missing explicit ldisc flush (git-fixes).
tty: n_gsm: fix missing tty wakeup in convergence layer type 2 (git-fixes).
tty: n_gsm: fix missing update of modem controls after DLCI open (git-fixes).
tty: n_gsm: fix mux activation issues in gsm_config() (git-fixes).
tty: n_gsm: fix mux cleanup after unregister tty device (git-fixes).
tty: n_gsm: fix reset fifo race condition (git-fixes).
tty: n_gsm: fix restart handling via CLD command (git-fixes).
tty: n_gsm: fix software flow control handling (git-fixes).
tty: n_gsm: fix sometimes uninitialized warning in gsm_dlci_modem_output() (git-fixes).
tty: n_gsm: fix wrong DLCI release order (git-fixes).
tty: n_gsm: fix wrong command frame length field encoding (git-fixes).
tty: n_gsm: fix wrong command retry handling (git-fixes).
tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2 (git-fixes).
tty: n_gsm: fix wrong signal octets encoding in MSC (git-fixes).
tty: serial: samsung_tty: set dma burst_size to 1 (git-fixes).
tun: avoid double free in tun_free_netdev (git-fixes).
tun: fix bonding active backup with arp monitoring (git-fixes).
tunnels: do not assume mac header is set in skb_tunnel_check_pmtu() (git-fixes).
tuntap: add sanity checks about msg_controllen in sendmsg (git-fixes).
uaccess: fix type mismatch warnings from access_ok() (git-fixes).
ucounts: Base set_cred_ucounts changes on the real user (git-fixes).
ucounts: Fix rlimit max values check (git-fixes).
ucounts: Fix systemd LimitNPROC with private users regression (git-fixes).
ucounts: Handle wrapping in is_ucounts_overlimit (git-fixes).
ucounts: In set_cred_ucounts assume new->ucounts is non-NULL (git-fixes).
udmabuf: add back sanity check (git-fixes).
usb: dwc3: gadget: Fix event pending check (git-fixes).
usb: serial: ftdi_sio: add Belimo device ids (git-fixes).
usb: typec: add missing uevent when partner support PD (git-fixes).
usbnet: Run unregister_netdev() before unbind() again (git-fixes).
usbnet: fix memory leak in error case (git-fixes).
userfaultfd/selftests: fix hugetlb area allocations (git-fixes).
veth: Do not record rx queue hint in veth_xmit (git-fixes).
veth: ensure skb entering GRO are not cloned (git-fixes).
video: of_display_timing.h: include errno.h (git-fixes).
virtio_mmio: Add missing PM calls to freeze/restore (git-fixes).
virtio_mmio: Restore guest page size on resume (git-fixes).
vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf dev xmit (git-fixes).
vsock/virtio: enable VQs early on probe (git-fixes).
vsock/virtio: initialize vdev->priv before using VQs (git-fixes).
vsock/virtio: read the negotiated features before using VQs (git-fixes).
vsock: remove vsock from connected table when connect is interrupted by a signal (git-fixes).
vt: fix memory overlapping when deleting chars in the buffer (git-fixes).
watch-queue: remove spurious double semicolon (git-fixes).
watch_queue: Fix missing locking in add_watch_to_object() (git-fixes).
watch_queue: Fix missing rcu annotation (git-fixes).
watchdog: export lockup_detector_reconfigure (bsc#1201846 ltc#198761).
watchqueue: make sure to serialize 'wqueue->defunct' properly (git-fixes).
wifi: mac80211: fix queue selection for mesh/OCB interfaces (git-fixes).
wifi: mac80211_hwsim: set virtio device ready in probe() (git-fixes).
wireguard: device: check for metadata_dst with skb_valid_dst() (git-fixes).
x86/bugs: Remove apostrophe typo (bsc#1190497).
x86/entry: Remove skip_r11rcx (bsc#1201524).
x86/ibt,xen: Sprinkle the ENDBR (bsc#1201471).
xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue (bsc#1201381).
xhci: Set HCD flag to defer primary roothub registration (git-fixes).
xhci: dbc: Rename xhci_dbc_init and xhci_dbc_exit (git-fixes).
xhci: dbc: create and remove dbc structure in dbgtty driver (git-fixes).
xhci: dbc: refactor xhci_dbc_init() (git-fixes).
xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create (git-fixes).
xprtrdma: treat all calls not a bcall when bc_serv is NULL (git-fixes).
zonefs: Clear inode information flags on inode creation (git-fixes).
zonefs: Fix management of open zones (git-fixes).
zonefs: add MODULE_ALIAS_FS (git-fixes).

Advisory ID	SUSE-RU-2022:2735-1
Released	Wed Aug 10 04:31:41 2022
Summary	Recommended update for tar
Type	recommended
Severity	moderate
References	1200657

Description:

This update for tar fixes the following issues:

Fix race condition while creating intermediate subdirectories (bsc#1200657)

Advisory ID	SUSE-RU-2022:2736-1
Released	Wed Aug 10 04:32:41 2022
Summary	Recommended update for libqt5-qttools
Type	recommended
Severity	moderate
References	1200152

Description:

This update for libqt5-qttools fixes the following issues:

Increase the disk constraint to 4.5G (bsc#1200152)

Advisory ID	SUSE-RU-2022:2737-1
Released	Wed Aug 10 04:33:19 2022
Summary	Recommended update for gedit
Type	recommended
Severity	moderate
References	1198312

Description:

This update for gedit fixes the following issues:

Add necessary dependency to resolve schema 'is not installed' error after install in WSL (bsc#1198312)

Advisory ID	SUSE-SU-2022:2748-1
Released	Wed Aug 10 13:30:07 2022
Summary	Security update for MozillaThunderbird
Type	security
Severity	important
References	1201758,CVE-2022-36318,CVE-2022-36319

Description:

This update for MozillaThunderbird fixes the following issues:

Mozilla Thunderbird 91.12 * changed: Support for Google Talk chat accounts removed * fixed: OpenPGP signatures were broken when 'Primary Password' dialog remained open * fixed: Various security fixes

Security fixes (MFSA 2022-31) (bsc#1201758): - CVE-2022-36319: Fixed mouse Position spoofing with CSS transforms (bmo#1737722) - CVE-2022-36318: Fixed directory indexes for bundled resources reflected URL parameters (bmo#1771774)

Advisory ID	SUSE-RU-2022:2749-1
Released	Wed Aug 10 13:32:57 2022
Summary	Recommended update for go1.19
Type	recommended
Severity	moderate
References	1200441

Description:

This update for go1.19 fixes the following issues:
go1.19 (released 2022-08-02) is a major release of Go.
go1.19.x minor releases will be provided through August 2023.
https://github.com/golang/go/wiki/Go-Release-Cycle
go1.19 arrives five months after go1.18. Most of its changes are in the implementation of the toolchain, runtime, and libraries.
As always, the release maintains the Go 1 promise of compatibility. We expect almost all Go programs to continue to compile and run as before. (Refs bsc#1200441 go1.19 release tracking)

See release notes https://golang.org/doc/go1.19. Excerpts relevant to OBS environment and for SUSE/openSUSE follow:
There is only one small change to the language, a very small correction to the scope of type parameters in method declarations. Existing programs are unaffected.
The Go memory model has been revised to align Go with the memory model used by C, C++, Java, JavaScript, Rust, and Swift. Go only provides sequentially consistent atomics, not any of the more relaxed forms found in other languages. Along with the memory model update, Go 1.19 introduces new types in the sync/atomic package that make it easier to use atomic values, such as atomic.Int64 and atomic.Pointer[T].
go1.19 adds support for the Loongson 64-bit architecture LoongArch on Linux (GOOS=linux, GOARCH=loong64). The ABI implemented is LP64D. Minimum kernel version supported is 5.19.
The riscv64 port now supports passing function arguments and result using registers. Benchmarking shows typical performance improvements of 10% or more on riscv64.
Go 1.19 adds support for links, lists, and clearer headings in doc comments. As part of this change, gofmt now reformats doc comments to make their rendered meaning clearer. See 'Go Doc Comments' for syntax details and descriptions of common mistakes now highlighted by gofmt. As another part of this change, the new package go/doc/comment provides parsing and reformatting of doc comments as well as support for rendering them to HTML, Markdown, and text.
The new build constraint 'unix' is now recognized in //go:build lines. The constraint is satisfied if the target operating system, also known as GOOS, is a Unix or Unix-like system. For the 1.19 release it is satisfied if GOOS is one of aix, android, darwin, dragonfly, freebsd, hurd, illumos, ios, linux, netbsd, openbsd, or solaris. In future releases the unix constraint may match additional newly supported operating systems.
The -trimpath flag, if set, is now included in the build settings stamped into Go binaries by go build, and can be examined using go version -m or debug.ReadBuildInfo.
go generate now sets the GOROOT environment variable explicitly in the generator's environment, so that generators can locate the correct GOROOT even if built with -trimpath.
go test and go generate now place GOROOT/bin at the beginning of the PATH used for the subprocess, so tests and generators that execute the go command will resolve it to same GOROOT.
go env now quotes entries that contain spaces in the CGO_CFLAGS, CGO_CPPFLAGS, CGO_CXXFLAGS, CGO_FFLAGS, CGO_LDFLAGS, and GOGCCFLAGS variables it reports.
go list -json now accepts a comma-separated list of JSON fields to populate. If a list is specified, the JSON output will include only those fields, and go list may avoid work to compute fields that are not included. In some cases, this may suppress errors that would otherwise be reported.
The go command now caches information necessary to load some modules, which should result in a speed-up of some go list invocations.
The vet checker 'errorsas' now reports when errors.As is called with a second argument of type *error, a common mistake.
The runtime now includes support for a soft memory limit. This memory limit includes the Go heap and all other memory managed by the runtime, and excludes external memory sources such as mappings of the binary itself, memory managed in other languages, and memory held by the operating system on behalf of the Go program. This limit may be managed via runtime/debug.SetMemoryLimit or the equivalent GOMEMLIMIT environment variable. The limit works in conjunction with runtime/debug.SetGCPercent / GOGC, and will be respected even if GOGC=off, allowing Go programs to always make maximal use of their memory limit, improving resource efficiency in some cases.
In order to limit the effects of GC thrashing when the program's live heap size approaches the soft memory limit, the Go runtime also attempts to limit total GC CPU utilization to 50%, excluding idle time, choosing to use more memory over preventing application progress. In practice, we expect this limit to only play a role in exceptional cases, and the new runtime metric /gc/limiter/last-enabled:gc-cycle reports when this last occurred.
The runtime now schedules many fewer GC worker goroutines on idle operating system threads when the application is idle enough to force a periodic GC cycle.
The runtime will now allocate initial goroutine stacks based on the historic average stack usage of goroutines. This avoids some of the early stack growth and copying needed in the average case in exchange for at most 2x wasted space on below-average goroutines.
On Unix operating systems, Go programs that import package os now automatically increase the open file limit (RLIMIT_NOFILE) to the maximum allowed value; that is, they change the soft limit to match the hard limit. This corrects artificially low limits set on some systems for compatibility with very old C programs using the select system call. Go programs are not helped by that limit, and instead even simple programs like gofmt often ran out of file descriptors on such systems when processing many files in parallel. One impact of this change is that Go programs that in turn execute very old C programs in child processes may run those programs with too high a limit. This can be corrected by setting the hard limit before invoking the Go program.
Unrecoverable fatal errors (such as concurrent map writes, or unlock of unlocked mutexes) now print a simpler traceback excluding runtime metadata (equivalent to a fatal panic) unless GOTRACEBACK=system or crash. Runtime-internal fatal error tracebacks always include full metadata regardless of the value of GOTRACEBACK
Support for debugger-injected function calls has been added on ARM64, enabling users to call functions from their binary in an interactive debugging session when using a debugger that is updated to make use of this functionality.
The address sanitizer support added in Go 1.18 now handles function arguments and global variables more precisely.
The compiler now uses a jump table to implement large integer and string switch statements. Performance improvements for the switch statement vary but can be on the order of 20% faster. (GOARCH=amd64 and GOARCH=arm64 only)
The Go compiler now requires the -p=importpath flag to build a linkable object file. This is already supplied by the go command and by Bazel. Any other build systems that invoke the Go compiler directly will need to make sure they pass this flag as well.
The Go compiler no longer accepts the -importmap flag. Build systems that invoke the Go compiler directly must use the -importcfg flag instead.
Like the compiler, the assembler now requires the -p=importpath flag to build a linkable object file. This is already supplied by the go command. Any other build systems that invoke the Go assembler directly will need to make sure they pass this flag as well.
Command and LookPath no longer allow results from a PATH search to be found relative to the current directory. This removes a common source of security problems but may also break existing programs that depend on using, say, exec.Command('prog') to run a binary named prog (or, on Windows, prog.exe) in the current directory. See the os/exec package documentation for information about how best to update such programs.
On Windows, Command and LookPath now respect the NoDefaultCurrentDirectoryInExePath environment variable, making it possible to disable the default implicit search of “.” in PATH lookups on Windows systems.
crypto/elliptic: Operating on invalid curve points (those for which the IsOnCurve method returns false, and which are never returned by Unmarshal or by a Curve method operating on a valid point) has always been undefined behavior and can lead to key recovery attacks. If an invalid point is supplied to Marshal, MarshalCompressed, Add, Double, or ScalarMult, they will now panic. ScalarBaseMult operations on the P224, P384, and P521 curves are now up to three times faster, leading to similar speedups in some ECDSA operations. The generic (not platform optimized) P256 implementation was replaced with one derived from a formally verified model; this might lead to significant slowdowns on 32-bit platforms.
crypto/rand: Read no longer buffers random data obtained from the operating system between calls. Applications that perform many small reads at high frequency might choose to wrap Reader in a bufio.Reader for performance reasons, taking care to use io.ReadFull to ensure no partial reads occur. The Prime implementation was changed to use only rejection sampling, which removes a bias when generating small primes in non-cryptographic contexts, removes one possible minor timing leak, and better aligns the behavior with BoringSSL, all while simplifying the implementation. The change does produce different outputs for a given random source stream compared to the previous implementation, which can break tests written expecting specific results from specific deterministic random sources. To help prevent such problems in the future, the implementation is now intentionally non-deterministic with respect to the input stream.
crypto/tls: The GODEBUG option tls10default=1 has been removed. It is still possible to enable TLS 1.0 client-side by setting Config.MinVersion. The TLS server and client now reject duplicate extensions in TLS handshakes, as required by RFC 5246, Section 7.4.1.4 and RFC 8446, Section 4.2.
crypto/x509: CreateCertificate no longer supports creating certificates with SignatureAlgorithm set to MD5WithRSA. CreateCertificate no longer accepts negative serial numbers. CreateCertificate will not emit an empty SEQUENCE anymore when the produced certificate has no extensions. ParseCertificate and ParseCertificateRequest now reject certificates and CSRs which contain duplicate extensions. The new CertPool.Clone and CertPool.Equal methods allow cloning a CertPool and checking the equivalence of two CertPools respectively. The new function ParseRevocationList provides a faster, safer to use CRL parser which returns a RevocationList. Parsing a CRL also populates the new RevocationList fields RawIssuer, Signature, AuthorityKeyId, and Extensions, which are ignored by CreateRevocationList. The new method RevocationList.CheckSignatureFrom checks that the signature on a CRL is a valid signature from a Certificate. The ParseCRL and ParseDERCRL functions are now deprecated in favor of ParseRevocationList. The Certificate.CheckCRLSignature method is deprecated in favor of RevocationList.CheckSignatureFrom. The path builder of Certificate.Verify was overhauled and should now produce better chains and/or be more efficient in complicated scenarios. Name constraints are now also enforced on non-leaf certificates.
crypto/x509/pkix: The types CertificateList and TBSCertificateList have been deprecated. The new crypto/x509 CRL functionality should be used instead.
debug/elf: The new EM_LOONGARCH and R_LARCH_* constants support the loong64 port.
debug/pe: The new File.COFFSymbolReadSectionDefAux method, which returns a COFFSymbolAuxFormat5, provides access to COMDAT information in PE file sections. These are supported by new IMAGE_COMDAT_* and IMAGE_SCN_* constants.
runtime: The GOROOT function now returns the empty string (instead of 'go') when the binary was built with the -trimpath flag set and the GOROOT variable is not set in the process environment.
runtime/metrics: The new /sched/gomaxprocs:threads metric reports the current runtime.GOMAXPROCS value. The new /cgo/go-to-c-calls:calls metric reports the total number of calls made from Go to C. This metric is identical to the runtime.NumCgoCall function. The new /gc/limiter/last-enabled:gc-cycle metric reports the last GC cycle when the GC CPU limiter was enabled. See the runtime notes for details about the GC CPU limiter.
runtime/pprof: Stop-the-world pause times have been significantly reduced when collecting goroutine profiles, reducing the overall latency impact to the application. MaxRSS is now reported in heap profiles for all Unix operating systems (it was previously only reported for GOOS=android, darwin, ios, and linux).
runtime/race: The race detector has been upgraded to use thread sanitizer version v3 on all supported platforms except windows/amd64 and openbsd/amd64, which remain on v2. Compared to v2, it is now typically 1.5x to 2x faster, uses half as much memory, and it supports an unlimited number of goroutines. On Linux, the race detector now requires at least glibc version 2.17 and GNU binutils 2.26. The race detector is now supported on GOARCH=s390x. Race detector support for openbsd/amd64 has been removed from thread sanitizer upstream, so it is unlikely to ever be updated from v2.
runtime/trace: When tracing and the CPU profiler are enabled simultaneously, the execution trace includes CPU profile samples as instantaneous events.
syscall: On PowerPC (GOARCH=ppc64, ppc64le), Syscall, Syscall6, RawSyscall, and RawSyscall6 now always return 0 for return value r2 instead of an undefined value. On AIX and Solaris, Getrusage is now defined.

Trace viewer html and javascript files moved from misc/trace in

previous versions to src/cmd/trace/static in go1.19.

Added files with mode 0644: /usr/share/go/1.19/src/cmd/trace/static /usr/share/go/1.19/src/cmd/trace/static/README.md /usr/share/go/1.19/src/cmd/trace/static/trace_viewer_full.html /usr/share/go/1.19/src/cmd/trace/static/webcomponents.min.js

Advisory ID	SUSE-RU-2022:2753-1
Released	Wed Aug 10 13:36:18 2022
Summary	Recommended update for libpulp
Type	recommended
Severity	moderate
References	1200129,1200316

Description:

This update for libpulp fixes the following issues:

Fix ulp tool not patching on high process count (bsc#1200316).
Implement a timeout feature in case of deadlocks.

Fix ulp tool crashing on high process count (bsc#1200316).
Avoid parsing /proc//comm when not needed.

Update package with libpulp-0.2.4.

Fix dlsym interposition changing program behaviour (bsc#1200129)
Fix free call of mmap'ed buffers (bsc#1200129)
Fix error message when user has no permission to open livepatch.

Update package with libpulp-0.2.3 (jsc#SLE-20049).

Add support for endbr64 instructions on function beginning.
Fix use-after-free bug.
Fix compilation in Tumbleweed.

Advisory ID	SUSE-RU-2022:2758-1
Released	Wed Aug 10 14:05:17 2022
Summary	Recommended update for clamsap
Type	recommended
Severity	moderate
References

Description:

This update for clamsap fixes the following issues:
clamsap was updated to version 0.104 (jsc#PED-805)

Relax javascript check in PDF
use https source url, also https URL
Wildcard support for MIME type lists
Fix SAR file content scan
Add option for PDF active content
Remove own default settings from VsaGetConfig and rely on clamav defaults
Change default virusname in case clamav does not return any virus name.
Limit pcre calls
Increase Version because tested with latest clam engine
Support new parameter SCANHEURISTICLEVEL

Advisory ID	SUSE-SU-2022:2763-1
Released	Wed Aug 10 14:30:18 2022
Summary	Security update for sssd
Type	security
Severity	moderate
References	1182058,1189492,1190775,1195552,1196166,CVE-2021-3621

Description:

This update for sssd fixes the following issues:

CVE-2021-3621: Fixed shell command injection in sssctl via the logs-fetch and cache-expire subcommand (bsc#1189492).

Add 'ldap_ignore_unreadable_references' parameter to skip unreadable objects referenced by 'member' attributte (bsc#1190775)

Fix 32-bit libraries package. Libraries were moved from sssd to sssd-common but baselibs.conf was not updated accordingly (bsc#1182058, bsc#1196166)

Remove caches only when performing a package downgrade. The sssd daemon takes care of upgrading the database format when necessary (bsc#1195552)

Advisory ID	SUSE-RU-2022:2790-1
Released	Fri Aug 12 10:11:24 2022
Summary	Recommended update for supportutils-plugin-ha-sap
Type	recommended
Severity	moderate
References	1201831

Description:

This update for supportutils-plugin-ha-sap fixes the following issues:

Update to version 0.0.3+git.1659022100.39bfcd6: * Update README.md * Replace spaces to tabs. * Search for other groups too. * Include /etc/group in plugin-ha_sap.txt (bsc#1201831) * Update ha_sap * Update pacemaker.log location change * suppress link path in Readme.md * add section 'Additional information' to the Readme.md * change release status of the project

Advisory ID	SUSE-RU-2022:2796-1
Released	Fri Aug 12 14:34:31 2022
Summary	Recommended update for jitterentropy
Type	recommended
Severity	moderate
References

Description:

This update for jitterentropy fixes the following issues:
jitterentropy is included in version 3.4.0 (jsc#SLE-24941):
This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries.

Advisory ID	SUSE-SU-2022:2803-1
Released	Fri Aug 12 16:29:17 2022
Summary	Security update for the Linux Kernel
Type	security
Severity	important
References	1190256,1190497,1199291,1199356,1199665,1201258,1201323,1201391,1201458,1201592,1201593,1201595,1201596,1201635,1201651,1201691,1201705,1201726,1201846,1201930,1202094,CVE-2021-33655,CVE-2022-21505,CVE-2022-2585,CVE-2022-26373,CVE-2022-29581

Description:

The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:

CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635).
CVE-2022-2585: Fixed use-after-free in POSIX CPU timer (bnc#1202094).
CVE-2022-21505: Fixed kexec lockdown bypass with IMA policy (bsc#1201458).
CVE-2022-26373: Fixed CPU info leak via post-barrier RSB predictions (bsc#1201726).
CVE-2022-29581: Fixed improper update of Reference Count in net/sched that could cause root privilege escalation (bnc#1199665).

The following non-security bugs were fixed:

ACPI: CPPC: Only probe for _CPC if CPPC v2 is acked (git-fixes).
ACPI: video: Fix acpi_video_handles_brightness_key_presses() (git-fixes).
ALSA: hda - Add fixup for Dell Latitidue E5430 (git-fixes).
ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model (git-fixes).
ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop (git-fixes).
ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221 (git-fixes).
ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (git-fixes).
ALSA: hda/realtek: Add quirk for Clevo L140PU (git-fixes).
ALSA: hda/realtek: Fix headset mic for Acer SF313-51 (git-fixes).
ALSA: hda/realtek: fix mute/micmute LEDs for HP machines (git-fixes).
ALSA: usb-audio: Add quirk for Fiero SC-01 (fw v1.0.0) (git-fixes).
ALSA: usb-audio: Add quirk for Fiero SC-01 (git-fixes).
ALSA: usb-audio: Add quirks for MacroSilicon MS2100/MS2106 devices (git-fixes).
ALSA: usb-audio: Workarounds for Behringer UMC 204/404 HD (git-fixes).
ARM: 9209/1: Spectre-BHB: avoid pr_info() every time a CPU comes out of idle (git-fixes).
ARM: 9210/1: Mark the FDT_FIXED sections as shareable (git-fixes).
ARM: 9213/1: Print message about disabled Spectre workarounds only once (git-fixes).
ARM: 9214/1: alignment: advance IT state after emulating Thumb instruction (git-fixes).
ARM: dts: at91: sama5d2: Fix typo in i2s1 node (git-fixes).
ARM: dts: imx6qdl-ts7970: Fix ngpio typo and count (git-fixes).
ARM: dts: stm32: use the correct clock source for CEC on stm32mp151 (git-fixes).
ARM: dts: sunxi: Fix SPI NOR campatible on Orange Pi Zero (git-fixes).
ASoC: Intel: Skylake: Correct the handling of fmt_config flexible array (git-fixes).
ASoC: Intel: Skylake: Correct the ssp rate discovery in skl_get_ssp_clks() (git-fixes).
ASoC: Intel: bytcr_wm5102: Fix GPIO related probe-ordering problem (git-fixes).
ASoC: Intel: sof_sdw: handle errors on card registration (git-fixes).
ASoC: Realtek/Maxim SoundWire codecs: disable pm_runtime on remove (git-fixes).
ASoC: Remove unused hw_write_t type (git-fixes).
ASoC: SOF: Intel: hda-loader: Clarify the cl_dsp_init() flow (git-fixes).
ASoC: codecs: rt700/rt711/rt711-sdca: initialize workqueues in probe (git-fixes).
ASoC: codecs: rt700/rt711/rt711-sdca: resume bus/codec in .set_jack_detect (git-fixes).
ASoC: cs47l15: Fix event generation for low power mux control (git-fixes).
ASoC: dapm: Initialise kcontrol data for mux/demux controls (git-fixes).
ASoC: madera: Fix event generation for OUT1 demux (git-fixes).
ASoC: madera: Fix event generation for rate controls (git-fixes).
ASoC: ops: Fix off by one in range control validation (git-fixes).
ASoC: rt5682: Avoid the unexpected IRQ event during going to suspend (git-fixes).
ASoC: rt5682: Fix deadlock on resume (git-fixes).
ASoC: rt5682: Re-detect the combo jack after resuming (git-fixes).
ASoC: rt5682: fix an incorrect NULL check on list iterator (git-fixes).
ASoC: rt5682: move clk related code to rt5682_i2c_probe (git-fixes).
ASoC: rt7*-sdw: harden jack_detect_handler (git-fixes).
ASoC: rt711-sdca-sdw: fix calibrate mutex initialization (git-fixes).
ASoC: rt711-sdca: Add endianness flag in snd_soc_component_driver (git-fixes).
ASoC: rt711-sdca: fix kernel NULL pointer dereference when IO error (git-fixes).
ASoC: rt711: Add endianness flag in snd_soc_component_driver (git-fixes).
ASoC: rt711: fix calibrate mutex initialization (git-fixes).
ASoC: sgtl5000: Fix noise on shutdown/remove (git-fixes).
ASoC: tas2764: Add post reset delays (git-fixes).
ASoC: tas2764: Correct playback volume range (git-fixes).
ASoC: tas2764: Fix amp gain register offset & default (git-fixes).
ASoC: tas2764: Fix and extend FSYNC polarity handling (git-fixes).
ASoC: wcd938x: Fix event generation for some controls (git-fixes).
ASoC: wm5110: Fix DRE control (git-fixes).
Bluetooth: btusb: Add the new support IDs for WCN6855 (git-fixxes).
Input: cpcap-pwrbutton - handle errors from platform_get_irq() (git-fixes).
Input: i8042 - Apply probe defer to more ASUS ZenBook models (bsc#1190256).
NFC: nxp-nci: do not print header length mismatch on i2c error (git-fixes).
VMCI: Add support for ARM64 (bsc#1199291, jsc#SLE-24635).
VMCI: Check exclusive_vectors when freeing interrupt 1 (bsc#1199291, jsc#SLE-24635).
VMCI: Fix some error handling paths in vmci_guest_probe_device() (bsc#1199291, jsc#SLE-24635).
VMCI: Release notification_bitmap in error path (bsc#1199291, jsc#SLE-24635).
VMCI: dma dg: add MMIO access to registers (bsc#1199291, jsc#SLE-24635).
VMCI: dma dg: add support for DMA datagrams receive (bsc#1199291, jsc#SLE-24635).
VMCI: dma dg: add support for DMA datagrams sends (bsc#1199291, jsc#SLE-24635).
VMCI: dma dg: allocate send and receive buffers for DMA datagrams (bsc#1199291, jsc#SLE-24635).
VMCI: dma dg: detect DMA datagram capability (bsc#1199291, jsc#SLE-24635).
VMCI: dma dg: register dummy IRQ handlers for DMA datagrams (bsc#1199291, jsc#SLE-24635).
VMCI: dma dg: set OS page size (bsc#1199291, jsc#SLE-24635).
VMCI: dma dg: whitespace formatting change for vmci register defines (bsc#1199291, jsc#SLE-24635).
arm64: Add HWCAP for self-synchronising virtual counter (git-fixes)
arm64: Add cavium_erratum_23154_cpus missing sentinel (jsc#SLE-24682).
arm64: cpufeature: add HWCAP for FEAT_AFP (git-fixes)
arm64: dts: broadcom: bcm4908: Fix cpu node for smp boot (git-fixes).
arm64: dts: broadcom: bcm4908: Fix timer node for BCM4906 SoC (git-fixes)
arm64: dts: broadcom: bcm4908: Fix timer node for BCM4906 SoC (git-fixes).
arm64: dts: rockchip: Assign RK3399 VDU clock rate (git-fixes).
arm64: mm: Do not invalidate FROM_DEVICE buffers at start of DMA transfer (git-fixes)
batman-adv: Use netif_rx() (git-fixes).
bcmgenet: add WOL IRQ check (git-fixes).
be2net: Fix buffer overflow in be_get_module_eeprom (bsc#1201323).
blk-mq: add one API for waiting until quiesce is done (bsc#1201651).
blk-mq: fix kabi support concurrent queue quiesce unquiesce (bsc#1201651).
blk-mq: support concurrent queue quiesce/unquiesce (bsc#1201651).
can: bcm: use call_rcu() instead of costly synchronize_rcu() (git-fixes).
can: grcan: grcan_probe(): remove extra of_node_get() (git-fixes).
can: gs_usb: gs_usb_open/close(): fix memory leak (git-fixes).
can: m_can: m_can_chip_config(): actually enable internal timestamping (git-fixes).
can: mcp251xfd: mcp251xfd_regmap_crc_read(): improve workaround handling for mcp2517fd (git-fixes).
can: mcp251xfd: mcp251xfd_regmap_crc_read(): update workaround broken CRC on TBC register (git-fixes).
ceph: fix up non-directory creation in SGID directories (bsc#1201595).
cpufreq: mediatek: Unregister platform device on exit (git-fixes).
cpufreq: mediatek: Use module_init and add module_exit (git-fixes).
cpufreq: pmac32-cpufreq: Fix refcount leak bug (git-fixes).
cpuidle: PSCI: Move the `has_lpi` check to the beginning of the (git-fixes)
crypto: hisilicon/qm - modify the uacce mode check (bsc#1201391).
crypto: octeontx2 - Avoid stack variable overflow (jsc#SLE-24682).
crypto: octeontx2 - CN10K CPT to RNM workaround (jsc#SLE-24682).
crypto: octeontx2 - Use swap() instead of swap_engines() (jsc#SLE-24682).
crypto: octeontx2 - add apis for custom engine groups (jsc#SLE-24682).
crypto: octeontx2 - add synchronization between mailbox accesses (jsc#SLE-24682).
crypto: octeontx2 - fix missing unlock (jsc#SLE-24682).
crypto: octeontx2 - increase CPT HW instruction queue length (jsc#SLE-24682).
crypto: octeontx2 - out of bounds access in otx2_cpt_dl_custom_egrp_delete() (jsc#SLE-24682).
crypto: octeontx2 - parameters for custom engine groups (jsc#SLE-24682).
crypto: octeontx2 - select CONFIG_NET_DEVLINK (jsc#SLE-24682).
crypto: octeontx2 - use swap() to make code cleaner (jsc#SLE-24682).
crypto: qat - fix memory leak in RSA (git-fixes).
crypto: qat - remove dma_free_coherent() for DH (git-fixes).
crypto: qat - remove dma_free_coherent() for RSA (git-fixes).
crypto: qat - set CIPHER capability for DH895XCC (git-fixes).
crypto: qat - set to zero DH parameters before free (git-fixes).
crypto: testmgr - allow ecdsa-nist in FIPS mode (jsc#SLE-21132,bsc#1201258).
device property: Add fwnode_irq_get_byname (jsc#SLE-24569)
dm: do not stop request queue after the dm device is suspended (bsc#1201651).
dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly (git-fixes).
dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (git-fixes).
dmaengine: lgm: Fix an error handling path in intel_ldma_probe() (git-fixes).
dmaengine: pl330: Fix lockdep warning about non-static key (git-fixes).
dmaengine: qcom: bam_dma: fix runtime PM underflow (git-fixes).
dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate (git-fixes).
dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate (git-fixes).
docs: firmware-guide: ACPI: Add named interrupt doc (jsc#SLE-24569)
docs: net: dsa: add more info about the other arguments to get_tag_protocol (git-fixes).
docs: net: dsa: delete port_mdb_dump (git-fixes).
docs: net: dsa: document change_tag_protocol (git-fixes).
docs: net: dsa: document port_fast_age (git-fixes).
docs: net: dsa: document port_setup and port_teardown (git-fixes).
docs: net: dsa: document the shutdown behavior (git-fixes).
docs: net: dsa: document the teardown method (git-fixes).
docs: net: dsa: re-explain what port_fdb_dump actually does (git-fixes).
docs: net: dsa: remove port_vlan_dump (git-fixes).
docs: net: dsa: rename tag_protocol to get_tag_protocol (git-fixes).
docs: net: dsa: update probing documentation (git-fixes).
dpaa2-eth: Initialize mutex used in one step timestamping path (git-fixes).
dpaa2-eth: destroy workqueue at the end of remove function (git-fixes).
dpaa2-eth: unregister the netdev before disconnecting from the PHY (git-fixes).
drbd: fix potential silent data corruption (git-fixes).
drivers: net: smc911x: Check for error irq (git-fixes).
drm/amd/display: Fix by adding FPU protection for dcn30_internal_validate_bw (git-fixes).
drm/amd/display: Only use depth 36 bpp linebuffers on DCN display engines (git-fixes).
drm/amd/display: Set min dcfclk if pipe count is 0 (git-fixes).
drm/amd/vcn: fix an error msg on vcn 3.0 (git-fixes).
drm/amdgpu: To flush tlb for MMHUB of RAVEN series (git-fixes).
drm/i915/dg2: Add Wa_22011100796 (git-fixes).
drm/i915/gt: Serialize GRDOM access between multiple engine resets (git-fixes).
drm/i915/gt: Serialize TLB invalidates with GT resets (git-fixes).
drm/i915/gvt: IS_ERR() vs NULL bug in intel_gvt_update_reg_whitelist() (git-fixes).
drm/i915/selftests: fix a couple IS_ERR() vs NULL tests (git-fixes).
drm/i915/uc: correctly track uc_fw init failure (git-fixes).
drm/i915: Fix a race between vma / object destruction and unbinding (git-fixes).
drm/i915: Require the vm mutex for i915_vma_bind() (git-fixes).
drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector() (git-fixes).
drm/imx/dcss: Add missing of_node_put() in fail path (git-fixes).
drm/mediatek: Detect CMDQ execution timeout (git-fixes).
drm/mediatek: Remove the pointer of struct cmdq_client (git-fixes).
drm/mediatek: Use mailbox rx_callback instead of cmdq_task_cb (git-fixes).
drm/panfrost: Fix shrinker list corruption by madvise IOCTL (git-fixes).
drm/panfrost: Put mapping instead of shmem obj on panfrost_mmu_map_fault_addr() error (git-fixes).
drm/ttm: fix locking in vmap/vunmap TTM GEM helpers (git-fixes).
dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo (git-fixes).
dt-bindings: gpio: Add Tegra241 support (jsc#SLE-24571)
dt-bindings: soc: qcom: smd-rpm: Add compatible for MSM8953 SoC (git-fixes).
dt-bindings: soc: qcom: smd-rpm: Fix missing MSM8936 compatible (git-fixes).
e1000e: Enable GPT clock before sending message to CSME (git-fixes).
efi/x86: use naked RET on mixed mode call wrapper (git-fixes).
ethernet: Fix error handling in xemaclite_of_probe (git-fixes).
ethtool: Fix get module eeprom fallback (bsc#1201323).
fbcon: Disallow setting font bigger than screen size (git-fixes).
fbcon: Prevent that screen size is smaller than font size (git-fixes).
fbdev: fbmem: Fix logo center image dx issue (git-fixes).
fbmem: Check virtual screen sizes in fb_set_var() (git-fixes).
fjes: Check for error irq (git-fixes).
fsl/fman: Check for null pointer after calling devm_ioremap (git-fixes).
fsl/fman: Fix missing put_device() call in fman_port_probe (git-fixes).
fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1201593).
fuse: make sure reclaim does not write the inode (bsc#1201592).
gpio: gpio-xilinx: Fix integer overflow (git-fixes).
gpio: pca953x: only use single read/write for No AI mode (git-fixes).
gpio: pca953x: use the correct range when do regmap sync (git-fixes).
gpio: pca953x: use the correct register address when regcache sync during init (git-fixes).
gpio: tegra186: Add IRQ per bank for Tegra241 (jsc#SLE-24571)
gpio: tegra186: Add support for Tegra241 (jsc#SLE-24571)
gve: Recording rx queue before sending to napi (git-fixes).
hwmon: (occ) Prevent power cap command overwriting poll response (git-fixes).
hwmon: (occ) Remove sequence numbering and checksum calculation (git-fixes).
hwrng: cavium - fix NULL but dereferenced coccicheck error (jsc#SLE-24682).
i2c: cadence: Change large transfer count reset logic to be unconditional (git-fixes).
i2c: cadence: Unregister the clk notifier in error path (git-fixes).
i2c: mlxcpld: Fix register setting for 400KHz frequency (git-fixes).
i2c: piix4: Fix a memory leak in the EFCH MMIO support (git-fixes).
i2c: smbus: Check for parent device before dereference (git-fixes).
i2c: smbus: Use device_*() functions instead of of_*() (jsc#SLE-24569)
i2c: tegra: Add SMBus block read function (jsc#SLE-24569)
i2c: tegra: Add the ACPI support (jsc#SLE-24569)
i2c: tegra: use i2c_timings for bus clock freq (jsc#SLE-24569)
ice: Avoid RTNL lock when re-creating auxiliary device (git-fixes).
ice: Fix error with handling of bonding MTU (git-fixes).
ice: Fix race condition during interface enslave (git-fixes).
ice: stop disabling VFs due to PF error responses (git-fixes).
ida: do not use BUG_ON() for debugging (git-fixes).
ima: Fix a potential integer overflow in ima_appraise_measurement (git-fixes).
ima: Fix potential memory leak in ima_init_crypto() (git-fixes).
ima: force signature verification when CONFIG_KEXEC_SIG is configured (git-fixes).
irqchip/gic-v3: Workaround Marvell erratum 38545 when reading IAR (jsc#SLE-24682).
irqchip: or1k-pic: Undefine mask_ack for level triggered hardware (git-fixes).
ixgbevf: Require large buffers for build_skb on 82599VF (git-fixes).
kABI workaround for phy_device changes (git-fixes).
kABI workaround for rtsx_usb (git-fixes).
kABI workaround for snd-soc-rt5682-* (git-fixes).
kABI: fix adding field to scsi_device (git-fixes).
kABI: fix adding field to ufs_hba (git-fixes).
kABI: i2c: smbus: restore of_ alert variant (jsc#SLE-24569). kABI fix for 'i2c: smbus: Use device_*() functions instead of of_*()'
kabi/severities: add intel ice
kabi/severities: add stmmac network driver local symbols
kabi/severities: ignore dropped symbol rt5682_headset_detect
kasan: fix tag for large allocations when using CONFIG_SLAB (git fixes (mm/kasan)).
kernel-obs-build: include qemu_fw_cfg (boo#1201705)
kvm: emulate: do not adjust size of fastop and setcc subroutines (bsc#1201930).
kvm: emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930).
libceph: fix potential use-after-free on linger ping and resends (bsc#1201596).
md: bcache: check the return value of kzalloc() in detached_dev_do_request() (git-fixes).
memcg: page_alloc: skip bulk allocator for __GFP_ACCOUNT (git fixes (mm/pgalloc)).
memregion: Fix memregion_free() fallback definition (git-fixes).
misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer (git-fixes).
misc: rtsx_usb: set return value in rsp_buf alloc err path (git-fixes).
misc: rtsx_usb: use separate command and response buffers (git-fixes).
mm/large system hash: avoid possible NULL deref in alloc_large_system_hash (git fixes (mm/pgalloc)).
mm/secretmem: avoid letting secretmem_users drop to zero (git fixes (mm/secretmem)).
mm/vmalloc: fix numa spreading for large hash tables (git fixes (mm/vmalloc)).
mm/vmalloc: make sure to dump unpurged areas in /proc/vmallocinfo (git fixes (mm/vmalloc)).
mm/vmalloc: repair warn_alloc()s in __vmalloc_area_node() (git fixes (mm/vmalloc)).
mm: do not try to NUMA-migrate COW pages that have other uses (git fixes (mm/numa)).
mm: swap: get rid of livelock in swapin readahead (git fixes (mm/swap)).
mt76: mt7921: get rid of mt7921_mac_set_beacon_filter (git-fixes).
natsemi: xtensa: fix section mismatch warnings (git-fixes).
nbd: fix possible overflow on 'first_minor' in nbd_dev_add() (git-fixes).
net/fsl: xgmac_mdio: Add workaround for erratum A-009885 (git-fixes).
net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module (git-fixes).
net/qla3xxx: fix an error code in ql_adapter_up() (git-fixes).
net: ag71xx: Fix a potential double free in error handling paths (git-fixes).
net: altera: set a couple error code in probe() (git-fixes).
net: amd-xgbe: Fix skb data length underflow (git-fixes).
net: amd-xgbe: disable interrupts during pci removal (git-fixes).
net: amd-xgbe: ensure to reset the tx_timer_active flag (git-fixes).
net: annotate data-races on txq->xmit_lock_owner (git-fixes).
net: axienet: Fix TX ring slot available check (git-fixes).
net: axienet: Wait for PhyRstCmplt after core reset (git-fixes).
net: axienet: add missing memory barriers (git-fixes).
net: axienet: fix for TX busy handling (git-fixes).
net: axienet: fix number of TX ring slots for available check (git-fixes).
net: axienet: increase default TX ring size to 128 (git-fixes).
net: axienet: increase reset timeout (git-fixes).
net: axienet: limit minimum TX ring size (git-fixes).
net: bcm4908: Handle dma_set_coherent_mask error codes (git-fixes).
net: bcmgenet: Do not claim WOL when its not available (git-fixes).
net: bcmgenet: skip invalid partial checksums (git-fixes).
net: chelsio: cxgb3: check the return value of pci_find_capability() (git-fixes).
net: cpsw: Properly initialise struct page_pool_params (git-fixes).
net: cpsw: avoid alignment faults by taking NET_IP_ALIGN into account (git-fixes).
net: dsa: ar9331: register the mdiobus under devres (git-fixes).
net: dsa: bcm_sf2: do not use devres for mdiobus (git-fixes).
net: dsa: felix: do not use devres for mdiobus (git-fixes).
net: dsa: lan9303: add VLAN IDs to master device (git-fixes).
net: dsa: lan9303: fix reset on probe (git-fixes).
net: dsa: lantiq_gswip: do not use devres for mdiobus (git-fixes).
net: dsa: mt7530: fix incorrect test in mt753x_phylink_validate() (git-fixes).
net: dsa: mt7530: fix kernel bug in mdiobus_free() when unbinding (git-fixes).
net: dsa: mt7530: make NET_DSA_MT7530 select MEDIATEK_GE_PHY (git-fixes).
net: dsa: mv88e6xxx: do not use devres for mdiobus (git-fixes).
net: dsa: mv88e6xxx: fix use-after-free in mv88e6xxx_mdios_unregister (git-fixes).
net: dsa: mv88e6xxx: flush switchdev FDB workqueue before removing VLAN (git-fixes).
net: ethernet: lpc_eth: Handle error for clk_enable (git-fixes).
net: ethernet: mtk_eth_soc: fix error checking in mtk_mac_config() (git-fixes).
net: ethernet: mtk_eth_soc: fix return values and refactor MDIO ops (git-fixes).
net: ethernet: ti: cpts: Handle error for clk_enable (git-fixes).
net: fec: only clear interrupt of handling queue in fec_enet_rx_queue() (git-fixes).
net: ieee802154: ca8210: Fix lifs/sifs periods (git-fixes).
net: ieee802154: ca8210: Stop leaking skb's (git-fixes).
net: ieee802154: hwsim: Ensure proper channel selection at probe time (git-fixes).
net: ieee802154: mcr20a: Fix lifs/sifs periods (git-fixes).
net: ipa: add an interconnect dependency (git-fixes).
net: ipa: fix atomic update in ipa_endpoint_replenish() (git-fixes).
net: ipa: prevent concurrent replenish (git-fixes).
net: ipa: use a bitmap for endpoint replenish_enabled (git-fixes).
net: ks8851: Check for error irq (git-fixes).
net: lantiq_xrx200: fix statistics of received bytes (git-fixes).
net: ll_temac: check the return value of devm_kmalloc() (git-fixes).
net: macb: Fix lost RX packet wakeup race in NAPI receive (git-fixes).
net: macsec: Fix offload support for NETDEV_UNREGISTER event (git-fixes).
net: macsec: Verify that send_sci is on when setting Tx sci explicitly (git-fixes).
net: marvell: mvpp2: Fix the computation of shared CPUs (git-fixes).
net: marvell: prestera: Add missing of_node_put() in prestera_switch_set_base_mac_addr (git-fixes).
net: marvell: prestera: fix incorrect return of port_find (git-fixes).
net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE (git-fixes).
net: mscc: ocelot: fix backwards compatibility with single-chain tc-flower offload (git-fixes).
net: mscc: ocelot: fix mutex lock error during ethtool stats read (git-fixes).
net: mscc: ocelot: fix using match before it is set (git-fixes).
net: mv643xx_eth: process retval from of_get_mac_address (git-fixes).
net: mvpp2: fix XDP rx queues registering (git-fixes).
net: phy: Do not trigger state machine while in suspend (git-fixes).
net: phylink: Force link down and retrigger resolve on interface change (git-fixes).
net: phylink: Force retrigger in case of latched link-fail indicator (git-fixes).
net: rose: fix UAF bug caused by rose_t0timer_expiry (git-fixes).
net: sfp: fix high power modules without diagnostic monitoring (git-fixes).
net: sfp: ignore disabled SFP node (git-fixes).
net: sparx5: Fix add vlan when invalid operation (git-fixes).
net: sparx5: Fix get_stat64 crash in tcpdump (git-fixes).
net: stmmac: Add platform level debug register dump feature (git-fixes).
net: stmmac: Avoid DMA_CHAN_CONTROL write if no Split Header support (git-fixes).
net: stmmac: configure PTP clock source prior to PTP initialization (git-fixes).
net: stmmac: dump gmac4 DMA registers correctly (git-fixes).
net: stmmac: dwmac-rk: fix oob read in rk_gmac_setup (git-fixes).
net: stmmac: dwmac-visconti: Fix bit definitions for ETHER_CLK_SEL (git-fixes).
net: stmmac: dwmac-visconti: Fix clock configuration for RMII mode (git-fixes).
net: stmmac: dwmac-visconti: Fix value of ETHER_CLK_SEL_FREQ_SEL_2P5M (git-fixes).
net: stmmac: dwmac-visconti: No change to ETHER_CLOCK_SEL for unexpected speed request (git-fixes).
net: stmmac: ensure PTP time register reads are consistent (git-fixes).
net: stmmac: fix return value of __setup handler (git-fixes).
net: stmmac: fix tc flower deletion for VLAN priority Rx steering (git-fixes).
net: stmmac: properly handle with runtime pm in stmmac_dvr_remove() (git-fixes).
net: stmmac: ptp: fix potentially overflowing expression (git-fixes).
net: stmmac: retain PTP clock time during SIOCSHWTSTAMP ioctls (git-fixes).
net: stmmac: skip only stmmac_ptp_register when resume from suspend (git-fixes).
net: sxgbe: fix return value of __setup handler (git-fixes).
net: systemport: Add global locking for descriptor lifecycle (git-fixes).
net: usb: qmi_wwan: add Telit 0x1060 composition (git-fixes).
net: usb: qmi_wwan: add Telit 0x1070 composition (git-fixes).
netdevsim: do not overwrite read only ethtool parms (git-fixes).
nfp: Fix memory leak in nfp_cpp_area_cache_add() (git-fixes).
nvme: add APIs for stopping/starting admin queue (bsc#1201651).
nvme: apply nvme API to quiesce/unquiesce admin queue (bsc#1201651).
nvme: loop: clear NVME_CTRL_ADMIN_Q_STOPPED after admin queue is reallocated (bsc#1201651).
nvme: paring quiesce/unquiesce (bsc#1201651).
nvme: prepare for pairing quiescing and unquiescing (bsc#1201651).
nvme: wait until quiesce is done (bsc#1201651).
octeontx2-af: Do not fixup all VF action entries (git-fixes).
octeontx2-af: Fix a memleak bug in rvu_mbox_init() (git-fixes).
octeontx2-af: cn10k: Do not enable RPM loopback for LPC interfaces (git-fixes).
octeontx2-pf: Forward error codes to VF (git-fixes).
page_alloc: fix invalid watemark check on a negative value (git fixes (mm/pgalloc)).
perf/amd/ibs: Add support for L3 miss filtering (jsc#SLE-24578).
perf/amd/ibs: Advertise zen4_ibs_extensions as pmu capability attribute (jsc#SLE-24578).
perf/amd/ibs: Cascade pmu init functions' return value (jsc#SLE-24578).
perf/amd/ibs: Use ->is_visible callback for dynamic attributes (jsc#SLE-24578).
pinctrl: aspeed: Fix potential NULL dereference in aspeed_pinmux_set_mux() (git-fixes).
pinctrl: sunxi: a83t: Fix NAND function name for some pins (git-fixes).
pinctrl: sunxi: sunxi_pconf_set: use correct offset (git-fixes).
platform/x86: hp-wmi: Ignore Sanitization Mode event (git-fixes).
posix_cpu_timers: fix race between exit_itimers() and /proc/pid/timers (git-fixes).
power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe (git-fixes).
powerpc/mobility: wait for memory transfer to complete (bsc#1201846 ltc#198761).
powerpc/pseries/mobility: set NMI watchdog factor during an LPM (bsc#1201846 ltc#198761).
powerpc/watchdog: introduce a NMI watchdog's factor (bsc#1201846 ltc#198761).
ppp: ensure minimum packet size in ppp_write() (git-fixes).
qede: validate non LSO skb length (git-fixes).
r8152: fix a WOL issue (git-fixes).
r8169: fix accessing unset transport header (git-fixes).
random: document add_hwgenerator_randomness() with other input functions (git-fixes).
random: fix typo in comments (git-fixes).
raw: Fix a data-race around sysctl_raw_l3mdev_accept (git-fixes).
reset: Fix devm bulk optional exclusive control getter (git-fixes).
rocker: fix a sleeping in atomic bug (git-fixes).
rpm/modules.fips: add ecdsa_generic (jsc#SLE-21132,bsc#1201258).
sched/core: Do not requeue task on CPU excluded from cpus_mask (bnc#1199356).
scsi: avoid to quiesce sdev->request_queue two times (bsc#1201651).
scsi: core: sd: Add silence_suspend flag to suppress some PM messages (git-fixes).
scsi: iscsi: Exclude zero from the endpoint ID range (git-fixes).
scsi: lpfc: Fix mailbox command failure during driver initialization (git-fixes).
scsi: make sure that request queue queiesce and unquiesce balanced (bsc#1201651).
scsi: scsi_debug: Do not call kcalloc() if size arg is zero (git-fixes).
scsi: scsi_debug: Fix type in min_t to avoid stack OOB (git-fixes).
scsi: scsi_debug: Fix zone transition to full condition (git-fixes).
scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() (git-fixes).
scsi: sd: Fix potential NULL pointer dereference (git-fixes).
scsi: sd: Fix sd_do_mode_sense() buffer length handling (git-fixes).
scsi: ufs: Fix a deadlock in the error handler (git-fixes).
scsi: ufs: Fix runtime PM messages never-ending cycle (git-fixes).
scsi: ufs: Remove dead code (git-fixes).
scsi: ufs: core: scsi_get_lba() error fix (git-fixes).
serial: 8250: Fix PM usage_count for console handover (git-fixes).
serial: 8250: fix return error code in serial8250_request_std_resource() (git-fixes).
serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle (git-fixes).
serial: sc16is7xx: Clear RS485 bits in the shutdown (git-fixes).
serial: stm32: Clear prev values before setting RTS delays (git-fixes).
soc: ixp4xx/npe: Fix unused match warning (git-fixes).
spi: Add Tegra234 QUAD SPI compatible (jsc#SLE-24570)
spi: amd: Limit max transfer and message size (git-fixes).
spi: bcm2835: bcm2835_spi_handle_err(): fix NULL pointer deref for non DMA transfers (git-fixes).
spi: tegra210-quad: add acpi support (jsc#SLE-24570)
spi: tegra210-quad: add new chips to compatible (jsc#SLE-24570)
spi: tegra210-quad: combined sequence mode (jsc#SLE-24570)
spi: tegra210-quad: use device_reset method (jsc#SLE-24570)
spi: tegra210-quad: use devm call for cdata memory (jsc#SLE-24570)
supported.conf: mark marvell octeontx2 crypto driver as supported (jsc#SLE-24682) Mark rvu_cptpf.ko and rvu_cptvf.ko as supported.
supported.conf: rvu_mbox as supported (jsc#SLE-24682)
sysctl: Fix data races in proc_dointvec() (git-fixes).
sysctl: Fix data races in proc_dointvec_jiffies() (git-fixes).
sysctl: Fix data races in proc_dointvec_minmax() (git-fixes).
sysctl: Fix data races in proc_douintvec() (git-fixes).
sysctl: Fix data races in proc_douintvec_minmax() (git-fixes).
sysctl: Fix data races in proc_doulongvec_minmax() (git-fixes).
sysctl: Fix data-races in proc_dointvec_ms_jiffies() (git-fixes).
sysctl: Fix data-races in proc_dou8vec_minmax() (git-fixes).
tee: fix put order in teedev_close_context() (git-fixes).
tty: serial: samsung_tty: set dma burst_size to 1 (git-fixes).
tun: fix bonding active backup with arp monitoring (git-fixes).
usb: dwc3: gadget: Fix event pending check (git-fixes).
usb: serial: ftdi_sio: add Belimo device ids (git-fixes).
usb: typec: add missing uevent when partner support PD (git-fixes).
usbnet: fix memory leak in error case (git-fixes).
veth: Do not record rx queue hint in veth_xmit (git-fixes).
veth: ensure skb entering GRO are not cloned (git-fixes).
video: of_display_timing.h: include errno.h (git-fixes).
virtio_mmio: Add missing PM calls to freeze/restore (git-fixes).
virtio_mmio: Restore guest page size on resume (git-fixes).
vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf dev xmit (git-fixes).
vt: fix memory overlapping when deleting chars in the buffer (git-fixes).
watchdog: export lockup_detector_reconfigure (bsc#1201846 ltc#198761).
wifi: mac80211: fix queue selection for mesh/OCB interfaces (git-fixes).
wifi: mac80211_hwsim: set virtio device ready in probe() (git-fixes).
x86/bugs: Remove apostrophe typo (bsc#1190497).

Advisory ID	SUSE-RU-2022:2804-1
Released	Mon Aug 15 06:58:29 2022
Summary	Recommended update for gvfs
Type	recommended
Severity	moderate
References	1198718

Description:

This update for gvfs fixes the following issues:

Fixes inability to mount smb shares with samba 4.16 (bsc#1198718)
Fix build with meson 0.61 and newer
Package org.gtk.vfs.file-operations.rules polkit rules file as an example in docs

Advisory ID	SUSE-RU-2022:2810-1
Released	Tue Aug 16 09:03:20 2022
Summary	Recommended update for python-kiwi
Type	recommended
Severity	moderate
References	1194992,1197616,1197783

Description:

This update for python-kiwi fixes the following issues:

Preserve the LABEL= setting when the grub config file is re-generated. (bsc#1197616)
Add ensure empty tmpdirs option for OCI containers. (bsc#1197783)
Set /.snapshots subvolume to mode 0700 (bsc#1194992)

Advisory ID	SUSE-SU-2022:2818-1
Released	Tue Aug 16 12:48:08 2022
Summary	Security update for ceph
Type	security
Severity	important
References	1194131,1195359,1196044,1196785,1200064,1200553,CVE-2021-3979

Description:

This update for ceph fixes the following issues:

Update to 16.2.9-536-g41a9f9a5573: + (bsc#1195359, bsc#1200553) rgw: check bucket shard init status in RGWRadosBILogTrimCR + (bsc#1194131) ceph-volume: honour osd_dmcrypt_key_size option (CVE-2021-3979)

Update to 16.2.9-158-gd93952c7eea: + cmake: check for python(\d)\.(\d+) when building boost + make-dist: patch boost source to support python 3.10

Update to ceph-16.2.9-58-ge2e5cb80063: + (bsc#1200064, pr#480) Remove last vestiges of docker.io image paths

Update to 16.2.9.50-g7d9f12156fb: + (jsc#SES-2515) High-availability NFS export + (bsc#1196044) cephadm: prometheus: The generatorURL in alerts is only using hostname + (bsc#1196785) cephadm: avoid crashing on expected non-zero exit

Update to 16.2.7-969-g6195a460d89 + (jsc#SES-2515) High-availability NFS export

Advisory ID	SUSE-SU-2022:2825-1
Released	Tue Aug 16 17:12:47 2022
Summary	Security update for rsync
Type	security
Severity	important
References	1201840,CVE-2022-29154

Description:

This update for rsync fixes the following issues:

CVE-2022-29154: Fixed an arbitrary file write when connecting to a malicious server (bsc#1201840).

Advisory ID	SUSE-SU-2022:2826-1
Released	Tue Aug 16 17:14:24 2022
Summary	Security update for webkit2gtk3
Type	security
Severity	important
References	1201980,CVE-2022-32792,CVE-2022-32816

Description:

This update for webkit2gtk3 fixes the following issues:

Update to version 2.36.5 (bsc#1201980): - Add support for PAC proxy in the WebDriver implementation. - Fix video playback when loaded through custom URIs, this fixes video playback in the Yelp documentation browser. - Fix WebKitWebView::context-menu when using GTK4. - Fix LTO builds with GCC. - Fix several crashes and rendering issues.
Security fixes: - CVE-2022-32792: Fixed processing maliciously crafted web content may lead to arbitrary code execution. - CVE-2022-32816: Fixed visiting a website that frames malicious content may lead to UI spoofing.

Advisory ID	SUSE-SU-2022:2831-1
Released	Wed Aug 17 14:41:07 2022
Summary	Recommended update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures, python-coverage, python-oniconfig, python-unittest-mixins
Type	security
Severity	moderate
References	1195916,1196696,CVE-2020-29651

Description:

This update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures fixes the following issues:

Update in SLE-15 (bsc#1196696, bsc#1195916, jsc#SLE-23972)

Remove redundant python3 dependency from Requires
Update regular expression to fix python shebang
Style is enforced upstream and triggers unnecessary build version requirements
Allow specifying fs_id in cloudwatch log group name
Includes fix for stunnel path
Added hardening to systemd service(s).
Raise minimal pytest version
Fix typo in the ansi2html Requires
Cleanup with spec-cleaner
Make sure the tests are really executed
Remove useless devel dependency
Multiprocessing support in Python 3.8 was broken, but is now fixed
Bumpy the URL to point to github rather than to docs

Advisory ID	SUSE-SU-2022:2834-1
Released	Wed Aug 17 16:51:55 2022
Summary	Security update for podman
Type	security
Severity	important
References	1182428,1196338,1197284,CVE-2022-1227,CVE-2022-21698,CVE-2022-27191

Description:

This update for podman fixes the following issues:
Updated to version 3.4.7:

CVE-2022-1227: Fixed an issue that could allow an attacker to publish a malicious image to a public registry and run arbitrary code in the victim's context via the 'podman top' command (bsc#1182428).
CVE-2022-27191: Fixed a potential crash via SSH under specific configurations (bsc#1197284).
CVE-2022-21698: Fixed a potential denial of service that affected servers that used Prometheus instrumentation (bsc#1196338).

Advisory ID	SUSE-SU-2022:2835-1
Released	Wed Aug 17 16:52:22 2022
Summary	Security update for ntfs-3g_ntfsprogs
Type	security
Severity	important
References	1199978,CVE-2021-46790,CVE-2022-30783,CVE-2022-30784,CVE-2022-30785,CVE-2022-30786,CVE-2022-30787,CVE-2022-30788,CVE-2022-30789

Description:

This update for ntfs-3g_ntfsprogs fixes the following issues:
Updated to version 2022.5.17 (bsc#1199978):

CVE-2022-30783: Fixed an issue where messages between NTFS-3G and the kernel could be intercepted when using libfuse-lite.
CVE-2022-30784: Fixed a memory exhaustion issue when opening a crafted NTFS image.
CVE-2022-30785: Fixed a bug where arbitrary memory read and write operations could be achieved whe using libfuse-lite.
CVE-2022-30786: Fixed a memory corruption issue when opening a crafted NTFS image.
CVE-2022-30787: Fixed an integer underflow which enabled arbitrary memory read operations when using libfuse-lite.
CVE-2022-30788: Fixed a memory corruption issue when opening a crafted NTFS image.
CVE-2022-30789: Fixed a memory corruption issue when opening a crafted NTFS image.

Advisory ID	SUSE-RU-2022:2844-1
Released	Thu Aug 18 14:41:25 2022
Summary	Recommended update for tar
Type	recommended
Severity	important
References	1202436

Description:

This update for tar fixes the following issues:

A regression in a previous update lead to potential deadlocks when extracting an archive. (bsc#1202436)

Advisory ID	SUSE-RU-2022:2848-1
Released	Fri Aug 19 03:57:50 2022
Summary	Recommended update for gdm
Type	recommended
Severity	important
References	1200323

Description:

This update for gdm fixes the following issues:

Disable Wayland on aspeed chipsets because of performance issues (bsc#1200323)

Advisory ID	SUSE-RU-2022:2849-1
Released	Fri Aug 19 03:59:48 2022
Summary	Recommended update for at
Type	recommended
Severity	moderate
References	1196219

Description:

This update for at fixes the following issues:

Fixes an issue when an error 'Read-only file system' appears when writing to '/dev/kmsg'. (bsc#1196219)

Advisory ID	SUSE-RU-2022:2851-1
Released	Fri Aug 19 09:57:06 2022
Summary	Recommended update for rustup
Type	recommended
Severity	moderate
References	1200499

Description:

This update for rustup fixes the following issues:

added correct provides to the obsoletes of older rust subpackages, to get correct provides obsoletes pairs and allow better transition between RPMs. (bsc#1200499)

Advisory ID	SUSE-RU-2022:2853-1
Released	Fri Aug 19 15:59:42 2022
Summary	Recommended update for sle-module-legacy-release
Type	recommended
Severity	low
References	1202498

Description:

This update for python-iniconfig provides the following fix:

Ship python3-iniconfig also to openSUSE 15.3 and 15.4 (bsc#1202498)

Advisory ID	SUSE-SU-2022:2854-1
Released	Fri Aug 19 16:04:36 2022
Summary	Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP4)
Type	security
Severity	important
References	1199606,1201080,1201222,1201517,1201629,1201656,1201657,CVE-2022-1679,CVE-2022-1734,CVE-2022-26490,CVE-2022-28389,CVE-2022-28390,CVE-2022-33743,CVE-2022-34918

Description:

This update for the Linux Kernel 5.14.21-150400_22 fixes several issues.
The following security issues were fixed:

CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. (bnc#1198033)
CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could crash the system or corrupt the system memory. (bsc#1196830)
CVE-2022-33743: Fixed a Denial of Service related to XDP (bsc#1200763).
CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel (bnc#1198031).
CVE-2022-34918: Fixed a buffer overflow with nft_set_elem_init() that could be used by a local attacker to escalate privileges (bnc#1201171).
CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487).
CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605)

Advisory ID	SUSE-SU-2022:2856-1
Released	Fri Aug 19 16:10:43 2022
Summary	Security update for java-1_8_0-openjdk
Type	security
Severity	important
References	1195163,1201684,1201692,1201694,CVE-2022-21540,CVE-2022-21541,CVE-2022-34169

Description:

This update for java-1_8_0-openjdk fixes the following issues:

Updated to version jdk8u345 (icedtea-3.24.0) - CVE-2022-21540: Fixed a potential Java sandbox bypass (bsc#1201694). - CVE-2022-21541: Fixed a potential Java sandbox bypass (bsc#1201692). - CVE-2022-34169: Fixed an issue where arbitrary bytecode could be executed via a malicious stylesheet (bsc#1201684).

Non-security fixes: - Allowed for customization of PKCS12 keystores (bsc#1195163).

Advisory ID	SUSE-SU-2022:2866-1
Released	Mon Aug 22 15:36:30 2022
Summary	Security update for systemd-presets-common-SUSE
Type	security
Severity	moderate
References	1199524,1200485,CVE-2022-1706

Description:

This update for systemd-presets-common-SUSE fixes the following issues:

CVE-2022-1706: Fixed accessible configs from unprivileged containers in VMs running on VMware products (bsc#1199524).

The following non-security bugs were fixed:

Modify branding-preset-states to fix systemd-presets-common-SUSE not enabling new user systemd service preset configuration just as it handles system service presets. By passing an (optional) second parameter 'user', the save/apply-changes commands now work with user services instead of system ones (bsc#1200485)

Add the wireplumber user service preset to enable it by default in SLE15-SP4 where it replaced pipewire-media-session, but keep pipewire-media-session preset so we don't have to branch the systemd-presets-common-SUSE package for SP4 (bsc#1200485)

Advisory ID	SUSE-SU-2022:2869-1
Released	Mon Aug 22 17:08:50 2022
Summary	Security update for u-boot
Type	security
Severity	important
References	1201213,CVE-2022-33103

Description:

This update for u-boot fixes the following issues:

CVE-2022-33103: Fixed a flaw in the squashfs subsystem that could lead to arbitrary code execution (bsc#1201213).

Advisory ID	SUSE-SU-2022:2870-1
Released	Mon Aug 22 23:02:55 2022
Summary	Security update for rubygem-rails-html-sanitizer
Type	security
Severity	moderate
References	1201183,CVE-2022-32209

Description:

This update for rubygem-rails-html-sanitizer fixes the following issues:

CVE-2022-32209: Fixed a potential content injection under specific configurations (bsc#1201183).

Advisory ID	SUSE-SU-2022:2874-1
Released	Tue Aug 23 10:33:35 2022
Summary	Security update for perl-HTTP-Daemon
Type	security
Severity	moderate
References	1201157,CVE-2022-31081

Description:

This update for perl-HTTP-Daemon fixes the following issues:

CVE-2022-31081: Fixed request smuggling in HTTP::Daemon (bsc#1201157).

Advisory ID	SUSE-SU-2022:2877-1
Released	Tue Aug 23 13:31:23 2022
Summary	Security update for cosign
Type	security
Severity	important
References	1202157,CVE-2022-35929

Description:

This update for cosign fixes the following issues:

Updated to 1.10.1 (jsc#SLE-23879): - CVE-2022-35929: Fixed an issue where cosign verify-attestation --type could report false positives when there was at least one attestation with a valid signature and there were no attestations of the type being verified (bsc#1202157).

Advisory ID	SUSE-RU-2022:2879-1
Released	Tue Aug 23 14:49:17 2022
Summary	Recommended update for scap-security-guide
Type	recommended
Severity	moderate
References	1200122,1200149,1200163

Description:

This update for scap-security-guide fixes the following issues:
scap-security-guide was updated to 0.1.63 (jsc#ECO-3319):

multiple bugfixes in SUSE profiles
Expand project guidelines
Add Draft OCP4 STIG profile
Add anssi_bp28_intermediary profile
add products/uos20 to support UnionTech OS Server 20
products/alinux3: Add CIS Alibaba Cloud Linux 3 profiles
Remove WRLinux Products
Update CIS RHEL8 Benchmark for v2.0.0

SUSE specific issues fixed:

stig: /etc/shadow group owner should not be root but shadow (bsc#1200149)
sles15_script-stig.sh: remediation_functions: No such file or directory (bsc#1200163)
SLES-15-010130 - The SUSE operating system must initiate a session lock after a 15-minute period of inactivity (bsc#1200122)

Advisory ID	SUSE-SU-2022:2880-1
Released	Tue Aug 23 15:50:29 2022
Summary	Security update for dpdk
Type	security
Severity	important
References	1195172,1198581,1198873

Description:

This update of dpdk fixes the following issue:

Fix to read PCI device name as UTF strings (bsc#1198873)
Allow configuring thread granularity of Kernel NIC Interface (bsc#1195172)
Rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581)

Advisory ID	SUSE-RU-2022:2889-1
Released	Thu Aug 25 04:11:03 2022
Summary	Recommended update for emacs-apel
Type	recommended
Severity	important
References	1197714

Description:

This update for emacs-apel fixes the following issues:

Fix build issue on SUSE Linux Enterprise 15 Service Pack 4 (bsc#1197714)

Advisory ID	SUSE-SU-2022:2896-1
Released	Thu Aug 25 11:09:47 2022
Summary	Security update for raptor
Type	security
Severity	moderate
References	1178903,CVE-2020-25713

Description:

This update for raptor fixes the following issues:

CVE-2020-25713: Fixed an out of bounds access triggered via a malformed input file (bsc#1178903).

Advisory ID	SUSE-RU-2022:2901-1
Released	Fri Aug 26 03:34:23 2022
Summary	Recommended update for elfutils
Type	recommended
Severity	moderate
References

Description:

This update for elfutils fixes the following issues:

Fix runtime dependency for devel package

Advisory ID	SUSE-RU-2022:2903-1
Released	Fri Aug 26 05:25:50 2022
Summary	Recommended update for Mesa
Type	recommended
Severity	moderate
References	1197045,1197046,1200965

Description:

This update for Mesa fixes the following issues:

Change default driver from 'iris' back to 'i965' for Intel Gen8-11 hardware; that way we also use the same driver used by X and Mesa (bsc#1200965, bsc#1197045, bsc#1197046)

Advisory ID	SUSE-RU-2022:2904-1
Released	Fri Aug 26 05:28:34 2022
Summary	Recommended update for openldap2
Type	recommended
Severity	moderate
References	1198341

Description:

This update for openldap2 fixes the following issues:

Prevent memory reuse which may lead to instability (bsc#1198341)

Advisory ID	SUSE-SU-2022:2908-1
Released	Fri Aug 26 11:36:03 2022
Summary	Security update for python-lxml
Type	security
Severity	important
References	1201253,CVE-2022-2309

Description:

This update for python-lxml fixes the following issues:

CVE-2022-2309: Fixed NULL pointer dereference due to state leak between parser runs (bsc#1201253).

Advisory ID	SUSE-RU-2022:2916-1
Released	Fri Aug 26 12:51:21 2022
Summary	Recommended update for aws-efs-utils
Type	recommended
Severity	critical
References

Description:

This update for aws-efs-utils fixes the following issues:

Fix missing binaries from the previous update

Advisory ID	SUSE-RU-2022:2920-1
Released	Fri Aug 26 15:17:02 2022
Summary	Recommended update for systemd
Type	recommended
Severity	important
References	1195059,1201795

Description:

This update for systemd fixes the following issues:

Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795)
Drop or soften some of the deprecation warnings (jsc#PED-944)
Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059)
Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default
analyze: Fix offline check for syscal filter
calendarspec: Fix timer skipping the next elapse
core: Allow command argument to be longer
hwdb: Add AV production controllers to hwdb and add uaccess
hwdb: Allow console users access to rfkill
hwdb: Allow end-users root-less access to TL866 EPROM readers
hwdb: Permit unsetting power/persist for USB devices
hwdb: Tag IR cameras as such
hwdb: Fix parsing issue
hwdb: Make usb match patterns uppercase
hwdb: Update the hardware database
journal-file: Stop using the event loop if it's already shutting down
journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called
journald: Ensure resources are properly allocated for SIGTERM handling
kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed
macro: Account for negative values in DECIMAL_STR_WIDTH()
manager: Disallow clone3() function call in seccomp filters
missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing
pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable
resolve: Fix typo in dns_class_is_pseudo()
sd-event: Improve handling of process events and termination of processes
sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces
stdio-bridge: Improve the meaning of the error message
tmpfiles: Check for the correct directory

Advisory ID	SUSE-SU-2022:2922-1
Released	Fri Aug 26 16:19:47 2022
Summary	Security update for libyang
Type	security
Severity	important
References	1186377,CVE-2021-28905

Description:

This update for libyang fixes the following issues:

CVE-2021-28905: Fixed a reachable assertion which could be exploited by an attacker to cause a denial of service (bsc#1186377).

Advisory ID	SUSE-RU-2022:2925-1
Released	Mon Aug 29 03:16:48 2022
Summary	Recommended update for audit-secondary
Type	recommended
Severity	important
References	1201519

Description:

This update for audit-secondary fixes the following issues:

Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519)

Advisory ID	SUSE-feature-2022:2926-1
Released	Mon Aug 29 10:38:52 2022
Summary	Feature update for LibreOffice
Type	feature
Severity	moderate
References	1041090,1183308,1192616,1195881,1196017,1196212,1196499,1197017

Description:

This feature update for LibreOffice provides the following fixes:
abseil-cpp:

Provide abseil-cpp version 20211102.0 as LibreOffice 7.3 dependency. (jsc#SLE-23447)
Mention already fixed issues. (fate#326485, bsc#1041090)

libcuckoo:

Provide libcuckoo version 0.3 as LibreOffice dependency. (jsc#SLE-23447)

libixion:

Update libixion from version 0.16.1 to version 0.17.0. (jsc#SLE-23447)
Build with mdds-2_0 instead of mdds-1.5. (jsc#SLE-23447)
Build with gcc11 and gcc11-c++. (jsc#SLE-23447)
Remove unneeded vulkan dependency
Provide binaries for non x86_64 architectures directly to SUSE Package Hub. (ijsc#MSC-303)

libreoffice:

Update LibreOffice from version 7.2.5.1 to version 7.3.3.1. (jsc#SLE-23447, jsc#SLE-24021) * Update bundled dependencies: * gpgme from version 1.13.1 to version 1.16.0 * libgpg-error from version 1.37 to version 1.43 * libassuan from version 2.5.3 to version 2.5.5 * pdfium from version 4500 to version 4699 * skia from version m90-45c57e116ee0ce214bdf78405a4762722e4507d9 to version m97-a7230803d64ae9d44f4e1282444801119a3ae967 * boost from version 1_75 to version 1_77 * icu4c from version 69_1 to version 70_1 * On SUSE Linux Enterprise 15 SP3 and newer require curl-devel 7.68.0 or newer * New build dependencies: * abseil-cpp-devel * libassuan0 * libcuckoo-devel * libopenjp2 * requrire liborcus-0.17 instead of liborcus-0.16 * requrire mdds-2.0 instead of mdds-1.5 * Do not use serf-1 anymore but use curl instead. * Other fixes: * Extraneous/missing lines in table in Impress versus PowerPoint (bsc#1192616) * Text with tabs appears quite different in Impress than in PowerPoint (bsc#1196212) * Bullets appear larger and green instead of black. (bsc#1195881) * Enable gtk3_kde5 and make it possible to use gtk3 in kde with the kde filepicker (bsc#1197017) * Mention already fixed issues. (bsc#1183308, bsc#1196017, bsc#1196499)

liborcus:

Update liborcus from version 0.16.1 to version 0.17.2. (jsc#SLE-23447)
Require mdds-2_0 instead of mdds-1.5. (jsc#SLE-23447)
Require libixion-0.17 instead of libixion-0.16. (jsc#SLE-23447)
Build with libtool and use autotools. (jsc#SLE-23447)
Provide binaries for non x86_64 architectures directly to SUSE Package Hub. (ijsc#MSC-303)

mdds-2_0:

Provide mdds-2_0 version 2.0.2 as LibreOffice dependency. (jsc#SLE-23447)

myspell-dictionaries:

Provide binaries for non x86_64 architectures directly to SUSE Package Hub. (ijsc#MSC-303)
There are no visible changes for the final user.

ucpp:

Provide binaries for non x86_64 architectures directly to SUSE Package Hub. (ijsc#MSC-303)
There are no visible changes for the final user.

xmlsec1:

Provide binaries for non x86_64 architectures directly to SUSE Package Hub. (ijsc#MSC-303)
There are no visible changes for the final user.

Advisory ID	SUSE-RU-2022:2928-1
Released	Mon Aug 29 10:42:15 2022
Summary	Recommended update for bluez
Type	recommended
Severity	moderate
References	1201060

Description:

This update of bluez ships the missing bluez-deprecated package. (bsc#1201060)

Advisory ID	SUSE-RU-2022:2929-1
Released	Mon Aug 29 11:21:47 2022
Summary	Recommended update for timezone
Type	recommended
Severity	important
References	1202310

Description:

This update for timezone fixes the following issue:

Reflect new Chile DST change (bsc#1202310)

Advisory ID	SUSE-RU-2022:2932-1
Released	Mon Aug 29 12:18:14 2022
Summary	Recommended update for kernel-livepatch-tools
Type	recommended
Severity	moderate
References	1200407

Description:

This update for kernel-livepatch-tools fixes the following issues:

Add patch expiration info to klp -vv patches output (jsc#SLE-23644)
Avoid error messages in the absence of the sysconfig file (bsc#1200407)
Add 'downgrade' command (jsc#SLE-23644)

Advisory ID	SUSE-SU-2022:2936-1
Released	Mon Aug 29 14:34:13 2022
Summary	Security update for open-vm-tools
Type	security
Severity	important
References	1202657,1202733,CVE-2022-31676

Description:

This update for open-vm-tools fixes the following issues:

Updated to version 12.1.0 (build 20219665) (bsc#1202733): - CVE-2022-31676: Fixed an issue that could allow unprivileged users inside a virtual machine to escalate privileges (bsc#1202657).

Advisory ID	SUSE-RU-2022:2939-1
Released	Mon Aug 29 14:49:17 2022
Summary	Recommended update for mozilla-nss
Type	recommended
Severity	moderate
References	1201298,1202645

Description:

This update for mozilla-nss fixes the following issues:
Update to NSS 3.79.1 (bsc#1202645)

compare signature and signatureAlgorithm fields in legacy certificate verifier.
Uninitialized value in cert_ComputeCertType.
protect SFTKSlot needLogin with slotLock.
avoid data race on primary password change.
check for null template in sec_asn1{d,e}_push_state.

FIPS: unapprove the rest of the DSA ciphers, keeping signature verification only (bsc#1201298).

Advisory ID	SUSE-SU-2022:2941-1
Released	Tue Aug 30 10:51:09 2022
Summary	Security update for libslirp
Type	security
Severity	moderate
References	1187365,1201551,CVE-2021-3593

Description:

This update for libslirp fixes the following issues:

CVE-2021-3593: Fixed invalid pointer initialization may lead to information disclosure (udp6) (bsc#1187365).

Non-security fixes:

Fix the version header (bsc#1201551)

Advisory ID	SUSE-RU-2022:2943-1
Released	Tue Aug 30 15:42:16 2022
Summary	Recommended update for python-iniconfig
Type	recommended
Severity	low
References	1202498

Description:

This update for python-iniconfig provides the following fix:

Ship missing python2-iniconfig to openSUSE 15.3 (bsc#1202498)

Advisory ID	SUSE-RU-2022:2944-1
Released	Wed Aug 31 05:39:14 2022
Summary	Recommended update for procps
Type	recommended
Severity	important
References	1181475

Description:

This update for procps fixes the following issues:

Fix 'free' command reporting misleading 'used' value (bsc#1181475)

Advisory ID	SUSE-RU-2022:2945-1
Released	Wed Aug 31 06:18:48 2022
Summary	Recommended update for sssd
Type	recommended
Severity	important
References	1202326

Description:

This recommended update for sssd fixes the following issues:

Fix sssd-common-32bit version conflict (bsc#1202326)

Advisory ID	SUSE-SU-2022:2947-1
Released	Wed Aug 31 09:16:21 2022
Summary	Security update for zlib
Type	security
Severity	important
References	1202175,CVE-2022-37434

Description:

This update for zlib fixes the following issues:

CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).

Advisory ID	SUSE-SU-2022:2949-1
Released	Wed Aug 31 09:20:16 2022
Summary	Security update for java-1_8_0-ibm
Type	security
Severity	important
References	1201684,1201685,1201692,1201694,1202427,CVE-2022-21540,CVE-2022-21541,CVE-2022-21549,CVE-2022-34169

Description:

This update for java-1_8_0-ibm fixes the following issues:

Updated to Java 8.0 Service Refresh 7 Fix Pack 11 (bsc#1202427): - CVE-2022-34169: Fixed an integer truncation issue in the Xalan Java XSLT library that occurred when processing malicious stylesheets (bsc#1201684). - CVE-2022-21549: Fixed an issue that could lead to computing negative random exponentials (bsc#1201685). - CVE-2022-21541: Fixed a potential bypass of sandbox restrictions in the Hotspot component (bsc#1201692). - CVE-2022-21540: Fixed a potential bypass of sandbox restrictions in the Hotspot component (bsc#1201694).

Advisory ID	SUSE-RU-2022:2953-1
Released	Wed Aug 31 10:36:20 2022
Summary	Recommended update for cloud-regionsrv-client
Type	recommended
Severity	moderate
References	1201612,1202706

Description:

This update for cloud-regionsrv-client fixes the following issues:

While the source code was updated to support SLE Micro the spec file was not updated for the new locations of the cache and the certs. Update the spec file to be consistent with the code implementation. (bsc#1202706)

Handle exception when trying to deregister a system form the server. (bsc#1201612)

Advisory ID	SUSE-RU-2022:2954-1
Released	Wed Aug 31 10:53:37 2022
Summary	Recommended update for bpftrace
Type	recommended
Severity	moderate
References	1200630

Description:

This update for bpftrace fixes the following issues:

Do not link against the shared BFD libraries, avoids direct dependency against binutils versions (bsc#1200630)

Advisory ID	SUSE-SU-2022:2960-1
Released	Wed Aug 31 13:11:50 2022
Summary	Security update for ucode-intel
Type	security
Severity	moderate
References	1201727,CVE-2022-21233

Description:

This update for ucode-intel fixes the following issues:
Updated to Intel CPU Microcode 20220809 release (bsc#1201727):

CVE-2022-21233: Fixed an issue where stale data may have been leaked from the legacy xAPIC MMIO region, which could be used to compromise an SGX enclave (INTEL-SA-00657). See also: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00657.html

Other fixes:

Update for functional issues. See also: https://www.intel.com/content/www/us/en/processors/xeon/scalable/xeon-scalable-spec-update.html?wapkw=processor+specification+update

Updated Platforms:

| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | SKX-SP | B1 | 06-55-03/97 | 0100015d | 0100015e | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006d05 | 02006e05 | Xeon Scalable | SKX-D | M1 | 06-55-04/b7 | 02006d05 | 02006e05 | Xeon D-21xx | ICX-SP | D0 | 06-6a-06/87 | 0d000363 | 0d000375 | Xeon Scalable Gen3 | GLK | B0 | 06-7a-01/01 | 0000003a | 0000003c | Pentium Silver N/J5xxx, Celeron N/J4xxx | GLK-R | R0 | 06-7a-08/01 | 0000001e | 00000020 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | ICL-U/Y | D1 | 06-7e-05/80 | 000000b0 | 000000b2 | Core Gen10 Mobile | TGL-R | C0 | 06-8c-02/c2 | 00000026 | 00000028 | Core Gen11 Mobile | TGL-H | R0 | 06-8d-01/c2 | 0000003e | 00000040 | Core Gen11 Mobile | RKL-S | B0 | 06-a7-01/02 | 00000053 | 00000054 | Core Gen11 | ADL | C0 | 06-97-02/03 | 0000001f | 00000022 | Core Gen12 | ADL | C0 | 06-97-05/03 | 0000001f | 00000022 | Core Gen12 | ADL | L0 | 06-9a-03/80 | 0000041c | 00000421 | Core Gen12 | ADL | L0 | 06-9a-04/80 | 0000041c | 00000421 | Core Gen12 | ADL | C0 | 06-bf-02/03 | 0000001f | 00000022 | Core Gen12 | ADL | C0 | 06-bf-05/03 | 0000001f | 00000022 | Core Gen12 ------------------------------------------------------------------

Advisory ID	SUSE-RU-2022:2967-1
Released	Thu Sep 1 10:45:01 2022
Summary	Recommended update for Mesa
Type	recommended
Severity	critical
References	1202850

Description:

This update for Mesa fixes the following issues:

Revert bsc#1200965 and make Xorg and Mesa able to load 'i965' driver again. (bsc#1202850)

Advisory ID	SUSE-OU-2022:2969-1
Released	Thu Sep 1 10:56:05 2022
Summary	Optional update for SUSE Package Hub
Type	optional
Severity	moderate
References	1201055

Description:

This optional update provides the following changes:

Fix KDE Plasma 5 missing binaries in SUSE Linux Enterprise Desktop 15 Service Pack 4 via PackageHub (bsc#1201055)
Affected source packages: AppStream attica-qt5 ffmpeg-4 gucharmap karchive kauth kbookmarks kcodecs kcompletion

kconfig kconfigwidgets kcoreaddons kcrash kdbusaddons kded kdoctools kglobalaccel kguiaddons ki18n kiconthemes kitemviews kjobwidgets knotifications kservice ktextwidgets kwallet kwidgetsaddons kwindowsystem kxmlgui libqt5-qtvirtualkeyboard polkit-qt5-1 solid sonnet xcb-util-cursor

Advisory ID	SUSE-feature-2022:2972-1
Released	Thu Sep 1 11:08:16 2022
Summary	Feature update for python-kubernetes
Type	feature
Severity	moderate
References

Description:

This feature update for python-kubernetes provides:

Deliver python3-kubernetes to the Containers Module 15 SP4. (jsc#SLE-17904, MSC-443) * Deliver python3-google-auth to Basesystem Module 15 SP4 as dependency of python3-kubernetes. * Deliver python3-cachetools to Basesystem Module 15 SP4 as dependency of python3-google-auth.
There are no visible changes for the final user.

Advisory ID	SUSE-RU-2022:2973-1
Released	Thu Sep 1 11:37:02 2022
Summary	Recommended update for dracut
Type	recommended
Severity	important
References	1198709,1201975

Description:

This update for dracut fixes the following issues:

Include fixes to make network-manager module work properly with dracut (bsc#1201975)
Add auto timeout to wicked DHCP test (bsc#1198709)

Advisory ID	SUSE-RU-2022:2975-1
Released	Thu Sep 1 12:24:55 2022
Summary	Recommended update for osinfo-db
Type	recommended
Severity	moderate
References	1196965,1197958

Description:

This update for osinfo-db fixes the following issues:

Add support for SUSE Linux Enterprise 15 Service Pack 4 (bsc#1197958)
Add support for SUSE Linux Enterprise Micro 5.2
Fix openSUSE Tumbleweed unattended installation with libvirt failing (bsc#1196965)
Update to database version 20220214

Advisory ID	SUSE-RU-2022:2977-1
Released	Thu Sep 1 12:30:19 2022
Summary	Recommended update for util-linux
Type	recommended
Severity	moderate
References	1197178,1198731

Description:

This update for util-linux fixes the following issues:

agetty: Resolve tty name even if stdin is specified (bsc#1197178)
libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)

Advisory ID	SUSE-feature-2022:2980-1
Released	Thu Sep 1 12:32:23 2022
Summary	Feature update for clamsap
Type	feature
Severity	moderate
References

Description:

This update for clamsap provides:
Update clamsap to version 0.104.3 (jsc#PED-805)

Fix XML MIME type detection using libmagic

Advisory ID	SUSE-SU-2022:2987-1
Released	Thu Sep 1 14:20:06 2022
Summary	Security update for postgresql13
Type	security
Severity	important
References	1198166,1202368,CVE-2022-2625

Description:

This update for postgresql13 fixes the following issues:

Update to 13.8:
CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension (bsc#1202368).

Advisory ID	SUSE-SU-2022:2989-1
Released	Thu Sep 1 14:24:28 2022
Summary	Security update for postgresql14
Type	security
Severity	important
References	1198166,1200437,1202368,CVE-2022-2625

Description:

This update for postgresql14 fixes the following issues:

Upgrade to version 14.5:
CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension (bsc#1202368).

Upgrade to version 14.4 (bsc#1200437)
Release notes: https://www.postgresql.org/docs/release/14.4/
Release announcement: https://www.postgresql.org/about/news/p-2470/
Prevent possible corruption of indexes created or rebuilt with the CONCURRENTLY option (bsc#1200437)
Pin to llvm13 until the next patchlevel update (bsc#1198166)

Advisory ID	SUSE-RU-2022:2992-1
Released	Fri Sep 2 03:20:19 2022
Summary	Recommended update for kernel-firmware
Type	recommended
Severity	moderate
References	1200889

Description:

This update for kernel-firmware fixes the following issues:

Fix missing aliases (bsc#1200889)

Advisory ID	SUSE-SU-2022:2993-1
Released	Fri Sep 2 09:49:10 2022
Summary	Security update for freerdp
Type	security
Severity	important
References	1191895,CVE-2021-41159,CVE-2021-41160

Description:

This update for freerdp fixes the following issues:

Fixed two input validation issues (bsc#1191895): - CVE-2021-41159: Fixed an improper validation of client input for gateway connections. - CVE-2021-41160: Fixed improper region checks that could lead to memory corruption.

Advisory ID	SUSE-RU-2022:2994-1
Released	Fri Sep 2 10:44:54 2022
Summary	Recommended update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame
Type	recommended
Severity	moderate
References	1198925

Description:

This update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame adds some missing 32bit libraries to some products. (bsc#1198925)
No codechanges were done in this update.

Advisory ID	SUSE-SU-2022:2995-1
Released	Fri Sep 2 12:12:22 2022
Summary	Security update for gdk-pixbuf
Type	security
Severity	moderate
References	1201826,CVE-2021-46829

Description:

This update for gdk-pixbuf fixes the following issues:
Update to version 2.42.8, including the following:

CVE-2021-46829: Fixed a heap-based buffer overflow when compositing or clearing frames in GIF files (bsc#1201826).

Advisory ID	SUSE-SU-2022:2998-1
Released	Fri Sep 2 12:14:03 2022
Summary	Security update for ImageMagick
Type	security
Severity	moderate
References	1199350,1202250,CVE-2022-2719,CVE-2022-28463

Description:

This update for ImageMagick fixes the following issues:

CVE-2022-2719: Fixed a reachable assertion that could lead to denial of service via a crafted file (bsc#1202250).
CVE-2022-28463: Fixed a buffer overflow that could be triggered by a crafted input file (bsc#1199350).

Advisory ID	SUSE-SU-2022:3003-1
Released	Fri Sep 2 15:01:44 2022
Summary	Security update for curl
Type	security
Severity	low
References	1202593,CVE-2022-35252

Description:

This update for curl fixes the following issues:

CVE-2022-35252: Fixed a potential injection of control characters into cookies, which could be exploited by sister sites to cause a denial of service (bsc#1202593).

Advisory ID	SUSE-RU-2022:3009-1
Released	Mon Sep 5 04:49:43 2022
Summary	Recommended update for rsyslog
Type	recommended
Severity	moderate
References	1199283

Description:

This update for rsyslog fixes the following issues:
-Fix memory access violation issue in qDeqLinkedList during shutdown (bsc#1199283)

Advisory ID	SUSE-RU-2022:3011-1
Released	Mon Sep 5 05:11:24 2022
Summary	Recommended update for tigervnc
Type	recommended
Severity	moderate
References	1199477

Description:

This update for tigervnc fixes the following issues:

Fix VNC client not refreshing screen correctly due to an issue on TLS stream buffers (bsc#1199477)

Advisory ID	SUSE-RU-2022:3015-1
Released	Mon Sep 5 09:56:41 2022
Summary	Recommended update for yast2-registration
Type	recommended
Severity	moderate
References	1200035

Description:

This update for yast2-registration fixes the following issue:

Do not crash when cloning an unregistered system with additional repositories. (bsc#1200035)

Advisory ID	SUSE-RU-2022:3019-1
Released	Mon Sep 5 11:00:23 2022
Summary	Recommended update for lshw
Type	recommended
Severity	moderate
References

Description:

This update for lshw fixes the following issues:

Update to version B.02.19.2+git.20220628 * make version check optional
Update to version B.02.19.2+git.20220310: * Set product name for all netdevs sharing the same PCI number
Update to version B.02.19.2+git.20211222: * Add Spanish translation * Fix mistakes in Catalan translation
Update to version B.02.19.2+git.20211102: * Read and parse network transceiver module eeprom * use max (9) Gzip compression * Add Catalan translation * Update POT file * Add more network speeds
Update to version B.02.19.2+git.20211013: * support for new ethtool capabilities * code clean-up * allow pkg-config override * Translate all words of a phrase together

Advisory ID	SUSE-SU-2022:3020-1
Released	Mon Sep 5 11:23:15 2022
Summary	Security update for php-composer2
Type	security
Severity	important
References	1198494,CVE-2022-24828

Description:

This update for php-composer2 fixes the following issues:

CVE-2022-24828: Fixed a code injection issue that affected integrators using specific APIs to read untrusted input files (bsc#1198494).

Advisory ID	SUSE-RU-2022:3021-1
Released	Mon Sep 5 11:57:55 2022
Summary	Recommended update for python-dmidecode
Type	recommended
Severity	moderate
References	1194351

Description:

This update for python-dmidecode fixes the following issues:

Fixed memory map size for 'Type Detail' (bsc#1194351)
Use update-alternatives mechanism instead of shared subpackage.
Realign the spec file for python singlespec

Advisory ID	SUSE-RU-2022:3022-1
Released	Mon Sep 5 15:16:02 2022
Summary	Recommended update for python-pyOpenSSL
Type	recommended
Severity	moderate
References	1200771

Description:

This update for python-pyOpenSSL fixes the following issues:

Fixed checks for invalid ALPN lists before calling OpenSSL (gh#pyca/pyopenssl#1056).

python-pyOpenSSL was updated to 21.0.0 (bsc#1200771, jsc#SLE-24519):

The minimum ``cryptography`` version is now 3.3.
Raise an error when an invalid ALPN value is set.
Added ``OpenSSL.SSL.Context.set_min_proto_version`` and ``OpenSSL.SSL.Context.set_max_proto_version``
Updated ``to_cryptography`` and ``from_cryptography`` methods to support an upcoming release of ``cryptography`` without raising deprecation warnings.

Advisory ID	SUSE-RU-2022:3025-1
Released	Mon Sep 5 16:12:53 2022
Summary	Recommended update for plymouth
Type	recommended
Severity	moderate
References	1183425,1184309

Description:

This update for plymouth fixes the following issues:

Avoid aborting on multiple font path match, pick the first one. (bsc#1183425)
When screen DPI greater then 160, display will scale output twice. (bsc#1183425, bsc#1184309)

Advisory ID	SUSE-RU-2022:3026-1
Released	Mon Sep 5 16:13:10 2022
Summary	Recommended update for setools
Type	recommended
Severity	moderate
References	1200649

Description:

This update for setools fixes the following issues:

require python3 in python3-setools, not python (bsc#1200649)

Advisory ID	SUSE-RU-2022:3028-1
Released	Mon Sep 5 16:31:24 2022
Summary	Recommended update for python-pytz
Type	recommended
Severity	low
References

Description:

This update for python-pytz fixes the following issues:

update to 2022.1: matches tzdata 2022a

declare python 3.10 compatibility

Advisory ID	SUSE-SU-2022:3030-1
Released	Mon Sep 5 16:43:37 2022
Summary	Security update for MozillaFirefox
Type	security
Severity	important
References	1202645,CVE-2022-38472,CVE-2022-38473,CVE-2022-38478

Description:

This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 91.13.0 ESR (bsc#1202645):

CVE-2022-38472: Fixed a potential address bar spoofing via XSLT error handling.
CVE-2022-38473: Fixed an issue where cross-origin XSLT documents could inherit the parent's permissions.
CVE-2022-38478: Fixed various memory safety issues.

Advisory ID	SUSE-RU-2022:3032-1
Released	Mon Sep 5 17:11:05 2022
Summary	Recommended update for libtcnative-1-0
Type	recommended
Severity	moderate
References	1199170

Description:

This update for libtcnative-1-0 fixes the following issues:

Avoid crash reading session ID after handshake failure. (bsc#1199170)

Advisory ID	SUSE-SU-2022:3072-1
Released	Mon Sep 5 17:35:04 2022
Summary	Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP4)
Type	security
Severity	important
References	1196867,1196959,1201941,1202163,CVE-2020-36516,CVE-2021-39698,CVE-2022-2585,CVE-2022-36946

Description:

This update for the Linux Kernel 5.14.21-150400_24_11 fixes several issues.
The following security issues were fixed:

CVE-2020-36516: Fixed an off-path attack via mixed IPID assignment method with the hash-based IPID assignment policy to inject data into a victim's TCP session or terminate that session (bsc#1196867).
CVE-2021-39698: Fixed possible memory corruption in aio_poll_complete_work of aio.c, that could have led to local escalation of privilege with no additional execution privileges needed (bsc#1196959).
CVE-2022-2585: Fixed use-after-free in POSIX CPU timer (bsc#1202163).
CVE-2022-36946: Fixed a remote denial of service attack inside nfqnl_mangle in net/netfilter/nfnetlink_queue.c, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative length (bsc#1201941).

Advisory ID	SUSE-feature-2022:3086-1
Released	Tue Sep 6 06:01:19 2022
Summary	Feature update for iio-sensor-proxy
Type	feature
Severity	moderate
References	1199308

Description:

This update for iio-sensor-proxy fixes the following issues:

New package iio-sensor-proxy required because otherwise libQt5Sensors5 can't be installed (bsc#1199308, jsc#SLE-24553)

Advisory ID	SUSE-RU-2022:3089-1
Released	Tue Sep 6 06:08:12 2022
Summary	Recommended update for gnome-packagekit
Type	recommended
Severity	moderate
References	1198801

Description:

This update for gnome-packagekit fixes the following issues:

Fix runtime error to make it work as before. (bsc#1198801)

Advisory ID	SUSE-SU-2022:3093-1
Released	Tue Sep 6 07:52:06 2022
Summary	Security update for python-Flask-Security-Too
Type	security
Severity	important
References	1181058,CVE-2021-21241

Description:

This update for python-Flask-Security-Too fixes the following issues:

CVE-2021-21241: Fixed an issue where GET requests lacking CSRF protection to certain endpoints could return the user's authentication token (bsc#1181058).

Advisory ID	SUSE-SU-2022:3094-1
Released	Tue Sep 6 07:52:55 2022
Summary	Security update for libostree
Type	security
Severity	important
References	1201770,CVE-2014-9862

Description:

This update for libostree fixes the following issues:

CVE-2014-9862: Fixed a memory corruption issue that could be triggered when diffing binary files (bsc#1201770).

Advisory ID	SUSE-RU-2022:3095-1
Released	Tue Sep 6 07:53:26 2022
Summary	Recommended update for lifecycle-data-sle-module-live-patching
Type	recommended
Severity	moderate
References	1020320

Description:

This update for lifecycle-data-sle-module-live-patching fixes the following issues:

Added data for 4_12_14-150000_150_92, 4_12_14-150100_197_114, 5_14_21-150400_22, 5_3_18-150200_24_115, 5_3_18-150300_59_68, 5_3_18-150300_59_71, 5_3_18-150300_59_76. (bsc#1020320)

Advisory ID	SUSE-SU-2022:3099-1
Released	Tue Sep 6 09:34:34 2022
Summary	Security update for openvswitch
Type	security
Severity	moderate
References	1188524,CVE-2021-36980

Description:

This update for openvswitch fixes the following issues:

CVE-2021-36980: Fixed a use-after-free issue during the decoding of a RAW_ENCAP action (bsc#1188524).

Advisory ID	SUSE-RU-2022:3102-1
Released	Tue Sep 6 09:48:57 2022
Summary	Recommended update for gtk4
Type	recommended
Severity	moderate
References	1200614

Description:

This update for gtk4 fixes the following issues:

Ensure python3-gobject-Gdk is isntalled as dependency (bsc#1200614)

Advisory ID	SUSE-SU-2022:3103-1
Released	Tue Sep 6 10:30:59 2022
Summary	Security update for python-bottle
Type	security
Severity	important
References	1200286,CVE-2022-31799

Description:

This update for python-bottle fixes the following issues:

CVE-2022-31799: Fixed an error mishandling issue that could lead to remote denial of service (bsc#1200286).

Advisory ID	SUSE-SU-2022:3106-1
Released	Tue Sep 6 10:58:09 2022
Summary	Security update for gimp
Type	security
Severity	moderate
References	1201192,CVE-2022-32990

Description:

This update for gimp fixes the following issues:

CVE-2022-32990: Fixed an unhandled exception which may lead to denial of service (bsc#1201192).

Advisory ID	SUSE-SU-2022:3108-1
Released	Tue Sep 6 11:05:04 2022
Summary	Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP4)
Type	security
Severity	important
References	1196867,1201941,1202163,CVE-2020-36516,CVE-2022-2585,CVE-2022-36946

Description:

This update for the Linux Kernel 5.14.21-150400_22 fixes several issues.
The following security issues were fixed:

CVE-2020-36516: Fixed an off-path attack via mixed IPID assignment method with the hash-based IPID assignment policy to inject data into a victim's TCP session or terminate that session (bsc#1196867).
CVE-2022-2585: Fixed use-after-free in POSIX CPU timer (bsc#1202163).
CVE-2022-36946: Fixed a remote denial of service attack inside nfqnl_mangle in net/netfilter/nfnetlink_queue.c, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative length (bsc#1201941).

Advisory ID	SUSE-RU-2022:3113-1
Released	Tue Sep 6 13:23:02 2022
Summary	Recommended update for PackageKit
Type	recommended
Severity	moderate
References	1199895

Description:

This update for PackageKit fixes the following issues:

Ensure locked packages are not listed as being able to be updated (bsc#1199895)

Advisory ID	SUSE-RU-2022:3118-1
Released	Tue Sep 6 15:43:53 2022
Summary	Recommended update for lvm2
Type	recommended
Severity	moderate
References	1202011

Description:

This update for lvm2 fixes the following issues:

Do not use udev for device listing or device information (bsc#1202011)

Advisory ID	SUSE-RU-2022:3122-1
Released	Tue Sep 6 18:07:40 2022
Summary	Recommended update for amavisd-milter
Type	recommended
Severity	important
References	1202232

Description:

This update for amavisd-milter fixes the following issues:

Provide the missing amavisd-milter in version 1.7.2. (bsc#1202232) * amavisd-milter was initially part of amavisd-new but it is now an independent source package. * The SMTP_AUTH* attributes are missing in policy_bank. * Added hardening to systemd service(s) with a modified amavisd-milter.service * An empty sender must always be enclosed in angle brackets. * Fork after initializing milter socket. * Use client_name if available instead of hostname passed to xxfi_connect. * Generate amamvisd-milter.8 from AMAVISD-MILTER.md. * Removed obsoleted file amavisd-milter.spec.

Advisory ID	SUSE-SU-2022:3123-1
Released	Tue Sep 6 18:33:59 2022
Summary	Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP4)
Type	security
Severity	important
References	1196867,1196959,1201941,CVE-2020-36516,CVE-2021-39698,CVE-2022-36946

Description:

This update for the Linux Kernel 5.14.21-150400_24_16 fixes several issues.
The following security issues were fixed:

CVE-2020-36516: Fixed an off-path attack via mixed IPID assignment method with the hash-based IPID assignment policy to inject data into a victim's TCP session or terminate that session (bsc#1196867).
CVE-2021-39698: Fixed possible memory corruption in aio_poll_complete_work of aio.c, that could have led to local escalation of privilege with no additional execution privileges needed (bsc#1196959).
CVE-2022-36946: Fixed a remote denial of service attack inside nfqnl_mangle in net/netfilter/nfnetlink_queue.c, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative length (bsc#1201941).

Advisory ID	SUSE-feature-2022:3126-1
Released	Wed Sep 7 04:34:30 2022
Summary	Feature update for gdb
Type	feature
Severity	important
References	1185605

Description:

This feature update for gdb fixes the following issues:

Enable build option `--with-debuginfod` (bsc#1185605, jsc#PED-1246, jsc#PED-1149, jsc#PED-1138)

Advisory ID	SUSE-RU-2022:3127-1
Released	Wed Sep 7 04:36:10 2022
Summary	Recommended update for libtirpc
Type	recommended
Severity	moderate
References	1198752,1200800

Description:

This update for libtirpc fixes the following issues:

Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
Fix memory leak in params.r_addr assignement (bsc#1198752)

Advisory ID	SUSE-RU-2022:3128-1
Released	Wed Sep 7 04:39:27 2022
Summary	Recommended update for gtk3 and gtk3-branding
Type	recommended
Severity	moderate
References	1197480,1200614

Description:

This update for gtk3 and gtk3-branding fixes the following issues:
gtk3:

Ensure python3-gobject-Gdk is isntalled as dependency (bsc#1200614)
Include legacy hicolor icons (bsc#1197480)
Fix axis name handling in GtkFontChooser
Fix border color for tiled windows.
Fix cell accessible leak in Accessibility
Fix the build with gcc 12
Wayland: Fix problem with textview scrolling
Wayland: Support new high-contrast setting
Wayland: Avoid unnecessary display scale changes

gtk3-branding:

Resolve installation issues

Advisory ID	SUSE-RU-2022:3130-1
Released	Wed Sep 7 04:44:32 2022
Summary	Recommended update for libqt5-qtbase
Type	recommended
Severity	moderate
References	1200715

Description:

This update for libqt5-qtbase fixes the following issues:

Fix some HTTP/2 communication (bsc#1200715)
Mitigate issue with -D_FORTIFY_SOURCE=3 seen with GCC 12

Advisory ID	SUSE-RU-2022:3133-1
Released	Wed Sep 7 05:55:52 2022
Summary	Recommended update for sg3_utils
Type	recommended
Severity	moderate
References	1199248

Description:

This update for sg3_utils fixes the following issues:

Add timeout parameter to rescan-scsi-bus.sh (bsc#1199248)

Advisory ID	SUSE-RU-2022:3134-1
Released	Wed Sep 7 08:17:38 2022
Summary	Recommended update for distribution
Type	recommended
Severity	moderate
References

Description:

This update for distribution fixes the following issues:
This update provides Distribution 2.8.1. (jsc#SLE-24963)

Advisory ID	SUSE-RU-2022:3135-1
Released	Wed Sep 7 08:39:31 2022
Summary	Recommended update for hwdata
Type	recommended
Severity	low
References	1200110

Description:

This update for hwdata fixes the following issue:

Update pci, usb and vendor ids to version 0.360 (bsc#1200110)

Advisory ID	SUSE-SU-2022:3137-1
Released	Wed Sep 7 09:27:12 2022
Summary	Security update for webkit2gtk3
Type	security
Severity	important
References	1202169,1202807,CVE-2022-32893

Description:

This update for webkit2gtk3 fixes the following issues:

Updated to version 2.36.7 (bsc#1202807): - CVE-2022-32893: Fixed an issue that would be triggered when processing malicious web content and that could lead to arbitrary code execution. - Fixed several crashes and rendering issues.

Updated to version 2.36.6: - Fixed handling of touchpad scrolling on GTK4 builds - Fixed WebKitGTK not allowing to be used from non-main threads (bsc#1202169). - Fixed several crashes and rendering issues

Advisory ID	SUSE-SU-2022:3141-1
Released	Wed Sep 7 09:53:09 2022
Summary	Security update for icu
Type	security
Severity	moderate
References	1193951,CVE-2020-21913

Description:

This update for icu fixes the following issues:

CVE-2020-21913: Fixed a memory safetey issue that could lead to use after free (bsc#1193951).

Advisory ID	SUSE-SU-2022:3142-1
Released	Wed Sep 7 09:54:18 2022
Summary	Security update for icu
Type	security
Severity	moderate
References	1193951,CVE-2020-21913

Description:

This update for icu fixes the following issues:

CVE-2020-21913: Fixed a memory safetey issue that could lead to use after free (bsc#1193951).

Advisory ID	SUSE-RU-2022:3145-1
Released	Wed Sep 7 11:07:52 2022
Summary	Recommended update for perl-LWP-Protocol-https
Type	recommended
Severity	moderate
References	1199718

Description:

This update for perl-LWP-Protocol-https fixes the following issues:

Explicitly add hostname for SNI to start_SSL (bsc#1199718)

Advisory ID	SUSE-RU-2022:3148-1
Released	Wed Sep 7 11:44:02 2022
Summary	Recommended update for branding-SLE
Type	recommended
Severity	moderate
References	1199818,997317

Description:

This update for branding-SLE fixes the following issues:

Fix bootloader menu to display correct operating system information (bsc#997317, bsc#1199818)

Advisory ID	SUSE-RU-2022:3149-1
Released	Wed Sep 7 12:11:48 2022
Summary	Recommended update for hplip
Type	recommended
Severity	low
References	1198794

Description:

This update for hplip fixes the following issues:

Fix C compiler flags which results in better device detection. (bsc#1198794)

Advisory ID	SUSE-SU-2022:3153-1
Released	Wed Sep 7 14:31:15 2022
Summary	Security update for gdk-pixbuf
Type	security
Severity	important
References	1194633,1195391,CVE-2021-44648

Description:

This update for gdk-pixbuf fixes the following issues:
Update to version 2.42.9:

CVE-2021-44648: Fixed overflow vulnerability in lzw code size (bsc#1194633).

Bugfixes:

Fixed loading of larger images (glgo#GNOME/gdk-pixbuf#216).
Avoided bashism in baselibs postscript (bsc#1195391).

Advisory ID	SUSE-RU-2022:3155-1
Released	Wed Sep 7 14:32:02 2022
Summary	Recommended update for go1.17
Type	recommended
Severity	moderate
References	1190649

Description:

This update for go1.17 fixes the following issues:

Bootstrap using go1.16 on SUSE Linux Enterprise 15 and newer (bsc#1190649)
Simplify conditional gcc_go_version 12 on Tumbleweed, 11 elsewhere

Advisory ID	SUSE-RU-2022:3157-1
Released	Wed Sep 7 14:32:50 2022
Summary	Recommended update for go1.18
Type	recommended
Severity	moderate
References	1193742

Description:

This update for go1.18 fixes the following issues:

Bootstrap using go1.16 on SUSE Linux Enterprise 15 and newer (bsc#1193742)
Simplify conditional gcc_go_version 12 on Tumbleweed, 11 elsewhere

Advisory ID	SUSE-RU-2022:3158-1
Released	Wed Sep 7 14:33:16 2022
Summary	Recommended update for go1.19
Type	recommended
Severity	moderate
References	1200441

Description:

This update for go1.19 fixes the following issues:

Bootstrap using go1.16 on SUSE Linux Enterprise 15 and newer (bsc#1200441)
Simplify conditional gcc_go_version 12 on Tumbleweed, 11 elsewhere
Add _constraints for worker disk space 5G needed by SUSE Linux Enterprise 15 x86_64
SUSE Linux Enterprise 12 s390x use bcond_without gccgo to bootstrap using gcc11go
Refresh Go bootstrap builds with gcc8 for SUSE Linux Enterprise 12.

Advisory ID	SUSE-SU-2022:3159-1
Released	Wed Sep 7 14:33:42 2022
Summary	Security update for mariadb
Type	security
Severity	important
References	1200105,1201161,1201162,1201163,1201164,1201165,1201166,1201167,1201168,1201169,1201170,CVE-2022-32081,CVE-2022-32082,CVE-2022-32083,CVE-2022-32084,CVE-2022-32085,CVE-2022-32086,CVE-2022-32087,CVE-2022-32088,CVE-2022-32089,CVE-2022-32091

Description:

This update for mariadb fixes the following issues:

Updated to 10.6.9: - CVE-2022-32082: Fixed a reachable assertion that would crash the server (bsc#1201162). - CVE-2022-32089: Fixed a segmentation fault that coudl be triggered via a crafted query (bsc#1201169). - CVE-2022-32081: Fixed a buffer overflow on instant ADD/DROP of generated column (bsc#1201161). - CVE-2022-32091: Fixed a memory corruption issue that could be triggered via a crafted query (bsc#1201170). - CVE-2022-32084: Fixed a segmentation fault on INSERT SELECT queries (bsc#1201164).

Additionaly, the following issues were previously fixed: - CVE-2022-32088: Fixed a server crash when using ORDER BY with window function and UNION(bsc#1201168). - CVE-2022-32087: Fixed a segmentation fault that could be triggered via a crafted query (bsc#1201167). - CVE-2022-32086: Fixed a server crash on INSERT SELECT queries (bsc#1201166). - CVE-2022-32085: Fixed a segmentation fault that could be triggered via a crafted query (bsc#1201165). - CVE-2022-32083: Fixed a segmentation fault that could be triggered via a crafted query (bsc#1201163).

Bugfixes:

Update mysql-systemd-helper to be aware of custom group (bsc#1200105).

Advisory ID	SUSE-RU-2022:3161-1
Released	Wed Sep 7 14:40:54 2022
Summary	Recommended update for hwinfo
Type	recommended
Severity	moderate
References	1200975

Description:

This update for hwinfo fixes the following issue:

improve treatment of NVME devices (bsc#1200975)

Advisory ID	SUSE-SU-2022:3162-1
Released	Wed Sep 7 15:07:31 2022
Summary	Security update for libyajl
Type	security
Severity	moderate
References	1198405,CVE-2022-24795

Description:

This update for libyajl fixes the following issues:

CVE-2022-24795: Fixed heap-based buffer overflow when handling large inputs (bsc#1198405).

Advisory ID	SUSE-RU-2022:3179-1
Released	Thu Sep 8 09:37:41 2022
Summary	Recommended update for golang-github-prometheus-node_exporter
Type	recommended
Severity	moderate
References	1196652

Description:

This update for golang-github-prometheus-node_exporter fixes the following issues:

Exclude s390 arch.
Update spec file in order to make --version work (bsc#1196652)

Advisory ID	SUSE-RU-2022:3185-1
Released	Thu Sep 8 09:42:29 2022
Summary	Recommended update for apache-commons-compress
Type	recommended
Severity	moderate
References

Description:

This optional update for apache-commons-compress provides:

There are no code changes in this update.
The update delivers apache-commons-compress 1.21 to SUSE Manager as new dependency for spacewalk-java.

Advisory ID	SUSE-RU-2022:3188-1
Released	Thu Sep 8 09:44:06 2022
Summary	Recommended update for salt
Type	recommended
Severity	moderate
References	1195895,1197288,1198489,1198744,1199372,1201082

Description:

This recommended update for salt fixes the following issues:

Add support for gpgautoimport in zypperpkg module
Update Salt to work with Jinja >= and <= 3.1.0 (bsc#1198744)
Fix salt.states.file.managed() for follow_symlinks=True and test=True (bsc#1199372)
Make Salt 3004 compatible with pyzmq >= 23.0.0 (bsc#1201082)
Add support for name, pkgs and diff_attr parameters to upgrade function for zypper and yum (bsc#1198489)
Fix ownership of salt thin directory when using the Salt Bundle
Set default target for pip from VENV_PIP_TARGET environment variable
Normalize package names once with pkg.installed/removed using yum (bsc#1195895)
Save log to logfile with docker.build
Use Salt Bundle in dockermod
Ignore errors on reading license files with dpkg_lowpkg (bsc#1197288)

Advisory ID	SUSE-SU-2022:3194-1
Released	Thu Sep 8 10:04:36 2022
Summary	Security update for SUSE Manager 4.3: Server and Proxy
Type	security
Severity	moderate
References	1172179,1179962,1186011,1187028,1191925,1194394,1195455,1198356,1198358,1198944,1199147,1199157,1199523,1199629,1199646,1199656,1199659,1199662,1199663,1199679,1199714,1199727,1199779,1199817,1199874,1199950,1199984,1199998,1200276,1200347,1200532,1200591,1200606,1200707,1201003,1201142,1201189,1201224,1201411,1201498,1201782,1201842,1202724,CVE-2022-31248

Description:

Security update for SUSE Manager 4.3: Server and Proxy

Advisory ID	SUSE-RU-2022:3195-1
Released	Thu Sep 8 10:15:43 2022
Summary	Recommended update for yast2 packages
Type	recommended
Severity	moderate
References	1179893,1201129

Description:

This updates for yast2: rmt, network and schema fixes the following issues:
yast2-rmt:

Adapted unit test to recent changes (bsc#1179893).

Sync ExcludeArch with rmt-server: whenever rmt-server is not available, the yast2-rmt module can't be usable neither.
No longer build as noarch: as the package is not installable on all architectures, it is by definition not 'architecture independent'.
Add rpmlintrc, filtering out 'E: no-binary': the package is intentionally not marked noarch.

yast2-network and yast2-schema:

Added missing route extrapara element to the networking section (bsc#1201129)

Advisory ID	SUSE-SU-2022:3198-1
Released	Thu Sep 8 10:36:02 2022
Summary	Security update for php8-pear
Type	security
Severity	moderate
References	CVE-2021-32610

Description:

This update for php8-pear fixes the following issues:

Add php8-pear to SLE15-SP4 (jsc#SLE-24728)
Update to 1.10.21 - PEAR 1.10.13 * unsupported protocol - use --force to continue * Add $this operator to _determineIfPowerpc calls
Update to 1.10.20 - Archive_Tar 1.4.14 * Properly fix symbolic link path traversal (CVE-2021-32610) - Archive_Tar 1.4.13 * Relative symlinks failing (out-of path file extraction) - Archive_Tar 1.4.12 - Archive_Tar 1.4.11 - Archive_Tar 1.4.10 * Fix block padding when the file buffer length is a multiple of 512 and smaller than Archive_Tar buffer length * Don't try to copy username/groupname in chroot jail

provides and obsoletes php7-pear-Archive_Tar, former location of PEAR/Archive/Tar.php

Update to version 1.10.19 - PEAR 1.10.12 * adjust dependencies based on new releases - XML_Util 1.4.5 * fix Trying to access array offset on value of type int

Update to version 1.10.18
Remove pear-cacheid-array-check.patch (upstreamed)
Contents of .filemap are now sorted internally

Sort contents of .filemap to make build reproducible

Recommend php7-openssl to allow https sources to be used
Modify metadata_dir for system configuration only
Add /var/lib/pear directory where xml files are stored
Cleanup %files section

Only use the GPG keys of Chuck Burgess. Extracted from the Release Manager public keys.
Add release versions of PEAR modules

Install metadata files (registry, filemap, channels, ...) in /var/lib/pear/ instead of /usr/share/php7/PEAR/

Update to version 1.10.17

Advisory ID	SUSE-SU-2022:3199-1
Released	Thu Sep 8 10:36:17 2022
Summary	Security update for yast2-samba-provision
Type	security
Severity	moderate
References	1117597,1132676,1140548,1184897,CVE-2018-17956

Description:

This update for yast2-samba-provision fixes the following issues:
Security issue fixed:

CVE-2018-17956: Fixed a credentials leak (bsc#1117597).

Non-Security issues fixed:

Stop packaging docdir, it only contained the license which is now in licensedir. (bsc#1184897)
Catch and show internal python exceptions. (bsc#1140548)
Show a dialog with provision details or errors. (bsc#1132676)
Add metainfo (fate#319035)

Advisory ID	SUSE-RU-2022:3200-1
Released	Thu Sep 8 10:41:57 2022
Summary	Recommended update for rpmlint
Type	recommended
Severity	moderate
References	1188680,1201207

Description:

This update for rpmlint fixes the following issues:

Add oddjob-gpupdate whitelisting for D-Bus (bsc#1188680)
Adjust NetworkManager priv helper spelling in whitelisting (bsc#1201207)

Advisory ID	SUSE-RU-2022:3204-1
Released	Thu Sep 8 10:45:55 2022
Summary	Recommended update for xdg-desktop-portal-gtk
Type	recommended
Severity	moderate
References	1179465

Description:

This update for xdg-desktop-portal-gtk fixes the following issues:

Make the process exit after one second unless it has active sessions (bsc#1179465)

Advisory ID	SUSE-RU-2022:3205-1
Released	Thu Sep 8 11:01:00 2022
Summary	Recommended update for perf
Type	recommended
Severity	moderate
References	1198595

Description:

This update for perf fixes the following issues:

Apply latest git-fixes reported against kernel-source:
Correct missing virtual addresses in SPE samples
Correct bug in perf mem report/perf report --mem-mode which was preventing reporting of data if the PERF_SAMPLE_DATA_SRC bit was missing
Always allow data_src option for SPE aux data
Correct gcc possible-use-after-free warning
Correct double free in perf_session__delete
Remap memory rather than failing if insufficient memory to hold event
Correctly display events that have multiple uncore aliases rather than marking as merged.
Enable counter events before forking child process
Correct error message regarding non-fatal error
Fix incorrect use of eprintf in callback
Fix incorrect symbol size calculation
Fix perf bench numa assertion failure (bsc#1198595)

Advisory ID	SUSE-RU-2022:3206-1
Released	Thu Sep 8 11:16:02 2022
Summary	Recommended update for bash-completion
Type	recommended
Severity	low
References	1199724

Description:

This update for bash-completion fixes the following issues:

Enable upstream commit to list ko.zst modules as well. (bsc#1199724)

Advisory ID	SUSE-RU-2022:3209-1
Released	Thu Sep 8 13:10:13 2022
Summary	Recommended update for open-iscsi
Type	recommended
Severity	moderate
References	1200570

Description:

This update for open-iscsi fixes the following issues:

Set the systemd unit files as non executable. (bsc#1200570)
For openSUSE Tumbleweed, moved logrotate files from user-specific directory `/etc/logrotate.d` to vendor-specific `/usr/etc/logrotate.d`

Advisory ID	SUSE-RU-2022:3214-1
Released	Thu Sep 8 15:41:33 2022
Summary	Recommended update for wpa_supplicant
Type	recommended
Severity	low
References

Description:

This update for wpa_supplicant fixes the following issues:

Enable WPA3-Enterprise (SuiteB-192) support. (jsc#SLE-14992)

Advisory ID	SUSE-RU-2022:3215-1
Released	Thu Sep 8 15:58:27 2022
Summary	Recommended update for rpm
Type	recommended
Severity	moderate
References

Description:

This update for rpm fixes the following issues:

Support Ed25519 RPM signatures [jsc#SLE-24714]

Advisory ID	SUSE-RU-2022:3219-1
Released	Thu Sep 8 21:15:24 2022
Summary	Recommended update for sysconfig
Type	recommended
Severity	moderate
References	1185882,1194557,1199093

Description:

This update for sysconfig fixes the following issues:

netconfig: remove sed dependency
netconfig/dns-resolver: remove search limit of 6 domains (bsc#1199093)
netconfig: cleanup /var/run leftovers (bsc#1194557)
netconfig: update ntp man page documentation, fix typos
netconfig: revert NM default policy change change (bsc#1185882) With the change to the default policy, netconfig with NetworkManager as network.service accepted settings from all services/programs directly instead only from NetworkManager, where plugins/services have to deliver their settings to apply them.
Also support service(network) provides

Advisory ID	SUSE-RU-2022:3220-1
Released	Fri Sep 9 04:30:52 2022
Summary	Recommended update for libzypp, zypper
Type	recommended
Severity	moderate
References	1199895,1200993,1201092,1201576,1201638

Description:

This update for libzypp, zypper fixes the following issues:
libzypp:

Improve handling of package locks, allowing to reset the status of its initial state (bsc#1199895)
Fix issues when receiving exceptions from curl_easy_cleanup (bsc#1201092)
Don't auto-flag kernel-firmware as 'reboot-needed' (bsc#1200993)
Remove Medianetwork and its dependent code. First reason for this is that MediaNetwork was just meant as a way to test the new CURL based downloaded. Second the Provide API is going to completely replace the current media backend.

zypper:

Truncate the 'Name' column when using `zypper lr`, if the table is wider than the terminal (bsc#1201638)
Reject install/remove modifier without argument (bsc#1201576)
zypper-download: Handle unresolvable arguments as errors
Put signing key supplying repository name in quotes

Advisory ID	SUSE-RU-2022:3224-1
Released	Fri Sep 9 07:34:45 2022
Summary	Recommended update for jeos-firstboot
Type	recommended
Severity	low
References	1198940

Description:

This update for jeos-firstboot fixes the following issue:

Add jeos-firstboot-rpiwifi to SLE-15-SP4-aarch64 on Module-Development-Tools. (bsc#1198940)

Advisory ID	SUSE-RU-2022:3228-1
Released	Fri Sep 9 13:52:35 2022
Summary	Recommended update for regionServiceClientConfigEC2
Type	recommended
Severity	critical
References	1203215

Description:

This update for regionServiceClientConfigEC2 fixes the following issues:

Update to version 4.1.0 (bsc#1203215) + New certs for 52.79.82.165 and 54.247.166.75

Advisory ID	SUSE-SU-2022:3229-1
Released	Fri Sep 9 14:46:01 2022
Summary	Security update for vim
Type	security
Severity	important
References	1200270,1200697,1200698,1200700,1200701,1200732,1200884,1200902,1200903,1200904,1201132,1201133,1201134,1201135,1201136,1201150,1201151,1201152,1201153,1201154,1201155,1201249,1201356,1201359,1201363,1201620,1201863,1202046,1202049,1202050,1202051,1202414,1202420,1202421,1202511,1202512,1202515,1202552,1202599,1202687,1202689,1202862,CVE-2022-1720,CVE-2022-1968,CVE-2022-2124,CVE-2022-2125,CVE-2022-2126,CVE-2022-2129,CVE-2022-2175,CVE-2022-2182,CVE-2022-2183,CVE-2022-2206,CVE-2022-2207,CVE-2022-2208,CVE-2022-2210,CVE-2022-2231,CVE-2022-2257,CVE-2022-2264,CVE-2022-2284,CVE-2022-2285,CVE-2022-2286,CVE-2022-2287,CVE-2022-2304,CVE-2022-2343,CVE-2022-2344,CVE-2022-2345,CVE-2022-2522,CVE-2022-2571,CVE-2022-2580,CVE-2022-2581,CVE-2022-2598,CVE-2022-2816,CVE-2022-2817,CVE-2022-2819,CVE-2022-2845,CVE-2022-2849,CVE-2022-2862,CVE-2022-2874,CVE-2022-2889,CVE-2022-2923,CVE-2022-2946,CVE-2022-3016

Description:

This update for vim fixes the following issues:
Updated to version 9.0 with patch level 0313:

CVE-2022-2183: Fixed out-of-bounds read through get_lisp_indent() (bsc#1200902).
CVE-2022-2182: Fixed heap-based buffer overflow through parse_cmd_address() (bsc#1200903).
CVE-2022-2175: Fixed buffer over-read through cmdline_insert_reg() (bsc#1200904).
CVE-2022-2304: Fixed stack buffer overflow in spell_dump_compl() (bsc#1201249).
CVE-2022-2343: Fixed heap-based buffer overflow in GitHub repository vim prior to 9.0.0044 (bsc#1201356).
CVE-2022-2344: Fixed another heap-based buffer overflow vim prior to 9.0.0045 (bsc#1201359).
CVE-2022-2345: Fixed use after free in GitHub repository vim prior to 9.0.0046. (bsc#1201363).
CVE-2022-2819: Fixed heap-based Buffer Overflow in compile_lock_unlock() (bsc#1202414).
CVE-2022-2874: Fixed NULL Pointer Dereference in generate_loadvar() (bsc#1202552).
CVE-2022-1968: Fixed use after free in utf_ptr2char (bsc#1200270).
CVE-2022-2124: Fixed out of bounds read in current_quote() (bsc#1200697).
CVE-2022-2125: Fixed out of bounds read in get_lisp_indent() (bsc#1200698).
CVE-2022-2126: Fixed out of bounds read in suggest_trie_walk() (bsc#1200700).
CVE-2022-2129: Fixed out of bounds write in vim_regsub_both() (bsc#1200701).
CVE-2022-1720: Fixed out of bounds read in grab_file_name() (bsc#1200732).
CVE-2022-2264: Fixed out of bounds read in inc() (bsc#1201132).
CVE-2022-2284: Fixed out of bounds read in utfc_ptr2len() (bsc#1201133).
CVE-2022-2285: Fixed negative size passed to memmove() due to integer overflow (bsc#1201134).
CVE-2022-2286: Fixed out of bounds read in ins_bytes() (bsc#1201135).
CVE-2022-2287: Fixed out of bounds read in suggest_trie_walk() (bsc#1201136).
CVE-2022-2231: Fixed null pointer dereference skipwhite() (bsc#1201150).
CVE-2022-2210: Fixed out of bounds read in ml_append_int() (bsc#1201151).
CVE-2022-2208: Fixed null pointer dereference in diff_check() (bsc#1201152).
CVE-2022-2207: Fixed out of bounds read in ins_bs() (bsc#1201153).
CVE-2022-2257: Fixed out of bounds read in msg_outtrans_special() (bsc#1201154).
CVE-2022-2206: Fixed out of bounds read in msg_outtrans_attr() (bsc#1201155).
CVE-2022-2522: Fixed out of bounds read via nested autocommand (bsc#1201863).
CVE-2022-2571: Fixed heap-based buffer overflow related to ins_comp_get_next_word_or_line() (bsc#1202046).
CVE-2022-2580: Fixed heap-based buffer overflow related to eval_string() (bsc#1202049).
CVE-2022-2581: Fixed out-of-bounds read related to cstrchr() (bsc#1202050).
CVE-2022-2598: Fixed undefined behavior for Input to API related to diff_mark_adjust_tp() and ex_diffgetput() (bsc#1202051).
CVE-2022-2817: Fixed use after gree in f_assert_fails() (bsc#1202420).
CVE-2022-2816: Fixed out-of-bounds Read in check_vim9_unlet() (bsc#1202421).
CVE-2022-2862: Fixed use-after-free in compile_nested_function() (bsc#1202511).
CVE-2022-2849: Fixed invalid memory access related to mb_ptr2len() (bsc#1202512).
CVE-2022-2845: Fixed buffer Over-read related to display_dollar() (bsc#1202515).
CVE-2022-2889: Fixed use-after-free in find_var_also_in_script() in evalvars.c (bsc#1202599).
CVE-2022-2923: Fixed NULL pointer dereference in GitHub repository vim/vim prior to 9.0.0240 (bsc#1202687).
CVE-2022-2946: Fixed use after free in function vim_vsnprintf_typval (bsc#1202689).
CVE-2022-3016: Fixed use after free in vim prior to 9.0.0285 (bsc#1202862).

Bugfixes:

Fixing vim error on startup (bsc#1200884).
Fixing vim SUSE Linux Enterprise Server 15 SP4 Basesystem plugin-tlib issue (bsc#1201620).

Advisory ID	SUSE-SU-2022:3232-1
Released	Fri Sep 9 15:27:33 2022
Summary	Security update for keepalived
Type	security
Severity	important
References	1193115,1202808,CVE-2021-44225

Description:

This update for keepalived fixes the following issues:

CVE-2021-44225: Fix a potential privilege escalation due to insufficient control in the D-Bus policy (bsc#1193115).

Bugfixes:

Set ProtectKernelModules to false in service file (bsc#1202808).

Advisory ID	SUSE-RU-2022:3238-1
Released	Mon Sep 12 05:32:47 2022
Summary	Recommended update for crmsh
Type	recommended
Severity	moderate
References	1202006

Description:

This update for crmsh fixes the following issues:

Use crmsh.parallax instead of parallax module directly (bsc#1202006)
parallax: Add strict option to avoid raise exception when set to False
Don't open mgmt port since it's deprecated
Don't sync csync2 when peer node's service is not ready

Advisory ID	SUSE-RU-2022:3241-1
Released	Mon Sep 12 07:21:04 2022
Summary	Recommended update for cups
Type	recommended
Severity	moderate
References	1201511

Description:

This update for cups fixes the following issues:

Stuck print jobs being cancelled immediately, despite MaxJobTime being set to 0 (bsc#1201511)

Advisory ID	SUSE-SU-2022:3244-1
Released	Mon Sep 12 09:00:27 2022
Summary	Security update for samba
Type	security
Severity	important
References	1200102,1202803,1202976,CVE-2022-1615,CVE-2022-32743

Description:

This update for samba fixes the following issues:

CVE-2022-1615: Fixed error handling in random number generation (bso#15103)(bsc#1202976).
CVE-2022-32743: Implement validated dnsHostName write rights (bso#14833)(bsc#1202803).

Bugfixes:

Fixed use after free when iterating smbd_server_connection->connections after tree disconnect failure (bso#15128)(bsc#1200102).

Advisory ID	SUSE-SU-2022:3245-1
Released	Mon Sep 12 09:01:30 2022
Summary	Security update for libyang
Type	security
Severity	important
References	1186374,1186375,1186376,1186378,CVE-2021-28902,CVE-2021-28903,CVE-2021-28904,CVE-2021-28906

Description:

This update for libyang fixes the following issues:

CVE-2021-28906: Fixed missing check in read_yin_leaf that can lead to DoS (bsc#1186378)
CVE-2021-28904: Fixed missing check in ext_get_plugin that lead to DoS (bsc#1186376).
CVE-2021-28903: Fixed stack overflow in lyxml_parse_mem (bsc#1186375).
CVE-2021-28902: Fixed missing check in read_yin_container that can lead to DoS (bsc#1186374).

Advisory ID	SUSE-SU-2022:3246-1
Released	Mon Sep 12 09:02:02 2022
Summary	Security update for frr
Type	security
Severity	important
References	1202022,1202023,CVE-2019-25074,CVE-2022-37032

Description:

This update for frr fixes the following issues:

CVE-2022-37032: Fixed out-of-bounds read in the BGP daemon that may lead to information disclosure or denial of service (bsc#1202023).
CVE-2019-25074: Fixed a memory leak in the IS-IS daemon that may lead to server memory exhaustion (bsc#1202022).

Advisory ID	SUSE-SU-2022:3247-1
Released	Mon Sep 12 09:02:26 2022
Summary	Security update for bluez
Type	security
Severity	important
References	1194704,CVE-2022-0204

Description:

This update for bluez fixes the following issues:

CVE-2022-0204: Fixed check if the prepare writes would append more than the allowed maximum attribute length (bsc#1194704).

Advisory ID	SUSE-SU-2022:3248-1
Released	Mon Sep 12 09:03:13 2022
Summary	Security update for qpdf
Type	security
Severity	important
References	1188514,CVE-2021-36978

Description:

This update for qpdf fixes the following issues:

CVE-2021-36978: Fixed heap-based buffer overflow in Pl_ASCII85Decoder::write (bsc#1188514).

Advisory ID	SUSE-SU-2022:3249-1
Released	Mon Sep 12 09:05:26 2022
Summary	Security update for clamav
Type	security
Severity	important
References	1202986

Description:

This update for clamav fixes the following issues:
clamav was updated to 0.103.7 (bsc#1202986)

Upgrade the vendored UnRAR library to version 6.1.7.
Fix logical signature 'Intermediates' feature.
Relax constraints on slightly malformed zip archives that contain overlapping file entries.

Advisory ID	SUSE-SU-2022:3250-1
Released	Mon Sep 12 09:06:45 2022
Summary	Security update for nodejs16
Type	security
Severity	moderate
References	1200303,1200517,1201710,1202382,1202383,CVE-2022-29244,CVE-2022-31150,CVE-2022-35948,CVE-2022-35949

Description:

This update for nodejs16 fixes the following issues:

CVE-2022-35949: Fixed SSRF when an application takes in user input into the path/pathname option of undici.request (bsc#1202382).
CVE-2022-35948: Fixed CRLF injection via Content-Type (bsc#1202383).
CVE-2022-29244: Fixed npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace (bsc#1200517).
CVE-2022-31150: Fixed CRLF injection in node-undici (bsc#1201710).

Bugfixes:

Enable crypto-policies for SLE15 SP4+ and TW (bsc#1200303)

Advisory ID	SUSE-SU-2022:3252-1
Released	Mon Sep 12 09:07:53 2022
Summary	Security update for freetype2
Type	security
Severity	moderate
References	1198823,1198830,1198832,CVE-2022-27404,CVE-2022-27405,CVE-2022-27406

Description:

This update for freetype2 fixes the following issues:

CVE-2022-27404 Fixed a segmentation fault via a crafted typeface (bsc#1198830).
CVE-2022-27405 Fixed a buffer overflow via a crafted typeface (bsc#1198832).
CVE-2022-27406 Fixed a segmentation fault via a crafted typeface (bsc#1198823).

Non-security fixes:

Updated to version 2.10.4

Advisory ID	SUSE-RU-2022:3254-1
Released	Mon Sep 12 10:35:38 2022
Summary	Recommended update for inkscape
Type	recommended
Severity	moderate
References	1200369

Description:

This update for inkscape fixes the following issues:

Fix rendering of multi-line text (bsc#1200369)

Advisory ID	SUSE-RU-2022:3258-1
Released	Mon Sep 12 12:23:26 2022
Summary	Recommended update for sca-appliance-broker
Type	recommended
Severity	moderate
References	1201011

Description:

This update for sca-appliance-broker fixes the following issues:

Update setup-sca checks for php8 (bsc#1201011)

Advisory ID	SUSE-SU-2022:3259-1
Released	Mon Sep 12 12:50:32 2022
Summary	Security update for rubygem-kramdown
Type	security
Severity	important
References	1174297,CVE-2020-14001

Description:

This update for rubygem-kramdown fixes the following issues:

CVE-2020-14001: Fixed processing template options inside documents allowing unintended read access or embedded Ruby code execution (bsc#1174297).

Advisory ID	SUSE-RU-2022:3261-1
Released	Tue Sep 13 04:56:02 2022
Summary	Recommended update for openCryptoki
Type	recommended
Severity	moderate
References	1202106

Description:

This update for openCryptoki fixes the following issues:

Fix C_GetMechanismList returning CKR_BUFFER_TOO_SMALL in the EP11 token (bsc#1202028)

Advisory ID	SUSE-RU-2022:3262-1
Released	Tue Sep 13 15:34:29 2022
Summary	Recommended update for gcc11
Type	recommended
Severity	moderate
References	1199140

Description:

This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140)

Advisory ID	SUSE-SU-2022:3271-1
Released	Wed Sep 14 06:45:39 2022
Summary	Security update for perl
Type	security
Severity	moderate
References	1047178,CVE-2017-6512

Description:

This update for perl fixes the following issues:

CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).

Advisory ID	SUSE-RU-2022:3275-1
Released	Thu Sep 15 06:12:51 2022
Summary	Recommended update for python-aiohttp, python-typing_extensions
Type	recommended
Severity	moderate
References	1121578,1197831,CVE-2021-21330

Description:

This update for python-aiohttp, python-typing_extensions fixes the following issues:

Include in SLE-15 (bsc#1197831)
Fixed required/optional keys with old-style TypedDict
Test in separate multibuild flavor to break depcycles with full python stdlib
Clean requirements specifications for python flavors
Add transitional typing-extensions provides
Fix tests for Python 3.9
Official support for Python 3.8 and 3.9
Fix build without python2 available
Fix isinstance() with generic protocol subclasses after subscripting
Fix tests for non-default interpreters
Use environment marker to specify typing dependency
Fix unions of protocols on Python 2

Advisory ID	SUSE-RU-2022:3279-1
Released	Thu Sep 15 10:54:17 2022
Summary	Recommended update for netty-tcnative
Type	recommended
Severity	low
References	1198792

Description:

This update for netty-tcnative fixes the following issues:

Remove dependency on separate package netty-jni-util-sources
Unpack the sources to their right place without passing through maven mechanisms
This version fixes bsc#1198792
Build with java source and target levels 1.8
Update to the 2.0.36 Final

Advisory ID	SUSE-RU-2022:3280-1
Released	Thu Sep 15 10:54:49 2022
Summary	Recommended update for yast2-storage-ng
Type	recommended
Severity	moderate
References	1194274,1197692,1198192,1200018

Description:

This update for yast2-storage-ng fixes the following issues:

Partitioner: Allow min chunk size of 4 KiB (page size) for RAID0/RAID10. (bsc#1200018)
Mark properly help text in tmpfs widget for localization. (bsc#1198192)
Fix empty help in some Partitioner dialogs. (bsc#1194274)
Fix fstab entry filesystem matching allowing the use of quotes surrounding the device 'UUID' or label. (bsc#1197692)

Advisory ID	SUSE-SU-2022:3281-1
Released	Thu Sep 15 15:33:02 2022
Summary	Security update for MozillaThunderbird
Type	security
Severity	important
References	1200793,1201758,1202645,1203007,CVE-2022-2200,CVE-2022-2226,CVE-2022-2505,CVE-2022-3032,CVE-2022-3033,CVE-2022-3034,CVE-2022-31744,CVE-2022-34468,CVE-2022-34470,CVE-2022-34472,CVE-2022-34478,CVE-2022-34479,CVE-2022-34481,CVE-2022-34484,CVE-2022-36059,CVE-2022-36314,CVE-2022-36318,CVE-2022-36319,CVE-2022-38472,CVE-2022-38473,CVE-2022-38476,CVE-2022-38477,CVE-2022-38478

Description:

This update for MozillaThunderbird fixes the following issues:
Updated to Mozilla Thunderbird 102.2.2:

CVE-2022-3033: Fixed leaking of sensitive information when composing a response to an HTML email with a META refresh tag (bsc#1203007).
CVE-2022-3032: Fixed missing blocking of remote content specified in an HTML document that was nested inside an iframe's srcdoc attribute (bsc#1203007).
CVE-2022-3034: Fixed issue where iframe element in an HTML email could trigger a network request (bsc#1203007).
CVE-2022-36059: Fixed DoS in Matrix SDK bundled with Thunderbird service attack (bsc#1203007).
CVE-2022-38472: Fixed Address bar spoofing via XSLT error handling (bsc#1202645).
CVE-2022-38473: Fixed cross-origin XSLT Documents inheriting the parent's permissions (bsc#1202645).
CVE-2022-38476: Fixed data race and potential use-after-free in PK11_ChangePW (bsc#1202645).
CVE-2022-38477: Fixed memory safety bugs (bsc#1202645).
CVE-2022-38478: Fixed memory safety bugs (bsc#1202645).

CVE-2022-36319: Fixed mouse position spoofing with CSS transforms (bsc#1201758).
CVE-2022-36318: Fixed directory indexes for bundled resources reflected URL parameters (bsc#1201758).
CVE-2022-36314: Fixed unexpected network loads when opening local .lnk files (bsc#1201758).
CVE-2022-2505: Fixed memory safety bugs (bsc#1201758).

CVE-2022-34479: Fixed vulnerability which could overlay the address bar with web content (bsc#1200793).
CVE-2022-34470: Fixed use-after-free in nsSHistory (bsc#1200793).
CVE-2022-34468: Fixed CSP sandbox header without `allow-scripts` bypass via retargeted javascript (bsc#1200793).
CVE-2022-2226: Fixed emails with a mismatching OpenPGP signature date incorrectly accepted as valid (bsc#1200793).
CVE-2022-34481: Fixed integer overflow in ReplaceElementsAt (bsc#1200793).
CVE-2022-31744: Fixed CSP bypass enabling stylesheet injection (bsc#1200793).
CVE-2022-34472: Fixed unavailable PAC file resulting in OCSP requests being blocked (bsc#1200793).
CVE-2022-34478: Fixed Microsoft protocols attacks if a user accepts a prompt (bsc#1200793).
CVE-2022-2200: Fixed vulnerability where undesired attributes could be set as part of prototype pollution (bsc#1200793).
CVE-2022-34484: Fixed memory safety bugs (bsc#1200793).

Advisory ID	SUSE-SU-2022:3283-1
Released	Thu Sep 15 15:33:51 2022
Summary	Security update for libgit2
Type	security
Severity	important
References	1198234,1201431,CVE-2022-24765,CVE-2022-29187

Description:

This update for libgit2 fixes the following issues:

CVE-2022-24765: Fixed potential command injection via git worktree (bsc#1198234).
CVE-2022-29187: Fixed incomplete fix for CVE-2022-24765 (bsc#1201431).

Advisory ID	SUSE-SU-2022:3286-1
Released	Fri Sep 16 09:08:48 2022
Summary	Security update for 389-ds
Type	security
Severity	moderate
References	1197998,1202470,CVE-2022-2850

Description:

This update for 389-ds fixes the following issues:

CVE-2022-2850: Fixed an application crash when running a sync_repl client that could be triggered via a malformed cookie (bsc#1202470).

Non-security fixes:

Update to version 2.0.16~git20.219f047ae: * Fix missing 'not' in description * CI - makes replication/acceptance_test.py::test_modify_entry more robust * fix repl keep alive event interval * Sync_repl may crash while managing invalid cookie * Hostname when set to localhost causing failures in other tests * lib389 - do not set backend name to lowercase * keep alive update event starts too soon * Fix various memory leaks * UI - LDAP Editor is not updated when we switch instances * Supplier should do periodic updates
Update sudoers schema to support UTF-8 (bsc#1197998)
Update to version 2.0.16~git9.e2a858a86: * UI - Various fixes and RFE's for UI * Remove problematic language from source code * CI - disable TLS hostname checking * Update npm and cargo packages * Support ECDSA private keys for TLS

Advisory ID	SUSE-SU-2022:3288-1
Released	Fri Sep 16 10:38:44 2022
Summary	Security update for the Linux Kernel
Type	security
Severity	important
References	1023051,1032323,1065729,1156395,1189999,1190497,1192968,1194592,1194869,1194904,1195480,1195917,1196616,1197158,1197391,1197755,1197756,1197757,1197763,1198410,1198577,1198702,1198971,1199356,1199515,1200301,1200313,1200431,1200544,1200845,1200868,1200869,1200870,1200871,1200872,1200873,1201019,1201308,1201361,1201442,1201455,1201489,1201610,1201726,1201768,1201865,1201940,1201948,1201956,1202094,1202096,1202097,1202113,1202131,1202154,1202262,1202265,1202346,1202347,1202385,1202393,1202447,1202471,1202558,1202564,1202623,1202636,1202672,1202681,1202710,1202711,1202712,1202713,1202715,1202716,1202757,1202758,1202759,1202761,1202762,1202763,1202764,1202765,1202766,1202767,1202768,1202769,1202770,1202771,1202773,1202774,1202775,1202776,1202778,1202779,1202780,1202781,1202782,1202783,1202822,1202823,1202824,1202860,1202867,1202872,1202898,1202989,1203036,1203041,1203063,1203098,1203107,1203117,1203138,1203139,1203159,CVE-2016-3695,CVE-2020-36516,CVE-2021-33135,CVE-2021-4037,CVE-2022-1184,CVE-2022-20368,CVE-2022-20369,CVE-2022-2585,CVE-2022-2588,CVE-2022-26373,CVE-2022-2639,CVE-2022-2663,CVE-2022-28356,CVE-2022-28693,CVE-2022-2873,CVE-2022-2905,CVE-2022-2938,CVE-2022-2959,CVE-2022-2977,CVE-2022-3028,CVE-2022-3078,CVE-2022-36879,CVE-2022-36946,CVE-2022-39188,CVE-2022-39190

Description:

The SUSE Linux Enterprise 15 SP4 Azure kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

CVE-2022-39190: Fixed an issue that was discovered in net/netfilter/nf_tables_api.c and could cause a denial of service upon binding to an already bound chain (bnc#1203117).
CVE-2022-39188: Fixed race condition in include/asm-generic/tlb.h where a device driver can free a page while it still has stale TLB entries (bnc#1203107).
CVE-2022-36946: Fixed a denial of service (panic) inside nfqnl_mangle in net/netfilter/nfnetlink_queue.c (bnc#1201940).
CVE-2022-36879: Fixed an issue in xfrm_expand_policies in net/xfrm/xfrm_policy.c where a refcount could be dropped twice (bnc#1201948).
CVE-2022-3078: Fixed a lack of check after calling vzalloc() and lack of free after allocation in drivers/media/test-drivers/vidtv/vidtv_s302m.c (bnc#1203041).
CVE-2022-3028: Fixed race condition that was found in the IP framework for transforming packets (XFRM subsystem) (bnc#1202898).
CVE-2022-2977: Fixed reference counting for struct tpm_chip (bsc#1202672).
CVE-2022-2959: Fixed a race condition that was found inside the watch queue due to a missing lock in pipe_resize_ring() (bnc#1202681).
CVE-2022-2938: Fixed a flaw that was found inside the Pressure Stall Information implementation that could have been used to allow an attacker to crash the system or have other memory-corruption side effects (bnc#1202623).
CVE-2022-2905: Fixed tnum_range usage on array range checking for poke descriptors (bsc#1202564, bsc#1202860).
CVE-2022-2873: Fixed an out-of-bounds memory access flaw that was found in iSMT SMBus host controller driver (bnc#1202558).
CVE-2022-28693: Fixed x86/speculation behavior by disabling RRSBA (bsc#1201455).
CVE-2022-28356: Fixed a refcount leak bug that was found in net/llc/af_llc.c (bnc#1197391).
CVE-2022-2663: Fixed an issue that was found in nf_conntrack_irc where the message handling could be confused and incorrectly matches the message (bnc#1202097).
CVE-2022-2639: Fixed an integer coercion error that was found in the openvswitch kernel module (bnc#1202154).
CVE-2022-26373: Fixed non-transparent sharing of return predictor targets between contexts in some Intel Processors that may have allowed information disclosure via local access (bnc#1201726).
CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096).
CVE-2022-2585: Fixed missing cleanup of CPU timers before freeing them during exec (bsc#1202094).
CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of v4l2-mem2mem.c (bnc#1202347).
CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg() (bsc#1202346).
CVE-2022-1184: Fixed an use-after-free flaw in fs/ext4/namei.c:dx_insert_block() in the filesystem sub-component (bnc#1198577).
CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set (bnc#1198702).
CVE-2021-33135: Fixed uncontrolled resource consumption inside Intel(R) SGX that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1199515).
CVE-2020-36516: Fixed an issue in the mixed IPID assignment method where an attacker was able to inject data into or terminate a victim's TCP session (bnc#1196616).
CVE-2016-3695: Fixed an issue inside the einj_error_inject function in drivers/acpi/apei/einj.c that allowed users to simulate hardware errors and consequently cause a denial of service (bnc#1023051).

The following non-security bugs were fixed:

ACPI: APEI: Better fix to avoid spamming the console with old error logs (git-fixes).
ACPI: APEI: explicit init of HEST and GHES in apci_init() (git-fixes).
ACPI: CPPC: Do not prevent CPPC from working in the future (git-fixes).
ACPI: EC: Drop the EC_FLAGS_IGNORE_DSDT_GPE quirk (git-fixes).
ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks (git-fixes).
ACPI: LPSS: Fix missing check in register_device_clock() (git-fixes).
ACPI: PM: save NVS memory for Lenovo G40-45 (git-fixes).
ACPI: VIOT: Fix ACS setup (git-fixes).
ACPI: processor/idle: Annotate more functions to live in cpuidle section (git-fixes).
ACPI: processor: Remove freq Qos request for all CPUs (git-fixes).
ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool (git-fixes).
ACPI: thermal: drop an always true check (git-fixes).
ACPI: video: Force backlight native for some TongFang devices (git-fixes).
ACPI: video: Shortening quirk list by identifying Clevo by board_name only (git-fixes).
ALSA: bcd2000: Fix a UAF bug on the error path of probing (git-fixes).
ALSA: hda/cirrus - support for iMac 12,1 model (git-fixes).
ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model (git-fixes).
ALSA: hda/conexant: add a new hda codec SN6140 (git-fixes).
ALSA: hda/realtek: Add a quirk for HP OMEN 15 (8786) mute LED (git-fixes).
ALSA: hda/realtek: Add quirk for Clevo NS50PU, NS70PU (git-fixes).
ALSA: hda/realtek: Add quirk for Clevo NV45PZ (git-fixes).
ALSA: hda/realtek: Add quirk for HP Spectre x360 15-eb0xxx (git-fixes).
ALSA: hda/realtek: Add quirk for Lenovo Yoga9 14IAP7 (git-fixes).
ALSA: hda/realtek: Add quirk for another Asus K42JZ model (git-fixes).
ALSA: hda/realtek: Add speaker AMP init for Samsung laptops with ALC298 (git-fixes).
ALSA: hda/sigmatel: Keep power up while beep is enabled (bsc#1200544).
ALSA: hda: intel-nhlt: Correct the handling of fmt_config flexible array (git-fixes).
ALSA: info: Fix llseek return value when using callback (git-fixes).
ALSA: seq: Fix data-race at module auto-loading (git-fixes).
ALSA: seq: oss: Fix data-race for max_midi_devs access (git-fixes).
ALSA: usb-audio: Add endianness annotations (git-fixes).
ALSA: usb-audio: Add quirk for Behringer UMC202HD (git-fixes).
ALSA: usb-audio: Add quirk for LH Labs Geek Out HD Audio 1V5 (git-fixes).
ALSA: usb-audio: More comprehensive mixer map for ASUS ROG Zenith II (git-fixes).
ALSA: usb-audio: Support jack detection on Dell dock (git-fixes).
ALSA: usb-audio: Turn off 'manual mode' on Dell dock (git-fixes).
ARM: OMAP2+: Fix refcount leak in omap3xxx_prm_late_init (git-fixes).
ARM: OMAP2+: Fix refcount leak in omapdss_init_of (git-fixes).
ARM: OMAP2+: display: Fix refcount leak bug (git-fixes).
ARM: OMAP2+: pdata-quirks: Fix refcount leak bug (git-fixes).
ARM: bcm: Fix refcount leak in bcm_kona_smc_init (git-fixes).
ARM: dts: BCM5301X: Add DT for Meraki MR26 (git-fixes).
ARM: dts: ast2500-evb: fix board compatible (git-fixes).
ARM: dts: ast2600-evb-a1: fix board compatible (git-fixes).
ARM: dts: ast2600-evb: fix board compatible (git-fixes).
ARM: dts: at91: sama5d27_wlsom1: do not keep ldo2 enabled all the time (git-fixes).
ARM: dts: at91: sama5d27_wlsom1: specify proper regulator output ranges (git-fixes).
ARM: dts: at91: sama5d2_icp: do not keep vdd_other enabled all the time (git-fixes).
ARM: dts: at91: sama5d2_icp: specify proper regulator output ranges (git-fixes).
ARM: dts: imx6qdl-kontron-samx6i: remove duplicated node (git-fixes).
ARM: dts: imx6ul: add missing properties for sram (git-fixes).
ARM: dts: imx6ul: change operating-points to uint32-matrix (git-fixes).
ARM: dts: imx6ul: fix csi node compatible (git-fixes).
ARM: dts: imx6ul: fix keypad compatible (git-fixes).
ARM: dts: imx6ul: fix lcdif node compatible (git-fixes).
ARM: dts: imx6ul: fix qspi node compatible (git-fixes).
ARM: dts: imx7d-colibri-emmc: add cpu1 supply (git-fixes).
ARM: dts: qcom: mdm9615: add missing PMIC GPIO reg (git-fixes).
ARM: dts: qcom: pm8841: add required thermal-sensor-cells (git-fixes).
ARM: dts: qcom: sdx55: Fix the IRQ trigger type for UART (git-fixes).
ARM: dts: uniphier: Fix USB interrupts for PXs2 SoC (git-fixes).
ARM: findbit: fix overflowing offset (git-fixes).
ARM: shmobile: rcar-gen2: Increase refcount for new reference (git-fixes).
ASoC: SOF: debug: Fix potential buffer overflow by snprintf() (git-fixes).
ASoC: audio-graph-card: Add of_node_put() in fail path (git-fixes).
ASoC: codec: tlv320aic32x4: fix mono playback via I2S (git-fixes).
ASoC: codecs: da7210: add check for i2c_add_driver (git-fixes).
ASoC: codecs: msm8916-wcd-digital: move gains from SX_TLV to S8_TLV (git-fixes).
ASoC: codecs: wcd9335: move gains from SX_TLV to S8_TLV (git-fixes).
ASoC: cros_ec_codec: Fix refcount leak in cros_ec_codec_platform_probe (git-fixes).
ASoC: fsl-asoc-card: force cast the asrc_format type (git-fixes).
ASoC: fsl_asrc: force cast the asrc_format type (git-fixes).
ASoC: fsl_easrc: use snd_pcm_format_t type for sample_format (git-fixes).
ASoC: imx-audmux: Silence a clang warning (git-fixes).
ASoC: imx-card: Fix DSD/PDM mclk frequency (git-fixes).
ASoC: imx-card: use snd_pcm_format_t type for asrc_format (git-fixes).
ASoC: mchp-spdifrx: disable end of block interrupt on failures (git-fixes).
ASoC: mt6359: Fix refcount leak bug (git-fixes).
ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe (git-fixes).
ASoC: qcom: Fix missing of_node_put() in asoc_qcom_lpass_cpu_platform_probe() (git-fixes).
ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp() (git-fixes).
ASoC: rsnd: care default case on rsnd_ssiu_busif_err_irq_ctrl() (git-fixes).
ASoC: samsung: Fix error handling in aries_audio_probe (git-fixes).
ASoC: samsung: change gpiod_speaker_power and rx1950_audio from global to static variables (git-fixes).
ASoC: samsung: change neo1973_audio from a global to static (git-fixes).
ASoC: samsung: h1940_uda1380: include proepr GPIO consumer header (git-fixes).
ASoC: tas2770: Allow mono streams (git-fixes).
ASoC: tas2770: Drop conflicting set_bias_level power setting (git-fixes).
ASoC: tas2770: Fix handling of mute/unmute (git-fixes).
ASoC: tas2770: Set correct FSYNC polarity (git-fixes).
Bluetooth: L2CAP: Fix build errors in some archs (git-fixes).
Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression (git-fixes).
Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put (git-fixes).
Bluetooth: MGMT: Fixes build warnings with C=1 (git-fixes).
Bluetooth: btusb: Add Realtek RTL8852C support ID 0x04C5:0x1675 (git-fixes).
Bluetooth: btusb: Add Realtek RTL8852C support ID 0x04CA:0x4007 (git-fixes).
Bluetooth: btusb: Add Realtek RTL8852C support ID 0x0CB8:0xC558 (git-fixes).
Bluetooth: btusb: Add Realtek RTL8852C support ID 0x13D3:0x3586 (git-fixes).
Bluetooth: btusb: Add Realtek RTL8852C support ID 0x13D3:0x3587 (git-fixes).
Bluetooth: btusb: Add support of IMC Networks PID 0x3568 (git-fixes).
Bluetooth: hci_bcm: Add BCM4349B1 variant (git-fixes).
Bluetooth: hci_bcm: Add DT compatible for CYW55572 (git-fixes).
Bluetooth: hci_intel: Add check for platform_driver_register (git-fixes).
Documentation: ACPI: EINJ: Fix obsolete example (git-fixes).
Documentation: PM: Drop pme_interrupt reference (git-fixes).
Documentation: dm writecache: Render status list as list (git-fixes).
Documentation: fix sctp_wmem in ip-sysctl.rst (git-fixes).
Documentation: siphash: Fix typo in the name of offsetofend macro (git-fixes).
EDAC/ghes: Set the DIMM label unconditionally (bsc#1201768).
HID: AMD_SFH: Add a DMI quirk entry for Chromebooks (git-fixes).
HID: add Lenovo Yoga C630 battery quirk (git-fixes).
HID: alps: Declare U1_UNICORN_LEGACY support (git-fixes).
HID: amd_sfh: Add NULL check for hid device (git-fixes).
HID: amd_sfh: Handle condition of 'no sensors' (git-fixes).
HID: asus: ROG NKey: Ignore portion of 0x5a report (git-fixes).
HID: cp2112: prevent a buffer overflow in cp2112_xfer() (git-fixes).
HID: hid-input: add Surface Go battery quirk (git-fixes).
HID: mcp2221: prevent a buffer overflow in mcp_smbus_write() (git-fixes).
HID: multitouch: new device class fix Lenovo X12 trackpad sticky (git-fixes).
HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report (git-fies).
HID: thrustmaster: Add sparco wheel and fix array length (git-fixes).
HID: wacom: Do not register pad_input for touch switch (git-fixes).
HID: wacom: Only report rotation for art pen (git-fixes).
Input: exc3000 - fix return value check of wait_for_completion_timeout (git-fixes).
Input: gscps2 - check return value of ioremap() in gscps2_probe() (git-fixes).
Input: i8042 - add TUXEDO devices to i8042 quirk tables (git-fies).
Input: i8042 - add additional TUXEDO devices to i8042 quirk tables (git-fies).
Input: i8042 - merge quirk tables (git-fies).
Input: i8042 - move __initconst to fix code styling warning (git-fies).
Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag (git-fixes).
Input: rk805-pwrkey - fix module autoloading (git-fixes).
KABI: cgroup: Restore KABI of css_set (bsc#1201610).
KEYS: asymmetric: enforce SM2 signature use pkey algo (git-fixes).
KVM: LAPIC: Also cancel preemption timer during SET_LAPIC (git-fixes).
KVM: MMU: shadow nested paging does not have PKU (git-fixes).
KVM: PPC: Book3S HV: Check return value of kvmppc_radix_init (bsc#1194869).
KVM: PPC: Book3S HV: Prevent POWER7/8 TLB flush flushing SLB (bsc#1156395).
KVM: PPC: Book3S HV: Remove kvmhv_p9_[set,restore]_lpcr declarations (bsc#1194869).
KVM: PPC: Book3S HV: Use GLOBAL_TOC for kvmppc_h_set_dabr/xdabr() (bsc#1156395).
KVM: PPC: Book3S HV: fix incorrect NULL check on list iterator (bsc#1194869).
KVM: PPC: Book3s HV: Remove unused function kvmppc_bad_interrupt (bsc#1194869).
KVM: PPC: Fix vmx/vsx mixup in mmio emulation (bsc#1156395).
KVM: PPC: Use arch_get_random_seed_long instead of powernv variant (bsc#1156395).
KVM: SVM: Do not BUG if userspace injects an interrupt with GIF=0 (git-fixes).
KVM: SVM: Do not intercept #GP for SEV guests (git-fixes).
KVM: SVM: Unwind 'speculative' RIP advancement if INTn injection 'fails' (git-fixes).
KVM: SVM: fix panic on out-of-bounds guest IRQ (git-fixes).
KVM: VMX: Print VM-instruction error as unsigned (git-fixes).
KVM: VMX: prepare sync_pir_to_irr for running with APICv disabled (git-fixes).
KVM: VMX: switch blocked_vcpu_on_cpu_lock to raw spinlock (git-fixes).
KVM: X86: Use vcpu->arch.walk_mmu for kvm_mmu_invlpg() (git-fixes).
KVM: X86: avoid uninitialized 'fault.async_page_fault' from fixed-up #PF (git-fixes).
KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2 (bsc#1201442)
KVM: nVMX: Inject #UD if VMXON is attempted with incompatible CR0/CR4 (git-fixes).
KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported value (git-fixes).
KVM: nVMX: Set UMIP bit CR4_FIXED1 MSR when emulating UMIP (git-fixes).
KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case (git-fixes).
KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case (git-fixes).
KVM: nVMX: Synthesize TRIPLE_FAULT for L2 if emulation is required (git-fixes).
KVM: nVMX: do not use vcpu->arch.efer when checking host state on nested state load (git-fixes).
KVM: x86/mmu: Do not freak out if pml5_root is NULL on 4-level host (git-fixes).
KVM: x86/mmu: Move 'invalid' check out of kvm_tdp_mmu_get_root() (git-fixes).
KVM: x86/mmu: Zap _all_ roots when unmapping gfn range in TDP MMU (git-fixes).
KVM: x86/mmu: include EFER.LMA in extended mmu role (git-fixes).
KVM: x86/mmu: make apf token non-zero to fix bug (git-fixes).
KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() (git-fixes).
KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq (git-fixes).
KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't activated (git-fixes).
KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks (git-fixes).
KVM: x86: SVM: do not passthrough SMAP/SMEP/PKE bits in !NPT && !gCR0.PG case (git-fixes).
KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP (git-fixes).
KVM: x86: check PIR even for vCPUs with disabled APICv (git-fixes).
KVM: x86: hyper-v: Drop redundant 'ex' parameter from kvm_hv_flush_tlb() (git-fixes).
KVM: x86: ignore APICv if LAPIC is not enabled (git-fixes).
KVM: x86: remove PMU FIXED_CTR3 from msrs_to_save_all (git-fixes).
KVM: x86: revalidate steal time cache if MSR value changes (git-fixes).
NFSD: Clamp WRITE offsets (git-fixes).
NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes (git-fixes).
NFSD: Fix ia_size underflow (git-fixes).
NFSD: Fix possible sleep during nfsd4_release_lockowner() (git-fixes).
NFSD: prevent integer overflow on 32 bit systems (git-fixes).
NFSD: prevent underflow in nfssvc_decode_writeargs() (git-fixes).
NTB: ntb_tool: uninitialized heap data in tool_fn_write() (git-fixes).
PCI/ACPI: Guard ARM64-specific mcfg_quirks (git-fixes).
PCI/AER: Iterate over error counters instead of error strings (git-fixes).
PCI/portdrv: Do not disable AER reporting in get_port_device_capability() (git-fixes).
PCI: Add ACS quirk for Broadcom BCM5750x NICs (git-fixes).
PCI: aardvark: Fix reporting Slot capabilities on emulated bridge (git-fixes).
PCI: dwc: Add unroll iATU space support to dw_pcie_disable_atu() (git-fixes).
PCI: dwc: Always enable CDM check if 'snps,enable-cdm-check' exists (git-fixes).
PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors (git-fixes).
PCI: dwc: Disable outbound windows only for controllers using iATU (git-fixes).
PCI: dwc: Set INCREASE_REGION_SIZE flag based on limit address (git-fixes).
PCI: dwc: Stop link on host_init errors and de-initialization (git-fixes).
PCI: endpoint: Do not stop controller when unbinding endpoint function (git-fixes).
PCI: hv: Only reuse existing IRTE allocation for Multi-MSI (bsc#1200845).
PCI: microchip: Fix refcount leak in mc_pcie_init_irq_domains() (git-fixes).
PCI: qcom: Power on PHY before IPQ8074 DBI register accesses (git-fixes).
PCI: qcom: Set up rev 2.1.0 PARF_PHY before enabling clocks (git-fixes).
PCI: tegra194: Fix PM error handling in tegra_pcie_config_ep() (git-fixes).
PCI: tegra194: Fix Root Port interrupt handling (git-fixes).
PCI: tegra194: Fix link up retry sequence (git-fixes).
PM: domains: Ensure genpd_debugfs_dir exists before remove (git-fixes).
PM: hibernate: defer device probing when resuming from hibernation (git-fixes).
Revert 'clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops' (git-fixes).
Revert 'drivers/video/backlight/platform_lcd.c: add support for device tree based probe' (git-fixes).
Revert 'drm/i915: Hold reference to intel_context over life of i915_request' (git-fixes).
Revert 'drm/udl: Kill pending URBs at suspend and disconnect' (bsc#1195917).
Revert 'ipv6: Honor all IPv6 PIO Valid Lifetime values' (bsc#1202989).
Revert 'net: usb: ax88179_178a needs FLAG_SEND_ZLP' (git-fixes).
Revert 'scripts/mod/modpost.c: permit '.cranges' secton for sh64 architecture.' (git-fixes).
Revert 'usb: gadget: udc-xilinx: replace memcpy with memcpy_toio' (git-fixes).
Revert 'x86/sev: Expose sev_es_ghcb_hv_call() for use by HyperV' (bsc#1190497).
SUNRPC: Fix NFSD's request deferral on RDMA transports (git-fixes).
SUNRPC: Fix READ_PLUS crasher (git-fixes).
SUNRPC: Prevent immediate close+reconnect (git-fixes).
USB: Follow-up to SPDX GPL-2.0+ identifiers addition - remove now useless comments (git-fixes).
USB: Follow-up to SPDX identifiers addition - remove now useless comments (git-fixes).
USB: serial: ch314: use usb_control_msg_recv() (git-fixes).
USB: serial: ch341: fix disabled rx timer on older devices (git-fixes).
USB: serial: fix tty-port initialized comments (git-fixes).
apparmor: Fix failed mount permission check error message (git-fixes).
apparmor: Fix memleak in aa_simple_write_to_buffer() (git-fixes).
apparmor: fix aa_label_asxprint return check (git-fixes).
apparmor: fix absroot causing audited secids to begin with = (git-fixes).
apparmor: fix overlapping attachment computation (git-fixes).
apparmor: fix quiet_denied for file rules (git-fixes).
apparmor: fix reference count leak in aa_pivotroot() (git-fixes).
apparmor: fix setting unconfined mode on a loaded profile (git-fixes).
arm64: Do not forget syscall when starting a new thread (git-fixes).
arm64: Fix match_list for erratum 1286807 on Arm Cortex-A76 (git-fixes).
arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1 (git-fixes).
arm64: dts: allwinner: a64: orangepi-win: Fix LED node name (git-fixes).
arm64: dts: mt7622: fix BPI-R64 WPS button (git-fixes).
arm64: dts: mt8192: Fix idle-states entry-method (git-fixes).
arm64: dts: mt8192: Fix idle-states nodes naming scheme (git-fixes).
arm64: dts: qcom: ipq8074: fix NAND node name (git-fixes).
arm64: dts: qcom: msm8916: Fix typo in pronto remoteproc node (git-fixes).
arm64: dts: qcom: qcs404: Fix incorrect USB2 PHYs assignment (git-fixes).
arm64: dts: qcom: sm8250: add missing PCIe PHY clock-cells (git-fixes).
arm64: dts: renesas: Fix thermal-sensors on single-zone sensors (git-fixes).
arm64: dts: renesas: beacon: Fix regulator node names (git-fixes).
arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC (git-fixes).
arm64: fix oops in concurrently setting insn_emulation sysctls (git-fixes).
arm64: fix rodata=full (git-fixes).
arm64: kasan: Revert 'arm64: mte: reset the page tag in page->flags' (git-fixes).
arm64: set UXN on swapper page tables (git-fixes).
arm64: tegra: Fix SDMMC1 CD on P2888 (git-fixes).
arm64: tegra: Fixup SYSRAM references (git-fixes).
arm64: tegra: Mark BPMP channels as no-memory-wc (git-fixes).
asm-generic: sections: refactor memory_intersects (git-fixes).
ata: libata-eh: Add missing command name (git-fixes).
ath10k: do not enforce interrupt trigger type (git-fixes).
ath11k: Fix incorrect debug_mask mappings (git-fixes).
ath11k: fix netdev open race (git-fixes).
atm: idt77252: fix use-after-free bugs caused by tst_timer (git-fixes).
audit: fix potential double free on error path from fsnotify_add_inode_mark (git-fixes).
ax25: Fix ax25 session cleanup problems (git-fixes).
block: Fix fsync always failed if once failed (bsc#1202779).
block: Fix wrong offset in bio_truncate() (bsc#1202780).
block: fix rq-qos breakage from skipping rq_qos_done_bio() (bsc#1202781).
block: only mark bio as tracked if it really is tracked (bsc#1202782).
bnx2x: Invalidate fastpath HSI version for VFs (git-fixes).
bnx2x: Utilize firmware 7.13.21.0 (git-fixes).
btrfs: properly flag filesystem with BTRFS_FEATURE_INCOMPAT_BIG_METADATA (git-fixes).
bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe() (git-fixes).
can: Break loopback loop on loopback documentation (git-fixes).
can: ems_usb: fix clang's -Wunaligned-access warning (git-fixes).
can: error: specify the values of data[5..7] of CAN error frames (git-fixes).
can: hi311x: do not report txerr and rxerr during bus-off (git-fixes).
can: j1939: j1939_sk_queue_activate_next_locked(): replace WARN_ON_ONCE with netdev_warn_once() (git-fixes).
can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off (git-fixes).
can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off (git-fixes).
can: mcp251x: Fix race condition on receive interrupt (git-fixes).
can: mcp251xfd: mcp251xfd_dump(): fix comment (git-fixes).
can: netlink: allow configuring of fixed bit rates without need for do_set_bittiming callback (git-fixes).
can: netlink: allow configuring of fixed data bit rates without need for do_set_data_bittiming callback (git-fixes).
can: pch_can: do not report txerr and rxerr during bus-off (git-fixes).
can: pch_can: pch_can_error(): initialize errc before using it (git-fixes).
can: rcar_can: do not report txerr and rxerr during bus-off (git-fixes).
can: sja1000: do not report txerr and rxerr during bus-off (git-fixes).
can: sun4i_can: do not report txerr and rxerr during bus-off (git-fixes).
can: usb_8dev: do not report txerr and rxerr during bus-off (git-fixes).
ceph: do not leak snap_rwsem in handle_cap_grant (bsc#1202823).
ceph: do not truncate file in atomic_open (bsc#1202824).
ceph: use correct index when encoding client supported features (bsc#1202822).
cfg80211/mac80211: assume CHECKSUM_COMPLETE includes SNAP (bsc#1202131).
cgroup: Use separate src/dst nodes when preloading css_sets for migration (bsc#1201610).
clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate (git-fixes).
clk: core: Fix runtime PM sequence in clk_core_unprepare() (git-fixes).
clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops (git-fixes).
clk: mediatek: reset: Fix written reset bit offset (git-fixes).
clk: qcom: camcc-sdm845: Fix topology around titan_top power domain (git-fixes).
clk: qcom: camcc-sm8250: Fix halt on boot by reducing driver's init level (git-fixes).
clk: qcom: camcc-sm8250: Fix topology around titan_top power domain (git-fixes).
clk: qcom: clk-alpha-pll: fix clk_trion_pll_configure description (git-fixes).
clk: qcom: clk-krait: unlock spin after mux completion (git-fixes).
clk: qcom: clk-rcg2: Fail Duty-Cycle configuration if MND divider is not enabled (git-fixes).
clk: qcom: clk-rcg2: Make sure to not write d=0 to the NMD register (git-fixes).
clk: qcom: gcc-msm8939: Add missing SYSTEM_MM_NOC_BFDCD_CLK_SRC (git-fixes).
clk: qcom: gcc-msm8939: Add missing system_mm_noc_bfdcd_clk_src (git-fixes).
clk: qcom: gcc-msm8939: Fix bimc_ddr_clk_src rcgr base address (git-fixes).
clk: qcom: gcc-msm8939: Fix weird field spacing in ftbl_gcc_camss_cci_clk (git-fixes).
clk: qcom: gcc-msm8939: Point MM peripherals to system_mm_noc clock (git-fixes).
clk: qcom: ipq8074: SW workaround for UBI32 PLL lock (git-fixes).
clk: qcom: ipq8074: dont disable gcc_sleep_clk_src (git-fixes).
clk: qcom: ipq8074: fix NSS core PLL-s (git-fixes).
clk: qcom: ipq8074: fix NSS port frequency tables (git-fixes).
clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks (git-fixes).
clk: renesas: r9a06g032: Fix UART clkgrp bitsel (git-fixes).
clk: ti: Stop using legacy clkctrl names for omap4 and 5 (git-fixes).
cpufreq: zynq: Fix refcount leak in zynq_get_revision (git-fixes).
crypto: arm64/poly1305 - fix a read out-of-bound (git-fixes).
crypto: ccp - During shutdown, check SEV data pointer before using (git-fixes).
crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak (git-fixes).
crypto: hisilicon - Kunpeng916 crypto driver do not sleep when in softirq (git-fixes).
crypto: hisilicon/hpre - do not use GFP_KERNEL to alloc mem during softirq (git-fixes).
crypto: hisilicon/sec - do not sleep when in softirq (git-fixes).
crypto: hisilicon/sec - fix auth key size error (git-fixes).
crypto: inside-secure - Add missing MODULE_DEVICE_TABLE for of (git-fixes).
crypto: sun8i-ss - do not allocate memory when handling hash requests (git-fixes).
crypto: sun8i-ss - fix error codes in allocate_flows() (git-fixes).
crypto: sun8i-ss - fix infinite loop in sun8i_ss_setup_ivs() (git-fixes).
devlink: Fix use-after-free after a failed reload (git-fixes).
dm raid: fix KASAN warning in raid5_add_disks (git-fixes).
dmaengine: dw-axi-dmac: do not print NULL LLI during error (git-fixes).
dmaengine: dw-axi-dmac: ignore interrupt if no descriptor (git-fixes).
dmaengine: dw-edma: Fix eDMA Rd/Wr-channels and DMA-direction semantics (git-fixes).
dmaengine: imx-dma: Cast of_device_get_match_data() with (uintptr_t) (git-fixes).
dmaengine: sf-pdma: Add multithread support for a DMA channel (git-fixes).
dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed (git-fixes).
dmaengine: stm32-mdma: Remove dead code in stm32_mdma_irq_handler() (git-fixes).
docs: i2c: i2c-sysfs: fix hyperlinks (git-fixes).
docs: zh_CN: fix a broken reference (git-fixes).
dpaa2-eth: fix ethtool statistics (git-fixes).
driver core: Do not probe devices after bus_type.match() probe deferral (git-fixes).
driver core: fix potential deadlock in __driver_attach (git-fixes).
drivers/iio: Remove all strcpy() uses (git-fixes).
drivers: usb: dwc3-qcom: Add sdm660 compatible (git-fixes).
drm/amd/amd_shared.h: Add missing doc for PP_GFX_DCS_MASK (git-fixes).
drm/amd/display: Add option to defer works of hpd_rx_irq (git-fixes).
drm/amd/display: Avoid MPC infinite loop (git-fixes).
drm/amd/display: Check correct bounds for stream encoder instances for DCN303 (git-fixes).
drm/amd/display: Enable building new display engine with KCOV enabled (git-fixes).
drm/amd/display: Fix HDMI VSIF V3 incorrect issue (git-fixes).
drm/amd/display: Fix pixel clock programming (git-fixes).
drm/amd/display: Fix surface optimization regression on Carrizo (git-fixes).
drm/amd/display: For stereo keep 'FLIP_ANY_FRAME' (git-fixes).
drm/amd/display: Reset DMCUB before HW init (git-fixes).
drm/amd/display: Revert 'drm/amd/display: turn DPMS off on connector unplug' (git-fixes).
drm/amd/display: avoid doing vm_init multiple time (git-fixes).
drm/amd/display: clear optc underflow before turn off odm clock (git-fixes).
drm/amd/pm: add missing ->fini_microcode interface for Sienna Cichlid (git-fixes).
drm/amdgpu: Check BO's requested pinning domains against its preferred_domains (git-fixes).
drm/amdgpu: Increase tlb flush timeout for sriov (git-fixes).
drm/amdgpu: Remove one duplicated ef removal (git-fixes).
drm/amdgpu: remove useless condition in amdgpu_job_stop_all_jobs_on_sched() (git-fixes).
drm/bridge: lt9611uxc: Cancel only driver's work (git-fixes).
drm/bridge: tc358767: Fix (e)DP bridge endpoint parsing in dedicated function (git-fixes).
drm/bridge: tc358767: Make sure Refclk clock are enabled (git-fixes).
drm/bridge: tc358767: Move (e)DP bridge endpoint parsing into dedicated function (git-fixes).
drm/doc: Fix comment typo (git-fixes).
drm/exynos/exynos7_drm_decon: free resources when clk_set_parent() failed (git-fixes).
drm/gem: Properly annotate WW context on drm_gem_lock_reservations() error (git-fixes).
drm/i915/display: avoid warnings when registering dual panel backlight (git-fixes).
drm/i915/gt: Skip TLB invalidations once wedged (git-fixes).
drm/i915/reg: Fix spelling mistake 'Unsupport' -> 'Unsupported' (git-fixes).
drm/i915: fix null pointer dereference (git-fixes).
drm/mcde: Fix refcount leak in mcde_dsi_bind (git-fixes).
drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function (git-fixes).
drm/mediatek: Allow commands to be sent during video mode (git-fixes).
drm/mediatek: Keep dsi as LP00 before dcs cmds transfer (git-fixes).
drm/mediatek: Modify dsi funcs to atomic operations (git-fixes).
drm/mediatek: Separate poweron/poweroff from enable/disable and define new funcs (git-fixes).
drm/mediatek: dpi: Only enable dpi after the bridge is enabled (git-fixes).
drm/mediatek: dpi: Remove output format of YUV (git-fixes).
drm/meson: Fix overflow implicit truncation warnings (git-fixes).
drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors() (git-fixes).
drm/mipi-dbi: align max_chunk to 2 in spi_transfer (git-fixes).
drm/msm/dpu: Fix for non-visible planes (git-fixes).
drm/msm/dsi: Fix number of regulators for SDM660 (git-fixes).
drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg (git-fixes).
drm/msm/dsi: fix the inconsistent indenting (git-fixes).
drm/msm/hdmi: drop empty 'none' regulator lists (git-fixes).
drm/msm/hdmi: enable core-vcc/core-vdda-supply for 8996 platform (git-fixes).
drm/msm/mdp5: Fix global state lock backoff (git-fixes).
drm/msm: Avoid dirtyfb stalls on video mode displays (v2) (git-fixes).
drm/msm: Fix dirtyfb refcounting (git-fixes).
drm/nouveau/acpi: Do not print error when we get -EINPROGRESS from pm_runtime (git-fixes).
drm/nouveau/kms: Fix failure path for creating DP connectors (git-fixes).
drm/nouveau: Do not pm_runtime_put_sync(), only pm_runtime_put_autosuspend() (git-fixes).
drm/nouveau: fix another off-by-one in nvbios_addr (git-fixes).
drm/nouveau: recognise GA103 (git-fixes).
drm/radeon: fix incorrrect SPDX-License-Identifiers (git-fixes).
drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() (git-fixes).
drm/rockchip: Fix an error handling path rockchip_dp_probe() (git-fixes).
drm/rockchip: vop: Do not crash for invalid duplicate_state() (git-fixes).
drm/shmem-helper: Add missing vunmap on error (git-fixes).
drm/simpledrm: Fix return type of simpledrm_simple_display_pipe_mode_valid() (git-fixes).
drm/st7735r: Fix module autoloading for Okaya RH128128T (git-fixes).
drm/sun4i: dsi: Prevent underflow when computing packet sizes (git-fixes).
drm/ttm: Fix dummy res NULL ptr deref bug (git-fixes).
drm/udl: Add parameter to set number of URBs (bsc#1195917).
drm/udl: Add reset_resume (bsc#1195917)
drm/udl: Do not re-initialize stuff at retrying the URB list allocation (bsc#1195917).
drm/udl: Drop unneeded alignment (bsc#1195917).
drm/udl: Enable damage clipping (bsc#1195917).
drm/udl: Fix inconsistent urbs.count value during udl_free_urb_list() (bsc#1195917).
drm/udl: Fix potential URB leaks (bsc#1195917).
drm/udl: Increase the default URB list size to 20 (bsc#1195917).
drm/udl: Kill pending URBs at suspend and disconnect (bsc#1195917).
drm/udl: Replace BUG_ON() with WARN_ON() (bsc#1195917).
drm/udl: Replace semaphore with a simple wait queue (bsc#1195917).
drm/udl: Restore display mode on resume (bsc#1195917)
drm/udl: Suppress error print for -EPROTO at URB completion (bsc#1195917).
drm/udl: Sync pending URBs at suspend / disconnect (bsc#1195917).
drm/udl: Sync pending URBs at the end of suspend (bsc#1195917).
drm/vc4: change vc4_dma_range_matches from a global to static (git-fixes).
drm/vc4: drv: Adopt the dma configuration from the HVS or V3D component (git-fixes).
drm/vc4: dsi: Add correct stop condition to vc4_dsi_encoder_disable iteration (git-fixes).
drm/vc4: dsi: Correct DSI divider calculations (git-fixes).
drm/vc4: dsi: Correct pixel order for DSI0 (git-fixes).
drm/vc4: dsi: Fix dsi0 interrupt support (git-fixes).
drm/vc4: dsi: Register dsi0 as the correct vc4 encoder type (git-fixes).
drm/vc4: hdmi: Correct HDMI timing registers for interlaced modes (git-fixes).
drm/vc4: hdmi: Disable audio if dmas property is present but empty (git-fixes).
drm/vc4: hdmi: Fix timings for interlaced modes (git-fixes).
drm/vc4: hdmi: Reset HDMI MISC_CONTROL register (git-fixes).
drm/vc4: plane: Fix margin calculations for the right/bottom edges (git-fixes).
drm/vc4: plane: Remove subpixel positioning check (git-fixes).
drm: adv7511: override i2c address of cec before accessing it (git-fixes).
drm: bridge: adv7511: Add check for mipi_dsi_driver_register (git-fixes).
drm: bridge: sii8620: fix possible off-by-one (git-fixes).
dsa: mv88e6xxx: fix debug print for SPEED_UNFORCED (git-fixes).
dt-bindings: arm: qcom: fix MSM8916 MTP compatibles (git-fixes).
dt-bindings: arm: qcom: fix MSM8994 boards compatibles (git-fixes).
dt-bindings: bluetooth: broadcom: Add BCM4349B1 DT binding (git-fixes).
dt-bindings: clock: qcom,gcc-msm8996: add more GCC clock sources (git-fixes).
dt-bindings: gpio: zynq: Add missing compatible strings (git-fixes).
dt-bindings: iio: accel: Add DT binding doc for ADXL355 (git-fixes).
dt-bindings: usb: mtk-xhci: Allow wakeup interrupt-names to be optional (git-fixes).
dtb: Do not include sources in src.rpm - refer to kernel-source Same as other kernel binary packages there is no need to carry duplicate sources in dtb packages.
eeprom: idt_89hpesx: uninitialized data in idt_dbgfs_csr_write() (git-fixes).
ethernet: rocker: fix sleep in atomic context bug in neigh_timer_handler (git-fies).
ext4: Fix BUG_ON in ext4_bread when write quota data (bsc#1197755).
ext4: add new helper interface ext4_try_to_trim_range() (bsc#1202783).
ext4: add reserved GDT blocks check (bsc#1202712).
ext4: do not use the orphan list when migrating an inode (bsc#1197756).
ext4: fast commit may miss tracking unwritten range during ftruncate (bsc#1202759).
ext4: filter out EXT4_FC_REPLAY from on-disk superblock field s_state (bsc#1202771).
ext4: fix a possible ABBA deadlock due to busy PA (bsc#1202762).
ext4: fix bug_on in ext4_writepages (bsc#1200872).
ext4: fix error handling in ext4_fc_record_modified_inode() (bsc#1202767).
ext4: fix error handling in ext4_restore_inline_data() (bsc#1197757).
ext4: fix fallocate to use file_modified to update permissions consistently (bsc#1202769).
ext4: fix fast commit may miss tracking range for FALLOC_FL_ZERO_RANGE (bsc#1202757).
ext4: fix fs corruption when tring to remove a non-empty directory with IO error (bsc#1202768).
ext4: fix incorrect type issue during replay_del_range (bsc#1202867).
ext4: fix null-ptr-deref in '__ext4_journal_ensure_credits' (bsc#1202764).
ext4: fix overhead calculation to account for the reserved gdt blocks (bsc#1200869).
ext4: fix race when reusing xattr blocks (bsc#1198971).
ext4: fix super block checksum incorrect after mount (bsc#1202773).
ext4: fix symlink file size not match to file content (bsc#1200868).
ext4: fix use-after-free in ext4_rename_dir_prepare (bsc#1200871).
ext4: fix use-after-free in ext4_search_dir (bsc#1202710).
ext4: fix warning in ext4_handle_inode_extension (bsc#1202711).
ext4: force overhead calculation if the s_overhead_cluster makes no sense (bsc#1200870).
ext4: initialize err_blk before calling __ext4_get_inode_loc (bsc#1202763).
ext4: make sure quota gets properly shutdown on error (bsc#1195480).
ext4: make sure to reset inode lockdep class when quota enabling fails (bsc#1202761).
ext4: mark group as trimmed only if it was fully scanned (bsc#1202770).
ext4: modify the logic of ext4_mb_new_blocks_simple (bsc#1202766).
ext4: prevent used blocks from being allocated during fast commit replay (bsc#1202765).
ext4: recover csum seed of tmp_inode after migrating to extents (bsc#1202713).
ext4: remove EA inode entry from mbcache on inode eviction (bsc#1198971).
ext4: unindent codeblock in ext4_xattr_block_set() (bsc#1198971).
ext4: use ext4_ext_remove_space() for fast commit replay delete range (bsc#1202758).
fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters (git-fixes).
fbdev: fb_pm2fb: Avoid potential divide by zero error (git-fixes).
fbdev: fbcon: Properly revert changes when vc_resize() failed (git-fies).
filemap: Handle sibling entries in filemap_get_read_batch() (bsc#1202774).
firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails (git-fixes).
firmware: tegra: Fix error check return value of debugfs_create_file() (git-fixes).
firmware: tegra: bpmp: Do only aligned access to IPC memory area (git-fixes).
fix race between exit_itimers() and /proc/pid/timers (git-fixes).
fpga: altera-pr-ip: fix unsigned comparison with less than zero (git-fixes).
fs-writeback: writeback_sb_inodes: Recalculate 'wrote' according skipped pages (bsc#1200873).
ftrace/x86: Add back ftrace_expected assignment (git-fixes).
fuse: ioctl: translate ENOSYS (bsc#1203139).
fuse: limit nsec (bsc#1203138).
gadgetfs: ep_io - wait until IRQ finishes (git-fixes).
geneve: do not use RT_TOS for IPv6 flowlabel (git-fixes).
geneve: fix TOS inheriting for ipv4 (git-fixes).
gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data() (git-fixes).
gpio: pca953x: Add mutex_lock for regcache sync in PM (git-fixes).
grub: Fix symbol `grub_disk_get_size' not found (bsc#1201361 bsc#1192968).
habanalabs/gaudi: fix shift out of bounds (git-fixes).
habanalabs/gaudi: mask constant value before cast (git-fixes).
hwmon: (dell-smm) Add Dell XPS 13 7390 to fan control whitelist (git-fixes).
hwmon: (drivetemp) Add module alias (git-fixes).
hwmon: (gpio-fan) Fix array out of bounds access (git-fixes).
hwmon: (sht15) Fix wrong assumptions in device remove callback (git-fixes).
i2c: Fix a potential use after free (git-fixes).
i2c: cadence: Support PEC for SMBus block read (git-fixes).
i2c: imx: Make sure to unregister adapter on remove() (git-fixes).
i2c: mux-gpmux: Add of_node_put() when breaking out of loop (git-fixes).
i2c: mxs: Silence a clang warning (git-fixes).
i2c: npcm: Capitalize the one-line comment (git-fixes).
i2c: npcm: Correct slave role behavior (git-fixes).
i2c: npcm: Remove own slave addresses 2:10 (git-fixes).
ice: fix 'scheduling while atomic' on aux critical err interrupt (git-fixes).
ieee80211: add EHT 1K aggregation definitions (bsc#1202131).
ieee80211: change HE nominal packet padding value defines (bsc#1202131).
ieee802154/adf7242: defer destroy_workqueue call (git-fixes).
iio: accel: bma220: Fix alignment for DMA safety (git-fixes).
iio: accel: bma400: Fix the scale min and max macro values (git-fixes).
iio: accel: bma400: Reordering of header files (git-fixes).
iio: accel: sca3000: Fix alignment for DMA safety (git-fixes).
iio: accel: sca3300: Fix alignment for DMA safety (git-fixes).
iio: ad7292: Prevent regulator double disable (git-fixes).
iio: adc: ad7266: Fix alignment for DMA safety (git-fixes).
iio: adc: ad7292: Fix alignment for DMA safety (git-fixes).
iio: adc: ad7298: Fix alignment for DMA safety (git-fixes).
iio: adc: ad7476: Fix alignment for DMA safety (git-fixes).
iio: adc: ad7766: Fix alignment for DMA safety (git-fixes).
iio: adc: ad7768-1: Fix alignment for DMA safety (git-fixes).
iio: adc: ad7887: Fix alignment for DMA safety (git-fixes).
iio: adc: ad7923: Fix alignment for DMA safety (git-fixes).
iio: adc: hi8435: Fix alignment for DMA safety (git-fixes).
iio: adc: ltc2496: Fix alignment for DMA safety (git-fixes).
iio: adc: ltc2497: Fix alignment for DMA safety (git-fixes).
iio: adc: max1027: Fix alignment for DMA safety (git-fixes).
iio: adc: max11100: Fix alignment for DMA safety (git-fixes).
iio: adc: max1118: Fix alignment for DMA safety (git-fixes).
iio: adc: max1241: Fix alignment for DMA safety (git-fixes).
iio: adc: mcp320x: Fix alignment for DMA safety (git-fixes).
iio: adc: mcp3911: make use of the sign bit (git-fixes).
iio: adc: mcp3911: use correct formula for AD conversion (git-fixes).
iio: adc: ti-adc0832: Fix alignment for DMA safety (git-fixes).
iio: adc: ti-adc084s021: Fix alignment for DMA safety (git-fixes).
iio: adc: ti-adc108s102: Fix alignment for DMA safety (git-fixes).
iio: adc: ti-adc12138: Fix alignment for DMA safety (git-fixes).
iio: adc: ti-adc128s052: Fix alignment for DMA safety (git-fixes).
iio: adc: ti-adc161s626: Fix alignment for DMA safety (git-fixes).
iio: adc: ti-ads124s08: Fix alignment for DMA safety (git-fixes).
iio: adc: ti-ads131e08: Fix alignment for DMA safety (git-fixes).
iio: adc: ti-ads7950: Fix alignment for DMA safety (git-fixes).
iio: adc: ti-ads8344: Fix alignment for DMA safety (git-fixes).
iio: adc: ti-ads8688: Fix alignment for DMA safety (git-fixes).
iio: adc: ti-tlc4541: Fix alignment for DMA safety (git-fixes).
iio: amplifiers: ad8366: Fix alignment for DMA safety (git-fixes).
iio: common: ssp: Fix alignment for DMA safety (git-fixes).
iio: core: Fix IIO_ALIGN and rename as it was not sufficiently large (git-fixes).
iio: dac: ad5064: Fix alignment for DMA safety (git-fixes).
iio: dac: ad5360: Fix alignment for DMA safety (git-fixes).
iio: dac: ad5421: Fix alignment for DMA safety (git-fixes).
iio: dac: ad5449: Fix alignment for DMA safety (git-fixes).
iio: dac: ad5504: Fix alignment for DMA safety (git-fixes).
iio: dac: ad5755: Fix alignment for DMA safety (git-fixes).
iio: dac: ad5761: Fix alignment for DMA safety (git-fixes).
iio: dac: ad5764: Fix alignment for DMA safety (git-fixes).
iio: dac: ad5766: Fix alignment for DMA safety (git-fixes).
iio: dac: ad5770r: Fix alignment for DMA safety (git-fixes).
iio: dac: ad5791: Fix alignment for DMA saftey (git-fixes).
iio: dac: ad7303: Fix alignment for DMA safety (git-fixes).
iio: dac: ad8801: Fix alignment for DMA safety (git-fixes).
iio: dac: mcp4922: Fix alignment for DMA safety (git-fixes).
iio: dac: ti-dac082s085: Fix alignment for DMA safety (git-fixes).
iio: dac: ti-dac5571: Fix alignment for DMA safety (git-fixes).
iio: dac: ti-dac7311: Fix alignment for DMA safety (git-fixes).
iio: dac: ti-dac7612: Fix alignment for DMA safety (git-fixes).
iio: fix iio_format_avail_range() printing for none IIO_VAL_INT (git-fixes).
iio: frequency: ad9523: Fix alignment for DMA safety (git-fixes).
iio: frequency: adf4350: Fix alignment for DMA safety (git-fixes).
iio: frequency: adf4371: Fix alignment for DMA safety (git-fixes).
iio: gyro: adis16080: Fix alignment for DMA safety (git-fixes).
iio: gyro: adis16130: Fix alignment for DMA safety (git-fixes).
iio: gyro: adxrs450: Fix alignment for DMA safety (git-fixes).
iio: gyro: fxas210002c: Fix alignment for DMA safety (git-fixes).
iio: imu: fxos8700: Fix alignment for DMA safety (git-fixes).
iio: light: isl29028: Fix the warning in isl29028_remove() (git-fixes).
iio: potentiometer: ad5272: Fix alignment for DMA safety (git-fixes).
iio: potentiometer: max5481: Fix alignment for DMA safety (git-fixes).
iio: potentiometer: mcp41010: Fix alignment for DMA safety (git-fixes).
iio: potentiometer: mcp4131: Fix alignment for DMA safety (git-fixes).
iio: proximity: as3935: Fix alignment for DMA safety (git-fixes).
iio: resolver: ad2s1200: Fix alignment for DMA safety (git-fixes).
iio: resolver: ad2s90: Fix alignment for DMA safety (git-fixes).
iio: temp: ltc2983: Fix alignment for DMA safety (git-fixes).
iio: temp: maxim_thermocouple: Fix alignment for DMA safety (git-fixes).
intel_th: Fix a resource leak in an error handling path (git-fixes).
intel_th: msu-sink: Potential dereference of null pointer (git-fixes).
intel_th: msu: Fix vmalloced buffers (git-fixes).
intel_th: pci: Add Meteor Lake-P support (git-fixes).
intel_th: pci: Add Raptor Lake-S CPU support (git-fixes).
intel_th: pci: Add Raptor Lake-S PCH support (git-fixes).
interconnect: imx: fix max_node_id (git-fixes).
io_uring: add a schedule point in io_add_buffers() (git-fixes).
io_uring: terminate manual loop iterator loop correctly for non-vecs (git-fixes).
iommu/amd: Clarify AMD IOMMUv2 initialization messages (git-fixes).
iommu/amd: Enable swiotlb in all cases (git-fixes).
iommu/amd: Fix I/O page table memory leak (git-fixes).
iommu/amd: Recover from event log overflow (git-fixes).
iommu/amd: Simplify and Consolidate Virtual APIC (AVIC) Enablement (git-fixes).
iommu/arm-smmu-v3-sva: Fix mm use-after-free (git-fixes).
iommu/arm-smmu-v3: Fix size calculation in arm_smmu_mm_invalidate_range() (git-fixes).
iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop (git-fixes).
iommu/dart: Add missing module owner to ops structure (git-fixes).
iommu/dart: check return value after calling platform_get_resource() (git-fixes).
iommu/exynos: Handle failed IOMMU device registration properly (git-fixes).
iommu/iova: Improve 32-bit free space estimate (git-fixes).
iommu/ipmmu-vmsa: Check for error num after setting mask (git-fixes).
iommu/mediatek: Add list_del in mtk_iommu_remove (git-fixes).
iommu/mediatek: Add mutex for m4u_group and m4u_dom in data (git-fixes).
iommu/mediatek: Fix 2 HW sharing pgtable issue (git-fixes).
iommu/mediatek: Fix NULL pointer dereference when printing dev_name (git-fixes).
iommu/mediatek: Remove clk_disable in mtk_iommu_remove (git-fixes).
iommu/msm: Fix an incorrect NULL check on list iterator (git-fixes).
iommu/omap: Fix regression in probe for NULL pointer dereference (git-fixes).
iommu/tegra-smmu: Fix missing put_device() call in tegra_smmu_find (git-fixes).
iommu/vt-d: Acquiring lock in domain ID allocation helpers (bsc#1200301).
iommu/vt-d: Calculate mask for non-aligned flushes (git-fixes).
iommu/vt-d: Drop stop marker messages (git-fixes).
iommu/vt-d: Fix PCI bus rescan device hot add (git-fixes).
iommu/vt-d: Fix RID2PASID setup/teardown failure (git-fixes).
iommu/vt-d: Make DMAR_UNITS_SUPPORTED default 1024 (bsc#1200301).
iommu/vt-d: Refactor iommu information of each domain (bsc#1200301).
iommu/vt-d: Remove global g_iommus array (bsc#1200301).
iommu/vt-d: Remove intel_iommu::domains (bsc#1200301).
iommu/vt-d: Remove unnecessary check in intel_iommu_add() (bsc#1200301).
iommu/vt-d: Use IDA interface to manage iommu sequence id (bsc#1200301).
iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) (git-fixes).
iommu: Fix potential use-after-free during probe (git-fixes).
ipmi: fix initialization when workqueue allocation fails (git-fixes).
irqchip/tegra: Fix overflow implicit truncation warnings (git-fixes).
iwlwifi/fw: use struct_size over open coded arithmetic (bsc#1202131).
iwlwifi: ACPI: support revision 3 WGDS tables (bsc#1202131).
iwlwifi: Add support for getting rf id with blank otp (bsc#1202131).
iwlwifi: Add support for more BZ HWs (bsc#1202131).
iwlwifi: BZ Family BUS_MASTER_DISABLE_REQ code duplication (bsc#1202131).
iwlwifi: BZ Family SW reset support (bsc#1202131).
iwlwifi: Configure FW debug preset via module param (bsc#1202131).
iwlwifi: Fix FW name for gl (bsc#1202131).
iwlwifi: Fix missing error code in iwl_pci_probe() (bsc#1202131).
iwlwifi: Fix syntax errors in comments (bsc#1202131).
iwlwifi: Make use of the helper macro LIST_HEAD() (bsc#1202131).
iwlwifi: Read the correct addresses when getting the crf id (bsc#1202131).
iwlwifi: Start scratch debug register for Bz family (bsc#1202131).
iwlwifi: acpi: fix wgds rev 3 size (bsc#1202131).
iwlwifi: acpi: move ppag code from mvm to fw/acpi (bsc#1202131).
iwlwifi: add missing entries for Gf4 with So and SoF (bsc#1202131).
iwlwifi: add new Qu-Hr device (bsc#1202131).
iwlwifi: add new ax1650 killer device (bsc#1202131).
iwlwifi: add new device id 7F70 (bsc#1202131).
iwlwifi: add new pci SoF with JF (bsc#1202131).
iwlwifi: add some missing kernel-doc in struct iwl_fw (bsc#1202131).
iwlwifi: add support for BNJ HW (bsc#1202131).
iwlwifi: add support for BZ-U and BZ-L HW (bsc#1202131).
iwlwifi: add support for Bz-Z HW (bsc#1202131).
iwlwifi: add vendor specific capabilities for some RFs (bsc#1202131).
iwlwifi: advertise support for HE - DCM BPSK RX/TX (bsc#1202131).
iwlwifi: allow rate-limited error messages (bsc#1202131).
iwlwifi: api: fix struct iwl_wowlan_status_v7 kernel-doc (bsc#1202131).
iwlwifi: api: remove ttl field from TX command (bsc#1202131).
iwlwifi: api: remove unused RX status bits (bsc#1202131).
iwlwifi: avoid variable shadowing (bsc#1202131).
iwlwifi: avoid void pointer arithmetic (bsc#1202131).
iwlwifi: bump FW API to 67 for AX devices (bsc#1202131).
iwlwifi: bump FW API to 68 for AX devices (bsc#1202131).
iwlwifi: bump FW API to 69 for AX devices (bsc#1202131).
iwlwifi: bump FW API to 70 for AX devices (bsc#1202131).
iwlwifi: bump FW API to 71 for AX devices (bsc#1202131).
iwlwifi: bump FW API to 72 for AX devices (bsc#1202131).
iwlwifi: cfg: add support for 1K BA queue (bsc#1202131).
iwlwifi: dbg-tlv: clean up iwl_dbg_tlv_update_drams() (bsc#1202131).
iwlwifi: dbg: add infra for tracking free buffer size (bsc#1202131).
iwlwifi: dbg: check trigger data before access (bsc#1202131).
iwlwifi: dbg: disable ini debug in 8000 family and below (bsc#1202131).
iwlwifi: dbg: in sync mode do not call schedule (bsc#1202131).
iwlwifi: dbg: treat dbgc allocation failure when tlv is missing (bsc#1202131).
iwlwifi: dbg: treat non active regions as unsupported regions (bsc#1202131).
iwlwifi: dbg_ini: Split memcpy() to avoid multi-field write (bsc#1202131).
iwlwifi: de-const properly where needed (bsc#1202131).
iwlwifi: debugfs: remove useless double condition (bsc#1202131).
iwlwifi: do not dump_stack() when we get an unexpected interrupt (bsc#1202131).
iwlwifi: do not use __unused as variable name (bsc#1202131).
iwlwifi: drv: load tlv debug data earlier (bsc#1202131).
iwlwifi: dump CSR scratch from outer function (bsc#1202131).
iwlwifi: dump RCM error tables (bsc#1202131).
iwlwifi: dump both TCM error tables if present (bsc#1202131).
iwlwifi: dump host monitor data when NIC does not init (bsc#1202131).
iwlwifi: dvm: use struct_size over open coded arithmetic (bsc#1202131).
iwlwifi: eeprom: clean up macros (bsc#1202131).
iwlwifi: fix LED dependencies (bsc#1202131).
iwlwifi: fix debug TLV parsing (bsc#1202131).
iwlwifi: fix fw/img.c license statement (bsc#1202131).
iwlwifi: fix iwl_legacy_rate_to_fw_idx (bsc#1202131).
iwlwifi: fix small doc mistake for iwl_fw_ini_addr_val (bsc#1202131).
iwlwifi: fix various more -Wcast-qual warnings (bsc#1202131).
iwlwifi: fw dump: add infrastructure for dump scrubbing (bsc#1202131).
iwlwifi: fw: add support for splitting region type bits (bsc#1202131).
iwlwifi: fw: api: add link to PHY context command struct v1 (bsc#1202131).
iwlwifi: fw: correctly detect HW-SMEM region subtype (bsc#1202131).
iwlwifi: fw: fix some scan kernel-doc (bsc#1202131).
iwlwifi: fw: init SAR GEO table only if data is present (bsc#1202131).
iwlwifi: fw: make dump_start callback void (bsc#1202131).
iwlwifi: fw: remove dead error log code (bsc#1202131).
iwlwifi: implement reset flow for Bz devices (bsc#1202131).
iwlwifi: iwl-eeprom-parse: mostly dvm only (bsc#1202131).
iwlwifi: make iwl_fw_lookup_cmd_ver() take a cmd_id (bsc#1202131).
iwlwifi: make iwl_txq_dyn_alloc_dma() return the txq (bsc#1202131).
iwlwifi: make some functions friendly to sparse (bsc#1202131).
iwlwifi: move symbols into a separate namespace (bsc#1202131).
iwlwifi: mvm/api: define system control command (bsc#1202131).
iwlwifi: mvm: Add RTS and CTS flags to iwl_tx_cmd_flags (bsc#1202131).
iwlwifi: mvm: Add list of OEMs allowed to use TAS (bsc#1202131).
iwlwifi: mvm: Add support for a new version of scan request command (bsc#1202131).
iwlwifi: mvm: Add support for new rate_n_flags in tx_cmd (bsc#1202131).
iwlwifi: mvm: Consider P2P GO operation during scan (bsc#1202131).
iwlwifi: mvm: Disable WiFi bands selectively with BIOS (bsc#1202131).
iwlwifi: mvm: Do not fail if PPAG isn't supported (bsc#1202131).
iwlwifi: mvm: Fix wrong documentation for scan request command (bsc#1202131).
iwlwifi: mvm: Passively scan non PSC channels only when requested so (bsc#1202131).
iwlwifi: mvm: Read acpi dsm to get channel activation bitmap (bsc#1202131).
iwlwifi: mvm: Remove antenna c references (bsc#1202131).
iwlwifi: mvm: Support new TX_RSP and COMPRESSED_BA_RES versions (bsc#1202131).
iwlwifi: mvm: Support new rate_n_flags for REPLY_RX_MPDU_CMD and RX_NO_DATA_NOTIF (bsc#1202131).
iwlwifi: mvm: Support new version of BEACON_TEMPLATE_CMD (bsc#1202131).
iwlwifi: mvm: Support new version of ranging response notification (bsc#1202131).
iwlwifi: mvm: Support version 3 of tlc_update_notif (bsc#1202131).
iwlwifi: mvm: Unify the scan iteration functions (bsc#1202131).
iwlwifi: mvm: Use all Rx chains for roaming scan (bsc#1202131).
iwlwifi: mvm: add US/CA to TAS block list if OEM isn't allowed (bsc#1202131).
iwlwifi: mvm: add a flag to reduce power command (bsc#1202131).
iwlwifi: mvm: add additional info for boot info failures (bsc#1202131).
iwlwifi: mvm: add additional info for boot info failures (bsc#1202131).
iwlwifi: mvm: add dbg_time_point to debugfs (bsc#1202131).
iwlwifi: mvm: add definitions for new rate & flags (bsc#1202131).
iwlwifi: mvm: add lmac/umac PC info in case of error (bsc#1202131).
iwlwifi: mvm: add missing min_size to kernel-doc (bsc#1202131).
iwlwifi: mvm: add some missing command strings (bsc#1202131).
iwlwifi: mvm: add support for 160Mhz in ranging measurements (bsc#1202131).
iwlwifi: mvm: add support for CT-KILL notification version 2 (bsc#1202131).
iwlwifi: mvm: add support for IMR based on platform (bsc#1202131).
iwlwifi: mvm: add support for OCE scan (bsc#1202131).
iwlwifi: mvm: add support for PHY context command v4 (bsc#1202131).
iwlwifi: mvm: add support for statistics update version 15 (bsc#1202131).
iwlwifi: mvm: allow enabling UHB TAS in the USA via ACPI setting (bsc#1202131).
iwlwifi: mvm: always remove the session protection after association (bsc#1202131).
iwlwifi: mvm: always store the PPAG table as the latest version (bsc#1202131).
iwlwifi: mvm: always use 4K RB size by default (bsc#1202131).
iwlwifi: mvm: change old-SN drop threshold (bsc#1202131).
iwlwifi: mvm: clean up indenting in iwl_mvm_tlc_update_notif() (bsc#1202131).
iwlwifi: mvm: convert old rate & flags to the new format (bsc#1202131).
iwlwifi: mvm: correct sta-state logic for TDLS (bsc#1202131).
iwlwifi: mvm: correctly set channel flags (bsc#1202131).
iwlwifi: mvm: correctly set schedule scan profiles (bsc#1202131).
iwlwifi: mvm: d3: move GTK rekeys condition (bsc#1202131).
iwlwifi: mvm: d3: support v12 wowlan status (bsc#1202131).
iwlwifi: mvm: d3: use internal data representation (bsc#1202131).
iwlwifi: mvm: demote non-compliant kernel-doc header (bsc#1202131).
iwlwifi: mvm: do not get address of mvm->fwrt just to dereference as a pointer (bsc#1202131).
iwlwifi: mvm: do not send BAID removal to the FW during hw_restart (bsc#1202131).
iwlwifi: mvm: do not trust hardware queue number (bsc#1202131).
iwlwifi: mvm: drop too short packets silently (bsc#1202131).
iwlwifi: mvm: extend session protection on association (bsc#1202131).
iwlwifi: mvm: fix WGDS table print in iwl_mvm_chub_update_mcc() (bsc#1202131).
iwlwifi: mvm: fix a stray tab (bsc#1202131).
iwlwifi: mvm: fix condition which checks the version of rate_n_flags (bsc#1202131).
iwlwifi: mvm: fix delBA vs. NSSN queue sync race (bsc#1202131).
iwlwifi: mvm: fix ieee80211_get_he_iftype_cap() iftype (bsc#1202131).
iwlwifi: mvm: fix off by one in iwl_mvm_stat_iterator_all_macs() (bsc#1202131).
iwlwifi: mvm: fw: clean up hcmd struct creation (bsc#1202131).
iwlwifi: mvm: handle RX checksum on Bz devices (bsc#1202131).
iwlwifi: mvm: improve log when processing CSA (bsc#1202131).
iwlwifi: mvm: isolate offload assist (checksum) calculation (bsc#1202131).
iwlwifi: mvm: make iwl_mvm_reconfig_scd() static (bsc#1202131).
iwlwifi: mvm: offload channel switch timing to FW (bsc#1202131).
iwlwifi: mvm: only enable HE DCM if we also support TX (bsc#1202131).
iwlwifi: mvm: optionally suppress assert log (bsc#1202131).
iwlwifi: mvm: parse firmware alive message version 6 (bsc#1202131).
iwlwifi: mvm: read 6E enablement flags from DSM and pass to FW (bsc#1202131).
iwlwifi: mvm: reduce WARN_ON() in TX status path (bsc#1202131).
iwlwifi: mvm: refactor iwl_mvm_sta_rx_agg() (bsc#1202131).
iwlwifi: mvm: refactor setting PPE thresholds in STA_HE_CTXT_CMD (bsc#1202131).
iwlwifi: mvm: remove card state notification code (bsc#1202131).
iwlwifi: mvm: remove cipher scheme support (bsc#1202131).
iwlwifi: mvm: remove csi from iwl_mvm_pass_packet_to_mac80211() (bsc#1202131).
iwlwifi: mvm: remove iwl_mvm_disable_txq() flags argument (bsc#1202131).
iwlwifi: mvm: remove session protection after auth/assoc (bsc#1202131).
iwlwifi: mvm: remove session protection on disassoc (bsc#1202131).
iwlwifi: mvm: remove session protection upon station removal (bsc#1202131).
iwlwifi: mvm: rfi: handle deactivation notification (bsc#1202131).
iwlwifi: mvm: rfi: update rfi table (bsc#1202131).
iwlwifi: mvm: rfi: use kmemdup() to replace kzalloc + memcpy (bsc#1202131).
iwlwifi: mvm: scrub key material in firmware dumps (bsc#1202131).
iwlwifi: mvm: set BT-coex high priority for 802.1X/4-way-HS (bsc#1202131).
iwlwifi: mvm: set inactivity timeouts also for PS-poll (bsc#1202131).
iwlwifi: mvm: starting from 22000 we have 32 Rx AMPDU sessions (bsc#1202131).
iwlwifi: mvm: support Bz TX checksum offload (bsc#1202131).
iwlwifi: mvm: support RLC configuration command (bsc#1202131).
iwlwifi: mvm: support new BAID allocation command (bsc#1202131).
iwlwifi: mvm: support revision 1 of WTAS table (bsc#1202131).
iwlwifi: mvm: support v3 of station HE context command (bsc#1202131).
iwlwifi: mvm: update BAID allocation command again (bsc#1202131).
iwlwifi: mvm: update RFI TLV (bsc#1202131).
iwlwifi: mvm: update definitions due to new rate & flags (bsc#1202131).
iwlwifi: mvm: update rate scale in moving back to assoc state (bsc#1202131).
iwlwifi: mvm: use a define for checksum flags mask (bsc#1202131).
iwlwifi: mvm: use debug print instead of WARN_ON() (bsc#1202131).
iwlwifi: nvm: Correct HE capability (bsc#1202131).
iwlwifi: parse debug exclude data from firmware file (bsc#1202131).
iwlwifi: parse error tables from debug TLVs (bsc#1202131).
iwlwifi: pcie: Adapt rx queue write pointer for Bz family (bsc#1202131).
iwlwifi: pcie: add jacket bit to device configuration parsing (bsc#1202131).
iwlwifi: pcie: add support for MS devices (bsc#1202131).
iwlwifi: pcie: adjust to Bz completion descriptor (bsc#1202131).
iwlwifi: pcie: fix SW error MSI-X mapping (bsc#1202131).
iwlwifi: pcie: fix constant-conversion warning (bsc#1202131).
iwlwifi: pcie: fix killer name matching for AX200 (bsc#1202131).
iwlwifi: pcie: iwlwifi: fix device id 7F70 struct (bsc#1202131).
iwlwifi: pcie: make sure iwl_rx_packet_payload_len() will not underflow (bsc#1202131).
iwlwifi: pcie: refactor dev_info lookup (bsc#1202131).
iwlwifi: pcie: remove duplicate entry (bsc#1202131).
iwlwifi: pcie: remove two duplicate PNJ device entries (bsc#1202131).
iwlwifi: pcie: retake ownership after reset (bsc#1202131).
iwlwifi: pcie: simplify iwl_pci_find_dev_info() (bsc#1202131).
iwlwifi: pcie: support Bz suspend/resume trigger (bsc#1202131).
iwlwifi: pcie: try to grab NIC access early (bsc#1202131).
iwlwifi: pcie: update sw error interrupt for BZ family (bsc#1202131).
iwlwifi: pnvm: print out the version properly (bsc#1202131).
iwlwifi: prefer WIDE_ID() over iwl_cmd_id() (bsc#1202131).
iwlwifi: propagate (const) type qualifier (bsc#1202131).
iwlwifi: recognize missing PNVM data and then log filename (bsc#1202131).
iwlwifi: remove MODULE_AUTHOR() statements (bsc#1202131).
iwlwifi: remove command ID argument from queue allocation (bsc#1202131).
iwlwifi: remove contact information (bsc#1202131).
iwlwifi: remove deprecated broadcast filtering feature (bsc#1202131).
iwlwifi: remove redundant iwl_finish_nic_init() argument (bsc#1202131).
iwlwifi: remove unused DC2DC_CONFIG_CMD definitions (bsc#1202131).
iwlwifi: remove unused iwlax210_2ax_cfg_so_hr_a0 structure (bsc#1202131).
iwlwifi: remove unused macros (bsc#1202131).
iwlwifi: rename CHANNEL_SWITCH_NOA_NOTIF to CHANNEL_SWITCH_START_NOTIF (bsc#1202131).
iwlwifi: rename GEO_TX_POWER_LIMIT to PER_CHAIN_LIMIT_OFFSET_CMD (bsc#1202131).
iwlwifi: rs: add support for TLC config command ver 4 (bsc#1202131).
iwlwifi: scan: Modify return value of a function (bsc#1202131).
iwlwifi: support 4-bits in MAC step value (bsc#1202131).
iwlwifi: support SAR GEO Offset Mapping override via BIOS (bsc#1202131).
iwlwifi: support new queue allocation command (bsc#1202131).
iwlwifi: swap 1650i and 1650s killer struct names (bsc#1202131).
iwlwifi: tlc: Add logs in rs_fw_rate_init func to print TLC configuration (bsc#1202131).
iwlwifi: use 4k queue size for Bz A-step (bsc#1202131).
iwlwifi: yoyo: Avoid using dram data if allocation failed (bsc#1202131).
iwlwifi: yoyo: add IMR DRAM dump support (bsc#1202131).
iwlwifi: yoyo: disable IMR DRAM region if IMR is disabled (bsc#1202131).
iwlwifi: yoyo: dump IMR DRAM only for HW and FW error (bsc#1202131).
iwlwifi: yoyo: fix DBGC allocation flow (bsc#1202131).
iwlwifi: yoyo: fix DBGI_SRAM ini dump header (bsc#1202131).
iwlwifi: yoyo: fix issue with new DBGI_SRAM region read (bsc#1202131).
iwlwifi: yoyo: fw debug config from context info and preset (bsc#1202131).
iwlwifi: yoyo: send hcmd to fw after dump collection completes (bsc#1202131).
iwlwifi: yoyo: support TLV-based firmware reset (bsc#1202131).
iwlwifi: yoyo: support dump policy for the dump size (bsc#1202131).
iwlwifi: yoyo: support for DBGC4 for dram (bsc#1202131).
iwlwifi: yoyo: support for ROM usniffer (bsc#1202131).
jbd2: export jbd2_journal_[grab|put]_journal_head (bsc#1202775).
jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted (bsc#1202716).
jbd2: fix outstanding credits assert in jbd2_journal_commit_transaction() (bsc#1202715).
kABI: scsi: libiscsi: fix removal of iscsi_create_conn (bsc#1198410).
kabi/severities: add Qlogic qed symbols
kabi/severities: add drivers/scsi/hisi_sas for bsc#1202471
kabi/severities: add hisilicon hns3 symbols
kabi/severities: add microchip dsa drivers
kabi/severities: ignore kABI changes in mwifiex drivers Those symbols are used only locally in mwifiex (sub-)modules.
kabi/severities: octeontx2 driver (jsc#SLE-24682)
kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (git-fixes).
kbuild: fix the modules order between drivers and libs (git-fixes).
kbuild: link vmlinux only once for CONFIG_TRIM_UNUSED_KSYMS (2nd attempt) (git-fixes).
kcm: fix strp_init() order and cleanup (git-fies).
kernel-binary: move @NOSOURCE@ to @SOURCES@ as in other packages
kernel-source: include the kernel signature file We assume that the upstream tarball is used for released kernels. Then we can also include the signature file and keyring in the kernel-source src.rpm. Because of mkspec code limitation exclude the signature and keyring from binary packages always - mkspec does not parse spec conditionals.
kfifo: fix kfifo_to_user() return type (git-fixes).
lib/list_debug.c: Detect uninitialized lists (git-fixes).
lib/raid6/test: fix multiple definition linking error (git-fixes).
lib/smp_processor_id: fix imbalanced instrumentation_end() call (git-fixes).
lkdtm: Disable return thunks in rodata.c (bsc#1190497).
locking/lockdep: Fix lockdep_init_map_*() confusion (git-fixes).
loop: Check for overflow while configuring loop (git-fies).
mac80211: fix a memory leak where sta_info is not freed (git-fixes).
mac80211: introduce channel switch disconnect function (bsc#1202131).
marvell: octeontx2: build error: unknown type name 'u64' (jsc#SLE-24682).
mbcache: add functions to delete entry if unused (bsc#1198971).
mbcache: do not reclaim used entries (bsc#1198971).
md/bitmap: do not set sb values if can't pass sanity check (bsc#1197158).
md/raid0: Ignore RAID0 layout if the second zone has only one device (git-fixes).
md/raid1: fix missing bitmap update w/o WriteMostly devices (bsc#1203036).
media: [PATCH] pci: atomisp_cmd: fix three missing checks on list iterator (git-fixes).
media: atmel: atmel-sama7g5-isc: fix warning in configs without OF (git-fixes).
media: cedrus: h265: Fix flag name (git-fixes).
media: cedrus: hevc: Add check for invalid timestamp (git-fixes).
media: driver/nxp/imx-jpeg: fix a unexpected return value problem (git-fixes).
media: hantro: postproc: Fix motion vector space size (git-fixes).
media: hdpvr: fix error value returns in hdpvr_read (git-fixes).
media: hevc: Embedded indexes in RPS (git-fixes).
media: imx-jpeg: Add pm-runtime support for imx-jpeg (git-fixes).
media: imx-jpeg: use NV12M to represent non contiguous NV12 (git-fixes).
media: pvrusb2: fix memory leak in pvr_probe (git-fixes).
media: tw686x: Fix memory leak in tw686x_video_init (git-fixes).
media: tw686x: Register the irq at the end of probe (git-fixes).
media: v4l2-mem2mem: prevent pollerr when last_buffer_dequeued is set (git-fixes).
mediatek: mt76: eeprom: fix missing of_node_put() in mt76_find_power_limits_node() (git-fixes).
mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init() (git-fixes).
memstick/ms_block: Fix a memory leak (git-fixes).
memstick/ms_block: Fix some incorrect memory allocation (git-fixes).
meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init (git-fixes).
mfd: max77620: Fix refcount leak in max77620_initialise_fps (git-fixes).
mfd: t7l66xb: Drop platform disable callback (git-fixes).
misc: fastrpc: fix memory corruption on open (git-fixes).
misc: fastrpc: fix memory corruption on probe (git-fixes).
misc: rtsx: Fix an error handling path in rtsx_pci_probe() (git-fixes).
mkspec: eliminate @NOSOURCE@ macro This should be alsways used with @SOURCES@, just include the content there.
mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse (git-fixes). kABI: Fix kABI after 'mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse' (git-fixes).
mm/rmap: Fix anon_vma-degree ambiguity leading to double-reuse (git-fixes, bsc#1203098).
mm: bdi: initialize bdi_min_ratio when bdi is unregistered (bsc#1197763).
mm: memcontrol: fix potential oom_lock recursion deadlock (bsc#1202447).
mm: pagewalk: Fix race between unmap and page walker (git-fixes, bsc#1203159).
mmc: block: Add single read for 4k sector cards (git-fixes).
mmc: cavium-octeon: Add of_node_put() when breaking out of loop (git-fixes).
mmc: cavium-thunderx: Add of_node_put() when breaking out of loop (git-fixes).
mmc: core: Fix UHS-I SD 1.8V workaround branch (git-fixes).
mmc: meson-gx: Fix an error handling path in meson_mmc_probe() (git-fixes).
mmc: mxcmmc: Silence a clang warning (git-fixes).
mmc: pxamci: Fix an error handling path in pxamci_probe() (git-fixes).
mmc: pxamci: Fix another error handling path in pxamci_probe() (git-fixes).
mmc: renesas_sdhi: Get the reset handle early in the probe (git-fixes).
mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R (git-fixes).
mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch (git-fixes).
mmc: tmio: avoid glitches when resetting (git-fixes).
mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg (git-fixes).
mt76: mt7921: enlarge maximum VHT MPDU length to 11454 (git-fixes).
mt76: mt7921: fix aggregation subframes setting to HE max (git-fixes).
mtd: dataflash: Add SPI ID table (git-fixes).
mtd: maps: Fix refcount leak in ap_flash_init (git-fixes).
mtd: maps: Fix refcount leak in of_flash_probe_versatile (git-fixes).
mtd: parsers: ofpart: Fix refcount leak in bcm4908_partitions_fw_offset (git-fixes).
mtd: partitions: Fix refcount leak in parse_redboot_of (git-fixes).
mtd: rawnand: arasan: Fix clock rate in NV-DDR (git-fixes).
mtd: rawnand: gpmi: Set WAIT_FOR_READY timeout based on program/erase times (git-fixes).
mtd: rawnand: meson: Fix a potential double free issue (git-fixes).
mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release (git-fixes).
mtd: spi-nor: fix spi_nor_spimem_setup_op() call in spi_nor_erase_{sector,chip}() (git-fixes).
mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path (git-fixes).
musb: fix USB_MUSB_TUSB6010 dependency (git-fixes).
mwifiex: Ignore BTCOEX events from the 88W8897 firmware (git-fixes).
n_gsm: remove unused parameters from gsm_error() (git-fixes).
net: asix: fix 'can't send until first packet is send' issue (git-fixes).
net: bcmgenet: Use stronger register read/writes to assure ordering (git-fixes).
net: dsa: b53: Add SPI ID table (git-fixes).
net: dsa: felix: Fix memory leak in felix_setup_mmio_filtering (git-fixes).
net: dsa: felix: purge skb from TX timestamping queue if it cannot be sent (git-fies).
net: dsa: hellcreek: Add STP forwarding rule (git-fixes).
net: dsa: hellcreek: Add missing PTP via UDP rules (git-fixes).
net: dsa: hellcreek: Allow PTP P2P measurements on blocked ports (git-fixes).
net: dsa: hellcreek: Fix insertion of static FDB entries (git-fixes).
net: dsa: microchip: implement multi-bridge support (git-fixes).
net: dsa: mv88e6xxx: Add fix for erratum 5.2 of 88E6393X family (git-fixes).
net: dsa: mv88e6xxx: Drop unnecessary check in mv88e6393x_serdes_erratum_4_6() (git-fixes).
net: dsa: mv88e6xxx: Enable port policy support on 6097 (git-fixes).
net: dsa: mv88e6xxx: Fix application of erratum 4.8 for 88E6393X (git-fixes).
net: dsa: mv88e6xxx: Fix inband AN for 2500base-x on 88E6393X family (git-fixes).
net: dsa: mv88e6xxx: Link in pcs_get_state() if AN is bypassed (git-fixes).
net: dsa: mv88e6xxx: Save power by disabling SerDes trasmitter and receiver (git-fixes).
net: dsa: mv88e6xxx: Unforce speed & duplex in mac_link_down() (git-fixes).
net: dsa: mv88e6xxx: allow use of PHYs on CPU and DSA ports (git-fixes).
net: dsa: mv88e6xxx: error handling for serdes_power functions (git-fixes).
net: dsa: mv88e6xxx: fix 'do not use PHY_DETECT on internal PHY's' (git-fixes).
net: dsa: ocelot: seville: utilize of_mdiobus_register (git-fixes).
net: dsa: qca8k: fix MTU calculation (git-fixes).
net: dsa: seville: register the mdiobus under devres (git-fixes).
net: dsa: tag_ocelot_8021q: break circular dependency with ocelot switch lib (git-fies).
net: enetc: report software timestamping via SO_TIMESTAMPING (git-fixes).
net: hns3: clean residual vf config after disable sriov (git-fixes).
net: macsec: fix potential resource leak in macsec_add_rxsa() and macsec_add_txsa() (git-fixes).
net: marvell: prestera: fix incorrect structure access (git-fixes).
net: mscc: ocelot: correctly report the timestamping RX filters in ethtool (git-fixes).
net: mscc: ocelot: create a function that replaces an existing VCAP filter (git-fixes).
net: mscc: ocelot: do not dereference NULL pointers with shared tc filters (git-fixes).
net: mscc: ocelot: do not downgrade timestamping RX filters in SIOCSHWTSTAMP (git-fixes).
net: mscc: ocelot: fix incorrect balancing with down LAG ports (git-fixes).
net: mscc: ocelot: set up traps for PTP packets (git-fixes).
net: openvswitch: do not send internal clone attribute to the userspace (git-fixes).
net: openvswitch: fix leak of nested actions (git-fixes).
net: openvswitch: fix misuse of the cached connection on tuple changes (git-fixes).
net: openvswitch: fix parsing of nw_proto for IPv6 fragments (git-fixes).
net: phy: Do not WARN for PHY_READY state in mdio_bus_phy_resume() (git-fixes).
net: phy: Warn about incorrect mdio_bus_phy_resume() state (git-fixes).
net: phy: smsc: Disable Energy Detect Power-Down in interrupt mode (git-fixes).
net: ptp: add a definition for the UDP port for IEEE 1588 general messages (git-fixes).
net: rose: fix netdev reference changes (git-fixes).
net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale pointer (git-fixes).
net: stmmac: clean up impossible condition (git-fixes).
net: stmmac: disable Split Header (SPH) for Intel platforms (bsc#1194904).
net: stmmac: dwc-qos: Disable split header for Tegra194 (bsc#1194904).
net: stmmac: fix off-by-one error in sanity check (git-fixes).
net: usb: ax88179_178a needs FLAG_SEND_ZLP (git-fixes).
net: usb: ax88179_178a: add Allied Telesis AT-UMCs (git-fixes).
net: usb: make USB_RTL8153_ECM non user configurable (git-fixes).
net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() (bsc#1200431).
net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() (bsc#1200431).
net: vmxnet3: remove multiple false checks in vmxnet3_ethtool.c (bsc#1200431).
net:enetc: allocate CBD ring data memory using DMA coherent methods (git-fixes).
net_sched: cls_route: disallow handle of 0 (bsc#1202393).
nfc: pn533: Fix use-after-free bugs caused by pn532_cmd_timeout (git-fixes).
nfsd: fix use-after-free due to delegation race (git-fixes).
nmi: Extend NMI watchdog's timer during LPM (bsc#1202872 ltc#197920).
nohz/full, sched/rt: Fix missed tick-reenabling bug in dequeue_task_rt() (bnc#1189999 (Scheduler functional and performance backports)).
nouveau: explicitly wait on the fence in nouveau_bo_move_m2mf (git-fies).
ntb_hw_amd: Add NTB PCI ID for new gen CPU (bsc#1202113).
nvme-auth: align to pre-upstream FFDHE implementation (bsc#1202265).
nvme-fabrics: parse nvme connect Linux error codes (bsc#1201865).
nvme-rdma: Handle number of queue changes (bsc#1201865).
nvme-tcp: Handle number of queue changes (bsc#1201865).
nvme-tcp: fix UAF when detecting digest errors (bsc#1200313 bsc#1201489).
nvme: fix RCU hole that allowed for endless looping in multipath round robin (bsc#1202636).
nvmet: Expose max queues to configfs (bsc#1201865).
ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock (bsc#1202778).
ocfs2: fix a deadlock when commit trans (bsc#1202776).
octeontx2-af: Add KPU changes to parse NGIO as separate layer (jsc#SLE-24682).
octeontx2-af: Add PTP device id for CN10K and 95O silcons (jsc#SLE-24682).
octeontx2-af: Add SDP interface support (jsc#SLE-24682).
octeontx2-af: Add debug messages for failures (jsc#SLE-24682).
octeontx2-af: Add external ptp input clock (jsc#SLE-24682).
octeontx2-af: Add free rsrc count mbox msg (jsc#SLE-24682).
octeontx2-af: Add mbox to retrieve bandwidth profile free count (jsc#SLE-24682).
octeontx2-af: Add support to flush full CPT CTX cache (jsc#SLE-24682).
octeontx2-af: Adjust LA pointer for cpt parse header (jsc#SLE-24682).
octeontx2-af: Allocate low priority entries for PF (jsc#SLE-24682).
octeontx2-af: Allow to configure flow tag LSB byte as RSS adder (jsc#SLE-24682).
octeontx2-af: Change the order of queue work and interrupt disable (jsc#SLE-24682).
octeontx2-af: Do not enable Pause frames by default (jsc#SLE-24682).
octeontx2-af: Enable CPT HW interrupts (jsc#SLE-24682).
octeontx2-af: Enhance mailbox trace entry (jsc#SLE-24682).
octeontx2-af: Fix LBK backpressure id count (jsc#SLE-24682).
octeontx2-af: Fix inconsistent license text (jsc#SLE-24682).
octeontx2-af: Fix interrupt name strings (jsc#SLE-24682).
octeontx2-af: Fix spelling mistake 'Makesure' -> 'Make sure' (jsc#SLE-24682).
octeontx2-af: Fix uninitialized variable val (jsc#SLE-24682).
octeontx2-af: Flow control resource management (jsc#SLE-24682).
octeontx2-af: Handle return value in block reset (jsc#SLE-24682).
octeontx2-af: Hardware configuration for inline IPsec (jsc#SLE-24682).
octeontx2-af: Increase link credit restore polling timeout (jsc#SLE-24682).
octeontx2-af: Increase number of reserved entries in KPU (jsc#SLE-24682).
octeontx2-af: Increment ptp refcount before use (jsc#SLE-24682).
octeontx2-af: Limit KPU parsing for GTPU packets (jsc#SLE-24682).
octeontx2-af: Modify install flow error codes (jsc#SLE-24682).
octeontx2-af: Optimize KPU1 processing for variable-length headers (jsc#SLE-24682).
octeontx2-af: Perform cpt lf teardown in non FLR path (jsc#SLE-24682).
octeontx2-af: Priority flow control configuration support (jsc#SLE-24682).
octeontx2-af: Remove channel verification while installing MCAM rules (jsc#SLE-24682).
octeontx2-af: Remove redundant initialization of variable blkaddr (jsc#SLE-24682).
octeontx2-af: Remove redundant initialization of variable pin (jsc#SLE-24682).
octeontx2-af: Reset PTP config in FLR handler (jsc#SLE-24682).
octeontx2-af: Retry until RVU block reset complete (jsc#SLE-24682).
octeontx2-af: Use DMA_ATTR_FORCE_CONTIGUOUS attribute in DMA alloc (jsc#SLE-24682).
octeontx2-af: Use NDC TX for transmit packet data (jsc#SLE-24682).
octeontx2-af: Use ptp input clock info from firmware data (jsc#SLE-24682).
octeontx2-af: Wait for TX link idle for credits change (jsc#SLE-24682).
octeontx2-af: add proper return codes for AF mailbox handlers (jsc#SLE-24682).
octeontx2-af: cn10K: Get NPC counters value (jsc#SLE-24682).
octeontx2-af: cn10K: support for sched lmtst and other features (jsc#SLE-24682).
octeontx2-af: cn10k: DWRR MTU configuration (jsc#SLE-24682).
octeontx2-af: cn10k: RPM hardware timestamp configuration (jsc#SLE-24682).
octeontx2-af: cn10k: Set cache lines for NPA batch alloc (jsc#SLE-24682).
octeontx2-af: cn10k: Use appropriate register for LMAC enable (jsc#SLE-24682).
octeontx2-af: cn10k: add workaround for ptp errata (jsc#SLE-24682).
octeontx2-af: cn10k: debugfs for dumping LMTST map table (jsc#SLE-24682).
octeontx2-af: configure npc for cn10k to allow packets from cpt (jsc#SLE-24682).
octeontx2-af: debugfs: Add channel and channel mask (jsc#SLE-24682).
octeontx2-af: debugfs: Minor changes (jsc#SLE-24682).
octeontx2-af: debugfs: do not corrupt user memory (jsc#SLE-24682).
octeontx2-af: debugfs: fix error return of allocations (jsc#SLE-24682).
octeontx2-af: enable tx shaping feature for 96xx C0 (jsc#SLE-24682).
octeontx2-af: fix array bound error (jsc#SLE-24682).
octeontx2-af: fix error code in is_valid_offset() (jsc#SLE-24682).
octeontx2-af: initialize action variable (jsc#SLE-24682).
octeontx2-af: nix and lbk in loop mode in 98xx (jsc#SLE-24682).
octeontx2-af: remove redudant second error check on variable err (jsc#SLE-24682).
octeontx2-af: use swap() to make code cleaner (jsc#SLE-24682).
octeontx2-af: verify CQ context updates (jsc#SLE-24682).
octeontx2-nic: fix mixed module build (jsc#SLE-24682).
octeontx2-nicvf: Add PTP hardware clock support to NIX VF (jsc#SLE-24682).
octeontx2-nicvf: Free VF PTP resources (jsc#SLE-24682).
octeontx2-pf: Add TC feature for VFs (jsc#SLE-24682).
octeontx2-pf: Add XDP support to netdev PF (jsc#SLE-24682).
octeontx2-pf: Add check for non zero mcam flows (jsc#SLE-24682).
octeontx2-pf: Add support for adaptive interrupt coalescing (jsc#SLE-24682).
octeontx2-pf: Add vlan-etype to ntuple filters (jsc#SLE-24682).
octeontx2-pf: Allow VLAN priority also in ntuple filters (jsc#SLE-24682).
octeontx2-pf: CN10K: Hide RPM stats over ethtool (jsc#SLE-24682).
octeontx2-pf: Do not mask out supported link modes (jsc#SLE-24682).
octeontx2-pf: Enable NETIF_F_RXALL support for VF driver (jsc#SLE-24682).
octeontx2-pf: Fix inconsistent license text (jsc#SLE-24682).
octeontx2-pf: Ntuple filters support for VF netdev (jsc#SLE-24682).
octeontx2-pf: PFC config support with DCBx (jsc#SLE-24682).
octeontx2-pf: Remove unnecessary synchronize_irq() before free_irq() (jsc#SLE-24682).
octeontx2-pf: Simplify the receive buffer size calculation (jsc#SLE-24682).
octeontx2-pf: Sort the allocated MCAM entry indices (jsc#SLE-24682).
octeontx2-pf: Unify flow management variables (jsc#SLE-24682).
octeontx2-pf: Use hardware register for CQE count (jsc#SLE-24682).
octeontx2-pf: cn10K: Reserve LMTST lines per core (jsc#SLE-24682).
octeontx2-pf: cn10k: Config DWRR weight based on MTU (jsc#SLE-24682).
octeontx2-pf: cn10k: Ensure valid pointers are freed to aura (jsc#SLE-24682).
octeontx2-pf: cn10k: add support for new ptp timestamp format (jsc#SLE-24682).
octeontx2-pf: devlink params support to set mcam entry count (jsc#SLE-24682).
octeontx2-pf: replace bitmap_weight with bitmap_empty where appropriate (jsc#SLE-24682).
octeontx2-pf: select CONFIG_NET_DEVLINK (jsc#SLE-24682).
octeontx2-vf: Add support for adaptive interrupt coalescing (jsc#SLE-24682).
octeontx2: Move devlink registration to be last devlink command (jsc#SLE-24682).
openvswitch: Fix setting ipv6 fields causing hw csum failure (git-fixes).
openvswitch: Fixed nd target mask field in the flow dump (git-fixes).
pci: Add support for ACPI RST reset method (jsc#SLE-19359 jsc#SLE-24572).
perf bench futex: Fix memory leak of perf_cpu_map__new() (git-fixes).
phy: samsung: phy-exynos-pcie: sanitize init/power_on callbacks (git-fixes).
phy: stm32: fix error return in stm32_usbphyc_phy_init (git-fixes).
pinctrl: amd: Do not save/restore interrupt status and wake status bits (git-fixes).
pinctrl: intel: Check against matching data instead of ACPI companion (git-fixes).
pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map (git-fixes).
pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed (git-fixes).
pinctrl: qcom: sm8250: Fix PDC map (git-fixes).
pinctrl: sunxi: Add I/O bias setting for H6 R-PIO (git-fixes).
platform/chrome: cros_ec: Always expose last resume result (git-fixes).
platform/chrome: cros_ec_proto: do not show MKBP version if unsupported (git-fixes).
platform/olpc: Fix uninitialized data in debugfs write (git-fixes).
platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask (git-fixes).
platform/x86: pmc_atom: Match all Lex BayTrail boards with critclk_systems DMI table (git-fixes).
powerpc/perf: Optimize clearing the pending PMI and remove WARN_ON for PMI check in power_pmu_disable (bsc#1156395).
powerpc/powernv/kvm: Use darn for H_RANDOM on Power9 (bsc#1065729).
powerpc/powernv: Avoid crashing if rng is NULL (bsc#1065729).
powerpc/powernv: delay rng platform device creation until later in boot (bsc#1065729).
powerpc/powernv: rename remaining rng powernv_ functions to pnv_ (bsc#1065729).
powerpc/powernv: wire up rng during setup_arch (bsc#1065729).
powerpc/pseries: wire up rng during setup_arch() (bsc#1065729).
powerpc/xive: Fix refcount leak in xive_get_max_prio (git-fixess).
powerpc: Avoid discarding flags in system_call_exception() (bsc#1194869).
powerpc: Enable execve syscall exit tracepoint (bsc#1065729).
powerpc: powernv: kABI: add back powernv_get_random_long (bsc#1065729).
proc: fix a dentry lock race between release_task and lookup (git-fixes).
proc: fix dentry/inode overinstantiating under /proc/${pid}/net (git-fixes).
profiling: fix shift too large makes kernel panic (git-fixes).
pwm: lpc18xx-sct: Reduce number of devm memory allocations (git-fixes).
pwm: lpc18xx-sct: Simplify driver by not using pwm_[gs]et_chip_data() (git-fixes).
pwm: lpc18xx: Fix period handling (git-fixes).
qed: validate and restrict untrusted VFs vlan promisc mode (git-fixes).
r8152: fix the RX FIFO settings when suspending (git-fixes).
r8152: fix the units of some registers for RTL8156A (git-fixes).
random: remove useless header comment (git-fixes).
ratelimit: Fix data-races in ___ratelimit() (git-fixes).
regulator: of: Fix refcount leak bug in of_get_regulation_constraints() (git-fixes).
regulator: pca9450: Remove restrictions for regulator-name (git-fixes).
regulator: qcom_smd: Fix pm8916_pldo range (git-fixes).
remoteproc: imx_rproc: Fix refcount leak in imx_rproc_addr_init (git-fixes).
remoteproc: k3-r5: Fix refcount leak in k3_r5_cluster_of_init (git-fixes).
remoteproc: qcom: pas: Check if coredump is enabled (git-fixes).
remoteproc: qcom: pas: Mark devices as wakeup capable (git-fixes).
remoteproc: qcom: q6v5-mss: add powerdomains to MSM8996 config (git-fixes).
remoteproc: qcom: wcnss: Fix handling of IRQs (git-fixes).
remoteproc: sysmon: Wait for SSCTL service to come up (git-fixes).
rose: check NULL rose_loopback_neigh->loopback (git-fixes).
rpm/kernel-binary.spec.in: move vdso to a separate package (bsc#1202385) We do the move only on 15.5+.
rpm/kernel-binary.spec.in: simplify find for usrmerged The type test and print line are the same for both cases. The usrmerged case only ignores more, so refactor it to make it more obvious.
rpm/kernel-source.spec.in: simplify finding of broken symlinks 'find -xtype l' will report them, so use that to make the search a bit faster (without using shell).
rpm: Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019).
rpmsg: char: Add mutex protection for rpmsg_eptdev_open() (git-fixes).
rpmsg: mtk_rpmsg: Fix circular locking dependency (git-fixes).
rpmsg: qcom_smd: Fix refcount leak in qcom_smd_parse_edge (git-fixes).
s390/cpumf: Handle events cycles and instructions identical (git-fixes).
s390/crash: fix incorrect number of bytes to copy to user space (git-fixes).
s390/crash: make copy_oldmem_page() return number of bytes copied (git-fixes).
s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages (git-fixes).
s390/hypfs: avoid error message under KVM (bsc#1032323).
s390/kexec: handle R_390_PLT32DBL rela in arch_kexec_apply_relocations_add() (git-fixes).
s390/mm: do not trigger write fault when vma does not allow VM_WRITE (git-fixes).
s390/mm: use non-quiescing sske for KVM switch to keyed guest (git-fixes).
s390/qeth: cache link_info for ethtool (bsc#1202262 LTC#199322).
s390/stp: clock_delta should be signed (git-fixes).
s390/zcore: fix race when reading from hardware system area (git-fixes).
sched/core: Always flush pending blk_plug (bnc#1189999 (Scheduler functional and performance backports)).
sched/core: Do not requeue task on CPU excluded from cpus_mask (bnc#1199356).
sched/deadline: Fix BUG_ON condition for deboosted tasks (git-fixes)
sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq (bnc#1189999 (Scheduler functional and performance backports)).
sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq -kabi (git fixes (sched/fair)).
sched/fair: Remove redundant word ' *' (bnc#1189999 (Scheduler functional and performance backports)).
sched/uclamp: Fix iowait boost escaping uclamp restriction (git-fixes)
sched/uclamp: Fix rq->uclamp_max not set on first enqueue (git-fixes)
sched: Allow newidle balancing to bail out of load_balance (bnc#1189999 (Scheduler functional and performance backports)).
sched: Fix the check of nr_running at queue wakelist (bnc#1189999 (Scheduler functional and performance backports)).
sched: Remove the limitation of WF_ON_CPU on wakelist if wakee cpu is idle (bnc#1189999 (Scheduler functional and performance backports)). Refresh
sched: Remove unused function group_first_cpu() (bnc#1189999).
scripts/faddr2line: Fix vmlinux detection on arm64 (git-fixes).
scsi: hisi_sas: Keep controller active between ISR of phyup and the event being processed (bsc#1202471).
scsi: hisi_sas: Use autosuspend for the host controller (bsc#1202471).
scsi: libiscsi: Add iscsi_cls_conn to sysfs after initialization (bsc#1198410).
scsi: lpfc: Add warning notification period to CMF_SYNC_WQE (bsc#1203063).
scsi: lpfc: Check the return value of alloc_workqueue() (bsc#1203063).
scsi: lpfc: Copyright updates for 14.2.0.5 patches (bsc#1201956).
scsi: lpfc: Copyright updates for 14.2.0.6 patches (bsc#1203063).
scsi: lpfc: Fix attempted FA-PWWN usage after feature disable (bsc#1201956).
scsi: lpfc: Fix lost NVMe paths during LIF bounce stress test (bsc#1201956).
scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFT_ID (bsc#1203063).
scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE (bsc#1201956).
scsi: lpfc: Fix uninitialized cqe field in lpfc_nvme_cancel_iocb() (bsc#1201956).
scsi: lpfc: Fix unsolicited FLOGI receive handling during PT2PT discovery (bsc#1203063).
scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input (bsc#1201956).
scsi: lpfc: Refactor lpfc_nvmet_prep_abort_wqe() into lpfc_sli_prep_abort_xri() (bsc#1201956).
scsi: lpfc: Remove Menlo/Hornet related code (bsc#1201956).
scsi: lpfc: Remove SANDiags related code (bsc#1203063).
scsi: lpfc: Remove extra atomic_inc on cmd_pending in queuecommand after VMID (bsc#1201956).
scsi: lpfc: Revert RSCN_MEMENTO workaround for misbehaved configuration (bsc#1201956).
scsi: lpfc: Rework MIB Rx Monitor debug info logic (bsc#1203063).
scsi: lpfc: Set PU field when providing D_ID in XMIT_ELS_RSP64_CX iocb (bsc#1201956).
scsi: lpfc: Update lpfc version to 14.2.0.5 (bsc#1201956).
scsi: lpfc: Update lpfc version to 14.2.0.6 (bsc#1203063).
scsi: mpt3sas: Stop fw fault watchdog work item during system shutdown (git-fixes).
scsi: sg: Allow waiting for commands to complete on removed device (git-fixes).
scsi: smartpqi: Fix DMA direction for RAID requests (git-fixes).
scsi: ufs: core: Fix another task management completion race (git-fixes).
scsi: ufs: core: Fix task management completion timeout race (git-fixes).
scsi: zfcp: Fix missing auto port scan and thus missing target ports (git-fixes).
selftests/seccomp: Fix compile warning when CC=clang (git-fixes).
selftests: kvm: set rax before vmcall (git-fixes).
selftests: timers: clocksource-switch: fix passing errors from child (git-fixes).
selftests: timers: valid-adjtimex: build fix for newer toolchains (git-fixes).
selinux: Add boundary check in put_entry() (git-fixes).
selinux: access superblock_security_struct in LSM blob way (git-fixes).
selinux: check return value of sel_make_avc_files (git-fixes).
selinux: fix bad cleanup on error in hashtab_duplicate() (git-fixes).
selinux: fix double free of cond_list on error paths (git-fixes).
selinux: fix memleak in security_read_state_kernel() (git-fixes).
selinux: fix misuse of mutex_is_locked() (git-fixes).
selinux: use correct type for context length (git-fixes).
serial: 8250: Add proper clock handling for OxSemi PCIe devices (git-fixes).
serial: 8250: Export ICR access helpers for internal use (git-fixes).
serial: 8250: Fold EndRun device support into OxSemi Tornado code (git-fixes).
serial: 8250_bcm7271: Save/restore RTS in suspend/resume (git-fixes).
serial: 8250_dw: Store LSR into lsr_saved_flags in dw8250_tx_wait_empty() (git-fixes).
serial: 8250_fsl: Do not report FE, PE and OE twice (git-fixes).
serial: 8250_pci: Refactor the loop in pci_ite887x_init() (git-fixes).
serial: 8250_pci: Replace dev_*() by pci_*() macros (git-fixes).
serial: fsl_lpuart: RS485 RTS polariy is inverse (git-fixes).
serial: mvebu-uart: uart2 error bits clearing (git-fixes).
soc: amlogic: Fix refcount leak in meson-secure-pwrc.c (git-fixes).
soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs (git-fixes).
soc: fsl: guts: machine variable might be unset (git-fixes).
soc: fsl: select FSL_GUTS driver for DPIO (git-fixes).
soc: imx: gpcv2: Assert reset before ungating clock (git-fixes).
soc: qcom: Make QCOM_RPMPD depend on PM (git-fixes).
soc: qcom: aoss: Fix refcount leak in qmp_cooling_devices_register (git-fixes).
soc: qcom: ocmem: Fix refcount leak in of_get_ocmem (git-fixes).
soc: renesas: r8a779a0-sysc: Fix A2DP1 and A2CV[2357] PDR values (git-fixes).
soundwire: bus_type: fix remove and shutdown support (git-fixes).
soundwire: qcom: Check device status before reading devid (git-fixes).
soundwire: qcom: fix device status array range (git-fixes).
spi: Fix incorrect cs_setup delay handling (git-fixes).
spi: Fix simplification of devm_spi_register_controller (git-fixes).
spi: dt-bindings: cadence: add missing 'required' (git-fixes).
spi: dt-bindings: zynqmp-qspi: add missing 'required' (git-fixes).
spi: meson-spicc: add local pow2 clock ops to preserve rate between messages (git-fixes).
spi: spi-altera-dfl: Fix an error handling path (git-fixes).
spi: spi-rspi: Fix PIO fallback on RZ platforms (git-fixes).
spi: synquacer: Add missing clk_disable_unprepare() (git-fixes).
spi: tegra20-slink: fix UAF in tegra_slink_remove() (git-fixes).
spmi: trace: fix stack-out-of-bound access in SPMI tracing functions (git-fixes).
staging: rtl8192u: Fix sleep in atomic context bug in dm_fsync_timer_callback (git-fixes).
staging: rtl8712: fix use after free bugs (git-fixes).
supported.conf: added drivers/net/ethernet/marvell/octeontx2/nic/otx2_ptp and changed all octeontx2 modules as supported (jsc#SLE-24682)
supported.conf: mark lib/objagg supported as dependency of mlxsw
supported.conf: mark mlxsw modules supported (jsc#SLE-23766)
thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR (bsc#1201308).
thermal/tools/tmon: Include pthread and time headers in tmon.h (git-fixes).
thermal: sysfs: Fix cooling_device_stats_setup() error code path (git-fixes).
thunderbolt: Use the actual buffer in tb_async_error() (git-fixes).
tools/thermal: Fix possible path truncations (git-fixes).
tpm: eventlog: Fix section mismatch for DEBUG_SECTION_MISMATCH (git-fixes).
trace/osnoise: Add migrate-disabled field to the osnoise header (git-fixes).
trace/timerlat: Add migrate-disabled field to the timerlat header (git-fixes).
tracing/histograms: Fix memory leak problem (git-fixes).
tracing/kprobes: Check whether get_kretprobe() returns NULL in kretprobe_dispatcher() (git-fixes).
tracing/probes: Have kprobes and uprobes use $COMM too (git-fixes).
tracing: Add ustring operation to filtering string pointers (git-fixes).
tracing: Fix sleeping while atomic in kdb ftdump (git-fixes).
tracing: Have filter accept 'common_cpu' to be consistent (git-fixes).
tracing: Use a struct alignof to determine trace event field alignment (git-fixes).
tty: 8250: Add support for Brainboxes PX cards (git-fixes).
tty: n_gsm: Modify CR,PF bit printk info when config requester (git-fixes).
tty: n_gsm: Modify cr bit value when config requester (git-fixes).
tty: n_gsm: Modify gsmtty driver register method when config requester (git-fixes).
tty: n_gsm: add sanity check for gsm->receive in gsm_receive_buf() (git-fixes).
tty: n_gsm: avoid call of sleeping functions from atomic context (git-fixes).
tty: n_gsm: clean up dead code in gsm_queue() (git-fixes).
tty: n_gsm: clean up implicit CR bit encoding in address field (git-fixes).
tty: n_gsm: clean up indenting in gsm_queue() (git-fixes).
tty: n_gsm: fix DM command (git-fixes).
tty: n_gsm: fix broken virtual tty handling (git-fixes).
tty: n_gsm: fix deadlock and link starvation in outgoing data path (git-fixes).
tty: n_gsm: fix flow control handling in tx path (git-fixes).
tty: n_gsm: fix missing corner cases in gsmld_poll() (git-fixes).
tty: n_gsm: fix missing mux reset on config change at responder (git-fixes).
tty: n_gsm: fix missing timer to handle stalled links (git-fixes).
tty: n_gsm: fix non flow control frames during mux flow off (git-fixes).
tty: n_gsm: fix packet re-transmission without open control channel (git-fixes).
tty: n_gsm: fix race condition in gsmld_write() (git-fixes).
tty: n_gsm: fix resource allocation order in gsm_activate_mux() (git-fixes).
tty: n_gsm: fix tty registration before control channel open (git-fixes).
tty: n_gsm: fix user open not possible at responder until initiator open (git-fixes).
tty: n_gsm: fix wrong T1 retry count handling (git-fixes).
tty: n_gsm: fix wrong queuing behavior in gsm_dlci_data_output() (git-fixes).
tty: n_gsm: initialize more members at gsm_alloc_mux() (git-fixes).
tty: n_gsm: replace kicktimer with delayed_work (git-fixes).
tty: serial: Fix refcount leak bug in ucc_uart.c (git-fixes).
tty: serial: fsl_lpuart: correct the count of break characters (git-fixes).
tty: serial: lpuart: disable flow control while waiting for the transmit engine to complete (git-fixes).
tty: vt: initialize unicode screen buffer (git-fixes).
udf: Fix crash after seekdir (bsc#1194592).
udmabuf: Set the DMA mask for the udmabuf device (v2) (git-fixes).
usb: aspeed-vhub: Fix refcount leak bug in ast_vhub_init_desc() (git-fixes).
usb: cdns3 fix use-after-free at workaround 2 (git-fixes).
usb: cdns3: Do not use priv_dev uninitialized in cdns3_gadget_ep_enable() (git-fixes).
usb: cdns3: change place of 'priv_ep' assignment in cdns3_gadget_ep_dequeue(), cdns3_gadget_ep_enable() (git-fixes).
usb: cdns3: fix incorrect handling TRB_SMM flag for ISOC transfer (git-fixes).
usb: cdns3: fix issue with rearming ISO OUT endpoint (git-fixes).
usb: cdns3: fix random warning message when driver load (git-fixes).
usb: dwc2: fix wrong order of phy_power_on and phy_init (git-fixes).
usb: dwc2: gadget: remove D+ pull-up while no vbus with usb-role-switch (git-fixes).
usb: dwc3: core: Deprecate GCTL.CORESOFTRESET (git-fixes).
usb: dwc3: core: Do not perform GCTL_CORE_SOFTRESET during bootup (git-fixes).
usb: dwc3: dwc3-qcom: Add missing platform_device_put() in dwc3_qcom_acpi_register_core (git-fixes).
usb: dwc3: dwc3-qcom: Fix typo in the dwc3 vbus override API (git-fixes).
usb: dwc3: gadget: Avoid duplicate requests to enable Run/Stop (git-fixes).
usb: dwc3: gadget: fix high speed multiplier setting (git-fixes).
usb: dwc3: gadget: refactor dwc3_repare_one_trb (git-fixes).
usb: dwc3: qcom: Add helper functions to enable,disable wake irqs (git-fixes).
usb: dwc3: qcom: fix missing optional irq warnings (git-fixes).
usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup (git-fixes).
usb: gadget: f_uac2: clean up some inconsistent indenting (git-fixes).
usb: gadget: f_uac2: fix superspeed transfer (git-fixes).
usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS (git-fixes).
usb: gadget: tegra-xudc: Fix error check in tegra_xudc_powerdomain_init() (git-fixes).
usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes).
usb: gadget: udc: amd5536 depends on HAS_DMA (git-fixes).
usb: gadget: uvc: call uvc uvcg_warn on completed status instead of uvcg_info (git-fixes).
usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe (git-fixes).
usb: host: ohci-ppc-of: Fix refcount leak bug (git-fixes).
usb: host: xhci: use snprintf() in xhci_decode_trb() (git-fixes).
usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe (git-fixes).
usb: renesas: Fix refcount leak bug (git-fixes).
usb: typec: altmodes/displayport: correct pin assignment for UFP receptacles (git-fixes).
usb: typec: tcpm: Return ENOTSUPP for power supply prop writes (git-fixes).
usb: typec: ucsi: Acknowledge the GET_ERROR_STATUS command completion (git-fixes).
usb: xhci: tegra: Fix error check (git-fixes).
usbnet: Fix linkwatch use-after-free on disconnect (git-fixes).
usbnet: smsc95xx: Avoid link settings race on interrupt reception (git-fixes).
usbnet: smsc95xx: Do not clear read-only PHY interrupt (git-fixes).
usbnet: smsc95xx: Fix deadlock on runtime resume (git-fixes).
usbnet: smsc95xx: Forward PHY interrupts to PHY driver to avoid polling (git-fixes).
vboxguest: Do not use devm for irq (git-fixes).
vdpa_sim: avoid putting an uninitialized iova_domain (git-fixes).
venus: pm_helpers: Fix warning in OPP during probe (git-fixes).
vfio/ccw: Do not change FSM state in subchannel event (git-fixes).
vfio/ccw: Remove UUID from s390 debug log (git-fixes).
vfio: Clear the caps->buf to NULL after free (git-fixes).
video: fbdev: amba-clcd: Fix refcount leak bugs (git-fixes).
video: fbdev: arkfb: Check the size of screen before memset_io() (git-fixes).
video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() (git-fixes).
video: fbdev: i740fb: Check the argument of i740_calc_vclk() (git-fixes).
video: fbdev: s3fb: Check the size of screen before memset_io() (git-fixes).
video: fbdev: sis: fix typos in SiS_GetModeID() (git-fixes).
video: fbdev: vt8623fb: Check the size of screen before memset_io() (git-fixes).
virtio-gpu: fix a missing check to avoid NULL dereference (git-fixes).
virtio-net: fix the race between refill work and close (git-fixes).
virtio_net: fix memory leak inside XPD_TX with mergeable (git-fixes).
vmxnet3: Implement ethtool's get_channels command (bsc#1200431).
vmxnet3: Record queue number to incoming packets (bsc#1200431).
vmxnet3: Remove useless DMA-32 fallback configuration (bsc#1200431).
vmxnet3: add command to set ring buffer sizes (bsc#1200431).
vmxnet3: add support for capability registers (bsc#1200431).
vmxnet3: add support for large passthrough BAR register (bsc#1200431).
vmxnet3: add support for out of order rx completion (bsc#1200431).
vmxnet3: disable overlay offloads if UPT device does not support (bsc#1200431).
vmxnet3: do not reschedule napi for rx processing (bsc#1200431).
vmxnet3: limit number of TXDs used for TSO packet (bsc#1200431).
vmxnet3: prepare for version 7 changes (bsc#1200431).
vmxnet3: switch from 'pci_' to 'dma_' API (bsc#1200431).
vmxnet3: update to version 7 (bsc#1200431).
vmxnet3: use ext1 field to indicate encapsulated packet (bsc#1200431).
vrf: do not run conntrack on vrf with !dflt qdisc (git-fixes).
vsock: Fix memory leak in vsock_connect() (git-fixes).
vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout() (git-fixes).
watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in armada_37xx_wdt_probe() (git-fixes).
watchdog: sp5100_tco: Fix a memory leak of EFCH MMIO resource (git-fixes).
wifi: cfg80211: debugfs: fix return type in ht40allow_map_read() (git-fixes).
wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes).
wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (git-fixes).
wifi: libertas: Fix possible refcount leak in if_usb_probe() (git-fixes).
wifi: mac80211: Do not finalize CSA in IBSS mode if state is disconnected (git-fixes).
wifi: mac80211: limit A-MSDU subframes for client too (git-fixes).
wifi: mac80211_hwsim: add back erroneously removed cast (git-fixes).
wifi: mac80211_hwsim: fix race condition in pending packet (git-fixes).
wifi: mac80211_hwsim: use 32-bit skb cookie (git-fixes).
wifi: p54: Fix an error handling path in p54spi_probe() (git-fixes).
wifi: p54: add missing parentheses in p54_flush() (git-fixes).
wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c() (git-fixes).
wifi: rtlwifi: remove always-true condition pointed out by GCC 12 (git-fies).
wifi: rtw88: check the return value of alloc_workqueue() (git-fixes).
wifi: rtw89: 8852a: rfk: fix div 0 exception (git-fixes).
wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() (git-fixes).
wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()` (git-fixes).
wireless: Remove redundant 'flush_workqueue()' calls (bsc#1202131).
x86/Hyper-V: Add SEV negotiate protocol support in Isolation VM (bsc#1190497).
x86/olpc: fix 'logical not is only applied to the left hand side' (git-fixes).
x86/retbleed: Add fine grained Kconfig knobs (bsc#1190497).
x86/sev: Define the Linux-specific guest termination reasons (bsc#1190497).
x86/sev: Save the negotiated GHCB version (bsc#1190497).
xen/gntdev: fix unmap notification order (git-fixes).
xen/privcmd: fix error exit of privcmd_ioctl_dm_op() (git-fixes).
xen/xenbus: fix return type in xenbus_file_read() (git-fixes).
xen: detect uninitialized xenbus in xenbus_init (git-fixes).
xen: do not continue xenstore initialization in case of errors (git-fixes).
xfs: Fix the free logic of state in xfs_attr_node_hasname (git-fixes).
xfs: check sb_meta_uuid for dabuf buffer recovery (git-fixes).
xfs: fix soft lockup via spinning in filestream ag selection loop (git-fixes).
xfs: fix use-after-free in xattr node block inactivation (git-fixes).
xfs: fold perag loop iteration logic into helper function (git-fixes).
xfs: make xfs_rtalloc_query_range input parameters const (git-fixes).
xfs: only bother with sync_filesystem during readonly remount (git-fixes).
xfs: prevent UAF in xfs_log_item_in_current_chkpt (git-fixes).
xfs: prevent a UAF when log IO errors race with unmount (git-fixes).
xfs: remove incorrect ASSERT in xfs_rename (git-fixes).
xfs: rename the next_agno perag iteration variable (git-fixes).
xfs: reorder iunlink remove operation in xfs_ifree (git-fixes).
xfs: revert 'xfs: actually bump warning counts when we send warnings' (git-fixes).
xfs: terminate perag iteration reliably on agcount (git-fixes).
xfs: use invalidate_lock to check the state of mmap_lock (git-fixes).
xfs: use kmem_cache_free() for kmem_cache objects (git-fixes).
xfs: use setattr_copy to set vfs inode attributes (git-fixes).

Advisory ID	SUSE-SU-2022:3292-1
Released	Fri Sep 16 17:06:20 2022
Summary	Security update for ruby2.5
Type	security
Severity	moderate
References	1193081,CVE-2021-41819

Description:

This update for ruby2.5 fixes the following issues:

CVE-2021-41819: Fixed cookie prefix spoofing in CGI::Cookie.parse (bsc#1193081).

Advisory ID	SUSE-SU-2022:3293-1
Released	Fri Sep 16 17:30:01 2022
Summary	Security update for the Linux Kernel
Type	security
Severity	important
References	1023051,1032323,1065729,1156395,1190497,1194592,1194869,1194904,1195480,1195917,1196616,1197158,1197391,1197755,1197756,1197757,1197763,1198410,1198971,1199086,1199364,1199670,1200313,1200431,1200465,1200544,1200845,1200868,1200869,1200870,1200871,1200872,1200873,1201019,1201308,1201427,1201442,1201455,1201489,1201610,1201675,1201725,1201768,1201940,1201956,1201958,1202096,1202097,1202113,1202131,1202154,1202262,1202265,1202312,1202346,1202347,1202385,1202393,1202447,1202471,1202558,1202564,1202623,1202636,1202672,1202681,1202710,1202711,1202712,1202713,1202715,1202716,1202757,1202758,1202759,1202761,1202762,1202763,1202764,1202765,1202766,1202767,1202768,1202769,1202770,1202771,1202773,1202774,1202775,1202776,1202778,1202779,1202780,1202781,1202782,1202783,1202822,1202823,1202824,1202860,1202867,1202874,1202898,1203036,1203041,1203063,1203107,1203117,1203138,1203139,1203159,CVE-2016-3695,CVE-2020-36516,CVE-2021-33135,CVE-2021-4037,CVE-2022-20368,CVE-2022-20369,CVE-2022-2588,CVE-2022-2639,CVE-2022-2663,CVE-2022-28356,CVE-2022-28693,CVE-2022-2873,CVE-2022-2905,CVE-2022-2938,CVE-2022-2959,CVE-2022-2977,CVE-2022-3028,CVE-2022-3078,CVE-2022-32250,CVE-2022-36879,CVE-2022-36946,CVE-2022-39188,CVE-2022-39190

Description:

The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

CVE-2022-39190: Fixed an issue that was discovered in net/netfilter/nf_tables_api.c and could cause a denial of service upon binding to an already bound chain (bnc#1203117).
CVE-2022-39188: Fixed race condition in include/asm-generic/tlb.h where a device driver can free a page while it still has stale TLB entries (bnc#1203107).
CVE-2022-2663: Fixed an issue that was found in nf_conntrack_irc where the message handling could be confused and incorrectly matches the message (bnc#1202097).
CVE-2022-3078: Fixed a lack of check after calling vzalloc() and lack of free after allocation in drivers/media/test-drivers/vidtv/vidtv_s302m.c (bnc#1203041).
CVE-2022-28356: Fixed a refcount leak bug that was found in net/llc/af_llc.c (bnc#1197391).
CVE-2022-3028: Fixed race condition that was found in the IP framework for transforming packets (XFRM subsystem) (bnc#1202898).
CVE-2022-2905: Fixed tnum_range usage on array range checking for poke descriptors (bsc#1202564, bsc#1202860).
CVE-2022-2977: Fixed reference counting for struct tpm_chip (bsc#1202672).
CVE-2022-2938: Fixed a flaw that was found inside the Pressure Stall Information implementation that could have been used to allow an attacker to crash the system or have other memory-corruption side effects (bnc#1202623).
CVE-2022-28693: Fixed x86/speculation behavior by disabling RRSBA (bsc#1201455).
CVE-2021-33135: Fixed uncontrolled resource consumption inside Intel(R) SGX that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1199515).
CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096).
CVE-2022-2959: Fixed a race condition that was found inside the watch queue due to a missing lock in pipe_resize_ring() (bnc#1202681 bnc#1202685).
CVE-2022-36946: Fixed a denial of service (panic) inside nfqnl_mangle in net/netfilter/nfnetlink_queue.c (bnc#1201940 bnc#1201941 bnc#1202312 bnc#1202874).
CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set (bnc#1198702).
CVE-2022-2873: Fixed an out-of-bounds memory access flaw that was found in iSMT SMBus host controller driver (bnc#1202558).
CVE-2022-36879: Fixed an issue in xfrm_expand_policies in net/xfrm/xfrm_policy.c where a refcount could be dropped twice (bnc#1201948).
CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg() (bsc#1202346).
CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of v4l2-mem2mem.c (bnc#1202347).
CVE-2016-3695: Fixed an issue inside the einj_error_inject function in drivers/acpi/apei/einj.c that allowed users to simulate hardware errors and consequently cause a denial of service (bnc#1023051).
CVE-2022-2639: Fixed an integer coercion error that was found in the openvswitch kernel module (bnc#1202154).
CVE-2020-36516: Fixed an issue in the mixed IPID assignment method where an attacker was able to inject data into or terminate a victim's TCP session (bnc#1196616).
CVE-2022-32250: Fixed a privilege escalation issue in net/netfilter/nf_tables_api.c that allowed a local user to became root (bnc#1200015).

The following non-security bugs were fixed:

9p: Fix refcounting during full path walks for fid lookups (git-fixes).
9p: fix fid refcount leak in v9fs_vfs_atomic_open_dotl (git-fixes).
9p: fix fid refcount leak in v9fs_vfs_get_link (git-fixes).
ACPI: APEI: Better fix to avoid spamming the console with old error logs (git-fixes).
ACPI: APEI: explicit init of HEST and GHES in apci_init() (git-fixes).
ACPI: CPPC: Do not prevent CPPC from working in the future (git-fixes).
ACPI: EC: Drop the EC_FLAGS_IGNORE_DSDT_GPE quirk (git-fixes).
ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks (git-fixes).
ACPI: LPSS: Fix missing check in register_device_clock() (git-fixes).
ACPI: PM: save NVS memory for Lenovo G40-45 (git-fixes).
ACPI: VIOT: Fix ACS setup (git-fixes).
ACPI: processor/idle: Annotate more functions to live in cpuidle section (git-fixes).
ACPI: processor: Remove freq Qos request for all CPUs (git-fixes).
ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool (git-fixes).
ACPI: thermal: drop an always true check (git-fixes).
ACPI: video: Force backlight native for some TongFang devices (git-fixes).
ACPI: video: Shortening quirk list by identifying Clevo by board_name only (git-fixes).
ALSA: bcd2000: Fix a UAF bug on the error path of probing (git-fixes).
ALSA: hda/cirrus - support for iMac 12,1 model (git-fixes).
ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model (git-fixes).
ALSA: hda/conexant: add a new hda codec SN6140 (git-fixes).
ALSA: hda/realtek: Add a quirk for HP OMEN 15 (8786) mute LED (git-fixes).
ALSA: hda/realtek: Add quirk for Clevo NS50PU, NS70PU (git-fixes).
ALSA: hda/realtek: Add quirk for Clevo NV45PZ (git-fixes).
ALSA: hda/realtek: Add quirk for HP Spectre x360 15-eb0xxx (git-fixes).
ALSA: hda/realtek: Add quirk for Lenovo Yoga9 14IAP7 (git-fixes).
ALSA: hda/realtek: Add quirk for another Asus K42JZ model (git-fixes).
ALSA: hda/realtek: Add speaker AMP init for Samsung laptops with ALC298 (git-fixes).
ALSA: hda/sigmatel: Keep power up while beep is enabled (bsc#1200544).
ALSA: hda: intel-nhlt: Correct the handling of fmt_config flexible array (git-fixes).
ALSA: info: Fix llseek return value when using callback (git-fixes).
ALSA: seq: Fix data-race at module auto-loading (git-fixes).
ALSA: seq: oss: Fix data-race for max_midi_devs access (git-fixes).
ALSA: usb-audio: Add endianness annotations (git-fixes).
ALSA: usb-audio: Add quirk for Behringer UMC202HD (git-fixes).
ALSA: usb-audio: Add quirk for LH Labs Geek Out HD Audio 1V5 (git-fixes).
ALSA: usb-audio: More comprehensive mixer map for ASUS ROG Zenith II (git-fixes).
ALSA: usb-audio: Support jack detection on Dell dock (git-fixes).
ALSA: usb-audio: Turn off 'manual mode' on Dell dock (git-fixes).
ARM: 9216/1: Fix MAX_DMA_ADDRESS overflow (git-fixes).
ARM: OMAP2+: Fix refcount leak in omap3xxx_prm_late_init (git-fixes).
ARM: OMAP2+: Fix refcount leak in omapdss_init_of (git-fixes).
ARM: OMAP2+: display: Fix refcount leak bug (git-fixes).
ARM: OMAP2+: pdata-quirks: Fix refcount leak bug (git-fixes).
ARM: bcm: Fix refcount leak in bcm_kona_smc_init (git-fixes).
ARM: dts: BCM5301X: Add DT for Meraki MR26 (git-fixes).
ARM: dts: ast2500-evb: fix board compatible (git-fixes).
ARM: dts: ast2600-evb-a1: fix board compatible (git-fixes).
ARM: dts: ast2600-evb: fix board compatible (git-fixes).
ARM: dts: at91: sama5d27_wlsom1: do not keep ldo2 enabled all the time (git-fixes).
ARM: dts: at91: sama5d27_wlsom1: specify proper regulator output ranges (git-fixes).
ARM: dts: at91: sama5d2_icp: do not keep vdd_other enabled all the time (git-fixes).
ARM: dts: at91: sama5d2_icp: specify proper regulator output ranges (git-fixes).
ARM: dts: imx6qdl-kontron-samx6i: remove duplicated node (git-fixes).
ARM: dts: imx6ul: add missing properties for sram (git-fixes).
ARM: dts: imx6ul: change operating-points to uint32-matrix (git-fixes).
ARM: dts: imx6ul: fix csi node compatible (git-fixes).
ARM: dts: imx6ul: fix keypad compatible (git-fixes).
ARM: dts: imx6ul: fix lcdif node compatible (git-fixes).
ARM: dts: imx6ul: fix qspi node compatible (git-fixes).
ARM: dts: imx7d-colibri-emmc: add cpu1 supply (git-fixes).
ARM: dts: qcom: mdm9615: add missing PMIC GPIO reg (git-fixes).
ARM: dts: qcom: pm8841: add required thermal-sensor-cells (git-fixes).
ARM: dts: qcom: sdx55: Fix the IRQ trigger type for UART (git-fixes).
ARM: dts: uniphier: Fix USB interrupts for PXs2 SoC (git-fixes).
ARM: findbit: fix overflowing offset (git-fixes).
ARM: shmobile: rcar-gen2: Increase refcount for new reference (git-fixes).
ASoC: SOF: debug: Fix potential buffer overflow by snprintf() (git-fixes).
ASoC: audio-graph-card: Add of_node_put() in fail path (git-fixes).
ASoC: codec: tlv320aic32x4: fix mono playback via I2S (git-fixes).
ASoC: codecs: da7210: add check for i2c_add_driver (git-fixes).
ASoC: codecs: msm8916-wcd-digital: move gains from SX_TLV to S8_TLV (git-fixes).
ASoC: codecs: wcd9335: move gains from SX_TLV to S8_TLV (git-fixes).
ASoC: cros_ec_codec: Fix refcount leak in cros_ec_codec_platform_probe (git-fixes).
ASoC: fsl-asoc-card: force cast the asrc_format type (git-fixes).
ASoC: fsl_asrc: force cast the asrc_format type (git-fixes).
ASoC: fsl_easrc: use snd_pcm_format_t type for sample_format (git-fixes).
ASoC: imx-audmux: Silence a clang warning (git-fixes).
ASoC: imx-card: Fix DSD/PDM mclk frequency (git-fixes).
ASoC: imx-card: use snd_pcm_format_t type for asrc_format (git-fixes).
ASoC: mchp-spdifrx: disable end of block interrupt on failures (git-fixes).
ASoC: mt6359: Fix refcount leak bug (git-fixes).
ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe (git-fixes).
ASoC: qcom: Fix missing of_node_put() in asoc_qcom_lpass_cpu_platform_probe() (git-fixes).
ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp() (git-fixes).
ASoC: rsnd: care default case on rsnd_ssiu_busif_err_irq_ctrl() (git-fixes).
ASoC: samsung: Fix error handling in aries_audio_probe (git-fixes).
ASoC: samsung: change gpiod_speaker_power and rx1950_audio from global to static variables (git-fixes).
ASoC: samsung: change neo1973_audio from a global to static (git-fixes).
ASoC: samsung: h1940_uda1380: include proepr GPIO consumer header (git-fixes).
ASoC: tas2770: Allow mono streams (git-fixes).
ASoC: tas2770: Drop conflicting set_bias_level power setting (git-fixes).
ASoC: tas2770: Fix handling of mute/unmute (git-fixes).
ASoC: tas2770: Set correct FSYNC polarity (git-fixes).
Bluetooth: Add bt_skb_sendmmsg helper (git-fixes).
Bluetooth: Add bt_skb_sendmsg helper (git-fixes).
Bluetooth: Fix bt_skb_sendmmsg not allocating partial chunks (git-fixes).
Bluetooth: Fix passing NULL to PTR_ERR (git-fixes).
Bluetooth: L2CAP: Fix build errors in some archs (git-fixes).
Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression (git-fixes).
Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put (git-fixes).
Bluetooth: MGMT: Fixes build warnings with C=1 (git-fixes).
Bluetooth: RFCOMM: Replace use of memcpy_from_msg with bt_skb_sendmmsg (git-fixes).
Bluetooth: SCO: Fix sco_send_frame returning skb->len (git-fixes).
Bluetooth: SCO: Replace use of memcpy_from_msg with bt_skb_sendmsg (git-fixes).
Bluetooth: btusb: Add Realtek RTL8852C support ID 0x04C5:0x1675 (git-fixes).
Bluetooth: btusb: Add Realtek RTL8852C support ID 0x04CA:0x4007 (git-fixes).
Bluetooth: btusb: Add Realtek RTL8852C support ID 0x0CB8:0xC558 (git-fixes).
Bluetooth: btusb: Add Realtek RTL8852C support ID 0x13D3:0x3586 (git-fixes).
Bluetooth: btusb: Add Realtek RTL8852C support ID 0x13D3:0x3587 (git-fixes).
Bluetooth: btusb: Add support of IMC Networks PID 0x3568 (git-fixes).
Bluetooth: hci_bcm: Add BCM4349B1 variant (git-fixes).
Bluetooth: hci_bcm: Add DT compatible for CYW55572 (git-fixes).
Bluetooth: hci_intel: Add check for platform_driver_register (git-fixes).
EDAC/ghes: Set the DIMM label unconditionally (bsc#1201768).
rpm: Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019).
HID: AMD_SFH: Add a DMI quirk entry for Chromebooks (git-fixes).
HID: add Lenovo Yoga C630 battery quirk (git-fixes).
HID: alps: Declare U1_UNICORN_LEGACY support (git-fixes).
HID: amd_sfh: Add NULL check for hid device (git-fixes).
HID: amd_sfh: Handle condition of 'no sensors' (git-fixes).
HID: asus: ROG NKey: Ignore portion of 0x5a report (git-fixes).
HID: cp2112: prevent a buffer overflow in cp2112_xfer() (git-fixes).
HID: hid-input: add Surface Go battery quirk (git-fixes).
HID: mcp2221: prevent a buffer overflow in mcp_smbus_write() (git-fixes).
HID: multitouch: new device class fix Lenovo X12 trackpad sticky (git-fixes).
HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report (git-fies).
HID: thrustmaster: Add sparco wheel and fix array length (git-fixes).
HID: wacom: Do not register pad_input for touch switch (git-fixes).
HID: wacom: Only report rotation for art pen (git-fixes).
Input: exc3000 - fix return value check of wait_for_completion_timeout (git-fixes).
Input: gscps2 - check return value of ioremap() in gscps2_probe() (git-fixes).
Input: i8042 - add TUXEDO devices to i8042 quirk tables (git-fies).
Input: i8042 - add additional TUXEDO devices to i8042 quirk tables (git-fies).
Input: i8042 - merge quirk tables (git-fies).
Input: i8042 - move __initconst to fix code styling warning (git-fies).
Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag (git-fixes).
Input: rk805-pwrkey - fix module autoloading (git-fixes).
KABI: cgroup: Restore KABI of css_set (bsc#1201610).
KEYS: asymmetric: enforce SM2 signature use pkey algo (git-fixes).
KVM: LAPIC: Also cancel preemption timer during SET_LAPIC (git-fixes).
KVM: MMU: shadow nested paging does not have PKU (git-fixes).
KVM: PPC: Book3S HV: Check return value of kvmppc_radix_init (bsc#1194869).
KVM: PPC: Book3S HV: Prevent POWER7/8 TLB flush flushing SLB (bsc#1156395).
KVM: PPC: Book3S HV: Remove kvmhv_p9_[set,restore]_lpcr declarations (bsc#1194869).
KVM: PPC: Book3S HV: Use GLOBAL_TOC for kvmppc_h_set_dabr/xdabr() (bsc#1156395).
KVM: PPC: Book3S HV: fix incorrect NULL check on list iterator (bsc#1194869).
KVM: PPC: Book3s HV: Remove unused function kvmppc_bad_interrupt (bsc#1194869).
KVM: PPC: Fix vmx/vsx mixup in mmio emulation (bsc#1156395).
KVM: PPC: Use arch_get_random_seed_long instead of powernv variant (bsc#1156395).
KVM: SVM: Do not BUG if userspace injects an interrupt with GIF=0 (git-fixes).
KVM: SVM: Do not intercept #GP for SEV guests (git-fixes).
KVM: SVM: Unwind 'speculative' RIP advancement if INTn injection 'fails' (git-fixes).
KVM: SVM: fix panic on out-of-bounds guest IRQ (git-fixes).
KVM: VMX: Print VM-instruction error as unsigned (git-fixes).
KVM: VMX: prepare sync_pir_to_irr for running with APICv disabled (git-fixes).
KVM: VMX: switch blocked_vcpu_on_cpu_lock to raw spinlock (git-fixes).
KVM: X86: Use vcpu->arch.walk_mmu for kvm_mmu_invlpg() (git-fixes).
KVM: X86: avoid uninitialized 'fault.async_page_fault' from fixed-up #PF (git-fixes).
KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2 (bsc#1201442)
KVM: nVMX: Defer APICv updates while L2 is active until L1 is active (git-fixes).
KVM: nVMX: Inject #UD if VMXON is attempted with incompatible CR0/CR4 (git-fixes).
KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported value (git-fixes).
KVM: nVMX: Set UMIP bit CR4_FIXED1 MSR when emulating UMIP (git-fixes).
KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case (git-fixes).
KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case (git-fixes).
KVM: nVMX: Synthesize TRIPLE_FAULT for L2 if emulation is required (git-fixes).
KVM: nVMX: do not use vcpu->arch.efer when checking host state on nested state load (git-fixes).
KVM: selftests: Make sure kvm_create_max_vcpus test won't hit RLIMIT_NOFILE (git-fixes).
KVM: selftests: Silence compiler warning in the kvm_page_table_test (git-fixes).
KVM: x86/mmu: Do not freak out if pml5_root is NULL on 4-level host (git-fixes).
KVM: x86/mmu: Move 'invalid' check out of kvm_tdp_mmu_get_root() (git-fixes).
KVM: x86/mmu: Zap _all_ roots when unmapping gfn range in TDP MMU (git-fixes).
KVM: x86/mmu: include EFER.LMA in extended mmu role (git-fixes).
KVM: x86/mmu: make apf token non-zero to fix bug (git-fixes).
KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() (git-fixes).
KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq (git-fixes).
KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't activated (git-fixes).
KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks (git-fixes).
KVM: x86: SVM: do not passthrough SMAP/SMEP/PKE bits in !NPT && !gCR0.PG case (git-fixes).
KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP (git-fixes).
KVM: x86: check PIR even for vCPUs with disabled APICv (git-fixes).
KVM: x86: hyper-v: Drop redundant 'ex' parameter from kvm_hv_flush_tlb() (git-fixes).
KVM: x86: ignore APICv if LAPIC is not enabled (git-fixes).
KVM: x86: remove PMU FIXED_CTR3 from msrs_to_save_all (git-fixes).
KVM: x86: revalidate steal time cache if MSR value changes (git-fixes).
NFSD: Clamp WRITE offsets (git-fixes).
NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes (git-fixes).
NFSD: Fix ia_size underflow (git-fixes).
NFSD: Fix possible sleep during nfsd4_release_lockowner() (git-fixes).
NFSD: prevent integer overflow on 32 bit systems (git-fixes).
NFSD: prevent underflow in nfssvc_decode_writeargs() (git-fixes).
NTB: ntb_tool: uninitialized heap data in tool_fn_write() (git-fixes).
PCI/ACPI: Guard ARM64-specific mcfg_quirks (git-fixes).
PCI/AER: Iterate over error counters instead of error strings (git-fixes).
PCI/portdrv: Do not disable AER reporting in get_port_device_capability() (git-fixes).
PCI: Add ACS quirk for Broadcom BCM5750x NICs (git-fixes).
PCI: aardvark: Fix reporting Slot capabilities on emulated bridge (git-fixes).
PCI: dwc: Add unroll iATU space support to dw_pcie_disable_atu() (git-fixes).
PCI: dwc: Always enable CDM check if 'snps,enable-cdm-check' exists (git-fixes).
PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors (git-fixes).
PCI: dwc: Disable outbound windows only for controllers using iATU (git-fixes).
PCI: dwc: Set INCREASE_REGION_SIZE flag based on limit address (git-fixes).
PCI: dwc: Stop link on host_init errors and de-initialization (git-fixes).
PCI: endpoint: Do not stop controller when unbinding endpoint function (git-fixes).
PCI: hv: Only reuse existing IRTE allocation for Multi-MSI (bsc#1200845).
PCI: microchip: Fix refcount leak in mc_pcie_init_irq_domains() (git-fixes).
PCI: qcom: Power on PHY before IPQ8074 DBI register accesses (git-fixes).
PCI: qcom: Set up rev 2.1.0 PARF_PHY before enabling clocks (git-fixes).
PCI: tegra194: Fix PM error handling in tegra_pcie_config_ep() (git-fixes).
PCI: tegra194: Fix Root Port interrupt handling (git-fixes).
PCI: tegra194: Fix link up retry sequence (git-fixes).
PM: domains: Ensure genpd_debugfs_dir exists before remove (git-fixes).
PM: hibernate: defer device probing when resuming from hibernation (git-fixes).
SUNRPC: Fix NFSD's request deferral on RDMA transports (git-fixes).
SUNRPC: Fix READ_PLUS crasher (git-fixes).
SUNRPC: Prevent immediate close+reconnect (git-fixes).
USB: Follow-up to SPDX GPL-2.0+ identifiers addition - remove now useless comments (git-fixes).
USB: Follow-up to SPDX identifiers addition - remove now useless comments (git-fixes).
USB: serial: ch314: use usb_control_msg_recv() (git-fixes).
USB: serial: ch341: fix disabled rx timer on older devices (git-fixes).
USB: serial: ch341: fix lost character on LCR updates (git-fixes).
USB: serial: fix tty-port initialized comments (git-fixes).
XArray: Update the LRU list in xas_split() (git-fixes).
apparmor: Fix failed mount permission check error message (git-fixes).
apparmor: Fix memleak in aa_simple_write_to_buffer() (git-fixes).
apparmor: fix aa_label_asxprint return check (git-fixes).
apparmor: fix absroot causing audited secids to begin with = (git-fixes).
apparmor: fix overlapping attachment computation (git-fixes).
apparmor: fix quiet_denied for file rules (git-fixes).
apparmor: fix reference count leak in aa_pivotroot() (git-fixes).
apparmor: fix setting unconfined mode on a loaded profile (git-fixes).
arm64: Do not forget syscall when starting a new thread (git-fixes).
arm64: Fix match_list for erratum 1286807 on Arm Cortex-A76 (git-fixes).
arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1 (git-fixes).
arm64: dts: allwinner: a64: orangepi-win: Fix LED node name (git-fixes).
arm64: dts: mt7622: fix BPI-R64 WPS button (git-fixes).
arm64: dts: mt8192: Fix idle-states entry-method (git-fixes).
arm64: dts: mt8192: Fix idle-states nodes naming scheme (git-fixes).
arm64: dts: qcom: ipq8074: fix NAND node name (git-fixes).
arm64: dts: qcom: msm8916: Fix typo in pronto remoteproc node (git-fixes).
arm64: dts: qcom: qcs404: Fix incorrect USB2 PHYs assignment (git-fixes).
arm64: dts: qcom: sm8250: add missing PCIe PHY clock-cells (git-fixes).
arm64: dts: renesas: Fix thermal-sensors on single-zone sensors (git-fixes).
arm64: dts: renesas: beacon: Fix regulator node names (git-fixes).
arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC (git-fixes).
arm64: fix oops in concurrently setting insn_emulation sysctls (git-fixes).
arm64: fix rodata=full (git-fixes).
arm64: kasan: Revert 'arm64: mte: reset the page tag in page->flags' (git-fixes).
arm64: set UXN on swapper page tables (git-fixes).
arm64: tegra: Fix SDMMC1 CD on P2888 (git-fixes).
arm64: tegra: Fixup SYSRAM references (git-fixes).
arm64: tegra: Mark BPMP channels as no-memory-wc (git-fixes).
arm64: tegra: Update Tegra234 BPMP channel addresses (git-fixes).
arm_pmu: Validate single/group leader events (git-fixes).
asm-generic: remove a broken and needless ifdef conditional (git-fixes).
asm-generic: sections: refactor memory_intersects (git-fixes).
ata: libata-eh: Add missing command name (git-fixes).
ath10k: do not enforce interrupt trigger type (git-fixes).
ath11k: Fix incorrect debug_mask mappings (git-fixes).
ath11k: fix netdev open race (git-fixes).
atm: idt77252: fix use-after-free bugs caused by tst_timer (git-fixes).
audit: fix potential double free on error path from fsnotify_add_inode_mark (git-fixes).
ax25: Fix ax25 session cleanup problems (git-fixes).
bitfield.h: Fix 'type of reg too small for mask' test (git-fixes).
block: Fix fsync always failed if once failed (bsc#1202779).
block: Fix wrong offset in bio_truncate() (bsc#1202780).
block: fix rq-qos breakage from skipping rq_qos_done_bio() (bsc#1202781).
block: only mark bio as tracked if it really is tracked (bsc#1202782).
bnx2x: Invalidate fastpath HSI version for VFs (git-fixes).
bnx2x: Utilize firmware 7.13.21.0 (git-fixes).
btrfs: properly flag filesystem with BTRFS_FEATURE_INCOMPAT_BIG_METADATA (git-fixes).
bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe() (git-fixes).
can: Break loopback loop on loopback documentation (git-fixes).
can: ems_usb: fix clang's -Wunaligned-access warning (git-fixes).
can: error: specify the values of data[5..7] of CAN error frames (git-fixes).
can: hi311x: do not report txerr and rxerr during bus-off (git-fixes).
can: j1939: j1939_sk_queue_activate_next_locked(): replace WARN_ON_ONCE with netdev_warn_once() (git-fixes).
can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off (git-fixes).
can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off (git-fixes).
can: mcp251x: Fix race condition on receive interrupt (git-fixes).
can: mcp251xfd: mcp251xfd_dump(): fix comment (git-fixes).
can: netlink: allow configuring of fixed bit rates without need for do_set_bittiming callback (git-fixes).
can: netlink: allow configuring of fixed data bit rates without need for do_set_data_bittiming callback (git-fixes).
can: pch_can: do not report txerr and rxerr during bus-off (git-fixes).
can: pch_can: pch_can_error(): initialize errc before using it (git-fixes).
can: rcar_can: do not report txerr and rxerr during bus-off (git-fixes).
can: sja1000: do not report txerr and rxerr during bus-off (git-fixes).
can: sun4i_can: do not report txerr and rxerr during bus-off (git-fixes).
can: usb_8dev: do not report txerr and rxerr during bus-off (git-fixes).
ceph: do not leak snap_rwsem in handle_cap_grant (bsc#1202823).
ceph: do not truncate file in atomic_open (bsc#1202824).
ceph: use correct index when encoding client supported features (bsc#1202822).
cfg80211/mac80211: assume CHECKSUM_COMPLETE includes SNAP (bsc#1202131).
cgroup: Use separate src/dst nodes when preloading css_sets for migration (bsc#1201610).
cifs: fix reconnect on smb3 mount types (bsc#1201427).
clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate (git-fixes).
clk: core: Fix runtime PM sequence in clk_core_unprepare() (git-fixes).
clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops (git-fixes).
clk: mediatek: reset: Fix written reset bit offset (git-fixes).
clk: qcom: camcc-sdm845: Fix topology around titan_top power domain (git-fixes).
clk: qcom: camcc-sm8250: Fix halt on boot by reducing driver's init level (git-fixes).
clk: qcom: camcc-sm8250: Fix topology around titan_top power domain (git-fixes).
clk: qcom: clk-alpha-pll: fix clk_trion_pll_configure description (git-fixes).
clk: qcom: clk-krait: unlock spin after mux completion (git-fixes).
clk: qcom: clk-rcg2: Fail Duty-Cycle configuration if MND divider is not enabled (git-fixes).
clk: qcom: clk-rcg2: Make sure to not write d=0 to the NMD register (git-fixes).
clk: qcom: gcc-msm8939: Add missing SYSTEM_MM_NOC_BFDCD_CLK_SRC (git-fixes).
clk: qcom: gcc-msm8939: Add missing system_mm_noc_bfdcd_clk_src (git-fixes).
clk: qcom: gcc-msm8939: Fix bimc_ddr_clk_src rcgr base address (git-fixes).
clk: qcom: gcc-msm8939: Fix weird field spacing in ftbl_gcc_camss_cci_clk (git-fixes).
clk: qcom: gcc-msm8939: Point MM peripherals to system_mm_noc clock (git-fixes).
clk: qcom: ipq8074: SW workaround for UBI32 PLL lock (git-fixes).
clk: qcom: ipq8074: dont disable gcc_sleep_clk_src (git-fixes).
clk: qcom: ipq8074: fix NSS core PLL-s (git-fixes).
clk: qcom: ipq8074: fix NSS port frequency tables (git-fixes).
clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks (git-fixes).
clk: renesas: r9a06g032: Fix UART clkgrp bitsel (git-fixes).
clk: ti: Stop using legacy clkctrl names for omap4 and 5 (git-fixes).
configfs: fix a race in configfs_{,un}register_subsystem() (git-fixes).
cpufreq: zynq: Fix refcount leak in zynq_get_revision (git-fixes).
crypto: arm64/poly1305 - fix a read out-of-bound (git-fixes).
crypto: ccp - During shutdown, check SEV data pointer before using (git-fixes).
crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak (git-fixes).
crypto: hisilicon - Kunpeng916 crypto driver do not sleep when in softirq (git-fixes).
crypto: hisilicon/hpre - do not use GFP_KERNEL to alloc mem during softirq (git-fixes).
crypto: hisilicon/sec - do not sleep when in softirq (git-fixes).
crypto: hisilicon/sec - fix auth key size error (git-fixes).
crypto: inside-secure - Add missing MODULE_DEVICE_TABLE for of (git-fixes).
crypto: sun8i-ss - do not allocate memory when handling hash requests (git-fixes).
crypto: sun8i-ss - fix error codes in allocate_flows() (git-fixes).
crypto: sun8i-ss - fix infinite loop in sun8i_ss_setup_ivs() (git-fixes).
device property: Check fwnode->secondary when finding properties (git-fixes).
devlink: Fix use-after-free after a failed reload (git-fixes).
dm raid: fix KASAN warning in raid5_add_disks (git-fixes).
dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC (git-fixes).
dma-debug: make things less spammy under memory pressure (git-fixes).
dmaengine: dw-axi-dmac: do not print NULL LLI during error (git-fixes).
dmaengine: dw-axi-dmac: ignore interrupt if no descriptor (git-fixes).
dmaengine: dw-edma: Fix eDMA Rd/Wr-channels and DMA-direction semantics (git-fixes).
dmaengine: imx-dma: Cast of_device_get_match_data() with (uintptr_t) (git-fixes).
dmaengine: sf-pdma: Add multithread support for a DMA channel (git-fixes).
dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed (git-fixes).
dmaengine: stm32-mdma: Remove dead code in stm32_mdma_irq_handler() (git-fixes).
docs/kernel-parameters: Update descriptions for 'mitigations=' param with retbleed (git-fixes).
docs: i2c: i2c-sysfs: fix hyperlinks (git-fixes).
docs: zh_CN: fix a broken reference (git-fixes).
dpaa2-eth: fix ethtool statistics (git-fixes).
driver core: Do not probe devices after bus_type.match() probe deferral (git-fixes).
driver core: fix potential deadlock in __driver_attach (git-fixes).
drivers/iio: Remove all strcpy() uses (git-fixes).
drivers: usb: dwc3-qcom: Add sdm660 compatible (git-fixes).
drm/amd/amd_shared.h: Add missing doc for PP_GFX_DCS_MASK (git-fixes).
drm/amd/display: Add option to defer works of hpd_rx_irq (git-fixes).
drm/amd/display: Avoid MPC infinite loop (git-fixes).
drm/amd/display: Check correct bounds for stream encoder instances for DCN303 (git-fixes).
drm/amd/display: Enable building new display engine with KCOV enabled (git-fixes).
drm/amd/display: Fix HDMI VSIF V3 incorrect issue (git-fixes).
drm/amd/display: Fix pixel clock programming (git-fixes).
drm/amd/display: Fix surface optimization regression on Carrizo (git-fixes).
drm/amd/display: For stereo keep 'FLIP_ANY_FRAME' (git-fixes).
drm/amd/display: Ignore First MST Sideband Message Return Error (git-fixes).
drm/amd/display: Optimize bandwidth on following fast update (git-fixes).
drm/amd/display: Reset DMCUB before HW init (git-fixes).
drm/amd/display: Revert 'drm/amd/display: turn DPMS off on connector unplug' (git-fixes).
drm/amd/display: avoid doing vm_init multiple time (git-fixes).
drm/amd/display: clear optc underflow before turn off odm clock (git-fixes).
drm/amd/pm: add missing ->fini_microcode interface for Sienna Cichlid (git-fixes).
drm/amdgpu: Check BO's requested pinning domains against its preferred_domains (git-fixes).
drm/amdgpu: Increase tlb flush timeout for sriov (git-fixes).
drm/amdgpu: Remove one duplicated ef removal (git-fixes).
drm/amdgpu: remove useless condition in amdgpu_job_stop_all_jobs_on_sched() (git-fixes).
drm/bridge: lt9611uxc: Cancel only driver's work (git-fixes).
drm/bridge: tc358767: Fix (e)DP bridge endpoint parsing in dedicated function (git-fixes).
drm/bridge: tc358767: Make sure Refclk clock are enabled (git-fixes).
drm/bridge: tc358767: Move (e)DP bridge endpoint parsing into dedicated function (git-fixes).
drm/doc: Fix comment typo (git-fixes).
drm/exynos/exynos7_drm_decon: free resources when clk_set_parent() failed (git-fixes).
drm/gem: Properly annotate WW context on drm_gem_lock_reservations() error (git-fixes).
drm/i915/display: avoid warnings when registering dual panel backlight (git-fixes).
drm/i915/gt: Skip TLB invalidations once wedged (git-fixes).
drm/i915/reg: Fix spelling mistake 'Unsupport' -> 'Unsupported' (git-fixes).
drm/i915: fix null pointer dereference (git-fixes).
drm/mcde: Fix refcount leak in mcde_dsi_bind (git-fixes).
drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function (git-fixes).
drm/mediatek: Allow commands to be sent during video mode (git-fixes).
drm/mediatek: Keep dsi as LP00 before dcs cmds transfer (git-fixes).
drm/mediatek: Modify dsi funcs to atomic operations (git-fixes).
drm/mediatek: Separate poweron/poweroff from enable/disable and define new funcs (git-fixes).
drm/mediatek: dpi: Only enable dpi after the bridge is enabled (git-fixes).
drm/mediatek: dpi: Remove output format of YUV (git-fixes).
drm/meson: Fix overflow implicit truncation warnings (git-fixes).
drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors() (git-fixes).
drm/mipi-dbi: align max_chunk to 2 in spi_transfer (git-fixes).
drm/msm/dp: delete DP_RECOVERED_CLOCK_OUT_EN to fix tps4 (git-fixes).
drm/msm/dpu: Fix for non-visible planes (git-fixes).
drm/msm/dsi: Fix number of regulators for SDM660 (git-fixes).
drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg (git-fixes).
drm/msm/dsi: fix the inconsistent indenting (git-fixes).
drm/msm/hdmi: drop empty 'none' regulator lists (git-fixes).
drm/msm/hdmi: enable core-vcc/core-vdda-supply for 8996 platform (git-fixes).
drm/msm/mdp5: Fix global state lock backoff (git-fixes).
drm/msm: Avoid dirtyfb stalls on video mode displays (v2) (git-fixes).
drm/msm: Fix dirtyfb refcounting (git-fixes).
drm/nouveau/acpi: Do not print error when we get -EINPROGRESS from pm_runtime (git-fixes).
drm/nouveau/kms: Fix failure path for creating DP connectors (git-fixes).
drm/nouveau: Do not pm_runtime_put_sync(), only pm_runtime_put_autosuspend() (git-fixes).
drm/nouveau: fix another off-by-one in nvbios_addr (git-fixes).
drm/nouveau: recognise GA103 (git-fixes).
drm/radeon: fix incorrrect SPDX-License-Identifiers (git-fixes).
drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() (git-fixes).
drm/rockchip: Fix an error handling path rockchip_dp_probe() (git-fixes).
drm/rockchip: vop: Do not crash for invalid duplicate_state() (git-fixes).
drm/shmem-helper: Add missing vunmap on error (git-fixes).
drm/simpledrm: Fix return type of simpledrm_simple_display_pipe_mode_valid() (git-fixes).
drm/st7735r: Fix module autoloading for Okaya RH128128T (git-fixes).
drm/sun4i: dsi: Prevent underflow when computing packet sizes (git-fixes).
drm/ttm: Fix dummy res NULL ptr deref bug (git-fixes).
drm/udl: Add parameter to set number of URBs (bsc#1195917).
drm/udl: Add reset_resume (bsc#1195917)
drm/udl: Do not re-initialize stuff at retrying the URB list allocation (bsc#1195917).
drm/udl: Drop unneeded alignment (bsc#1195917).
drm/udl: Enable damage clipping (bsc#1195917).
drm/udl: Fix inconsistent urbs.count value during udl_free_urb_list() (bsc#1195917).
drm/udl: Fix potential URB leaks (bsc#1195917).
drm/udl: Increase the default URB list size to 20 (bsc#1195917).
drm/udl: Kill pending URBs at suspend and disconnect (bsc#1195917).
drm/udl: Replace BUG_ON() with WARN_ON() (bsc#1195917).
drm/udl: Replace semaphore with a simple wait queue (bsc#1195917).
drm/udl: Restore display mode on resume (bsc#1195917)
drm/udl: Suppress error print for -EPROTO at URB completion (bsc#1195917).
drm/udl: Sync pending URBs at suspend / disconnect (bsc#1195917).
drm/udl: Sync pending URBs at the end of suspend (bsc#1195917).
drm/vc4: change vc4_dma_range_matches from a global to static (git-fixes).
drm/vc4: drv: Adopt the dma configuration from the HVS or V3D component (git-fixes).
drm/vc4: dsi: Add correct stop condition to vc4_dsi_encoder_disable iteration (git-fixes).
drm/vc4: dsi: Correct DSI divider calculations (git-fixes).
drm/vc4: dsi: Correct pixel order for DSI0 (git-fixes).
drm/vc4: dsi: Fix dsi0 interrupt support (git-fixes).
drm/vc4: dsi: Register dsi0 as the correct vc4 encoder type (git-fixes).
drm/vc4: hdmi: Correct HDMI timing registers for interlaced modes (git-fixes).
drm/vc4: hdmi: Disable audio if dmas property is present but empty (git-fixes).
drm/vc4: hdmi: Fix timings for interlaced modes (git-fixes).
drm/vc4: hdmi: Reset HDMI MISC_CONTROL register (git-fixes).
drm/vc4: plane: Fix margin calculations for the right/bottom edges (git-fixes).
drm/vc4: plane: Remove subpixel positioning check (git-fixes).
drm: adv7511: override i2c address of cec before accessing it (git-fixes).
drm: bridge: adv7511: Add check for mipi_dsi_driver_register (git-fixes).
drm: bridge: sii8620: fix possible off-by-one (git-fixes).
dsa: mv88e6xxx: fix debug print for SPEED_UNFORCED (git-fixes).
dt-bindings: arm: qcom: fix MSM8916 MTP compatibles (git-fixes).
dt-bindings: arm: qcom: fix MSM8994 boards compatibles (git-fixes).
dt-bindings: bluetooth: broadcom: Add BCM4349B1 DT binding (git-fixes).
dt-bindings: clock: qcom,gcc-msm8996: add more GCC clock sources (git-fixes).
dt-bindings: gpio: zynq: Add missing compatible strings (git-fixes).
dt-bindings: iio: accel: Add DT binding doc for ADXL355 (git-fixes).
dt-bindings: usb: mtk-xhci: Allow wakeup interrupt-names to be optional (git-fixes).
eeprom: idt_89hpesx: uninitialized data in idt_dbgfs_csr_write() (git-fixes).
erofs: fix deadlock when shrink erofs slab (git-fixes).
ethernet: rocker: fix sleep in atomic context bug in neigh_timer_handler (git-fies).
exfat: Define NLS_NAME_* as bit flags explicitly (bsc#1201725).
exfat: Downgrade ENAMETOOLONG error message to debug messages (bsc#1201725).
exfat: Drop superfluous new line for error messages (bsc#1201725).
exfat: Expand exfat_err() and co directly to pr_*() macro (bsc#1201725).
exfat: Return ENAMETOOLONG consistently for oversized paths (bsc#1201725).
exfat: fix i_blocks for files truncated over 4 GiB (git-fixes).
exfat: fix referencing wrong parent directory information after renaming (git-fixes).
exfat: reuse exfat_inode_info variable instead of calling EXFAT_I() (git-fixes).
exfat: use updated exfat_chain directly during renaming (git-fixes).
export: fix string handling of namespace in EXPORT_SYMBOL_NS (git-fixes).
ext4: Fix BUG_ON in ext4_bread when write quota data (bsc#1197755).
ext4: add new helper interface ext4_try_to_trim_range() (bsc#1202783).
ext4: add reserved GDT blocks check (bsc#1202712).
ext4: do not use the orphan list when migrating an inode (bsc#1197756).
ext4: fast commit may miss tracking unwritten range during ftruncate (bsc#1202759).
ext4: filter out EXT4_FC_REPLAY from on-disk superblock field s_state (bsc#1202771).
ext4: fix a possible ABBA deadlock due to busy PA (bsc#1202762).
ext4: fix bug_on in ext4_writepages (bsc#1200872).
ext4: fix error handling in ext4_fc_record_modified_inode() (bsc#1202767).
ext4: fix error handling in ext4_restore_inline_data() (bsc#1197757).
ext4: fix fallocate to use file_modified to update permissions consistently (bsc#1202769).
ext4: fix fast commit may miss tracking range for FALLOC_FL_ZERO_RANGE (bsc#1202757).
ext4: fix fs corruption when tring to remove a non-empty directory with IO error (bsc#1202768).
ext4: fix incorrect type issue during replay_del_range (bsc#1202867).
ext4: fix null-ptr-deref in '__ext4_journal_ensure_credits' (bsc#1202764).
ext4: fix overhead calculation to account for the reserved gdt blocks (bsc#1200869).
ext4: fix race when reusing xattr blocks (bsc#1198971).
ext4: fix super block checksum incorrect after mount (bsc#1202773).
ext4: fix symlink file size not match to file content (bsc#1200868).
ext4: fix use-after-free in ext4_rename_dir_prepare (bsc#1200871).
ext4: fix use-after-free in ext4_search_dir (bsc#1202710).
ext4: fix warning in ext4_handle_inode_extension (bsc#1202711).
ext4: force overhead calculation if the s_overhead_cluster makes no sense (bsc#1200870).
ext4: initialize err_blk before calling __ext4_get_inode_loc (bsc#1202763).
ext4: make sure quota gets properly shutdown on error (bsc#1195480).
ext4: make sure to reset inode lockdep class when quota enabling fails (bsc#1202761).
ext4: mark group as trimmed only if it was fully scanned (bsc#1202770).
ext4: modify the logic of ext4_mb_new_blocks_simple (bsc#1202766).
ext4: prevent used blocks from being allocated during fast commit replay (bsc#1202765).
ext4: recover csum seed of tmp_inode after migrating to extents (bsc#1202713).
ext4: remove EA inode entry from mbcache on inode eviction (bsc#1198971).
ext4: unindent codeblock in ext4_xattr_block_set() (bsc#1198971).
ext4: use ext4_ext_remove_space() for fast commit replay delete range (bsc#1202758).
fat: add ratelimit to fat*_ent_bread() (git-fixes).
fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters (git-fixes).
fbdev: fb_pm2fb: Avoid potential divide by zero error (git-fixes).
fbdev: fbcon: Properly revert changes when vc_resize() failed (git-fies).
filemap: Handle sibling entries in filemap_get_read_batch() (bsc#1202774).
firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails (git-fixes).
firmware: tegra: Fix error check return value of debugfs_create_file() (git-fixes).
firmware: tegra: bpmp: Do only aligned access to IPC memory area (git-fixes).
fix race between exit_itimers() and /proc/pid/timers (git-fixes).
fpga: altera-pr-ip: fix unsigned comparison with less than zero (git-fixes).
fs-writeback: writeback_sb_inodes: Recalculate 'wrote' according skipped pages (bsc#1200873).
ftrace/x86: Add back ftrace_expected assignment (git-fixes).
fuse: ioctl: translate ENOSYS (bsc#1203139).
fuse: limit nsec (bsc#1203138).
gadgetfs: ep_io - wait until IRQ finishes (git-fixes).
geneve: do not use RT_TOS for IPv6 flowlabel (git-fixes).
geneve: fix TOS inheriting for ipv4 (git-fixes).
gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data() (git-fixes).
gpio: pca953x: Add mutex_lock for regcache sync in PM (git-fixes).
habanalabs/gaudi: fix shift out of bounds (git-fixes).
habanalabs/gaudi: mask constant value before cast (git-fixes).
hwmon: (dell-smm) Add Dell XPS 13 7390 to fan control whitelist (git-fixes).
hwmon: (drivetemp) Add module alias (git-fixes).
hwmon: (gpio-fan) Fix array out of bounds access (git-fixes).
hwmon: (sht15) Fix wrong assumptions in device remove callback (git-fixes).
i2c: Fix a potential use after free (git-fixes).
i2c: cadence: Support PEC for SMBus block read (git-fixes).
i2c: imx: Make sure to unregister adapter on remove() (git-fixes).
i2c: mux-gpmux: Add of_node_put() when breaking out of loop (git-fixes).
i2c: mxs: Silence a clang warning (git-fixes).
i2c: npcm: Capitalize the one-line comment (git-fixes).
i2c: npcm: Correct slave role behavior (git-fixes).
i2c: npcm: Remove own slave addresses 2:10 (git-fixes).
ice: fix 'scheduling while atomic' on aux critical err interrupt (git-fixes).
ieee80211: add EHT 1K aggregation definitions (bsc#1202131).
ieee80211: change HE nominal packet padding value defines (bsc#1202131).
ieee802154/adf7242: defer destroy_workqueue call (git-fixes).
iio: accel: bma220: Fix alignment for DMA safety (git-fixes).
iio: accel: bma400: Fix the scale min and max macro values (git-fixes).
iio: accel: bma400: Reordering of header files (git-fixes).
iio: accel: sca3000: Fix alignment for DMA safety (git-fixes).
iio: accel: sca3300: Fix alignment for DMA safety (git-fixes).
iio: ad7292: Prevent regulator double disable (git-fixes).
iio: adc: ad7266: Fix alignment for DMA safety (git-fixes).
iio: adc: ad7292: Fix alignment for DMA safety (git-fixes).
iio: adc: ad7298: Fix alignment for DMA safety (git-fixes).
iio: adc: ad7476: Fix alignment for DMA safety (git-fixes).
iio: adc: ad7766: Fix alignment for DMA safety (git-fixes).
iio: adc: ad7768-1: Fix alignment for DMA safety (git-fixes).
iio: adc: ad7887: Fix alignment for DMA safety (git-fixes).
iio: adc: ad7923: Fix alignment for DMA safety (git-fixes).
iio: adc: hi8435: Fix alignment for DMA safety (git-fixes).
iio: adc: ltc2496: Fix alignment for DMA safety (git-fixes).
iio: adc: ltc2497: Fix alignment for DMA safety (git-fixes).
iio: adc: max1027: Fix alignment for DMA safety (git-fixes).
iio: adc: max11100: Fix alignment for DMA safety (git-fixes).
iio: adc: max1118: Fix alignment for DMA safety (git-fixes).
iio: adc: max1241: Fix alignment for DMA safety (git-fixes).
iio: adc: mcp320x: Fix alignment for DMA safety (git-fixes).
iio: adc: mcp3911: make use of the sign bit (git-fixes).
iio: adc: mcp3911: use correct formula for AD conversion (git-fixes).
iio: adc: ti-adc0832: Fix alignment for DMA safety (git-fixes).
iio: adc: ti-adc084s021: Fix alignment for DMA safety (git-fixes).
iio: adc: ti-adc108s102: Fix alignment for DMA safety (git-fixes).
iio: adc: ti-adc12138: Fix alignment for DMA safety (git-fixes).
iio: adc: ti-adc128s052: Fix alignment for DMA safety (git-fixes).
iio: adc: ti-adc161s626: Fix alignment for DMA safety (git-fixes).
iio: adc: ti-ads124s08: Fix alignment for DMA safety (git-fixes).
iio: adc: ti-ads131e08: Fix alignment for DMA safety (git-fixes).
iio: adc: ti-ads7950: Fix alignment for DMA safety (git-fixes).
iio: adc: ti-ads8344: Fix alignment for DMA safety (git-fixes).
iio: adc: ti-ads8688: Fix alignment for DMA safety (git-fixes).
iio: adc: ti-tlc4541: Fix alignment for DMA safety (git-fixes).
iio: amplifiers: ad8366: Fix alignment for DMA safety (git-fixes).
iio: common: ssp: Fix alignment for DMA safety (git-fixes).
iio: core: Fix IIO_ALIGN and rename as it was not sufficiently large (git-fixes).
iio: dac: ad5064: Fix alignment for DMA safety (git-fixes).
iio: dac: ad5360: Fix alignment for DMA safety (git-fixes).
iio: dac: ad5421: Fix alignment for DMA safety (git-fixes).
iio: dac: ad5449: Fix alignment for DMA safety (git-fixes).
iio: dac: ad5504: Fix alignment for DMA safety (git-fixes).
iio: dac: ad5755: Fix alignment for DMA safety (git-fixes).
iio: dac: ad5761: Fix alignment for DMA safety (git-fixes).
iio: dac: ad5764: Fix alignment for DMA safety (git-fixes).
iio: dac: ad5766: Fix alignment for DMA safety (git-fixes).
iio: dac: ad5770r: Fix alignment for DMA safety (git-fixes).
iio: dac: ad5791: Fix alignment for DMA saftey (git-fixes).
iio: dac: ad7303: Fix alignment for DMA safety (git-fixes).
iio: dac: ad8801: Fix alignment for DMA safety (git-fixes).
iio: dac: mcp4922: Fix alignment for DMA safety (git-fixes).
iio: dac: ti-dac082s085: Fix alignment for DMA safety (git-fixes).
iio: dac: ti-dac5571: Fix alignment for DMA safety (git-fixes).
iio: dac: ti-dac7311: Fix alignment for DMA safety (git-fixes).
iio: dac: ti-dac7612: Fix alignment for DMA safety (git-fixes).
iio: fix iio_format_avail_range() printing for none IIO_VAL_INT (git-fixes).
iio: frequency: ad9523: Fix alignment for DMA safety (git-fixes).
iio: frequency: adf4350: Fix alignment for DMA safety (git-fixes).
iio: frequency: adf4371: Fix alignment for DMA safety (git-fixes).
iio: gyro: adis16080: Fix alignment for DMA safety (git-fixes).
iio: gyro: adis16130: Fix alignment for DMA safety (git-fixes).
iio: gyro: adxrs450: Fix alignment for DMA safety (git-fixes).
iio: gyro: fxas210002c: Fix alignment for DMA safety (git-fixes).
iio: imu: fxos8700: Fix alignment for DMA safety (git-fixes).
iio: light: isl29028: Fix the warning in isl29028_remove() (git-fixes).
iio: potentiometer: ad5272: Fix alignment for DMA safety (git-fixes).
iio: potentiometer: max5481: Fix alignment for DMA safety (git-fixes).
iio: potentiometer: mcp41010: Fix alignment for DMA safety (git-fixes).
iio: potentiometer: mcp4131: Fix alignment for DMA safety (git-fixes).
iio: proximity: as3935: Fix alignment for DMA safety (git-fixes).
iio: resolver: ad2s1200: Fix alignment for DMA safety (git-fixes).
iio: resolver: ad2s90: Fix alignment for DMA safety (git-fixes).
iio: temp: ltc2983: Fix alignment for DMA safety (git-fixes).
iio: temp: maxim_thermocouple: Fix alignment for DMA safety (git-fixes).
inet_diag: fix kernel-infoleak for UDP sockets (git-fixes).
intel_th: Fix a resource leak in an error handling path (git-fixes).
intel_th: msu-sink: Potential dereference of null pointer (git-fixes).
intel_th: msu: Fix vmalloced buffers (git-fixes).
intel_th: pci: Add Meteor Lake-P support (git-fixes).
intel_th: pci: Add Raptor Lake-S CPU support (git-fixes).
intel_th: pci: Add Raptor Lake-S PCH support (git-fixes).
interconnect: imx: fix max_node_id (git-fixes).
io_uring: add a schedule point in io_add_buffers() (git-fixes).
io_uring: terminate manual loop iterator loop correctly for non-vecs (git-fixes).
iommu/amd: Clarify AMD IOMMUv2 initialization messages (git-fixes).
iommu/amd: Enable swiotlb in all cases (git-fixes).
iommu/amd: Fix I/O page table memory leak (git-fixes).
iommu/amd: Recover from event log overflow (git-fixes).
iommu/amd: Simplify and Consolidate Virtual APIC (AVIC) Enablement (git-fixes).
iommu/arm-smmu-v3-sva: Fix mm use-after-free (git-fixes).
iommu/arm-smmu-v3: Fix size calculation in arm_smmu_mm_invalidate_range() (git-fixes).
iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop (git-fixes).
iommu/dart: Add missing module owner to ops structure (git-fixes).
iommu/dart: check return value after calling platform_get_resource() (git-fixes).
iommu/exynos: Handle failed IOMMU device registration properly (git-fixes).
iommu/iova: Improve 32-bit free space estimate (git-fixes).
iommu/ipmmu-vmsa: Check for error num after setting mask (git-fixes).
iommu/mediatek: Add list_del in mtk_iommu_remove (git-fixes).
iommu/mediatek: Add mutex for m4u_group and m4u_dom in data (git-fixes).
iommu/mediatek: Fix 2 HW sharing pgtable issue (git-fixes).
iommu/mediatek: Fix NULL pointer dereference when printing dev_name (git-fixes).
iommu/mediatek: Remove clk_disable in mtk_iommu_remove (git-fixes).
iommu/msm: Fix an incorrect NULL check on list iterator (git-fixes).
iommu/omap: Fix regression in probe for NULL pointer dereference (git-fixes).
iommu/tegra-smmu: Fix missing put_device() call in tegra_smmu_find (git-fixes).
iommu/vt-d: Acquiring lock in domain ID allocation helpers (bsc#1200301).
iommu/vt-d: Calculate mask for non-aligned flushes (git-fixes).
iommu/vt-d: Drop stop marker messages (git-fixes).
iommu/vt-d: Fix PCI bus rescan device hot add (git-fixes).
iommu/vt-d: Fix RID2PASID setup/teardown failure (git-fixes).
iommu/vt-d: Make DMAR_UNITS_SUPPORTED default 1024 (bsc#1200301).
iommu/vt-d: Refactor iommu information of each domain (bsc#1200301).
iommu/vt-d: Remove global g_iommus array (bsc#1200301).
iommu/vt-d: Remove intel_iommu::domains (bsc#1200301).
iommu/vt-d: Remove unnecessary check in intel_iommu_add() (bsc#1200301).
iommu/vt-d: Use IDA interface to manage iommu sequence id (bsc#1200301).
iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) (git-fixes).
iommu: Fix potential use-after-free during probe (git-fixes).
iov_iter: Fix iter_xarray_get_pages{,_alloc}() (git-fixes).
iov_iter: fix build issue due to possible type mis-match (git-fixes).
ipmi: fix initialization when workqueue allocation fails (git-fixes).
irqchip/sifive-plic: Add missing thead,c900-plic match string (git-fixes).
irqchip/tegra: Fix overflow implicit truncation warnings (git-fixes).
iwlwifi/fw: use struct_size over open coded arithmetic (bsc#1202131).
iwlwifi: ACPI: support revision 3 WGDS tables (bsc#1202131).
iwlwifi: Add support for getting rf id with blank otp (bsc#1202131).
iwlwifi: Add support for more BZ HWs (bsc#1202131).
iwlwifi: BZ Family BUS_MASTER_DISABLE_REQ code duplication (bsc#1202131).
iwlwifi: BZ Family SW reset support (bsc#1202131).
iwlwifi: Configure FW debug preset via module param (bsc#1202131).
iwlwifi: Fix FW name for gl (bsc#1202131).
iwlwifi: Fix missing error code in iwl_pci_probe() (bsc#1202131).
iwlwifi: Fix syntax errors in comments (bsc#1202131).
iwlwifi: Make use of the helper macro LIST_HEAD() (bsc#1202131).
iwlwifi: Read the correct addresses when getting the crf id (bsc#1202131).
iwlwifi: Start scratch debug register for Bz family (bsc#1202131).
iwlwifi: acpi: fix wgds rev 3 size (bsc#1202131).
iwlwifi: acpi: move ppag code from mvm to fw/acpi (bsc#1202131).
iwlwifi: add missing entries for Gf4 with So and SoF (bsc#1202131).
iwlwifi: add new Qu-Hr device (bsc#1202131).
iwlwifi: add new ax1650 killer device (bsc#1202131).
iwlwifi: add new device id 7F70 (bsc#1202131).
iwlwifi: add new pci SoF with JF (bsc#1202131).
iwlwifi: add some missing kernel-doc in struct iwl_fw (bsc#1202131).
iwlwifi: add support for BNJ HW (bsc#1202131).
iwlwifi: add support for BZ-U and BZ-L HW (bsc#1202131).
iwlwifi: add support for Bz-Z HW (bsc#1202131).
iwlwifi: add vendor specific capabilities for some RFs (bsc#1202131).
iwlwifi: advertise support for HE - DCM BPSK RX/TX (bsc#1202131).
iwlwifi: allow rate-limited error messages (bsc#1202131).
iwlwifi: api: fix struct iwl_wowlan_status_v7 kernel-doc (bsc#1202131).
iwlwifi: api: remove ttl field from TX command (bsc#1202131).
iwlwifi: api: remove unused RX status bits (bsc#1202131).
iwlwifi: avoid variable shadowing (bsc#1202131).
iwlwifi: avoid void pointer arithmetic (bsc#1202131).
iwlwifi: bump FW API to 67 for AX devices (bsc#1202131).
iwlwifi: bump FW API to 68 for AX devices (bsc#1202131).
iwlwifi: bump FW API to 69 for AX devices (bsc#1202131).
iwlwifi: bump FW API to 70 for AX devices (bsc#1202131).
iwlwifi: bump FW API to 71 for AX devices (bsc#1202131).
iwlwifi: bump FW API to 72 for AX devices (bsc#1202131).
iwlwifi: cfg: add support for 1K BA queue (bsc#1202131).
iwlwifi: dbg-tlv: clean up iwl_dbg_tlv_update_drams() (bsc#1202131).
iwlwifi: dbg: add infra for tracking free buffer size (bsc#1202131).
iwlwifi: dbg: check trigger data before access (bsc#1202131).
iwlwifi: dbg: disable ini debug in 8000 family and below (bsc#1202131).
iwlwifi: dbg: in sync mode do not call schedule (bsc#1202131).
iwlwifi: dbg: treat dbgc allocation failure when tlv is missing (bsc#1202131).
iwlwifi: dbg: treat non active regions as unsupported regions (bsc#1202131).
iwlwifi: dbg_ini: Split memcpy() to avoid multi-field write (bsc#1202131).
iwlwifi: de-const properly where needed (bsc#1202131).
iwlwifi: debugfs: remove useless double condition (bsc#1202131).
iwlwifi: do not dump_stack() when we get an unexpected interrupt (bsc#1202131).
iwlwifi: do not use __unused as variable name (bsc#1202131).
iwlwifi: drv: load tlv debug data earlier (bsc#1202131).
iwlwifi: dump CSR scratch from outer function (bsc#1202131).
iwlwifi: dump RCM error tables (bsc#1202131).
iwlwifi: dump both TCM error tables if present (bsc#1202131).
iwlwifi: dump host monitor data when NIC does not init (bsc#1202131).
iwlwifi: dvm: use struct_size over open coded arithmetic (bsc#1202131).
iwlwifi: eeprom: clean up macros (bsc#1202131).
iwlwifi: fix LED dependencies (bsc#1202131).
iwlwifi: fix debug TLV parsing (bsc#1202131).
iwlwifi: fix fw/img.c license statement (bsc#1202131).
iwlwifi: fix iwl_legacy_rate_to_fw_idx (bsc#1202131).
iwlwifi: fix small doc mistake for iwl_fw_ini_addr_val (bsc#1202131).
iwlwifi: fix various more -Wcast-qual warnings (bsc#1202131).
iwlwifi: fw dump: add infrastructure for dump scrubbing (bsc#1202131).
iwlwifi: fw: add support for splitting region type bits (bsc#1202131).
iwlwifi: fw: api: add link to PHY context command struct v1 (bsc#1202131).
iwlwifi: fw: correctly detect HW-SMEM region subtype (bsc#1202131).
iwlwifi: fw: fix some scan kernel-doc (bsc#1202131).
iwlwifi: fw: init SAR GEO table only if data is present (bsc#1202131).
iwlwifi: fw: make dump_start callback void (bsc#1202131).
iwlwifi: fw: remove dead error log code (bsc#1202131).
iwlwifi: implement reset flow for Bz devices (bsc#1202131).
iwlwifi: iwl-eeprom-parse: mostly dvm only (bsc#1202131).
iwlwifi: make iwl_fw_lookup_cmd_ver() take a cmd_id (bsc#1202131).
iwlwifi: make iwl_txq_dyn_alloc_dma() return the txq (bsc#1202131).
iwlwifi: make some functions friendly to sparse (bsc#1202131).
iwlwifi: move symbols into a separate namespace (bsc#1202131).
iwlwifi: mvm/api: define system control command (bsc#1202131).
iwlwifi: mvm: Add RTS and CTS flags to iwl_tx_cmd_flags (bsc#1202131).
iwlwifi: mvm: Add list of OEMs allowed to use TAS (bsc#1202131).
iwlwifi: mvm: Add support for a new version of scan request command (bsc#1202131).
iwlwifi: mvm: Add support for new rate_n_flags in tx_cmd (bsc#1202131).
iwlwifi: mvm: Consider P2P GO operation during scan (bsc#1202131).
iwlwifi: mvm: Disable WiFi bands selectively with BIOS (bsc#1202131).
iwlwifi: mvm: Do not fail if PPAG isn't supported (bsc#1202131).
iwlwifi: mvm: Fix wrong documentation for scan request command (bsc#1202131).
iwlwifi: mvm: Passively scan non PSC channels only when requested so (bsc#1202131).
iwlwifi: mvm: Read acpi dsm to get channel activation bitmap (bsc#1202131).
iwlwifi: mvm: Remove antenna c references (bsc#1202131).
iwlwifi: mvm: Support new TX_RSP and COMPRESSED_BA_RES versions (bsc#1202131).
iwlwifi: mvm: Support new rate_n_flags for REPLY_RX_MPDU_CMD and RX_NO_DATA_NOTIF (bsc#1202131).
iwlwifi: mvm: Support new version of BEACON_TEMPLATE_CMD (bsc#1202131).
iwlwifi: mvm: Support new version of ranging response notification (bsc#1202131).
iwlwifi: mvm: Support version 3 of tlc_update_notif (bsc#1202131).
iwlwifi: mvm: Unify the scan iteration functions (bsc#1202131).
iwlwifi: mvm: Use all Rx chains for roaming scan (bsc#1202131).
iwlwifi: mvm: add US/CA to TAS block list if OEM isn't allowed (bsc#1202131).
iwlwifi: mvm: add a flag to reduce power command (bsc#1202131).
iwlwifi: mvm: add additional info for boot info failures (bsc#1202131).
iwlwifi: mvm: add additional info for boot info failures (bsc#1202131).
iwlwifi: mvm: add dbg_time_point to debugfs (bsc#1202131).
iwlwifi: mvm: add definitions for new rate & flags (bsc#1202131).
iwlwifi: mvm: add lmac/umac PC info in case of error (bsc#1202131).
iwlwifi: mvm: add missing min_size to kernel-doc (bsc#1202131).
iwlwifi: mvm: add some missing command strings (bsc#1202131).
iwlwifi: mvm: add support for 160Mhz in ranging measurements (bsc#1202131).
iwlwifi: mvm: add support for CT-KILL notification version 2 (bsc#1202131).
iwlwifi: mvm: add support for IMR based on platform (bsc#1202131).
iwlwifi: mvm: add support for OCE scan (bsc#1202131).
iwlwifi: mvm: add support for PHY context command v4 (bsc#1202131).
iwlwifi: mvm: add support for statistics update version 15 (bsc#1202131).
iwlwifi: mvm: allow enabling UHB TAS in the USA via ACPI setting (bsc#1202131).
iwlwifi: mvm: always remove the session protection after association (bsc#1202131).
iwlwifi: mvm: always store the PPAG table as the latest version (bsc#1202131).
iwlwifi: mvm: always use 4K RB size by default (bsc#1202131).
iwlwifi: mvm: change old-SN drop threshold (bsc#1202131).
iwlwifi: mvm: clean up indenting in iwl_mvm_tlc_update_notif() (bsc#1202131).
iwlwifi: mvm: convert old rate & flags to the new format (bsc#1202131).
iwlwifi: mvm: correct sta-state logic for TDLS (bsc#1202131).
iwlwifi: mvm: correctly set channel flags (bsc#1202131).
iwlwifi: mvm: correctly set schedule scan profiles (bsc#1202131).
iwlwifi: mvm: d3: move GTK rekeys condition (bsc#1202131).
iwlwifi: mvm: d3: support v12 wowlan status (bsc#1202131).
iwlwifi: mvm: d3: use internal data representation (bsc#1202131).
iwlwifi: mvm: demote non-compliant kernel-doc header (bsc#1202131).
iwlwifi: mvm: do not get address of mvm->fwrt just to dereference as a pointer (bsc#1202131).
iwlwifi: mvm: do not send BAID removal to the FW during hw_restart (bsc#1202131).
iwlwifi: mvm: do not trust hardware queue number (bsc#1202131).
iwlwifi: mvm: drop too short packets silently (bsc#1202131).
iwlwifi: mvm: extend session protection on association (bsc#1202131).
iwlwifi: mvm: fix WGDS table print in iwl_mvm_chub_update_mcc() (bsc#1202131).
iwlwifi: mvm: fix a stray tab (bsc#1202131).
iwlwifi: mvm: fix condition which checks the version of rate_n_flags (bsc#1202131).
iwlwifi: mvm: fix delBA vs. NSSN queue sync race (bsc#1202131).
iwlwifi: mvm: fix ieee80211_get_he_iftype_cap() iftype (bsc#1202131).
iwlwifi: mvm: fix off by one in iwl_mvm_stat_iterator_all_macs() (bsc#1202131).
iwlwifi: mvm: fw: clean up hcmd struct creation (bsc#1202131).
iwlwifi: mvm: handle RX checksum on Bz devices (bsc#1202131).
iwlwifi: mvm: improve log when processing CSA (bsc#1202131).
iwlwifi: mvm: isolate offload assist (checksum) calculation (bsc#1202131).
iwlwifi: mvm: make iwl_mvm_reconfig_scd() static (bsc#1202131).
iwlwifi: mvm: offload channel switch timing to FW (bsc#1202131).
iwlwifi: mvm: only enable HE DCM if we also support TX (bsc#1202131).
iwlwifi: mvm: optionally suppress assert log (bsc#1202131).
iwlwifi: mvm: parse firmware alive message version 6 (bsc#1202131).
iwlwifi: mvm: read 6E enablement flags from DSM and pass to FW (bsc#1202131).
iwlwifi: mvm: reduce WARN_ON() in TX status path (bsc#1202131).
iwlwifi: mvm: refactor iwl_mvm_sta_rx_agg() (bsc#1202131).
iwlwifi: mvm: refactor setting PPE thresholds in STA_HE_CTXT_CMD (bsc#1202131).
iwlwifi: mvm: remove card state notification code (bsc#1202131).
iwlwifi: mvm: remove cipher scheme support (bsc#1202131).
iwlwifi: mvm: remove csi from iwl_mvm_pass_packet_to_mac80211() (bsc#1202131).
iwlwifi: mvm: remove iwl_mvm_disable_txq() flags argument (bsc#1202131).
iwlwifi: mvm: remove session protection after auth/assoc (bsc#1202131).
iwlwifi: mvm: remove session protection on disassoc (bsc#1202131).
iwlwifi: mvm: remove session protection upon station removal (bsc#1202131).
iwlwifi: mvm: rfi: handle deactivation notification (bsc#1202131).
iwlwifi: mvm: rfi: update rfi table (bsc#1202131).
iwlwifi: mvm: rfi: use kmemdup() to replace kzalloc + memcpy (bsc#1202131).
iwlwifi: mvm: scrub key material in firmware dumps (bsc#1202131).
iwlwifi: mvm: set BT-coex high priority for 802.1X/4-way-HS (bsc#1202131).
iwlwifi: mvm: set inactivity timeouts also for PS-poll (bsc#1202131).
iwlwifi: mvm: starting from 22000 we have 32 Rx AMPDU sessions (bsc#1202131).
iwlwifi: mvm: support Bz TX checksum offload (bsc#1202131).
iwlwifi: mvm: support RLC configuration command (bsc#1202131).
iwlwifi: mvm: support new BAID allocation command (bsc#1202131).
iwlwifi: mvm: support revision 1 of WTAS table (bsc#1202131).
iwlwifi: mvm: support v3 of station HE context command (bsc#1202131).
iwlwifi: mvm: update BAID allocation command again (bsc#1202131).
iwlwifi: mvm: update RFI TLV (bsc#1202131).
iwlwifi: mvm: update definitions due to new rate & flags (bsc#1202131).
iwlwifi: mvm: update rate scale in moving back to assoc state (bsc#1202131).
iwlwifi: mvm: use a define for checksum flags mask (bsc#1202131).
iwlwifi: mvm: use debug print instead of WARN_ON() (bsc#1202131).
iwlwifi: nvm: Correct HE capability (bsc#1202131).
iwlwifi: parse debug exclude data from firmware file (bsc#1202131).
iwlwifi: parse error tables from debug TLVs (bsc#1202131).
iwlwifi: pcie: Adapt rx queue write pointer for Bz family (bsc#1202131).
iwlwifi: pcie: add jacket bit to device configuration parsing (bsc#1202131).
iwlwifi: pcie: add support for MS devices (bsc#1202131).
iwlwifi: pcie: adjust to Bz completion descriptor (bsc#1202131).
iwlwifi: pcie: fix SW error MSI-X mapping (bsc#1202131).
iwlwifi: pcie: fix constant-conversion warning (bsc#1202131).
iwlwifi: pcie: fix killer name matching for AX200 (bsc#1202131).
iwlwifi: pcie: iwlwifi: fix device id 7F70 struct (bsc#1202131).
iwlwifi: pcie: make sure iwl_rx_packet_payload_len() will not underflow (bsc#1202131).
iwlwifi: pcie: refactor dev_info lookup (bsc#1202131).
iwlwifi: pcie: remove duplicate entry (bsc#1202131).
iwlwifi: pcie: remove two duplicate PNJ device entries (bsc#1202131).
iwlwifi: pcie: retake ownership after reset (bsc#1202131).
iwlwifi: pcie: simplify iwl_pci_find_dev_info() (bsc#1202131).
iwlwifi: pcie: support Bz suspend/resume trigger (bsc#1202131).
iwlwifi: pcie: try to grab NIC access early (bsc#1202131).
iwlwifi: pcie: update sw error interrupt for BZ family (bsc#1202131).
iwlwifi: pnvm: print out the version properly (bsc#1202131).
iwlwifi: prefer WIDE_ID() over iwl_cmd_id() (bsc#1202131).
iwlwifi: propagate (const) type qualifier (bsc#1202131).
iwlwifi: recognize missing PNVM data and then log filename (bsc#1202131).
iwlwifi: remove MODULE_AUTHOR() statements (bsc#1202131).
iwlwifi: remove command ID argument from queue allocation (bsc#1202131).
iwlwifi: remove contact information (bsc#1202131).
iwlwifi: remove deprecated broadcast filtering feature (bsc#1202131).
iwlwifi: remove redundant iwl_finish_nic_init() argument (bsc#1202131).
iwlwifi: remove unused DC2DC_CONFIG_CMD definitions (bsc#1202131).
iwlwifi: remove unused iwlax210_2ax_cfg_so_hr_a0 structure (bsc#1202131).
iwlwifi: remove unused macros (bsc#1202131).
iwlwifi: rename CHANNEL_SWITCH_NOA_NOTIF to CHANNEL_SWITCH_START_NOTIF (bsc#1202131).
iwlwifi: rename GEO_TX_POWER_LIMIT to PER_CHAIN_LIMIT_OFFSET_CMD (bsc#1202131).
iwlwifi: rs: add support for TLC config command ver 4 (bsc#1202131).
iwlwifi: scan: Modify return value of a function (bsc#1202131).
iwlwifi: support 4-bits in MAC step value (bsc#1202131).
iwlwifi: support SAR GEO Offset Mapping override via BIOS (bsc#1202131).
iwlwifi: support new queue allocation command (bsc#1202131).
iwlwifi: swap 1650i and 1650s killer struct names (bsc#1202131).
iwlwifi: tlc: Add logs in rs_fw_rate_init func to print TLC configuration (bsc#1202131).
iwlwifi: use 4k queue size for Bz A-step (bsc#1202131).
iwlwifi: yoyo: Avoid using dram data if allocation failed (bsc#1202131).
iwlwifi: yoyo: add IMR DRAM dump support (bsc#1202131).
iwlwifi: yoyo: disable IMR DRAM region if IMR is disabled (bsc#1202131).
iwlwifi: yoyo: dump IMR DRAM only for HW and FW error (bsc#1202131).
iwlwifi: yoyo: fix DBGC allocation flow (bsc#1202131).
iwlwifi: yoyo: fix DBGI_SRAM ini dump header (bsc#1202131).
iwlwifi: yoyo: fix issue with new DBGI_SRAM region read (bsc#1202131).
iwlwifi: yoyo: fw debug config from context info and preset (bsc#1202131).
iwlwifi: yoyo: send hcmd to fw after dump collection completes (bsc#1202131).
iwlwifi: yoyo: support TLV-based firmware reset (bsc#1202131).
iwlwifi: yoyo: support dump policy for the dump size (bsc#1202131).
iwlwifi: yoyo: support for DBGC4 for dram (bsc#1202131).
iwlwifi: yoyo: support for ROM usniffer (bsc#1202131).
jbd2: export jbd2_journal_[grab|put]_journal_head (bsc#1202775).
jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted (bsc#1202716).
jbd2: fix outstanding credits assert in jbd2_journal_commit_transaction() (bsc#1202715).
kABI: scsi: libiscsi: fix removal of iscsi_create_conn (bsc#1198410).
kabi/severities: Exclude ppc kvm
kabi/severities: add Qlogic qed symbols
kabi/severities: add drivers/scsi/hisi_sas for bsc#1202471
kabi/severities: add hisilicon hns3 symbols
kabi/severities: add microchip dsa drivers
kabi/severities: ignore kABI changes in mwifiex drivers Those symbols are used only locally in mwifiex (sub-)modules.
kabi/severities: octeontx2 driver (jsc#SLE-24682)
kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (git-fixes).
kbuild: fix the modules order between drivers and libs (git-fixes).
kbuild: link vmlinux only once for CONFIG_TRIM_UNUSED_KSYMS (2nd attempt) (git-fixes).
kcm: fix strp_init() order and cleanup (git-fies).
kernel-binary: move @NOSOURCE@ to @SOURCES@ as in other packages
kfifo: fix kfifo_to_user() return type (git-fixes).
kselftest/cgroup: fix test_stress.sh to use OUTPUT dir (git-fixes).
kselftest/vm: fix tests build with old libc (git-fixes).
kselftest: Fix vdso_test_abi return status (git-fixes).
kselftest: signal all child processes (git-fixes).
kvm: selftests: do not use bitfields larger than 32-bits for PTEs (git-fixes).
l3mdev: l3mdev_master_upper_ifindex_by_index_rcu should be using netdev_master_upper_dev_get_rcu (git-fixes).
landlock: Add clang-format exceptions (git-fixes).
landlock: Change landlock_add_rule(2) argument check ordering (git-fixes).
landlock: Change landlock_restrict_self(2) check ordering (git-fixes).
landlock: Create find_rule() from unmask_layers() (git-fixes).
landlock: Define access_mask_t to enforce a consistent access mask size (git-fixes).
landlock: Fix landlock_add_rule(2) documentation (git-fixes).
landlock: Fix same-layer rule unions (git-fixes).
landlock: Format with clang-format (git-fixes).
landlock: Reduce the maximum number of layers to 16 (git-fixes).
landlock: Use square brackets around 'landlock-ruleset' (git-fixes).
lib/list_debug.c: Detect uninitialized lists (git-fixes).
lib/raid6/test: fix multiple definition linking error (git-fixes).
lib/smp_processor_id: fix imbalanced instrumentation_end() call (git-fixes).
lkdtm: Disable return thunks in rodata.c (bsc#1190497).
lockdep: Correct lock_classes index mapping (git-fixes).
locking/lockdep: Avoid potential access of invalid memory in lock_class (git-fixes).
locking/lockdep: Fix lockdep_init_map_*() confusion (git-fixes).
locking/lockdep: Iterate lock_classes directly when reading lockdep files (git-fixes).
loop: Check for overflow while configuring loop (git-fies).
loop: Use pr_warn_once() for loop_control_remove() warning (git-fixes).
loop: use sysfs_emit() in the sysfs xxx show() (git-fixes).
mac80211: fix a memory leak where sta_info is not freed (git-fixes).
mac80211: introduce channel switch disconnect function (bsc#1202131).
macsec: always read MACSEC_SA_ATTR_PN as a u64 (git-fixes).
macsec: fix NULL deref in macsec_add_rxsa (git-fixes).
macsec: fix error message in macsec_add_rxsa and _txsa (git-fixes).
macsec: limit replay window size with XPN (git-fixes).
marvell: octeontx2: build error: unknown type name 'u64' (jsc#SLE-24682).
mbcache: add functions to delete entry if unused (bsc#1198971).
mbcache: do not reclaim used entries (bsc#1198971).
md/bitmap: do not set sb values if can't pass sanity check (bsc#1197158).
md/raid0: Ignore RAID0 layout if the second zone has only one device (git-fixes).
md/raid1: fix missing bitmap update w/o WriteMostly devices (bsc#1203036).
media: [PATCH] pci: atomisp_cmd: fix three missing checks on list iterator (git-fixes).
media: atmel: atmel-sama7g5-isc: fix warning in configs without OF (git-fixes).
media: cedrus: h265: Fix flag name (git-fixes).
media: cedrus: hevc: Add check for invalid timestamp (git-fixes).
media: driver/nxp/imx-jpeg: fix a unexpected return value problem (git-fixes).
media: hantro: postproc: Fix motion vector space size (git-fixes).
media: hdpvr: fix error value returns in hdpvr_read (git-fixes).
media: hevc: Embedded indexes in RPS (git-fixes).
media: imx-jpeg: Add pm-runtime support for imx-jpeg (git-fixes).
media: imx-jpeg: use NV12M to represent non contiguous NV12 (git-fixes).
media: pvrusb2: fix memory leak in pvr_probe (git-fixes).
media: tw686x: Fix memory leak in tw686x_video_init (git-fixes).
media: tw686x: Register the irq at the end of probe (git-fixes).
media: v4l2-mem2mem: prevent pollerr when last_buffer_dequeued is set (git-fixes).
mediatek: mt76: eeprom: fix missing of_node_put() in mt76_find_power_limits_node() (git-fixes).
mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init() (git-fixes).
memstick/ms_block: Fix a memory leak (git-fixes).
memstick/ms_block: Fix some incorrect memory allocation (git-fixes).
meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init (git-fixes).
mfd: max77620: Fix refcount leak in max77620_initialise_fps (git-fixes).
mfd: t7l66xb: Drop platform disable callback (git-fixes).
minix: fix bug when opening a file with O_DIRECT (git-fixes).
misc: fastrpc: fix memory corruption on open (git-fixes).
misc: fastrpc: fix memory corruption on probe (git-fixes).
misc: rtsx: Fix an error handling path in rtsx_pci_probe() (git-fixes).
mkspec: eliminate @NOSOURCE@ macro This should be alsways used with @SOURCES@, just include the content there.
mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse (git-fixes).
mm: bdi: initialize bdi_min_ratio when bdi is unregistered (bsc#1197763).
mm: memcontrol: fix potential oom_lock recursion deadlock (bsc#1202447).
mm: pagewalk: Fix race between unmap and page walker (git-fixes, bsc#1203159).
mmc: block: Add single read for 4k sector cards (git-fixes).
mmc: cavium-octeon: Add of_node_put() when breaking out of loop (git-fixes).
mmc: cavium-thunderx: Add of_node_put() when breaking out of loop (git-fixes).
mmc: core: Fix UHS-I SD 1.8V workaround branch (git-fixes).
mmc: meson-gx: Fix an error handling path in meson_mmc_probe() (git-fixes).
mmc: mxcmmc: Silence a clang warning (git-fixes).
mmc: pxamci: Fix an error handling path in pxamci_probe() (git-fixes).
mmc: pxamci: Fix another error handling path in pxamci_probe() (git-fixes).
mmc: renesas_sdhi: Get the reset handle early in the probe (git-fixes).
mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R (git-fixes).
mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch (git-fixes).
mmc: tmio: avoid glitches when resetting (git-fixes).
msft-hv-2570-hv_netvsc: Add support for XDP_REDIRECT (bsc#1199364).
mt76: mt7615: do not update pm stats in case of error (git-fixes).
mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg (git-fixes).
mt76: mt7921: enlarge maximum VHT MPDU length to 11454 (git-fixes).
mt76: mt7921: fix aggregation subframes setting to HE max (git-fixes).
mtd: dataflash: Add SPI ID table (git-fixes).
mtd: maps: Fix refcount leak in ap_flash_init (git-fixes).
mtd: maps: Fix refcount leak in of_flash_probe_versatile (git-fixes).
mtd: parsers: ofpart: Fix refcount leak in bcm4908_partitions_fw_offset (git-fixes).
mtd: partitions: Fix refcount leak in parse_redboot_of (git-fixes).
mtd: rawnand: arasan: Fix clock rate in NV-DDR (git-fixes).
mtd: rawnand: arasan: Update NAND bus clock instead of system clock (git-fixes).
mtd: rawnand: gpmi: Set WAIT_FOR_READY timeout based on program/erase times (git-fixes).
mtd: rawnand: gpmi: validate controller clock rate (git-fixes).
mtd: rawnand: meson: Fix a potential double free issue (git-fixes).
mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release (git-fixes).
mtd: spi-nor: fix spi_nor_spimem_setup_op() call in spi_nor_erase_{sector,chip}() (git-fixes).
mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path (git-fixes).
musb: fix USB_MUSB_TUSB6010 dependency (git-fixes).
mwifiex: Ignore BTCOEX events from the 88W8897 firmware (git-fixes).
n_gsm: remove unused parameters from gsm_error() (git-fixes).
net: asix: fix 'can't send until first packet is send' issue (git-fixes).
net: bcmgenet: Use stronger register read/writes to assure ordering (git-fixes).
net: dsa: b53: Add SPI ID table (git-fixes).
net: dsa: felix: Fix memory leak in felix_setup_mmio_filtering (git-fixes).
net: dsa: felix: purge skb from TX timestamping queue if it cannot be sent (git-fies).
net: dsa: hellcreek: Add STP forwarding rule (git-fixes).
net: dsa: hellcreek: Add missing PTP via UDP rules (git-fixes).
net: dsa: hellcreek: Allow PTP P2P measurements on blocked ports (git-fixes).
net: dsa: hellcreek: Fix insertion of static FDB entries (git-fixes).
net: dsa: microchip: implement multi-bridge support (git-fixes).
net: dsa: mv88e6xxx: Add fix for erratum 5.2 of 88E6393X family (git-fixes).
net: dsa: mv88e6xxx: Drop unnecessary check in mv88e6393x_serdes_erratum_4_6() (git-fixes).
net: dsa: mv88e6xxx: Enable port policy support on 6097 (git-fixes).
net: dsa: mv88e6xxx: Fix application of erratum 4.8 for 88E6393X (git-fixes).
net: dsa: mv88e6xxx: Fix inband AN for 2500base-x on 88E6393X family (git-fixes).
net: dsa: mv88e6xxx: Link in pcs_get_state() if AN is bypassed (git-fixes).
net: dsa: mv88e6xxx: Save power by disabling SerDes trasmitter and receiver (git-fixes).
net: dsa: mv88e6xxx: Unforce speed & duplex in mac_link_down() (git-fixes).
net: dsa: mv88e6xxx: allow use of PHYs on CPU and DSA ports (git-fixes).
net: dsa: mv88e6xxx: error handling for serdes_power functions (git-fixes).
net: dsa: mv88e6xxx: fix 'do not use PHY_DETECT on internal PHY's' (git-fixes).
net: dsa: ocelot: seville: utilize of_mdiobus_register (git-fixes).
net: dsa: qca8k: fix MTU calculation (git-fixes).
net: dsa: seville: register the mdiobus under devres (git-fixes).
net: dsa: tag_ocelot_8021q: break circular dependency with ocelot switch lib (git-fies).
net: enetc: report software timestamping via SO_TIMESTAMPING (git-fixes).
net: hns3: clean residual vf config after disable sriov (git-fixes).
net: macsec: fix potential resource leak in macsec_add_rxsa() and macsec_add_txsa() (git-fixes).
net: marvell: prestera: fix incorrect structure access (git-fixes).
net: mscc: ocelot: correctly report the timestamping RX filters in ethtool (git-fixes).
net: mscc: ocelot: create a function that replaces an existing VCAP filter (git-fixes).
net: mscc: ocelot: do not dereference NULL pointers with shared tc filters (git-fixes).
net: mscc: ocelot: do not downgrade timestamping RX filters in SIOCSHWTSTAMP (git-fixes).
net: mscc: ocelot: fix incorrect balancing with down LAG ports (git-fixes).
net: mscc: ocelot: set up traps for PTP packets (git-fixes).
net: openvswitch: do not send internal clone attribute to the userspace (git-fixes).
net: openvswitch: fix leak of nested actions (git-fixes).
net: openvswitch: fix misuse of the cached connection on tuple changes (git-fixes).
net: openvswitch: fix parsing of nw_proto for IPv6 fragments (git-fixes).
net: phy: Do not WARN for PHY_READY state in mdio_bus_phy_resume() (git-fixes).
net: phy: Warn about incorrect mdio_bus_phy_resume() state (git-fixes).
net: phy: smsc: Disable Energy Detect Power-Down in interrupt mode (git-fixes).
net: ptp: add a definition for the UDP port for IEEE 1588 general messages (git-fixes).
net: rose: fix netdev reference changes (git-fixes).
net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale pointer (git-fixes).
net: stmmac: clean up impossible condition (git-fixes).
net: stmmac: disable Split Header (SPH) for Intel platforms (bsc#1194904).
net: stmmac: dwc-qos: Disable split header for Tegra194 (bsc#1194904).
net: stmmac: fix off-by-one error in sanity check (git-fixes).
net: usb: Correct PHY handling of smsc95xx (git-fixes).
net: usb: Correct reset handling of smsc95xx (git-fixes).
net: usb: ax88179_178a needs FLAG_SEND_ZLP (git-fixes).
net: usb: ax88179_178a: add Allied Telesis AT-UMCs (git-fixes).
net: usb: make USB_RTL8153_ECM non user configurable (git-fixes).
net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() (bsc#1200431).
net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() (bsc#1200431).
net: vmxnet3: remove multiple false checks in vmxnet3_ethtool.c (bsc#1200431).
net:enetc: allocate CBD ring data memory using DMA coherent methods (git-fixes).
net_sched: cls_route: disallow handle of 0 (bsc#1202393).
nfc: pn533: Fix use-after-free bugs caused by pn532_cmd_timeout (git-fixes).
nfsd: fix use-after-free due to delegation race (git-fixes).
nilfs2: fix incorrect masking of permission flags for symlinks (git-fixes).
nilfs2: fix lockdep warnings during disk space reclamation (git-fixes).
nilfs2: fix lockdep warnings in page operations for btree nodes (git-fixes).
nohz/full, sched/rt: Fix missed tick-reenabling bug in dequeue_task_rt() (bnc#1189999 (Scheduler functional and performance backports)).
nouveau/svm: Fix to migrate all requested pages (git-fixes).
nouveau: explicitly wait on the fence in nouveau_bo_move_m2mf (git-fies).
ntb_hw_amd: Add NTB PCI ID for new gen CPU (bsc#1202113).
nvme-auth: align to pre-upstream FFDHE implementation (bsc#1202265).
nvme-auth: retry command if DNR bit is not set (bsc#1201675).
nvme-fabrics: parse nvme connect Linux error codes (bsc#1201865).
nvme-rdma: Handle number of queue changes (bsc#1201865).
nvme-tcp: Handle number of queue changes (bsc#1201865).
nvme-tcp: fix UAF when detecting digest errors (bsc#1200313 bsc#1201489).
nvme: consider also host_iface when checking ip options (bsc#1199670).
nvme: fix RCU hole that allowed for endless looping in multipath round robin (bsc#1202636).
nvme: implement In-Band authentication (jsc#SLE-20183).
nvme: kabi fixes for in-band authentication (bsc#1199086).
nvmet-auth: expire authentication sessions (jsc#SLE-20183).
nvmet: Expose max queues to configfs (bsc#1201865).
nvmet: implement basic In-Band Authentication (jsc#SLE-20183).
ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock (bsc#1202778).
ocfs2: fix a deadlock when commit trans (bsc#1202776).
octeontx2-af: Add KPU changes to parse NGIO as separate layer (jsc#SLE-24682).
octeontx2-af: Add PTP device id for CN10K and 95O silcons (jsc#SLE-24682).
octeontx2-af: Add SDP interface support (jsc#SLE-24682).
octeontx2-af: Add debug messages for failures (jsc#SLE-24682).
octeontx2-af: Add external ptp input clock (jsc#SLE-24682).
octeontx2-af: Add free rsrc count mbox msg (jsc#SLE-24682).
octeontx2-af: Add mbox to retrieve bandwidth profile free count (jsc#SLE-24682).
octeontx2-af: Add support to flush full CPT CTX cache (jsc#SLE-24682).
octeontx2-af: Adjust LA pointer for cpt parse header (jsc#SLE-24682).
octeontx2-af: Allocate low priority entries for PF (jsc#SLE-24682).
octeontx2-af: Allow to configure flow tag LSB byte as RSS adder (jsc#SLE-24682).
octeontx2-af: Change the order of queue work and interrupt disable (jsc#SLE-24682).
octeontx2-af: Do not enable Pause frames by default (jsc#SLE-24682).
octeontx2-af: Enable CPT HW interrupts (jsc#SLE-24682).
octeontx2-af: Enhance mailbox trace entry (jsc#SLE-24682).
octeontx2-af: Fix LBK backpressure id count (jsc#SLE-24682).
octeontx2-af: Fix inconsistent license text (jsc#SLE-24682).
octeontx2-af: Fix interrupt name strings (jsc#SLE-24682).
octeontx2-af: Fix spelling mistake 'Makesure' -> 'Make sure' (jsc#SLE-24682).
octeontx2-af: Fix uninitialized variable val (jsc#SLE-24682).
octeontx2-af: Flow control resource management (jsc#SLE-24682).
octeontx2-af: Handle return value in block reset (jsc#SLE-24682).
octeontx2-af: Hardware configuration for inline IPsec (jsc#SLE-24682).
octeontx2-af: Increase link credit restore polling timeout (jsc#SLE-24682).
octeontx2-af: Increase number of reserved entries in KPU (jsc#SLE-24682).
octeontx2-af: Increment ptp refcount before use (jsc#SLE-24682).
octeontx2-af: Limit KPU parsing for GTPU packets (jsc#SLE-24682).
octeontx2-af: Modify install flow error codes (jsc#SLE-24682).
octeontx2-af: Optimize KPU1 processing for variable-length headers (jsc#SLE-24682).
octeontx2-af: Perform cpt lf teardown in non FLR path (jsc#SLE-24682).
octeontx2-af: Priority flow control configuration support (jsc#SLE-24682).
octeontx2-af: Remove channel verification while installing MCAM rules (jsc#SLE-24682).
octeontx2-af: Remove redundant initialization of variable blkaddr (jsc#SLE-24682).
octeontx2-af: Remove redundant initialization of variable pin (jsc#SLE-24682).
octeontx2-af: Reset PTP config in FLR handler (jsc#SLE-24682).
octeontx2-af: Retry until RVU block reset complete (jsc#SLE-24682).
octeontx2-af: Use DMA_ATTR_FORCE_CONTIGUOUS attribute in DMA alloc (jsc#SLE-24682).
octeontx2-af: Use NDC TX for transmit packet data (jsc#SLE-24682).
octeontx2-af: Use ptp input clock info from firmware data (jsc#SLE-24682).
octeontx2-af: Wait for TX link idle for credits change (jsc#SLE-24682).
octeontx2-af: add proper return codes for AF mailbox handlers (jsc#SLE-24682).
octeontx2-af: cn10K: Get NPC counters value (jsc#SLE-24682).
octeontx2-af: cn10K: support for sched lmtst and other features (jsc#SLE-24682).
octeontx2-af: cn10k: DWRR MTU configuration (jsc#SLE-24682).
octeontx2-af: cn10k: RPM hardware timestamp configuration (jsc#SLE-24682).
octeontx2-af: cn10k: Set cache lines for NPA batch alloc (jsc#SLE-24682).
octeontx2-af: cn10k: Use appropriate register for LMAC enable (jsc#SLE-24682).
octeontx2-af: cn10k: add workaround for ptp errata (jsc#SLE-24682).
octeontx2-af: cn10k: debugfs for dumping LMTST map table (jsc#SLE-24682).
octeontx2-af: configure npc for cn10k to allow packets from cpt (jsc#SLE-24682).
octeontx2-af: debugfs: Add channel and channel mask (jsc#SLE-24682).
octeontx2-af: debugfs: Minor changes (jsc#SLE-24682).
octeontx2-af: debugfs: do not corrupt user memory (jsc#SLE-24682).
octeontx2-af: debugfs: fix error return of allocations (jsc#SLE-24682).
octeontx2-af: enable tx shaping feature for 96xx C0 (jsc#SLE-24682).
octeontx2-af: fix array bound error (jsc#SLE-24682).
octeontx2-af: fix error code in is_valid_offset() (jsc#SLE-24682).
octeontx2-af: initialize action variable (jsc#SLE-24682).
octeontx2-af: nix and lbk in loop mode in 98xx (jsc#SLE-24682).
octeontx2-af: remove redudant second error check on variable err (jsc#SLE-24682).
octeontx2-af: use swap() to make code cleaner (jsc#SLE-24682).
octeontx2-af: verify CQ context updates (jsc#SLE-24682).
octeontx2-nic: fix mixed module build (jsc#SLE-24682).
octeontx2-nicvf: Add PTP hardware clock support to NIX VF (jsc#SLE-24682).
octeontx2-nicvf: Free VF PTP resources (jsc#SLE-24682).
octeontx2-pf: Add TC feature for VFs (jsc#SLE-24682).
octeontx2-pf: Add XDP support to netdev PF (jsc#SLE-24682).
octeontx2-pf: Add check for non zero mcam flows (jsc#SLE-24682).
octeontx2-pf: Add support for adaptive interrupt coalescing (jsc#SLE-24682).
octeontx2-pf: Add vlan-etype to ntuple filters (jsc#SLE-24682).
octeontx2-pf: Allow VLAN priority also in ntuple filters (jsc#SLE-24682).
octeontx2-pf: CN10K: Hide RPM stats over ethtool (jsc#SLE-24682).
octeontx2-pf: Do not mask out supported link modes (jsc#SLE-24682).
octeontx2-pf: Enable NETIF_F_RXALL support for VF driver (jsc#SLE-24682).
octeontx2-pf: Fix inconsistent license text (jsc#SLE-24682).
octeontx2-pf: Ntuple filters support for VF netdev (jsc#SLE-24682).
octeontx2-pf: PFC config support with DCBx (jsc#SLE-24682).
octeontx2-pf: Remove unnecessary synchronize_irq() before free_irq() (jsc#SLE-24682).
octeontx2-pf: Simplify the receive buffer size calculation (jsc#SLE-24682).
octeontx2-pf: Sort the allocated MCAM entry indices (jsc#SLE-24682).
octeontx2-pf: Unify flow management variables (jsc#SLE-24682).
octeontx2-pf: Use hardware register for CQE count (jsc#SLE-24682).
octeontx2-pf: cn10K: Reserve LMTST lines per core (jsc#SLE-24682).
octeontx2-pf: cn10k: Config DWRR weight based on MTU (jsc#SLE-24682).
octeontx2-pf: cn10k: Ensure valid pointers are freed to aura (jsc#SLE-24682).
octeontx2-pf: cn10k: add support for new ptp timestamp format (jsc#SLE-24682).
octeontx2-pf: devlink params support to set mcam entry count (jsc#SLE-24682).
octeontx2-pf: replace bitmap_weight with bitmap_empty where appropriate (jsc#SLE-24682).
octeontx2-pf: select CONFIG_NET_DEVLINK (jsc#SLE-24682).
octeontx2-vf: Add support for adaptive interrupt coalescing (jsc#SLE-24682).
octeontx2: Move devlink registration to be last devlink command (jsc#SLE-24682).
openvswitch: Fix setting ipv6 fields causing hw csum failure (git-fixes).
openvswitch: Fixed nd target mask field in the flow dump (git-fixes).
openvswitch: always update flow key after nat (git-fixes).
optee: add error checks in optee_ffa_do_call_with_arg() (git-fixes).
perf bench futex: Fix memory leak of perf_cpu_map__new() (git-fixes).
phy: samsung: phy-exynos-pcie: sanitize init/power_on callbacks (git-fixes).
phy: stm32: fix error return in stm32_usbphyc_phy_init (git-fixes).
pinctrl: amd: Do not save/restore interrupt status and wake status bits (git-fixes).
pinctrl: armada-37xx: Convert to use dev_err_probe() (git-fixes).
pinctrl: armada-37xx: Make use of the devm_platform_ioremap_resource() (git-fixes).
pinctrl: armada-37xx: Use temporary variable for struct device (git-fixes).
pinctrl: intel: Check against matching data instead of ACPI companion (git-fixes).
pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map (git-fixes).
pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed (git-fixes).
pinctrl: qcom: sm8250: Fix PDC map (git-fixes).
pinctrl: sunxi: Add I/O bias setting for H6 R-PIO (git-fixes).
platform/chrome: cros_ec: Always expose last resume result (git-fixes).
platform/chrome: cros_ec_proto: do not show MKBP version if unsupported (git-fixes).
platform/olpc: Fix uninitialized data in debugfs write (git-fixes).
platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask (git-fixes).
platform/x86: pmc_atom: Match all Lex BayTrail boards with critclk_systems DMI table (git-fixes).
powerpc/perf: Optimize clearing the pending PMI and remove WARN_ON for PMI check in power_pmu_disable (bsc#1156395).
powerpc/powernv/kvm: Use darn for H_RANDOM on Power9 (bsc#1065729).
powerpc/powernv: Avoid crashing if rng is NULL (bsc#1065729).
powerpc/powernv: delay rng platform device creation until later in boot (bsc#1065729).
powerpc/powernv: rename remaining rng powernv_ functions to pnv_ (bsc#1065729).
powerpc/powernv: wire up rng during setup_arch (bsc#1065729).
powerpc/pseries: Interface to represent PAPR firmware attributes (bsc#1200465 ltc#197256 jsc#SLE-18130).
powerpc/pseries: Rename TYPE1_AFFINITY to FORM1_AFFINITY (bsc#1200465 ltc#197256 jsc#SLE-18130).
powerpc/pseries: rename min_common_depth to primary_domain_index (bsc#1200465 ltc#197256 jsc#SLE-18130).
powerpc/pseries: wire up rng during setup_arch() (bsc#1065729).
powerpc/xive: Fix refcount leak in xive_get_max_prio (git-fixess).
powerpc: Avoid discarding flags in system_call_exception() (bsc#1194869).
powerpc: Enable execve syscall exit tracepoint (bsc#1065729).
powerpc: powernv: kABI: add back powernv_get_random_long (bsc#1065729).
proc: fix a dentry lock race between release_task and lookup (git-fixes).
proc: fix dentry/inode overinstantiating under /proc/${pid}/net (git-fixes).
profiling: fix shift too large makes kernel panic (git-fixes).
pwm: lpc18xx-sct: Reduce number of devm memory allocations (git-fixes).
pwm: lpc18xx-sct: Simplify driver by not using pwm_[gs]et_chip_data() (git-fixes).
pwm: lpc18xx: Fix period handling (git-fixes).
qed: validate and restrict untrusted VFs vlan promisc mode (git-fixes).
r8152: fix the RX FIFO settings when suspending (git-fixes).
r8152: fix the units of some registers for RTL8156A (git-fixes).
random: remove useless header comment (git-fixes).
ratelimit: Fix data-races in ___ratelimit() (git-fixes).
regulator: of: Fix refcount leak bug in of_get_regulation_constraints() (git-fixes).
regulator: pca9450: Remove restrictions for regulator-name (git-fixes).
regulator: qcom_smd: Fix pm8916_pldo range (git-fixes).
remoteproc: imx_rproc: Fix refcount leak in imx_rproc_addr_init (git-fixes).
remoteproc: k3-r5: Fix refcount leak in k3_r5_cluster_of_init (git-fixes).
remoteproc: qcom: pas: Check if coredump is enabled (git-fixes).
remoteproc: qcom: pas: Mark devices as wakeup capable (git-fixes).
remoteproc: qcom: q6v5-mss: add powerdomains to MSM8996 config (git-fixes).
remoteproc: qcom: wcnss: Fix handling of IRQs (git-fixes).
remoteproc: sysmon: Wait for SSCTL service to come up (git-fixes).
rose: check NULL rose_loopback_neigh->loopback (git-fixes).
rpm/kernel-binary.spec.in: move vdso to a separate package (bsc#1202385)
rpmsg: char: Add mutex protection for rpmsg_eptdev_open() (git-fixes).
rpmsg: mtk_rpmsg: Fix circular locking dependency (git-fixes).
rpmsg: qcom_smd: Fix refcount leak in qcom_smd_parse_edge (git-fixes).
s390/cpumf: Handle events cycles and instructions identical (git-fixes).
s390/crash: fix incorrect number of bytes to copy to user space (git-fixes).
s390/crash: make copy_oldmem_page() return number of bytes copied (git-fixes).
s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages (git-fixes).
s390/hypfs: avoid error message under KVM (bsc#1032323).
s390/kexec: handle R_390_PLT32DBL rela in arch_kexec_apply_relocations_add() (git-fixes).
s390/mm: do not trigger write fault when vma does not allow VM_WRITE (git-fixes).
s390/mm: use non-quiescing sske for KVM switch to keyed guest (git-fixes).
s390/qeth: cache link_info for ethtool (bsc#1202262 LTC#199322).
s390/stp: clock_delta should be signed (git-fixes).
s390/zcore: fix race when reading from hardware system area (git-fixes).
samples/landlock: Add clang-format exceptions (git-fixes).
samples/landlock: Fix path_list memory leak (git-fixes).
samples/landlock: Format with clang-format (git-fixes).
sched/core: Always flush pending blk_plug (bnc#1189999 (Scheduler functional and performance backports)).
sched/deadline: Fix BUG_ON condition for deboosted tasks (git-fixes)
sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq (bnc#1189999 (Scheduler functional and performance backports)).
sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq -kabi (git fixes (sched/fair)).
sched/fair: Remove redundant word ' *' (bnc#1189999 (Scheduler functional and performance backports)).
sched/uclamp: Fix iowait boost escaping uclamp restriction (git-fixes)
sched/uclamp: Fix rq->uclamp_max not set on first enqueue (git-fixes)
sched: Allow newidle balancing to bail out of load_balance (bnc#1189999 (Scheduler functional and performance backports)).
sched: Fix the check of nr_running at queue wakelist (bnc#1189999 (Scheduler functional and performance backports)).
sched: Remove the limitation of WF_ON_CPU on wakelist if wakee cpu is idle (bnc#1189999 (Scheduler functional and performance backports)). Refresh
sched: Remove unused function group_first_cpu() (bnc#1189999 (Scheduler functional and performance backports)).
scripts/dtc: Call pkg-config POSIXly correct (git-fixes).
scripts/faddr2line: Fix vmlinux detection on arm64 (git-fixes).
scripts/gdb: change kernel config dumping method (git-fixes).
scripts: sphinx-pre-install: Fix ctex support on Debian (git-fixes).
scripts: sphinx-pre-install: add required ctex dependency (git-fixes).
scsi: hisi_sas: Keep controller active between ISR of phyup and the event being processed (bsc#1202471).
scsi: hisi_sas: Use autosuspend for the host controller (bsc#1202471).
scsi: libiscsi: Add iscsi_cls_conn to sysfs after initialization (bsc#1198410).
scsi: lpfc: Add warning notification period to CMF_SYNC_WQE (bsc#1203063).
scsi: lpfc: Check the return value of alloc_workqueue() (bsc#1203063).
scsi: lpfc: Copyright updates for 14.2.0.5 patches (bsc#1201956).
scsi: lpfc: Copyright updates for 14.2.0.6 patches (bsc#1203063).
scsi: lpfc: Fix attempted FA-PWWN usage after feature disable (bsc#1201956).
scsi: lpfc: Fix lost NVMe paths during LIF bounce stress test (bsc#1201956).
scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFT_ID (bsc#1203063).
scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE (bsc#1201956).
scsi: lpfc: Fix uninitialized cqe field in lpfc_nvme_cancel_iocb() (bsc#1201956).
scsi: lpfc: Fix unsolicited FLOGI receive handling during PT2PT discovery (bsc#1203063).
scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input (bsc#1201956).
scsi: lpfc: Refactor lpfc_nvmet_prep_abort_wqe() into lpfc_sli_prep_abort_xri() (bsc#1201956).
scsi: lpfc: Remove Menlo/Hornet related code (bsc#1201956).
scsi: lpfc: Remove SANDiags related code (bsc#1203063).
scsi: lpfc: Remove extra atomic_inc on cmd_pending in queuecommand after VMID (bsc#1201956).
scsi: lpfc: Revert RSCN_MEMENTO workaround for misbehaved configuration (bsc#1201956).
scsi: lpfc: Rework MIB Rx Monitor debug info logic (bsc#1203063).
scsi: lpfc: Set PU field when providing D_ID in XMIT_ELS_RSP64_CX iocb (bsc#1201956).
scsi: lpfc: Update lpfc version to 14.2.0.5 (bsc#1201956).
scsi: lpfc: Update lpfc version to 14.2.0.6 (bsc#1203063).
scsi: megaraid: Clear READ queue map's nr_queues (git-fixes).
scsi: mpt3sas: Stop fw fault watchdog work item during system shutdown (git-fixes).
scsi: qla2xxx: Check correct variable in qla24xx_async_gffid() (bsc#1201958).
scsi: qla2xxx: Fix discovery issues in FC-AL topology (bsc#1201958).
scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201958).
scsi: qla2xxx: Fix incorrect display of max frame size (bsc#1201958).
scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1201958).
scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201958).
scsi: qla2xxx: Update manufacturer details (bsc#1201958).
scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958).
scsi: qla2xxx: Zero undefined mailbox IN registers (bsc#1201958).
scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201958).
scsi: sg: Allow waiting for commands to complete on removed device (git-fixes).
scsi: smartpqi: Fix DMA direction for RAID requests (git-fixes).
scsi: ufs: core: Fix another task management completion race (git-fixes).
scsi: ufs: core: Fix task management completion timeout race (git-fixes).
scsi: zfcp: Fix missing auto port scan and thus missing target ports (git-fixes).
seccomp: Invalidate seccomp mode to catch death failures (git-fixes).
selftest/net/forwarding: declare NETIFS p9 p10 (git-fixes).
selftest/powerpc: Add PAPR sysfs attributes sniff test (bsc#1200465 ltc#197256 jsc#SLE-18130).
selftest/vm: fix map_fixed_noreplace test failure (git-fixes).
selftest/vm: verify mmap addr in mremap_test (git-fixes).
selftest/vm: verify remap destination address in mremap_test (git-fixes).
selftests, x86: fix how check_cc.sh is being invoked (git-fixes).
selftests/exec: Add non-regular to TEST_GEN_PROGS (git-fixes).
selftests/exec: Remove pipe from TEST_GEN_FILES (git-fixes).
selftests/fib_tests: Rework fib_rp_filter_test() (git-fixes).
selftests/ftrace: Do not trace do_softirq because of PREEMPT_RT (git-fixes).
selftests/ftrace: make kprobe profile testcase description unique (git-fixes).
selftests/landlock: Add clang-format exceptions (git-fixes).
selftests/landlock: Add tests for O_PATH (git-fixes).
selftests/landlock: Add tests for unknown access rights (git-fixes).
selftests/landlock: Extend access right tests to directories (git-fixes).
selftests/landlock: Extend tests for minimal valid attribute size (git-fixes).
selftests/landlock: Format with clang-format (git-fixes).
selftests/landlock: Fully test file rename with 'remove' access (git-fixes).
selftests/landlock: Make tests build with old libc (git-fixes).
selftests/landlock: Normalize array assignment (git-fixes).
selftests/landlock: Test landlock_create_ruleset(2) argument check ordering (git-fixes).
selftests/memfd: clean up mapping in mfd_fail_write (git-fixes).
selftests/memfd: remove unused variable (git-fixes).
selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test (git-fixes).
selftests/net: so_txtime: fix parsing of start time stamp on 32 bit systems (git-fixes).
selftests/net: so_txtime: usage(): fix documentation of default clock (git-fixes).
selftests/net: timestamping: Fix bind_phc check (git-fixes).
selftests/net: udpgso_bench_tx: fix dst ip argument (git-fixes).
selftests/powerpc/spectre_v2: Return skip code when miss_percent is high (git-fixes).
selftests/powerpc: Add a test of sigreturning to the kernel (git-fixes).
selftests/resctrl: Fix null pointer dereference on open failed (git-fixes).
selftests/rseq: Change type of rseq_offset to ptrdiff_t (git-fixes).
selftests/rseq: Fix ppc32 missing instruction selection 'u' and 'x' for load/store (git-fixes).
selftests/rseq: Fix ppc32 offsets by using long rather than off_t (git-fixes).
selftests/rseq: Fix ppc32: wrong rseq_cs 32-bit field pointer on big endian (git-fixes).
selftests/rseq: Fix warnings about #if checks of undefined tokens (git-fixes).
selftests/rseq: Fix: work-around asm goto compiler bugs (git-fixes).
selftests/rseq: Introduce rseq_get_abi() helper (git-fixes).
selftests/rseq: Introduce thread pointer getters (git-fixes).
selftests/rseq: Remove arm/mips asm goto compiler work-around (git-fixes).
selftests/rseq: Remove useless assignment to cpu variable (git-fixes).
selftests/rseq: Remove volatile from __rseq_abi (git-fixes).
selftests/rseq: Uplift rseq selftests for compatibility with glibc-2.35 (git-fixes).
selftests/rseq: introduce own copy of rseq uapi header (git-fixes).
selftests/rseq: remove ARRAY_SIZE define from individual tests (git-fixes).
selftests/rseq: x86-32: use %gs segment selector for accessing rseq thread area (git-fixes).
selftests/rseq: x86-64: use %fs segment selector for accessing rseq thread area (git-fixes).
selftests/seccomp: Do not call read() on TTY from background pgrp (git-fixes).
selftests/seccomp: Fix compile warning when CC=clang (git-fixes).
selftests/seccomp: Fix seccomp failure by adding missing headers (git-fixes).
selftests/sgx: Treat CC as one argument (git-fixes).
selftests/vm/transhuge-stress: fix ram size thinko (git-fixes).
selftests/vm: make charge_reserved_hugetlb.sh work with existing cgroup setting (git-fixes).
selftests/x86: Add validity check and allow field splitting (git-fixes).
selftests/zram01.sh: Fix compression ratio calculation (git-fixes).
selftests/zram: Adapt the situation that /dev/zram0 is being used (git-fixes).
selftests/zram: Skip max_comp_streams interface on newer kernel (git-fixes).
selftests: Add duplicate config only for MD5 VRF tests (git-fixes).
selftests: Fix IPv6 address bind tests (git-fixes).
selftests: Fix raw socket bind tests with VRF (git-fixes).
selftests: add ping test with ping_group_range tuned (git-fixes).
selftests: cgroup: Make cg_create() use 0755 for permission instead of 0644 (git-fixes).
selftests: cgroup: Test open-time cgroup namespace usage for migration checks (git-fixes).
selftests: cgroup: Test open-time credential usage for migration checks (git-fixes).
selftests: clone3: clone3: add case CLONE3_ARGS_NO_TEST (git-fixes).
selftests: fixup build warnings in pidfd / clone3 tests (git-fixes).
selftests: forwarding: fix error message in learning_test (git-fixes).
selftests: forwarding: fix flood_unicast_test when h2 supports IFF_UNICAST_FLT (git-fixes).
selftests: forwarding: fix learning_test when h1 supports IFF_UNICAST_FLT (git-fixes).
selftests: futex: Use variable MAKE instead of make (git-fixes).
selftests: gpio: fix gpio compiling error (git-fixes).
selftests: harness: avoid false negatives if test has no ASSERTs (git-fixes).
selftests: icmp_redirect: pass xfail=0 to log_test() (git-fixes).
selftests: kvm: set rax before vmcall (git-fixes).
selftests: mirror_gre_bridge_1q: Avoid changing PVID while interface is operational (git-fixes).
selftests: mlxsw: resource_scale: Fix return value (git-fixes).
selftests: mlxsw: tc_police_scale: Make test more robust (git-fixes).
selftests: mlxsw: vxlan_flooding: Prevent flooding of unwanted packets (git-fixes).
selftests: mptcp: add csum mib check for mptcp_connect (git-fixes).
selftests: mptcp: fix diag instability (git-fixes).
selftests: mptcp: fix ipv6 routing setup (git-fixes).
selftests: mptcp: more stable diag tests (git-fixes).
selftests: net: Correct case name (git-fixes).
selftests: net: Correct ping6 expected rc from 2 to 1 (git-fixes).
selftests: net: Fix a typo in udpgro_fwd.sh (git-fixes).
selftests: net: tls: remove unused variable and code (git-fixes).
selftests: net: udpgro_fwd.sh: explicitly checking the available ping feature (git-fixes).
selftests: net: using ping6 for IPv6 in udpgro_fwd.sh (git-fixes).
selftests: netfilter: add a vrf+conntrack testcase (git-fixes).
selftests: netfilter: correct PKTGEN_SCRIPT_PATHS in nft_concat_range.sh (git-fixes).
selftests: netfilter: disable rp_filter on router (git-fixes).
selftests: netfilter: fix exit value for nft_concat_range (git-fixes).
selftests: nft_concat_range: add test for reload with no element add/del (git-fixes).
selftests: ocelot: tc_flower_chains: specify conform-exceed action for policer (git-fixes).
selftests: openat2: Add missing dependency in Makefile (git-fixes).
selftests: openat2: Print also errno in failure messages (git-fixes).
selftests: openat2: Skip testcases that fail with EOPNOTSUPP (git-fixes).
selftests: pmtu.sh: Kill nettest processes launched in subshell (git-fixes).
selftests: pmtu.sh: Kill tcpdump processes launched by subshell (git-fixes).
selftests: rtc: Increase test timeout so that all tests run (git-fixes).
selftests: skip mincore.check_file_mmap when fs lacks needed support (git-fixes).
selftests: test_vxlan_under_vrf: Fix broken test case (git-fixes).
selftests: timers: clocksource-switch: fix passing errors from child (git-fixes).
selftests: timers: valid-adjtimex: build fix for newer toolchains (git-fixes).
selftests: vm: Makefile: rename TARGETS to VMTARGETS (git-fixes).
selftests: vm: fix clang build error multiple output files (git-fixes).
selftests: x86: fix [-Wstringop-overread] warn in test_process_vm_readv() (git-fixes).
selinux: Add boundary check in put_entry() (git-fixes).
selinux: access superblock_security_struct in LSM blob way (git-fixes).
selinux: check return value of sel_make_avc_files (git-fixes).
selinux: fix bad cleanup on error in hashtab_duplicate() (git-fixes).
selinux: fix double free of cond_list on error paths (git-fixes).
selinux: fix memleak in security_read_state_kernel() (git-fixes).
selinux: fix misuse of mutex_is_locked() (git-fixes).
selinux: use correct type for context length (git-fixes).
serial: 8250: Add proper clock handling for OxSemi PCIe devices (git-fixes).
serial: 8250: Export ICR access helpers for internal use (git-fixes).
serial: 8250: Fold EndRun device support into OxSemi Tornado code (git-fixes).
serial: 8250_bcm7271: Save/restore RTS in suspend/resume (git-fixes).
serial: 8250_dw: Store LSR into lsr_saved_flags in dw8250_tx_wait_empty() (git-fixes).
serial: 8250_fsl: Do not report FE, PE and OE twice (git-fixes).
serial: 8250_pci: Refactor the loop in pci_ite887x_init() (git-fixes).
serial: 8250_pci: Replace dev_*() by pci_*() macros (git-fixes).
serial: fsl_lpuart: RS485 RTS polariy is inverse (git-fixes).
serial: mvebu-uart: uart2 error bits clearing (git-fixes).
smsc95xx: Ignore -ENODEV errors when device is unplugged (git-fixes).
soc: amlogic: Fix refcount leak in meson-secure-pwrc.c (git-fixes).
soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs (git-fixes).
soc: fsl: guts: machine variable might be unset (git-fixes).
soc: fsl: select FSL_GUTS driver for DPIO (git-fixes).
soc: imx: gpcv2: Assert reset before ungating clock (git-fixes).
soc: qcom: Make QCOM_RPMPD depend on PM (git-fixes).
soc: qcom: aoss: Fix refcount leak in qmp_cooling_devices_register (git-fixes).
soc: qcom: ocmem: Fix refcount leak in of_get_ocmem (git-fixes).
soc: renesas: r8a779a0-sysc: Fix A2DP1 and A2CV[2357] PDR values (git-fixes).
soundwire: bus_type: fix remove and shutdown support (git-fixes).
soundwire: qcom: Check device status before reading devid (git-fixes).
soundwire: qcom: fix device status array range (git-fixes).
spi: Fix incorrect cs_setup delay handling (git-fixes).
spi: Fix simplification of devm_spi_register_controller (git-fixes).
spi: dt-bindings: cadence: add missing 'required' (git-fixes).
spi: dt-bindings: zynqmp-qspi: add missing 'required' (git-fixes).
spi: meson-spicc: add local pow2 clock ops to preserve rate between messages (git-fixes).
spi: spi-altera-dfl: Fix an error handling path (git-fixes).
spi: spi-rspi: Fix PIO fallback on RZ platforms (git-fixes).
spi: synquacer: Add missing clk_disable_unprepare() (git-fixes).
spi: tegra20-slink: fix UAF in tegra_slink_remove() (git-fixes).
spmi: trace: fix stack-out-of-bound access in SPMI tracing functions (git-fixes).
staging: rtl8192u: Fix sleep in atomic context bug in dm_fsync_timer_callback (git-fixes).
staging: rtl8712: fix use after free bugs (git-fixes).
tee: optee: do not check memref size on return from Secure World (git-fixes).
tee: tee_get_drvdata(): fix description of return value (git-fixes).
testing/selftests/mqueue: Fix mq_perf_tests to free the allocated cpu set (git-fixes).
testing: nvdimm: asm/mce.h is not needed in nfit.c (git-fixes).
testing: nvdimm: iomap: make __nfit_test_ioremap a macro (git-fixes).
tests: fix idmapped mount_setattr test (git-fixes).
thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR (bsc#1201308).
thermal/tools/tmon: Include pthread and time headers in tmon.h (git-fixes).
thermal: sysfs: Fix cooling_device_stats_setup() error code path (git-fixes).
thunderbolt: Use the actual buffer in tb_async_error() (git-fixes).
tools include UAPI: Sync sound/asound.h copy with the kernel sources (git-fixes).
tools/nolibc: fix incorrect truncation of exit code (git-fixes).
tools/nolibc: i386: fix initial stack alignment (git-fixes).
tools/nolibc: x86-64: Fix startup code bug (git-fixes).
tools/testing/scatterlist: add missing defines (git-fixes).
tools/thermal: Fix possible path truncations (git-fixes).
tpm: eventlog: Fix section mismatch for DEBUG_SECTION_MISMATCH (git-fixes).
trace/osnoise: Add migrate-disabled field to the osnoise header (git-fixes).
trace/timerlat: Add migrate-disabled field to the timerlat header (git-fixes).
tracing/histograms: Fix memory leak problem (git-fixes).
tracing/kprobes: Check whether get_kretprobe() returns NULL in kretprobe_dispatcher() (git-fixes).
tracing/probes: Have kprobes and uprobes use $COMM too (git-fixes).
tracing: Add ustring operation to filtering string pointers (git-fixes).
tracing: Fix sleeping while atomic in kdb ftdump (git-fixes).
tracing: Have filter accept 'common_cpu' to be consistent (git-fixes).
tracing: Use a struct alignof to determine trace event field alignment (git-fixes).
tty: 8250: Add support for Brainboxes PX cards (git-fixes).
tty: n_gsm: Delete gsm_disconnect when config requester (git-fixes).
tty: n_gsm: Delete gsmtty open SABM frame when config requester (git-fixes).
tty: n_gsm: Modify CR,PF bit printk info when config requester (git-fixes).
tty: n_gsm: Modify CR,PF bit when config requester (git-fixes).
tty: n_gsm: Modify cr bit value when config requester (git-fixes).
tty: n_gsm: Modify gsmtty driver register method when config requester (git-fixes).
tty: n_gsm: Save dlci address open status when config requester (git-fixes).
tty: n_gsm: add sanity check for gsm->receive in gsm_receive_buf() (git-fixes).
tty: n_gsm: avoid call of sleeping functions from atomic context (git-fixes).
tty: n_gsm: clean up dead code in gsm_queue() (git-fixes).
tty: n_gsm: clean up implicit CR bit encoding in address field (git-fixes).
tty: n_gsm: clean up indenting in gsm_queue() (git-fixes).
tty: n_gsm: fix DM command (git-fixes).
tty: n_gsm: fix broken virtual tty handling (git-fixes).
tty: n_gsm: fix buffer over-read in gsm_dlci_data() (git-fixes).
tty: n_gsm: fix deadlock and link starvation in outgoing data path (git-fixes).
tty: n_gsm: fix decoupled mux resource (git-fixes).
tty: n_gsm: fix encoding of command/response bit (git-fixes).
tty: n_gsm: fix flow control handling in tx path (git-fixes).
tty: n_gsm: fix frame reception handling (git-fixes).
tty: n_gsm: fix incorrect UA handling (git-fixes).
tty: n_gsm: fix insufficient txframe size (git-fixes).
tty: n_gsm: fix invalid gsmtty_write_room() result (git-fixes).
tty: n_gsm: fix invalid use of MSC in advanced option (git-fixes).
tty: n_gsm: fix malformed counter for out of frame data (git-fixes).
tty: n_gsm: fix missing corner cases in gsmld_poll() (git-fixes).
tty: n_gsm: fix missing explicit ldisc flush (git-fixes).
tty: n_gsm: fix missing mux reset on config change at responder (git-fixes).
tty: n_gsm: fix missing timer to handle stalled links (git-fixes).
tty: n_gsm: fix missing tty wakeup in convergence layer type 2 (git-fixes).
tty: n_gsm: fix missing update of modem controls after DLCI open (git-fixes).
tty: n_gsm: fix mux activation issues in gsm_config() (git-fixes).
tty: n_gsm: fix mux cleanup after unregister tty device (git-fixes).
tty: n_gsm: fix non flow control frames during mux flow off (git-fixes).
tty: n_gsm: fix packet re-transmission without open control channel (git-fixes).
tty: n_gsm: fix race condition in gsmld_write() (git-fixes).
tty: n_gsm: fix reset fifo race condition (git-fixes).
tty: n_gsm: fix resource allocation order in gsm_activate_mux() (git-fixes).
tty: n_gsm: fix restart handling via CLD command (git-fixes).
tty: n_gsm: fix software flow control handling (git-fixes).
tty: n_gsm: fix sometimes uninitialized warning in gsm_dlci_modem_output() (git-fixes).
tty: n_gsm: fix tty registration before control channel open (git-fixes).
tty: n_gsm: fix user open not possible at responder until initiator open (git-fixes).
tty: n_gsm: fix wrong DLCI release order (git-fixes).
tty: n_gsm: fix wrong T1 retry count handling (git-fixes).
tty: n_gsm: fix wrong command frame length field encoding (git-fixes).
tty: n_gsm: fix wrong command retry handling (git-fixes).
tty: n_gsm: fix wrong queuing behavior in gsm_dlci_data_output() (git-fixes).
tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2 (git-fixes).
tty: n_gsm: fix wrong signal octets encoding in MSC (git-fixes).
tty: n_gsm: initialize more members at gsm_alloc_mux() (git-fixes).
tty: n_gsm: replace kicktimer with delayed_work (git-fixes).
tty: serial: Fix refcount leak bug in ucc_uart.c (git-fixes).
tty: serial: fsl_lpuart: correct the count of break characters (git-fixes).
tty: serial: lpuart: disable flow control while waiting for the transmit engine to complete (git-fixes).
tty: vt: initialize unicode screen buffer (git-fixes).
tun: avoid double free in tun_free_netdev (git-fixes).
tunnels: do not assume mac header is set in skb_tunnel_check_pmtu() (git-fixes).
tuntap: add sanity checks about msg_controllen in sendmsg (git-fixes).
uaccess: fix type mismatch warnings from access_ok() (git-fixes).
ucounts: Base set_cred_ucounts changes on the real user (git-fixes).
ucounts: Fix rlimit max values check (git-fixes).
ucounts: Fix systemd LimitNPROC with private users regression (git-fixes).
ucounts: Handle wrapping in is_ucounts_overlimit (git-fixes).
ucounts: In set_cred_ucounts assume new->ucounts is non-NULL (git-fixes).
udf: Fix crash after seekdir (bsc#1194592).
udmabuf: Set the DMA mask for the udmabuf device (v2) (git-fixes).
udmabuf: add back sanity check (git-fixes).
usb: aspeed-vhub: Fix refcount leak bug in ast_vhub_init_desc() (git-fixes).
usb: cdns3 fix use-after-free at workaround 2 (git-fixes).
usb: cdns3: Do not use priv_dev uninitialized in cdns3_gadget_ep_enable() (git-fixes).
usb: cdns3: change place of 'priv_ep' assignment in cdns3_gadget_ep_dequeue(), cdns3_gadget_ep_enable() (git-fixes).
usb: cdns3: fix incorrect handling TRB_SMM flag for ISOC transfer (git-fixes).
usb: cdns3: fix issue with rearming ISO OUT endpoint (git-fixes).
usb: cdns3: fix random warning message when driver load (git-fixes).
usb: dwc2: fix wrong order of phy_power_on and phy_init (git-fixes).
usb: dwc2: gadget: remove D+ pull-up while no vbus with usb-role-switch (git-fixes).
usb: dwc3: core: Deprecate GCTL.CORESOFTRESET (git-fixes).
usb: dwc3: core: Do not perform GCTL_CORE_SOFTRESET during bootup (git-fixes).
usb: dwc3: dwc3-qcom: Add missing platform_device_put() in dwc3_qcom_acpi_register_core (git-fixes).
usb: dwc3: dwc3-qcom: Fix typo in the dwc3 vbus override API (git-fixes).
usb: dwc3: gadget: Avoid duplicate requests to enable Run/Stop (git-fixes).
usb: dwc3: gadget: fix high speed multiplier setting (git-fixes).
usb: dwc3: gadget: refactor dwc3_repare_one_trb (git-fixes).
usb: dwc3: qcom: Add helper functions to enable,disable wake irqs (git-fixes).
usb: dwc3: qcom: fix missing optional irq warnings (git-fixes).
usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup (git-fixes).
usb: gadget: f_uac2: clean up some inconsistent indenting (git-fixes).
usb: gadget: f_uac2: fix superspeed transfer (git-fixes).
usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS (git-fixes).
usb: gadget: tegra-xudc: Fix error check in tegra_xudc_powerdomain_init() (git-fixes).
usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes).
usb: gadget: udc: amd5536 depends on HAS_DMA (git-fixes).
usb: gadget: uvc: call uvc uvcg_warn on completed status instead of uvcg_info (git-fixes).
usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe (git-fixes).
usb: host: ohci-ppc-of: Fix refcount leak bug (git-fixes).
usb: host: xhci: use snprintf() in xhci_decode_trb() (git-fixes).
usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe (git-fixes).
usb: renesas: Fix refcount leak bug (git-fixes).
usb: typec: altmodes/displayport: correct pin assignment for UFP receptacles (git-fixes).
usb: typec: tcpm: Return ENOTSUPP for power supply prop writes (git-fixes).
usb: typec: ucsi: Acknowledge the GET_ERROR_STATUS command completion (git-fixes).
usb: xhci: tegra: Fix error check (git-fixes).
usbnet: Fix linkwatch use-after-free on disconnect (git-fixes).
usbnet: Run unregister_netdev() before unbind() again (git-fixes).
usbnet: smsc95xx: Avoid link settings race on interrupt reception (git-fixes).
usbnet: smsc95xx: Do not clear read-only PHY interrupt (git-fixes).
usbnet: smsc95xx: Fix deadlock on runtime resume (git-fixes).
usbnet: smsc95xx: Forward PHY interrupts to PHY driver to avoid polling (git-fixes).
userfaultfd/selftests: fix hugetlb area allocations (git-fixes).
vboxguest: Do not use devm for irq (git-fixes).
vdpa_sim: avoid putting an uninitialized iova_domain (git-fixes).
venus: pm_helpers: Fix warning in OPP during probe (git-fixes).
vfio/ccw: Do not change FSM state in subchannel event (git-fixes).
vfio/ccw: Remove UUID from s390 debug log (git-fixes).
vfio: Clear the caps->buf to NULL after free (git-fixes).
video: fbdev: amba-clcd: Fix refcount leak bugs (git-fixes).
video: fbdev: arkfb: Check the size of screen before memset_io() (git-fixes).
video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() (git-fixes).
video: fbdev: i740fb: Check the argument of i740_calc_vclk() (git-fixes).
video: fbdev: s3fb: Check the size of screen before memset_io() (git-fixes).
video: fbdev: sis: fix typos in SiS_GetModeID() (git-fixes).
video: fbdev: vt8623fb: Check the size of screen before memset_io() (git-fixes).
virtio-gpu: fix a missing check to avoid NULL dereference (git-fixes).
virtio-net: fix the race between refill work and close (git-fixes).
virtio_net: fix memory leak inside XPD_TX with mergeable (git-fixes).
vmxnet3: Implement ethtool's get_channels command (bsc#1200431).
vmxnet3: Record queue number to incoming packets (bsc#1200431).
vmxnet3: Remove useless DMA-32 fallback configuration (bsc#1200431).
vmxnet3: add command to set ring buffer sizes (bsc#1200431).
vmxnet3: add support for capability registers (bsc#1200431).
vmxnet3: add support for large passthrough BAR register (bsc#1200431).
vmxnet3: add support for out of order rx completion (bsc#1200431).
vmxnet3: disable overlay offloads if UPT device does not support (bsc#1200431).
vmxnet3: do not reschedule napi for rx processing (bsc#1200431).
vmxnet3: limit number of TXDs used for TSO packet (bsc#1200431).
vmxnet3: prepare for version 7 changes (bsc#1200431).
vmxnet3: switch from 'pci_' to 'dma_' API (bsc#1200431).
vmxnet3: update to version 7 (bsc#1200431).
vmxnet3: use ext1 field to indicate encapsulated packet (bsc#1200431).
vrf: do not run conntrack on vrf with !dflt qdisc (git-fixes).
vsock/virtio: enable VQs early on probe (git-fixes).
vsock/virtio: initialize vdev->priv before using VQs (git-fixes).
vsock/virtio: read the negotiated features before using VQs (git-fixes).
vsock: Fix memory leak in vsock_connect() (git-fixes).
vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout() (git-fixes).
vsock: remove vsock from connected table when connect is interrupted by a signal (git-fixes).
watch-queue: remove spurious double semicolon (git-fixes).
watch_queue: Fix missing locking in add_watch_to_object() (git-fixes).
watch_queue: Fix missing rcu annotation (git-fixes).
watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in armada_37xx_wdt_probe() (git-fixes).
watchdog: sp5100_tco: Fix a memory leak of EFCH MMIO resource (git-fixes).
watchqueue: make sure to serialize 'wqueue->defunct' properly (git-fixes).
wifi: cfg80211: debugfs: fix return type in ht40allow_map_read() (git-fixes).
wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes).
wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (git-fixes).
wifi: libertas: Fix possible refcount leak in if_usb_probe() (git-fixes).
wifi: mac80211: Do not finalize CSA in IBSS mode if state is disconnected (git-fixes).
wifi: mac80211: limit A-MSDU subframes for client too (git-fixes).
wifi: mac80211_hwsim: add back erroneously removed cast (git-fixes).
wifi: mac80211_hwsim: fix race condition in pending packet (git-fixes).
wifi: mac80211_hwsim: use 32-bit skb cookie (git-fixes).
wifi: p54: Fix an error handling path in p54spi_probe() (git-fixes).
wifi: p54: add missing parentheses in p54_flush() (git-fixes).
wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c() (git-fixes).
wifi: rtlwifi: remove always-true condition pointed out by GCC 12 (git-fies).
wifi: rtw88: check the return value of alloc_workqueue() (git-fixes).
wifi: rtw89: 8852a: rfk: fix div 0 exception (git-fixes).
wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() (git-fixes).
wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()` (git-fixes).
wireguard: device: check for metadata_dst with skb_valid_dst() (git-fixes).
wireless: Remove redundant 'flush_workqueue()' calls (bsc#1202131).
x86/Hyper-V: Add SEV negotiate protocol support in Isolation VM (bsc#1190497).
x86/olpc: fix 'logical not is only applied to the left hand side' (git-fixes).
x86/retbleed: Add fine grained Kconfig knobs (bsc#1190497).
x86/sev: Define the Linux-specific guest termination reasons (bsc#1190497).
x86/sev: Save the negotiated GHCB version (bsc#1190497).
xen/gntdev: fix unmap notification order (git-fixes).
xen/privcmd: fix error exit of privcmd_ioctl_dm_op() (git-fixes).
xen/xenbus: fix return type in xenbus_file_read() (git-fixes).
xen: detect uninitialized xenbus in xenbus_init (git-fixes).
xen: do not continue xenstore initialization in case of errors (git-fixes).
xfs: Fix the free logic of state in xfs_attr_node_hasname (git-fixes).
xfs: check sb_meta_uuid for dabuf buffer recovery (git-fixes).
xfs: fix soft lockup via spinning in filestream ag selection loop (git-fixes).
xfs: fix use-after-free in xattr node block inactivation (git-fixes).
xfs: fold perag loop iteration logic into helper function (git-fixes).
xfs: make xfs_rtalloc_query_range input parameters const (git-fixes).
xfs: only bother with sync_filesystem during readonly remount (git-fixes).
xfs: prevent UAF in xfs_log_item_in_current_chkpt (git-fixes).
xfs: prevent a UAF when log IO errors race with unmount (git-fixes).
xfs: remove incorrect ASSERT in xfs_rename (git-fixes).
xfs: rename the next_agno perag iteration variable (git-fixes).
xfs: reorder iunlink remove operation in xfs_ifree (git-fixes).
xfs: revert 'xfs: actually bump warning counts when we send warnings' (git-fixes).
xfs: terminate perag iteration reliably on agcount (git-fixes).
xfs: use invalidate_lock to check the state of mmap_lock (git-fixes).
xfs: use kmem_cache_free() for kmem_cache objects (git-fixes).
xfs: use setattr_copy to set vfs inode attributes (git-fixes).
xhci: Set HCD flag to defer primary roothub registration (git-fixes).
xhci: dbc: Rename xhci_dbc_init and xhci_dbc_exit (git-fixes).
xhci: dbc: create and remove dbc structure in dbgtty driver (git-fixes).
xhci: dbc: refactor xhci_dbc_init() (git-fixes).
xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create (git-fixes).
xprtrdma: treat all calls not a bcall when bc_serv is NULL (git-fixes).
zonefs: Clear inode information flags on inode creation (git-fixes).
zonefs: Fix management of open zones (git-fixes).
zonefs: add MODULE_ALIAS_FS (git-fixes).

Advisory ID	SUSE-RU-2022:3295-1
Released	Sat Sep 17 10:29:30 2022
Summary	Recommended update for go
Type	recommended
Severity	moderate
References	1200441

Description:

This update for go fixes the following issues:

Update to current stable go1.19 (bsc#1200441)
Add define tsan_arch for s390x ppc64le new in go1.19

Advisory ID	SUSE-RU-2022:3296-1
Released	Sat Sep 17 10:30:01 2022
Summary	Recommended update for nss_synth
Type	recommended
Severity	moderate
References

Description:

This update for nss_synth fixes the following issues:

Support running 389-ds with bare uid/gid (non-root) in containers. (jsc#SLE-22585)

Advisory ID	SUSE-RU-2022:3298-1
Released	Mon Sep 19 08:43:44 2022
Summary	Recommended update for python-psutil
Type	recommended
Severity	important
References	1181475

Description:

This update for python-psutil fixes the following issues:

Adopt change of used memory calculation from upstream of procps (bsc#1181475)

Advisory ID	SUSE-RU-2022:3299-1
Released	Mon Sep 19 08:44:56 2022
Summary	Recommended update for Yast2
Type	recommended
Severity	important
References	1195059,1195608,1195894,1196674,1198076,1198848,1199451,1199480,1199554,1199621,1199746,1200155,1200274,1200780,1200803,1200964,1201129,1201185,1201532,1201747,1201924,1201966,1202228,1202479,1202892,1202919

Description:

This update for Yast2 fixes the following issues:
autoyast2:

Revert the modification done in version 4.3.97 running the initscripts before systed-user-sessions service again once systemd fixed logind (bsc#1195059, bsc#1200780)
Run the registration step early only on the Online installation medium which does not provide any packages. On the other media run the registration step later.Fixes crash in the SLE Micro when the AutoYaST profile enables the registration step. (bsc#1200803)

yast2:

Added a parameter to `NetworkService.EnableDisableNow` method in order to ensure that the selected network service is enabled even when the selection has not been modified (bsc#1202479)
Do not ask for user input while checking file conflicts if the delayed progress popup is not shown (bsc#1201924, bsc#1202892)
Avoid build failures when packager is not available (bsc#1196674)
Show what product is being installed (bsc#1196674)
Show file conflict checking progress in delayed popup (bsc#1195608)

yast2-auth-client:

Fix internal error caused by a deprecated function that was still being called (bsc#1202919)
Remove deprecated nss_ldap and pam_ldap support in favour of SSSD (bsc#1201747)
Allow to define the dnsHostName attribute when connecting to an Active Directory (bsc#1200964)

yast2-fcoe-client:

Use yast2-network to write the sysconfig files, to be aware of the new connections added during the installation (bsc#1199554)

yast2-firstboot:

Do not skip client for root password automatically if the user password has not been set yet (bsc#1202228)

yast2-installation:

Do not use 'xrdb' for setting the 'Xft.dpi' value, use a specific YaST tool from the yast2-x11 package (bsc#1201532)
Install yast2-x11 only when GUI (libyui-qt) is installed, avoid installing the dependent X libraries in minimal (text mode) installation (bsc#1201966)
AutoYaST SecondStage: Revert changes introduced in 4.3.46 running the initscript service before systemd-user-sessions again once systemd patched logind (bsc#1195059, bsc#1200780)
Do not restart services when updating the package (bsc#1199480, bsc#1200274)
AutoYaST Second Stage: Added a missing dependency to the service to prevent getty-autogeneration listen on 5901 port (bsc#1199746)

yast2-network:

Added a class to generate the configuration needed for a FCoE device being aware of it during the installation (bsc#1199554)
AY: Added missing route extrapara element to the networking section (bsc#1201129)
CFA NM: replace problematic characters when getting the filename for the given wireless configuration (bsc#1199451)
Allow more than 6 domains in resolver search list (bsc#1200155)

yast2-nfs-client:

Fix localization of NFS Version widget values (bsc#1198076)

yast2-online-update-configuration:

Reduce nesting in the 'category_filter' section of the AutoYaST profile. The old (nested) format is still accepted (bsc#1198848)

yast2-packager:

Fix package counters in the installation slideshow (bsc#1199621)

yast2-schema-default:

Add 'extrapara' to routes in the networking section (bsc#1201129)
Support for flatten and nested 'category_filter' element in the 'online_update_configuration' section (bsc#1198848)

yast2-schema-micro:

Add 'extrapara' to routes in the networking section (bsc#1201129)
Support for flatten and nested 'category_filter' element in the 'online_update_configuration' section (bsc#1198848)

yast2-security:

Do not crash when reading active LSM modules returns nil (jsc#SLE-22069)

yast2-update:

Use the 'norecovery' mount option when searching the root partitions (bsc#1195894)

yast2-users:

Fix writing ssh keys for user without specified home (bsc#1201185)

yast2-x11:

Added 'xftdpi' tool to not depend on xrdb (which requires the C pre-processor), this decreases the installed size (bsc#1201966, bsc#1201532)

Advisory ID	SUSE-RU-2022:3300-1
Released	Mon Sep 19 08:45:25 2022
Summary	Recommended update for gnome-shell-extension-desktop-icons
Type	recommended
Severity	important
References	1199377,1203262

Description:

This update for gnome-shell-extension-desktop-icons fixes the following issues:

Fix desktop icons to be Compatible with GNOME 41 (bsc#1199377, bsc#1203262)

Advisory ID	SUSE-RU-2022:3301-1
Released	Mon Sep 19 08:48:57 2022
Summary	Recommended update for Mesa
Type	recommended
Severity	important
References	1202850

Description:

This update for Mesa fixes the following issues:

Do not use 'iris' as default driver on Intel Gen8-11 hardware but 'i965'. (bsc#1202850)

Advisory ID	SUSE-feature-2022:3302-1
Released	Mon Sep 19 08:51:02 2022
Summary	Feature update for python310-pip
Type	feature
Severity	moderate
References	1201041

Description:

This feature update for python310-pip and python-rpm-macros provides:
python310-pip:
Upgrade from version 20.2.4 to version 22.0.4 (jsc#SLE-24539)

Adjust SPEC file to generate python310 module only
Avoid cycle: BuildRequire ca-certificates only in tests
This version is not compatible with Python 3.6 and thus not suitable for SUSE Linux Enterprise 15.
Drop the doctype check, that presented a warning for index pages that use non-compliant HTML 5.
Print the exception via rich.traceback, when running with `--debug`.
Only calculate topological installation order, for packages that are going to be installed/upgraded. * This error occurred when determining the installation order for a very specific combination of upgrading of already installed packages, change of dependencies and fetching some packages from a package index. This combination was especially common in Read the Docs' builds.
Use html.parser by default, instead of falling back to html5lib when --use-deprecated=html5lib is not passed.
Clarify that using per-requirement overrides disables the usage of wheels.
Instead of failing on index pages that use non-compliant HTML 5, print a deprecation warning and fall back to html5lib-based parsing for now. This simplifies the migration for non-compliant index pages, by letting such indexes function with a warning.
Accept lowercase on index pages.
Properly handle links parsed by html5lib, when using --use-deprecated=html5lib.
Changed PackageFinder to parse HTML documents using the stdlib :class:`html.parser.HTMLParser` class instead of the html5lib package.
For now, the deprecated html5lib code remains and can be used with the --use-deprecated=html5lib command line option. However, it will be removed in a future pip release.
Completely replace :pypi:`tox` in our development workflow, with :pypi:`nox`.
Deprecate alternative progress bar styles, leaving only on and off as available choices.
Drop support for Python 3.6.
Disable location mismatch warnings on Python versions prior to 3.10. * These warnings were helping identify potential issues as part of the sysconfig -> distutils transition, and we no longer need to rely on reports from older Python versions for information on the transition.
Utilize rich for presenting pip's default download progress bar.
Present a better error message when an invalid wheel file is encountered, providing more context where the invalid wheel file is.
Documents the --require-virtualenv flag for pip install.
pip install autocompletes paths.
Allow Python distributors to opt-out from or opt-in to the sysconfig installation scheme backend by setting sysconfig._PIP_USE_SYSCONFIG to True or False.
Make it possible to deselect tests requiring cryptography package on systems where it cannot be installed.
Start using Rich for presenting error messages in a consistent format.
Improve presentation of errors from subprocesses.
Forward pip's verbosity configuration to VCS tools to control their output accordingly.
Optimize installation order calculation to improve performance when installing requirements that form a complex dependency graph with a large amount of edges.
When a package is requested by the user for upgrade, correctly identify that the extra-ed variant of that same package depended by another user-requested package is requesting the same package, and upgrade it accordingly.
Prevent pip from installing yanked releases unless explicitly pinned via the `==` or `===` operators.
Stop backtracking on build failures, by instead surfacing them to the user and aborting immediately. This behaviour provides more immediate feedback when a package cannot be built due to missing build dependencies or platform incompatibility.
Silence Value for does not match warning caused by an erroneous patch in Slackware-distributed Python 3.9.
Fix an issue where pip did not consider dependencies with and without extras to be equal
Always refuse installing or building projects that have no ``pyproject.toml`` nor ``setup.py``.
Tweak running-as-root detection, to check ``os.getuid`` if it exists, on Unix-y and non-Linux/non-MacOS machines.
When installing projects with a ``pyproject.toml`` in editable mode, and the build backend does not support :pep:`660`, prepare metadata using ``prepare_metadata_for_build_wheel`` instead of ``setup.py egg_info``. Also, refuse installing projects that only have a ``setup.cfg`` and no ``setup.py`` nor ``pyproject.toml``. These restore the pre-21.3 behaviour.
Restore compatibility of where configuration files are loaded from on MacOS
Upgrade pep517 to 0.12.0
Improve deprecation warning regarding the copying of source trees when installing from a local directory.
Suppress location mismatch warnings when pip is invoked from a Python source tree, so ``ensurepip`` does not emit warnings on CPython ``make install``.
On Python 3.10 or later, the installation scheme backend has been changed to use ``sysconfig``. This is to anticipate the deprecation of ``distutils`` in Python 3.10, and its scheduled removal in 3.12. For compatibility considerations, pip installations running on Python 3.9 or lower will continue to use ``distutils``.
Remove the ``--build-dir`` option and aliases, one last time.
In-tree builds are now the default. ``--use-feature=in-tree-build`` is now ignored. ``--use-deprecated=out-of-tree-build`` may be used temporarily to ease the transition.
Un-deprecate source distribution re-installation behaviour.
Replace vendored appdirs with platformdirs.
Support `PEP 610 `_ to detect editable installs in ``pip freeze`` and ``pip list``. The ``pip list`` column output has a new ``Editable project location`` column, and the JSON output has a new ``editable_project_location`` field.
``pip freeze`` will now always fallback to reporting the editable project location when it encounters a VCS error while analyzing an editable requirement. Before, it sometimes reported the requirement as non-editable.
``pip show`` now sorts ``Requires`` and ``Required-By`` alphabetically.
Do not raise error when there are no files to remove with ``pip cache purge/remove``. Instead log a warning and continue (to log that we removed 0 files).
When backtracking during dependency resolution, prefer the dependencies which are involved in the most recent conflict. This can significantly reduce the amount of backtracking required.
Cache requirement objects, to improve performance reducing reparses of requirement strings.
Support editable installs for projects that have a ``pyproject.toml`` and use a build backend that supports :pep:`660`.
When a revision is specified in a Git URL, use git's partial clone feature to speed up source retrieval.
Add a ``--debug`` flag, to enable a mode that doesn't log errors and propagates them to the top level instead. This is primarily to aid with debugging pip's crashes.
If a host is explicitly specified as trusted by the user (via the --trusted-host option), cache HTTP responses from it in addition to HTTPS ones.
Present a better error message, when a ``file:`` URL is not found.
Fix the auth credential cache to allow for the case in which the index url contains the username, but the password comes from an external source, such as keyring.
Fix double unescape of HTML ``data-requires-python`` and ``data-yanked`` attributes.
New resolver: Fixes depth ordering of packages during resolution, e.g. a dependency 2 levels deep will be ordered before a dependency 3 levels deep.

python-rpm-macros:
Update from version 20220106.80d3756 to version 20220809.cf8a7b8 (bsc#1201041)

Pass `--ignore-installed` to `pip install` in %pyproject_install
restore end-of-line in alternative scriptlets
make python_flavored_alternatives less verbose
Move install of libalts from sciptlets to python_clone -a
hard-code %py_ver
print proper error on missing python interpreter
Update compile-macros.sh
Create python_flavored_alternatives and use for testing
Switch primary_interpreter from python38 to python310
Avoid bashism in %()
Fix flavor executable substitution
Keep python38 as primary python3
Add python310 to the buildset
Move python39 to the primary place in %pythons
Disable python36 flavor in Factory buildset
Add python310 flavor macros to compile set

Advisory ID	SUSE-RU-2022:3304-1
Released	Mon Sep 19 11:43:25 2022
Summary	Recommended update for libassuan
Type	recommended
Severity	moderate
References

Description:

This update for libassuan fixes the following issues:

Add a timeout for writing to a SOCKS5 proxy
Add workaround for a problem with LD_LIBRARY_PATH on newer systems
Fix issue in the logging code
Fix some build trivialities
Upgrade autoconf

Advisory ID	SUSE-SU-2022:3305-1
Released	Mon Sep 19 11:45:57 2022
Summary	Security update for libtirpc
Type	security
Severity	important
References	1201680,CVE-2021-46828

Description:

This update for libtirpc fixes the following issues:

CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680).

Advisory ID	SUSE-SU-2022:3306-1
Released	Mon Sep 19 11:51:55 2022
Summary	Security update for libarchive
Type	security
Severity	moderate
References	1192425,CVE-2021-23177

Description:

This update for libarchive fixes the following issues:

CVE-2021-23177: Fixed symlink ACL extraction that modifies ACLs of the target system (bsc#1192425).

Advisory ID	SUSE-SU-2022:3307-1
Released	Mon Sep 19 13:26:51 2022
Summary	Security update for sqlite3
Type	security
Severity	moderate
References	1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737

Description:

This update for sqlite3 fixes the following issues:

CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783).
CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802).
Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773).

Advisory ID	SUSE-RU-2022:3308-1
Released	Mon Sep 19 13:27:40 2022
Summary	Recommended update for mdadm
Type	recommended
Severity	moderate
References	1201297

Description:

This update for mdadm fixes the following issues:

imsm: support for third Sata controller (bsc#1201297)
mdadm: enable Intel Alderlake RSTe configuration (bsc#1201297)

Advisory ID	SUSE-SU-2022:3309-1
Released	Mon Sep 19 15:51:27 2022
Summary	Security update for wireshark
Type	security
Severity	moderate
References	1194165,1203388,CVE-2021-4186,CVE-2022-3190

Description:

This update for wireshark fixes the following issues:
Updated to Wireshark 3.6.8:

CVE-2022-3190: Fixed F5 Ethernet Trailer dissector infinite loop (bsc#1203388).
CVE-2021-4186: Fixed Gryphon dissector crash (bsc#1194165).

Advisory ID	SUSE-RU-2022:3317-1
Released	Tue Sep 20 11:51:26 2022
Summary	Recommended update for live-langset-data
Type	recommended
Severity	moderate
References	1187618

Description:

This update for live-langset-data fixes the following issues:

Don't restart systemd-vconsole-setup.service explicitly (bsc#1187618)
Use command `y2start` instead of `y2base` that caused issues with nokogiri

Advisory ID	SUSE-RU-2022:3319-1
Released	Tue Sep 20 14:27:21 2022
Summary	Recommended update for perl-DBD-Pg
Type	recommended
Severity	low
References	1197797

Description:

This update for perl-DBD-Pg fixes the following issues:

Adjust tests for reltuples being -1 for new relations (bsc#1197797)

Advisory ID	SUSE-SU-2022:3320-1
Released	Tue Sep 20 14:47:07 2022
Summary	Security update for vsftpd
Type	security
Severity	important
References	1021387,1052900,1187678,1187686,786024,CVE-2021-3618

Description:

This update for vsftpd fixes the following issues:

CVE-2021-3618: Enforced security checks against ALPACA attack (bsc#1187678, bsc#1187686, PM-3322).

Bugfixes:

Fixed a seccomp failure in FIPS mode when SSL was enabled (bsc#1052900).
Allowed wait4() to be called so that the broker can wait for its child processes (bsc#1021387).
Allowed sendto() syscall when /dev/log support is enabled (bsc#786024).

Advisory ID	SUSE-SU-2022:3325-1
Released	Wed Sep 21 12:28:17 2022
Summary	Security update for go1.18
Type	security
Severity	important
References	1193742,1203185,CVE-2022-27664

Description:

This update for go1.18 fixes the following issues:
Update to go version 1.18.6 (bsc#1193742):

CVE-2022-27664: Fixed DoS in net/http caused by mishandled server errors after sending GOAWAY (bsc#1203185).

Advisory ID	SUSE-SU-2022:3326-1
Released	Wed Sep 21 12:28:41 2022
Summary	Security update for go1.19
Type	security
Severity	important
References	1200441,1203185,1203186,CVE-2022-27664,CVE-2022-32190

Description:

This update for go1.19 fixes the following issues:
Update to go version 1.19.1 (bsc#1200441):

CVE-2022-27664: Fixed DoS in net/http caused by mishandled server errors after sending GOAWAY (bsc#1203185).
CVE-2022-32190: Fixed missing stripping of relative path components in net/url JoinPath (bsc#1203186).

Advisory ID	SUSE-SU-2022:3327-1
Released	Wed Sep 21 12:47:17 2022
Summary	Security update for oniguruma
Type	security
Severity	important
References	1142847,1150130,1157805,1164550,1164569,1177179,CVE-2019-13224,CVE-2019-16163,CVE-2019-19203,CVE-2019-19204,CVE-2019-19246,CVE-2020-26159

Description:

This update for oniguruma fixes the following issues:

CVE-2019-19246: Fixed an out of bounds access during regular expression matching (bsc#1157805).
CVE-2019-19204: Fixed an out of bounds access when compiling a crafted regular expression (bsc#1164569).
CVE-2019-19203: Fixed an out of bounds access when performing a string search (bsc#1164550).
CVE-2019-16163: Fixed an uncontrolled recursion issue when compiling a crafted regular expression, which could lead to denial of service (bsc#1150130).
CVE-2020-26159: Fixed an off-by-one buffer overflow (bsc#1177179).
CVE-2019-13224: Fixed a potential use-after-free when handling multiple different encodings (bsc#1142847).

Advisory ID	SUSE-RU-2022:3328-1
Released	Wed Sep 21 12:48:56 2022
Summary	Recommended update for jitterentropy
Type	recommended
Severity	moderate
References	1202870

Description:

This update for jitterentropy fixes the following issues:

Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870)

Advisory ID	SUSE-SU-2022:3333-1
Released	Thu Sep 22 08:46:43 2022
Summary	Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container
Type	security
Severity	important
References	1199392,1199460,1199603,1200528,1202516,CVE-2022-1798,CVE-2022-1996,CVE-2022-29162

Description:

This update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container fixes the following issues:
The kubevirt stack was updated to version 0.54.0
Release notes https://github.com/kubevirt/kubevirt/releases/tag/v0.54.0
Security fixes:

CVE-2022-1798: Fix arbitrary file read on the host from KubeVirt VMs (bsc#1202516)

Security fixes in vendored dependencies:

CVE-2022-1996: Fixed go-restful CORS bypass bsc#1200528)
CVE-2022-29162: Fixed runc incorrect handling of inheritable capabilities in default configuration (bsc#1199460)

Fix containerdisk unmount logic
Support topology spread constraints
Update libvirt-go to fix memory leak
Pack nft rules and nsswitch.conf for virt-handler
Only create 1MiB-aligned disk images (bsc#1199603)
Avoid to return nil failure message
Use semantic equality comparison
Drop kubevirt-psp-caasp.yaml
Allow to configure utility containers for update test
Symlink nsswitch.conf and nft rules to proper locations
Drop unused package libvirt-client
Install vim-small instead of vim
Remove unneeded libvirt-daemon-driver-storage-core
Install missing packages ethtool and gawk. Fixes bsc#1199392

Advisory ID	SUSE-SU-2022:3334-1
Released	Thu Sep 22 08:51:22 2022
Summary	Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer
Type	security
Severity	important
References	1200528,CVE-2022-1996

Description:

This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues:
Update to version 1.51.0

Release notes https://github.com/kubevirt/containerized-data-importer/releases/tag/v1.51.0

Security issues fixed in vendored dependencies:

CVE-2022-1996: Fixed CORS bypass (bsc#1200528)

Include additional tools used by cdi-importer: cdi-containerimage-server cdi-image-size-detection cdi-source-update-poller

Pack only cdi-operator and cdi-cr release manifests
Install tar for cloning filesystem PVCs

Advisory ID	SUSE-RU-2022:3336-1
Released	Thu Sep 22 10:55:21 2022
Summary	Recommended update for distribution
Type	recommended
Severity	moderate
References	1203324

Description:

This update for distribution fixes the following issues:

Explicitly require nologin shell which is needed for registry system user (bsc#1203324)

Advisory ID	SUSE-SU-2022:3341-1
Released	Fri Sep 23 07:54:56 2022
Summary	Security update for dpdk
Type	security
Severity	important
References	1202903,1202956,CVE-2022-2132,CVE-2022-28199

Description:

This update for dpdk fixes the following issues:

CVE-2022-2132: Fixed DoS when a vhost header crosses more than two descriptors and exhausts all mbufs (bsc#1202903).
CVE-2022-28199: Fixed buffer overflow in the vhost code (bsc#1202956).

Advisory ID	SUSE-SU-2022:3347-1
Released	Fri Sep 23 10:34:39 2022
Summary	Security update for rubygem-rack
Type	security
Severity	moderate
References	1172037,1173351,CVE-2020-8161,CVE-2020-8184

Description:

This update for rubygem-rack fixes the following issues:

CVE-2020-8184: Fixed vulnerability where percent-encoded cookies can be used to overwrite existing prefixed cookie names (bsc#1173351).
CVE-2020-8161: Fixed directory traversal in Rack:Directory (bsc#1172037).

Advisory ID	SUSE-SU-2022:3353-1
Released	Fri Sep 23 15:23:40 2022
Summary	Security update for permissions
Type	security
Severity	moderate
References	1203018,CVE-2022-31252

Description:

This update for permissions fixes the following issues:

CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018).

Advisory ID	SUSE-SU-2022:3370-1
Released	Sun Sep 25 00:34:04 2022
Summary	Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP4)
Type	security
Severity	important
References	1199695,1200057,1203116,CVE-2022-1652,CVE-2022-29581,CVE-2022-39188

Description:

This update for the Linux Kernel 5.14.21-150400_22 fixes several issues.
The following security issues were fixed:

CVE-2022-29581: Fixed an improper Update of Reference Count vulnerability in net/sched that causes privilege escalation to root (bsc#1199695).
CVE-2022-39188: Fixed a race condition between unmap_mapping_range() and munmap() on VM_PFNMAP mappings leads to stale TLB entry (bsc#1203116).
CVE-2022-1652: Fixed a use-after-free in bad_flp_intr (bsc#1200057).

Advisory ID	SUSE-RU-2022:3388-1
Released	Mon Sep 26 12:51:36 2022
Summary	Recommended update for google-guest-agent, google-guest-oslogin, google-osconfig-agent
Type	recommended
Severity	moderate
References	1191036,1194319,1195391,1202100,1202101,1202826

Description:

This update for google-guest-agent, google-guest-oslogin, google-osconfig-agent fixes the following issues:

Update to version 20220713.00 (bsc#1202100, bsc#1202101)
Use pam_moduledir (bsc#1191036)
Use install command in %post section to create state file (bsc#1202826)
Avoid bashim in post install scripts (bsc#1195391)
Don't restart daemon on package upgrade, create a state file instead (bsc#1194319)

Advisory ID	SUSE-RU-2022:3395-1
Released	Mon Sep 26 16:35:18 2022
Summary	Recommended update for ca-certificates-mozilla
Type	recommended
Severity	moderate
References	1181994,1188006,1199079,1202868

Description:

This update for ca-certificates-mozilla fixes the following issues:
Updated to 2.56 state of Mozilla SSL root CAs (bsc#1202868)

Added:

- Certainly Root E1 - Certainly Root R1 - DigiCert SMIME ECC P384 Root G5 - DigiCert SMIME RSA4096 Root G5 - DigiCert TLS ECC P384 Root G5 - DigiCert TLS RSA4096 Root G5 - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3

Removed:

- Hellenic Academic and Research Institutions RootCA 2011
Updated to 2.54 state of Mozilla SSL root CAs (bsc#1199079)

Added:

- Autoridad de Certificacion Firmaprofesional CIF A62634068 - D-TRUST BR Root CA 1 2020 - D-TRUST EV Root CA 1 2020 - GlobalSign ECC Root CA R4 - GTS Root R1 - GTS Root R2 - GTS Root R3 - GTS Root R4 - HiPKI Root CA - G1 - ISRG Root X2 - Telia Root CA v2 - vTrus ECC Root CA - vTrus Root CA

Removed:

- Cybertrust Global Root - DST Root CA X3 - DigiNotar PKIoverheid CA Organisatie - G2 - GlobalSign ECC Root CA R4 - GlobalSign Root CA R2 - GTS Root R1 - GTS Root R2 - GTS Root R3 - GTS Root R4
Updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006)

Added:

- HARICA Client ECC Root CA 2021 - HARICA Client RSA Root CA 2021 - HARICA TLS ECC Root CA 2021 - HARICA TLS RSA Root CA 2021 - TunTrust Root CA

Updated to 2.46 state of the Mozilla NSS Certificate store (bsc#1181994)

Added new root CAs:

- NAVER Global Root Certification Authority

Removed old root CAs:

- GeoTrust Global CA - GeoTrust Primary Certification Authority - GeoTrust Primary Certification Authority - G3 - GeoTrust Universal CA - GeoTrust Universal CA 2 - thawte Primary Root CA - thawte Primary Root CA - G2 - thawte Primary Root CA - G3 - VeriSign Class 3 Public Primary Certification Authority - G4 - VeriSign Class 3 Public Primary Certification Authority - G5

Advisory ID	SUSE-SU-2022:3396-1
Released	Mon Sep 26 16:37:26 2022
Summary	Security update for MozillaFirefox
Type	security
Severity	important
References	1200793,1201758,1202645,1203477,CVE-2022-2200,CVE-2022-2505,CVE-2022-34468,CVE-2022-34469,CVE-2022-34470,CVE-2022-34471,CVE-2022-34472,CVE-2022-34473,CVE-2022-34474,CVE-2022-34475,CVE-2022-34476,CVE-2022-34477,CVE-2022-34478,CVE-2022-34479,CVE-2022-34480,CVE-2022-34481,CVE-2022-34482,CVE-2022-34483,CVE-2022-34484,CVE-2022-34485,CVE-2022-36314,CVE-2022-36318,CVE-2022-36319,CVE-2022-38472,CVE-2022-38473,CVE-2022-38476,CVE-2022-38477,CVE-2022-38478,CVE-2022-40956,CVE-2022-40957,CVE-2022-40958,CVE-2022-40959,CVE-2022-40960,CVE-2022-40962

Description:

This update for MozillaFirefox fixes the following issues:
Mozilla Firefox was updated to 102.3.0esr ESR (bsc#1200793, bsc#1201758, bsc#1202645, bsc#1203477):

CVE-2022-40959: Fixed bypassing FeaturePolicy restrictions on transient pages.
CVE-2022-40960: Fixed data-race when parsing non-UTF-8 URLs in threads.
CVE-2022-40958: Fixed bypassing secure context restriction for cookies with __Host and __Secure prefix.
CVE-2022-40956: Fixed content-security-policy base-uri bypass.
CVE-2022-40957: Fixed incoherent instruction cache when building WASM on ARM64.
CVE-2022-40962: Fixed memory safety bugs.
CVE-2022-38472: Fixed a potential address bar spoofing via XSLT error handling.
CVE-2022-38473: Fixed an issue where cross-origin XSLT documents could inherit the parent's permissions.
CVE-2022-38478: Fixed various memory safety issues.
CVE-2022-38476: Fixed data race and potential use-after-free in PK11_ChangePW.
CVE-2022-38477: Fixed memory safety bugs.
CVE-2022-36319: Fixed mouse position spoofing with CSS transforms.
CVE-2022-36318: Fixed directory indexes for bundled resources reflected URL parameters.
CVE-2022-36314: Fixed unexpected network loads when opening local .lnk files.
CVE-2022-2505: Fixed memory safety bugs.
CVE-2022-34479: Fixed vulnerabilty where a popup window could be resized in a way to overlay the address bar with web content.
CVE-2022-34470: Fixed use-after-free in nsSHistory.
CVE-2022-34468: Fixed bypass of CSP sandbox header without `allow-scripts` via retargeted javascript: URI.
CVE-2022-34482: Fixed drag and drop of malicious image that could have led to malicious executable and potential code execution.
CVE-2022-34483: Fixed drag and drop of malicious image that could have led to malicious executable and potential code execution.
CVE-2022-34476: Fixed vulnerability where ASN.1 parser could have been tricked into accepting malformed ASN.1.
CVE-2022-34481: Fixed potential integer overflow in ReplaceElementsAt
CVE-2022-34474: Fixed vulnerability where sandboxed iframes could redirect to external schemes.
CVE-2022-34469: Fixed TLS certificate errors on HSTS-protected domains which could be bypassed by the user on Firefox for Android.
CVE-2022-34471: Fixed vulnerability where a compromised server could trick a browser into an addon downgrade.
CVE-2022-34472: Fixed vulnerability where an unavailable PAC file resulted in OCSP requests being blocked.
CVE-2022-34478: Fixed vulnerability where Microsoft protocols can be attacked if a user accepts a prompt.
CVE-2022-2200: Fixed vulnerability where undesired attributes could be set as part of prototype pollution.
CVE-2022-34480: Fixed free of uninitialized pointer in lg_init.
CVE-2022-34477: Fixed vulnerability in MediaError message property leaking information on cross-origin same-site pages.
CVE-2022-34475: Fixed vulnerability where the HTML Sanitizer could have been bypassed via same-origin script via use tags.
CVE-2022-34473: Fixed vulnerability where the HTML Sanitizer could have been bypassed via use tags.
CVE-2022-34484: Fixed memory safety bugs.
CVE-2022-34485: Fixed memory safety bugs.

Advisory ID	SUSE-SU-2022:3397-1
Released	Mon Sep 26 16:38:49 2022
Summary	Security update for snakeyaml
Type	security
Severity	important
References	1202932,1203149,1203153,1203154,1203158,CVE-2020-13936,CVE-2022-25857,CVE-2022-38749,CVE-2022-38750,CVE-2022-38751,CVE-2022-38752

Description:

This update for snakeyaml fixes the following issues:

CVE-2022-38750: Fixed uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (bsc#1203158).
CVE-2022-38749: Fixed StackOverflowError for many open unmatched brackets (bsc#1203149).
CVE-2022-38752: Fixed uncaught exception in java.base/java.util.ArrayList.hashCode (bsc#1203154).
CVE-2022-38751: Fixed unrestricted data matched with Regular Expressions (bsc#1203153).
CVE-2022-25857: Fixed denial of service vulnerability due missing to nested depth limitation for collections (bsc#1202932).

Advisory ID	SUSE-RU-2022:3398-1
Released	Mon Sep 26 16:40:06 2022
Summary	Recommended update for rust
Type	recommended
Severity	moderate
References

Description:

This update for rust fixes the following issues:

Update to rust version 1.63.0 - for details see the rust1.63 package

Advisory ID	SUSE-SU-2022:3399-1
Released	Mon Sep 26 16:40:46 2022
Summary	Security update for unzip
Type	security
Severity	moderate
References	1196177,1196180,CVE-2022-0529,CVE-2022-0530

Description:

This update for unzip fixes the following issues:

CVE-2022-0530: Fixed SIGSEGV during the conversion of an utf-8 string to a local string (bsc#1196177).
CVE-2022-0529: Fixed heap out-of-bound writes and reads during conversion of wide string to local string (bsc#1196180)

Advisory ID	SUSE-SU-2022:3400-1
Released	Mon Sep 26 17:02:16 2022
Summary	Security update for libcaca
Type	security
Severity	moderate
References	1182731,CVE-2021-3410

Description:

This update for libcaca fixes the following issues:

CVE-2021-3410: Fixed overflow when multiplying large ints (bsc#1182731).

Advisory ID	SUSE-SU-2022:3412-1
Released	Mon Sep 26 19:34:15 2022
Summary	Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP4)
Type	security
Severity	important
References	1199695,1203116,CVE-2022-29581,CVE-2022-39188

Description:

This update for the Linux Kernel 5.14.21-150400_24_11 fixes several issues.
The following security issues were fixed:

CVE-2022-29581: Fixed an improper Update of Reference Count vulnerability in net/sched that causes privilege escalation to root (bsc#1199695).
CVE-2022-39188: Fixed a race condition between unmap_mapping_range() and munmap() on VM_PFNMAP mappings leads to stale TLB entry (bsc#1203116).

Advisory ID	SUSE-SU-2022:3413-1
Released	Mon Sep 26 19:34:23 2022
Summary	Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP4)
Type	security
Severity	important
References	1203116,CVE-2022-39188

Description:

This update for the Linux Kernel 5.14.21-150400_24_18 fixes one issue.
The following security issue was fixed:

CVE-2022-39188: Fixed a race condition between unmap_mapping_range() and munmap() on VM_PFNMAP mappings leads to stale TLB entry (bsc#1203116).

Advisory ID	SUSE-SU-2022:3421-1
Released	Tue Sep 27 00:04:56 2022
Summary	Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP4)
Type	security
Severity	important
References	1196959,CVE-2021-39698

Description:

This update for the Linux Kernel 5.14.21-150400_24_21 fixes one issue.
The following security issue was fixed:

CVE-2021-39698: Fixed a memory corruption due to a use after free that could lead to local escalation of privilege with no additional execution privileges needed (bsc#1196959).

Advisory ID	SUSE-RU-2022:3427-1
Released	Tue Sep 27 12:13:26 2022
Summary	Recommended update for osinfo-db
Type	recommended
Severity	moderate
References	1202827

Description:

This update for osinfo-db fixes the following issues:

Fail to deploy sle15sp5 guest via virt-install with osinfo (bsc#1202827)
Add support for openSUSE Leap 15.5, SLES 15.5, and SLE Micro 5.3
Update to database version 20220516

Advisory ID	SUSE-RU-2022:3435-1
Released	Tue Sep 27 14:55:38 2022
Summary	Recommended update for runc
Type	recommended
Severity	important
References	1202821

Description:

This update for runc fixes the following issues:

Fix mounting via wrong proc fd. When the user and mount namespaces are used, and the bind mount is followed by the cgroup mount in the spec, the cgroup was mounted using the bind mount's mount fd.
Fix 'permission denied' error from runc run on noexec fs
Fix regression causing a failed 'exec' error after systemctl daemon-reload (bsc#1202821)

Advisory ID	SUSE-RU-2022:3437-1
Released	Tue Sep 27 14:57:23 2022
Summary	Recommended update for mariadb-galera
Type	recommended
Severity	important
References	1202760

Description:

This recommended update for mariadb-galera provides:

Deliver missing mariadb-galera to SUSE Linux Enterprise 15 Service Pack 4 PackageHub
There are NO code changes

Advisory ID	SUSE-RU-2022:3447-1
Released	Tue Sep 27 19:13:28 2022
Summary	Recommended update for myspell-dictionaries
Type	recommended
Severity	important
References	1203307

Description:

This recommended update for myspell-dictionaries provides:

Deliver missing myspell-de_CH and myspell-de_AT to the SUSE Linux Enterprise Basesystem Module. (bsc#1203307)
There are NO code changes.

Advisory ID	SUSE-RU-2022:3449-1
Released	Tue Sep 27 20:12:03 2022
Summary	Recommended update for perl-Bootloader
Type	recommended
Severity	moderate
References	1198197,1198828

Description:

This update for perl-Bootloader fixes the following issues:

Fix sysconfig parsing (bsc#1198828)
grub2/install: Reset error code when passing through recover code. (bsc#1198197)

Advisory ID	SUSE-SU-2022:3451-1
Released	Wed Sep 28 09:44:15 2022
Summary	Security update for rust1.62
Type	security
Severity	moderate
References	1203431,1203433,CVE-2022-36113,CVE-2022-36114

Description:

This update for rust1.62 fixes the following issues:

CVE-2022-36113: Fixed symlink hijack vulnerability (bsc#1203433).
CVE-2022-36114: Fixed zip bomb vulnerability (bsc#1203431).

Advisory ID	SUSE-RU-2022:3452-1
Released	Wed Sep 28 12:13:43 2022
Summary	Recommended update for glibc
Type	recommended
Severity	moderate
References	1201942

Description:

This update for glibc fixes the following issues:

Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942)
powerpc: Optimized memcmp for power10 (jsc#PED-987)

Advisory ID	SUSE-RU-2022:3472-1
Released	Thu Sep 29 19:09:27 2022
Summary	Recommended update for go1.18-openssl
Type	recommended
Severity	moderate
References

Description:

This update for go1.18-openssl fixes the following issues:
Initial package go1.18-openssl version 1.18.6.1. (jsc#SLE-18320)

This package contains a fork of the Go toolchain dev.boringcrypto branch and necessary modifications from the golang-fips/go GitHub project for the Go crypto library to use an external cryptographic library in a FIPS 140 compliant way.
Modifies the crypto/* packages to use OpenSSL for cryptographic operations.
Uses dlopen() to call into OpenSSL.
FIPS 140 mode (or boring mode as the package is named) is enabled either via an environment variable GOLANG_FIPS=1 or by virtue of the host being in FIPS 140 mode.
When the operating system is operating in FIPS 140 mode, Go applications which import crypto/tls/fipsonly limit operations to the FIPS ciphersuite.
SUSE RPM packaging introduces a fourth version digit go1.x.y.z corresponding to the golang-fips/go patchset tagged revision which can be updated independently of upstream Go maintenance releases.

Advisory ID	SUSE-SU-2022:3473-1
Released	Fri Sep 30 10:33:55 2022
Summary	Security update for python310
Type	security
Severity	important
References	1202624,1203125,CVE-2020-10735,CVE-2021-28861

Description:

This update for python310 fixes the following issues:
Updated to version 3.10.7:

CVE-2020-10735: Fixed DoS due to missing limit of amount of digits when converting text to int (bsc#1203125).
CVE-2021-28861: Fixed an open redirect in the http server when an URI path starts with // (bsc#1202624).

Advisory ID	SUSE-RU-2022:3481-1
Released	Fri Sep 30 15:53:10 2022
Summary	Recommended update for libvirt
Type	recommended
Severity	moderate
References	1197084,1202608

Description:

This update for libvirt fixes the following issues:

spec: Include aarch64 in the list of architectures that 'Require' dmidecode (bsc#1202608)
qemu: Support memory allocation threads (bsc#1197084)

Advisory ID	SUSE-SU-2022:3486-1
Released	Sat Oct 1 13:33:54 2022
Summary	Security update for cosign
Type	security
Severity	important
References	1203430,CVE-2022-36056

Description:

This update for cosign fixes the following issues:
Updated to version 1.12.0 (jsc#SLE-23879):

CVE-2022-36056: Fixed verify-blob could successfully verify an artifact when verification should have failed (bsc#1203430).

Advisory ID	SUSE-SU-2022:3487-1
Released	Sat Oct 1 13:34:14 2022
Summary	Security update for ImageMagick
Type	security
Severity	moderate
References	1203450,CVE-2022-3213

Description:

This update for ImageMagick fixes the following issues:

CVE-2022-3213: Fixed heap buffer overflow when processing a malformed TIFF file (bsc#1203450).

Advisory ID	SUSE-SU-2022:3488-1
Released	Sat Oct 1 13:34:52 2022
Summary	Security update for webkit2gtk3
Type	security
Severity	important
References	1203530,CVE-2022-32886,CVE-2022-32912

Description:

This update for webkit2gtk3 fixes the following issues:
Updated to version 2.36.8 (bsc#1203530): - CVE-2022-32886: Fixed a buffer overflow issue that could potentially lead to code execution. - CVE-2022-32912: Fixed an out-of-bounds read that could potentially lead to code execution.

Advisory ID	SUSE-SU-2022:3489-1
Released	Sat Oct 1 13:35:24 2022
Summary	Security update for expat
Type	security
Severity	important
References	1203438,CVE-2022-40674

Description:

This update for expat fixes the following issues:

CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438).

Advisory ID	SUSE-SU-2022:3496-1
Released	Tue Oct 4 09:47:32 2022
Summary	Security update for colord
Type	security
Severity	moderate
References	1202802,CVE-2021-42523

Description:

This update for colord fixes the following issues:

CVE-2021-42523: Fixed a small memory leak in sqlite3_exec (bsc#1202802).

Advisory ID	SUSE-feature-2022:3501-1
Released	Tue Oct 4 11:03:44 2022
Summary	Feature update for aws-cli, python-boto3, python-botocore
Type	feature
Severity	important
References	1199716

Description:

This update for aws-cli, python-boto3, python-botocore fixes the following issues:
Update AWS SDK and CLI in SUSE Linux Enterprise 15 (bsc#1199716, jsc#PED-1851) aws-cli:

Update from version 1.20.7 to version 1.24.4 (bsc#1199716, jsc#PED-1851)
For detailed changes see packaged CHANGELOG.rst or https://raw.githubusercontent.com/aws/aws-cli/1.24.4/CHANGELOG.rst
Updated required dependencies

python-boto3:

Update from version 1.18.7 to version 1.23.4 (bsc#1199716, jsc#PED-1851)
For detailed changes see https://github.com/boto/boto3/blob/develop/CHANGELOG.rst#1234
Updated required dependencies

python-botocore:

Update from version 1.21.7 to version 1.26.4 (bsc#1199716, jsc#PED-1851)
For detailed changes see https://github.com/boto/botocore/blob/develop/CHANGELOG.rst#1264
Updated required dependencies

Advisory ID	SUSE-RU-2022:3507-1
Released	Tue Oct 4 12:09:46 2022
Summary	Recommended update for pacemaker
Type	recommended
Severity	moderate
References	1196340,1197668,1198409

Description:

This update for pacemaker fixes the following issues:

scheduler: do not enforce resource stop if any new probe/monitor indicates

the resource was not running on the target (bsc#1196340)

tools: set commands in crm_resource before changing any options (bsc#1198409)

Pacemaker high resolution timestamps (bsc#1197668)

Advisory ID	SUSE-feature-2022:3520-1
Released	Tue Oct 4 14:18:34 2022
Summary	Feature update for dmidecode
Type	feature
Severity	moderate
References

Description:

This feature update for dmidecode fixes the following issues:
Update dmidecode from version 3.2 to version 3.4 (jsc#SLE-24502, jsc#SLE-24591, jsc#PED-411):

Add bios-revision, firmware-revision and system-sku-number to `-s` option
Decode HPE OEM records 194, 199, 203, 236, 237, 238 ans 240
Decode system slot base bus width and peers
Document how the UUID fields are interpreted
Don't display the raw CPU ID in quiet mode
Don't use memcpy on /dev/mem on arm64
Fix OEM vendor name matching
Fix small typo in NEWS file
Improve the formatting of the manual pages
Present HPE type 240 attributes as a proper list instead of packing them on a single line. This makes it more readable overall, and will also scale better if the number of attributes increases
Skip details of uninstalled memory modules
Support for SMBIOS 3.4.0. This includes new memory device types, new processor upgrades, new slot types and characteristics, decoding of memor module extended speed, new system slot types, new processor characteristic and new format of Processor ID
Support for SMBIOS 3.5.0. This includes new processor upgrades, BIOS characteristics, new slot characteristics, new on-board device types, new pointing device interface types, and a new record type (type 45 - Firmware Inventory Information)
Use the most appropriate unit for cache size

Advisory ID	SUSE-RU-2022:3521-1
Released	Tue Oct 4 14:18:56 2022
Summary	Recommended update for lvm2
Type	recommended
Severity	critical
References	1198523

Description:

This update for lvm2 fixes the following issues:

Add additional check in the package to prevent removal of device-mapper library files during install (bsc#1198523)

Advisory ID	SUSE-feature-2022:3522-1
Released	Tue Oct 4 14:19:18 2022
Summary	Feature update for python-python-editor
Type	feature
Severity	moderate
References

Description:

This feature update for python-python-editor fixes the following issues:
Version update from 1.0.3 to 1.0.4 (jsc#SLE-24984):

Clarify package summary and description
Remove superfluous devel dependency for noarch package

Advisory ID	SUSE-SU-2022:3525-1
Released	Wed Oct 5 12:17:14 2022
Summary	Security update for cifs-utils
Type	security
Severity	moderate
References	1198976,CVE-2022-29869

Description:

This update for cifs-utils fixes the following issues:

Fix changelog to include Bugzilla and CVE tracker id numbers missing from previous update

Advisory ID	SUSE-SU-2022:3531-1
Released	Thu Oct 6 09:21:50 2022
Summary	Security update for squid
Type	security
Severity	important
References	1203677,1203680,CVE-2022-41317,CVE-2022-41318

Description:

This update for squid fixes the following issues:
Updated squid to version 5.7: - CVE-2022-41317: Fixed exposure of sensitive information in cache manager (bsc#1203677). - CVE-2022-41318: Fixed buffer overread in SSPI and SMB Authentication (bsc#1203680).

Advisory ID	SUSE-SU-2022:3537-1
Released	Thu Oct 6 10:55:43 2022
Summary	Security update for postgresql-jdbc
Type	security
Severity	important
References	1202170,CVE-2022-31197

Description:

This update for postgresql-jdbc fixes the following issues:

CVE-2022-31197: Fixed SQL injection vulnerability (bsc#1202170).

Advisory ID	SUSE-SU-2022:3540-1
Released	Thu Oct 6 11:56:36 2022
Summary	Security update for LibVNCServer
Type	security
Severity	moderate
References	1203106,CVE-2020-29260

Description:

This update for LibVNCServer fixes the following issues:

CVE-2020-29260: Fixed memory leakage via rfbClientCleanup() (bsc#1203106).

Advisory ID	SUSE-SU-2022:3544-1
Released	Thu Oct 6 13:48:42 2022
Summary	Security update for python3
Type	security
Severity	important
References	1202624,CVE-2021-28861

Description:

This update for python3 fixes the following issues:

CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624).

Advisory ID	SUSE-RU-2022:3551-1
Released	Fri Oct 7 17:03:55 2022
Summary	Recommended update for libgcrypt
Type	recommended
Severity	moderate
References	1182983,1190700,1191020,1202117

Description:

This update for libgcrypt fixes the following issues:

FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while typing Tab key to Auto-Completion. [bsc#1182983]

FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941]

* Enable the jitter based entropy generator by default in random.conf * Update the internal jitterentropy to version 3.4.0

FIPS: Get most of the entropy from rndjent_poll [bsc#1202117]
FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700]

* Consider approved keylength greater or equal to 112 bits.

FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020]

Advisory ID	SUSE-RU-2022:3555-1
Released	Mon Oct 10 14:05:12 2022
Summary	Recommended update for aaa_base
Type	recommended
Severity	important
References	1199492

Description:

This update for aaa_base fixes the following issues:

The wrapper rootsh is not a restricted shell. (bsc#1199492)

Advisory ID	SUSE-feature-2022:3556-1
Released	Mon Oct 10 14:06:38 2022
Summary	Feature update for nvme-stas
Type	feature
Severity	moderate
References	1200128

Description:

This feature update for nvme-stas fixes the following issues:
Update from version 1.0 to version 1.1.6 (bsc#1200128, jsc#SLE-24805):

Added systemd service file (service disabled)
Install everything under `/usr/lib` instead of `/usr/lib64`
conf: Enable sticky-connections by default
doc: Troubleshoot guide for missing mDNS packets
doc: Update README.md
stacd: Add configuration parameter 'sticky-connections'
stacd: Fix D-Bus race condition between stacd and stafd
stacd: Allow disabling nvme-cli auto-connect udev rule
stacd: Audit connections
stacd: Fix I/O controller connection audits
stacd: Fix defered call to remove_controller() with wrong arguments
stafd, stacd: Add man page to systend service file.
staslib: Fix cback function deleting object that called the cback
staslib: Add override support
staslib: Calling wrong cback function on controller removal
staslib: Check that async operation hasn't been cancelled before proceeding
staslib: Fix race conditions during controller object removal
staslib: Fix support for fibre channel
staslib: Make sure controller object gets 'purged' when removed
systemd: Add explicit dependency to modprobe@nvme_fabrics.service
udev: Fix I/O controller scan & detect algorithm

Advisory ID	SUSE-RU-2022:3557-1
Released	Mon Oct 10 14:48:44 2022
Summary	Recommended update for aws-efs-utils
Type	recommended
Severity	critical
References	1203170

Description:

This update for aws-efs-utils fixes the following issues:

Update to version 1.33.4 (bsc#1203170) * Fix the issue where watchdog sending signal to incorrect processes and add FIPS mode support * Apply additional check on awscredsuri option
from version 1.33.3 * Fix the potential stunnel hanging issue caused by full subprocess PIPE filled by stunnel log * Specify FIPS mode in configuration * Add separate env_path for macOS; Add comments * Update get-pip.py download url in README
from version 1.33.2 * Fix the incorrect path to generate read_ahead_kb config file and Bump the default tls port range from 400 to 1000
Add patch to use unittest.mock instead of mock in testsuite
Use relative URL in Source field

version update to 1.33.1 * Enable mount process to retry on failed or timed out mount.nfs command * use unittest.mock instead of mock

version update to 1.32.1 * Enable watchdog to check stunnel health periodically and restart hanging stunnel process when necessary.
do not require python-mock for build

Advisory ID	SUSE-RU-2022:3564-1
Released	Tue Oct 11 16:15:57 2022
Summary	Recommended update for libzypp, zypper
Type	recommended
Severity	critical
References	1189282,1201972,1203649

Description:

This update for libzypp, zypper fixes the following issues:
libzypp:

Enable 'zck' support for SUSE Linux Enterprise 15 Service Pack 4 and newer (bsc#1189282)
Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972)
Remove migration code that is no longer needed (bsc#1203649)
Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined

zypper:

Fix contradiction in the man page: `--download-in-advance` option is the default behavior
Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972)
Fix tests to use locale 'C.UTF-8' rather than 'en_US'
Make sure 'up' respects solver related CLI options (bsc#1201972)
Remove unneeded code to compute the PPP status because it is now auto established
Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined

Advisory ID	SUSE-RU-2022:3569-1
Released	Tue Oct 11 16:31:40 2022
Summary	Recommended update for SAPHanaSR
Type	recommended
Severity	important
References	1192963,1198127,1201945

Description:

This update for SAPHanaSR fixes the following issues:

SAPHanaSR-monitor not reporting correctly. (bsc#1192963)

Version bump to 0.161.1_BF
add the required 'xmllint' to the package (bsc#1201945)
changes to the demote_clone function of the resource agent: if the role is '1:P' (topology agent run into timeouts) the function fail with rc=1, to get the managed resource stopped changes to the stop_clone function of the topology agent: call landscapeHostConfiguration.py and set the roles as they were reported. If the command timed out, set the role to '1:P' and return 1 to get the node fenced. The used timeout for the landscapeHostConfiguration.py call can be configured by the cluster action timeout, if needed. It will be 50% of the action timeout or the minimum of 300s. (bsc#1198127)
add new HA/DR provider hook susChkSrv (jsc#PED-1241, jsc#PED-1240, jsc#PED-1253)
add new tool SAPHanaSR-manageProvider to show, add and delete HA/DR provider sections in the global.ini of SAP HANA.
update suse icon to new branding

Advisory ID	SUSE-RU-2022:3570-1
Released	Tue Oct 11 20:34:21 2022
Summary	Recommended update for prometheus-ha_cluster_exporter
Type	recommended
Severity	important
References

Description:

This update for prometheus-ha_cluster_exporter fixes the following issues:

Release 1.3.0 (jsc#PED-2052) - Added: - TLS and basic auth support (#200) - sysconfig file now available to override systemd unit CLI arguments (#200) - Changed - **Deprecated**: Some CLI flags were deprecated in favour of new ones according to upstream conventions (#200) - Boilerplate now uses the Prometheus Exporter Toolkit (#200) - Rename dashboard provider subpackage (#196)

Advisory ID	SUSE-SU-2022:3571-1
Released	Thu Oct 13 07:34:28 2022
Summary	Security update for rubygem-puma
Type	security
Severity	important
References	1197818,CVE-2022-24790

Description:

This update for rubygem-puma fixes the following issues:
Updated to version 4.3.12: - CVE-2022-24790: Fixed HTTP request smuggling if proxy is not RFC7230 compliant (bsc#1197818).

Advisory ID	SUSE-RU-2022:3574-1
Released	Thu Oct 13 09:41:17 2022
Summary	Recommended update for clamsap
Type	recommended
Severity	low
References	1200699

Description:

This update for clamsap fixes the following issues:

Add reference to bsc#1200699 in the changelog (bsc#1200699).

Advisory ID	SUSE-SU-2022:3585-1
Released	Fri Oct 14 09:52:25 2022
Summary	Security update for the Linux Kernel
Type	security
Severity	important
References	1152472,1152489,1185032,1190497,1194023,1194869,1195917,1196444,1196869,1197659,1198189,1200622,1201309,1201310,1201987,1202095,1202960,1203039,1203066,1203101,1203197,1203263,1203338,1203360,1203361,1203389,1203410,1203505,1203552,1203664,1203693,1203699,1203701,1203767,1203769,1203794,1203798,1203893,1203902,1203906,1203908,1203933,1203935,1203939,1203969,1203987,1203992,CVE-2022-1263,CVE-2022-2586,CVE-2022-3202,CVE-2022-3239,CVE-2022-3303,CVE-2022-39189,CVE-2022-41218,CVE-2022-41848,CVE-2022-41849

Description:

The SUSE Linux Enterprise 15 SP4 kernel was updated.
The following security bugs were fixed:

CVE-2022-3303: Fixed a race condition in the sound subsystem due to improper locking (bnc#1203769).
CVE-2022-41218: Fixed an use-after-free caused by refcount races in drivers/media/dvb-core/dmxdev.c (bnc#1202960).
CVE-2022-3239: Fixed an use-after-free in the video4linux driver that could lead a local user to able to crash the system or escalate their privileges (bnc#1203552).
CVE-2022-41848: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl (bnc#1203987).
CVE-2022-41849: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open (bnc#1203992).
CVE-2022-2586: Fixed a use-after-free which can be triggered when a nft table is deleted (bnc#1202095).
CVE-2022-1263: Fixed a NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allowed an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service (bnc#1198189).
CVE-2022-3202: Fixed a NULL pointer dereference flaw in Journaled File System. This could allow a local attacker to crash the system or leak kernel internal information (bnc#1203389).
CVE-2022-39189: Fixed a bug in the x86 KVM subsystem which allows unprivileged guest users to compromise the guest kernel because TLB flush operations are mishandled (bnc#1203066).

The following non-security bugs were fixed:

ACPI / scan: Create platform device for CS35L41 (bsc#1203699).
ACPI: processor idle: Practically limit 'Dummy wait' workaround to old Intel systems (bsc#1203767).
ACPI: resource: skip IRQ override on AMD Zen platforms (git-fixes).
ACPI: scan: Add CLSA0101 Laptop Support (bsc#1203699).
ACPI: utils: Add api to read _SUB from ACPI (bsc#1203699).
ALSA: aloop: Fix random zeros in capture data when using jiffies timer (git-fixes).
ALSA: core: Fix double-free at snd_card_new() (git-fixes).
ALSA: cs35l41: Check hw_config before using it (bsc#1203699).
ALSA: cs35l41: Enable Internal Boost in shared lib (bsc#1203699).
ALSA: cs35l41: Move cs35l41_gpio_config to shared lib (bsc#1203699).
ALSA: cs35l41: Unify hardware configuration (bsc#1203699).
ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() (git-fixes).
ALSA: hda: add Intel 5 Series / 3400 PCI DID (git-fixes).
ALSA: hda: cs35l41: Add Amp Name based on channel and index (bsc#1203699).
ALSA: hda: cs35l41: Add Boost type flag (bsc#1203699).
ALSA: hda: cs35l41: Add calls to newly added test key function (bsc#1203699).
ALSA: hda: cs35l41: Add defaulted values into dsp bypass config sequence (bsc#1203699).
ALSA: hda: cs35l41: Add initial DSP support and firmware loading (bsc#1203699).
ALSA: hda: cs35l41: Add missing default cases (bsc#1203699).
ALSA: hda: cs35l41: Add module parameter to control firmware load (bsc#1203699).
ALSA: hda: cs35l41: Add support for CS35L41 in HDA systems (bsc#1203699).
ALSA: hda: cs35l41: Add Support for Interrupts (bsc#1203699).
ALSA: hda: cs35l41: Allow compilation test on non-ACPI configurations (bsc#1203699).
ALSA: hda: cs35l41: Always configure the DAI (bsc#1203699).
ALSA: hda: cs35l41: Avoid overwriting register patch (bsc#1203699).
ALSA: hda: cs35l41: Clarify support for CSC3551 without _DSD Properties (bsc#1203699).
ALSA: hda: cs35l41: Consolidate selections under SND_HDA_SCODEC_CS35L41 (bsc#1203699).
ALSA: hda: cs35l41: Do not dereference fwnode handle (bsc#1203699).
ALSA: hda: cs35l41: Drop wrong use of ACPI_PTR() (bsc#1203699).
ALSA: hda: cs35l41: Enable GPIO2 Interrupt for CLSA0100 laptops (bsc#1203699).
ALSA: hda: cs35l41: Fix comments wrt serial-multi-instantiate reference (bsc#1203699).
ALSA: hda: cs35l41: fix double free on error in probe() (bsc#1203699).
ALSA: hda: cs35l41: Fix error in spi cs35l41 hda driver name (bsc#1203699).
ALSA: hda: cs35l41: Fix I2S params comments (bsc#1203699).
ALSA: hda: cs35l41: Handle all external boost setups the same way (bsc#1203699).
ALSA: hda: cs35l41: Improve dev_err_probe() messaging (bsc#1203699).
ALSA: hda: cs35l41: Make cs35l41_hda_remove() return void (bsc#1203699).
ALSA: hda: cs35l41: Make use of the helper function dev_err_probe() (bsc#1203699).
ALSA: hda: cs35l41: Move boost config to initialization code (bsc#1203699).
ALSA: hda: cs35l41: Move cs35l41* calls to its own symbol namespace (bsc#1203699).
ALSA: hda: cs35l41: Move external boost handling to lib for ASoC use (bsc#1203699).
ALSA: hda: cs35l41: Mute the device before shutdown (bsc#1203699).
ALSA: hda: cs35l41: Put the device into safe mode for external boost (bsc#1203699).
ALSA: hda: cs35l41: Read Speaker Calibration data from UEFI variables (bsc#1203699).
ALSA: hda: cs35l41: Remove cs35l41_hda_reg_sequence struct (bsc#1203699).
ALSA: hda: cs35l41: Remove Set Channel Map api from binding (bsc#1203699).
ALSA: hda: cs35l41: Reorganize log for playback actions (bsc#1203699).
ALSA: hda: cs35l41: Save codec object inside component struct (bsc#1203699).
ALSA: hda: cs35l41: Save Subsystem ID inside CS35L41 Driver (bsc#1203699).
ALSA: hda: cs35l41: Set Speaker Position for CLSA0100 Laptop (bsc#1203699).
ALSA: hda: cs35l41: Support CLSA0101 (bsc#1203699).
ALSA: hda: cs35l41: Support Firmware switching and reloading (bsc#1203699).
ALSA: hda: cs35l41: Support Hibernation during Suspend (bsc#1203699).
ALSA: hda: cs35l41: Support multiple load paths for firmware (bsc#1203699).
ALSA: hda: cs35l41: Support reading subsystem id from ACPI (bsc#1203699).
ALSA: hda: cs35l41: Support Speaker ID for laptops (bsc#1203699).
ALSA: hda: cs35l41: Tidyup code (bsc#1203699).
ALSA: hda: cs35l41: Use the CS35L41 HDA internal define (bsc#1203699).
ALSA: hda: Fix dependencies of CS35L41 on SPI/I2C buses (bsc#1203699).
ALSA: hda: Fix dependency on ASoC cs35l41 codec (bsc#1203699).
ALSA: hda: Fix hang at HD-audio codec unbinding due to refcount saturation (git-fixes).
ALSA: hda: Fix Nvidia dp infoframe (git-fixes).
ALSA: hda: hda_cs_dsp_ctl: Add apis to write the controls directly (bsc#1203699).
ALSA: hda: hda_cs_dsp_ctl: Add fw id strings (bsc#1203699).
ALSA: hda: hda_cs_dsp_ctl: Add Library to support CS_DSP ALSA controls (bsc#1203699).
ALSA: hda: intel-dsp-config: Add RaptorLake PCI IDs (jsc#PED-720).
ALSA: hda/cs8409: Add new Dolphin HW variants (bsc#1203699).
ALSA: hda/cs8409: Add Speaker Playback Switch for Cyborg (bsc#1203699).
ALSA: hda/cs8409: Add Speaker Playback Switch for Warlock (bsc#1203699).
ALSA: hda/cs8409: change cs8409_fixups v.pins initializers to static (bsc#1203699).
ALSA: hda/cs8409: Disable HSBIAS_SENSE_EN for Cyborg (bsc#1203699).
ALSA: hda/cs8409: Fix Full Scale Volume setting for all variants (bsc#1203699).
ALSA: hda/cs8409: Fix Warlock to use mono mic configuration (bsc#1203699).
ALSA: hda/cs8409: Re-order quirk table into ascending order (bsc#1203699).
ALSA: hda/cs8409: Support manual mode detection for CS42L42 (bsc#1203699).
ALSA: hda/cs8409: Support new Dolphin Variants (bsc#1203699).
ALSA: hda/cs8409: Support new Odin Variants (bsc#1203699).
ALSA: hda/cs8409: Support new Warlock MLK Variants (bsc#1203699).
ALSA: hda/cs8409: Use general cs42l42 include in cs8409 hda driver (bsc#1203699).
ALSA: hda/realtek: Add a quirk for HP OMEN 16 (8902) mute LED (git-fixes).
ALSA: hda/realtek: Add CS35L41 support for Thinkpad laptops (bsc#1203699).
ALSA: hda/realtek: Add mute and micmut LED support for Zbook Fury 17 G9 (bsc#1203699).
ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack (git-fixes).
ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack (git-fixes).
ALSA: hda/realtek: Add quirk for ASUS GA503R laptop (git-fixes).
ALSA: hda/realtek: Add quirk for HP Zbook Firefly 14 G9 model (bsc#1203699).
ALSA: hda/realtek: Add quirk for Huawei WRT-WX9 (git-fixes).
ALSA: hda/realtek: Add quirk for Lenovo Yoga7 14IAL7 (bsc#1203699).
ALSA: hda/realtek: Add quirks for ASUS Zenbooks using CS35L41 (bsc#1203699).
ALSA: hda/realtek: Add support for HP Laptops (bsc#1203699).
ALSA: hda/realtek: Add support for Legion 7 16ACHg6 laptop (bsc#1203699).
ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop (git-fixes).
ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5570 laptop (git-fixes).
ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook 845/865 G9 (bsc#1203699).
ALSA: hda/realtek: Enable mute/micmute LEDs support for HP Laptops (bsc#1203699).
ALSA: hda/realtek: Enable speaker and mute LEDs for HP laptops (bsc#1203699).
ALSA: hda/realtek: Fix LED on Zbook Studio G9 (bsc#1203699).
ALSA: hda/realtek: Fix mute led issue on thinkpad with cs35l41 s-codec (bsc#1203699).
ALSA: hda/realtek: More robust component matching for CS35L41 (bsc#1203699).
ALSA: hda/realtek: Re-arrange quirk table entries (git-fixes).
ALSA: hda/sigmatel: Fix unused variable warning for beep power change (git-fixes).
ALSA: hda/tegra: Add Tegra234 hda driver support (git-fixes).
ALSA: hda/tegra: Align BDL entry to 4KB boundary (git-fixes).
ALSA: hda/tegra: set depop delay for tegra (git-fixes).
ALSA: hda/tegra: Update scratch reg. communication (git-fixes).
ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC (git-fixes).
ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() (git-fixes).
ALSA: usb-audio: Inform the delayed registration more properly (git-fixes).
ALSA: usb-audio: Register card again for iface over delayed_register option (git-fixes).
ALSA: usb-audio: Split endpoint setups for hw_params and prepare (git-fixes).
ARM: dts: am33xx: Fix MMCHS0 dma properties (git-fixes).
ARM: dts: imx: align SPI NOR node name with dtschema (git-fixes).
ARM: dts: imx6qdl-kontron-samx6i: fix spi-flash compatible (git-fixes).
arm64: dts: qcom: sm8350: fix UFS PHY serdes size (git-fixes).
arm64: dts: rockchip: Fix typo in lisense text for PX30.Core (git-fixes).
arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob (git-fixes).
arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma (git-fixes).
arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz (git-fixes).
arm64: errata: Add Cortex-A510 to the repeat tlbi list (git-fixes) Enable this errata fix configuration option to arm64/default.
arm64: kexec_file: use more system keyrings to verify kernel image signature (bsc#1196444).
arm64: lib: Import latest version of Arm Optimized Routines' strcmp (git-fixes)
arm64: select TRACE_IRQFLAGS_NMI_SUPPORT (git-fixes)
arm64: topology: fix possible overflow in amu_fie_setup() (git-fixes).
ASoC: cs35l41: Add ASP TX3/4 source to register patch (bsc#1203699).
ASoC: cs35l41: Add bindings for CS35L41 (bsc#1203699).
ASoC: cs35l41: Add common cs35l41 enter hibernate function (bsc#1203699).
ASoC: cs35l41: Add cs35l51/53 IDs (bsc#1203699).
ASoC: cs35l41: Add endianness flag in snd_soc_component_driver (bsc#1203699).
ASoC: cs35l41: Add one more variable in the debug log (bsc#1203699).
ASoC: cs35l41: Add one more variable in the debug log (bsc#1203699).
ASoC: cs35l41: Add support for CLSA3541 ACPI device ID (bsc#1203699).
ASoC: cs35l41: Add support for hibernate memory retention mode (bsc#1203699).
ASoC: cs35l41: Binding fixes (bsc#1203699).
ASoC: cs35l41: Change monitor widgets to siggens (bsc#1203699).
ASoC: cs35l41: Combine adjacent register writes (bsc#1203699).
ASoC: cs35l41: Convert tables to shared source code (bsc#1203699).
ASoC: cs35l41: Correct DSP power down (bsc#1203699).
ASoC: cs35l41: Correct handling of some registers in the cache (bsc#1203699).
ASoC: cs35l41: Correct some control names (bsc#1203699).
ASoC: cs35l41: Create shared function for boost configuration (bsc#1203699).
ASoC: cs35l41: Create shared function for errata patches (bsc#1203699).
ASoC: cs35l41: Create shared function for setting channels (bsc#1203699).
ASoC: cs35l41: CS35L41 Boosted Smart Amplifier (bsc#1203699).
ASoC: cs35l41: Do not overwrite returned error code (bsc#1203699).
ASoC: cs35l41: Do not print error when waking from hibernation (bsc#1203699).
ASoC: cs35l41: Document CS35l41 External Boost (bsc#1203699).
ASoC: cs35l41: DSP Support (bsc#1203699).
ASoC: cs35l41: Fix a bunch of trivial code formating/style issues (bsc#1203699).
ASoC: cs35l41: Fix a shift-out-of-bounds warning found by UBSAN (bsc#1203699).
ASoC: cs35l41: Fix an out-of-bounds access in otp_packed_element_t (bsc#1203699).
ASoC: cs35l41: Fix DSP mbox start command and global enable order (bsc#1203699).
ASoC: cs35l41: Fix GPIO2 configuration (bsc#1203699).
ASoC: cs35l41: Fix link problem (bsc#1203699).
ASoC: cs35l41: Fix max number of TX channels (bsc#1203699).
ASoC: cs35l41: Fix undefined reference to core functions (bsc#1203699).
ASoC: cs35l41: Fix use of an uninitialised variable (bsc#1203699).
ASoC: cs35l41: Fixup the error messages (bsc#1203699).
ASoC: cs35l41: Make cs35l41_remove() return void (bsc#1203699).
ASoC: cs35l41: Move cs_dsp config struct into shared code (bsc#1203699).
ASoC: cs35l41: Move cs35l41 exit hibernate function into shared code (bsc#1203699).
ASoC: cs35l41: Move cs35l41 fs errata into shared code (bsc#1203699).
ASoC: cs35l41: Move cs35l41_otp_unpack to shared code (bsc#1203699).
ASoC: cs35l41: Move cs35l41_set_cspl_mbox_cmd to shared code (bsc#1203699).
ASoC: cs35l41: Move power initializations to reg_sequence (bsc#1203699).
ASoC: cs35l41: Read System Name from ACPI _SUB to identify firmware (bsc#1203699).
ASoC: cs35l41: Remove incorrect comment (bsc#1203699).
ASoC: cs35l41: Remove unnecessary param (bsc#1203699).
ASoC: cs35l41: Set the max SPI speed for the whole device (bsc#1203699).
ASoC: cs35l41: Support external boost (bsc#1203699).
ASoC: cs35l41: Update handling of test key registers (bsc#1203699).
ASoC: cs35l41: Use regmap_read_poll_timeout to wait for OTP boot (bsc#1203699).
ASoC: cs42l42: Add control for audio slow-start switch (bsc#1203699).
ASoC: cs42l42: Add warnings about DETECT_MODE and PLL_START (bsc#1203699).
ASoC: cs42l42: Allow time for HP/ADC to power-up after enable (bsc#1203699).
ASoC: cs42l42: Always enable TS_PLUG and TS_UNPLUG interrupts (bsc#1203699).
ASoC: cs42l42: Change jack_detect_mutex to a lock of all IRQ handling (bsc#1203699).
ASoC: cs42l42: Do not claim to support 192k (bsc#1203699).
ASoC: cs42l42: Do not reconfigure the PLL while it is running (bsc#1203699).
ASoC: cs42l42: Fix WARN in remove() if running without an interrupt (bsc#1203699).
ASoC: cs42l42: free_irq() before powering-down on probe() fail (bsc#1203699).
ASoC: cs42l42: Handle system suspend (bsc#1203699).
ASoC: cs42l42: Implement Manual Type detection as fallback (bsc#1203699).
ASoC: cs42l42: Mark OSC_SWITCH_STATUS register volatile (bsc#1203699).
ASoC: cs42l42: Minor fix all errors reported by checkpatch.pl script (bsc#1203699).
ASoC: cs42l42: Move CS42L42 register descriptions to general include (bsc#1203699).
ASoC: cs42l42: Only report button state if there was a button interrupt (git-fixes).
ASoC: cs42l42: Prevent NULL pointer deref in interrupt handler (bsc#1203699).
ASoC: cs42l42: Remove redundant pll_divout member (bsc#1203699).
ASoC: cs42l42: Remove redundant writes to DETECT_MODE (bsc#1203699).
ASoC: cs42l42: Remove redundant writes to RS_PLUG/RS_UNPLUG masks (bsc#1203699).
ASoC: cs42l42: Remove unused runtime_suspend/runtime_resume callbacks (bsc#1203699).
ASoC: cs42l42: Report full jack status when plug is detected (bsc#1203699).
ASoC: cs42l42: Report initial jack state (bsc#1203699).
ASoC: cs42l42: Reset and power-down on remove() and failed probe() (bsc#1203699).
ASoC: cs42l42: Set correct SRC MCLK (bsc#1203699).
ASoC: cs42l42: Simplify reporting of jack unplug (bsc#1203699).
ASoC: cs42l42: Use PLL for SCLK > 12.288MHz (bsc#1203699).
ASoC: cs42l42: Use two thresholds and increased wait time for manual type detection (bsc#1203699).
ASoC: dt-bindings: cs42l42: Convert binding to yaml (bsc#1203699).
ASoC: imx-card: Fix refcount issue with of_node_put (git-fixes).
ASoC: mchp-spdiftx: Fix clang -Wbitfield-constant-conversion (git-fixes).
ASoC: mchp-spdiftx: remove references to mchp_i2s_caps (git-fixes).
ASoC: nau8824: Fix semaphore unbalance at error paths (git-fixes).
ASoC: qcom: sm8250: add missing module owner (git-fixes).
ASoC: SOF: Intel: pci-tgl: add ADL-PS support (jsc#PED-720).
ASoC: SOF: Intel: pci-tgl: add RPL-P support (jsc#PED-720).
ASoC: SOF: Intel: pci-tgl: add RPL-S support (jsc#PED-652).
ASoC: tas2770: Reinit regcache on reset (git-fixes).
ASoC: wm_adsp: Add support for 'toggle' preloaders (bsc#1203699).
ASoC: wm_adsp: Add trace caps to speaker protection FW (bsc#1203699).
ASoC: wm_adsp: Cancel ongoing work when removing controls (bsc#1203699).
ASoC: wm_adsp: Compressed stream DSP memory structs should be __packed (bsc#1203699).
ASoC: wm_adsp: Correct control read size when parsing compressed buffer (bsc#1203699).
ASoC: wm_adsp: Expand firmware loading search options (bsc#1203699).
ASoC: wm_adsp: Fix event for preloader (bsc#1203699).
ASoC: wm_adsp: Introduce cs_dsp logging macros (bsc#1203699).
ASoC: wm_adsp: Make compressed buffers optional (bsc#1203699).
ASoC: wm_adsp: Minor clean and redundant code removal (bsc#1203699).
ASoC: wm_adsp: Move check for control existence (bsc#1203699).
ASoC: wm_adsp: Move check of dsp->running to better place (bsc#1203699).
ASoC: wm_adsp: move firmware loading to client (bsc#1203699).
ASoC: wm_adsp: Move sys_config_size to wm_adsp (bsc#1203699).
ASoC: wm_adsp: Pass firmware names as parameters when starting DSP core (bsc#1203699).
ASoC: wm_adsp: remove a repeated including (bsc#1203699).
ASoC: wm_adsp: Remove pointless string comparison (bsc#1203699).
ASoC: wm_adsp: Remove the wmfw_add_ctl helper function (bsc#1203699).
ASoC: wm_adsp: Remove use of snd_ctl_elem_type_t (bsc#1203699).
ASoC: wm_adsp: Rename generic DSP support (bsc#1203699).
ASoC: wm_adsp: Separate generic cs_dsp_coeff_ctl handling (bsc#1203699).
ASoC: wm_adsp: Separate some ASoC and generic functions (bsc#1203699).
ASoC: wm_adsp: Separate wm_adsp specifics in cs_dsp_client_ops (bsc#1203699).
ASoC: wm_adsp: Split DSP power operations into helper functions (bsc#1203699).
ASoC: wm_adsp: Split out struct cs_dsp from struct wm_adsp (bsc#1203699).
ASoC: wm_adsp: Switch to using wm_coeff_read_ctrl for compressed buffers (bsc#1203699).
ASoC: wm_adsp: wm_adsp_control_add() error: uninitialized symbol 'ret' (bsc#1203699).
batman-adv: Fix hang up with small MTU hard-interface (git-fixes).
Bluetooth: btusb: mediatek: fix WMT failure during runtime suspend (git-fixes).
Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure (git-fixes).
Bluetooth: hci_core: Fix not handling link timeouts propertly (git-fixes).
bnx2x: fix built-in kernel driver load failure (git-fixes).
bnx2x: fix driver load from initrd (git-fixes).
btrfs: fix relocation crash due to premature return from btrfs_commit_transaction() (bsc#1203360).
btrfs: fix space cache corruption and potential double allocations (bsc#1203361).
build mlx in x86_64/azure as modules again (bsc#1203701) There is little gain by having the drivers built into the kernel. Having them as modules allows easy replacement by third party drivers.
can: gs_usb: gs_can_open(): fix race dev->can.state condition (git-fixes).
can: rx-offload: can_rx_offload_init_queue(): fix typo (git-fixes).
cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all() (bsc#1196869).
cgroup: cgroup_get_from_id() must check the looked-up kn is a directory (bsc#1203906).
cgroup: Fix race condition at rebind_subsystems() (bsc#1203902).
cgroup: Fix threadgroup_rwsem <-> cpus_read_lock() deadlock (bsc#1196869).
clk: bcm: rpi: Prevent out-of-bounds access (git-fixes).
clk: bcm: rpi: Use correct order for the parameters of devm_kcalloc() (git-fixes).
clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks (git-fixes).
clk: ingenic-tcu: Properly enable registers before accessing timers (git-fixes).
clk: iproc: Do not rely on node name for correct PLL setup (git-fixes).
constraints: increase disk space for all architectures References: bsc#1203693 aarch64 is already suffering. SLE15-SP5 x86_64 stats show that it is very close to the limit.
crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes)
cs-dsp and serial-multi-instantiate enablement (bsc#1203699)
dmaengine: idxd: add helper for per interrupt handle drain (jsc#PED-682).
dmaengine: idxd: add knob for enqcmds retries (jsc#PED-755).
dmaengine: idxd: change MSIX allocation based on per wq activation (jsc#PED-664).
dmaengine: idxd: create locked version of idxd_quiesce() call (jsc#PED-682).
dmaengine: idxd: embed irq_entry in idxd_wq struct (jsc#PED-664).
dmaengine: idxd: fix descriptor flushing locking (jsc#PED-664).
dmaengine: idxd: fix retry value to be constant for duration of function call (git-fixes).
dmaengine: idxd: handle interrupt handle revoked event (jsc#PED-682).
dmaengine: idxd: handle invalid interrupt handle descriptors (jsc#PED-682).
dmaengine: idxd: int handle management refactoring (jsc#PED-682).
dmaengine: idxd: match type for retries var in idxd_enqcmds() (git-fixes).
dmaengine: idxd: move interrupt handle assignment (jsc#PED-682).
dmaengine: idxd: rework descriptor free path on failure (jsc#PED-682).
dmaengine: idxd: set defaults for wq configs (jsc#PED-688).
dmaengine: idxd: update IAA definitions for user header (jsc#PED-763).
dmaengine: ti: k3-udma-private: Fix refcount leak bug in of_xudma_dev_get() (git-fixes).
docs: i2c: i2c-topology: fix incorrect heading (git-fixes).
dpaa2-ptp: Fix refcount leak in dpaa2_ptp_probe (git-fixes).
drm/amd/amdgpu: fixing read wrong pf2vf data in SRIOV (git-fixes).
drm/amd/amdgpu: skip ucode loading if ucode_size == 0 (git-fixes).
drm/amd/display: Limit user regamma to a valid value (git-fixes).
drm/amd/display: Mark dml30's UseMinimumDCFCLK() as noinline for stack usage (git-fixes).
drm/amd/display: Reduce number of arguments of dml31's CalculateFlipSchedule() (git-fixes).
drm/amd/display: Reduce number of arguments of dml31's CalculateWatermarksAndDRAMSpeedChangeSupport() (git-fixes).
drm/amd/pm: disable BACO entry/exit completely on several sienna cichlid cards (git-fixes).
drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup (git-fixes).
drm/amdgpu: do not register a dirty callback for non-atomic (git-fixes).
drm/amdgpu: make sure to init common IP before gmc (git-fixes).
drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly (git-fixes).
drm/amdgpu: move nbio ih_doorbell_range() into ih code for vega (git-fixes).
drm/amdgpu: move nbio sdma_doorbell_range() into sdma code for vega (git-fixes).
drm/amdgpu: Move psp_xgmi_terminate call from amdgpu_xgmi_remove_device to psp_hw_fini (git-fixes).
drm/amdgpu: Separate vf2pf work item init from virt data exchange (git-fixes).
drm/amdgpu: use dirty framebuffer helper (git-fixes).
drm/bridge: display-connector: implement bus fmts callbacks (git-fixes).
drm/bridge: lt8912b: add vsync hsync (git-fixes).
drm/bridge: lt8912b: fix corrupted image output (git-fixes).
drm/bridge: lt8912b: set hdmi or dvi mode (git-fixes).
drm/gem: Fix GEM handle release errors (git-fixes).
drm/gma500: Fix BUG: sleeping function called from invalid context errors (git-fixes).
drm/i915: Implement WaEdpLinkRateDataReload (git-fixes).
drm/i915: Skip wm/ddb readout for disabled pipes (git-fixes).
drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk (git-fixes).
drm/i915/gt: Restrict forced preemption to the active context (git-fixes).
drm/mediatek: dsi: Add atomic {destroy,duplicate}_state, reset callbacks (git-fixes).
drm/mediatek: dsi: Move mtk_dsi_stop() call back to mtk_dsi_poweroff() (git-fixes).
drm/meson: Correct OSD1 global alpha value (git-fixes).
drm/meson: Fix OSD1 RGB to YCbCr coefficient (git-fixes).
drm/msm/rd: Fix FIFO-full deadlock (git-fixes).
drm/panel: simple: Fix innolux_g121i1_l01 bus_format (git-fixes).
drm/panfrost: devfreq: set opp to the recommended one to configure regulator (git-fixes).
drm/radeon: add a force flush to delay work when radeon (git-fixes).
drm/rockchip: Fix return type of cdn_dp_connector_mode_valid (git-fixes).
drm/tegra: vic: Fix build warning when CONFIG_PM=n (git-fixes).
dt-bindings: hwmon: (mr75203) fix 'intel,vm-map' property to be optional (git-fixes).
EDAC/dmc520: Do not print an error for each unconfigured interrupt line (bsc#1190497).
efi: capsule-loader: Fix use-after-free in efi_capsule_write (git-fixes).
efi: libstub: Disable struct randomization (git-fixes).
eth: alx: take rtnl_lock on resume (git-fixes).
eth: sun: cassini: remove dead code (git-fixes).
explicit set MODULE_SIG_HASH in azure config (bsc#1203933) Setting this option became mandatory in Feb 2022. While the lack of this option did not cause issues with automated builds, a manual osc build started to fail due to incorrect macro expansion.
fbcon: Add option to enable legacy hardware acceleration (bsc#1152472) Backporting changes: * context fixes in other patch * update config
fbcon: Fix accelerated fbdev scrolling while logo is still shown (bsc#1152472)
fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init() (git-fixes).
firmware: arm_scmi: Fix the asynchronous reset requests (git-fixes).
firmware: arm_scmi: Harden accesses to the reset domains (git-fixes).
firmware: cs_dsp: add driver to support firmware loading on Cirrus Logic DSPs (bsc#1203699).
firmware: cs_dsp: Add lockdep asserts to interface functions (bsc#1203699).
firmware: cs_dsp: Add memory chunk helpers (bsc#1203699).
firmware: cs_dsp: Add offset to cs_dsp read/write (bsc#1203699).
firmware: cs_dsp: Add pre_run callback (bsc#1203699).
firmware: cs_dsp: Add pre_stop callback (bsc#1203699).
firmware: cs_dsp: Add support for rev 2 coefficient files (bsc#1203699).
firmware: cs_dsp: Add version checks on coefficient loading (bsc#1203699).
firmware: cs_dsp: Allow creation of event controls (bsc#1203699).
firmware: cs_dsp: Clarify some kernel doc comments (bsc#1203699).
firmware: cs_dsp: Clear core reset for cache (bsc#1203699).
firmware: cs_dsp: Fix overrun of unterminated control name string (bsc#1203699).
firmware: cs_dsp: Move lockdep asserts to avoid potential null pointer (bsc#1203699).
firmware: cs_dsp: Perform NULL check in cs_dsp_coeff_write/read_ctrl (bsc#1203699).
firmware: cs_dsp: Print messages from bin files (bsc#1203699).
firmware: cs_dsp: tidy includes in cs_dsp.c and cs_dsp.h (bsc#1203699).
ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead (git-fixes).
fuse: Remove the control interface for virtio-fs (bsc#1203798).
gpio: mockup: fix NULL pointer dereference when removing debugfs (git-fixes).
gpio: mockup: remove gpio debugfs when remove device (git-fixes).
gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx (git-fixes).
gpio: mvebu: Fix check for pwm support on non-A8K platforms (git-fixes).
gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully (git-fixes).
gve: Fix GFP flags when allocing pages (git-fixes).
HID: intel-ish-hid: ishtp: Fix ishtp client sending disordered message (git-fixes).
HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo (git-fixes).
hwmon: (gsc-hwmon) Call of_node_get() before of_find_xxx API (git-fixes).
hwmon: (mr75203) enable polling for all VM channels (git-fixes).
hwmon: (mr75203) fix multi-channel voltage reading (git-fixes).
hwmon: (mr75203) fix VM sensor allocation when 'intel,vm-map' not defined (git-fixes).
hwmon: (mr75203) fix voltage equation for negative source input (git-fixes).
hwmon: (pmbus/mp2888) Fix sensors readouts for MPS Multi-phase mp2888 controller (git-fixes).
hwmon: (tps23861) fix byte order in resistance register (git-fixes).
i2c: acpi: Add an i2c_acpi_client_count() helper function (bsc#1203699).
i2c: imx: If pm_runtime_get_sync() returned 1 device access is possible (git-fixes).
i2c: mlxbf: Fix frequency calculation (git-fixes).
i2c: mlxbf: incorrect base address passed during io write (git-fixes).
i2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction() (git-fixes).
i2c: mlxbf: support lock mechanism (git-fixes).
ice: Allow operation with reduced device MSI-X (bsc#1201987).
ice: arfs: fix use-after-free when freeing @rx_cpu_rmap (git-fixes).
ice: Do not skip not enabled queues in ice_vc_dis_qs_msg (git-fixes).
ice: fix crash when writing timestamp on RX rings (git-fixes).
ice: Fix KASAN error in LAG NETDEV_UNREGISTER handler (git-fixes).
ice: fix possible under reporting of ethtool Tx and Rx statistics (git-fixes).
ice: Fix race during aux device (un)plugging (git-fixes).
ice: Match on all profiles in slow-path (git-fixes).
ieee802154: cc2520: add rc code in cc2520_tx() (git-fixes).
igb: skip phy status check where unavailable (git-fixes).
Input: goodix - add compatible string for GT1158 (git-fixes).
Input: goodix - add support for GT1158 (git-fixes).
Input: iforce - add support for Boeder Force Feedback Wheel (git-fixes).
Input: iqs62x-keys - drop unused device node references (git-fixes).
Input: melfas_mip4 - fix return value check in mip4_probe() (git-fixes).
Input: snvs_pwrkey - fix SNVS_HPVIDR1 register address (git-fixes).
kABI workaround for spi changes (bsc#1203699).
kABI: Add back removed struct paca member (bsc#1203664 ltc#199236).
kABI: fix adding another field to scsi_device (bsc#1203039).
kABI: Fix kABI after SNP-Guest backport (jsc#SLE-19924, jsc#SLE-24814).
kbuild: disable header exports for UML in a straightforward way (git-fixes).
kexec_file: drop weak attribute from functions (bsc#1196444).
kexec, KEYS, s390: Make use of built-in and secondary keyring for signature verification (bsc#1196444).
kexec, KEYS: make the code in bzImage64_verify_sig generic (bsc#1196444).
kexec: clean up arch_kexec_kernel_verify_sig (bsc#1196444).
kexec: drop weak attribute from functions (bsc#1196444).
KVM: SVM: Create a separate mapping for the GHCB save area (jsc#SLE-19924, jsc#SLE-24814).
KVM: SVM: Create a separate mapping for the SEV-ES save area (jsc#SLE-19924, jsc#SLE-24814).
KVM: SVM: Define sev_features and VMPL field in the VMSA (jsc#SLE-19924, jsc#SLE-24814).
KVM: SVM: fix tsc scaling cache logic (bsc#1203263).
KVM: SVM: Update the SEV-ES save area mapping (jsc#SLE-19924, jsc#SLE-24814).
KVM: VMX: Heed the 'msr' argument in msr_write_intercepted() (git-fixes).
KVM: X86: Fix when shadow_root_level=5 && guest root_level<4 (git-fixes).
KVM: x86: hyper-v: Drop redundant 'ex' parameter from kvm_hv_send_ipi() (git-fixes).
KVM: x86: hyper-v: HVCALL_SEND_IPI_EX is an XMM fast hypercall (git-fixes).
KVM: x86: Move lookup of indexed CPUID leafs to helper (jsc#SLE-19924, jsc#SLE-24814).
libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205 (git-fixes).
lockd: detect and reject lock arguments that overflow (git-fixes).
md-raid10: fix KASAN warning (git-fixes).
md: call __md_stop_writes in md_stop (git-fixes).
md: unlock mddev before reap sync_thread in action_store (bsc#1197659).
media: aspeed: Fix an error handling path in aspeed_video_probe() (git-fixes).
media: coda: Add more H264 levels for CODA960 (git-fixes).
media: coda: Fix reported H264 profile (git-fixes).
media: dvb_vb2: fix possible out of bound access (git-fixes).
media: exynos4-is: Change clk_disable to clk_disable_unprepare (git-fixes).
media: exynos4-is: Fix PM disable depth imbalance in fimc_is_probe (git-fixes).
media: flexcop-usb: fix endpoint type check (git-fixes).
media: imx-jpeg: Add pm-sleep support for imx-jpeg (git-fixes).
media: imx-jpeg: Correct some definition according specification (git-fixes).
media: imx-jpeg: Disable slot interrupt when frame done (git-fixes).
media: imx-jpeg: Fix potential array out of bounds in queue_setup (git-fixes).
media: imx-jpeg: Leave a blank space before the configuration data (git-fixes).
media: imx-jpeg: Refactor function mxc_jpeg_parse (git-fixes).
media: mceusb: Use new usb_control_msg_*() routines (git-fixes).
media: platform: mtk-mdp: Fix mdp_ipi_comm structure alignment.
media: rkvdec: Disable H.264 error detection (git-fixes).
media: st-delta: Fix PM disable depth imbalance in delta_probe (git-fixes).
media: vsp1: Fix offset calculation for plane cropping.
misc: cs35l41: Remove unused pdn variable (bsc#1203699).
mISDN: fix use-after-free bugs in l1oip timer handlers (git-fixes).
mlxsw: i2c: Fix initialization error flow (git-fixes).
mm: Fix PASID use-after-free issue (bsc#1203908).
mmc: core: Fix inconsistent sd3_bus_mode at UHS-I SD voltage switch failure (git-fixes).
mmc: hsq: Fix data stomping during mmc recovery (git-fixes).
mmc: moxart: fix 4-bit bus width and remove 8-bit bus width (git-fixes).
mwifiex: fix sleep in atomic context bugs caused by dev_coredumpv (git-fixes).
net: axienet: fix RX ring refill allocation failure handling (git-fixes).
net: axienet: reset core on initialization prior to MDIO access (git-fixes).
net: bcmgenet: hide status block before TX timestamping (git-fixes).
net: bcmgenet: Revert 'Use stronger register read/writes to assure ordering' (git-fixes).
net: cpsw: add missing of_node_put() in cpsw_probe_dt() (git-fixes).
net: dsa: bcm_sf2_cfp: fix an incorrect NULL check on list iterator (git-fixes).
net: dsa: bcm_sf2: Fix Wake-on-LAN with mac_link_down() (git-fixes).
net: dsa: felix: fix tagging protocol changes with multiple CPU ports (git-fixes).
net: dsa: felix: suppress -EPROBE_DEFER errors (git-fixes).
net: dsa: introduce helpers for iterating through ports using dp (git-fixes).
net: dsa: lantiq_gswip: Do not set GSWIP_MII_CFG_RMII_CLK (git-fixes).
net: dsa: lantiq_gswip: fix use after free in gswip_remove() (git-fixes).
net: dsa: microchip: fix bridging with more than two member ports (git-fixes).
net: dsa: mt7530: 1G can also support 1000BASE-X link mode (git-fixes).
net: dsa: mt7530: add missing of_node_put() in mt7530_setup() (git-fixes).
net: dsa: mv88e6xxx: Fix port_hidden_wait to account for port_base_addr (git-fixes).
net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register (git-fixes).
net: dsa: restrict SMSC_LAN9303_I2C kconfig (git-fixes).
net: emaclite: Add error handling for of_address_to_resource() (git-fixes).
net: enetc: Use pci_release_region() to release some resources (git-fixes).
net: ethernet: mediatek: ppe: fix wrong size passed to memset() (git-fixes).
net: ethernet: mv643xx: Fix over zealous checking of_get_mac_address() (git-fixes).
net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link (git-fixes).
net: ethernet: stmmac: fix write to sgmii_adapter_base (git-fixes).
net: fec: add missing of_node_put() in fec_enet_init_stop_mode() (git-fixes).
net: ftgmac100: access hardware register after clock ready (git-fixes).
net: hns3: add netdev reset check for hns3_set_tunable() (git-fixes).
net: hns3: fix the concurrency between functions reading debugfs (git-fixes).
net: ipa: get rid of a duplicate initialization (git-fixes).
net: ipa: kill ipa_cmd_pipeline_clear() (git-fixes).
net: ipa: record proper RX transaction count (git-fixes).
net: macb: Fix PTP one step sync support (git-fixes).
net: macb: Increment rx bd head after allocating skb and buffer (git-fixes).
net: mana: Add rmb after checking owner bits (git-fixes).
net: mana: Add support of XDP_REDIRECT action (bug#1201310, jsc#PED-529).
net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529).
net: mdio: Fix ENOMEM return value in BCM6368 mux bus controller (git-fixes).
net: mscc: ocelot: avoid corrupting hardware counters when moving VCAP filters (git-fixes).
net: mscc: ocelot: fix all IP traffic getting trapped to CPU with PTP over IP (git-fixes).
net: mscc: ocelot: fix broken IP multicast flooding (git-fixes).
net: mscc: ocelot: fix last VCAP IS1/IS2 filter persisting in hardware when deleted (git-fixes).
net: mscc: ocelot: fix missing unlock on error in ocelot_hwstamp_set() (git-fixes).
net: mscc: ocelot: fix VCAP IS2 filters matching on both lookups (git-fixes).
net: mscc: ocelot: restrict tc-trap actions to VCAP IS2 lookup 0 (git-fixes).
net: phy: aquantia: wait for the suspend/resume operations to finish (git-fixes).
net: phy: at803x: move page selection fix to config_init (git-fixes).
net: phy: Do not WARN for PHY_UP state in mdio_bus_phy_resume() (git-fixes).
net: sparx5: depends on PTP_1588_CLOCK_OPTIONAL (git-fixes).
net: sparx5: uses, depends on BRIDGE or !BRIDGE (git-fixes).
net: stmmac: dwmac-qcom-ethqos: add platform level clocks management (git-fixes).
net: stmmac: dwmac-qcom-ethqos: Enable RGMII functional clock on resume (git-fixes).
net: stmmac: dwmac-sun8i: add missing of_node_put() in sun8i_dwmac_register_mdio_mux() (git-fixes).
net: stmmac: enhance XDP ZC driver level switching performance (git-fixes).
net: stmmac: fix out-of-bounds access in a selftest (git-fixes).
net: stmmac: Fix unset max_speed difference between DT and non-DT platforms (git-fixes).
net: stmmac: only enable DMA interrupts when ready (git-fixes).
net: stmmac: perserve TX and RX coalesce value during XDP setup (git-fixes).
net: stmmac: remove unused get_addr() callback (git-fixes).
net: stmmac: Use readl_poll_timeout_atomic() in atomic state (git-fixes).
net: systemport: Fix an error handling path in bcm_sysport_probe() (git-fixes).
net: thunderbolt: Enable DMA paths only after rings are enabled (git-fixes).
net: usb: qmi_wwan: add Quectel RM520N (git-fixes).
net: wwan: iosm: Call mutex_init before locking it (git-fixes).
net: wwan: iosm: remove pointless null check (git-fixes).
net/mlx5: CT: Fix header-rewrite re-use for tupels (git-fixes).
net/mlx5: Drain fw_reset when removing device (git-fixes).
net/mlx5e: Block rx-gro-hw feature in switchdev mode (git-fixes).
net/mlx5e: Properly block HW GRO when XDP is enabled (git-fixes).
net/mlx5e: Properly block LRO when XDP is enabled (git-fixes).
net/mlx5e: Remove HW-GRO from reported features (git-fixes).
net/mlx5e: TC NIC mode, fix tc chains miss table (git-fixes).
net/qla3xxx: Fix a test in ql_reset_work() (git-fixes).
net/sunrpc: fix potential memory leaks in rpc_sysfs_xprt_state_change() (git-fixes).
NFS: Do not decrease the value of seq_nr_highest_sent (git-fixes).
NFS: fix problems with __nfs42_ssc_open (git-fixes).
NFS: Fix races in the legacy idmapper upcall (git-fixes).
NFS: Fix WARN_ON due to unionization of nfs_inode.nrequests (git-fixes).
NFS: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly (git-fixes).
NFS: LOOKUP_DIRECTORY is also ok with symlinks (git-fixes).
NFS: RECLAIM_COMPLETE must handle EACCES (git-fixes).
NFS: Turn off open-by-filehandle and NFS re-export for NFSv4.0 (git-fixes).
NFS: Update mode bits after ALLOCATE and DEALLOCATE (git-fixes).
NFSD: Clean up the show_nf_flags() macro (git-fixes).
NFSD: eliminate the NFSD_FILE_BREAK_* flags (git-fixes).
NFSD: Fix offset type in I/O trace points (git-fixes).
NFSD: restore EINVAL error translation in nfsd_commit() (git-fixes).
of: device: Fix up of_dma_configure_id() stub (git-fixes).
of: fdt: fix off-by-one error in unflatten_dt_nodes() (git-fixes).
parisc/sticon: fix reverse colors (bsc#1152489)
parisc/stifb: Fix fb_is_primary_device() only available with (bsc#1152489)
parisc/stifb: Implement fb_is_primary_device() (bsc#1152489)
parisc/stifb: Keep track of hardware path of graphics card (bsc#1152489)
PCI: Correct misspelled words (git-fixes).
PCI: Disable MSI for Tegra234 Root Ports (git-fixes).
PCI: Prefer 'unsigned int' over bare 'unsigned' (git-fixes).
PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited (jsc#PED-387).
pinctrl: qcom: sc8180x: Fix gpio_wakeirq_map (git-fixes).
pinctrl: qcom: sc8180x: Fix wrong pin numbers (git-fixes).
pinctrl: sunxi: Fix name for A100 R_PIO (git-fixes).
platform/surface: aggregator_registry: Add support for Surface Laptop Go 2 (git-fixes).
platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes (git-fixes).
platform/x86: i2c-multi-instantiate: Rename it for a generic serial driver name (bsc#1203699).
platform/x86: serial-multi-instantiate: Add CLSA0101 Laptop (bsc#1203699).
platform/x86: serial-multi-instantiate: Add SPI support (bsc#1203699).
platform/x86: serial-multi-instantiate: Reorganize I2C functions (bsc#1203699).
pNFS/flexfiles: Report RDMA connection errors to the server (git-fixes).
powerpc/pseries/vas: Pass hw_cpu_id to node associativity HCALL (bsc#1194869).
ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904).
regulator: core: Clean up on enable failure (git-fixes).
regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe() (git-fixes).
regulator: qcom_rpm: Fix circular deferral regression (git-fixes).
reset: imx7: Fix the iMX8MP PCIe PHY PERST support (git-fixes).
s390: fix double free of GS and RI CBs on fork() failure (bsc#1203197 LTC#199895).
s390/boot: fix absolute zero lowcore corruption on boot (git-fixes).
scsi: core: Add BLIST_NO_ASK_VPD_SIZE for some VDASD (bsc#1203039).
scsi: lpfc: Add missing destroy_workqueue() in error path (bsc#1203939).
scsi: lpfc: Add missing free iocb and nlp kref put for early return VMID cases (bsc#1203939).
scsi: lpfc: Add reporting capability for Link Degrade Signaling (bsc#1203939).
scsi: lpfc: Fix FLOGI ACC with wrong SID in PT2PT topology (bsc#1203939).
scsi: lpfc: Fix mbuf pool resource detected as busy at driver unload (bsc#1203939).
scsi: lpfc: Fix multiple NVMe remoteport registration calls for the same NPort ID (bsc#1203939).
scsi: lpfc: Fix prli_fc4_req checks in PRLI handling (bsc#1203939).
scsi: lpfc: Fix various issues reported by tools (bsc#1203939).
scsi: lpfc: Move scsi_host_template outside dynamically allocated/freed phba (bsc#1185032 bsc#1203939).
scsi: lpfc: Remove the unneeded result variable (bsc#1203939).
scsi: lpfc: Remove unneeded result variable (bsc#1203939).
scsi: lpfc: Rename mp/bmp dma buffers to rq/rsp in lpfc_fdmi_cmd (bsc#1203939).
scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE (bsc#1203939).
scsi: lpfc: Rework FDMI attribute registration for unintential padding (bsc#1203939).
scsi: lpfc: Rework lpfc_fdmi_cmd() routine for cleanup and consistency (bsc#1203939).
scsi: lpfc: Update congestion mode logging for Emulex SAN Manager application (bsc#1203939).
scsi: lpfc: Update lpfc version to 14.2.0.7 (bsc#1203939).
scsi: mpt3sas: Fix use-after-free warning (git-fixes).
scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935).
scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image Status (bsc#1203935).
scsi: qla2xxx: Always wait for qlt_sess_work_fn() from qlt_stop_phase1() (bsc#1203935).
scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935).
scsi: qla2xxx: Define static symbols (bsc#1203935).
scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX (bsc#1203935).
scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935).
scsi: qla2xxx: Enhance driver tracing with separate tunable and more (bsc#1203935).
scsi: qla2xxx: Fix disk failure to rediscover (git-fixes).
scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() (bsc#1203935).
scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1203935).
scsi: qla2xxx: Fix spelling mistake 'definiton' -> 'definition' (bsc#1203935).
scsi: qla2xxx: Log message 'skipping scsi_scan_host()' as informational (bsc#1203935).
scsi: qla2xxx: Remove unused declarations for qla2xxx (bsc#1203935).
scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935).
scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935).
scsi: qla2xxx: Revert 'scsi: qla2xxx: Fix response queue handler reading stale packets' (bsc#1203935).
scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935).
scsi: Revert 'scsi: qla2xxx: Fix disk failure to rediscover' (git-fixes).
scsi: smartpqi: Add module param to disable managed ints (bsc#1203893).
scsi: smartpqi: Shorten drive visibility after removal (bsc#1200622).
selftests: Fix the if conditions of in test_extra_filter() (git-fixes).
selftests: forwarding: add shebang for sch_red.sh (git-fixes).
selftests: forwarding: Fix failing tests with old libnet (git-fixes).
serial: atmel: remove redundant assignment in rs485_config (git-fixes).
serial: Create uart_xmit_advance() (git-fixes).
serial: fsl_lpuart: Reset prior to registration (git-fixes).
serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes).
serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes).
soc: sunxi: sram: Actually claim SRAM regions (git-fixes).
soc: sunxi: sram: Fix debugfs info for A64 SRAM C (git-fixes).
soc: sunxi: sram: Prevent the driver from being unbound (git-fixes).
spi: Add API to count spi acpi resources (bsc#1203699).
spi: Create helper API to lookup ACPI info for spi device (bsc#1203699).
spi: dw: Fix PM disable depth imbalance in dw_spi_bt1_probe (git-fixes).
spi: meson-spicc: do not rely on busy flag in pow2 clk ops (git-fixes).
spi: mt7621: Fix an error message in mt7621_spi_probe() (git-fixes).
spi: propagate error code to the caller of acpi_spi_device_alloc() (bsc#1203699).
spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime() (git-fixes).
spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume() (git-fixes).
spi: Return deferred probe error when controller isn't yet available (bsc#1203699).
spi: s3c64xx: Fix large transfers with DMA (git-fixes).
spi: Support selection of the index of the ACPI Spi Resource before alloc (bsc#1203699).
spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe (git-fixes).
struct ehci_hcd: hide new element going into a hole (git-fixes).
struct xhci_hcd: restore member now dynamically allocated (git-fixes).
SUNRPC: Do not call connect() more than once on a TCP socket (git-fixes).
SUNRPC: Do not leak sockets in xs_local_connect() (git-fixes).
SUNRPC: fix expiry of auth creds (git-fixes).
SUNRPC: Fix xdr_encode_bool() (git-fixes).
SUNRPC: Reinitialise the backchannel request buffers before reuse (git-fixes).
SUNRPC: RPC level errors should set task->tk_rpc_status (git-fixes).
thunderbolt: Add support for Intel Maple Ridge single port controller (git-fixes).
tracing: hold caller_addr to hardirq_{enable,disable}_ip (git-fixes).
tty: serial: atmel: Preserve previous USART mode if RS485 disabled (git-fixes).
USB: add quirks for Lenovo OneLink+ Dock (git-fixes).
USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (git-fixes).
USB: core: Fix RST error in hub.c (git-fixes).
USB: core: Prevent nested device-reset calls (git-fixes).
USB: Drop commas after SoC match table sentinels (git-fixes).
USB: dwc3: core: leave default DMA if the controller does not support 64-bit DMA (git-fixes).
USB: dwc3: disable USB core PHY management (git-fixes).
USB: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind (git-fixes).
USB: dwc3: gadget: Do not modify GEVNTCOUNT in pullup() (git-fixes).
USB: dwc3: gadget: Refactor pullup() (git-fixes).
USB: dwc3: pci: Add support for Intel Raptor Lake (git-fixes).
USB: Fix ehci infinite suspend-resume loop issue in zhaoxin (git-fixes).
USB: host: xhci: fix a comment typo in xhci_mem_init() (git-fixes).
USB: host: xhci: use ffs() in xhci_mem_init() (git-fixes).
USB: hub: avoid warm port reset during USB3 disconnect (git-fixes).
USB: serial: cp210x: add Decagon UCA device id (git-fixes).
USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id (git-fixes).
USB: serial: option: add Quectel BG95 0x0203 composition (git-fixes).
USB: serial: option: add Quectel EM060K modem (git-fixes).
USB: serial: option: add Quectel RM520N (git-fixes).
USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode (git-fixes).
USB: serial: option: add support for OPPO R11 diag port (git-fixes).
USB: storage: Add ASUS <0x0b05:0x1932> to IGNORE_UAS (git-fixes).
USB: storage: Add ignore-residue quirk for NXP PN7462AU (git-fixes).
USB: struct usb_device: hide new member (git-fixes).
USB: typec: intel_pmc_mux: Add new ACPI ID for Meteor Lake IOM device (git-fixes).
USB: typec: tipd: Add an additional overflow check (git-fixes).
USB: typec: tipd: Do not read/write more bytes than required (git-fixes).
USB: typec: ucsi: Remove incorrect warning (git-fixes).
USB: xhci-mtk: relax TT periodic bandwidth allocation (git-fixes).
usbnet: Fix memory leak in usbnet_disconnect() (git-fixes).
vfio/type1: Unpin zero pages (git-fixes).
vhost/vsock: Use kvmalloc/kvfree for larger packets (git-fixes).
video: fbdev: i740fb: Error out if 'pixclock' equals zero (git-fixes).
video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write (git-fixes).
virt: Add SEV-SNP guest driver (jsc#SLE-19924, jsc#SLE-24814).
virt: sevguest: Add documentation for SEV-SNP CPUID Enforcement (jsc#SLE-19924, jsc#SLE-24814).
virt: sevguest: Add support to derive key (jsc#SLE-19924, jsc#SLE-24814).
virt: sevguest: Add support to get extended report (jsc#SLE-19924, jsc#SLE-24814).
virt: sevguest: Fix bool function returning negative value (jsc#SLE-19924, jsc#SLE-24814).
virt: sevguest: Fix return value check in alloc_shared_pages() (jsc#SLE-19924, jsc#SLE-24814).
vrf: fix packet sniffing for traffic originating from ip tunnels (git-fixes).
vt: Clear selection before changing the font (git-fixes).
watchdog: wdat_wdt: Set the min and max timeout values properly (bsc#1194023).
wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() (git-fixes).
wifi: ath11k: fix number of VHT beamformee spatial streams (git-fixes).
wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes).
wifi: mac80211_hwsim: check length for virtio packets (git-fixes).
wifi: mac80211: allow bw change during channel switch in mesh (git-fixes).
wifi: mac80211: fix regression with non-QoS drivers (git-fixes).
wifi: mac80211: Fix UAF in ieee80211_scan_rx() (git-fixes).
wifi: mt76: fix reading current per-tid starting sequence number for aggregation (git-fixes).
wifi: mt76: mt7615: add mt7615_mutex_acquire/release in mt7615_sta_set_decap_offload (git-fixes).
wifi: mt76: mt7915: do not check state before configuring implicit beamform (git-fixes).
wifi: mt76: sdio: fix transmitting packet hangs (git-fixes).
wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM (git-fixes).
wifi: rtl8xxxu: Fix skb misuse in TX queue selection (git-fixes).
wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration (git-fixes).
wifi: rtl8xxxu: Improve rtl8xxxu_queue_select (git-fixes).
wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask (git-fixes).
wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse() (git-fixes).
wifi: rtlwifi: 8192de: correct checking of IQK reload (git-fixes).
wifi: rtw88: add missing destroy_workqueue() on error path in rtw_core_init() (git-fixes).
workqueue: do not skip lockdep work dependency in cancel_work_sync() (git-fixes).
x86/boot: Add a pointer to Confidential Computing blob in bootparams (jsc#SLE-19924, jsc#SLE-24814).
x86/boot: Add Confidential Computing type to setup_data (jsc#SLE-19924, jsc#SLE-24814).
x86/boot: Introduce helpers for MSR reads/writes (jsc#SLE-19924, jsc#SLE-24814).
x86/boot: Put globals that are accessed early into the .data section (jsc#SLE-19924, jsc#SLE-24814).
x86/boot: Use MSR read/write helpers instead of inline assembly (jsc#SLE-19924, jsc#SLE-24814).
x86/compressed: Add helper for validating pages in the decompression stage (jsc#SLE-19924, jsc#SLE-24814).
x86/compressed: Add SEV-SNP feature detection/setup (jsc#SLE-19924, jsc#SLE-24814).
x86/compressed: Export and rename add_identity_map() (jsc#SLE-19924, jsc#SLE-24814).
x86/compressed: Register GHCB memory when SEV-SNP is active (jsc#SLE-19924, jsc#SLE-24814).
x86/compressed: Use firmware-validated CPUID leaves for SEV-SNP guests (jsc#SLE-19924, jsc#SLE-24814).
x86/compressed/64: Add identity mapping for Confidential Computing blob (jsc#SLE-19924, jsc#SLE-24814).
x86/compressed/64: Add support for SEV-SNP CPUID table in #VC handlers (jsc#SLE-19924, jsc#SLE-24814).
x86/compressed/64: Detect/setup SEV/SME features earlier during boot (jsc#SLE-19924, jsc#SLE-24814).
x86/compressed/acpi: Move EFI config table lookup to helper (jsc#SLE-19924, jsc#SLE-24814).
x86/compressed/acpi: Move EFI detection to helper (jsc#SLE-19924, jsc#SLE-24814).
x86/compressed/acpi: Move EFI kexec handling into common code (jsc#SLE-19924, jsc#SLE-24814).
x86/compressed/acpi: Move EFI system table lookup to helper (jsc#SLE-19924, jsc#SLE-24814).
x86/compressed/acpi: Move EFI vendor table lookup to helper (jsc#SLE-19924, jsc#SLE-24814).
x86/head/64: Re-enable stack protection (jsc#SLE-19924, jsc#SLE-24814).
x86/ibt,ftrace: Make function-graph play nice (bsc#1203969).
x86/kernel: Mark the .bss..decrypted section as shared in the RMP table (jsc#SLE-19924, jsc#SLE-24814).
x86/kernel: Validate ROM memory before accessing when SEV-SNP is active (jsc#SLE-19924, jsc#SLE-24814).
x86/kexec: fix memory leak of elf header buffer (bsc#1196444).
x86/mm: Extend cc_attr to include AMD SEV-SNP (jsc#SLE-19924, jsc#SLE-24814).
x86/mm: Validate memory when changing the C-bit (jsc#SLE-19924, jsc#SLE-24814).
x86/sev: Add a helper for the PVALIDATE instruction (jsc#SLE-19924, jsc#SLE-24814).
x86/sev: Add a sev= cmdline option (jsc#SLE-19924, jsc#SLE-24814).
x86/sev: Add helper for validating pages in early enc attribute changes (jsc#SLE-19924, jsc#SLE-24814).
x86/sev: Add missing __init annotations to SEV init routines (jsc#SLE-19924 jsc#SLE-24814).
x86/sev: Add SEV-SNP feature detection/setup (jsc#SLE-19924, jsc#SLE-24814).
x86/sev: Check SEV-SNP features support (jsc#SLE-19924, jsc#SLE-24814).
x86/sev: Check the VMPL level (jsc#SLE-19924, jsc#SLE-24814).
x86/sev: Detect/setup SEV/SME features earlier in boot (jsc#SLE-19924, jsc#SLE-24814).
x86/sev: Get the AP jump table address from secrets page (jsc#SLE-19924, jsc#SLE-24814).
x86/sev: Move MSR-based VMGEXITs for CPUID to helper (jsc#SLE-19924, jsc#SLE-24814).
x86/sev: Provide support for SNP guest request NAEs (jsc#SLE-19924, jsc#SLE-24814).
x86/sev: Register GHCB memory when SEV-SNP is active (jsc#SLE-19924, jsc#SLE-24814).
x86/sev: Register SEV-SNP guest request platform device (jsc#SLE-19924, jsc#SLE-24814).
x86/sev: Use firmware-validated CPUID for SEV-SNP guests (jsc#SLE-19924, jsc#SLE-24814).
x86/sev: Use SEV-SNP AP creation to start secondary CPUs (jsc#SLE-19924, jsc#SLE-24814).
x86/xen: Remove undefined behavior in setup_features() (git-fixes).
xen-blkback: Advertise feature-persistent as user requested (git-fixes).
xen-blkback: Apply 'feature_persistent' parameter when connect (git-fixes).
xen-blkback: fix persistent grants negotiation (git-fixes).
xen-blkfront: Advertise feature-persistent as user requested (git-fixes).
xen-blkfront: Apply 'feature_persistent' parameter when connect (git-fixes).
xen-blkfront: Cache feature_persistent value before advertisement (git-fixes).
xen-blkfront: Handle NULL gendisk (git-fixes).
xen-netback: only remove 'hotplug-status' when the vif is actually destroyed (git-fixes).
xen/gntdev: Avoid blocking in unmap_grant_pages() (git-fixes).
xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (git-fixes).
xen/grants: prevent integer overflow in gnttab_dma_alloc_pages() (git-fixes).
xen/usb: do not use arbitrary_virt_to_machine() (git-fixes).
xhci: Allocate separate command structures for each LPM command (git-fixes).

Advisory ID	SUSE-RU-2022:3588-1
Released	Fri Oct 14 10:49:12 2022
Summary	Recommended update for rmt-server
Type	recommended
Severity	moderate
References	1188578,1197038,1197405,1198721,1199961

Description:

This update for rmt-server fixes the following issues:

Implement `System-Token` header handling to improve unique system reporting.
Add --proxy-byos flag to rmt-cli systems command to filter BYOS systems using RMT as a proxy
Retry failed http requests automatically (bsc#1197405, bsc#1188578, bsc#1198721, bsc#1199961)
Improved rmt-client-setup-res script for CentOS8.x and RHEL/RES8.x (bsc#1197038)

Advisory ID	SUSE-RU-2022:3595-1
Released	Mon Oct 17 09:40:46 2022
Summary	Recommended update for certmonger
Type	recommended
Severity	moderate
References	1197745

Description:

This update for certmonger fixes the following issues:

Use 'pkgconfig(systemd)' for the BR to allow hacksaw systemd-mini package to satisfy dependencies in the openSUSE Build Service.

Add buildrequires on systemd which is required for correct installation of the .service file.

Update to 0.79.13 (bsc#1197745)

Advisory ID	SUSE-SU-2022:3598-1
Released	Mon Oct 17 13:18:43 2022
Summary	Security update for exiv2
Type	security
Severity	important
References	1076579,1086798,1086810,1092096,1114690,1185447,1186192,1188733,1188756,1189330,1189331,1189332,1189333,1189636,1189780,CVE-2018-10772,CVE-2018-18915,CVE-2018-5772,CVE-2018-8976,CVE-2018-8977,CVE-2020-18898,CVE-2020-18899,CVE-2021-29470,CVE-2021-31291,CVE-2021-31292,CVE-2021-32617,CVE-2021-37618,CVE-2021-37619,CVE-2021-37620,CVE-2021-37621

Description:

This update for exiv2 fixes the following issues:

CVE-2021-37621: Fixed denial of service due to infinite loop in Image:printIFDStructure (bsc#1189333).
CVE-2021-37620: Fixed out-of-bounds read in XmpTextValue:read() (bsc#1189332).
CVE-2021-37619: Fixed out-of-bounds read in Exiv2:Jp2Image:encodeJp2Header (bsc#1189331).
CVE-2021-37618: Fixed out-of-bounds read in Exiv2:Jp2Image:printStructure (bsc#1189330).
CVE-2021-32617: Fixed denial of service inside inefficient algorithm (quadratic complexity) (bsc#1186192).
CVE-2021-31292: Fixed integer overflow in CrwMap:encode0x1810 (bsc#1188756).
CVE-2021-31291: Fixed heap-based buffer overflow vulnerability in jp2image.cpp may lead to a denial of service (bsc#1188733).
CVE-2021-29470: Fixed out-of-bounds read in Exiv2:Jp2Image:encodeJp2Header (bsc#1185447).
CVE-2020-18899: Fixed uncontrolled memory allocation (bsc#1189636).
CVE-2020-18898: Fixed remote denial of service in printIFDStructure function (bsc#1189780).
CVE-2018-8977: Fixed remote denial of service in Exiv2::Internal::printCsLensFFFF function in canonmn_int.cpp (bsc#1086798).
CVE-2018-8976: Fixed remote denial of service in image.cpp Exiv2::Internal::stringFormat via out-of-bounds read (bsc#1086810).
CVE-2018-5772: Fixed segmentation fault caused by uncontrolled recursion inthe Exiv2::Image::printIFDStructure (bsc#1076579).
CVE-2018-18915: Fixed an infinite loop in the Exiv2:Image:printIFDStructure function (bsc#1114690).
CVE-2018-10772: Fixed segmentation fault when the function Exiv2::tEXtToDataBuf() is finished (bsc#1092096).

Advisory ID	SUSE-SU-2022:3601-1
Released	Mon Oct 17 13:51:36 2022
Summary	Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP4)
Type	security
Severity	important
References	1203067,1203994,1204290,1204291,1204292,CVE-2022-39189,CVE-2022-41674,CVE-2022-42719,CVE-2022-42720,CVE-2022-42721

Description:

This update for the Linux Kernel 5.14.21-150400_24_21 fixes several issues.
The following security issues were fixed:

CVE-2022-41674: Fixed buffer overflow that can be triggered by injected WLAN frames (bsc#1203994).
CVE-2022-42719: Fixed use-after-free in the mac80211 stack when parsing a multi-BSSID element (bsc#1204292).
CVE-2022-42720: Fixed refcounting bugs in the multi-BSS handling of the mac80211 stack (bsc#1204291).
CVE-2022-42721: Fixed list management bug in BSS handling of the mac80211 stack (bsc#1204290).
CVE-2022-39189: Fixed mishandled TLB flush operation in certain KVM_VCPU_PREEMPTED situations (bsc#1203067).

Advisory ID	SUSE-RU-2022:3603-1
Released	Mon Oct 17 16:04:28 2022
Summary	Recommended update for release-notes-sle_hpc
Type	recommended
Severity	moderate
References	933411

Description:

This update for release-notes-sle_hpc fixes the following issue:
Update the release notes to version 15.400000000.20220831 (bsc#933411)

Added note about automatically opened ports (jsc#SLE-22743)

Advisory ID	SUSE-SU-2022:3605-1
Released	Mon Oct 17 23:33:59 2022
Summary	Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP4)
Type	security
Severity	important
References	1203067,1203994,1204290,1204291,1204292,CVE-2022-39189,CVE-2022-41674,CVE-2022-42719,CVE-2022-42720,CVE-2022-42721

Description:

This update for the Linux Kernel 5.14.21-150400_24_18 fixes several issues.
The following security issues were fixed:

CVE-2022-41674: Fixed buffer overflow that can be triggered by injected WLAN frames (bsc#1203994).
CVE-2022-42719: Fixed use-after-free in the mac80211 stack when parsing a multi-BSSID element (bsc#1204292).
CVE-2022-42720: Fixed refcounting bugs in the multi-BSS handling of the mac80211 stack (bsc#1204291).
CVE-2022-42721: Fixed list management bug in BSS handling of the mac80211 stack (bsc#1204290).
CVE-2022-39189: Fixed mishandled TLB flush operation in certain KVM_VCPU_PREEMPTED situations (bsc#1203067).

Advisory ID	SUSE-RU-2022:3610-1
Released	Tue Oct 18 12:20:39 2022
Summary	Recommended update for resource-agents
Type	recommended
Severity	moderate
References

Description:

This update for resource-agents fixes the following issues:

Azure Events RA can not handle AV Zones (jsc#PED-2000)

Advisory ID	SUSE-SU-2022:3621-1
Released	Tue Oct 18 14:53:24 2022
Summary	Security update for rubygem-activesupport-5_1
Type	security
Severity	moderate
References	1199060,CVE-2022-27777

Description:

This update for rubygem-activesupport-5_1 fixes the following issues:

CVE-2022-27777: Fixed cross-site scripting vulnerability in Action View tag helper (bsc#1199060).

Advisory ID	SUSE-SU-2022:3628-1
Released	Tue Oct 18 16:04:50 2022
Summary	Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP4)
Type	security
Severity	important
References	1203067,1203994,1204290,1204291,1204292,CVE-2022-39189,CVE-2022-41674,CVE-2022-42719,CVE-2022-42720,CVE-2022-42721

Description:

This update for the Linux Kernel 5.14.21-150400_22 fixes several issues.
The following security issues were fixed:

CVE-2022-41674: Fixed buffer overflow that can be triggered by injected WLAN frames (bsc#1203994).
CVE-2022-42719: Fixed use-after-free in the mac80211 stack when parsing a multi-BSSID element (bsc#1204292).
CVE-2022-42720: Fixed refcounting bugs in the multi-BSS handling of the mac80211 stack (bsc#1204291).
CVE-2022-42721: Fixed list management bug in BSS handling of the mac80211 stack (bsc#1204290).
CVE-2022-39189: Fixed mishandled TLB flush operation in certain KVM_VCPU_PREEMPTED situations (bsc#1203067).

Advisory ID	SUSE-SU-2022:3632-1
Released	Tue Oct 18 16:34:40 2022
Summary	Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP4)
Type	security
Severity	important
References	1203067,1203994,1204290,1204291,1204292,CVE-2022-39189,CVE-2022-41674,CVE-2022-42719,CVE-2022-42720,CVE-2022-42721

Description:

This update for the Linux Kernel 5.14.21-150400_24_11 fixes several issues.
The following security issues were fixed:

CVE-2022-41674: Fixed buffer overflow that can be triggered by injected WLAN frames (bsc#1203994).
CVE-2022-42719: Fixed use-after-free in the mac80211 stack when parsing a multi-BSSID element (bsc#1204292).
CVE-2022-42720: Fixed refcounting bugs in the multi-BSS handling of the mac80211 stack (bsc#1204291).
CVE-2022-42721: Fixed list management bug in BSS handling of the mac80211 stack (bsc#1204290).
CVE-2022-39189: Fixed mishandled TLB flush operation in certain KVM_VCPU_PREEMPTED situations (bsc#1203067).

Advisory ID	SUSE-RU-2022:3633-1
Released	Tue Oct 18 16:52:52 2022
Summary	Recommended update for rust
Type	recommended
Severity	moderate
References

Description:

This update for rust fixes the following issues:
Rust was updated to ship in version 1.64.0 in rust1.64.
Version 1.64.0 (2022-09-22) ===========================
Language --------

Unions with mutable references or tuples of allowed types are now allowed
It is now considered valid to deallocate memory pointed to by a shared reference `&T` [if every byte in `T` is inside an `UnsafeCell`]
Unused tuple struct fields are now warned against in an allow-by-default lint, [`unused_tuple_struct_fields`]

Compiler --------

Add Nintendo Switch as tier 3 target - Refer to Rust's platform support page for more information on Rust's tiered platform support.
Only compile `#[used]` as llvm.compiler.used for ELF targets
Add the `--diagnostic-width` compiler flag to define the terminal width.
Add support for link-flavor `rust-lld` for iOS, tvOS and watchOS

Libraries ---------

Remove restrictions on compare-exchange memory ordering.
You can now `write!` or `writeln!` into an `OsString`: [Implement `fmt::Write` for `OsString`]
Make RwLockReadGuard covariant
Implement `FusedIterator` for `std::net::[Into]Incoming`
`impl AsRawFd for {Arc,Box}`
`ptr::copy` and `ptr::swap` are doing untyped copies
Add cgroupv1 support to `available_parallelism`
Mitigate many incorrect uses of `mem::uninitialized`

Stabilized APIs ---------------

future::IntoFuture
future::poll_fn
task::ready!
num::NonZero*::checked_mul
num::NonZero*::checked_pow
num::NonZero*::saturating_mul
num::NonZero*::saturating_pow
num::NonZeroI*::abs
num::NonZeroI*::checked_abs
num::NonZeroI*::overflowing_abs
num::NonZeroI*::saturating_abs
num::NonZeroI*::unsigned_abs
num::NonZeroI*::wrapping_abs
num::NonZeroU*::checked_add
num::NonZeroU*::checked_next_power_of_two
num::NonZeroU*::saturating_add
os::unix::process::CommandExt::process_group
os::windows::fs::FileTypeExt::is_symlink_dir
os::windows::fs::FileTypeExt::is_symlink_file

These types were previously stable in std::ffi, but are now also available in core and alloc:

core::ffi::CStr
core::ffi::FromBytesWithNulError
alloc::ffi::CString
alloc::ffi::FromVecWithNulError
alloc::ffi::IntoStringError
alloc::ffi::NulError

These types were previously stable in std::os::raw, but are now also available in core::ffi and std::ffi:

ffi::c_char
ffi::c_double
ffi::c_float
ffi::c_int
ffi::c_long
ffi::c_longlong
ffi::c_schar
ffi::c_short
ffi::c_uchar
ffi::c_uint
ffi::c_ulong
ffi::c_ulonglong
ffi::c_ushort

These APIs are now usable in const contexts:

slice::from_raw_parts

Cargo -----

Packages can now inherit settings from the workspace so that the settings can be centralized in one place.
Cargo commands can now accept multiple `--target` flags to build for multiple targets at once
The --jobs argument can now take a negative number to count backwards from the max CPUs.
cargo add will now update Cargo.lock.
Added the --crate-type flag to `cargo rustc` to override the crate type.
Significantly improved the performance fetching git dependencies from GitHub when using a hash in the `rev` field.

Misc ----

The rust-analyzer rustup component is now available on the stable channel.

Compatibility Notes -------------------

The minimum required versions for all -linux-nu` targets are now at least kernel 3.2 and glibc 2.17, for targets that previously supported older versions.
Network primitives are now implemented with the ideal Rust layout, not the C system layout
Add assertion that `transmute_copy`'s `U` is not larger than `T`
A soundness bug in `BTreeMap` was fixed
The Drop behavior of C-like enums cast to ints has changed
Relate late-bound closure lifetimes to parent fn in NLL
Errors at const-eval time are now in future incompatibility reports
On the `thumbv6m-none-eabi` target, some incorrect `asm!` statements were erroneously accepted if they used the high registers (r8 to r14) as an input/output operand. This is no longer accepted.
`impl Trait` was accidentally accepted as the associated type value of return-position `impl Trait`, without fulfilling all the trait bounds of that associated type, as long as the hidden type satisfies said bounds. This has been fixed.

Advisory ID	SUSE-SU-2022:3650-1
Released	Tue Oct 18 22:34:47 2022
Summary	Security update for libreoffice
Type	security
Severity	important
References	1201868,1201872,1203209,CVE-2022-26305,CVE-2022-26307,CVE-2022-3140

Description:

This update for libreoffice fixes the following issues:
Updated to version 7.3.6.2 (jsc#SLE-23447):
- CVE-2022-3140: Fixed macro URL arbitrary script execution (bsc#1203209). - CVE-2022-26305: Fixed execution of untrusted Macros due to improper certificate validation (bsc#1201868). - CVE-2022-26307: Fixed weak Master Keys in password storage (bsc#1201872).

Advisory ID	SUSE-SU-2022:3655-1
Released	Wed Oct 19 12:34:16 2022
Summary	Security update for buildah
Type	security
Severity	important
References	1167864,1181961,1202812,CVE-2020-10696,CVE-2021-20206,CVE-2022-2990

Description:

This update for buildah fixes the following issues: Buildah was updated to version 1.27.1:

CVE-2021-20206: Fixed an issue in libcni that could allow an attacker to execute arbitrary binaries on the host (bsc#1181961).
CVE-2020-10696: Fixed an issue that could lead to files being overwritten during the image building process (bsc#1167864).
CVE-2022-2990: Fixed a possible information disclosure and modification (bsc#1202812).

Advisory ID	SUSE-SU-2022:3656-1
Released	Wed Oct 19 12:34:38 2022
Summary	Security update for nodejs16
Type	security
Severity	important
References	1201325,1201327,1203831,1203832,CVE-2022-32213,CVE-2022-32215,CVE-2022-35255,CVE-2022-35256

Description:

This update for nodejs16 fixes the following issues:
Updated to version 16.17.1:

CVE-2022-32213: Fixed bypass via obs-fold mechanic (bsc#1201325).
CVE-2022-32215: Fixed incorrect Parsing of Multi-line Transfer-Encoding (bsc#1201327).
CVE-2022-35256: Fixed incorrect Parsing of Header Fields (bsc#1203832).
CVE-2022-35255: FIxed weak randomness in WebCrypto keygen (bsc#1203831).

Advisory ID	SUSE-SU-2022:3661-1
Released	Wed Oct 19 14:00:28 2022
Summary	Security update for php8
Type	security
Severity	important
References	1192050,1200772,1203867,1203870,CVE-2021-21703,CVE-2022-31628,CVE-2022-31629

Description:

This update for php8 fixes the following issues:

php8 was updated to version 8.0.24
php8 was updated to version 8.0.23 (jsc#SLE-23639).
CVE-2021-21703: Fixed a local privilege escalation via PHP-FPM. (bsc#1192050)
CVE-2022-31628: Fixed an uncontrolled recursion in the phar uncompressor while decompressing 'quines' gzip files. (bsc#1203867)
CVE-2022-31629: Fixed a bug which could lead an attacker to set an insecure cookie that will treated as secure in the victim's browser. (bsc#1203870)
Fixed missing devel package requires pear and pecl extensions (jsc#SLE-24723, bsc#1200772).

Advisory ID	SUSE-RU-2022:3664-1
Released	Wed Oct 19 19:05:49 2022
Summary	Recommended update for qmlpluginexports
Type	recommended
Severity	moderate
References	1201268

Description:

This update of qmlpluginexports ships the missing qmlpluginexports-qt5 package.

Advisory ID	SUSE-SU-2022:3666-1
Released	Wed Oct 19 20:44:55 2022
Summary	Security update for helm
Type	security
Severity	important
References	1200528,1203054,CVE-2022-1996,CVE-2022-36055

Description:

This update for helm fixes the following issues:
helm was updated to version 3.9.4:

CVE-2022-36055: Fixed denial of service through string value parsing (bsc#1203054).
Updating the certificates used for testing
Updating index handling

helm was updated to version 3.9.3:

CVE-2022-1996: Updated kube-openapi to fix an issue that could result in a CORS protection bypass (bsc#1200528).
Fix missing array length check on release

helm was updated to version 3.9.2:

Update of the circleci image

helm was updated to version 3.9.1:

Update to support Kubernetes 1.24.2
Improve logging and safety of statefulSetReady
Make token caching an opt-in feature
Bump github.com/lib/pq from 1.10.5 to 1.10.6
Bump github.com/Masterminds/squirrel from 1.5.2 to 1.5.3

helm was updated to version 3.9.0:

Added a --quiet flag to helm lint
Added a --post-renderer-args flag to support arguments being passed to the post renderer
Added more checks during the signing process
Updated to add Kubernetes 1.24 support

helm was updated to version 3.8.2:

Bump oras.land/oras-go from 1.1.0 to 1.1.1
Fixing downloader plugin error handling
Simplify testdata charts
Simplify testdata charts
Add tests for multi-level dependencies.
Fix value precedence
Bumping Kubernetes package versions
Updating vcs to latest version
Dont modify provided transport
Pass http getter as pointer in tests
Add docs block
Add transport option and tests
Reuse http transport
Updating Kubernetes libs to 0.23.4 (latest)
fix: remove deadcode
fix: helm package tests
fix: helm package with dependency update for charts with OCI dependencies
Fix typo Unset the env var before func return in Unit Test
add legal name check
maint: fix syntax error in deploy.sh
linting issue fixed
only apply overwrite if version is canary
overwrite flag added to az storage blob upload-batch
Avoid querying for OCI tags can explicit version provided in chart dependencies
Management of bearer tokens for tag listing
Updating Kubernetes packages to 1.23.3
refactor: use `os.ReadDir` for lightweight directory reading
Add IngressClass to manifests to be (un)installed
feat(comp): Shell completion for OCI
Fix install memory/goroutine leak

Advisory ID	SUSE-SU-2022:3667-1
Released	Wed Oct 19 21:34:32 2022
Summary	Security update for clone-master-clean-up
Type	security
Severity	moderate
References	1181050,1203651,CVE-2021-32000

Description:

This update for clone-master-clean-up fixes the following issues:

CVE-2021-32000: Fixed some potentially dangerous file system operations (bsc#1181050).

Bugfixes:

Fixed clone-master-clean-up failing to remove btrfs snapshots (bsc#1203651).

Advisory ID	SUSE-SU-2022:3668-1
Released	Wed Oct 19 21:34:58 2022
Summary	Security update for go1.18
Type	security
Severity	important
References	1193742,1204023,1204024,1204025,CVE-2022-2879,CVE-2022-2880,CVE-2022-41715

Description:

This update for go1.18 fixes the following issues:
Updated to version 1.18.7 (bsc#1193742):
- CVE-2022-41715: Fixed memory exhaustion in regexp/syntax (bsc#1204023). - CVE-2022-2879: Fixed unbounded memory consumption when reading headers in archive/tar (bsc#1204024). - CVE-2022-2880: Fixed ReverseProxy forwarding unparseable query parameters (bsc#1204025).

Advisory ID	SUSE-SU-2022:3669-1
Released	Wed Oct 19 21:35:23 2022
Summary	Security update for go1.19
Type	security
Severity	important
References	1200441,1204023,1204024,1204025,CVE-2022-2879,CVE-2022-2880,CVE-2022-41715

Description:

This update for go1.19 fixes the following issues:
Updated to version 1.19.2 (bsc#1200441):
- CVE-2022-41715: Fixed memory exhaustion in regexp/syntax (bsc#1204023). - CVE-2022-2879: Fixed unbounded memory consumption when reading headers in archive/tar (bsc#1204024). - CVE-2022-2880: Fixed ReverseProxy forwarding unparseable query parameters (bsc#1204025).

Advisory ID	SUSE-RU-2022:3670-1
Released	Thu Oct 20 10:44:13 2022
Summary	Recommended update for zchunk
Type	recommended
Severity	moderate
References	1204244

Description:

This update for zchunk fixes the following issues:

Make sure to ship libzck1 to Micro 5.3 (bsc#1204244)

Advisory ID	SUSE-SU-2022:3673-1
Released	Thu Oct 20 11:12:22 2022
Summary	Security update for jasper
Type	security
Severity	moderate
References	1202642,CVE-2022-2963

Description:

This update for jasper fixes the following issues:

CVE-2022-2963: Fixed memory leaks in function cmdopts_parse (bsc#1202642).

Advisory ID	SUSE-RU-2022:3678-1
Released	Thu Oct 20 14:38:19 2022
Summary	Recommended update for kdump
Type	recommended
Severity	moderate
References	1187312,1201051,1202981

Description:

This update for kdump fixes the following issues:

Fix broken URL in manpage (bsc#1187312)
Fix network-related dracut options handling for fadump case (bsc#1201051)
use inst_binary to install kdump-save (bsc#1202981)

Advisory ID	SUSE-SU-2022:3682-1
Released	Fri Oct 21 11:42:40 2022
Summary	Security update for bind
Type	security
Severity	important
References	1201247,1203614,1203619,1203620,CVE-2022-2795,CVE-2022-38177,CVE-2022-38178

Description:

This update for bind fixes the following issues:

CVE-2022-2795: Fixed potential performance degredation due to missing database lookup limits when processing large delegations (bsc#1203614).
CVE-2022-38177: Fixed a memory leak that could be externally triggered in the DNSSEC verification code for the ECDSA algorithm (bsc#1203619).
CVE-2022-38178: Fixed memory leaks that could be externally triggered in the DNSSEC verification code for the EdDSA algorithm (bsc#1203620).

Bugfixes:

Changed ownership of /var/lib/named/master from named:named to root:root (bsc#1201247)

Advisory ID	SUSE-SU-2022:3683-1
Released	Fri Oct 21 11:48:39 2022
Summary	Security update for libksba
Type	security
Severity	critical
References	1204357,CVE-2022-3515

Description:

This update for libksba fixes the following issues:
- CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357).

Advisory ID	SUSE-RU-2022:3684-1
Released	Fri Oct 21 11:56:28 2022
Summary	Recommended update for celt, jack, libogg, libtheora
Type	recommended
Severity	low
References	1108981,1132458,1198925

Description:

This update for celt, jack, libogg, libtheora fixes the following issue:

celt, jack, libogg, libtheora 32bit base libraries are shipped to meet dependencies of the ffmpeg 32bit libraries (bsc#1198925).

Also two bugs in jack were fixed (bsc#1132458 bsc#1108981).

Advisory ID	SUSE-OU-2022:3685-1
Released	Fri Oct 21 12:19:13 2022
Summary	Optional update for monitoring-plugins and its dependencies
Type	optional
Severity	moderate
References

Description:

This optional update for monitoring-plugins and its dependencies provides:
freeradius-client:

Deliver missing freeradius-client to SUSE Package Hub 15 SP4 and solve migration issues from 15 SP3. (ijsc#MSC-399)
There are NO code changes.

monitoring-plugins:

Deliver missing monitoring plugins to SUSE Package Hub 15 SP4 and solve migration issues from 15 SP3. (ijsc#MSC-399)
There are NO code changes.

perl-Crypt-DES:

Deliver missing perl-Crypt-DES to SUSE Package Hub 15 SP4 and solve migration issues from 15 SP3. (ijsc#MSC-399)
There are NO code changes.

perl-Crypt-Rijndael:

Deliver missing perl-Crypt-Rijndaelto SUSE Package Hub 15 SP4 and solve migration issues from 15 SP3. (ijsc#MSC-399)
There are NO code changes.

perl-Net-SNMP:

Deliver missing perl-Net-SNMP to SUSE Package Hub 15 SP4 and solve migration issues from 15 SP3. (ijsc#MSC-399)
There are NO code changes.

Advisory ID	SUSE-feature-2022:3689-1
Released	Fri Oct 21 14:19:56 2022
Summary	Feature update for rpm
Type	feature
Severity	moderate
References

Description:

This feature update for rpm provides:

Support Ed25519 RPM signatures (jsc#SLE-24714, jsc#SLE-24715)

Advisory ID	SUSE-SU-2022:3690-1
Released	Fri Oct 21 15:06:45 2022
Summary	Security update for tiff
Type	security
Severity	important
References	1201723,1201971,1202026,1202466,1202467,1202468,1202968,1202971,1202973,CVE-2022-0561,CVE-2022-2519,CVE-2022-2520,CVE-2022-2521,CVE-2022-2867,CVE-2022-2868,CVE-2022-2869,CVE-2022-34266,CVE-2022-34526

Description:

This update for tiff fixes the following issues:

CVE-2022-2519: Fixed a double free in rotateImage() (bsc#1202968).
CVE-2022-2520: Fixed a assertion failure in rotateImage() (bsc#1202973).
CVE-2022-2521: Fixed invalid free in TIFFClose() (bsc#1202971).
CVE-2022-2867: Fixed out of bounds read and write in tiffcrop.c (bsc#1202466).
CVE-2022-2868: Fixed out of bounds read in reverseSamples16bits() (bsc#1202467).
CVE-2022-2869: Fixed out of bounds read and write in extractContigSamples8bits() (bsc#1202468).
CVE-2022-34526: Fixed stack overflow in the _TIFFVGetField function of Tiffsplit (bsc#1202026).

Advisory ID	SUSE-SU-2022:3692-1
Released	Fri Oct 21 16:15:07 2022
Summary	Security update for libxml2
Type	security
Severity	important
References	1204366,1204367,CVE-2022-40303,CVE-2022-40304

Description:

This update for libxml2 fixes the following issues:
- CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367).

Advisory ID	SUSE-RU-2022:3694-1
Released	Sun Oct 23 23:00:33 2022
Summary	Recommended update for lifecycle-data-sle-module-live-patching
Type	recommended
Severity	moderate
References	1020320

Description:

This update for lifecycle-data-sle-module-live-patching fixes the following issues:
Lifecycle data update. (bsc#1020320)

Added data for 4_12_14-150000_150_95, 4_12_14-150000_150_98, 4_12_14-150100_197_117, 4_12_14-150100_197_120, 5_14_21-150400_24_11, 5_14_21-150400_24_18, 5_3_18-150200_24_120, 5_3_18-150200_24_126, 5_3_18-150300_59_81, 5_3_18-150300_59_87, 5_3_18-150300_59_90.

Advisory ID	SUSE-RU-2022:3696-1
Released	Mon Oct 24 07:57:07 2022
Summary	Recommended update for drbd-utils
Type	recommended
Severity	moderate
References	1184122,1190591,1203220

Description:

This update for drbd-utils fixes the following issues:

Restore drbd scripts directory to /usr/lib/drbd from /lib/drbd (bsc#1203220)
Fix missing path /usr/var/run/drbd (bsc#1190591)

Advisory ID	SUSE-SU-2022:3711-1
Released	Mon Oct 24 16:23:52 2022
Summary	Security update for multipath-tools
Type	security
Severity	important
References	1197570,1199342,1199345,1199346,1199347,1201483,1202616,1202739,CVE-2022-41973,CVE-2022-41974

Description:

This update for multipath-tools fixes the following issues:

CVE-2022-41973: Fixed a symlink attack in multipathd. (bsc#1202739)
CVE-2022-41974: Fixed an authorization bypass issue in multipathd. (bsc#1202739)
Avoid linking to libreadline to avoid licensing issue (bsc#1202616)
libmultipath: fix find_multipaths_timeout for unknown hardware (bsc#1201483)
multipath-tools: fix 'multipath -ll' for Native NVME Multipath devices (bsc#1201483)
multipathd: don't switch to DAEMON_IDLE during startup (bsc#1199346, bsc#1197570)
multipathd: avoid delays during uevent processing (bsc#1199347)
multipathd: Don't keep starting TUR threads, if they always hang. (bsc#1199345)
Fix busy loop with delayed_reconfigure (bsc#1199342)
multipath.conf: add support for 'protocol' subsection in

'overrides' section to set certain config options by protocol.

Removed the previously deprecated options getuid_callout, config_dir, multipath_dir, pg_timeout

Add disclaimer about vendor support

Change built-in defaults for NVMe: group by prio, and immediate failback

Fixes for minor issues reported by coverity

Fix for memory leak with uid_attrs

Updates for built in hardware db

Logging improvements

multipathd: use remove_map_callback for delayed reconfigure

Fix handling of path addition in read-only arrays on NVMe

Updates of built-in hardware database

libmultipath: only warn once about unsupported dev_loss_tmo

Advisory ID	SUSE-SU-2022:3726-1
Released	Tue Oct 25 14:06:51 2022
Summary	Security update for MozillaFirefox
Type	security
Severity	important
References	1204421,CVE-2022-42927,CVE-2022-42928,CVE-2022-42929,CVE-2022-42932

Description:

This update for MozillaFirefox fixes the following issues:

Updated to version 102.4.0 ESR (bsc#1204421)
CVE-2022-42927: Fixed same-origin policy violation that could have leaked cross-origin URLs.
CVE-2022-42928: Fixed memory Corruption in JS Engine.
CVE-2022-42929: Fixed denial of Service via window.print.
CVE-2022-42932: Fixed memory safety bugs.

Advisory ID	SUSE-SU-2022:3727-1
Released	Tue Oct 25 15:38:34 2022
Summary	Security update for xen
Type	security
Severity	moderate
References	1027519,1167608,1201631,1201994,1203806,1203807,CVE-2022-33746,CVE-2022-33748

Description:

This update for xen fixes the following issues:
Updated to version 4.16.2 (bsc#1027519): - CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing (bsc#1203806). - CVE-2022-33748: Fixed DoS due to race in locking (bsc#1203807).

Bugfixes:
- Fixed Xen DomU unable to emulate audio device (bsc#1201994). - Fixed logic error in built-in default of max_event_channels (bsc#1167608, bsc#1201631).

Advisory ID	SUSE-SU-2022:3730-1
Released	Tue Oct 25 17:01:30 2022
Summary	Security update for python-paramiko
Type	security
Severity	important
References	1111151,1200603,CVE-2018-1000805

Description:

This update for python-paramiko fixes the following issues:
Updated to version 2.4.3:

CVE-2018-1000805: Fixed authentication bypass (bsc#1111151).

Bugfixes:

Fixed Ed25519 key handling for certain key comment lengths (bsc#1200603).

Advisory ID	SUSE-SU-2022:3731-1
Released	Tue Oct 25 17:10:20 2022
Summary	Security update for python-waitress
Type	security
Severity	important
References	1197255,CVE-2022-24761

Description:

This update for python-waitress fixes the following issues:

CVE-2022-24761: Fixed a bug to avoid inconsistent interpretation of HTTP requests leading to request smuggling. (bsc#1197255)

Advisory ID	SUSE-feature-2022:3732-1
Released	Tue Oct 25 17:56:45 2022
Summary	Feature update for patterns-wsl, yast2-registration and yast2-firstboot
Type	feature
Severity	important
References

Description:

This update for patterns-wsl, yast2-registration and yast2-firstboot fixes the following issues:
patterns-wsl:

Add patterns-wsl-base, patterns-wsl-system to basesystem.
Add patterns-wsl-gui to SLED.

yast2-registration:

Allow forcing registration and configuring a YAML product as installed product.

yast2-firstboot:

Add client to select product in WSL
Allow installing WSL GUI pattern

Advisory ID	SUSE-RU-2022:3733-1
Released	Wed Oct 26 07:54:07 2022
Summary	Recommended update for libheif
Type	recommended
Severity	moderate
References	1199987

Description:

This update for libheif fixes the following issues:

Add missing gdk-pixbuf loader scriptlets (bsc#1199987)

Advisory ID	SUSE-SU-2022:3745-1
Released	Wed Oct 26 10:37:11 2022
Summary	Security update for golang-github-prometheus-node_exporter
Type	security
Severity	moderate
References	1196338,CVE-2022-21698

Description:

This update for golang-github-prometheus-node_exporter fixes the following issues:
(bsc#1196338, jsc#SLE-24238, jsc#SLE-24239, jsc#SUMA-114, CVE-2022-21698)

Advisory ID	SUSE-RU-2022:3748-1
Released	Wed Oct 26 10:41:40 2022
Summary	Recommended update for salt
Type	recommended
Severity	moderate
References	1195624,1199562,1200596,1202165,1202167,1202631

Description:

This update for salt fixes the following issues:

Add Amazon EC2 detection for virtual grains (bsc#1195624)
Change the delimiters to prevent possible tracebacks on some packages with dpkg_lowpkg
Fix 'test_ipc' unit test
Fix Syndic authentication errors (bsc#1199562)
Fix state.apply in test mode with file state module on user/group checking (bsc#1202167)
Fix the regression in schedule module released in version 3004 (bsc#1202631)
Handle non-UTF-8 bytes in core grains generation (bsc#1202165)
Make zypperpkg to retry if RPM lock is temporarily unavailable (bsc#1200596)

Advisory ID	SUSE-SU-2022:3750-1
Released	Wed Oct 26 10:45:25 2022
Summary	Maintenance update for SUSE Manager 4.3: Server and Proxy
Type	security
Severity	moderate
References	1191857,1195624,1196729,1197027,1198168,1198903,1199726,1200480,1200573,1200629,1201210,1201220,1201260,1201589,1201626,1201753,1201788,1201913,1201918,1202271,1202272,1202367,1202455,1202464,1202602,1202728,1202729,1202805,1202899,1203026,1203049,1203056,1203169,1203287,1203288,1203385,1203406,1203422,1203449,1203478,1203484,1203564,1203585,1203611,CVE-2021-41411,CVE-2021-42740,CVE-2021-43138,CVE-2022-0860,CVE-2022-31129

Description:

Maintenance update for SUSE Manager 4.3: Server and Proxy

Advisory ID	SUSE-SU-2022:3767-1
Released	Wed Oct 26 11:49:43 2022
Summary	Recommended update for bind
Type	security
Severity	important
References	1201689,1203250,1203614,1203618,1203619,1203620,CVE-2022-2795,CVE-2022-3080,CVE-2022-38177,CVE-2022-38178

Description:

This update for bind fixes the following issues:
Update to release 9.16.33:

CVE-2022-2795: Fixed potential performance degredation due to missing database lookup limits when processing large delegations (bsc#1203614).
CVE-2022-3080: Fixed assertion failure when there was a stale CNAME in the cache for the incoming query and the stale-answer-client-timeout option is set to 0 (bsc#1203618).
CVE-2022-38177: Fixed a memory leak that could be externally triggered in the DNSSEC verification code for the ECDSA algorithm (bsc#1203619).
CVE-2022-38178: Fixed memory leaks that could be externally triggered in the DNSSEC verification code for the EdDSA algorithm (bsc#1203620).

Add systemd drop-in directory for named service (bsc#1201689).
Add modified createNamedConfInclude script and README-bind.chrootenv (bsc#1203250).

Feature Changes: - Response Rate Limiting (RRL) code now treats all QNAMEs that are subject to wildcard processing within a given zone as the same name, to prevent circumventing the limits enforced by RRL.

- Zones using dnssec-policy now require dynamic DNS or inline-signing to be configured explicitly.
- A backward-compatible approach was implemented for encoding internationalized domain names (IDN) in dig and converting the domain to IDNA2008 form; if that fails, BIND tries an IDNA2003 conversion.
- The DNSSEC algorithms RSASHA1 and NSEC3RSASHA1 are now automatically disabled on systems where they are disallowed by the security policy. Primary zones using those algorithms need to be migrated to new algorithms prior to running on these systems, as graceful migration to different DNSSEC algorithms is not possible when RSASHA1 is disallowed by the operating system.
- Log messages related to fetch limiting have been improved to provide more complete information. Specifically, the final counts of allowed and spilled fetches are now logged before the counter object is destroyed.
- Non-dynamic zones that inherit dnssec-policy from the view or options blocks were not marked as inline-signed and therefore never scheduled to be re-signed. This has been fixed.
- The old max-zone-ttl zone option was meant to be superseded by the max-zone-ttl option in dnssec-policy; however, the latter option was not fully effective. This has been corrected: zones no longer load if they contain TTLs greater than the limit configured in dnssec-policy. For zones with both the old max-zone-ttl option and dnssec-policy configured, the old option is ignored, and a warning is generated.
- rndc dumpdb -expired was fixed to include expired RRsets, even if stale-cache-enable is set to no and the cache-cleaning time window has passed. (jsc#SLE-24600)

Advisory ID	SUSE-SU-2022:3781-1
Released	Wed Oct 26 17:50:44 2022
Summary	Security update for container-suseconnect
Type	security
Severity	moderate
References	1204397

Description:

This update of container-suseconnect is a rebuilt of the previous sources against the current security updated go compiler.

Advisory ID	SUSE-SU-2022:3782-1
Released	Wed Oct 26 17:53:06 2022
Summary	Security update for libmad
Type	security
Severity	important
References	1036968,1036969,CVE-2017-8372,CVE-2017-8373

Description:

This update for libmad fixes the following issues:
- CVE-2017-8373: Fixed heap-based buffer overflow in mad_layer_III (bsc#1036968). - CVE-2017-8372: Fixed assertion failure in layer3.c (bsc#1036969).

Advisory ID	SUSE-SU-2022:3783-1
Released	Wed Oct 26 17:58:02 2022
Summary	Security update for telnet
Type	security
Severity	important
References	1203759,CVE-2022-39028

Description:

This update for telnet fixes the following issues:
- CVE-2022-39028: Fixed NULL pointer dereference in telnetd (bsc#1203759).

Advisory ID	SUSE-SU-2022:3784-1
Released	Wed Oct 26 18:03:28 2022
Summary	Security update for libtasn1
Type	security
Severity	critical
References	1204690,CVE-2021-46848

Description:

This update for libtasn1 fixes the following issues:

CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690)

Advisory ID	SUSE-SU-2022:3785-1
Released	Wed Oct 26 20:20:19 2022
Summary	Security update for curl
Type	security
Severity	important
References	1204383,1204386,CVE-2022-32221,CVE-2022-42916

Description:

This update for curl fixes the following issues:
- CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386).

Advisory ID	SUSE-RU-2022:3786-1
Released	Thu Oct 27 04:35:30 2022
Summary	Recommended update for perf
Type	recommended
Severity	critical
References	1198595

Description:

This update for perf fixes the following issues:

Fix patches of previous maintenance update that were not correctly applied (bsc#1198595)

Advisory ID	SUSE-RU-2022:3787-1
Released	Thu Oct 27 04:41:09 2022
Summary	Recommended update for permissions
Type	recommended
Severity	important
References	1194047,1203911

Description:

This update for permissions fixes the following issues:

Fix regression introduced by backport of security fix (bsc#1203911)
Add permissions for enlightenment helper on 32bit arches (bsc#1194047)

Advisory ID	SUSE-SU-2022:3795-1
Released	Thu Oct 27 12:45:45 2022
Summary	Security update for qemu
Type	security
Severity	moderate
References	1192115,1198038,1201367,CVE-2022-0216,CVE-2022-35414

Description:

This update for qemu fixes the following issues:

CVE-2022-0216: Fixed a use after free issue found in hw/scsi/lsi53c895a.c. (bsc#1198038)
CVE-2022-35414: Fixed an uninitialized read during address translation that leads to a crash. (bsc#1201367)

Advisory ID	SUSE-SU-2022:3800-1
Released	Thu Oct 27 14:59:35 2022
Summary	Security update for MozillaThunderbird
Type	security
Severity	important
References	1203477,1204411,1204421,CVE-2022-3155,CVE-2022-3266,CVE-2022-39236,CVE-2022-39249,CVE-2022-39250,CVE-2022-39251,CVE-2022-40956,CVE-2022-40957,CVE-2022-40958,CVE-2022-40959,CVE-2022-40960,CVE-2022-40962

Description:

This update for MozillaThunderbird fixes the following issues:

Mozilla Thunderbird 102.4.0 (bsc#1204421) * changed: Thunderbird will automatically detect and repair OpenPGP key storage corruption caused by using the profile import tool in Thunderbird 102 * fixed: POP message download into a large folder (~13000 messages) caused Thunderbird to temporarily freeze * fixed: Forwarding messages with special characters in Subject failed on Windows * fixed: Links for FileLink attachments were not added when attachment filename contained Unicode characters * fixed: Address Book display pane continued to show contacts after deletion * fixed: Printing address book did not include all contact details * fixed: CardDAV contacts without a Name property did not save to Google Contacts * fixed: 'Publish Calendar' did not work * fixed: Calendar database storage improvements * fixed: Incorrectly handled error responses from CalDAV servers sometimes caused events to disappear from calendar * fixed: Various visual and UX improvements
Mozilla Thunderbird 102.3.3 * new: Option added to show containing address book for a contact when using `All Address Books` in vertical mode (bmo#1778871) * changed: Thunderbird will try to use POP NTLM authentication even if not advertised by server (bmo#1793349) * changed: Task List and Today Pane sidebars will no longer load when not visible (bmo#1788549) * fixed: Sending a message while a recipient pill was being modified did not save changes (bmo#1779785) * fixed: Nickname column was not available in horizontal view of Address Book (bmo#1778000) * fixed: Multiline organization values were displayed across two columns in horizontal view of Address Book (bmo#1777780) * fixed: Contact vCard fields with multiple values such as Categories were truncated when saved (bmo#1792399) * fixed: ICS calendar files with a `FREEBUSY` property could not be imported (bmo#1783441) * fixed: Thunderbird would hang if calendar event exceeded the year 2035 (bmo#1789999)
Mozilla Thunderbird 102.3.2 * changed: Thunderbird will try to use POP CRAM-MD5 authentication even if not advertised by server (bmo#1789975) * fixed: Checking messages on POP3 accounts caused POP folder to lock if mail server was slow or non-responsive (bmo#1792451) * fixed: Newsgroups named with consecutive dots would not appear when refreshing list of newsgroups (bmo#1787789) * fixed: Sending news articles containing lines starting with dot were sometimes clipped (bmo#1787955) * fixed: CardDAV server sync silently failed if sync token expired (bmo#1791183) * fixed: Contacts from LDAP on macOS address books were not displayed (bmo#1791347) * fixed: Chat account input now accepts URIs for supported chat protocols (bmo#1776706) * fixed: Chat ScreenName field was not migrated to new address book (bmo#1789990) * fixed: Creating a New Event from the Today Pane used the currently selected day from the main calendar instead of from the Today Pane (bmo#1791203) * fixed: `New Event` button in Today Pane was incorrectly disabled sometimes (bmo#1792058) * fixed: Event reminder windows did not close after being dismissed or snoozed (bmo#1791228) * fixed: Improved performance of recurring event date calculation (bmo#1787677) * fixed: Quarterly calendar events on the last day of the month repeated one month early (bmo#1789362) * fixed: Thunderbird would hang if calendar event exceeded the year 2035 (bmo#1789999) * fixed: Whitespace in calendar events was incorrectly handled when upgrading from Thunderbird 91 to 102 (bmo#1790339) * fixed: Various visual and UX improvements (bmo#1755623,bmo#17 83903,bmo#1785851,bmo#1786434,bmo#1787286,bmo#1788151,bmo#178 9728,bmo#1790499)
Mozilla Thunderbird 102.3.1 * changed: Compose window encryption options now only appear for encryption technologies that have already been configured (bmo#1788988) * changed: Number of contacts in currently selected address book now displayed at bottom of Address Book list column (bmo#1745571) * fixed: Password prompt did not include server hostname for POP servers (bmo#1786920) * fixed: `Edit Contact` was missing from Contacts sidebar context menus (bmo#1771795) * fixed: Address Book contact lists cut off display of some characters, the result being unreadable (bmo#1780909) * fixed: Menu items for dark-themed alarm dialog were invisible on Windows 7 (bmo#1791738) * fixed: Various security fixes MFSA 2022-43 (bsc#1204411) * CVE-2022-39249 (bmo#1791765) Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack by malicious server administrators * CVE-2022-39250 (bmo#1791765) Matrix SDK bundled with Thunderbird vulnerable to a device verification attack * CVE-2022-39251 (bmo#1791765) Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack * CVE-2022-39236 (bmo#1791765) Matrix SDK bundled with Thunderbird vulnerable to a data corruption issue
Mozilla Thunderbird 102.3 * changed: Thunderbird will no longer attempt to import account passwords when importing from another Thunderbird profile in order to prevent profile corruption and permanent data loss. (bmo#1790605) * changed: Devtools performance profile will use Thunderbird presets instead of Web Developer presets (bmo#1785954) * fixed: Thunderbird startup performance improvements (bmo#1785967) * fixed: Saving email source and images failed (bmo#1777323,bmo#1778804) * fixed: Error message was shown repeatedly when temporary disk space was full (bmo#1788580) * fixed: Attaching OpenPGP keys without a set size to non- encrypted messages briefly displayed a size of zero bytes (bmo#1788952) * fixed: Global Search entry box initially contained 'undefined' (bmo#1780963) * fixed: Delete from POP Server mail filter rule intermittently failed to trigger (bmo#1789418) * fixed: Connections to POP3 servers without UIDL support failed (bmo#1789314) * fixed: Pop accounts with 'Fetch headers only' set downloaded complete messages if server did not advertise TOP capability (bmo#1789356) * fixed: 'File -> New -> Address Book Contact' from Compose window did not work (bmo#1782418) * fixed: Attach 'My vCard' option in compose window was not available (bmo#1787614) * fixed: Improved performance of matching a contact to an email address (bmo#1782725) * fixed: Address book only recognized a contact's first two email addresses (bmo#1777156) * fixed: Address book search and autocomplete failed if a contact vCard could not be parsed (bmo#1789793) * fixed: Downloading NNTP messages for offline use failed (bmo#1785773) * fixed: NNTP client became stuck when connecting to Public- Inbox servers (bmo#1786203) * fixed: Various visual and UX improvements (bmo#1782235,bmo#1787448,bmo#1788725,bmo#1790324) * fixed: Various security fixes * unresolved: No dedicated 'Department' field in address book (bmo#1777780) MFSA 2022-42 (bsc#1203477) * CVE-2022-3266 (bmo#1767360) Out of bounds read when decoding H264 * CVE-2022-40959 (bmo#1782211) Bypassing FeaturePolicy restrictions on transient pages * CVE-2022-40960 (bmo#1787633) Data-race when parsing non-UTF-8 URLs in threads * CVE-2022-40958 (bmo#1779993) Bypassing Secure Context restriction for cookies with __Host and __Secure prefix * CVE-2022-40956 (bmo#1770094) Content-Security-Policy base-uri bypass * CVE-2022-40957 (bmo#1777604) Incoherent instruction cache when building WASM on ARM64 * CVE-2022-3155 (bmo#1789061) Attachment files saved to disk on macOS could be executed without warning * CVE-2022-40962 (bmo#1776655, bmo#1777574, bmo#1784835, bmo#1785109, bmo#1786502, bmo#1789440) Memory safety bugs fixed in Thunderbird 102.3

Advisory ID	SUSE-SU-2022:3802-1
Released	Thu Oct 27 16:26:44 2022
Summary	Security update for openjpeg2
Type	security
Severity	important
References	1140205,1149789,1179594,1179821,1180042,1180043,1180044,1180046,CVE-2018-20846,CVE-2018-21010,CVE-2020-27814,CVE-2020-27824,CVE-2020-27841,CVE-2020-27842,CVE-2020-27843,CVE-2020-27845

Description:

This update for openjpeg2 fixes the following issues:
- CVE-2018-20846: Fixed OOB read in pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c (bsc#1140205). - CVE-2018-21010: Fixed heap buffer overflow in color_apply_icc_profile in bin/common/color.c (bsc#1149789). - CVE-2020-27814: Fixed heap buffer overflow in lib/openjp2/mqc.c (bsc#1179594), - CVE-2020-27824: Fixed OOB read in opj_dwt_calc_explicit_stepsizes() (bsc#1179821). - CVE-2020-27841: Fixed buffer over-read in lib/openjp2/pi.c (bsc#1180042). - CVE-2020-27842: Fixed null pointer dereference in opj_tgt_reset function in lib/openjp2/tgt.c (bsc#1180043). - CVE-2020-27843: Fixed OOB read in opj_t2_encode_packet function in openjp2/t2.c (bsc#1180044). - CVE-2020-27845: Fixed heap-based buffer over-read in functions opj_pi_next_rlcp, opj_pi_next_rpcl and opj_pi_next_lrcp in openjp2/pi.c (bsc#1180046).

Advisory ID	SUSE-SU-2022:3806-1
Released	Thu Oct 27 17:21:11 2022
Summary	Security update for dbus-1
Type	security
Severity	important
References	1087072,1204111,1204112,1204113,CVE-2022-42010,CVE-2022-42011,CVE-2022-42012

Description:

This update for dbus-1 fixes the following issues:
- CVE-2022-42010: Fixed potential crash that could be triggered by an invalid signature (bsc#1204111). - CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112). - CVE-2022-42012: Fixed a use-after-free that could be trigged by a message in non-native endianness with out-of-band Unix file descriptor (bsc#1204113).
Bugfixes:
- Disable asserts (bsc#1087072).

Advisory ID	SUSE-RU-2022:3811-1
Released	Mon Oct 31 09:43:58 2022
Summary	Recommended update for ovmf
Type	recommended
Severity	moderate
References	1199156,1203825

Description:

This update for ovmf fixes the following issues:

Disable option ROM on sev (bsc#1199156)
Fix detection issue of NVME controller (bsc#1203825)

Advisory ID	SUSE-RU-2022:3812-1
Released	Mon Oct 31 09:44:26 2022
Summary	Recommended update for sudo
Type	recommended
Severity	moderate
References	1177578

Description:

This update for sudo fixes the following issues:

Removed redundant and confusing 'secure_path' settings in sudo-sudoers file

(bsc#1177578).

Advisory ID	SUSE-RU-2022:3814-1
Released	Mon Oct 31 09:45:29 2022
Summary	Recommended update for sapstartsrv-resource-agents and supportutils-plugin-ha-sap
Type	recommended
Severity	moderate
References	1203202

Description:

This update for sapstartsrv-resource-agents and supportutils-plugin-ha-sap fixes the following issues:
sapstartsrv-resource-agents:

Version bump to 0.9.1
man page updates based on customer feedback
remove 'BuildRequire python3-mock' as this is no longer needed for the tests

supportutils-plugin-ha-sap:

Update to version 0.0.4
fix basic support for saptune
add saptune version 3 awareness and add a hint for the new saptune supportconfig (bsc#1203202)

Advisory ID	SUSE-RU-2022:3818-1
Released	Mon Oct 31 12:49:04 2022
Summary	Recommended update for rabbitmq-server
Type	recommended
Severity	important
References	1199431

Description:

This update for rabbitmq-server fixes the following issues:

Ensure maintenance mode state table exists after node [re]boot (bsc#1199431)

Advisory ID	SUSE-SU-2022:3820-1
Released	Mon Oct 31 12:52:56 2022
Summary	Security update for podman
Type	security
Severity	moderate
References	1202809,CVE-2022-2989

Description:

This update for podman fixes the following issues:

CVE-2022-2989: Fixed possible information disclosure and modification (bsc#1202809).

Advisory ID	SUSE-RU-2022:3822-1
Released	Mon Oct 31 23:53:38 2022
Summary	Recommended update for adcli
Type	recommended
Severity	moderate
References	1202647

Description:

This update for adcli fixes the following issues:

Remove errx() calls on error conditions to execute the cleanup function and delete the krb5 snippets created in /tmp (bsc#1202647)
Set umask before calling mkdtemp (bsc#1202647)

Advisory ID	SUSE-SU-2022:3825-1
Released	Tue Nov 1 08:52:52 2022
Summary	Security update for hdf5
Type	security
Severity	important
References	1093663,1101475,1101906,1107069,1111598,1125882,1167400,1194366,1194375,1195212,1195215,CVE-2018-11205,CVE-2018-13867,CVE-2018-14031,CVE-2018-16438,CVE-2018-17439,CVE-2019-8396,CVE-2020-10812,CVE-2021-45830,CVE-2021-45833,CVE-2021-46242,CVE-2021-46244

Description:

This update for hdf5 fixes the following issues:
- CVE-2021-46244: Fixed division by zero leading to DoS (bsc#1195215). - CVE-2018-13867: Fixed out of bounds read in the function H5F__accum_read in H5Faccum.c (bsc#1101906). - CVE-2018-16438: Fixed out of bounds read in H5L_extern_query at H5Lexternal.c (bsc#1107069). - CVE-2020-10812: Fixed NULL pointer dereference (bsc#1167400). - CVE-2021-45830: Fixed heap buffer overflow vulnerability in H5F_addr_decode_len in /hdf5/src/H5Fint.c (bsc#1194375). - CVE-2019-8396: Fixed buffer overflow in function H5O__layout_encode in H5Olayout.c (bsc#1125882). - CVE-2018-11205: Fixed out of bounds read was discovered in H5VM_memcpyvv in H5VM.c (bsc#1093663). - CVE-2021-46242: Fixed heap-use-after free via the component H5AC_unpin_entry (bsc#1195212). - CVE-2021-45833: Fixed stack buffer overflow vulnerability (bsc#1194366). - CVE-2018-14031: Fixed heap-based buffer over-read in the function H5T_copy in H5T.c (bsc#1101475). - CVE-2018-17439: Fixed out of bounds read in the function H5F__accum_read in H5Faccum.c (bsc#1111598).

Advisory ID	SUSE-feature-2022:3842-1
Released	Tue Nov 1 15:21:19 2022
Summary	Recommended update for yast2-firstboot
Type	feature
Severity	important
References

Description:

This update for yast2-firstboot fixes the following issues:

Compute properly dependencies of WSL GUI pattern (jsc#PM-3439)

Advisory ID	SUSE-SU-2022:3843-1
Released	Tue Nov 1 17:40:13 2022
Summary	Security update for openssl-3
Type	security
Severity	critical
References	1204226,1204714,CVE-2022-3358,CVE-2022-3602,CVE-2022-3786

Description:

This update for openssl-3 fixes the following issues:

CVE-2022-3358: Fixed vulnerability where a custom cipher passed to EVP_CipherInit() could lead into NULL encryption being unexpectedly used (bsc#1204226).
CVE-2022-3602: Fixed a buffer overflow in the X.509 email address. (bsc#1204714)
CVE-2022-3786: Fixed another buffer overflow related to X.509 email address. (bsc#1204714)

Advisory ID	SUSE-SU-2022:3844-1
Released	Tue Nov 1 18:20:11 2022
Summary	Security update for the Linux Kernel
Type	security
Severity	important
References	1185032,1190497,1194023,1194869,1195917,1196444,1196869,1197659,1198189,1200288,1200622,1201309,1201310,1201987,1202095,1202960,1203039,1203066,1203101,1203197,1203263,1203338,1203360,1203361,1203389,1203410,1203505,1203552,1203664,1203693,1203699,1203767,1203769,1203770,1203794,1203798,1203893,1203902,1203906,1203908,1203935,1203939,1203987,1203992,1204051,1204059,1204060,1204125,CVE-2022-1263,CVE-2022-2586,CVE-2022-3202,CVE-2022-32296,CVE-2022-3239,CVE-2022-3303,CVE-2022-39189,CVE-2022-41218,CVE-2022-41674,CVE-2022-41848,CVE-2022-41849,CVE-2022-42719,CVE-2022-42720,CVE-2022-42721,CVE-2022-42722

Description:

The SUSE Linux Enterprise 15 SP4 kernel was updated.
The following security bugs were fixed:

CVE-2022-3303: Fixed a race condition in the sound subsystem due to improper locking (bnc#1203769).
CVE-2022-41218: Fixed an use-after-free caused by refcount races in drivers/media/dvb-core/dmxdev.c (bnc#1202960).
CVE-2022-3239: Fixed an use-after-free in the video4linux driver that could lead a local user to able to crash the system or escalate their privileges (bnc#1203552).
CVE-2022-41848: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl (bnc#1203987).
CVE-2022-41849: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open (bnc#1203992).
CVE-2022-41674: Fixed a DoS issue where kernel can crash on the reception of specific WiFi Frames (bsc#1203770).
CVE-2022-1263: Fixed a NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allowed an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service (bnc#1198189).
CVE-2022-32296: Fixed a bug which allowed TCP servers to identify clients by observing what source ports are used (bnc#1200288).
CVE-2022-3202: Fixed a NULL pointer dereference flaw in Journaled File System. This could allow a local attacker to crash the system or leak kernel internal information (bnc#1203389).
CVE-2022-39189: Fixed a bug in the x86 KVM subsystem which allows unprivileged guest users to compromise the guest kernel because TLB flush operations are mishandled (bnc#1203066).
CVE-2022-2586: Fixed a use-after-free which can be triggered when a nft table is deleted (bnc#1202095).
CVE-2022-42722: Fixed crash in beacon protection for P2P-device. (bsc#1204125)
CVE-2022-42719: Fixed MBSSID parsing use-after-free. (bsc#1204051)
CVE-2022-42721: Avoid nontransmitted BSS list corruption. (bsc#1204060)
CVE-2022-42720: Fixed BSS refcounting bugs. (bsc#1204059)

The following non-security bugs were fixed:

ACPI / scan: Create platform device for CS35L41 (bsc#1203699).
ACPI: processor idle: Practically limit 'Dummy wait' workaround to old Intel systems (bsc#1203767).
ACPI: resource: skip IRQ override on AMD Zen platforms (git-fixes).
ACPI: scan: Add CLSA0101 Laptop Support (bsc#1203699).
ACPI: utils: Add api to read _SUB from ACPI (bsc#1203699).
ALSA: aloop: Fix random zeros in capture data when using jiffies timer (git-fixes).
ALSA: core: Fix double-free at snd_card_new() (git-fixes).
ALSA: cs35l41: Check hw_config before using it (bsc#1203699).
ALSA: cs35l41: Enable Internal Boost in shared lib (bsc#1203699).
ALSA: cs35l41: Move cs35l41_gpio_config to shared lib (bsc#1203699).
ALSA: cs35l41: Unify hardware configuration (bsc#1203699).
ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() (git-fixes).
ALSA: hda: add Intel 5 Series / 3400 PCI DID (git-fixes).
ALSA: hda: cs35l41: Add Amp Name based on channel and index (bsc#1203699).
ALSA: hda: cs35l41: Add Boost type flag (bsc#1203699).
ALSA: hda: cs35l41: Add calls to newly added test key function (bsc#1203699).
ALSA: hda: cs35l41: Add defaulted values into dsp bypass config sequence (bsc#1203699).
ALSA: hda: cs35l41: Add initial DSP support and firmware loading (bsc#1203699).
ALSA: hda: cs35l41: Add missing default cases (bsc#1203699).
ALSA: hda: cs35l41: Add module parameter to control firmware load (bsc#1203699).
ALSA: hda: cs35l41: Add support for CS35L41 in HDA systems (bsc#1203699).
ALSA: hda: cs35l41: Add Support for Interrupts (bsc#1203699).
ALSA: hda: cs35l41: Allow compilation test on non-ACPI configurations (bsc#1203699).
ALSA: hda: cs35l41: Always configure the DAI (bsc#1203699).
ALSA: hda: cs35l41: Avoid overwriting register patch (bsc#1203699).
ALSA: hda: cs35l41: Clarify support for CSC3551 without _DSD Properties (bsc#1203699).
ALSA: hda: cs35l41: Consolidate selections under SND_HDA_SCODEC_CS35L41 (bsc#1203699).
ALSA: hda: cs35l41: Do not dereference fwnode handle (bsc#1203699).
ALSA: hda: cs35l41: Drop wrong use of ACPI_PTR() (bsc#1203699).
ALSA: hda: cs35l41: Enable GPIO2 Interrupt for CLSA0100 laptops (bsc#1203699).
ALSA: hda: cs35l41: Fix comments wrt serial-multi-instantiate reference (bsc#1203699).
ALSA: hda: cs35l41: fix double free on error in probe() (bsc#1203699).
ALSA: hda: cs35l41: Fix error in spi cs35l41 hda driver name (bsc#1203699).
ALSA: hda: cs35l41: Fix I2S params comments (bsc#1203699).
ALSA: hda: cs35l41: Handle all external boost setups the same way (bsc#1203699).
ALSA: hda: cs35l41: Improve dev_err_probe() messaging (bsc#1203699).
ALSA: hda: cs35l41: Make cs35l41_hda_remove() return void (bsc#1203699).
ALSA: hda: cs35l41: Make use of the helper function dev_err_probe() (bsc#1203699).
ALSA: hda: cs35l41: Move boost config to initialization code (bsc#1203699).
ALSA: hda: cs35l41: Move cs35l41* calls to its own symbol namespace (bsc#1203699).
ALSA: hda: cs35l41: Move external boost handling to lib for ASoC use (bsc#1203699).
ALSA: hda: cs35l41: Mute the device before shutdown (bsc#1203699).
ALSA: hda: cs35l41: Put the device into safe mode for external boost (bsc#1203699).
ALSA: hda: cs35l41: Read Speaker Calibration data from UEFI variables (bsc#1203699).
ALSA: hda: cs35l41: Remove cs35l41_hda_reg_sequence struct (bsc#1203699).
ALSA: hda: cs35l41: Remove Set Channel Map api from binding (bsc#1203699).
ALSA: hda: cs35l41: Reorganize log for playback actions (bsc#1203699).
ALSA: hda: cs35l41: Save codec object inside component struct (bsc#1203699).
ALSA: hda: cs35l41: Save Subsystem ID inside CS35L41 Driver (bsc#1203699).
ALSA: hda: cs35l41: Set Speaker Position for CLSA0100 Laptop (bsc#1203699).
ALSA: hda: cs35l41: Support CLSA0101 (bsc#1203699).
ALSA: hda: cs35l41: Support Firmware switching and reloading (bsc#1203699).
ALSA: hda: cs35l41: Support Hibernation during Suspend (bsc#1203699).
ALSA: hda: cs35l41: Support multiple load paths for firmware (bsc#1203699).
ALSA: hda: cs35l41: Support reading subsystem id from ACPI (bsc#1203699).
ALSA: hda: cs35l41: Support Speaker ID for laptops (bsc#1203699).
ALSA: hda: cs35l41: Tidyup code (bsc#1203699).
ALSA: hda: cs35l41: Use the CS35L41 HDA internal define (bsc#1203699).
ALSA: hda: Fix dependencies of CS35L41 on SPI/I2C buses (bsc#1203699).
ALSA: hda: Fix dependency on ASoC cs35l41 codec (bsc#1203699).
ALSA: hda: Fix hang at HD-audio codec unbinding due to refcount saturation (git-fixes).
ALSA: hda: Fix Nvidia dp infoframe (git-fixes).
ALSA: hda: hda_cs_dsp_ctl: Add apis to write the controls directly (bsc#1203699).
ALSA: hda: hda_cs_dsp_ctl: Add fw id strings (bsc#1203699).
ALSA: hda: hda_cs_dsp_ctl: Add Library to support CS_DSP ALSA controls (bsc#1203699).
ALSA: hda: intel-dsp-config: Add RaptorLake PCI IDs (jsc#PED-720).
ALSA: hda/cs8409: Add new Dolphin HW variants (bsc#1203699).
ALSA: hda/cs8409: Add Speaker Playback Switch for Cyborg (bsc#1203699).
ALSA: hda/cs8409: Add Speaker Playback Switch for Warlock (bsc#1203699).
ALSA: hda/cs8409: change cs8409_fixups v.pins initializers to static (bsc#1203699).
ALSA: hda/cs8409: Disable HSBIAS_SENSE_EN for Cyborg (bsc#1203699).
ALSA: hda/cs8409: Fix Full Scale Volume setting for all variants (bsc#1203699).
ALSA: hda/cs8409: Fix Warlock to use mono mic configuration (bsc#1203699).
ALSA: hda/cs8409: Re-order quirk table into ascending order (bsc#1203699).
ALSA: hda/cs8409: Support manual mode detection for CS42L42 (bsc#1203699).
ALSA: hda/cs8409: Support new Dolphin Variants (bsc#1203699).
ALSA: hda/cs8409: Support new Odin Variants (bsc#1203699).
ALSA: hda/cs8409: Support new Warlock MLK Variants (bsc#1203699).
ALSA: hda/cs8409: Use general cs42l42 include in cs8409 hda driver (bsc#1203699).
ALSA: hda/realtek: Add a quirk for HP OMEN 16 (8902) mute LED (git-fixes).
ALSA: hda/realtek: Add CS35L41 support for Thinkpad laptops (bsc#1203699).
ALSA: hda/realtek: Add mute and micmut LED support for Zbook Fury 17 G9 (bsc#1203699).
ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack (git-fixes).
ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack (git-fixes).
ALSA: hda/realtek: Add quirk for ASUS GA503R laptop (git-fixes).
ALSA: hda/realtek: Add quirk for HP Zbook Firefly 14 G9 model (bsc#1203699).
ALSA: hda/realtek: Add quirk for Huawei WRT-WX9 (git-fixes).
ALSA: hda/realtek: Add quirk for Lenovo Yoga7 14IAL7 (bsc#1203699).
ALSA: hda/realtek: Add quirks for ASUS Zenbooks using CS35L41 (bsc#1203699).
ALSA: hda/realtek: Add support for HP Laptops (bsc#1203699).
ALSA: hda/realtek: Add support for Legion 7 16ACHg6 laptop (bsc#1203699).
ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop (git-fixes).
ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5570 laptop (git-fixes).
ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook 845/865 G9 (bsc#1203699).
ALSA: hda/realtek: Enable mute/micmute LEDs support for HP Laptops (bsc#1203699).
ALSA: hda/realtek: Enable speaker and mute LEDs for HP laptops (bsc#1203699).
ALSA: hda/realtek: Fix LED on Zbook Studio G9 (bsc#1203699).
ALSA: hda/realtek: Fix mute led issue on thinkpad with cs35l41 s-codec (bsc#1203699).
ALSA: hda/realtek: More robust component matching for CS35L41 (bsc#1203699).
ALSA: hda/realtek: Re-arrange quirk table entries (git-fixes).
ALSA: hda/sigmatel: Fix unused variable warning for beep power change (git-fixes).
ALSA: hda/tegra: Add Tegra234 hda driver support (git-fixes).
ALSA: hda/tegra: Align BDL entry to 4KB boundary (git-fixes).
ALSA: hda/tegra: set depop delay for tegra (git-fixes).
ALSA: hda/tegra: Update scratch reg. communication (git-fixes).
ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC (git-fixes).
ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() (git-fixes).
ALSA: usb-audio: Inform the delayed registration more properly (git-fixes).
ALSA: usb-audio: Register card again for iface over delayed_register option (git-fixes).
ALSA: usb-audio: Split endpoint setups for hw_params and prepare (git-fixes).
ARM: dts: am33xx: Fix MMCHS0 dma properties (git-fixes).
ARM: dts: imx: align SPI NOR node name with dtschema (git-fixes).
ARM: dts: imx6qdl-kontron-samx6i: fix spi-flash compatible (git-fixes).
arm64: dts: qcom: sm8350: fix UFS PHY serdes size (git-fixes).
arm64: dts: rockchip: Fix typo in lisense text for PX30.Core (git-fixes).
arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob (git-fixes).
arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma (git-fixes).
arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz (git-fixes).
arm64: errata: Add Cortex-A510 to the repeat tlbi list (git-fixes) Enable this errata fix configuration option to arm64/default.
arm64: kexec_file: use more system keyrings to verify kernel image signature (bsc#1196444).
arm64: lib: Import latest version of Arm Optimized Routines' strcmp (git-fixes)
arm64: select TRACE_IRQFLAGS_NMI_SUPPORT (git-fixes)
arm64: topology: fix possible overflow in amu_fie_setup() (git-fixes).
ASoC: cs35l41: Add ASP TX3/4 source to register patch (bsc#1203699).
ASoC: cs35l41: Add bindings for CS35L41 (bsc#1203699).
ASoC: cs35l41: Add common cs35l41 enter hibernate function (bsc#1203699).
ASoC: cs35l41: Add cs35l51/53 IDs (bsc#1203699).
ASoC: cs35l41: Add endianness flag in snd_soc_component_driver (bsc#1203699).
ASoC: cs35l41: Add one more variable in the debug log (bsc#1203699).
ASoC: cs35l41: Add one more variable in the debug log (bsc#1203699).
ASoC: cs35l41: Add support for CLSA3541 ACPI device ID (bsc#1203699).
ASoC: cs35l41: Add support for hibernate memory retention mode (bsc#1203699).
ASoC: cs35l41: Binding fixes (bsc#1203699).
ASoC: cs35l41: Change monitor widgets to siggens (bsc#1203699).
ASoC: cs35l41: Combine adjacent register writes (bsc#1203699).
ASoC: cs35l41: Convert tables to shared source code (bsc#1203699).
ASoC: cs35l41: Correct DSP power down (bsc#1203699).
ASoC: cs35l41: Correct handling of some registers in the cache (bsc#1203699).
ASoC: cs35l41: Correct some control names (bsc#1203699).
ASoC: cs35l41: Create shared function for boost configuration (bsc#1203699).
ASoC: cs35l41: Create shared function for errata patches (bsc#1203699).
ASoC: cs35l41: Create shared function for setting channels (bsc#1203699).
ASoC: cs35l41: CS35L41 Boosted Smart Amplifier (bsc#1203699).
ASoC: cs35l41: Do not overwrite returned error code (bsc#1203699).
ASoC: cs35l41: Do not print error when waking from hibernation (bsc#1203699).
ASoC: cs35l41: Document CS35l41 External Boost (bsc#1203699).
ASoC: cs35l41: DSP Support (bsc#1203699).
ASoC: cs35l41: Fix a bunch of trivial code formating/style issues (bsc#1203699).
ASoC: cs35l41: Fix a shift-out-of-bounds warning found by UBSAN (bsc#1203699).
ASoC: cs35l41: Fix an out-of-bounds access in otp_packed_element_t (bsc#1203699).
ASoC: cs35l41: Fix DSP mbox start command and global enable order (bsc#1203699).
ASoC: cs35l41: Fix GPIO2 configuration (bsc#1203699).
ASoC: cs35l41: Fix link problem (bsc#1203699).
ASoC: cs35l41: Fix max number of TX channels (bsc#1203699).
ASoC: cs35l41: Fix undefined reference to core functions (bsc#1203699).
ASoC: cs35l41: Fix use of an uninitialised variable (bsc#1203699).
ASoC: cs35l41: Fixup the error messages (bsc#1203699).
ASoC: cs35l41: Make cs35l41_remove() return void (bsc#1203699).
ASoC: cs35l41: Move cs_dsp config struct into shared code (bsc#1203699).
ASoC: cs35l41: Move cs35l41 exit hibernate function into shared code (bsc#1203699).
ASoC: cs35l41: Move cs35l41 fs errata into shared code (bsc#1203699).
ASoC: cs35l41: Move cs35l41_otp_unpack to shared code (bsc#1203699).
ASoC: cs35l41: Move cs35l41_set_cspl_mbox_cmd to shared code (bsc#1203699).
ASoC: cs35l41: Move power initializations to reg_sequence (bsc#1203699).
ASoC: cs35l41: Read System Name from ACPI _SUB to identify firmware (bsc#1203699).
ASoC: cs35l41: Remove incorrect comment (bsc#1203699).
ASoC: cs35l41: Remove unnecessary param (bsc#1203699).
ASoC: cs35l41: Set the max SPI speed for the whole device (bsc#1203699).
ASoC: cs35l41: Support external boost (bsc#1203699).
ASoC: cs35l41: Update handling of test key registers (bsc#1203699).
ASoC: cs35l41: Use regmap_read_poll_timeout to wait for OTP boot (bsc#1203699).
ASoC: cs42l42: Add control for audio slow-start switch (bsc#1203699).
ASoC: cs42l42: Add warnings about DETECT_MODE and PLL_START (bsc#1203699).
ASoC: cs42l42: Allow time for HP/ADC to power-up after enable (bsc#1203699).
ASoC: cs42l42: Always enable TS_PLUG and TS_UNPLUG interrupts (bsc#1203699).
ASoC: cs42l42: Change jack_detect_mutex to a lock of all IRQ handling (bsc#1203699).
ASoC: cs42l42: Do not claim to support 192k (bsc#1203699).
ASoC: cs42l42: Do not reconfigure the PLL while it is running (bsc#1203699).
ASoC: cs42l42: Fix WARN in remove() if running without an interrupt (bsc#1203699).
ASoC: cs42l42: free_irq() before powering-down on probe() fail (bsc#1203699).
ASoC: cs42l42: Handle system suspend (bsc#1203699).
ASoC: cs42l42: Implement Manual Type detection as fallback (bsc#1203699).
ASoC: cs42l42: Mark OSC_SWITCH_STATUS register volatile (bsc#1203699).
ASoC: cs42l42: Minor fix all errors reported by checkpatch.pl script (bsc#1203699).
ASoC: cs42l42: Move CS42L42 register descriptions to general include (bsc#1203699).
ASoC: cs42l42: Only report button state if there was a button interrupt (git-fixes).
ASoC: cs42l42: Prevent NULL pointer deref in interrupt handler (bsc#1203699).
ASoC: cs42l42: Remove redundant pll_divout member (bsc#1203699).
ASoC: cs42l42: Remove redundant writes to DETECT_MODE (bsc#1203699).
ASoC: cs42l42: Remove redundant writes to RS_PLUG/RS_UNPLUG masks (bsc#1203699).
ASoC: cs42l42: Remove unused runtime_suspend/runtime_resume callbacks (bsc#1203699).
ASoC: cs42l42: Report full jack status when plug is detected (bsc#1203699).
ASoC: cs42l42: Report initial jack state (bsc#1203699).
ASoC: cs42l42: Reset and power-down on remove() and failed probe() (bsc#1203699).
ASoC: cs42l42: Set correct SRC MCLK (bsc#1203699).
ASoC: cs42l42: Simplify reporting of jack unplug (bsc#1203699).
ASoC: cs42l42: Use PLL for SCLK > 12.288MHz (bsc#1203699).
ASoC: cs42l42: Use two thresholds and increased wait time for manual type detection (bsc#1203699).
ASoC: dt-bindings: cs42l42: Convert binding to yaml (bsc#1203699).
ASoC: imx-card: Fix refcount issue with of_node_put (git-fixes).
ASoC: mchp-spdiftx: Fix clang -Wbitfield-constant-conversion (git-fixes).
ASoC: mchp-spdiftx: remove references to mchp_i2s_caps (git-fixes).
ASoC: nau8824: Fix semaphore unbalance at error paths (git-fixes).
ASoC: qcom: sm8250: add missing module owner (git-fixes).
ASoC: SOF: Intel: pci-tgl: add ADL-PS support (jsc#PED-720).
ASoC: SOF: Intel: pci-tgl: add RPL-P support (jsc#PED-720).
ASoC: SOF: Intel: pci-tgl: add RPL-S support (jsc#PED-652).
ASoC: tas2770: Reinit regcache on reset (git-fixes).
ASoC: wm_adsp: Add support for 'toggle' preloaders (bsc#1203699).
ASoC: wm_adsp: Add trace caps to speaker protection FW (bsc#1203699).
ASoC: wm_adsp: Cancel ongoing work when removing controls (bsc#1203699).
ASoC: wm_adsp: Compressed stream DSP memory structs should be __packed (bsc#1203699).
ASoC: wm_adsp: Correct control read size when parsing compressed buffer (bsc#1203699).
ASoC: wm_adsp: Expand firmware loading search options (bsc#1203699).
ASoC: wm_adsp: Fix event for preloader (bsc#1203699).
ASoC: wm_adsp: Introduce cs_dsp logging macros (bsc#1203699).
ASoC: wm_adsp: Make compressed buffers optional (bsc#1203699).
ASoC: wm_adsp: Minor clean and redundant code removal (bsc#1203699).
ASoC: wm_adsp: Move check for control existence (bsc#1203699).
ASoC: wm_adsp: Move check of dsp->running to better place (bsc#1203699).
ASoC: wm_adsp: move firmware loading to client (bsc#1203699).
ASoC: wm_adsp: Move sys_config_size to wm_adsp (bsc#1203699).
ASoC: wm_adsp: Pass firmware names as parameters when starting DSP core (bsc#1203699).
ASoC: wm_adsp: remove a repeated including (bsc#1203699).
ASoC: wm_adsp: Remove pointless string comparison (bsc#1203699).
ASoC: wm_adsp: Remove the wmfw_add_ctl helper function (bsc#1203699).
ASoC: wm_adsp: Remove use of snd_ctl_elem_type_t (bsc#1203699).
ASoC: wm_adsp: Rename generic DSP support (bsc#1203699).
ASoC: wm_adsp: Separate generic cs_dsp_coeff_ctl handling (bsc#1203699).
ASoC: wm_adsp: Separate some ASoC and generic functions (bsc#1203699).
ASoC: wm_adsp: Separate wm_adsp specifics in cs_dsp_client_ops (bsc#1203699).
ASoC: wm_adsp: Split DSP power operations into helper functions (bsc#1203699).
ASoC: wm_adsp: Split out struct cs_dsp from struct wm_adsp (bsc#1203699).
ASoC: wm_adsp: Switch to using wm_coeff_read_ctrl for compressed buffers (bsc#1203699).
ASoC: wm_adsp: wm_adsp_control_add() error: uninitialized symbol 'ret' (bsc#1203699).
batman-adv: Fix hang up with small MTU hard-interface (git-fixes).
Bluetooth: btusb: mediatek: fix WMT failure during runtime suspend (git-fixes).
Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure (git-fixes).
Bluetooth: hci_core: Fix not handling link timeouts propertly (git-fixes).
bnx2x: fix built-in kernel driver load failure (git-fixes).
bnx2x: fix driver load from initrd (git-fixes).
btrfs: fix relocation crash due to premature return from btrfs_commit_transaction() (bsc#1203360).
btrfs: fix space cache corruption and potential double allocations (bsc#1203361).
can: gs_usb: gs_can_open(): fix race dev->can.state condition (git-fixes).
can: rx-offload: can_rx_offload_init_queue(): fix typo (git-fixes).
cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all() (bsc#1196869).
cgroup: cgroup_get_from_id() must check the looked-up kn is a directory (bsc#1203906).
cgroup: Fix race condition at rebind_subsystems() (bsc#1203902).
cgroup: Fix threadgroup_rwsem cpus_read_lock() deadlock (bsc#1196869).
clk: bcm: rpi: Prevent out-of-bounds access (git-fixes).
clk: bcm: rpi: Use correct order for the parameters of devm_kcalloc() (git-fixes).
clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks (git-fixes).
clk: ingenic-tcu: Properly enable registers before accessing timers (git-fixes).
clk: iproc: Do not rely on node name for correct PLL setup (git-fixes).
constraints: increase disk space for all architectures References: bsc#1203693 aarch64 is already suffering. SLE15-SP5 x86_64 stats show that it is very close to the limit.
crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes)
cs-dsp and serial-multi-instantiate enablement (bsc#1203699)
dmaengine: idxd: add helper for per interrupt handle drain (jsc#PED-682).
dmaengine: idxd: add knob for enqcmds retries (jsc#PED-755).
dmaengine: idxd: change MSIX allocation based on per wq activation (jsc#PED-664).
dmaengine: idxd: create locked version of idxd_quiesce() call (jsc#PED-682).
dmaengine: idxd: embed irq_entry in idxd_wq struct (jsc#PED-664).
dmaengine: idxd: fix descriptor flushing locking (jsc#PED-664).
dmaengine: idxd: fix retry value to be constant for duration of function call (git-fixes).
dmaengine: idxd: handle interrupt handle revoked event (jsc#PED-682).
dmaengine: idxd: handle invalid interrupt handle descriptors (jsc#PED-682).
dmaengine: idxd: int handle management refactoring (jsc#PED-682).
dmaengine: idxd: match type for retries var in idxd_enqcmds() (git-fixes).
dmaengine: idxd: move interrupt handle assignment (jsc#PED-682).
dmaengine: idxd: rework descriptor free path on failure (jsc#PED-682).
dmaengine: idxd: set defaults for wq configs (jsc#PED-688).
dmaengine: idxd: update IAA definitions for user header (jsc#PED-763).
dmaengine: ti: k3-udma-private: Fix refcount leak bug in of_xudma_dev_get() (git-fixes).
docs: i2c: i2c-topology: fix incorrect heading (git-fixes).
dpaa2-ptp: Fix refcount leak in dpaa2_ptp_probe (git-fixes).
drm/amd/amdgpu: fixing read wrong pf2vf data in SRIOV (git-fixes).
drm/amd/amdgpu: skip ucode loading if ucode_size == 0 (git-fixes).
drm/amd/display: Limit user regamma to a valid value (git-fixes).
drm/amd/display: Mark dml30's UseMinimumDCFCLK() as noinline for stack usage (git-fixes).
drm/amd/display: Reduce number of arguments of dml31's CalculateFlipSchedule() (git-fixes).
drm/amd/display: Reduce number of arguments of dml31's CalculateWatermarksAndDRAMSpeedChangeSupport() (git-fixes).
drm/amd/pm: disable BACO entry/exit completely on several sienna cichlid cards (git-fixes).
drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup (git-fixes).
drm/amdgpu: do not register a dirty callback for non-atomic (git-fixes).
drm/amdgpu: make sure to init common IP before gmc (git-fixes).
drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly (git-fixes).
drm/amdgpu: move nbio ih_doorbell_range() into ih code for vega (git-fixes).
drm/amdgpu: move nbio sdma_doorbell_range() into sdma code for vega (git-fixes).
drm/amdgpu: Move psp_xgmi_terminate call from amdgpu_xgmi_remove_device to psp_hw_fini (git-fixes).
drm/amdgpu: Separate vf2pf work item init from virt data exchange (git-fixes).
drm/amdgpu: use dirty framebuffer helper (git-fixes).
drm/bridge: display-connector: implement bus fmts callbacks (git-fixes).
drm/bridge: lt8912b: add vsync hsync (git-fixes).
drm/bridge: lt8912b: fix corrupted image output (git-fixes).
drm/bridge: lt8912b: set hdmi or dvi mode (git-fixes).
drm/gem: Fix GEM handle release errors (git-fixes).
drm/gma500: Fix BUG: sleeping function called from invalid context errors (git-fixes).
drm/i915: Implement WaEdpLinkRateDataReload (git-fixes).
drm/i915: Skip wm/ddb readout for disabled pipes (git-fixes).
drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk (git-fixes).
drm/i915/gt: Restrict forced preemption to the active context (git-fixes).
drm/mediatek: dsi: Add atomic {destroy,duplicate}_state, reset callbacks (git-fixes).
drm/mediatek: dsi: Move mtk_dsi_stop() call back to mtk_dsi_poweroff() (git-fixes).
drm/meson: Correct OSD1 global alpha value (git-fixes).
drm/meson: Fix OSD1 RGB to YCbCr coefficient (git-fixes).
drm/msm/rd: Fix FIFO-full deadlock (git-fixes).
drm/panel: simple: Fix innolux_g121i1_l01 bus_format (git-fixes).
drm/panfrost: devfreq: set opp to the recommended one to configure regulator (git-fixes).
drm/radeon: add a force flush to delay work when radeon (git-fixes).
drm/rockchip: Fix return type of cdn_dp_connector_mode_valid (git-fixes).
drm/tegra: vic: Fix build warning when CONFIG_PM=n (git-fixes).
dt-bindings: hwmon: (mr75203) fix 'intel,vm-map' property to be optional (git-fixes).
EDAC/dmc520: Do not print an error for each unconfigured interrupt line (bsc#1190497).
efi: capsule-loader: Fix use-after-free in efi_capsule_write (git-fixes).
efi: libstub: Disable struct randomization (git-fixes).
eth: alx: take rtnl_lock on resume (git-fixes).
eth: sun: cassini: remove dead code (git-fixes).
fbcon: Add option to enable legacy hardware acceleration (bsc#1152472) Backporting changes: * context fixes in other patch * update config
fbcon: Fix accelerated fbdev scrolling while logo is still shown (bsc#1152472)
fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init() (git-fixes).
firmware: arm_scmi: Fix the asynchronous reset requests (git-fixes).
firmware: arm_scmi: Harden accesses to the reset domains (git-fixes).
firmware: cs_dsp: add driver to support firmware loading on Cirrus Logic DSPs (bsc#1203699).
firmware: cs_dsp: Add lockdep asserts to interface functions (bsc#1203699).
firmware: cs_dsp: Add memory chunk helpers (bsc#1203699).
firmware: cs_dsp: Add offset to cs_dsp read/write (bsc#1203699).
firmware: cs_dsp: Add pre_run callback (bsc#1203699).
firmware: cs_dsp: Add pre_stop callback (bsc#1203699).
firmware: cs_dsp: Add support for rev 2 coefficient files (bsc#1203699).
firmware: cs_dsp: Add version checks on coefficient loading (bsc#1203699).
firmware: cs_dsp: Allow creation of event controls (bsc#1203699).
firmware: cs_dsp: Clarify some kernel doc comments (bsc#1203699).
firmware: cs_dsp: Clear core reset for cache (bsc#1203699).
firmware: cs_dsp: Fix overrun of unterminated control name string (bsc#1203699).
firmware: cs_dsp: Move lockdep asserts to avoid potential null pointer (bsc#1203699).
firmware: cs_dsp: Perform NULL check in cs_dsp_coeff_write/read_ctrl (bsc#1203699).
firmware: cs_dsp: Print messages from bin files (bsc#1203699).
firmware: cs_dsp: tidy includes in cs_dsp.c and cs_dsp.h (bsc#1203699).
ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead (git-fixes).
fuse: Remove the control interface for virtio-fs (bsc#1203798).
gpio: mockup: fix NULL pointer dereference when removing debugfs (git-fixes).
gpio: mockup: remove gpio debugfs when remove device (git-fixes).
gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx (git-fixes).
gpio: mvebu: Fix check for pwm support on non-A8K platforms (git-fixes).
gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully (git-fixes).
gve: Fix GFP flags when allocing pages (git-fixes).
hid: intel-ish-hid: ishtp: Fix ishtp client sending disordered message (git-fixes).
HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo (git-fixes).
hwmon: (gsc-hwmon) Call of_node_get() before of_find_xxx API (git-fixes).
hwmon: (mr75203) enable polling for all VM channels (git-fixes).
hwmon: (mr75203) fix multi-channel voltage reading (git-fixes).
hwmon: (mr75203) fix VM sensor allocation when 'intel,vm-map' not defined (git-fixes).
hwmon: (mr75203) fix voltage equation for negative source input (git-fixes).
hwmon: (mr75203) update pvt->v_num and vm_num to the actual number of used sensors (git-fixes).
hwmon: (pmbus/mp2888) Fix sensors readouts for MPS Multi-phase mp2888 controller (git-fixes).
hwmon: (tps23861) fix byte order in resistance register (git-fixes).
i2c: acpi: Add an i2c_acpi_client_count() helper function (bsc#1203699).
i2c: imx: If pm_runtime_get_sync() returned 1 device access is possible (git-fixes).
i2c: mlxbf: Fix frequency calculation (git-fixes).
i2c: mlxbf: incorrect base address passed during io write (git-fixes).
i2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction() (git-fixes).
i2c: mlxbf: support lock mechanism (git-fixes).
ice: Allow operation with reduced device MSI-X (bsc#1201987).
ice: arfs: fix use-after-free when freeing @rx_cpu_rmap (git-fixes).
ice: Do not skip not enabled queues in ice_vc_dis_qs_msg (git-fixes).
ice: fix crash when writing timestamp on RX rings (git-fixes).
ice: Fix KASAN error in LAG NETDEV_UNREGISTER handler (git-fixes).
ice: fix possible under reporting of ethtool Tx and Rx statistics (git-fixes).
ice: Fix race during aux device (un)plugging (git-fixes).
ice: Match on all profiles in slow-path (git-fixes).
ieee802154: cc2520: add rc code in cc2520_tx() (git-fixes).
igb: skip phy status check where unavailable (git-fixes).
Input: goodix - add compatible string for GT1158 (git-fixes).
Input: goodix - add support for GT1158 (git-fixes).
Input: iforce - add support for Boeder Force Feedback Wheel (git-fixes).
Input: iqs62x-keys - drop unused device node references (git-fixes).
Input: melfas_mip4 - fix return value check in mip4_probe() (git-fixes).
Input: snvs_pwrkey - fix SNVS_HPVIDR1 register address (git-fixes).
kABI workaround for spi changes (bsc#1203699).
kABI: Add back removed struct paca member (bsc#1203664 ltc#199236).
kABI: fix adding another field to scsi_device (bsc#1203039).
kABI: Fix kABI after SNP-Guest backport (jsc#SLE-19924, jsc#SLE-24814).
kbuild: disable header exports for UML in a straightforward way (git-fixes).
kexec, KEYS, s390: Make use of built-in and secondary keyring for signature verification (bsc#1196444).
kexec, KEYS: make the code in bzImage64_verify_sig generic (bsc#1196444).
kexec: clean up arch_kexec_kernel_verify_sig (bsc#1196444).
kexec: drop weak attribute from functions (bsc#1196444).
KVM: SVM: Create a separate mapping for the GHCB save area (jsc#SLE-19924, jsc#SLE-24814).
KVM: SVM: Create a separate mapping for the SEV-ES save area (jsc#SLE-19924, jsc#SLE-24814).
KVM: SVM: Define sev_features and VMPL field in the VMSA (jsc#SLE-19924, jsc#SLE-24814).
KVM: SVM: fix tsc scaling cache logic (bsc#1203263).
KVM: SVM: Update the SEV-ES save area mapping (jsc#SLE-19924, jsc#SLE-24814).
KVM: VMX: Heed the 'msr' argument in msr_write_intercepted() (git-fixes).
KVM: X86: Fix when shadow_root_level=5 and guest root_level 4 (git-fixes).
KVM: x86: hyper-v: Drop redundant 'ex' parameter from kvm_hv_send_ipi() (git-fixes).
KVM: x86: hyper-v: HVCALL_SEND_IPI_EX is an XMM fast hypercall (git-fixes).
KVM: x86: Move lookup of indexed CPUID leafs to helper (jsc#SLE-19924, jsc#SLE-24814).
libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205 (git-fixes).
lockd: detect and reject lock arguments that overflow (git-fixes).
md-raid10: fix KASAN warning (git-fixes).
md: call __md_stop_writes in md_stop (git-fixes).
md: unlock mddev before reap sync_thread in action_store (bsc#1197659).
media: aspeed: Fix an error handling path in aspeed_video_probe() (git-fixes).
media: coda: Add more H264 levels for CODA960 (git-fixes).
media: coda: Fix reported H264 profile (git-fixes).
media: dvb_vb2: fix possible out of bound access (git-fixes).
media: exynos4-is: Change clk_disable to clk_disable_unprepare (git-fixes).
media: exynos4-is: Fix PM disable depth imbalance in fimc_is_probe (git-fixes).
media: flexcop-usb: fix endpoint type check (git-fixes).
media: imx-jpeg: Add pm-sleep support for imx-jpeg (git-fixes).
media: imx-jpeg: Correct some definition according specification (git-fixes).
media: imx-jpeg: Disable slot interrupt when frame done (git-fixes).
media: imx-jpeg: Fix potential array out of bounds in queue_setup (git-fixes).
media: imx-jpeg: Leave a blank space before the configuration data (git-fixes).
media: imx-jpeg: Refactor function mxc_jpeg_parse (git-fixes).
media: mceusb: Use new usb_control_msg_*() routines (git-fixes).
media: platform: mtk-mdp: Fix mdp_ipi_comm structure alignment.
media: rkvdec: Disable H.264 error detection (git-fixes).
media: st-delta: Fix PM disable depth imbalance in delta_probe (git-fixes).
media: vsp1: Fix offset calculation for plane cropping.
misc: cs35l41: Remove unused pdn variable (bsc#1203699).
mISDN: fix use-after-free bugs in l1oip timer handlers (git-fixes).
mlxsw: i2c: Fix initialization error flow (git-fixes).
mm: Fix PASID use-after-free issue (bsc#1203908).
mmc: core: Fix inconsistent sd3_bus_mode at UHS-I SD voltage switch failure (git-fixes).
mmc: hsq: Fix data stomping during mmc recovery (git-fixes).
mmc: moxart: fix 4-bit bus width and remove 8-bit bus width (git-fixes).
mwifiex: fix sleep in atomic context bugs caused by dev_coredumpv (git-fixes).
net: axienet: fix RX ring refill allocation failure handling (git-fixes).
net: axienet: reset core on initialization prior to MDIO access (git-fixes).
net: bcmgenet: hide status block before TX timestamping (git-fixes).
net: bcmgenet: Revert 'Use stronger register read/writes to assure ordering' (git-fixes).
net: cpsw: add missing of_node_put() in cpsw_probe_dt() (git-fixes).
net: dsa: bcm_sf2_cfp: fix an incorrect NULL check on list iterator (git-fixes).
net: dsa: bcm_sf2: Fix Wake-on-LAN with mac_link_down() (git-fixes).
net: dsa: felix: fix tagging protocol changes with multiple CPU ports (git-fixes).
net: dsa: felix: suppress -EPROBE_DEFER errors (git-fixes).
net: dsa: introduce helpers for iterating through ports using dp (git-fixes).
net: dsa: lantiq_gswip: Do not set GSWIP_MII_CFG_RMII_CLK (git-fixes).
net: dsa: lantiq_gswip: fix use after free in gswip_remove() (git-fixes).
net: dsa: microchip: fix bridging with more than two member ports (git-fixes).
net: dsa: mt7530: 1G can also support 1000BASE-X link mode (git-fixes).
net: dsa: mt7530: add missing of_node_put() in mt7530_setup() (git-fixes).
net: dsa: mv88e6xxx: Fix port_hidden_wait to account for port_base_addr (git-fixes).
net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register (git-fixes).
net: dsa: restrict SMSC_LAN9303_I2C kconfig (git-fixes).
net: emaclite: Add error handling for of_address_to_resource() (git-fixes).
net: enetc: Use pci_release_region() to release some resources (git-fixes).
net: ethernet: mediatek: ppe: fix wrong size passed to memset() (git-fixes).
net: ethernet: mv643xx: Fix over zealous checking of_get_mac_address() (git-fixes).
net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link (git-fixes).
net: ethernet: stmmac: fix write to sgmii_adapter_base (git-fixes).
net: fec: add missing of_node_put() in fec_enet_init_stop_mode() (git-fixes).
net: ftgmac100: access hardware register after clock ready (git-fixes).
net: hns3: add netdev reset check for hns3_set_tunable() (git-fixes).
net: hns3: fix the concurrency between functions reading debugfs (git-fixes).
net: ipa: get rid of a duplicate initialization (git-fixes).
net: ipa: kill ipa_cmd_pipeline_clear() (git-fixes).
net: ipa: record proper RX transaction count (git-fixes).
net: macb: Fix PTP one step sync support (git-fixes).
net: macb: Increment rx bd head after allocating skb and buffer (git-fixes).
net: mana: Add rmb after checking owner bits (git-fixes).
net: mana: Add support of XDP_REDIRECT action (bug#1201310, jsc#PED-529).
net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529).
net: mdio: Fix ENOMEM return value in BCM6368 mux bus controller (git-fixes).
net: mscc: ocelot: avoid corrupting hardware counters when moving VCAP filters (git-fixes).
net: mscc: ocelot: fix all IP traffic getting trapped to CPU with PTP over IP (git-fixes).
net: mscc: ocelot: fix broken IP multicast flooding (git-fixes).
net: mscc: ocelot: fix last VCAP IS1/IS2 filter persisting in hardware when deleted (git-fixes).
net: mscc: ocelot: fix missing unlock on error in ocelot_hwstamp_set() (git-fixes).
net: mscc: ocelot: fix VCAP IS2 filters matching on both lookups (git-fixes).
net: mscc: ocelot: restrict tc-trap actions to VCAP IS2 lookup 0 (git-fixes).
net: phy: aquantia: wait for the suspend/resume operations to finish (git-fixes).
net: phy: at803x: move page selection fix to config_init (git-fixes).
net: phy: Do not WARN for PHY_UP state in mdio_bus_phy_resume() (git-fixes).
net: sparx5: depends on PTP_1588_CLOCK_OPTIONAL (git-fixes).
net: sparx5: uses, depends on BRIDGE or !BRIDGE (git-fixes).
net: stmmac: dwmac-qcom-ethqos: add platform level clocks management (git-fixes).
net: stmmac: dwmac-qcom-ethqos: Enable RGMII functional clock on resume (git-fixes).
net: stmmac: dwmac-sun8i: add missing of_node_put() in sun8i_dwmac_register_mdio_mux() (git-fixes).
net: stmmac: enhance XDP ZC driver level switching performance (git-fixes).
net: stmmac: fix out-of-bounds access in a selftest (git-fixes).
net: stmmac: Fix unset max_speed difference between DT and non-DT platforms (git-fixes).
net: stmmac: only enable DMA interrupts when ready (git-fixes).
net: stmmac: perserve TX and RX coalesce value during XDP setup (git-fixes).
net: stmmac: remove unused get_addr() callback (git-fixes).
net: stmmac: Use readl_poll_timeout_atomic() in atomic state (git-fixes).
net: systemport: Fix an error handling path in bcm_sysport_probe() (git-fixes).
net: thunderbolt: Enable DMA paths only after rings are enabled (git-fixes).
net: usb: qmi_wwan: add Quectel RM520N (git-fixes).
net: wwan: iosm: Call mutex_init before locking it (git-fixes).
net: wwan: iosm: remove pointless null check (git-fixes).
net/mlx5: CT: Fix header-rewrite re-use for tupels (git-fixes).
net/mlx5: Drain fw_reset when removing device (git-fixes).
net/mlx5e: Block rx-gro-hw feature in switchdev mode (git-fixes).
net/mlx5e: Properly block HW GRO when XDP is enabled (git-fixes).
net/mlx5e: Properly block LRO when XDP is enabled (git-fixes).
net/mlx5e: Remove HW-GRO from reported features (git-fixes).
net/mlx5e: TC NIC mode, fix tc chains miss table (git-fixes).
net/qla3xxx: Fix a test in ql_reset_work() (git-fixes).
net/sunrpc: fix potential memory leaks in rpc_sysfs_xprt_state_change() (git-fixes).
NFS: Do not decrease the value of seq_nr_highest_sent (git-fixes).
NFS: fix problems with __nfs42_ssc_open (git-fixes).
NFS: Fix races in the legacy idmapper upcall (git-fixes).
NFS: Fix WARN_ON due to unionization of nfs_inode.nrequests (git-fixes).
NFS: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly (git-fixes).
NFS: LOOKUP_DIRECTORY is also ok with symlinks (git-fixes).
NFS: RECLAIM_COMPLETE must handle EACCES (git-fixes).
NFS: Turn off open-by-filehandle and NFS re-export for NFSv4.0 (git-fixes).
NFS: Update mode bits after ALLOCATE and DEALLOCATE (git-fixes).
NFSD: Clean up the show_nf_flags() macro (git-fixes).
NFSD: eliminate the NFSD_FILE_BREAK_* flags (git-fixes).
NFSD: Fix offset type in I/O trace points (git-fixes).
NFSD: Report RDMA connection errors to the server (git-fixes).
NFSD: restore EINVAL error translation in nfsd_commit() (git-fixes).
of/device: Fix up of_dma_configure_id() stub (git-fixes).
of/fdt: fix off-by-one error in unflatten_dt_nodes() (git-fixes).
parisc/sticon: fix reverse colors (bsc#1152489)
parisc/stifb: Fix fb_is_primary_device() only available with (bsc#1152489)
parisc/stifb: Implement fb_is_primary_device() (bsc#1152489)
parisc/stifb: Keep track of hardware path of graphics card (bsc#1152489)
PCI: Correct misspelled words (git-fixes).
PCI: Disable MSI for Tegra234 Root Ports (git-fixes).
PCI: Prefer 'unsigned int' over bare 'unsigned' (git-fixes).
PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited (jsc#PED-387).
pinctrl: qcom: sc8180x: Fix gpio_wakeirq_map (git-fixes).
pinctrl: qcom: sc8180x: Fix wrong pin numbers (git-fixes).
pinctrl: sunxi: Fix name for A100 R_PIO (git-fixes).
platform/surface: aggregator_registry: Add support for Surface Laptop Go 2 (git-fixes).
platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes (git-fixes).
platform/x86: i2c-multi-instantiate: Rename it for a generic serial driver name (bsc#1203699).
platform/x86: serial-multi-instantiate: Add CLSA0101 Laptop (bsc#1203699).
platform/x86: serial-multi-instantiate: Add SPI support (bsc#1203699).
platform/x86: serial-multi-instantiate: Reorganize I2C functions (bsc#1203699).
powerpc/pseries/vas: Pass hw_cpu_id to node associativity HCALL (bsc#1194869).
ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904).
regulator: core: Clean up on enable failure (git-fixes).
regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe() (git-fixes).
regulator: qcom_rpm: Fix circular deferral regression (git-fixes).
reset: imx7: Fix the iMX8MP PCIe PHY PERST support (git-fixes).
s390: fix double free of GS and RI CBs on fork() failure (bsc#1203197 LTC#199895).
s390/boot: fix absolute zero lowcore corruption on boot (git-fixes).
scsi: core: Add BLIST_NO_ASK_VPD_SIZE for some VDASD (bsc#1203039).
scsi: lpfc: Add missing destroy_workqueue() in error path (bsc#1203939).
scsi: lpfc: Add missing free iocb and nlp kref put for early return VMID cases (bsc#1203939).
scsi: lpfc: Add reporting capability for Link Degrade Signaling (bsc#1203939).
scsi: lpfc: Fix FLOGI ACC with wrong SID in PT2PT topology (bsc#1203939).
scsi: lpfc: Fix mbuf pool resource detected as busy at driver unload (bsc#1203939).
scsi: lpfc: Fix multiple NVMe remoteport registration calls for the same NPort ID (bsc#1203939).
scsi: lpfc: Fix prli_fc4_req checks in PRLI handling (bsc#1203939).
scsi: lpfc: Fix various issues reported by tools (bsc#1203939).
scsi: lpfc: Move scsi_host_template outside dynamically allocated/freed phba (bsc#1185032 bsc#1203939).
scsi: lpfc: Remove the unneeded result variable (bsc#1203939).
scsi: lpfc: Remove unneeded result variable (bsc#1203939).
scsi: lpfc: Rename mp/bmp dma buffers to rq/rsp in lpfc_fdmi_cmd (bsc#1203939).
scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE (bsc#1203939).
scsi: lpfc: Rework FDMI attribute registration for unintential padding (bsc#1203939).
scsi: lpfc: Rework lpfc_fdmi_cmd() routine for cleanup and consistency (bsc#1203939).
scsi: lpfc: Update congestion mode logging for Emulex SAN Manager application (bsc#1203939).
scsi: lpfc: Update lpfc version to 14.2.0.7 (bsc#1203939).
scsi: mpt3sas: Fix use-after-free warning (git-fixes).
scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935).
scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image Status (bsc#1203935).
scsi: qla2xxx: Always wait for qlt_sess_work_fn() from qlt_stop_phase1() (bsc#1203935).
scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935).
scsi: qla2xxx: Define static symbols (bsc#1203935).
scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX (bsc#1203935).
scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935).
scsi: qla2xxx: Enhance driver tracing with separate tunable and more (bsc#1203935).
scsi: qla2xxx: Fix disk failure to rediscover (git-fixes).
scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() (bsc#1203935).
scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1203935).
scsi: qla2xxx: Fix spelling mistake 'definiton' 'definition' (bsc#1203935).
scsi: qla2xxx: Log message 'skipping scsi_scan_host()' as informational (bsc#1203935).
scsi: qla2xxx: Remove unused declarations for qla2xxx (bsc#1203935).
scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935).
scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935).
scsi: qla2xxx: Revert 'scsi: qla2xxx: Fix response queue handler reading stale packets' (bsc#1203935).
scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935).
scsi: Revert 'scsi: qla2xxx: Fix disk failure to rediscover' (git-fixes).
scsi: smartpqi: Add module param to disable managed ints (bsc#1203893).
scsi: smartpqi: Shorten drive visibility after removal (bsc#1200622).
selftests: Fix the if conditions of in test_extra_filter() (git-fixes).
selftests: forwarding: add shebang for sch_red.sh (git-fixes).
selftests: forwarding: Fix failing tests with old libnet (git-fixes).
serial: atmel: remove redundant assignment in rs485_config (git-fixes).
serial: Create uart_xmit_advance() (git-fixes).
serial: fsl_lpuart: Reset prior to registration (git-fixes).
serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes).
serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes).
soc: sunxi: sram: Actually claim SRAM regions (git-fixes).
soc: sunxi: sram: Fix debugfs info for A64 SRAM C (git-fixes).
soc: sunxi: sram: Prevent the driver from being unbound (git-fixes).
spi: Add API to count spi acpi resources (bsc#1203699).
spi: Create helper API to lookup ACPI info for spi device (bsc#1203699).
spi: dw: Fix PM disable depth imbalance in dw_spi_bt1_probe (git-fixes).
spi: meson-spicc: do not rely on busy flag in pow2 clk ops (git-fixes).
spi: mt7621: Fix an error message in mt7621_spi_probe() (git-fixes).
spi: propagate error code to the caller of acpi_spi_device_alloc() (bsc#1203699).
spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime() (git-fixes).
spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume() (git-fixes).
spi: Return deferred probe error when controller isn't yet available (bsc#1203699).
spi: s3c64xx: Fix large transfers with DMA (git-fixes).
spi: Support selection of the index of the ACPI Spi Resource before alloc (bsc#1203699).
spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe (git-fixes).
struct ehci_hcd: hide new element going into a hole (git-fixes).
struct xhci_hcd: restore member now dynamically allocated (git-fixes).
SUNRPC: Do not call connect() more than once on a TCP socket (git-fixes).
SUNRPC: Do not leak sockets in xs_local_connect() (git-fixes).
SUNRPC: fix expiry of auth creds (git-fixes).
SUNRPC: Fix xdr_encode_bool() (git-fixes).
SUNRPC: Reinitialise the backchannel request buffers before reuse (git-fixes).
SUNRPC: RPC level errors should set task->tk_rpc_status (git-fixes).
thunderbolt: Add support for Intel Maple Ridge single port controller (git-fixes).
tracing: hold caller_addr to hardirq_{enable,disable}_ip (git-fixes).
tty: serial: atmel: Preserve previous USART mode if RS485 disabled (git-fixes).
USB: Add ignore-residue quirk for NXP PN7462AU (git-fixes).
USB: add quirks for Lenovo OneLink+ Dock (git-fixes).
USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (git-fixes).
USB: core: Fix RST error in hub.c (git-fixes).
USB: core: Prevent nested device-reset calls (git-fixes).
USB: Drop commas after SoC match table sentinels (git-fixes).
USB: dwc3: core: leave default DMA if the controller does not support 64-bit DMA (git-fixes).
USB: dwc3: disable USB core PHY management (git-fixes).
USB: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind (git-fixes).
USB: dwc3: gadget: Do not modify GEVNTCOUNT in pullup() (git-fixes).
USB: dwc3: gadget: Refactor pullup() (git-fixes).
USB: dwc3: pci: Add support for Intel Raptor Lake (git-fixes).
USB: Fix ehci infinite suspend-resume loop issue in zhaoxin (git-fixes).
USB: Fix memory leak in usbnet_disconnect() (git-fixes).
USB: host: xhci: fix a comment typo in xhci_mem_init() (git-fixes).
USB: host: xhci: use ffs() in xhci_mem_init() (git-fixes).
USB: hub: avoid warm port reset during USB3 disconnect (git-fixes).
USB: serial: cp210x: add Decagon UCA device id (git-fixes).
USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id (git-fixes).
USB: serial: option: add Quectel BG95 0x0203 composition (git-fixes).
USB: serial: option: add Quectel EM060K modem (git-fixes).
USB: serial: option: add Quectel RM520N (git-fixes).
USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode (git-fixes).
USB: serial: option: add support for OPPO R11 diag port (git-fixes).
USB: storage: Add ASUS 0x0b05:0x1932 to IGNORE_UAS (git-fixes).
USB: struct usb_device: hide new member (git-fixes).
USB: typec: intel_pmc_mux: Add new ACPI ID for Meteor Lake IOM device (git-fixes).
USB: typec: tipd: Add an additional overflow check (git-fixes).
USB: typec: tipd: Do not read/write more bytes than required (git-fixes).
USB: typec: ucsi: Remove incorrect warning (git-fixes).
USB: xhci-mtk: relax TT periodic bandwidth allocation (git-fixes).
vfio/type1: Unpin zero pages (git-fixes).
vhost/vsock: Use kvmalloc/kvfree for larger packets (git-fixes).
video: fbdev: i740fb: Error out if 'pixclock' equals zero (git-fixes).
video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write (git-fixes).
virt: Add SEV-SNP guest driver (jsc#SLE-19924, jsc#SLE-24814).
virt: sevguest: Add documentation for SEV-SNP CPUID Enforcement (jsc#SLE-19924, jsc#SLE-24814).
virt: sevguest: Add support to derive key (jsc#SLE-19924, jsc#SLE-24814).
virt: sevguest: Add support to get extended report (jsc#SLE-19924, jsc#SLE-24814).
virt: sevguest: Fix bool function returning negative value (jsc#SLE-19924, jsc#SLE-24814).
virt: sevguest: Fix return value check in alloc_shared_pages() (jsc#SLE-19924, jsc#SLE-24814).
vrf: fix packet sniffing for traffic originating from ip tunnels (git-fixes).
vt: Clear selection before changing the font (git-fixes).
watchdog: wdat_wdt: Set the min and max timeout values properly (bsc#1194023).
wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() (git-fixes).
wifi: ath11k: fix number of VHT beamformee spatial streams (git-fixes).
wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes).
wifi: mac80211_hwsim: check length for virtio packets (git-fixes).
wifi: mac80211: allow bw change during channel switch in mesh (git-fixes).
wifi: mac80211: fix regression with non-QoS drivers (git-fixes).
wifi: mac80211: Fix UAF in ieee80211_scan_rx() (git-fixes).
wifi: mt76: fix reading current per-tid starting sequence number for aggregation (git-fixes).
wifi: mt76: mt7615: add mt7615_mutex_acquire/release in mt7615_sta_set_decap_offload (git-fixes).
wifi: mt76: mt7915: do not check state before configuring implicit beamform (git-fixes).
wifi: mt76: sdio: fix transmitting packet hangs (git-fixes).
wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM (git-fixes).
wifi: rtl8xxxu: Fix skb misuse in TX queue selection (git-fixes).
wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration (git-fixes).
wifi: rtl8xxxu: Improve rtl8xxxu_queue_select (git-fixes).
wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask (git-fixes).
wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse() (git-fixes).
wifi: rtlwifi: 8192de: correct checking of IQK reload (git-fixes).
wifi: rtw88: add missing destroy_workqueue() on error path in rtw_core_init() (git-fixes).
workqueue: do not skip lockdep work dependency in cancel_work_sync() (git-fixes).
x86/boot: Add a pointer to Confidential Computing blob in bootparams (jsc#SLE-19924, jsc#SLE-24814).
x86/boot: Add Confidential Computing type to setup_data (jsc#SLE-19924, jsc#SLE-24814).
x86/boot: Introduce helpers for MSR reads/writes (jsc#SLE-19924, jsc#SLE-24814).
x86/boot: Put globals that are accessed early into the .data section (jsc#SLE-19924, jsc#SLE-24814).
x86/boot: Use MSR read/write helpers instead of inline assembly (jsc#SLE-19924, jsc#SLE-24814).
x86/compressed: Add helper for validating pages in the decompression stage (jsc#SLE-19924, jsc#SLE-24814).
x86/compressed: Add SEV-SNP feature detection/setup (jsc#SLE-19924, jsc#SLE-24814).
x86/compressed: Export and rename add_identity_map() (jsc#SLE-19924, jsc#SLE-24814).
x86/compressed: Register GHCB memory when SEV-SNP is active (jsc#SLE-19924, jsc#SLE-24814).
x86/compressed: Use firmware-validated CPUID leaves for SEV-SNP guests (jsc#SLE-19924, jsc#SLE-24814).
x86/compressed/64: Add identity mapping for Confidential Computing blob (jsc#SLE-19924, jsc#SLE-24814).
x86/compressed/64: Add support for SEV-SNP CPUID table in #VC handlers (jsc#SLE-19924, jsc#SLE-24814).
x86/compressed/64: Detect/setup SEV/SME features earlier during boot (jsc#SLE-19924, jsc#SLE-24814).
x86/compressed/acpi: Move EFI config table lookup to helper (jsc#SLE-19924, jsc#SLE-24814).
x86/compressed/acpi: Move EFI detection to helper (jsc#SLE-19924, jsc#SLE-24814).
x86/compressed/acpi: Move EFI kexec handling into common code (jsc#SLE-19924, jsc#SLE-24814).
x86/compressed/acpi: Move EFI system table lookup to helper (jsc#SLE-19924, jsc#SLE-24814).
x86/compressed/acpi: Move EFI vendor table lookup to helper (jsc#SLE-19924, jsc#SLE-24814).
x86/head/64: Re-enable stack protection (jsc#SLE-19924, jsc#SLE-24814).
x86/ibt,ftrace: Make function-graph play nice (bsc#1203969).
x86/kernel: Mark the .bss..decrypted section as shared in the RMP table (jsc#SLE-19924, jsc#SLE-24814).
x86/kernel: Validate ROM memory before accessing when SEV-SNP is active (jsc#SLE-19924, jsc#SLE-24814).
x86/kexec: fix memory leak of elf header buffer (bsc#1196444).
x86/mm: Extend cc_attr to include AMD SEV-SNP (jsc#SLE-19924, jsc#SLE-24814).
x86/mm: Validate memory when changing the C-bit (jsc#SLE-19924, jsc#SLE-24814).
x86/sev: Add a helper for the PVALIDATE instruction (jsc#SLE-19924, jsc#SLE-24814).
x86/sev: Add a sev= cmdline option (jsc#SLE-19924, jsc#SLE-24814).
x86/sev: Add helper for validating pages in early enc attribute changes (jsc#SLE-19924, jsc#SLE-24814).
x86/sev: Add missing __init annotations to SEV init routines (jsc#SLE-19924 jsc#SLE-24814).
x86/sev: Add SEV-SNP feature detection/setup (jsc#SLE-19924, jsc#SLE-24814).
x86/sev: Check SEV-SNP features support (jsc#SLE-19924, jsc#SLE-24814).
x86/sev: Check the VMPL level (jsc#SLE-19924, jsc#SLE-24814).
x86/sev: Detect/setup SEV/SME features earlier in boot (jsc#SLE-19924, jsc#SLE-24814).
x86/sev: Get the AP jump table address from secrets page (jsc#SLE-19924, jsc#SLE-24814).
x86/sev: Move MSR-based VMGEXITs for CPUID to helper (jsc#SLE-19924, jsc#SLE-24814).
x86/sev: Provide support for SNP guest request NAEs (jsc#SLE-19924, jsc#SLE-24814).
x86/sev: Register GHCB memory when SEV-SNP is active (jsc#SLE-19924, jsc#SLE-24814).
x86/sev: Register SEV-SNP guest request platform device (jsc#SLE-19924, jsc#SLE-24814).
x86/sev: Use firmware-validated CPUID for SEV-SNP guests (jsc#SLE-19924, jsc#SLE-24814).
x86/sev: Use SEV-SNP AP creation to start secondary CPUs (jsc#SLE-19924, jsc#SLE-24814).
x86/xen: Remove undefined behavior in setup_features() (git-fixes).
xen-blkback: Advertise feature-persistent as user requested (git-fixes).
xen-blkback: Apply 'feature_persistent' parameter when connect (git-fixes).
xen-blkback: fix persistent grants negotiation (git-fixes).
xen-blkfront: Advertise feature-persistent as user requested (git-fixes).
xen-blkfront: Apply 'feature_persistent' parameter when connect (git-fixes).
xen-blkfront: Cache feature_persistent value before advertisement (git-fixes).
xen-blkfront: Handle NULL gendisk (git-fixes).
xen-netback: only remove 'hotplug-status' when the vif is actually destroyed (git-fixes).
xen/gntdev: Avoid blocking in unmap_grant_pages() (git-fixes).
xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (git-fixes).
xen/grants: prevent integer overflow in gnttab_dma_alloc_pages() (git-fixes).
xen/usb: do not use arbitrary_virt_to_machine() (git-fixes).
xhci: Allocate separate command structures for each LPM command (git-fixes).

Advisory ID	SUSE-feature-2022:3845-1
Released	Wed Nov 2 07:22:59 2022
Summary	Feature update for grub2
Type	feature
Severity	important
References	1196668,1201361

Description:

This feature update for grub2 fixes the following issues:

Include loopback into signed grub2 image (jsc#PED-2151, jsc#PED-2150)
Enable 'Automatic TPM Disk Unlock' mechanism (jsc#PED-1423, jsc#PED-1091, bsc#1196668)
Fix installation failure due to unavailable nvram device on ppc64le (bsc#1201361)

Advisory ID	SUSE-RU-2022:3851-1
Released	Wed Nov 2 12:34:17 2022
Summary	Recommended update for rsync
Type	recommended
Severity	important
References	1202970,1204538

Description:

This update for rsync fixes the following issues:

Fix regression with `--delay-updates` where files never update after interruption (bsc#1204538)
Add support for `--trust-sender` parameter (bsc#1202970)

Advisory ID	SUSE-RU-2022:3855-1
Released	Wed Nov 2 12:39:09 2022
Summary	Recommended update for mariadb
Type	recommended
Severity	important
References	1202863,CVE-2022-38791

Description:

This update for mariadb fixes the following issues:
Update version from 10.6.9 to 10.6.10:

Fix regression causing full text index corruption if shutdown before changes are fully flushed
Fix regression causing frequent 'Data structure corruption' in InnoDB after OOM
Fix incorrect recovery or backup of instant ALTER TABLE
Fix issue with InnoDB Temporary Tablespace (ibtmp1) causing it to continuously grow in size until the disk is full
For full list of changes please check https://mariadb.com/kb/en/library/mariadb-10610-release-notes and https://mariadb.com/kb/en/library/mariadb-10610-changelog

Advisory ID	SUSE-SU-2022:3857-1
Released	Wed Nov 2 13:36:36 2022
Summary	Security update for xorg-x11-server
Type	security
Severity	important
References	1204412,1204416,CVE-2022-3550,CVE-2022-3551

Description:

This update for xorg-x11-server fixes the following issues:
- CVE-2022-3550: Fixed out of bounds read/write in _GetCountedString() (bsc#1204412). - CVE-2022-3551: Fixed various leaks of the return value of GetComponentSpec() (bsc#1204416).

Advisory ID	SUSE-SU-2022:3862-1
Released	Thu Nov 3 10:48:20 2022
Summary	Security update for xorg-x11-server
Type	security
Severity	important
References	1204412,1204416,CVE-2022-3550,CVE-2022-3551

Description:

Advisory ID	SUSE-SU-2022:3866-1
Released	Thu Nov 3 14:34:47 2022
Summary	Security update for ntfs-3g_ntfsprogs
Type	security
Severity	important
References	1204734,CVE-2022-40284

Description:

This update for ntfs-3g_ntfsprogs fixes the following issues:
- CVE-2022-40284: Fixed incorrect validation of some of the NTFS metadata that could cause buffer overflow (bsc#1204734).

Advisory ID	SUSE-SU-2022:3867-1
Released	Thu Nov 3 15:54:45 2022
Summary	Security update for python-Flask-Security-Too
Type	security
Severity	moderate
References	1202105,CVE-2021-23385

Description:

This update for python-Flask-Security-Too fixes the following issues:

CVE-2021-23385: Fixed open redirect (bsc#1202105).

SUSE-IU-2000:23-1

Container Advisory ID	SUSE-IU-2000:23-1
Container Tags	SUSE:SLE-15-SP4:5
Container Release

The following patches have been included in this update:

SUSE-IU-2000:22-1

Container Advisory ID	SUSE-IU-2000:22-1
Container Tags	SUSE:SLE-15-SP4:0
Container Release

The following patches have been included in this update:

Advisory ID	SUSE-SU-2018:1277-1
Released	Thu Jul 5 08:38:06 2018
Summary	Security update for unzip
Type	security
Severity	moderate
References	1080074,910683,914442,CVE-2014-9636,CVE-2018-1000035

Description:

This update for unzip fixes the following issues:

CVE-2014-9636: Prevent denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression (bsc#914442)
CVE-2018-1000035: Prevent heap-based buffer overflow in the processing of password-protected archives that allowed an attacker to perform a denial of service or to possibly achieve code execution (bsc#1080074)

This non-security issue was fixed:
+- Allow processing of Windows zip64 archives (Windows archivers set total_disks field to 0 but per standard, valid values are 1 and higher) (bnc#910683)

Advisory ID	SUSE-SU-2018:1279-1
Released	Thu Jul 5 08:41:25 2018
Summary	Security update for tiff
Type	security
Severity	moderate
References	1074317,1082332,1082825,1086408,1092949,CVE-2017-11613,CVE-2017-18013,CVE-2018-10963,CVE-2018-7456,CVE-2018-8905

Description:

This update for tiff fixes the following security issues:
These security issues were fixed:

CVE-2017-18013: Fixed a NULL pointer dereference in the tif_print.cTIFFPrintDirectory function that could have lead to denial of service (bsc#1074317).
CVE-2018-10963: Fixed an assertion failure in the TIFFWriteDirectorySec() function in tif_dirwrite.c, which allowed remote attackers to cause a denial of service via a crafted file (bsc#1092949).
CVE-2018-7456: Prevent a NULL Pointer dereference in the function TIFFPrintDirectory when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013 (bsc#1082825).
CVE-2017-11613: Prevent denial of service in the TIFFOpen function. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In the ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called based on td_imagelength. If the value of td_imagelength is set close to the amount of system memory, it will hang the system or trigger the OOM killer (bsc#1082332).
CVE-2018-8905: Prevent heap-based buffer overflow in the function LZWDecodeCompat via a crafted TIFF file (bsc#1086408).

Advisory ID	SUSE-SU-2018:1280-1
Released	Thu Jul 5 08:43:02 2018
Summary	Security update for exiv2
Type	security
Severity	moderate
References	1048883,1050257,1051188,1054590,1054592,1054593,1060995,1060996,1061000,1061023,CVE-2017-11337,CVE-2017-11338,CVE-2017-11339,CVE-2017-11340,CVE-2017-11553,CVE-2017-11591,CVE-2017-11592,CVE-2017-11683,CVE-2017-12955,CVE-2017-12956,CVE-2017-12957,CVE-2017-14859,CVE-2017-14860,CVE-2017-14862,CVE-2017-14864

Description:

This update for exiv2 to 0.26 fixes the following security issues:

CVE-2017-14864: Prevent invalid memory address dereference in Exiv2::getULong that could have caused a segmentation fault and application crash, which leads to denial of service (bsc#1060995).
CVE-2017-14862: Prevent invalid memory address dereference in Exiv2::DataValue::read that could have caused a segmentation fault and application crash, which leads to denial of service (bsc#1060996).
CVE-2017-14859: Prevent invalid memory address dereference in Exiv2::StringValueBase::read that could have caused a segmentation fault and application crash, which leads to denial of service (bsc#1061000).
CVE-2017-14860: Prevent heap-based buffer over-read in the Exiv2::Jp2Image::readMetadata function via a crafted input that could have lead to a denial of service attack (bsc#1061023).
CVE-2017-11337: Prevent invalid free in the Action::TaskFactory::cleanup function via a crafted input that could have lead to a remote denial of service attack (bsc#1048883).
CVE-2017-11338: Prevent infinite loop in the Exiv2::Image::printIFDStructure function via a crafted input that could have lead to a remote denial of service attack (bsc#1048883).
CVE-2017-11339: Prevent heap-based buffer overflow in the Image::printIFDStructure function via a crafted input that could have lead to a remote denial of service attack (bsc#1048883).
CVE-2017-11340: Prevent Segmentation fault in the XmpParser::terminate() function via a crafted input that could have lead to a remote denial of service attack (bsc#1048883).
CVE-2017-12955: Prevent heap-based buffer overflow. The vulnerability caused an out-of-bounds write in Exiv2::Image::printIFDStructure(), which may lead to remote denial of service or possibly unspecified other impact (bsc#1054593).
CVE-2017-12956: Preventn illegal address access in Exiv2::FileIo::path[abi:cxx11]() that could have lead to remote denial of service (bsc#1054592).
CVE-2017-12957: Prevent heap-based buffer over-read that was triggered in the Exiv2::Image::io function and could have lead to remote denial of service (bsc#1054590).
CVE-2017-11683: Prevent reachable assertion in the Internal::TiffReader::visitDirectory function that could have lead to a remote denial of service attack via crafted input (bsc#1051188).
CVE-2017-11591: Prevent Floating point exception in the Exiv2::ValueType function that could have lead to a remote denial of service attack via crafted input (bsc#1050257).
CVE-2017-11553: Prevent illegal address access in the extend_alias_table function via a crafted input could have lead to remote denial of service.
CVE-2017-11592: Prevent mismatched Memory Management Routines vulnerability in the Exiv2::FileIo::seek function that could have lead to a remote denial of service attack (heap memory corruption) via crafted input.

Advisory ID	SUSE-SU-2018:1281-1
Released	Thu Jul 5 08:44:42 2018
Summary	Security update for ghostscript
Type	security
Severity	moderate
References	1090099,CVE-2018-10194

Description:

This update for ghostscript fixes the following issues:

CVE-2018-10194: The set_text_distance function did not prevent overflows in text-positioning calculation, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document (bsc#1090099).

Advisory ID	SUSE-SU-2018:1282-1
Released	Thu Jul 5 08:46:19 2018
Summary	Security update for libvorbis
Type	security
Severity	moderate
References	1091070,CVE-2018-10392

Description:

This update for libvorbis fixes the following issues:
The following security issue was fixed:
- Fixed the validation of channels in mapping0_forward(), which previously allowed remote attackers to cause a denial of service via specially crafted files (CVE-2018-10392, bsc#1091070)

Advisory ID	SUSE-SU-2018:1292-1
Released	Mon Jul 9 11:57:14 2018
Summary	Security update for openslp
Type	security
Severity	important
References	1090638,CVE-2017-17833

Description:

This update for openslp fixes the following issues:

CVE-2017-17833: Prevent heap-related memory corruption issue which may have manifested itself as a denial-of-service or a remote code-execution vulnerability (bsc#1090638)
Prevent out of bounds reads in message parsing

Advisory ID	SUSE-RU-2018:1307-1
Released	Wed Jul 11 17:25:54 2018
Summary	Recommended update for google-compute-engine
Type	recommended
Severity	moderate
References	1097378

Description:

This update for google-compute-engine fixes the following issues:

Ensure that google-ip-forwarding-daemon service and google-network-setup are stopped and disabled during upgrade.
Ensure that google-network-daemon service is enabled and started during upgrade.
Set run_dir to /var/run. (bsc#1097378, #1097616)

Advisory ID	SUSE-SU-2018:1319-1
Released	Thu Jul 12 11:04:25 2018
Summary	Security update for java-1_8_0-openjdk
Type	security
Severity	important
References	1087066,1090023,1090024,1090025,1090026,1090027,1090028,1090029,1090030,1090032,1090033,CVE-2018-2790,CVE-2018-2794,CVE-2018-2795,CVE-2018-2796,CVE-2018-2797,CVE-2018-2798,CVE-2018-2799,CVE-2018-2800,CVE-2018-2814,CVE-2018-2815

Description:

This update for java-1_8_0-openjdk to version 8u171 fixes the following issues:
These security issues were fixed:

S8180881: Better packaging of deserialization
S8182362: Update CipherOutputStream Usage
S8183032: Upgrade to LittleCMS 2.9
S8189123: More consistent classloading
S8189969, CVE-2018-2790, bsc#1090023: Manifest better manifest entries
S8189977, CVE-2018-2795, bsc#1090025: Improve permission portability
S8189981, CVE-2018-2796, bsc#1090026: Improve queuing portability
S8189985, CVE-2018-2797, bsc#1090027: Improve tabular data portability
S8189989, CVE-2018-2798, bsc#1090028: Improve container portability
S8189993, CVE-2018-2799, bsc#1090029: Improve document portability
S8189997, CVE-2018-2794, bsc#1090024: Enhance keystore mechanisms
S8190478: Improved interface method selection
S8190877: Better handling of abstract classes
S8191696: Better mouse positioning
S8192025, CVE-2018-2814, bsc#1090032: Less referential references
S8192030: Better MTSchema support
S8192757, CVE-2018-2815, bsc#1090033: Improve stub classes implementation
S8193409: Improve AES supporting classes
S8193414: Improvements in MethodType lookups
S8193833, CVE-2018-2800, bsc#1090030: Better RMI connection support

For other changes please consult the changelog.

Advisory ID	SUSE-SU-2018:1323-1
Released	Fri Jul 13 09:26:19 2018
Summary	Security update for libopenmpt
Type	security
Severity	moderate
References	1089080,1095644,CVE-2018-10017,CVE-2018-11710

Description:

This update for libopenmpt to version 0.3.9 fixes the following issues:
These security issues were fixed:

CVE-2018-11710: Prevent write near address 0 in out-of-memory situations when reading AMS files (bsc#1095644)
CVE-2018-10017: Preven out-of-bounds memory read with IT/ITP/MO3 files containing pattern loops (bsc#1089080)

These non-security issues were fixed:

[Bug] openmpt123: Fixed build failure in C++17 due to use of removed feature std::random_shuffle.
STM: Having both Bxx and Cxx commands in a pattern imported the Bxx command incorrectly.
STM: Last character of sample name was missing.
Speed up reading of truncated ULT files.
ULT: Portamento import was sometimes broken.
The resonant filter was sometimes unstable when combining low-volume samples, low cutoff and high mixing rates.
Keep track of active SFx macro during seeking.
The 'note cut' duplicate note action did not volume-ramp the previously playing sample.
A song starting with non-existing patterns could not be played.
DSM: Support restart position and 16-bit samples.
DTM: Import global volume.

Advisory ID	SUSE-RU-2018:1332-1
Released	Tue Jul 17 09:01:19 2018
Summary	Recommended update for timezone
Type	recommended
Severity	moderate
References	1073299,1093392

Description:

This update for timezone provides the following fixes:

North Korea switches back from +0830 to +09 on 2018-05-05.
Ireland's standard time is in the summer, with negative DST offset to standard time used in Winter. (bsc#1073299)
yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid setting an incorrect timezone. (bsc#1093392)

Advisory ID	SUSE-RU-2018:1335-1
Released	Tue Jul 17 10:13:39 2018
Summary	Recommended update for cloud-netconfig
Type	recommended
Severity	moderate
References	1095485

Description:

This update for cloud-netconfig fixes the following issues:

Make interface names in Azure persistent. (bsc#1095485)

Advisory ID	SUSE-SU-2018:1348-1
Released	Thu Jul 19 09:32:11 2018
Summary	Security update for wireshark
Type	security
Severity	moderate
References	1094301,CVE-2018-11356,CVE-2018-11357,CVE-2018-11358,CVE-2018-11359,CVE-2018-11360,CVE-2018-11362

Description:

This update for wireshark fixes vulnerabilities that could be used to trigger dissector crashes or cause dissectors to go into large infinite loops by making Wireshark read specially crafted packages from the network or capture files (bsc#1094301).
This includes:

CVE-2018-11356: DNS dissector crash
CVE-2018-11357: Multiple dissectors could consume excessive memory
CVE-2018-11358: Q.931 dissector crash
CVE-2018-11359: The RRC dissector and other dissectors could crash
CVE-2018-11360: GSM A DTAP dissector crash
CVE-2018-11362: LDSS dissector crash

Advisory ID	SUSE-SU-2018:1349-1
Released	Thu Jul 19 09:35:42 2018
Summary	Security update for rubygem-sprockets
Type	security
Severity	moderate
References	1098369,CVE-2018-3760

Description:

This update for rubygem-sprockets fixes the following issues:
The following security vulnerability was addressed:

CVE-2018-3760: Fixed a path traversal issue in sprockets/server.rb:forbidden_request?(), which allowed remote attackers to read arbitrary files (bsc#1098369)

Advisory ID	SUSE-SU-2018:1371-1
Released	Mon Jul 23 10:37:01 2018
Summary	Security update for openssl-1_1
Type	security
Severity	moderate
References	1097158,1097624,1098592,CVE-2018-0732

Description:

This update for openssl-1_1 fixes the following issues:

CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158).
Blinding enhancements for ECDSA and DSA (bsc#1097624, bsc#1098592)

Advisory ID	SUSE-SU-2018:1398-1
Released	Thu Jul 26 16:27:58 2018
Summary	Security update for java-1_8_0-ibm
Type	security
Severity	important
References	1085449,1093311,CVE-2018-1417,CVE-2018-2783,CVE-2018-2790,CVE-2018-2794,CVE-2018-2795,CVE-2018-2796,CVE-2018-2797,CVE-2018-2798,CVE-2018-2799,CVE-2018-2800,CVE-2018-2814,CVE-2018-2825,CVE-2018-2826

Description:

IBM Java was updated to version 8.0.5.15 [bsc#1093311, bsc#1085449]
Security fixes:

CVE-2018-2826 CVE-2018-2825 CVE-2018-2814 CVE-2018-2794 CVE-2018-2783 CVE-2018-2799 CVE-2018-2798 CVE-2018-2797 CVE-2018-2796 CVE-2018-2795 CVE-2018-2800 CVE-2018-2790 CVE-2018-1417

Removed translations in the java-1_8_0-ibm-devel-32bit package as they conflict with those in java-1_8_0-ibm-devel.

Advisory ID	SUSE-SU-2018:1404-1
Released	Thu Jul 26 16:41:42 2018
Summary	Security update for libsndfile
Type	security
Severity	moderate
References	1071767,1071777,1100167,CVE-2017-17456,CVE-2017-17457,CVE-2018-13139

Description:

This update for libsndfile fixes the following issues:
Security issues fixed:

CVE-2018-13139: Fix a stack-based buffer overflow in psf_memset in common.c that allows remote attackers to cause a denial of service (bsc#1100167).
CVE-2017-17456: Prevent segmentation fault in the function d2alaw_array() that may have lead to a remote DoS (bsc#1071777)
CVE-2017-17457: Prevent segmentation fault in the function d2ulaw_array() that may have lead to a remote DoS, a different vulnerability than CVE-2017-14246 (bsc#1071767)

Advisory ID	SUSE-RU-2018:1411-1
Released	Fri Jul 27 06:48:11 2018
Summary	Recommended update for SAPHanaSR-ScaleOut
Type	recommended
Severity	moderate
References	1091988,1092331

Description:

This update for SAPHanaSR-ScaleOut provides the following fixes:

Fix a problem that was causing SAPHanaSR-showAttr to fail opening an archived cib file. (bsc#1092331)
Make sure SAPHanaSR-monitor depends only on packages available in SLES. (bsc#1091988)
Move SAPHanaSR-showAttr, SAPHanaSR-monitor to /usr/sbin to match the file layout in SAPHanaSR-ScaleUp.

Advisory ID	SUSE-SU-2018:1416-1
Released	Fri Jul 27 12:47:55 2018
Summary	Security update for mutt
Type	security
Severity	important
References	1094717,1101428,1101566,1101567,1101568,1101569,1101570,1101571,1101573,1101576,1101577,1101578,1101581,1101582,1101583,1101588,1101589,CVE-2014-9116,CVE-2018-14349,CVE-2018-14350,CVE-2018-14351,CVE-2018-14352,CVE-2018-14353,CVE-2018-14354,CVE-2018-14355,CVE-2018-14356,CVE-2018-14357,CVE-2018-14358,CVE-2018-14359,CVE-2018-14360,CVE-2018-14361,CVE-2018-14362,CVE-2018-14363

Description:

This update for mutt fixes the following issues:
Security issues fixed:

bsc#1101428: Mutt 1.10.1 security release update.
CVE-2018-14351: Fix imap/command.c that mishandles long IMAP status mailbox literal count size (bsc#1101583).
CVE-2018-14353: Fix imap_quote_string in imap/util.c that has an integer underflow (bsc#1101581).
CVE-2018-14362: Fix pop.c that does not forbid characters that may have unsafe interaction with message-cache pathnames (bsc#1101567).
CVE-2018-14354: Fix arbitrary command execution from remote IMAP servers via backquote characters (bsc#1101578).
CVE-2018-14352: Fix imap_quote_string in imap/util.c that does not leave room for quote characters (bsc#1101582).
CVE-2018-14356: Fix pop.c that mishandles a zero-length UID (bsc#1101576).
CVE-2018-14355: Fix imap/util.c that mishandles '..' directory traversal in a mailbox name (bsc#1101577).
CVE-2018-14349: Fix imap/command.c that mishandles a NO response without a message (bsc#1101589).
CVE-2018-14350: Fix imap/message.c that has a stack-based buffer overflow for a FETCH response with along INTERNALDATE field (bsc#1101588).
CVE-2018-14363: Fix newsrc.c that does not properlyrestrict '/' characters that may have unsafe interaction with cache pathnames (bsc#1101566).
CVE-2018-14359: Fix buffer overflow via base64 data (bsc#1101570).
CVE-2018-14358: Fix imap/message.c that has a stack-based buffer overflow for a FETCH response with along RFC822.SIZE field (bsc#1101571).
CVE-2018-14360: Fix nntp_add_group in newsrc.c that has a stack-based buffer overflow because of incorrect sscanf usage (bsc#1101569).
CVE-2018-14357: Fix that remote IMAP servers are allowed to execute arbitrary commands via backquote characters (bsc#1101573).
CVE-2018-14361: Fix that nntp.c proceeds even if memory allocation fails for messages data (bsc#1101568).

Bug fixes:

mutt reports as neomutt and incorrect version (bsc#1094717)

Advisory ID	SUSE-RU-2018:1458-1
Released	Tue Jul 31 12:48:18 2018
Summary	Recommended update for lapack
Type	recommended
Severity	moderate
References	1087426

Description:

This update for lapack fixes the following issues:

Build tmglib and fold contents into existing liblapack{.a,.so.3}. (bsc#1087426)

Advisory ID	SUSE-SU-2018:1462-1
Released	Tue Jul 31 14:04:41 2018
Summary	Security update for java-11-openjdk
Type	security
Severity	moderate
References	1101645,1101651,1101655,1101656,CVE-2018-2940,CVE-2018-2952,CVE-2018-2972,CVE-2018-2973

Description:

This java-11-openjdk update to version jdk-11+24 fixes the following issues:
Security issues fixed:

CVE-2018-2940: Fix unspecified vulnerability in subcomponent Libraries (bsc#1101645).
CVE-2018-2952: Fix unspecified vulnerability in subcomponent Concurrency (bsc#1101651).
CVE-2018-2972: Fix unspecified vulnerability in subcomponent Security (bsc#1101655).
CVE-2018-2973: Fix unspecified vulnerability in subcomponent JSSE (bsc#1101656).

Advisory ID	SUSE-SU-2018:1476-1
Released	Thu Aug 2 14:20:03 2018
Summary	Security update for cups
Type	security
Severity	moderate
References	1096405,1096406,1096407,1096408,CVE-2018-4180,CVE-2018-4181,CVE-2018-4182,CVE-2018-4183

Description:

This update for cups fixes the following issues:
The following security vulnerabilities were fixed:

Fixed a local privilege escalation to root and sandbox bypasses in the scheduler
CVE-2018-4180: Fixed a local privilege escalation to root in dnssd backend (bsc#1096405)
CVE-2018-4181: Limited local file reads as root via cupsd.conf include directive (bsc#1096406)
CVE-2018-4182: Fixed a sandbox bypass due to insecure error handling (bsc#1096407)
CVE-2018-4183: Fixed a sandbox bypass due to profile misconfiguration (bsc#1096408)

Advisory ID	SUSE-SU-2018:1509-1
Released	Tue Aug 7 09:39:07 2018
Summary	Security update for clamav
Type	security
Severity	moderate
References	1101410,1101412,1101654,1103040,CVE-2018-0360,CVE-2018-0361

Description:

This update for clamav to version 0.100.1 fixes the following issues: The following security vulnerabilities were addressed:

CVE-2018-0360: HWP integer overflow, infinite loop vulnerability (bsc#1101410)
CVE-2018-0361: PDF object length check, unreasonably long time to parse relatively small file (bsc#1101412)
Buffer over-read in unRAR code due to missing max value checks in table initialization
Libmspack heap buffer over-read in CHM parser (bsc#1103040)
PDF parser bugs

The following other changes were made:

Disable YARA support for licensing reasons (bsc#1101654).
Add HTTPS support for clamsubmit
Fix for DNS resolution for users on IPv4-only machines where IPv6 is not available or is link-local only

Advisory ID	SUSE-SU-2018:1512-1
Released	Tue Aug 7 12:48:02 2018
Summary	Security update for libcdio
Type	security
Severity	low
References	1082821,1082877,CVE-2017-18199,CVE-2017-18201

Description:

This update for libcdio fixes the following issues:
The following security vulnerabilities were addressed:

CVE-2017-18199: Fixed a NULL pointer dereference in realloc_symlink in rock.c (bsc#1082821)
CVE-2017-18201: Fixed a double free vulnerability in get_cdtext_generic() in _cdio_generic.c (bsc#1082877)
Fixed several memory leaks (bsc#1082821)

Advisory ID	SUSE-SU-2018:1514-1
Released	Tue Aug 7 18:05:04 2018
Summary	Security update for enigmail
Type	security
Severity	moderate
References	1094781,1096745,1097525,CVE-2018-12019,CVE-2018-12020

Description:

This update for enigmail to 2.0.7 fixes the following issues:
These security issues were fixed:

CVE-2018-12020: Mitigation against GnuPG signature spoofing: Email signatures could be spoofed via an embedded '--filename' parameter in OpenPGP literal data packets. This update prevents this issue from being exploited if GnuPG was not updated (boo#1096745)
CVE-2018-12019: The signature verification routine interpreted User IDs as status/control messages and did not correctly keep track of the status of multiple signatures. This allowed remote attackers to spoof arbitrary email signatures via public keys containing crafted primary user ids (boo#1097525)
Disallow plaintext (literal packets) outside of encrpyted packets
Replies to a partially encrypted message may have revealed protected information - no longer display PGP/MIME message part followed by unencrypted data (bsc#1094781)
Fix signature Spoofing via Inline-PGP in HTML Mails

These non-security issues were fixed:

Fix filter actions forgetting selected mail folder names
Fix compatibility issue with Thunderbird 60b7

Advisory ID	SUSE-SU-2018:1539-1
Released	Fri Aug 10 11:39:36 2018
Summary	Security update for wireshark
Type	security
Severity	moderate
References	1101776,1101777,1101786,1101788,1101791,1101794,1101800,1101802,1101804,1101810,CVE-2018-14339,CVE-2018-14340,CVE-2018-14341,CVE-2018-14342,CVE-2018-14343,CVE-2018-14344,CVE-2018-14367,CVE-2018-14368,CVE-2018-14369,CVE-2018-14370

Description:

This update for wireshark fixes the following issues:
Security issues fixed:

CVE-2018-14342: BGP dissector large loop (wnpa-sec-2018-34, bsc#1101777)
CVE-2018-14344: ISMP dissector crash (wnpa-sec-2018-35, bsc#1101788)
CVE-2018-14340: Multiple dissectors could crash (wnpa-sec-2018-36, bsc#1101804)
CVE-2018-14343: ASN.1 BER dissector crash (wnpa-sec-2018-37, bsc#1101786)
CVE-2018-14339: MMSE dissector infinite loop (wnpa-sec-2018-38, bsc#1101810)
CVE-2018-14341: DICOM dissector crash (wnpa-sec-2018-39, bsc#1101776)
CVE-2018-14368: Bazaar dissector infinite loop (wnpa-sec-2018-40, bsc#1101794)
CVE-2018-14369: HTTP2 dissector crash (wnpa-sec-2018-41, bsc#1101800)
CVE-2018-14367: CoAP dissector crash (wnpa-sec-2018-42, bsc#1101791)
CVE-2018-14370: IEEE 802.11 dissector crash (wnpa-sec-2018-43, bsc#1101802)

Bug fixes:

Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.4.8.html

Advisory ID	SUSE-SU-2018:1642-1
Released	Thu Aug 16 16:55:54 2018
Summary	Security update for perl-Archive-Zip
Type	security
Severity	moderate
References	1099497,CVE-2018-10860

Description:

This update for perl-Archive-Zip fixes the following security issue:

CVE-2018-10860: Prevent directory traversal caused by not properly sanitizing paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could have used this flaw to write or overwrite arbitrary files in the context of the perl interpreter (bsc#1099497)

Advisory ID	SUSE-RU-2018:1705-1
Released	Mon Aug 20 16:31:22 2018
Summary	Recommended update for quota
Type	recommended
Severity	important
References	1104898

Description:

This update for quota fixes the following issues:

Fix issue with high cpu load if RQUOTAD_PORT is set in /etc/sysconfig/nfs. (bsc#1104898)

Advisory ID	SUSE-RU-2018:1756-1
Released	Fri Aug 24 17:12:55 2018
Summary	Recommended update for growpart
Type	recommended
Severity	moderate
References	1097455,1098681

Description:

This update for growpart provides the following fix:

Support btrfs resize and handle ro setup in rootgrow. (bsc#1097455, bsc#1098681)

Advisory ID	SUSE-RU-2018:1782-1
Released	Tue Aug 28 18:20:02 2018
Summary	Recommended update for SAPHanaSR
Type	recommended
Severity	moderate
References	1062267,1091074

Description:

This update for SAPHanaSR provides the following fixes:

Remove show_SAPHanaSR_attributes. The user is advised to use SAPHanaSR-showAttr instead. (bsc#1091074)
Adjust HAWK2 Wizards to run on both Python 2 and 3. (fate#323526)
SAPHanaSR wizard sets IPAddr2 agent's NIC to eth0. (bsc#1062267)

Advisory ID	SUSE-RU-2018:1804-1
Released	Fri Aug 31 13:02:24 2018
Summary	Recommended update for docker
Type	recommended
Severity	moderate
References	1065609,1073877,1099277,1100727

Description:

This update for docker fixes the following issues:

Build the client binary with -buildmode=pie to fix issues on POWER. (bsc#1100727)
Fix an issue where changed AppArmor profiles don't actually get applied on Docker daemon reboot. (bsc#1099277)
Update to AppArmor patch so that signal mediation also works for signals between in-container processes. (bsc#1073877)
Do not log incorrect warnings when attempting to inject non-existent host files. (bsc#1065609)

Advisory ID	SUSE-SU-2018:1853-1
Released	Thu Sep 6 19:41:23 2018
Summary	Security update for enigmail
Type	security
Severity	moderate
References	1104036

Description:

This update for enigmail to 2.0.8 fixes the following issues:
The enigmail 2.0.8 release addresses a security issue and solves a few regression bugs.

A security issue has been fixed that allows an attacker to prepare a plain, unauthenticated HTML message in a way that it looks like it's signed and/or encrypted (boo#1104036)

Advisory ID	SUSE-RU-2018:1861-1
Released	Mon Sep 10 11:38:53 2018
Summary	Recommended update for firewalld and susefirewall2-to-firewalld
Type	recommended
Severity	moderate
References	1096542,1098986,1099698,1105157,1105170

Description:

This update for firewalld and susefirewall2-to-firewalld fixes the following issues:
firewalld:

Drop global read permissions from the log file (bsc#1098986)
Add missing ipv6-icmp protocol to UI drop-down list (bsc#1099698)
Fix some untranslated strings in the creation of rich rules and firewall-config. (bsc#1096542)
fw: If failure occurs during startup set state to FAILED.
fw_direct: Avoid log for untracked passthrough queries.
Rich Rule Masquerade inverted source-destination in Forward Chain.
Don't forward interface to zone requests to NM for generated interfaces.
firewall-cmd, firewall-offline-cmd: Add --check-config option.
ipset: Check type when parsing ipset definition.
firewall-config: Add ipv6-icmp to the protocol dropdown box.
core/logger: Remove world-readable bit from logfile.
IPv6 rpfilter: Explicitly allow neighbor solicitation.

susefirewall2-to-firewalld:

Do not try to handle unknown iptables chains.
Handle source whitelisting. (bsc#1105157)

Advisory ID	SUSE-RU-2018:1897-1
Released	Thu Sep 13 15:18:20 2018
Summary	Recommended update for python3-gcemetadata
Type	recommended
Severity	moderate
References	1097505

Description:

This update for python3-gcemetadata fixes the following issues:

Support instances with multiple Nics. (bsc#1097505)

Advisory ID	SUSE-RU-2018:1901-1
Released	Fri Sep 14 12:38:11 2018
Summary	Recommended update for vncmanager
Type	recommended
Severity	moderate
References	1103552

Description:

This update for vncmanager fixes the following issues:

Declare the service as part of xvnc.target so it can be used as dependency for xvnc-novnc.service. (bsc#1103552)

Advisory ID	SUSE-RU-2018:1911-1
Released	Mon Sep 17 14:36:44 2018
Summary	Recommended update for python3-susepubliccloudinfo
Type	recommended
Severity	moderate
References	1103684

Description:

This update for python3-susepubliccloudinfo fixes the following issues:

Avoid traceback on improper query options. (bsc#1103684)

Advisory ID	SUSE-RU-2018:1962-1
Released	Fri Sep 21 13:48:37 2018
Summary	Recommended update for icewm
Type	recommended
Severity	important
References	1096917

Description:

This update for icewm fixes the following issues:

Renamed icewm-session.desktop to icewm.desktop to fix a upgrade issue (bsc#1096917).

Advisory ID	SUSE-RU-2018:1978-1
Released	Mon Sep 24 10:37:23 2018
Summary	Recommended update for myspell-dictionaries
Type	recommended
Severity	low
References	1099508,1102294

Description:

This update brings myspell-dictionaries to version 20180704, providing the following fixes:

Indonesian spelling dictionary, thesaurus and hyphenation added.
English updates.
Croatian updates.
Bulgarian files converted to UTF8 in order to avoid bugs. (bsc#1102294, bsc#1099508)
Other smaller updates.

Advisory ID	SUSE-RU-2018:1998-1
Released	Tue Sep 25 08:19:41 2018
Summary	Recommended update for wireless-regdb
Type	recommended
Severity	moderate
References	1095397,1106528

Description:

This update for wireless-regdb fixes the following issues:

Fix power limit in 5725-5785 GHz rule for France.
Updated regulatory database for France and Panama.
Fixes in python3 scripts.

Advisory ID	SUSE-RU-2018:1999-1
Released	Tue Sep 25 08:20:35 2018
Summary	Recommended update for zlib
Type	recommended
Severity	moderate
References	1071321

Description:

This update for zlib provides the following fixes:

Speedup zlib on power8. (fate#325307)
Add safeguard against negative values in uInt. (bsc#1071321)

Advisory ID	SUSE-RU-2018:2022-1
Released	Wed Sep 26 09:48:09 2018
Summary	Recommended update for SUSE Manager Client Tools
Type	recommended
Severity	moderate
References	1103388,1104120,1106523

Description:

This update fixes the following issues:
hwdata:

Update to version 0.314: + Updated pci, usb and vendor ids.

spacewalk-backend:

Channels to be actually un-subscribed from the assigned systems when being removed using spacewalk-remove-channel tool. (bsc#1104120)
Take only text files from /srv/salt to make spacewalk-debug smaller. (bsc#1103388)

Advisory ID	SUSE-RU-2018:2044-1
Released	Wed Sep 26 15:12:18 2018
Summary	Recommended update for firewalld-rpcbind-helper
Type	recommended
Severity	moderate
References	1096064

Description:

This update for firewalld-rpcbind-helper fixes the following issues:

Fix error when running in python3 context, because of a missing decode() call. (bsc#1096064)
Don't raise Exceptions when one of the target sysconfig files isn't installed. (bsc#1096064)

Advisory ID	SUSE-SU-2018:2052-1
Released	Thu Sep 27 12:03:08 2018
Summary	Security update for wireshark
Type	security
Severity	moderate
References	1106514,CVE-2018-16056,CVE-2018-16057,CVE-2018-16058

Description:

This update for wireshark to version 2.4.9 fixes the following issues:
Security issues fixed (bsc#1106514):

CVE-2018-16058: Bluetooth AVDTP dissector crash (wnpa-sec-2018-44)
CVE-2018-16056: Bluetooth Attribute Protocol dissector crash (wnpa-sec-2018-45)
CVE-2018-16057: Radiotap dissector crash (wnpa-sec-2018-46)

Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.4.9.html

Advisory ID	SUSE-SU-2018:2054-1
Released	Thu Sep 27 12:04:23 2018
Summary	Security update for mgetty
Type	security
Severity	important
References	1108752,1108756,1108757,1108761,1108762,CVE-2018-16741,CVE-2018-16742,CVE-2018-16743,CVE-2018-16744,CVE-2018-16745

Description:

This update for mgetty fixes the following issues:

CVE-2018-16741: The function do_activate() did not properly sanitize shell metacharacters to prevent command injection (bsc#1108752).
CVE-2018-16745: The mail_to parameter was not sanitized, leading to a buffer overflow if long untrusted input reached it (bsc#1108756).
CVE-2018-16744: The mail_to parameter was not sanitized, leading to command injection if untrusted input reached reach it (bsc#1108757).
CVE-2018-16742: Prevent stack-based buffer overflow that could have been triggered via a command-line parameter (bsc#1108762).
CVE-2018-16743: The command-line parameter username wsa passed unsanitized to strcpy(), which could have caused a stack-based buffer overflow (bsc#1108761).

Advisory ID	SUSE-RU-2018:2060-1
Released	Thu Sep 27 15:06:52 2018
Summary	Recommended update for SAPHanaSR-ScaleOut
Type	recommended
Severity	moderate
References	1098979

Description:

This update for SAPHanaSR-ScaleOut provides the following fix:

Allow virtual host names in SAPHanaTopology and SAPHanaController to prevent a wrong promotion scoring. (bsc#1098979)

Advisory ID	SUSE-RU-2018:2077-1
Released	Fri Sep 28 14:52:24 2018
Summary	Recommended update for pidentd
Type	recommended
Severity	important
References	1101107,1101600

Description:

This update for pidentd fixes the following issues:

IPv6 support was accidentally dropped when upgrading to 3.0.19. This update reenables IPv6 support. (bsc#1101600)
Drop uname -r of buildhost from binary for reproducible builds (bsc#1101107)

Advisory ID	SUSE-RU-2018:2078-1
Released	Fri Sep 28 14:54:53 2018
Summary	Recommended update for sapconf
Type	recommended
Severity	moderate
References	1093843,1093844,1096498,1099101

Description:

This update for sapconf provides the following fixes:

Sapconf should not change the system settings for kernel.sem, so remove the variables SEM* from it. (bsc#1099101)
Correct the SAP Note references in the man pages and in the sysconfig file of the sapconf package. (bsc#1096498)
Avoid stopping or disabling uuidd.socket in sapconf as it is mandatory for every SAP application running. (bsc#1093843)
Remove hardcoded default value for VSZ_TMPFS_PERCENT. This allows an admin to exclude VSZ_TMPFS settings from the sysconfig file, so the current system value will remain untouched. This value only got used in the previous version, if the variable VSZ_TMPFS_PERCENT was removed from the sapconf configuration file /etc/sysconfig/sapconf. If the value of the variable was only changed (increased or decreased) in the sapconf configuration file everything works fine. (bsc#1093844)
Remove the no longer needed sysconfig file.
Remove the pagecache references from the sysconfig file.

Advisory ID	SUSE-SU-2018:2082-1
Released	Sun Sep 30 14:06:27 2018
Summary	Security update for libX11
Type	security
Severity	moderate
References	1102062,1102068,1102073,CVE-2018-14598,CVE-2018-14599,CVE-2018-14600

Description:

This update for libX11 fixes the following security issues:

CVE-2018-14599: The function XListExtensions was vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact (bsc#1102062)
CVE-2018-14600: The function XListExtensions interpreted a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution (bsc#1102068)
CVE-2018-14598: A malicious server could have sent a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault) (bsc#1102073)

Advisory ID	SUSE-SU-2018:2095-1
Released	Mon Oct 1 16:02:00 2018
Summary	Security update for openssl-1_0_0
Type	security
Severity	moderate
References	1089039,1097158,1101470,1104789,1106197,CVE-2018-0732,CVE-2018-0737

Description:

This update for openssl-1_0_0 to 1.0.2p fixes the following issues:
These security issues were fixed:

Prevent One&Done side-channel attack on RSA that allowed physically near attackers to use EM emanations to recover information (bsc#1104789)
CVE-2018-0737: The RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could have recovered the private key (bsc#1089039)
CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158)
Make problematic ECDSA sign addition length-invariant
Add blinding to ECDSA and DSA signatures to protect against side channel attacks

This non-security issue was fixed:

Add openssl(cli) Provide so the packages that require the openssl binary can require this instead of the new openssl meta package (bsc#1101470)

Advisory ID	SUSE-SU-2018:2119-1
Released	Tue Oct 2 16:31:25 2018
Summary	Security update for ghostscript
Type	security
Severity	important
References	1106171,1106172,1106173,1106195,1107410,1107411,1107412,1107413,1107420,1107421,1107422,1107423,1107426,1107581,1108027,1109105,CVE-2018-15908,CVE-2018-15909,CVE-2018-15910,CVE-2018-15911,CVE-2018-16509,CVE-2018-16510,CVE-2018-16511,CVE-2018-16513,CVE-2018-16539,CVE-2018-16540,CVE-2018-16541,CVE-2018-16542,CVE-2018-16543,CVE-2018-16585,CVE-2018-16802,CVE-2018-17183

Description:

This update for ghostscript to version 9.25 fixes the following issues:
These security issues were fixed:

CVE-2018-17183: Remote attackers were be able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code (bsc#1109105)
CVE-2018-15909: Prevent type confusion using the .shfill operator that could have been used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code (bsc#1106172).
CVE-2018-15908: Prevent attackers that are able to supply malicious PostScript files to bypass .tempfile restrictions and write files (bsc#1106171).
CVE-2018-15910: Prevent a type confusion in the LockDistillerParams parameter that could have been used to crash the interpreter or execute code (bsc#1106173).
CVE-2018-15911: Prevent use uninitialized memory access in the aesdecode operator that could have been used to crash the interpreter or potentially execute code (bsc#1106195).
CVE-2018-16513: Prevent a type confusion in the setcolor function that could have been used to crash the interpreter or possibly have unspecified other impact (bsc#1107412).
CVE-2018-16509: Incorrect 'restoration of privilege' checking during handling of /invalidaccess exceptions could be have been used by attackers able to supply crafted PostScript to execute code using the 'pipe' instruction (bsc#1107410).
CVE-2018-16510: Incorrect exec stack handling in the 'CS' and 'SC' PDF primitives could have been used by remote attackers able to supply crafted PDFs to crash the interpreter or possibly have unspecified other impact (bsc#1107411).
CVE-2018-16542: Prevent attackers able to supply crafted PostScript files from using insufficient interpreter stack-size checking during error handling to crash the interpreter (bsc#1107413).
CVE-2018-16541: Prevent attackers able to supply crafted PostScript files from using incorrect free logic in pagedevice replacement to crash the interpreter (bsc#1107421).
CVE-2018-16540: Prevent use-after-free in copydevice handling that could have been used to crash the interpreter or possibly have unspecified other impact (bsc#1107420).
CVE-2018-16539: Prevent attackers able to supply crafted PostScript files from using incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable (bsc#1107422).
CVE-2018-16543: gssetresolution and gsgetresolution allowed attackers to have an unspecified impact (bsc#1107423).
CVE-2018-16511: A type confusion in 'ztype' could have been used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact (bsc#1107426).
CVE-2018-16585: The .setdistillerkeys PostScript command was accepted even though it is not intended for use during document processing (e.g., after the startup phase). This lead to memory corruption, allowing remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact (bsc#1107581).
CVE-2018-16802: Incorrect 'restoration of privilege' checking when running out of stack during exception handling could have been used by attackers able to supply crafted PostScript to execute code using the 'pipe' instruction. This is due to an incomplete fix for CVE-2018-16509 (bsc#1108027).

These non-security issues were fixed:

Fixes problems with argument handling, some unintended results of the security fixes to the SAFER file access restrictions (specifically accessing ICC profile files).
Avoid that ps2epsi fails with 'Error: /undefined in --setpagedevice--'

For additional changes please check http://www.ghostscript.com/doc/9.25/News.htm

Advisory ID	SUSE-SU-2018:2165-1
Released	Fri Oct 5 15:22:38 2018
Summary	Security update for java-1_8_0-openjdk
Type	security
Severity	important
References	1101644,1101645,1101651,1101656,1106812,CVE-2018-2938,CVE-2018-2940,CVE-2018-2952,CVE-2018-2973

Description:

This update for java-1_8_0-openjdk to the jdk8u181 (icedtea 3.9.0) release fixes the following issues:
These security issues were fixed:

CVE-2018-2938: Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE (bsc#1101644).
CVE-2018-2940: Vulnerability in subcomponent: Libraries. Easily exploitable vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data (bsc#1101645)
CVE-2018-2952: Vulnerability in subcomponent: Concurrency. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit (bsc#1101651)
CVE-2018-2973: Vulnerability in subcomponent: JSSE. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data (bsc#1101656)

These non-security issues were fixed:

Improve desktop file usage
Better Internet address support
speculative traps break when classes are redefined
sun/security/pkcs11/ec/ReadCertificates.java fails intermittently
Clean up code that saves the previous versions of redefined classes
Prevent SIGSEGV in ReceiverTypeData::clean_weak_klass_links
RedefineClasses() tests fail assert(((Metadata*)obj)->is_valid()) failed: obj is valid
NMT is not enabled if NMT option is specified after class path specifiers
EndEntityChecker should not process custom extensions after PKIX validation
SupportedDSAParamGen.java failed with timeout
Montgomery multiply intrinsic should use correct name
When determining the ciphersuite lists, there is no debug output for disabled suites.
sun/security/mscapi/SignedObjectChain.java fails on Windows
On Windows Swing changes keyboard layout on a window activation
IfNode::range_check_trap_proj() should handler dying subgraph with single if proj
Even better Internet address support
Newlines in JAXB string values of SOAP-requests are escaped to ' '
TestFlushableGZIPOutputStream failing with IndexOutOfBoundsException
Unable to use JDWP API in JDK 8 to debug JDK 9 VM
Hotspot crash on Cassandra 3.11.1 startup with libnuma 2.0.3
Performance drop with Java JDK 1.8.0_162-b32
Upgrade time-zone data to tzdata2018d
Fix potential crash in BufImg_SetupICM
JDK 8u181 l10n resource file update
Remove debug print statements from RMI fix
(tz) Upgrade time-zone data to tzdata2018e
ObjectInputStream filterCheck method throws NullPointerException
adjust reflective access checks
Fixed builds on s390 (bsc#1106812)

Advisory ID	SUSE-SU-2018:2171-1
Released	Mon Oct 8 10:31:29 2018
Summary	Security update for soundtouch
Type	security
Severity	moderate
References	1103676,CVE-2018-1000223

Description:

This update for soundtouch fixes the following security issue:

CVE-2018-1000223: Prevent buffer overflow in WavInFile::readHeaderBlock() that could have resulted in arbitrary code execution when opening maliocius file in soundstretch utility (bsc#1103676)

Advisory ID	SUSE-SU-2018:2183-1
Released	Tue Oct 9 11:30:31 2018
Summary	Security update for java-1_8_0-ibm
Type	security
Severity	moderate
References	1104668,CVE-2016-0705,CVE-2017-3732,CVE-2017-3736,CVE-2018-12539,CVE-2018-1517,CVE-2018-1656,CVE-2018-2940,CVE-2018-2952,CVE-2018-2964,CVE-2018-2973

Description:

This update for java-1_8_0-ibm to 8.0.5.20 fixes the following issues:

CVE-2018-2952: Vulnerability in subcomponent: Concurrency. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit (bsc#1104668).
CVE-2018-2940: Vulnerability in subcomponent: Libraries. Easily exploitable vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data (bsc#1104668).
CVE-2018-2973: Vulnerability in subcomponent: JSSE. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data (bsc#1104668).
CVE-2018-2964: Vulnerability in subcomponent: Deployment. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE. (bsc#1104668).
CVE-2016-0705: Prevent double free in the dsa_priv_decode function that allowed remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key (bsc#1104668).
CVE-2017-3732: Prevent carry propagating bug in the x86_64 Montgomery squaring procedure (bsc#1104668).
CVE-2017-3736: Prevent carry propagating bug in the x86_64 Montgomery squaring procedure (bsc#1104668).
CVE-2018-12539: Users other than the process owner might have been able to use Java Attach API to connect to an IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code (bsc#1104668)
CVE-2018-1517: Unspecified vulnerability (bsc#1104668).
CVE-2018-1656: Unspecified vulnerability (bsc#1104668)

Advisory ID	SUSE-RU-2018:2193-1
Released	Wed Oct 10 13:20:50 2018
Summary	Recommended update for dialog
Type	recommended
Severity	moderate
References	1094836

Description:

This update for dialog fixes the following issues:

Fixes a bug where scrolling is not possible (bsc#1094836)

Advisory ID	SUSE-RU-2018:2298-1
Released	Wed Oct 17 17:02:57 2018
Summary	Recommended update for java-11-openjdk
Type	recommended
Severity	moderate
References	1111162,1112142,1112143,1112144,1112145,1112146,1112147,1112148,1112149,CVE-2018-3136,CVE-2018-3139,CVE-2018-3149,CVE-2018-3150,CVE-2018-3157,CVE-2018-3169,CVE-2018-3180,CVE-2018-3183

Description:

This update for java-11-openjdk fixes the following issues:
Update to upstream tag jdk-11.0.1+13 (Oracle October 2018 CPU)
Security fixes:

S8202936, CVE-2018-3183, bsc#1112148: Improve script engine support
S8199226, CVE-2018-3169, bsc#1112146: Improve field accesses
S8199177, CVE-2018-3149, bsc#1112144: Enhance JNDI lookups
S8202613, CVE-2018-3180, bsc#1112147: Improve TLS connections stability
S8208209, CVE-2018-3180, bsc#1112147: Improve TLS connection stability again
S8199172, CVE-2018-3150, bsc#1112145: Improve jar attribute checks
S8200648, CVE-2018-3157, bsc#1112149: Make midi code more sound
S8194534, CVE-2018-3136, bsc#1112142: Manifest better support
S8208754, CVE-2018-3136, bsc#1112142: The fix for JDK-8194534 needs updates
S8196902, CVE-2018-3139, bsc#1112143: Better HTTP Redirection

Security-In-Depth fixes:

S8194546: Choosier FileManagers
S8195874: Improve jar specification adherence
S8196897: Improve PRNG support
S8197881: Better StringBuilder support
S8201756: Improve cipher inputs
S8203654: Improve cypher state updates
S8204497: Better formatting of decimals
S8200666: Improve LDAP support
S8199110: Address Internet Addresses

Update to upstream tag jdk-11+28 (OpenJDK 11 rc1)

S8207317: SSLEngine negotiation fail exception behavior changed from fail-fast to fail-lazy
S8207838: AArch64: Float registers incorrectly restored in JNI call
S8209637: [s390x] Interpreter doesn't call result handler after native calls
S8209670: CompilerThread releasing code buffer in destructor is unsafe
S8209735: Disable avx512 by default
S8209806: API docs should be updated to refer to javase11
Report version without the '-internal' postfix

Don't build against gdk making the accessibility depend on a particular version of gtk.

Update to upstream tag jdk-11+27

S8031761: [TESTBUG] Add a regression test for JDK-8026328
S8151259: [TESTBUG] nsk/jvmti/RedefineClasses/redefclass030 fails with 'unexpected values of outer fields of the class' when running with -Xcomp
S8164639: Configure PKCS11 tests to use user-supplied NSS libraries
S8189667: Desktop#moveToTrash expects incorrect '<>' FilePermission
S8194949: [Graal] gc/TestNUMAPageSize.java fail with OOM in -Xcomp
S8195156: [Graal] serviceability/jvmti/GetModulesInfo/ /JvmtiGetAllModulesTest.java fails with Graal in Xcomp mode
S8199081: [Testbug] compiler/linkage/LinkageErrors.java fails if run twice
S8201394: Update java.se module summary to reflect removal of java.se.ee module
S8204931: Colors with alpha are painted incorrectly on Linux
S8204966: [TESTBUG] hotspot/test/compiler/whitebox/ /IsMethodCompilableTest.java test fails with -XX:CompileThreshold=1
S8205608: Fix 'frames()' in ThreadReferenceImpl.c to prevent quadratic runtime behavior
S8205687: TimeoutHandler generates huge core files
S8206176: Remove the temporary tls13VN field
S8206258: [Test Error] sun/security/pkcs11 tests fail if NSS libs not found
S8206965: java/util/TimeZone/Bug8149452.java failed on de_DE and ja_JP locale.
S8207009: TLS 1.3 half-close and synchronization issues
S8207046: arm32 vm crash: C1 arm32 platform functions parameters type mismatch
S8207139: NMT is not enabled on Windows 2016/10
S8207237: SSLSocket#setEnabledCipherSuites is accepting empty string
S8207355: C1 compilation hangs in ComputeLinearScanOrder::compute_dominator
S8207746: C2: Lucene crashes on AVX512 instruction
S8207765: HeapMonitorTest.java intermittent failure
S8207944: java.lang.ClassFormatError: Extra bytes at the end of class file test' possibly violation of JVMS 4.7.1
S8207948: JDK 11 L10n resource file update msg drop 10
S8207966: HttpClient response without content-length does not return body
S8208125: Cannot input text into JOptionPane Text Input Dialog
S8208164: (str) improve specification of String::lines
S8208166: Still unable to use custom SSLEngine with default TrustManagerFactory after JDK-8207029
S8208189: ProblemList compiler/graalunit/JttThreadsTest.java
S8208205: ProblemList tests that fail due to 'Error attaching to process: Can't create thread_db agent!'
S8208226: ProblemList com/sun/jdi/BasicJDWPConnectionTest.java
S8208251: serviceability/jvmti/HeapMonitor/MyPackage/ /HeapMonitorGCCMSTest.java fails intermittently on Linux-X64
S8208305: ProblemList compiler/jvmci/compilerToVM/GetFlagValueTest.java
S8208347: ProblemList compiler/cpuflags/TestAESIntrinsicsOnSupportedConfig.java
S8208353: Upgrade JDK 11 to libpng 1.6.35
S8208358: update bug ids mentioned in tests
S8208370: fix typo in ReservedStack tests' @requires
S8208391: Differentiate response and connect timeouts in HTTP Client API
S8208466: Fix potential memory leak in harfbuzz shaping.
S8208496: New Test to verify concurrent behavior of TLS.
S8208521: ProblemList more tests that fail due to 'Error attaching to process: Can't create thread_db agent!'
S8208640: [a11y] [macos] Unable to navigate between Radiobuttons in Radio group using keyboard.
S8208663: JDK 11 L10n resource file update msg drop 20
S8208676: Missing NULL check and resource leak in NetworkPerformanceInterface::NetworkPerformance::network_utilization
S8208691: Tighten up jdk.includeInExceptions security property
S8209011: [TESTBUG] AArch64: sun/security/pkcs11/Secmod/ /TestNssDbSqlite.java fails in aarch64 platforms
S8209029: ProblemList tests that fail due to 'Error attaching to process: Can't create thread_db agent!' in jdk-11+25 testing
S8209149: [TESTBUG] runtime/RedefineTests/ /RedefineRunningMethods.java needs a longer timeout
S8209451: Please change jdk 11 milestone to FCS
S8209452: VerifyCACerts.java failed with 'At least one cacert test failed'
S8209506: Add Google Trust Services GlobalSign root certificates
S8209537: Two security tests failed after JDK-8164639 due to dependency was missed

Advisory ID	SUSE-SU-2018:2302-1
Released	Thu Oct 18 14:29:31 2018
Summary	Security update for zziplib
Type	security
Severity	moderate
References	1110687,CVE-2018-17828

Description:

This update for zziplib fixes the following issues:

CVE-2018-17828: Remove any '../' components from pathnames of extracted files to avoid path traversal during unpacking. (bsc#1110687)

Advisory ID	SUSE-RU-2018:2307-1
Released	Thu Oct 18 14:42:54 2018
Summary	Recommended update for libxcb
Type	recommended
Severity	moderate
References	1101560

Description:

This update for libxcb provides the following fix:

Fix some IO errors when using KWin in combination with the NVIDIA driver. (bsc#1101560)

Advisory ID	SUSE-SU-2018:2335-1
Released	Fri Oct 19 15:06:23 2018
Summary	Security update for clamav
Type	security
Severity	moderate
References	1103040,1104457,1110723,CVE-2018-14680,CVE-2018-14681,CVE-2018-14682,CVE-2018-15378

Description:

This update for clamav fixes the following issues:
clamav was updated to version 0.100.2.
Following security issues were fixed:

CVE-2018-15378: Vulnerability in ClamAV's MEW unpacking feature that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. (bsc#1110723)
CVE-2018-14680, CVE-2018-14681, CVE-2018-14682: more fixes for embedded libmspack. (bsc#1103040)

Following non-security issues were addressed:

Make freshclam more robust against lagging signature mirrors.
On-Access 'Extra Scanning', an opt-in minor feature of OnAccess scanning on Linux systems, has been disabled due to a known issue with resource cleanup OnAccessExtraScanning will be re-enabled in a future release when the issue is resolved. In the mean-time, users who enabled the feature in clamd.conf will see a warning informing them that the feature is not active. For details, see: https://bugzilla.clamav.net/show_bug.cgi?id=12048
Restore exit code compatibility of freshclam with versions before 0.100.0 when the virus database is already up to date (bsc#1104457)

Advisory ID	SUSE-SU-2018:2340-1
Released	Fri Oct 19 16:05:53 2018
Summary	Security update for fuse
Type	security
Severity	moderate
References	1101797,CVE-2018-10906

Description:

This update for fuse fixes the following issues:

CVE-2018-10906: fusermount was vulnerable to a restriction bypass when SELinux is active. This allowed non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects (bsc#1101797)

Advisory ID	SUSE-RU-2018:2343-1
Released	Sat Oct 20 09:51:54 2018
Summary	Recommended update for dejagnu
Type	recommended
Severity	moderate
References	1100206

Description:

This update for dejagnu fixes the following issues:

Use separate kill command for each pid (bsc#1100206)
Install LICENSE file in the correct directory.

Advisory ID	SUSE-SU-2018:2364-1
Released	Mon Oct 22 13:13:28 2018
Summary	Security update for wireshark
Type	security
Severity	important
References	1111647,CVE-2018-12086,CVE-2018-18227

Description:

This update for wireshark fixes the following issues:
Wireshark was updated to 2.4.10 (bsc#1111647).
Following security issues were fixed:

CVE-2018-18227: MS-WSP dissector crash (wnpa-sec-2018-47)
CVE-2018-12086: OpcUA dissector crash (wnpa-sec-2018-50)

Further bug fixes and updated protocol support that were done are listed in:
https://www.wireshark.org/docs/relnotes/wireshark-2.4.10.html

Advisory ID	SUSE-RU-2018:2370-1
Released	Mon Oct 22 14:02:01 2018
Summary	Recommended update for aaa_base
Type	recommended
Severity	moderate
References	1102310,1104531

Description:

This update for aaa_base provides the following fixes:

Let bash.bashrc work even for (m)ksh. (bsc#1104531)
Fix an error at login if java system directory is empty. (bsc#1102310)

Advisory ID	SUSE-SU-2018:2392-1
Released	Tue Oct 23 12:45:51 2018
Summary	Security update for tiff
Type	security
Severity	moderate
References	1092480,1106853,1108627,1108637,1110358,CVE-2018-10779,CVE-2018-16335,CVE-2018-17100,CVE-2018-17101,CVE-2018-17795

Description:

This update for tiff fixes the following issues:
Security issue fixed:

CVE-2018-10779: TIFFWriteScanline in tif_write.c had a heap-based buffer over-read, as demonstrated by bmp2tiff.(bsc#1092480)
CVE-2018-17100: There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file. (bsc#1108637)
CVE-2018-17101: There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. (bsc#1108627)
CVE-2018-17795: The function t2p_write_pdf in tiff2pdf.c allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935. (bsc#1110358)
CVE-2018-16335: newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. This is a different vulnerability than CVE-2018-15209. (bsc#1106853)

Advisory ID	SUSE-RU-2018:2411-1
Released	Tue Oct 23 17:27:40 2018
Summary	Recommended update for libXaw
Type	recommended
Severity	moderate
References	1098411

Description:

This update for libXaw provides the following fix:

Fix a crash when the required font is not installed. (bsc#1098411)

Advisory ID	SUSE-SU-2018:2431-1
Released	Wed Oct 24 13:05:29 2018
Summary	Security update for ntp
Type	security
Severity	moderate
References	1083424,1098531,1111853,CVE-2018-12327,CVE-2018-7170

Description:

NTP was updated to 4.2.8p12 (bsc#1111853):

CVE-2018-12327: Fixed stack buffer overflow in the openhost() command-line call of NTPQ/NTPDC. (bsc#1098531)
CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral association time spoofing additional protection (bsc#1083424)

Please also see https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/ for more information.

Advisory ID	SUSE-OU-2018:2441-1
Released	Wed Oct 24 16:38:48 2018
Summary	Initial release of python-pyinotify
Type	optional
Severity	low
References	1111493

Description:

This update provides python-pyinotify required for salt beacons

Advisory ID	SUSE-RU-2018:2442-1
Released	Wed Oct 24 16:39:09 2018
Summary	Recommended update for python-msrestazure and it's dependencies
Type	recommended
Severity	moderate
References	1109694

Description:

This update for python-adal, python-isodate, python-msrest, python-msrestazure fixes the following issues:
python-msrestazure:

Update to version 0.5.0

+ Features * Implementation is now using ADAL and not request-oauthlib. This allows more AD scenarios (like federated). * Add additionalInfo parsing for CloudError. * Implement new LRO options of Autorest. * Improve MSI for VM token polling algorithm. * MSIAuthentication now uses IMDS endpoint if available. * MSIAuthentication can be used in any environment that defines MSI_ENDPOINT env variable. * CloudError now includes the 'innererror' attribute to match OData v4. * Introduces ARMPolling implementation of Azure Resource Management LRO. * Add support for WebApp/Functions in MSIAuthentication classes. * Add parse_resource_id(), resource_id(), validate_resource_id() to parse ARM ids. * Retry strategy now n reach 24 seconds (instead of 12 seconds). * Add Managed Service Integrated (MSI) authentication. * Add 'timeout' to ServicePrincipalCredentials and UserPasswordCredentials. * Threads created by AzureOperationPoller have now a name prefixed by 'AzureOperationPoller' to help identify them. * Improve MSIAuthentication to support User Assigned Identity.
+ Bugfixes * MSIAuthentication regression for KeyVault since IMDS support. * MSIAuthentication should initialize the token attribute on creation. * Fixes refreshToken in UserPassCredentials and AADTokenCredentials. * Fix US government cloud definition. * Reduce max MSI polling time for VM. * IMDS/MSI: Retry on more error codes. * IMDS/MSI: Fix a boundary case on timeout. * Fix parse_resource_id() tool to be case*insensitive to keywords when matching. * Add missing baseclass init call for AdalAuthentication. * Fix LRO result if POST uses AsyncOperation header. * Remove a possible infinite loop with MSIAuthentication. * Fix session obj for cloudmetadata endpoint. * Fix authentication resource node for AzureSatck. * Better detection of AppService with MSIAuthentication. * get_cloud_from_metadata_endpoint incorrect on AzureStack. * get_cloud_from_metadata_endpoint certificate issue. * Fix AttributeError if error JSON from ARM does not follow ODatav4 (as it should). * Fix AttributeError if input JSON is not a dict. * Fix AdalError handling in some scenarios. * Update Azure Gov login endpoint. * Update metadata ARM endpoint parser.
+ Incompatible changes * Remove unused auth_uri, state, client and token_uri attributes in ServicePrincipalCredentials, UserPassCredentials and AADTokenCredentials. * Remove token caching based on 'keyring'. Token caching should be implemented using ADAL now. * Remove InteractiveCredentials. This class was deprecated and unusable. Use ADAL device code instead.
python-msrest

Update to version 0.5.0

+ Require python-enum32 and python-typing.
+ Features * Support additionalProperties and XML. * Deserialize/from_dict now accepts a content*type parameter to parse XML strings. * Add XML support * Add many type hints, and MyPY testing on CI. * HTTP calls are made through a HTTPDriver API. Only implementation is `requests` for now. This driver API is *not* considered stable and you should pin your msrest version if you want to provide a personal implementation. * msrest is now able to keep the 'requests.Session' alive for performance. * All Authentication classes now define `signed_session` and `refresh_session` with an optional `session` parameter. * Disable HTTP log by default (security), add `enable_http_log` to restore it. * Add TopicCredentials for EventGrid client. * Add LROPoller class. This is a customizable LRO engine. * Model now accept kwargs in constructor for future kwargs models. * Add support for additional_properties. * The interpretation of Swagger 2.0 'discriminator' is now lenient. * Add ApiKeyCredentials class. This can be used to support OpenAPI ApiKey feature. * Add CognitiveServicesAuthentication class. Pre*declared ApiKeyCredentials class for Cognitive Services. * Add Configuration.session_configuration_callback to customize the requests.Session if necessary. * Add a flag to Serializer to disable client*side*validation. * Remove 'import requests' from 'exceptions.py' for apps that require fast loading time. * Input is now more lenient. * Model have a 'validate' method to check content constraints. * Model have now new methods for serialize, as_dict, deserialize and from_dict.
+ Bugfixes * Fix a serialization issue if additional_properties is declared, and 'automatic model' syntax is used ('automatic model' being the ability to pass a dict to command and have the model auto*created). * Better parse empty node and not string types. * Improve 'object' XML parsing. * Fix some XML serialization subtle scenarios. * Fix some complex XML Swagger definitions. * Lower Accept header overwrite logging message. * Fix 'object' type and XML format. * Incorrect milliseconds serialization for some datetime object. * Improve `SDKClient.__exit__` to take exc_details as optional parameters and not required. * Refresh_session should also use the permanent HTTP session if available. * Fix incorrect date parsing if ms precision is over 6 digits. * Fix minimal dependency of isodate. * Fix serialisation from dict if datetime provided. * Date parsing is now compliant with Autorest / Swagger 2.0 specification (less lenient). * Accept to deserialize enum of different type if content string match. * Stop failing on deserialization if enum string is unkwon. Return the string instead. * Do not validate additional_properties. * Improve validation error if expected type is dict, but actual type is not. * Fix additional_properties if Swagger was flatten. * Optional formdata parameters were raising an exception. * 'application/x*www*form*urlencoded' form was sent using 'multipart/form*data'. * Fix regression: accept 'set' as a valid '[str]' * Always log response body. * Improved exception message if error JSON is Odata v4. * Refuse 'str' as a valid '[str]' type. * Better exception handling if input from server is not JSON valid. * Fix regression introduced in msrest 0.4.12 * dict syntax with enum modeled as string and enum used. * Fix regression introduced in msrest 0.4.12 * dict syntax using isodate.Duration. * Better Enum checking.
+ Internal optimisation * Call that does not return a streamable object are now executed in requests stream mode False (was True whatever the type of the call). This should reduce the number of leaked opened session and allow urllib3 to manage connection pooling more efficiently. Only clients generated with Autorest.Python >= 2.1.31 (not impacted otherwise, fully backward compatible)
+ Deprecation * Trigger DeprecationWarning for _client.add_header and _client.send_formdata.
python-adal

Update to version 1.0.2

python-isodate

Update to version 0.6.0 + Support incomplete month date. + Rely on duck typing when doing duration maths. + Support ':' as separator in fractional time zones.

Advisory ID	SUSE-RU-2018:2445-1
Released	Wed Oct 24 16:41:09 2018
Summary	Recommended update for iotop
Type	recommended
Severity	moderate
References	1094694,1094823

Description:

This update for iotop provides the following fix:

Fix a crash when /proc/*/status doesn't have the tab character or when it has invalid lines. (bsc#1094823, bsc#1094694)

Advisory ID	SUSE-RU-2018:2463-1
Released	Thu Oct 25 14:48:34 2018
Summary	Recommended update for timezone, timezone-java
Type	recommended
Severity	moderate
References	1104700,1112310

Description:

This update for timezone, timezone-java fixes the following issues:
The timezone database was updated to 2018f:

Volgograd moves from +03 to +04 on 2018-10-28.
Fiji ends DST 2019-01-13, not 2019-01-20.
Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700)
Corrections to past timestamps of DST transitions
Use 'PST' and 'PDT' for Philippine time
minor code changes to zic handling of the TZif format
documentation updates

Other bugfixes:

Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310)

Advisory ID	SUSE-SU-2018:2484-1
Released	Fri Oct 26 10:16:04 2018
Summary	Security update for wpa_supplicant
Type	security
Severity	moderate
References	1080798,1098854,1099835,1104205,1109209,1111873,CVE-2018-14526

Description:

This update for wpa_supplicant provides the following fixes:
This security issues was fixe:

CVE-2018-14526: Under certain conditions, the integrity of EAPOL-Key messages was not checked, leading to a decryption oracle. An attacker within range of the Access Point and client could have abused the vulnerability to recover sensitive information (bsc#1104205)

These non-security issues were fixed:

Fix reading private key passwords from the configuration file. (bsc#1099835)
Enable PWD as EAP method. This allows for password-based authentication, which is easier to setup than most of the other methods, and is used by the Eduroam network. (bsc#1109209)
compile eapol_test binary to allow testing via radius proxy and server (note: this does not match CONFIG_EAPOL_TEST which sets -Werror and activates an assert call inside the code of wpa_supplicant) (bsc#1111873), (fate#326725)
Enabled timestamps in log file when being invoked by systemd service file (bsc#1080798).
Fixes the default file permissions of the debug log file to more sane values, i.e. it is no longer world-readable (bsc#1098854).
Open the debug log file with O_CLOEXEC, which will prevent file descriptor leaking to child processes (bsc#1098854).

Advisory ID	SUSE-SU-2018:2505-1
Released	Fri Oct 26 16:12:37 2018
Summary	Security update for audiofile
Type	security
Severity	moderate
References	1111586,CVE-2018-17095

Description:

This update for audiofile fixes the following issues:

CVE-2018-17095: A heap-based buffer overflow in Expand3To4Module::run could occurred when running sfconvert leading to crashes or code execution when handling untrusted soundfiles (bsc#1111586).

Advisory ID	SUSE-RU-2018:2507-1
Released	Fri Oct 26 16:27:56 2018
Summary	Recommended update for s3fs
Type	recommended
Severity	moderate
References	1111267

Description:

This update for s3fs fixes the following issues:

Add fuse package as required in runtime to allow mounting with systemd, mount command or /etc/fstab (bsc#1111267)

Advisory ID	SUSE-RU-2018:2513-1
Released	Mon Oct 29 11:11:23 2018
Summary	Recommended update for sysstat
Type	recommended
Severity	moderate
References	1089883

Description:

This update for sysstat fixes the following issues:
Sysstat was updated to 12.0.2, bringing new features and bugfixes (fate#326576, bsc#1089883)

It contains lots of improvements in SVG output.
New metric additions for hugepages.
New options

Please look at http://sebastien.godard.pagesperso-orange.fr/ for a more detailed history of changes.

Advisory ID	SUSE-RU-2018:2514-1
Released	Mon Oct 29 11:11:47 2018
Summary	Recommended update for nfs4-acl-tools
Type	recommended
Severity	moderate
References	1104803,967251

Description:

This update for nfs4-acl-tools fixes the following issues:

Allow recursive set_acl to set inheritance flags. (bsc#967251, bsc#1104803)

Advisory ID	SUSE-RU-2018:2529-1
Released	Tue Oct 30 16:05:19 2018
Summary	Recommended update for dapl
Type	recommended
Severity	moderate
References	1094657

Description:

This update for dapl fixes the following issues:

Fix a 'deadlock' that causes socket connection to timeout when net.ipv4.tcp_syncookies=0. (bsc#1094657)

Advisory ID	SUSE-RU-2018:2550-1
Released	Wed Oct 31 16:16:56 2018
Summary	Recommended update for timezone, timezone-java
Type	recommended
Severity	moderate
References	1113554

Description:

This update provides the latest time zone definitions (2018g), including the following change:

Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554)

Advisory ID	SUSE-SU-2018:2565-1
Released	Fri Nov 2 17:10:31 2018
Summary	Security update for soundtouch
Type	security
Severity	moderate
References	1108630,1108631,1108632,CVE-2018-17096,CVE-2018-17097,CVE-2018-17098

Description:

This update for soundtouch fixes the following issues:

CVE-2018-17098: The WavFileBase class allowed remote attackers to cause a denial of service (heap corruption from size inconsistency) or possibly have unspecified other impact, as demonstrated by SoundStretch. (bsc#1108632)
CVE-2018-17097: The WavFileBase class allowed remote attackers to cause a denial of service (double free) or possibly have unspecified other impact, as demonstrated by SoundStretch. (double free) (bsc#1108631)
CVE-2018-17096: The BPMDetect class allowed remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch. (bsc#1108630)

Advisory ID	SUSE-RU-2018:2569-1
Released	Fri Nov 2 19:00:18 2018
Summary	Recommended update for pam
Type	recommended
Severity	moderate
References	1110700

Description:

This update for pam fixes the following issues:

Remove limits for nproc from /etc/security/limits.conf (bsc#1110700)

Advisory ID	SUSE-RU-2018:2607-1
Released	Wed Nov 7 15:42:48 2018
Summary	Optional update for gcc8
Type	recommended
Severity	low
References	1084812,1084842,1087550,1094222,1102564

Description:

The GNU Compiler GCC 8 is being added to the Development Tools Module by this update.
The update also supplies gcc8 compatible libstdc++, libgcc_s1 and other gcc derived libraries for the Basesystem module of SUSE Linux Enterprise 15.
Various optimizers have been improved in GCC 8, several of bugs fixed, quite some new warnings added and the error pin-pointing and fix-suggestions have been greatly improved.
The GNU Compiler page for GCC 8 contains a summary of all the changes that have happened:
https://gcc.gnu.org/gcc-8/changes.html
Also changes needed or common pitfalls when porting software are described on:
https://gcc.gnu.org/gcc-8/porting_to.html

Advisory ID	SUSE-SU-2018:2616-1
Released	Thu Nov 8 17:53:23 2018
Summary	Security update for libepubgen, liblangtag, libmwaw, libnumbertext, libreoffice, libstaroffice, libwps, myspell-dictionaries, xmlsec1
Type	security
Severity	moderate
References	1050305,1088263,1091606,1094779,1095601,1095639,1096360,1098891,1104876,CVE-2018-10583

Description:

This update for LibreOffice, libepubgen, liblangtag, libmwaw, libnumbertext, libstaroffice, libwps, myspell-dictionaries, xmlsec1 fixes the following issues:
LibreOffice was updated to 6.1.3.2 (fate#326624) and contains new features and lots of bugfixes:
The full changelog can be found on:
https://wiki.documentfoundation.org/ReleaseNotes/6.1
Bugfixes:

bsc#1095639 Exporting to PPTX results in vertical labels being shown horizontally
bsc#1098891 Table in PPTX misplaced and partly blue
bsc#1088263 Labels in chart change (from white and other colors) to black when saving as PPTX
bsc#1095601 Exporting to PPTX shifts arrow shapes quite a bit

Add more translations: * Belarusian * Bodo * Dogri * Frisian * Gaelic * Paraguayan_Guaran * Upper_Sorbian * Konkani * Kashmiri * Luxembourgish * Monglolian * Manipuri * Burnese * Occitan * Kinyarwanda * Santali * Sanskrit * Sindhi * Sidamo * Tatar * Uzbek * Upper Sorbian * Venetian * Amharic * Asturian * Tibetian * Bosnian * English GB * English ZA * Indonesian * Icelandic * Georgian * Khmer * Lao * Macedonian * Nepali * Oromo * Albanian * Tajik * Uyghur * Vietnamese * Kurdish

Try to build all languages see bsc#1096360
Make sure to install the KDE5/Qt5 UI/filepicker
Try to implement safeguarding to avoid bsc#1050305
Disable base-drivers-mysql as it needs mysqlcppcon that is only for mysql and not mariadb, causes issues bsc#1094779 * Users can still connect using jdbc/odbc
Fix java detection on machines with too many cpus

CVE-2018-10583: An information disclosure vulnerability occured when LibreOffice automatically processed and initiated an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document. (bsc#1091606)

libepubgen was updated to 0.1.1:

Avoid
inside
or .
Avoid writin vertical-align attribute without a value.
Fix generation of invalid XHTML when there is a link starting at the beginning of a footnote.
Handle relative width for images.
Fixed layout: write chapter names to improve navigation.
Support writing mode.
Start a new HTML file at every page span in addition to the splits induced by the chosen split method. This is to ensure that specified writing mode works correctly, as it is HTML attribute.

liblangtag was updated to 0.6.2:

use standard function
fix leak in test

libmwaw was updated to 0.3.14:

Support MS Multiplan 1.1 files

libnumbertext was update to 1.0.5:

Various fixes in numerical calculations and issues reported on libreoffice tracker

libstaroffice was updated to 0.0.6:

retrieve some StarMath's formula,
retrieve some charts as graphic,
retrieve some fields in sda/sdc/sdp text-boxes,
.sdw: retrieve more attachments.

libwps was updated to 0.4.9:

QuattroPro: add parser to .wb3 files
Multiplan: add parser to DOS v1-v3 files
charts: try to retrieve charts in .wk*, .wq* files
QuattroPro: add parser to .wb[12] files

myspell-dictionaries was updated to 20181025:

Turkish dictionary added
Updated French dictionary

xmlsec1 was updated to 1.2.26:

Added xmlsec-mscng module based on Microsoft Cryptography API: Next Generation
Added support for GOST 2012 and fixed CryptoPro CSP provider for GOST R 34.10-2001 in xmlsec-mscrypto

Advisory ID	SUSE-RU-2018:2625-1
Released	Mon Nov 12 08:58:25 2018
Summary	Recommended update for java-11-openjdk
Type	recommended
Severity	moderate
References	1113734

Description:

This update for java-11-openjdk fixes the following issues:
Merge into the JDK following modules from github.com/javaee:

com.sum.xml.fastinfoset
org.jvnet.staxex
com.sun.istack.runtime
com.sun.xml.txw2
com.sun.xml.bind

This provides a default implementation of JAXB-API that existed in JDK before Java 11 and that some applications depend on.

Advisory ID	SUSE-RU-2018:2626-1
Released	Mon Nov 12 09:51:00 2018
Summary	Recommended update for bash-completion
Type	recommended
Severity	moderate
References	1104531

Description:

This update for bash-completion fixes the following issues:

Fix an issue where bash-completion was not working with mksh (bsc#1104531)

Advisory ID	SUSE-RU-2018:2641-1
Released	Mon Nov 12 20:39:30 2018
Summary	Recommended update for nfsidmap
Type	recommended
Severity	moderate
References	1098217

Description:

This update for nfsidmap fixes the following issues:

Improve support for SAMBA with Active Directory. (bsc#1098217)

Advisory ID	SUSE-RU-2018:2649-1
Released	Tue Nov 13 14:49:19 2018
Summary	Recommended update for guile
Type	recommended
Severity	moderate
References	1110085

Description:

The patch fixes a coredump when using guile with japanese locales

based on Shift-JIS (LC_CTYPE=ja_JP.sjis) (bsc#1110085)

Advisory ID	SUSE-RU-2018:2716-1
Released	Tue Nov 20 16:15:16 2018
Summary	Recommended update for llvm5
Type	recommended
Severity	moderate
References	1111190

Description:

This update for llvm5 fixes the following issues:

Build TableGen component as its own shared library because it is not included in the libLLVM library and is needed for ldc. (bsc#1111190)

Advisory ID	SUSE-RU-2018:2742-1
Released	Thu Nov 22 13:28:36 2018
Summary	Recommended update for rpcbind
Type	recommended
Severity	moderate
References	969953

Description:

This update for rpcbind fixes the following issues:

Fix tool stack buffer overflow aborting (bsc#969953)

Advisory ID	SUSE-SU-2018:2761-1
Released	Thu Nov 22 16:26:11 2018
Summary	Security update for libwpd
Type	security
Severity	important
References	1115713,CVE-2018-19208

Description:

This update for libwpd fixes the following issues:
Security issue fixed:

CVE-2018-19208: Fixed illegal address access inside libwpd at function WP6ContentListener:defineTable (bsc#1115713).

Advisory ID	SUSE-SU-2018:2763-1
Released	Thu Nov 22 16:26:44 2018
Summary	Security update for java-1_8_0-ibm
Type	security
Severity	important
References	1116574,CVE-2018-13785,CVE-2018-3136,CVE-2018-3139,CVE-2018-3149,CVE-2018-3169,CVE-2018-3180,CVE-2018-3183,CVE-2018-3214

Description:

java-1_8_0-ibm was updated to Java 8.0 Service Refresh 5 Fix Pack 25 (bsc#1116574)

Class Libraries:

- IJ10934 CVE-2018-13785 - IJ10935 CVE-2018-3136 - IJ10895 CVE-2018-3139 - IJ10932 CVE-2018-3149 - IJ10894 CVE-2018-3180 - IJ10930 CVE-2018-3183 - IJ10933 CVE-2018-3214 - IJ09315 FLOATING POINT EXCEPTION FROM JAVA.TEXT.DECIMALFORMAT. FORMAT - IJ09088 INTRODUCING A NEW PROPERTY FOR TURKEY TIMEZONE FOR PRODUCTS NOT IDENTIFYING TRT - IJ10800 REMOVE EXPIRING ROOT CERTIFICATES IN IBM JDK’S CACERTS. - IJ10566 SUPPORT EBCDIC CODE PAGE IBM-274 – BELGIUM EBCDIC

Java Virtual Machine

- IJ08730 APPLICATION SIGNAL HANDLER NOT INVOKED FOR SIGABRT - IJ10453 ASSERTION FAILURE AT CLASSPATHITEM.CPP - IJ09574 CLASSLOADER DEFINED THROUGH SYSTEM PROPERTY ‘JAVA.SYSTEM.CLASS.LOADE R’ IS NOT HONORED. - IJ10931 CVE-2018-3169 - IJ10618 GPU SORT: UNSPECIFIED LAUNCH FAILURE - IJ10619 INCORRECT ILLEGALARGUMENTEXCEPTION BECAUSE OBJECT IS NOT AN INSTANCE OF DECLARING CLASS ON REFLECTIVE INVOCATION - IJ10135 JVM HUNG IN GARBAGECOLLECTORMXBEAN.G ETLASTGCINFO() API - IJ10680 RECURRENT ABORTED SCAVENGE

- IX90187 CLIENTREQUESTIMPL.REINVO KE FAILS WITH JAVA.LANG.INDEXOUTOFBOUN DSEXCEPTION

Reliability and Serviceability

- IJ09600 DTFJ AND JDMPVIEW FAIL TO PARSE WIDE REGISTER VALUES

Security

- IJ10492 'EC KEYSIZE < 384' IS NOT HONORED USING THE 'JDK.TLS.DISABLEDALGORIT HMS' SECURITY PROPERTY - IJ10310 ADD NULL CHECKING ON THE ENCRYPTION TYPES LIST TO CREDENTIALS.GETDEFAULTNA TIVECREDS() METHOD - IJ10491 AES/GCM CIPHER – AAD NOT RESET TO UN-INIT STATE AFTER DOFINAL( ) AND INIT( ) - IJ08442 HTTP PUBLIC KEY PINNING FINGERPRINT,PROBLEM WITH CONVERTING TO JKS KEYSTORE - IJ09107 IBMPKCS11IMPL CRYPTO PROVIDER – INTERMITTENT ERROR WITH SECP521R1 SIGNATURE ON Z/OS - IJ10136 IBMPKCS11IMPL – INTERMITTENT ERROR WITH SECP521R1 SIG ON Z/OS AND Z/LINUX - IJ08530 IBMPKCS11IMPL PROVIDER USES THE WRONG RSA CIPHER MECHANISM FOR THE RSA/ECB/PKCS1PADDING CIPHER - IJ08723 JAAS THROWS A ‘ARRAY INDEX OUT OF RANGE’ EXCEPTION - IJ08704 THE SECURITY PROPERTY ‘JDK.CERTPATH.DISABLEDAL GORITHMS’ IS MISTAKENLY BEING USED TO FILTER JAR SIGNING ALGORITHMS

z/OS Extentions

- PH03889 ADD SUPPORT FOR TRY-WITH-RESOURCES TO COM.IBM.JZOS.ENQUEUE - PH03414 ROLLOVER FROM SYE TO SAE FOR ICSF REASON CODE 3059 - PH04008 ZERTJSSE – Z SYSTEMS ENCRYPTION READINESS TOOL (ZERT) NEW SUPPORT IN THE Z/OS JAVA SDK
This includes the update to Java 8.0 Service Refresh 5 Fix Pack 22:

Java Virtual Machine

- IJ09139 CUDA4J NOT AVAILABLE ON ALL PLATFORMS

JIT Compiler

- IJ09089 CRASH DURING COMPILATION IN USEREGISTER ON X86-32 - IJ08655 FLOATING POINT ERROR (SIGFPE) IN ZJ9SYM1 OR ANY VM/JIT MODULE ON AN INSTRUCTION FOLLOWING A VECTOR INSTRUCTION - IJ08850 CRASH IN ARRAYLIST$ITR.NEXT() - IJ09601 JVM CRASHES ON A SIGBUS SIGNAL WHEN ACCESSING A DIRECTBYTEBUFFER

z/OS Extentions

- PH02999 JZOS data management classes accept dataset names in code pages supported by z/OS system services - PH01244 OUTPUT BUFFER TOO SHORT FOR GCM MODE ENCRYPTION USING IBMJCEHYBRID
Also the update to Java 8.0 Service Refresh 5 Fix Pack 21

Class Libraries

- IJ08569 JAVA.IO.IOEXCEPTION OCCURS WHEN A FILECHANNEL IS BIGGER THAN 2GB ON AIX PLATFORM - IJ08570 JAVA.LANG.UNSATISFIEDLIN KERROR WITH JAVA OPTION -DSUN.JAVA2D.CMM=SUN.JAV A2D.CMM.KCMS.KCMSSERVICE PROVIDER ON AIX PLATFORM

Java Virtual Machine

- IJ08001 30% THROUGHPUT DROP FOR CERTAIN SYNCHRONIZATION WORKLOADS - IJ07997 TRACEASSERT IN GARBAGE COLLECTOR(MEMORYSUBSPACE)

JIT Compiler

- IJ08503 ASSERTION IS HIT DUE TO UNEXPECTED STACK HEIGHT IN DEBUGGING MODE - IJ08375 CRASH DURING HARDWARE GENERATED GUARDED STORAGE EVENT WITHIN A TRANSACTIONAL EXECUTION REGION WHEN RUNNING WITH -XGC:CONCURRENTS - IJ08205 CRASH WHILE COMPILING - IJ09575 INCORRECT RESULT WHEN USING JAVA.LANG.MATH.MIN OR MAX ON 31-BIT JVM - IJ07886 INCORRECT CALUCATIONS WHEN USING NUMBERFORMAT.FORMAT() AND BIGDECIMAL.{FLOAT/DOUBLE }VALUE()

Advisory ID	SUSE-RU-2018:2792-1
Released	Tue Nov 27 10:52:31 2018
Summary	Recommended update for autofs
Type	recommended
Severity	moderate
References	1093436

Description:

This update for autofs fixes the following issues:

Fix file descriptor leak (bsc#1093436)

Advisory ID	SUSE-SU-2018:2793-1
Released	Tue Nov 27 13:38:46 2018
Summary	Security update for tiff
Type	security
Severity	moderate
References	1099257,1113094,1113672,CVE-2018-12900,CVE-2018-18557,CVE-2018-18661

Description:

This update for tiff fixes the following issues:
Security issues fixed:

CVE-2018-12900: Fixed heap-based buffer overflow in the cpSeparateBufToContigBuf (bsc#1099257).
CVE-2018-18661: Fixed NULL pointer dereference in the function LZWDecode in the file tif_lzw.c (bsc#1113672).
CVE-2018-18557: Fixed JBIG decode can lead to out-of-bounds write (bsc#1113094).

Non-security issues fixed:

asan_build: build ASAN included
debug_build: build more suitable for debugging

Advisory ID	SUSE-SU-2018:2797-1
Released	Tue Nov 27 15:54:44 2018
Summary	Security update for rubygem-loofah
Type	security
Severity	moderate
References	1113969,CVE-2018-16468

Description:

This update for rubygem-loofah fixes the following issues:
Security issue fixed:

CVE-2018-16468: Fixed XXS by removing the svg animate attribute `from` from the allowlist (bsc#1113969).

Advisory ID	SUSE-RU-2018:2798-1
Released	Wed Nov 28 07:48:35 2018
Summary	Recommended update for make
Type	recommended
Severity	moderate
References	1100504

Description:

This update for make fixes the following issues:

Use a non-blocking read with pselect to avoid hangs (bsc#1100504)

Advisory ID	SUSE-RU-2018:2818-1
Released	Fri Nov 30 14:32:24 2018
Summary	Recommended update for skopeo
Type	recommended
Severity	moderate
References	1115165

Description:

This update for skopeo to version 0.1.32 adds the following feature:

implement `skopeo sync` command (bsc#1115165)

Advisory ID	SUSE-SU-2018:2825-1
Released	Mon Dec 3 15:35:02 2018
Summary	Security update for pam
Type	security
Severity	important
References	1115640,CVE-2018-17953

Description:

This update for pam fixes the following issue:
Security issue fixed:

CVE-2018-17953: Fixed IP address and subnet handling of pam_access.so that was not honoured correctly when a single host was specified (bsc#1115640).

Advisory ID	SUSE-SU-2018:2857-1
Released	Thu Dec 6 09:40:03 2018
Summary	Security update for rubygem-activejob-5_1
Type	security
Severity	low
References	1117632,CVE-2018-16476

Description:

This update for rubygem-activejob-5_1 fixes the following issues:
Security issue fixed:

CVE-2018-16476: Fixed broken access control vulnerability (bsc#1117632).

Advisory ID	SUSE-SU-2018:2861-1
Released	Thu Dec 6 14:32:01 2018
Summary	Security update for ncurses
Type	security
Severity	important
References	1103320,1115929,CVE-2018-19211

Description:

This update for ncurses fixes the following issues:
Security issue fixed:

CVE-2018-19211: Fixed denial of service issue that was triggered by a NULL pointer dereference at function _nc_parse_entry (bsc#1115929).

Non-security issue fixed:

Remove scree.xterm from terminfo data base as with this screen uses fallback TERM=screen (bsc#1103320).

Advisory ID	SUSE-SU-2018:2862-1
Released	Thu Dec 6 14:33:19 2018
Summary	Security update for openssl-1_0_0
Type	security
Severity	moderate
References	1100078,1112209,1113534,1113652,1113742,CVE-2018-0734,CVE-2018-5407

Description:

This update for openssl-1_0_0 fixes the following issues:
Security issues fixed:

CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652).
CVE-2018-5407: Added elliptic curve scalar multiplication timing attack defenses that fixes 'PortSmash' (bsc#1113534).

Non-security issues fixed:

Added missing timing side channel patch for DSA signature generation (bsc#1113742).
Set TLS version to 0 in msg_callback for record messages to avoid confusing applications (bsc#1100078).
Fixed infinite loop in DSA generation with incorrect parameters (bsc#1112209)

Advisory ID	SUSE-SU-2018:2864-1
Released	Fri Dec 7 10:21:20 2018
Summary	Security update for tiff
Type	security
Severity	moderate
References	1017693,1054594,1115717,990460,CVE-2016-10092,CVE-2016-10093,CVE-2016-10094,CVE-2016-6223,CVE-2017-12944,CVE-2018-19210

Description:

This update for tiff fixes the following issues:
Security issues fixed:

CVE-2018-19210: Fixed NULL pointer dereference in the TIFFWriteDirectorySec function (bsc#1115717).
CVE-2017-12944: Fixed denial of service issue in the TIFFReadDirEntryArray function (bsc#1054594).
CVE-2016-10094: Fixed heap-based buffer overflow in the _tiffWriteProc function (bsc#1017693).
CVE-2016-10093: Fixed heap-based buffer overflow in the _TIFFmemcpy function (bsc#1017693).
CVE-2016-10092: Fixed heap-based buffer overflow in the TIFFReverseBits function (bsc#1017693).
CVE-2016-6223: Fixed out-of-bounds read on memory-mapped files in TIFFReadRawStrip1() and TIFFReadRawTile1() (bsc#990460).

Advisory ID	SUSE-RU-2018:2866-1
Released	Fri Dec 7 12:04:49 2018
Summary	Recommended update for helm-mirror
Type	recommended
Severity	low
References	1116182

Description:

This update provides helm-mirror to the Containers module.
This utility mirrors Helm repositories to a local directory and it can extract used container images.

Advisory ID	SUSE-SU-2018:2882-1
Released	Mon Dec 10 08:07:44 2018
Summary	Security update for cups
Type	security
Severity	important
References	1115750,CVE-2018-4700

Description:

This update for cups fixes the following issues:
Security issue fixed:

CVE-2018-4700: Fixed extremely predictable cookie generation that is effectively breaking the CSRF protection of the CUPS web interface (bsc#1115750).

Advisory ID	SUSE-RU-2018:2908-1
Released	Tue Dec 11 21:48:30 2018
Summary	Recommended update for susefirewall2-to-firewalld
Type	recommended
Severity	moderate
References	1115001

Description:

This update for susefirewall2-to-firewalld fixes the following issues:

Add input and forward zone to the known ones (bsc#1115001)
Stop guessing firewall service from port/proto

Advisory ID	SUSE-SU-2018:2914-1
Released	Wed Dec 12 13:37:46 2018
Summary	Security update for ghostscript
Type	security
Severity	important
References	1109105,1111479,1111480,1112229,1117022,1117274,1117313,1117327,1117331,CVE-2018-17183,CVE-2018-17961,CVE-2018-18073,CVE-2018-18284,CVE-2018-19409,CVE-2018-19475,CVE-2018-19476,CVE-2018-19477

Description:

This update for ghostscript to version 9.26 fixes the following issues:
Security issues fixed:

CVE-2018-19475: Fixed bypass of an intended access restriction in psi/zdevice2.c (bsc#1117327)
CVE-2018-19476: Fixed bypass of an intended access restriction in psi/zicc.c (bsc#1117313)
CVE-2018-19477: Fixed bypass of an intended access restriction in psi/zfjbig2.c (bsc#1117274)
CVE-2018-19409: Check if another device is used correctly in LockSafetyParams (bsc#1117022)
CVE-2018-18284: Fixed potential sandbox escape through 1Policy operator (bsc#1112229)
CVE-2018-18073: Fixed leaks through operator in saved execution stacks (bsc#1111480)
CVE-2018-17961: Fixed a -dSAFER sandbox escape by bypassing executeonly (bsc#1111479)
CVE-2018-17183: Fixed a potential code injection by specially crafted PostScript files (bsc#1109105)

Version update to 9.26 (bsc#1117331):

Security issues have been the primary focus
Minor bug fixes and improvements
For release summary see: http://www.ghostscript.com/doc/9.26/News.htm

Advisory ID	SUSE-RU-2018:2926-1
Released	Thu Dec 13 11:24:58 2018
Summary	Recommended update for java-1_8_0-ibm
Type	recommended
Severity	important
References	1119213

Description:

This update for java-1_8_0-ibm fixes the following issues:

Update to Java 8.0 Service Refresh 5 Fix Pack 26 [bsc#1119213] * Fixes several crashes that could have caused problems with SUSE Manager installations

Advisory ID	SUSE-RU-2018:2939-1
Released	Fri Dec 14 13:59:54 2018
Summary	Recommended update for libcdio
Type	recommended
Severity	moderate
References	1108134

Description:

This update for libcdio fixes the following issues:

Remove API/ABI breaking changes from libcdio patch (bsc#1108134).

Advisory ID	SUSE-RU-2018:2961-1
Released	Mon Dec 17 19:51:40 2018
Summary	Recommended update for psmisc
Type	recommended
Severity	moderate
References	1098697,1112780

Description:

This update for psmisc provides the following fix:

Make the fuser option -m work even with mountinfo. (bsc#1098697)
Support also btrFS entries in mountinfo, that is use stat(2) to determine the device of the mounted subvolume (bsc#1098697, bsc#1112780)

Advisory ID	SUSE-RU-2018:2970-1
Released	Mon Dec 17 19:53:42 2018
Summary	Recommended update for libmtp
Type	recommended
Severity	moderate
References	1110868

Description:

This update for libmtp fixes the following issues:

Adjusted udev rules for new kernel versions (bsc#1110868)
Added lots of new USB ids
Some more small bug fixes

Advisory ID	SUSE-SU-2018:3024-1
Released	Fri Dec 21 11:23:50 2018
Summary	Security update for enigmail
Type	security
Severity	moderate
References	1118935

Description:

This update for enigmail to version 2.0.9 fixes the following issues:
Security issue fixed:

When using Web Key Discovery, a HTTP authentication may be triggered. This may trick users into possibly sending e-mail credentials (bsc#1118935).

Non-security issues fixed:

pEp - PGP/MIME signed-only messages are ignored
Autocrypt overrules manually created Per-Recipient Rules
'Re:' prefix on subject line disappears when editing encrypted, saved draft

Advisory ID	SUSE-SU-2018:3044-1
Released	Fri Dec 21 18:47:21 2018
Summary	Security update for MozillaFirefox, mozilla-nspr and mozilla-nss
Type	security
Severity	important
References	1097410,1106873,1119069,1119105,CVE-2018-0495,CVE-2018-12384,CVE-2018-12404,CVE-2018-12405,CVE-2018-17466,CVE-2018-18492,CVE-2018-18493,CVE-2018-18494,CVE-2018-18498

Description:

This update for MozillaFirefox, mozilla-nss and mozilla-nspr fixes the following issues:
Issues fixed in MozillaFirefox:

Update to Firefox ESR 60.4 (bsc#1119105)
CVE-2018-17466: Fixed a buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11
CVE-2018-18492: Fixed a use-after-free with select element
CVE-2018-18493: Fixed a buffer overflow in accelerated 2D canvas with Skia
CVE-2018-18494: Fixed a Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs
CVE-2018-18498: Fixed a integer overflow when calculating buffer sizes for images
CVE-2018-12405: Fixed a few memory safety bugs

Issues fixed in mozilla-nss:

Update to NSS 3.40.1 (bsc#1119105)
CVE-2018-12404: Fixed a cache side-channel variant of the Bleichenbacher attack (bsc#1119069)
CVE-2018-12384: Fixed an issue in the SSL handshake. NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. (bsc#1106873)
CVE-2018-0495: Fixed a memory-cache side-channel attack with ECDSA signatures (bsc#1097410)
Fixed a decryption failure during FFDHE key exchange
Various security fixes in the ASN.1 code

Issues fixed in mozilla-nspr:

Update mozilla-nspr to 4.20 (bsc#1119105)

Advisory ID	SUSE-SU-2018:3064-1
Released	Fri Dec 28 18:39:08 2018
Summary	Security update for containerd, docker and go
Type	security
Severity	important
References	1047218,1074971,1080978,1081495,1084533,1086185,1094680,1095817,1098017,1102522,1104821,1105000,1108038,1113313,1113978,1114209,1118897,1118898,1118899,1119634,1119706,CVE-2018-16873,CVE-2018-16874,CVE-2018-16875,CVE-2018-7187

Description:

This update for containerd, docker and go fixes the following issues:
containerd and docker:

Add backport for building containerd (bsc#1102522, bsc#1113313)
Upgrade to containerd v1.1.2, which is required for Docker v18.06.1-ce. (bsc#1102522)
Enable seccomp support on SLE12 (fate#325877)
Update to containerd v1.1.1, which is the required version for the Docker v18.06.0-ce upgrade. (bsc#1102522)
Put containerd under the podruntime slice (bsc#1086185)
3rd party registries used the default Docker certificate (bsc#1084533)
Handle build breakage due to missing 'export GOPATH' (caused by resolution of boo#1119634). I believe Docker is one of the only packages with this problem.

go:

golang: arbitrary command execution via VCS path (bsc#1081495, CVE-2018-7187)
Make profile.d/go.sh no longer set GOROOT=, in order to make switching between versions no longer break. This ends up removing the need for go.sh entirely (because GOPATH is also set automatically) (boo#1119634)
Fix a regression that broke go get for import path patterns containing '...' (bsc#1119706)

Additionally, the package go1.10 has been added.

Advisory ID	SUSE-SU-2018:3066-1
Released	Fri Dec 28 18:39:32 2018
Summary	Security update for wireshark
Type	security
Severity	moderate
References	1117740,CVE-2018-19622,CVE-2018-19623,CVE-2018-19624,CVE-2018-19625,CVE-2018-19626,CVE-2018-19627

Description:

This update for wireshark fixes the following issues:
Update to Wireshark 2.4.11 (bsc#1117740).
Security issues fixed:

CVE-2018-19625: The Wireshark dissection engine could crash (wnpa-sec-2018-51)
CVE-2018-19626: The DCOM dissector could crash (wnpa-sec-2018-52)
CVE-2018-19623: The LBMPDM dissector could crash (wnpa-sec-2018-53)
CVE-2018-19622: The MMSE dissector could go into an infinite loop (wnpa-sec-2018-54)
CVE-2018-19627: The IxVeriWave file parser could crash (wnpa-sec-2018-55)
CVE-2018-19624: The PVFS dissector could crash (wnpa-sec-2018-56)

Further bug fixes and updated protocol support as listed in:

https://www.wireshark.org/docs/relnotes/wireshark-2.4.11.html

Advisory ID	SUSE-SU-2019:5-1
Released	Wed Jan 2 13:54:39 2019
Summary	Security update for libraw
Type	security
Severity	moderate
References	1097975,1103200,1103206,CVE-2018-5804,CVE-2018-5813,CVE-2018-5815,CVE-2018-5816

Description:

This update for libraw fixes the following issues:
Security issues fixed:
The following security vulnerabilities were addressed:

CVE-2018-5813: Fixed an error within the 'parse_minolta()' function (dcraw/dcraw.c) that could be exploited to trigger an infinite loop via a specially crafted file. This could be exploited to cause a DoS.(boo#1103200).
CVE-2018-5815: Fixed an integer overflow in the internal/dcraw_common.cpp:parse_qt() function, that could be exploited to cause an infinite loop via a specially crafted Apple QuickTime file. (boo#1103206)
CVE-2018-5804,CVE-2018-5816: Fixed a type confusion error in the identify function (bsc#1097975)

Advisory ID	SUSE-RU-2019:6-1
Released	Wed Jan 2 20:25:25 2019
Summary	Recommended update for gcc7
Type	recommended
Severity	moderate
References	1099119,1099192

Description:

GCC 7 was updated to the GCC 7.4 release.

Fix AVR configuration to not use __cxa_atexit or libstdc++ headers. Point to /usr/avr/sys-root/include as system header include directory.
Includes fix for build with ISL 0.20.
Pulls fix for libcpp lexing bug on ppc64le manifesting during build with gcc8. [bsc#1099119]
Pulls fix for forcing compile-time tuning even when building with -march=z13 on s390x. [bsc#1099192]
Fixes support for 32bit ASAN with glibc 2.27+

Advisory ID	SUSE-RU-2019:9-1
Released	Wed Jan 2 20:26:17 2019
Summary	Recommended update for mirror
Type	recommended
Severity	moderate
References	1117110

Description:

This update for mirror provides the following fix:

Check if a directory must be removed. In case all the previous content of a directory is removed, but new content for the directory was downloaded, do not remove it. (bsc#1117110)

Advisory ID	SUSE-RU-2019:32-1
Released	Tue Jan 8 13:03:20 2019
Summary	Recommended update for librdkafka
Type	recommended
Severity	moderate
References	1119963

Description:

This update ships librdkafka 0.11.6 to SUSE Linux Enterprise Server 15.
librdkafka is a C library implementation of the Apache Kafka protocol, containing both Producer and Consumer support.

Advisory ID	SUSE-RU-2019:44-1
Released	Tue Jan 8 13:07:32 2019
Summary	Recommended update for acl
Type	recommended
Severity	low
References	953659

Description:

This update for acl fixes the following issues:

test: Add helper library to fake passwd/group files.
quote: Escape literal backslashes. (bsc#953659)

Advisory ID	SUSE-SU-2019:48-1
Released	Wed Jan 9 17:24:55 2019
Summary	Security update for helm-mirror
Type	security
Severity	moderate
References	1116182,1118897,1118898,1118899,1120762,CVE-2018-16873,CVE-2018-16874,CVE-2018-16875

Description:

This update for helm-mirror to version 0.2.1 fixes the following issues:

Security issues fixed:

CVE-2018-16873: Fixed a remote command execution (bsc#1118897)
CVE-2018-16874: Fixed a directory traversal in 'go get' via curly braces in import path (bsc#1118898)
CVE-2018-16875: Fixed a CPU denial of service (bsc#1118899)

Non-security issue fixed:

Update to v0.2.1 (bsc#1120762)
Include helm-mirror into the containers module (bsc#1116182)

Advisory ID	SUSE-SU-2019:58-1
Released	Thu Jan 10 16:03:31 2019
Summary	Security update for java-1_8_0-openjdk
Type	security
Severity	important
References	1112142,1112143,1112144,1112146,1112147,1112148,1112152,1112153,CVE-2018-13785,CVE-2018-16435,CVE-2018-3136,CVE-2018-3139,CVE-2018-3149,CVE-2018-3169,CVE-2018-3180,CVE-2018-3183,CVE-2018-3214

Description:

This update for java-1_8_0-openjdk to version 8u191 fixes the following issues:
Security issues fixed:

CVE-2018-3136: Manifest better support (bsc#1112142)
CVE-2018-3139: Better HTTP Redirection (bsc#1112143)
CVE-2018-3149: Enhance JNDI lookups (bsc#1112144)
CVE-2018-3169: Improve field accesses (bsc#1112146)
CVE-2018-3180: Improve TLS connections stability (bsc#1112147)
CVE-2018-3214: Better RIFF reading support (bsc#1112152)
CVE-2018-13785: Upgrade JDK 8u to libpng 1.6.35 (bsc#1112153)
CVE-2018-3183: Improve script engine support (bsc#1112148)
CVE-2018-16435: heap-based buffer overflow in SetData function in cmsIT8LoadFromFile

Advisory ID	SUSE-RU-2019:75-1
Released	Fri Jan 11 13:29:22 2019
Summary	Recommended update for azure-li-services, python-Cerberus
Type	recommended
Severity	moderate
References	1103542,1119702

Description:

This update for azure-li-services, python-Cerberus fixes the following issues:
azure-li-services and its dependency python-Cerberus were added to the Public Cloud Module. (fate#326575 bsc#1103542)
'azure-li-services' is a package providing services to setup a system suitable to run SAP workloads on it.

Advisory ID	SUSE-RU-2019:76-1
Released	Fri Jan 11 13:46:45 2019
Summary	Recommended update for lifecycle-data-sle-module-live-patching
Type	recommended
Severity	moderate
References	1020320

Description:

This update for lifecycle-data-sle-module-live-patching adds lifecycle data for following live patches:

4_12_14-23, 4_12_14-25_13, 4_12_14-25_16, 4_12_14-25_19, 4_12_14-25_22, 4_12_14-25_25, 4_12_14-25_3, 4_12_14-25_6. (bsc#1020320)

Advisory ID	SUSE-RU-2019:82-1
Released	Fri Jan 11 17:16:48 2019
Summary	Recommended update for suse-build-key
Type	recommended
Severity	moderate
References	1044232

Description:

This update for suse-build-key fixes the following issues:

Include the SUSE PTF GPG key in the key directory to avoid it being stripped via %doc stripping in CAASP. (bsc#1044232)

Advisory ID	SUSE-RU-2019:89-1
Released	Tue Jan 15 13:15:33 2019
Summary	Recommended update for python3-susepubliccloudinfo
Type	recommended
Severity	moderate
References	1121150,1121151

Description:

This update for python3-susepubliccloudinfo fixes the following issues:
Update to version 1.1.0 (bsc#1121151, bsc#1121150)
+ Support new inactive state + Remove awscvsgen and associated subpackage

Advisory ID	SUSE-RU-2019:90-1
Released	Tue Jan 15 13:15:42 2019
Summary	Recommended update for regionServiceClientConfigEC2
Type	recommended
Severity	moderate
References	1121114

Description:

This update for regionServiceClientConfigEC2 2.1.0 fixes the following issues:
Add the SUSE server IP 34.197.223.242 to the configuration. (bsc#1121114)

Advisory ID	SUSE-SU-2019:93-1
Released	Tue Jan 15 14:48:33 2019
Summary	Security update for wget
Type	security
Severity	important
References	1120382,CVE-2018-20483

Description:

This update for wget fixes the following issues:
Security issue fixed:

CVE-2018-20483: Fixed an information disclosure through file metadata (bsc#1120382)

Advisory ID	SUSE-RU-2019:97-1
Released	Tue Jan 15 18:01:38 2019
Summary	Recommended update for rpmlint
Type	recommended
Severity	moderate
References	1015141,1076467,1089114,1089340,1095769,1097339,1102836,1104110,1108037,1109938,1111254,1116686,1116758,1119975

Description:

This update for rpmlint fixes the following issues:

Update rpmlint-checks to version master (bsc#1116686)
whitelist boltd dbus service (bsc#1119975)
whitelist pam_slurm_adopt (bsc#1116758)
Add user/group 'slurm' for package slurm (FATE#316379)
whitelist keepalived dbus service (bsc#1015141)
remove openswan whitelisting (bsc#1089340)
whitelist systemd-timesyncd (bsc#1111254)
whitelist NetworkManager-fortisslvpn (bsc#1109938)
whitelist iwd D-Bus service (bsc#1108037)
whitelist xpra D-Bus service (bsc#1102836)
adjust maximum valid suse_version to 1550 (bsc#1104110)
whitelist ratbagd D-Bus service (bsc#1076467)
whitelist pam_oath PAM module after audit (bsc#1089114)
Update rpmlint-checks to version master (bsc#1097339)
whitelisting NetworkManager-libreswan plugin (bsc#1089340)
add Lua/NodeJS related groups to list of valid groups (bsc#1095769)

Advisory ID	SUSE-RU-2019:102-1
Released	Tue Jan 15 18:02:58 2019
Summary	Recommended update for timezone
Type	recommended
Severity	moderate
References	1120402

Description:

This update for timezone fixes the following issues:

Update 2018i: São Tomé and Príncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402)
Update 2018h: Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21 New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move Metlakatla, Alaska observes PST this winter only Guess Morocco will continue to adjust clocks around Ramadan Add predictions for Iran from 2038 through 2090

Advisory ID	SUSE-SU-2019:110-1
Released	Thu Jan 17 14:17:05 2019
Summary	Security update for zeromq
Type	security
Severity	important
References	1121717,CVE-2019-6250

Description:

This update for zeromq fixes the following issues:
Security issue fixed:

CVE-2019-6250: fix a remote execution vulnerability due to pointer arithmetic overflow (bsc#1121717)

Advisory ID	SUSE-SU-2019:112-1
Released	Thu Jan 17 14:19:30 2019
Summary	Security update for soundtouch
Type	security
Severity	moderate
References	1108631,1108632,CVE-2018-17097,CVE-2018-17098

Description:

This update for soundtouch fixes the following issues:
Security issues fixed:

CVE-2018-17098: Fixed a heap corruption from size inconsistency, which allowed remote attackers to cause a denial of service or possibly have other unspecified impact (bsc#1108632)
CVE-2018-17097: Fixed a double free, which allowed remote attackers to cause a denial of service or possibly have other unspecified impact (bsc#1108631)

Advisory ID	SUSE-SU-2019:130-1
Released	Fri Jan 18 16:30:56 2019
Summary	Security update for wireshark
Type	security
Severity	moderate
References	1121232,1121233,1121234,1121235,CVE-2019-5717,CVE-2019-5718,CVE-2019-5719,CVE-2019-5721

Description:

This update for wireshark to version 2.4.12 fixes the following issues:
Security issues fixed:

CVE-2019-5717: Fixed a denial of service in the P_MUL dissector (bsc#1121232)
CVE-2019-5718: Fixed a denial of service in the RTSE dissector and other dissectors (bsc#1121233)
CVE-2019-5719: Fixed a denial of service in the ISAKMP dissector (bsc#1121234)
CVE-2019-5721: Fixed a denial of service in the ISAKMP dissector (bsc#1121235)

Advisory ID	SUSE-SU-2019:133-1
Released	Mon Jan 21 09:35:52 2019
Summary	Security update for libraw
Type	security
Severity	moderate
References	1120498,1120499,1120500,1120515,1120516,1120517,1120519,CVE-2018-20337,CVE-2018-20363,CVE-2018-20364,CVE-2018-20365,CVE-2018-5817,CVE-2018-5818,CVE-2018-5819

Description:

This update for libraw fixes the following issues:
Security issues fixed:

CVE-2018-20337: Fixed a stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp (bsc#1120519)
CVE-2018-20365: Fixed a heap-based buffer overflow in the raw2image function of libraw_cxx.cpp (bsc#1120500)
CVE-2018-20364: Fixed a NULL pointer dereference in the copy_bayer function of libraw_cxx.cpp (bsc#1120499)
CVE-2018-20363: Fixed a NULL pointer dereference in the raw2image function of libraw_cxx.cpp (bsc#1120498)
CVE-2018-5817: Fixed an infinite loop in the unpacked_load_raw function of dcraw_common.cpp (bsc#1120515)
CVE-2018-5818: Fixed an infinite loop in the parse_rollei function of dcraw_common.cpp (bsc#1120516)
CVE-2018-5819: Fixed a denial of service in the parse_sinar_ia function of dcraw_common.cpp (bsc#1120517)

Advisory ID	SUSE-SU-2019:145-1
Released	Wed Jan 23 15:55:42 2019
Summary	Security update for ghostscript
Type	security
Severity	important
References	1122319,CVE-2019-6116

Description:

This update for ghostscript version 9.26a fixes the following issues:
Security issue fixed:

CVE-2019-6116: subroutines within pseudo-operators must themselves be pseudo-operators (bsc#1122319)

Advisory ID	SUSE-RU-2019:155-1
Released	Thu Jan 24 13:50:25 2019
Summary	Recommended update for csync
Type	recommended
Severity	moderate
References	1113889

Description:

This update for csync fixes the following issues:

Fix a compile error on Leap 15.1 (bsc#1113889)

Advisory ID	SUSE-RU-2019:201-1
Released	Tue Jan 29 20:19:32 2019
Summary	Recommended update for google-compute-engine
Type	recommended
Severity	moderate
References	1119029,1119110,1122172

Description:

This update for google-compute-engine provides the following fixes:

Fixes from version 20181206 (bsc#1119029, bsc#1119110): + Google Compute Engine * Support enabling OS Login two factor authentication. * Improve accounts support for FreeBSD. + Google Compute Engine OS Login * Support OS Login two factor authentication (Alpha). * Improve SELinux support.
Fixes from version 20181023: + Google Compute Engine * Fix: Update sudoer group membership without overriding local groups.
Fixes from version 20181018: + Google Compute Engine * Fix: Remove users from sudoers group on account removal.
Fixes from version 20181011: + Google Compute Engine * Revert: Remove users from sudoers group on account removal.
Fixes from version 20181008: + Google Compute Engine * Remove users from sudoers group on account removal. * Remove gsutil dependency for metadata scripts.
Fixes from version 20180905: + Google Compute Engine * Remove ntp package dependency. * Support Debian 10 Buster. * Restart the network daemon if networking is restarted. * Prevent setup of the default ethernet interface. * Accounts daemon verifies username is 32 characters or less. + Google Compute Engine OS Login * Add user name validation to pam modules. * Return false on failed final load. * Support FreeBSD. * Support Debian 10 Buster.
Fixes from version 20180611: + Google Compute Engine * Prevent IP forwarding daemon log spam. * Make default shell configurable when executing metadata scripts. * Rename distro directory to distro_lib.

Advisory ID	SUSE-RU-2019:207-1
Released	Tue Jan 29 20:20:24 2019
Summary	Recommended update for container-suseconnect
Type	recommended
Severity	moderate
References	1119496

Description:

This update for container-suseconnect fixes the following issues:
container-suseconnect was updated to 2.0.0 (bsc#1119496):

Added command line interface
Added `ADDITIONAL_MODULES` capability to enable further extension modules during image build and run
Added documentation about how to build docker images on non SLE distributions
Improve documentation to clarify how container-suseconnect works in a Dockerfile
Improve error handling on non SLE hosts
Fix bug which makes container-suseconnect work on SLE15 based distributions

Advisory ID	SUSE-SU-2019:221-1
Released	Fri Feb 1 15:20:56 2019
Summary	Security update for java-11-openjdk
Type	security
Severity	important
References	1120431,1122293,1122299,CVE-2018-11212,CVE-2019-2422,CVE-2019-2426

Description:

This update for java-11-openjdk to version 11.0.2+7 fixes the following issues:
Security issues fixed:

CVE-2019-2422: Better FileChannel transfer performance (bsc#1122293)
CVE-2019-2426: Improve web server connections
CVE-2018-11212: Improve JPEG processing (bsc#1122299)
Better route routing
Better interface enumeration
Better interface lists
Improve BigDecimal support
Improve robot support
Better icon support
Choose printer defaults
Proper allocation handling
Initial class initialization
More reliable p11 transactions
Improve NIO stability
Better loading of classloader classes
Strengthen Windows Access Bridge Support
Improved data set handling
Improved LSA authentication
Libsunmscapi improved interactions

Non-security issues fix:

Do not resolve by default the added JavaEE modules (bsc#1120431)
~2.5% regression on compression benchmark starting with 12-b11
java.net.http.HttpClient hangs on 204 reply without Content-length 0
Add additional TeliaSonera root certificate
Add more ld preloading related info to hs_error file on Linux
Add test to exercise server-side client hello processing
AES encrypt performance regression in jdk11b11
AIX: ProcessBuilder: Piping between created processes does not work.
AIX: Some class library files are missing the Classpath exception
AppCDS crashes for some uses with JRuby
Automate vtable/itable stub size calculation
BarrierSetC1::generate_referent_check() confuses register allocator
Better HTTP Redirection
Catastrophic size_t underflow in BitMap::*_large methods
Clip.isRunning() may return true after Clip.stop() was called
Compiler thread creation should be bounded by available space in memory and Code Cache
com.sun.net.httpserver.HttpServer returns Content-length header for 204 response code
Default mask register for avx512 instructions
Delayed starting of debugging via jcmd
Disable all DES cipher suites
Disable anon and NULL cipher suites
Disable unsupported GCs for Zero
Epsilon alignment adjustments can overflow max TLAB size
Epsilon elastic TLAB sizing may cause misalignment
HotSpot update for vm_version.cpp to recognise updated VS2017
HttpClient does not retrieve files with large sizes over HTTP/1.1
IIOException 'tEXt chunk length is not proper' on opening png file
Improve TLS connection stability again
InitialDirContext ctor sometimes throws NPE if the server has sent a disconnection
Inspect stack during error reporting
Instead of circle rendered in appl window, but ellipse is produced JEditor Pane
Introduce diagnostic flag to abort VM on failed JIT compilation
Invalid assert(HeapBaseMinAddress > 0) in ReservedHeapSpace::initialize_compressed_heap
jar has issues with UNC-path arguments for the jar -C parameter [windows]
java.net.http HTTP client should allow specifying Origin and Referer headers
java.nio.file.Files.writeString writes garbled UTF-16 instead of UTF-8
JDK 11.0.1 l10n resource file update
JDWP Transport Listener: dt_socket thread crash
JVMTI ResourceExhausted should not be posted in CompilerThread
LDAPS communication failure with jdk 1.8.0_181
linux: Poor StrictMath performance due to non-optimized compilation
Missing synchronization when reading counters for live threads and peak thread count
NPE in SupportedGroupsExtension
OpenDataException thrown when constructing CompositeData for StackTraceElement
Parent class loader may not have a referred ClassLoaderData instance when obtained in Klass::class_in_module_of_loader
Populate handlers while holding streamHandlerLock
ppc64: Enable POWER9 CPU detection
print_location is not reliable enough (printing register info)
Reconsider default option for ClassPathURLCheck change done in JDK-8195874
Register to register spill may use AVX 512 move instruction on unsupported platform.
s390: Use of shift operators not covered by cpp standard
serviceability/sa/TestUniverse.java#id0 intermittently fails with assert(get_instanceKlass()->is_loaded()) failed: must be at least loaded
SIGBUS in CodeHeapState::print_names()
SIGSEGV in MethodArityHistogram() with -XX:+CountCompiledCalls
Soft reference reclamation race in com.sun.xml.internal.stream.util.ThreadLocalBufferAllocator
Swing apps are slow if displaying from a remote source to many local displays
switch jtreg to 4.2b13
Test library OSInfo.getSolarisVersion cannot determine Solaris version
TestOptionsWithRanges.java is very slow
TestOptionsWithRanges.java of '-XX:TLABSize=2147483648' fails intermittently
The Japanese message of FileNotFoundException garbled
The 'supported_groups' extension in ServerHellos
ThreadInfoCompositeData.toCompositeData fails to map ThreadInfo to CompositeData
TimeZone.getDisplayName given Locale.US doesn't always honor the Locale.
TLS 1.2 Support algorithm in SunPKCS11 provider
TLS 1.3 handshake server name indication is missing on a session resume
TLS 1.3 server fails if ClientHello doesn't have pre_shared_key and psk_key_exchange_modes
TLS 1.3 interop problems with OpenSSL 1.1.1 when used on the client side with mutual auth
tz: Upgrade time-zone data to tzdata2018g
Undefined behaviour in ADLC
Update avx512 implementation
URLStreamHandler initialization race
UseCompressedOops requirement check fails fails on 32-bit system
windows: Update OS detection code to recognize Windows Server 2019
x86: assert on unbound assembler Labels used as branch targets
x86: jck tests for ldc2_w bytecode fail
x86: sharedRuntimeTrig/sharedRuntimeTrans compiled without optimization
'-XX:OnOutOfMemoryError' uses fork instead of vfork

Advisory ID	SUSE-RU-2019:225-1
Released	Mon Feb 4 13:36:52 2019
Summary	Recommended update for hmaccalc
Type	recommended
Severity	moderate
References	1122491

Description:

This update for hmaccalc fixes the following issues:

require libfreebl3-hmac and libsoftokn3-hmac during building (bsc#1122491)

Advisory ID	SUSE-SU-2019:247-1
Released	Wed Feb 6 07:18:45 2019
Summary	Security update for lua53
Type	security
Severity	moderate
References	1123043,CVE-2019-6706

Description:

This update for lua53 fixes the following issues:
Security issue fixed:

CVE-2019-6706: Fixed a use-after-free bug in the lua_upvaluejoin function of lapi.c (bsc#1123043)

Advisory ID	SUSE-RU-2019:259-1
Released	Wed Feb 6 11:26:09 2019
Summary	Recommended update for man-pages-posix
Type	recommended
Severity	low
References	1116987

Description:

This update for man-pages-posix fixes the following issues:
- Supplements the package 'man' in order to install some missing man pages. (bnc#1116987)

Advisory ID	SUSE-RU-2019:270-1
Released	Wed Feb 6 15:43:23 2019
Summary	Recommended update for mariadb-connector-c
Type	recommended
Severity	important
References	1097938,1116686

Description:

This update for mariadb-connector-c fixes the following issues:

Update to version 3.0.7 (bsc#1116686)
Fixed installation issue where libmysqlclient.so.18 link was missing (bsc#1097938).

Advisory ID	SUSE-RU-2019:276-1
Released	Wed Feb 6 19:12:35 2019
Summary	Recommended update for rollback-helper
Type	recommended
Severity	moderate
References	1108618,1113048,1115555

Description:

This update for rollback-helper fixes the following issues:

Added handling for separate /var subvolumes (bsc#1115555)
Run before any other services calling zypper (bsc#1113048)
Retry network connection if it doesn't work yet (bsc#1108618)

Advisory ID	SUSE-SU-2019:286-1
Released	Thu Feb 7 13:45:27 2019
Summary	Security update for docker
Type	security
Severity	moderate
References	1001161,1112980,1115464,1118897,1118898,1118899,1118990,1121412,CVE-2018-16873,CVE-2018-16874,CVE-2018-16875

Description:

This update for containerd, docker, docker-runc and golang-github-docker-libnetwork fixes the following issues:
Security issues fixed for containerd, docker, docker-runc and golang-github-docker-libnetwork:

CVE-2018-16873: cmd/go: remote command execution during 'go get -u' (bsc#1118897)
CVE-2018-16874: cmd/go: directory traversal in 'go get' via curly braces in import paths (bsc#1118898)
CVE-2018-16875: crypto/x509: CPU denial of service (bsc#1118899)

Non-security issues fixed for docker:

Disable leap based builds for kubic flavor (bsc#1121412)
Allow users to explicitly specify the NIS domainname of a container (bsc#1001161)
Update docker.service to match upstream and avoid rlimit problems (bsc#1112980)
Allow docker images larger then 23GB (bsc#1118990)
Docker version update to version 18.09.0-ce (bsc#1115464)

Advisory ID	SUSE-RU-2019:317-1
Released	Mon Feb 11 16:08:23 2019
Summary	Recommended update for sendmail
Type	recommended
Severity	moderate
References	1116675

Description:

This update for sendmail addresses the following issues:

Fixes an issue with symlink creation on package installation. In order for the wrong symlink to be removed, the service needs to be disabled and re-enabled. (bsc#1116675)

Advisory ID	SUSE-SU-2019:362-1
Released	Wed Feb 13 13:31:56 2019
Summary	Security update for docker-runc
Type	security
Severity	important
References	1121967,CVE-2019-5736

Description:

This update for docker-runc fixes the following issues: Security issue fixed:

CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967)

Advisory ID	SUSE-RU-2019:364-1
Released	Wed Feb 13 14:00:08 2019
Summary	Recommended update for ipset
Type	recommended
Severity	moderate
References	1122853

Description:

This update for ipset fixes the following issues:

Fixed parsing service names for ports. Parsing is attempted both for numbers and service names and the temporary stored error message triggered to reset the state parameters about the set [bsc#1122853]

Advisory ID	SUSE-RU-2019:366-1
Released	Wed Feb 13 14:00:29 2019
Summary	Recommended update for wireless-regdb
Type	recommended
Severity	moderate
References	1121466

Description:

This update for wireless-regdb provides the following fixes:

Changes in version 2018.10.24 (bsc#1121466): * Remove dependency to python attr. * Sync DE with ETSI EN 301 893 V2.1.1. * Sync FR with ETSI EN 301 893 V2.1.1.

Changes in version 2018.09.07: * Update source of info for CU and ES. * Update regulatory rules for Switzerland (CH), and Liechtenstein. * Update regulatory rules for Finland (FI) on 5GHz (SRD devices). * Update rules for Hungary (HU) on 2.4/5/60G, 5725-5875MHz.

Advisory ID	SUSE-RU-2019:371-1
Released	Wed Feb 13 14:02:17 2019
Summary	Recommended update for ypbind
Type	recommended
Severity	moderate
References	1114640

Description:

This update for ypbind fixes the following issues:

Fixes crash on reload. (bsc#1114640)
Enhanced yp.conf manual page

Advisory ID	SUSE-RU-2019:374-1
Released	Wed Feb 13 14:03:02 2019
Summary	Recommended update for xrdb
Type	recommended
Severity	moderate
References	1120004

Description:

This update for xrdb fixes the following issues:

Now no warnings will be shown when parsing valid comments. (bsc#1120004)

Advisory ID	SUSE-RU-2019:443-1
Released	Tue Feb 19 18:53:19 2019
Summary	Recommended update for google-compute-engine
Type	recommended
Severity	moderate
References	1123671,1123672

Description:

This update for google-compute-engine fixes the following issues:
Google Compute Engine was updated to version 20190124 (bsc#1123671, bsc#1123672)

Fix metadata script retrieval to support Python 3.

Advisory ID	SUSE-RU-2019:464-1
Released	Fri Feb 22 09:43:52 2019
Summary	Recommended update for xkeyboard-config
Type	recommended
Severity	moderate
References	1123784

Description:

This update for xkeyboard-config fixes the following issues:

Fixes missing mappings for evdev keys KEY_RFKILL and KEY_WWAN. (bsc#1123784)

Advisory ID	SUSE-RU-2019:487-1
Released	Mon Feb 25 17:42:01 2019
Summary	Recommended update for cloud-regionsrv-client
Type	recommended
Severity	moderate
References	1029162,1114985,1120980

Description:

This update for cloud-regionsrv-client fixes the following issues:
Updated to version 8.1.3

Fix file permissions for generated credentials rw root only
Generate instance data as string as expected by zypper plugin handling
Write the proper credentials file when switching back to RIS service
Support registration against RMT
Implement URL resolver to facilitate instance verification for zypper access
Fixes related to bsc#1120980 also need server side support
IPv6 support
Fix handling of older cached SMT objects loaded from cached file

Advisory ID	SUSE-SU-2019:495-1
Released	Tue Feb 26 16:42:35 2019
Summary	Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc
Type	security
Severity	important
References	1048046,1051429,1114832,1118897,1118898,1118899,1121967,1124308,CVE-2018-16873,CVE-2018-16874,CVE-2018-16875,CVE-2019-5736

Description:

This update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc fixes the following issues:
Security issues fixed:

CVE-2018-16875: Fixed a CPU Denial of Service (bsc#1118899).
CVE-2018-16874: Fixed a vulnerabity in go get command which could allow directory traversal in GOPATH mode (bsc#1118898).
CVE-2018-16873: Fixed a vulnerability in go get command which could allow remote code execution when executed with -u in GOPATH mode (bsc#1118897).
CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967).

Other changes and fixes:

Update shell completion to use Group: System/Shells.
Add daemon.json file with rotation logs configuration (bsc#1114832)
Update to Docker 18.09.1-ce (bsc#1124308) and to to runc 96ec2177ae84. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md.
Update go requirements to >= go1.10
Use -buildmode=pie for tests and binary build (bsc#1048046 and bsc#1051429).
Remove the usage of 'cp -r' to reduce noise in the build logs.

Advisory ID	SUSE-RU-2019:500-1
Released	Tue Feb 26 19:11:26 2019
Summary	Recommended update for lifecycle-data-sle-module-live-patching
Type	recommended
Severity	moderate
References	1020320,1126443

Description:

This update for lifecycle-data-sle-module-live-patching fixes the following issues:

Fixed package names in the data file. (bsc#1126443)
Added data for 4_12_14-25_28. (bsc#1020320)

Advisory ID	SUSE-RU-2019:529-1
Released	Fri Mar 1 13:46:51 2019
Summary	Recommended update for cloud-netconfig
Type	recommended
Severity	moderate
References	1112822,1118783,1122013,1123008

Description:

This update for cloud-netconfig provides the following fixes:

Run cloud-netconfig periodically. (bsc#1118783, bsc#1122013)
Do not treat eth0 special with regard to routing policies. (bsc#1123008)
Reduce the timeout on metadata read. (bsc#1112822)

Advisory ID	SUSE-RU-2019:533-1
Released	Fri Mar 1 13:47:40 2019
Summary	Recommended update for mirror
Type	recommended
Severity	low
References	1123661

Description:

This update for mirror provides the following fix:

Remove a warning that dump() will no longer be available in Perl 5.30. (bsc#1123661)

Advisory ID	SUSE-RU-2019:550-1
Released	Tue Mar 5 14:46:46 2019
Summary	Recommended update for sapconf
Type	recommended
Severity	moderate
References	1111243,1122741

Description:

This update for sapconf fixes the following issues:

Source /etc/sysconfig/sapconf entries correctly, even if the /etc filesystem is read-only. (bsc#1122741)
log skipping of existing /etc/systemd/logind.conf.d/sap.conf file during package installation. (bsc#1111243)

Advisory ID	SUSE-RU-2019:567-1
Released	Thu Mar 7 17:49:00 2019
Summary	Recommended update for arpwatch
Type	recommended
Severity	moderate
References	1119851

Description:

This update for arpwatch provides the following fix:

Prevent a memory leak in gethname. (bsc#1119851)

Advisory ID	SUSE-SU-2019:571-1
Released	Thu Mar 7 18:13:46 2019
Summary	Security update for file
Type	security
Severity	moderate
References	1096974,1096984,1126117,1126118,1126119,CVE-2018-10360,CVE-2019-8905,CVE-2019-8906,CVE-2019-8907

Description:

This update for file fixes the following issues:
The following security vulnerabilities were addressed:

CVE-2018-10360: Fixed an out-of-bounds read in the function do_core_note in readelf.c, which allowed remote attackers to cause a denial of service (application crash) via a crafted ELF file (bsc#1096974)
CVE-2019-8905: Fixed a stack-based buffer over-read in do_core_note in readelf.c (bsc#1126118)
CVE-2019-8906: Fixed an out-of-bounds read in do_core_note in readelf. c (bsc#1126119)
CVE-2019-8907: Fixed a stack corruption in do_core_note in readelf.c (bsc#1126117)

Advisory ID	SUSE-SU-2019:574-1
Released	Fri Mar 8 15:22:51 2019
Summary	Security update for java-1_8_0-openjdk
Type	security
Severity	important
References	1122293,1122299,CVE-2018-11212,CVE-2019-2422

Description:

This update for java-1_8_0-openjdk to version jdk8u201 (icedtea 3.11.0) fixes the following issues: Security issues fixed:

CVE-2019-2422: Fixed a memory disclosure in FileChannelImpl (bsc#1122293).
CVE-2018-11212: Fixed an issue in alloc_sarray function in jmemmgr.c (bsc#1122299).

Complete list of changes: https://mail.openjdk.java.net/pipermail/distro-pkg-dev/2019-March/041223.html

Advisory ID	SUSE-SU-2019:585-1
Released	Tue Mar 12 12:59:09 2019
Summary	Security update for java-1_8_0-ibm
Type	security
Severity	important
References	1122292,1122293,1122299,1128158,CVE-2018-11212,CVE-2018-1890,CVE-2019-2422,CVE-2019-2449

Description:

This update for java-1_8_0-ibm to version 8.0.5.30 fixes the following issues:
Security issues fixed:

CVE-2019-2422: Fixed a memory disclosure in FileChannelImpl (bsc#1122293).
CVE-2018-11212: Fixed an issue in alloc_sarray function in jmemmgr.c (bsc#1122299).
CVE-2018-1890: Fixed a local privilege escalation via RPATHs (bsc#1128158).
CVE-2019-2449: Fixed a vulnerabilit which could allow remote atackers to delete arbitrary files (bsc#1122292).

More information: https://www-01.ibm.com/support/docview.wss?uid=ibm10873332

Advisory ID	SUSE-SU-2019:600-1
Released	Tue Mar 12 18:40:17 2019
Summary	Security update for openssl-1_0_0
Type	security
Severity	moderate
References	1117951,1127080,CVE-2019-1559

Description:

This update for openssl-1_0_0 fixes the following issues:
Security issues fixed:

The 9 Lives of Bleichenbacher's CAT: Cache Attacks on TLS Implementations (bsc#1117951)
CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances a TLS server can be forced to respond differently to a client and lead to the decryption of the data (bsc#1127080).

Advisory ID	SUSE-RU-2019:605-1
Released	Wed Mar 13 12:40:48 2019
Summary	Recommended update for azure-li-services
Type	recommended
Severity	moderate
References	1127923,1127924

Description:

This update for azure-li-services to version 1.1.27 provides the following:

Azure Large instances password reset and MAC based ifnames support (bsc#1127924)
Azure Very Large instances support for bonding (bsc#1127924)

Advisory ID	SUSE-RU-2019:608-1
Released	Wed Mar 13 15:21:02 2019
Summary	Recommended update for cups
Type	recommended
Severity	moderate
References	1118118

Description:

This update for cups fixes the following issues:

Fixed validation of UTF-8 filenames to avoid crashes (bsc#1118118)

Advisory ID	SUSE-SU-2019:619-1
Released	Fri Mar 15 15:38:37 2019
Summary	Security update for wireshark
Type	security
Severity	moderate
References	1127367,1127369,1127370,CVE-2019-9208,CVE-2019-9209,CVE-2019-9214

Description:

This update for wireshark to version 2.4.13 fixes the following issues:
Security issues fixed:

CVE-2019-9214: Avoided a dereference of a null coversation which could make RPCAP dissector crash (bsc#1127367).
CVE-2019-9209: Fixed a buffer overflow in time values which could make ASN.1 BER and related dissectors crash (bsc#1127369).
CVE-2019-9208: Fixed a null pointer dereference which could make TCAP dissector crash (bsc#1127370).

Release notes: https://www.wireshark.org/docs/relnotes/wireshark-2.4.13.html

Advisory ID	SUSE-SU-2019:637-1
Released	Tue Mar 19 09:26:52 2019
Summary	Security update for libssh2_org
Type	security
Severity	moderate
References	1128471,1128472,1128474,1128476,1128480,1128481,1128490,1128492,1128493,CVE-2019-3855,CVE-2019-3856,CVE-2019-3857,CVE-2019-3858,CVE-2019-3859,CVE-2019-3860,CVE-2019-3861,CVE-2019-3862,CVE-2019-3863

Description:

This update for libssh2_org fixes the following issues:
Security issues fixed:

CVE-2019-3861: Fixed Out-of-bounds reads with specially crafted SSH packets (bsc#1128490).
CVE-2019-3862: Fixed Out-of-bounds memory comparison with specially crafted message channel request packet (bsc#1128492).
CVE-2019-3860: Fixed Out-of-bounds reads with specially crafted SFTP packets (bsc#1128481).
CVE-2019-3863: Fixed an Integer overflow in user authenicate keyboard interactive which could allow out-of-bounds writes with specially crafted keyboard responses (bsc#1128493).
CVE-2019-3856: Fixed a potential Integer overflow in keyboard interactive handling which could allow out-of-bounds write with specially crafted payload (bsc#1128472).
CVE-2019-3859: Fixed Out-of-bounds reads with specially crafted payloads due to unchecked use of _libssh2_packet_require and _libssh2_packet_requirev (bsc#1128480).
CVE-2019-3855: Fixed a potential Integer overflow in transport read which could allow out-of-bounds write with specially crafted payload (bsc#1128471).
CVE-2019-3858: Fixed a potential zero-byte allocation which could lead to an out-of-bounds read with a specially crafted SFTP packet (bsc#1128476).
CVE-2019-3857: Fixed a potential Integer overflow which could lead to zero-byte allocation and out-of-bounds with specially crafted message channel request SSH packet (bsc#1128474).

Advisory ID	SUSE-SU-2019:654-1
Released	Wed Mar 20 10:29:13 2019
Summary	Security update for openwsman
Type	security
Severity	important
References	1092206,1122623,CVE-2019-3816,CVE-2019-3833

Description:

This update for openwsman fixes the following issues:
Security issues fixed:

CVE-2019-3816: Fixed a vulnerability in openwsmand deamon which could lead to arbitary file disclosure (bsc#1122623).
CVE-2019-3833: Fixed a vulnerability in process_connection() which could allow an attacker to trigger an infinite loop which leads to Denial of Service (bsc#1122623).

Other issues addressed:

Added OpenSSL 1.1 compatibility
Compilation in debug mode fixed
Directory listing without authentication fixed (bsc#1092206).

Advisory ID	SUSE-RU-2019:665-1
Released	Wed Mar 20 14:54:29 2019
Summary	Recommended update for xf86-input-wacom
Type	recommended
Severity	low
References	1120405

Description:

This update for xf86-input-wacom provides the following fix:

Re-added support for serial input devices. (bsc#1120405)

Advisory ID	SUSE-SU-2019:707-1
Released	Fri Mar 22 13:32:07 2019
Summary	Security update for unzip
Type	security
Severity	moderate
References	1110194,CVE-2018-18384

Description:

This update for unzip fixes the following issues:

CVE-2018-18384: Fixed a buffer overflow when listing archives (bsc#1110194)

Advisory ID	SUSE-SU-2019:718-1
Released	Fri Mar 22 16:50:25 2019
Summary	Security update for ghostscript
Type	security
Severity	important
References	1129186,CVE-2019-3838

Description:

This update for ghostscript fixes the following issue:
Security issue fixed:

CVE-2019-3838: Fixed a vulnerability which made forceput operator in DefineResource to be still accessible which could allow access to file system outside of the constraints of -dSAFER (bsc#1129186).

Advisory ID	SUSE-SU-2019:720-1
Released	Fri Mar 22 16:53:55 2019
Summary	Security update for libgxps
Type	security
Severity	moderate
References	1092125,CVE-2018-10733

Description:

This update for libgxps fixes the following issues:

CVE-2018-10733: Fixed a heap-based buffer over-read issue in ft_font_face_hash (bsc#1092125).

Advisory ID	SUSE-RU-2019:732-1
Released	Mon Mar 25 14:10:04 2019
Summary	Recommended update for aaa_base
Type	recommended
Severity	moderate
References	1088524,1118364,1128246

Description:

This update for aaa_base fixes the following issues:

Restore old position of ssh/sudo source of profile (bsc#1118364).
Update logic for JRE_HOME env variable (bsc#1128246)

Advisory ID	SUSE-SU-2019:748-1
Released	Tue Mar 26 14:35:56 2019
Summary	Security update for libmspack
Type	security
Severity	moderate
References	1113038,1113039,CVE-2018-18584,CVE-2018-18585

Description:

This update for libmspack fixes the following issues:
Security issues fixed:

CVE-2018-18584: The CAB block input buffer was one byte too small for the maximal Quantum block, leading to an out-of-bounds write. (bsc#1113038)
CVE-2018-18585: chmd_read_headers accepted a filename that has '\0' as its first or second character (such as the '/\0' name). (bsc#1113039)
Fix off-by-one bounds check on CHM PMGI/PMGL chunk numbers and reject empty filenames.

Advisory ID	SUSE-SU-2019:772-1
Released	Wed Mar 27 10:37:12 2019
Summary	Security update for wavpack
Type	security
Severity	moderate
References	1120929,1120930,CVE-2018-19840,CVE-2018-19841

Description:

This update for wavpack fixes the following issues:
Security issues fixed:

CVE-2018-19840: Fixed a denial-of-service in the WavpackPackInit function from pack_utils.c (bsc#1120930)
CVE-2018-19841: Fixed a denial-of-service in the WavpackVerifySingleBlock function from open_utils.c (bsc#1120929)

Advisory ID	SUSE-SU-2019:777-1
Released	Wed Mar 27 12:23:34 2019
Summary	Security update for ntp
Type	security
Severity	moderate
References	1128525,CVE-2019-8936

Description:

This update for ntp fixes the following issues:
Security issue fixed:

CVE-2019-8936: Fixed a null pointer exception which could allow an authenticated attcker to cause segmentation fault to ntpd (bsc#1128525).

Other issues addressed:

Fixed several bugs in the BANCOMM reclock driver.
Fixed ntp_loopfilter.c snprintf compilation warnings.
Fixed spurious initgroups() error message.
Fixed STA_NANO struct timex units.
Fixed GPS week rollover in libparse.
Fixed incorrect poll interval in packet.
Added a missing check for ENABLE_CMAC.

Advisory ID	SUSE-SU-2019:786-1
Released	Thu Mar 28 11:21:38 2019
Summary	Security update for tiff
Type	security
Severity	moderate
References	1108606,1115717,1121626,1125113,CVE-2018-17000,CVE-2018-19210,CVE-2019-6128,CVE-2019-7663

Description:

This update for tiff fixes the following issues:
Security issues fixed:

CVE-2018-19210: Fixed a NULL pointer dereference in TIFFWriteDirectorySec function (bsc#1115717).
CVE-2018-17000: Fixed a NULL pointer dereference in the _TIFFmemcmp function (bsc#1108606).
CVE-2019-6128: Fixed a memory leak in the TIFFFdOpen function in tif_unix.c (bsc#1121626).
CVE-2019-7663: Fixed an invalid address dereference in the TIFFWriteDirectoryTagTransfer function in libtiff/tif_dirwrite.c (bsc#1125113)

Advisory ID	SUSE-SU-2019:788-1
Released	Thu Mar 28 11:55:06 2019
Summary	Security update for sqlite3
Type	security
Severity	moderate
References	1119687,CVE-2018-20346

Description:

This update for sqlite3 to version 3.27.2 fixes the following issue:
Security issue fixed:

CVE-2018-20346: Fixed a remote code execution vulnerability in FTS3 (Magellan) (bsc#1119687).

Release notes: https://www.sqlite.org/releaselog/3_27_2.html

Advisory ID	SUSE-RU-2019:790-1
Released	Thu Mar 28 12:06:17 2019
Summary	Recommended update for timezone
Type	recommended
Severity	moderate
References	1130557

Description:

This update for timezone fixes the following issues:
timezone was updated 2019a:

Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23
Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00
Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25)
zic now has an -r option to limit the time range of output data

Advisory ID	SUSE-SU-2019:806-1
Released	Fri Mar 29 13:16:51 2019
Summary	Security update for sysstat
Type	security
Severity	low
References	1117001,1117260,CVE-2018-19416,CVE-2018-19517

Description:

This update for sysstat fixes the following issues:
Security issues fixed:

CVE-2018-19416: Fixed out-of-bounds read during a memmove call inside the remap_struct function (bsc#1117001).
CVE-2018-19517: Fixed out-of-bounds read during a memset call inside the remap_struct function (bsc#1117260).

Advisory ID	SUSE-SU-2019:855-1
Released	Wed Apr 3 11:49:58 2019
Summary	Security update for netpbm
Type	security
Severity	moderate
References	1086777,CVE-2018-8975

Description:

This update for netpbm fixes the following issues:

CVE-2018-8975: The pm_mallocarray2 function allowed remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file (bsc#1086777).

Advisory ID	SUSE-SU-2019:861-1
Released	Wed Apr 3 16:09:41 2019
Summary	Security update for clamav
Type	security
Severity	important
References	1130721,CVE-2019-1787,CVE-2019-1788,CVE-2019-1789

Description:

This update for clamav to version 0.100.3 fixes the following issues:
Security issues fixed (bsc#1130721):

CVE-2019-1787: Fixed an out-of-bounds heap read condition which may occur when scanning PDF documents.
CVE-2019-1789: Fixed an out-of-bounds heap read condition which may occur when scanning PE files (i.e. Windows EXE and DLL files).
CVE-2019-1788: Fixed an out-of-bounds heap write condition which may occur when scanning OLE2 files such as Microsoft Office 97-2003 documents.

Advisory ID	SUSE-RU-2019:869-1
Released	Thu Apr 4 11:46:13 2019
Summary	Recommended update for mariadb-connector-c
Type	recommended
Severity	moderate
References	1126088

Description:

This update for mariadb-connector-c fixes the following issues:

Bugfix: libmariadb.pc installed in seemingly wrong location (bsc#1126088)

Advisory ID	SUSE-RU-2019:887-1
Released	Fri Apr 5 07:55:32 2019
Summary	Recommended update for zypper-docker
Type	recommended
Severity	moderate
References	1018823,1022052,1097442,1098017

Description:

This update for zypper-docker to version 2.0.0 contains the following changes:
Features:
* Allow inspection of stopped containers Using zypper-docker luc,lpc or pchkc on a stopped container is now possible. * Analyze container instead of base image by default Note: This is a backwards incompatible change. If the base image of a container needs to be analyzed, which was the former default a new --base flag can be used. e.g. zypper-docker pchkc --base
Minor Improvements / Fixes:
* Add short forms of commands to help section (bsc#1022052) * Fix bug that caused images not to be removed properly in some cases * Fix bug that caused lpc command to log to stdout * Fix bug that caused force flag not to work with zypper-docker images * Fix zypper-docker ps command * Fix bug with zypper-docker up/patch --no-recommends * Fix update behavior when getting a zypper update
Other:
* Update and use zypper exit codes (bsc#1018823) * Support recent version of the docker API

Advisory ID	SUSE-RU-2019:895-1
Released	Mon Apr 8 10:58:32 2019
Summary	Recommended update for speech-dispatcher
Type	recommended
Severity	moderate
References	1129586

Description:

This update for speech-dispatcher fixes the following issues:

set includedir to fix the entries in the pkg-config file (bsc#1129586)

Advisory ID	SUSE-RU-2019:905-1
Released	Mon Apr 8 16:48:02 2019
Summary	Recommended update for gcc
Type	recommended
Severity	moderate
References	1096008

Description:

This update for gcc fixes the following issues:

Fix gcc-PIE spec to properly honor -no-pie at link time. (bsc#1096008)

Advisory ID	SUSE-SU-2019:917-1
Released	Tue Apr 9 13:08:12 2019
Summary	Security update for SDL
Type	security
Severity	moderate
References	1124799,1124800,1124802,1124803,1124805,1124806,1124824,1124825,1124826,1124827,1125099,CVE-2019-7572,CVE-2019-7573,CVE-2019-7574,CVE-2019-7575,CVE-2019-7576,CVE-2019-7577,CVE-2019-7578,CVE-2019-7635,CVE-2019-7636,CVE-2019-7637,CVE-2019-7638

Description:

This update for SDL fixes the following issues:
Security issues fixed:

CVE-2019-7572: Fixed a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.(bsc#1124806).
CVE-2019-7578: Fixed a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (bsc#1125099).
CVE-2019-7576: Fixed heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124799).
CVE-2019-7573: Fixed a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124805).
CVE-2019-7635: Fixed a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. (bsc#1124827).
CVE-2019-7636: Fixed a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (bsc#1124826).
CVE-2019-7638: Fixed a heap-based buffer over-read in Map1toN in video/SDL_pixels.c (bsc#1124824).
CVE-2019-7574: Fixed a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c (bsc#1124803).
CVE-2019-7575: Fixed a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c (bsc#1124802).
CVE-2019-7637: Fixed a heap-based buffer overflow in SDL_FillRect function in SDL_surface.c (bsc#1124825).
CVE-2019-7577: Fixed a buffer over read in SDL_LoadWAV_RW in audio/SDL_wave.c (bsc#1124800).

Advisory ID	SUSE-SU-2019:919-1
Released	Tue Apr 9 15:47:42 2019
Summary	Security update for blktrace
Type	security
Severity	low
References	1091942,CVE-2018-10689

Description:

This update for blktrace fixes the following issues:

CVE-2018-10689: Prevent buffer overflow in the dev_map_read function because the device and devno arrays were too small (bsc#1091942)

Advisory ID	SUSE-SU-2019:920-1
Released	Tue Apr 9 16:52:38 2019
Summary	Security update for flac
Type	security
Severity	low
References	1091045,CVE-2017-6888

Description:

This update for flac fixes the following issues:

CVE-2017-6888: An error in the 'read_metadata_vorbiscomment_()' function could be exploited to cause a memory leak via a specially crafted FLAC file (bsc#1091045).

Advisory ID	SUSE-SU-2019:925-1
Released	Wed Apr 10 16:32:50 2019
Summary	Security update for wget
Type	security
Severity	important
References	1131493,CVE-2019-5953

Description:

This update for wget fixes the following issues:
Security issue fixed:

CVE-2019-5953: Fixed a buffer overflow vulnerability which might cause code execution (bsc#1131493).

Advisory ID	SUSE-SU-2019:926-1
Released	Wed Apr 10 16:33:12 2019
Summary	Security update for tar
Type	security
Severity	moderate
References	1120610,1130496,CVE-2018-20482,CVE-2019-9923

Description:

This update for tar fixes the following issues:
Security issues fixed:

CVE-2019-9923: Fixed a denial of service while parsing certain archives with malformed extended headers in pax_decode_header() (bsc#1130496).
CVE-2018-20482: Fixed a denial of service when the '--sparse' option mishandles file shrinkage during read access (bsc#1120610).

Advisory ID	SUSE-SU-2019:940-1
Released	Fri Apr 12 13:20:03 2019
Summary	Security update for audiofile
Type	security
Severity	low
References	1100523,CVE-2018-13440

Description:

This update for audiofile fixes the following issues:
Security issue fixed:

CVE-2018-13440: Return AF_FAIL instead of causing NULL pointer dereferences later (bsc#1100523).

Advisory ID	SUSE-RU-2019:947-1
Released	Fri Apr 12 21:49:31 2019
Summary	Recommended update for cluster-glue
Type	recommended
Severity	moderate
References	1098758

Description:

This update for cluster-glue provides the following fix:

stonith:ibmhmc: Add 'managedsyspat' and 'password' as supported parameters. (bsc#1098758)

Advisory ID	SUSE-SU-2019:954-1
Released	Tue Apr 16 13:05:59 2019
Summary	Security update for openexr
Type	security
Severity	low
References	1113455,CVE-2018-18444

Description:

This update for openexr fixes the following issues:
Security issue fixed:

CVE-2018-18444: Fixed Out-of-bounds write in makeMultiView.cpp (bsc#1113455).

Advisory ID	SUSE-SU-2019:1001-1
Released	Wed Apr 24 09:41:15 2019
Summary	Security update for ntfs-3g_ntfsprogs
Type	security
Severity	moderate
References	1130165,CVE-2019-9755

Description:

This update for ntfs-3g_ntfsprogs fixes the following issues:
Security issues fixed:

CVE-2019-9755: Fixed a heap-based buffer overflow which could lead to local privilege escalation (bsc#1130165).

Advisory ID	SUSE-RU-2019:1002-1
Released	Wed Apr 24 10:13:34 2019
Summary	Recommended update for zlib
Type	recommended
Severity	moderate
References	1110304,1129576

Description:

This update for zlib fixes the following issues:

Fixes a segmentation fault error (bsc#1110304, bsc#1129576)

Advisory ID	SUSE-SU-2019:1018-1
Released	Wed Apr 24 13:02:28 2019
Summary	Security update for jasper
Type	security
Severity	moderate
References	1010783,1117505,1117511,CVE-2016-9396,CVE-2018-19539,CVE-2018-19542

Description:

This update for jasper fixes the following issues:
Security issues fixed:

CVE-2018-19542: Fixed a denial of service in jp2_decode (bsc#1117505).
CVE-2018-19539: Fixed a denial of service in jas_image_readcmpt (bsc#1117511).
CVE-2016-9396: Fixed a denial of service in jpc_cox_getcompparms (bsc#1010783).

Advisory ID	SUSE-RU-2019:1022-1
Released	Wed Apr 24 13:46:51 2019
Summary	Recommended update for hwdata
Type	recommended
Severity	moderate
References	1121410

Description:

This update for hwdata fixes the following issues:
Update to version 0.320 (bsc#1121410):

Updated the pci, usb and vendor ids vendor and product databases.

Advisory ID	SUSE-RU-2019:1034-1
Released	Thu Apr 25 13:39:50 2019
Summary	Recommended update for docker-runc
Type	recommended
Severity	important
References	1131314,1131553

Description:

This update for docker-runc fixes the following issues:

Backport various upstream patches to fix some kernel regression related to O_TMPFILE. bsc#1131314 bsc#1131553

Advisory ID	SUSE-SU-2019:1036-1
Released	Thu Apr 25 14:53:44 2019
Summary	Security update for wireshark
Type	security
Severity	moderate
References	1131945,CVE-2019-10894,CVE-2019-10895,CVE-2019-10896,CVE-2019-10899,CVE-2019-10901,CVE-2019-10903

Description:

This update for wireshark to version 2.4.14 fixes the following issues:
Security issues fixed:

CVE-2019-10895: NetScaler file parser crash.
CVE-2019-10899: SRVLOC dissector crash.
CVE-2019-10894: GSS-API dissector crash.
CVE-2019-10896: DOF dissector crash.
CVE-2019-10901: LDSS dissector crash.
CVE-2019-10903: DCERPC SPOOLSS dissector crash.

Non-security issue fixed:

Update to version 2.4.14 (bsc#1131945).

Advisory ID	SUSE-SU-2019:1040-1
Released	Thu Apr 25 17:09:21 2019
Summary	Security update for samba
Type	security
Severity	important
References	1114407,1124223,1125410,1126377,1131060,1131686,CVE-2019-3880

Description:

This update for samba fixes the following issues:
Security issue fixed:

CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which allowed an unprivileged user to save registry files outside a share (bsc#1131060).

ldb was updated to version 1.2.4 (bsc#1125410 bsc#1131686):

Out of bound read in ldb_wildcard_compare
Hold at most 10 outstanding paged result cookies
Put 'results_store' into a doubly linked list
Refuse to build Samba against a newer minor version of ldb

Non-security issues fixed:

Fixed update-apparmor-samba-profile script after apparmor switched to using named profiles (bsc#1126377).
Abide to the load_printers parameter in smb.conf (bsc#1124223).
Provide the 32bit samba winbind PAM module and its dependend 32bit libraries.

Advisory ID	SUSE-SU-2019:1052-1
Released	Fri Apr 26 14:33:42 2019
Summary	Security update for java-11-openjdk
Type	security
Severity	moderate
References	1132728,1132732,CVE-2019-2602,CVE-2019-2684

Description:

This update for java-11-openjdk to version 11.0.3+7 fixes the following issues:
Security issues fixed:

CVE-2019-2602: Fixed excessive use of CPU time in the BigDecimal implementation (bsc#1132728).
CVE-2019-2684: Fixed a flaw in the RMI registry implementation which could lead to selection of an incorrect skeleton class (bsc#1132732).

Non-security issues fixed:

Multiple bug fixes and improvements.

Advisory ID	SUSE-SU-2019:1059-1
Released	Sat Apr 27 09:44:01 2019
Summary	Security update for libssh2_org
Type	security
Severity	important
References	1130103,1133528,CVE-2019-3859

Description:

This update for libssh2_org fixes the following issues:
- Incorrect upstream fix for CVE-2019-3859 broke public key authentication [bsc#1133528, bsc#1130103]

Advisory ID	SUSE-SU-2019:1090-1
Released	Mon Apr 29 14:32:33 2019
Summary	Security update for rubygem-actionpack-5_1
Type	security
Severity	moderate
References	1129271,1129272,CVE-2019-5418,CVE-2019-5419

Description:

This update for rubygem-actionpack-5_1 fixes the following issues:
Security issues fixed:

CVE-2019-5418: Fixed a file content disclosure vulnerability in Action View which could be exploited via specially crafted accept headers in combination with calls to render file (bsc#1129272).
CVE-2019-5419: Fixed a resource exhaustion issue in Action View which could make the server unable to process requests (bsc#1129271).

Advisory ID	SUSE-RU-2019:1105-1
Released	Tue Apr 30 12:10:58 2019
Summary	Recommended update for gcc7
Type	recommended
Severity	moderate
References	1084842,1114592,1124644,1128794,1129389,1131264,SLE-6738

Description:

This update for gcc7 fixes the following issues:
Update to gcc-7-branch head (r270528).

Disables switch jump-tables when retpolines are used. This restores some lost performance for kernel builds with retpolines. (bsc#1131264, jsc#SLE-6738)
Fix ICE compiling tensorflow on aarch64. (bsc#1129389)
Fix for aarch64 FMA steering pass use-after-free. (bsc#1128794)
Fix for s390x FP load-and-test issue. (bsc#1124644)
Improve build reproducability by disabling address-space randomization during build.
Adjust gnat manual entries in the info directory. (bsc#1114592)
Includes fix to no longer try linking -lieee with -mieee-fp. (bsc#1084842)

Advisory ID	SUSE-RU-2019:1113-1
Released	Tue Apr 30 14:08:42 2019
Summary	Recommended update for python-pycurl
Type	recommended
Severity	moderate
References	1128355

Description:

This update for python-pycurl fixes the following issues:

bsc#1128355: update to the Factory package to get multibuild and better working tests.

Update to 7.43.0.2: * Added perform_rb and perform_rs methods to Curl objects to return response body as byte string and string, respectively. * Added OPT_COOKIELIST constant for consistency with other option constants. * PycURL is now able to report errors triggered by libcurl via CURLOPT_FAILONERROR mechanism when the error messages are not decodable in Python's default encoding (GitHub issue #259). * Added getinfo_raw method to Curl objects to return byte strings as is from libcurl without attempting to decode them (GitHub issue #493). * When adding a Curl easy object to CurlMulti via add_handle, the easy objects now have their reference counts increased so that the application is no longer required to keep references to them to keep them from being garbage collected (GitHub issue #171). * PycURL easy, multi and share objects can now be weak referenced. * set_ca_certs now accepts byte strings as it should have been all along. * Use OpenSSL 1.1 and 1.0 specific APIs for controlling thread locks depending on OpenSSL version (patch by Vitaly Murashev). * Fixed a crash when closesocket callback failed (patch by Gisle Vanem and toddrme2178). * Added CURLOPT_PROXY_SSLCERT, CURLOPT_PROXY_SSLCERTTYPE, CURLOPT_PROXY_SSLKEY, CURLOPT_PROXY_SSLKEYTYPE, CURLOPT_PROXY_SSL_VERIFYPEER (libcurl 7.52.0+, patch by Casey Miller). * Added CURLOPT_PRE_PROXY (libcurl 7.52.0+, patch by ziggy). * Added SOCKET_BAD constant and it is now recognized as a valid return value from OPENSOCKET callback.

Advisory ID	SUSE-SU-2019:1127-1
Released	Thu May 2 09:39:24 2019
Summary	Security update for sqlite3
Type	security
Severity	moderate
References	1130325,1130326,CVE-2019-9936,CVE-2019-9937

Description:

This update for sqlite3 to version 3.28.0 fixes the following issues:
Security issues fixed:

CVE-2019-9936: Fixed a heap-based buffer over-read, when running fts5 prefix queries inside transaction (bsc#1130326).
CVE-2019-9937: Fixed a denial of service related to interleaving reads and writes in a single transaction with an fts5 virtual table (bsc#1130325).

Advisory ID	SUSE-RU-2019:1130-1
Released	Thu May 2 13:07:59 2019
Summary	Recommended update for azure-li-services
Type	recommended
Severity	moderate
References	1125372,1125373

Description:

This update for azure-li-services fixes the following issues:

Create /etc/sysconfig/sbd configuration

Write /etc/sysconfig/sbd which contains the disk device name used to initialize the SBD device

Add support for iSCSI SBD device setup

In a new an optional stonith section the configuration for the iSCSI initiator and ip address can be setup. Once present the process to setup the iSCSI initiator as well as the device discovery is started. (bsc#1125373 and bsc#1125372)

Advisory ID	SUSE-RU-2019:1134-1
Released	Thu May 2 17:57:27 2019
Summary	Recommended update for quota
Type	recommended
Severity	moderate
References	1131513,SLE-5734

Description:

This update for quota fixes the following issues:
Quota was updated to 4.05 release jsc#SLE-5734 bsc#1131513:

This release includes mostly various smaller cleanups and fixes in various areas.
Most visible changes are addition of f2fs and exfs among recognized filesystems.

Remove quot binary functionality could be achieved by using repquota instead

Advisory ID	SUSE-RU-2019:1145-1
Released	Fri May 3 16:03:10 2019
Summary	Recommended update for aws-efs-utils
Type	recommended
Severity	moderate
References	1101451,1124652,1125133

Description:

This update for aws-efs-utils fixes the following issues:
This ships aws-efs-utils 1.7 to the SUSE Linux Enterprise Module for Public Cloud (bsc#1101451, fate#327220, bsc#1124652, fate#327221)
This package provides utilities for using the EFS file systems.

Advisory ID	SUSE-RU-2019:1152-1
Released	Fri May 3 18:06:09 2019
Summary	Recommended update for java-11-openjdk
Type	recommended
Severity	moderate
References	1131378

Description:

This update for java-11-openjdk fixes the following issues:

Require update-ca-certificates by the headless subpackage (bsc#1131378)
Removed a font rendering patch with broke related to other font changes.

Advisory ID	SUSE-SU-2019:1156-1
Released	Mon May 6 13:46:07 2019
Summary	Security update for python-Jinja2
Type	security
Severity	important
References	1125815,1132174,1132323,CVE-2016-10745,CVE-2019-10906,CVE-2019-8341

Description:

This update for python-Jinja2 to version 2.10.1 fixes the following issues:
Security issues fixed:

CVE-2019-8341: Fixed a command injection in from_string() (bsc#1125815).
CVE-2019-10906: Fixed a sandbox escape due to information disclosure via str.format (bsc#1132323).

Advisory ID	SUSE-RU-2019:1176-1
Released	Tue May 7 16:19:23 2019
Summary	Recommended update for rpmlint
Type	recommended
Severity	moderate
References	1132530

Description:

This update for rpmlint fixes the following issues:

fix rpmlint-tests build by reverting changes to reference output that do not apply on SLE15 (bsc#1132530)

Advisory ID	SUSE-RU-2019:1199-1
Released	Fri May 10 07:44:05 2019
Summary	Recommended update for nvmetcli
Type	recommended
Severity	moderate
References	1130981

Description:

This update for nvmetcli fixes the following issues:

Add ANA support to nvmetcli (bsc#1130981)

Advisory ID	SUSE-SU-2019:1211-1
Released	Fri May 10 14:09:09 2019
Summary	Security update for java-1_8_0-openjdk
Type	security
Severity	important
References	1132728,1132729,1132732,1133135,CVE-2018-3639,CVE-2019-2602,CVE-2019-2684,CVE-2019-2698

Description:

This update for java-1_8_0-openjdk to version 8u212 fixes the following issues:
Security issues fixed:

CVE-2019-2602: Better String parsing (bsc#1132728).
CVE-2019-2684: More dynamic RMI interactions (bsc#1132732).
CVE-2019-2698: Fuzzing TrueType fonts - setCurrGlyphID() (bsc#1132729).
CVE-2018-3639: fix revision to prefer PR_SPEC_DISABLE_NOEXEC to PR_SPEC_DISABLE

Non-Security issue fixed:

Disable LTO (bsc#1133135).
Added Japanese new era name.

Advisory ID	SUSE-RU-2019:1229-1
Released	Tue May 14 11:05:55 2019
Summary	Recommended update for sensors
Type	recommended
Severity	moderate
References	1108468,1116021

Description:

This update for sensors fixes the following issues:
sensors was updated to version 3.5.0:
The following changes were done:

soname was bumped due to commit dcf2367 which introduced an ABI change. (This was reverted for the SUSE packages, as it was not necessary)

Fixed disappearance of certain hwmon chips with 4.19+ kernels (bsc#1116021).
Add the find-driver script for debugging.
Various documentation and man page improvements.
Fix various issues found by Coverity Scan.
Updated links in documentation to reflect the new home of lm_sensors.
sensors.1: Add reference to sensors-detect and document -j option (json output).
sensors: Add support for json output, add support for power min, lcrit, min_alarm, lcrit_alarm.
sensors-detect changes:

* Fix systemd paths. * Add detection of Fintek F81768. * Only probe I/O ports on x86. * Add detection of Nuvoton NCT6793D. * Add detection of Microchip MCP9808. * Mark F71868A as supported by the f71882fg driver. * Mark F81768D as supported by the f71882fg driver. * Mark F81866D as supported by the f71882fg driver. * Add detection of various ITE chips. * Add detection of Nuvoton NCT6795D. * Add detection of DDR4 SPD. * Add detection of ITE IT8987D. * Add detection of AMD Family 17h temperature sensors. * Add detection of AMD KERNCZ SMBus controller. * Add detection of various Intel SMBus controllers. * Add detection of Giantec GT30TS00. * Add detection of ONS CAT34TS02C and CAT34TS04. * Add detection of AMD Family 15h Model 60+ temperature sensors. * Add detection of Nuvoton NCT6796D. * Add detection of AMD Family 15h Model 70+ temperature sensors.

configs: Add sample configuration files.
sensors.conf.default:

* Add hardwired inputs of NCT6795D * Add hardwired inputs of F71868A * Add hardwired NCT6796D inputs

vt1211_pwm: replaced deprecated sub shell syntax, run with bash instead of sh.
pwmconfig: replaced deprecated sub shell syntax.
fancontrol: replaced deprecated sub shell syntax, save original pwm values.
fancontrol.8: replaced deprecated sub shell syntax.
libsensors:

* Add support for SENSORS_BUS_TYPE_SCSI, add support for power min, lcrit, min_alarm, lcrit_alarm. * Handle hwmon device with thermal device parent (bsc#1108468).

Undo unnecessary libsensors version bump.
Undo the SENSORS_API_VERSION change, to stay source-compatible with upstream.

Advisory ID	SUSE-SU-2019:1234-1
Released	Tue May 14 18:31:52 2019
Summary	Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork
Type	security
Severity	important
References	1114209,1114832,1118897,1118898,1118899,1121397,1121967,1123013,1128376,1128746,1134068,CVE-2018-16873,CVE-2018-16874,CVE-2018-16875,CVE-2019-5736,CVE-2019-6486

Description:

This update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork fixes the following issues:
Security issues fixed:

CVE-2019-5736: containerd: Fixing container breakout vulnerability (bsc#1121967).
CVE-2019-6486: go security release, fixing crypto/elliptic CPU DoS vulnerability affecting P-521 and P-384 (bsc#1123013).
CVE-2018-16873: go secuirty release, fixing cmd/go remote command execution (bsc#1118897).
CVE-2018-16874: go security release, fixing cmd/go directory traversal (bsc#1118898).
CVE-2018-16875: go security release, fixing crypto/x509 CPU denial of service (bsc#1118899).

Other changes and bug fixes:

Update to containerd v1.2.5, which is required for v18.09.5-ce (bsc#1128376, bsc#1134068).
Update to runc 2b18fe1d885e, which is required for Docker v18.09.5-ce (bsc#1128376, bsc#1134068).
Update to Docker 18.09.5-ce see upstream changelog in the packaged (bsc#1128376, bsc#1134068).
docker-test: Improvements to test packaging (bsc#1128746).
Move daemon.json file to /etc/docker directory (bsc#1114832).
Revert golang(API) removal since it turns out this breaks >= requires in certain cases (bsc#1114209).
Fix go build failures (bsc#1121397).

Advisory ID	SUSE-RU-2019:1282-1
Released	Fri May 17 13:14:19 2019
Summary	Recommended update for azure-li-services
Type	recommended
Severity	moderate
References	1133162

Description:

This update for azure-li-services to 1.1.31 fixes the following issues:

Umount LUN only on cleanup

If one service(A) needs the LUN and another service(B) that needs the LUN too runs in parallel a potential race condition exists in a way the service A could have umounted the LUN exactly at a time service B accesses it. Thus this patch changes the services such that only the last service, the cleanup service umounts the LUN.

Load softdog module when STONITH is set up

It loads the module and make the load boot persistant

Fixup system-setup service dependencies

The setup of the stonith SBD device requires the network to be up beforehand because the target is an iSCSI endpoint.

Advisory ID	SUSE-SU-2019:1291-1
Released	Mon May 20 09:57:16 2019
Summary	Security update for transfig
Type	security
Severity	low
References	1106531,CVE-2018-16140

Description:

This update for transfig fixes the following issues:
Security issue fixed:

CVE-2018-16140: Fixed a buffer underwrite vulnerability in get_line() in read.c, which allowed an attacker to write prior to the beginning of the buffer via specially crafted .fig file (bsc#1106531)

Advisory ID	SUSE-RU-2019:1302-1
Released	Tue May 21 13:05:02 2019
Summary	Recommended update for monitoring-plugins
Type	recommended
Severity	moderate
References	1132350,1132903,1133107

Description:

This update for monitoring-plugins fixes the following issues:

update AppArmor profiles for usrMerge (related to bsc#1132350) - grep in check_cups - ps in check_procs and check_procs.sle15

update usr.lib.nagios.plugins.check_procs to bash in /usr

support IPv4 ping for dual stacked host again (bsc#1132903)

update usr.lib.nagios.plugins.check_procs again for sle15 and above so that ptrace is allowed (bsc#1133107)

add /etc/nrpe.d/*.cfg snipplets

copy usr.lib.nagios.plugins.check_procs as usr.lib.nagios.plugins.check_procs.sle15 and use that for sle15 and above. 'ptrace' to enable ptrace globally is needed here.

Advisory ID	SUSE-SU-2019:1308-1
Released	Tue May 21 18:35:23 2019
Summary	Security update for java-1_8_0-ibm
Type	security
Severity	important
References	1132728,1132729,1132732,1132734,1134718,CVE-2019-10245,CVE-2019-2602,CVE-2019-2684,CVE-2019-2697,CVE-2019-2698

Description:

This update for java-1_8_0-ibm fixes the following issues:
Update to Java 8.0 Service Refresh 5 Fix Pack 35.
Security issues fixed:

CVE-2019-10245: Fixed Java bytecode verifier issue causing crashes (bsc#1134718).
CVE-2019-2698: Fixed out of bounds access flaw in the 2D component (bsc#1132729).
CVE-2019-2697: Fixed flaw inside the 2D component (bsc#1132734).
CVE-2019-2602: Fixed flaw inside BigDecimal implementation (Component: Libraries) (bsc#1132728).
CVE-2019-2684: Fixed flaw was found in the RMI registry implementation (bsc#1132732).

Advisory ID	SUSE-RU-2019:1312-1
Released	Wed May 22 12:19:12 2019
Summary	Recommended update for aaa_base
Type	recommended
Severity	moderate
References	1096191

Description:

This update for aaa_base fixes the following issue:
* Shell detection in /etc/profile and /etc/bash.bashrc was broken within AppArmor-confined containers (bsc#1096191)

Advisory ID	SUSE-RU-2019:1318-1
Released	Thu May 23 12:45:16 2019
Summary	Recommended update for orc
Type	recommended
Severity	moderate
References	1130085

Description:

This update for orc does not fix any customer visible issues and does only address an issue with its test suite (bsc#1130085)

Advisory ID	SUSE-RU-2019:1327-1
Released	Thu May 23 18:09:53 2019
Summary	Recommended update for speech-dispatcher
Type	recommended
Severity	moderate
References	1129586

Description:

This update for speech-dispatcher fixes the following issues:

Remove a work-around that was necessary in previous versions but since speech-dispatcher 0.8.4 no longer is. (bsc#1129586)

Advisory ID	SUSE-RU-2019:1328-1
Released	Thu May 23 18:10:08 2019
Summary	Recommended update for lifecycle-data-sle-module-live-patching
Type	recommended
Severity	moderate
References	1020320

Description:

This update for lifecycle-data-sle-module-live-patching fixes the following issues:

Added data for 4_12_14-150_14. (bsc#1020320)

Advisory ID	SUSE-SU-2019:1340-1
Released	Fri May 24 12:57:31 2019
Summary	Security update for libu2f-host
Type	security
Severity	low
References	1124781,CVE-2018-20340

Description:

This update for libu2f-host fixes the following issues: Security issue fixed:

CVE-2018-20340: Fixed an unchecked buffer, which could allow a buffer overflow with a custom made malicious USB device (bsc#1124781).

Advisory ID	SUSE-RU-2019:1343-1
Released	Fri May 24 13:58:40 2019
Summary	Recommended update for google-compute-engine
Type	recommended
Severity	moderate
References	1128392,1134179

Description:

This update for google-compute-engine fixes the following issues:
google-compute-engine was updated to version 20190416 (bsc#1128392, bsc#1134179):

Google Compute Engine OS Login

* Fix pam_group ordering detection. * Restart cron from the OS Login control file. * Add PAM entry to su:account stack.
Update to version 20190315:

Google Compute Engine OS Login

* Fix alternate challenge section for two factor authentication.
Update to version 20190304:

Google Compute Engine

* Set oom_score_adjust for google_accounts_daemon.

Google Compute Engine OS Login

* Use pam_group to provide users with default groups. * Add compat.h to support FreeBSD. * Exit immediately after a two factor authentication failure. * Add support for Google phone prompt challenges.

Include systemd service file to run google_optimize_local_ssd command
Include systemd service file to run google_set_multiqueue command
Install journald configuration files into /usr/lib/systemd/journald.conf.d

Advisory ID	SUSE-RU-2019:1367-1
Released	Tue May 28 12:41:43 2019
Summary	Recommended update for tcsh
Type	recommended
Severity	moderate
References	1129112

Description:

This update for tcsh fixes the following issues:

Incorrect postcmd handling could have caused miscalculation of a while loop start resulting in an infinite loop (bsc#1129112)

Advisory ID	SUSE-SU-2019:1368-1
Released	Tue May 28 13:15:38 2019
Summary	Recommended update for sles12sp3-docker-image, sles12sp4-image, system-user-root
Type	security
Severity	important
References	1134524,CVE-2019-5021

Description:

This update for sles12sp3-docker-image, sles12sp4-image, system-user-root fixes the following issues:

CVE-2019-5021: Include an invalidated root password by default, not an empty one (bsc#1134524)

Advisory ID	SUSE-SU-2019:1372-1
Released	Tue May 28 16:53:28 2019
Summary	Security update for libtasn1
Type	security
Severity	moderate
References	1105435,CVE-2018-1000654

Description:

This update for libtasn1 fixes the following issues:
Security issue fixed:

CVE-2018-1000654: Fixed a denial of service in the asn1 parser (bsc#1105435).

Advisory ID	SUSE-SU-2019:1374-1
Released	Wed May 29 10:15:39 2019
Summary	Security update for taglib
Type	security
Severity	low
References	1096180,CVE-2018-11439

Description:

This update for taglib fixes the following issues:

CVE-2018-11439: The TagLib::Ogg::FLAC::File::scan function allowed remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file (bsc#1096180)

Advisory ID	SUSE-RU-2019:1376-1
Released	Wed May 29 13:31:29 2019
Summary	Recommended update for openal-soft
Type	recommended
Severity	low
References	1131808

Description:

This update for openal-soft provides the following fixes:

Remove an unused file licensed under Apache-2.0 (and thus incompatible with the rest of the stack). (bsc#1131808)

Advisory ID	SUSE-RU-2019:1380-1
Released	Wed May 29 15:10:22 2019
Summary	Recommended update for ipa-ex-fonts
Type	recommended
Severity	moderate
References	1112183

Description:

This update for ipa-ex-fonts fixes the following issues:

Update to version 004.01 * new glyph U+32FF 'SQUARE ERA NAME REIWA' (boo#1112183) * add standardized variation sequences of 93 characters * update spaces of the two glyphs (U+26FF8, U+663B)
remove old Obsoletes and Provides for the past naming rule change

Advisory ID	SUSE-RU-2019:1393-1
Released	Fri May 31 10:18:34 2019
Summary	Recommended update for pesign
Type	recommended
Severity	moderate
References	1130588,1134670

Description:

This update for pesign fixes the following issues:

Enable build on %arm as we can sign kernel on %arm (bsc#1134670)

Require shadow instead of old pwdutils (bsc#192328)

Advisory ID	SUSE-SU-2019:1398-1
Released	Fri May 31 12:54:22 2019
Summary	Security update for libpng16
Type	security
Severity	low
References	1100687,1121624,1124211,CVE-2018-13785,CVE-2019-7317

Description:

This update for libpng16 fixes the following issues:
Security issues fixed:

CVE-2019-7317: Fixed a use-after-free vulnerability, triggered when png_image_free() was called under png_safe_execute (bsc#1124211).
CVE-2018-13785: Fixed a wrong calculation of row_factor in the png_check_chunk_length function in pngrutil.c, which could haved triggered and integer overflow and result in an divide-by-zero while processing a crafted PNG file, leading to a denial of service (bsc#1100687)

Advisory ID	SUSE-RU-2019:1403-1
Released	Mon Jun 3 10:45:52 2019
Summary	Recommended update for fio
Type	recommended
Severity	moderate
References	1129706

Description:

This update ships the performance measurement tool 'fio' to the SUSE Linux Enterprise 15 Module for Basesystem. (bsc#1129706)

Advisory ID	SUSE-RU-2019:1409-1
Released	Mon Jun 3 16:28:25 2019
Summary	Recommended update for lifecycle-data-sle-module-live-patching
Type	recommended
Severity	moderate
References	1020320

Description:

This update for lifecycle-data-sle-module-live-patching fixes the following issues:

Added data 4_12_14_-150_17 for lifecycle-data-sle-live-patching. (bsc#1020320)

Advisory ID	SUSE-RU-2019:1412-1
Released	Tue Jun 4 07:58:12 2019
Summary	Recommended update for wireless-regdb
Type	recommended
Severity	moderate
References	1134213

Description:

This update for wireless-regdb provides the following fixes:

Update to version 2019.03.01: (bsc#1134213) * Sync IN with G.S.R. 1048(E). * Update regulatory rules for Sweden (SE) on 2.4/5/60 GHz. * Update 60ghz band rules for US. * Add 5725-5875 MHz rule for Portugal (PT). * Add URLs in README. * Delete outdated comment for DE. * Update source of info for CU and ES.

Advisory ID	SUSE-RU-2019:1415-1
Released	Tue Jun 4 13:18:42 2019
Summary	Recommended update for fping
Type	recommended
Severity	moderate
References	1133988

Description:

This update for fping fixes the following issues:

Fix fping on servers with disabled IPv6 [bsc#1133988]

Advisory ID	SUSE-RU-2019:1417-1
Released	Tue Jun 4 15:40:25 2019
Summary	Recommended update for libselinux, policycoreutils, setools
Type	recommended
Severity	moderate
References	1130097,1136515

Description:

This update for libselinux, policycoreutils, setools fixes the following issues:
This update provides policycoreutils-python that contains binaries necessary for SELinux administration. (bsc#1130097)
Also necessary dependencies for this package have been included in the update.
python2-setools and python3-setools are shipped instead of python-setools.

Advisory ID	SUSE-RU-2019:1447-1
Released	Fri Jun 7 12:28:24 2019
Summary	Recommended update for sap-suse-cluster-connector
Type	recommended
Severity	moderate
References	1119137,1135487

Description:

This update for sap-suse-cluster-connector fixes the following issues:

Support groups and primitives names containing dashes. (bsc#1135487)

Adjust detection of cluster resources, if multiple SAPInstance resource are found.
Fix smm function, add set_maintenance_mode function and split function list_sap_resources into a frontend (list_sap_resources) and a backend (get_resource_and_status) to get a proper smm handling in sap_suse_cluster_connector. (bsc#1119137)

Advisory ID	SUSE-SU-2019:1457-1
Released	Tue Jun 11 10:09:14 2019
Summary	Security update for vim
Type	security
Severity	important
References	1137443,CVE-2019-12735

Description:

This update for vim fixes the following issue:
Security issue fixed:

CVE-2019-12735: Fixed a potential arbitrary code execution vulnerability in getchar.c (bsc#1137443).

Advisory ID	SUSE-RU-2019:1492-1
Released	Thu Jun 13 14:51:01 2019
Summary	Recommended update for libidn
Type	recommended
Severity	low
References	1132869

Description:

This update for libidn fixes the following issue:

The missing libidn11-32bit compat library package was provided. (bsc#1132869)

Advisory ID	SUSE-SU-2019:1525-1
Released	Mon Jun 17 17:31:04 2019
Summary	Security update for netpbm
Type	security
Severity	moderate
References	1024288,1024291,1136936,CVE-2017-2579,CVE-2017-2580

Description:

This update for netpbm fixes the following issues:
Security issues fixed:

CVE-2017-2579: Fixed out-of-bounds read in expandCodeOntoStack() (bsc#1024288).
CVE-2017-2580: Fixed out-of-bounds write of heap data in addPixelToRaster() function (bsc#1024291).
create netpbm-vulnerable subpackage and move pstopnm there, as ghostscript is used to convert (bsc#1136936)

Advisory ID	SUSE-RU-2019:1560-1
Released	Wed Jun 19 08:57:17 2019
Summary	Recommended update for cloud-netconfig
Type	recommended
Severity	moderate
References	1135257,1135263

Description:

This update for cloud-netconfig fixes the following issues:

cloud-netconfig will now pause and retry if API call throttling is detected in Azure (bsc#1135257, bsc#1135263)

Advisory ID	SUSE-SU-2019:1562-1
Released	Wed Jun 19 09:16:07 2019
Summary	Security update for docker
Type	security
Severity	moderate
References	1096726,CVE-2018-15664

Description:

This update for docker fixes the following issues:
Security issue fixed:

CVE-2018-15664: Fixed an issue which could make docker cp vulnerable to symlink-exchange race attacks (bsc#1096726).

Advisory ID	SUSE-RU-2019:1565-1
Released	Wed Jun 19 11:55:42 2019
Summary	Recommended update for google-compute-engine
Type	recommended
Severity	moderate
References	1136266,1136267

Description:

This update for google-compute-engine fixes the following issues:
Update to version 20190522 (bsc#1136266, bsc#1136267)

Google Compute Engine

* Fix guest attributes flow in Python 3.

Google Compute Engine OS Login

* Update OS Login control file for FreeBSD support.
Update to version 20190521:

Google Compute Engine

* Retry download for metadata scripts. * Fix script retrieval in Python 3. * Disable boto config in Python 3. * Update SSH host keys in guest attributes. * Fix XPS settings with more than 64 vCPUs.

Advisory ID	SUSE-SU-2019:1576-1
Released	Thu Jun 20 12:49:40 2019
Summary	Security update for enigmail
Type	security
Severity	important
References	1135855,CVE-2019-12269

Description:

This update for enigmail to version 2.0.11 fixes the following issues:
Security issue fixed:

CVE-2019-12269: Fixed an issue where a specially crafted inline PGP messages could spoof a 'correctly signed' message (bsc#1135855).

Advisory ID	SUSE-SU-2019:1603-1
Released	Fri Jun 21 10:23:33 2019
Summary	Security update for exempi
Type	security
Severity	moderate
References	1098946,CVE-2018-12648

Description:

This update for exempi fixes the following issues:

CVE-2018-12648: Fixed a NULL pointer dereference (crash) issue when processing webp files (bsc#1098946).

Advisory ID	SUSE-SU-2019:1607-1
Released	Fri Jun 21 10:26:45 2019
Summary	Security update for wireshark
Type	security
Severity	moderate
References	1136021

Description:

This update for wireshark to version 2.4.15 fixes the following issues:
Security issue fixed:

Fixed a denial of service in the dissection engine (bsc#1136021).

Advisory ID	SUSE-RU-2019:1616-1
Released	Fri Jun 21 11:04:39 2019
Summary	Recommended update for rpcbind
Type	recommended
Severity	moderate
References	1134659

Description:

This update for rpcbind fixes the following issues:

Change rpcbind locking path from /var/run/rpcbind.lock to /run/rpcbind.lock. (bsc#1134659)
Change the order of socket/service in the %postun scriptlet to avoid an error from rpcbind.socket when rpcbind is running during package update.

Advisory ID	SUSE-RU-2019:1631-1
Released	Fri Jun 21 11:17:21 2019
Summary	Recommended update for xz
Type	recommended
Severity	low
References	1135709

Description:

This update for xz fixes the following issues:
Add SUSE-Public-Domain licence as some parts of xz utils (liblzma, xz, xzdec, lzmadec, documentation, translated messages, tests, debug, extra directory) are in public domain licence [bsc#1135709]

Advisory ID	SUSE-RU-2019:1728-1
Released	Tue Jul 2 17:35:39 2019
Summary	Recommended update for openssl-1_0_0
Type	recommended
Severity	moderate
References	1130041

Description:

This update for openssl-1_0_0 fixes the following issues:

Add back the steam subpackage on openSUSE Leap 15 whose openssl-1_0_0 package is inherited from this package (bsc#1130041)

This update also ships openssl-1_0_0 to the SUSE Manager Client Tools 15 repository, to be used for phantomjs / grafana.

Advisory ID	SUSE-RU-2019:1741-1
Released	Wed Jul 3 21:13:18 2019
Summary	Recommended update for perl-Tk
Type	recommended
Severity	moderate
References	1134134

Description:

This update for perl-Tk fixes the following issues:

Tk::Photo importer fails on some XPM files. (bsc#1134134)

Advisory ID	SUSE-RU-2019:1747-1
Released	Thu Jul 4 11:44:06 2019
Summary	Recommended update for cluster-glue
Type	recommended
Severity	moderate
References	1131545

Description:

This update for cluster-glue fixes the following issues:

Directory /var/run/heartbeat/rsctmp will now get created if it doesn't exist (bsc#1131545)

Advisory ID	SUSE-SU-2019:1750-1
Released	Thu Jul 4 16:07:32 2019
Summary	Security update for libu2f-host, pam_u2f
Type	security
Severity	moderate
References	1128140,1135727,1135729,CVE-2019-12209,CVE-2019-12210,CVE-2019-9578

Description:

This update for libu2f-host and pam_u2f to version 1.0.8 fixes the following issues:
Security issues fixed for libu2f-host:

CVE-2019-9578: Fixed a memory leak due to a wrong parse of init's response (bsc#1128140).

Security issues fixed for pam_u2f:

CVE-2019-12209: Fixed an issue where symlinks in the user's directory were followed (bsc#1135729).
CVE-2019-12210: Fixed file descriptor leaks (bsc#1135727).

Advisory ID	SUSE-SU-2019:1776-1
Released	Mon Jul 8 18:18:37 2019
Summary	Security update for zeromq
Type	security
Severity	important
References	1082318,1140255,CVE-2019-13132

Description:

This update for zeromq fixes the following issues:

CVE-2019-13132: An unauthenticated remote attacker could have exploited a stack overflow vulnerability on a server that is supposed to be protected by encryption and authentication to potentially gain a remote code execution. (bsc#1140255)

Correctly mark license files as licence instead of documentation (bsc#1082318)

Advisory ID	SUSE-RU-2019:1780-1
Released	Mon Jul 8 20:24:24 2019
Summary	Recommended update for icewm
Type	recommended
Severity	moderate
References	1076817

Description:

This update for icewm fixes the following issues:

Disabled icewm's suspend function in order to allow systemd the handling of power key events (bsc#1076817)

Advisory ID	SUSE-RU-2019:1795-1
Released	Tue Jul 9 23:39:25 2019
Summary	Recommended update for saptune
Type	recommended
Severity	moderate
References	1116799,1123808,1124485,1124486,1124487,1124488,1124489,1126220,1128322,1128325

Description:

This update for saptune fixes the following issues:

Resetting all values to clean the system during package removal

Fix saptune issues with /etc/security/limits.conf. (bsc#1124485)

Add deprecated message to the description of some notes set scheduler for note SUSE-GUIDE-01 correctly.(bsc#1123808)

Ship both versions of saptune in one package to support a smooth migration controlled by the customer. See man saptune-migrate(5) for more information.

Support note name changes and note deletion during update of saptune v2 from SLE12 to SLE15.

Support different SAP Note definitions and solution definitions related to the used operation system version (distinguish between SLE12 and SLE15 at the moment)

Remove calculation of optimized values, only set the values from the configuration file irrespective of the current system value. Current system value can be increase or decrease. ATTENTION: saptune no longer respects higher system values. Use the override option to change the values of the Note definition files, if needed. (bsc#1124488)
Mark the Notes SUSE-GUIDE-01 and SUSE-GUIDE-02 as deprecated in saptune v1 and remove these Note definitions from saptune v2. (bsc#1116799)

Add bash-completion for saptune.

Add action 'show' to the 'note' operation to print content of the note definition file to stdout.

Add new action 'create' to support the customer/vendor while creating a vendor or customer specific file in /etc/saptune/extra using the template file /usr/share/saptune/NoteTemplate.conf

Simplify file name syntax for the vendor files available in /etc/saptune/extra. Old file names still valid and supported.

Add header support (version, date, description) for the vendor files available in /etc/saptune/extra as already available for the note definition files in /usr/share/saptune/notes

No longer write or remove entries from /etc/security/limits.conf. Instead add or remove drop-in files in /etc/security/limits.d The filename syntax for the drop-in files /etc/security/limits.d is saptune---.conf. The limits entry syntax inside the Note definition files changed to support more than one limits settings in the definition file. (bsc#1128322)
Preserve comment sections of the security limits file /etc/security/limits.conf. Especially, if this is the only content of the file. (bsc#1124485)

Work with the current Note definition file to define the pagecache settings. (bsc#1126220)

Setting of UserTaskMax by applying the related SAP Notes in the postinstall of the package. (bsc#1124489)

Starting to support severities INFO, WARNING, ERROR and DEBUG for the logging and add a defined format for the log messages.

Remove saptune as active tuned profile during action 'saptune daemon stop' - start/stop services, if requested by SAP Notes, but do not enable/disable these services. (bsc#1128325)

Adapt the parameter oriented save state file handling (store and revert) to the special needs of the security limits parameter. (bsc#1124485)

Disable parameter settings using an override file. (bsc#1124486)

Store the order of the note as they are applied to get the same system tuning result after a system reboot as before.

Correct the revert of the vm.dirty parameters by handling their counterpart parameters in addition. (bsc#1124487)

Adjust operation customize to the new configuration files and override location and enable customize option for vendor and customer specific files in /etc/saptune/extra. (bsc#1124487)

Change output format of the operations list, verify and simulate. (bsc#1124487)

Display footnotes during 'verify' and 'simulate'. (bsc#1124487)

Remove Netweaver formula for page cache calculation. Use the HANA approach '2% system memory' for both.

Display a warning message, if a [block] section is found in the Note definition file because on systems with a huge number of block devices this operation may take some time.

Add force_latency handling to 'cpu' section. Use the files in /sys/devices/system/cpu/cpu* instead of /dev/cpu_dma_latency.

Remove the parameter from the tuned.conf file and add it to the SAP note files '1984787' and '2205917'

Add action 'saptune revert all' and add parameter based saved state files to support proper revert functionality. (bsc#1124487)

Add override file handling for the solution definition using /etc/saptune/override/solution. (bsc#1124486)

Read solution definition from file /usr/share/saptune/solution instead of static coding inside of saptune. (bsc#1124486)

Make sure a note, which is part of an applied solution definition, but was reverted manually later, will NOT applied again after a system reboot.

One configuration file per SAP Note. (bsc#1124486)

Add new SAP Notes and adapt content of SAP Notes.

Handle different locations of the new configuration files (/usr/share/saptune/note, /etc/saptune/extra). (bsc#1124486)

Allow parameter override by the customer. (bsc#1124486)

Expand section handling of the 'ini file' handler to handle the new configuration file entries. Supported sections: version, reminder, login, mem, vm, block, limits, sysctl, pagecache, cpu, service, rpm, grub. (bsc#1124486)

Advisory ID	SUSE-SU-2019:1804-1
Released	Wed Jul 10 10:40:44 2019
Summary	Security update for ruby-bundled-gems-rpmhelper, ruby2.5
Type	security
Severity	important
References	1082007,1082008,1082009,1082010,1082011,1082014,1082058,1087433,1087434,1087436,1087437,1087440,1087441,1112530,1112532,1130028,1130611,1130617,1130620,1130622,1130623,1130627,1133790,CVE-2017-17742,CVE-2018-1000073,CVE-2018-1000074,CVE-2018-1000075,CVE-2018-1000076,CVE-2018-1000077,CVE-2018-1000078,CVE-2018-1000079,CVE-2018-16395,CVE-2018-16396,CVE-2018-6914,CVE-2018-8777,CVE-2018-8778,CVE-2018-8779,CVE-2018-8780,CVE-2019-8320,CVE-2019-8321,CVE-2019-8322,CVE-2019-8323,CVE-2019-8324,CVE-2019-8325

Description:

This update for ruby2.5 and ruby-bundled-gems-rpmhelper fixes the following issues:
Changes in ruby2.5:
Update to 2.5.5 and 2.5.4:
https://www.ruby-lang.org/en/news/2019/03/15/ruby-2-5-5-released/ https://www.ruby-lang.org/en/news/2019/03/13/ruby-2-5-4-released/
Security issues fixed:

CVE-2019-8320: Delete directory using symlink when decompressing tar (bsc#1130627)
CVE-2019-8321: Escape sequence injection vulnerability in verbose (bsc#1130623)
CVE-2019-8322: Escape sequence injection vulnerability in gem owner (bsc#1130622)
CVE-2019-8323: Escape sequence injection vulnerability in API response handling (bsc#1130620)
CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution (bsc#1130617)
CVE-2019-8325: Escape sequence injection vulnerability in errors (bsc#1130611)

Ruby 2.5 was updated to 2.5.3:
This release includes some bug fixes and some security fixes.
Security issues fixed:

CVE-2018-16396: Tainted flags are not propagated in Array#pack and String#unpack with some directives (bsc#1112532)
CVE-2018-16395: OpenSSL::X509::Name equality check does not work correctly (bsc#1112530)

Ruby 2.5 was updated to 2.5.1:
This release includes some bug fixes and some security fixes.
Security issues fixed:

CVE-2017-17742: HTTP response splitting in WEBrick (bsc#1087434)
CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir (bsc#1087441)
CVE-2018-8777: DoS by large request in WEBrick (bsc#1087436)
CVE-2018-8778: Buffer under-read in String#unpack (bsc#1087433)
CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket (bsc#1087440)
CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir (bsc#1087437)

Multiple vulnerabilities in RubyGems were fixed:

- CVE-2018-1000079: Fixed path traversal issue during gem installation allows to write to arbitrary filesystem locations (bsc#1082058) - CVE-2018-1000075: Fixed infinite loop vulnerability due to negative size in tar header causes Denial of Service (bsc#1082014) - CVE-2018-1000078: Fixed XSS vulnerability in homepage attribute when displayed via gem server (bsc#1082011) - CVE-2018-1000077: Fixed that missing URL validation on spec home attribute allows malicious gem to set an invalid homepage URL (bsc#1082010) - CVE-2018-1000076: Fixed improper verification of signatures in tarball allows to install mis-signed gem (bsc#1082009) - CVE-2018-1000074: Fixed unsafe Object Deserialization Vulnerability in gem owner allowing arbitrary code execution on specially crafted YAML (bsc#1082008) - CVE-2018-1000073: Fixed path traversal when writing to a symlinked basedir outside of the root (bsc#1082007)
Other changes:

Fixed Net::POPMail methods modify frozen literal when using default arg
ruby: change over of the Japanese Era to the new emperor May 1st 2019 (bsc#1133790)
build with PIE support (bsc#1130028)

Changes in ruby-bundled-gems-rpmhelper:

Add a new helper for bundled ruby gems.

Advisory ID	SUSE-RU-2019:1807-1
Released	Wed Jul 10 13:13:21 2019
Summary	Recommended update for java-11-openjdk
Type	recommended
Severity	moderate
References	1137264

Description:

This update ships the OpenJDK LTS version 11 in the java-11-openjdk packages. (FATE#326347 bsc#1137264)

Advisory ID	SUSE-RU-2019:1815-1
Released	Thu Jul 11 07:47:55 2019
Summary	Recommended update for timezone
Type	recommended
Severity	moderate
References	1140016

Description:

This update for timezone fixes the following issues:

Timezone update 2019b. (bsc#1140016): - Brazil no longer observes DST. - 'zic -b slim' outputs smaller TZif files. - Palestine's 2019 spring-forward transition was on 03-29, not 03-30. - Add info about the Crimea situation.

Advisory ID	SUSE-RU-2019:1864-1
Released	Wed Jul 17 12:22:37 2019
Summary	Recommended update for osc
Type	recommended
Severity	moderate
References	1138165

Description:

This update for osc fixes the following issues:

Version update to version 0.165.1 (bsc#1138165)

* fix oscssl 'urldefrag is not defined error' * osc release command now python3 compatible * add more decode logic in get_commitlog * osc add 'dir' in compressed mode now works with python3 * osc getbinaries now prints the output instead of using the quiet mode as a default

Advisory ID	SUSE-RU-2019:1892-1
Released	Thu Jul 18 15:54:35 2019
Summary	Recommended update for openslp
Type	recommended
Severity	moderate
References	1117969,1136136

Description:

This update for openslp fixes the following issues:

Use tcp connects to talk with other directory agents (DAs) (bsc#1117969)
Fix segfault in predicate match if a registered service has a malformed attribute list (bsc#1136136)

Advisory ID	SUSE-SU-2019:1894-1
Released	Thu Jul 18 16:18:10 2019
Summary	Security update for LibreOffice
Type	security
Severity	moderate
References	1089811,1116451,1121874,1123131,1123455,1124062,1124869,1127760,1127857,1128845,1135189,1135228,CVE-2018-16858

Description:

This update for libreoffice and libraries fixes the following issues:
LibreOffice was updated to 6.2.5.2 (fate#327121 bsc#1128845 bsc#1123455), bringing lots of bug and stability fixes.
Additional bugfixes:

If there is no firebird engine we still need java to run hsqldb (bsc#1135189)
PPTX: Rectangle turns from green to blue and loses transparency when transparency is set (bsc#1135228)
Slide deck compression doesn't, hmm, compress too much (bsc#1127760)
Psychedelic graphics in LibreOffice (but not PowerPoint) (bsc#1124869)
Image from PPTX shown in a square, not a circle (bsc#1121874)

libixion was updated to 0.14.1:

Updated for new orcus

liborcus was updated to 0.14.1:

Boost 1.67 support
Various cell handling issues fixed

libwps was updated to 0.4.10:

QuattroPro: add parser of .qwp files
all: support complex encoding

mdds was updated to 1.4.3:

Api change to 1.4
More multivector operations and tweaks
Various multi vector fixes
flat_segment_tree: add segment iterator and functions
fix to handle out-of-range insertions on flat_segment_tree
Another api version -> rename to mdds-1_2

myspell-dictionaries was updated to 20190423:

Serbian dictionary updated
Update af_ZA hunspell
Update Spanish dictionary
Update Slovenian dictionary
Update Breton dictionary
Update Galician dictionary

Advisory ID	SUSE-RU-2019:1916-1
Released	Mon Jul 22 08:44:01 2019
Summary	Recommended update for yast2-saptune
Type	recommended
Severity	moderate
References	1077615,1135879

Description:

This update for yast2-saptune fixes the following issues:

Fix to disable tuned daemon, if saptune is not configured (bsc#1135879)

Advisory ID	SUSE-SU-2019:1963-1
Released	Wed Jul 24 11:41:43 2019
Summary	Security update for openexr
Type	security
Severity	moderate
References	1040109,1040113,1040115,CVE-2017-9111,CVE-2017-9113,CVE-2017-9115

Description:

This update for openexr fixes the following issues:
Security issues fixed:

CVE-2017-9111: Fixed an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h (bsc#1040109).
CVE-2017-9113: Fixed an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp (bsc#1040113).
CVE-2017-9115: Fixed an invalid write of size 2 in the = operator function inhalf.h (bsc#1040115).

Advisory ID	SUSE-RU-2019:1998-1
Released	Fri Jul 26 16:13:22 2019
Summary	Recommended update for sysstat
Type	recommended
Severity	moderate
References	1138767

Description:

This update for sysstat fixes the following issues:

Fix scaling issue with mtab symlinks and automounter. (bsc#1138767)

Advisory ID	SUSE-RU-2019:2001-1
Released	Fri Jul 26 18:09:41 2019
Summary	Recommended update for docker
Type	recommended
Severity	important
References	1138920

Description:

This update for docker fixes the following issues:

Mark daemon.json as %config(noreplace) to not overwrite it during installation (bsc#1138920)

Advisory ID	SUSE-SU-2019:2002-1
Released	Mon Jul 29 13:00:27 2019
Summary	Security update for java-11-openjdk
Type	security
Severity	important
References	1115375,1140461,1141780,1141781,1141782,1141783,1141784,1141785,1141787,1141788,1141789,CVE-2019-2745,CVE-2019-2762,CVE-2019-2766,CVE-2019-2769,CVE-2019-2786,CVE-2019-2816,CVE-2019-2818,CVE-2019-2821,CVE-2019-7317

Description:

This update for java-11-openjdk to version jdk-11.0.4+11 fixes the following issues:
Security issues fixed:

CVE-2019-2745: Improved ECC Implementation (bsc#1141784).
CVE-2019-2762: Exceptional throw cases (bsc#1141782).
CVE-2019-2766: Improve file protocol handling (bsc#1141789).
CVE-2019-2769: Better copies of CopiesList (bsc#1141783).
CVE-2019-2786: More limited privilege usage (bsc#1141787).
CVE-2019-7317: Improve PNG support options (bsc#1141780).
CVE-2019-2818: Better Poly1305 support (bsc#1141788).
CVE-2019-2816: Normalize normalization (bsc#1141785).
CVE-2019-2821: Improve TLS negotiation (bsc#1141781).
Certificate validation improvements

Non-security issues fixed:

Do not fail installation when the manpages are not present (bsc#1115375)
Backport upstream fix for JDK-8208602: Cannot read PEM X.509 cert if there is whitespace after the header or footer (bsc#1140461)

Advisory ID	SUSE-SU-2019:2003-1
Released	Mon Jul 29 13:01:22 2019
Summary	Security update for libreoffice
Type	security
Severity	important
References	1110348,1112112,1112113,1112114,1116451,1117195,1117300,1121874,1123131,1123455,1124062,1124658,1124869,1127760,1127857,1128845,1135189,1135228,882383,CVE-2018-16858

Description:

This update for libreoffice fixes the following issues:
LibreOffice was updated to 6.2.5.2 (fate#327121).
Security issue fixed:

CVE-2018-16858: LibreOffice was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location. (bsc#1124062)

Other bugfixes:

If there is no firebird engine we still need java to run hsqldb (bsc#1135189)
Require firebird as default driver for base if enabled
PPTX: Rectangle turns from green to blue and loses transparency when transparency is set (bsc1135228)
Slide deck compression doesn't, hmm, compress too much (bsc#1127760)
Psychedelic graphics in LibreOffice (but not PowerPoint) (bsc#1124869)
Image from PPTX shown in a square, not a circle (bsc#1121874)
Switch to the new web based help system bsc#1116451
Enable new approach for mariadb connector again
PPTX: SmartArt: Basic rendering of the Organizational Chart (bsc#1112114)
PPTX: SmartArt: Basic rendering of Accent Process and Continuous Block Process (bsc#1112113)
Saving a new document can silently overwrite an existing document (bsc#1117300)
Install also C++ libreofficekit headers bsc#1117195
Chart in PPTX lacks color and is too large (bsc#882383)
PPTX: SmartArt: Basic rendering of several list types (bsc#1112112)
PPTX: Charts having weird/darker/ugly background versus Office 365 and strange artefacts where overlapping (bsc#1110348)

Advisory ID	SUSE-RU-2019:2005-1
Released	Mon Jul 29 13:02:15 2019
Summary	Recommended update for cloud-init
Type	recommended
Severity	moderate
References	1116767,1119397,1121878,1123694,1125950,1125992,1126101,1132692,1136440

Description:

This update for cloud-init fixes the following issues:

Fixes a bug where only the last defined route was written to the routes configuration file (bsc#1132692)
Fixes a bug where a new network rules file for network devices didn't apply immediately (bsc#1125950)
Improved the writing of route config files to avoid issues (bsc#1125992)
Fixes a bug where OpenStack instances where not detected on VIO (bsc#1136440)
Fixes a bug where IPv4 and IPv6 were not set up as default routes (bsc#1121878)
Added a fix to prevent the resolv.conf to be empty (bsc#1119397)
Uses now the proper name to designate IPv6 addresses in ifcfg-* files (bsc#1126101)
Fixes an issue where the ifroute-eth0 file got corrupted when cloning an existing instance (bsc#1123694)

Some more fixes were included within the 19.1 update of cloud-init. Please refer to the package changelog for more details.

Advisory ID	SUSE-SU-2019:2020-1
Released	Tue Jul 30 13:18:31 2019
Summary	Security update for mariadb, mariadb-connector-c
Type	security
Severity	important
References	1126088,1132666,1136035,CVE-2019-2614,CVE-2019-2627,CVE-2019-2628

Description:

This update for mariadb and mariadb-connector-c fixes the following issues:
mariadb:

Update to version 10.2.25 (bsc#1136035)
CVE-2019-2628: Fixed a remote denial of service by an privileged attacker (bsc#1136035).
CVE-2019-2627: Fixed another remote denial of service by an privileged attacker (bsc#1136035).
CVE-2019-2614: Fixed a potential remote denial of service by an privileged attacker (bsc#1136035).
Fixed reading options for multiple instances if my${INSTANCE}.cnf is used (bsc#1132666)

mariadb-connector-c:

Update to version 3.1.2 (bsc#1136035)
Moved libmariadb.pc from /usr/lib/pkgconfig to /usr/lib64/pkgconfig for x86_64 (bsc#1126088)

Advisory ID	SUSE-SU-2019:2021-1
Released	Tue Jul 30 16:38:55 2019
Summary	Security update for java-1_8_0-openjdk
Type	security
Severity	important
References	1115375,1141780,1141782,1141783,1141784,1141785,1141786,1141787,1141789,CVE-2019-2745,CVE-2019-2762,CVE-2019-2766,CVE-2019-2769,CVE-2019-2786,CVE-2019-2816,CVE-2019-2842,CVE-2019-7317

Description:

This update for java-1_8_0-openjdk to version 8u222 fixes the following issues:
Security issues fixed:

CVE-2019-2745: Improved ECC Implementation (bsc#1141784).
CVE-2019-2762: Exceptional throw cases (bsc#1141782).
CVE-2019-2766: Improve file protocol handling (bsc#1141789).
CVE-2019-2769: Better copies of CopiesList (bsc#1141783).
CVE-2019-2786: More limited privilege usage (bsc#1141787).
CVE-2019-2816: Normalize normalization (bsc#1141785).
CVE-2019-2842: Extended AES support (bsc#1141786).
CVE-2019-7317: Improve PNG support (bsc#1141780).
Certificate validation improvements

Non-security issue fixed:

Fixed an issue where the installation failed when the manpages are not present (bsc#1115375)

Advisory ID	SUSE-RU-2019:2039-1
Released	Fri Aug 2 08:34:40 2019
Summary	Recommended update for transfig
Type	recommended
Severity	moderate
References	1136882

Description:

This update for transfig fixes the following issues:

Fix export to PDF, PNG from. (bsc#1136882)

Advisory ID	SUSE-SU-2019:2043-1
Released	Fri Aug 2 15:18:37 2019
Summary	Security update for openexr
Type	security
Severity	moderate
References	1061305,CVE-2017-14988

Description:

This update for openexr fixes the following issues:

CVE-2017-14988: Fixed a denial of service in Header::readfrom() (bsc#1061305).

Advisory ID	SUSE-RU-2019:2060-1
Released	Tue Aug 6 14:27:41 2019
Summary	Recommended update for libreoffice-share-linker
Type	recommended
Severity	moderate
References	1139727

Description:

This update for libreoffice-share-linker fixes the following issues:

Work with paranoid umask settings. (bsc#1139727)

Advisory ID	SUSE-RU-2019:2061-1
Released	Tue Aug 6 14:28:33 2019
Summary	Recommended update for several bugs for Hawk2
Type	recommended
Severity	moderate
References	1089802,1137891

Description:

Update for Hawk2 for the following issues: - Fix display in case of nameless cluster (bsc#1137891) - Fix utility method for checking ACL version in Hawk (bsc#1089802)

Advisory ID	SUSE-SU-2019:2067-1
Released	Tue Aug 6 17:22:07 2019
Summary	Security update for osc
Type	security
Severity	important
References	1129889,1138977,1140697,1142518,1142662,1144211,CVE-2019-3685

Description:

This update for osc to version 0.165.4 fixes the following issues:
Security issue fixed:

CVE-2019-3685: Fixed broken TLS certificate handling allowing for a Man-in-the-middle attack (bsc#1142518).

Non-security issues fixed:

support different token operations (runservice, release and rebuild) (requires OBS 2.10)
fix osc token decode error
offline build mode is now really offline and does not try to download the buildconfig
osc build -define now works with python3
fixes an issue where the error message on osc meta -e was not parsed correctly
osc maintainer -s now works with python3
simplified and fixed osc meta -e (bsc#1138977)
osc lbl now works with non utf8 encoding (bsc#1129889)
add simpleimage as local build type
allow optional fork when creating a maintenance request
fix RPMError fallback
fix local caching for all package formats
fix appname for trusted cert store
osc -h does not break anymore when using plugins
switch to difflib.diff_bytes and sys.stdout.buffer.write for diffing. This will fix all decoding issues with osc diff, osc ci and osc rq -d
fix osc ls -lb handling empty size and mtime
removed decoding on osc api command.

Advisory ID	SUSE-RU-2019:2077-1
Released	Wed Aug 7 10:54:05 2019
Summary	Recommended update for wireless-regdb
Type	recommended
Severity	moderate
References	1138177

Description:

This update for wireless-regdb fixes the following issues:

Update to version 2019.06.03 (bsc#1138177): * Expand 60 GHz band for Japan to 57-66 GHz * update source of information for CU * Update regulatory rules for South Korea * Update regulatory rules for Japan (JP) on 5GHz * update source of information for ES

Advisory ID	SUSE-RU-2019:2094-1
Released	Fri Aug 9 06:56:18 2019
Summary	Recommended update for glm
Type	recommended
Severity	moderate
References	1135667

Description:

This update for glm fixes the following issues:

Create a glm.pc file (fixes bsc#1135667)

Advisory ID	SUSE-RU-2019:2095-1
Released	Fri Aug 9 06:56:48 2019
Summary	Recommended update for container-suseconnect
Type	recommended
Severity	moderate
References	1138731

Description:

This update for container-suseconnect fixes the following issues:
container-suseconnect was updated to 2.1.0 (bsc#1138731), fixing interacting with SCC behind proxy and SMT.

Advisory ID	SUSE-RU-2019:2096-1
Released	Fri Aug 9 06:57:23 2019
Summary	Recommended update for docker-img-store-setup
Type	recommended
Severity	moderate
References	1138201

Description:

This update for docker-img-store-setup fixes the following issues:

Support creation of the container storage filesystem with XFS to use the overlay fs driver. (bsc#1138201)

Advisory ID	SUSE-SU-2019:2103-1
Released	Fri Aug 9 13:16:36 2019
Summary	Security update for wireshark
Type	security
Severity	moderate
References	1141980,CVE-2019-13619

Description:

This update for wireshark to version 2.4.16 fixes the following issues:
Security issue fixed:

CVE-2019-13619: ASN.1 BER and related dissectors crash (bsc#1141980).

Advisory ID	SUSE-RU-2019:2116-1
Released	Tue Aug 13 07:43:01 2019
Summary	Recommended update for aide
Type	recommended
Severity	moderate
References	1098360

Description:

This update for aide fixes the following issues:

Remove not available gcrypt algorithm 7 DB_HAVAL (bsc#1098360).

Advisory ID	SUSE-SU-2019:2117-1
Released	Tue Aug 13 14:56:55 2019
Summary	Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork
Type	security
Severity	important
References	1100331,1121967,1138920,1139649,1142160,1142413,1143409,CVE-2018-10892,CVE-2019-13509,CVE-2019-14271,CVE-2019-5736

Description:

This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues:
Docker:

CVE-2019-14271: Fixed a code injection if the nsswitch facility dynamically loaded a library inside a chroot (bsc#1143409).
CVE-2019-13509: Fixed an information leak in the debug log (bsc#1142160).
Update to version 19.03.1-ce, see changelog at /usr/share/doc/packages/docker/CHANGELOG.md (bsc#1142413, bsc#1139649).

runc:

Use %config(noreplace) for /etc/docker/daemon.json (bsc#1138920).
Update to runc 425e105d5a03, which is required by Docker (bsc#1139649).

containerd:

CVE-2019-5736: Fixed a container breakout vulnerability (bsc#1121967).
Update to containerd v1.2.6, which is required by docker (bsc#1139649).

golang-github-docker-libnetwork:

Update to version git.fc5a7d91d54cc98f64fc28f9e288b46a0bee756c, which is required by docker (bsc#1142413, bsc#1139649).

Advisory ID	SUSE-OU-2019:2121-1
Released	Wed Aug 14 11:17:51 2019
Summary	Optional update for susemanager-cloud-setup
Type	optional
Severity	moderate
References	1138254

Description:

This is the initial release of the susemanager-cloud-setup packages (bsc#1138254, fate#327820)

Advisory ID	SUSE-RU-2019:2122-1
Released	Wed Aug 14 11:17:59 2019
Summary	Recommended update for lifecycle-data-sle-module-live-patching
Type	recommended
Severity	moderate
References	1020320

Description:

This update for lifecycle-data-sle-module-live-patching fixes the following issues:

Added data for 4_12_14-150_14, 4_12_14-150_17, 4_12_14-150_22, 4_12_14-195, 4_12_14-197_4, 4_12_14-197_7, 4_12_14-25_28. (bsc#1020320)

Advisory ID	SUSE-RU-2019:2134-1
Released	Wed Aug 14 11:54:56 2019
Summary	Recommended update for zlib
Type	recommended
Severity	moderate
References	1136717,1137624,1141059,SLE-5807

Description:

This update for zlib fixes the following issues:

Update the s390 patchset. (bsc#1137624)
Tweak zlib-power8 to have type of crc32_vpmsum conform to usage. (bsc#1141059)
Use FAT LTO objects in order to provide proper static library.
Do not enable the previous patchset on s390 but just s390x. (bsc#1137624)
Add patchset for s390 improvements. (jsc#SLE-5807, bsc#1136717)

Advisory ID	SUSE-RU-2019:2139-1
Released	Wed Aug 14 12:53:22 2019
Summary	Recommended update for google-compute-engine
Type	recommended
Severity	moderate
References	1144092,1144170

Description:

This update for google-compute-engine fixes the following issues:

updated to version 20190801 (bsc#1144092, bsc#1144170) * Fix for 2FA on RHEL 8 * Support for Debian 10 * Support for Google Private Access over IPv6 * Support root disk expansion in RHEL 8 and Debian 10

Some more minor bug fixes were included in this maintenance update. The full list can be retrieved from this rpm's changelog file.

Advisory ID	SUSE-RU-2019:2141-1
Released	Wed Aug 14 14:45:18 2019
Summary	Recommended update for cloud-regionsrv-client
Type	recommended
Severity	moderate
References	1136112,1136113,1137384,1137385

Description:

This update for cloud-regionsrv-client fixes the following issues:

If the credentials are not valid, an error is issued and the user is instructed to re-register the system
Fixes a bug where the registration client aborted with a traceback when the instance data cannot be retrieved (bsc#1137384, bsc#1137385)

This maintenance update for cloud-regionsrv-client includes some more smaller bug fixes as well. Please refer to this rpm's changelog file to receive a full list of all changes.

Advisory ID	SUSE-RU-2019:2142-1
Released	Wed Aug 14 18:14:04 2019
Summary	Recommended update for mozilla-nspr, mozilla-nss
Type	recommended
Severity	moderate
References	1141322

Description:

This update for mozilla-nspr, mozilla-nss fixes the following issues:
mozilla-nss was updated to NSS 3.45 (bsc#1141322) :

New function in pk11pub.h: PK11_FindRawCertsWithSubject
The following CA certificates were Removed: CN = Certinomis - Root CA (bmo#1552374)
Implement Delegated Credentials (draft-ietf-tls-subcerts) (bmo#1540403) This adds a new experimental function SSL_DelegateCredential Note: In 3.45, selfserv does not yet support delegated credentials (See bmo#1548360). Note: In 3.45 the SSLChannelInfo is left unmodified, while an upcoming change in 3.46 will set SSLChannelInfo.authKeyBits to that of the delegated credential for better policy enforcement (See bmo#1563078).
Replace ARM32 Curve25519 implementation with one from fiat-crypto (bmo#1550579)
Expose a function PK11_FindRawCertsWithSubject for finding certificates with a given subject on a given slot (bmo#1552262)
Add IPSEC IKE support to softoken (bmo#1546229)
Add support for the Elbrus lcc compiler (<=1.23) (bmo#1554616)
Expose an external clock for SSL (bmo#1543874) This adds new experimental functions: SSL_SetTimeFunc, SSL_CreateAntiReplayContext, SSL_SetAntiReplayContext, and SSL_ReleaseAntiReplayContext. The experimental function SSL_InitAntiReplay is removed.
Various changes in response to the ongoing FIPS review (bmo#1546477) Note: The source package size has increased substantially due to the new FIPS test vectors. This will likely prompt follow-on work, but please accept our apologies in the meantime.

mozilla-nspr was updated to version 4.21

Changed prbit.h to use builtin function on aarch64.
Removed Gonk/B2G references.

Advisory ID	SUSE-RU-2019:2145-1
Released	Thu Aug 15 07:33:19 2019
Summary	Recommended update for python3-susepubliccloudinfo
Type	recommended
Severity	moderate
References	1144100,1144102

Description:

This update for python3-susepubliccloudinfo fixes the following issues:

Added support for 'oracle' framework for images only (bsc#1144100, bsc#1144102)

Advisory ID	SUSE-RU-2019:2188-1
Released	Wed Aug 21 10:10:29 2019
Summary	Recommended update for aaa_base
Type	recommended
Severity	moderate
References	1140647

Description:

This update for aaa_base fixes the following issues:

Make systemd detection cgroup oblivious. (bsc#1140647)

Advisory ID	SUSE-RU-2019:2189-1
Released	Wed Aug 21 10:12:23 2019
Summary	Recommended update for sysstat
Type	recommended
Severity	moderate
References	1142470

Description:

This update for sysstat fixes the following issues:

Remove deprecated gettext and require gettext-runtime during build only. (bsc#1142470)

Advisory ID	SUSE-SU-2019:2191-1
Released	Wed Aug 21 17:59:24 2019
Summary	Security update for wavpack
Type	security
Severity	low
References	1133384,1141334,CVE-2019-1010319,CVE-2019-11498

Description:

This update for wavpack fixes the following issues:
Security issues fixed:

CVE-2019-1010319: Fixed use of uninitialized variable in ParseWave64HeaderConfig that can result in unexpected control flow, crashes, and segfaults (bsc#1141334).
CVE-2019-11498: Fixed possible denial of service (application crash) in WavpackSetConfiguration64 via a DFF file that lacks valid sample-rate data (bsc#1133384).

Advisory ID	SUSE-RU-2019:2198-1
Released	Thu Aug 22 14:35:15 2019
Summary	Recommended update for cloud-regionsrv-client
Type	recommended
Severity	important
References	1144754,1146321,1146462,1146463,1146467,1146468,1146610

Description:

This update for cloud-regionsrv-client fixes the following issues:

Adds a dependency to python3-urllib3 (bsc#1146610, bsc#1146321, bsc#1144754)
Fixes an issue where the registration client exited with a traceback since the last update (bsc#1146462, bsc#1146463)
Clear the new-registration marker if the instance has a cache of update servers (bsc#1146467, bsc#1146468)

Advisory ID	SUSE-RU-2019:2200-1
Released	Thu Aug 22 14:36:04 2019
Summary	Recommended update for quota
Type	recommended
Severity	low
References	1144265

Description:

This update for quota fixes the following issues:

quota will stop processing the config file in case of errors (bsc#1144265)

Advisory ID	SUSE-RU-2019:2218-1
Released	Mon Aug 26 11:29:57 2019
Summary	Recommended update for pinentry
Type	recommended
Severity	moderate
References	1141883

Description:

This update for pinentry fixes the following issues:

Fix a dangling pointer in qt/main.cpp that caused crashes. (bsc#1141883)

Advisory ID	SUSE-SU-2019:2223-1
Released	Tue Aug 27 15:42:56 2019
Summary	Security update for podman, slirp4netns and libcontainers-common
Type	security
Severity	moderate
References	1096726,1123156,1123387,1135460,1136974,1137860,1143386,CVE-2018-15664,CVE-2019-10152,CVE-2019-6778

Description:

This is a version update for podman to version 1.4.4 (bsc#1143386).
Additional changes by SUSE on top:

Remove fuse-overlayfs because it's (currently) an unsatisfied dependency on SLE (bsc#1143386)
Update libpod.conf to use correct infra_command
Update libpod.conf to use better versioned pause container
Update libpod.conf to use official kubic pause container
Update libpod.conf to match latest features set: detach_keys, lock_type, runtime_supports_json
Add podman-remote varlink client

Version update podman to v1.4.4:

Features

- Podman now has greatly improved support for containers using multiple OCI runtimes. Containers now remember if they were created with a different runtime using --runtime and will always use that runtime - The cached and delegated options for volume mounts are now allowed for Docker compatability (#3340) - The podman diff command now supports the --latest flag

Bugfixes

- Fixed a bug where rootless Podman would attempt to use the entire root configuration if no rootless configuration was present for the user, breaking rootless Podman for new installations - Fixed a bug where rootless Podman's pause process would block SIGTERM, preventing graceful system shutdown and hanging until the system's init send SIGKILL - Fixed a bug where running Podman as root with sudo -E would not work after running rootless Podman at least once - Fixed a bug where options for tmpfs volumes added with the --tmpfs flag were being ignored - Fixed a bug where images with no layers could not properly be displayed and removed by Podman - Fixed a bug where locks were not properly freed on failure to create a container or pod - Fixed a bug where podman cp on a single file would create a directory at the target and place the file in it (#3384) - Fixed a bug where podman inspect --format '{{.Mounts}}' would print a hexadecimal address instead of a container's mounts - Fixed a bug where rootless Podman would not add an entry to container's /etc/hosts files for their own hostname (#3405) - Fixed a bug where podman ps --sync would segfault (#3411) - Fixed a bug where podman generate kube would produce an invalid ports configuration (#3408)

Misc

- Updated containers/storage to v1.12.13 - Podman now performs much better on systems with heavy I/O load - The --cgroup-manager flag to podman now shows the correct default setting in help if the default was overridden by libpod.conf - For backwards compatability, setting --log-driver=json-file in podman run is now supported as an alias for --log-driver=k8s-file. This is considered deprecated, and json-file will be moved to a new implementation in the future ([#3363](https://github.com/containers/libpo\ d/issues/3363)) - Podman's default libpod.conf file now allows the crun OCI runtime to be used if it is installed
Update podman to v1.4.2:

Fixed a bug where Podman could not run containers using an older version of Systemd as init
Updated vendored Buildah to v1.9.0 to resolve a critical bug with Dockerfile RUN instructions
The error message for running podman kill on containers that are not running has been improved
Podman remote client can now log to a file if syslog is not available
The podman exec command now sets its error code differently based on whether the container does not exist, and the command in the container does not exist
The podman inspect command on containers now outputs Mounts JSON that matches that of docker inspect, only including user-specified volumes and differentiating bind mounts and named volumes
The podman inspect command now reports the path to a container's OCI spec with the OCIConfigPath key (only included when the container is initialized or running)
The podman run --mount command now supports the bind-nonrecursive option for bind mounts
Fixed a bug where podman play kube would fail to create containers due to an unspecified log driver
Fixed a bug where Podman would fail to build with musl libc
Fixed a bug where rootless Podman using slirp4netns networking in an environment with no nameservers on the host other than localhost would result in nonfunctional networking
Fixed a bug where podman import would not properly set environment variables, discarding their values and retaining only keys
Fixed a bug where Podman would fail to run when built with Apparmor support but run on systems without the Apparmor kernel module loaded
Remote Podman will now default the username it uses to log in to remote systems to the username of the current user
Podman now uses JSON logging with OCI runtimes that support it, allowing for better error reporting
Updated vendored containers/image to v2.0
Update conmon to v0.3.0
Support OOM Monitor under cgroup V2
Add config binary and make target for configuring conmon with a go library for importing values

Updated podman to version 1.4.0 (bsc#1137860) and (bsc#1135460)

Podman checkpoint and podman restore commands can now be used to migrate containers between Podman installations on different systems.
The podman cp now supports pause flag.
The remote client now supports a configuration file for pre-configuring connections to remote Podman installations
CVE-2019-10152: Fixed an iproper dereference of symlinks of the the podman cp command which introduced in version 1.1.0 (bsc#1136974).
Fixed a bug where podman commit could improperly set environment variables that contained = characters
Fixed a bug where rootless podman would sometimes fail to start containers with forwarded ports
Fixed a bug where podman version on the remote client could segfault
Fixed a bug where podman container runlabel would use /proc/self/exe instead of the path of the Podman command when printing the command being executed
Fixed a bug where filtering images by label did not work
Fixed a bug where specifying a bing mount or tmpfs mount over an image volume would cause a container to be unable to start
Fixed a bug where podman generate kube did not work with containers with named volumes
Fixed a bug where rootless podman would receive permission denied errors accessing conmon.pid
Fixed a bug where podman cp with a folder specified as target would replace the folder, as opposed to copying into it
Fixed a bug where rootless Podman commands could double-unlock a lock, causing a crash
Fixed a bug where podman incorrectly set tmpcopyup on /dev/ mounts, causing errors when using the Kata containers runtime
Fixed a bug where podman exec would fail on older kernels
Podman commit command is now usable with the Podman remote client
Signature-policy flag has been deprecated
Updated vendored containers/storage and containers/image libraries with numerous bugfixes
Updated vendored Buildah to v1.8.3
Podman now requires Conmon v0.2.0
The podman cp command is now aliased as podman container cp
Rootless podman will now default init_path using root Podman's configuration files (/etc/containers/libpod.conf and /usr/share/containers/libpod.conf) if not overridden in the rootless configuration
Added fuse-overlayfs dependency to support overlay based rootless image manipulations
The podman cp command can now read input redirected to STDIN, and output to STDOUT instead of a file, using - instead of an argument.
The podman remote client now displays version information from both the client and server in podman version
The podman unshare command has been added, allowing easy entry into the user namespace set up by rootless Podman (allowing the removal of files created by rootless podman, among other things)
Fixed a bug where Podman containers with the --rm flag were removing created volumes when they were automatically removed
Fixed a bug where container and pod locks were incorrectly marked as released after a system reboot, causing errors on container and pod removal
Fixed a bug where Podman pods could not be removed if any container in the pod encountered an error during removal
Fixed a bug where Podman pods run with the cgroupfs CGroup driver would encounter a race condition during removal, potentially failing to remove the pod CGroup
Fixed a bug where the podman container checkpoint and podman container restore commands were not visible in the remote client
Fixed a bug where podman remote ps --ns would not print the container's namespaces
Fixed a bug where removing stopped containers with healthchecks could cause an error
Fixed a bug where the default libpod.conf file was causing parsing errors
Fixed a bug where pod locks were not being freed when pods were removed, potentially leading to lock exhaustion
Fixed a bug where 'podman run' with SD_NOTIFY set could, on short-running containers, create an inconsistent state rendering the container unusable
The remote Podman client now uses the Varlink bridge to establish remote connections by default
Fixed an issue with apparmor_parser (bsc#1123387)

Update to libpod v1.4.0 (bsc#1137860):
The podman checkpoint and podman restore commands can now be used to migrate containers between Podman installations on different systems
The podman cp command now supports a pause flag to pause containers while copying into them
The remote client now supports a configuration file for pre-configuring connections to remote Podman installations
Fixed CVE-2019-10152 - The podman cp command improperly dereferenced symlinks in host context
Fixed a bug where podman commit could improperly set environment variables that contained = characters
Fixed a bug where rootless Podman would sometimes fail to start containers with forwarded ports
Fixed a bug where podman version on the remote client could segfault
Fixed a bug where podman container runlabel would use /proc/self/exe instead of the path of the Podman command when printing the command being executed
Fixed a bug where filtering images by label did not work
Fixed a bug where specifying a bing mount or tmpfs mount over an image volume would cause a container to be unable to start
Fixed a bug where podman generate kube did not work with containers with named volumes
Fixed a bug where rootless Podman would receive permission denied errors accessing conmon.pid
Fixed a bug where podman cp with a folder specified as target would replace the folder, as opposed to copying into it
Fixed a bug where rootless Podman commands could double-unlock a lock, causing a crash
Fixed a bug where Podman incorrectly set tmpcopyup on /dev/ mounts, causing errors when using the Kata containers runtime
Fixed a bug where podman exec would fail on older kernels
The podman commit command is now usable with the Podman remote client
The --signature-policy flag (used with several image-related commands) has been deprecated
The podman unshare command now defines two environment variables in the spawned shell: CONTAINERS_RUNROOT and CONTAINERS_GRAPHROOT, pointing to temporary and permanent storage for rootless containers
Updated vendored containers/storage and containers/image libraries with numerous bugfixes
Updated vendored Buildah to v1.8.3
Podman now requires Conmon v0.2.0
The podman cp command is now aliased as podman container cp
Rootless Podman will now default init_path using root Podman's configuration files (/etc/containers/libpod.conf and /usr/share/containers/libpod.conf) if not overridden in the rootless configuration

Update to image v1.5.1
Vendor in latest containers/storage
docker/docker_client: Drop redundant Domain(ref.ref) call
pkg/blobinfocache: Split implementations into subpackages
copy: progress bar: show messages on completion
docs: rename manpages to *.5.command
add container-certs.d.md manpage
pkg/docker/config: Bring auth tests from docker/docker_client_test
Don't allocate a sync.Mutex separately

Update to storage v1.12.10:

Add function to parse out mount options from graphdriver
Merge the disparate parts of all of the Unix-like lockfiles
Fix unix-but-not-Linux compilation
Return XDG_RUNTIME_DIR as RootlessRuntimeDir if set
Cherry-pick moby/moby #39292 for CVE-2018-15664 fixes
lockfile: add RecursiveLock() API
Update generated files
Fix crash on tesing of aufs code
Let consumers know when Layers and Images came from read-only stores
chown: do not change owner for the mountpoint
locks: correctly mark updates to the layers list
CreateContainer: don't worry about mapping layers unless necessary
docs: fix manpage for containers-storage.conf
docs: sort configuration options alphabetically
docs: document OSTree file deduplication
Add missing options to man page for containers-storage
overlay: use the layer idmapping if present
vfs: prefer layer custom idmappings
layers: propagate down the idmapping settings
Recreate symlink when not found
docs: fix manpage for configuration file
docs: add special handling for manpages in sect 5
overlay: fix single-lower test
Recreate symlink when not found
overlay: propagate errors from mountProgram
utils: root in a userns uses global conf file
Fix handling of additional stores
Correctly check permissions on rootless directory
Fix possible integer overflow on 32bit builds
Evaluate device path for lvm
lockfile test: make concurrent RW test determinisitc
lockfile test: make concurrent read tests deterministic
drivers.DirCopy: fix filemode detection
storage: move the logic to detect rootless into utils.go
Don't set (struct flock).l_pid
Improve documentation of getLockfile
Rename getLockFile to createLockerForPath, and document it
Add FILES section to containers-storage.5 man page
add digest locks
drivers/copy: add a non-cgo fallback

slirp4netns was updated to 0.3.0:

CVE-2019-6778: Fixed a heap buffer overflow in tcp_emu() (bsc#1123156)

This update also includes:

fuse3 and fuse-overlayfs to support rootless containers.

Advisory ID	SUSE-SU-2019:2229-1
Released	Wed Aug 28 07:58:29 2019
Summary	Security update for slurm
Type	security
Severity	important
References	1140709,CVE-2019-12838

Description:

This update for slurm to version 18.08.8 fixes the following issues:
Security issue fixed:

CVE-2019-12838: Fixed a SQL injection in slurmdbd (bsc#1140709).

Advisory ID	SUSE-RU-2019:2249-1
Released	Thu Aug 29 08:18:30 2019
Summary	Recommended update for python-kiwi
Type	recommended
Severity	moderate
References	1141168

Description:

This update for python-kiwi fixes the following issues:

kiwi will no longer create an empty machine-id file in case it is not provided during the system installation (bsc#1141168)

Advisory ID	SUSE-RU-2019:2283-1
Released	Wed Sep 4 13:41:47 2019
Summary	Recommended update for google-compute-engine
Type	recommended
Severity	moderate
References	1146172

Description:

This update for google-compute-engine fixes the following issues:

Fix install location of NSS and PAM shared libraries (bsc#1146172)
Switch RPM group for oslogin package from Hardware to System/Daemons

Advisory ID	SUSE-SU-2019:2291-1
Released	Wed Sep 4 16:48:52 2019
Summary	Security update for java-1_8_0-ibm
Type	security
Severity	important
References	1122292,1122299,1141780,1141782,1141783,1141785,1141787,1141789,1147021,CVE-2018-11212,CVE-2019-11771,CVE-2019-11772,CVE-2019-11775,CVE-2019-2449,CVE-2019-2762,CVE-2019-2766,CVE-2019-2769,CVE-2019-2786,CVE-2019-2816,CVE-2019-4473,CVE-2019-7317

Description:

This update for java-1_8_0-ibm fixes the following issues:
Update to Java 8.0 Service Refresh 5 Fix Pack 40.
Security issues fixed:

CVE-2019-11771: IBM Security Update July 2019 (bsc#1147021)
CVE-2019-11772: IBM Security Update July 2019 (bsc#1147021)
CVE-2019-11775: IBM Security Update July 2019 (bsc#1147021)
CVE-2019-4473: IBM Security Update July 2019 (bsc#1147021)
CVE-2019-7317: Fixed issue inside Component AWT (libpng)(bsc#1141780).
CVE-2019-2769: Fixed issue inside Component Utilities (bsc#1141783).
CVE-2019-2762: Fixed issue inside Component Utilities (bsc#1141782).
CVE-2019-2816: Fixed issue inside Component Networking (bsc#1141785).
CVE-2019-2766: Fixed issue inside Component Networking (bsc#1141789).
CVE-2019-2786: Fixed issue inside Component Security (bsc#1141787).

Advisory ID	SUSE-RU-2019:2323-1
Released	Fri Sep 6 09:19:52 2019
Summary	Recommended update for pesign
Type	recommended
Severity	moderate
References	1144441

Description:

This update for pesign contains the following fixes:

Fix the build failure with NSS 3.44. (bsc#1144441)

Advisory ID	SUSE-SU-2019:2340-1
Released	Tue Sep 10 09:31:35 2019
Summary	Security update for skopeo
Type	security
Severity	important
References	1144065,CVE-2019-10214

Description:

This update for skopeo fixes the following issues:
Security issues fixed:

CVE-2019-10214: Fixed missing enforcement of TLS connections (bsc#1144065).

Advisory ID	SUSE-RU-2019:2344-1
Released	Tue Sep 10 12:47:25 2019
Summary	Recommended update for cloud-regionsrv-client
Type	recommended
Severity	important
References	1148644,1149840

Description:

This update for cloud-regionsrv-client fixes the following issues:

Fixes an issue where repositories where missing on a system (bsc#1148644, bsc#1149840)

Advisory ID	SUSE-SU-2019:2348-1
Released	Tue Sep 10 14:51:43 2019
Summary	Security update for ghostscript
Type	security
Severity	moderate
References	1144621,CVE-2019-10216

Description:

This update for ghostscript fixes the following issues:
Security issue fixed:

CVE-2019-10216: Fix privilege escalation via specially crafted PostScript file (bsc#1144621).

Advisory ID	SUSE-RU-2019:2357-1
Released	Wed Sep 11 13:26:14 2019
Summary	Recommended update for lmdb
Type	recommended
Severity	moderate
References	1136132

Description:

This update for lmdb fixes the following issues:

Fix occasional crash when freed pages landed on the dirty list twice (bsc#1136132).

Advisory ID	SUSE-RU-2019:2362-1
Released	Thu Sep 12 07:55:13 2019
Summary	Recommended update for python-cairo
Type	recommended
Severity	moderate
References	1142582

Description:

This update for python-cairo does not fix any visible issues to users.

Advisory ID	SUSE-RU-2019:2378-1
Released	Fri Sep 13 13:21:51 2019
Summary	Recommended update for apache2-mod_nss
Type	recommended
Severity	moderate
References	1150133

Description:

This update for apache2-mod_nss fixes the following issues:

Use a stronger password in gencert to pass the stricter tests in FIPS mode (bsc#1150133)

Advisory ID	SUSE-RU-2019:2423-1
Released	Fri Sep 20 16:41:45 2019
Summary	Recommended update for aaa_base
Type	recommended
Severity	moderate
References	1146866,SLE-9132

Description:

This update for aaa_base fixes the following issues:
Added sysctl.d/51-network.conf to tighten network security (bsc#1146866) (jira#SLE-9132)
Following settings have been tightened (and set to 0):

net.ipv4.conf.all.accept_redirects
net.ipv4.conf.default.accept_redirects
net.ipv4.conf.default.accept_source_route
net.ipv6.conf.all.accept_redirects
net.ipv6.conf.default.accept_redirects

Advisory ID	SUSE-SU-2019:2435-1
Released	Mon Sep 23 13:57:12 2019
Summary	Security update for libopenmpt
Type	security
Severity	moderate
References	1143578,1143581,1143582,1143584,CVE-2018-20860,CVE-2018-20861,CVE-2019-14382,CVE-2019-14383

Description:

This update for libopenmpt fixes the following issues:
Security issues fixed:

CVE-2018-20861: Fixed crash with certain malformed custom tunings in MPTM files (bsc#1143578).
CVE-2018-20860: Fixed crash with malformed MED files (bsc#1143581).
CVE-2019-14383: Fixed J2B that allows an assertion failure during file parsing with debug STLs (bsc#1143584).
CVE-2019-14382: Fixed DSM that allows an assertion failure during file parsing with debug STLs (bsc#1143582).

Advisory ID	SUSE-RU-2019:2443-1
Released	Tue Sep 24 09:17:39 2019
Summary	Recommended update for libcdio
Type	recommended
Severity	moderate
References	1094761

Description:

This update for libcdio fixes the following issues:

Fix warning when BigEndian and LittleEndian sizes do not match. (bsc#1094761)
Fix that libcdio doesn't bail out when processing non-compliant ISO files.

Advisory ID	SUSE-SU-2019:2460-1
Released	Wed Sep 25 09:25:34 2019
Summary	Security update for ghostscript
Type	security
Severity	important
References	1129180,1129186,1134156,1140359,1146882,1146884,CVE-2019-12973,CVE-2019-14811,CVE-2019-14812,CVE-2019-14813,CVE-2019-14817,CVE-2019-3835,CVE-2019-3839

Description:

This update for ghostscript fixes the following issues:
Security issues fixed:

CVE-2019-3835: Fixed an unauthorized file system access caused by an available superexec operator. (bsc#1129180)
CVE-2019-3839: Fixed an unauthorized file system access caused by available privileged operators. (bsc#1134156)
CVE-2019-12973: Fixed a denial-of-service vulnerability in the OpenJPEG function opj_t1_encode_cblks. (bsc#1140359)
CVE-2019-14811: Fixed a safer mode bypass by .forceput exposure in .pdf_hook_DSC_Creator. (bsc#1146882)
CVE-2019-14812: Fixed a safer mode bypass by .forceput exposure in setuserparams. (bsc#1146882)
CVE-2019-14813: Fixed a safer mode bypass by .forceput exposure in setsystemparams. (bsc#1146882)
CVE-2019-14817: Fixed a safer mode bypass by .forceput exposure in .pdfexectoken and other procedures. (bsc#1146884)

Advisory ID	SUSE-RU-2019:2466-1
Released	Wed Sep 25 23:24:08 2019
Summary	Recommended update for SAPHanaSR
Type	recommended
Severity	important
References	1082974,1101373,1133024,1133866,1134106,1139715,1149829

Description:

This update for SAPHanaSR fixes the following issues:

Fixes a bug where an attribute was not correctly set for remoteNode (bsc#1082974)
Does no longer set attributes to prevent unlogged failovers because of empty or unknown attributes (bsc#1134106, bsc#1133024, bsc#1101373)
Will now return $OCF_RUNNING_MASTER (8) instead of $OCF_SUCCESS (0) when probing a promoted node (bsc#1133866)
Using crm-attributes written by a SAP HANA SR provider hook does improve the data integrity in special error conditions with multiple errors coming in a short time frame (bsc#1139715)
Fix a typo in a condition statement that was breaking SAPHanaSR-monitor output. (bnc#1149829)

Advisory ID	SUSE-RU-2019:2477-1
Released	Thu Sep 26 12:09:46 2019
Summary	Recommended update for openwsman
Type	recommended
Severity	moderate
References	1105331

Description:

This update for openwsman fixes the following issues:

Adds CIM_NAMESPACE if it's not already present (bsc#1105331)

Advisory ID	SUSE-RU-2019:2482-1
Released	Fri Sep 27 13:40:42 2019
Summary	Recommended update for google-compute-engine
Type	recommended
Severity	important
References	1150058

Description:

This update for google-compute-engine fixes the following issues:

Fixes an issue where the implementation of Google Private Access over IPv6 was not complete and thus crashed the application (bsc#1150058)

Advisory ID	SUSE-OU-2019:2483-1
Released	Fri Sep 27 14:16:23 2019
Summary	Optional update for python3-google-api-python-client, python3-httplib2, python3-oauth2client, and python3-uritemplate.
Type	optional
Severity	low
References	1088358

Description:

This update ships python3-google-api-python-client, python3-httplib2, python3-oauth2client, and python3-uritemplate for the SUSE Linux Enterprise Public Cloud 15 module.

Advisory ID	SUSE-RU-2019:2494-1
Released	Mon Sep 30 16:22:20 2019
Summary	Recommended update for cloud-init
Type	recommended
Severity	important
References	1141969,1144363,1144881

Description:

This update for cloud-init provides the following fixes:

Properly handle static routes. The EphemeralDHCP context manager did not parse or handle rfc3442 classless static routes which prevented reading datasource metadata in some clouds. (bsc#1141969)
The __str__ implementation no longer delivers the name of the interface, use the 'name' attribute instead to form a proper path in the sysfs tree. (bsc#1144363)
If no routes are set for a subnet but the subnet has a gateway specified, set the gateway as the default route for the interface. (bsc#1144881)

Advisory ID	SUSE-RU-2019:2495-1
Released	Mon Sep 30 16:22:27 2019
Summary	Recommended update for firewalld-rpcbind-helper
Type	recommended
Severity	moderate
References	1146188

Description:

This update for firewalld-rpcbind-helper fixes the following issues:

Fixes an error when running in python3 context and a port in `rpcinfo -p` is running neither as tcp nor in udp protocol (bsc#1146188)

Advisory ID	SUSE-SU-2019:2512-1
Released	Wed Oct 2 10:47:58 2019
Summary	Security update for jasper
Type	security
Severity	moderate
References	1117507,1117508,CVE-2018-19540,CVE-2018-19541

Description:

This update for jasper fixes the following issues:
Security issues fixed:

CVE-2018-19540: Fixed a heap based overflow in jas_icctxtdesc_input (bsc#1117508).
CVE-2018-19541: Fix heap based overread in jas_image_depalettize (bsc#1117507).

Advisory ID	SUSE-SU-2019:2533-1
Released	Thu Oct 3 15:02:50 2019
Summary	Security update for sqlite3
Type	security
Severity	moderate
References	1150137,CVE-2019-16168

Description:

This update for sqlite3 fixes the following issues:
Security issue fixed:

CVE-2019-16168: Fixed improper validation of sqlite_stat1 field that could lead to denial of service (bsc#1150137).

Advisory ID	SUSE-SU-2019:2561-1
Released	Fri Oct 4 14:09:56 2019
Summary	Security update for openssl-1_0_0
Type	security
Severity	moderate
References	1131291,1150003,1150250,CVE-2019-1547,CVE-2019-1563

Description:

This update for openssl-1_0_0 fixes the following issues:
OpenSSL Security Advisory [10 September 2019]

CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance. (bsc#1150003)
CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key (bsc#1150250)

In addition fixed invalid curve attacks by validating that an EC point lies on the curve (bsc#1131291).

Advisory ID	SUSE-SU-2019:2622-1
Released	Wed Oct 9 15:23:35 2019
Summary	Security update for libopenmpt
Type	security
Severity	important
References	1153102,CVE-2019-17113

Description:

This update for libopenmpt to version 0.3.19 fixes the following issues:

CVE-2019-17113: Fixed a buffer overflow in ModPlug_InstrumentName and ModPlug_SampleName (bsc#1153102).

Advisory ID	SUSE-RU-2019:2642-1
Released	Fri Oct 11 17:10:51 2019
Summary	Recommended update for python-kiwi
Type	recommended
Severity	important
References	1112357,1124885,1127173,1129566,1132455,1136444,1142899,1143033,1149686

Description:

This update for python-kiwi fixes the following issues:

Added --add-bootstrap-packages option (bsc#1149686)
Avoids now the default installation of dracut kiwi modules (bsc#1142899, bsc#1136444)
Add support for custom fstab script extension (bsc#1129566)
Fixes an issue where python-kiwi crashed when the HOME directory is missing (bsc#1149686)
New spare partition types have been added: (bsc#1129566) * spare_part_fs='fsname' * spare_part_mountpoint='/location' * spare_part_is_last='true|false'
Preserve licenses/other txt files by baseStripFirmware (bsc#1132455
Added support for fstab.patch file (bsc#1129566)
Makes the bundler shasum file compatible with 'sha256sum --check' command (bsc#1127173)
Fixes an issue when importing signing keys (bsc#1112357)
Fixes an issue where grub2 didn't display UTF-8 characters properly (bsc#1124885)

Advisory ID	SUSE-SU-2019:2657-1
Released	Mon Oct 14 17:04:07 2019
Summary	Security update for dhcp
Type	security
Severity	moderate
References	1089524,1134078,1136572,CVE-2019-6470

Description:

This update for dhcp fixes the following issues:
Secuirty issue fixed:

CVE-2019-6470: Fixed DHCPv6 server crashes (bsc#1134078).

Bug fixes:

Add compile option --enable-secs-byteorder to avoid duplicate lease warnings (bsc#1089524).
Use IPv6 when called as dhclient6, dhcpd6, and dhcrelay6 (bsc#1136572).

Advisory ID	SUSE-RU-2019:2675-1
Released	Tue Oct 15 21:06:30 2019
Summary	Recommended update for clone-master-clean-up
Type	recommended
Severity	moderate
References	1139667,1149322

Description:

This update for clone-master-clean-up fixes the following issues:

Bugfixes:

* Deleted /var/lib/wicked/* files for cloning. If machines with identical settings exist in the same network multiple times, IP addresses may change with each renewal (bsc#1139667)

Advisory ID	SUSE-RU-2019:2681-1
Released	Tue Oct 15 22:01:40 2019
Summary	Recommended update for libdb-4_8
Type	recommended
Severity	moderate
References	1148244

Description:

This update for libdb-4_8 fixes the following issues:

Add off-page deadlock patch as found and documented by Red Hat. (bsc#1148244)

Advisory ID	SUSE-RU-2019:2693-1
Released	Wed Oct 16 16:43:30 2019
Summary	Recommended update for rpcbind
Type	recommended
Severity	moderate
References	1142343

Description:

This update for rpcbind fixes the following issues:

Return correct IP address with multiple ip addresses in the same subnet. (bsc#1142343)

Advisory ID	SUSE-SU-2019:2702-1
Released	Wed Oct 16 18:41:30 2019
Summary	Security update for gcc7
Type	security
Severity	moderate
References	1071995,1141897,1142649,1148517,1149145,CVE-2019-14250,CVE-2019-15847

Description:

This update for gcc7 to r275405 fixes the following issues:
Security issues fixed:

CVE-2019-14250: Fixed an integer overflow in binutils (bsc#1142649).
CVE-2019-15847: Fixed an optimization in the POWER9 backend of gcc that could reduce the entropy of the random number generator (bsc#1149145).

Non-security issue fixed:

Move Live Patching technology stack from kGraft to upstream klp (bsc#1071995, fate#323487).

Advisory ID	SUSE-RU-2019:2705-1
Released	Thu Oct 17 13:05:45 2019
Summary	Recommended update for yast2-hana-firewall and for yast2-sap-ha
Type	recommended
Severity	moderate
References	1117765,1146220

Description:

This update for yast2-hana-firewall provides the following fix:

Fix the following crash in Yast2 HA Setup for SAP Products: 'cannot import namespace 'SystemdService'. (bsc#1146220)

This update for yast2-sap-ha fixes the following issues:

Fix break caused by systemd service library reorganization. (bsc#1146220)
Fix bug stopping the non-productive HANA system in the cost-optimized scenario. (bsc#1117765)
Enhanced the module to be used on Azure with unattended mode support. (fate#324542, fate#325956)
Fix the rpc server error when Y2DIR variable is set. (fate#325957)
Fix the copy_ssfs_keys method to not fail when no password is informed but there is passwordless ssh access between the nodes. (fate#325957)
Enhanced the module to be used in hands-free WF on Bare Metal. (fate#325957)

Advisory ID	SUSE-RU-2019:2722-1
Released	Mon Oct 21 11:14:20 2019
Summary	Recommended update for pciutils-ids
Type	recommended
Severity	moderate
References	1127840,1133581

Description:

This is a version update for pciutils-ids to version 20190830 (bsc#1133581, bsc#1127840)

Advisory ID	SUSE-SU-2019:2730-1
Released	Mon Oct 21 16:04:57 2019
Summary	Security update for procps
Type	security
Severity	important
References	1092100,1121753,CVE-2018-1122,CVE-2018-1123,CVE-2018-1124,CVE-2018-1125,CVE-2018-1126

Description:

This update for procps fixes the following issues:
procps was updated to 3.3.15. (bsc#1092100)
Following security issues were fixed:

CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100).
CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100).
CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100).
CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100).
CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100).

Also this non-security issue was fixed:

Fix CPU summary showing old data. (bsc#1121753)

The update to 3.3.15 contains the following fixes:

library: Increment to 8:0:1 No removals, no new functions Changes: slab and pid structures
library: Just check for SIGLOST and don't delete it
library: Fix integer overflow and LPE in file2strvec CVE-2018-1124
library: Use size_t for alloc functions CVE-2018-1126
library: Increase comm size to 64
pgrep: Fix stack-based buffer overflow CVE-2018-1125
pgrep: Remove >15 warning as comm can be longer
ps: Fix buffer overflow in output buffer, causing DOS CVE-2018-1123
ps: Increase command name selection field to 64
top: Don't use cwd for location of config CVE-2018-1122
update translations
library: build on non-glibc systems
free: fix scaling on 32-bit systems
Revert 'Support running with child namespaces'
library: Increment to 7:0:1 No changes, no removals New fuctions: numa_init, numa_max_node, numa_node_of_cpu, numa_uninit, xalloc_err_handler
doc: Document I idle state in ps.1 and top.1
free: fix some of the SI multiples
kill: -l space between name parses correctly
library: dont use vm_min_free on non Linux
library: don't strip off wchan prefixes (ps & top)
pgrep: warn about 15+ char name only if -f not used
pgrep/pkill: only match in same namespace by default
pidof: specify separator between pids
pkill: Return 0 only if we can kill process
pmap: fix duplicate output line under '-x' option
ps: avoid eip/esp address truncations
ps: recognizes SCHED_DEADLINE as valid CPU scheduler
ps: display NUMA node under which a thread ran
ps: Add seconds display for cputime and time
ps: Add LUID field
sysctl: Permit empty string for value
sysctl: Don't segv when file not available
sysctl: Read and write large buffers
top: add config file support for XDG specification
top: eliminated minor libnuma memory leak
top: show fewer memory decimal places (configurable)
top: provide command line switch for memory scaling
top: provide command line switch for CPU States
top: provides more accurate cpu usage at startup
top: display NUMA node under which a thread ran
top: fix argument parsing quirk resulting in SEGV
top: delay interval accepts non-locale radix point
top: address a wishlist man page NLS suggestion
top: fix potential distortion in 'Mem' graph display
top: provide proper multi-byte string handling
top: startup defaults are fully customizable
watch: define HOST_NAME_MAX where not defined
vmstat: Fix alignment for disk partition format
watch: Support ANSI 39,49 reset sequences

Advisory ID	SUSE-RU-2019:2734-1
Released	Tue Oct 22 11:00:58 2019
Summary	Recommended update for tcsh
Type	recommended
Severity	moderate
References	1151630

Description:

This update for tcsh fixes the following issues:

Restore cleanup routines in case of an error (bsc#1151630)

Advisory ID	SUSE-SU-2019:2737-1
Released	Tue Oct 22 12:02:36 2019
Summary	Security update for openconnect
Type	security
Severity	moderate
References	1151178,CVE-2019-16239

Description:

This update for openconnect fixes the following issues:

CVE-2019-16239: Fixed a buffer overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes. (bsc#1151178)

Advisory ID	SUSE-RU-2019:2746-1
Released	Tue Oct 22 16:50:50 2019
Summary	Recommended update for yast2-sap-ha
Type	recommended
Severity	important
References	1146220

Description:

This update for yast2-sap-ha fixes the following issues:

Update yast2-sap-ha to version 1.0.8.

Fix a regression that was introduced in a previous update. Under certain circumstances, HA Setup for SAP Products used to crash with the error message 'cannot import namespace 'SystemdService''. [bsc#1146220]

Advisory ID	SUSE-SU-2019:2749-1
Released	Wed Oct 23 09:08:41 2019
Summary	Security update for sysstat
Type	security
Severity	moderate
References	1150114,CVE-2019-16167

Description:

This update for sysstat fixes the following issue:

CVE-2019-16167: Fixed a memory corruption due to an integer overflow. (bsc#1150114)

Advisory ID	SUSE-SU-2019:2750-1
Released	Wed Oct 23 09:22:42 2019
Summary	Security update for zziplib
Type	security
Severity	moderate
References	1107424,1129403,CVE-2018-16548

Description:

This update for zziplib fixes the following issues:
Security issue fixed:

CVE-2018-16548: Prevented memory leak from __zzip_parse_root_directory(). Free allocated structure if its address is not passed back. (bsc#1107424)

Other issue addressed:

Prevented a division by zero (bsc#1129403).

Advisory ID	SUSE-RU-2019:2762-1
Released	Thu Oct 24 07:08:44 2019
Summary	Recommended update for timezone
Type	recommended
Severity	moderate
References	1150451

Description:

This update for timezone fixes the following issues:

Fiji observes DST from 2019-11-10 to 2020-01-12.
Norfolk Island starts observing Australian-style DST.

Advisory ID	SUSE-RU-2019:2763-1
Released	Thu Oct 24 07:08:52 2019
Summary	Recommended update for mysql-connector-cpp
Type	recommended
Severity	moderate
References	1149792

Description:

This update for mysql-connector-cpp fixes the following issues:

Add missing zlib build dependency, which used to be pulled in by libopenssl-devel. (bsc#1149792)

Advisory ID	SUSE-RU-2019:2766-1
Released	Thu Oct 24 07:09:49 2019
Summary	Recommended update for migrate-sles-to-sles4sap
Type	recommended
Severity	moderate
References	1112548

Description:

This update for migrate-sles-to-sles4sap fixes the following issues:

Fixed /etc/os-release issue after using migration script from SLES to SLES4SAP: (bsc#1112548) * Removed several hacks that aren't necessary anymore, due to changes in SUSEConnect * Bootloader change isn't necessary anymore as SLES will always be shown in GRUB2 regardless if SLES or SLES for SAP * removed hardcoded version dependencies to make the script version independent * added rollback in case of failed migration * added additional runtime warnings and infos for user * restructured code for cleaner readability * fixed ShellCheck issues * changed parsing for variables like VERSION and CPE from /etc/os-release to /etc/products.d/baseproduct, as /etc/os-release doesn't differ on SLES and SLES for SAP * Checks the SSL certificate of SMT and RMT servers. * Added user input to allow self-signed SSL certificates on SMT and RMT servers. * Fixed RMT registration issue.

Advisory ID	SUSE-RU-2019:2772-1
Released	Thu Oct 24 13:55:37 2019
Summary	Recommended update for lifecycle-data-sle-module-live-patching
Type	recommended
Severity	moderate
References	1020320

Description:

This update for lifecycle-data-sle-module-live-patching fixes the following issues:

Added data for 4_12_14-150_27, 4_12_14-150_32, 4_12_14-150_35, 4_12_14-197_10, 4_12_14-197_15. (bsc#1020320)

Advisory ID	SUSE-RU-2019:2777-1
Released	Thu Oct 24 16:13:20 2019
Summary	Recommended update for fipscheck
Type	recommended
Severity	moderate
References	1149792

Description:

This update for fipscheck fixes the following issues:

Remove #include of unused fips.h to fix build with OpenSSL 1.1.1 (bsc#1149792)

Advisory ID	SUSE-SU-2019:2779-1
Released	Thu Oct 24 16:57:42 2019
Summary	Security update for binutils
Type	security
Severity	moderate
References	1109412,1109413,1109414,1111996,1112534,1112535,1113247,1113252,1113255,1116827,1118644,1118830,1118831,1120640,1121034,1121035,1121056,1133131,1133232,1141913,1142772,1152590,1154016,1154025,CVE-2018-1000876,CVE-2018-17358,CVE-2018-17359,CVE-2018-17360,CVE-2018-17985,CVE-2018-18309,CVE-2018-18483,CVE-2018-18484,CVE-2018-18605,CVE-2018-18606,CVE-2018-18607,CVE-2018-19931,CVE-2018-19932,CVE-2018-20623,CVE-2018-20651,CVE-2018-20671,CVE-2018-6323,CVE-2018-6543,CVE-2018-6759,CVE-2018-6872,CVE-2018-7208,CVE-2018-7568,CVE-2018-7569,CVE-2018-7570,CVE-2018-7642,CVE-2018-7643,CVE-2018-8945,CVE-2019-1010180,ECO-368,SLE-6206

Description:

This update for binutils fixes the following issues:
binutils was updated to current 2.32 branch [jsc#ECO-368].
Includes following security fixes:

CVE-2018-17358: Fixed invalid memory access in _bfd_stab_section_find_nearest_line in syms.c (bsc#1109412)
CVE-2018-17359: Fixed invalid memory access exists in bfd_zalloc in opncls.c (bsc#1109413)
CVE-2018-17360: Fixed heap-based buffer over-read in bfd_getl32 in libbfd.c (bsc#1109414)
CVE-2018-17985: Fixed a stack consumption problem caused by the cplus_demangle_type (bsc#1116827)
CVE-2018-18309: Fixed an invalid memory address dereference was discovered in read_reloc in reloc.c (bsc#1111996)
CVE-2018-18483: Fixed get_count function provided by libiberty that allowed attackers to cause a denial of service or other unspecified impact (bsc#1112535)
CVE-2018-18484: Fixed stack exhaustion in the C++ demangling functions provided by libiberty, caused by recursive stack frames (bsc#1112534)
CVE-2018-18605: Fixed a heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup causing a denial of service (bsc#1113255)
CVE-2018-18606: Fixed a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments, causing denial of service (bsc#1113252)
CVE-2018-18607: Fixed a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section, causing denial of service (bsc#1113247)
CVE-2018-19931: Fixed a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h (bsc#1118831)
CVE-2018-19932: Fixed an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA (bsc#1118830)
CVE-2018-20623: Fixed a use-after-free in the error function in elfcomm.c (bsc#1121035)
CVE-2018-20651: Fixed a denial of service via a NULL pointer dereference in elf_link_add_object_symbols in elflink.c (bsc#1121034)
CVE-2018-20671: Fixed an integer overflow that can trigger a heap-based buffer overflow in load_specific_debug_section in objdump.c (bsc#1121056)
CVE-2018-1000876: Fixed integer overflow in bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc in objdump (bsc#1120640)
CVE-2019-1010180: Fixed an out of bound memory access that could lead to crashes (bsc#1142772)

enable xtensa architecture (Tensilica lc6 and related)
Use -ffat-lto-objects in order to provide assembly for static libs (bsc#1141913).
Fixed some LTO build issues (bsc#1133131 bsc#1133232).
riscv: Don't check ABI flags if no code section
Fixed a segfault in ld when building some versions of pacemaker (bsc#1154025, bsc#1154016).
Add avr, epiphany and rx to target_list so that the common binutils can handle all objects we can create with crosses (bsc#1152590).

Update to binutils 2.32:

The binutils now support for the C-SKY processor series.
The x86 assembler now supports a -mvexwig=[0|1] option to control encoding of VEX.W-ignored (WIG) VEX instructions. It also has a new -mx86-used-note=[yes|no] option to generate (or not) x86 GNU property notes.
The MIPS assembler now supports the Loongson EXTensions R2 (EXT2), the Loongson EXTensions (EXT) instructions, the Loongson Content Address Memory (CAM) ASE and the Loongson MultiMedia extensions Instructions (MMI) ASE.
The addr2line, c++filt, nm and objdump tools now have a default limit on the maximum amount of recursion that is allowed whilst demangling strings. This limit can be disabled if necessary.
Objdump's --disassemble option can now take a parameter, specifying the starting symbol for disassembly. Disassembly will continue from this symbol up to the next symbol or the end of the function.
The BFD linker will now report property change in linker map file when merging GNU properties.
The BFD linker's -t option now doesn't report members within archives, unless -t is given twice. This makes it more useful when generating a list of files that should be packaged for a linker bug report.
The GOLD linker has improved warning messages for relocations that refer to discarded sections.

Improve relro support on s390 [fate#326356]
Fix broken debug symbols (bsc#1118644)
Handle ELF compressed header alignment correctly.

Advisory ID	SUSE-SU-2019:2782-1
Released	Fri Oct 25 14:27:52 2019
Summary	Security update for nfs-utils
Type	security
Severity	moderate
References	1150733,CVE-2019-3689

Description:

This update for nfs-utils fixes the following issues:

CVE-2019-3689: Fixed root-owned files stored in insecure /var/lib/nfs. (bsc#1150733)

Advisory ID	SUSE-SU-2019:2786-1
Released	Fri Oct 25 15:56:35 2019
Summary	Security update for docker-runc
Type	security
Severity	moderate
References	1152308,CVE-2019-16884

Description:

This update for docker-runc fixes the following issues:

CVE-2019-16884: Fixed an LSM bypass via malicious Docker images that mount over a /proc directory. (bsc#1152308)

Advisory ID	SUSE-RU-2019:2790-1
Released	Mon Oct 28 14:54:13 2019
Summary	Recommended update for java-1_8_0-ibm
Type	recommended
Severity	moderate
References	1143080

Description:

This update for java-1_8_0-ibm fixes the following issues:
Update to Java 8.0 Service Refresh 5 Fix Pack 41 [bsc#1143080]:
* JIT compiler crash: Remove implicit sign extension assumptions from iRegStore evaluator (https://github.com/eclipse/omr/pull/4103)

Advisory ID	SUSE-RU-2019:2799-1
Released	Mon Oct 28 17:11:16 2019
Summary	Recommended update for tcsh
Type	recommended
Severity	important
References	1153839,1154877

Description:

This update for tcsh fixes the following issues:

Avoid breakage in sourcing standard system files (bsc#1153839)
A regression has been fixed where glob expansion would not work properly. (bsc#1154877)

Advisory ID	SUSE-RU-2019:2806-1
Released	Tue Oct 29 11:47:15 2019
Summary	Recommended update for libspectre
Type	recommended
Severity	moderate
References	1153337

Description:

This update for libspectre aligns the libspectre build with the current ghostscript 9.27 release. (bsc#1153337)

Advisory ID	SUSE-SU-2019:2810-1
Released	Tue Oct 29 14:56:44 2019
Summary	Security update for runc
Type	security
Severity	moderate
References	1131314,1131553,1152308,CVE-2019-16884

Description:

This update for runc fixes the following issues:
Security issue fixed:

CVE-2019-16884: Fixed an LSM bypass via malicious Docker images that mount over a /proc directory. (bsc#1152308)

Non-security issues fixed:

Includes upstreamed patches for regressions (bsc#1131314 bsc#1131553).

Advisory ID	SUSE-RU-2019:2811-1
Released	Tue Oct 29 14:57:18 2019
Summary	Recommended update for llvm7
Type	recommended
Severity	moderate
References	1138457

Description:

This update for llvm7 doesn't address any user visible issues.

Advisory ID	SUSE-RU-2019:2870-1
Released	Thu Oct 31 08:09:14 2019
Summary	Recommended update for aaa_base
Type	recommended
Severity	moderate
References	1051143,1138869,1151023

Description:

This update for aaa_base provides the following fixes:

Check if variables can be set before modifying them to avoid warnings on login with a restricted shell. (bsc#1138869)
Add s390x compressed kernel support. (bsc#1151023)
service: Check if there is a second argument before using it. (bsc#1051143)

Advisory ID	SUSE-RU-2019:2888-1
Released	Mon Nov 4 17:33:58 2019
Summary	Recommended update for neon
Type	recommended
Severity	low
References	1149792

Description:

This update for neon provides the following fixes:

Fix build with openssl 1.1.1. (bsc#1149792)
Make sure the license gets installed properly.

Advisory ID	SUSE-SU-2019:2891-1
Released	Mon Nov 4 17:47:10 2019
Summary	Security update for python-ecdsa
Type	security
Severity	moderate
References	1153165,1154217,CVE-2019-14853,CVE-2019-14859

Description:

This update for python-ecdsa to version 0.13.3 fixes the following issues:
Security issues fixed:

CVE-2019-14853: Fixed unexpected exceptions during signature decoding (bsc#1153165).
CVE-2019-14859: Fixed a signature malleability caused by insufficient checks of DER encoding (bsc#1154217).

Advisory ID	SUSE-RU-2019:2905-1
Released	Wed Nov 6 12:10:59 2019
Summary	Recommended update for scout
Type	recommended
Severity	moderate
References	1135598

Description:

This update for scout fixes the following issues: - Fix bug where sbin packages would print as bytes strings (bsc#1135598)

Advisory ID	SUSE-RU-2019:2908-1
Released	Wed Nov 6 13:49:01 2019
Summary	Recommended update for perl-Mail-SPF
Type	recommended
Severity	low
References	1141089

Description:

This update for perl-Mail-SPF fixes the following issues:

Sets the executable bit for the /usr/sbin/spfd binary (bsc#1141089)
The license file is now located in the /usr/share/licenses directory of perl-Mail-SPF

Advisory ID	SUSE-SU-2019:2913-1
Released	Thu Nov 7 11:33:39 2019
Summary	Security update for gdb
Type	security
Severity	moderate
References	1115034,1142772,1145692,CVE-2019-1010180,ECO-368

Description:

This update for gdb fixes the following issues:
Update to gdb 8.3.1: (jsc#ECO-368)
Security issues fixed:

CVE-2019-1010180: Fixed a potential buffer overflow when loading ELF sections larger than the file. (bsc#1142772)

Upgrade libipt from v2.0 to v2.0.1.

Enable librpm for version > librpm.so.3 [bsc#1145692]: * Allow any librpm.so.x * Add %build test to check for 'zypper install ' message

Copy gdbinit from fedora master @ 25caf28. Add gdbinit.without-python, and use it for --without=python.

Rebase to 8.3 release (as in fedora 30 @ 1e222a3).

DWARF index cache: GDB can now automatically save indices of DWARF symbols on disk to speed up further loading of the same binaries.
Ada task switching is now supported on aarch64-elf targets when debugging a program using the Ravenscar Profile.
Terminal styling is now available for the CLI and the TUI.
Removed support for old demangling styles arm, edg, gnu, hp and lucid.
Support for new native configuration RISC-V GNU/Linux (riscv*-*-linux*).

Implemented access to more POWER8 registers. [fate#326120, fate#325178]
Handle most of new s390 arch13 instructions. [fate#327369, jsc#ECO-368]

Advisory ID	SUSE-RU-2019:2933-1
Released	Fri Nov 8 11:46:01 2019
Summary	Recommended update for llvm7
Type	recommended
Severity	moderate
References	1139584

Description:

This update for llvm7 fixes the following issues:

Enable RTTI (run time type information) by built for LLVM. (bsc#1139584)

Advisory ID	SUSE-SU-2019:2934-1
Released	Fri Nov 8 13:17:50 2019
Summary	Security update for apache2-mod_auth_openidc
Type	security
Severity	important
References	1153666,CVE-2019-14857

Description:

This update for apache2-mod_auth_openidc fixes the following issues:

CVE-2019-14857: Fixed an open redirect issue that exists in URLs with trailing slashes (bsc#1153666).

Advisory ID	SUSE-RU-2019:2978-1
Released	Thu Nov 14 22:42:51 2019
Summary	Recommended update for helm-mirror
Type	recommended
Severity	moderate
References	1153244

Description:

This update for helm-mirror fixes the following issues:

Getting charts now only downloads the altest versions of the charts. (bsc#1153244)
The --all-versions flags allows to download all versions of the charts. (bsc#1153244)
The flags --chart-name and --chart-version allow the user to only get the desired chart. (bsc#1153244)
Fixes issue with go module when installing with `helm plugin install`. (bsc#1153244)

Advisory ID	SUSE-SU-2019:2981-1
Released	Fri Nov 15 10:46:06 2019
Summary	Security update for ghostscript
Type	security
Severity	important
References	1156275,CVE-2019-14869

Description:

This update for ghostscript fixes the following issues:

CVE-2019-14869: Fixed a possible dSAFER escape which could have allowed an attacker to gain high privileges by a specially crafted Postscript code (bsc#1156275).

Advisory ID	SUSE-SU-2019:2982-1
Released	Fri Nov 15 10:46:21 2019
Summary	Security update for enigmail
Type	security
Severity	moderate
References	1141025,1151317

Description:

This update for enigmail fixes the following issues:

SeaMonkey is no longer supported. Update description and no longer put in SeaMonkey addons path (bsc#1151317)

enigmail was updated 2.1.2:

compatibility with Mozilla Thunderbird 68
New simplified setup wizard
Full support for keys.openpgp.org
Default to ECC keys on GnuPG 2.1 or later
Autocrypt: implemented key-gossip and updates to known keys

enimail was updated to 2.0.12:

set the default keyserver to keys.openpgp.org in order to mitigate the SKS Keyserver Network Attack (bsc#1141025)

Advisory ID	SUSE-RU-2019:2993-1
Released	Mon Nov 18 11:52:23 2019
Summary	Recommended update for tftp
Type	recommended
Severity	moderate
References	1153625

Description:

This update for tftp fixes the following issues:

Add tftp.socket requirement to the service unit section. (bsc#1153625)

Advisory ID	SUSE-SU-2019:2997-1
Released	Mon Nov 18 15:16:38 2019
Summary	Security update for ncurses
Type	security
Severity	moderate
References	1103320,1154036,1154037,CVE-2019-17594,CVE-2019-17595

Description:

This update for ncurses fixes the following issues:
Security issues fixed:

CVE-2019-17594: Fixed a heap-based buffer over-read in the _nc_find_entry function (bsc#1154036).
CVE-2019-17595: Fixed a heap-based buffer over-read in the fmt_entry function (bsc#1154037).

Non-security issue fixed:

Removed screen.xterm from terminfo database (bsc#1103320).

Advisory ID	SUSE-SU-2019:2998-1
Released	Mon Nov 18 15:17:23 2019
Summary	Security update for java-11-openjdk
Type	security
Severity	important
References	1152856,1154212,CVE-2019-2894,CVE-2019-2933,CVE-2019-2945,CVE-2019-2949,CVE-2019-2958,CVE-2019-2962,CVE-2019-2964,CVE-2019-2973,CVE-2019-2975,CVE-2019-2977,CVE-2019-2978,CVE-2019-2981,CVE-2019-2983,CVE-2019-2987,CVE-2019-2988,CVE-2019-2989,CVE-2019-2992,CVE-2019-2999

Description:

This update for java-11-openjdk to version jdk-11.0.5-10 fixes the following issues:
Security issues fixed (October 2019 CPU bsc#1154212):

CVE-2019-2933: Windows file handling redux
CVE-2019-2945: Better socket support
CVE-2019-2949: Better Kerberos ccache handling
CVE-2019-2958: Build Better Processes
CVE-2019-2964: Better support for patterns
CVE-2019-2962: Better Glyph Images
CVE-2019-2973: Better pattern compilation
CVE-2019-2975: Unexpected exception in jjs
CVE-2019-2978: Improved handling of jar files
CVE-2019-2977: Improve String index handling
CVE-2019-2981: Better Path supports
CVE-2019-2983: Better serial attributes
CVE-2019-2987: Better rendering of native glyphs
CVE-2019-2988: Better Graphics2D drawing
CVE-2019-2989: Improve TLS connection support
CVE-2019-2992: Enhance font glyph mapping
CVE-2019-2999: Commentary on Javadoc comments
CVE-2019-2894: Enhance ECDSA operations (bsc#1152856).

Advisory ID	SUSE-RU-2019:3008-1
Released	Tue Nov 19 11:38:27 2019
Summary	Recommended update for fwupdate
Type	recommended
Severity	moderate
References	1152928

Description:

This update for fwupdate fixes the following issues:

Add update to the linker script for AArch64 to match the one in gnu-efi. (bsc#1152928)

Advisory ID	SUSE-RU-2019:3009-1
Released	Tue Nov 19 18:10:39 2019
Summary	Recommended update for cloud-regionsrv-client
Type	recommended
Severity	moderate
References	1149528,1152567,1154533

Description:

This update for cloud-regionsrv-client fixes the following issues:

Ignore exception if the new registration flag file does not exist but there is an attempt to remove it. (bsc#1149528)
Include requirement for python3-six in specfile. (bsc#1152567)
Adds support for repositories with different credentials files (bsc#1154533)

Advisory ID	SUSE-RU-2019:3012-1
Released	Tue Nov 19 18:11:26 2019
Summary	Recommended update for brp-check-suse
Type	recommended
Severity	moderate
References	1114695

Description:

This update for brp-check-suse fixes the following issues:

Deal with libs where file outputs more text after 'not stripped'. (bsc#1114695)

Advisory ID	SUSE-RU-2019:3018-1
Released	Wed Nov 20 12:48:21 2019
Summary	Recommended update for xkeyboard-config
Type	recommended
Severity	moderate
References	1153774

Description:

This update for xkeyboard-config fixes the following issues:

Fix capslock in Old Hungarian layout (bsc#1153774)

Advisory ID	SUSE-SU-2019:3030-1
Released	Thu Nov 21 19:11:25 2019
Summary	Security update for cups
Type	security
Severity	important
References	1146358,1146359,CVE-2019-8675,CVE-2019-8696

Description:

This update for cups fixes the following issues:

CVE-2019-8675: Fixed a stack buffer overflow in libcups's asn1_get_type function(bsc#1146358).
CVE-2019-8696: Fixed a stack buffer overflow in libcups's asn1_get_packed function (bsc#1146359).

Advisory ID	SUSE-SU-2019:3053-1
Released	Mon Nov 25 17:28:17 2019
Summary	Security update for clamav
Type	security
Severity	moderate
References	1144504,1149458,1151839,CVE-2019-12625,CVE-2019-12900

Description:

This update for clamav fixes the following issues:
Security issue fixed:

CVE-2019-12625: Fixed a ZIP bomb issue by adding detection and heuristics for zips with overlapping files (bsc#1144504).
CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1149458).

Non-security issues fixed:

Added the --max-scantime clamscan option and MaxScanTime clamd configuration option (bsc#1144504).
Increased the startup timeout of clamd to 5 minutes to cater for the grown virus database as a workaround until clamd has learned to talk to systemd to extend the timeout as long as needed (bsc#1151839).

Advisory ID	SUSE-SU-2019:3061-1
Released	Mon Nov 25 17:34:22 2019
Summary	Security update for gcc9
Type	security
Severity	moderate
References	1114592,1135254,1141897,1142649,1142654,1148517,1149145,CVE-2019-14250,CVE-2019-15847,SLE-6533,SLE-6536

Description:

This update includes the GNU Compiler Collection 9.
A full changelog is provided by the GCC team on:
https://www.gnu.org/software/gcc/gcc-9/changes.html

The base system compiler libraries libgcc_s1, libstdc++6 and others are now built by the gcc 9 packages.
To use it, install 'gcc9' or 'gcc9-c++' or other compiler brands and use CC=gcc-9 / CXX=g++-9 during configuration for using it.

Security issues fixed:

CVE-2019-15847: Fixed a miscompilation in the POWER9 back end, that optimized multiple calls of the __builtin_darn intrinsic into a single call. (bsc#1149145)
CVE-2019-14250: Fixed a heap overflow in the LTO linker. (bsc#1142649)

Non-security issues fixed:

Split out libstdc++ pretty-printers into a separate package supplementing gdb and the installed runtime. (bsc#1135254)
Fixed miscompilation for vector shift on s390. (bsc#1141897)

Advisory ID	SUSE-SU-2019:3086-1
Released	Thu Nov 28 10:02:24 2019
Summary	Security update for libidn2
Type	security
Severity	moderate
References	1154884,1154887,CVE-2019-12290,CVE-2019-18224

Description:

This update for libidn2 to version 2.2.0 fixes the following issues:

CVE-2019-12290: Fixed an improper round-trip check when converting A-labels to U-labels (bsc#1154884).
CVE-2019-18224: Fixed a heap-based buffer overflow that was caused by long domain strings (bsc#1154887).

Advisory ID	SUSE-SU-2019:3096-1
Released	Thu Nov 28 16:48:21 2019
Summary	Security update for cloud-init
Type	security
Severity	moderate
References	1099358,1129124,1136440,1142988,1144363,1151488,1154092,CVE-2019-0816

Description:

This update for cloud-init to version 19.2 fixes the following issues:
Security issue fixed:

CVE-2019-0816: Fixed the unnecessary extra ssh keys that were added to authorized_keys (bsc#1129124).

Non-security issues fixed:

Short circuit the conditional for identifying the sysconfig renderer (bsc#1154092, bsc#1142988).
If /etc/resolv.conf is a symlink, break it. This will avoid netconfig from clobbering the changes cloud-init applied (bsc#1151488).

Advisory ID	SUSE-RU-2019:3104-1
Released	Fri Nov 29 06:47:08 2019
Summary	Recommended update for sysstat
Type	recommended
Severity	moderate
References	1144923,SLE-5958

Description:

This update for sysstat fixes the following issues:

Enable log information of starting/stoping services. (bsc#1144923, jsc#SLE-5958)

Advisory ID	SUSE-RU-2019:3166-1
Released	Wed Dec 4 11:24:42 2019
Summary	Recommended update for aaa_base
Type	recommended
Severity	moderate
References	1007715,1084934,1157278

Description:

This update for aaa_base fixes the following issues:

Use official key binding functions in inputrc that is replace up-history with previous-history, down-history with next-history and backward-delete-word with backward-kill-word. (bsc#1084934)
Add some missed key escape sequences for urxvt-unicode terminal as well. (bsc#1007715)
Clear broken ghost entry in patch which breaks 'readline'. (bsc#1157278)

Advisory ID	SUSE-RU-2019:3170-1
Released	Wed Dec 4 11:45:48 2019
Summary	Recommended update for cjose
Type	recommended
Severity	moderate
References	1149887

Description:

This update for cjose provides the following fix:

Fix concatkdf failures on big endian architectures. (bsc#1149887)

Advisory ID	SUSE-RU-2019:3173-1
Released	Wed Dec 4 20:22:45 2019
Summary	Recommended update for growpart, growpart-rootgrow
Type	recommended
Severity	moderate
References	1154357,ECO-550

Description:

This update for growpart, growpart-rootgrow contains the following fixes:
growpart:

Removed rootgrow sub-package as it is a standalone package now. (bsc#1154357, jsc#ECO-550)

growpart-rootgrow:

Added growpart-rootgrow as a standalone package. (bsc#1154357, jsc#ECO-550)
Bump from version 1.0.0 to 1.0.1: - Fixed binary location in service unit file.

Advisory ID	SUSE-SU-2019:3176-1
Released	Thu Dec 5 11:41:01 2019
Summary	Security update for clamav
Type	security
Severity	important
References	1157763,CVE-2019-15961

Description:

This update for clamav fixes the following issues:

CVE-2019-15961: Fixed a denial of service which might occur when scanning a specially crafted email file as (bsc#1157763).

Advisory ID	SUSE-RU-2019:3195-1
Released	Thu Dec 5 21:32:12 2019
Summary	Recommended update for perl-DBD-mysql
Type	recommended
Severity	low
References	1149792

Description:

This update for perl-DBD-mysql fixes the following issues:

Fix the package build by adding the missing zlib-devel build dependency. It used to be pulled in by libopenssl-devel but has changed. (bsc#1149792)

Advisory ID	SUSE-RU-2019:3205-1
Released	Mon Dec 9 13:48:28 2019
Summary	Recommended update for insserv-compat
Type	recommended
Severity	moderate
References	1052837,1133306

Description:

This update for insserv-compat fixes the following issues:

Fix handling of start parameters. (bsc#1133306)
Remove unnecessary entry from configuration file. (bsc#1052837)

Advisory ID	SUSE-RU-2019:3210-1
Released	Tue Dec 10 08:54:15 2019
Summary	Recommended update for rubygem-mail
Type	recommended
Severity	moderate
References	1156721

Description:

This update for rubygem-mail fixes the following issues:
Compatibility fixes:

Restore conversions for properly encoded non-binary emails.
Gracefully parse certain invalid Content-Type headers. (rafbm)

Bug fixes:

Fix transfer encoding when message encoding is blank. (bsc#1156721)
Fix 7bit/base64 content transfer encoding mismatch. (bsc#1156721)
Fix UTF-8 attachment filename quoting. (bsc#1156721)
Fix 'delete_all' using a readonly IMAP connection. (bsc#1156721)

Advisory ID	SUSE-SU-2019:3238-1
Released	Tue Dec 10 10:21:59 2019
Summary	Security update for java-1_8_0-openjdk
Type	security
Severity	important
References	1138529,1152856,1154212,CVE-2019-2894,CVE-2019-2933,CVE-2019-2945,CVE-2019-2949,CVE-2019-2958,CVE-2019-2962,CVE-2019-2964,CVE-2019-2973,CVE-2019-2975,CVE-2019-2978,CVE-2019-2981,CVE-2019-2983,CVE-2019-2987,CVE-2019-2988,CVE-2019-2989,CVE-2019-2992,CVE-2019-2999

Description:

This update for java-1_8_0-openjdk (jdk8u232/icedtea 3.14.0) fixes the following issues:
Security issues fixed (bsc#1154212):

CVE-2019-2933: Windows file handling redux
CVE-2019-2945: Better socket support
CVE-2019-2949: Better Kerberos ccache handling
CVE-2019-2958: Build Better Processes
CVE-2019-2964: Better support for patterns
CVE-2019-2962: Better Glyph Images
CVE-2019-2973: Better pattern compilation
CVE-2019-2975: Unexpected exception in jjs
CVE-2019-2978: Improved handling of jar files
CVE-2019-2981: Better Path supports
CVE-2019-2983: Better serial attributes
CVE-2019-2987: Better rendering of native glyphs
CVE-2019-2988: Better Graphics2D drawing
CVE-2019-2989: Improve TLS connection support
CVE-2019-2992: Enhance font glyph mapping
CVE-2019-2999: Commentary on Javadoc comments
CVE-2019-2894: Enhance ECDSA operations (bsc#1152856)

Bug fixes:

Fixed build failuers on ARM (bsc#1138529).

Advisory ID	SUSE-RU-2019:3245-1
Released	Wed Dec 11 10:12:19 2019
Summary	Recommended update for azure-li-services
Type	recommended
Severity	moderate
References	1157040,1157041

Description:

This update for azure-li-services fixes the following issues:

Bump version: 1.2.3 to 1.2.4

Reference commit for SUSE maintenance This submission creates a reference to bsc#1157041

Reference commit for SUSE maintenance This submission creates a reference to bsc#1157040

Bump version: 1.2.2 to 1.2.3

Right name for vli sp2 folder

Add folder for SLES15 SP2 VLI images

Fixed VLI package list for sle15 cpp48 does not exist on sle15, instead the cpp package by its name provides is used. On sle15 this resolved to cpp7. This is related to Issue #186

Bump version: 1.2.1 to 1.2.2

Added Microsoft requested packages to VLI images This Fixes #186

Add retry loop to setup sbd device There is no deterministic way to know when the iSCSI device is ready to be processed by sbd. Thus the calls to setup the sbd device has been placed into a retry loop that runs max 3 times with a 2sec wait period in between. This Fixes #188

Add directory for SLES15-SP2

Saptune setup As pointed before, saptune supersedes sapconf. This is the right path to setup saptune. Update image descriptions not to install sapconf. This Fixes #185

Update LI image versions For the refresh of the images in the SUSE namespace the version number has been increased

Bump version: 1.2.0 to 1.2.1

Right sequence saptune

One of the issues is that `saptune` is a different tool that supersedes `sapconf`. Then the `saptune daemon restart` command will always overwrite the profile with `saptune`. Two different tools that can't be mixed. Only one should be used. In case of SLES (not SLES for SAP), the sequence should be For SLES 12 ``` tuned-adm profile sap-hana systemctl enable --now sapconf.service ``` and for SLES15 ``` tuned-adm profile sapconf systemctl enable --now sapconf.service ``` For SLES for SAP, the sequence is the same for 12 and 15: ``` saptune daemon start saptune solution apply HANA ``` This Fixes #172

Bump version: 1.1.39 to 1.2.0

Change the setup of the login shell The login shell was setup based on assumption regarding other user attributes set. This way caused some negative side effects which lets us change the behavior. This patch does the following * Adds a new attribute named: loginshell * If loginshell is present the value for loginshell will be used, if not the default /sbin/nologin applies * All implicit assumptions for setting up the login shell got deleted

This Fixes #178

sbd device to wait for udev to finish This Fixes #179

Bump version: 1.1.38 to 1.1.39

Consolidate all image descriptions in git Instead of maintaining image descriptions in obs we want to maintain them in git. With this change only a service and multibuild configuration applies in obs but the data to build the image will live in git. This allows for real development and review regarding changes to the kiwi image descriptions.

Restart iscsi subsystem after device discovery Only after restart of the iscsi subsystem the device nodes from a previous device discovery gets created properly. This Fixes #170

Bump version: 1.1.37 to 1.1.38

Added more logging to the process Add a log file /var/log/azure-li-services.log which adds logging information from the service process. Usually error log information is present on the systemd level but for checking the process, it's calls and potential further information it's also useful to have a processing log file. The log file will be created on the host and gets also copied to the config lun in the same way as the systemd workload log

Bump version: 1.1.36 to 1.1.37

Delete ineffective startup.nsh code startup.nsh is read by the firmware in an early boot phase. It doesn't make sense to write that file as part of the boot services because it's too late in the process. startup.nsh if required needs to be provided by the image itself

Extend storage service dependencies The storage service can be used for remote storage like NFS storage to be attached to the machine. This requires the network to be online. Having the network only configured is not enough it must also be online. Thus the storage service unit is extended to wait for the network-online.target

Bump version: 1.1.35 to 1.1.36

Fixed network setup for bonding on vlan vlan network definitions that uses bonding etherdevices were missing a switch to correctly assign the ip configuration This Fixes #164

Bump version: 1.1.34 to 1.1.35

Apply saptune startup sequence suggested by $MS Implementing startup sequence as suggested in SAP Note 1275776. This Fixes #149

Log command calls on the console Implements a simple logging facility for the Command classes and write the commands called to the console. This will lead to more detailed information about the command calls in the systemd status information

Load yaml in safe mode The default yaml loader is unsafe, thus we should switch to the safe_load method. For details see: https://msg.pyyaml.org/load

Bump version: 1.1.33 to 1.1.34

Start saptune daemon after applying profile For some reason the saptune daemon needs to restart if a profile has been set through the tuned-adm profile command. This Fixes #149

Revert fix for service order of saptune daemon It has turned out that the simple change in order did not solve the problem. In fact the daemon needs to be restarted on profile setup

Allow ssh access with shell Allow access through ssh without shadow hash and with shell. Fixes #151

Bump version: 1.1.32 to 1.1.33

Fix service order on startup of saptune daemon The tuned profile must be applied prior to the start of the saptune daemon. This Fixes #149

Bump version: 1.1.31 to 1.1.32

Fixed travis badge link

Mount LUN in sync mode Per request from Microsoft the location that holds the config file and is also used for the status flag and log should be mounted with the sync option. This Fixes #144

Activate SAP Hana profile via tuned-adm Check for the presence of the sap-hana profile and switch to sapconf if not found. Activate the selected profile via the tuned-adm control command. This Fixes #142

Advisory ID	SUSE-RU-2019:3298-1
Released	Sat Dec 14 00:59:01 2019
Summary	Recommended update for gnu-compilers-hpc
Type	recommended
Severity	moderate
References	1149414,SLE-7765,SLE-7766

Description:

This update for gnu-compilers-hpc fixes the following issues:

Add support for gcc7 and gcc8 variants of gnu-compilers-hpc (jsc#SLE-7766)
For the base compiler add a 'Provides' for the versioned form.

Advisory ID	SUSE-RU-2019:3301-1
Released	Mon Dec 16 10:47:20 2019
Summary	Recommended update for mariadb-connector-c
Type	recommended
Severity	moderate
References	1156669

Description:

This update for mariadb-connector-c fixes the following issues:
New upstream version 3.1.5 (bsc#1156669) - Plugin dialog could not be loaded (wrong path) - Fix for unknown/not handled schannel error codes - Use windows crypto libraries on Windows platforms - Fix crash in GnuTLS when key and certificate are in the same file - Fix location of PLUGINDIR if Connector/C is a subproject

Advisory ID	SUSE-RU-2019:3327-1
Released	Tue Dec 17 15:45:47 2019
Summary	Recommended update for libtcnative-1-0
Type	recommended
Severity	moderate
References	1130843,202339,622430

Description:

This update for libtcnative-1-0 fixes the following issues:

Fix incompatibility with Tomcat. (bsc#1130843)
Include 'libtcnative-1.so' in the main package. (bsc#622430)
Enable 'jsvc' and 'apr/epoll' in Tomcat packages. (bsc#202339)

Advisory ID	SUSE-RU-2019:3329-1
Released	Tue Dec 17 15:46:18 2019
Summary	Recommended update to python-tornado
Type	recommended
Severity	low
References	1149792

Description:

Add patch to skip tests failing with OpenSSL 1.1.1 (bsc#1149792) * it happens only when using TLS 1.3, so if user wants to use tornado, they can hand disable the TLS 1.3 and continue

Advisory ID	SUSE-OU-2019:3345-1
Released	Thu Dec 19 15:02:29 2019
Summary	Optional update for container-diff
Type	optional
Severity	low
References	1148768,ECO-338

Description:

Added container-diff package to SUSE Linux Enterprise 15 Containers Module and SUSE Linux Enterprise 15 SP1 Containers Module.

Advisory ID	SUSE-SU-2019:3348-1
Released	Thu Dec 19 16:13:04 2019
Summary	Security update for spectre-meltdown-checker
Type	security
Severity	moderate
References	1117665,1139073,CVE-2018-12207,CVE-2019-11135

Description:

This update for spectre-meltdown-checker fixes the following issues:
- feat: implement TAA detection (CVE-2019-11135 bsc#1139073) - feat: implement MCEPSC / iTLB Multihit detection (CVE-2018-12207 bsc#1117665) - feat: taa: add TSX_CTRL MSR detection in hardware info - feat: fwdb: use both Intel GitHub repo and MCEdb to build our firmware version database - feat: use --live with --kernel/--config/--map to override file detection in live mode - enh: rework the vuln logic of MDS with --paranoid (fixes #307) - enh: explain that Enhanced IBRS is better for performance than classic IBRS - enh: kernel: autodetect customized arch kernels from cmdline - enh: kernel decompression: better tolerance against missing tools - enh: mock: implement reading from /proc/cmdline - fix: variant3a: Silvermont CPUs are not vulnerable to variant 3a - fix: lockdown: detect Red Hat locked down kernels (impacts MSR writes) - fix: lockdown: detect locked down mode in vanilla 5.4+ kernels - fix: sgx: on locked down kernels, fallback to CPUID bit for detection - fix: fwdb: builtin version takes precedence if the local cached version is older - fix: pteinv: don't check kernel image if not available - fix: silence useless error from grep (fixes #322) - fix: msr: fix msr module detection under Ubuntu 19.10 (fixes #316) - fix: mocking value for read_msr - chore: rename mcedb cmdline parameters to fwdb, and change db version scheme - chore: fwdb: update to v130.20191104+i20191027 - chore: add GitHub check workflow

Advisory ID	SUSE-RU-2019:3383-1
Released	Mon Dec 23 16:55:01 2019
Summary	Recommended update for google-compute-engine
Type	recommended
Severity	moderate
References	1151398

Description:

This update for google-compute-engine the following fix:

Add a wait limit to retrying DNS resolution to avoid a forever loop. (bsc#1151398)

Advisory ID	SUSE-SU-2019:3391-1
Released	Fri Dec 27 13:33:16 2019
Summary	Security update for dia
Type	security
Severity	moderate
References	1158194,CVE-2019-19451

Description:

This update for dia fixes the following issue:

CVE-2019-19451: Fixed an endless loop on filenames with invalid encoding (bsc#1158194).

Advisory ID	SUSE-SU-2019:3395-1
Released	Mon Dec 30 14:05:06 2019
Summary	Security update for mozilla-nspr, mozilla-nss
Type	security
Severity	moderate
References	1141322,1158527,1159819,CVE-2018-18508,CVE-2019-11745,CVE-2019-17006

Description:

This update for mozilla-nspr, mozilla-nss fixes the following issues:
mozilla-nss was updated to NSS 3.47.1:
Security issues fixed:

CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819).
CVE-2019-11745: EncryptUpdate should use maxout, not block size (bsc#1158527).
CVE-2019-11727: Fixed vulnerability sign CertificateVerify with PKCS#1 v1.5 signatures issue (bsc#1141322).

mozilla-nspr was updated to version 4.23:

Whitespace in C files was cleaned up and no longer uses tab characters for indenting.

Advisory ID	SUSE-RU-2019:3400-1
Released	Tue Dec 31 08:18:40 2019
Summary	Recommended update for libsodium
Type	recommended
Severity	moderate
References	1146257

Description:

This update for libsodium fixes the following issues:

build libsodium23-32bit, which is required by zeromq's -32bit packages. (bsc#1146257)

Advisory ID	SUSE-SU-2020:1-1
Released	Thu Jan 2 09:47:04 2020
Summary	Security update for java-1_8_0-ibm
Type	security
Severity	moderate
References	1154212,1158442,CVE-2019-17631,CVE-2019-2933,CVE-2019-2945,CVE-2019-2958,CVE-2019-2962,CVE-2019-2964,CVE-2019-2973,CVE-2019-2975,CVE-2019-2978,CVE-2019-2981,CVE-2019-2983,CVE-2019-2988,CVE-2019-2989,CVE-2019-2992,CVE-2019-2996,CVE-2019-2999

Description:

This update for java-1_8_0-ibm fixes the following issues:

Update to Java 8.0 Service Refresh 6 [bsc#1158442, bsc#1154212] * Security fixes: CVE-2019-2933 CVE-2019-2945 CVE-2019-2958 CVE-2019-2962 CVE-2019-2964 CVE-2019-2975 CVE-2019-2978 CVE-2019-2983 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2996 CVE-2019-2999 CVE-2019-2973 CVE-2019-2981 CVE-2019-17631

Advisory ID	SUSE-RU-2020:10-1
Released	Thu Jan 2 12:35:06 2020
Summary	Recommended update for gcc7
Type	recommended
Severity	moderate
References	1146475

Description:

This update for gcc7 fixes the following issues:

Fix miscompilation with thread-safe localstatic initialization (gcc#85887).
Fix debug info created for array definitions that complete an earlier declaration (bsc#1146475).

Advisory ID	SUSE-SU-2020:17-1
Released	Tue Jan 7 11:19:17 2020
Summary	Security update for virglrenderer
Type	security
Severity	important
References	1159478,1159479,1159482,1159486,CVE-2019-18388,CVE-2019-18389,CVE-2019-18390,CVE-2019-18391

Description:

This update for virglrenderer fixes the following issues:

CVE-2019-18388: Fixed a null pointer dereference which could have led to denial of service (bsc#1159479).
CVE-2019-18390: Fixed an out of bound read which could have led to denial of service (bsc#1159478).
CVE-2019-18389: Fixed a heap buffer overflow which could have led to guest escape or denial of service (bsc#1159482).
CVE-2019-18391: Fixed a heap based buffer overflow which could have led to guest escape or denial of service (bsc#1159486).

Advisory ID	SUSE-RU-2020:19-1
Released	Tue Jan 7 11:28:10 2020
Summary	Recommended update for lifecycle-data-sle-module-live-patching
Type	recommended
Severity	moderate
References	1020320

Description:

This update for lifecycle-data-sle-module-live-patching fixes the following issues:

Added data for 4_12_14-150_38, 4_12_14-150_41, 4_12_14-197_18, 4_12_14-197_21, 4_12_14-197_26. (bsc#1020320)

Advisory ID	SUSE-RU-2020:32-1
Released	Tue Jan 7 16:09:04 2020
Summary	Recommended update for rpmlint
Type	recommended
Severity	moderate
References	1151418,1157663

Description:

This update for rpmlint contains the following fixes:

Whitelist sssd infopipe. (bsc#1157663)
Whitelist sysprof3 D-Bus services. (bsc#1151418)

Advisory ID	SUSE-SU-2020:35-1
Released	Wed Jan 8 09:06:32 2020
Summary	Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork
Type	security
Severity	moderate
References	1122469,1143349,1150397,1152308,1153367,1158590,CVE-2019-16884

Description:

This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues:
Security issue fixed:

CVE-2019-16884: Fixed incomplete patch for LSM bypass via malicious Docker image that mount over a /proc directory (bsc#1152308).

Bug fixes:

Update to Docker 19.03.5-ce (bsc#1158590).
Update to Docker 19.03.3-ce (bsc#1153367).
Update to Docker 19.03.2-ce (bsc#1150397).
Fixed default installation such that --userns-remap=default works properly (bsc#1143349).
Fixed nginx blocked by apparmor (bsc#1122469).

Advisory ID	SUSE-RU-2020:37-1
Released	Wed Jan 8 10:42:00 2020
Summary	- Fix test getdate [bsc#1159990]
Type	recommended
Severity	low
References

Description:

Fix test getdate [bsc#1159990]
Add perl-TimeDate-getdate.patch

Advisory ID	SUSE-SU-2020:45-1
Released	Wed Jan 8 14:56:48 2020
Summary	Security update for git
Type	security
Severity	important
References	1082023,1149792,1158785,1158787,1158788,1158789,1158790,1158791,1158792,1158793,1158795,CVE-2019-1348,CVE-2019-1349,CVE-2019-1350,CVE-2019-1351,CVE-2019-1352,CVE-2019-1353,CVE-2019-1354,CVE-2019-1387,CVE-2019-19604

Description:

This update for git fixes the following issues:
Security issues fixed:

CVE-2019-1349: Fixed issue on Windows, when submodules are cloned recursively, under certain circumstances Git could be fooled into using the same Git directory twice (bsc#1158787).
CVE-2019-19604: Fixed a recursive clone followed by a submodule update could execute code contained within the repository without the user explicitly having asked for that (bsc#1158795).
CVE-2019-1387: Fixed recursive clones that are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones (bsc#1158793).
CVE-2019-1354: Fixed issue on Windows that refuses to write tracked files with filenames that contain backslashes (bsc#1158792).
CVE-2019-1353: Fixed issue when run in the Windows Subsystem for Linux while accessing a working directory on a regular Windows drive, none of the NTFS protections were active (bsc#1158791).
CVE-2019-1352: Fixed issue on Windows was unaware of NTFS Alternate Data Streams (bsc#1158790).
CVE-2019-1351: Fixed issue on Windows mistakes drive letters outside of the US-English alphabet as relative paths (bsc#1158789).
CVE-2019-1350: Fixed incorrect quoting of command-line arguments allowed remote code execution during a recursive clone in conjunction with SSH URLs (bsc#1158788).
CVE-2019-1348: Fixed the --export-marks option of fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths (bsc#1158785).
Fixes an issue where git send-email failed to authenticate with SMTP server (bsc#1082023)

Bug fixes:

Add zlib dependency, which used to be provided by openssl-devel, so that package can compile successfully after openssl upgrade to 1.1.1. (bsc#1149792).

Advisory ID	SUSE-OU-2020:52-1
Released	Thu Jan 9 10:09:11 2020
Summary	Optional update for openslp
Type	optional
Severity	low
References	1149792

Description:

This update for openslp doesn't fix any user visible bugs.

Advisory ID	SUSE-SU-2020:58-1
Released	Thu Jan 9 13:29:49 2020
Summary	Security update for LibreOffice
Type	security
Severity	moderate
References	1061210,1105173,1144522,1152684,CVE-2019-9853,SLE-8705

Description:

This update libreoffice and libraries fixes the following issues:
LibreOffice was updated to 6.3.3 (jsc#SLE-8705), bringing many bug and stability fixes.
More information for the 6.3 release at: https://wiki.documentfoundation.org/ReleaseNotes/6.3
Security issue fixed:

CVE-2019-9853: Fixed an issue where by executing macros, the security settings could have been bypassed (bsc#1152684).

Other issues addressed:

Dropped disable-kde4 switch, since it is no longer known by configure
Disabled gtk2 because it will be removed in future releases
librelogo is now a standalone sub-package (bsc#1144522).
Partial fixes for an issue where Table(s) from DOCX showed wrong position or color (bsc#1061210).

cmis-client was updated to 0.5.2:
* Removed header for Uuid's sha1 header(bsc#1105173). * Fixed Google Drive login * Added support for Google Drive two-factor authentication * Fixed access to SharePoint root folder * Limited the maximal number of redirections to 20 * Switched library implementation to C++11 (the API remains C++98-compatible) * Fixed encoding of OAuth2 credentials * Dropped cppcheck run from 'make check'. A new 'make cppcheck' target was created for it * Added proper API symbol exporting * Speeded up building of tests a bit * Fixed a few issues found by coverity and cppcheck

libixion was updated to 0.15.0:
* Updated for new liborcus * Switched to spdlog for compile-time debug log outputs * Fixed various issues
libmwaw was updated 0.3.15: * Fixed fuzzing issues
liborcus was updated to 0.15.3:
* Fixed various xml related bugs * Improved performance * Fixed multiple parser issues * Added map and structure mode to orcus-json * Other improvements and fixes
mdds was updated to 1.5.0:
* API changed to 1.5 * Moved the API incompatibility notes from README to the rst doc. * Added the overview section for flat_segment_tree.
myspell-dictionaries was updated to 20191016:
* Updated Slovenian thesaurus * Updated the da_DK dictionary * Removed the abbreviations from Thai hunspell dictionary * Updated the English dictionaries * Fixed the logo management for 'ca'
spdlog was updated to 0.16.3:
* Fixed sleep issue under MSVC that happens when changing the clock backwards * Ensured that macros always expand to expressions * Added global flush_on function

Advisory ID	SUSE-SU-2020:64-1
Released	Fri Jan 10 11:02:19 2020
Summary	Security update for openssl-1_0_0
Type	security
Severity	moderate
References	1158809,CVE-2019-1551

Description:

This update for openssl-1_0_0 fixes the following issues:
Security issue fixed:

CVE-2019-1551: Fixed an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli (bsc#1158809).

Advisory ID	SUSE-RU-2020:94-1
Released	Tue Jan 14 12:28:26 2020
Summary	Recommended update for icu
Type	recommended
Severity	important
References	1103893,1146907

Description:

This update for icu fixes the following issues:

Porting upstream's Japanese new era name support. (bsc#1103893, fate#325570, fate#325419)
Remove old obsoletes/provides for migration from very old products, as they break our shared library policy. (bsc#1146907)
IMPORTANT: Please force this update to install with 'zypper -f' to override the major version if you already installed the version 64.

Advisory ID	SUSE-RU-2020:108-1
Released	Wed Jan 15 14:19:08 2020
Summary	Recommended update for ClusterTools2
Type	recommended
Severity	moderate
References	1084925,1097134

Description:

This update for ClusterTools2 fixes the following issues:

Replace cron jobs with systemd timers. (bsc#1097134, jsc#SLE-9199)
Script refinement and first steps for an adaption to SLE15 codestream using 'shellcheck' to find and correct syntax problems, spelling errors and other problems.
Added /etc/ClusterTools2/cs_make_sbd_devices avoiding stuck and exit in case of doing a dump. (bsc#1084925)

Advisory ID	SUSE-RU-2020:109-1
Released	Wed Jan 15 14:19:28 2020
Summary	Recommended update for hawk2
Type	recommended
Severity	moderate
References	1158681

Description:

This update for hawk2 fixes the following issues:

Fix the 'acl_version' method when parsing the cib.xml avoid hanging of HAWK2 (bsc#1158681)

Advisory ID	SUSE-RU-2020:119-1
Released	Thu Jan 16 15:42:39 2020
Summary	Recommended update for python-jsonpatch
Type	recommended
Severity	moderate
References	1160978

Description:

This update for python-jsonpatch fixes the following issues:

Drop jsondiff binary to avoid conflict with python-jsondiff package.

Advisory ID	SUSE-RU-2020:122-1
Released	Fri Jan 17 10:56:07 2020
Summary	Recommended update for container-suseconnect
Type	recommended
Severity	moderate
References	1138731,1154247,1157960

Description:

This update for container-suseconnect fixes the following issues:

Fix usage with RMT and SMT. (bsc#1157960)
Parse the /etc/products.d/*.prod files.
Fix function comments based on best practices from Effective Go. (bsc#1138731)
Implement interacting with SCC behind proxy and SMT. (bsc#1154247)

Advisory ID	SUSE-RU-2020:125-1
Released	Fri Jan 17 12:27:07 2020
Summary	Recommended update for icu
Type	recommended
Severity	important
References	1161007

Description:

This update for icu provides the following fix:

Re-add the libicu provides to the spec file to fix installation of SAP HANA on SLE-15 and SLE-15-SP1. (bsc#1161007)

Advisory ID	SUSE-SU-2020:143-1
Released	Mon Jan 20 16:10:38 2020
Summary	Security update for libvpx
Type	security
Severity	important
References	1160611,1160612,1160613,1160614,1160615,CVE-2019-2126,CVE-2019-9232,CVE-2019-9325,CVE-2019-9371,CVE-2019-9433

Description:

This update for libvpx fixes the following issues:

CVE-2019-2126: Fixed a double free in ParseContentEncodingEntry() (bsc#1160611).
CVE-2019-9325: Fixed an out-of-bounds read (bsc#1160612).
CVE-2019-9232: Fixed an out-of-bounds memory access on fuzzed data (bsc#1160613).
CVE-2019-9433: Fixed a use-after-free in vp8_deblock() (bsc#1160614).
CVE-2019-9371: Fixed a resource exhaustion after memory leak (bsc#1160615).

Advisory ID	SUSE-SU-2020:213-1
Released	Wed Jan 22 15:38:15 2020
Summary	Security update for java-11-openjdk
Type	security
Severity	important
References	1160968,CVE-2020-2583,CVE-2020-2590,CVE-2020-2593,CVE-2020-2601,CVE-2020-2604,CVE-2020-2654,CVE-2020-2655

Description:

This update for java-11-openjdk fixes the following issues:
Update to version jdk-11.0.6-10 (January 2020 CPU, bsc#1160968)
Fixing these security related issues:

CVE-2020-2583: Unlink Set of LinkedHashSets
CVE-2020-2590: Improve Kerberos interop capabilities
CVE-2020-2593: Normalize normalization for all
CVE-2020-2601: Better Ticket Granting Services
CVE-2020-2604: Better serial filter handling
CVE-2020-2655: Better TLS messaging support
CVE-2020-2654: Improve Object Identifier Processing

Advisory ID	SUSE-RU-2020:217-1
Released	Thu Jan 23 07:50:32 2020
Summary	Recommended update for perl-Crypt-SSLeay
Type	recommended
Severity	moderate
References	1149792

Description:

This update for perl-Crypt-SSLeay fixes the following issues:

Fix build not testing content of returned version strings
Add missing zlib build dependency, which used to be pulled in by libopenssl-devel. (bsc#1149792)

Advisory ID	SUSE-RU-2020:225-1
Released	Fri Jan 24 06:49:07 2020
Summary	Recommended update for procps
Type	recommended
Severity	moderate
References	1158830

Description:

This update for procps fixes the following issues:

Fix for 'ps -C' allowing to accept any arguments longer than 15 characters anymore. (bsc#1158830)

Advisory ID	SUSE-SU-2020:231-1
Released	Fri Jan 24 13:34:17 2020
Summary	Security update for java-1_8_0-openjdk
Type	security
Severity	important
References	1160968,CVE-2020-2583,CVE-2020-2590,CVE-2020-2593,CVE-2020-2601,CVE-2020-2604,CVE-2020-2654,CVE-2020-2659

Description:

This update for java-1_8_0-openjdk fixes the following issues:
Update java-1_8_0-openjdk to version jdk8u242 (icedtea 3.15.0) (January 2020 CPU, bsc#1160968):

CVE-2020-2583: Unlink Set of LinkedHashSets
CVE-2020-2590: Improve Kerberos interop capabilities
CVE-2020-2593: Normalize normalization for all
CVE-2020-2601: Better Ticket Granting Services
CVE-2020-2604: Better serial filter handling
CVE-2020-2659: Enhance datagram socket support
CVE-2020-2654: Improve Object Identifier Processing

Advisory ID	SUSE-RU-2020:237-1
Released	Mon Jan 27 10:15:16 2020
Summary	Recommended update for saptune
Type	recommended
Severity	moderate
References	1142467,1142526,1149002,1152598,1159671

Description:

This update for saptune fixes the following issues:

Add function 'delete' and 'rename' to the 'note' operation to manipulate a customer or vendor specific note, with confirmation. (jsc#SLE-9283)
Inform the customer that the command 'saptune note customise [NoteID]' does not apply changes immediately but writes the changes into a configuration file that can be applied in a second step. (bsc#1142467)
Add warning to man page, not to rename/remove/modify active configurations. (bsc#1149002)
Implement support of multi-queue I/O scheduler for block devices. (bsc#1152598)
Add missing search pattern to the update helper script to find all old and superfluous notes during upgrade from SLE12 to SLE15. (bsc#1142526)
If a parameter is not supported by the system, the note action 'verify' will no longer report this as an error even if the value is not compliant. (bsc#1159671)

Advisory ID	SUSE-RU-2020:245-1
Released	Tue Jan 28 09:42:30 2020
Summary	Recommended update for cloud-init
Type	recommended
Severity	moderate
References	1155376,1156139,1157894,1161132,1161133

Description:

This update for cloud-init fixes the following issues:

Fixed an issue where it was not possible to add SSH keys and thus it was not possible to log into the system (bsc#1161132, bsc#1161133)
Fixes an issue where the IPv6 interface variable was not correctly set in an ifcfg file (bsc#1156139)
The route's destination network will now be written in CIDR notation. This provides support for correctly recording IPv6 routes (bsc#1155376)
Many smaller fixes came with this package as well. For a full list of all changes, refer to the rpm's changes file.

Advisory ID	SUSE-RU-2020:256-1
Released	Wed Jan 29 09:39:17 2020
Summary	Recommended update for aaa_base
Type	recommended
Severity	moderate
References	1157794,1160970

Description:

This update for aaa_base fixes the following issues:

Improves the way how the Java path is created to fix an issue with sapjvm. (bsc#1157794)
Drop 'dev.cdrom.autoclose' = 0 from sysctl config. (bsc#1160970)

Advisory ID	SUSE-RU-2020:303-1
Released	Mon Feb 3 15:11:40 2020
Summary	Recommended update for perl-ldap
Type	recommended
Severity	moderate
References	1158918

Description:

This update for perl-ldap fixes the following issues:
The package is added to the Basesystem module, as it is required by the YAST modules 'dhcp-server' and 'dns-server'. (bsc#1158918)

Advisory ID	SUSE-RU-2020:314-1
Released	Tue Feb 4 14:13:27 2020
Summary	Recommended update for gssproxy
Type	recommended
Severity	moderate
References	1024309

Description:

This update for gssproxy fixes the following issues:

Fix paths in tests and replace python's f-string usage
Initial check-in of gssproxy is needed on the NFS server if krb5 is used for NFS authentication using an AD directory server. (bsc#1024309)(FATE#322526)
'krb5' may need 'auth_to_local = RULE:[1:$1@$0]' on the 'realms' section when 'winbind' is used for nsswitch.conf. (bsc#1024309)(FATE#322526)

Also ding-libs was updated from 0.6.0 to 0.6.1 (jsc#ECO-248):

libini now supports validators that check for well-formed INI files.

Advisory ID	SUSE-RU-2020:322-1
Released	Wed Feb 5 09:02:56 2020
Summary	Recommended update for terraform-provider-aws, terraform-provider-susepubliccloud
Type	recommended
Severity	moderate
References	1162585

Description:

This update for terraform-provider-aws, terraform-provider-susepubliccloud fixes the following issues:

terraform-provider-susepubliccloud was released in version 0.0.1 (bsc#1162585 jsc#ECO-134)
terraform-provider-aws was released in v2.29.0 (bsc#1162585 jsc#ECO-134)

Advisory ID	SUSE-RU-2020:325-1
Released	Wed Feb 5 14:57:02 2020
Summary	Recommended update for dmidecode
Type	recommended
Severity	moderate
References	1153533,1158833

Description:

This update for dmidecode fixes the following issues:

Add enumerated values from SMBIOS 3.3.0 preventing incorrect report of new VGA card. (bsc#1153533, bsc#1158833, jsc#SLE-10875)
Only scan '/dev/mem' for entry point on x86 (fixes reboot on ARM64).
Fix formatting of TPM table output (missing newlines).
Fix displaying system slot information for PCIe SSD.

Advisory ID	SUSE-RU-2020:336-1
Released	Thu Feb 6 12:45:08 2020
Summary	Recommended update for opus
Type	recommended
Severity	moderate
References	1162395

Description:

This update for opus fixes the following issues:

Fixes an issue with the analysis on files with digital silence (all zeros), especially on x87 builds (mostly affects 32-bit builds)
Improved speech/music detection based on a neural network
Low-bitrate speech improvements
Added support for immersive audio using ambisonics
Improved tone quality

This update also improves the security of this software.

Advisory ID	SUSE-RU-2020:338-1
Released	Thu Feb 6 13:00:23 2020
Summary	Recommended update for apr
Type	recommended
Severity	moderate
References	1151059

Description:

This update for apr fixes the following issues:

Increase timeout to fix random failure of testsuite [bsc#1151059].

Advisory ID	SUSE-RU-2020:343-1
Released	Thu Feb 6 13:08:13 2020
Summary	Recommended update for SAPHanaSR
Type	recommended
Severity	moderate
References	1155423,1156067,1156150,1157453

Description:

This update for SAPHanaSR fixes the following issues:

Restart sapstartsrv service on master nameserver node during monitor action, if needed. But NOT during probes. (bsc#1157453, bsc#1156150)
The SAPHana resource agent must not down-score a SAP HANA Database site, but keep high scoring during recovery of the master name server. (bsc#1156067)
Change HAWK2 templates to python3. (bsc#1155423)

Advisory ID	SUSE-RU-2020:344-1
Released	Thu Feb 6 13:08:33 2020
Summary	Recommended update for python-kiwi
Type	recommended
Severity	moderate
References	1139915,1150190,1155815,1156694,1156908,1157104,1157354,1159235,1159538

Description:

This update for python-kiwi fixes the following issues:

Update libyui-ncurses-pkg10 to libyui-ncurses-pkg11 Tumbleweed there is no longer the libyui-ncurses-pkg10 its been superseded by libyui-ncurses-pkg11. (bsc#1159538)
Fix grub2 configuration for shim fallback setup if shim fallback setup is enabled the grub.cfg is copied to the EFI partition. (bsc#1159235, bsc#1155815)
No swap volume is added on btrfs as the volume manager is not LVM, so swap has its own volume. (bsc#1156908)
Fixed setup of default grub config preventing grub2-mkconfig to place the root device information twice. (bsc#1156908)
Include 'grub.cfg' inside the efi partition the vfat. (bsc#1157354)
Fix for kiwi relative path in repository element. (bsc#1157104)
Fixed 'zipl' bootloader setup for 's390' images. (bsc#1156694)
Fix the sha256 generated file content in a 'kiwi result bundle' call includes the filename with the correct extension. (bsc#1139915)
Fixed rpmdb compat link setup removing the hardcoded path '/var/lib/rpm' and use the rpm macro definition instead. (bsc#1150190)

Advisory ID	SUSE-SU-2020:359-1
Released	Fri Feb 7 10:39:59 2020
Summary	Security update for rubygem-rack
Type	security
Severity	moderate
References	1114828,1116600,1159548,CVE-2018-16471,CVE-2019-16782

Description:

This update for rubygem-rack to version 2.0.8 fixes the following issues:

CVE-2018-16471: Fixed a cross-site scripting (XSS) flaw via the scheme method on Rack::Request (bsc#1116600).
CVE-2019-16782: Fixed a possible information leak and session hijack vulnerability (bsc#1159548).

Advisory ID	SUSE-RU-2020:362-1
Released	Fri Feb 7 11:14:20 2020
Summary	Recommended update for libXi
Type	recommended
Severity	moderate
References	1153311

Description:

This update for libXi fixes the following issue:

The libXi6-32bit library on x86_64 are now shipped in the Basesystem module. (bsc#1153311)

Advisory ID	SUSE-RU-2020:365-1
Released	Fri Feb 7 13:48:54 2020
Summary	Recommended update for lmdb
Type	recommended
Severity	moderate
References	1159086

Description:

This update for lmdb fixes the following issues:

Fix assert in LMBD during 'mdb_page_search_root'. (bsc#1159086).

Advisory ID	SUSE-SU-2020:375-1
Released	Fri Feb 7 17:30:25 2020
Summary	Security update for docker-runc
Type	security
Severity	moderate
References	1160452,CVE-2019-19921

Description:

This update for docker-runc fixes the following issues:

CVE-2019-19921: Fixed a volume mount race condition with shared mounts (bsc#1160452).

Advisory ID	SUSE-RU-2020:392-1
Released	Tue Feb 18 11:23:50 2020
Summary	Recommended update for lifecycle-data-sle-module-live-patching
Type	recommended
Severity	moderate
References	1020320

Description:

This update for lifecycle-data-sle-module-live-patching fixes the following issues:

Removed duplicate records and added data for 4_12_14-150_47, 4_12_14-197_29. (bsc#1020320)

Advisory ID	SUSE-RU-2020:395-1
Released	Tue Feb 18 14:16:48 2020
Summary	Recommended update for gcc7
Type	recommended
Severity	moderate
References	1160086

Description:

This update for gcc7 fixes the following issue:

Fixed a miscompilation in zSeries code (bsc#1160086)

Advisory ID	SUSE-RU-2020:398-1
Released	Tue Feb 18 16:59:27 2020
Summary	Recommended update for gnu-compilers-hpc
Type	recommended
Severity	moderate
References	1160924

Description:

This update for gnu-compilers-hpc fixes the following issues:

Added gcc9 flavors (jsc#SLE-8604 bsc#1160924)

Advisory ID	SUSE-SU-2020:413-1
Released	Wed Feb 19 10:21:41 2020
Summary	Security update for enigmail
Type	security
Severity	moderate
References	1159973

Description:

This update for enigmail fixes the following issues:
enigmail was updated to 2.1.5:

Security issue: unsigned MIME parts displayed as signed (bsc#1159973)
Ensure that upgrading GnuPG 2.0.x to 2.2.x upgrade converts keyring format
Make Enigmail Compatible with Protected-Headers spec, draft 2

enigmail 2.1.4:

Fixes for UI glitches
Option to 'Attach public key to messages' was not restored properly

enigmail 2.1.3:

fix a bug in the setup wizard that could lead the wizard to never complete scanning the inbox

Advisory ID	SUSE-RU-2020:31-1
Released	Mon Feb 24 10:36:36 2020
Summary	Recommended update for cloud-netconfig
Type	recommended
Severity	moderate
References	1135592,1144282,1157117,1157190

Description:

This update for cloud-netconfig contains the following fixes:

Removed obsolete Group tag from spec file.

Update to version 1.3: + Fix IPv4 address handling on secondary NICs in Azure.

Update to version 1.2: + support AWS IMDSv2 token.

Update to version 1.1: + fix use of GATEWAY variable. (bsc#1157117, bsc#1157190) + remove secondary IPv4 address only when added by cloud-netconfig. (bsc#1144282) + simplify routing setup for single NIC systems (partly fixes bsc#1135592)

Advisory ID	SUSE-SU-2020:440-1
Released	Mon Feb 24 15:31:42 2020
Summary	Security update for python-azure-agent
Type	security
Severity	moderate
References	1127838,CVE-2019-0804

Description:

This update for python-azure-agent fixes the following issues:
python-azure-agent was updated to version 2.2.45 (jsc#ECO-80)

Add support for Gen2 VM resource disks
Use alternate systemd detection
Fix /proc/net/route requirement that causes errors on FreeBSD
Add cloud-init auto-detect to prevent multiple provisioning mechanisms from relying on configuration for coordination
Disable cgroups when daemon is setup incorrectly
Remove upgrade extension loop for the same goal state
Add container id for extension telemetry events
Be more exact when detecting IMDS service health
Changing add_event to start sending missing fields

From 2.2.44 update:

Remove outdated extension ZIP packages
Improved error handling when starting extensions using systemd
Reduce provisioning time of some custom images
Improve the handling of extension download errors
New API for extension authors to handle errors during extension update
Fix handling of errors in calls to openssl
Improve logic to determine current distro
Reduce verbosity of several logging statements

From 2.2.42 update:

Poll for artifact blob, addresses goal state procesing issue

From 2.2.41 update:

Rewriting the mechanism to start the extension using systemd-run for systems using systemd for managing
Refactoring of resource monitoring framework using cgroup for both systemd and non-systemd approaches [#1530, #1534]
Telemetry pipeline for resource monitoring data

From 2.2.40 update:

Fixed tracking of memory/cpu usage
Do not prevent extensions from running if setting up cgroups fails
Enable systemd-aware deprovisioning on all versions >= 18.04
Add systemd support for Debian Jessie, Stretch, and Buster
Support for Linux Openwrt

From 2.2.38 update:
Security issue fixed:

CVE-2019-0804: An issue with swapfile handling in the agent creates a data leak situation that exposes system memory data. (bsc#1127838)
Add fixes for handling swap file and other nit fixes

From 2.2.37 update:

Improves re-try logic to handle errors while downloading extensions

Advisory ID	SUSE-RU-2020:445-1
Released	Tue Feb 25 10:49:36 2020
Summary	Recommended update for gdb
Type	recommended
Severity	moderate
References	1146167,1146475,1156284,1158539

Description:

This update for gdb fixes the following issues:

Added support for official name of IBM s390 Arch13: z15.
Added descriptions for arch13 instructions. (jsc#SLE-7903)
Fixed build with gcc 10 [bsc#1158539, swo#24653].
Make fpc optional (bsc#1156284) as fpc requires itself for bootstrapping.
Fixed a debugging information problem with a forwarding array declaration (bsc#1146475)
Fixed that logging redirect doesn't work for user-defined command (bsc#1146167)

Advisory ID	SUSE-RU-2020:453-1
Released	Tue Feb 25 10:51:53 2020
Summary	Recommended update for binutils
Type	recommended
Severity	moderate
References	1160590

Description:

This update for binutils fixes the following issues:

Recognize the official name of s390 arch13: 'z15'. (bsc#1160590, jsc#SLE-7903 aka jsc#SLE-7464)

Advisory ID	SUSE-SU-2020:458-1
Released	Tue Feb 25 11:01:37 2020
Summary	Security update for libexif
Type	security
Severity	moderate
References	1120943,1160770,CVE-2018-20030,CVE-2019-9278

Description:

This update for libexif fixes the following issues:

CVE-2019-9278: Fixed an integer overflow (bsc#1160770).
CVE-2018-20030: Fixed a denial of service by endless recursion (bsc#1120943).

Advisory ID	SUSE-SU-2020:466-1
Released	Tue Feb 25 11:59:19 2020
Summary	Security update for java-1_8_0-ibm
Type	security
Severity	important
References	1160968,1162972,CVE-2019-4732,CVE-2020-2583,CVE-2020-2593,CVE-2020-2604,CVE-2020-2659

Description:

This update for java-1_8_0-ibm fixes the following issues:
Java 8.0 was updated to Service Refresh 6 Fix Pack 5 (bsc#1162972, bsc#1160968)

CVE-2020-2583: Unlink Set of LinkedHashSets
CVE-2019-4732: Untrusted DLL search path vulnerability
CVE-2020-2593: Normalize normalization for all
CVE-2020-2604: Better serial filter handling
CVE-2020-2659: Enhance datagram socket support

Advisory ID	SUSE-RU-2020:480-1
Released	Tue Feb 25 17:38:22 2020
Summary	Recommended update for aaa_base
Type	recommended
Severity	moderate
References	1160735

Description:

This update for aaa_base fixes the following issues:

Change 'rp_filter' to increase the default priority to ethernet over the wifi. (bsc#1160735)

Advisory ID	SUSE-RU-2020:481-1
Released	Tue Feb 25 17:39:22 2020
Summary	Recommended update for perl-TimeDate
Type	recommended
Severity	moderate
References	1162433

Description:

This update for perl-TimeDate fixes the following issues:

Fix for issues parsing date strings into time values correctly. (bsc#1162433)

Advisory ID	SUSE-SU-2020:489-1
Released	Wed Feb 26 11:44:03 2020
Summary	Security update for ppp
Type	security
Severity	important
References	1162610,CVE-2020-8597

Description:

This update for ppp fixes the following security issue:

CVE-2020-8597: Fixed a buffer overflow in the eap_request and eap_response functions (bsc#1162610).

Advisory ID	SUSE-RU-2020:498-1
Released	Wed Feb 26 17:59:44 2020
Summary	Recommended update for aws-cli, python-boto3, python-botocore, python-s3transfer, python-aws-sam-translator, python-cfn-lint, python-nose2, python-parameterized
Type	recommended
Severity	moderate
References	1122669,1136184,1146853,1146854,1159018

Description:

This update for aws-cli, python-aws-sam-translator, python-cfn-lint, python-nose2, python-parameterized, python-boto3, python-botocore, python-s3transfer fixes the following issues:
python-aws-sam-translator was updated to 1.11.0 (bsc#1159018, jsc#PM-1507):
Upgrade to 1.11.0:
* Add ReservedConcurrentExecutions to globals * Fix ElasticsearchHttpPostPolicy resource reference * Support using AWS::Region in Ref and Sub * Documentation and examples updates * Add VersionDescription property to Serverless::Function * Update ServerlessRepoReadWriteAccessPolicy * Add additional template validation
Upgrade to 1.10.0:
* Add GSIs to DynamoDBReadPolicy and DynamoDBCrudPolicy * Add DynamoDBReconfigurePolicy * Add CostExplorerReadOnlyPolicy and OrganizationsListAccountsPolicy * Add EKSDescribePolicy * Add SESBulkTemplatedCrudPolicy * Add FilterLogEventsPolicy * Add SSMParameterReadPolicy * Add SESEmailTemplateCrudPolicy * Add s3:PutObjectAcl to S3CrudPolicy * Add allow_credentials CORS option * Add support for AccessLogSetting and CanarySetting Serverless::Api properties * Add support for X-Ray in Serverless::Api * Add support for MinimumCompressionSize in Serverless::Api * Add Auth to Serverless::Api globals * Remove trailing slashes from APIGW permissions * Add SNS FilterPolicy and an example application * Add Enabled property to Serverless::Function event sources * Add support for PermissionsBoundary in Serverless::Function * Fix boto3 client initialization * Add PublicAccessBlockConfiguration property to S3 bucket resource * Make PAY_PER_REQUEST default mode for Serverless::SimpleTable * Add limited support for resolving intrinsics in Serverless::LayerVersion * SAM now uses Flake8 * Add example application for S3 Events written in Go * Updated several example applications
python-cfn-lint was added in version 0.21.4:

Add upstream patch to fix EOL dates for lambda runtimes
Add upstream patch to fix test_config_expand_paths test

Rename to python-cfn-lint. This package has a python API, which is required by python-moto.

Update to version 0.21.4:
+ Features * Include more resource types in W3037 + CloudFormation Specifications * Add Resource Type `AWS::CDK::Metadata` + Fixes * Uncap requests dependency in setup.py * Check Join functions have lists in the correct sections * Pass a parameter value for AutoPublishAlias when doing a Transform * Show usage examples when displaying the help
Update to version 0.21.3
+ Fixes * Support dumping strings for datetime objects when doing a Transform
Update to version 0.21.2
+ CloudFormation Specifications * Update CloudFormation specs to 3.3.0 * Update instance types from pricing API as of 2019.05.23
Update to version 0.21.1
+ Features * Add `Info` logging capability and set the default logging to `NotSet` + Fixes * Only do rule logging (start/stop/time) when the rule is going to be called * Update rule E1019 to allow `Fn::Transform` inside a `Fn::Sub` * Update rule W2001 to not break when `Fn::Transform` inside a `Fn::Sub` * Update rule E2503 to allow conditions to be used and to not default to `network` load balancer when an object is used for the Load Balancer type
Update to version 0.21.0
+ Features * New rule E3038 to check if a Serverless resource includes the appropriate Transform * New rule E2531 to validate a Lambda's runtime against the deprecated dates * New rule W2531 to validate a Lambda's runtime against the EOL dates * Update rule E2541 to include updates to Code Pipeline capabilities * Update rule E2503 to include checking of values for load balancer attributes + CloudFormation Specifications * Update CloudFormation specs to 3.2.0 * Update instance types from pricing API as of 2019.05.20 + Fixes * Include setuptools in setup.py requires
Update to version 0.20.3
+ CloudFormation Specifications * Update instance types from pricing API as of 2019.05.16 + Fixes * Update E7001 to allow float/doubles for mapping values * Update W1020 to check pre-transformed Fn::Sub(s) to determine if a Sub is needed * Pin requests to be below or equal to 2.21.0 to prevent issues with botocore
Update to version 0.20.2
+ Features * Add support for List Parameter types + CloudFormation Specifications * Add allowed values for AWS::EC2 EIP, FlowLog, CustomerGateway, DHCPOptions, EC2Fleet * Create new property type for Security Group IDs or Names * Add new Lambda runtime environment for NodeJs 10.x * Move AWS::ServiceDiscovery::Service Health checks from Only One to Exclusive * Update Glue Crawler Role to take an ARN or a name * Remove PrimitiveType from MaintenanceWindowTarget Targets * Add Min/Max values for Load Balancer Ports to be between 1-65535 + Fixes * Include License file in the pypi package to help with downstream projects * Filter out dynamic references from rule E3031 and E3030 * Convert Python linting and Code Coverage from Python 3.6 to 3.7
Update to version 0.20.1
+ Fixes * Update rule E8003 to support more functions inside a Fn::Equals
Update to version 0.20.0
+ Features * Allow a rule's exception to be defined in a resource's metadata * Add rule configuration capabilities * Update rule E3012 to allow for non strict property checking * Add rule E8003 to test Fn::Equals structure and syntax * Add rule E8004 to test Fn::And structure and syntax * Add rule E8005 to test Fn::Not structure and syntax * Add rule E8006 to test Fn::Or structure and syntax * Include Path to error in the JSON output * Update documentation to describe how to install cfn-lint from brew + CloudFormation Specifications * Update CloudFormation specs to version 3.0.0 * Add new region ap-east-1 * Add list min/max and string min/max for CloudWatch Alarm Actions * Add allowed values for EC2::LaunchTemplate * Add allowed values for EC2::Host * Update allowed values for Amazon MQ to include 5.15.9 * Add AWS::Greengrass::ResourceDefinition to GreenGrass supported regions * Add AWS::EC2::VPCEndpointService to all regions * Update AWS::ECS::TaskDefinition ExecutionRoleArn to be a IAM Role ARN * Patch spec files for SSM MaintenanceWindow to look for Target and not Targets * Update ManagedPolicyArns list size to be 20 which is the hard limit. 10 is the soft limit. + Fixes * Fix rule E3033 to check the string size when the string is inside a list * Fix an issue in which AWS::NotificationARNs was not a list * Add AWS::EC2::Volume to rule W3010 * Fix an issue with W2001 where SAM translate would remove the Ref to a parameter causing this error to falsely trigger * Fix rule W3010 to not error when the availability zone is 'all'
Update to version 0.19.1
+ Fixes * Fix core Condition processing to support direct Condition in another Condition * Fix the W2030 to check numbers against string allowed values
Update to version 0.19.0
+ Features * Add NS and PTR Route53 record checking to rule E3020 * New rule E3050 to check if a Ref to IAM Role has a Role path of '/' * New rule E3037 to look for duplicates in a list that doesn't support duplicates * New rule I3037 to look for duplicates in a list when duplicates are allowed + CloudFormation Specifications * Add Min/Max values to AWS::ElasticLoadBalancingV2::TargetGroup HealthCheckTimeoutSeconds * Add Max JSON size to AWS::IAM::ManagedPolicy PolicyDocument * Add allowed values for AWS::EC2 SpotFleet, TransitGateway, NetworkAcl NetworkInterface, PlacementGroup, and Volume * Add Min/max values to AWS::Budgets::Budget.Notification Threshold * Update RDS Instance types by database engine and license definitions using the pricing API * Update AWS::CodeBuild::Project ServiceRole to support Role Name or ARN * Update AWS::ECS::Service Role to support Role Name or ARN + Fixes * Update E3025 to support the new structure of data in the RDS instance type json * Update E2540 to remove all nested conditions from the object * Update E3030 to not do strict type checking * Update E3020 to support conditions nested in the record sets * Update E3008 to better handle CloudFormation sub stacks with different GetAtt formats
Update to version 0.18.1
+ CloudFormation Specifications * Update CloudFormation Specs to 2.30.0 * Fix IAM Regex Path to support more character types * Update AWS::Batch::ComputeEnvironment.ComputeResources InstanceRole to reference an InstanceProfile or GetAtt the InstanceProfile Arn * Allow VPC IDs to Ref a Parameter of type String + Fixes * Fix E3502 to check the size of the property instead of the parent object
Update to version 0.18.0
+ Features * New rule E3032 to check the size of lists * New rule E3502 to check JSON Object Size using definitions in the spec file * New rule E3033 to test the minimum and maximum length of a string * New rule E3034 to validate the min and max of a number * Remove Ebs Iops check from E2504 and use rule E3034 instead * Remove rule E2509 and use rule E3033 instead * Remove rule E2508 as it replaced by E3032 and E3502 * Update rule E2503 to check that there are at least two 2 Subnets or SubnetMappings for ALBs * SAM requirement upped to minimal version of 1.10.0 + CloudFormation Specifications * Extend specs to include: > `ListMin` and `ListMax` for the minimum and maximum size of a list > `JsonMax` to check the max size of a JSON Object > `StringMin` and `StringMax` to check the minimum and maximum length of a String > `NumberMin` and `NumberMax` to check the minimum and maximum value of a Number, Float, Long * Update State and ExecutionRoleArn to be required on AWS::DLM::LifecyclePolicy * Add AllowedValues for PerformanceInsightsRetentionPeriod for AWS::RDS::Instance * Add AllowedValues for the AWS::GuardDuty Resources * Add AllowedValues for AWS::EC2 VPC and VPN Resources * Switch IAM Instance Profiles for certain resources to the type that only takes the name * Add regex pattern for IAM Instance Profile when a name (not Arn) is used * Add regex pattern for IAM Paths * Add Regex pattern for IAM Role Arn * Update OnlyOne spec to require require at least one of Subnets or SubnetMappings with ELB v2 + Fixes * Fix serverless transform to use DefinitionBody when Auth is in the API definition * Fix rule W2030 to not error when checking SSM or List Parameters
Update to version 0.17.1
+ Features * Update rule E2503 to make sure NLBs don't have a Security Group configured + CloudFormation Specifications * Add all the allowed values of the `AWS::Glue` Resources * Update OnlyOne check for `AWS::CloudWatch::Alarm` to only `MetricName` or `Metrics` * Update Exclusive check for `AWS::CloudWatch::Alarm` for properties mixed with `Metrics` and `Statistic` * Update CloudFormation specs to 2.29.0 * Fix type with MariaDB in the AllowedValues * Update pricing information for data available on 2018.3.29 + Fixes * Fix rule E1029 to not look for a sub is needed when looking for iot strings in policies * Fix rule E2541 to allow for ActionId Versions of length 1-9 and meets regex `[0-9A-Za-z_-]+` * Fix rule E2532 to allow for `Parameters` inside a `Pass` action * Fix an issue when getting the location of an error in which numbers are causing an attribute error
Update to version 0.17.0
+ Features * Add new rule E3026 to validate Redis cluster settings including AutomaticFailoverEnabled and NumCacheClusters. Status: Released * Add new rule W3037 to validate IAM resource policies. Status: Experimental * Add new parameter `-e/--include-experimental` to allow for new rules in that aren't ready to be fully released + CloudFormation Specifications * Update Spec files to 2.28.0 * Add all the allowed values of the AWS::Redshift::* Resources * Add all the allowed values of the AWS::Neptune::* Resources * Patch spec to make AWS::CloudFront::Distribution.LambdaFunctionAssociation.LambdaFunctionARN required * Patch spec to make AWS::DynamoDB::Table AttributeDefinitions required + Fixes * Remove extra blank lines when there is no errors in the output * Add exception to rule E1029 to have exceptions for EMR CloudWatchAlarmDefinition * Update rule E1029 to allow for literals in a Sub * Remove sub checks from rule E3031 as it won't match in all cases of an allowed pattern regex check * Correct typos for errors in rule W1001 * Switch from parsing a template as Yaml to Json when finding an escape character * Fix an issue with SAM related to transforming templates with Serverless Application and Lambda Layers * Fix an issue with rule E2541 when non strings were used for Stage Names
Update to version 0.16.0
+ Features * Add rule E3031 to look for regex patterns based on the patched spec file * Remove regex checks from rule E2509 * Add parameter `ignore-templates` to allow the ignoring of templates when doing bulk linting + CloudFormation Specifications * Update Spec files to 2.26.0 * Add all the allowed values of the AWS::DirectoryService::* Resources * Add all the allowed values of the AWS::DynamoDB::* Resources * Added AWS::Route53Resolver resources to the Spec Patches of ap-southeast-2 * Patch the spec file with regex patterns * Add all the allowed values of the AWS::DocDb::* Resources + Fixes * Update rule E2504 to have '20000' as the max value * Update rule E1016 to not allow ImportValue inside of Conditions * Update rule E2508 to check conditions when providing limit checks on managed policies * Convert unicode to strings when in Py 3.4/3.5 and updating specs * Convert from `awslabs` to `aws-cloudformation` organization * Remove suppression of logging that was removed from samtranslator >1.7.0 and incompatibility with samtranslator 1.10.0
Update to version 0.15.0
+ Features * Add scaffolding for arbitrary Match attributes, adding attributes for Type checks * Add rule E3024 to validate that ProvisionedThroughput is not specified with BillingMode PAY_PER_REQUEST + CloudFormation Specifications * Update Spec files to 2.24.0 * Update OnlyOne spec to have BlockDeviceMapping to include NoDevice with Ebs and VirtualName * Add all the allowed values of the AWS::CloudFront::* Resources * Add all the allowed values of the AWS::DAX::* Resources + Fixes * Update config parsing to use the builtin Yaml decoder * Add condition support for Inclusive E2521, Exclusive E2520, and AtLeastOne E2522 rules * Update rule E1029 to better check Resource strings inside IAM Policies * Improve the line/column information of a Match with array support
Update to version 0.14.1
+ CloudFormation Specifications * Update CloudFormation Specs to version 2.23.0 * Add allowed values for AWS::Config::* resources * Add allowed values for AWS::ServiceDiscovery::* resources * Fix allowed values for Apache MQ + Fixes * Update rule E3008 to not error when using a list from a custom resource * Support simple types in the CloudFormation spec * Add tests for the formatters
Update to version 0.14.0
+ Features * Add rule E3035 to check the values of DeletionPolicy * Add rule E3036 to check the values of UpdateReplacePolicy * Add rule E2014 to check that there are no REFs in the Parameter section * Update rule E2503 to support TLS on NLBs + CloudFormation Specifications * Update CloudFormation spec to version 2.22.0 * Add allowed values for AWS::Cognito::* resources + Fixes * Update rule E3002 to allow GetAtts to Custom Resources under a Condition
Update to version 0.13.2
+ Features * Introducing the cfn-lint logo! * Update SAM dependency version + Fixes * Fix CloudWatchAlarmComparisonOperator allowed values. * Fix typo resoruce_type_spec in several files * Better support for nested And, Or, and Not when processing Conditions
Update to version 0.13.1
+ CloudFormation Specifications * Add allowed values for AWS::CloudTrail::Trail resources * Patch spec to have AWS::CodePipeline::CustomActionType Version included + Fixes * Fix conditions logic to use AllowedValues when REFing a Parameter that has AllowedValues specified
Update to version 0.13.0
+ Features * New rule W1011 to check if a FindInMap is using the correct map name and keys * New rule W1001 to check if a Ref/GetAtt to a resource that exists when Conditions are used * Removed logic in E1011 and moved it to W1011 for validating keys * Add property relationships for AWS::ApplicationAutoScaling::ScalingPolicy into Inclusive, Exclusive, and AtLeastOne * Update rule E2505 to check the netmask bit * Include the ability to update the CloudFormation Specs using the Pricing API + CloudFormation Specifications * Update to version 2.21.0 * Add allowed values for AWS::Budgets::Budget * Add allowed values for AWS::CertificateManager resources * Add allowed values for AWS::CodePipeline resources * Add allowed values for AWS::CodeCommit resources * Add allowed values for EC2 InstanceTypes from pricing API * Add allowed values for RedShift InstanceTypes from pricing API * Add allowed values for MQ InstanceTypes from pricing API * Add allowed values for RDS InstanceTypes from pricing API + Fixes * Fixed README indentation issue with .pre-commit-config.yaml * Fixed rule E2541 to allow for multiple inputs/outputs in a CodeBuild task * Fixed rule E3020 to allow for a period or no period at the end of a ACM registration record * Update rule E3001 to support UpdateReplacePolicy * Fix a cli issue where `--template` wouldn't be used when a .cfnlintrc was in the same folder * Update rule E3002 and E1024 to support packaging of AWS::Lambda::LayerVersion content

Initial build + Version 0.12.1

Update to 0.9.1
* the prof plugin now uses cProfile instead of hotshot for profiling * skipped tests now include the user's reason in junit XML's message field * the prettyassert plugin mishandled multi-line function definitions * Using a plugin's CLI flag when the plugin is already enabled via config no longer errors * nose2.plugins.prettyassert, enabled with --pretty-assert * Cleanup code for EOLed python versions * Dropped support for distutils. * Result reporter respects failure status set by other plugins * JUnit XML plugin now includes the skip reason in its output
Upgrade to 0.8.0:

List of changes is too long to show here, see https://github.com/nose-devs/nose2/blob/master/docs/changelog.rst changes between 0.6.5 and 0.8.0

Update to 0.7.0:

Added parameterized_class feature, for parameterizing entire test classes (many thanks to @TobyLL for their suggestions and help testing!)
Fix DeprecationWarning on `inspect.getargs` (thanks @brettdh; https://github.com/wolever/parameterized/issues/67)
Make sure that `setUp` and `tearDown` methods work correctly (#40)
Raise a ValueError when input is empty (thanks @danielbradburn; https://github.com/wolever/parameterized/pull/48)
Fix the order when number of cases exceeds 10 (thanks @ntflc; https://github.com/wolever/parameterized/pull/49)

aws-cli was updated to version 1.16.223:
For detailed changes see the changes entries:
https://github.com/aws/aws-cli/blob/1.16.223/CHANGELOG.rst https://github.com/aws/aws-cli/blob/1.16.189/CHANGELOG.rst https://github.com/aws/aws-cli/blob/1.16.182/CHANGELOG.rst https://github.com/aws/aws-cli/blob/1.16.176/CHANGELOG.rst https://github.com/aws/aws-cli/blob/1.16.103/CHANGELOG.rst https://github.com/aws/aws-cli/blob/1.16.94/CHANGELOG.rst https://github.com/aws/aws-cli/blob/1.16.84/CHANGELOG.rst
python-boto3 was updated to 1.9.213, python-botocore was updated to 1.9.188, and python-s3transfer was updated to 1.12.74, fixing lots of bugs and adding features (bsc#1146853, bsc#1146854)

Advisory ID	SUSE-RU-2020:521-1
Released	Thu Feb 27 18:08:56 2020
Summary	Recommended update for c-ares
Type	recommended
Severity	moderate
References	1125306,1159006

Description:

This update for c-ares fixes the following issues:
c-ares version update to 1.15.0:

Add ares_init_options() configurability for path to resolv.conf file
Ability to exclude building of tools (adig, ahost, acountry) in CMake
Report ARES_ENOTFOUND for .onion domain names as per RFC7686 (bsc#1125306)
Apply the IPv6 server blacklist to all nameserver sources
Prevent changing name servers while queries are outstanding
ares_set_servers_csv() on failure should not leave channel in a bad state
getaddrinfo - avoid infinite loop in case of NXDOMAIN
ares_getenv - return NULL in all cases
implement ares_getaddrinfo

Fixed a regression in DNS results that contain both A and AAAA answers.
Add netcfg as the build requirement and runtime requirement.

Advisory ID	SUSE-RU-2020:525-1
Released	Fri Feb 28 11:49:36 2020
Summary	Recommended update for pam
Type	recommended
Severity	moderate
References	1164562

Description:

This update for pam fixes the following issues:

Add libdb as build-time dependency to enable pam_userdb module. Enable pam_userdb.so (jsc#sle-7258, bsc#1164562)

Advisory ID	SUSE-RU-2020:556-1
Released	Mon Mar 2 13:32:14 2020
Summary	Recommended update for 389-ds
Type	recommended
Severity	moderate
References	1155951

Description:

This update for 389-ds to version 1.4.2.2 fixes the following issues:
389-ds was updated to 1.4.2.6 (fate#326677, bsc#1155951), bringing many bug and stability fixes.
Issue addressed:

Enabled python lib389 installer tooling to match upstream and suse documentation.

More information for this release at: https://directory.fedoraproject.org/docs/389ds/releases/release-1-4-2-1.html

Advisory ID	SUSE-RU-2020:562-1
Released	Mon Mar 2 17:37:15 2020
Summary	Recommended update for mariadb-connector-c
Type	recommended
Severity	moderate
References	1162388

Description:

This update for mariadb-connector-c fixes the following issues:
New upstream version 3.1.7 (bsc#1162388)

TLS/SSL: when the client doesn't provide a CA file and the option ssl_verify_server_cert was set, the peer certificate will be validated against the system CA.
ERROR 2026 (HY000): SSL connection error due to Certificate signature check failed
Provide error code and message for SChannel errors
SEC_E_INVALID_TOKEN when server sends large message during SSL handshake

Advisory ID	SUSE-RU-2020:567-1
Released	Tue Mar 3 10:46:37 2020
Summary	Recommended update for sendmail
Type	recommended
Severity	moderate
References	1164084

Description:

This update for sendmail fixes the following issues:

If sendmail tried to reuse an SMTP session which had already been closed by the server, then the connection cache could have invalid information about the session, possibly STARTTLS was not used even if it was offered. (bsc#1164084)

Advisory ID	SUSE-RU-2020:575-1
Released	Tue Mar 3 14:51:50 2020
Summary	Recommended update for hfst-ospell
Type	recommended
Severity	moderate
References	1164440

Description:

This update for hfst-ospell fixes the following issue:

Fix the build with new ICU 65 (bsc#1164440) The fix is required for building the package on SLE-15-SP2 after upgrading to the new International Components for Unicode (ICU) 65

Advisory ID	SUSE-RU-2020:591-1
Released	Thu Mar 5 12:33:06 2020
Summary	Recommended update for libfreehand
Type	recommended
Severity	moderate
References	1164434

Description:

This update for libfreehand fixes the following issue:

Solve build errors with International Components for Unicode (ICU) 65.1: (bsc#1164434)

Advisory ID	SUSE-RU-2020:593-1
Released	Thu Mar 5 13:25:06 2020
Summary	Recommended update for umoci
Type	recommended
Severity	moderate
References	1165161

Description:

This update for umoci fixes the following issues:
Update to umoci v0.4.4:

Added full-stack verification of blob hashes and descriptors for all operations (improving our hardening against bad images).
For details, see CHANGELOG.md in the package.

Update to umoci v0.4.3:

Added --no-history to all commands with --history.* flags. Should only be used for umoci-config(1).
Added `umoci insert --tag` to allow non-destructive modifications.
For details, see packaged /usr/share/doc/packages/umoci/CHANGELOG.md.

Update to umoci v0.4.2:

umoci now has an exposed Go API
Added `umoci unpack --keep-dirlinks`
`umoci insert` now supports whiteouts two ways.
For details, see CHANGELOG.md in the package.

Update to umoci v0.4.1.

Support more tags (the valid set of characters in tags has expanded).
Add 'umoci insert' and 'umoci raw unpack'.
'umoci unpack' correctly handles out-of-order whiteouts now.
'umoci unpack' and 'umoci repack' make sure of a more optimised gzip implementation now -- in some benchmarks 'umoci repack' can have a speedup of up to 3x.
For details, see CHANGELOG.md in the package.

Update to umoci v0.4.0:

`umoci repack` now supports `--refresh-bundle` which will update the OCI bundle's metadata (mtree and umoci-specific manifests) after packing the image tag. This means that the bundle can be used as a base layer for future diffs without needing to unpack the image again. openSUSE/umoci#196
Added a website, and reworked the documentation to be better structured. You can visit the website at [`umo.ci`][umo.ci]. openSUSE/umoci#188
Added support for the `user.rootlesscontainers` specification, which allows for persistent on-disk emulation of `chown(2)` inside rootless containers. This implementation is interoperable with [@AkihiroSuda's `PRoot` fork][as-proot-fork] (though we do not test its interoperability at the moment) as both tools use [the same protobuf specification][rootlesscontainers-proto]. openSUSE/umoci#227
`umoci unpack` now has support for opaque whiteouts (whiteouts which remove all children of a directory in the lower layer), though `umoci repack` does not currently have support for generating them. While this is technically a spec requirement, through testing we've never encountered an actual user of these whiteouts. openSUSE/umoci#224 openSUSE/umoci#229
`umoci unpack` will now use some rootless tricks inside user namespaces for operations that are known to fail (such as `mknod(2)`) while other operations will be carried out as normal (such as `lchown(2)`). It should be noted that the `/proc/self/uid_map` checking we do can be tricked into not detecting user namespaces, but you would need to be trying to break it on purpose. openSUSE/umoci#171 openSUSE/umoci#230
Fix a bug in our 'parent directory restore' code, which is responsible for ensuring that the mtime and other similar properties of a directory are not modified by extraction inside said directory. The bug would manifest as xattrs not being restored properly in certain edge-cases (which we incidentally hit in a test-case). openSUSE/umoci#161 openSUSE/umoci#162
`umoci unpack` will now 'clean up' the bundle generated if an error occurs during unpacking. Previously this didn't happen, which made cleaning up the responsibility of the caller (which was quite difficult if you were unprivileged). This is a breaking change, but is in the error path so it's not critical. openSUSE/umoci#174 openSUSE/umoci#187
`umoci gc` now will no longer remove unknown files and directories that aren't `flock(2)`ed, thus ensuring that any possible OCI image-spec extensions or other users of an image being operated on will no longer break. openSUSE/umoci#198
`umoci unpack --rootless` will now correctly handle regular file unpacking when overwriting a file that `umoci` doesn't have write access to. In addition, the semantics of pre-existing hardlinks to a clobbered file are clarified (the hard-links will not refer to the new layer's inode). openSUSE/umoci#222 openSUSE/umoci#223 [as-proot-fork]: https://github.com/AkihiroSuda/runrootless [rootlesscontainers-proto]: https://rootlesscontaine.rs/proto/rootlesscontainers.proto [umo.ci]: https://umo.ci/

Advisory ID	SUSE-RU-2020:624-1
Released	Tue Mar 10 10:39:09 2020
Summary	Recommended update for python-PyNaCl
Type	recommended
Severity	important
References	1161557

Description:

This update for python-PyNaCl fixes the following issues:

Add python-dkimpy as the python-PyNaCl requires that. (SLE-7686, bsc#1161557)

Advisory ID	SUSE-RU-2020:627-1
Released	Tue Mar 10 12:27:48 2020
Summary	Recommended update for osc
Type	recommended
Severity	important
References	1136584,1137477,1154972,1155953,1156501

Description:

This update for osc fixes the following issues:

Fix for 'vc' option '--file=foo bar.changes' now writes the content from foo into bar.changes instead of creating a new file. (bsc#1155953)
Fix local build outside of the working copy of a package. (bsc#1136584)
Enable not to enforce password reuse. (bsc#1156501)
New password handling backend supporting password stores like 'plaintext', 'obfuscated', 'python-keyring' (kwallet, secret store), 'gnome-keyring' or not storing at all. (bsc#1154972)
Fix for using non-UTF8 characters in labels. (bsc#1137477)

Advisory ID	SUSE-RU-2020:633-1
Released	Tue Mar 10 16:23:08 2020
Summary	Recommended update for aaa_base
Type	recommended
Severity	moderate
References	1139939,1151023

Description:

This update for aaa_base fixes the following issues:

get_kernel_version: fix for current kernel on s390x (bsc#1151023, bsc#1139939)
added '-h'/'--help' to the command old
change feedback url from http://www.suse.de/feedback to https://github.com/openSUSE/aaa_base/issues

Advisory ID	SUSE-RU-2020:637-1
Released	Wed Mar 11 11:29:56 2020
Summary	Recommended update for cloud-netconfig
Type	recommended
Severity	moderate
References	1162705,1162707

Description:

This update for cloud-netconfig fixes the following issues:

Copy routes from the default routing table. (bsc#1162705, bsc#1162707) On multi-NIC systems, cloud-netconfig creates separate routing tables with different default routes, so packets get routed via the network interfaces associated with the source IP address. Systems may have additional routing in place and in that case cloud-netconfig's NIC specific routing may bypass those routes.

Make the key CLOUD_NETCONFIG_MANAGE enable by default. Any network interface that has been configured automatically via cloud-netconfig has a configuration file associated. If the value is set to 'NO' (or the pair is removed altogether), cloud-netconfig will not handle secondary IPv4 addresses and routing policies for the associated network interface.

Advisory ID	SUSE-RU-2020:654-1
Released	Thu Mar 12 11:35:09 2020
Summary	Recommended update for wpa_supplicant
Type	recommended
Severity	moderate
References	1165266

Description:

This update for wpa_supplicant fixes the following issues:

Adjust the wpa_supplicant service to start after network.target (bsc#1165266)

Advisory ID	SUSE-RU-2020:655-1
Released	Thu Mar 12 13:17:03 2020
Summary	Recommended update for growpart
Type	recommended
Severity	moderate
References	1164736

Description:

This update for growpart fixes the following issues:

Operation system disk is not automatically resized beyond 2TB on Azure hosts. (bsc#1164736)

Advisory ID	SUSE-RU-2020:657-1
Released	Thu Mar 12 15:06:48 2020
Summary	Recommended update for cloud-regionsrv-client
Type	recommended
Severity	moderate
References	1158664

Description:

This update for cloud-regionsrv-client contains the following fixes:

Update to version 9.0.8: + Properly handle IPv6 addresses in URLs

Update to version 9.0.7: + Fix crash with a stack trace if no current_smt is present. (bsc#1158664)

Advisory ID	SUSE-RU-2020:689-1
Released	Fri Mar 13 17:09:01 2020
Summary	Recommended update for pam
Type	recommended
Severity	moderate
References	1166510

Description:

This update for PAM fixes the following issue:

The license of libdb linked against pam_userdb is not always wanted, so we temporary disabled pam_userdb again. It will be published in a different package at a later time. (bsc#1166510)

Advisory ID	SUSE-RU-2020:690-1
Released	Fri Mar 13 17:09:28 2020
Summary	Recommended update for suse-build-key
Type	recommended
Severity	moderate
References	1166334

Description:

This update for suse-build-key fixes the following issues:

created a new security@suse.de communication key (bsc#1166334)

Advisory ID	SUSE-SU-2020:697-1
Released	Mon Mar 16 13:17:10 2020
Summary	Security update for cni, cni-plugins, conmon, fuse-overlayfs, podman
Type	security
Severity	moderate
References	1155217,1160460,1164390,CVE-2019-18466

Description:

This update for cni, cni-plugins, conmon, fuse-overlayfs, podman fixes the following issues:
podman was updated to 1.8.0:

CVE-2019-18466: Fixed a bug where podman cp would improperly copy files on the host when copying a symlink in the container that included a glob operator (#3829 bsc#1155217)

The name of the cni-bridge in the default config changed from 'cni0' to 'podman-cni0' with podman-1.6.0. Add a %trigger to rename the bridge in the system to the new default if it exists. The trigger is only excuted when updating podman-cni-config from something older than 1.6.0. This is mainly needed for SLE where we're updating from 1.4.4 to 1.8.0 (bsc#1160460).

Update podman to v1.8.0 (bsc#1160460):

Features

- The podman system service command has been added, providing a preview of Podman's new Docker-compatible API. This API is still very new, and not yet ready for production use, but is available for early testing - Rootless Podman now uses Rootlesskit for port forwarding, which should greatly improve performance and capabilities - The podman untag command has been added to remove tags from images without deleting them - The podman inspect command on images now displays previous names they used - The podman generate systemd command now supports a --new option to generate service files that create and run new containers instead of managing existing containers - Support for --log-opt tag= to set logging tags has been added to the journald log driver - Added support for using Seccomp profiles embedded in images for podman run and podman create via the new --seccomp-policy CLI flag - The podman play kube command now honors pull policy

Bugfixes

- Fixed a bug where the podman cp command would not copy the contents of directories when paths ending in /. were given - Fixed a bug where the podman play kube command did not properly locate Seccomp profiles specified relative to localhost - Fixed a bug where the podman info command for remote Podman did not show registry information - Fixed a bug where the podman exec command did not support having input piped into it - Fixed a bug where the podman cp command with rootless Podman on CGroups v2 systems did not properly determine if the container could be paused while copying - Fixed a bug where the podman container prune --force command could possible remove running containers if they were started while the command was running - Fixed a bug where Podman, when run as root, would not properly configure slirp4netns networking when requested - Fixed a bug where podman run --userns=keep-id did not work when the user had a UID over 65535 - Fixed a bug where rootless podman run and podman create with the --userns=keep-id option could change permissions on /run/user/$UID and break KDE - Fixed a bug where rootless Podman could not be run in a systemd service on systems using CGroups v2 - Fixed a bug where podman inspect would show CPUShares as 0, instead of the default (1024), when it was not explicitly set - Fixed a bug where podman-remote push would segfault - Fixed a bug where image healthchecks were not shown in the output of podman inspect - Fixed a bug where named volumes created with containers from pre-1.6.3 releases of Podman would be autoremoved with their containers if the --rm flag was given, even if they were given names - Fixed a bug where podman history was not computing image sizes correctly - Fixed a bug where Podman would not error on invalid values to the --sort flag to podman images - Fixed a bug where providing a name for the image made by podman commit was mandatory, not optional as it should be - Fixed a bug where the remote Podman client would append an extra ' to %PATH - Fixed a bug where the podman build command would sometimes ignore the -f option and build the wrong Containerfile - Fixed a bug where the podman ps --filter command would only filter running containers, instead of all containers, if --all was not passed - Fixed a bug where the podman load command on compressed images would leave an extra copy on disk - Fixed a bug where the podman restart command would not properly clean up the network, causing it to function differently from podman stop; podman start - Fixed a bug where setting the --memory-swap flag to podman create and podman run to -1 (to indicate unlimited) was not supported

Misc

- Initial work on version 2 of the Podman remote API has been merged, but is still in an alpha state and not ready for use. Read more here - Many formatting corrections have been made to the manpages - The changes to address (#5009) may cause anonymous volumes created by Podman versions 1.6.3 to 1.7.0 to not be removed when their container is removed - Updated vendored Buildah to v1.13.1 - Updated vendored containers/storage to v1.15.8 - Updated vendored containers/image to v5.2.0

Add apparmor-abstractions as required runtime dependency to have `tunables/global` available.

fixed the --force flag for the 'container prune' command. (https://github.com/containers/libpod/issues/4844)

Update podman to v1.7.0

Features

- Added support for setting a static MAC address for containers - Added support for creating macvlan networks with podman network create, allowing Podman containers to be attached directly to networks the host is connected to - The podman image prune and podman container prune commands now support the --filter flag to filter what will be pruned, and now prompts for confirmation when run without --force (#4410 and #4411) - Podman now creates CGroup namespaces by default on systems using CGroups v2 (#4363) - Added the podman system reset command to remove all Podman files and perform a factory reset of the Podman installation - Added the --history flag to podman images to display previous names used by images (#4566) - Added the --ignore flag to podman rm and podman stop to not error when requested containers no longer exist - Added the --cidfile flag to podman rm and podman stop to read the IDs of containers to be removed or stopped from a file - The podman play kube command now honors Seccomp annotations (#3111) - The podman play kube command now honors RunAsUser, RunAsGroup, and selinuxOptions - The output format of the podman version command has been changed to better match docker version when using the --format flag - Rootless Podman will no longer initialize containers/storage twice, removing a potential deadlock preventing Podman commands from running while an image was being pulled (#4591) - Added tmpcopyup and notmpcopyup options to the --tmpfs and --mount type=tmpfs flags to podman create and podman run to control whether the content of directories are copied into tmpfs filesystems mounted over them - Added support for disabling detaching from containers by setting empty detach keys via --detach-keys='' - The podman build command now supports the --pull and --pull-never flags to control when images are pulled during a build - The podman ps -p command now shows the name of the pod as well as its ID (#4703) - The podman inspect command on containers will now display the command used to create the container - The podman info command now displays information on registry mirrors (#4553)

Bugfixes

- Fixed a bug where Podman would use an incorrect runtime directory as root, causing state to be deleted after root logged out and making Podman in systemd services not function properly - Fixed a bug where the --change flag to podman import and podman commit was not being parsed properly in many cases - Fixed a bug where detach keys specified in libpod.conf were not used by the podman attach and podman exec commands, which always used the global default ctrl-p,ctrl-q key combination (#4556) - Fixed a bug where rootless Podman was not able to run podman pod stats even on CGroups v2 enabled systems (#4634) - Fixed a bug where rootless Podman would fail on kernels without the renameat2 syscall (#4570) - Fixed a bug where containers with chained network namespace dependencies (IE, container A using --net container=B and container B using --net container=C) would not properly mount /etc/hosts and /etc/resolv.conf into the container (#4626) - Fixed a bug where podman run with the --rm flag and without -d could, when run in the background, throw a 'container does not exist' error when attempting to remove the container after it exited - Fixed a bug where named volume locks were not properly reacquired after a reboot, potentially leading to deadlocks when trying to start containers using the volume (#4605 and #4621) - Fixed a bug where Podman could not completely remove containers if sent SIGKILL during removal, leaving the container name unusable without the podman rm --storage command to complete removal (#3906) - Fixed a bug where checkpointing containers started with --rm was allowed when --export was not specified (the container, and checkpoint, would be removed after checkpointing was complete by --rm) (#3774) - Fixed a bug where the podman pod prune command would fail if containers were present in the pods and the --force flag was not passed (#4346) - Fixed a bug where containers could not set a static IP or static MAC address if they joined a non-default CNI network (#4500) - Fixed a bug where podman system renumber would always throw an error if a container was mounted when it was run - Fixed a bug where podman container restore would fail with containers using a user namespace - Fixed a bug where rootless Podman would attempt to use the journald events backend even on systems without systemd installed - Fixed a bug where podman history would sometimes not properly identify the IDs of layers in an image (#3359) - Fixed a bug where containers could not be restarted when Conmon v2.0.3 or later was used - Fixed a bug where Podman did not check image OS and Architecture against the host when starting a container - Fixed a bug where containers in pods did not function properly with the Kata OCI runtime (#4353) - Fixed a bug where `podman info --format '{{ json . }}' would not produce JSON output (#4391) - Fixed a bug where Podman would not verify if files passed to --authfile existed (#4328) - Fixed a bug where podman images --digest would not always print digests when they were available - Fixed a bug where rootless podman run could hang due to a race with reading and writing events - Fixed a bug where rootless Podman would print warning-level logs despite not be instructed to do so (#4456) - Fixed a bug where podman pull would attempt to fetch from remote registries when pulling an unqualified image using the docker-daemon transport (#4434) - Fixed a bug where podman cp would not work if STDIN was a pipe - Fixed a bug where podman exec could stop accepting input if anything was typed between the command being run and the exec session starting (#4397) - Fixed a bug where podman logs --tail 0 would print all lines of a container's logs, instead of no lines (#4396) - Fixed a bug where the timeout for slirp4netns was incorrectly set, resulting in an extremely long timeout (#4344) - Fixed a bug where the podman stats command would print CPU utilizations figures incorrectly (#4409) - Fixed a bug where the podman inspect --size command would not print the size of the container's read/write layer if the size was 0 (#4744) - Fixed a bug where the podman kill command was not properly validating signals before use (#4746) - Fixed a bug where the --quiet and --format flags to podman ps could not be used at the same time - Fixed a bug where the podman stop command was not stopping exec sessions when a container was created without a PID namespace (--pid=host) - Fixed a bug where the podman pod rm --force command was not removing anonymous volumes for containers that were removed - Fixed a bug where the podman checkpoint command would not export all changes to the root filesystem of the container if performed more than once on the same container (#4606) - Fixed a bug where containers started with --rm would not be automatically removed on being stopped if an exec session was running inside the container (#4666)

Misc

- The fixes to runtime directory path as root can cause strange behavior if an upgrade is performed while containers are running - Updated vendored Buildah to v1.12.0 - Updated vendored containers/storage library to v1.15.4 - Updated vendored containers/image library to v5.1.0 - Kata Containers runtimes (kata-runtime, kata-qemu, and kata-fc) are now present in the default libpod.conf, but will not be available unless Kata containers is installed on the system - Podman previously did not allow the creation of containers with a memory limit lower than 4MB. This restriction has been removed, as the crun runtime can create containers with significantly less memory
Update podman to v1.6.4

Remove winsz FIFO on container restart to allow use with Conmon 2.03 and higher
Ensure volumes reacquire locks on system restart, preventing deadlocks when starting containers
Suppress spurious log messages when running rootless Podman
Update vendored containers/storage to v1.13.6
Fix a deadlock related to writing events
Do not use the journald event logger when it is not available

Update podman to v1.6.2

Features

- Added a --runtime flag to podman system migrate to allow the OCI runtime for all containers to be reset, to ease transition to the crun runtime on CGroups V2 systems until runc gains full support - The podman rm command can now remove containers in broken states which previously could not be removed - The podman info command, when run without root, now shows information on UID and GID mappings in the rootless user namespace - Added podman build --squash-all flag, which squashes all layers (including those of the base image) into one layer - The --systemd flag to podman run and podman create now accepts a string argument and allows a new value, always, which forces systemd support without checking if the the container entrypoint is systemd

Bugfixes

- Fixed a bug where the podman top command did not work on systems using CGroups V2 (#4192) - Fixed a bug where rootless Podman could double-close a file, leading to a panic - Fixed a bug where rootless Podman could fail to retrieve some containers while refreshing the state - Fixed a bug where podman start --attach --sig-proxy=false would still proxy signals into the container - Fixed a bug where Podman would unconditionally use a non-default path for authentication credentials (auth.json), breaking podman login integration with skopeo and other tools using the containers/image library - Fixed a bug where podman ps --format=json and podman images --format=json would display null when no results were returned, instead of valid JSON - Fixed a bug where podman build --squash was incorrectly squashing all layers into one, instead of only new layers - Fixed a bug where rootless Podman would allow volumes with options to be mounted (mounting volumes requires root), creating an inconsistent state where volumes reported as mounted but were not (#4248) - Fixed a bug where volumes which failed to unmount could not be removed (#4247) - Fixed a bug where Podman incorrectly handled some errors relating to unmounted or missing containers in containers/storage - Fixed a bug where podman stats was broken on systems running CGroups V2 when run rootless (#4268) - Fixed a bug where the podman start command would print the short container ID, instead of the full ID - Fixed a bug where containers created with an OCI runtime that is no longer available (uninstalled or removed from the config file) would not appear in podman ps and could not be removed via podman rm - Fixed a bug where containers restored via podman container restore --import would retain the CGroup path of the original container, even if their container ID changed; thus, multiple containers created from the same checkpoint would all share the same CGroup

Misc

- The default PID limit for containers is now set to 4096. It can be adjusted back to the old default (unlimited) by passing --pids-limit 0 to podman create and podman run - The podman start --attach command now automatically attaches STDIN if the container was created with -i - The podman network create command now validates network names using the same regular expression as container and pod names - The --systemd flag to podman run and podman create will now only enable systemd mode when the binary being run inside the container is /sbin/init, /usr/sbin/init, or ends in systemd (previously detected any path ending in init or systemd) - Updated vendored Buildah to 1.11.3 - Updated vendored containers/storage to 1.13.5 - Updated vendored containers/image to 4.0.1
Update podman to v1.6.1

Features

- The podman network create, podman network rm, podman network inspect, and podman network ls commands have been added to manage CNI networks used by Podman - The podman volume create command can now create and mount volumes with options, allowing volumes backed by NFS, tmpfs, and many other filesystems - Podman can now run containers without CGroups for better integration with systemd by using the --cgroups=disabled flag with podman create and podman run. This is presently only supported with the crun OCI runtime - The podman volume rm and podman volume inspect commands can now refer to volumes by an unambiguous partial name, in addition to full name (e.g. podman volume rm myvol to remove a volume named myvolume) (#3891) - The podman run and podman create commands now support the --pull flag to allow forced re-pulling of images (#3734) - Mounting volumes into a container using --volume, --mount, and --tmpfs now allows the suid, dev, and exec mount options (the inverse of nosuid, nodev, noexec) (#3819) - Mounting volumes into a container using --mount now allows the relabel=Z and relabel=z options to relabel mounts. - The podman push command now supports the --digestfile option to save a file containing the pushed digest - Pods can now have their hostname set via podman pod create --hostname or providing Pod YAML with a hostname set to podman play kube (#3732) - The podman image sign command now supports the --cert-dir flag - The podman run and podman create commands now support the --security-opt label=filetype:$LABEL flag to set the SELinux label for container files - The remote Podman client now supports healthchecks

Bugfixes

- Fixed a bug where remote podman pull would panic if a Varlink connection was not available (#4013) - Fixed a bug where podman exec would not properly set terminal size when creating a new exec session (#3903) - Fixed a bug where podman exec would not clean up socket symlinks on the host (#3962) - Fixed a bug where Podman could not run systemd in containers that created a CGroup namespace - Fixed a bug where podman prune -a would attempt to prune images used by Buildah and CRI-O, causing errors (#3983) - Fixed a bug where improper permissions on the ~/.config directory could cause rootless Podman to use an incorrect directory for storing some files - Fixed a bug where the bash completions for podman import threw errors - Fixed a bug where Podman volumes created with podman volume create would not copy the contents of their mountpoint the first time they were mounted into a container (#3945) - Fixed a bug where rootless Podman could not run podman exec when the container was not run inside a CGroup owned by the user (#3937) - Fixed a bug where podman play kube would panic when given Pod YAML without a securityContext (#3956) - Fixed a bug where Podman would place files incorrectly when storage.conf configuration items were set to the empty string (#3952) - Fixed a bug where podman build did not correctly inherit Podman's CGroup configuration, causing crashed on CGroups V2 systems (#3938) - Fixed a bug where remote podman run --rm would exit before the container was completely removed, allowing race conditions when removing container resources (#3870) - Fixed a bug where rootless Podman would not properly handle changes to /etc/subuid and /etc/subgid after a container was launched - Fixed a bug where rootless Podman could not include some devices in a container using the --device flag (#3905) - Fixed a bug where the commit Varlink API would segfault if provided incorrect arguments (#3897) - Fixed a bug where temporary files were not properly cleaned up after a build using remote Podman (#3869) - Fixed a bug where podman remote cp crashed instead of reporting it was not yet supported (#3861) - Fixed a bug where podman exec would run as the wrong user when execing into a container was started from an image with Dockerfile USER (or a user specified via podman run --user) (#3838) - Fixed a bug where images pulled using the oci: transport would be improperly named - Fixed a bug where podman varlink would hang when managed by systemd due to SD_NOTIFY support conflicting with Varlink (#3572) - Fixed a bug where mounts to the same destination would sometimes not trigger a conflict, causing a race as to which was actually mounted - Fixed a bug where podman exec --preserve-fds caused Podman to hang (#4020) - Fixed a bug where removing an unmounted container that was unmounted might sometimes not properly clean up the container (#4033) - Fixed a bug where the Varlink server would freeze when run in a systemd unit file (#4005) - Fixed a bug where Podman would not properly set the $HOME environment variable when the OCI runtime did not set it - Fixed a bug where rootless Podman would incorrectly print warning messages when an OCI runtime was not found (#4012) - Fixed a bug where named volumes would conflict with, instead of overriding, tmpfs filesystems added by the --read-only-tmpfs flag to podman create and podman run - Fixed a bug where podman cp would incorrectly make the target directory when copying to a symlink which pointed to a nonexistent directory (#3894) - Fixed a bug where remote Podman would incorrectly read STDIN when the -i flag was not set (#4095) - Fixed a bug where podman play kube would create an empty pod when given an unsupported YAML type (#4093) - Fixed a bug where podman import --change improperly parsed CMD (#4000) - Fixed a bug where rootless Podman on systems using CGroups V2 would not function with the cgroupfs CGroups manager - Fixed a bug where rootless Podman could not correctly identify the DBus session address, causing containers to fail to start (#4162) - Fixed a bug where rootless Podman with slirp4netns networking would fail to start containers due to mount leaks

Misc

- Significant changes were made to Podman volumes in this release. If you have pre-existing volumes, it is strongly recommended to run podman system renumber after upgrading. - Version 0.8.1 or greater of the CNI Plugins is now required for Podman - Version 2.0.1 or greater of Conmon is strongly recommended - Updated vendored Buildah to v1.11.2 - Updated vendored containers/storage library to v1.13.4 - Improved error messages when trying to create a pod with no name via podman play kube - Improved error messages when trying to run podman pause or podman stats on a rootless container on a system without CGroups V2 enabled - TMPDIR has been set to /var/tmp by default to better handle large temporary files - podman wait has been optimized to detect stopped containers more rapidly - Podman containers now include a ContainerManager annotation indicating they were created by libpod - The podman info command now includes information about slirp4netns and fuse-overlayfs if they are available - Podman no longer sets a default size of 65kb for tmpfs filesystems - The default Podman CNI network has been renamed in an attempt to prevent conflicts with CRI-O when both are run on the same system. This should only take effect on system restart - The output of podman volume inspect has been more closely matched to docker volume inspect

Add katacontainers as a recommended package, and include it as an additional OCI runtime in the configuration.

Update podman to v1.5.1

Features

- The hostname of pods is now set to the pod's name

Bugfixes

- Fixed a bug where podman run and podman create did not honor the --authfile option (#3730) - Fixed a bug where containers restored with podman container restore --import would incorrectly duplicate the Conmon PID file of the original container - Fixed a bug where podman build ignored the default OCI runtime configured in libpod.conf - Fixed a bug where podman run --rm (or force-removing any running container with podman rm --force) were not retrieving the correct exit code (#3795) - Fixed a bug where Podman would exit with an error if any configured hooks directory was not present - Fixed a bug where podman inspect and podman commit would not use the correct CMD for containers run with podman play kube - Fixed a bug created pods when using rootless Podman and CGroups V2 (#3801) - Fixed a bug where the podman events command with the --since or --until options could take a very long time to complete

Misc

- Rootless Podman will now inherit OCI runtime configuration from the root configuration (#3781) - Podman now properly sets a user agent while contacting registries (#3788)

Add zsh completion for podman commands

Update podman to v1.5.0

Features

- Podman containers can now join the user namespaces of other containers with --userns=container:$ID, or a user namespace at an arbitary path with --userns=ns:$PATH - Rootless Podman can experimentally squash all UIDs and GIDs in an image to a single UID and GID (which does not require use of the newuidmap and newgidmap executables) by passing --storage-opt ignore_chown_errors - The podman generate kube command now produces YAML for any bind mounts the container has created (#2303) - The podman container restore command now features a new flag, --ignore-static-ip, that can be used with --import to import a single container with a static IP multiple times on the same host - Added the ability for podman events to output JSON by specifying --format=json - If the OCI runtime or conmon binary cannot be found at the paths specified in libpod.conf, Podman will now also search for them in the calling user's path - Added the ability to use podman import with URLs (#3609) - The podman ps command now supports filtering names using regular expressions (#3394) - Rootless Podman containers with --privileged set will now mount in all host devices that the user can access - The podman create and podman run commands now support the --env-host flag to forward all environment variables from the host into the container - Rootless Podman now supports healthchecks (#3523) - The format of the HostConfig portion of the output of podman inspect on containers has been improved and synced with Docker - Podman containers now support CGroup namespaces, and can create them by passing --cgroupns=private to podman run or podman create - The podman create and podman run commands now support the --ulimit=host flag, which uses any ulimits currently set on the host for the container - The podman rm and podman rmi commands now use different exit codes to indicate 'no such container' and 'container is running' errors - Support for CGroups V2 through the crun OCI runtime has been greatly improved, allowing resource limits to be set for rootless containers when the CGroups V2 hierarchy is in use

Bugfixes

- Fixed a bug where a race condition could cause podman restart to fail to start containers with ports - Fixed a bug where containers restored from a checkpoint would not properly report the time they were started at - Fixed a bug where podman search would return at most 25 results, even when the maximum number of results was set higher - Fixed a bug where podman play kube would not honor capabilities set in imported YAML (#3689) - Fixed a bug where podman run --env, when passed a single key (to use the value from the host), would set the environment variable in the container even if it was not set on the host (#3648) - Fixed a bug where podman commit --changes would not properly set environment variables - Fixed a bug where Podman could segfault while working with images with no history - Fixed a bug where podman volume rm could remove arbitrary volumes if given an ambiguous name (#3635) - Fixed a bug where podman exec invocations leaked memory by not cleaning up files in tmpfs - Fixed a bug where the --dns and --net=container flags to podman run and podman create were not mutually exclusive (#3553) - Fixed a bug where rootless Podman would be unable to run containers when less than 5 UIDs were available - Fixed a bug where containers in pods could not be removed without removing the entire pod (#3556) - Fixed a bug where Podman would not properly clean up all CGroup controllers for created cgroups when using the cgroupfs CGroup driver - Fixed a bug where Podman containers did not properly clean up files in tmpfs, resulting in a memory leak as containers stopped - Fixed a bug where healthchecks from images would not use default settings for interval, retries, timeout, and start period when they were not provided by the image (#3525) - Fixed a bug where healthchecks using the HEALTHCHECK CMD format where not properly supported (#3507) - Fixed a bug where volume mounts using relative source paths would not be properly resolved (#3504) - Fixed a bug where podman run did not use authorization credentials when a custom path was specified (#3524) - Fixed a bug where containers checkpointed with podman container checkpoint did not properly set their finished time - Fixed a bug where running podman inspect on any container not created with podman run or podman create (for example, pod infra containers) would result in a segfault (#3500) - Fixed a bug where healthcheck flags for podman create and podman run were incorrectly named (#3455) - Fixed a bug where Podman commands would fail to find targets if a partial ID was specified that was ambiguous between a container and pod (#3487) - Fixed a bug where restored containers would not have the correct SELinux label - Fixed a bug where Varlink endpoints were not working properly if more was not correctly specified - Fixed a bug where the Varlink PullImage endpoint would crash if an error occurred (#3715) - Fixed a bug where the --mount flag to podman create and podman run did not allow boolean arguments for its ro and rw options (#2980) - Fixed a bug where pods did not properly share the UTS namespace, resulting in incorrect behavior from some utilities which rely on hostname (#3547) - Fixed a bug where Podman would unconditionally append ENTRYPOINT to CMD during podman commit (and when reporting CMD in podman inspect) (#3708) - Fixed a bug where podman events with the journald events backend would incorrectly print 6 previous events when only new events were requested (#3616) - Fixed a bug where podman port would exit prematurely when a port number was specified (#3747) - Fixed a bug where passing . as an argument to the --dns-search flag to podman create and podman run was not properly clearing DNS search domains in the container

Misc

- Updated vendored Buildah to v1.10.1 - Updated vendored containers/image to v3.0.2 - Updated vendored containers/storage to v1.13.1 - Podman now requires conmon v2.0.0 or higher - The podman info command now displays the events logger being in use - The podman inspect command on containers now includes the ID of the pod a container has joined and the PID of the container's conmon process - The -v short flag for podman --version has been re-added - Error messages from podman pull should be significantly clearer - The podman exec command is now available in the remote client - The podman-v1.5.0.tar.gz file attached is podman packaged for MacOS. It can be installed using Homebrew.

Update libpod.conf to support latest path discovery feature for `runc` and `conmon` binaries.

conmon was included in version 2.0.10. (bsc#1160460, bsc#1164390, jsc#ECO-1048, jsc#SLE-11485, jsc#SLE-11331):
fuse-overlayfs was updated to v0.7.6 (bsc#1160460)

do not look in lower layers for the ino if there is no origin xattr set
attempt to use the file path if the operation on the fd fails with ENXIO
do not expose internal xattrs through listxattr and getxattr
fix fallocate for deleted files.
ignore O_DIRECT. It causes issues with libfuse not using an aligned buffer, causing write(2) to fail with EINVAL.
on copyup, do not copy the opaque xattr.
fix a wrong lookup for whiteout files, that could happen on a double unlink.
fix possible segmentation fault in direct_fsync()
use the data store to create missing whiteouts
after a rename, force a directory reload
introduce inodes cache
correctly read inode for unix sockets
avoid hash map lookup when possible
use st_dev for the ino key
check whether writeback is supported
set_attrs: don't require write to S_IFREG
ioctl: do not reuse fi->fh for directories
fix skip whiteout deletion optimization
store the new mode after chmod
support fuse writeback cache and enable it by default
add option to disable fsync
add option to disable xattrs
add option to skip ino number check in lower layers
fix fd validity check
fix memory leak
fix read after free
fix type for flistxattr return
fix warnings reported by lgtm.com
enable parallel dirops

cni was updated to 0.7.1:

Set correct CNI version for 99-loopback.conf

Update to version 0.7.1 (bsc#1160460):

Library changes:

+ invoke : ensure custom envs of CNIArgs are prepended to process envs + add GetNetworkListCachedResult to CNI interface + delegate : allow delegation funcs override CNI_COMMAND env automatically in heritance

Documentation & Convention changes:

+ Update cnitool documentation for spec v0.4.0 + Add cni-route-override to CNI plugin list
Update to version 0.7.0:

Spec changes:

+ Use more RFC2119 style language in specification (must, should...) + add notes about ADD/DEL ordering + Make the container ID required and unique. + remove the version parameter from ADD and DEL commands. + Network interface name matters + be explicit about optional and required structure members + add CHECK method + Add a well-known error for 'try again' + SPEC.md: clarify meaning of 'routes'

Library changes:

+ pkg/types: Makes IPAM concrete type + libcni: return error if Type is empty + skel: VERSION shouldn't block on stdin + non-pointer instances of types.Route now correctly marshal to JSON + libcni: add ValidateNetwork and ValidateNetworkList functions + pkg/skel: return error if JSON config has no network name + skel: add support for plugin version string + libcni: make exec handling an interface for better downstream testing + libcni: api now takes a Context to allow operations to be timed out or cancelled + types/version: add helper to parse PrevResult + skel: only print about message, not errors + skel,invoke,libcni: implementation of CHECK method + cnitool: Honor interface name supplied via CNI_IFNAME environment variable. + cnitool: validate correct number of args + Don't copy gw from IP4.Gateway to Route.GW When converting from 0.2.0 + add PrintTo method to Result interface + Return a better error when the plugin returns none

Install sleep binary into CNI plugin directory

cni-plugins was updated to 0.8.4:
Update to version 0.8.4 (bsc#1160460):

add support for mips64le
Add missing cniVersion in README example
bump go-iptables module to v0.4.5
iptables: add idempotent functions
portmap doesn't fail if chain doesn't exist
fix portmap port forward flakiness
Add Bruce Ma and Piotr Skarmuk as owners

Update to version 0.8.3:

Enhancements: * static: prioritize the input sources for IPs (#400). * tuning: send gratuitous ARP in case of MAC address update (#403). * bandwidth: use uint64 for Bandwidth value (#389). * ptp: only override DNS conf if DNS settings provided (#388). * loopback: When prevResults are not supplied to loopback plugin, create results to return (#383). * loopback support CNI CHECK and result cache (#374).

Better input validation: * vlan: add MTU validation to loadNetConf (#405). * macvlan: add MTU validation to loadNetConf (#404). * bridge: check vlan id when loading net conf (#394).

Bugfixes:

* bugfix: defer after err check, or it may panic (#391). * portmap: Fix dual-stack support (#379). * firewall: don't return error in DEL if prevResult is not found (#390). * bump up libcni back to v0.7.1 (#377).

Docs:

* contributing doc: revise test script name to run (#396). * contributing doc: describe cnitool installation (#397).
Update plugins to v0.8.2

New features:

* Support 'args' in static and tuning * Add Loopback DSR support, allow l2tunnel networks to be used with the l2bridge plugin * host-local: return error if same ADD request is seen twice * bandwidth: fix collisions * Support ips capability in static and mac capability in tuning * pkg/veth: Make host-side veth name configurable

Bug fixes: * Fix: failed to set bridge addr: could not add IP address to 'cni0': file exists * host-device: revert name setting to make retries idempotent (#357). * Vendor update go-iptables. Vendor update go-iptables to obtain commit f1d0510cabcb710d5c5dd284096f81444b9d8d10 * Update go.mod & go.sub * Remove link Down/Up in MAC address change to prevent route flush (#364). * pkg/ip unit test: be agnostic of Linux version, on Linux 4.4 the syscall error message is 'invalid argument' not 'file exists' * bump containernetworking/cni to v0.7.1

Updated plugins to v0.8.1:

Bugs:

* bridge: fix ipMasq setup to use correct source address * fix compilation error on 386 * bandwidth: get bandwidth interface in host ns through container interface

Improvements: * host-device: add pciBusID property

Updated plugins to v0.8.0:

New plugins:

* bandwidth - limit incoming and outgoing bandwidth * firewall - add containers to firewall rules * sbr - convert container routes to source-based routes * static - assign a fixed IP address * win-bridge, win-overlay: Windows plugins

Plugin features / changelog:

* CHECK Support * macvlan: - Allow to configure empty ipam for macvlan - Make master config optional * bridge: - Add vlan tag to the bridge cni plugin - Allow the user to assign VLAN tag - L2 bridge Implementation. * dhcp: - Include Subnet Mask option parameter in DHCPREQUEST - Add systemd unit file to activate socket with systemd - Add container ifName to the dhcp clientID, making the clientID value * flannel: - Pass through runtimeConfig to delegate * host-local: - host-local: add ifname to file tracking IP address used * host-device: - Support the IPAM in the host-device - Handle empty netns in DEL for loopback and host-device * tuning: - adds 'ip link' command related feature into tuning

Bug fixes & minor changes * Correctly DEL on ipam failure for all plugins * Fix bug on ip revert if cmdAdd fails on macvlan and host-device * host-device: Ensure device is down before rename * Fix -hostprefix option * some DHCP servers expect to request for explicit router options * bridge: release IP in case of error * change source of ipmasq rule from ipn to ip

from version v0.7.5:

This release takes a minor change to the portmap plugin: * Portmap: append, rather than prepend, entry rules

This fixes a potential issue where firewall rules may be bypassed by port mapping

Advisory ID	SUSE-SU-2020:705-1
Released	Tue Mar 17 15:04:10 2020
Summary	Security update for apache2-mod_auth_openidc
Type	security
Severity	moderate
References	1164459,CVE-2019-20479

Description:

This update for apache2-mod_auth_openidc fixes the following issues:

CVE-2019-20479: Fixed an open redirect issue in URLs with slash and backslash (bsc#1164459).

Advisory ID	SUSE-SU-2020:712-1
Released	Wed Mar 18 10:26:53 2020
Summary	Security update for skopeo
Type	security
Severity	moderate
References	1159530,1165715,CVE-2019-10214

Description:

This update for skopeo fixes the following issues:
Update to skopeo v0.1.41 (bsc#1165715):

Bump github.com/containers/image/v5 from 5.2.0 to 5.2.1
Bump gopkg.in/yaml.v2 from 2.2.7 to 2.2.8
Bump github.com/containers/common from 0.0.7 to 0.1.4
Remove the reference to openshift/api
vendor github.com/containers/image/v5@v5.2.0
Manually update buildah to v1.13.1
add specific authfile options to copy (and sync) command.
Bump github.com/containers/buildah from 1.11.6 to 1.12.0
Add context to --encryption-key / --decryption-key processing failures
Bump github.com/containers/storage from 1.15.2 to 1.15.3
Bump github.com/containers/buildah from 1.11.5 to 1.11.6
remove direct reference on c/image/storage
Makefile: set GOBIN
Bump gopkg.in/yaml.v2 from 2.2.2 to 2.2.7
Bump github.com/containers/storage from 1.15.1 to 1.15.2
Introduce the sync command
openshift cluster: remove .docker directory on teardown
Bump github.com/containers/storage from 1.14.0 to 1.15.1
document installation via apk on alpine
Fix typos in doc for image encryption
Image encryption/decryption support in skopeo
make vendor-in-container
Bump github.com/containers/buildah from 1.11.4 to 1.11.5
Travis: use go v1.13
Use a Windows Nano Server image instead of Server Core for multi-arch testing
Increase test timeout to 15 minutes
Run the test-system container without --net=host
Mount /run/systemd/journal/socket into test-system containers
Don't unnecessarily filter out vendor from (go list ./...) output
Use -mod=vendor in (go {list,test,vet})
Bump github.com/containers/buildah from 1.8.4 to 1.11.4
Bump github.com/urfave/cli from 1.20.0 to 1.22.1
skopeo: drop support for ostree
Don't critically fail on a 403 when listing tags
Revert 'Temporarily work around auth.json location confusion'
Remove references to atomic
Remove references to storage.conf
Dockerfile: use golang-github-cpuguy83-go-md2man
bump version to v0.1.41-dev
systemtest: inspect container image different from current platform arch

Changes in v0.1.40:

vendor containers/image v5.0.0
copy: add a --all/-a flag
System tests: various fixes
Temporarily work around auth.json location confusion
systemtest: copy: docker->storage->oci-archive
systemtest/010-inspect.bats: require only PATH
systemtest: add simple env test in inspect.bats
bash completion: add comments to keep scattered options in sync
bash completion: use read -r instead of disabling SC2207
bash completion: support --opt arg completion
bash-completion: use replacement instead of sed
bash completion: disable shellcheck SC2207
bash completion: double-quote to avoid re-splitting
bash completions: use bash replacement instead of sed
bash completion: remove unused variable
bash-completions: split decl and assignment to avoid masking retvals
bash completion: double-quote fixes
bash completion: hard-set PROG=skopeo
bash completion: remove unused variable
bash completion: use `||` instead of `-o`
bash completion: rm eval on assigned variable
copy: add --dest-compress-format and --dest-compress-level
flag: add optionalIntValue
Makefile: use go proxy
inspect --raw: skip the NewImage() step
update OCI image-spec to 775207bd45b6cb8153ce218cc59351799217451f
inspect.go: inspect env variables
ostree: use both image and & storage buildtags

Update to skopeo v0.1.39 (bsc#1159530):

inspect: add a --config flag
Add --no-creds flag to skopeo inspect
Add --quiet option to skopeo copy
New progress bars
Parallel Pulls and Pushes for major speed improvements
containers/image moved to a new progress-bar library to fix various issues related to overlapping bars and redundant entries.
enforce blocking of registries
Allow storage-multiple-manifests
When copying images and the output is not a tty (e.g., when piping to a file) print single lines instead of using progress bars. This avoids long and hard to parse output
man pages: add --dest-oci-accept-uncompressed-layers
completions: - Introduce transports completions - Fix bash completions when a option requires a argument - Use only spaces in indent - Fix completions with a global option - add --dest-oci-accept-uncompressed-layers

Advisory ID	SUSE-SU-2020:737-1
Released	Fri Mar 20 13:47:16 2020
Summary	Recommended update for ruby2.5
Type	security
Severity	important
References	1140844,1152990,1152992,1152994,1152995,1162396,1164804,CVE-2012-6708,CVE-2015-9251,CVE-2019-15845,CVE-2019-16201,CVE-2019-16254,CVE-2019-16255,CVE-2020-8130

Description:

This update for ruby2.5 toversion 2.5.7 fixes the following issues: ruby 2.5 was updated to version 2.5.7

CVE-2020-8130: Fixed a command injection in intree copy of rake (bsc#1164804).
CVE-2019-16255: Fixed a code injection vulnerability of Shell#[] and Shell#test (bsc#1152990).
CVE-2019-16254: Fixed am HTTP response splitting in WEBrick (bsc#1152992).
CVE-2019-15845: Fixed a null injection vulnerability of File.fnmatch and File.fnmatch? (bsc#1152994).
CVE-2019-16201: Fixed a regular expression denial of service of WEBrick Digest access authentication (bsc#1152995).
CVE-2012-6708: Fixed an XSS in JQuery
CVE-2015-9251: Fixed an XSS in JQuery
Fixed unit tests (bsc#1140844)
Removed some unneeded test files (bsc#1162396).

Advisory ID	SUSE-SU-2020:751-1
Released	Mon Mar 23 16:32:44 2020
Summary	Security update for cloud-init
Type	security
Severity	moderate
References	1162936,1162937,1163178,CVE-2020-8631,CVE-2020-8632

Description:

This update for cloud-init fixes the following security issues:

CVE-2020-8631: Replaced the theoretically predictable deterministic RNG with the system RNG (bsc#1162937).
CVE-2020-8632: Increased the default random password length from 9 to 20 (bsc#1162936).

Advisory ID	SUSE-RU-2020:753-1
Released	Mon Mar 23 18:31:11 2020
Summary	Recommended update for metis
Type	recommended
Severity	moderate
References

Description:

This update for metis fixes the following issues:

Add support for gcc8/9 building (jsc#SLE-8604).

Build HPC master package for 'examples'.

Advisory ID	SUSE-RU-2020:755-1
Released	Tue Mar 24 09:20:53 2020
Summary	Recommended update for taglib
Type	recommended
Severity	moderate
References	1166467

Description:

This update for taglib fixes the following issue:

Disable rpath explicitly to solve a build issue on Leap 15.2 (bsc#1166467)

Advisory ID	SUSE-RU-2020:758-1
Released	Tue Mar 24 11:36:02 2020
Summary	Recommended update for saptune
Type	recommended
Severity	moderate
References	1160564,1161791

Description:

This update for saptune fixes the following issues:

Fix for the issue when the display manager does not start after upgrade. (bsc#1161791)
Implement commands for listing enabled Notes/Solutions to saptune. (bsc#1160564)

Advisory ID	SUSE-RU-2020:774-1
Released	Tue Mar 24 17:37:55 2020
Summary	Recommended update for libcgroup
Type	recommended
Severity	moderate
References	1166968

Description:

This update for libcgroup fixes the following issue:
libcgroup is provided to SUSE Linux Enterprise 15 SP1 in the Legacy Module. (jsc#SLE-10792 jsc#ECO-1225 bsc#1166968)
Usage of cgroups via libcgroup conflicts with cgroups used by systemd, so please make sure their usages do not conflict.

Advisory ID	SUSE-RU-2020:787-1
Released	Wed Mar 25 10:16:38 2020
Summary	Recommended update for lifecycle-data-sle-module-live-patching
Type	recommended
Severity	moderate
References	1020320

Description:

This update for lifecycle-data-sle-module-live-patching fixes the following issue:

Live kernel patching update data for for 4_12_14-197_34. (bsc#1020320)

Advisory ID	SUSE-SU-2020:801-1
Released	Thu Mar 26 17:29:16 2020
Summary	Security update for ldns
Type	security
Severity	moderate
References	1068709,1068711,CVE-2017-1000231,CVE-2017-1000232

Description:

This update for ldns fixes the following issues:

CVE-2017-1000231: Fixed a buffer overflow during token parsing (bsc#1068711).
CVE-2017-1000232: Fixed a double-free vulnerability in str2host.c (bsc#1068709).

Advisory ID	SUSE-SU-2020:811-1
Released	Mon Mar 30 10:33:19 2020
Summary	Security update for spamassassin
Type	security
Severity	important
References	1118987,1162197,1162200,862963,CVE-2018-11805,CVE-2020-1930,CVE-2020-1931

Description:

This update for spamassassin fixes the following issues:
Security issues fixed:

CVE-2018-11805: Fixed an issue with delimiter handling in rule files related to is_regexp_valid() (bsc#1118987).
CVE-2020-1930: Fixed an issue with rule configuration (.cf) files which can be configured to run system commands (bsc#1162197).
CVE-2020-1931: Fixed an issue with rule configuration (.cf) files which can be configured to run system commands with warnings (bsc#1162200).

Non-security issue fixed:

Altering hash requires restarting loop (bsc#862963).

Advisory ID	SUSE-RU-2020:814-1
Released	Mon Mar 30 16:23:40 2020
Summary	Recommended update for QR-Code-generator, boost, libreoffice, myspell-dictionaries, xmlsec1
Type	recommended
Severity	moderate
References	1161816,1162152,1167223

Description:

This update for QR-Code-generator, boost, libreoffice, myspell-dictionaries, xmlsec1 fixes the following issues:
libreoffice was updated to 6.4.2.2 (jsc#SLE-11174 jsc#SLE-11175 jsc#SLE-11176 bsc#1167223):
Full Release Notes can be found on:
https://wiki.documentfoundation.org/ReleaseNotes/6.4

Fixed broken handling of non-ASCII characters in the KDE filedialog (bsc#1161816)
Move the animation library to core package bsc#1162152

xmlsec1 was updated to 1.2.28:

Added BoringSSL support (chenbd).
Added gnutls-3.6.x support (alonbl).
Added DSA and ECDSA key size getter for MSCNG (vmiklos).
Added --enable-mans configuration option (alonbl).
Added coninuous build integration for MacOSX (vmiklos).
Several other small fixes (more details).

Make sure to recommend at least one backend when you install just xmlsec1

Drop the gnutls backend as based on the tests it is quite borked: * We still have nss and openssl backend for people to use

Version update to 1.2.27:

Added AES-GCM support for OpenSSL and MSCNG (snargit).
Added DSA-SHA256 and ECDSA-SHA384 support for NSS (vmiklos).
Added RSA-OAEP support for MSCNG (vmiklos).
Continuous build integration in Travis and Appveyor.
Several other small fixes (more details).

myspell-dictionaries was updated to 20191219:

Updated the English dictionaries: GB+US+CA+AU
Bring shipped Spanish dictionary up to version 2.5

boost was updated to fix:

add a backport of Boost.Optional::has_value() for LibreOffice

The QR-Code-generator is shipped:

Initial commit, needed by libreoffice 6.4

Advisory ID	SUSE-SU-2020:819-1
Released	Tue Mar 31 13:01:34 2020
Summary	Security update for icu
Type	security
Severity	important
References	1166844,CVE-2020-10531

Description:

This update for icu fixes the following issues:

CVE-2020-10531: Fixed a potential integer overflow in UnicodeString:doAppend (bsc#1166844).

Advisory ID	SUSE-RU-2020:821-1
Released	Tue Mar 31 13:05:59 2020
Summary	Recommended update for podman, slirp4netns
Type	recommended
Severity	moderate
References	1167850

Description:

This update for podman, slirp4netns fixes the following issues:
slirp4netns was updated to 0.4.4 (bsc#1167850):

libslirp: Update to v4.2.0: * New API function slirp_add_unix: add a forward rule to a Unix socket. * New API function slirp_remove_guestfwd: remove a forward rule previously added by slirp_add_exec, slirp_add_unix or slirp_add_guestfwd * New SlirpConfig.outbound_addr{,6} fields to bind output socket to a specific address * socket: do not fallback on host loopback if get_dns_addr() failed or the address is in slirp network * ncsi: fix checksum OOB memory access * tcp_emu(): fix OOB accesses * tftp: restrict relative path access * state: fix loading of guestfwd state

Update to 0.4.3:

api: raise an error if the socket path is too long
libslirp: update to v4.1.0: Including the fix for libslirp sends RST to app in response to arriving FIN when containerized socket is shutdown() with SHUT_WR
Fix create_sandbox error

Update to 0.4.2:

Do not propagate mounts to the parent ns in sandbox

Update to 0.4.1:

Support specifying netns path (slirp4netns --netns-type=path PATH TAPNAME)
Support specifying --userns-path
Vendor https://gitlab.freedesktop.org/slirp/libslirp (QEMU v4.1+)
Bring up loopback device when --configure is specified
Support sandboxing by creating a mount namespace (--enable-sandbox)
Support seccomp (--enable-seccomp)
Add new build dependencies libcap-devel and libseccomp-devel

Update to 0.3.3:

Fix use-after-free in libslirp

Update to 0.3.2:

Fix heap overflow in `ip_reass` on big packet input

Update to 0.3.1:

Fix use-after-free

Changes in podman:

Fixed dependency on slirp4netns. We need at least 0.4.0 now (bsc#1167850)

Advisory ID	SUSE-RU-2020:824-1
Released	Tue Mar 31 13:28:28 2020
Summary	Recommended update for python-paramiko
Type	recommended
Severity	moderate
References	1166758

Description:

This update for python-paramiko fixes the following issues:

Added support for the new OpenSSH >= 7.8p1 private key format (bsc#1166758)

Advisory ID	SUSE-RU-2020:825-1
Released	Tue Mar 31 13:30:37 2020
Summary	Recommended update for openslp
Type	recommended
Severity	moderate
References	1165050,1165121

Description:

This update for openslp fixes the following issues:

Add missing group prerequisites to the openslp-server package. (bsc#1165050)
Add missing openslp prerequisites to the openslp-server package. (bsc#1165121)

Advisory ID	SUSE-RU-2020:827-1
Released	Tue Mar 31 13:33:09 2020
Summary	Recommended update for susemanager-cloud-setup
Type	recommended
Severity	moderate
References	1158691

Description:

This update for susemanager-cloud-setup fixes the following issues:

Improve handling of storage volumes. (bsc#1158691)

Advisory ID	SUSE-RU-2020:829-1
Released	Tue Mar 31 13:46:43 2020
Summary	Recommended update for geolite2legacy
Type	recommended
Severity	moderate
References	1156194

Description:

This update for geolite2legacy fixes the following issues:

Create the initial package of GeoIP 2 Legacy, as the GeoIP is discontinued. (bsc#1156194)

Advisory ID	SUSE-RU-2020:840-1
Released	Wed Apr 1 11:25:34 2020
Summary	Recommended update for python-kiwi
Type	recommended
Severity	moderate
References	1143454,1163978,1164310,1165578,1167746

Description:

This update for python-kiwi fixes the following issues:

Upgrade from version 9.19.8 to 9.20.5 * Fixed result map for OEM pxe install. (bsc#1165578) * Add SECURE_BOOT parameter for grub2 in efi mode. (bsc#1167746) This commit adds the SECURE_BOOT parameter on bootloader sysconfig for grub2. * Fix order in fstab. (bsc#1164310) Any mount point directly under / should be just right after the root mountpoint and before the custom mountpoints based on user's subvolume configuration. * Fixed handling of fillup templates. (bsc#1163978) Systems using a template tool to generate config files might not be effective when they see the intermediate config files we need from the host to let certain package managers work correctly. Therefore the cleanup code in kiwi takes care to restore from an optionally existing template file if no other custom variant is present. * Start using tftp system user package (bsc#1143454) This update starts requiring the tftp system user package. This user was created and managed by multiple packages before, with the risk of having inconsistent criteria on its defaults. With the system user package every package that requires this user should just require this package and do not create or modify the tftp user.

Advisory ID	SUSE-RU-2020:848-1
Released	Thu Apr 2 11:24:38 2020
Summary	Recommended update for GeoIP
Type	recommended
Severity	moderate
References	1156194

Description:

This update for GeoIP fixes the following issues:

Update README.SUSE with a description how to get the latest Geo IP data after the distribution changes. (jsc#SLE-11184, bsc#1156194, jsc#ECO-1405)

Advisory ID	SUSE-RU-2020:913-1
Released	Fri Apr 3 12:03:35 2020
Summary	Recommended update for wpa_supplicant
Type	recommended
Severity	moderate
References	1166933

Description:

This update for wpa_supplicant fixes the following issue:

Change wpa_supplicant.service to ensure wpa_supplicant gets started before network. Fix WLAN config on boot with wicked. (bsc#1166933)

Advisory ID	SUSE-RU-2020:917-1
Released	Fri Apr 3 15:02:25 2020
Summary	Recommended update for pam
Type	recommended
Severity	moderate
References	1166510

Description:

This update for pam fixes the following issues:

Moved pam_userdb into a separate package pam-extra. (bsc#1166510)

Advisory ID	SUSE-SU-2020:921-1
Released	Fri Apr 3 17:14:11 2020
Summary	Security update for exiv2
Type	security
Severity	moderate
References	1040973,1068873,1088424,1097599,1097600,1109175,1109176,1109299,1115364,1117513,1142684,CVE-2017-1000126,CVE-2017-9239,CVE-2018-12264,CVE-2018-12265,CVE-2018-17229,CVE-2018-17230,CVE-2018-17282,CVE-2018-19108,CVE-2018-19607,CVE-2018-9305,CVE-2019-13114

Description:

This update for exiv2 fixes the following issues:
exiv2 was updated to latest 0.26 branch, fixing bugs and security issues:

CVE-2017-1000126: Fixed an out of bounds read in webp parser (bsc#1068873).
CVE-2017-9239: Fixed a segmentation fault in TiffImageEntry::doWriteImage function (bsc#1040973).
CVE-2018-12264: Fixed an integer overflow in LoaderTiff::getData() which might have led to an out-of-bounds read (bsc#1097600).
CVE-2018-12265: Fixed integer overflows in LoaderExifJpeg which could have led to memory corruption (bsc#1097599).
CVE-2018-17229: Fixed a heap based buffer overflow in Exiv2::d2Data via a crafted image (bsc#1109175).
CVE-2018-17230: Fixed a heap based buffer overflow in Exiv2::d2Data via a crafted image (bsc#1109176).
CVE-2018-17282: Fixed a null pointer dereference in Exiv2::DataValue::copy (bsc#1109299).
CVE-2018-19108: Fixed an integer overflow in Exiv2::PsdImage::readMetadata which could have led to infinite loop (bsc#1115364).
CVE-2018-19607: Fixed a null pointer dereference in Exiv2::isoSpeed which might have led to denial of service (bsc#1117513).
CVE-2018-9305: Fixed an out of bounds read in IptcData::printStructure which might have led to to information leak or denial of service (bsc#1088424).
CVE-2019-13114: Fixed a null pointer dereference which might have led to denial of service via a crafted response of an malicious http server (bsc#1142684).

Advisory ID	SUSE-RU-2020:925-1
Released	Mon Apr 6 10:08:27 2020
Summary	Recommended update for python3-azuremetadata, regionServiceClientConfigAzure, regionServiceClientConfigSAPAzure
Type	recommended
Severity	moderate
References	1158698,1158707,1164818,1164819

Description:

This update for python3-azuremetadata, regionServiceClientConfigAzure, regionServiceClientConfigSAPAzure fixes the following issues:
regionServiceClientConfigAzure was updated to version 0.0.5:

Don't specify root device name explicitly (bsc#1158698, bsc#1158707)

regionServiceClientConfigSAPAzure was updated to version 1.0.2:

Don't specify root device name explicitly (bsc#1158698, bsc#1158707)

Changes in python3-azuremetadata:

Version 5.0.0
Support new Azure metadata API (bsc#1164818, bsc#1164819)
Automatically detect root device (bsc#1158698, bsc#1158707)

Advisory ID	SUSE-RU-2020:934-1
Released	Tue Apr 7 03:46:20 2020
Summary	Recommended update for wget
Type	recommended
Severity	moderate
References	1167919

Description:

This update for wget fixes the following issues:
wget was updated to 1.20.3, fixing various bugs, including:

Fix for wget ignoring domains with leading '.' in environment variable 'no_proxy'. (bsc#1167919)

Advisory ID	SUSE-RU-2020:943-1
Released	Tue Apr 7 15:24:19 2020
Summary	Recommended update for nvmetcli
Type	recommended
Severity	moderate
References	1167644

Description:

This update for nvmetcli fixes the following issues:

Update from version 0.6 to version 0.7: * nvmetcli: ANA configuration support * nvmetcli: simplify the enabled logic * nvmetcli: pep8 fixes * nvmetcli: support inline_data_size port parameter * Revert 'nvmetcli: expose nvmet port status and state' * Support python3 dictionary access. * nvmetcli: expose nvmet port status and state
'clear' command doesn't handle ANA groups correctly. (bsc#1167644) The first ANA group is maintained by the kernel so it cannot be deleted.

Advisory ID	SUSE-SU-2020:944-1
Released	Tue Apr 7 15:49:33 2020
Summary	Security update for runc
Type	security
Severity	moderate
References	1149954,1160452,CVE-2019-19921

Description:

This update for runc fixes the following issues:
runc was updated to v1.0.0~rc10

CVE-2019-19921: Fixed a mount race condition with shared mounts (bsc#1160452).
Fixed an issue where podman run hangs when spawned by salt-minion process (bsc#1149954).

Advisory ID	SUSE-SU-2020:948-1
Released	Wed Apr 8 07:44:21 2020
Summary	Security update for gmp, gnutls, libnettle
Type	security
Severity	moderate
References	1152692,1155327,1166881,1168345,CVE-2020-11501

Description:

This update for gmp, gnutls, libnettle fixes the following issues:
Security issue fixed:

CVE-2020-11501: Fixed zero random value in DTLS client hello (bsc#1168345)

FIPS related bugfixes:

FIPS: Install checksums for binary integrity verification which are required when running in FIPS mode (bsc#1152692, jsc#SLE-9518)
FIPS: Fixed a cfb8 decryption issue, no longer truncate output IV if input is shorter than block size. (bsc#1166881)
FIPS: Added Diffie Hellman public key verification test. (bsc#1155327)

Advisory ID	SUSE-SU-2020:957-1
Released	Wed Apr 8 12:28:03 2020
Summary	Security update for mgetty
Type	security
Severity	moderate
References	1142770,1168170,CVE-2019-1010190

Description:

This update for mgetty fixes the following issues:

CVE-2019-1010190: Fixed a denial of service which could be caused by a local attacker in putwhitespan() (bsc#1142770).
Fixed a permission issue which have resulted in build failures (bsc#1168170).

Advisory ID	SUSE-RU-2020:958-1
Released	Wed Apr 8 12:38:15 2020
Summary	Recommended update for python3-ec2metadata
Type	recommended
Severity	moderate
References	1157901,1157902

Description:

This update for python3-ec2metadata contains the following fixes:

Update to version 3.0.2: (bsc#1157901, bsc#1157902) + Add man page. + Support accessing IMDS with a token (API change) to support disabling unauthenticated access of IMDS;

Advisory ID	SUSE-SU-2020:693-1
Released	Wed Apr 8 14:11:14 2020
Summary	Security update for wireshark
Type	security
Severity	moderate
References	1093733,1094301,1101776,1101777,1101786,1101788,1101791,1101794,1101800,1101802,1101804,1101810,1106514,1111647,1117740,1121231,1121232,1121233,1121234,1121235,1127367,1127369,1127370,1131941,1131945,1136021,1141980,1150690,1156288,1158505,1161052,1165241,1165710,957624,CVE-2018-11354,CVE-2018-11355,CVE-2018-11356,CVE-2018-11357,CVE-2018-11358,CVE-2018-11359,CVE-2018-11360,CVE-2018-11361,CVE-2018-11362,CVE-2018-12086,CVE-2018-14339,CVE-2018-14340,CVE-2018-14341,CVE-2018-14342,CVE-2018-14343,CVE-2018-14344,CVE-2018-14367,CVE-2018-14368,CVE-2018-14369,CVE-2018-14370,CVE-2018-16056,CVE-2018-16057,CVE-2018-16058,CVE-2018-18225,CVE-2018-18226,CVE-2018-18227,CVE-2018-19622,CVE-2018-19623,CVE-2018-19624,CVE-2018-19625,CVE-2018-19626,CVE-2018-19627,CVE-2018-19628,CVE-2019-10894,CVE-2019-10895,CVE-2019-10896,CVE-2019-10897,CVE-2019-10898,CVE-2019-10899,CVE-2019-10900,CVE-2019-10901,CVE-2019-10902,CVE-2019-10903,CVE-2019-13619,CVE-2019-16319,CVE-2019-19553,CVE-2019-5716,CVE-2019-5717,CVE-2019-5718,CVE-2019-5719,CVE-2019-5721,CVE-2019-9208,CVE-2019-9209,CVE-2019-9214,CVE-2020-7044,CVE-2020-9428,CVE-2020-9429,CVE-2020-9430,CVE-2020-9431

Description:

This update for wireshark and libmaxminddb fixes the following issues:
Update wireshark to new major version 3.2.2 and introduce libmaxminddb for GeoIP support (bsc#1156288).
New features include:

Added support for 111 new protocols, including WireGuard, LoRaWAN, TPM 2.0, 802.11ax and QUIC
Improved support for existing protocols, like HTTP/2
Improved analytics and usability functionalities

Advisory ID	SUSE-RU-2020:966-1
Released	Thu Apr 9 09:44:18 2020
Summary	Recommended update for libcgroup
Type	recommended
Severity	moderate
References	1166968

Description:

This update for libcgroup fixes the following issues:

rename sysconfig.libcgroup back to sysconfig.cgred to keep SUSE Linux Enterprise 12 compatibility (bsc#1166968)

Advisory ID	SUSE-RU-2020:987-1
Released	Tue Apr 14 13:21:07 2020
Summary	Recommended update for python-azure-mgmt-compute
Type	recommended
Severity	moderate
References	1140565

Description:

This update for python-azure-mgmt-compute fixes the following issues:

New upstream release 4.6.2 (bsc#1140565, jsc#ECO-1257, jsc#PM-1598):

For detailed information about changes see the HISTORY.txt file provided with this package

Advisory ID	SUSE-RU-2020:994-1
Released	Wed Apr 15 07:57:24 2020
Summary	Recommended update for clamav
Type	recommended
Severity	moderate
References	1119353

Description:

This update for clamav fixes the following issues:

Fix freshclam usage in FIPS mode (bsc#1119353).

Advisory ID	SUSE-SU-2020:995-1
Released	Wed Apr 15 08:30:39 2020
Summary	Security update for ruby2.5
Type	security
Severity	moderate
References	1167244,1168938,CVE-2020-10663,CVE-2020-10933

Description:

This update for ruby2.5 to version 2.5.8 fixes the following issues:

CVE-2020-10663: Unsafe Object Creation Vulnerability in JSON (bsc#1167244).
CVE-2020-10933: Heap exposure vulnerability in the socket library (bsc#1168938).

Advisory ID	SUSE-RU-2020:919-1
Released	Wed Apr 15 10:43:21 2020
Summary	Recommended update for python-pyroute2
Type	recommended
Severity	moderate
References	1160933,1161898

Description:

This update provides python-pyroute2 for use by the gcp-vpc-move-route agent in resource-agents.

Advisory ID	SUSE-RU-2020:998-1
Released	Wed Apr 15 13:00:05 2020
Summary	Recommended update for python-pycups
Type	recommended
Severity	moderate
References	735865

Description:

This update for python-pycups fixes the following issues:

add BuildRequires: python-cups to printer driver packages. (bsc#735865) Package /usr/lib/rpm/postscriptdriver.prov again, in the new 'cups-rpm-helper' subpackage. The file hasn't been packaged any more after the switch from python-cups to python-pycups.

Advisory ID	SUSE-RU-2020:1000-1
Released	Wed Apr 15 14:18:56 2020
Summary	Recommended update for azure-cli tools, python-adal, python-applicationinsights, python-azure modules, python-msrest, python-msrestazure, python-pydocumentdb, python-uamqp, python-vsts-cd-manager
Type	recommended
Severity	moderate
References	1014478,1054413,1140565,982804,999200

Description:

This update for azure-cli tools, python-adal, python-applicationinsights, python-azure modules, python-msrest, python-msrestazure, python-pydocumentdb, python-uamqp, python-vsts-cd-manager fixes the following issues:
The Azure python modules and client tool stack was updated to the 2020 state.
Various other python modules were added and updated.

python-PyYAML was updated to 5.1.2.
python-humanfriendly was updated 4.16.1.

Advisory ID	SUSE-RU-2020:1005-1
Released	Thu Apr 16 06:22:32 2020
Summary	Recommended update for ypbind
Type	recommended
Severity	moderate
References	1163252

Description:

This update for ypbind fixes the following issues:

Fix for setting domain name by waiting that network becomes online, so it can be properly configured in sysconfig. (bsc#1163252)

Advisory ID	SUSE-RU-2020:1016-1
Released	Thu Apr 16 16:15:45 2020
Summary	Recommended update for python-cachetools, python-google-api-python-client, python-google-auth, python-google-auth-httplib2
Type	recommended
Severity	moderate
References	1088358,1160933

Description:

This update for python-cachetools, python-google-api-python-client, python-google-auth, python-google-auth-httplib2 fixes the following issues:
python-cachetools was updated to version 2.0.1:

Officially support Python 3.6.
Move documentation to RTD.
Documentation: Update import paths for key functions (courtesy of slavkoja).

update to 2.0.0:

Drop support for deprecated features (breaking change).
Move key functions to separate package (breaking change).
Accept non-integer ``maxsize`` in ``Cache.__repr__()``.

update to 1.1.6:

Reimplement ``LRUCache`` and ``TTLCache`` using ``collections.OrderedDict``. Note that this will break pickle compatibility with previous versions.
Fix ``TTLCache`` not calling ``__missing__()`` of derived classes.
Handle ``ValueError`` in ``Cache.__missing__()`` for consistency with caching decorators.
Improve how ``TTLCache`` handles expired items.
Use ``Counter.most_common()`` for ``LFUCache.popitem()``.
Refactor ``Cache`` base class. Note that this will break pickle compatibility with previous versions.
Clean up ``LRUCache`` and ``TTLCache`` implementations.
Refactor ``LRUCache`` and ``TTLCache`` implementations. Note that this will break pickle compatibility with previous versions.
Document pending removal of deprecated features.
Minor documentation improvements.
Fix pickle tests.
Fix pickling of large ``LRUCache`` and ``TTLCache`` instances.
Improve key functions.
Improve documentation.
Improve unit test coverage.
Add ``@cached`` function decorator.
Add ``hashkey`` and ``typedkey`` fuctions.
Add `key` and `lock` arguments to ``@cachedmethod``.
Set ``__wrapped__`` attributes for Python versions < 3.2.
Move ``functools`` compatible decorators to ``cachetools.func``.
Deprecate ``@cachedmethod`` `typed` argument.
Deprecate `cache` attribute for ``@cachedmethod`` wrappers.
Deprecate `getsizeof` and `lock` arguments for `cachetools.func` decorator.

python-google-api-python-client was updated to:

Upgrade to 1.7.4: just series of minor bugfixes

Changes in python-google-auth was updated to 1.5.1:

Fix check for error text on Python 3.7. (#278)
Use new Auth URIs. (#281)
Add code-of-conduct document. (#270)
Fix some typos in test_urllib3.py (#268)
Warn when using user credentials from the Cloud SDK (#266)
Add compute engine-based IDTokenCredentials (#236)
Corrected some typos (#265)

Update to 1.4.2:

Raise a helpful exception when trying to refresh credentials without a refresh token. (#262)
Fix links to README and CONTRIBUTING in docs/index.rst. (#260)
Fix a typo in credentials.py. (#256)
Use pytest instead of py.test per upstream recommendation, #dropthedot. (#255)
Fix typo on exemple of jwt usage (#245)

New upstream release 1.4.1 (bsc#1088358)

Added a check for the cryptography version before attempting to use it.

From version 1.4.0 - Added `cryptography`-based RSA signer and verifier. - Added `google.oauth2.service_account.IDTokenCredentials`. - Improved documentation around ID Tokens
From version 1.3.0 - Added ``google.oauth2.credentials.Credentials.from_authorized_user_file``. - Dropped direct pyasn1 dependency in favor of letting ``pyasn1-modules`` specify the right version. - ``default()`` now checks for the project ID environment var before warning about missing project ID. - Fixed the docstrings for ``has_scopes()`` and ``with_scopes()``. - Fixed example in docstring for ``ReadOnlyScoped``. - Made ``transport.requests`` use timeouts and retries to improve reliability.

python-google-auth-httplib2 initially shipped:
python-pytest-localserver was updated to 0.4.1:
Update to version 0.3.6:

Add trove classifiers to make sure that package shows up on PyPI's Python 3 list.
Remove test method which rely on thread to be finished first.
OpenSSL is no longer necessary with werkzeug 0.10.
Tests now work under Python 3.3 \o/
Fix for Python 3.5 (fixes #13).
Add new Python version to classifiers.
Update repository url
Use @pytest.fixture to declare fixtures
Remove old-style test fixtures from tests and README, too.

Advisory ID	SUSE-RU-2020:1033-1
Released	Mon Apr 20 09:12:45 2020
Summary	Recommended update for perl-CGI
Type	recommended
Severity	moderate
References	1162868

Description:

This update for perl-CGI fixes the following issues:
Update from version 4.38 to 4.46 (bsc#1162868)

Add support for SameSite=None cookies and update the documentation
Replace only use of 'base' with 'parent' given that CGI already depends on 'parent'
Support unquoted multipart/form-data name values
Update the package license from 'Artistic-1.0 or GPL-1.0+' to 'Artistic-2.0'
Support perls < 5.10.1 and specify CONFIGURE_REQUIRES in Makefile.PL for being more dynamic

Advisory ID	SUSE-RU-2020:1034-1
Released	Mon Apr 20 09:15:18 2020
Summary	Recommended update for psqlODBC
Type	recommended
Severity	moderate
References	1166821

Description:

This update for psqlODBC fixes the following issue:

Fix build with PostgreSQL 11 and newer. (bsc#1166821)

Advisory ID	SUSE-RU-2020:1037-1
Released	Mon Apr 20 10:49:39 2020
Summary	Recommended update for python-pytest
Type	recommended
Severity	low
References	1002895,1107105,1138666,1167732

Description:

This update fixes the following issues:
New python-pytest versions are provided.
In Basesystem:

python3-pexpect: updated to 4.8.0
python3-py: updated to 1.8.1
python3-zipp: shipped as dependency in version 0.6.0

In Python2:

python2-pexpect: updated to 4.8.0
python2-py: updated to 1.8.1

Advisory ID	SUSE-RU-2020:1038-1
Released	Mon Apr 20 10:50:20 2020
Summary	Recommended update for seccheck
Type	recommended
Severity	moderate
References	1132919,985802

Description:

This update for seccheck fixes the following issues:

adapt WantedBy so the timers are actually started at boot time when enabled (#1132919)
correct indentation of SECCHK_FROM (#985802) for the weekly and monthly mails so that the mail header lines are recognised by the receiving mail client

Advisory ID	SUSE-RU-2020:1039-1
Released	Mon Apr 20 11:33:39 2020
Summary	Recommended update for python-kiwi
Type	recommended
Severity	important
References	1165960,1168480

Description:

This update for python-kiwi fixes the following issues:

Fix for systems that use efi with grub2 version less than 2.04 there is no support for dynamic EFI environment checking. (bsc#1165960, bsc#1168480)

Advisory ID	SUSE-RU-2020:1048-1
Released	Tue Apr 21 10:33:46 2020
Summary	Recommended update for python-kiwi
Type	recommended
Severity	moderate
References	1165823

Description:

This update for python-kiwi fixes the following issues:

Fixed _get_grub2_mkconfig_tool Last patch on this method breaks the search for alternative mkconfig names. It returns always on the first lookup which could be none. This breaks on systems that uses a different name than grub2-mkconfig, like on Ubuntu.
Increase spare space on disk repart (bsc#1165823) The sizing of the virtual cylinders in parted seems to be unfavorable, as with some disks and SD cards here the device size is not a multiple of the cylinder size, so the last incomplete cylinder is wasted. If this wasted space is more than 5MiB, kiwi tries to resize indefinitely. Therefore min_additional_mbytes gets increased to prevent running into this situation.

Advisory ID	SUSE-RU-2020:1055-1
Released	Tue Apr 21 15:53:44 2020
Summary	Recommended update for patterns-server-enterprise
Type	recommended
Severity	moderate
References	1168416,1169042

Description:

This update for patterns-server-enterprise fixes the following issues:

added libgnutls30-hmac to the FIPS pattern. (bsc#1169042 bsc#1168416)
remove strongswan-hmac-32bit (not used currently)

Advisory ID	SUSE-RU-2020:1056-1
Released	Tue Apr 21 16:26:22 2020
Summary	Recommended update for cloud-init
Type	recommended
Severity	important
References	1099358,1144881,1145622,1148645,1163178,1165296

Description:

This update for cloud-init contains the following fixes:

Update previous patches with the following additions: + In cases where the config contains 2 or more default gateway specifications for an interface only write the first default route, log warning message about skipped routes + Avoid writing invalid route specification if neither the network nor destination is specified in the route configuration + Still need to consider the 'network' configuration uption for the v1 config implementation. Fixes regression introduced with update from Wed Feb 12 19:30:42. + Add the default gateway to the ifroute config file when specified as part of the subnet configuration. (bsc#1165296) + Fix typo to properly extrakt provided netmask data (bsc#1163178, bsc#1165296) + Fix for default gateway and IPv6. (bsc#1144881) + Routes will be written if there is only a default gateway. (bsc#1148645)

BuildRequire pkgconfig(udev) instead of udev, which allow OS to shortcut through the -mini flavor.

Update to cloud-init 19.2. (bsc#1099358, bsc#1145622)

Advisory ID	SUSE-RU-2020:1060-1
Released	Wed Apr 22 09:55:41 2020
Summary	Recommended update for sapconf
Type	recommended
Severity	moderate
References	1124453,1139176,1148163,1150868,1150870

Description:

This update for sapconf fixes the following issues:

Removing SAP configuration from logind during the package update, as it is not needed any longer. (bsc#1148163, jsc#SLE-10123)
Fix for sapconf detecting an improper tuned profile during start, it will write an information to the log file and the start of the sapconf service will fail to guide the administrator to the problem. (bsc#1139176)
Use absolute path to 'script.sh' in 'tuned.conf' file. (bsc#1124453)
Fix for rpm macros in postinstall script replacing invalid commands. (bsc#1150868, bsc#1150870)

Advisory ID	SUSE-SU-2020:1083-1
Released	Thu Apr 23 11:31:23 2020
Summary	Security update for cups
Type	security
Severity	important
References	1168422,CVE-2020-3898

Description:

This update for cups fixes the following issues:

CVE-2020-3898: Fixed a heap buffer overflow in ppdFindOption() (bsc#1168422).

Advisory ID	SUSE-RU-2020:1094-1
Released	Thu Apr 23 16:34:21 2020
Summary	Recommended update for python-google-api-python-client
Type	recommended
Severity	moderate
References	1088358,1160933

Description:

This update for python-google-api-python-client fixes the following issues:

Fix dependencies to use google-auth instead of deprecated oauth2client (bsc#1160933, jsc#ECO-1148)

python-cachetools 2.0.1 is shipped to the Public Cloud Module. python-google-auth 1.5.1 is shipped to the Public Cloud Module.

python-google-api-python-client was updated to:

Upgrade to 1.7.4: just series of minor bugfixes

Fix check for error text on Python 3.7. (#278)
Use new Auth URIs. (#281)
Add code-of-conduct document. (#270)
Fix some typos in test_urllib3.py (#268)
Warn when using user credentials from the Cloud SDK (#266)
Add compute engine-based IDTokenCredentials (#236)
Corrected some typos (#265)

Update to 1.4.2:

Raise a helpful exception when trying to refresh credentials without a refresh token. (#262)
Fix links to README and CONTRIBUTING in docs/index.rst. (#260)
Fix a typo in credentials.py. (#256)
Use pytest instead of py.test per upstream recommendation, #dropthedot. (#255)
Fix typo on exemple of jwt usage (#245)

New upstream release 1.4.1 (bsc#1088358)

Added a check for the cryptography version before attempting to use it.

From version 1.4.0 - Added `cryptography`-based RSA signer and verifier. - Added `google.oauth2.service_account.IDTokenCredentials`. - Improved documentation around ID Tokens
From version 1.3.0 - Added ``google.oauth2.credentials.Credentials.from_authorized_user_file``. - Dropped direct pyasn1 dependency in favor of letting ``pyasn1-modules`` specify the right version. - ``default()`` now checks for the project ID environment var before warning about missing project ID. - Fixed the docstrings for ``has_scopes()`` and ``with_scopes()``. - Fixed example in docstring for ``ReadOnlyScoped``. - Made ``transport.requests`` use timeouts and retries to improve reliability.

Advisory ID	SUSE-RU-2020:1096-1
Released	Thu Apr 23 16:35:05 2020
Summary	Recommended update for google-compute-engine
Type	recommended
Severity	moderate
References	1167810

Description:

This update for google-compute-engine fixes the following issues:

Rename the sysctl file that applies the GCE network settings, so it is run after the default config and adjusts net.ipv4.conf.all.rp_filter correctly. (bsc#1167810)

Advisory ID	SUSE-RU-2020:1097-1
Released	Thu Apr 23 21:12:03 2020
Summary	Recommended update for python3-azuremetadata
Type	recommended
Severity	moderate
References	1169921

Description:

This update for python3-azuremetadata fixes the following issues:

Use lsblk for root device detection (bsc#1169921)

Advisory ID	SUSE-RU-2020:1112-1
Released	Fri Apr 24 16:44:20 2020
Summary	Recommended update for suse-build-key
Type	recommended
Severity	moderate
References	1170347

Description:

This update for suse-build-key fixes the following issues:

add a /usr/share/container-keys/ directory for GPG based Container verification.
Add the SUSE build key as 'suse-container-key.asc'. (PM-1845 bsc#1170347)

Advisory ID	SUSE-RU-2020:1160-1
Released	Thu Apr 30 17:40:19 2020
Summary	Recommended update for cloud-regionsrv-client
Type	recommended
Severity	moderate
References	1169599

Description:

This update for cloud-regionsrv-client contains the following fix:

Update to version 9.0.9: (bsc#1169599) + Handle the /etc/hosts file with Python 3.4 if there are non ascii characters in the file.

Advisory ID	SUSE-RU-2020:1170-1
Released	Mon May 4 15:17:47 2020
Summary	Recommended update for aws-cli, python-boto, python-boto3, python-botocore, python-s3transfer
Type	recommended
Severity	moderate
References	1116204,1117074,1122668,1129696,1166924,1168943

Description:

This update for aws-cli, python-boto, python-boto3, python-botocore, python-s3transfer fixes the following issues:
aws-cli was updated to version 1.18.38 (bsc#1166924, bsc#1168943):

For detailed changes see https://github.com/aws/aws-cli/blob/1.18.38/CHANGELOG.rst
Forward port hide_py_pckgmgmt.patch
Update Requires in spec file from setup.py

Update to version 1.18.35

For detailed changes see https://github.com/aws/aws-cli/blob/1.18.35/CHANGELOG.rst
Forward port hide_py_pckgmgmt.patch
Update Requires in spec file from setup.py

Update to version 1.18.27

For detailed changes see https://github.com/aws/aws-cli/blob/1.18.27/CHANGELOG.rst
Forward port hide_py_pckgmgmt.patch
Update Requires in spec file from setup.py

Update to version 1.18.0

For detailed changes see https://github.com/aws/aws-cli/blob/1.18.0/CHANGELOG.rst
Forward port hide_py_pckgmgmt.patch
Install aws bash completetion script into system path
Install aws zsh completion script into /etc/zsh_completion.d
Update Requires in spec file from setup.py

make it possible to find the package under the name 'awscli'

Add bash command completion capability (bsc#1117074)

Update to version 1.17.9

For detailed changes see https://github.com/aws/aws-cli/blob/1.17.9/CHANGELOG.rst
Forward port hide_py_pckgmgmt.patch
Update Requires in spec file from setup.py

Update to version 1.16.297

For detailed changes see https://github.com/aws/aws-cli/blob/1.16.297/CHANGELOG.rst
Forward port hide_py_pckgmgmt.patch
Update Requires in spec file from setup.py

Update to version 1.16.281

For detailed changes see https://github.com/aws/aws-cli/blob/1.16.281/CHANGELOG.rst
Forward port hide_py_pckgmgmt.patch
Update Requires in spec file from setup.py

Update to version 1.16.258

For detailed changes see https://github.com/aws/aws-cli/blob/1.16.258/CHANGELOG.rst

python-boto3 was updated to 1.12.38 (bsc#1166924, bsc#1168943)
* api-change:``apigateway``: [``botocore``] Update apigateway client to latest version * api-change:``codeguru-reviewer``: [``botocore``] Update codeguru-reviewer client to latest version * api-change:``mediaconnect``: [``botocore``] Update mediaconnect client to latest version

from version 1.12.37

* api-change:``transcribe``: [``botocore``] Update transcribe client to latest version * api-change:``chime``: [``botocore``] Update chime client to latest version * api-change:``iam``: [``botocore``] Update iam client to latest version * api-change:``elasticbeanstalk``: [``botocore``] Update elasticbeanstalk client to latest version

from version 1.12.36 * api-change:``personalize-runtime``: [``botocore``] Update personalize-runtime client to latest version * api-change:``robomaker``: [``botocore``] Update robomaker client to latest version

Version update 1.12.35 * api-change:``medialive``: [``botocore``] Update medialive client to latest version * api-change:``redshift``: [``botocore``] Update redshift client to latest version * api-change:``gamelift``: [``botocore``] Update gamelift client to latest version * api-change:``cloudwatch``: [``botocore``] Update cloudwatch client to latest version * api-change:``rds``: [``botocore``] Update rds client to latest version
from version 1.12.34 * api-change:``iot``: [``botocore``] Update iot client to latest version * api-change:``mediaconnect``: [``botocore``] Update mediaconnect client to latest version
from version 1.12.33 * api-change:``opsworkscm``: [``botocore``] Update opsworkscm client to latest version * api-change:``wafv2``: [``botocore``] Update wafv2 client to latest version * api-change:``glue``: [``botocore``] Update glue client to latest version * api-change:``elastic-inference``: [``botocore``] Update elastic-inference client to latest version * api-change:``lambda``: [``botocore``] Update lambda client to latest version * api-change:``mediastore``: [``botocore``] Update mediastore client to latest version * api-change:``pinpoint``: [``botocore``] Update pinpoint client to latest version * api-change:``storagegateway``: [``botocore``] Update storagegateway client to latest version * api-change:``rekognition``: [``botocore``] Update rekognition client to latest version * api-change:``fms``: [``botocore``] Update fms client to latest version * api-change:``organizations``: [``botocore``] Update organizations client to latest version * api-change:``detective``: [``botocore``] Update detective client to latest version * api-change:``appconfig``: [``botocore``] Update appconfig client to latest version
from version 1.12.32 * api-change:``accessanalyzer``: [``botocore``] Update accessanalyzer client to latest version
from version 1.12.31 * api-change:``globalaccelerator``: [``botocore``] Update globalaccelerator client to latest version * api-change:``kendra``: [``botocore``] Update kendra client to latest version * api-change:``servicecatalog``: [``botocore``] Update servicecatalog client to latest version
from version 1.12.30 * api-change:``sagemaker``: [``botocore``] Update sagemaker client to latest version * api-change:``fsx``: [``botocore``] Update fsx client to latest version * api-change:``securityhub``: [``botocore``] Update securityhub client to latest version
from version 1.12.29 * api-change:``managedblockchain``: [``botocore``] Update managedblockchain client to latest version * api-change:``ce``: [``botocore``] Update ce client to latest version * api-change:``application-insights``: [``botocore``] Update application-insights client to latest version * api-change:``detective``: [``botocore``] Update detective client to latest version * api-change:``es``: [``botocore``] Update es client to latest version * api-change:``xray``: [``botocore``] Update xray client to latest version
from version 1.12.28 * api-change:``athena``: [``botocore``] Update athena client to latest version * api-change:``rds-data``: [``botocore``] Update rds-data client to latest version * api-change:``eks``: [``botocore``] Update eks client to latest version * api-change:``organizations``: [``botocore``] Update organizations client to latest version
Update BuildRequires and Requires from setup.py

Version update to 1.12.27 * api-change:``apigatewayv2``: [``botocore``] Update apigatewayv2 client to latest version * api-change:``eks``: [``botocore``] Update eks client to latest version * api-change:``route53``: [``botocore``] Update route53 client to latest version
from version 1.12.26 * api-change:``servicecatalog``: [``botocore``] Update servicecatalog client to latest version
from version 1.12.25 * api-change:``outposts``: [``botocore``] Update outposts client to latest version * api-change:``acm``: [``botocore``] Update acm client to latest version
from version 1.12.24 * api-change:``rds``: [``botocore``] Update rds client to latest version * api-change:``mediaconnect``: [``botocore``] Update mediaconnect client to latest version * api-change:``personalize``: [``botocore``] Update personalize client to latest version
from version 1.12.23 * api-change:``mediaconvert``: [``botocore``] Update mediaconvert client to latest version
from version 1.12.22 * api-change:``s3control``: [``botocore``] Update s3control client to latest version * bugfix:Stubber: [``botocore``] fixes `#1884 `__ * api-change:``cognito-idp``: [``botocore``] Update cognito-idp client to latest version * api-change:``ssm``: [``botocore``] Update ssm client to latest version * api-change:``ecs``: [``botocore``] Update ecs client to latest version * api-change:``elasticache``: [``botocore``] Update elasticache client to latest version
from version 1.12.21 * api-change:``appconfig``: [``botocore``] Update appconfig client to latest version
from version 1.12.20 * api-change:``lex-models``: [``botocore``] Update lex-models client to latest version * api-change:``securityhub``: [``botocore``] Update securityhub client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``apigatewayv2``: [``botocore``] Update apigatewayv2 client to latest version * api-change:``iot``: [``botocore``] Update iot client to latest version
from version 1.12.19 * api-change:``efs``: [``botocore``] Update efs client to latest version * api-change:``redshift``: [``botocore``] Update redshift client to latest version
from version 1.12.18 * api-change:``serverlessrepo``: [``botocore``] Update serverlessrepo client to latest version * api-change:``iotevents``: [``botocore``] Update iotevents client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * enhancement:timezones: [``botocore``] Improved timezone parsing for Windows with new fallback method (#1939) * api-change:``marketplacecommerceanalytics``: [``botocore``] Update marketplacecommerceanalytics client to latest version
from version 1.12.17 * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``medialive``: [``botocore``] Update medialive client to latest version * api-change:``dms``: [``botocore``] Update dms client to latest version
from version 1.12.16 * api-change:``signer``: [``botocore``] Update signer client to latest version * api-change:``guardduty``: [``botocore``] Update guardduty client to latest version * api-change:``appmesh``: [``botocore``] Update appmesh client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``robomaker``: [``botocore``] Update robomaker client to latest version
from version 1.12.15 * api-change:``eks``: [``botocore``] Update eks client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``opsworkscm``: [``botocore``] Update opsworkscm client to latest version * api-change:``guardduty``: [``botocore``] Update guardduty client to latest version
from version 1.12.14 * api-change:``pinpoint``: [``botocore``] Update pinpoint client to latest version
from version 1.12.13 * api-change:``ec2``: [``botocore``] Update ec2 client to latest version
from version 1.12.12 * api-change:``cloudwatch``: [``botocore``] Update cloudwatch client to latest version * api-change:``comprehendmedical``: [``botocore``] Update comprehendmedical client to latest version
from version 1.12.11 * api-change:``config``: [``botocore``] Update config client to latest version
from version 1.12.10 * api-change:``config``: [``botocore``] Update config client to latest version * api-change:``glue``: [``botocore``] Update glue client to latest version * api-change:``sagemaker-a2i-runtime``: [``botocore``] Update sagemaker-a2i-runtime client to latest version * api-change:``appmesh``: [``botocore``] Update appmesh client to latest version * api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version * api-change:``workdocs``: [``botocore``] Update workdocs client to latest version * api-change:``quicksight``: [``botocore``] Update quicksight client to latest version * api-change:``accessanalyzer``: [``botocore``] Update accessanalyzer client to latest version * api-change:``codeguruprofiler``: [``botocore``] Update codeguruprofiler client to latest version
from version 1.12.9 * api-change:``lightsail``: [``botocore``] Update lightsail client to latest version * api-change:``globalaccelerator``: [``botocore``] Update globalaccelerator client to latest version
from version 1.12.8 * api-change:``transcribe``: [``botocore``] Update transcribe client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``sagemaker``: [``botocore``] Update sagemaker client to latest version * api-change:``securityhub``: [``botocore``] Update securityhub client to latest version
from version 1.12.7 * api-change:``stepfunctions``: [``botocore``] Update stepfunctions client to latest version * api-change:``kafka``: [``botocore``] Update kafka client to latest version * api-change:``secretsmanager``: [``botocore``] Update secretsmanager client to latest version * api-change:``outposts``: [``botocore``] Update outposts client to latest version
from version 1.12.6 * api-change:``iotevents``: [``botocore``] Update iotevents client to latest version * api-change:``docdb``: [``botocore``] Update docdb client to latest version * api-change:``snowball``: [``botocore``] Update snowball client to latest version * api-change:``fsx``: [``botocore``] Update fsx client to latest version * api-change:``events``: [``botocore``] Update events client to latest version
from version 1.12.5 * api-change:``imagebuilder``: [``botocore``] Update imagebuilder client to latest version * api-change:``wafv2``: [``botocore``] Update wafv2 client to latest version * api-change:``redshift``: [``botocore``] Update redshift client to latest version
from version 1.12.4 * api-change:``savingsplans``: [``botocore``] Update savingsplans client to latest version * api-change:``appconfig``: [``botocore``] Update appconfig client to latest version * api-change:``pinpoint``: [``botocore``] Update pinpoint client to latest version
from version 1.12.3 * api-change:``autoscaling``: [``botocore``] Update autoscaling client to latest version * api-change:``servicecatalog``: [``botocore``] Update servicecatalog client to latest version * api-change:``lambda``: [``botocore``] Update lambda client to latest version
from version 1.12.2 * api-change:``autoscaling``: [``botocore``] Update autoscaling client to latest version * api-change:``chime``: [``botocore``] Update chime client to latest version * api-change:``rds``: [``botocore``] Update rds client to latest version
from version 1.12.1 * api-change:``cloud9``: [``botocore``] Update cloud9 client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``dynamodb``: [``botocore``] Update dynamodb client to latest version * api-change:``rekognition``: [``botocore``] Update rekognition client to latest version
Version update to 1.12.0 * feature:retries: [``botocore``] Add support for retry modes, including ``standard`` and ``adaptive`` modes (`#1972 `__) * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``mediatailor``: [``botocore``] Update mediatailor client to latest version * api-change:``securityhub``: [``botocore``] Update securityhub client to latest version * api-change:``shield``: [``botocore``] Update shield client to latest version
from version 1.11.17 * api-change:``mediapackage-vod``: [``botocore``] Update mediapackage-vod client to latest version
from version 1.11.16 * api-change:``glue``: [``botocore``] Update glue client to latest version * api-change:``chime``: [``botocore``] Update chime client to latest version * api-change:``workmail``: [``botocore``] Update workmail client to latest version * api-change:``ds``: [``botocore``] Update ds client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``es``: [``botocore``] Update es client to latest version * api-change:``neptune``: [``botocore``] Update neptune client to latest version
from version 1.11.15 * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``cognito-idp``: [``botocore``] Update cognito-idp client to latest version * api-change:``cloudformation``: [``botocore``] Update cloudformation client to latest version
from version 1.11.14 * api-change:``docdb``: [``botocore``] Update docdb client to latest version * api-change:``kms``: [``botocore``] Update kms client to latest version
from version 1.11.13 * api-change:``robomaker``: [``botocore``] Update robomaker client to latest version * api-change:``imagebuilder``: [``botocore``] Update imagebuilder client to latest version * api-change:``rds``: [``botocore``] Update rds client to latest version
from version 1.11.12 * api-change:``ebs``: [``botocore``] Update ebs client to latest version * api-change:``appsync``: [``botocore``] Update appsync client to latest version * api-change:``lex-models``: [``botocore``] Update lex-models client to latest version * api-change:``ecr``: [``botocore``] Update ecr client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``codebuild``: [``botocore``] Update codebuild client to latest version
from version 1.11.11 * api-change:``groundstation``: [``botocore``] Update groundstation client to latest version * api-change:``mediaconvert``: [``botocore``] Update mediaconvert client to latest version * api-change:``dlm``: [``botocore``] Update dlm client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``forecastquery``: [``botocore``] Update forecastquery client to latest version * api-change:``securityhub``: [``botocore``] Update securityhub client to latest version * api-change:``resourcegroupstaggingapi``: [``botocore``] Update resourcegroupstaggingapi client to latest version
from version 1.11.10 * api-change:``workmail``: [``botocore``] Update workmail client to latest version * api-change:``iot``: [``botocore``] Update iot client to latest version * api-change:``cloudfront``: [``botocore``] Update cloudfront client to latest version * api-change:``storagegateway``: [``botocore``] Update storagegateway client to latest version * api-change:``ssm``: [``botocore``] Update ssm client to latest version * api-change:``kafka``: [``botocore``] Update kafka client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version
Version update to 1.11.9 * api-change:``ecs``: [``botocore``] Update ecs client to latest version * api-change:``opsworkscm``: [``botocore``] Update opsworkscm client to latest version * api-change:``workspaces``: [``botocore``] Update workspaces client to latest version * api-change:``datasync``: [``botocore``] Update datasync client to latest version * api-change:``eks``: [``botocore``] Update eks client to latest version
from version 1.11.8 * api-change:``rds``: [``botocore``] Update rds client to latest version * api-change:``iam``: [``botocore``] Update iam client to latest version
from version 1.11.7 * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``codepipeline``: [``botocore``] Update codepipeline client to latest version * api-change:``discovery``: [``botocore``] Update discovery client to latest version * api-change:``iotevents``: [``botocore``] Update iotevents client to latest version * api-change:``marketplacecommerceanalytics``: [``botocore``] Update marketplacecommerceanalytics client to latest version
from version 1.11.6 * api-change:``lambda``: [``botocore``] Update lambda client to latest version * api-change:``application-insights``: [``botocore``] Update application-insights client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``cloudwatch``: [``botocore``] Update cloudwatch client to latest version * api-change:``kms``: [``botocore``] Update kms client to latest version * api-change:``alexaforbusiness``: [``botocore``] Update alexaforbusiness client to latest version
from version 1.11.5 * api-change:``mediaconvert``: [``botocore``] Update mediaconvert client to latest version * api-change:``neptune``: [``botocore``] Update neptune client to latest version * api-change:``cloudhsmv2``: [``botocore``] Update cloudhsmv2 client to latest version * api-change:``redshift``: [``botocore``] Update redshift client to latest version * api-change:``batch``: [``botocore``] Update batch client to latest version * api-change:``ecs``: [``botocore``] Update ecs client to latest version
from version 1.11.4 * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``sagemaker``: [``botocore``] Update sagemaker client to latest version * api-change:``ds``: [``botocore``] Update ds client to latest version
from version 1.11.3 * api-change:``securityhub``: [``botocore``] Update securityhub client to latest version * api-change:``ssm``: [``botocore``] Update ssm client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``organizations``: [``botocore``] Update organizations client to latest version
from version 1.11.2 * api-change:``ec2``: [``botocore``] Update ec2 client to latest version
from version 1.11.1 * api-change:``efs``: [``botocore``] Update efs client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``backup``: [``botocore``] Update backup client to latest version
from version 1.11.0 * api-change:``sagemaker``: [``botocore``] Update sagemaker client to latest version * feature:Python: Dropped support for Python 2.6 and 3.3. * api-change:``chime``: [``botocore``] Update chime client to latest version * api-change:``transfer``: [``botocore``] Update transfer client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * feature:Python: [``botocore``] Dropped support for Python 2.6 and 3.3. * api-change:``workspaces``: [``botocore``] Update workspaces client to latest version * api-change:``rds``: [``botocore``] Update rds client to latest version
from version 1.10.50 * api-change:``logs``: [``botocore``] Update logs client to latest version
from version 1.10.49 * api-change:``fms``: [``botocore``] Update fms client to latest version * api-change:``translate``: [``botocore``] Update translate client to latest version * api-change:``ce``: [``botocore``] Update ce client to latest version
from version 1.10.48 * api-change:``codebuild``: [``botocore``] Update codebuild client to latest version * api-change:``mgh``: [``botocore``] Update mgh client to latest version * api-change:``xray``: [``botocore``] Update xray client to latest version
from version 1.10.47 * api-change:``comprehend``: [``botocore``] Update comprehend client to latest version * api-change:``mediapackage``: [``botocore``] Update mediapackage client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version
from version 1.10.46 * api-change:``lex-models``: [``botocore``] Update lex-models client to latest version * api-change:``ecr``: [``botocore``] Update ecr client to latest version * api-change:``lightsail``: [``botocore``] Update lightsail client to latest version * api-change:``ce``: [``botocore``] Update ce client to latest version
from version 1.10.45 * api-change:``fsx``: [``botocore``] Update fsx client to latest version * api-change:``health``: [``botocore``] Update health client to latest version * api-change:``detective``: [``botocore``] Update detective client to latest version
from version 1.10.44 * api-change:``transcribe``: [``botocore``] Update transcribe client to latest version * api-change:``eks``: [``botocore``] Update eks client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``rds``: [``botocore``] Update rds client to latest version * api-change:``ssm``: [``botocore``] Update ssm client to latest version * api-change:``redshift``: [``botocore``] Update redshift client to latest version * api-change:``pinpoint``: [``botocore``] Update pinpoint client to latest version * api-change:``securityhub``: [``botocore``] Update securityhub client to latest version * api-change:``devicefarm``: [``botocore``] Update devicefarm client to latest version
from version 1.10.43 * api-change:``transcribe``: [``botocore``] Update transcribe client to latest version * api-change:``dlm``: [``botocore``] Update dlm client to latest version * api-change:``lex-models``: [``botocore``] Update lex-models client to latest version * api-change:``personalize-runtime``: [``botocore``] Update personalize-runtime client to latest version * api-change:``ssm``: [``botocore``] Update ssm client to latest version * api-change:``codestar-connections``: [``botocore``] Update codestar-connections client to latest version * api-change:``gamelift``: [``botocore``] Update gamelift client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version
from version 1.10.42 * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``s3``: [``botocore``] Update s3 client to latest version * api-change:``resourcegroupstaggingapi``: [``botocore``] Update resourcegroupstaggingapi client to latest version * api-change:``cloudfront``: [``botocore``] Update cloudfront client to latest version * api-change:``opsworkscm``: [``botocore``] Update opsworkscm client to latest version
from version 1.10.41 * api-change:``kinesisanalyticsv2``: [``botocore``] Update kinesisanalyticsv2 client to latest version * api-change:``ssm``: [``botocore``] Update ssm client to latest version * api-change:``medialive``: [``botocore``] Update medialive client to latest version * api-change:``iot``: [``botocore``] Update iot client to latest version * api-change:``ecs``: [``botocore``] Update ecs client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version
from version 1.10.40 * api-change:``mq``: [``botocore``] Update mq client to latest version * api-change:``comprehendmedical``: [``botocore``] Update comprehendmedical client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version
from version 1.10.39 * api-change:``codebuild``: [``botocore``] Update codebuild client to latest version * api-change:``detective``: [``botocore``] Update detective client to latest version * api-change:``sesv2``: [``botocore``] Update sesv2 client to latest version
from version 1.10.38 * api-change:``accessanalyzer``: [``botocore``] Update accessanalyzer client to latest version
from version 1.10.37 * api-change:``ec2``: [``botocore``] Update ec2 client to latest version
from version 1.10.36 * api-change:``kendra``: [``botocore``] Update kendra client to latest version
from version 1.10.35 * bugfix:s3: [``botocore``] Add stricter validation to s3 control account id parameter. * api-change:``quicksight``: [``botocore``] Update quicksight client to latest version * api-change:``kms``: [``botocore``] Update kms client to latest version * api-change:``ssm``: [``botocore``] Update ssm client to latest version * api-change:``kafka``: [``botocore``] Update kafka client to latest version
from version 1.10.34 * bugfix:s3: [``botocore``] Fixed an issue where the request path was set incorrectly if access point name was present in key path.

Version update to 1.10.33 * api-change:``kinesisvideo``: [``botocore``] Update kinesisvideo client to latest version * api-change:``kinesis-video-signaling``: [``botocore``] Update kinesis-video-signaling client to latest version * api-change:``apigatewayv2``: [``botocore``] Update apigatewayv2 client to latest version
from version 1.10.32 * api-change:``ebs``: [``botocore``] Update ebs client to latest version * api-change:``stepfunctions``: [``botocore``] Update stepfunctions client to latest version * api-change:``application-autoscaling``: [``botocore``] Update application-autoscaling client to latest version * api-change:``lambda``: [``botocore``] Update lambda client to latest version * api-change:``rekognition``: [``botocore``] Update rekognition client to latest version * api-change:``rds``: [``botocore``] Update rds client to latest version * api-change:``sagemaker``: [``botocore``] Update sagemaker client to latest version
from version 1.10.31 * api-change:``textract``: [``botocore``] Update textract client to latest version * api-change:``s3control``: [``botocore``] Update s3control client to latest version * api-change:``ecs``: [``botocore``] Update ecs client to latest version * api-change:``s3``: [``botocore``] Update s3 client to latest version * api-change:``outposts``: [``botocore``] Update outposts client to latest version * api-change:``kendra``: [``botocore``] Update kendra client to latest version * api-change:``eks``: [``botocore``] Update eks client to latest version * api-change:``networkmanager``: [``botocore``] Update networkmanager client to latest version * api-change:``compute-optimizer``: [``botocore``] Update compute-optimizer client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``frauddetector``: [``botocore``] Update frauddetector client to latest version * api-change:``sagemaker-a2i-runtime``: [``botocore``] Update sagemaker-a2i-runtime client to latest version * api-change:``codeguru-reviewer``: [``botocore``] Update codeguru-reviewer client to latest version * api-change:``codeguruprofiler``: [``botocore``] Update codeguruprofiler client to latest version * api-change:``es``: [``botocore``] Update es client to latest version
from version 1.10.30 * api-change:``accessanalyzer``: [``botocore``] Update accessanalyzer client to latest version
from version 1.10.29 * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``license-manager``: [``botocore``] Update license-manager client to latest version * api-change:``imagebuilder``: [``botocore``] Update imagebuilder client to latest version * api-change:``schemas``: [``botocore``] Update schemas client to latest version
from version 1.10.28 * api-change:``rds-data``: [``botocore``] Update rds-data client to latest version * api-change:``ds``: [``botocore``] Update ds client to latest version * api-change:``workspaces``: [``botocore``] Update workspaces client to latest version * api-change:``resourcegroupstaggingapi``: [``botocore``] Update resourcegroupstaggingapi client to latest version * api-change:``cognito-idp``: [``botocore``] Update cognito-idp client to latest version * api-change:``dynamodb``: [``botocore``] Update dynamodb client to latest version * api-change:``elastic-inference``: [``botocore``] Update elastic-inference client to latest version * api-change:``organizations``: [``botocore``] Update organizations client to latest version * api-change:``mediatailor``: [``botocore``] Update mediatailor client to latest version * api-change:``quicksight``: [``botocore``] Update quicksight client to latest version * api-change:``serverlessrepo``: [``botocore``] Update serverlessrepo client to latest version
from version 1.10.27 * api-change:``cognito-idp``: [``botocore``] Update cognito-idp client to latest version * api-change:``redshift``: [``botocore``] Update redshift client to latest version * api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version * api-change:``wafv2``: [``botocore``] Update wafv2 client to latest version * api-change:``dlm``: [``botocore``] Update dlm client to latest version * api-change:``iot``: [``botocore``] Update iot client to latest version * api-change:``lex-runtime``: [``botocore``] Update lex-runtime client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``athena``: [``botocore``] Update athena client to latest version * api-change:``iotsecuretunneling``: [``botocore``] Update iotsecuretunneling client to latest version * api-change:``ssm``: [``botocore``] Update ssm client to latest version * api-change:``application-insights``: [``botocore``] Update application-insights client to latest version * api-change:``mediapackage-vod``: [``botocore``] Update mediapackage-vod client to latest version * api-change:``appconfig``: [``botocore``] Update appconfig client to latest version * api-change:``mediaconvert``: [``botocore``] Update mediaconvert client to latest version * api-change:``kinesisanalyticsv2``: [``botocore``] Update kinesisanalyticsv2 client to latest version * api-change:``medialive``: [``botocore``] Update medialive client to latest version * api-change:``lambda``: [``botocore``] Update lambda client to latest version * api-change:``cloudwatch``: [``botocore``] Update cloudwatch client to latest version * api-change:``sesv2``: [``botocore``] Update sesv2 client to latest version * api-change:``application-autoscaling``: [``botocore``] Update application-autoscaling client to latest version * api-change:``greengrass``: [``botocore``] Update greengrass client to latest version * api-change:``alexaforbusiness``: [``botocore``] Update alexaforbusiness client to latest version * api-change:``rds``: [``botocore``] Update rds client to latest version * api-change:``ce``: [``botocore``] Update ce client to latest version * api-change:``ram``: [``botocore``] Update ram client to latest version * api-change:``codebuild``: [``botocore``] Update codebuild client to latest version * api-change:``comprehend``: [``botocore``] Update comprehend client to latest version * api-change:``kms``: [``botocore``] Update kms client to latest version
from version 1.10.26 * api-change:``acm``: [``botocore``] Update acm client to latest version * api-change:``autoscaling-plans``: [``botocore``] Update autoscaling-plans client to latest version * api-change:``codebuild``: [``botocore``] Update codebuild client to latest version * api-change:``mediapackage-vod``: [``botocore``] Update mediapackage-vod client to latest version * api-change:``emr``: [``botocore``] Update emr client to latest version * api-change:``sns``: [``botocore``] Update sns client to latest version * api-change:``ssm``: [``botocore``] Update ssm client to latest version * api-change:``application-autoscaling``: [``botocore``] Update application-autoscaling client to latest version * api-change:``sts``: [``botocore``] Update sts client to latest version * api-change:``forecast``: [``botocore``] Update forecast client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``rekognition``: [``botocore``] Update rekognition client to latest version
from version 1.10.25 * bugfix:IMDS metadata: [``botocore``] Add 405 case to metadata fetching logic.
from version 1.10.24 * api-change:``glue``: [``botocore``] Update glue client to latest version * api-change:``transcribe``: [``botocore``] Update transcribe client to latest version * api-change:``connectparticipant``: [``botocore``] Update connectparticipant client to latest version * api-change:``dynamodb``: [``botocore``] Update dynamodb client to latest version * api-change:``lex-runtime``: [``botocore``] Update lex-runtime client to latest version * api-change:``connect``: [``botocore``] Update connect client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``meteringmarketplace``: [``botocore``] Update meteringmarketplace client to latest version * api-change:``config``: [``botocore``] Update config client to latest version * api-change:``lex-models``: [``botocore``] Update lex-models client to latest version * api-change:``ssm``: [``botocore``] Update ssm client to latest version * api-change:``amplify``: [``botocore``] Update amplify client to latest version * api-change:``appsync``: [``botocore``] Update appsync client to latest version
from version 1.10.23 * api-change:``datasync``: [``botocore``] Update datasync client to latest version * api-change:``dlm``: [``botocore``] Update dlm client to latest version * api-change:``mediastore``: [``botocore``] Update mediastore client to latest version * api-change:``cloudtrail``: [``botocore``] Update cloudtrail client to latest version * api-change:``mgh``: [``botocore``] Update mgh client to latest version * api-change:``storagegateway``: [``botocore``] Update storagegateway client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``codecommit``: [``botocore``] Update codecommit client to latest version * api-change:``s3``: [``botocore``] Update s3 client to latest version * api-change:``fsx``: [``botocore``] Update fsx client to latest version * api-change:``migrationhub-config``: [``botocore``] Update migrationhub-config client to latest version * api-change:``firehose``: [``botocore``] Update firehose client to latest version * api-change:``transcribe``: [``botocore``] Update transcribe client to latest version * api-change:``ecs``: [``botocore``] Update ecs client to latest version * api-change:``discovery``: [``botocore``] Update discovery client to latest version * api-change:``chime``: [``botocore``] Update chime client to latest version * api-change:``quicksight``: [``botocore``] Update quicksight client to latest version
from version 1.10.22 * bugfix:IMDS: [``botocore``] Fix regression in IMDS credential resolution. Fixes `#1892 `__.
from version 1.10.21 * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``cloudformation``: [``botocore``] Update cloudformation client to latest version * api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version * api-change:``lambda``: [``botocore``] Update lambda client to latest version * api-change:``config``: [``botocore``] Update config client to latest version * api-change:``iam``: [``botocore``] Update iam client to latest version * api-change:``codebuild``: [``botocore``] Update codebuild client to latest version * api-change:``iot``: [``botocore``] Update iot client to latest version * api-change:``autoscaling``: [``botocore``] Update autoscaling client to latest version
from version 1.10.20 * api-change:``cloudformation``: [``botocore``] Update cloudformation client to latest version * api-change:``s3``: [``botocore``] Update s3 client to latest version * api-change:``rds``: [``botocore``] Update rds client to latest version * api-change:``pinpoint``: [``botocore``] Update pinpoint client to latest version * api-change:``sagemaker``: [``botocore``] Update sagemaker client to latest version * api-change:``sagemaker-runtime``: [``botocore``] Update sagemaker-runtime client to latest version * api-change:``ce``: [``botocore``] Update ce client to latest version * api-change:``ssm``: [``botocore``] Update ssm client to latest version
from version 1.10.19 * api-change:``cognito-idp``: [``botocore``] Update cognito-idp client to latest version * api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version * api-change:``workspaces``: [``botocore``] Update workspaces client to latest version * api-change:``ssm``: [``botocore``] Update ssm client to latest version * api-change:``logs``: [``botocore``] Update logs client to latest version * api-change:``guardduty``: [``botocore``] Update guardduty client to latest version * api-change:``emr``: [``botocore``] Update emr client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``mediaconvert``: [``botocore``] Update mediaconvert client to latest version * api-change:``eks``: [``botocore``] Update eks client to latest version * api-change:``chime``: [``botocore``] Update chime client to latest version
from version 1.10.18 * api-change:``meteringmarketplace``: [``botocore``] Update meteringmarketplace client to latest version * api-change:``cognito-idp``: [``botocore``] Update cognito-idp client to latest version * api-change:``connect``: [``botocore``] Update connect client to latest version * api-change:``ssm``: [``botocore``] Update ssm client to latest version * api-change:``personalize``: [``botocore``] Update personalize client to latest version
Update BuildRequires and Requires in spec file from setup.py

Version update to 1.10.17 * api-change:``sesv2``: [``botocore``] Update sesv2 client to latest version * api-change:``dataexchange``: [``botocore``] Update dataexchange client to latest version * api-change:``iot``: [``botocore``] Update iot client to latest version * api-change:``cloudsearch``: [``botocore``] Update cloudsearch client to latest version * api-change:``dlm``: [``botocore``] Update dlm client to latest version
from version 1.10.16 * api-change:``transcribe``: [``botocore``] Update transcribe client to latest version * api-change:``marketplace-catalog``: [``botocore``] Update marketplace-catalog client to latest version * api-change:``dynamodb``: [``botocore``] Update dynamodb client to latest version * api-change:``codepipeline``: [``botocore``] Update codepipeline client to latest version * api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version
from version 1.10.15 * api-change:``ce``: [``botocore``] Update ce client to latest version * api-change:``cloudformation``: [``botocore``] Update cloudformation client to latest version
from version 1.10.14 * api-change:``cognito-identity``: [``botocore``] Update cognito-identity client to latest version * api-change:``ecr``: [``botocore``] Update ecr client to latest version
from version 1.10.13 * api-change:``ssm``: [``botocore``] Update ssm client to latest version * api-change:``sso``: [``botocore``] Update sso client to latest version * api-change:``sso-oidc``: [``botocore``] Update sso-oidc client to latest version * api-change:``comprehend``: [``botocore``] Update comprehend client to latest version
from version 1.10.12 * api-change:``savingsplans``: [``botocore``] Update savingsplans client to latest version
from version 1.10.11 * api-change:``codebuild``: [``botocore``] Update codebuild client to latest version * api-change:``budgets``: [``botocore``] Update budgets client to latest version * api-change:``efs``: [``botocore``] Update efs client to latest version * api-change:``ce``: [``botocore``] Update ce client to latest version * api-change:``savingsplans``: [``botocore``] Update savingsplans client to latest version * api-change:``signer``: [``botocore``] Update signer client to latest version
from version 1.10.10 * api-change:``rds``: [``botocore``] Update rds client to latest version * api-change:``codestar-notifications``: [``botocore``] Update codestar-notifications client to latest version
from version 1.10.9 * api-change:``dax``: [``botocore``] Update dax client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``robomaker``: [``botocore``] Update robomaker client to latest version
from version 1.10.8 * api-change:``pinpoint``: [``botocore``] Update pinpoint client to latest version * api-change:``cloudtrail``: [``botocore``] Update cloudtrail client to latest version * api-change:``dms``: [``botocore``] Update dms client to latest version
from version 1.10.7 * api-change:``support``: [``botocore``] Update support client to latest version * api-change:``amplify``: [``botocore``] Update amplify client to latest version * api-change:``s3``: [``botocore``] Update s3 client to latest version
from version 1.10.6 * api-change:``elasticache``: [``botocore``] Update elasticache client to latest version
from version 1.10.5 * api-change:``cloud9``: [``botocore``] Update cloud9 client to latest version * api-change:``appstream``: [``botocore``] Update appstream client to latest version
from version 1.10.4 * api-change:``s3``: [``botocore``] Update s3 client to latest version
from version 1.10.3 * api-change:``elasticache``: [``botocore``] Update elasticache client to latest version * api-change:``transfer``: [``botocore``] Update transfer client to latest version * api-change:``ecr``: [``botocore``] Update ecr client to latest version
from version 1.10.2 * api-change:``sagemaker``: [``botocore``] Update sagemaker client to latest version * api-change:``gamelift``: [``botocore``] Update gamelift client to latest version * enhancement:``sts``: [``botocore``] Add support for configuring the use of regional STS endpoints. * api-change:``chime``: [``botocore``] Update chime client to latest version * api-change:``appmesh``: [``botocore``] Update appmesh client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version
from version 1.10.1 * api-change:``polly``: [``botocore``] Update polly client to latest version * api-change:``connect``: [``botocore``] Update connect client to latest version
from version 1.10.0 * api-change:``opsworkscm``: [``botocore``] Update opsworkscm client to latest version * api-change:``iotevents``: [``botocore``] Update iotevents client to latest version * feature:``botocore.vendored.requests``: [``botocore``] Removed vendored version of ``requests`` (`#1829 `__)
from version 1.9.253 * api-change:``cloudwatch``: [``botocore``] Update cloudwatch client to latest version
from version 1.9.252 * api-change:``batch``: [``botocore``] Update batch client to latest version * api-change:``rds``: [``botocore``] Update rds client to latest version
from version 1.9.251 * api-change:``kafka``: [``botocore``] Update kafka client to latest version * api-change:``marketplacecommerceanalytics``: [``botocore``] Update marketplacecommerceanalytics client to latest version * api-change:``robomaker``: [``botocore``] Update robomaker client to latest version
from version 1.9.250 * api-change:``kinesis-video-archived-media``: [``botocore``] Update kinesis-video-archived-media client to latest version
from version 1.9.249 * api-change:``personalize``: [``botocore``] Update personalize client to latest version * api-change:``workspaces``: [``botocore``] Update workspaces client to latest version
Update BuildRequires and Requires in spec file from setup.py

Version update to 1.9.248 * api-change:``greengrass``: [``botocore``] Update greengrass client to latest version
from version 1.9.247 * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``lex-runtime``: [``botocore``] Update lex-runtime client to latest version * api-change:``fms``: [``botocore``] Update fms client to latest version * api-change:``iotanalytics``: [``botocore``] Update iotanalytics client to latest version
from version 1.9.246 * api-change:``kafka``: [``botocore``] Update kafka client to latest version * api-change:``elasticache``: [``botocore``] Update elasticache client to latest version * api-change:``mediaconvert``: [``botocore``] Update mediaconvert client to latest version
from version 1.9.245 * api-change:``organizations``: [``botocore``] Update organizations client to latest version * api-change:``events``: [``botocore``] Update events client to latest version * api-change:``firehose``: [``botocore``] Update firehose client to latest version * api-change:``datasync``: [``botocore``] Update datasync client to latest version
from version 1.9.244 * api-change:``snowball``: [``botocore``] Update snowball client to latest version * api-change:``directconnect``: [``botocore``] Update directconnect client to latest version * api-change:``firehose``: [``botocore``] Update firehose client to latest version * api-change:``pinpoint``: [``botocore``] Update pinpoint client to latest version * api-change:``glue``: [``botocore``] Update glue client to latest version * api-change:``pinpoint-email``: [``botocore``] Update pinpoint-email client to latest version
from version 1.9.243 * api-change:``cognito-idp``: [``botocore``] Update cognito-idp client to latest version * api-change:``mediapackage``: [``botocore``] Update mediapackage client to latest version * api-change:``ssm``: [``botocore``] Update ssm client to latest version
from version 1.9.242 * api-change:``es``: [``botocore``] Update es client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``application-autoscaling``: [``botocore``] Update application-autoscaling client to latest version * api-change:``devicefarm``: [``botocore``] Update devicefarm client to latest version
from version 1.9.241 * api-change:``lightsail``: [``botocore``] Update lightsail client to latest version
from version 1.9.240 * api-change:``docdb``: [``botocore``] Update docdb client to latest version
from version 1.9.239 * api-change:``waf``: [``botocore``] Update waf client to latest version * api-change:``rds``: [``botocore``] Update rds client to latest version * api-change:``mq``: [``botocore``] Update mq client to latest version
from version 1.9.238 * api-change:``amplify``: [``botocore``] Update amplify client to latest version * api-change:``ecs``: [``botocore``] Update ecs client to latest version
from version 1.9.237 * api-change:``ssm``: [``botocore``] Update ssm client to latest version * api-change:``codepipeline``: [``botocore``] Update codepipeline client to latest version
from version 1.9.236 * api-change:``globalaccelerator``: [``botocore``] Update globalaccelerator client to latest version * api-change:``dms``: [``botocore``] Update dms client to latest version * api-change:``sagemaker``: [``botocore``] Update sagemaker client to latest version
from version 1.9.235 * api-change:``transcribe``: [``botocore``] Update transcribe client to latest version * api-change:``comprehendmedical``: [``botocore``] Update comprehendmedical client to latest version * api-change:``datasync``: [``botocore``] Update datasync client to latest version
from version 1.9.234 * api-change:``rds-data``: [``botocore``] Update rds-data client to latest version * api-change:``redshift``: [``botocore``] Update redshift client to latest version
from version 1.9.233 * api-change:``workspaces``: [``botocore``] Update workspaces client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``greengrass``: [``botocore``] Update greengrass client to latest version * api-change:``rds``: [``botocore``] Update rds client to latest version
from version 1.9.232 * api-change:``mediaconnect``: [``botocore``] Update mediaconnect client to latest version * api-change:``glue``: [``botocore``] Update glue client to latest version * api-change:``ecs``: [``botocore``] Update ecs client to latest version
from version 1.9.231 * api-change:``ram``: [``botocore``] Update ram client to latest version * api-change:``waf-regional``: [``botocore``] Update waf-regional client to latest version * api-change:``apigateway``: [``botocore``] Update apigateway client to latest version
from version 1.9.230 * api-change:``iam``: [``botocore``] Update iam client to latest version * api-change:``athena``: [``botocore``] Update athena client to latest version * api-change:``personalize``: [``botocore``] Update personalize client to latest version
from version 1.9.229 * api-change:``eks``: [``botocore``] Update eks client to latest version * api-change:``mediaconvert``: [``botocore``] Update mediaconvert client to latest version
from version 1.9.228 * api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``workmailmessageflow``: [``botocore``] Update workmailmessageflow client to latest version * api-change:``medialive``: [``botocore``] Update medialive client to latest version
from version 1.9.227 * api-change:``stepfunctions``: [``botocore``] Update stepfunctions client to latest version * api-change:``rds``: [``botocore``] Update rds client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``mediaconnect``: [``botocore``] Update mediaconnect client to latest version * api-change:``ses``: [``botocore``] Update ses client to latest version * api-change:``config``: [``botocore``] Update config client to latest version
from version 1.9.226 * api-change:``storagegateway``: [``botocore``] Update storagegateway client to latest version
from version 1.9.225 * api-change:``qldb``: [``botocore``] Update qldb client to latest version * api-change:``marketplacecommerceanalytics``: [``botocore``] Update marketplacecommerceanalytics client to latest version * api-change:``appstream``: [``botocore``] Update appstream client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``robomaker``: [``botocore``] Update robomaker client to latest version * api-change:``appmesh``: [``botocore``] Update appmesh client to latest version * api-change:``qldb-session``: [``botocore``] Update qldb-session client to latest version
from version 1.9.224 * api-change:``kinesisanalytics``: [``botocore``] Update kinesisanalytics client to latest version
from version 1.9.223 * api-change:``config``: [``botocore``] Update config client to latest version
from version 1.9.222 * api-change:``stepfunctions``: [``botocore``] Update stepfunctions client to latest version * api-change:``transcribe``: [``botocore``] Update transcribe client to latest version * api-change:``eks``: [``botocore``] Update eks client to latest version
from version 1.9.221 * api-change:``ecs``: [``botocore``] Update ecs client to latest version * api-change:``resourcegroupstaggingapi``: [``botocore``] Update resourcegroupstaggingapi client to latest version * api-change:``gamelift``: [``botocore``] Update gamelift client to latest version
from version 1.9.220 * api-change:``mq``: [``botocore``] Update mq client to latest version * api-change:``apigatewaymanagementapi``: [``botocore``] Update apigatewaymanagementapi client to latest version * api-change:``ecs``: [``botocore``] Update ecs client to latest version
from version 1.9.219 * api-change:``codepipeline``: [``botocore``] Update codepipeline client to latest version * api-change:``application-autoscaling``: [``botocore``] Update application-autoscaling client to latest version * api-change:``elasticache``: [``botocore``] Update elasticache client to latest version * api-change:``lambda``: [``botocore``] Update lambda client to latest version * api-change:``ecs``: [``botocore``] Update ecs client to latest version
from version 1.9.218 * api-change:``sqs``: [``botocore``] Update sqs client to latest version * api-change:``globalaccelerator``: [``botocore``] Update globalaccelerator client to latest version * api-change:``mediaconvert``: [``botocore``] Update mediaconvert client to latest version
from version 1.9.217 * api-change:``organizations``: [``botocore``] Update organizations client to latest version
from version 1.9.216 * api-change:``ssm``: [``botocore``] Update ssm client to latest version * api-change:``securityhub``: [``botocore``] Update securityhub client to latest version
from version 1.9.215 * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``mediapackage-vod``: [``botocore``] Update mediapackage-vod client to latest version * api-change:``transcribe``: [``botocore``] Update transcribe client to latest version
from version 1.9.214 * api-change:``datasync``: [``botocore``] Update datasync client to latest version * api-change:``rds``: [``botocore``] Update rds client to latest version

python-botocore was updated to 1.15.38 (bsc#1166924, bsc#1168943)
* api-change:``apigateway``: Update apigateway client to latest version * api-change:``codeguru-reviewer``: Update codeguru-reviewer client to latest version * api-change:``mediaconnect``: Update mediaconnect client to latest version

from version 1.15.37 * api-change:``transcribe``: Update transcribe client to latest version * api-change:``chime``: Update chime client to latest version * api-change:``iam``: Update iam client to latest version * api-change:``elasticbeanstalk``: Update elasticbeanstalk client to latest version
from version 1.15.36 * api-change:``personalize-runtime``: Update personalize-runtime client to latest version * api-change:``robomaker``: Update robomaker client to latest version

Version update to 1.15.35 * api-change:``medialive``: Update medialive client to latest version * api-change:``redshift``: Update redshift client to latest version * api-change:``gamelift``: Update gamelift client to latest version * api-change:``cloudwatch``: Update cloudwatch client to latest version * api-change:``rds``: Update rds client to latest version
from version 1.15.34 * api-change:``iot``: Update iot client to latest version * api-change:``mediaconnect``: Update mediaconnect client to latest version
from version 1.15.33 * api-change:``opsworkscm``: Update opsworkscm client to latest version * api-change:``wafv2``: Update wafv2 client to latest version * api-change:``glue``: Update glue client to latest version * api-change:``elastic-inference``: Update elastic-inference client to latest version * api-change:``lambda``: Update lambda client to latest version * api-change:``mediastore``: Update mediastore client to latest version * api-change:``pinpoint``: Update pinpoint client to latest version * api-change:``storagegateway``: Update storagegateway client to latest version * api-change:``rekognition``: Update rekognition client to latest version * api-change:``fms``: Update fms client to latest version * api-change:``organizations``: Update organizations client to latest version * api-change:``detective``: Update detective client to latest version * api-change:``appconfig``: Update appconfig client to latest version
from version 1.15.32 * api-change:``accessanalyzer``: Update accessanalyzer client to latest version
from version 1.15.31 * api-change:``globalaccelerator``: Update globalaccelerator client to latest version * api-change:``kendra``: Update kendra client to latest version * api-change:``servicecatalog``: Update servicecatalog client to latest version
from version 1.15.30 * api-change:``sagemaker``: Update sagemaker client to latest version * api-change:``fsx``: Update fsx client to latest version * api-change:``securityhub``: Update securityhub client to latest version
from version 1.15.29 * api-change:``managedblockchain``: Update managedblockchain client to latest version * api-change:``ce``: Update ce client to latest version * api-change:``application-insights``: Update application-insights client to latest version * api-change:``detective``: Update detective client to latest version * api-change:``es``: Update es client to latest version * api-change:``xray``: Update xray client to latest version
from version 1.15.28 * api-change:``athena``: Update athena client to latest version * api-change:``rds-data``: Update rds-data client to latest version * api-change:``eks``: Update eks client to latest version * api-change:``organizations``: Update organizations client to latest version

Version update to 1.15.27 * api-change:``apigatewayv2``: Update apigatewayv2 client to latest version * api-change:``eks``: Update eks client to latest version * api-change:``route53``: Update route53 client to latest version
from version 1.15.26 * api-change:``servicecatalog``: Update servicecatalog client to latest version
from version 1.15.25 * api-change:``outposts``: Update outposts client to latest version * api-change:``acm``: Update acm client to latest version
from version 1.15.24 * api-change:``rds``: Update rds client to latest version * api-change:``mediaconnect``: Update mediaconnect client to latest version * api-change:``personalize``: Update personalize client to latest version
from version 1.15.23 * api-change:``mediaconvert``: Update mediaconvert client to latest version
from version 1.15.22 * api-change:``s3control``: Update s3control client to latest version * bugfix:Stubber: fixes `#1884 `__ * api-change:``cognito-idp``: Update cognito-idp client to latest version * api-change:``ssm``: Update ssm client to latest version * api-change:``ecs``: Update ecs client to latest version * api-change:``elasticache``: Update elasticache client to latest version
from version 1.15.21 * api-change:``appconfig``: Update appconfig client to latest version
from version 1.15.20 * api-change:``lex-models``: Update lex-models client to latest version * api-change:``securityhub``: Update securityhub client to latest version * api-change:``ec2``: Update ec2 client to latest version * api-change:``apigatewayv2``: Update apigatewayv2 client to latest version * api-change:``iot``: Update iot client to latest version
from version 1.15.19 * api-change:``efs``: Update efs client to latest version * api-change:``redshift``: Update redshift client to latest version
from version 1.15.18 * api-change:``serverlessrepo``: Update serverlessrepo client to latest version * api-change:``iotevents``: Update iotevents client to latest version * api-change:``ec2``: Update ec2 client to latest version * enhancement:timezones: Improved timezone parsing for Windows with new fallback method (#1939) * api-change:``marketplacecommerceanalytics``: Update marketplacecommerceanalytics client to latest version
from version 1.15.17 * api-change:``ec2``: Update ec2 client to latest version * api-change:``medialive``: Update medialive client to latest version * api-change:``dms``: Update dms client to latest version
from version 1.15.16 * api-change:``signer``: Update signer client to latest version * api-change:``guardduty``: Update guardduty client to latest version * api-change:``appmesh``: Update appmesh client to latest version * api-change:``ec2``: Update ec2 client to latest version * api-change:``robomaker``: Update robomaker client to latest version
from version 1.15.15 * api-change:``eks``: Update eks client to latest version * api-change:``ec2``: Update ec2 client to latest version * api-change:``opsworkscm``: Update opsworkscm client to latest version * api-change:``guardduty``: Update guardduty client to latest version
from version 1.15.14 * api-change:``pinpoint``: Update pinpoint client to latest version
from version 1.15.13 * api-change:``ec2``: Update ec2 client to latest version
from version 1.15.12 * api-change:``cloudwatch``: Update cloudwatch client to latest version * api-change:``comprehendmedical``: Update comprehendmedical client to latest version
from version 1.15.11 * api-change:``config``: Update config client to latest version
from version 1.15.10 * api-change:``config``: Update config client to latest version * api-change:``glue``: Update glue client to latest version * api-change:``sagemaker-a2i-runtime``: Update sagemaker-a2i-runtime client to latest version * api-change:``appmesh``: Update appmesh client to latest version * api-change:``elbv2``: Update elbv2 client to latest version * api-change:``workdocs``: Update workdocs client to latest version * api-change:``quicksight``: Update quicksight client to latest version * api-change:``accessanalyzer``: Update accessanalyzer client to latest version * api-change:``codeguruprofiler``: Update codeguruprofiler client to latest version
from version 1.15.9 * api-change:``lightsail``: Update lightsail client to latest version * api-change:``globalaccelerator``: Update globalaccelerator client to latest version
from version 1.15.8 * api-change:``transcribe``: Update transcribe client to latest version * api-change:``ec2``: Update ec2 client to latest version * api-change:``sagemaker``: Update sagemaker client to latest version * api-change:``securityhub``: Update securityhub client to latest version
from version 1.15.7 * api-change:``stepfunctions``: Update stepfunctions client to latest version * api-change:``kafka``: Update kafka client to latest version * api-change:``secretsmanager``: Update secretsmanager client to latest version * api-change:``outposts``: Update outposts client to latest version
from version 1.15.6 * api-change:``iotevents``: Update iotevents client to latest version * api-change:``docdb``: Update docdb client to latest version * api-change:``snowball``: Update snowball client to latest version * api-change:``fsx``: Update fsx client to latest version * api-change:``events``: Update events client to latest version
from version 1.15.5 * api-change:``imagebuilder``: Update imagebuilder client to latest version * api-change:``wafv2``: Update wafv2 client to latest version * api-change:``redshift``: Update redshift client to latest version
from version 1.15.4 * api-change:``savingsplans``: Update savingsplans client to latest version * api-change:``appconfig``: Update appconfig client to latest version * api-change:``pinpoint``: Update pinpoint client to latest version
from version 1.15.3 * api-change:``autoscaling``: Update autoscaling client to latest version * api-change:``servicecatalog``: Update servicecatalog client to latest version * api-change:``lambda``: Update lambda client to latest version
from version 1.15.2 * api-change:``autoscaling``: Update autoscaling client to latest version * api-change:``chime``: Update chime client to latest version * api-change:``rds``: Update rds client to latest version
from version 1.15.1 * api-change:``cloud9``: Update cloud9 client to latest version * api-change:``ec2``: Update ec2 client to latest version * api-change:``dynamodb``: Update dynamodb client to latest version * api-change:``rekognition``: Update rekognition client to latest version

Version update to 1.15.0 * feature:retries: Add support for retry modes, including ``standard`` and ``adaptive`` modes (`#1972 `__) * api-change:``ec2``: Update ec2 client to latest version * api-change:``mediatailor``: Update mediatailor client to latest version * api-change:``securityhub``: Update securityhub client to latest version * api-change:``shield``: Update shield client to latest version
from version 1.14.17 * api-change:``mediapackage-vod``: Update mediapackage-vod client to latest version
from version 1.14.16 * api-change:``glue``: Update glue client to latest version * api-change:``chime``: Update chime client to latest version * api-change:``workmail``: Update workmail client to latest version * api-change:``ds``: Update ds client to latest version * api-change:``ec2``: Update ec2 client to latest version * api-change:``es``: Update es client to latest version * api-change:``neptune``: Update neptune client to latest version
from version 1.14.15 * api-change:``ec2``: Update ec2 client to latest version * api-change:``cognito-idp``: Update cognito-idp client to latest version * api-change:``cloudformation``: Update cloudformation client to latest version
from version 1.14.14 * api-change:``docdb``: Update docdb client to latest version * api-change:``kms``: Update kms client to latest version
from version 1.14.13 * api-change:``robomaker``: Update robomaker client to latest version * api-change:``imagebuilder``: Update imagebuilder client to latest version * api-change:``rds``: Update rds client to latest version
from version 1.14.12 * api-change:``ebs``: Update ebs client to latest version * api-change:``appsync``: Update appsync client to latest version * api-change:``lex-models``: Update lex-models client to latest version * api-change:``ecr``: Update ecr client to latest version * api-change:``ec2``: Update ec2 client to latest version * api-change:``codebuild``: Update codebuild client to latest version
from version 1.14.11 * api-change:``groundstation``: Update groundstation client to latest version * api-change:``mediaconvert``: Update mediaconvert client to latest version * api-change:``dlm``: Update dlm client to latest version * api-change:``ec2``: Update ec2 client to latest version * api-change:``forecastquery``: Update forecastquery client to latest version * api-change:``securityhub``: Update securityhub client to latest version * api-change:``resourcegroupstaggingapi``: Update resourcegroupstaggingapi client to latest version
from version 1.14.10 * api-change:``workmail``: Update workmail client to latest version * api-change:``iot``: Update iot client to latest version * api-change:``cloudfront``: Update cloudfront client to latest version * api-change:``storagegateway``: Update storagegateway client to latest version * api-change:``ssm``: Update ssm client to latest version * api-change:``kafka``: Update kafka client to latest version * api-change:``ec2``: Update ec2 client to latest version
Refresh patches for new version + hide_py_pckgmgmt.patch

Version update to 1.14.9 * api-change:``ecs``: Update ecs client to latest version * api-change:``opsworkscm``: Update opsworkscm client to latest version * api-change:``workspaces``: Update workspaces client to latest version * api-change:``datasync``: Update datasync client to latest version * api-change:``eks``: Update eks client to latest version
from version 1.14.8 * api-change:``rds``: Update rds client to latest version * api-change:``iam``: Update iam client to latest version
from version 1.14.7 * api-change:``ec2``: Update ec2 client to latest version * api-change:``codepipeline``: Update codepipeline client to latest version * api-change:``discovery``: Update discovery client to latest version * api-change:``iotevents``: Update iotevents client to latest version * api-change:``marketplacecommerceanalytics``: Update marketplacecommerceanalytics client to latest version
from version 1.14.6 * api-change:``lambda``: Update lambda client to latest version * api-change:``application-insights``: Update application-insights client to latest version * api-change:``ec2``: Update ec2 client to latest version * api-change:``cloudwatch``: Update cloudwatch client to latest version * api-change:``kms``: Update kms client to latest version * api-change:``alexaforbusiness``: Update alexaforbusiness client to latest version
from version 1.14.5 * api-change:``mediaconvert``: Update mediaconvert client to latest version * api-change:``neptune``: Update neptune client to latest version * api-change:``cloudhsmv2``: Update cloudhsmv2 client to latest version * api-change:``redshift``: Update redshift client to latest version * api-change:``batch``: Update batch client to latest version * api-change:``ecs``: Update ecs client to latest version
from version 1.14.4 * api-change:``ec2``: Update ec2 client to latest version * api-change:``sagemaker``: Update sagemaker client to latest version * api-change:``ds``: Update ds client to latest version
from version 1.14.3 * api-change:``securityhub``: Update securityhub client to latest version * api-change:``ssm``: Update ssm client to latest version * api-change:``ec2``: Update ec2 client to latest version * api-change:``organizations``: Update organizations client to latest version
from version 1.14.2 * api-change:``ec2``: Update ec2 client to latest version
from version 1.14.1 * api-change:``efs``: Update efs client to latest version * api-change:``ec2``: Update ec2 client to latest version * api-change:``backup``: Update backup client to latest version
from version 1.14.0 * api-change:``sagemaker``: Update sagemaker client to latest version * api-change:``chime``: Update chime client to latest version * api-change:``transfer``: Update transfer client to latest version * api-change:``ec2``: Update ec2 client to latest version * feature:Python: Dropped support for Python 2.6 and 3.3. * api-change:``workspaces``: Update workspaces client to latest version * api-change:``rds``: Update rds client to latest version
from version 1.13.50 * api-change:``logs``: Update logs client to latest version
from version 1.13.49 * api-change:``fms``: Update fms client to latest version * api-change:``translate``: Update translate client to latest version * api-change:``ce``: Update ce client to latest version
from version 1.13.48 * api-change:``codebuild``: Update codebuild client to latest version * api-change:``mgh``: Update mgh client to latest version * api-change:``xray``: Update xray client to latest version
from version 1.13.47 * api-change:``comprehend``: Update comprehend client to latest version * api-change:``mediapackage``: Update mediapackage client to latest version * api-change:``ec2``: Update ec2 client to latest version
from version 1.13.46 * api-change:``lex-models``: Update lex-models client to latest version * api-change:``ecr``: Update ecr client to latest version * api-change:``lightsail``: Update lightsail client to latest version * api-change:``ce``: Update ce client to latest version
from version 1.13.45 * api-change:``fsx``: Update fsx client to latest version * api-change:``health``: Update health client to latest version * api-change:``detective``: Update detective client to latest version
from version 1.13.44 * api-change:``transcribe``: Update transcribe client to latest version * api-change:``eks``: Update eks client to latest version * api-change:``ec2``: Update ec2 client to latest version * api-change:``rds``: Update rds client to latest version * api-change:``ssm``: Update ssm client to latest version * api-change:``redshift``: Update redshift client to latest version * api-change:``pinpoint``: Update pinpoint client to latest version * api-change:``securityhub``: Update securityhub client to latest version * api-change:``devicefarm``: Update devicefarm client to latest version
from version 1.13.43 * api-change:``transcribe``: Update transcribe client to latest version * api-change:``dlm``: Update dlm client to latest version * api-change:``lex-models``: Update lex-models client to latest version * api-change:``personalize-runtime``: Update personalize-runtime client to latest version * api-change:``ssm``: Update ssm client to latest version * api-change:``codestar-connections``: Update codestar-connections client to latest version * api-change:``gamelift``: Update gamelift client to latest version * api-change:``ec2``: Update ec2 client to latest version
from version 1.13.42 * api-change:``ec2``: Update ec2 client to latest version * api-change:``s3``: Update s3 client to latest version * api-change:``resourcegroupstaggingapi``: Update resourcegroupstaggingapi client to latest version * api-change:``cloudfront``: Update cloudfront client to latest version * enhancement:``s3``: Add support for opting into using the us-east-1 regional endpoint. * api-change:``opsworkscm``: Update opsworkscm client to latest version
from version 1.13.41 * api-change:``kinesisanalyticsv2``: Update kinesisanalyticsv2 client to latest version * api-change:``ssm``: Update ssm client to latest version * api-change:``medialive``: Update medialive client to latest version * api-change:``iot``: Update iot client to latest version * api-change:``ecs``: Update ecs client to latest version * api-change:``ec2``: Update ec2 client to latest version
from version 1.13.40 * api-change:``mq``: Update mq client to latest version * api-change:``comprehendmedical``: Update comprehendmedical client to latest version * api-change:``ec2``: Update ec2 client to latest version
from version 1.13.39 * api-change:``codebuild``: Update codebuild client to latest version * api-change:``detective``: Update detective client to latest version * api-change:``sesv2``: Update sesv2 client to latest version
from version 1.13.38 * api-change:``accessanalyzer``: Update accessanalyzer client to latest version
from version 1.13.37 * api-change:``ec2``: Update ec2 client to latest version
from version 1.13.36 * api-change:``kendra``: Update kendra client to latest version
from version 1.13.35 * bugfix:s3: Add stricter validation to s3 control account id parameter. * api-change:``quicksight``: Update quicksight client to latest version * api-change:``kms``: Update kms client to latest version * api-change:``ssm``: Update ssm client to latest version * api-change:``kafka``: Update kafka client to latest version
from version 1.13.34 * bugfix:s3: Fixed an issue where the request path was set incorrectly if access point name was present in key path.

Version update to 1.13.33 * api-change:``kinesisvideo``: Update kinesisvideo client to latest version * api-change:``kinesis-video-signaling``: Update kinesis-video-signaling client to latest version * api-change:``apigatewayv2``: Update apigatewayv2 client to latest version
from version 1.13.32 * api-change:``ebs``: Update ebs client to latest version * api-change:``stepfunctions``: Update stepfunctions client to latest version * api-change:``application-autoscaling``: Update application-autoscaling client to latest version * api-change:``lambda``: Update lambda client to latest version * api-change:``rekognition``: Update rekognition client to latest version * api-change:``rds``: Update rds client to latest version * api-change:``sagemaker``: Update sagemaker client to latest version
from version 1.13.31 * api-change:``textract``: Update textract client to latest version * api-change:``s3control``: Update s3control client to latest version * api-change:``ecs``: Update ecs client to latest version * api-change:``s3``: Update s3 client to latest version * api-change:``outposts``: Update outposts client to latest version * api-change:``kendra``: Update kendra client to latest version * api-change:``eks``: Update eks client to latest version * api-change:``networkmanager``: Update networkmanager client to latest version * api-change:``compute-optimizer``: Update compute-optimizer client to latest version * api-change:``ec2``: Update ec2 client to latest version * api-change:``frauddetector``: Update frauddetector client to latest version * api-change:``sagemaker-a2i-runtime``: Update sagemaker-a2i-runtime client to latest version * api-change:``codeguru-reviewer``: Update codeguru-reviewer client to latest version * api-change:``codeguruprofiler``: Update codeguruprofiler client to latest version * api-change:``es``: Update es client to latest version
from version 1.13.30 * api-change:``accessanalyzer``: Update accessanalyzer client to latest version
from version 1.13.29 * api-change:``ec2``: Update ec2 client to latest version * api-change:``license-manager``: Update license-manager client to latest version * api-change:``imagebuilder``: Update imagebuilder client to latest version * api-change:``schemas``: Update schemas client to latest version
from version 1.13.28 * api-change:``rds-data``: Update rds-data client to latest version * api-change:``ds``: Update ds client to latest version * api-change:``workspaces``: Update workspaces client to latest version * api-change:``resourcegroupstaggingapi``: Update resourcegroupstaggingapi client to latest version * api-change:``cognito-idp``: Update cognito-idp client to latest version * api-change:``dynamodb``: Update dynamodb client to latest version * api-change:``elastic-inference``: Update elastic-inference client to latest version * api-change:``organizations``: Update organizations client to latest version * api-change:``mediatailor``: Update mediatailor client to latest version * api-change:``quicksight``: Update quicksight client to latest version * api-change:``serverlessrepo``: Update serverlessrepo client to latest version
from version 1.13.27 * api-change:``cognito-idp``: Update cognito-idp client to latest version * api-change:``redshift``: Update redshift client to latest version * api-change:``elbv2``: Update elbv2 client to latest version * api-change:``wafv2``: Update wafv2 client to latest version * api-change:``dlm``: Update dlm client to latest version * api-change:``iot``: Update iot client to latest version * api-change:``lex-runtime``: Update lex-runtime client to latest version * api-change:``ec2``: Update ec2 client to latest version * api-change:``athena``: Update athena client to latest version * api-change:``iotsecuretunneling``: Update iotsecuretunneling client to latest version * api-change:``ssm``: Update ssm client to latest version * api-change:``application-insights``: Update application-insights client to latest version * api-change:``mediapackage-vod``: Update mediapackage-vod client to latest version * api-change:``appconfig``: Update appconfig client to latest version * api-change:``mediaconvert``: Update mediaconvert client to latest version * api-change:``kinesisanalyticsv2``: Update kinesisanalyticsv2 client to latest version * api-change:``medialive``: Update medialive client to latest version * api-change:``lambda``: Update lambda client to latest version * api-change:``cloudwatch``: Update cloudwatch client to latest version * api-change:``sesv2``: Update sesv2 client to latest version * api-change:``application-autoscaling``: Update application-autoscaling client to latest version * api-change:``greengrass``: Update greengrass client to latest version * api-change:``alexaforbusiness``: Update alexaforbusiness client to latest version * api-change:``rds``: Update rds client to latest version * api-change:``ce``: Update ce client to latest version * api-change:``ram``: Update ram client to latest version * api-change:``codebuild``: Update codebuild client to latest version * api-change:``comprehend``: Update comprehend client to latest version * api-change:``kms``: Update kms client to latest version
from version 1.13.26 * api-change:``acm``: Update acm client to latest version * api-change:``autoscaling-plans``: Update autoscaling-plans client to latest version * api-change:``codebuild``: Update codebuild client to latest version * api-change:``mediapackage-vod``: Update mediapackage-vod client to latest version * api-change:``emr``: Update emr client to latest version * api-change:``sns``: Update sns client to latest version * api-change:``ssm``: Update ssm client to latest version * api-change:``application-autoscaling``: Update application-autoscaling client to latest version * api-change:``sts``: Update sts client to latest version * api-change:``forecast``: Update forecast client to latest version * api-change:``ec2``: Update ec2 client to latest version * api-change:``rekognition``: Update rekognition client to latest version
from version 1.13.25 * bugfix:IMDS metadata: Add 405 case to metadata fetching logic.
from version 1.13.24 * api-change:``glue``: Update glue client to latest version * api-change:``transcribe``: Update transcribe client to latest version * api-change:``connectparticipant``: Update connectparticipant client to latest version * api-change:``dynamodb``: Update dynamodb client to latest version * api-change:``lex-runtime``: Update lex-runtime client to latest version * api-change:``connect``: Update connect client to latest version * api-change:``ec2``: Update ec2 client to latest version * api-change:``meteringmarketplace``: Update meteringmarketplace client to latest version * api-change:``config``: Update config client to latest version * api-change:``lex-models``: Update lex-models client to latest version * api-change:``ssm``: Update ssm client to latest version * api-change:``amplify``: Update amplify client to latest version * api-change:``appsync``: Update appsync client to latest version
from version 1.13.23 * api-change:``datasync``: Update datasync client to latest version * api-change:``dlm``: Update dlm client to latest version * api-change:``mediastore``: Update mediastore client to latest version * api-change:``cloudtrail``: Update cloudtrail client to latest version * api-change:``mgh``: Update mgh client to latest version * api-change:``storagegateway``: Update storagegateway client to latest version * api-change:``ec2``: Update ec2 client to latest version * api-change:``codecommit``: Update codecommit client to latest version * api-change:``s3``: Update s3 client to latest version * api-change:``fsx``: Update fsx client to latest version * api-change:``migrationhub-config``: Update migrationhub-config client to latest version * api-change:``firehose``: Update firehose client to latest version * api-change:``transcribe``: Update transcribe client to latest version * api-change:``ecs``: Update ecs client to latest version * api-change:``discovery``: Update discovery client to latest version * api-change:``chime``: Update chime client to latest version * api-change:``quicksight``: Update quicksight client to latest version
from version 1.13.22 * bugfix:IMDS: Fix regression in IMDS credential resolution. Fixes `#1892 `__.
from version 1.13.21 * api-change:``ec2``: Update ec2 client to latest version * api-change:``cloudformation``: Update cloudformation client to latest version * api-change:``elbv2``: Update elbv2 client to latest version * api-change:``lambda``: Update lambda client to latest version * api-change:``config``: Update config client to latest version * api-change:``iam``: Update iam client to latest version * api-change:``codebuild``: Update codebuild client to latest version * api-change:``iot``: Update iot client to latest version * api-change:``autoscaling``: Update autoscaling client to latest version
from version 1.13.20 * api-change:``cloudformation``: Update cloudformation client to latest version * api-change:``s3``: Update s3 client to latest version * api-change:``rds``: Update rds client to latest version * api-change:``pinpoint``: Update pinpoint client to latest version * api-change:``sagemaker``: Update sagemaker client to latest version * api-change:``sagemaker-runtime``: Update sagemaker-runtime client to latest version * api-change:``ce``: Update ce client to latest version * api-change:``ssm``: Update ssm client to latest version
from version 1.13.19 * api-change:``cognito-idp``: Update cognito-idp client to latest version * api-change:``elbv2``: Update elbv2 client to latest version * api-change:``workspaces``: Update workspaces client to latest version * api-change:``ssm``: Update ssm client to latest version * api-change:``logs``: Update logs client to latest version * api-change:``guardduty``: Update guardduty client to latest version * api-change:``emr``: Update emr client to latest version * api-change:``ec2``: Update ec2 client to latest version * api-change:``mediaconvert``: Update mediaconvert client to latest version * api-change:``eks``: Update eks client to latest version * api-change:``chime``: Update chime client to latest version
from version 1.13.18 * api-change:``meteringmarketplace``: Update meteringmarketplace client to latest version * api-change:``cognito-idp``: Update cognito-idp client to latest version * api-change:``connect``: Update connect client to latest version * api-change:``ssm``: Update ssm client to latest version * api-change:``personalize``: Update personalize client to latest version

Version update to 1.13.17 (bsc#1129696) * api-change:``sesv2``: Update sesv2 client to latest version * api-change:``dataexchange``: Update dataexchange client to latest version * api-change:``iot``: Update iot client to latest version * api-change:``cloudsearch``: Update cloudsearch client to latest version * api-change:``dlm``: Update dlm client to latest version
from version 1.13.16 * api-change:``transcribe``: Update transcribe client to latest version * api-change:``marketplace-catalog``: Update marketplace-catalog client to latest version * api-change:``dynamodb``: Update dynamodb client to latest version * api-change:``codepipeline``: Update codepipeline client to latest version * api-change:``elbv2``: Update elbv2 client to latest version
from version 1.13.15 * api-change:``ce``: Update ce client to latest version * api-change:``cloudformation``: Update cloudformation client to latest version
from version 1.13.14 * api-change:``cognito-identity``: Update cognito-identity client to latest version * api-change:``ecr``: Update ecr client to latest version
from version 1.13.13 * api-change:``ssm``: Update ssm client to latest version * api-change:``sso``: Update sso client to latest version * api-change:``sso-oidc``: Update sso-oidc client to latest version * api-change:``comprehend``: Update comprehend client to latest version
from version 1.13.12 * api-change:``savingsplans``: Update savingsplans client to latest version
from version 1.13.11 * api-change:``codebuild``: Update codebuild client to latest version * api-change:``budgets``: Update budgets client to latest version * api-change:``efs``: Update efs client to latest version * api-change:``ce``: Update ce client to latest version * api-change:``savingsplans``: Update savingsplans client to latest version * api-change:``signer``: Update signer client to latest version
from version 1.13.10 * api-change:``rds``: Update rds client to latest version * api-change:``codestar-notifications``: Update codestar-notifications client to latest version
from version 1.13.9 * api-change:``dax``: Update dax client to latest version * api-change:``ec2``: Update ec2 client to latest version * api-change:``robomaker``: Update robomaker client to latest version
from version 1.13.8 * api-change:``pinpoint``: Update pinpoint client to latest version * api-change:``cloudtrail``: Update cloudtrail client to latest version * api-change:``dms``: Update dms client to latest version
from version 1.13.7 * api-change:``support``: Update support client to latest version * api-change:``amplify``: Update amplify client to latest version * api-change:``s3``: Update s3 client to latest version
from version 1.13.6 * api-change:``elasticache``: Update elasticache client to latest version
from version 1.13.5 * api-change:``cloud9``: Update cloud9 client to latest version * api-change:``appstream``: Update appstream client to latest version
from version 1.13.4 * api-change:``s3``: Update s3 client to latest version
from version 1.13.3 * api-change:``elasticache``: Update elasticache client to latest version * api-change:``transfer``: Update transfer client to latest version * api-change:``ecr``: Update ecr client to latest version
from version 1.13.2 * api-change:``sagemaker``: Update sagemaker client to latest version * api-change:``gamelift``: Update gamelift client to latest version * enhancement:``sts``: Add support for configuring the use of regional STS endpoints. * api-change:``chime``: Update chime client to latest version * api-change:``appmesh``: Update appmesh client to latest version * api-change:``ec2``: Update ec2 client to latest version
from version 1.13.1 * api-change:``polly``: Update polly client to latest version * api-change:``connect``: Update connect client to latest version
from version 1.13.0 * api-change:``opsworkscm``: Update opsworkscm client to latest version * api-change:``iotevents``: Update iotevents client to latest version * feature:``botocore.vendored.requests``: Removed vendored version of ``requests`` (`#1829 `__)
from version 1.12.253 * api-change:``cloudwatch``: Update cloudwatch client to latest version
from version 1.12.252 * api-change:``batch``: Update batch client to latest version * api-change:``rds``: Update rds client to latest version
from version 1.12.251 * api-change:``kafka``: Update kafka client to latest version * api-change:``marketplacecommerceanalytics``: Update marketplacecommerceanalytics client to latest version * api-change:``robomaker``: Update robomaker client to latest version
from version 1.12.250 * api-change:``kinesis-video-archived-media``: Update kinesis-video-archived-media client to latest version
from version 1.12.249 * api-change:``personalize``: Update personalize client to latest version * api-change:``workspaces``: Update workspaces client to latest version
Refresh patches for new version + hide_py_pckgmgmt.patch

Version update to 1.12.248 * api-change:``greengrass``: Update greengrass client to latest version
from version 1.12.247 * api-change:``ec2``: Update ec2 client to latest version * api-change:``lex-runtime``: Update lex-runtime client to latest version * api-change:``fms``: Update fms client to latest version * api-change:``iotanalytics``: Update iotanalytics client to latest version
from version 1.12.246 * api-change:``kafka``: Update kafka client to latest version * api-change:``elasticache``: Update elasticache client to latest version * api-change:``mediaconvert``: Update mediaconvert client to latest version
from version 1.12.245 * api-change:``organizations``: Update organizations client to latest version * api-change:``events``: Update events client to latest version * api-change:``firehose``: Update firehose client to latest version * api-change:``datasync``: Update datasync client to latest version
from version 1.12.244 * api-change:``snowball``: Update snowball client to latest version * api-change:``directconnect``: Update directconnect client to latest version * api-change:``firehose``: Update firehose client to latest version * api-change:``pinpoint``: Update pinpoint client to latest version * api-change:``glue``: Update glue client to latest version * api-change:``pinpoint-email``: Update pinpoint-email client to latest version
from version 1.12.243 * api-change:``cognito-idp``: Update cognito-idp client to latest version * api-change:``mediapackage``: Update mediapackage client to latest version * api-change:``ssm``: Update ssm client to latest version
from version 1.12.242 * api-change:``es``: Update es client to latest version * api-change:``ec2``: Update ec2 client to latest version * api-change:``application-autoscaling``: Update application-autoscaling client to latest version * api-change:``devicefarm``: Update devicefarm client to latest version
from version 1.12.241 * api-change:``lightsail``: Update lightsail client to latest version
from version 1.12.240 * api-change:``docdb``: Update docdb client to latest version
from version 1.12.239 * api-change:``waf``: Update waf client to latest version * api-change:``rds``: Update rds client to latest version * api-change:``mq``: Update mq client to latest version
from version 1.12.238 * api-change:``amplify``: Update amplify client to latest version * api-change:``ecs``: Update ecs client to latest version
from version 1.12.237 * api-change:``ssm``: Update ssm client to latest version * api-change:``codepipeline``: Update codepipeline client to latest version
from version 1.12.236 * api-change:``globalaccelerator``: Update globalaccelerator client to latest version * api-change:``dms``: Update dms client to latest version * api-change:``sagemaker``: Update sagemaker client to latest version
from version 1.12.235 * api-change:``transcribe``: Update transcribe client to latest version * api-change:``comprehendmedical``: Update comprehendmedical client to latest version * api-change:``datasync``: Update datasync client to latest version
from version 1.12.234 * api-change:``rds-data``: Update rds-data client to latest version * api-change:``redshift``: Update redshift client to latest version
from version 1.12.233 * api-change:``workspaces``: Update workspaces client to latest version * api-change:``ec2``: Update ec2 client to latest version * api-change:``greengrass``: Update greengrass client to latest version * api-change:``rds``: Update rds client to latest version
from version 1.12.232 * api-change:``mediaconnect``: Update mediaconnect client to latest version * api-change:``glue``: Update glue client to latest version * api-change:``ecs``: Update ecs client to latest version
from version 1.12.231 * api-change:``ram``: Update ram client to latest version * api-change:``waf-regional``: Update waf-regional client to latest version * api-change:``apigateway``: Update apigateway client to latest version
from version 1.12.230 * api-change:``iam``: Update iam client to latest version * api-change:``athena``: Update athena client to latest version * api-change:``personalize``: Update personalize client to latest version
from version 1.12.229 * api-change:``eks``: Update eks client to latest version * api-change:``mediaconvert``: Update mediaconvert client to latest version
from version 1.12.228 * api-change:``elbv2``: Update elbv2 client to latest version * api-change:``ec2``: Update ec2 client to latest version * api-change:``workmailmessageflow``: Update workmailmessageflow client to latest version * api-change:``medialive``: Update medialive client to latest version
from version 1.12.227 * api-change:``stepfunctions``: Update stepfunctions client to latest version * api-change:``rds``: Update rds client to latest version * api-change:``ec2``: Update ec2 client to latest version * api-change:``mediaconnect``: Update mediaconnect client to latest version * api-change:``ses``: Update ses client to latest version * api-change:``config``: Update config client to latest version
from version 1.12.226 * api-change:``storagegateway``: Update storagegateway client to latest version
from version 1.12.225 * api-change:``qldb``: Update qldb client to latest version * api-change:``marketplacecommerceanalytics``: Update marketplacecommerceanalytics client to latest version * api-change:``appstream``: Update appstream client to latest version * api-change:``ec2``: Update ec2 client to latest version * api-change:``robomaker``: Update robomaker client to latest version * api-change:``appmesh``: Update appmesh client to latest version * api-change:``qldb-session``: Update qldb-session client to latest version
from version 1.12.224 * api-change:``kinesisanalytics``: Update kinesisanalytics client to latest version
from version 1.12.223 * api-change:``config``: Update config client to latest version
from version 1.12.222 * api-change:``stepfunctions``: Update stepfunctions client to latest version * api-change:``transcribe``: Update transcribe client to latest version * api-change:``eks``: Update eks client to latest version
from version 1.12.221 * api-change:``ecs``: Update ecs client to latest version * api-change:``resourcegroupstaggingapi``: Update resourcegroupstaggingapi client to latest version * api-change:``gamelift``: Update gamelift client to latest version
from version 1.12.220 * api-change:``mq``: Update mq client to latest version * api-change:``apigatewaymanagementapi``: Update apigatewaymanagementapi client to latest version * api-change:``ecs``: Update ecs client to latest version
from version 1.12.219 * api-change:``codepipeline``: Update codepipeline client to latest version * api-change:``application-autoscaling``: Update application-autoscaling client to latest version * api-change:``elasticache``: Update elasticache client to latest version * api-change:``lambda``: Update lambda client to latest version * api-change:``ecs``: Update ecs client to latest version
from version 1.12.218 * api-change:``sqs``: Update sqs client to latest version * api-change:``globalaccelerator``: Update globalaccelerator client to latest version * api-change:``mediaconvert``: Update mediaconvert client to latest version
from version 1.12.217 * api-change:``organizations``: Update organizations client to latest version
from version 1.12.216 * api-change:``ssm``: Update ssm client to latest version * api-change:``securityhub``: Update securityhub client to latest version
from version 1.12.215 * api-change:``ec2``: Update ec2 client to latest version * api-change:``mediapackage-vod``: Update mediapackage-vod client to latest version * api-change:``transcribe``: Update transcribe client to latest version
from version 1.12.214 * api-change:``datasync``: Update datasync client to latest version * api-change:``rds``: Update rds client to latest version

python-s3transfer was updated to 0.3.3:

bugfix:dependency: Updated botocore version range

Update to version 0.3.2

bugfix:s3: Fixes boto/botocore`#1916 `__

from version 0.3.1

enhancement:TransferManager: Expose client and config properties
enhancement:Tags: Add support for Tagging and TaggingDirective

from version 0.3.0

feature:Python: Dropped support for Python 2.6 and 3.3.

python-boto was updated to fix:

Removed the upstream builtin root certificate data for trusted CAs, as SUSE ships them seperately. (bsc#1116204)

Advisory ID	SUSE-RU-2020:1172-1
Released	Mon May 4 18:15:17 2020
Summary	Recommended update for osc
Type	recommended
Severity	moderate
References	1160446,1166537,1168862

Description:

This update for osc fixes the following issues:
Update from version 0.167.2 to 0.168.2 (bsc#1168862)

Use helper method _html_escape to enable python3.8 and python2.* compatibility. (bsc#1166537)
Fix support for python3.8
Spec: temporary disable tests as they explode under python 3.8
Spec: fix destination of fish completion file to /usr/share/fish/vendor_completions.d
MR creation honors orev now (bsc#1160446)
Allow 'osc r --vertical' for projects
Cleanup old functions and remove python2.6 compatibility code
Support zstd arch linux files in local build
Fix deleterequest for repositories
Append --norootforbuild as default to build command
Fix decoding in interactive request mode
Use signdummy for product builds
Print release project when creating MR
Improve SSLError message for TLSv1 validation
osc maintained --version prints the version of each maintained package
Print web url links after creating requests (New general bool option 'print_web_links' must be set in oscrc)
Fix checkout_no_colon on project level
Handle empty release number of rpm packages in build.py
Handle bytes vs. str error when parsing meta
Custom exception if importing m2crypto fails
Fix missing oscerr import in util.helper
Several fixes for keyring handling
Fix arch zst magic in util.packagequery
Ship fish completion file.

Advisory ID	SUSE-SU-2020:1177-1
Released	Tue May 5 09:50:10 2020
Summary	Security update for rpmlint
Type	security
Severity	moderate
References	1129452,1169365

Description:

This update for rpmlint fixes the following issues:

whitelist certmonger (bsc#1169365, bsc#1129452)

Advisory ID	SUSE-SU-2020:1178-1
Released	Tue May 5 10:27:30 2020
Summary	Security update for rubygem-actionview-5_1
Type	security
Severity	moderate
References	1167240,CVE-2020-5267

Description:

This update for rubygem-actionview-5_1 fixes the following issues:

CVE-2020-5267: Fixed an XSS vulnerability in ActionView's JavaScript literal escape helpers (bsc#1167240).

Advisory ID	SUSE-RU-2020:1181-1
Released	Tue May 5 12:02:39 2020
Summary	Recommended update for pciutils-ids
Type	recommended
Severity	moderate
References	1170160

Description:

This update for pciutils-ids fixes the following issues:

Update the PCI utilities database to 20200324. (bsc#1170160)

Advisory ID	SUSE-RU-2020:1183-1
Released	Tue May 5 12:09:56 2020
Summary	Recommended update for geoipupdate
Type	recommended
Severity	moderate
References	1169766

Description:

This update for geoipupdate fixes the following issue:

Fix license, it's actually Apache-2.0 or MIT. (bsc#1169766)

Advisory ID	SUSE-RU-2020:1187-1
Released	Tue May 5 12:51:09 2020
Summary	Recommended update for python-paramiko
Type	recommended
Severity	moderate
References	1169489

Description:

This update for python-paramiko fixes the following issues:

Fixed a problem from the last fix that caused Vorta to fail (bsc#1169489)

Advisory ID	SUSE-RU-2020:1159-1
Released	Tue May 5 16:24:36 2020
Summary	Recommended update for python3-azuremetadata
Type	recommended
Severity	moderate
References	1170598,1170599,1170605,1170606

Description:

This update for python3-azuremetadata fixes the following issues:
python3-azuremetadata was updated to version 5.1.0:

Produce well-formed JSON and XML output when multiple filters are specified (bsc#1170598, bsc#1170599)

regionServiceClientConfigSAPAzure was updated to 1.0.3 and regionServiceClientConfigAzure was updated to 0.0.6:

Report subscriptionId during registration (bsc#1170605, bsc#1170606)

Advisory ID	SUSE-SU-2020:1197-1
Released	Wed May 6 13:52:04 2020
Summary	Security update for slirp4netns
Type	security
Severity	important
References	1170940,CVE-2020-1983

Description:

This update for slirp4netns fixes the following issues:
Security issue fixed:

CVE-2020-1983: Fixed a use-after-free in ip_reass (bsc#1170940).

Advisory ID	SUSE-SU-2020:1199-1
Released	Wed May 6 13:53:40 2020
Summary	Security update for php7
Type	security
Severity	moderate
References	1168326,1168352,CVE-2020-7064,CVE-2020-7066

Description:

This update for php7 fixes the following issues:

CVE-2020-7064: Fixed a one byte read of uninitialized memory in exif_read_data() (bsc#1168326).
CVE-2020-7066: Fixed URL truncation get_headers() if the URL contains zero (\0) character (bsc#1168352).

Advisory ID	SUSE-RU-2020:1201-1
Released	Wed May 6 15:46:46 2020
Summary	Recommended update for cluster-glue
Type	recommended
Severity	moderate
References	1131545,1169784

Description:

This update for cluster-glue fixes the following issues:

Fix for profile parameter handling EC2 stonith plugin to avoid possible cluster resource failures. (bsc#1169784)
Fix for handling in 'stonith' command by creating '/var/run/heartbeat/rsctmp' directory. (bsc#1131545)

Advisory ID	SUSE-RU-2020:1202-1
Released	Wed May 6 15:51:16 2020
Summary	Recommended update for supportutils-plugin-ha-sap
Type	recommended
Severity	moderate
References	1170085

Description:

This update for supportutils-plugin-ha-sap fixes the following issues:

Implement SAP plugin for supportutils. (jsc#ECO-862, bsc#1170085)

Advisory ID	SUSE-SU-2020:1220-1
Released	Thu May 7 17:11:57 2020
Summary	Security update for ghostscript
Type	security
Severity	important
References	1170603,CVE-2020-12268

Description:

This update for ghostscript to version 9.52 fixes the following issues:

CVE-2020-12268: Fixed a heap-based buffer overflow in jbig2_image_compose (bsc#1170603).

Advisory ID	SUSE-RU-2020:1222-1
Released	Fri May 8 08:23:57 2020
Summary	Recommended update for python-azure-agent
Type	recommended
Severity	moderate
References	1167601,1167602

Description:

This update for python-azure-agent fixes the following issues:

Set the hostname using hostnamectl to ensure setting is properly applied (bsc#1167601, bsc#1167602)

Advisory ID	SUSE-RU-2020:1226-1
Released	Fri May 8 10:51:05 2020
Summary	Recommended update for gcc9
Type	recommended
Severity	moderate
References	1149995,1152590,1167898

Description:

This update for gcc9 fixes the following issues:
This update ships the GCC 9.3 release.

Includes a fix for Internal compiler error when building HepMC (bsc#1167898)
Includes fix for binutils version parsing
Add libstdc++6-pp provides and conflicts to avoid file conflicts with same minor version of libstdc++6-pp from gcc10.
Add gcc9 autodetect -g at lto link (bsc#1149995)
Install go tool buildid for bootstrapping go

Advisory ID	SUSE-RU-2020:1230-1
Released	Mon May 11 07:29:21 2020
Summary	Recommended update for md_monitor
Type	recommended
Severity	moderate
References	1081286,1091619,1095141,1096363,1104770,1116560,1123046,1125281,1136542,1139268,1149316,1157098,1157754

Description:

This update for md_monitor fixes the following issues:

Fix for preventing too long I/O after maintenance of a 'Direct Access Storage Device'. (bsc#1116560)
Fix for a potential memory leak can be triggered by database I/O. (bsc#1157754)
Fix for an issue when 'md_monitor' thread remains in system shutdown and blocks 'Direct Access Storage Device' offline action by grabbing the device. (bsc#1125281, bsc#1157098)
Fix for 'ArrayResync' and 'MonitorStatus' by md_monitor not working properly. (bsc#1149316)
Fix 'md_monitor' to use correct blocksize and prevent disk failure. (bsc#1139268)
Add newly (re-)discovered devices to the device list. (bsc#1136542)
Fix for an issue when md_monitor is stopped with process fault during system start and the host has only RAID0 array. (bsc#1123046)
Fix for an issue when 'md_monitor' does not get 'MirrorStatus' and 'MonitorStatus' properly. (bsc#1104770, bsc#1095141)
Fix crash on 'MonitorStatus' calling update request for 'md_monitor'. (bsc#1096363, bsc#1081286)
Ignore NewArray message if does not exists yet (bsc#1091619)

Advisory ID	SUSE-OU-2020:1260-1
Released	Tue May 12 18:00:45 2020
Summary	Optional update for terraform-provider-susepubliccloud
Type	optional
Severity	low
References	1166049

Description:

This update for terraform-provider-susepubliccloud doesn't fix any issues and just adjusts some packaging meta information.

Advisory ID	SUSE-RU-2020:1261-1
Released	Tue May 12 18:40:18 2020
Summary	Recommended update for hwdata
Type	recommended
Severity	moderate
References	1168806

Description:

This update for hwdata fixes the following issues:
Update from version 0.320 to version 0.324 (bsc#1168806)

Updated pci, usb and vendor ids.
Replace pciutils-ids package providing compatibility symbolic link

Advisory ID	SUSE-RU-2020:1263-1
Released	Wed May 13 08:24:14 2020
Summary	Recommended update for hawk2
Type	recommended
Severity	moderate
References	1054027,1068942,1069217,1069296,1071481,1074856,1076421,1080439,1085318,1085343,1085515,1089709,1089802,1090562,1090657,1090667,1092108,1092122,1093420,1098637,1137891,1158681,1162221,1165587

Description:

This update for hawk2 fixes the following issues:
WIP * Implement mechanism to switch binaries in case (bsc#1165587) * Work around the removal of Dir::Tmpname#make_tmpname (bsc#1162221) * Fix cib.xml parsing for acl_version (bsc#1158681) * Fix mime type issue in MS windows (bsc#1098637) * Fix nameless cluster display (bsc#1137891) * High: Set secure flag to enforce https (bsc#1090657) * Medium: Improve hawk-server side cookie handling (bsc#1090667) * Medium: Set Symmetrical to False when score is Serialize (bsc#1085515) * Medium: Make resource stop/start icon dependent on target-role (bsc#1076421) * Api: Add advance resource type(group|clone|master|bundle) in resource route(fate#323437) * Api: return nil if elem is nil(fate#323437) in some case, param in determine_online_status_fencing is nil, this will cause NoMethodError * Medium: Fix acl_version check (bsc#1089802) * High: Fetch correct meta data (bsc#1092122) * Medium: Fix history explorer views (bsc#1093420) * High: Update links to release notes and documentation (bsc#1089709) * High: Return after redirect in reports (bsc#1090562) * Medium: Comply routes' id with resources' ID (bsc#1092108) * Api: Add registration route (fate#323437) * High: Calculate guest node state correctly (bsc#1074856) * Use Promotable etc. (bsc#1085318) (bsc#1085343) * High: Fix remote nodes iteration (bsc#1080439) * High: Support guest nodes (bsc#1074856) * Ensure certificate/key is group readable (bsc#1071481) * Test: Add test suit for (bsc#1069296) * Dev: Fix acl_enabled? (bsc#1069296) * Dev: Dev: Handle redirection correctly after renaming resources (bsc#1068942) * Dev: Handle redirection correctly after renaming constraints (bsc#1068942) * Dev: Dev: split rename action for constraints to edit/update (bsc#1068942) * Dev: Refactor resouces.js (bsc#1068942) * Dev: Change the rename path for resources (#bsc#1068942) * Dev: split rename action to edit/update (bsc#1068942) * Fix node/resource event injection in simulator (bsc#1069217) * Show descriptions in cluster config (bsc#1054027)

Advisory ID	SUSE-RU-2020:1266-1
Released	Wed May 13 10:20:54 2020
Summary	Recommended update for jq
Type	recommended
Severity	moderate
References	1170838

Description:

This update for jq fixes the following issues:
jq was updated to version 1.6:

Destructuring Alternation
many new builtins (see docs)
Add support for ASAN and UBSAN
Make it easier to use jq with shebangs
Add $ENV builtin variable to access environment
Add JQ_COLORS env var for configuring the output colors
change: Calling jq without a program argument now always assumes

'.' for the program, regardless of stdin/stdout

fix: Make sorting stable regardless of qsort.

Make jq depend on libjq1, so upgrading jq upgrades both

Advisory ID	SUSE-RU-2020:1252-1
Released	Wed May 13 13:51:29 2020
Summary	Recommended update for regionServiceClientConfigEC2
Type	recommended
Severity	moderate
References	1171232,1171233

Description:

This update for regionServiceClientConfigEC2 fixes the following issues:

Improved the way how regions are resolved by IP addresses.

Advisory ID	SUSE-RU-2020:1280-1
Released	Thu May 14 14:27:51 2020
Summary	Recommended update for postgresql, postgresql10, postgresql12
Type	recommended
Severity	moderate
References	1138034,1151591,1153168,1163985,1167541,CVE-2019-10164,CVE-2020-1720

Description:

This update for postgresql, postgresql10, postgresql12 fixes the following issues:
Changes in the postgresql wrapper package:

Sync ownership of /run/postgresql in the file list with tmpfiles.
Use the correct content for .bash_profile (bsc#1153168).
Stop shipping SUSEfirewall2 config files (bsc#1151591).
Use /run/postgresql instead of /var/run/postgresql in %ghost and postgresql-tmpfiles.conf to avoid rpmlint warnings and errors.
add /var/run/postgresql to the filelist. as %ghost for systemd systems and directly for non systemd systems

Changes in postgresql10:

packaging changed to no longer build the libraries, these now come from postgresql12.

Changes in postgresql12:
Initial package for the postgresql 12 branch
https://www.postgresql.org/about/news/1976/

Update to 12.2 (CVE-2020-1720) https://www.postgresql.org/about/news/2011/ https://www.postgresql.org/docs/12/release-12-2.html

Avoid the dependency from the devel package to the main package. devel packages are exclusive, thus ecpg does not require update-alternatives.

Remove unused build dependencies from the client libs package: LVM, icu, selinux, systemd.

Update to 12.1

https://www.postgresql.org/docs/12/release-12-1.html https://www.postgresql.org/about/news/1994/

add requires to the server-devel package for the libs that are returned by pg_config --libs

python-psycopg2 was updated to 2.8.4 to allow working with postgresql12.

Advisory ID	SUSE-RU-2020:1286-1
Released	Fri May 15 11:05:14 2020
Summary	Recommended update for cdrtools
Type	recommended
Severity	moderate
References	1169420

Description:

This update for cdrtools fixes the following issues:

Fix for an issue when 'mediacheck' fails if ISO sizes are larger than 4GB. (bsc#1169420)

Advisory ID	SUSE-RU-2020:1288-1
Released	Fri May 15 11:27:01 2020
Summary	Recommended update for regionServiceClientConfigAzure
Type	recommended
Severity	critical
References	1171465

Description:

This update for regionServiceClientConfigAzure fixes the following issues:

Unify region server setup for SLES and SLES4SAP that provides configuring traffic routing through the datacenter. (bsc#1171465)

Advisory ID	SUSE-RU-2020:1291-1
Released	Fri May 15 16:40:53 2020
Summary	Recommended update for shared-python-startup
Type	recommended
Severity	moderate
References	1170411

Description:

This update for shared-python-startup fixes the following issues:
This package contains common python startup files. (bsc#1170411)

Advisory ID	SUSE-SU-2020:1293-1
Released	Mon May 18 07:38:06 2020
Summary	Security update for openexr
Type	security
Severity	moderate
References	1146648,1169549,1169573,1169574,1169575,1169576,1169578,1169580,CVE-2020-11758,CVE-2020-11760,CVE-2020-11761,CVE-2020-11762,CVE-2020-11763,CVE-2020-11764,CVE-2020-11765

Description:

This update for openexr provides the following fix:
Security issues fixed:

CVE-2020-11765: Fixed an off-by-one error in use of the ImfXdr.h read function by DwaCompressor:Classifier:Classifier (bsc#1169575).
CVE-2020-11764: Fixed an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp (bsc#1169574).
CVE-2020-11763: Fixed an out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp (bsc#1169576).
CVE-2020-11762: Fixed an out-of-bounds read and write in DwaCompressor:uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case (bsc#1169549).
CVE-2020-11761: Fixed an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder:refill in ImfFastHuf.cpp (bsc#1169578).
CVE-2020-11760: Fixed an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp (bsc#1169580).
CVE-2020-11758: Fixed an out-of-bounds read in ImfOptimizedPixelReading.h (bsc#1169573).

Non-security issue fixed:

Enable tests when building the package on x86_64. (bsc#1146648)

Advisory ID	SUSE-SU-2020:1294-1
Released	Mon May 18 07:38:36 2020
Summary	Security update for file
Type	security
Severity	moderate
References	1154661,1169512,CVE-2019-18218

Description:

This update for file fixes the following issues:
Security issues fixed:

CVE-2019-18218: Fixed a heap-based buffer overflow in cdf_read_property_info() (bsc#1154661).

Non-security issue fixed:

Fixed broken '--help' output (bsc#1169512).

Advisory ID	SUSE-SU-2020:1297-1
Released	Mon May 18 07:42:18 2020
Summary	Security update for libvpx
Type	security
Severity	moderate
References	1166066,CVE-2020-0034

Description:

This update for libvpx fixes the following issues:

CVE-2020-0034: Fixed an out-of-bounds read on truncated key frames (bsc#1166066).

Advisory ID	SUSE-SU-2020:1298-1
Released	Mon May 18 07:42:49 2020
Summary	Security update for libbsd
Type	security
Severity	moderate
References	1160551,CVE-2019-20367

Description:

This update for libbsd fixes the following issues:

CVE-2019-20367: Fixed an out-of-bounds read during a comparison for a symbol names from the string table (bsc#1160551).

Advisory ID	SUSE-RU-2020:1303-1
Released	Mon May 18 09:40:36 2020
Summary	Recommended update for timezone
Type	recommended
Severity	moderate
References	1169582

Description:

This update for timezone fixes the following issues:

timezone update 2020a. (bsc#1169582) * Morocco springs forward on 2020-05-31, not 2020-05-24. * Canada's Yukon advanced to -07 year-round on 2020-03-08. * America/Nuuk renamed from America/Godthab. * zic now supports expiration dates for leap second lists.

Advisory ID	SUSE-RU-2020:1308-1
Released	Mon May 18 10:05:46 2020
Summary	Recommended update for psmisc
Type	recommended
Severity	moderate
References	1170247

Description:

This update for psmisc fixes the following issues:

Allow not unique mounts as well as not unique mountpoint. (bsc#1170247)

Advisory ID	SUSE-RU-2020:1309-1
Released	Mon May 18 10:08:16 2020
Summary	Recommended update for gnome-themes-standard
Type	recommended
Severity	moderate
References	1170757

Description:

This update for gnome-themes-standard fixes the following issue:

Remove the is_opensuse tag to close the gap between Leap and SLE (bsc#1170757, jsc#SLE-11890).

Advisory ID	SUSE-RU-2020:1310-1
Released	Mon May 18 10:09:22 2020
Summary	Recommended update for icewm, icewm-theme-branding
Type	recommended
Severity	moderate
References	1170420

Description:

This update for icewm, icewm-theme-branding fixes the following issues:
Changes in icewm:

Explicitly require icewm-theme-branding on SLE and Leap. (jsc#SLE-11888, bsc#1170420).
Add Conflicts between icewm-config-upstream and icewm-theme-branding.
Improve build tag consistency between SLE and Leap. (jsc#SLE-11888, bsc#1170420). * Recommend polkit-gnome to both Leap and SLE.

Changes in icewm-theme-branding:

Improve build tag consistency between SLE and Leap. (jsc#SLE-11888, bsc#1170420). * Build the branding package separately for openSUSE and SLE, like most of other branding packages did.

Advisory ID	SUSE-RU-2020:1315-1
Released	Mon May 18 10:38:42 2020
Summary	Recommended update for eiciel
Type	recommended
Severity	moderate
References	1170756

Description:

This update for eiciel fixes the following issue:

Enable translation-update-upstream for both SLE and openSUSE. (bsc#1170756, jsc#SLE-11889)

Advisory ID	SUSE-RU-2020:1319-1
Released	Mon May 18 11:43:44 2020
Summary	Recommended update for tcsh
Type	recommended
Severity	moderate
References	1170527

Description:

This update for tcsh fixes the following issues:

Fix for an issue when Midnight Commander freezes changing directory using tcsh shell. (bsc#1170527)

Advisory ID	SUSE-RU-2020:1321-1
Released	Mon May 18 11:45:10 2020
Summary	Recommended update for regionServiceClientConfigGCE
Type	recommended
Severity	important
References	1171467,1171469

Description:

This update for regionServiceClientConfigGCE fixes the following issues:

Unify region server setup for SLES and SLES4SAP that provides configuring traffic routing through the datacenter. (bsc#1171467, bsc#1171469)

Advisory ID	SUSE-RU-2020:1323-1
Released	Mon May 18 11:49:02 2020
Summary	Recommended update for python3-gcemetadata
Type	recommended
Severity	important
References	1134510

Description:

This update for python3-gcemetadata fixes the following issues:

Fix for the identity data of the instance may not be accessible from the metadata server in Google Cloud client. (bsc#1134510)

Advisory ID	SUSE-RU-2020:1327-1
Released	Mon May 18 17:15:48 2020
Summary	Recommended update for ntfs-3g_ntfsprogs
Type	recommended
Severity	moderate
References	1170609

Description:

This update for ntfs-3g_ntfsprogs fixes the following issue:

the libntfs-3g-devel package is shipped into the Workstation Extension (bsc#1170609)

Advisory ID	SUSE-RU-2020:1328-1
Released	Mon May 18 17:16:04 2020
Summary	Recommended update for grep
Type	recommended
Severity	moderate
References	1155271

Description:

This update for grep fixes the following issues:

Update testsuite expectations, no functional changes (bsc#1155271)

Advisory ID	SUSE-SU-2020:1337-1
Released	Tue May 19 13:20:44 2020
Summary	Security update for openconnect
Type	security
Severity	moderate
References	1170452,CVE-2020-12105

Description:

This update for openconnect fixes the following issues:
Security issue fixed:

CVE-2020-12105: Fixed the improper handling of negative return values from X509_check_ function calls that might have allowed MITM attacks (bsc#1170452).

Advisory ID	SUSE-SU-2020:1353-1
Released	Wed May 20 13:02:32 2020
Summary	Security update for freetype2
Type	security
Severity	moderate
References	1079603,1091109,CVE-2018-6942

Description:

This update for freetype2 to version 2.10.1 fixes the following issues:
Security issue fixed:

CVE-2018-6942: Fixed a NULL pointer dereference within ttinerp.c (bsc#1079603).

Non-security issues fixed:

Update to version 2.10.1 * The bytecode hinting of OpenType variation fonts was flawed, since the data in the `CVAR' table wasn't correctly applied. * Auto-hinter support for Mongolian. * The handling of the default character in PCF fonts as introduced in version 2.10.0 was partially broken, causing premature abortion of charmap iteration for many fonts. * If `FT_Set_Named_Instance' was called with the same arguments twice in a row, the function returned an incorrect error code the second time. * Direct rendering using FT_RASTER_FLAG_DIRECT crashed (bug introduced in version 2.10.0). * Increased precision while computing OpenType font variation instances. * The flattening algorithm of cubic Bezier curves was slightly changed to make it faster. This can cause very subtle rendering changes, which aren't noticeable by the eye, however. * The auto-hinter now disables hinting if there are blue zones defined for a `style' (i.e., a certain combination of a script and its related typographic features) but the font doesn't contain any characters needed to set up at least one blue zone.
Add tarball signatures and freetype2.keyring

Update to version 2.10.0 * A bunch of new functions has been added to access and process COLR/CPAL data of OpenType fonts with color-layered glyphs. * As a GSoC 2018 project, Nikhil Ramakrishnan completely overhauled and modernized the API reference. * The logic for computing the global ascender, descender, and height of OpenType fonts has been slightly adjusted for consistency. * `TT_Set_MM_Blend' could fail if called repeatedly with the same arguments. * The precision of handling deltas in Variation Fonts has been increased.The problem did only show up with multidimensional designspaces. * New function `FT_Library_SetLcdGeometry' to set up the geometry of LCD subpixels. * FreeType now uses the `defaultChar' property of PCF fonts to set the glyph for the undefined character at glyph index 0 (as FreeType already does for all other supported font formats). As a consequence, the order of glyphs of a PCF font if accessed with FreeType can be different now compared to previous versions. This change doesn't affect PCF font access with cmaps. * `FT_Select_Charmap' has been changed to allow parameter value `FT_ENCODING_NONE', which is valid for BDF, PCF, and Windows FNT formats to access built-in cmaps that don't have a predefined `FT_Encoding' value. * A previously reserved field in the `FT_GlyphSlotRec' structure now holds the glyph index. * The usual round of fuzzer bug fixes to better reject malformed fonts. * `FT_Outline_New_Internal' and `FT_Outline_Done_Internal' have been removed.These two functions were public by oversight only and were never documented. * A new function `FT_Error_String' returns descriptions of error codes if configuration macro FT_CONFIG_OPTION_ERROR_STRINGS is defined. * `FT_Set_MM_WeightVector' and `FT_Get_MM_WeightVector' are new functions limited to Adobe MultiMaster fonts to directly set and get the weight vector.

Enable subpixel rendering with infinality config:

Re-enable freetype-config, there is just too many fallouts.

Update to version 2.9.1 * Type 1 fonts containing flex features were not rendered correctly (bug introduced in version 2.9). * CVE-2018-6942: Older FreeType versions can crash with certain malformed variation fonts. * Bug fix: Multiple calls to `FT_Get_MM_Var' returned garbage. * Emboldening of bitmaps didn't work correctly sometimes, showing various artifacts (bug introduced in version 2.8.1). * The auto-hinter script ranges have been updated for Unicode 11. No support for new scripts have been added, however, with the exception of Georgian Mtavruli.
freetype-config is now deprecated by upstream and not enabled by default.

Update to version 2.10.1 * The `ftmulti' demo program now supports multiple hidden axes with the same name tag. * `ftview', `ftstring', and `ftgrid' got a `-k' command line option to emulate a sequence of keystrokes at start-up. * `ftview', `ftstring', and `ftgrid' now support screen dumping to a PNG file. * The bytecode debugger, `ttdebug', now supports variation TrueType fonts; a variation font instance can be selected with the new `-d' command line option.
Add tarball signatures and freetype2.keyring

Update to version 2.10.0 * The `ftdump' demo program has new options `-c' and `-C' to display charmaps in compact and detailed format, respectively. Option `-V' has been removed. * The `ftview', `ftstring', and `ftgrid' demo programs use a new command line option `-d' to specify the program window's width, height, and color depth. * The `ftview' demo program now displays red boxes for zero-width glyphs. * `ftglyph' has limited support to display fonts with color-layered glyphs.This will be improved later on. * `ftgrid' can now display bitmap fonts also. * The `ttdebug' demo program has a new option `-f' to select a member of a TrueType collection (TTC). * Other various improvements to the demo programs.

Remove 'Supplements: fonts-config' to avoid accidentally pulling in Qt dependencies on some non-Qt based desktops.(bsc#1091109) fonts-config is fundamental but ft2demos seldom installs by end users. only fonts-config maintainers/debuggers may use ft2demos along to debug some issues.

Update to version 2.9.1 * No changelog upstream.

Advisory ID	SUSE-RU-2020:1370-1
Released	Thu May 21 19:06:00 2020
Summary	Recommended update for systemd-presets-branding-SLE
Type	recommended
Severity	moderate
References	1171656

Description:

This update for systemd-presets-branding-SLE fixes the following issues:
Cleanup of outdated autostart services (bsc#1171656):

Remove acpid.service. acpid is only available on SLE via openSUSE backports. In openSUSE acpid.service is *not* autostarted. I see no reason why it should be on SLE.
Remove spamassassin.timer. This timer never seems to have existed. Instead spamassassin ships a 'sa-update.timer'. But it is not default-enabled and nobody ever complained about this.
Remove snapd.apparmor.service: This service was proactively added a year ago, but snapd didn't even make it into openSUSE yet. There's no reason to keep this entry unless snapd actually enters SLE which is not foreseeable.

Advisory ID	SUSE-RU-2020:1378-1
Released	Thu May 21 19:08:52 2020
Summary	Recommended update for google-compute-engine
Type	recommended
Severity	moderate
References	1170719,1170720

Description:

This update for google-compute-engine contain the following fix:

Do not add the created user to the adm, docker, or lxd groups if they exist. (bsc#1170719, bsc#1170720)

Advisory ID	SUSE-SU-2020:1381-1
Released	Fri May 22 08:01:14 2020
Summary	Security update for memcached
Type	security
Severity	moderate
References	1133817,1149110,CVE-2019-11596,CVE-2019-15026

Description:

This update for memcached fixes the following issues:
Security issue fixed:

CVE-2019-11596: Fixed a NULL pointer dereference in process_lru_command (bsc#1133817).
CVE-2019-15026: Fixed a stack-based buffer over-read (bsc#1149110).

Advisory ID	SUSE-RU-2020:1388-1
Released	Fri May 22 10:58:17 2020
Summary	Recommended update for lifecycle-data-sle-module-live-patching
Type	recommended
Severity	moderate
References	1020320

Description:

This update for lifecycle-data-sle-module-live-patching fixes the following issues:

Live kernel patching update data for 4_12_14-197_37, 4_12_14-197_40. (bsc#1020320)

Advisory ID	SUSE-RU-2020:1402-1
Released	Mon May 25 14:17:17 2020
Summary	Recommended update for mrsh
Type	recommended
Severity	moderate
References	1144051

Description:

This update for mrsh fixes the following issues:

Use systemd_ordering instead of systemd_requires: systemd is never a strict requirement; but in case the system is scheduled for installation together with systemd, we want systemd to be installed prior to mrsh.

Add pam_keyinit.so to /etc/pam.d/mrsh|mrlogind. (bsc#1144051) To fully support the use of kernel keyrings by systemd the mrsh package must include the pam_keyinit.so module in its mrsh and mrlogin configuration files.

Add README.SUSE: Describe the steps required to set up and run mrshd/mrlogind.

Add missing services in pre/post/preun/postun scripts.

Advisory ID	SUSE-RU-2020:1404-1
Released	Mon May 25 15:32:34 2020
Summary	Recommended update for zlib
Type	recommended
Severity	moderate
References	1138793,1166260

Description:

This update for zlib fixes the following issues:

Including the latest fixes from IBM (bsc#1166260) IBM Z mainframes starting from version z15 provide DFLTCC instruction, which implements deflate algorithm in hardware with estimated compression and decompression performance orders of magnitude faster than the current zlib and ratio comparable with that of level 1.
Add SUSE specific fix to solve bsc#1138793. The fix will avoid to test if the app was linked with exactly same version of zlib like the one that is present on the runtime.

Advisory ID	SUSE-RU-2020:1407-1
Released	Mon May 25 15:55:08 2020
Summary	Recommended update for amazon-ssm-agent
Type	recommended
Severity	moderate
References	1085670,1108265,1170935

Description:

This update for amazon-ssm-agent fixes the following issues:

Update to 2.3.978.0 (2020-04-08) (bsc#1170935) + Stop pty on receiving TerminateSession request + Add support for Debian arm64 architecture + Refactoring session log generation logic
Update to 2.3.930.0 (2020-03-17) + Bug fix for CloudWatch agent version showing twice in Inventory console + Bug fix for retrieving minor version for CentOS7 + Add snap appData collection for inventory in ubuntu 18 + Add validation for contents of os release files + Add retry for fingerprint generation
Update to 2.3.871.0 (2020-02-20) + Various bug fix for SSM Agent
Update to 2.3.842.0 (2020-01-29) + Bug fix for updating document state file prior agent reboot + Add support to restart agent after SIGPIPE exit status
Update to 2.3.814.0 (2020-01-16) + Bug fix for metadata service V2 + Update Golang version 1.12 for travis + Optimize session manager retry logic
Update to 2.3.786.0 (2019-12-19) + Add support for Oracle Linux v7.5 and v7.7 + Bug fix for Inventory data provider to support special characters + Bug fix for SSM MDS service name
Update to 2.3.772.0 (2019-12-13) + Upgrade AWS SDK + Add logging for fingerprint generation
Update to 2.3.760.0 (2019-11-15) + Session manager supports handling of Task metadata
Update to 2.3.758.0 (2019-11-11) + Add support to update SSM Distributor packages in place
Update to 2.3.756.0 (2019-11-05) + Terminate port forwarding session on receiving TerminateSession flag + Bug fix to reload SSM client if region has not been initialize correctly + Bug fix for retrieval of user groups on Linux
Update to 2.3.722.0 (2019-10-11) + Bug fix for the delay when registering non-EC2 on-prem instances + Bug fix for missing ACL when uploading logs to S3 buckets + Upgrade GoLang version from 1.9 to 1.12
Update to 2.3.714.0 (2019-09-26) + For port forwarding session, close server connection when client drops it's connection + Bug fix for missing condition of rules from inventory registry + Update service domain information fetch logic from EC2 Metadata
Update to 2.3.707.0 (2019-09-11) + Bug fix for characters dropping from session manager shell output + Bug fix for session manager freezing caused by non utf8 character + Switch the request protocol order for getting S3 Header + Keep port forwarding session open until session is terminated
Update to 2.3.701.0 (2019-08-21) + Send platform type information in controlChannel input
Update to 2.3.687.0 (2019-08-05) + Bug fix for runPowershellScript plugin on linux platform + Add support for document 2.x version to ssm-cli
Update to 2.3.680.0 (2019-07-24) + Added a new Inventory gatherer AWS:BillingInfo which will gather the billing product ids for LicenseIncluded and Marketplace instance
Update to 2.3.672.0 (2019-07-09) + Add Port plugin for SSH/SCP + Add support for Session Manager RunAs functionality on Linux platform
Update to 2.3.668.0 (2019-07-01) + Add Session Manager InteractiveCommands plugin + Bug fix for log formatting issue for session manager
Update to 2.3.662.0 (2019-06-19) + Bug fix for Session Manager when handling line endings on Windows platform + Bug fix for token validation for aws:downloadContent plugin + Check if log group exists before uploading Session Manager logs to CloudWatch + Bug fix for broken S3 urls when using custom documents
Update to 2.3.634.0 (2019-05-28) + Disable appconfig to load credential from specific profile path, add EC2 credentials as the default fallback + Remove sudoers file creation logic if ssm-user already exists + Enable supplementary groups for ssm-user on Linux
Update to 2.3.612.0 (2019-05-08) + Bug fix for UTF-8 encoded issue caused by locale activation on Ubuntu 16.04 instance + Refactor ssm-user creation logic + Bug fix for reporting IP address with wrong network interface + Update configure package document arn pattern
Update to 2.3.542.0 (2019-04-18) + Bug fix for on-premises instance registration in CN region
Update to 2.3.539.0 (2019-04-04) + Add support for further encryption of session data using AWS KMS + Bug fix for excessive instance-id fetching by document workers
Update to 2.3.479.0 (2019-03-06) + Bug fix for downloading content failure caused by wrong S3 endpoint + Bug fix for reboot failure caused by session manager panic + Bug fix for session manager shell output dropping character + Bug fix for mgs endpoint configuration consistency
Update to 2.3.444.0 (2019-02-10) + Updates to UpdateInstanceInformation call, Windows initialization
Update to 2.3.415.0 (2019-01-25) + Bug fix addressing issues in Distributor package upgrade
Update to 2.3.372.0 (2019-01-08) + Bug fix to allow installation of Distributor packages that do not have a version name. + Bug fix for agent crash with message 'WaitGroup is reused before previous Wait has returned'.
Update to 2.3.344.0 (2018-12-14) + Add frequent collector to detect changed inventory types and upload it to SSM service between two scheduled collections. + Change AWS Systems Manager Distributor to reduce calls to GetDocument by calling DescribeDocument. + Add exit code when ssm-cli execution fails. + Create ssm-user only after the control channel has been successfully created.
Update to 2.3.274.0 (2018-11-26) + Enabled AWS Systems Manager Distributor that lets you securely distribute and install software packages. + Add support for the arm64 architecture on Amazon Linux 2, Ubuntu 16.04/18.04, and RHEL 7.6 to support EC2 A1 instances.
Update to 2.3.235.0 (2018-10-23) + Bug fix for session manager logging on Windows + Bug fix for ConfigureCloudWatch plugin + Bug fix for update SSM agent occasionally failing due to SSM agent service stuck in starting state
Update to 2.3.193.0 (2018-10-23) + Bug fix for past sessions occasionally stuck in terminating state + Darwin masquerades as Linux to bypass OS validation on the backend until official support can be added
Update to 2.3.169.0 (2018-10-23) + Update managed instance role token more frequently
Update to 2.3.136.0 (2018-10-09) + Bug fix for issue that GatherInventory throw out error when there is no Windows Update in instance + Add more filters when getting the Windows event logs at startup to improve performance + Add random jitter before call PutInventory in inventory datauploader
Update to 2.3.117.0 (2018-10-02) + Bug fix for issues during process termination on instances where IAM policy does not grant ssmmessages permissions.
Update to 2.3.101.0 (2018-10-02) + Bug fix to prevent defunct processes when creating the local user ssm-user. + Bug fix for sudoersFile permission to avoid 'sudo' command warnings in Session Manager. + Disable hibernation on Windows platform if Cloudwatch configuration is present.
Update to 2.3.68.0 (2018-09-17) + Enables the Session Manager capability that lets you manage your Amazon EC2 instance through an interactive one-click browser-based shell or through the AWS CLI. + Beginning this agent version, SSM Agent will create a local user 'ssm-user' and either add it to /etc/sudoers (Linux) or to the Administrators group (Windows) every time the agent starts. The ssm-user is the default OS user when a Session Manager session is started, and the password for this user is reset on every session. You can change the permissions by moving the ssm-user to a less-privileged group or by changing the sudoers file. The ssm-user is not removed from the system when SSM Agent is uninstalled.
Add patch to remove unused import + remove-unused-import.patch
Build-Depend on pkgconfig(systemd) instead of systemd + Allows OBS to depend on the -mini flavors
Refresh patches for new version + fix-version.patch

Update to 2.3.50.0 2018-09-12 (bsc#1108265) + Enables the Session Manager capability that lets you manage your Amazon EC2 instance through an interactive one-click browser-based shell or through the AWS CLI. + Beginning this agent version, SSM Agent will create a local user 'ssm-user' and either add it to /etc/sudoers (Linux) or to the Administrators group (Windows) every time the agent starts. The ssm-user is the default OS user when a Session Manager session is started, and the password for this user is reset on every session. You can change the permissions by moving the ssm-user to a less-privileged group or by changing the sudoers file. The ssm-user is not removed from the system when SSM Agent is uninstalled.
Update to 2.3.13.0 2018-08-16 + Bug fix for the SSM Agent service remaining in 'Starting' state on Windows when unable to authenticate to the Systems Manager service.
Update to 2.2.916.0 2018-08-02 + NOTE: This build should not be installed for Windows since the SSM Agent service may remain in starting status if unable to authenticate to the Systems Manager service, which is fixed in the latest release. + Bug fix for missing cloudwatch.exe seen in SSM Agent version 2.2.902.0
Update to 2.2.902.0 2018-07-31 + NOTE: This build should not be installed for Windows since you might see the error - 'Encountered error while starting the plugin: Unable to locate cloudwatch.exe' for Cloudwatch plugin. This bug has been fixed in SSM Agent version 2.2.916.0. Also SSM Agent service may remain in starting status if unable to authenticate to the Systems Manager service, which is fixed in the latest release. + Initial support for developer builds on macOS + Retry sending Run Command execution results for up to 2 hours + More detailed error messages are returned for inventory plugin failures during State Manager association executions
Update to 2.2.800.0 2018-06-26 + Bug fix to clean the orchestration directory + Streaming AWS Systems Manager Run Command output to CloudWatch Logs + Reducing number of retries for serial port opening + Add retry logic to installation verification
Update to 2.2.619.0 2018-05-29 + Various bug fixes
Update to 2.2.607.0 2018-05-23 + Various bug fixes
Update to 2.2.546.0 2018-05-07 + Bug fix to retry sending document results if they couldn't reach the service
Update to 2.2.493.0 2018-04-25 + NOTE: Downgrade to this version using AWS-UpdateSSMAgent is not permitted for agent installed using snap + Added support for Ubuntu Snap packaging + Bug fix so that aws:downloadContent does not change permissions of directories + Bug fix to Cloudwatch plugin where StartType has duplicated Enabled value
Update to 2.2.392.0 2018-03-27 + Added support for agent hibernation so that Agent backs off or enters hibernation mode if it does not have access to the service + Various bug fixes
Update to 2.2.355.0 2018-03-16 + Fix S3Download to download from cross regions. + Various bug fixes
Refresh patches for new version + fix-config.patch + fix-version.patch

Update to 2.2.325.0 2018-03-07 (bsc#1085670) + Bug fix to change sourceHashType to be default sha256 on psmodule.
Update to 2.2.257.0 2018-02-23 + Bug fix to address an issue that can prevent the agent from processing associations after a restart.
Update to 2.2.160.0 2018-01-15 + Execute 'pwsh' on linux when using runPowershellScript plugin.
Update to 2.2.93.0 2017-11-14 + Update to latest AWS SDK.
Update to 2.2.58.0 2017-10-23 + Switching to use Birdwatcher distribution service for AWS packages.

Advisory ID	SUSE-RU-2020:1413-1
Released	Tue May 26 09:45:41 2020
Summary	Recommended update for vncmanager
Type	recommended
Severity	moderate
References	1169732,1171344

Description:

This update for vncmanager fixes the following issues:

Fix tight compression decoder on big-endian systems. (bsc#1171344)
Fix tight decoder with 888 pixel encodings. (bsc#1169732)
Fix PixelFormat::ntoh() and PixelFormat::hton(). (bsc#1169732)

Advisory ID	SUSE-RU-2020:1415-1
Released	Tue May 26 11:17:05 2020
Summary	Recommended update for gdb
Type	recommended
Severity	moderate
References	1168394,1169368,1169495

Description:

This update for gdb fixes the following issues:

Fix .debug_types problems. (bsc#1168394) This will solve a range loop index in find_method and will fix toplevel types when a program is compiled with -fdebug-types-section
Fix python 3.8 warning. (bsc#1169495) Fix incorrect use of 'is' operator for comparison in python/lib/gdb/command/prompt.py The 'is' operator is not meant to be used for comparisons
Fix build with gcc 10 improving endianess detection. (bsc#1169368)
Fix hang after SIGKILL

Advisory ID	SUSE-SU-2020:1419-1
Released	Tue May 26 12:23:30 2020
Summary	Security update for sysstat
Type	security
Severity	low
References	1159104,CVE-2019-19725

Description:

This update for sysstat fixes the following issues:

CVE-2019-19725: Fixed double free in check_file_actlst in sa_common.c (bsc#1159104).

Advisory ID	SUSE-SU-2020:1420-1
Released	Tue May 26 12:23:54 2020
Summary	Security update for jasper
Type	security
Severity	low
References	1092115,CVE-2018-9154

Description:

This update for jasper fixes the following issues:

CVE-2018-9154: Fixed a potential denial of service in jpc_dec_process_sot() (bsc#1092115).

Advisory ID	SUSE-SU-2020:1423-1
Released	Tue May 26 14:33:06 2020
Summary	Security update for mariadb-connector-c
Type	security
Severity	important
References	1171550,CVE-2020-13249

Description:

This update for mariadb-connector-c fixes the following issues:
Security issue fixed:

CVE-2020-13249: Fixed an improper validation of OK packets received from clients (bsc#1171550).

Non-security issues fixed:

Update to release 3.1.8 (bsc#1171550) * CONC-304: Rename the static library to libmariadb.a and other libmariadb files in a consistent manner * CONC-441: Default user name for C/C is wrong if login user is different from effective user * CONC-449: Check $MARIADB_HOME/my.cnf in addition to $MYSQL_HOME/my.cnf * CONC-457: mysql_list_processes crashes in unpack_fields * CONC-458: mysql_get_timeout_value crashes when used improper * CONC-464: Fix static build for auth_gssapi_client plugin

Advisory ID	SUSE-RU-2020:1426-1
Released	Tue May 26 14:54:32 2020
Summary	Recommended update for python-boto
Type	recommended
Severity	moderate
References	1171769

Description:

This update for python-boto fixes the following issues:

Update in SLE-15: (bsc#1171769)
Fix build under python3.8 by skipping more tests that break with previous release.
Skip the tests for the flavors not being built
Remove old comment
Fix breakages caused by removing boto.cacerts module which is imported elsewhere in the package. The file boto/cacerts/cacerts.txt is removed instead, and boto-no-builtin-certs.patch is trimmed.
Activate the test suite, adding many build dependencies with versions. 11 failing Cloudfront signings tests are skipped only on Python 3.
Add versions to runtime dependencies.
python-rsa is added as a Recommends as it is needed for Cloudfront.
python-requests is added as a Recommends as it is needed for Cloudsearch.
python-requests is added as a Suggests as it is used for contrib ymlmessage.

Advisory ID	SUSE-RU-2020:1427-1
Released	Tue May 26 14:55:16 2020
Summary	Recommended update for docker-runc
Type	recommended
Severity	moderate
References	1168481

Description:

This update for docker-runc contains the following fixes:

Backport upstream fix that enable access to /dev/null in containers. Resolves many issues with the implementation of the runc devices cgroup code. Removes some of the disruptive aspects of 'runc update'. (bsc#1168481)

Advisory ID	SUSE-RU-2020:1487-1
Released	Wed May 27 15:24:08 2020
Summary	Recommended update for cloud-regionsrv-client
Type	recommended
Severity	important
References	1171704,1171705

Description:

This update for cloud-regionsrv-client contains the following fixes:

Improve error message for failed update server access to determine product status.

Update to version 9.0.10. (bsc#1171704, bsc#1171705) + While the service starts After=network-online.target this is no guarantee that the cloud framework has configured the outgoing routing for the instance. This configuration on the framework side may take longer. Introduce a wait look that retries connections to the update infrastructure 3 times before giving up.

Advisory ID	SUSE-SU-2020:1493-1
Released	Wed May 27 18:55:51 2020
Summary	Security update for libmspack
Type	security
Severity	low
References	1130489,1141680,CVE-2019-1010305

Description:

This update for libmspack fixes the following issues:
Security issue fixed:

CVE-2019-1010305: Fixed a buffer overflow triggered by a crafted chm file which could have led to information disclosure (bsc#1141680).

Other issue addressed:

Enable build-time tests (bsc#1130489)

Advisory ID	SUSE-RU-2020:1494-1
Released	Wed May 27 20:29:48 2020
Summary	Recommended update for python-psycopg2
Type	recommended
Severity	moderate
References	1171213

Description:

This update for python-psycopg2 fixes the following issues:

Sort out the syntax of the dependencies to fix possible build failures. (bsc#1171213)

Advisory ID	SUSE-RU-2020:1506-1
Released	Fri May 29 17:22:11 2020
Summary	Recommended update for aaa_base
Type	recommended
Severity	moderate
References	1087982,1170527

Description:

This update for aaa_base fixes the following issues:

Not all XTerm based emulators do have a terminfo entry. (bsc#1087982)
Better support of Midnight Commander. (bsc#1170527)

Advisory ID	SUSE-RU-2020:1507-1
Released	Fri May 29 17:23:52 2020
Summary	Recommended update for publicsuffix
Type	recommended
Severity	moderate
References	1171819

Description:

This update for publicsuffix fixes the following issues:

Update from version 20180312 to version 20200506. (bsc#1171819).

New in version 20200506: * gTLD autopull: 2020-05-06 (#1030) * Update public_suffix_list.dat (#993) * Add shopware.store domain (#958) * Add clic2000.net to Private Section (#1010) * Add Fabrica apps domain: onfabrica.com (#999) * Add dyndns.dappnode.io (#912) * Added curv.dev to public_suffix_list.dat (#968) * Add panel.gg and daemon.panel.gg (#978) * adding sth.ac.at (#997) * Add netlify.app (#1012) * Added Wiki Link as info resource (#1011) * Add schulserver.de, update IServ GmbH contact information (#996) * Add conn.uk, copro.uk, couk.me and ukco.me domains (#963) * Remove flynnhub.com (#971) * Added graphox.us domain (#960) * Add domains for FASTVPS EESTI OU (#941) * Add platter.dev user app domains (#935) * Add playstation-cloud.com (#1006) * gTLD autopull: 2020-04-02 (#1005) * ACI prefix (#930) * Update public_suffix_list.dat (#923) * Add toolforge.org and wmcloud.org (#970) * gTLD autopull: 2020-03-29 (#1003)

New in version 20200326: * aero registry removal * Add Mineduc subregistry for public schools: aprendemas.cl * Update public_suffix_list.dat - Existing Section * gTLD autopull: 2020-03-15 * Add 'urown.cloud' and 'dnsupdate.info' * Remove site.builder.nu * Remove unnecessary trailing whitespace for name.fj * Update .eu IDNs to add Greek and URL for Cyrillic * Update fj entry

New in version 20200201: * gTLD autopull: 2020-02-01 (#952) * gTLD autopull: 2020-01-31 (#951) * Add WoltLab Cloud domains (#947) * Add qbuser.com domain (#943) * Added senseering domain (#946) * Add u.channelsdvr.net to PSL (#950) * Add discourse.team (#949) * gTLD autopull: 2020-01-06 (#942) * gTLD autopull: 2019-12-25 (#939) * Urgent removal of eq.edu.au (#924) * gTLD autopull: 2019-12-20 (#938) * gTLD autopull: 2019-12-11 (#932) * Added adobeaemcloud domains (#931) * Add Observable domain: observableusercontent.com. (#914) * Correct v.ua sorting * add v.ua (#919) * Add en-root.fr domain (#910) * add Datawire private domain (#925) * Add amsw.nl private domain to PSL (#929) * Add *.on-k3s.io (#922) * Add *.r.appspot.com to public suffix list (#920) * Added gentapps.com (#916) * Add oya.to (#908) * Add Group 53, LLC Domains (#900) * Add perspecta.cloud (#898) * Add 0e.vc to PSL (#896) * Add skygearapp.com (#892) * Update Hostbip Section (#871) * Add qcx.io and *.sys.qcx.io (#868) * Add builtwithdark.com to the public suffix list (#857) * Add_customer-oci.com (#811) * Move out old .ru reserved domains * gTLD autopull: 2019-12-02 (#928) * gTLD autopull: 2019-11-20 (#926)

New in version 20191115: * Add gov.scot for Scottish Government * update gTLD list to 2019-11-15 state * remove go-vip.co, go-vip.net, wpcomstaging.com

New in version 20191025: * gTLD list updated to 2019-10-24 state * Update .so suffix list * Add the new TLD .ss * Add xn--mgbah1a3hjkrd (موريتانيا) * Add lolipop.io * Add altervista.org * Remove zone.id from list * Add new domain to Synology dynamic dns service

New in version 20190808: * tools: update newgtlds.go to filter removed gTLDs (#860) * gTLD autopull: 2019-08-08 (#862) * Remove non-public nuernberg.museum nuremberg.museum domains (#859) * gTLD autopull: 2019-08-02 (#858) * Update public_suffix_list.dat (#825) * Update reference as per #855 * add nic.za * Update contact for SymfonyCloud (#854) * Add lelux.site (#849) * Add *.webhare.dev (#847) * Update Hostbip Section (#846) * Add Yandex Cloud domains (#850) * Add ASEINet domains (#844) * Update nymnom section (#771) * Add Handshake zones (#796) * Add iserv.dev for IServ GmbH (#826) * Add trycloudflare.com to Cloudflare's domains (#835) * Add shopitsite.com (#838) * Add pubtls.org (#839) * Add qualifio.com domains (#840) * Update newgtlds tooling & associated gTLD data. (#834) * Add web.app for Google (#830) * Add iobb.net (#828) * Add cloudera.site (#829)

New in version 20190529: * Add Balena domains (#814) * Add KingHost domains (#827) * Add dyn53.io (#820) * Add azimuth.network and arvo.network (#812) * Update .rw domains per ccTLD (#821) * Add b-data.io (#759) * Add co.bn (#789) * Add Zitcom domains (#817) * Add Carrd suffixes (#816) * Add Linode Suffixes (#810) * Add lab.ms (#807) * Add wafflecell.com (#805) * Add häkkinen.fi (#804) * Add prvcy.page (#803) * Add SRCF user domains: soc.srcf.net, user.srcf.net (#802) * Add KaasHosting (#801) * Adding cloud66.zone (#797) * Add gehirn.ne.jp and usercontent.jp for Gehirn Inc. (#795) * Add Clerk user domains (#791) * Add loginline (.app, .dev, .io, .services, .site) (#790) * Add wnext.app (#785) * Add Hostbip Registry Domains (#770) * Add glitch.me (#769) * added thingdustdata.com (#767) * Add dweb.link (#766) * Add onred.one (#764) * Add mo-siemens.io (#762) * Add Render domains (#761) * Add *.moonscale.io (#757) * Add Stackhero domain (#755) * Add voorloper.cloud (#750) * Add repl.co and repl.run (#748) * Add edugit.org (#736) * Add Hakaran domains (#733) * Add barsy.ca (#732) * Add Names.of.London Domains (#543) * Add nctu.me (#746) * Br 201904 update (#809) * Delete DOHA * Add app.banzaicloud.io (#730) * Update .TR (#741) * Add Nabu Casa (#781) * Added uk0.bigv.io under Bytemark Hosting (#745) * Add GOV.UK PaaS client domains (#765) * Add discourse.group for Civilized Discourse Construction Kit, Inc. (#768) * Add on-rancher.cloud and on-rio.io (#779) * Syncloud dynamic dns service (#727) * Add git-pages.rit.edu (#690) * Add workers.dev (#772) * Update .AM (#756) * Add go-vip.net. (#793) * Add site.builder.nu (#723) * Update .FR sectorial domains (#527) * Remove ACTIVE * Remove SPIEGEL * Remove EPOST * Remove ZIPPO * Remove BLANCO

New in version 20190205: * Add domains of Individual Network Berlin e.V. (#711) * Added bss.design to PSL (#685) * Add fastly-terrarium.com (#729) * Add Swisscom Application Cloud domains (#698) * Update public_suffix_list.dat with api.stdlib.com (#751) * Add regional domain for filegear.me (#713) * Remove bv.nl (#758) * Update public_suffix_list.dat

Link public_suffix_list.dat to effective_tld_names.dat for the purpose of httpcomponents-client

Do not pull in full python3, psl-make-dafsa already pulls in what it needs to generate the things

New in version 20181227: * Add run.app and a.run.app to the psl (#681) * Add telebit.io .app .xyz (#726) * Add Leadpages domains (#731) * Add public suffix entries for dapps.earth (#708) * Add Bytemark Hosting domains (#620) * Remove .STATOIL * linter: Expect rules to be in NFKC (#725) * Convert list data from NFKD to NFKC (#720) * Update LS (#718)

New in version 20181030: * Add readthedocs.io (#722) * Remove trailing whitespace from L11948 (#721) * Add krasnik.pl, leczna.pl, lubartow.pl, lublin.pl, poniatowa.pl and swidnik.pl domains to the Public Suffix List (#670) * Add instantcloud.cn by Redstar Consultants (#696) * Add Fermax and mydobiss.com domain (#706) * Add shop.th & online.th (#716) * Add siteleaf.net (#655) * Add wpcomstaging.com and go-vip.co to the PSL (#719)

Update to version 20181003: * Remove deleted TLDs (#710) * Added apigee.io (#712) * Add AWS ElasticBeanstalk Ningxia, CN region (#597) * Add Github PULL REQUEST TEMPLATE (#699) * Add ong.br 2nd level domain (#707)

Update to version 20180813: * Update .ID list (#703) * Updated .bn ccTLD. Removed wildcard. (#702) * Remove stackspace.space from PSL (#691) * Remove XPERIA (#697)

Update to version 20180719: * Remove .IWC * Update Kuwait's ccTLD (.kw) * Use https for www.transip.nl * Remove MEO and SAPO

New in version 20180523: * Remove 1password domains (#632) * Add cleverapps.io (Clever Cloud) (#634) * Remove .BOOTS * Add azurecontainer.io to Microsoft domains (#637) * Change the patchnewgtlds tool for the updated .zw domain * Add new gTLDs up to 2018-04-17 and new ccTLDs up to 2018-04-17 * cloud.muni.cz cloud subdomains (#622) * Add YunoHost DynDns domains: nohost.me & noho.st (#615) * Use a custom token for the newGTLD list (#645) * lug.org.uk (#514) * Adding xnbay.com,u2.xnbay.com,u2-local.xnbay.com to public_suffix_list.dat. (#506) * Adding customer.speedpartner.de (#585) * Adding ravendb.net subdomains (#535) * Adding own.pm (#544) * pcloud.host (#531) * Add additional Lukanet Ltd domains (#652) * Add zone.id (#575) * Add half.host (#571) * Update 香港 TLD (#568) * Add Now-DNS domains (#560) * Added blackbaudcdn.net private domain to PSL (#558) * Adding IServ GmbH domains (#552) * Add FASTVPS EESTI OU domains (#541) * nic.it - update regions and provinces (#524) * Update Futureweb OG Private Domains (#520) * add United Gameserver virtualuser domains (#600) * Add Lightmaker Property Manager, Inc domains (#604) * Update Uberspace domains (#616) * Add Datto, Inc domains * Add memset hosting domains (#625) * Add utwente.io (#626) * Add bci.dnstrace.pro (#630) * Add May First domains (#635) * Add Linki Tools domains (#636) * Update NymNom domains * Add Co & Co domains (#650) * Add new gTLDs up to 2018-05-08 (#653) * Correct linter issues (#654) * Add cnpy.gdn as private domain (#633) * Add freedesktop.org (#619) * Add Omnibond Systems (#656) * Add hasura.app to the list (#668) * Update gu ccTLD suffixes (#669)

New in version 20180328: * Add gwiddle.co.uk (#521) * Add ox.rs (#522) * Add myjino.ru (#512) * Add ras.ru domains (#511) * Add AWS ElasticBeanstalk Osaka, JP region (#628) * Remove trailing whitespace (#621)

Advisory ID	SUSE-RU-2020:1508-1
Released	Fri May 29 17:32:31 2020
Summary	Recommended update for apache2-mod_jk
Type	recommended
Severity	moderate
References	1167896

Description:

This update for apache2-mod_jk fixes the following issues:

Update jk.conf. (bsc#1167896) * Specify the location of JkShmFile. * Update tomcat-webapps paths.
Fix Aliases to be compatible with the tomcat example URLs. (bsc#1167896)

Advisory ID	SUSE-SU-2020:1511-1
Released	Fri May 29 18:03:39 2020
Summary	Security update for java-11-openjdk
Type	security
Severity	important
References	1167462,1169511,CVE-2020-2754,CVE-2020-2755,CVE-2020-2756,CVE-2020-2757,CVE-2020-2767,CVE-2020-2773,CVE-2020-2778,CVE-2020-2781,CVE-2020-2800,CVE-2020-2803,CVE-2020-2805,CVE-2020-2816,CVE-2020-2830

Description:

This update for java-11-openjdk fixes the following issues:
Java was updated to jdk-11.0.7+10 (April 2020 CPU, bsc#1169511).
Security issues fixed:

CVE-2020-2754: Fixed an incorrect handling of regular expressions that could have resulted in denial of service (bsc#1169511).
CVE-2020-2755: Fixed an incorrect handling of regular expressions that could have resulted in denial of service (bsc#1169511).
CVE-2020-2756: Fixed an incorrect handling of regular expressions that could have resulted in denial of service (bsc#1169511).
CVE-2020-2757: Fixed an object deserialization issue that could have resulted in denial of service via crafted serialized input (bsc#1169511).
CVE-2020-2767: Fixed an incorrect handling of certificate messages during TLS handshakes (bsc#1169511).
CVE-2020-2773: Fixed the incorrect handling of exceptions thrown by unmarshalKeyInfo() and unmarshalXMLSignature() (bsc#1169511).
CVE-2020-2778: Fixed the incorrect handling of SSLParameters in setAlgorithmConstraints(), which could have been abused to override the defined systems security policy and lead to the use of weak crypto algorithms (bsc#1169511).
CVE-2020-2781: Fixed the incorrect re-use of single null TLS sessions (bsc#1169511).
CVE-2020-2800: Fixed an HTTP header injection issue caused by mishandling of CR/LF in header values (bsc#1169511).
CVE-2020-2803: Fixed a boundary check and type check issue that could have led to a sandbox bypass (bsc#1169511).
CVE-2020-2805: Fixed a boundary check and type check issue that could have led to a sandbox bypass (bsc#1169511).
CVE-2020-2816: Fixed an incorrect handling of application data packets during TLS handshakes (bsc#1169511).
CVE-2020-2830: Fixed an incorrect handling of regular expressions that could have resulted in denial of service (bsc#1169511).

Advisory ID	SUSE-RU-2020:1512-1
Released	Fri May 29 18:11:37 2020
Summary	Recommended update for unrar_wrapper
Type	recommended
Severity	important
References	1170792

Description:

This update for unrar_wrapper fixes the following issues:

Add missing requirement 'python3-setuptools'. (bsc#1170792)

Advisory ID	SUSE-RU-2020:1520-1
Released	Tue Jun 2 19:53:03 2020
Summary	Recommended update for psqlODBC
Type	recommended
Severity	moderate
References	1166821

Description:

This update for psqlODBC provides the following fixes:

Update to 12.01.0000: * Fix the bug that causes 'Error : A parameter cannot be found that matches parameter name'. + Enclose the command part * Find_VSDir $vc_ver * with parentheses so that the subsequent * -ne '' * isn't considered to be a parameter. * Cope with the removal of pg_class.relhasoids in PG12 correctly when retrieving updatable cursors.
Changes in 12.00.0000: * Fix the bug that SQLGetDescField() for Field SQL_DESC_COUNT returns SQLINTEGER value which should be of type SQLSMALLINT. * SQLGetTypeInfo() filters SQL_TYPE_DATE, SQL_TYPE_TIME and SQL_TYPE_TIMESTAMP for ODBC 2.x applications. * Added support for scalar functions TIMESTAMPADD(), TIMESTAMPDIFF() and EXTRACT(). * The macro IS_NOT_SPACE() is used for not pointers but integers. * Fix a crash bug when SQLProcedureColumns() handles satisfies_hash_partition(). The proargmodes column of satisfies_hash_partition()'s pg_proc entry is not null but the proallargtypes column is null.

Changes in 11.01.0000: * Correct the rgbInfoValue returned by SQLGetInfo(SQL_TIMEDATE_FUNCTIONS, ..). * Because the field 'relhasoids' was dropped in PG12, psqlodbc drivers would have some problems with PG12 servers. * Register drivers {PostgreSQL ANSI} and {PostgreSQL Unicode} during installation on 64bit Windows so that users could use the same connection strings in both x86 and x64 environments. * Correct the rgbInfoValue returned by SQLGetInfo(SQL_LIKE_ESCAPE_CLAUSE, ..). * Fix a typo in SQLForeignKeys-ResultSet-Column. 'deferrablity' should be 'DEFERRABILITY'. * Correct the rgbInfoValue returned by SQLGetInfo(.., SQL_NUMERIC_FUNCTIONS(SQL_SYSTEM_FUNCTIONS or SQL_STRING_FUNCTIONS, ..). * Bug fix: do not forget to set parameter numbers while handling escaped ODBC functions. * Fix test_connection() in setup.c so that settings of conn_settings and pqopt option are reflected properly.

Changes in 11.00.0000: * Remove obsolete maps pointed out. * Remove connSettings option and/or pqopt option from the OutConnectionString parameter of SQLDriverConnect() when each option doesn't exist in InConnectionString parameter. * The parameters should be cast because parameters of concat() function are variadic 'any'. * Add an alias DX of *Database* keyword for connection strings to aviod the use of 'database' keyword which has a special meaning in some apps or middlewares. * Numeric items without precision are unlimited and there's no natural map between SQL data types. Add an option *Numeric(without precision) as* * Fix a bug that SQLSpecialColumns() returns oid/xmin incorrectly when a table does not exist.
Fix build with PostgreSQL 11 that does not have pg_config in the regular devel package anymore. (bsc#1166821)

Changes in 10.03.0000: * Put back the handling of lock_CC_for_rb variable. The variable lock_CC_for_rb should be held per connection. * Fix SQLGetTypeInfo() so that it filters SQL_TYPE_DATE, SQL_TYPE_TIME or SQL_TYPE_TIMESTAMP for ODBC 2.x applications. * Revise ConfigDSN() so that it handles the 4th parameter(lpszAttribues) correctly. * Fix a crash bug when handling error messages. Also modified some error messages. * Let SQLTables() or SQLTablePrivileges() show partition tables. * Fix build on Solaris defined(__SUNPRO_C) using Solaris Studio. * Reduce DB access to pg_class or pg_index by caching relhasoids, relhassubclass etc. It would improve the performance of SQLSetPos() or SQLBulkOperations() very much in some cases.

Changes in 10.02.0000: * It's safer to call setlocale(LC_CTYPE, '') than calling setlocale(LC_ALL, '') * Avoid replacing effective notice messages. * Handle MALLOC/REALLOC errors while fetching tuples more effectively. * Make SQLSetPos(SQL_DELETE/SQL_REFRESH) more effective. Because queries calling currtid(2) like select .. from .. where ctid=currtid2(.., ..) cause Seq Scan, their execution may be very slow. It is better to execute queries using subqueries like select .. from .. where ctid=(select currtid2(.., ..)) because they cause Tid Scan. * Fix a crash bug in AddDeleted().

Advisory ID	SUSE-OU-2020:1527-1
Released	Wed Jun 3 13:34:59 2020
Summary	Optional update for alsa-plugins
Type	optional
Severity	low
References	1171586

Description:

This update for alsa-plugins doesn't fix any user visible issues, but changes the way the package is being built. An installation is optional and not required. (bsc#1171586, jsc#SLE-11987)

Advisory ID	SUSE-RU-2020:1542-1
Released	Thu Jun 4 13:24:37 2020
Summary	Recommended update for timezone
Type	recommended
Severity	moderate
References	1172055

Description:

This update for timezone fixes the following issue:

zdump --version reported 'unknown' (bsc#1172055)

Advisory ID	SUSE-SU-2020:1551-1
Released	Mon Jun 8 09:31:41 2020
Summary	Security update for vim
Type	security
Severity	moderate
References	1172225,CVE-2019-20807

Description:

This update for vim fixes the following issues:

CVE-2019-20807: Fixed an issue where escaping from the restrictive mode of vim was possible using interfaces (bsc#1172225).

Advisory ID	SUSE-SU-2020:1553-1
Released	Mon Jun 8 09:32:53 2020
Summary	Security update for libexif
Type	security
Severity	moderate
References	1055857,1059893,1120943,1160770,1171475,1171847,1172105,1172116,1172121,CVE-2016-6328,CVE-2017-7544,CVE-2018-20030,CVE-2019-9278,CVE-2020-0093,CVE-2020-12767,CVE-2020-13112,CVE-2020-13113,CVE-2020-13114

Description:

This update for libexif to 0.6.22 fixes the following issues:
Security issues fixed:

CVE-2016-6328: Fixed an integer overflow in parsing MNOTE entry data of the input file (bsc#1055857).
CVE-2017-7544: Fixed an out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c (bsc#1059893).
CVE-2018-20030: Fixed a denial of service by endless recursion (bsc#1120943).
CVE-2019-9278: Fixed an integer overflow (bsc#1160770).
CVE-2020-0093: Fixed an out-of-bounds read in exif_data_save_data_entry (bsc#1171847).
CVE-2020-12767: Fixed a divide-by-zero error in exif_entry_get_value (bsc#1171475).
CVE-2020-13112: Fixed a time consumption DoS when parsing canon array markers (bsc#1172121).
CVE-2020-13113: Fixed a potential use of uninitialized memory (bsc#1172105).
CVE-2020-13114: Fixed various buffer overread fixes due to integer overflows in maker notes (bsc#1172116).

Non-security issues fixed:

libexif was updated to version 0.6.22: * New translations: ms * Updated translations for most languages * Some useful EXIF 2.3 tag added: * EXIF_TAG_GAMMA * EXIF_TAG_COMPOSITE_IMAGE * EXIF_TAG_SOURCE_IMAGE_NUMBER_OF_COMPOSITE_IMAGE * EXIF_TAG_SOURCE_EXPOSURE_TIMES_OF_COMPOSITE_IMAGE * EXIF_TAG_GPS_H_POSITIONING_ERROR * EXIF_TAG_CAMERA_OWNER_NAME * EXIF_TAG_BODY_SERIAL_NUMBER * EXIF_TAG_LENS_SPECIFICATION * EXIF_TAG_LENS_MAKE * EXIF_TAG_LENS_MODEL * EXIF_TAG_LENS_SERIAL_NUMBER

Advisory ID	SUSE-RU-2020:1560-1
Released	Mon Jun 8 12:08:28 2020
Summary	Recommended update for llvm7
Type	recommended
Severity	low
References	1171512

Description:

This update for llvm7 fixes the following issues:
-Fix for build failures when using 'llvm7' on i586. (bsc#1171512)

Advisory ID	SUSE-SU-2020:1569-1
Released	Tue Jun 9 11:13:16 2020
Summary	Security update for java-1_8_0-openjdk
Type	security
Severity	important
References	1160398,1169511,1171352,CVE-2020-2754,CVE-2020-2755,CVE-2020-2756,CVE-2020-2757,CVE-2020-2773,CVE-2020-2781,CVE-2020-2800,CVE-2020-2803,CVE-2020-2805,CVE-2020-2830

Description:

This update for java-1_8_0-openjdk to version jdk8u252 fixes the following issues:

CVE-2020-2754: Forward references to Nashorn (bsc#1169511)
CVE-2020-2755: Improve Nashorn matching (bsc#1169511)
CVE-2020-2756: Better mapping of serial ENUMs (bsc#1169511)
CVE-2020-2757: Less Blocking Array Queues (bsc#1169511)
CVE-2020-2773: Better signatures in XML (bsc#1169511)
CVE-2020-2781: Improve TLS session handling (bsc#1169511)
CVE-2020-2800: Better Headings for HTTP Servers (bsc#1169511)
CVE-2020-2803: Enhance buffering of byte buffers (bsc#1169511)
CVE-2020-2805: Enhance typing of methods (bsc#1169511)
CVE-2020-2830: Better Scanner conversions (bsc#1169511)
Ignore whitespaces after the header or footer in PEM X.509 cert (bsc#1171352)

Advisory ID	SUSE-SU-2020:1582-1
Released	Tue Jun 9 18:20:10 2020
Summary	Security update for rubygem-bundler
Type	security
Severity	moderate
References	1143436,CVE-2019-3881

Description:

This update for rubygem-bundler fixes the following issue:

CVE-2019-3881: Fixed insecure permissions on a directory in /tmp/ that allowed malicious code execution (bsc#1143436).

Advisory ID	SUSE-RU-2020:1616-1
Released	Fri Jun 12 10:51:28 2020
Summary	Recommended update for SAPHanaSR-ScaleOut
Type	recommended
Severity	moderate
References	1156067,1156150,1157685

Description:

This update for SAPHanaSR-ScaleOut fixes the following issues:

Restart 'sapstartsrv' service on master nameserver node. (bsc#1156150)
Use a fall-back scoring for the master nameserver nodes, if the current roles of the node(s) got lost. (bsc#1156067)
SAPHanaSR-ScaleOut-doc will no longer be installable when SAPHanaSR-doc is installed (bsc#1157685)

Advisory ID	SUSE-RU-2020:1631-1
Released	Wed Jun 17 09:53:58 2020
Summary	Recommended update for fonts-config
Type	recommended
Severity	important
References	1049056,1092737,1101985,1106850,1111791,1172022

Description:

This update for fonts-config fixes the following issues:

Update version from 20160921 to version 20200609+git0.42e2b1b * Check if it's required to use some default settings in /etc/sysconfig/fonts-config. (bsc#1172022) * Add variable to allow fonts-config to update default settings * Fix en-US, en-GB font matching. * Allow non-ASCII letters in font names. (bsc#1049056, bsc#1101985). * Update subpixel rendering config * Fix misspelling in configuration file. (bsc#1111791) * Fix wrong visualization for special characters and numbers. (bsc#1092737) * Support color emoji * Modern fonts for symbol * Add configurations for Noto Sans/Serif CJK * No longer create encodings.dir in /usr/share/fonts/encodings/ (bsc#1106850)

Advisory ID	SUSE-RU-2020:1635-1
Released	Wed Jun 17 14:20:56 2020
Summary	Recommended update for susemanager-cloud-setup
Type	recommended
Severity	important
References	1172645

Description:

This update for susemanager-cloud-setup contains the following fix:

Update to version 1.5: * adapt to new azuremetadata output (bsc#1172645)

Advisory ID	SUSE-SU-2020:1657-1
Released	Thu Jun 18 10:49:53 2020
Summary	Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork
Type	security
Severity	moderate
References	1172377,CVE-2020-13401

Description:

This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues:
Docker was updated to 19.03.11-ce runc was updated to version 1.0.0-rc10 containerd was updated to version 1.2.13

CVE-2020-13401: Fixed an issue where an attacker with CAP_NET_RAW capability, could have crafted IPv6 router advertisements, and spoof external IPv6 hosts, resulting in obtaining sensitive information or causing denial of service (bsc#1172377).

Advisory ID	SUSE-SU-2020:1677-1
Released	Thu Jun 18 18:16:39 2020
Summary	Security update for mozilla-nspr, mozilla-nss
Type	security
Severity	important
References	1159819,1169746,1171978,CVE-2019-17006,CVE-2020-12399

Description:

This update for mozilla-nspr, mozilla-nss fixes the following issues:
mozilla-nss was updated to version 3.53

CVE-2020-12399: Fixed a timing attack on DSA signature generation (bsc#1171978).
CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819).

Release notes: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.53_release_notes
mozilla-nspr to version 4.25

Advisory ID	SUSE-SU-2020:1684-1
Released	Fri Jun 19 09:48:36 2020
Summary	Security update for java-1_8_0-ibm
Type	security
Severity	important
References	1160968,1169511,1171352,1172277,CVE-2019-2949,CVE-2020-2654,CVE-2020-2754,CVE-2020-2755,CVE-2020-2756,CVE-2020-2757,CVE-2020-2781,CVE-2020-2800,CVE-2020-2803,CVE-2020-2805,CVE-2020-2830

Description:

This update for java-1_8_0-ibm fixes the following issues:
java-1_8_0-ibm was updated to Java 8.0 Service Refresh 6 Fix Pack 10 (bsc#1172277,bsc#1169511,bsc#1160968)

CVE-2020-2654: Fixed an issue which could have resulted in unauthorized ability to cause a partial denial of service
CVE-2020-2754: Forwarded references to Nashorn
CVE-2020-2755: Improved Nashorn matching
CVE-2020-2756: Improved mapping of serial ENUMs
CVE-2020-2757: Less Blocking Array Queues
CVE-2020-2781: Improved TLS session handling
CVE-2020-2800: Improved Headings for HTTP Servers
CVE-2020-2803: Enhanced buffering of byte buffers
CVE-2020-2805: Enhanced typing of methods
CVE-2020-2830: Improved Scanner conversions
CVE-2019-2949: Fixed an issue which could have resulted in unauthorized access to critical data
Added RSA PSS SUPPORT TO IBMPKCS11IMPL
The pack200 and unpack200 alternatives should be slaves of java (bsc#1171352).

Advisory ID	SUSE-SU-2020:1695-1
Released	Fri Jun 19 14:54:47 2020
Summary	Security update for osc
Type	security
Severity	moderate
References	1122675,CVE-2019-3681

Description:

This update for osc to 0.169.1 fixes the following issues:
Security issue fixed:

CVE-2019-3681: Fixed an insufficient validation of network-controlled filesystem paths (bsc#1122675).

Non-security issues fixed:

Improved the speed and usability of osc bash completion.
improved some error messages.
osc add: support git@ (private github) or git:// URLs correctly.
Split dependson and whatdependson commands.
Added support for osc build --shell-cmd.
Added pkg-ccache support for osc build.
Added --ccache option to osc getbinaries

Advisory ID	SUSE-RU-2020:1704-1
Released	Mon Jun 22 11:21:12 2020
Summary	Recommended update for susefirewall2-to-firewalld
Type	recommended
Severity	moderate
References	1170461

Description:

This update for susefirewall2-to-firewalld fixes the following issues:

Fixed 'INVALID_PORT' error message with certain SuSEfirewall2 configurations (bsc#1170461).

Advisory ID	SUSE-RU-2020:1706-1
Released	Mon Jun 22 14:34:34 2020
Summary	Recommended update for susemanager-cloud-setup
Type	recommended
Severity	important
References	1172838

Description:

This update for susemanager-cloud-setup contains the following fix:

Update to version 1.6 * suma-storage: handle /var/spacewalk correctly. (bsc#1172838)

Advisory ID	SUSE-RU-2020:1707-1
Released	Tue Jun 23 10:02:48 2020
Summary	Recommended update for gnu-free-fonts
Type	recommended
Severity	moderate
References	1170856

Description:

This update for gnu-free-fonts fixes the following issue:

Fix building with fontforge 20190801. (bsc#1170856)

Advisory ID	SUSE-RU-2020:1727-1
Released	Tue Jun 23 15:33:07 2020
Summary	Recommended update for python3-gcemetadata
Type	recommended
Severity	moderate
References	1173136

Description:

This update for python3-gcemetadata fixes the following issues:
Update to version 1.0.4 (bsc#1173136)

Fixed typo, missing '=' for 'identity' option in processed command line options causes mis-identification of instance as missing identity data access

Advisory ID	SUSE-SU-2020:1730-1
Released	Wed Jun 24 09:41:15 2020
Summary	Security update for libssh2_org
Type	security
Severity	moderate
References	1154862,CVE-2019-17498

Description:

This update for libssh2_org fixes the following issue:

CVE-2019-17498: Fixed an integer overflow in a bounds check that might have led to the disclosure of sensitive information or a denial of service (bsc#1154862).

Advisory ID	SUSE-SU-2020:1771-1
Released	Fri Jun 26 08:04:23 2020
Summary	Security update for mutt
Type	security
Severity	important
References	1172906,1172935,1173197,CVE-2020-14093,CVE-2020-14154,CVE-2020-14954

Description:

This update for mutt fixes the following issues:

CVE-2020-14954: Fixed a response injection due to a STARTTLS buffering issue which was affecting IMAP, SMTP, and POP3 (bsc#1173197).
CVE-2020-14093: Fixed a potential IMAP Man-in-the-Middle attack via a PREAUTH response (bsc#1172906, bsc#1172935).
CVE-2020-14154: Fixed an issue where Mutt was ignoring an expired certificate and was proceeding with a connection (bsc#1172906, bsc#1172935).

Advisory ID	SUSE-SU-2020:1772-1
Released	Fri Jun 26 08:05:06 2020
Summary	Security update for unbound
Type	security
Severity	important
References	1157268,1171889,CVE-2019-18934,CVE-2020-12662,CVE-2020-12663

Description:

This update for unbound fixes the following issues:

CVE-2020-12662: Fixed an issue where unbound could have been tricked into amplifying an incoming query into a large number of queries directed to a target (bsc#1171889).
CVE-2020-12663: Fixed an issue where malformed answers from upstream name servers could have been used to make unbound unresponsive (bsc#1171889).
CVE-2019-18934: Fixed a vulnerability in the IPSec module which could have allowed code execution after receiving a special crafted answer (bsc#1157268).

Advisory ID	SUSE-RU-2020:1785-1
Released	Fri Jun 26 09:26:09 2020
Summary	Recommended update for perl-TimeDate
Type	recommended
Severity	moderate
References	1172834

Description:

This update for perl-TimeDate fixes the following issue:

Parse out the century if specified (strptime). (bsc#1172834)

Advisory ID	SUSE-RU-2020:1801-1
Released	Tue Jun 30 13:07:01 2020
Summary	Recommended update for zeromq
Type	recommended
Severity	low
References	1171566

Description:

This update of zeromq fixes the following issue.

the libzmq5-32bit package is shipped on x86_64 platforms. (bsc#1171566)

Advisory ID	SUSE-RU-2020:1802-1
Released	Tue Jun 30 13:15:44 2020
Summary	Recommended update for ucode-intel
Type	recommended
Severity	moderate
References	1172466,1172856

Description:

This update for ucode-intel fixes the following issues:
Updated Intel CPU Microcode to 20200616 official release (bsc#1172856)

revert 06-4e-03 Skylake U/Y, U23e ucode back to 000000d6 release
revert 06-5e-03 Skylake H/S ucode back to 000000d6 release, as both cause stability issues. (bsc#1172856)

Updated Intel CPU Microcode to 20200609 official release (bsc#1172466)

no changes to 20200602 prerelease

Advisory ID	SUSE-SU-2020:1823-1
Released	Thu Jul 2 11:32:22 2020
Summary	Security update for ntp
Type	security
Severity	moderate
References	1125401,1169740,1171355,1172651,1173334,992038,CVE-2018-8956,CVE-2020-11868,CVE-2020-13817,CVE-2020-15025

Description:

This update for ntp fixes the following issues:
ntp was updated to 4.2.8p15

CVE-2020-11868: Fixed an issue which a server mode packet with spoofed source address frequently send to the client ntpd could have caused denial of service (bsc#1169740).
CVE-2018-8956: Fixed an issue which could have allowed remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via spoofed mode 3 and mode 5 packets (bsc#1171355).
CVE-2020-13817: Fixed an issue which an off-path attacker with the ability to query time from victim's ntpd instance could have modified the victim's clock by a limited amount (bsc#1172651).
CVE-2020-15025: Fixed an issue which remote attacker could have caused denial of service by consuming the memory when a CMAC key was used andassociated with a CMAC algorithm in the ntp.keys (bsc#1173334).
Removed an OpenSSL version warning (bsc#992038 and bsc#1125401).

Advisory ID	SUSE-SU-2020:1843-1
Released	Mon Jul 6 12:13:40 2020
Summary	Security update for nasm
Type	security
Severity	moderate
References	1084631,1086186,1086227,1086228,1090519,1090840,1106878,1107592,1107594,1108404,1115758,1115774,1115795,1173538,CVE-2018-1000667,CVE-2018-10016,CVE-2018-10254,CVE-2018-10316,CVE-2018-16382,CVE-2018-16517,CVE-2018-16999,CVE-2018-19214,CVE-2018-19215,CVE-2018-19216,CVE-2018-8881,CVE-2018-8882,CVE-2018-8883

Description:

This update for nasm fixes the following issues:
nasm was updated to version 2.14.02.
This allows building of Mozilla Firefox 78ESR and also contains lots of bugfixes, security fixes and improvements.

Fix crash due to multiple errors or warnings during the code generation pass if a list file is specified.
Create all system-defined macros defore processing command-line given preprocessing directives (-p, -d, -u, --pragma, --before).
If debugging is enabled, define a __DEBUG_FORMAT__ predefined macro. See section 4.11.7.
Fix an assert for the case in the obj format when a SEG operator refers to an EXTERN symbol declared further down in the code.
Fix a corner case in the floating-point code where a binary, octal or hexadecimal floating-point having at least 32, 11, or 8 mantissa digits could produce slightly incorrect results under very specific conditions.
Support -MD without a filename, for gcc compatibility. -MF can be used to set the dependencies output filename. See section 2.1.7.
Fix -E in combination with -MD. See section 2.1.21.
Fix missing errors on redefined labels; would cause convergence failure instead which is very slow and not easy to debug.
Duplicate definitions of the same label with the same value is now explicitly permitted (2.14 would allow it in some circumstances.)
Add the option --no-line to ignore %line directives in the source. See section 2.1.33 and section 4.10.1.
Changed -I option semantics by adding a trailing path separator unconditionally.
Fixed null dereference in corrupted invalid single line macros.
Fixed division by zero which may happen if source code is malformed.
Fixed out of bound access in processing of malformed segment override.
Fixed out of bound access in certain EQU parsing.
Fixed buffer underflow in float parsing.
Added SGX (Intel Software Guard Extensions) instructions.
Added +n syntax for multiple contiguous registers.
Fixed subsections_via_symbols for macho object format.
Added the --gprefix, --gpostfix, --lprefix, and --lpostfix command line options, to allow command line base symbol renaming. See section 2.1.28.
Allow label renaming to be specified by %pragma in addition to from the command line. See section 6.9.
Supported generic %pragma namespaces, output and debug. See section 6.10.
Added the --pragma command line option to inject a %pragma directive. See section 2.1.29.
Added the --before command line option to accept preprocess statement before input. See section 2.1.30.
Added AVX512 VBMI2 (Additional Bit Manipulation), VNNI (Vector Neural Network), BITALG (Bit Algorithm), and GFNI (Galois Field New Instruction) instructions.
Added the STATIC directive for local symbols that should be renamed using global-symbol rules. See section 6.8.
Allow a symbol to be defined as EXTERN and then later overridden as GLOBAL or COMMON. Furthermore, a symbol declared EXTERN and then defined will be treated as GLOBAL. See section 6.5.
The GLOBAL directive no longer is required to precede the definition of the symbol.
Support private_extern as macho specific extension to the GLOBAL directive. See section 7.8.5.
Updated UD0 encoding to match with the specification
Added the --limit-X command line option to set execution limits. See section 2.1.31.
Updated the Codeview version number to be aligned with MASM.
Added the --keep-all command line option to preserve output files. See section 2.1.32.
Added the --include command line option, an alias to -P (section 2.1.18).
Added the --help command line option as an alias to -h (section 3.1).
Added -W, -D, and -Q suffix aliases for RET instructions so the operand sizes of these instructions can be encoded without using o16, o32 or o64.

New upstream version 2.13.03:

Add flags: AES, VAES, VPCLMULQDQ
Add VPCLMULQDQ instruction
elf: Add missing dwarf loc section
documentation updates

Advisory ID	SUSE-RU-2020:1852-1
Released	Mon Jul 6 16:50:23 2020
Summary	Recommended update for fontforge, ghostscript-fonts, ttf-converter, xorg-x11-fonts
Type	recommended
Severity	moderate
References	1169444

Description:

This update for fontforge, ghostscript-fonts, ttf-converter, xorg-x11-fonts fixes the following issues:
Changes in fontforge:

Support transforming bitmap glyphs from python. (bsc#1169444)
Allow python-Sphinx >= 3

Changes in ttf-converter:

Update from version 1.0 to version 1.0.6: * ftdump is now shipped additionally as new dependency for ttf-converter * Standardize output when converting vector and bitmap fonts * Add more subfamilies fixes (bsc#1169444) * Add --family and --subfamily arguments to force values on those fields * Add parameters to fix glyph unicode values --fix-glyph-unicode : Try to fix unicode points and glyph names based on glyph names containing hexadecimal codes (like '$0C00', 'char12345' or 'uni004F') --replace-unicode-values: When passed 2 comma separated numbers a,b the glyph with an unicode value of a is replaced with the unicode value b. Can be used more than once.

--shift-unicode-values: When passed 3 comma separated numbers a,b,c this shifts the unicode values of glyphs between a and b (both included) by adding c. Can be used more than once. * Add --bitmapTransform parameter to transform bitmap glyphs. (bsc#1169444) When used, all glyphs are modified with the transformation function and values passed as parameters. The parameter has three values separated by commas: fliph|flipv|rotate90cw|rotate90ccw|rotate180|skew|transmove,xoff,yoff * Add support to convert bitmap fonts (bsc#1169444) * Rename MediumItalic subfamily to Medium Italic * Show some more information when removing duplicated glyphs * Add a --force-monospaced argument instead of hardcoding font names * Convert `BoldCond` subfamily to `Bold Condensed` * Fixes for Monospaced fonts and force the Nimbus Mono L font to be Monospaced. (bsc#1169444 #c41) * Add a --version argument * Fix subfamily names so the converted font's subfamily match the original ones. (bsc#1169444 #c41)
Changes in xorg-x11-fonts:

Use ttf-converter 1.0.6 to build an Italic version of cu12.pcf.gz in the converted subpackage
Include the subfamily in the filename of converted fonts
Use ttf-converter's new bitmap font support to convert Schumacher Clean and Schumacher Clean Wide (bsc#1169444 #c41)
Replace some unicode values in cu-pua12.pcf.gz to fix them
Shift some unicode values in arabic24.pcf.gz and cuarabic12.pcf.gz so glyphs don't pretend to be latin characters when they're not.
Don't distribute converted fonts with wrong unicode values in their glyphs. (bsc#1169444) Bitstream-Charter-*.otb, Cursor.ttf,Sun-OPEN-LOOK-*.otb, MUTT-ClearlyU-Devangari-Extra-Regular, MUTT-ClearlyU-Ligature-Wide-Regular, and MUTT-ClearlyU-Devanagari-Regular

Changes in ghostscript-fonts:

Force the converted Nimbus Mono font to be monospaced. (bsc#1169444 #c41) Use the --force-monospaced argument of ttf-converter 1.0.3

Advisory ID	SUSE-RU-2020:1870-1
Released	Tue Jul 7 15:13:13 2020
Summary	Recommended update for llvm9
Type	recommended
Severity	moderate
References	1173202

Description:

This update for llvm9 fixes the following issues:

Fix miscompilations with rustc 1.43 that lead to LTO failures (bsc#1173202)

Advisory ID	SUSE-RU-2020:1871-1
Released	Tue Jul 7 15:14:11 2020
Summary	Recommended update for llvm7
Type	recommended
Severity	moderate
References	1173202

Description:

This update for llvm7 fixes the following issues:

Fix miscompilations with rustc 1.43 that lead to LTO failures (bsc#1173202)

Advisory ID	SUSE-RU-2020:1885-1
Released	Fri Jul 10 14:54:22 2020
Summary	Recommended update for cloud-init
Type	recommended
Severity	moderate
References	1170154,1171546,1171995

Description:

This update for cloud-init contains the following fixes:

rsyslog warning, '~' is deprecated: (bsc#1170154) + replace deprecated syntax '& ~' by '& stop' for more information please see https://www.rsyslog.com/rsyslog-error-2307/.

+ Explicitly test for netconfig version 1 as well as 2.
+ Handle netconfig v2 device configurations (bsc#1171546, bsc#1171995)

Advisory ID	SUSE-OU-2020:1894-1
Released	Mon Jul 13 10:40:16 2020
Summary	Optional update for python-Cerberus
Type	optional
Severity	moderate
References	1121858,1173465

Description:

This update for python-Cerberus fixes the following issues:

Update to version 1.3.2 * includes various features and improvements - please refer to the changelog for a detailed technical list of changes

Advisory ID	SUSE-RU-2020:1903-1
Released	Tue Jul 14 15:46:28 2020
Summary	Recommended update for lifecycle-data-sle-module-desktop-productivity
Type	recommended
Severity	moderate
References	1173407

Description:

This update for lifecycle-data-sle-module-desktop-productivity fixes the following issues:

Update lifecycle data, most of python2 is now in its own module. (bsc#1173407)
Ensure package is installed with its corresponding module when lifecycle package is installed. (bsc#1173407)

Advisory ID	SUSE-RU-2020:1905-1
Released	Tue Jul 14 15:56:17 2020
Summary	Recommended update for lifecycle-data-sle-module-basesystem
Type	recommended
Severity	moderate
References	1173407

Description:

This update for lifecycle-data-sle-module-basesystem fixes the following issues:

Update lifecycle data, most of python2 is now in its own module. (bsc#1173407)
Ensure package is installed with its corresponding module when lifecycle package is installed. (bsc#1173407)

Advisory ID	SUSE-RU-2020:1906-1
Released	Tue Jul 14 15:58:16 2020
Summary	Recommended update for lifecycle-data-sle-module-development-tools
Type	recommended
Severity	moderate
References	1173407

Description:

This update for lifecycle-data-sle-module-development-tools fixes the following issue:

Ensure package is installed with its corresponding module when lifecycle package is installed. (bsc#1173407)

Advisory ID	SUSE-RU-2020:1907-1
Released	Tue Jul 14 16:01:25 2020
Summary	Recommended update for lifecycle-data-sle-module-hpc
Type	recommended
Severity	moderate
References	1173407

Description:

This update for lifecycle-data-sle-module-hpc fixes the following issues:

Update lifecycle data, most of python2 is now in its own module. (bsc#1173407)
Ensure package is installed with its corresponding module when lifecycle package is installed. (bsc#1173407)

Advisory ID	SUSE-RU-2020:1908-1
Released	Tue Jul 14 16:03:22 2020
Summary	Recommended update for lifecycle-data-sle-module-server-applications
Type	recommended
Severity	moderate
References	1173407

Description:

This update for lifecycle-data-sle-module-server-applications fixes the following issues:

Update lifecycle data, no python2 module are shipped in this module. (bsc#1173407)
Ensure package is installed with its corresponding module when lifecycle package is installed. (bsc#1173407)

Advisory ID	SUSE-RU-2020:1909-1
Released	Tue Jul 14 16:05:26 2020
Summary	Recommended update for lifecycle-data-sle-module-desktop-applications
Type	recommended
Severity	moderate
References	1173407

Description:

This update for lifecycle-data-sle-module-desktop-applications fixes the following issues:

Update lifecycle data, all python2 packages in desktop applications module are in python2 module. (bsc#1173407)
Ensure package is installed with its corresponding module when lifecycle package is installed. (bsc#1173407)

Advisory ID	SUSE-SU-2020:1915-1
Released	Wed Jul 15 09:34:15 2020
Summary	Security update for slirp4netns
Type	security
Severity	important
References	1172380,CVE-2020-10756

Description:

This update for slirp4netns fixes the following issues:

Update to 0.4.7 (bsc#1172380) * libslirp: update to v4.3.1 (Fix CVE-2020-10756) * Fix config_from_options() to correctly enable ipv6

Advisory ID	SUSE-SU-2020:1919-1
Released	Wed Jul 15 10:56:06 2020
Summary	Security update for rubygem-puma
Type	security
Severity	moderate
References	1172175,1172176,CVE-2020-11076,CVE-2020-11077

Description:

This update for rubygem-puma to version 4.3.5 fixes the following issues:

CVE-2020-11077: Fixed a HTTP smuggling issue related to proxy usage (bsc#1172175).
CVE-2020-11076: Fixed a HTTP smuggling issue when using an invalid transfer-encoding header (bsc#1172176).
Disabled TLSv1.0 and TLSv1.1 (jsc#SLE-6965).

Advisory ID	SUSE-SU-2020:1930-1
Released	Wed Jul 15 15:05:07 2020
Summary	Security update for openconnect
Type	security
Severity	moderate
References	1171862,CVE-2020-12823

Description:

This update for openconnect fixes the following issues:

CVE-2020-12823: Fixed a buffer overflow via crafted certificate data which could have led to denial of service (bsc#1171862).

Advisory ID	SUSE-SU-2020:1931-1
Released	Wed Jul 15 15:05:43 2020
Summary	Security update for openexr
Type	security
Severity	moderate
References	1173466,1173467,1173469,CVE-2020-15304,CVE-2020-15305,CVE-2020-15306

Description:

This update for openexr fixes the following issues:

CVE-2020-15304: Fixed a NULL pointer dereference in TiledInputFile:TiledInputFile() (bsc#1173466).
CVE-2020-15305: Fixed a use-after-free in DeepScanLineInputFile:DeepScanLineInputFile() (bsc#1173467).
CVE-2020-15306: Fixed a heap buffer overflow in getChunkOffsetTableSize() (bsc#1173469).

Advisory ID	SUSE-SU-2020:1934-1
Released	Wed Jul 15 15:07:30 2020
Summary	Security update for google-compute-engine
Type	security
Severity	important
References	1169978,1173258,CVE-2020-8903,CVE-2020-8907,CVE-2020-8933

Description:

This update for google-compute-engine fixes the following issues:

Don't enable and start google-network-daemon.service when it's already installed (bsc#1169978)

+ Do not add the created user to the adm (CVE-2020-8903), docker (CVE-2020-8907), or lxd (CVE-2020-8933) groups if they exist (bsc#1173258)

Advisory ID	SUSE-RU-2020:1935-1
Released	Wed Jul 15 16:25:57 2020
Summary	Recommended update for azure-li-services
Type	recommended
Severity	moderate
References

Description:

This update for azure-li-services fixes the following issues:

Update the motd to reflect the new link for the SUSE forums.
Add prometheus monitoring modules. (jsc#SLE-10545, jsc#SLE-10902, jsc#SLE-10903, jsc#ECO-817, jsc#ECO-818.
Added devel package auto submission
Deployment of HANA Scale-up Performance Optimized Scenario from Salt. (jsc#SLE-11453)
Automate setup of DRBD NFS-Share in SALT and Terraform. (jsc#SLE-11454)

Advisory ID	SUSE-SU-2020:1944-1
Released	Fri Jul 17 13:50:40 2020
Summary	Security update for ant
Type	security
Severity	moderate
References	1171696,CVE-2020-1945

Description:

This update for ant fixes the following issues:

CVE-2020-1945: Fixed an inseure temorary file vulnerability which could have potentially leaked sensitive information (bsc#1171696).

Advisory ID	SUSE-RU-2020:1954-1
Released	Sat Jul 18 03:07:15 2020
Summary	Recommended update for cracklib
Type	recommended
Severity	moderate
References	1172396

Description:

This update for cracklib fixes the following issues:

Fixed a buffer overflow when processing long words.

Advisory ID	SUSE-SU-2020:1957-1
Released	Mon Jul 20 13:47:31 2020
Summary	Security update for cni-plugins
Type	security
Severity	moderate
References	1172410,CVE-2020-10749

Description:

This update for cni-plugins fixes the following issues:
cni-plugins updated to version 0.8.6

CVE-2020-10749: Fixed a potential Man-in-the-Middle attacks in IPv4 clusters by spoofing IPv6 router advertisements (bsc#1172410).

Release notes: https://github.com/containernetworking/plugins/releases/tag/v0.8.6

Advisory ID	SUSE-RU-2020:1979-1
Released	Tue Jul 21 02:41:47 2020
Summary	Recommended update for golang-github-prometheus-node_exporter
Type	recommended
Severity	moderate
References	1143913

Description:

This update for golang-github-prometheus-node_exporter fixes the following issues:

Update from version 0.17.0 to version 0.18.1 (jsc#ECO-2110)

0.18.1 / 2019-06-04 * [BUGFIX] Fix incorrect sysctl call in BSD meminfo collector, resulting in broken swap metrics on FreeBSD * [BUGFIX] Fix rollover bug in mountstats collector 0.18.0 / 2019-05-09 * Renamed interface label to device in netclass collector for consistency with other network metrics * The cpufreq metrics now separate the cpufreq and scaling data based on what the driver provides. * The labels for the network_up metric have changed * Bonding collector now uses mii_status instead of operstatus * Several systemd metrics have been turned off by default to improve performance * These include unit_tasks_current, unit_tasks_max, service_restart_total, and unit_start_time_seconds * The systemd collector blacklist now includes automount, device, mount, and slice units by default. * [CHANGE] Bonding state uses mii_status * [CHANGE] Add a limit to the number of in-flight requests * [CHANGE] Renamed interface label to device in netclass collector * [CHANGE] Add separate cpufreq and scaling metrics * [CHANGE] Several systemd metrics have been turned off by default to improve performance * [CHANGE] Expand systemd collector blacklist * [CHANGE] Split cpufreq metrics into a separate collector * [FEATURE] Add a flag to disable exporter metrics * [FEATURE] Add kstat-based Solaris metrics for boottime, cpu and zfs collectors * [FEATURE] Add uname collector for FreeBSD * [FEATURE] Add diskstats collector for OpenBSD * [FEATURE] Add pressure collector exposing pressure stall information for Linux * [FEATURE] Add perf exporter for Linux * [ENHANCEMENT] Add Infiniband counters * [ENHANCEMENT] Add TCPSynRetrans to netstat default filter * [ENHANCEMENT] Move network_up labels into new metric network_info * [ENHANCEMENT] Use 64-bit counters for Darwin netstat * [BUGFIX] Add fallback for missing /proc/1/mounts * [BUGFIX] Fix node_textfile_mtime_seconds to work properly on symlinks

Add network-online (Wants and After) dependency to systemd unit. (bsc#1143913)

Advisory ID	SUSE-SU-2020:1983-1
Released	Tue Jul 21 08:31:44 2020
Summary	Security update for tomcat
Type	security
Severity	important
References	1173389,CVE-2020-11996

Description:

This update for tomcat fixes the following issues: Tomcat was updated to 9.0.36 See changelog at

CVE-2020-11996: Fixed an issue which by sending a specially crafted sequence of HTTP/2 requests could have triggered high CPU usage for several seconds making potentially the server unresponsive (bsc#1173389).

Advisory ID	SUSE-RU-2020:1986-1
Released	Tue Jul 21 16:06:29 2020
Summary	Recommended update for openvswitch
Type	recommended
Severity	moderate
References	1172861,1172929

Description:

This update for openvswitch fixes the following issues:

Preserve the old default OVS_USER_ID for users that removed the override at /etc/sysconfig/openvswitch. (bsc#1172861)
Fix possible changes of openvswitch configuration during upgrades. (bsc#1172929)

Advisory ID	SUSE-RU-2020:2000-1
Released	Wed Jul 22 09:04:41 2020
Summary	Recommended update for efivar
Type	recommended
Severity	important
References	1100077,1101023,1120862,1127544

Description:

This update for efivar fixes the following issues:

fix logic that checks for UCS-2 string termination (bsc#1127544)
fix casting of IPv4 addresses
Don't require an EUI for NVMe (bsc#1100077)
Add support for ACPI Generic Container and Embedded Controller root nodes (bsc#1101023)
fix for compilation failures bsc#1120862

Advisory ID	SUSE-RU-2020:2002-1
Released	Wed Jul 22 09:43:24 2020
Summary	Recommended update for lifecycle-data-sle-module-live-patching
Type	recommended
Severity	moderate
References	1020320

Description:

This update for lifecycle-data-sle-module-live-patching fixes the following issues:

Live kernel patching update data for 4_12_14-150_52, 4_12_14-197_45. (bsc#1020320)

Advisory ID	SUSE-RU-2020:2006-1
Released	Wed Jul 22 16:00:52 2020
Summary	Recommended update for postgresql, postgresql12
Type	recommended
Severity	moderate
References	1148643,1171924

Description:

This update for postgresql, postgresql12 fixes the following issues:
Postgresql12 was updated to 12.3 (bsc#1171924).

https://www.postgresql.org/about/news/2038/
https://www.postgresql.org/docs/12/release-12-3.html

Let postgresqlXX conflict with postgresql-noarch < 12.0.1 to get a clean and complete cutover to the new packaging schema.

Also changed in the postgresql wrapper package:

Bump version to 12.0.1, so that the binary packages also have a cut-point to conflict with.

Conflict with versions of the binary packages prior to the May 2020 update, because we changed the package layout at that point and need a clean cutover.

Bump package version to 12, but leave default at 10 for SLE-15 and SLE-15-SP1.

Advisory ID	SUSE-SU-2020:2025-1
Released	Thu Jul 23 13:32:32 2020
Summary	Security update for perl-YAML-LibYAML
Type	security
Severity	moderate
References	1173703

Description:

This update for perl-YAML-LibYAML fixes the following issues:
perl-YAML-LibYAML was updated to 0.69: [bsc#1173703]

Security fix: Add $LoadBlessed option to turn on/off loading objects: Default is set to true. Note that, the behavior is unchanged.
Clarify documentation about exported functions
Dump() was modifying original data, adding a PV to numbers
Support standard tags !!str, !!map and !!seq instead of dying.
Support JSON::PP::Boolean and boolean.pm via $YAML::XS::Boolean.
Fix regex roundtrip. Fix loading of many regexes.

Advisory ID	SUSE-SU-2020:2029-1
Released	Thu Jul 23 13:50:04 2020
Summary	Security update for libraw
Type	security
Severity	moderate
References	1173674,CVE-2020-15503

Description:

This update for libraw fixes the following issues:

security update
added patches fix CVE-2020-15503 [bsc#1173674], lack of thumbnail size range check can lead to buffer overflow + libraw-CVE-2020-15503.patch

Advisory ID	SUSE-RU-2020:2042-1
Released	Fri Jul 24 13:59:31 2020
Summary	Recommended update for SAPHanaSR
Type	recommended
Severity	moderate
References	1173581

Description:

This update for SAPHanaSR fixes the following issues:

Fix for log empty site names, but do not generate bad formatted cluster attribute name. (bsc#1173581)
Fix for documentation of some parameter defaults.
Adjust start/stop/promote/monitor action timeouts to match official recommendations.

Advisory ID	SUSE-SU-2020:2047-1
Released	Fri Jul 24 14:09:14 2020
Summary	Security update for tomcat
Type	security
Severity	important
References	1174117,1174121,CVE-2020-13934,CVE-2020-13935

Description:

This update for tomcat fixes the following issues:

Fixed CVEs: * CVE-2020-13934 (bsc#1174121) * CVE-2020-13935 (bsc#1174117)

Advisory ID	SUSE-RU-2020:2071-1
Released	Wed Jul 29 12:47:19 2020
Summary	Recommended update for sapconf
Type	recommended
Severity	moderate
References	1124453,1139176,1150868,1150870,1166925,1168067,1168840

Description:

This update for sapconf fixes the following issues:

Check the values of the 'vm.dirty_*' settings to be in a valid range before activating or restoring these system values. (bsc#1168067)
Add a logrotate drop-in file for sapconf to control the size of the logfile. (bsc#1166925)
Implement and use the system wide security limits. (bsc#1168840)
Add support multi-queued scheduler for block devices. (jsc#SLE-11141, jsc#SLE-11144)
Remove usage of tuned from sapconf (jsc#SLE-10986, jsc#SLE-10989): - Only ONE configuration file for sapconf - All parameters of the tuned profile defined in tuned.conf sapconf - Implement Switching a sapconf profile. - Prevent sapconf related tuned error messages by turning off tuned in the preinstall phase and removing the 'active' sapconf profile.
If sapconf detects an improper tuned profile during start notes that the log, fails the start deliberatly and guides the administrator to the problem. (bsc#1139176)
Use absolute path in the configuration file. (bsc#1124453)
Replace the delimiter for a sed command in postinstall script, because of conflicts with rpm macros. (bsc#1150868, bsc#1150870)

Advisory ID	SUSE-RU-2020:2080-1
Released	Wed Jul 29 20:09:09 2020
Summary	Recommended update for libtool
Type	recommended
Severity	moderate
References	1171566

Description:

This update for libtool provides missing the libltdl 32bit library. (bsc#1171566)

Advisory ID	SUSE-RU-2020:2082-1
Released	Thu Jul 30 09:49:35 2020
Summary	Recommended update for google-guest-agent, google-guest-configs, and google-guest-oslogin
Type	recommended
Severity	moderate
References	1174304,1174306

Description:

The python based packages google-compute-engine-init and google-compute-engine-oslogin were deprecated and are now replaced by the new Go based packages google-guest-agent, google-guest-configs, and google-guest-oslogin (jsc#ECO-2099)

Advisory ID	SUSE-RU-2020:2083-1
Released	Thu Jul 30 10:27:59 2020
Summary	Recommended update for diffutils
Type	recommended
Severity	moderate
References	1156913

Description:

This update for diffutils fixes the following issue:

Disable a sporadically failing test for ppc64 and ppc64le builds. (bsc#1156913)

Advisory ID	SUSE-RU-2020:2091-1
Released	Thu Jul 30 14:55:00 2020
Summary	Recommended update for python-kiwi
Type	recommended
Severity	moderate
References	1156677,1168973,1172928

Description:

This update for python-kiwi fixes the following issues:

Fixed checking for root device in grub config. (bsc#1172928)
Fix for conflicting files of man-pages between different versions. (bsc#1168973, bsc#1156677)

Advisory ID	SUSE-RU-2020:2093-1
Released	Thu Jul 30 14:57:24 2020
Summary	Recommended update for tftpboot-installation-common
Type	recommended
Severity	low
References	1172161

Description:

This update for tftpboot-installation-common fixes the following issues:

Fix typo in service file. (bsc#1172161)

Advisory ID	SUSE-SU-2020:2095-1
Released	Thu Jul 30 17:10:15 2020
Summary	Security update for ghostscript
Type	security
Severity	important
References	1174415,CVE-2020-15900

Description:

This update for ghostscript fixes the following issues:

fixed CVE-2020-15900 Memory Corruption (SAFER Sandbox Breakout) cf. https://bugs.ghostscript.com/show_bug.cgi?id=702582 (bsc#1174415)

Advisory ID	SUSE-RU-2020:2115-1
Released	Tue Aug 4 12:12:10 2020
Summary	Recommended update for opus
Type	recommended
Severity	moderate
References	1172526

Description:

This update for opus fixes the following issues:

Fix for an issue when the 'CELTDecoder' can be larger than 21 and cauese crash by builds with custom modes or hardening. (bsc#1172526)

Advisory ID	SUSE-SU-2020:2116-1
Released	Tue Aug 4 15:12:41 2020
Summary	Security update for libX11
Type	security
Severity	important
References	1174628,CVE-2020-14344

Description:

This update for libX11 fixes the following issues:

Fixed XIM client heap overflows (CVE-2020-14344, bsc#1174628)

Advisory ID	SUSE-RU-2020:2126-1
Released	Wed Aug 5 09:26:46 2020
Summary	Recommended update for cloud-regionsrv-client
Type	recommended
Severity	moderate
References	1173474,1173475

Description:

This update for cloud-regionsrv-client fixes the following issues:

Introduce containerbuild-regionsrv service to allow container building tools to access required data for accessing Public Cloud RMTs (bsc#1173474, bsc#1173475)

Advisory ID	SUSE-RU-2020:2127-1
Released	Wed Aug 5 10:28:23 2020
Summary	Recommended update for python-azure-agent
Type	recommended
Severity	important
References	1173866

Description:

This update for python-azure-agent fixes the following issues:

Properly set the DHCP configuration to push the hostname to the DHCP server. (bsc#1173866)
Do not bring the interface down to push the hostname, just use 'ifup'. (bsc#1173866)

Advisory ID	SUSE-RU-2020:2128-1
Released	Wed Aug 5 10:28:47 2020
Summary	Recommended update for cryptctl
Type	recommended
Severity	moderate
References

Description:

cryptctl was updated to fix the following issue

crypto is shipped into the Basesystem module. (ECO-2067)

Advisory ID	SUSE-RU-2020:2130-1
Released	Wed Aug 5 13:01:43 2020
Summary	Recommended update for aws-iam-authenticator, cni, cni-plugins
Type	recommended
Severity	moderate
References	1098521

Description:

This update ships initial versions of the aws-iam-authenticator, cni, cni-plugins packages to the Public Cloud module. (jsc#PM-1449, jsc#SLE-10777, bsc#1098521)
This provides support for Amazon EKS.

Advisory ID	SUSE-SU-2020:2142-1
Released	Thu Aug 6 11:05:34 2020
Summary	Security update for xrdp
Type	security
Severity	important
References	1173580,CVE-2020-4044

Description:

This update for xrdp fixes the following issues:

Update to version 0.9.13.1 + This is a security fix release that includes fixes for the following local buffer overflow vulnerability (bsc#1173580): CVE-2020-4044

Advisory ID	SUSE-SU-2020:2143-1
Released	Thu Aug 6 11:06:49 2020
Summary	Security update for java-11-openjdk
Type	security
Severity	important
References	1174157,CVE-2020-14556,CVE-2020-14562,CVE-2020-14573,CVE-2020-14577,CVE-2020-14581,CVE-2020-14583,CVE-2020-14593,CVE-2020-14621

Description:

This update for java-11-openjdk fixes the following issues:

Update to upstream tag jdk-11.0.8+10 (July 2020 CPU, bsc#1174157) * Security fixes: + JDK-8230613: Better ASCII conversions + JDK-8231800: Better listing of arrays + JDK-8232014: Expand DTD support + JDK-8233234: Better Zip Naming + JDK-8233239, CVE-2020-14562: Enhance TIFF support + JDK-8233255: Better Swing Buttons + JDK-8234032: Improve basic calendar services + JDK-8234042: Better factory production of certificates + JDK-8234418: Better parsing with CertificateFactory + JDK-8234836: Improve serialization handling + JDK-8236191: Enhance OID processing + JDK-8236867, CVE-2020-14573: Enhance Graal interface handling + JDK-8237117, CVE-2020-14556: Better ForkJoinPool behavior + JDK-8237592, CVE-2020-14577: Enhance certificate verification + JDK-8238002, CVE-2020-14581: Better matrix operations + JDK-8238013: Enhance String writing + JDK-8238804: Enhance key handling process + JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable + JDK-8238843: Enhanced font handing + JDK-8238920, CVE-2020-14583: Better Buffer support + JDK-8238925: Enhance WAV file playback + JDK-8240119, CVE-2020-14593: Less Affine Transformations + JDK-8240482: Improved WAV file playback + JDK-8241379: Update JCEKS support + JDK-8241522: Manifest improved jar headers redux + JDK-8242136, CVE-2020-14621: Better XML namespace handling * Other changes: + JDK-6933331: (d3d/ogl) java.lang.IllegalStateException: Buffers have not been created + JDK-7124307: JSpinner and changing value by mouse + JDK-8022574: remove HaltNode code after uncommon trap calls + JDK-8039082: [TEST_BUG] Test java/awt/dnd/BadSerializationTest/BadSerializationTest.java fails + JDK-8040630: Popup menus and tooltips flicker with previous popup contents when first shown + JDK-8044365: (dc) MulticastSendReceiveTests.java failing with ENOMEM when joining group (OS X 10.9) + JDK-8048215: [TESTBUG] java/lang/management/ManagementFactory/ThreadMXBeanProxy.java Expected non-null LockInfo + JDK-8051349: nsk/jvmti/scenarios/sampling/SP06/sp06t003 fails in nightly + JDK-8080353: JShell: Better error message on attempting to add default method + JDK-8139876: Exclude hanging nsk/stress/stack from execution with deoptimization enabled + JDK-8146090: java/lang/ref/ReachabilityFenceTest.java fails with -XX:+DeoptimizeALot + JDK-8153430: jdk regression test MletParserLocaleTest, ParserInfiniteLoopTest reduce default timeout + JDK-8156207: Resource allocated BitMaps are often cleared unnecessarily + JDK-8159740: JShell: corralled declarations do not have correct source to wrapper mapping + JDK-8175984: ICC_Profile has un-needed, not-empty finalize method + JDK-8176359: Frame#setMaximizedbounds not working properly in multi screen environments + JDK-8183369: RFC unconformity of HttpURLConnection with proxy + JDK-8187078: -XX:+VerifyOops finds numerous problems when running JPRT + JDK-8189861: Refactor CacheFind + JDK-8191169: java/net/Authenticator/B4769350.java failed intermittently + JDK-8191930: [Graal] emits unparseable XML into compile log + JDK-8193879: Java debugger hangs on method invocation + JDK-8196019: java/awt/Window/Grab/GrabTest.java fails on Windows + JDK-8196181: sun/java2d/GdiRendering/InsetClipping.java fails + JDK-8198000: java/awt/List/EmptyListEventTest/EmptyListEventTest.java debug assert on Windows + JDK-8198001: java/awt/Menu/WrongParentAfterRemoveMenu/ /WrongParentAfterRemoveMenu.java debug assert on Windows + JDK-8198339: Test javax/swing/border/Test6981576.java is unstable + JDK-8200701: jdk/jshell/ExceptionsTest.java fails on Windows, after JDK-8198801 + JDK-8203264: JNI exception pending in PlainDatagramSocketImpl.c:740 + JDK-8203672: JNI exception pending in PlainSocketImpl.c + JDK-8203673: JNI exception pending in DualStackPlainDatagramSocketImpl.c:398 + JDK-8204834: Fix confusing 'allocate' naming in OopStorage + JDK-8205399: Set node color on pinned HashMap.TreeNode deletion + JDK-8205653: test/jdk/sun/management/jmxremote/bootstrap/ /RmiRegistrySslTest.java and RmiSslBootstrapTest.sh fail with handshake_failure + JDK-8206179: com/sun/management/OperatingSystemMXBean/ /GetCommittedVirtualMemorySize.java fails with Committed virtual memory size illegal value + JDK-8207334: VM times out in VM_HandshakeAllThreads::doit() with RunThese30M + JDK-8208277: Code cache heap (-XX:ReservedCodeCacheSize) doesn't work with 1GB LargePages

Advisory ID	SUSE-SU-2020:2144-1
Released	Thu Aug 6 11:07:58 2020
Summary	Security update for wireshark
Type	security
Severity	moderate
References	1169063,1171899,1173606,CVE-2020-11647,CVE-2020-13164,CVE-2020-15466

Description:

This update for wireshark fixes the following issues:

Wireshark to 3.2.5: * CVE-2020-15466: GVCP dissector infinite loop (bsc#1173606) * CVE-2020-13164: NFS dissector crash (bsc#1171899) * CVE-2020-11647: The BACapp dissector could crash (bsc#1169063)
Further features, bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-3.2.5.html

Advisory ID	SUSE-SU-2020:2147-1
Released	Thu Aug 6 13:36:01 2020
Summary	Security update for MozillaFirefox
Type	security
Severity	important
References	1171433,1174538,CVE-2020-15652,CVE-2020-15653,CVE-2020-15654,CVE-2020-15655,CVE-2020-15656,CVE-2020-15657,CVE-2020-15658,CVE-2020-15659,CVE-2020-6463,CVE-2020-6514

Description:

This update for MozillaFirefox fixes the following issues:
This update for MozillaFirefox and pipewire fixes the following issues:
MozillaFirefox Extended Support Release 78.1.0 ESR

Fixed: Various stability, functionality, and security fixes (bsc#1174538)
CVE-2020-15652: Potential leak of redirect targets when loading scripts in a worker
CVE-2020-6514: WebRTC data channel leaks internal address to peer
CVE-2020-15655: Extension APIs could be used to bypass Same-Origin Policy
CVE-2020-15653: Bypassing iframe sandbox when allowing popups
CVE-2020-6463: Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture
CVE-2020-15656: Type confusion for special arguments in IonMonkey
CVE-2020-15658: Overriding file type when saving to disk
CVE-2020-15657: DLL hijacking due to incorrect loading path
CVE-2020-15654: Custom cursor can overlay user interface
CVE-2020-15659: Memory safety bugs fixed in Firefox 79 and Firefox ESR 78.1

pipewire was updated to version 0.3.6 (bsc#1171433, jsc#ECO-2308):

Extensive memory leak fixing and stress testing was done. A big leak in screen sharing with DMA-BUF was fixed.
Compile fixes
Stability improvements in jack and pulseaudio layers.
Added the old portal module to make the Camera portal work again. This will be moved to the session manager in future versions.
Improvements to the GStreamer source and sink shutdown.
Fix compatibility with v2 clients again when negotiating buffers.

Advisory ID	SUSE-RU-2020:2148-1
Released	Thu Aug 6 13:36:17 2020
Summary	Recommended update for ca-certificates-mozilla
Type	recommended
Severity	important
References	1174673

Description:

This update for ca-certificates-mozilla fixes the following issues:
Update to 2.42 state of the Mozilla NSS Certificate store (bsc#1174673)
Removed CAs:
* AddTrust External CA Root * AddTrust Class 1 CA Root * LuxTrust Global Root 2 * Staat der Nederlanden Root CA - G2 * Symantec Class 1 Public Primary Certification Authority - G4 * Symantec Class 2 Public Primary Certification Authority - G4 * VeriSign Class 3 Public Primary Certification Authority - G3
Added CAs:
* certSIGN Root CA G2 * e-Szigno Root CA 2017 * Microsoft ECC Root Certificate Authority 2017 * Microsoft RSA Root Certificate Authority 2017

Advisory ID	SUSE-SU-2020:2172-1
Released	Fri Aug 7 16:11:00 2020
Summary	Security update for perl-XML-Twig
Type	security
Severity	moderate
References	1008644,CVE-2016-9180

Description:

This update for perl-XML-Twig fixes the following issues:

Security fix [bsc#1008644, CVE-2016-9180] * Setting expand_external_ents to 0 or -1 currently doesn't work as expected; To completely turn off expanding external entities use no_xxe. * Update documentation for XML::Twig to mention problems with expand_external_ents and add information about new no_xxe argument

Advisory ID	SUSE-SU-2020:2197-1
Released	Tue Aug 11 13:32:49 2020
Summary	Security update for libX11
Type	security
Severity	important
References	1174628,CVE-2020-14344

Description:

This update for libX11 fixes the following issues:

Fixed XIM client heap overflows (CVE-2020-14344, bsc#1174628).

Advisory ID	SUSE-RU-2020:2210-1
Released	Wed Aug 12 06:24:02 2020
Summary	Recommended update for osc
Type	recommended
Severity	moderate
References	1173926

Description:

This update for osc fixes the following issues:

Fix for performance issues by assuming utf-8 or latin-1 as default, and speed up decoding. (bsc#1173926)

Advisory ID	SUSE-RU-2020:2219-1
Released	Wed Aug 12 15:47:42 2020
Summary	Recommended update for supportutils-plugin-suse-public-cloud and python3-azuremetadata
Type	recommended
Severity	moderate
References	1170475,1170476,1173238,1173240,1173357,1174618,1174847

Description:

This update for supportutils-plugin-suse-public-cloud and python3-azuremetadata fixes the following issues:
supportutils-plugin-suse-public-cloud:

Fixes an error when supportutils-plugin-suse-public-cloud and supportutils-plugin-salt are installed at the same time (bsc#1174618)
Sensitive information like credentials (such as access keys) will be removed when the metadata is being collected (bsc#1170475, bsc#1170476)

python3-azuremetadata:

Added latest support for `--listapis` and `--api` (bsc#1173238, bsc#1173240)
Detects when the VM is running in ASM (Azure Classic) and does now handle the condition to generate the data without requiring access to the full IMDS available, only in ARM instances (bsc#1173357, bsc#1174847)

Advisory ID	SUSE-RU-2020:2220-1
Released	Wed Aug 12 16:23:08 2020
Summary	Recommended update for hawk2
Type	recommended
Severity	moderate
References

Description:

This update for hawk2 fixes the following issue:
Update to version 2.1.2+git.1594886920.d00b94aa:

Update puma rubygem requirement to version 4.3.5 for disabling TLSv1.0 and TLSv1.1 (jsc#SLE-6965)

Advisory ID	SUSE-RU-2020:2236-1
Released	Thu Aug 13 13:06:27 2020
Summary	Recommended update for wireguard-tools
Type	recommended
Severity	moderate
References

Description:

This update for wireguard-tools fixes the following issues:
Update to version 1.0.20200513

Makefile: remember to install all systemd units
ipc: openbsd: switch to array ioctl interface

Update to version 1.0.20200510

ipc: add support for openbsd kernel implementation
ipc: cleanup openbsd support
wg-quick: add support for openbsd kernel implementation
wg-quick: cleanup openbsd support
wg-quick: support dns search domains
Makefile: simplify silent cleaning
git: add gitattributes so tarball doesn't have gitignore files
terminal: specialize color_mode to stdout only
highlighter: insist on 256-bit keys, not 257-bit or 258-bit
wg-quick: android: support application whitelist
systemd: add wg-quick.target

Update to version 1.0.20200319

netlink: initialize mostly unused field
curve25519: squelch warnings on clang
man: fix grammar in wg(8) and wg-quick(8)
man: backlink wg-quick(8) in wg(8)
man: add a warning to the SaveConfig description
wincompat: use string_list instead of inflatable_buffer

Update to version 1.0.20200206

man: document dynamic debug trick for Linux
extract-{handshakes,keys}: rework for upstream kernel
netlink: remove libmnl requirement
embeddable-wg-library: use newer string_list
netlink: don't pretend that sysconf isn't a function
Small cleanups.

Update to version 1.0.20200121

Makefile: add standard 'all' target
ipc: simplify inflatable buffer and add fuzzer
fuzz: add generic command argument fuzzer
fuzz: add set and setconf fuzzers
netlink: make sure to clear return value when trying again
Makefile: sort inputs to linker so that build is reproducible

Initial package, version 1.0.20200102

Advisory ID	SUSE-RU-2020:2252-1
Released	Mon Aug 17 14:16:31 2020
Summary	Recommended update for python-parallax
Type	recommended
Severity	moderate
References	1174894

Description:

This update for python-parallax fixes the following issue:

Change format of scp command for ipv6 compatibility. (bsc#1174894)

Advisory ID	SUSE-RU-2020:2254-1
Released	Mon Aug 17 15:07:18 2020
Summary	Recommended update for prometheus-sap_host_exporter and prometheus-ha_cluster_exporter
Type	recommended
Severity	moderate
References	1174429

Description:

This update for prometheus-sap_host_exporter and prometheus-ha_cluster_exporter fixes the following issues:
prometheus-sap_host_exporter:

Added * --version command line parameter

Fixed * Some usage details are now further clarified

prometheus-ha_cluster_exporter:

Features * Added support for corosync v3

Changed * The CLI flag --enable-timestamps and its config option have been marked as deprecated

Fixes * Fixed an issue with `corosync-quorumtool` parsing in Corosync v2.3.6

Advisory ID	SUSE-RU-2020:2256-1
Released	Mon Aug 17 15:08:46 2020
Summary	Recommended update for sysfsutils
Type	recommended
Severity	moderate
References	1155305

Description:

This update for sysfsutils fixes the following issue:

Fix cdev name comparison. (bsc#1155305)

Advisory ID	SUSE-SU-2020:2265-1
Released	Tue Aug 18 12:08:55 2020
Summary	Security update for postgresql12
Type	security
Severity	important
References	1175193,1175194,CVE-2020-14349,CVE-2020-14350

Description:

This update for postgresql12 fixes the following issues:

update to 12.4: * CVE-2020-14349, bsc#1175193: Set a secure search_path in logical replication walsenders and apply workers * CVE-2020-14350, bsc#1175194: Make contrib modules' installation scripts more secure. * https://www.postgresql.org/docs/12/release-12-4.html

Advisory ID	SUSE-RU-2020:2280-1
Released	Wed Aug 19 21:27:31 2020
Summary	Recommended update for devscripts
Type	recommended
Severity	moderate
References	1174163

Description:

This update for devscripts fixes the following issue:
Update from version 2.15.1 to version 2.19.5 (bsc#1174163)

Add conflicts on packages with the same binaries.
Fixed license tag as suggested by licensedigger.
Changed download location for source tarball from Debian package pool to salsa.debian.org to avoid download errors.
Remove support for ancient openSUSE and non-SUSE distributions.

Advisory ID	SUSE-RU-2020:2281-1
Released	Wed Aug 19 21:28:12 2020
Summary	Recommended update for openssl-1_0_0
Type	recommended
Severity	moderate
References	1174459

Description:

This update for openssl-1_0_0 fixes the following issue:

Versioning the exported symbols and avoid failures due to the lack of versioning. (bsc#1174459)

Advisory ID	SUSE-RU-2020:2282-1
Released	Wed Aug 19 21:28:40 2020
Summary	Recommended update for libgit2
Type	recommended
Severity	moderate
References	1157473

Description:

This update for libgit2 provides the following fix:

Include the libgit2 package in SUSE Manager Server 4.0, no source changes made. (bsc#1157473)

Advisory ID	SUSE-RU-2020:2289-1
Released	Fri Aug 21 10:58:57 2020
Summary	Recommended update for davfs2
Type	recommended
Severity	moderate
References	1173419

Description:

This update for davfs2 fixes the following issue:

Respect nofail option and avoid to fail upon boot if the remote resource is not available. (bsc#1173419)

Advisory ID	SUSE-RU-2020:2314-1
Released	Tue Aug 25 15:31:17 2020
Summary	Recommended update for cloud-regionsrv-client
Type	recommended
Severity	moderate
References	1174731,1174732,1174743,1174791,1174837,1174937

Description:

This update for cloud-regionsrv-client contains the following fixes:

Update to version 9.1.2: (bsc#1174791, bsc#1174937) + Implement changes to configure the client to use https only for outbound traffic
plugin-ec2 to version 1.0.1 (bsc#1174743, bsc#1174837) + Prefer IMDSv2 and switch all IMDS access requests to support v2 token based access method.

Update to version 9.1.1: (bsc#1174731, bsc#1174732) + Do not immediately failover to a sibling system. Upon contact failure to the target system give the server/route time to recover. We have seen network instability trigger a pre-mature failover during initial registration causing problems later during updates. + When we do failover make sure the access credentials are known to the new target

Advisory ID	SUSE-RU-2020:2316-1
Released	Tue Aug 25 15:38:19 2020
Summary	Recommended update for regionServiceClientConfigEC2
Type	recommended
Severity	moderate
References	1174791,1174937

Description:

This update for regionServiceClientConfigEC2 contains the following fixes:

Update to version 2.2.1 (bsc#1174791, bsc#1174937) + New configuration to switch to https only outgoing traffic.

Advisory ID	SUSE-RU-2020:2318-1
Released	Tue Aug 25 15:39:22 2020
Summary	Recommended update for python3-ec2metadata
Type	recommended
Severity	moderate
References	1174743,1174837

Description:

This update for python3-ec2metadata contains the following fixes:

Update to version 3.0.3 (bsc#1174743, bsc#1174837) + Prefer IMDSv2 and switch all IMDS access requests to support v2 token based access method.

Advisory ID	SUSE-SU-2020:2240-1
Released	Tue Aug 25 19:03:12 2020
Summary	Security update for xorg-x11-server
Type	security
Severity	important
References	1174633,1174635,1174638,CVE-2020-14345,CVE-2020-14346,CVE-2020-14347

Description:

This update for xorg-x11-server fixes the following issues:

CVE-2020-14347: Leak of uninitialized heap memory from the X server to clients on pixmap allocation (bsc#1174633, ZDI-CAN-11426).
CVE-2020-14346: XIChangeHierarchy Integer Underflow Privilege Escalation Vulnerability (bsc#1174638, ZDI-CAN-11429).
CVE-2020-14345: XKB out-of-bounds access privilege escalation vulnerability (bsc#1174635, ZDI-CAN-11428).

Advisory ID	SUSE-RU-2020:2338-1
Released	Wed Aug 26 13:45:01 2020
Summary	Recommended update for cloud-regionsrv-client
Type	recommended
Severity	important
References	1175752,1175753

Description:

This update for cloud-regionsrv-client fixes the following issues:

Fixed an issue where the cache object for the update server was incomplete (bsc#1175752, bsc#1175753)

Advisory ID	SUSE-RU-2020:2341-1
Released	Wed Aug 26 15:57:46 2020
Summary	Recommended update for regionServiceClientConfigGCE
Type	recommended
Severity	moderate
References	1174791,1174937

Description:

This update for regionServiceClientConfigGCE contains the following fixes:

Update to version 3.0.1. (bsc#1174791, bsc#1174937) + New configuration to switch to https only outgoing traffic.

Advisory ID	SUSE-RU-2020:2349-1
Released	Wed Aug 26 17:15:21 2020
Summary	Recommended update for hyper-v
Type	recommended
Severity	moderate
References	1093910,1174443,1174444

Description:

This update for hyper-v fixes the following issues:

Remove dependency to network-online.target now that gethostname is used in kvp_daemon. (bsc#1174443, bsc#1174444)
Reopen the devices if read() or write() returns errors.
Use either python2 or python3 for lsvmbus. (bsc#1093910)
Remove sysv init scripts.
Enable build on aarch64.

Advisory ID	SUSE-SU-2020:2373-1
Released	Fri Aug 28 12:58:51 2020
Summary	Security update for SUSE Manager 4.1.1
Type	security
Severity	moderate
References	1136857,1165572,1169553,1169780,1170244,1170468,1170654,1171281,1172279,1172504,1172709,1172807,1172831,1172839,1173169,1173522,1173535,1173554,1173566,1173584,1173932,1173982,1173997,1174025,1174167,1174201,1174229,1174325,1174405,1174470,1174965,1175485,1175555,1175558,1175724,1175791,678126,CVE-2020-11022

Description:

This consolidated update includes multiple patchinfos for SUSE Manager Server and Proxy. This patchinfo is used for the codestream release only.

Advisory ID	SUSE-RU-2020:2378-1
Released	Fri Aug 28 14:52:31 2020
Summary	Recommended update for python-azure-agent
Type	recommended
Severity	moderate
References	1175198

Description:

This update for python-azure-agent contains the following fix:

Drop paa_sudo_sle15_nopwd.patch (bsc#1175198) + sudoers file is managed by cloud-init we no longer need this hack

Advisory ID	SUSE-RU-2020:2380-1
Released	Fri Aug 28 14:54:08 2020
Summary	Recommended update for supportutils-plugin-suse-public-cloud
Type	recommended
Severity	moderate
References	1175250,1175251

Description:

This update for supportutils-plugin-suse-public-cloud contains the following fix:

Update to version 1.0.5: (bsc#1175250, bsc#1175251) + Query for new GCE initialization code packages

Advisory ID	SUSE-RU-2020:2394-1
Released	Mon Aug 31 17:16:14 2020
Summary	Recommended update for lifecycle-data-sle-module-live-patching
Type	recommended
Severity	moderate
References	1020320

Description:

This update for lifecycle-data-sle-module-live-patching fixes the following issue:
Live kernel patching update data. (bsc#1020320)

New data for 4_12_14-150_55, 4_12_14-197_48, 5_3_18-22, 5_3_18-24_9.

Advisory ID	SUSE-RU-2020:2415-1
Released	Tue Sep 1 13:45:00 2020
Summary	Recommended update for python-kiwi
Type	recommended
Severity	moderate
References	1096738,1165730,1172908,1173226,1173356,1174009

Description:

This update for python-kiwi contains the following fixes:

Bump version up to 9.21.7: This version upgrade includes several fixes:

* Skip filesystem check for XFS prior xfs_grow running xfs_repair check isn't strictly necessary before resizing, and in some cases it may even prevent resizing by giving an error that would be cleared through mounting the fs (e.g. when the fs wasn't cleanly umounted, and thus letting xfs recover and replay its journal). Given that xfs can only grow online (while being mounted), this is sufficient to ensure that the fs is in a state where it can be resized. This is related to bsc#1174009. (bsc#1174009)
* Fixed grub setup in EFI/BOOT directory
kiwi copied the same grub.cfg file as it exists in boot/grub2 to the efi path. This is wrong as the setup in the efi boot directory is used to enable normal grub loading and not providing the user grub configuration. In addition the changes here makes sure that the early grub boot code is placed into the system in any EFI case except for secure boot when shim-install is present. If shim-install is present it also creates the early grub boot setup such that kiwi doesn't have to do it. This Fixes #1491 and Fixes bsc#1172908. (bsc#1172908)
* Use rsync in inplace transfer mode
Using the --inplace option in rsync helps to save space on syncing the rootfs data and prevents e.g OBS workers from running out of VM space when transfering root filesystem data. Also using --inplace allows to keep hardlinks intact. This is related to bsc#1096738. (bsc#1096738)
* Don't keep copy of grub2-install in the system
To prevent shim-install from calling grub2-install in uefi mode kiwi temporary replaces the tool by a noop. This acts as a workaround for an issue in shim-install. However the workaround left a file copy of grub2-install in the system which should not happen. This commit Fixes bsc#1173226 and Fixes #1490. (bsc#1173226)
* Fixes live ISOs
This commit fixes iso images. Due to a change introduced in c7ed1cf live ISOs were no longer booting as the rootfs.img filesystem was copied to the squashfs container while being still mounted. Because of that, at boot time, it refused to mount. This commit adds umount method for the filesystem base class, so it can be umounted before deleting the instance. Fixes #1489 and bsc#1173356. (bsc#1173356)
* Support grub timeout_style parameter
Grub supports a style setting that influences the display of the menu depending on the configured timeout value. With this patch kiwi allows to specify the style via a new bootloader parameter named timeout_style='hidden|countdown'. If not set the grub default applies which shows the menu in any case. This Fixes bsc#1165730 and Fixes #1404. (bsc#1165730)
* Use auto video mode as default for grub
An explicit video mode 800x600 was used for grub if no video mode setup exists in the XML description. For grub this should better result in the auto mode. Related to bsc#1165730. (bsc#1165730)

Advisory ID	SUSE-RU-2020:2420-1
Released	Tue Sep 1 13:48:35 2020
Summary	Recommended update for zlib
Type	recommended
Severity	moderate
References	1174551,1174736

Description:

This update for zlib provides the following fixes:

Permit a deflateParams() parameter change as soon as possible. (bsc#1174736)
Fix DFLTCC not flushing EOBS when creating raw streams. (bsc#1174551)

Advisory ID	SUSE-RU-2020:2424-1
Released	Tue Sep 1 13:53:52 2020
Summary	Recommended update for yast2-rmt
Type	recommended
Severity	moderate
References	1171555,1172674

Description:

This update for yast2-rmt fixes the following issues:

Handle Common Name length. (bsc#1172674)
Changed placeholders in translatable strings to support better the 'gettext' language format tags. (bsc#1171555)

Advisory ID	SUSE-RU-2020:2425-1
Released	Tue Sep 1 13:54:05 2020
Summary	Recommended update for nfs-utils
Type	recommended
Severity	moderate
References	1174260

Description:

This update for nfs-utils fixes the following issues:

Fix a bug when concurrent 'gssd' requests arrive from kernel, causing hanging NFS mounts. (bsc#1174260)

Advisory ID	SUSE-RU-2020:2440-1
Released	Tue Sep 1 22:14:33 2020
Summary	Recommended update for libmaxminddb
Type	recommended
Severity	moderate
References	1175006

Description:

This update for libmaxminddb fixes the following issues:

update to 1.4.3: * Use of uninitialized memory in dump_entry_data_list() could have cause a heap buffer flow in mmdblookup [bsc#1175006]

Advisory ID	SUSE-SU-2020:2452-1
Released	Wed Sep 2 13:58:24 2020
Summary	Security update for xorg-x11-server
Type	security
Severity	important
References	1174910,1174913,CVE-2020-14361,CVE-2020-14362

Description:

This update for xorg-x11-server fixes the following issues:

CVE-2020-14361: Fix XkbSelectEvents() integer underflow (bsc#1174910 ZDI-CAN-11573).
CVE-2020-14362: Fix XRecordRegisterClients() Integer underflow (bsc#1174913 ZDI-CAN-11574).

Advisory ID	SUSE-SU-2020:2453-1
Released	Wed Sep 2 13:59:21 2020
Summary	Security update for java-1_8_0-ibm
Type	security
Severity	moderate
References	1174157,1175259,CVE-2019-17639,CVE-2020-14556,CVE-2020-14577,CVE-2020-14578,CVE-2020-14579,CVE-2020-14581,CVE-2020-14583,CVE-2020-14593,CVE-2020-14621

Description:

This update for java-1_8_0-ibm fixes the following issues:

Update to Java 8.0 Service Refresh 6 Fix Pack 15 [bsc#1175259, bsc#1174157] CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581 CVE-2020-14556 CVE-2020-14621 CVE-2020-14593 CVE-2020-14583 CVE-2019-17639 * Class Libraries: - JAVA.UTIL.ZIP.DEFLATER OPERATIONS THROW JAVA.LANG.INTERNALERROR - JAVA 8 DECODER OBJECTS CONSUME A LARGE AMOUNT OF JAVA HEAP - TRANSLATION MESSAGES UPDATE FOR JCL - UPDATE TIMEZONE INFORMATION TO TZDATA2020A * Java Virtual Machine: - IBM JAVA REGISTERS A HANDLER BY DEFAULT FOR SIGABRT - LARGE MEMORY FOOTPRINT HELD BY TRACECONTEXT OBJECT * JIT Compiler: - CRASH IN THE INTERPRETER AFTER OSR FROM INLINED SYNCHRONIZED METHOD IN DEBUGGING MODE - INTERMITTENT ASSERTION FAILURE REPORTED - CRASH IN RESOLVECLASSREF() DURING AOT LOAD - JIT CRASH DURING CLASS UNLOADING IN J9METHOD_HT::ONCLASSUNLOADING() - SEGMENTATION FAULT WHILE COMPILING A METHOD - UNEXPECTED CLASSCASTEXCEPTION THROWN IN HIGH LEVEL PARALLEL APPLICATION ON IBM Z PLATFORM * Security: - CERTIFICATEEXCEPTION OCCURS WHEN FILE.ENCODING PROPERTY SET TO NON DEFAULT VALUE - CHANGES TO IBMJCE AND IBMJCEPLUS PROVIDERS - IBMJCEPLUS FAILS, WHEN THE SECURITY MANAGER IS ENABLED, WITH DEFAULT PERMISSIONS, SPECIFIED IN JAVA.POLICY FILE - IN CERTAIN INSTANCES, IBMJCEPLUS PROVIDER THROWS EXCEPTION FROM KEYFACTORY CLASS

Advisory ID	SUSE-RU-2020:2464-1
Released	Wed Sep 2 23:25:41 2020
Summary	Recommended update for icewm
Type	recommended
Severity	moderate
References	1170420,1173441

Description:

This update for icewm fixes the following issues:

Fixes an issue where icewm updates could no longer be installed (bsc#1173441, bsc#1170420)

Advisory ID	SUSE-RU-2020:2470-1
Released	Wed Sep 2 23:29:43 2020
Summary	Recommended update for lshw
Type	recommended
Severity	moderate
References	1168865,1169668,1172156

Description:

This update for lshw fixes the following issues:

Fixes the detection of powerpc products (bsc#1172156)
Fixed an issue where lshw crashed on powerpc and aarch64 (bsc#1168865, bsc#1169668)

Advisory ID	SUSE-SU-2020:2474-1
Released	Thu Sep 3 12:10:29 2020
Summary	Security update for libX11
Type	security
Severity	moderate
References	1175239,CVE-2020-14363

Description:

This update for libX11 fixes the following issues:

CVE-2020-14363: Fix an integer overflow in init_om() (bsc#1175239).

Advisory ID	SUSE-RU-2020:2489-1
Released	Fri Sep 4 11:39:19 2020
Summary	Recommended update for fwupdate
Type	recommended
Severity	moderate
References	1174543

Description:

This update of fwupdate fixes the following issue:

rebuilt with new signing key. (bsc#1174543)

Advisory ID	SUSE-RU-2020:2549-1
Released	Fri Sep 4 18:25:50 2020
Summary	Recommended update for OpenStack clients
Type	recommended
Severity	moderate
References	1121610,1174571,917818

Description:

Updated OpenStack clients to the latest OpenStack release named Ussuri.

Advisory ID	SUSE-RU-2020:2556-1
Released	Mon Sep 7 14:31:43 2020
Summary	Recommended update for python3-azuremetadata
Type	recommended
Severity	moderate
References	1175609,1175610

Description:

This update for python3-azuremetadata contains the following fix:

Fix provides directive (bsc#1175609, bsc#1175610) + The provides directive must set a version or update does not work as expected

Advisory ID	SUSE-RU-2020:2558-1
Released	Mon Sep 7 14:32:59 2020
Summary	Recommended update for tomcat
Type	recommended
Severity	moderate
References	1092163,1172562,1173103

Description:

This update for tomcat fixes the following issues:

Fixed the package alternatives for tomcat-servlet-4_0-api to use /usr/share/java/servlet.jar instead of /usr/share/java/tomcat-servlet.jar - We kept /usr/share/java/tomcat-servlet.jar as a symlink for compatibility reasons (bsc#1092163)
Removed write permissions on several files and directories for the tomcat group (bsc#1172562)
Changed the tomcat.pid location from /var/run to /run (bsc#1173103)

Advisory ID	SUSE-RU-2020:2559-1
Released	Mon Sep 7 14:33:27 2020
Summary	Recommended update for xrdp
Type	recommended
Severity	moderate
References	1171415

Description:

This update for xrdp fixes the following issue:

Fallback session to icewm when a selected desktop environment is not found (bsc#1171415)

Advisory ID	SUSE-RU-2020:2567-1
Released	Tue Sep 8 12:03:33 2020
Summary	Recommended update for azure-li-services
Type	recommended
Severity	important
References

Description:

This update for azure-li-services fixes the following issues:

Update prometheus monitoring modules for the LI and VLI images for SLE15-SP1/SP2 and GA. (jsc#SLE-10545, jsc#SLE-10902, jsc#SLE-10903, jsc#ECO-817, jsc#ECO-818)

Advisory ID	SUSE-OU-2020:2568-1
Released	Tue Sep 8 13:55:56 2020
Summary	Optional update for iscsi-formula
Type	optional
Severity	important
References

Description:

This update adds iscsi-formula to the SLES for SAP products. (jsc#ECO-2443, jsc#ECO-1965, jsc#SLE-4047)

Advisory ID	SUSE-RU-2020:2594-1
Released	Thu Sep 10 14:02:49 2020
Summary	Recommended update for clone-master-clean-up
Type	recommended
Severity	moderate
References	1174147

Description:

This update for clone-master-clean-up fixes the following issues:

Cleanup salt client ID and 'osad' authentication configuration file and the system ID. (bsc#1174147)

Advisory ID	SUSE-RU-2020:2616-1
Released	Mon Sep 14 10:34:31 2020
Summary	Recommended update for python-argparse-manpage
Type	recommended
Severity	low
References

Description:

This update for python-argparse-manpage fixes the following issues:

Made the multiline text look better

Advisory ID	SUSE-RU-2020:2630-1
Released	Mon Sep 14 18:26:03 2020
Summary	Recommended update for biosdevname
Type	recommended
Severity	moderate
References	1174491

Description:

This update for biosdevname fixes the following issues:

Read DMI info rom sysfs. (bsc#1174491) A kernel with Secure Boot lockdown may prohibit reading the contents of /dev/mem, hence biosdevname fails. The recent kernel provides the DMI byte contents in /sys/firmware/dmi/tables/*.
Add buffer read helper using read explicitly. mmap can't work well with a sysfs file and it's required to read the contents explicitly via read, even if USE_MMAP is enabled.

Advisory ID	SUSE-RU-2020:2639-1
Released	Tue Sep 15 16:23:43 2020
Summary	Recommended update for realmd
Type	recommended
Severity	moderate
References	1175616

Description:

This update for realmd fixes the following issue:

Fix pam misconfiguration. (bsc#1175616)

Advisory ID	SUSE-SU-2020:2646-1
Released	Wed Sep 16 12:07:28 2020
Summary	Security update for perl-DBI
Type	security
Severity	important
References	1176409,1176412,CVE-2020-14392,CVE-2020-14393

Description:

This update for perl-DBI fixes the following issues:
Security issues fixed:

CVE-2020-14392: Memory corruption in XS functions when Perl stack is reallocated (bsc#1176412).
CVE-2020-14393: Fixed a buffer overflow on an overlong DBD class name (bsc#1176409).

Advisory ID	SUSE-RU-2020:2651-1
Released	Wed Sep 16 14:42:55 2020
Summary	Recommended update for zlib
Type	recommended
Severity	moderate
References	1175811,1175830,1175831

Description:

This update for zlib fixes the following issues:

Fix compression level switching (bsc#1175811, bsc#1175830, bsc#1175831)
Enable hardware compression on s390/s390x (jsc#SLE-13776)

Advisory ID	SUSE-RU-2020:2655-1
Released	Wed Sep 16 14:44:27 2020
Summary	Recommended update for google-guest-agent, google-guest-configs, google-guest-oslogin
Type	recommended
Severity	moderate
References	1174745,1175173,1175740,1175741

Description:

This update for google-guest-agent, google-guest-configs, google-guest-oslogin contains the following fixes:

Update to version 20200819.00. (bsc#1175740, bsc#1175741) * handle oslogin enable/disable cases (#70). (bsc#1175173) * add README (#69) * Fix metric for addIPForwardEntry (#68) * Correctly determine default route index (#67) * oslogin: dont add entry to pam.d/su (#66) * end group.conf with newline (#64) * Add source field in googet spec (#59) * Set route to metadata on interface with default route (#47) * fix typo in boto.cfg (#62)
Properly handle enabling of systemd services when upgrading from the old google-compute-engine-init package (bsc#1174745)

Update to version 20200626.00. (bsc#1175740, bsc#1175741) * Updates the udev rules for local SSD disks. (#9) * Fix tx affinity logic when number of CPUs is above 32 (#6)

Switch udev requires to pkgconfig to allow the build service to use the -mini package for build optimization

Update to version 20200819.00. (bsc#1175740, bsc#1175741) * deny non-2fa users (#37) * use asterisks instead (#39) * set passwords to ! (#38) * correct index 0 bug (#36) * Support security key generated OTP challenges. (#35)

No post action for ssh

Advisory ID	SUSE-RU-2020:2658-1
Released	Wed Sep 16 14:45:24 2020
Summary	Recommended update for build
Type	recommended
Severity	moderate
References	1170956,1172563,1174854

Description:

This update for build fixes the following issues:

fix factory version in config file (bsc#1170956)
add missing ignores for Leap 15.2 (bsc#1174854)
fix sysrq handling for KVM builds
avoid double removal of obscpio files
docker: * support builds using USER root statements * proper error handling when obs-docker-support gets called as non-root * helm build target support * support milestone handling
support repo files without types set (SLE 15 SP2 zypp)
add default substitute for system-packages:repo-creation
Support recursive kiwi profile usage

fix dependencies for Fedora 33
Set $YAML::XS::LoadBlessed = 0 for Appimage/Snapcraft
add a new variable to track build time needed for ccache eviction
create folder for ccache archive to be copied before rsync
also package pkg-config files by default into baselibs. (bsc#1172563)
Use shorter kernel flag for mitigations
Ignore, if shutdown behavior changed by build in z/VM
Control disk-space consumption while creating ccache archive
cleaning ccache
create folders before trying to copy ccache.tar
Generate .packages and .basepackages files for docker builds

enable sysrq operations on boot
Set kvm_serial_device to virtio-serial in the fixup
Split console arg setting code into kvm_add_console_args
Update for zVM to make container builds work.
Write to /proc/sys/kernel/hostname if the hostname command is not available
Use --cgroup-manager=cgroupfs when calling podman
Also squash by default in podman builds
Support different interpreters in prein/postin scriptlets
Use grep -E instead of egrep to check for the needsbinariesforbuild flag
Use new Build::Intrepo module
Add new Intrepo module to read/write build's internal repo format
remove .gz from _ccache archive as it is no longer compressed
Add support for Arch in build-recipe-kiwi
Autodetect whether to use --pipe option of systemd-nspawn.
Split parse_depfile() from readdeps()
enable compression on ccache
add bugzilla numbers for s390 workaround
extend --ccache to generate _ccache.tar.gz and implement --pkg-ccache
disable transparent_hugepage on s390x guests for now, causes hangs
set buildflavor also for Build::parse

Leap 15.2 config update (libzstd1 for rpm)
handle obscpio extraction error as fatal
Return correct exit code from systemd-nspawn build
Spec parser: do not parse included files from end to start
running disk full check also outside of VM
run disk full check only for chroot

Spec parser: add support for %elif, %elifarch, %elifos
Support rpm's %include statement (EXPERIMENTAL, known limitations)
Do not do vminstall expansion in expanddeps unless --vm is used

15.2 config: preinstall gcrypt deps again
Recommends for Fedora based distros
support obsgendiff functionality
various smaller code cleanups
additional test cases for spec file parsing
various fixes for cornercases during spec file parsing

fix regression in && operator handling of rpm spec file parser
Correctly expand macros defined with %global

15.2 config: temporary revert gcrypt preinstall until distro has changed
factory config: ignore libxtables for iproute2, not needed for ip tool
Follow upstream rpm changes in regard to logical ops
Fix macro expansion of lines containing newlines
add missing header file to avoid compile warnings

support OBS-Milestone comment for kiwi
switch to preinstall expansion for factory

Advisory ID	SUSE-RU-2020:2659-1
Released	Wed Sep 16 14:46:06 2020
Summary	Recommended update for openwsman
Type	recommended
Severity	moderate
References	1174541,1175631

Description:

This update for openwsman fixes the following issues:

Don't crash if OpenSSL SSL context fails to initialize. (bsc#1175631)
Adapt to openssl 1.1.1. (bsc#1174541)

Advisory ID	SUSE-RU-2020:2667-1
Released	Thu Sep 17 14:46:50 2020
Summary	Recommended update for openssl-1_0_0
Type	recommended
Severity	moderate
References	1175429

Description:

This update for openssl-1_0_0 fixes the following issues:

Provide the same symbols as other distros in a compatible package. (bsc#1175429)
Add OPENSSL_1.0.1_EC symbol. (bsc#1175429)

Advisory ID	SUSE-RU-2020:2676-1
Released	Thu Sep 17 23:48:03 2020
Summary	Recommended update for star
Type	recommended
Severity	moderate
References	1170726

Description:

This update for star fixes the following issues:

Support backreferences for spax. (bsc#1170726) The subst command for pax now supports the \1, \2, ... escapes for $...$ selections in the from pattern, like it is used by sed(1).

Advisory ID	SUSE-SU-2020:2689-1
Released	Mon Sep 21 10:56:11 2020
Summary	Security update for jasper
Type	security
Severity	moderate
References	1010979,1010980,1020451,1020456,1020458,1020460,1045450,1057152,1088278,1114498,1115637,1117328,1120805,1120807,CVE-2016-9398,CVE-2016-9399,CVE-2017-14132,CVE-2017-5499,CVE-2017-5503,CVE-2017-5504,CVE-2017-5505,CVE-2017-9782,CVE-2018-18873,CVE-2018-19139,CVE-2018-19543,CVE-2018-20570,CVE-2018-20622,CVE-2018-9252

Description:

This update for jasper fixes the following issues:

CVE-2016-9398: Improved patch for already fixed issue (bsc#1010979).
CVE-2016-9399: Fix assert in calcstepsizes (bsc#1010980).
CVE-2017-5499: Validate component depth bit (bsc#1020451).
CVE-2017-5503: Check bounds in jas_seq2d_bindsub() (bsc#1020456).
CVE-2017-5504: Check bounds in jas_seq2d_bindsub() (bsc#1020458).
CVE-2017-5505: Check bounds in jas_seq2d_bindsub() (bsc#1020460).
CVE-2017-14132: Fix heap base overflow in by checking components (bsc#1057152).
CVE-2018-9252: Fix reachable assertion in jpc_abstorelstepsize (bsc#1088278).
CVE-2018-18873: Fix null pointer deref in ras_putdatastd (bsc#1114498).
CVE-2018-19139: Fix mem leaks by registering jpc_unk_destroyparms (bsc#1115637).
CVE-2018-19543, bsc#1045450 CVE-2017-9782: Fix numchans mixup (bsc#1117328).
CVE-2018-20570: Fix heap based buffer over-read in jp2_encode (bsc#1120807).
CVE-2018-20622: Fix memory leak in jas_malloc.c (bsc#1120805).

Advisory ID	SUSE-RU-2020:2706-1
Released	Tue Sep 22 15:08:19 2020
Summary	Recommended update for xorg-x11-server
Type	recommended
Severity	moderate
References	1176015

Description:

This update for xorg-x11-server fixes the following issues:

fix crash in XWayland when undocking laptop. (bsc#1176015)
fix for XWayland abort in Present code. (bsc#1176015)
Import various fixes from 1.20 branch solving XWayland crashes. (bsc#1176015)

Advisory ID	SUSE-RU-2020:2709-1
Released	Tue Sep 22 15:35:58 2020
Summary	Recommended update for pdate to version 1.0.5 (bsc#1174791, bsc#1174937)
Type	recommended
Severity	low
References	1174791,1174937

Description:

Update to version 1.0.5 (bsc#1174791, bsc#1174937) + New configuration to switch to https only outgoing traffic + Use latest API to query the metadata server and send additional data

Advisory ID	SUSE-SU-2020:2710-1
Released	Tue Sep 22 17:06:19 2020
Summary	Security update for rubygem-actionpack-5_1
Type	security
Severity	important
References	1172177,CVE-2020-8164

Description:

This update for rubygem-actionpack-5_1 fixes the following issues:

CVE-2020-8164: Possible Strong Parameters Bypass in ActionPack. There is a strong parameters bypass vector in ActionPack. (bsc#1172177)

Advisory ID	SUSE-SU-2020:2731-1
Released	Thu Sep 24 07:42:32 2020
Summary	Security update for conmon, fuse-overlayfs, libcontainers-common, podman
Type	security
Severity	moderate
References	1162432,1164090,1165738,1171578,1174075,1175821,1175957,CVE-2020-1726

Description:

This update for conmon, fuse-overlayfs, libcontainers-common, podman fixes the following issues:
podman was updated to v2.0.6 (bsc#1175821)

install missing systemd units for the new Rest API (bsc#1175957) and a few man-pages that where missing before
Drop varlink API related bits (in favor of the new API)
fix install location for zsh completions

* Fixed a bug where running systemd in a container on a cgroups v1 system would fail. * Fixed a bug where /etc/passwd could be re-created every time a container is restarted if the container's /etc/passwd did not contain an entry for the user the container was started as. * Fixed a bug where containers without an /etc/passwd file specifying a non-root user would not start. * Fixed a bug where the --remote flag would sometimes not make remote connections and would instead attempt to run Podman locally.
Update to v2.0.6:

Features

- Rootless Podman will now add an entry to /etc/passwd for the user who ran Podman if run with --userns=keep-id. - The podman system connection command has been reworked to support multiple connections, and reenabled for use! - Podman now has a new global flag, --connection, to specify a connection to a remote Podman API instance.

Changes

- Podman's automatic systemd integration (activated by the --systemd=true flag, set by default) will now activate for containers using /usr/local/sbin/init as their command, instead of just /usr/sbin/init and /sbin/init (and any path ending in systemd). - Seccomp profiles specified by the --security-opt seccomp=... flag to podman create and podman run will now be honored even if the container was created using --privileged.

Bugfixes

- Fixed a bug where the podman play kube would not honor the hostIP field for port forwarding (#5964). - Fixed a bug where the podman generate systemd command would panic on an invalid restart policy being specified (#7271). - Fixed a bug where the podman images command could take a very long time (several minutes) to complete when a large number of images were present. - Fixed a bug where the podman logs command with the --tail flag would not work properly when a large amount of output would be printed ((#7230)[https://github.com//issues/7230]). - Fixed a bug where the podman exec command with remote Podman would not return a non-zero exit code when the exec session failed to start (e.g. invoking a non-existent command) (#6893). - Fixed a bug where the podman load command with remote Podman would did not honor user-specified tags (#7124). - Fixed a bug where the podman system service command, when run as a non-root user by Systemd, did not properly handle the Podman pause process and would not restart properly as a result (#7180). - Fixed a bug where the --publish flag to podman create, podman run, and podman pod create did not properly handle a host IP of 0.0.0.0 (attempting to bind to literal 0.0.0.0, instead of all IPs on the system) (#7104). - Fixed a bug where the podman start --attach command would not print the container's exit code when the command exited due to the container exiting. - Fixed a bug where the podman rm command with remote Podman would not remove volumes, even if the --volumes flag was specified (#7128). - Fixed a bug where the podman run command with remote Podman and the --rm flag could exit before the container was fully removed. - Fixed a bug where the --pod new:... flag to podman run and podman create would create a pod that did not share any namespaces. - Fixed a bug where the --preserve-fds flag to podman run and podman exec could close the wrong file descriptors while trying to close user-provided descriptors after passing them into the container. - Fixed a bug where default environment variables ($PATH and $TERM) were not set in containers when not provided by the image. - Fixed a bug where pod infra containers were not properly unmounted after exiting. - Fixed a bug where networks created with podman network create with an IPv6 subnet did not properly set an IPv6 default route. - Fixed a bug where the podman save command would not work properly when its output was piped to another command (#7017). - Fixed a bug where containers using a systemd init on a cgroups v1 system could leak mounts under /sys/fs/cgroup/systemd to the host. - Fixed a bug where podman build would not generate an event on completion (#7022). - Fixed a bug where the podman history command with remote Podman printed incorrect creation times for layers (#7122). - Fixed a bug where Podman would not create working directories specified by the container image if they did not exist. - Fixed a bug where Podman did not clear CMD from the container image if the user overrode ENTRYPOINT (#7115). - Fixed a bug where error parsing image names were not fully reported (part of the error message containing the exact issue was dropped). - Fixed a bug where the podman images command with remote Podman did not support printing image tags in Go templates supplied to the --format flag (#7123). - Fixed a bug where the podman rmi --force command would not attempt to unmount containers it was removing, which could cause a failure to remove the image. - Fixed a bug where the podman generate systemd --new command could incorrectly quote arguments to Podman that contained whitespace, leading to nonfunctional unit files (#7285). - Fixed a bug where the podman version command did not properly include build time and Git commit. - Fixed a bug where running systemd in a Podman container on a system that did not use the systemd cgroup manager would fail (#6734). - Fixed a bug where capabilities from --cap-add were not properly added when a container was started as a non-root user via --user. - Fixed a bug where Pod infra containers were not properly cleaned up when they stopped, causing networking issues (#7103).

- Fixed a bug where the libpod and compat Build endpoints did not accept the application/tar content type (instead only accepting application/x-tar) (#7185). - Fixed a bug where the libpod Exists endpoint would attempt to write a second header in some error conditions (#7197). - Fixed a bug where compat and libpod Network Inspect and Network Remove endpoints would return a 500 instead of 404 when the requested network was not found. - Added a versioned _ping endpoint (e.g. http://localhost/v1.40/_ping). - Fixed a bug where containers started through a systemd-managed instance of the REST API would be shut down when podman system service shut down due to its idle timeout (#7294). - Added stronger parameter verification for the libpod Network Create endpoint to ensure subnet mask is a valid value. - The Pod URL parameter to the Libpod Container List endpoint has been deprecated; the information previously gated by the Pod boolean will now be included in the response unconditionally.

Change hard requires for AppArmor to Recommends. They are not needed for runtime or with SELinux but already installed if AppArmor is used [jsc#SMO-15]
Add BuildRequires for pkg-config(libselinux) to build with SELinux support [jsc#SMO-15]

Update to v2.0.4

Fixed a bug where the output of podman image search did not populate the Description field as it was mistakenly assigned to the ID field.
Fixed a bug where podman build - and podman build on an HTTP target would fail.
Fixed a bug where rootless Podman would improperly chown the copied-up contents of anonymous volumes (#7130).
Fixed a bug where Podman would sometimes HTML-escape special characters in its CLI output.
Fixed a bug where the podman start --attach --interactive command would print the container ID of the container attached to when exiting (#7068).
Fixed a bug where podman run --ipc=host --pid=host would only set --pid=host and not --ipc=host (#7100).
Fixed a bug where the --publish argument to podman run, podman create and podman pod create would not allow binding the same container port to more than one host port (#7062).
Fixed a bug where incorrect arguments to podman images --format could cause Podman to segfault.
Fixed a bug where podman rmi --force on an image ID with more than one name and at least one container using the image would not completely remove containers using the image (#7153).
Fixed a bug where memory usage in bytes and memory use percentage were swapped in the output of podman stats --format=json.
Fixed a bug where the libpod and compat events endpoints would fail if no filters were specified (#7078).
Fixed a bug where the CgroupVersion field in responses from the compat Info endpoint was prefixed by 'v' (instead of just being '1' or '2', as is documented).

Suggest katacontainers instead of recommending it. It's not enabled by default, so it's just bloat

Update to v2.0.3

Fix handling of entrypoint
log API: add context to allow for cancelling
fix API: Create container with an invalid configuration
Remove all instances of named return 'err' from Libpod
Fix: Correct connection counters for hijacked connections
Fix: Hijacking v2 endpoints to follow rfc 7230 semantics
Remove hijacked connections from active connections list
version/info: format: allow more json variants
Correctly print STDOUT on non-terminal remote exec
Fix container and pod create commands for remote create
Mask out /sys/dev to prevent information leak from the host
Ensure sig-proxy default is propagated in start
Add SystemdMode to inspect for containers
When determining systemd mode, use full command
Fix lint
Populate remaining unused fields in `pod inspect`
Include infra container information in `pod inspect`
play-kube: add suport for 'IfNotPresent' pull type
docs: user namespace can't be shared in pods
Fix 'Error: unrecognized protocol \'TCP\' in port mapping'
Error on rootless mac and ip addresses
Fix & add notes regarding problematic language in codebase
abi: set default umask and rlimits
Used reference package with errors for parsing tag
fix: system df error when an image has no name
Fix Generate API title/description
Add noop function disable-content-trust
fix play kube doesn't override dockerfile ENTRYPOINT
Support default profile for apparmor
Bump github.com/containers/common to v0.14.6
events endpoint: backwards compat to old type
events endpoint: fix panic and race condition
Switch references from libpod.conf to containers.conf
podman.service: set type to simple
podman.service: set doc to podman-system-service
podman.service: use default registries.conf
podman.service: use default killmode
podman.service: remove stop timeout
systemd: symlink user->system
vendor golang.org/x/text@v0.3.3
Fix a bug where --pids-limit was parsed incorrectly
search: allow wildcards
[CI:DOCS]Do not copy policy.json into gating image
Fix systemd pid 1 test
Cirrus: Rotate keys post repo. rename
The libpod.conf(5) man page got removed and all references are now pointing towards containers.conf(5), which will be part of the libcontainers-common package.

Update to podman v2.0.2

fix race condition in `libpod.GetEvents(...)`
Fix bug where `podman mount` didn't error as rootless
remove podman system connection
Fix imports to ensure v2 is used with libpod
Update release notes for v2.0.2
specgen: fix order for setting rlimits
Ensure umask is set appropriately for 'system service'
generate systemd: improve pod-flags filter
Fix a bug with APIv2 compat network remove to log an ErrNetworkNotFound instead of nil
Fixes --remote flag issues
Pids-limit should only be set if the user set it
Set console mode for windows
Allow empty host port in --publish flag
Add a note on the APIs supported by `system service`
fix: Don't override entrypoint if it's `nil`
Set TMPDIR to /var/tmp by default if not set
test: add tests for --user and volumes
container: move volume chown after spec generation
libpod: volume copyup honors namespace mappings
Fix `system service` panic from early hangup in events
stop podman service in e2e tests
Print errors from individual containers in pods
auto-update: clarify systemd-unit requirements
podman ps truncate the command
move go module to v2
Vendor containers/common v0.14.4
Bump to imagebuilder v1.1.6 on v2 branch
Account for non-default port number in image name
Changes since v2.0.1
Update release notes with further v2.0.1 changes
Fix inspect to display multiple label: changes
Set syslog for exit commands on log-level=debug
Friendly amendment for pr 6751
podman run/create: support all transports
systemd generate: allow manual restart of container units in pods
Revert sending --remote flag to containers
Print port mappings in `ps` for ctrs sharing network
vendor github.com/containers/common@v0.14.3
Update release notes for v2.0.1
utils: drop default mapping when running uid!=0
Set stop signal to 15 when not explicitly set
podman untag: error if tag doesn't exist
Reformat inspect network settings
APIv2: Return `StatusCreated` from volume creation
APIv2:fix: Remove `/json` from compat network EPs
Fix ssh-agent support
libpod: specify mappings to the storage
APIv2:doc: Fix swagger doc to refer to volumes
Add podman network to bash command completions
Fix typo in manpage for `podman auto update`.
Add JSON output field for ps
V2 podman system connection
image load: no args required
Re-add PODMAN_USERNS environment variable
Fix conflicts between privileged and other flags
Bump required go version to 1.13
Add explicit command to alpine container in test case.
Use POLL_DURATION for timer
Stop following logs using timers
'pod' was being truncated to 'po' in the names of the generated systemd unit files.
rootless_linux: improve error message
Fix podman build handling of --http-proxy flag
correct the absolute path of `rm` executable
Makefile: allow customizable GO_BUILD
Cirrus: Change DEST_BRANCH to v2.0

Update to podman v2.0.0

The `podman generate systemd` command now supports the `--new` flag when used with pods, allowing portable services for pods to be created.
The `podman play kube` command now supports running Kubernetes Deployment YAML.
The `podman exec` command now supports the `--detach` flag to run commands in the container in the background.
The `-p` flag to `podman run` and `podman create` now supports forwarding ports to IPv6 addresses.
The `podman run`, `podman create` and `podman pod create` command now support a `--replace` flag to remove and replace any existing container (or, for `pod create`, pod) with the same name
The `--restart-policy` flag to `podman run` and `podman create` now supports the `unless-stopped` restart policy.
The `--log-driver` flag to `podman run` and `podman create` now supports the `none` driver, which does not log the container's output.
The `--mount` flag to `podman run` and `podman create` now accepts `readonly` option as an alias to `ro`.
The `podman generate systemd` command now supports the `--container-prefix`, `--pod-prefix`, and `--separator` arguments to control the name of generated unit files.
The `podman network ls` command now supports the `--filter` flag to filter results.
The `podman auto-update` command now supports specifying an authfile to use when pulling new images on a per-container basis using the `io.containers.autoupdate.authfile` label.
Fixed a bug where the `podman exec` command would log to journald when run in containers loggined to journald ([#6555](https://github.com/containers/libpod/issues/6555)).
Fixed a bug where the `podman auto-update` command would not preserve the OS and architecture of the original image when pulling a replacement ([#6613](https://github.com/containers/libpod/issues/6613)).
Fixed a bug where the `podman cp` command could create an extra `merged` directory when copying into an existing directory ([#6596](https://github.com/containers/libpod/issues/6596)).
Fixed a bug where the `podman pod stats` command would crash on pods run with `--network=host` ([#5652](https://github.com/containers/libpod/issues/5652)).
Fixed a bug where containers logs written to journald did not include the name of the container.
Fixed a bug where the `podman network inspect` and `podman network rm` commands did not properly handle non-default CNI configuration paths ([#6212](https://github.com/containers/libpod/issues/6212)).
Fixed a bug where Podman did not properly remove containers when using the Kata containers OCI runtime.
Fixed a bug where `podman inspect` would sometimes incorrectly report the network mode of containers started with `--net=none`.
Podman is now better able to deal with cases where `conmon` is killed before the container it is monitoring.

Update to podman v1.9.3:

Fixed a bug where, on FIPS enabled hosts, FIPS mode secrets were not properly mounted into containers
Fixed a bug where builds run over Varlink would hang
Fixed a bug where podman save would fail when the target image was specified by digest
Fixed a bug where rootless containers with ports forwarded to them could panic and dump core due to a concurrency issue (#6018)
Fixed a bug where rootless Podman could race when opening the rootless user namespace, resulting in commands failing to run
Fixed a bug where HTTP proxy environment variables forwarded into the container by the --http-proxy flag could not be overridden by --env or --env-file
Fixed a bug where rootless Podman was setting resource limits on cgroups v2 systems that were not using systemd-managed cgroups (and thus did not support resource limits), resulting in containers failing to start

Update podman to v1.9.1:

Bugfixes

- Fixed a bug where healthchecks could become nonfunctional if container log paths were manually set with --log-path and multiple container logs were placed in the same directory - Fixed a bug where rootless Podman could, when using an older libpod.conf, print numerous warning messages about an invalid CGroup manager config - Fixed a bug where rootless Podman would sometimes fail to close the rootless user namespace when joining it
Update podman to v1.9.0:

Features

- Experimental support has been added for podman run --userns=auto, which automatically allocates a unique UID and GID range for the new container's user namespace - The podman play kube command now has a --network flag to place the created pod in one or more CNI networks - The podman commit command now supports an --iidfile flag to write the ID of the committed image to a file - Initial support for the new containers.conf configuration file has been added. containers.conf allows for much more detailed configuration of some Podman functionality

Changes

- There has been a major cleanup of the podman info command resulting in breaking changes. Many fields have been renamed to better suit usage with APIv2 - All uses of the --timeout flag have been switched to prefer the alternative --time. The --timeout flag will continue to work, but man pages and --help will use the --time flag instead

Bugfixes

- Fixed a bug where some volume mounts from the host would sometimes not properly determine the flags they should use when mounting - Fixed a bug where Podman was not propagating $PATH to Conmon and the OCI runtime, causing issues for some OCI runtimes that required it - Fixed a bug where rootless Podman would print error messages about missing support for systemd cgroups when run in a container with no cgroup support - Fixed a bug where podman play kube would not properly handle container-only port mappings (#5610) - Fixed a bug where the podman container prune command was not pruning containers in the created and configured states - Fixed a bug where Podman was not properly removing CNI IP address allocations after a reboot (#5433) - Fixed a bug where Podman was not properly applying the default Seccomp profile when --security-opt was not given at the command line

HTTP API

- Many Libpod API endpoints have been added, including Changes, Checkpoint, Init, and Restore - Resolved issues where the podman system service command would time out and exit while there were still active connections - Stability overall has greatly improved as we prepare the API for a beta release soon with Podman 2.0

Misc

- The default infra image for pods has been upgraded to k8s.gcr.io/pause:3.2 (from 3.1) to address a bug in the architecture metadata for non-AMD64 images - The slirp4netns networking utility in rootless Podman now uses Seccomp filtering where available for improved security - Updated Buildah to v1.14.8 - Updated containers/storage to v1.18.2 - Updated containers/image to v5.4.3 - Updated containers/common to v0.8.1

Add 'systemd' BUILDFLAGS to build with support for journald logging (bsc#1162432)

Update podman to v1.8.2:

Features

- Initial support for automatically updating containers managed via Systemd unit files has been merged. This allows containers to automatically upgrade if a newer version of their image becomes available

Bugfixes

- Fixed a bug where unit files generated by podman generate systemd --new would not force containers to detach, causing the unit to time out when trying to start - Fixed a bug where podman system reset could delete important system directories if run as rootless on installations created by older Podman (#4831) - Fixed a bug where image built by podman build would not properly set the OS and Architecture they were built with (#5503) - Fixed a bug where attached podman run with --sig-proxy enabled (the default), when built with Go 1.14, would repeatedly send signal 23 to the process in the container and could generate errors when the container stopped (#5483) - Fixed a bug where rootless podman run commands could hang when forwarding ports - Fixed a bug where rootless Podman would not work when /proc was mounted with the hidepid option set - Fixed a bug where the podman system service command would use large amounts of CPU when --timeout was set to 0 (#5531)

HTTP API

- Initial support for Libpod endpoints related to creating and operating on image manifest lists has been added - The Libpod Healthcheck and Events API endpoints are now supported - The Swagger endpoint can now handle cases where no Swagger documentation has been generated
Update podman to v1.8.1:

Features

- Many networking-related flags have been added to podman pod create to enable customization of pod networks, including --add-host, --dns, --dns-opt, --dns-search, --ip, --mac-address, --network, and --no-hosts - The podman ps --format=json command now includes the ID of the image containers were created with - The podman run and podman create commands now feature an --rmi flag to remove the image the container was using after it exits (if no other containers are using said image) ([#4628](https://github.com/containers/libpod/issues/4628)) - The podman create and podman run commands now support the --device-cgroup-rule flag (#4876) - While the HTTP API remains in alpha, many fixes and additions have landed. These are documented in a separate subsection below - The podman create and podman run commands now feature a --no-healthcheck flag to disable healthchecks for a container (#5299) - Containers now recognize the io.containers.capabilities label, which specifies a list of capabilities required by the image to run. These capabilities will be used as long as they are more restrictive than the default capabilities used - YAML produced by the podman generate kube command now includes SELinux configuration passed into the container via --security-opt label=... (#4950)

Bugfixes

- Fixed CVE-2020-1726, a security issue where volumes manually populated before first being mounted into a container could have those contents overwritten on first being mounted into a container - Fixed a bug where Podman containers with user namespaces in CNI networks with the DNS plugin enabled would not have the DNS plugin's nameserver added to their resolv.conf ([#5256](https://github.com/containers/libpod/issues/5256)) - Fixed a bug where trailing / characters in image volume definitions could cause them to not be overridden by a user-specified mount at the same location ([#5219](https://github.com/containers/libpod/issues/5219)) - Fixed a bug where the label option in libpod.conf, used to disable SELinux by default, was not being respected (#5087) - Fixed a bug where the podman login and podman logout commands required the registry to log into be specified (#5146) - Fixed a bug where detached rootless Podman containers could not forward ports (#5167) - Fixed a bug where rootless Podman could fail to run if the pause process had died - Fixed a bug where Podman ignored labels that were specified with only a key and no value (#3854) - Fixed a bug where Podman would fail to create named volumes when the backing filesystem did not support SELinux labelling (#5200) - Fixed a bug where --detach-keys='' would not disable detaching from a container (#5166) - Fixed a bug where the podman ps command was too aggressive when filtering containers and would force --all on in too many situations - Fixed a bug where the podman play kube command was ignoring image configuration, including volumes, working directory, labels, and stop signal (#5174) - Fixed a bug where the Created and CreatedTime fields in podman images --format=json were misnamed, which also broke Go template output for those fields ([#5110](https://github.com/containers/libpod/issues/5110)) - Fixed a bug where rootless Podman containers with ports forwarded could hang when started (#5182) - Fixed a bug where podman pull could fail to parse registry names including port numbers - Fixed a bug where Podman would incorrectly attempt to validate image OS and architecture when starting containers - Fixed a bug where Bash completion for podman build -f would not list available files that could be built (#3878) - Fixed a bug where podman commit --change would perform incorrect validation, resulting in valid changes being rejected (#5148) - Fixed a bug where podman logs --tail could take large amounts of memory when the log file for a container was large (#5131) - Fixed a bug where Podman would sometimes incorrectly generate firewall rules on systems using firewalld - Fixed a bug where the podman inspect command would not display network information for containers properly if a container joined multiple CNI networks ([#4907](https://github.com/containers/libpod/issues/4907)) - Fixed a bug where the --uts flag to podman create and podman run would only allow specifying containers by full ID (#5289) - Fixed a bug where rootless Podman could segfault when passed a large number of file descriptors - Fixed a bug where the podman port command was incorrectly interpreting additional arguments as container names, instead of port numbers - Fixed a bug where units created by podman generate systemd did not depend on network targets, and so could start before the system network was ready (#4130) - Fixed a bug where exec sessions in containers which did not specify a user would not inherit supplemental groups added to the container via --group-add - Fixed a bug where Podman would not respect the $TMPDIR environment variable for placing large temporary files during some operations (e.g. podman pull) ([#5411](https://github.com/containers/libpod/issues/5411))

HTTP API

- Initial support for secure connections to servers via SSH tunneling has been added - Initial support for the libpod create and logs endpoints for containers has been added - Added a /swagger/ endpoint to serve API documentation - The json endpoint for containers has received many fixes - Filtering images and containers has been greatly improved, with many bugs fixed and documentation improved - Image creation endpoints (commit, pull, etc) have seen many fixes - Server timeout has been fixed so that long operations will no longer trigger the timeout and shut the server down - The stats endpoint for containers has seen major fixes and now provides accurate output - Handling the HTTP 304 status code has been fixed for all endpoints - Many fixes have been made to API documentation to ensure it matches the code

Misc

- The Created field to podman images --format=json has been renamed to CreatedSince as part of the fix for (#5110). Go templates using the old name shou ld still work - The CreatedTime field to podman images --format=json has been renamed to CreatedAt as part of the fix for (#5110). Go templates using the old name should still work - The before filter to podman images has been renamed to since for Docker compatibility. Using before will still work, but documentation has been changed to use the new since filter - Using the --password flag to podman login now warns that passwords are being passed in plaintext - Some common cases where Podman would deadlock have been fixed to warn the user that podman system renumber must be run to resolve the deadlock

Configure br_netfilter for podman automatically (bsc#1165738) The trigger is only excuted when updating podman-cni-config while the command was running

conmon was update to v2.0.20 (bsc#1175821)

journald: fix logging container name
container logging: Implement none driver - 'off', 'null' or 'none' all work.
ctrl: warn if we fail to unlink
Drop fsync calls
Reap PIDs before running exit command
Fix log path parsing
Add --sync option to prevent conmon from double forking
Add --no-sync-log option to instruct conmon to not sync the logs of the containers upon shutting down. This feature fixes a regression where we unconditionally dropped the log sync. It is possible the container logs could be corrupted on a sudden power-off. If you need container logs to remain in consistent state after a sudden shutdown, please update from v2.0.19 to v2.0.20

Update to v2.0.17:

- Add option to delay execution of exit command

Update to v2.0.16:

- tty: flush pending data when fd is ready

Enable support for journald logging (bsc#1162432)
Update to v2.0.15:

- store status while waiting for pid

Update to v2.0.14:

- drop usage of splice(2) - avoid hanging on stdin - stdio: sometimes quit main loop after io is done - ignore sigpipe

Update to v2.0.12

- oom: fix potential race between verification steps

Update to v2.0.11

- log: reject --log-tag with k8s-file - chmod std files pipes - adjust score to -1000 to prevent conmon from ever being OOM killed - container OOM: verify cgroup hasn't been cleaned up before reporting OOM - journal logging: write to /dev/null instead of -1
fuse-overlayfs was updated to 1.1.2 (bsc#1175821):

fix memory leak when creating whiteout files.
fix lookup for overflow uid when it is different than the overflow gid.
use openat2(2) when available.
accept 'ro' as mount option.
fix set mtime for a symlink.
fix some issues reported by static analysis.
fix potential infinite loop on a short read.
fix creating a directory if the destination already exists in the upper layer.
report correctly the number of links for a directory also for subsequent stat calls
stop looking up the ino in the lower layers if the file could not be opened
make sure the destination is deleted before doing a rename(2). It prevents a left over directory to cause delete to fail with EEXIST.
honor --debug.

libcontainers-common was updated to fix:

Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075)
Added containers/common tarball for containers.conf(5) man page
Install containers.conf default configuration in /usr/share/containers
libpod repository on github got renamed to podman
Update to image 5.5.1 - Add documentation for credHelpera - Add defaults for using the rootless policy path
Update libpod/podman to 2.0.3 - docs: user namespace can't be shared in pods - Switch references from libpod.conf to containers.conf - Allow empty host port in --publish flag - update document login see config.json as valid
Update storage to 1.20.2 - Add back skip_mount_home

Remove remaining difference between SLE and openSUSE package and ship the some mounts.conf default configuration on both platforms. As the sources for the mount point do not exist on openSUSE by default this config will basically have no effect on openSUSE. (jsc#SLE-12122, bsc#1175821)

Update to image 5.4.4 - Remove registries.conf VERSION 2 references from man page - Intial authfile man page - Add $HOME/.config/containers/certs.d to perHostCertDirPath - Add $HOME/.config/containers/registries.conf to config path - registries.conf.d: add stances for the registries.conf
update to libpod 1.9.3 - userns: support --userns=auto - Switch to using --time as opposed to --timeout to better match Docker - Add support for specifying CNI networks in podman play kube - man pages: fix inconsistencies
Update to storage 1.19.1 - userns: add support for auto - store: change the default user to containers - config: honor XDG_CONFIG_HOME
Remove the /var/lib/ca-certificates/pem/SUSE.pem workaround again. It never ended up in SLES and a different way to fix the underlying problem is being worked on.

Add registry.opensuse.org as default registry [bsc#1171578]

Add /var/lib/ca-certificates/pem/SUSE.pem to the SLES mounts. This for making container-suseconnect working in the public cloud on-demand images. It needs that file for being able to verify the server certificates of the RMT servers hosted in the public cloud. (https://github.com/SUSE/container-suseconnect/issues/41)

Advisory ID	SUSE-RU-2020:2735-1
Released	Thu Sep 24 13:32:25 2020
Summary	Recommended update for systemd-rpm-macros
Type	recommended
Severity	moderate
References	1173034

Description:

This update for systemd-rpm-macros fixes the following issues:

Introduce macro '%service_del_postun_without_restart' to resolve blocking new releases based on this. (bsc#1173034)

Advisory ID	SUSE-SU-2020:2744-1
Released	Thu Sep 24 17:56:23 2020
Summary	Security update for tiff
Type	security
Severity	moderate
References	1146608,CVE-2019-14973

Description:

This update for tiff fixes the following issues:

CVE-2019-14973: Fixed an improper check which was depended on the compiler which could have led to integer overflow (bsc#1146608).

Advisory ID	SUSE-SU-2020:2749-1
Released	Fri Sep 25 11:10:33 2020
Summary	Security update for MozillaFirefox
Type	security
Severity	important
References	1167976,1173986,1173991,1174284,1174420,1175686,1176756,CVE-2020-15663,CVE-2020-15664,CVE-2020-15670,CVE-2020-15673,CVE-2020-15676,CVE-2020-15677,CVE-2020-15678

Description:

This update for MozillaFirefox fixes the following issues:

Firefox was updated to 78.3.0 ESR (bsc#1176756, MFSA 2020-43) - CVE-2020-15677: Download origin spoofing via redirect - CVE-2020-15676: Fixed an XSS when pasting attacker-controlled data into a contenteditable element - CVE-2020-15678: When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free scenario - CVE-2020-15673: Fixed memory safety bugs
Enhance fix for wayland-detection (bsc#1174420)
Attempt to fix langpack-parallelization by introducing separate obj-dirs for each lang (bsc#1173986, bsc#1167976)

Firefox was updated to 78.2.0 ESR (bsc#1175686, MFSA 2020-38) - CVE-2020-15663: Downgrade attack on the Mozilla Maintenance Service could have resulted in escalation of privilege - CVE-2020-15664: Attacker-induced prompt for extension installation - CVE-2020-15670: Fixed memory safety bugs fixed in Firefox 80 and Firefox ESR 78.2

Fixed Firefox tab crash in FIPS mode (bsc#1174284).
Fixed broken translation-loading (bsc#1173991) - allow addon sideloading - mark signatures for langpacks non-mandatory - do not autodisable user profile scopes
Google API key is not usable for geolocation service any more

Advisory ID	SUSE-RU-2020:2757-1
Released	Fri Sep 25 19:45:40 2020
Summary	Recommended update for nfs-utils
Type	recommended
Severity	moderate
References	1173104

Description:

This update for nfs-utils fixes the following issue:

Some scripts are requiring Python2 while it is not installed by default and they can work with Python3. (bsc#1173104)

Advisory ID	SUSE-OU-2020:2758-1
Released	Fri Sep 25 19:46:16 2020
Summary	Optional update for pyzy
Type	optional
Severity	low
References

Description:

This update for pyzy doesn't fix any user visible issues, but improves the building of the package from its source.

Advisory ID	SUSE-RU-2020:2773-1
Released	Tue Sep 29 08:15:31 2020
Summary	Recommended update for python3-susepubliccloudinfo
Type	recommended
Severity	moderate
References	1176102,1176103

Description:

This update for python3-susepubliccloudinfo contains the following fixes:

Update to version 1.2.2: (bsc#1176102, bsc#1176103) + Support query for providers/frameworks, regions, and image states.

Advisory ID	SUSE-RU-2020:2782-1
Released	Tue Sep 29 11:40:22 2020
Summary	Recommended update for systemd-rpm-macros
Type	recommended
Severity	important
References	1176932

Description:

This update for systemd-rpm-macros fixes the following issues:

Backport missing macros of directory paths from upstream + %_environmentdir + %_modulesloaddir + %_modprobedir

Make sure %_restart_on_update_never and %_stop_on_removal_never don't expand to the empty string. (bsc#1176932) Otherwise sequences like the following code: if [ ... ]; then %_restart_on_update_never fi would result in the following incorrect shell syntax: if [ ... ]; then fi

Advisory ID	SUSE-RU-2020:2613-1
Released	Tue Sep 29 14:06:01 2020
Summary	Recommended update for certification-sles-eal4, installation-images, patterns-certification, system-role-common-criteria
Type	recommended
Severity	moderate
References	1172898,1176112

Description:

This update for certification-sles-eal4, installation-images, patterns-certification, system-role-common-criteria fixes the following issues:
This updates provided various packages required for Common Criteria certification.
certification-sles-eal4:

This package contains setup scripts that are used after installation of a common criteria system role.

patterns-certification:

This package contains the packages to be installed.

system-role-common-criteria:

This system role is used in the installer to be select and enable the Common Critera installation role.

Advisory ID	SUSE-RU-2020:2796-1
Released	Tue Sep 29 14:30:55 2020
Summary	Recommended update for hyper-v
Type	recommended
Severity	moderate
References	1116957

Description:

This update for hyper-v fixes the following issues:

Fixes an issue when hyper-v services not running after booting from SLES12SP3 ISO. (bsc#1116957)

Advisory ID	SUSE-RU-2020:2804-1
Released	Wed Sep 30 11:43:16 2020
Summary	Recommended update for xiterm
Type	recommended
Severity	moderate
References	1158271

Description:

This update for xiterm fixes the following issues:

Fix for not enabled application keypad mode. (bsc#1158271)

Advisory ID	SUSE-OU-2020:2811-1
Released	Thu Oct 1 09:19:57 2020
Summary	Optional update for adding Grafana dashboards to SLES for SAP
Type	optional
Severity	moderate
References

Description:

This update adds grafana-ha-cluster-dashboards, grafana-sap-hana-dashboards, grafana-sap-netweaver-dashboards, grafana-sap-providers to SLES for SAP (jsc#ECO-2237)
grafana-ha-cluster-dashboards:

Release 1.0.2 * update title and description * fixed datasource variable initialization * minor Grafana 7 compatibility fixes * use recommends instead of requires on grafana (jsc#SLE-10545)

grafana-sap-providers:

First release

grafana-sap-hana-dashboards:

Release 1.0.1 * Remove 'detail' word from file names for simplicity * Update title and description

grafana-sap-netweaver-dashboards:

Release 1.0.1 * Update schema to Grafana 7 * Update title and description

Advisory ID	SUSE-RU-2020:2825-1
Released	Fri Oct 2 08:44:28 2020
Summary	Recommended update for suse-build-key
Type	recommended
Severity	moderate
References	1170347,1176759

Description:

This update for suse-build-key fixes the following issues:

The SUSE Notary Container key is different from the build signing key, include this key instead as suse-container-key. (PM-1845 bsc#1170347)

The SUSE build key for SUSE Linux Enterprise 12 and 15 is extended by 4 more years. (bsc#1176759)

Advisory ID	SUSE-SU-2020:2828-1
Released	Fri Oct 2 10:33:22 2020
Summary	Security update for perl-DBI
Type	security
Severity	important
References	1176764,CVE-2019-20919

Description:

This update for perl-DBI fixes the following issues:

CVE-2019-20919: Fixed a NULL profile dereference in dbi_profile (bsc#1176764).

Advisory ID	SUSE-RU-2020:2842-1
Released	Fri Oct 2 12:17:55 2020
Summary	Recommended update for golang-github-prometheus-node_exporter
Type	recommended
Severity	moderate
References	1151557

Description:

This update for golang-github-prometheus-node_exporter fixes the following issues:

Add missing sysconfig file in rpm bsc#1151557

Changes from 1.0.1 * Changes to build specification + Modify spec: update golang version to 1.14 + Remove update tarball script + Add _service file to allow for updates via `osc service disabledrun` * Bug fixes + [BUGFIX] filesystem_freebsd: Fix label values #1728 + [BUGFIX] Update prometheus/procfs to fix log noise #1735 + [BUGFIX] Fix build tags for collectors #1745 + [BUGFIX] Handle no data from powersupplyclass #1747, #1749

Changes from 1.0.0 * Bug fixes + [BUGFIX] Read /proc/net files with a single read syscall #1380 + [BUGFIX] Renamed label state to name on node_systemd_service_restart_total. #1393 + [BUGFIX] Fix netdev nil reference on Darwin #1414 + [BUGFIX] Strip path.rootfs from mountpoint labels #1421 + [BUGFIX] Fix seconds reported by schedstat #1426 + [BUGFIX] Fix empty string in path.rootfs #1464 + [BUGFIX] Fix typo in cpufreq metric names #1510 + [BUGFIX] Read /proc/stat in one syscall #1538 + [BUGFIX] Fix OpenBSD cache memory information #1542 + [BUGFIX] Refactor textfile collector to avoid looping defer #1549 + [BUGFIX] Fix network speed math #1580 + [BUGFIX] collector/systemd: use regexp to extract systemd version #1647 + [BUGFIX] Fix initialization in perf collector when using multiple CPUs #1665 + [BUGFIX] Fix accidentally empty lines in meminfo_linux #1671 * Several enhancements + See https://github.com/prometheus/node_exporter/releases/tag/v1.0.0

Changes from 1.0.0-rc.0

Breaking changes * The netdev collector CLI argument --collector.netdev.ignored-devices was renamed to --collector.netdev.device-blacklist in order to conform with the systemd collector. #1279 * The label named state on node_systemd_service_restart_total metrics was changed to name to better describe the metric. #1393 * Refactoring of the mdadm collector changes several metrics node_md_disks_active is removed node_md_disks now has a state label for 'fail', 'spare', 'active' disks. node_md_is_active is replaced by node_md_state with a state set of 'active', 'inactive', 'recovering', 'resync'. * Additional label mountaddr added to NFS device metrics to distinguish mounts from the same URL, but different IP addresses. #1417 * Metrics node_cpu_scaling_frequency_min_hrts and node_cpu_scaling_frequency_max_hrts of the cpufreq collector were renamed to node_cpu_scaling_frequency_min_hertz and node_cpu_scaling_frequency_max_hertz. #1510 * Collectors that are enabled, but are unable to find data to collect, now return 0 for node_scrape_collector_success.

Advisory ID	SUSE-RU-2020:2863-1
Released	Tue Oct 6 09:28:41 2020
Summary	Recommended update for efivar
Type	recommended
Severity	moderate
References	1175989

Description:

This update for efivar fixes the following issues:

Fixed an issue when segmentation fault are caused on non-EFI systems. (bsc#1175989)

Advisory ID	SUSE-RU-2020:2869-1
Released	Tue Oct 6 16:13:20 2020
Summary	Recommended update for aaa_base
Type	recommended
Severity	moderate
References	1011548,1153943,1153946,1161239,1171762

Description:

This update for aaa_base fixes the following issues:

DIR_COLORS (bug#1006973): - add screen.xterm-256color - add TERM rxvt-unicode-256color - sort and merge TERM entries in etc/DIR_COLORS
check for Packages.db and use this instead of Packages. (bsc#1171762)
Rename path() to _path() to avoid using a general name.
refresh_initrd call modprobe as /sbin/modprobe (bsc#1011548)
etc/profile add some missing ;; in case esac statements
profile and csh.login: on s390x set TERM to dumb on dumb terminal (bsc#1153946)
backup-rpmdb: exit if zypper is running (bsc#1161239)
Add color alias for ip command (jsc#sle-9880, jsc#SLE-7679, bsc#1153943)

Advisory ID	SUSE-RU-2020:2885-1
Released	Fri Oct 9 14:50:51 2020
Summary	Recommended update for xmlsec1
Type	recommended
Severity	moderate
References	1177233

Description:

This update for xmlsec1 fixes the following issue:

xmlsec1-devel, xmlsec1-openssl-devel and xmlsec-nss-devel are added to the Basesystem module. (bsc#1177233)

Advisory ID	SUSE-SU-2020:2899-1
Released	Tue Oct 13 14:18:03 2020
Summary	Security update for rubygem-activesupport-5_1
Type	security
Severity	critical
References	1172186,CVE-2020-8165

Description:

This update for rubygem-activesupport-5_1 fixes the following issues:

CVE-2020-8165: Fixed deserialization of untrusted data in MemCacheStore potentially resulting in remote code execution (bsc#1172186)

Advisory ID	SUSE-RU-2020:2910-1
Released	Tue Oct 13 16:02:04 2020
Summary	Recommended update for cloud-regionsrv-client
Type	recommended
Severity	moderate
References	1176858,1176859

Description:

This update for cloud-regionsrv-client contains the following fixes:

Update to version 9.1.4 (bsc#1176858, bsc#1176859) + Properly handle the exit code for SUSEConnect and provide log message with failure details for registration failure

Advisory ID	SUSE-RU-2020:2945-1
Released	Fri Oct 16 10:06:06 2020
Summary	Recommended update for python-azure-agent
Type	recommended
Severity	critical
References	1176368,1176369,1177161,1177257

Description:

This update for python-azure-agent fixes the following issues:

Fixes an issue when the 'python-azure-agent' fails to initialize Azure instances. (bsc#1177161, bsc#1177257)

Update to version 2.2.49.2 (bsc#1176368, bsc#1176369)
+ Do not use --unit with systemd-cgls (#1910) + Report processes that do not belong to the agent's cgroup (#1908) + Use controller mount point for extension cgroup path (#1899) + Improvements in setup of cgroups (#1896) + Remove ExtensionsMetricsData and per-process Memory data (#1884) + Fix return value of start_extension_command (#1927) + Remove import * (#1900) + Fix flaky ExtensionCleanupTest class (#1898) + Fix codecov badge (#1883) + Changed codecov to run on py3.8 (#1875) + Update documentation on /dev/random (#1909) + Mount options are in mount(8) (#1893) + Remove ssh host key thumbprint in report ready (#1913) + Emit AutoUpdate value at service start only (#1907) + Add logging for version mismatch (#1895) + Send telemetry event if libdir changes (#1897) + Add log collector utility (#1847) + Move AutoUpdate reporting to HeartBeat event (#1919) + Removing infinite download of extension manifest without a new GS (#1874) + Fix wrongful dir deletion (#1873) + Fix the cleanup-outdated-handlers to only delete handlers that are not present in the GS (#1889) + Expose periods of environment thread in waagent.conf (#1891) + Added user @kevinclark19a as Contributor. (#1906)

From 2.2.48.1 + Refactoring GoalState class out of Protocol, making Protocol thread-safe, removing stale dependencies of Protocol and removing the dependency on the file system to read the Protocol info + Fetch goal state when creating HostPluginProtocol (#1799) + Separate goal state from the protocol class (#1777) + Make protocol util a singleton per thread (#1743, #1756) + Fetch goal state before sending telemetry (#1751) + Remove file dependency (#1754) + Others (#1758, #1767, #1744, #1749, #1816, #1820) + New logs for goal state fetch (#1797) and refresh (#1794). + Thread name added to logs (#1778) + Populate telemetry events at creation time (#1791) + Periodic HeartBeat to be logged to the file (#1755) + Add unit test to verify call stacks on telemetry events (#1828) + Others (#1841, #1842, #1846) + Handling errors while reading extension status files (Limiting Size and Transient issues)(#1761) + Enable SWAP on Resource Disk as Application Certification Support suggested (#1762) + Update 'Provisioning' options in default configs ( #1853) + Drop Metadata Server Support (#1806, #1839, #1840 ) + Improve documentation of ResourceDisk.EnableSwapEncryption (#1782) + Removed is_snappy function (#1774) + Handle exceptions in monitor thread (#1770) + Fix timestamp for periodic operations in the monitor thread (#1879) + Fix permissions on the Ubuntu systemd service file (#1814) + Update hostname setting for SUSE distros (#1832) + Python 3.8 improvements + support for Ubuntu 20.04 (#1860, #1865, #1738) + Testing and dev-infra improvements [#1771, #1768, #1800, #1826, #1827, #1833] + Others (#1854, #1858)

From 2.2.46

+ [#1741] Do not update goal state when refreshing the host plugin + [#1731] Fix upgrade sequence when update command fails + [#1725] Initialize CPU usage + [#1716, #1737] Added UTC logging and correcting the format + [#1651, #1729] Start sending PerformanceCounter metrics and additional memory information for Cgroups

Advisory ID	SUSE-SU-2020:2947-1
Released	Fri Oct 16 15:23:07 2020
Summary	Security update for gcc10, nvptx-tools
Type	security
Severity	moderate
References	1172798,1172846,1173972,1174753,1174817,1175168,CVE-2020-13844

Description:

This update for gcc10, nvptx-tools fixes the following issues:
This update provides the GCC10 compiler suite and runtime libraries.
The base SUSE Linux Enterprise libraries libgcc_s1, libstdc++6 are replaced by the gcc10 variants.
The new compiler variants are available with '-10' suffix, you can specify them via:
CC=gcc-10 CXX=g++-10
or similar commands.
For a detailed changelog check out https://gcc.gnu.org/gcc-10/changes.html
Changes in nvptx-tools:

Enable build on aarch64

Advisory ID	SUSE-RU-2020:2950-1
Released	Fri Oct 16 15:49:51 2020
Summary	Recommended update for python-aliyun-python-sdk, python-aliyun-python-sdk-aas, python-aliyun-python-sdk-acm, python-aliyun-python-sdk-acms-open, python-aliyun-python-sdk-actiontrail, python-aliyun-python-sdk-adb, python-aliyun-python-sdk-address-purification, python-aliyun-python-sdk-aegis, python-aliyun-python-sdk-afs, python-aliyun-python-sdk-airec, python-aliyun-python-sdk-alidns, python-aliyun-python-sdk-aligreen-console, python-aliyun-python-sdk-alimt, python-aliyun-python-sdk-alinlp, python-aliyun-python-sdk-aliyuncvc, python-aliyun-python-sdk-amqp-open, python-aliyun-python-sdk-appmallsservice, python-aliyun-python-sdk-arms, python-aliyun-python-sdk-arms4finance, python-aliyun-python-sdk-baas, python-aliyun-python-sdk-brinekingdom, python-aliyun-python-sdk-bss, python-aliyun-python-sdk-bssopenapi, python-aliyun-python-sdk-cams, python-aliyun-python-sdk-cas, python-aliyun-python-sdk-cassandra, python-aliyun-python-sdk-cbn, python-aliyun-python-sdk-ccc, python-aliyun-python-sdk-ccs, python-aliyun-python-sdk-cdn, python-aliyun-python-sdk-chatbot, python-aliyun-python-sdk-clickhouse, python-aliyun-python-sdk-cloudapi, python-aliyun-python-sdk-cloudauth, python-aliyun-python-sdk-cloudesl, python-aliyun-python-sdk-cloudgame, python-aliyun-python-sdk-cloudmarketing, python-aliyun-python-sdk-cloudphoto, python-aliyun-python-sdk-cloudwf, python-aliyun-python-sdk-cms, python-aliyun-python-sdk-codeup, python-aliyun-python-sdk-companyreg, python-aliyun-python-sdk-core, python-aliyun-python-sdk-cr, python-aliyun-python-sdk-crm, python-aliyun-python-sdk-cs, python-aliyun-python-sdk-csb, python-aliyun-python-sdk-cspro, python-aliyun-python-sdk-cusanalytic_sc_online, python-aliyun-python-sdk-das, python-aliyun-python-sdk-dataworks-public, python-aliyun-python-sdk-dbfs, python-aliyun-python-sdk-dbs, python-aliyun-python-sdk-dcdn, python-aliyun-python-sdk-dds, python-aliyun-python-sdk-democenter, python-aliyun-python-sdk-devops-rdc, python-aliyun-python-sdk-dms-enterprise, python-aliyun-python-sdk-domain, python-aliyun-python-sdk-domain-intl, python-aliyun-python-sdk-drds, python-aliyun-python-sdk-dts, python-aliyun-python-sdk-dybaseapi, python-aliyun-python-sdk-dyplsapi, python-aliyun-python-sdk-dypnsapi, python-aliyun-python-sdk-dysmsapi, python-aliyun-python-sdk-dyvmsapi, python-aliyun-python-sdk-eas, python-aliyun-python-sdk-eci, python-aliyun-python-sdk-ecs, python-aliyun-python-sdk-edas, python-aliyun-python-sdk-ehpc, python-aliyun-python-sdk-elasticsearch, python-aliyun-python-sdk-emr, python-aliyun-python-sdk-ens, python-aliyun-python-sdk-ess, python-aliyun-python-sdk-faas, python-aliyun-python-sdk-facebody, python-aliyun-python-sdk-fnf, python-aliyun-python-sdk-foas, python-aliyun-python-sdk-ft, python-aliyun-python-sdk-geoip, python-aliyun-python-sdk-goodstech, python-aliyun-python-sdk-gpdb, python-aliyun-python-sdk-green, python-aliyun-python-sdk-gts-phd, python-aliyun-python-sdk-hbase, python-aliyun-python-sdk-hbr, python-aliyun-python-sdk-highddos, python-aliyun-python-sdk-hiknoengine, python-aliyun-python-sdk-hivisengine, python-aliyun-python-sdk-hpc, python-aliyun-python-sdk-hsm, python-aliyun-python-sdk-httpdns, python-aliyun-python-sdk-imageaudit, python-aliyun-python-sdk-imageenhan, python-aliyun-python-sdk-imageprocess, python-aliyun-python-sdk-imagerecog, python-aliyun-python-sdk-imagesearch, python-aliyun-python-sdk-imageseg, python-aliyun-python-sdk-imgsearch, python-aliyun-python-sdk-imm, python-aliyun-python-sdk-industry-brain, python-aliyun-python-sdk-iot, python-aliyun-python-sdk-iqa, python-aliyun-python-sdk-ivision, python-aliyun-python-sdk-ivpd, python-aliyun-python-sdk-jaq, python-aliyun-python-sdk-jarvis, python-aliyun-python-sdk-jarvis-public, python-aliyun-python-sdk-kms, python-aliyun-python-sdk-ledgerdb, python-aliyun-python-sdk-linkedmall, python-aliyun-python-sdk-linkface, python-aliyun-python-sdk-linkwan, python-aliyun-python-sdk-live, python-aliyun-python-sdk-lubancloud, python-aliyun-python-sdk-market, python-aliyun-python-sdk-mopen, python-aliyun-python-sdk-mts, python-aliyun-python-sdk-multimediaai, python-aliyun-python-sdk-nas, python-aliyun-python-sdk-netana, python-aliyun-python-sdk-nlp-automl, python-aliyun-python-sdk-nls-cloud-meta, python-aliyun-python-sdk-objectdet, python-aliyun-python-sdk-ocr, python-aliyun-python-sdk-ocs, python-aliyun-python-sdk-oms, python-aliyun-python-sdk-ons, python-aliyun-python-sdk-onsmqtt, python-aliyun-python-sdk-oos, python-aliyun-python-sdk-openanalytics, python-aliyun-python-sdk-openanalytics-open, python-aliyun-python-sdk-opensearch, python-aliyun-python-sdk-ossadmin, python-aliyun-python-sdk-ots, python-aliyun-python-sdk-outboundbot, python-aliyun-python-sdk-paistudio, python-aliyun-python-sdk-petadata, python-aliyun-python-sdk-polardb, python-aliyun-python-sdk-productcatalog, python-aliyun-python-sdk-pts, python-aliyun-python-sdk-push, python-aliyun-python-sdk-pvtz, python-aliyun-python-sdk-qualitycheck, python-aliyun-python-sdk-quickbi-public, python-aliyun-python-sdk-r-kvstore, python-aliyun-python-sdk-ram, python-aliyun-python-sdk-rdc, python-aliyun-python-sdk-rds, python-aliyun-python-sdk-reid, python-aliyun-python-sdk-resourcemanager, python-aliyun-python-sdk-retailcloud, python-aliyun-python-sdk-risk, python-aliyun-python-sdk-ros, python-aliyun-python-sdk-rtc, python-aliyun-python-sdk-sae, python-aliyun-python-sdk-saf, python-aliyun-python-sdk-sas, python-aliyun-python-sdk-sas-api, python-aliyun-python-sdk-scdn, python-aliyun-python-sdk-schedulerx2, python-aliyun-python-sdk-sddp, python-aliyun-python-sdk-slb, python-aliyun-python-sdk-smartag, python-aliyun-python-sdk-smc, python-aliyun-python-sdk-snsuapi, python-aliyun-python-sdk-status, python-aliyun-python-sdk-sts, python-aliyun-python-sdk-tag, python-aliyun-python-sdk-tesladam, python-aliyun-python-sdk-teslamaxcompute, python-aliyun-python-sdk-teslastream, python-aliyun-python-sdk-trademark, python-aliyun-python-sdk-ubsms, python-aliyun-python-sdk-uis, python-aliyun-python-sdk-unimkt, python-aliyun-python-sdk-vcs, python-aliyun-python-sdk-viapiutils, python-aliyun-python-sdk-videoenhan, python-aliyun-python-sdk-videorecog, python-aliyun-python-sdk-videosearch, python-aliyun-python-sdk-videoseg, python-aliyun-python-sdk-visionai, python-aliyun-python-sdk-visionai-poc, python-aliyun-python-sdk-vod, python-aliyun-python-sdk-voicenavigator, python-aliyun-python-sdk-vpc, python-aliyun-python-sdk-vs, python-aliyun-python-sdk-waf-openapi, python-aliyun-python-sdk-webplus, python-aliyun-python-sdk-welfare-inner, python-aliyun-python-sdk-workorder, python-aliyun-python-sdk-xspace, python-aliyun-python-sdk-xtrace, python-aliyun-python-sdk-yundun, python-aliyun-python-sdk-yundun-ds, python-pycryptodome
Type	recommended
Severity	moderate
References	1175230

Description:

This update for python-aliyun-python-sdk, python-aliyun-python-sdk-aas, python-aliyun-python-sdk-acm, python-aliyun-python-sdk-acms-open, python-aliyun-python-sdk-actiontrail, python-aliyun-python-sdk-adb, python-aliyun-python-sdk-address-purification, python-aliyun-python-sdk-aegis, python-aliyun-python-sdk-afs, python-aliyun-python-sdk-airec, python-aliyun-python-sdk-alidns, python-aliyun-python-sdk-aligreen-console, python-aliyun-python-sdk-alimt, python-aliyun-python-sdk-alinlp, python-aliyun-python-sdk-aliyuncvc, python-aliyun-python-sdk-amqp-open, python-aliyun-python-sdk-appmallsservice, python-aliyun-python-sdk-arms, python-aliyun-python-sdk-arms4finance, python-aliyun-python-sdk-baas, python-aliyun-python-sdk-brinekingdom, python-aliyun-python-sdk-bss, python-aliyun-python-sdk-bssopenapi, python-aliyun-python-sdk-cams, python-aliyun-python-sdk-cas, python-aliyun-python-sdk-cassandra, python-aliyun-python-sdk-cbn, python-aliyun-python-sdk-ccc, python-aliyun-python-sdk-ccs, python-aliyun-python-sdk-cdn, python-aliyun-python-sdk-chatbot, python-aliyun-python-sdk-clickhouse, python-aliyun-python-sdk-cloudapi, python-aliyun-python-sdk-cloudauth, python-aliyun-python-sdk-cloudesl, python-aliyun-python-sdk-cloudgame, python-aliyun-python-sdk-cloudmarketing, python-aliyun-python-sdk-cloudphoto, python-aliyun-python-sdk-cloudwf, python-aliyun-python-sdk-cms, python-aliyun-python-sdk-codeup, python-aliyun-python-sdk-companyreg, python-aliyun-python-sdk-core, python-aliyun-python-sdk-cr, python-aliyun-python-sdk-crm, python-aliyun-python-sdk-cs, python-aliyun-python-sdk-csb, python-aliyun-python-sdk-cspro, python-aliyun-python-sdk-cusanalytic_sc_online, python-aliyun-python-sdk-das, python-aliyun-python-sdk-dataworks-public, python-aliyun-python-sdk-dbfs, python-aliyun-python-sdk-dbs, python-aliyun-python-sdk-dcdn, python-aliyun-python-sdk-dds, python-aliyun-python-sdk-democenter, python-aliyun-python-sdk-devops-rdc, python-aliyun-python-sdk-dms-enterprise, python-aliyun-python-sdk-domain, python-aliyun-python-sdk-domain-intl, python-aliyun-python-sdk-drds, python-aliyun-python-sdk-dts, python-aliyun-python-sdk-dybaseapi, python-aliyun-python-sdk-dyplsapi, python-aliyun-python-sdk-dypnsapi, python-aliyun-python-sdk-dysmsapi, python-aliyun-python-sdk-dyvmsapi, python-aliyun-python-sdk-eas, python-aliyun-python-sdk-eci, python-aliyun-python-sdk-ecs, python-aliyun-python-sdk-edas, python-aliyun-python-sdk-ehpc, python-aliyun-python-sdk-elasticsearch, python-aliyun-python-sdk-emr, python-aliyun-python-sdk-ens, python-aliyun-python-sdk-ess, python-aliyun-python-sdk-faas, python-aliyun-python-sdk-facebody, python-aliyun-python-sdk-fnf, python-aliyun-python-sdk-foas, python-aliyun-python-sdk-ft, python-aliyun-python-sdk-geoip, python-aliyun-python-sdk-goodstech, python-aliyun-python-sdk-gpdb, python-aliyun-python-sdk-green, python-aliyun-python-sdk-gts-phd, python-aliyun-python-sdk-hbase, python-aliyun-python-sdk-hbr, python-aliyun-python-sdk-highddos, python-aliyun-python-sdk-hiknoengine, python-aliyun-python-sdk-hivisengine, python-aliyun-python-sdk-hpc, python-aliyun-python-sdk-hsm, python-aliyun-python-sdk-httpdns, python-aliyun-python-sdk-imageaudit, python-aliyun-python-sdk-imageenhan, python-aliyun-python-sdk-imageprocess, python-aliyun-python-sdk-imagerecog, python-aliyun-python-sdk-imagesearch, python-aliyun-python-sdk-imageseg, python-aliyun-python-sdk-imgsearch, python-aliyun-python-sdk-imm, python-aliyun-python-sdk-industry-brain, python-aliyun-python-sdk-iot, python-aliyun-python-sdk-iqa, python-aliyun-python-sdk-ivision, python-aliyun-python-sdk-ivpd, python-aliyun-python-sdk-jaq, python-aliyun-python-sdk-jarvis, python-aliyun-python-sdk-jarvis-public, python-aliyun-python-sdk-kms, python-aliyun-python-sdk-ledgerdb, python-aliyun-python-sdk-linkedmall, python-aliyun-python-sdk-linkface, python-aliyun-python-sdk-linkwan, python-aliyun-python-sdk-live, python-aliyun-python-sdk-lubancloud, python-aliyun-python-sdk-market, python-aliyun-python-sdk-mopen, python-aliyun-python-sdk-mts, python-aliyun-python-sdk-multimediaai, python-aliyun-python-sdk-nas, python-aliyun-python-sdk-netana, python-aliyun-python-sdk-nlp-automl, python-aliyun-python-sdk-nls-cloud-meta, python-aliyun-python-sdk-objectdet, python-aliyun-python-sdk-ocr, python-aliyun-python-sdk-ocs, python-aliyun-python-sdk-oms, python-aliyun-python-sdk-ons, python-aliyun-python-sdk-onsmqtt, python-aliyun-python-sdk-oos, python-aliyun-python-sdk-openanalytics, python-aliyun-python-sdk-openanalytics-open, python-aliyun-python-sdk-opensearch, python-aliyun-python-sdk-ossadmin, python-aliyun-python-sdk-ots, python-aliyun-python-sdk-outboundbot, python-aliyun-python-sdk-paistudio, python-aliyun-python-sdk-petadata, python-aliyun-python-sdk-polardb, python-aliyun-python-sdk-productcatalog, python-aliyun-python-sdk-pts, python-aliyun-python-sdk-push, python-aliyun-python-sdk-pvtz, python-aliyun-python-sdk-qualitycheck, python-aliyun-python-sdk-quickbi-public, python-aliyun-python-sdk-r-kvstore, python-aliyun-python-sdk-ram, python-aliyun-python-sdk-rdc, python-aliyun-python-sdk-rds, python-aliyun-python-sdk-reid, python-aliyun-python-sdk-resourcemanager, python-aliyun-python-sdk-retailcloud, python-aliyun-python-sdk-risk, python-aliyun-python-sdk-ros, python-aliyun-python-sdk-rtc, python-aliyun-python-sdk-sae, python-aliyun-python-sdk-saf, python-aliyun-python-sdk-sas, python-aliyun-python-sdk-sas-api, python-aliyun-python-sdk-scdn, python-aliyun-python-sdk-schedulerx2, python-aliyun-python-sdk-sddp, python-aliyun-python-sdk-slb, python-aliyun-python-sdk-smartag, python-aliyun-python-sdk-smc, python-aliyun-python-sdk-snsuapi, python-aliyun-python-sdk-status, python-aliyun-python-sdk-sts, python-aliyun-python-sdk-tag, python-aliyun-python-sdk-tesladam, python-aliyun-python-sdk-teslamaxcompute, python-aliyun-python-sdk-teslastream, python-aliyun-python-sdk-trademark, python-aliyun-python-sdk-ubsms, python-aliyun-python-sdk-uis, python-aliyun-python-sdk-unimkt, python-aliyun-python-sdk-vcs, python-aliyun-python-sdk-viapiutils, python-aliyun-python-sdk-videoenhan, python-aliyun-python-sdk-videorecog, python-aliyun-python-sdk-videosearch, python-aliyun-python-sdk-videoseg, python-aliyun-python-sdk-visionai, python-aliyun-python-sdk-visionai-poc, python-aliyun-python-sdk-vod, python-aliyun-python-sdk-voicenavigator, python-aliyun-python-sdk-vpc, python-aliyun-python-sdk-vs, python-aliyun-python-sdk-waf-openapi, python-aliyun-python-sdk-webplus, python-aliyun-python-sdk-welfare-inner, python-aliyun-python-sdk-workorder, python-aliyun-python-sdk-xspace, python-aliyun-python-sdk-xtrace, python-aliyun-python-sdk-yundun, python-aliyun-python-sdk-yundun-ds, python-pycryptodome contains the following changes:
Initial shipment for Alibaba Cloud SDK and dependencies. (bsc#1175230, jsc#ECO-2011, jsc#PM-1919)
The following packages are being added: python-aliyun-python-sdk-aas python-aliyun-python-sdk-acms-open python-aliyun-python-sdk-acm python-aliyun-python-sdk-actiontrail python-aliyun-python-sdk-adb python-aliyun-python-sdk-address-purification python-aliyun-python-sdk-aegis python-aliyun-python-sdk-afs python-aliyun-python-sdk-airec python-aliyun-python-sdk-alidns python-aliyun-python-sdk-aligreen-console python-aliyun-python-sdk-alimt python-aliyun-python-sdk-alinlp python-aliyun-python-sdk-aliyuncvc python-aliyun-python-sdk-amqp-open python-aliyun-python-sdk-appmallsservice python-aliyun-python-sdk-arms4finance python-aliyun-python-sdk-arms python-aliyun-python-sdk-baas python-aliyun-python-sdk-brinekingdom python-aliyun-python-sdk-bssopenapi python-aliyun-python-sdk-bss python-aliyun-python-sdk-cams python-aliyun-python-sdk-cassandra python-aliyun-python-sdk-cas python-aliyun-python-sdk-cbn python-aliyun-python-sdk-ccc python-aliyun-python-sdk-ccs python-aliyun-python-sdk-cdn python-aliyun-python-sdk-chatbot python-aliyun-python-sdk-clickhouse python-aliyun-python-sdk-cloudapi python-aliyun-python-sdk-cloudauth python-aliyun-python-sdk-cloudesl python-aliyun-python-sdk-cloudgame python-aliyun-python-sdk-cloudmarketing python-aliyun-python-sdk-cloudphoto python-aliyun-python-sdk-cloudwf python-aliyun-python-sdk-cms python-aliyun-python-sdk-codeup python-aliyun-python-sdk-companyreg python-aliyun-python-sdk-core python-aliyun-python-sdk-crm python-aliyun-python-sdk-cr python-aliyun-python-sdk-csb python-aliyun-python-sdk-cspro python-aliyun-python-sdk-cs python-aliyun-python-sdk-cusanalytic_sc_online python-aliyun-python-sdk-das python-aliyun-python-sdk-dataworks-public python-aliyun-python-sdk-dbfs python-aliyun-python-sdk-dbs python-aliyun-python-sdk-dcdn python-aliyun-python-sdk-dds python-aliyun-python-sdk-democenter python-aliyun-python-sdk-devops-rdc python-aliyun-python-sdk-dms-enterprise python-aliyun-python-sdk-domain-intl python-aliyun-python-sdk-domain python-aliyun-python-sdk-drds python-aliyun-python-sdk-dts python-aliyun-python-sdk-dybaseapi python-aliyun-python-sdk-dyplsapi python-aliyun-python-sdk-dypnsapi python-aliyun-python-sdk-dysmsapi python-aliyun-python-sdk-dyvmsapi python-aliyun-python-sdk-eas python-aliyun-python-sdk-eci python-aliyun-python-sdk-ecs python-aliyun-python-sdk-edas python-aliyun-python-sdk-ehpc python-aliyun-python-sdk-elasticsearch python-aliyun-python-sdk-emr python-aliyun-python-sdk-ens python-aliyun-python-sdk-ess python-aliyun-python-sdk-faas python-aliyun-python-sdk-facebody python-aliyun-python-sdk-fnf python-aliyun-python-sdk-foas python-aliyun-python-sdk-ft python-aliyun-python-sdk-geoip python-aliyun-python-sdk-goodstech python-aliyun-python-sdk-gpdb python-aliyun-python-sdk-green python-aliyun-python-sdk-gts-phd python-aliyun-python-sdk-hbase python-aliyun-python-sdk-hbr python-aliyun-python-sdk-highddos python-aliyun-python-sdk-hiknoengine python-aliyun-python-sdk-hivisengine python-aliyun-python-sdk-hpc python-aliyun-python-sdk-hsm python-aliyun-python-sdk-httpdns python-aliyun-python-sdk-imageaudit python-aliyun-python-sdk-imageenhan python-aliyun-python-sdk-imageprocess python-aliyun-python-sdk-imagerecog python-aliyun-python-sdk-imagesearch python-aliyun-python-sdk-imageseg python-aliyun-python-sdk-imgsearch python-aliyun-python-sdk-imm python-aliyun-python-sdk-industry-brain python-aliyun-python-sdk-iot python-aliyun-python-sdk-iqa python-aliyun-python-sdk-ivision python-aliyun-python-sdk-ivpd python-aliyun-python-sdk-jaq python-aliyun-python-sdk-jarvis-public python-aliyun-python-sdk-jarvis python-aliyun-python-sdk-kms python-aliyun-python-sdk-ledgerdb python-aliyun-python-sdk-linkedmall python-aliyun-python-sdk-linkface python-aliyun-python-sdk-linkwan python-aliyun-python-sdk-live python-aliyun-python-sdk-lubancloud python-aliyun-python-sdk-market python-aliyun-python-sdk-mopen python-aliyun-python-sdk-mts python-aliyun-python-sdk-multimediaai python-aliyun-python-sdk-nas python-aliyun-python-sdk-netana python-aliyun-python-sdk-nlp-automl python-aliyun-python-sdk-nls-cloud-meta python-aliyun-python-sdk-objectdet python-aliyun-python-sdk-ocr python-aliyun-python-sdk-ocs python-aliyun-python-sdk-oms python-aliyun-python-sdk-onsmqtt python-aliyun-python-sdk-ons python-aliyun-python-sdk-oos python-aliyun-python-sdk-openanalytics-open python-aliyun-python-sdk-openanalytics python-aliyun-python-sdk-opensearch python-aliyun-python-sdk-ossadmin python-aliyun-python-sdk-ots python-aliyun-python-sdk-outboundbot python-aliyun-python-sdk-paistudio python-aliyun-python-sdk-petadata python-aliyun-python-sdk-polardb python-aliyun-python-sdk-productcatalog python-aliyun-python-sdk-pts python-aliyun-python-sdk-push python-aliyun-python-sdk-pvtz python-aliyun-python-sdk-qualitycheck python-aliyun-python-sdk-quickbi-public python-aliyun-python-sdk-ram python-aliyun-python-sdk-rdc python-aliyun-python-sdk-rds python-aliyun-python-sdk-reid python-aliyun-python-sdk-resourcemanager python-aliyun-python-sdk-retailcloud python-aliyun-python-sdk-risk python-aliyun-python-sdk-r-kvstore python-aliyun-python-sdk-ros python-aliyun-python-sdk-rtc python-aliyun-python-sdk-sae python-aliyun-python-sdk-saf python-aliyun-python-sdk-sas-api python-aliyun-python-sdk-sas python-aliyun-python-sdk-scdn python-aliyun-python-sdk-schedulerx2 python-aliyun-python-sdk-sddp python-aliyun-python-sdk-slb python-aliyun-python-sdk-smartag python-aliyun-python-sdk-smc python-aliyun-python-sdk-snsuapi python-aliyun-python-sdk-status python-aliyun-python-sdk-sts python-aliyun-python-sdk python-aliyun-python-sdk-tag python-aliyun-python-sdk-tesladam python-aliyun-python-sdk-teslamaxcompute python-aliyun-python-sdk-teslastream python-aliyun-python-sdk-trademark python-aliyun-python-sdk-ubsms python-aliyun-python-sdk-uis python-aliyun-python-sdk-unimkt python-aliyun-python-sdk-vcs python-aliyun-python-sdk-viapiutils python-aliyun-python-sdk-videoenhan python-aliyun-python-sdk-videorecog python-aliyun-python-sdk-videosearch python-aliyun-python-sdk-videoseg python-aliyun-python-sdk-visionai-poc python-aliyun-python-sdk-visionai python-aliyun-python-sdk-vod python-aliyun-python-sdk-voicenavigator python-aliyun-python-sdk-vpc python-aliyun-python-sdk-vs python-aliyun-python-sdk-waf-openapi python-aliyun-python-sdk-webplus python-aliyun-python-sdk-welfare-inner python-aliyun-python-sdk-workorder python-aliyun-python-sdk-xspace python-aliyun-python-sdk-xtrace python-aliyun-python-sdk-yundun-ds python-aliyun-python-sdk-yundun python-pycryptodome

Advisory ID	SUSE-SU-2020:2951-1
Released	Fri Oct 16 16:09:38 2020
Summary	Security update for transfig
Type	security
Severity	moderate
References	1143650,CVE-2019-14275

Description:

This update for transfig fixes the following issues:
Security issue fixed:

CVE-2019-14275: Fixed stack-based buffer overflow in the calc_arrow function (bsc#1143650).

Advisory ID	SUSE-RU-2020:2958-1
Released	Tue Oct 20 12:24:55 2020
Summary	Recommended update for procps
Type	recommended
Severity	moderate
References	1158830

Description:

This update for procps fixes the following issues:

Fixes an issue when command 'ps -C' does not allow anymore an argument longer than 15 characters. (bsc#1158830)

Advisory ID	SUSE-RU-2020:2965-1
Released	Tue Oct 20 13:27:21 2020
Summary	Recommended update for cni, cni-plugins
Type	recommended
Severity	moderate
References	1172786

Description:

This update ships cni and cni-plugins to the Public Cloud Module of SUSE Linux Enterprise 15 SP2.

Advisory ID	SUSE-SU-2020:2966-1
Released	Tue Oct 20 16:03:58 2020
Summary	Security update for hunspell
Type	security
Severity	low
References	1151867,CVE-2019-16707

Description:

This update for hunspell fixes the following issues:

CVE-2019-16707: Fixed an invalid read in SuggestMgr:leftcommonsubstring (bsc#1151867).

Advisory ID	SUSE-RU-2020:2971-1
Released	Tue Oct 20 16:41:36 2020
Summary	Recommended update for shim-susesigned
Type	recommended
Severity	moderate
References	1177315

Description:

This update contains changes needed for Common criteria certification.
shim:

add a temporary shim loader EFI signed by SUSE that contains additional checks of Extended Key Usage for Codesigning (bsc#1177315)

The Common Criteria system role for 15-SP2 was adjusted:

Configure alternative shim (bsc#1177315)
Remove curve25519-sha256@libssh.org as it doesn't work in fips mode
doc: logrotate is started via timer

Advisory ID	SUSE-RU-2020:2983-1
Released	Wed Oct 21 15:03:03 2020
Summary	Recommended update for file
Type	recommended
Severity	moderate
References	1176123

Description:

This update for file fixes the following issues:

Fixes an issue when file displays broken 'ELF' interpreter. (bsc#1176123)

Advisory ID	SUSE-RU-2020:2985-1
Released	Wed Oct 21 15:11:39 2020
Summary	Recommended update for prometheus-ha_cluster_exporter
Type	recommended
Severity	moderate
References

Description:

This update for prometheus-ha_cluster_exporter fixes the following issues:

Implement SBD watchdog and 'msgwait' timeout metrics.
Handle correctly corosync membership parsing with 'qdevice' enabled.

Advisory ID	SUSE-RU-2020:2992-1
Released	Thu Oct 22 09:10:59 2020
Summary	Recommended update for prometheus-hanadb_exporter
Type	recommended
Severity	moderate
References

Description:

This update for prometheus-hanadb_exporter fixes the following issue:
Release 0.7.2

Lookup for `/usr/etc` and the fallback `/etc` directory for config files.

Advisory ID	SUSE-RU-2020:2994-1
Released	Thu Oct 22 09:11:50 2020
Summary	Recommended update for grafana-sap-netweaver-dashboards
Type	recommended
Severity	moderate
References	1177229

Description:

This update for grafana-sap-netweaver-dashboards fixes the following issue:
Release 1.0.3

Add variable for prometheus datasource. (bsc#1177229)

Advisory ID	SUSE-SU-2020:2995-1
Released	Thu Oct 22 10:03:09 2020
Summary	Security update for freetype2
Type	security
Severity	important
References	1177914,CVE-2020-15999

Description:

This update for freetype2 fixes the following issues:

CVE-2020-15999: fixed a heap buffer overflow found in the handling of embedded PNG bitmaps (bsc#1177914).

Advisory ID	SUSE-RU-2020:3004-1
Released	Thu Oct 22 17:44:31 2020
Summary	Recommended update for python-shaptools, salt-shaptools, habootstrap-formula, saphanabootstrap-formula, sapnwbootstrap-formula
Type	recommended
Severity	moderate
References	1174994,1175709

Description:

python-shaptools:

Fix how HANA database is started and stopped to work in multi host environment. sapcontrol commands are used instead of HDB now. (jsc#SLE-4047)
Fix issue when secondary registration fails after a successful 'SSFS' files copy process. (bsc#1175709) Now the registration return code will be checked in the new call.

salt-shaptools:

Fix how HANA database is started and stopped to work in multi host environment. sapcontrol commands are used instead of HDB now. (jsc#SLE-4047)

habootstrap-formula:

Update the prevalidation logic to check for valid sbd entries (jsc#SLE-4047)
Improve Formula with form description (jsc#SLE-4047)
Update the SUMA form.yml file and prevalidation state with latest changes in project
Include the pillar example file in package. (bsc#1174994)
Fix how HANA database is started and stopped to work in multi host environment. sapcontrol commands are used instead of HDB now. (jsc#SLE-4047)

saphanabootstrap-formula:

Update the package version after SUMA form update and extraction logic update (jsc#SLE-4047)
Fix the hana media extraction and installation logics when using exe archives
Update the SUMA hana form metadata, to show hana form under SAP deployment group
Update SUMA form.yml file and prevalidation state with latest changes in formula
Change the default 'hana_extract_dir' hana media extraction location
Remove copy of config files for exporters since we use /usr/etc
Include the pillar example file in package. (bsc#1174994, jsc#SLE-4047)
Add hana active/active resources to the cluster template
Change `route_table` by `route_name` to make the variable usage more meaningful
Add support to extract zip,rar,exe,sar hana media
This change in non backward compatible. The variable hdbserver_extract_dir is replaced by hana_extract_dir
Fix provisioning of hanadb_exporter in SLE12, where python3-pip must be always installed.
Fix how HANA database is started and stopped to work in multi host environment. sapcontrol commands are used instead of HDB now. (jsc#SLE-4047)

sapnwbootstrap-formula:

Create SUMA form based on latest pillar and formula data (jsc#SLE-4047)
Implement the differences between ENSA1 and ENSA2 versions
Add the keepalive configuration changes
Include the pillar example file in package. (bsc#1174994, jsc#SLE-4047)
Add support to extract nw media archives. This change is non backward compatible.
Remove default swpm installer extract directory and add nw_extract_dir variable to store all extracted NW media
Fix how HANA database is started and stopped to work in multi host environment. sapcontrol commands are used instead of HDB now. (jsc#SLE-4047)

Advisory ID	SUSE-RU-2020:3007-1
Released	Thu Oct 22 17:51:48 2020
Summary	Recommended update for lifecycle-data-sle-module-live-patching
Type	recommended
Severity	moderate
References	1020320

Description:

This update for lifecycle-data-sle-module-live-patching fixes the following issues:

Added data for 4_12_14-150_58, 4_12_14-197_51, 4_12_14-197_56, 5_3_18-24_12, 5_3_18-24_15. (bsc#1020320)

Advisory ID	SUSE-RU-2020:3012-1
Released	Thu Oct 22 22:36:57 2020
Summary	Recommended update for sysstat
Type	recommended
Severity	moderate
References	1174227

Description:

This update for sysstat fixes the following issues:

Fix for an issue when 'iowait' output of 'sar' can also decrement as a result of inaccurate tracking. (bsc#1174227)

Advisory ID	SUSE-SU-2020:3021-1
Released	Fri Oct 23 14:20:03 2020
Summary	Security update for MozillaFirefox
Type	security
Severity	important
References	1176756,1177872,CVE-2020-15683,CVE-2020-15969

Description:

This update for MozillaFirefox fixes the following issues:

Firefox Extended Support Release 78.4.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2020-46 (bsc#1177872, bsc#1176756) * CVE-2020-15969 Use-after-free in usersctp * CVE-2020-15683 Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 * Fixed: Fixed legacy preferences not being properly applied when set via GPO

Advisory ID	SUSE-RU-2020:3025-1
Released	Fri Oct 23 15:33:09 2020
Summary	Recommended update for myspell-dictionaries
Type	recommended
Severity	moderate
References	1176716

Description:

This update of myspell-dictionaries provides the following fix:

Ship the de_AT and de_CH dictionaries to the SLE Basesystem 15-SP2 module. (bsc#1176716)

Advisory ID	SUSE-OU-2020:3026-1
Released	Fri Oct 23 15:35:51 2020
Summary	Optional update for the Public Cloud Module
Type	optional
Severity	moderate
References

Description:

This update adds the Google Cloud Storage packages to the Public Cloud module (jsc#ECO-2398). The following packages were included:

python3-grpcio
python3-protobuf
python3-google-api-core
python3-google-cloud-core
python3-google-cloud-storage
python3-google-resumable-media
python3-googleapis-common-protos
python3-grpcio-gcp
python3-mock (updated to version 3.0.5)

Advisory ID	SUSE-RU-2020:3041-1
Released	Tue Oct 27 09:25:30 2020
Summary	Recommended update for java-1_8_0-ibm
Type	recommended
Severity	moderate
References	1175295

Description:

This update for java-1_8_0-ibm fixes the following issues:

Fix a Java ifix for z15 compression problem. (bsc#1175295)

Advisory ID	SUSE-RU-2020:3046-1
Released	Tue Oct 27 14:41:21 2020
Summary	Recommended update for shim-susesigned
Type	recommended
Severity	moderate
References	1177315

Description:

This update for shim-susesigned fixes the following issues:

Fix a buffer use-after-free at the end of the EKU verification in shim-susesigned (bsc#1177315)

Advisory ID	SUSE-RU-2020:3058-1
Released	Wed Oct 28 06:11:14 2020
Summary	Recommended update for catatonit
Type	recommended
Severity	moderate
References	1176155

Description:

This update for catatonit fixes the following issues:

Fixes an issue when catatonit hangs when process dies in very specific way. (bsc#1176155)

Advisory ID	SUSE-RU-2020:3059-1
Released	Wed Oct 28 06:11:23 2020
Summary	Recommended update for sysconfig
Type	recommended
Severity	moderate
References	1173391,1176285,1176325

Description:

This update for sysconfig fixes the following issues:

Fix for 'netconfig' to run with a new library including fallback to the previous location. (bsc#1176285)
Fix for changing content of such files like '/etc/resolv.conf' to avoid linked applications re-read them and unnecessarily re-initializes themselves accordingly. (bsc#1176325)
Fix for 'chrony helper' calling in background. (bsc#1173391)
Fix for configuration file by creating a symlink for it to prevent false ownership on the file. (bsc#1159566)

Advisory ID	SUSE-SU-2020:3060-1
Released	Wed Oct 28 08:09:21 2020
Summary	Security update for binutils
Type	security
Severity	moderate
References	1126826,1126829,1126831,1140126,1142649,1143609,1153768,1153770,1157755,1160254,1160590,1163333,1163744,CVE-2019-12972,CVE-2019-14250,CVE-2019-14444,CVE-2019-17450,CVE-2019-17451,CVE-2019-9074,CVE-2019-9075,CVE-2019-9077

Description:

This update for binutils fixes the following issues:
binutils was updated to version 2.35. (jsc#ECO-2373)
Update to binutils 2.35:

The assembler can now produce DWARF-5 format line number tables.
Readelf now has a 'lint' mode to enable extra checks of the files it is processing.
Readelf will now display '[...]' when it has to truncate a symbol name. The old behaviour - of displaying as many characters as possible, up to the 80 column limit - can be restored by the use of the --silent-truncation option.
The linker can now produce a dependency file listing the inputs that it has processed, much like the -M -MP option supported by the compiler.

fix DT_NEEDED order with -flto [bsc#1163744]

Update to binutils 2.34:

The disassembler (objdump --disassemble) now has an option to generate ascii art thats show the arcs between that start and end points of control flow instructions.
The binutils tools now have support for debuginfod. Debuginfod is a HTTP service for distributing ELF/DWARF debugging information as well as source code. The tools can now connect to debuginfod servers in order to download debug information about the files that they are processing.
The assembler and linker now support the generation of ELF format files for the Z80 architecture.

Add new subpackages for libctf and libctf-nobfd.
Disable LTO due to bsc#1163333.
Includes fixes for these CVEs: bsc#1153768 aka CVE-2019-17451 aka PR25070 bsc#1153770 aka CVE-2019-17450 aka PR25078

fix various build fails on aarch64 (PR25210, bsc#1157755).

Update to binutils 2.33.1:

Adds support for the Arm Scalable Vector Extension version 2 (SVE2) instructions, the Arm Transactional Memory Extension (TME) instructions and the Armv8.1-M Mainline and M-profile Vector Extension (MVE) instructions.
Adds support for the Arm Cortex-A76AE, Cortex-A77 and Cortex-M35P processors and the AArch64 Cortex-A34, Cortex-A65, Cortex-A65AE, Cortex-A76AE, and Cortex-A77 processors.
Adds a .float16 directive for both Arm and AArch64 to allow encoding of 16-bit floating point literals.
For MIPS, Add -m[no-]fix-loongson3-llsc option to fix (or not) Loongson3 LLSC Errata. Add a --enable-mips-fix-loongson3-llsc=[yes|no] configure time option to set the default behavior. Set the default if the configure option is not used to 'no'.
The Cortex-A53 Erratum 843419 workaround now supports a choice of which workaround to use. The option --fix-cortex-a53-843419 now takes an optional argument --fix-cortex-a53-843419[=full|adr|adrp] which can be used to force a particular workaround to be used. See --help for AArch64 for more details.
Add support for GNU_PROPERTY_AARCH64_FEATURE_1_BTI and GNU_PROPERTY_AARCH64_FEATURE_1_PAC in ELF GNU program properties in the AArch64 ELF linker.
Add -z force-bti for AArch64 to enable GNU_PROPERTY_AARCH64_FEATURE_1_BTI on output while warning about missing GNU_PROPERTY_AARCH64_FEATURE_1_BTI on inputs and use PLTs protected with BTI.
Add -z pac-plt for AArch64 to pick PAC enabled PLTs.
Add --source-comment[=] option to objdump which if present, provides a prefix to source code lines displayed in a disassembly.
Add --set-section-alignment = option to objcopy to allow the changing of section alignments.
Add --verilog-data-width option to objcopy for verilog targets to control width of data elements in verilog hex format.
The separate debug info file options of readelf (--debug-dump=links and --debug-dump=follow) and objdump (--dwarf=links and --dwarf=follow-links) will now display and/or follow multiple links if more than one are present in a file. (This usually happens when gcc's -gsplit-dwarf option is used). In addition objdump's --dwarf=follow-links now also affects its other display options, so that for example, when combined with --syms it will cause the symbol tables in any linked debug info files to also be displayed. In addition when combined with --disassemble the --dwarf= follow-links option will ensure that any symbol tables in the linked files are read and used when disassembling code in the main file.
Add support for dumping types encoded in the Compact Type Format to objdump and readelf.
Includes fixes for these CVEs: bsc#1126826 aka CVE-2019-9077 aka PR1126826 bsc#1126829 aka CVE-2019-9075 aka PR1126829 bsc#1126831 aka CVE-2019-9074 aka PR24235 bsc#1140126 aka CVE-2019-12972 aka PR23405 bsc#1143609 aka CVE-2019-14444 aka PR24829 bsc#1142649 aka CVE-2019-14250 aka PR90924

Add xBPF target
Fix various problems with DWARF 5 support in gas
fix nm -B for objects compiled with -flto and -fcommon.

Advisory ID	SUSE-RU-2020:3063-1
Released	Wed Oct 28 08:45:07 2020
Summary	Recommended update for rubygem-railties-5_1
Type	recommended
Severity	moderate
References	1174315

Description:

This update for rubygem-railties-5_1 fixes the following issue:

Fix rubygems dependencies for puma update and respect older version. (bnc#1174315)

Advisory ID	SUSE-SU-2020:3065-1
Released	Wed Oct 28 09:38:43 2020
Summary	Security update for sane-backends
Type	security
Severity	important
References	1172524,CVE-2020-12861,CVE-2020-12862,CVE-2020-12863,CVE-2020-12864,CVE-2020-12865,CVE-2020-12866,CVE-2020-12867

Description:

This update for sane-backends fixes the following issues:
sane-backends was updated to 1.0.31 to further improve hardware enablement for scanner devices (jsc#ECO-2418 jsc#SLE-15561 jsc#SLE-15560) and also fix various security issues:

CVE-2020-12861,CVE-2020-12865: Fixed an out of bounds write (bsc#1172524)
CVE-2020-12862,CVE-2020-12863,CVE-2020-12864,: Fixed an out of bounds read (bsc#1172524)
CVE-2020-12866,CVE-2020-12867: Fixed a null pointer dereference (bsc#1172524)

The upstream changelogs can be found here:

https://gitlab.com/sane-project/backends/-/releases/1.0.28
https://gitlab.com/sane-project/backends/-/releases/1.0.29
https://gitlab.com/sane-project/backends/-/releases/1.0.30
https://gitlab.com/sane-project/backends/-/releases/1.0.31

Advisory ID	SUSE-SU-2020:3068-1
Released	Wed Oct 28 11:46:10 2020
Summary	Security update for tomcat
Type	security
Severity	moderate
References	1177582,CVE-2020-13943

Description:

This update for tomcat fixes the following issues:

CVE-2020-13943: Fixed HTTP/2 Request mix-up (bsc#1177582)

Advisory ID	SUSE-RU-2020:3074-1
Released	Thu Oct 29 08:27:49 2020
Summary	Recommended update for certification-sles-eal4
Type	recommended
Severity	moderate
References	1178169

Description:

This update for certification-sles-eal4 fixes the following issues:

Fixed typo in the CC system role (bsc#1178169)

Advisory ID	SUSE-SU-2020:3091-1
Released	Thu Oct 29 16:35:37 2020
Summary	Security update for MozillaThunderbird and mozilla-nspr
Type	security
Severity	important
References	1174230,1176384,1176756,1176899,1177977,CVE-2020-15673,CVE-2020-15676,CVE-2020-15677,CVE-2020-15678,CVE-2020-15683,CVE-2020-15969

Description:

This update for MozillaThunderbird and mozilla-nspr fixes the following issues:

Mozilla Thunderbird 78.4 * new: MailExtensions: browser.tabs.sendMessage API added * new: MailExtensions: messageDisplayScripts API added * changed: Yahoo and AOL mail users using password authentication will be migrated to OAuth2 * changed: MailExtensions: messageDisplay APIs extended to support multiple selected messages * changed: MailExtensions: compose.begin functions now support creating a message with attachments * fixed: Thunderbird could freeze when updating global search index * fixed: Multiple issues with handling of self-signed SSL certificates addressed * fixed: Recipient address fields in compose window could expand to fill all available space * fixed: Inserting emoji characters in message compose window caused unexpected behavior * fixed: Button to restore default folder icon color was not keyboard accessible * fixed: Various keyboard navigation fixes * fixed: Various color-related theme fixes * fixed: MailExtensions: Updating attachments with onBeforeSend.addListener() did not work MFSA 2020-47 (bsc#1177977) * CVE-2020-15969 Use-after-free in usersctp * CVE-2020-15683 Memory safety bugs fixed in Thunderbird 78.4
Mozilla Thunderbird 78.3.3 * OpenPGP: Improved support for encrypting with subkeys * OpenPGP message status icons were not visible in message header pane * Creating a new calendar event did not require an event title
Mozilla Thunderbird 78.3.2 (bsc#1176899) * OpenPGP: Improved support for encrypting with subkeys * OpenPGP: Encrypted messages with international characters were sometimes displayed incorrectly * Single-click deletion of recipient pills with middle mouse button restored * Searching an address book list did not display results * Dark mode, high contrast, and Windows theming fixes
Mozilla Thunderbird 78.3.1 * fix crash in nsImapProtocol::CreateNewLineFromSocket
Mozilla Thunderbird 78.3.0 MFSA 2020-44 (bsc#1176756) * CVE-2020-15677 Download origin spoofing via redirect * CVE-2020-15676 XSS when pasting attacker-controlled data into a contenteditable element * CVE-2020-15678 When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after- free scenario * CVE-2020-15673 Memory safety bugs fixed in Thunderbird 78.3

update mozilla-nspr to version 4.25.1 * The macOS platform code for shared library loading was changed to support macOS 11. * Dependency needed for the MozillaThunderbird udpate

Advisory ID	SUSE-RU-2020:3099-1
Released	Thu Oct 29 19:33:41 2020
Summary	Recommended update for timezone
Type	recommended
Severity	moderate
References	1177460

Description:

This update for timezone fixes the following issues:

timezone update 2020b (bsc#1177460) * Revised predictions for Morocco's changes starting in 2023. * Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08. * Macquarie Island has stayed in sync with Tasmania since 2011. * Casey, Antarctica is at +08 in winter and +11 in summer. * zic no longer supports -y, nor the TYPE field of Rules.

Advisory ID	SUSE-RU-2020:3101-1
Released	Thu Oct 29 19:35:22 2020
Summary	Recommended update for p7zip
Type	recommended
Severity	moderate
References	1177648

Description:

This update for p7zip provides the following fix:

Add p7zip-full to SLE-Module-Basesystem 15-SP2 to fix building RPM packages that have 7z source files. (bsc#1177648)

Advisory ID	SUSE-RU-2020:3116-1
Released	Mon Nov 2 13:45:14 2020
Summary	Recommended update for dash
Type	recommended
Severity	moderate
References	1160260,1177691

Description:

This update for dash fixes the following issues:

Update to version 0.5.11.2 (bsc#1177691) * Add -fcommon to %optflags (bsc#1160260) * Fix a pathname expansion bug in dash (bsc#1177691)

Advisory ID	SUSE-RU-2020:3123-1
Released	Tue Nov 3 09:48:13 2020
Summary	Recommended update for timezone
Type	recommended
Severity	important
References	1177460,1178346,1178350,1178353

Description:

This update for timezone fixes the following issues:

Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353)
Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460)
Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460)

Advisory ID	SUSE-RU-2020:3137-1
Released	Tue Nov 3 12:13:55 2020
Summary	Recommended update for bcache-tools
Type	recommended
Severity	moderate
References	1174075,1176244

Description:

This update for bcache-tools fixes the following issues:

Remove dependency of 'smartcols' as bcache-tools code doesn't need it anymore. (jsc#SLE-9807)
Implement 'bcache-status'. (jsc#SLE-9807)
Remove the dependency on libsmartcols. (jsc#SLE-9807)
Fix for potential coredump issues. (jsc#SLE-9807)
Add more swap bitwise for different CPU endians. (jsc#SLE-9807)
Fixed an issue when an rpm macro '%{_libexecdir}' results braking packages. (bsc#1174075)
Fixed an issue when 'bcache' causing system crashing by using a legacy path. (bsc#1176244)

Advisory ID	SUSE-RU-2020:3148-1
Released	Wed Nov 4 11:04:22 2020
Summary	Recommended update for dbxtool
Type	recommended
Severity	moderate
References

Description:

This update for dbxtool fixes the following issues:
dbxtool version 8 is included in SUSE Linux Enterprise. (jsc#ECO-2560 jsc#PM-2042 jsc#SLE-16062)
This contains the dbxtool for handling and storing the UEFI DBX database, to deploy deny lists of UEFI binaries e.g. in regards to the BootHole security issue.

Advisory ID	SUSE-SU-2020:3152-1
Released	Wed Nov 4 11:07:07 2020
Summary	Security update for apache-commons-httpclient
Type	security
Severity	important
References	1178171,945190,CVE-2014-3577,CVE-2015-5262

Description:

This update for apache-commons-httpclient fixes the following issues:

http/conn/ssl/SSLConnectionSocketFactory.java ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors. [bsc#945190, CVE-2015-5262]
org.apache.http.conn.ssl.AbstractVerifier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows MITM attackers to spoof SSL servers via a 'CN=' string in a field in the distinguished name (DN) of a certificate. [bsc#1178171, CVE-2014-3577]

Advisory ID	SUSE-RU-2020:3157-1
Released	Wed Nov 4 15:37:05 2020
Summary	Recommended update for ca-certificates-mozilla
Type	recommended
Severity	moderate
References	1177864

Description:

This update for ca-certificates-mozilla fixes the following issues:
The SSL Root CA store was updated to the 2.44 state of the Mozilla NSS Certificate store (bsc#1177864)

Removed CAs:

- EE Certification Centre Root CA - Taiwan GRCA

Added CAs:

- Trustwave Global Certification Authority - Trustwave Global ECC P256 Certification Authority - Trustwave Global ECC P384 Certification Authority

Advisory ID	SUSE-SU-2020:3166-1
Released	Thu Nov 5 10:37:34 2020
Summary	Security update for wireshark
Type	security
Severity	moderate
References	1175204,1176908,1176909,1176910,CVE-2020-17498,CVE-2020-25862,CVE-2020-25863,CVE-2020-25866

Description:

This update for wireshark fixes the following issues:

Update to wireshark 3.2.7: * CVE-2020-25863: MIME Multipart dissector crash (bsc#1176908) * CVE-2020-25862: TCP dissector crash (bsc#1176909) * CVE-2020-25866: BLIP dissector crash (bsc#1176910) * CVE-2020-17498: Kafka dissector crash (bsc#1175204)

Advisory ID	SUSE-RU-2020:3248-1
Released	Fri Nov 6 17:02:05 2020
Summary	Recommended update for SUSE Manager Client Tools
Type	recommended
Severity	moderate
References	1167907,1169664

Description:

This update fixes the following issues:
dracut-saltboot:

Support autosign grains in saltboot intrd

grafana:

Update to version 7.1.5: * Features / Enhancements - Stats: Stop counting the same user multiple times. - Field overrides: Filter by field name using regex. - AzureMonitor: map more units. - Explore: Don't run queries on datasource change. - Graph: Support setting field unit & override data source (automatic) unit. - Explore: Unification of logs/metrics/traces user interface - Table: JSON Cell should try to convert strings to JSON - Variables: enables cancel for slow query variables queries. - TimeZone: unify the time zone pickers to one that can rule them all. - Search: support URL query params. - Grafana-UI: Add FileUpload. - TablePanel: Sort numbers correctly. * Bug fixes - Alerting: remove LongToWide call in alerting. - AzureMonitor: fix panic introduced in 7.1.4 when unit was unspecified and alias was used. - Variables: Fixes issue with All variable not being resolved. - Templating: Fixes so texts show in picker not the values. - Templating: Templating: Fix undefined result when using raw interpolation format - TextPanel: Fix content overflowing panel boundaries. - StatPanel: Fix stat panel display name not showing when explicitly set. - Query history: Fix search filtering if null value. - Flux: Ensure connections to InfluxDB are closed. - Dashboard: Fix for viewer can enter panel edit mode by modifying url (but cannot not save anything). - Prometheus: Fix prom links in mixed mode. - Sign In Use correct url for the Sign In button. - StatPanel: Fixes issue with name showing for single series / field results - BarGauge: Fix space bug in single series mode. - Auth: Fix POST request failures with anonymous access - Templating: Fix recursive loop of template variable queries when changing ad-hoc-variable - Templating: Fixed recursive queries triggered when switching dashboard settings view - GraphPanel: Fix annotations overflowing panels. - Prometheus: Fix performance issue in processing of histogram labels. - Datasources: Handle URL parsing error. - Security: Use Header.Set and Header.Del for X-Grafana-User header. * Changes in spec file - Fix golang version = 1.14 to avoid dependency conflicts on some OBS projects

grafana-ha-cluster-dashboards:

Add the package to the SUSE Manager Client Tools 12 channels.

grafana-sap-hana-dashboards:

Add the package to the SUSE Manager Client Tools 12 channels.

grafana-sap-netweaver-dashboards:

Add the package to the SUSE Manager Client Tools 12 channels.

grafana-sap-providers:

Add the package to the SUSE Manager Client Tools 12 channels.

mgr-daemon:

Update translation strings

spacecmd:

Python3 fixes for errata in spacecmd (bsc#1169664)
Added support for i18n of user-facing strings
Python3 fix for sorted usage (bsc#1167907)

spacewalk-client-tools:

Remove RH references in Python/Ruby localization and use the product name instead

Advisory ID	SUSE-SU-2020:3261-1
Released	Tue Nov 10 09:45:30 2020
Summary	Security update for SDL
Type	security
Severity	moderate
References	1141844,CVE-2019-13616

Description:

This update for SDL fixes the following issues:
Security issue fixed:

CVE-2019-13616: Fixed heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit (bsc#1141844).

Advisory ID	SUSE-SU-2020:3264-1
Released	Tue Nov 10 09:50:29 2020
Summary	Security update for zeromq
Type	security
Severity	moderate
References	1176116,1176256,1176257,1176258,1176259,CVE-2020-15166

Description:

This update for zeromq fixes the following issues:

CVE-2020-15166: Fixed the possibility of unauthenticated clients causing a denial-of-service (bsc#1176116).
Fixed a heap overflow when receiving malformed ZMTP v1 packets (bsc#1176256)
Fixed a memory leak in client induced by malicious server(s) without CURVE/ZAP (bsc#1176257)
Fixed memory leak when processing PUB messages with metadata (bsc#1176259)
Fixed a stack overflow in PUB/XPUB subscription store (bsc#1176258)

Advisory ID	SUSE-SU-2020:3269-1
Released	Tue Nov 10 15:57:24 2020
Summary	Security update for python-waitress
Type	security
Severity	moderate
References	1160790,1161088,1161089,1161670,CVE-2019-16785,CVE-2019-16786,CVE-2019-16789,CVE-2019-16792

Description:

This update for python-waitress to 1.4.3 fixes the following security issues:

CVE-2019-16785: HTTP request smuggling through LF vs CRLF handling (bsc#1161088).
CVE-2019-16786: HTTP request smuggling through invalid Transfer-Encoding (bsc#1161089).
CVE-2019-16789: HTTP request smuggling through invalid whitespace characters (bsc#1160790).
CVE-2019-16792: HTTP request smuggling by sending the Content-Length header twice (bsc#1161670).

Advisory ID	SUSE-SU-2020:3271-1
Released	Tue Nov 10 19:05:17 2020
Summary	Security update for ucode-intel
Type	security
Severity	moderate
References	1170446,1173594,CVE-2020-8695,CVE-2020-8698

Description:

This update

Intel
CVE-2020-8695:
CVE-2020-8698:

# New Platforms: | Processor |:---------------|:-- | TGL | B1 | CPX-SP | A1 | CML-H | R1 | CML-S62 | G1 | CML-S102 | Q0 | CML-U62 V2 | K0 # Updated Platforms: | Processor |:---------------|:-- | GKL-R | R0 | SKL-U/Y | D0 | SKL-U23e | K1 | APL | D0 | APL | E0 | SKL-H/S | HSX-E/EP | SKX-SP | B1 | SKX-SP | SKX-D | M1 | CLX-SP | B0 | CLX-SP | B1 | ICL-U/Y | D1 | AML-Y22 | H0 | KBL-U/Y | H0 | CFL-U43e | D0 | WHL-U | W0 | AML-Y42 | V0 | CML-Y42 | V0 | WHL-U | V0 | KBL-G/H/S/E3 | B0 | CFL-H/S/E3 | U0 | CFL-S | B0 | CFL-H/S | P0 | CFL-H | R0 | CML-U62 | A0 for ucode-intel fixes the following issues: CPU Microcode updated to 20201027 pre-release Fixed Intel RAPL sidechannel attack (SGX) (bsc#1170446) Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594) | Stepping | F-M-S/PI | Old Ver | New Ver | Products -------|:------------|:---------|:---------|:--------- | 06-8c-01/80 | | 00000068 | Core Gen11 Mobile | 06-55-0b/bf | | 0700001e | Xeon Scalable Gen3 | 06-a5-02/20 | | 000000e0 | Core Gen10 Mobile | 06-a5-03/22 | | 000000e0 | Core Gen10 | 06-a5-05/22 | | 000000e0 | Core Gen10 | 06-a6-01/80 | | 000000e0 | Core Gen10 Mobile | Stepping | F-M-S/PI | Old Ver | New Ver | Products -------|:------------|:---------|:---------|:--------- | 06-7a-08/01 | 00000016 | 00000018 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile | 06-5c-09/03 | 00000038 | 00000040 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx | 06-5c-0a/03 | 00000016 | 0000001e | Atom x5-E39xx | R0/N0 | 06-5e-03/36 | 000000d6 | 000000e2 | Core Gen6; Xeon E3 v5 | Cx/M1 | 06-3f-02/6f | 00000043 | 00000044 | Core Gen4 X series; Xeon E5 v3 | 06-55-03/97 | 01000157 | 01000159 | Xeon Scalable | H0/M0/U0 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon Scalable | 06-55-04/b7 | 02006906 | 02006a08 | Xeon D-21xx | 06-55-06/bf | 04002f01 | 04003003 | Xeon Scalable Gen2 | 06-55-07/bf | 05002f01 | 05003003 | Xeon Scalable Gen2 | 06-7e-05/80 | 00000078 | 000000a0 | Core Gen10 Mobile | 06-8e-09/10 | 000000d6 | 000000de | Core Gen8 Mobile | 06-8e-09/c0 | 000000d6 | 000000de | Core Gen7 Mobile | 06-8e-0a/c0 | 000000d6 | 000000e0 | Core Gen8 Mobile | 06-8e-0b/d0 | 000000d6 | 000000de | Core Gen8 Mobile | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen8 Mobile | 06-9e-09/2a | 000000d6 | 000000de | Core Gen7; Xeon E3 v6 | 06-9e-0a/22 | 000000d6 | 000000de | Core Gen8 Desktop, Mobile, Xeon E | 06-9e-0b/02 | 000000d6 | 000000de | Core Gen8 | 06-9e-0c/22 | 000000d6 | 000000de | Core Gen9 | 06-9e-0d/22 | 000000d6 | 000000de | Core Gen9 Mobile | 06-a6-00/80 | 000000ca | 000000e0 | Core Gen10 Mobile

Advisory ID	SUSE-RU-2020:3308-1
Released	Thu Nov 12 14:20:07 2020
Summary	Recommended update for sysstat
Type	recommended
Severity	moderate
References	1177747

Description:

This update for sysstat fixes the following issues:

Fix iostat switch '-y' to display the correct results. (bsc#1177747)

Advisory ID	SUSE-SU-2020:3312-1
Released	Thu Nov 12 16:05:57 2020
Summary	Security update for MozillaFirefox
Type	security
Severity	important
References	1178588,CVE-2020-26950

Description:

This update for MozillaFirefox fixes the following issues:

Firefox Extended Support Release 78.4.1 ESR * Fixed: Security fix MFSA 2020-49 (bsc#1178588) * CVE-2020-26950 (bmo#1675905) Write side effects in MCallGetProperty opcode not accounted for

Advisory ID	SUSE-RU-2020:3317-1
Released	Fri Nov 13 08:53:23 2020
Summary	Recommended update for SAPHanaSR-ScaleOut
Type	recommended
Severity	moderate
References	1144729,1174610,1176330

Description:

This update for SAPHanaSR-ScaleOut fixes the following issues:

adapt man page SAPHanaSR-showAttr(8) and the README. (bsc#1144729)
Fixed an issue when takeover in maintenance mode master node still has PROMOTED status. (bsc#1176330)
Score of secondary in takeover phase increased from 122 to 145 to avoid promotion of former primary masternameserver candidates. (bsc#1174610)
Fixed typos and improved descriptions in comments.
Change default timeouts and intervals to match the official recommendations.

Advisory ID	SUSE-RU-2020:3321-1
Released	Fri Nov 13 13:16:01 2020
Summary	Recommended update for rpmlint
Type	recommended
Severity	moderate
References	1176676,1177684

Description:

This update for rpmlint fixes the following issues:

Backported systemd portable1 D-Bus whitelisting (bsc#1176676).
Backporsted pam_pwquality whitelisting for PackageHub (bsc#1177684).

Advisory ID	SUSE-RU-2020:3323-1
Released	Fri Nov 13 15:25:55 2020
Summary	Recommended update for cloud-init
Type	recommended
Severity	moderate
References	1174443,1174444,1177526

Description:

This update for cloud-init contains the following fixes:

Avoid exception if no gateway information is present and warning is triggered for existing routing. (bsc#1177526)

Update to version 20.2 (bsc#1174443, bsc#1174444)
+ doc/format: reference make-mime.py instead of an inline script (#334) + Add docs about creating parent folders (#330) [Adrian Wilkins] + DataSourceNoCloud/OVF: drop claim to support FTP (#333) (LP: #1875470) + schema: ignore spurious pylint error (#332) + schema: add json schema for write_files module (#152) + BSD: find_devs_with_ refactoring (#298) [Gonéri Le Bouder] + nocloud: drop work around for Linux 2.6 (#324) [Gonéri Le Bouder] + cloudinit: drop dependencies on unittest2 and contextlib2 (#322) + distros: handle a potential mirror filtering error case (#328) + log: remove unnecessary import fallback logic (#327) + .travis.yml: don't run integration test on ubuntu/* branches (#321) + More unit test documentation (#314) + conftest: introduce disable_subp_usage autouse fixture (#304) + YAML align indent sizes for docs readability (#323) [Tak Nishigori] + network_state: add missing space to log message (#325) + tests: add missing mocks for get_interfaces_by_mac (#326) (LP: #1873910) + test_mounts: expand happy path test for both happy paths (#319) + cc_mounts: fix incorrect format specifiers (#316) (LP: #1872836) + swap file 'size' being used before checked if str (#315) [Eduardo Otubo] + HACKING.rst: add pytest version gotchas section (#311) + docs: Add steps to re-run cloud-id and cloud-init (#313) [Joshua Powers] + readme: OpenBSD is now supported (#309) [Gonéri Le Bouder] + net: ignore 'renderer' key in netplan config (#306) (LP: #1870421) + Add support for NFS/EFS mounts (#300) [Andrew Beresford] (LP: #1870370) + openbsd: set_passwd should not unlock user (#289) [Gonéri Le Bouder] + tools/.github-cla-signers: add beezly as CLA signer (#301) + util: remove unnecessary lru_cache import fallback (#299) + HACKING.rst: reorganise/update CLA signature info (#297) + distros: drop leading/trailing hyphens from mirror URL labels (#296) + HACKING.rst: add note about variable annotations (#295) + CiTestCase: stop using and remove sys_exit helper (#283) + distros: replace invalid characters in mirror URLs with hyphens (#291) (LP: #1868232) + rbxcloud: gracefully handle arping errors (#262) [Adam Dobrawy] + Fix cloud-init ignoring some misdeclared mimetypes in user-data. [Kurt Garloff] + net: ubuntu focal prioritize netplan over eni even if both present (#267) (LP: #1867029) + cloudinit: refactor util.is_ipv4 to net.is_ipv4_address (#292) + net/cmdline: replace type comments with annotations (#294) + HACKING.rst: add Type Annotations design section (#293) + net: introduce is_ip_address function (#288) + CiTestCase: remove now-unneeded parse_and_read helper method (#286) + .travis.yml: allow 30 minutes of inactivity in cloud tests (#287) + sources/tests/test_init: drop use of deprecated inspect.getargspec (#285) + setup.py: drop NIH check_output implementation (#282) + Identify SAP Converged Cloud as OpenStack [Silvio Knizek] + add Openbsd support (#147) [Gonéri Le Bouder] + HACKING.rst: add examples of the two test class types (#278) + VMWware: support to update guest info gc status if enabled (#261) [xiaofengw-vmware] + Add lp-to-git mapping for kgarloff (#279) + set_passwords: avoid chpasswd on BSD (#268) [Gonéri Le Bouder] + HACKING.rst: add Unit Testing design section (#277) + util: read_cc_from_cmdline handle urlencoded yaml content (#275) + distros/tests/test_init: add tests for _get_package_mirror_info (#272) + HACKING.rst: add links to new Code Review Process doc (#276) + freebsd: ensure package update works (#273) [Gonéri Le Bouder] + doc: introduce Code Review Process documentation (#160) + tools: use python3 (#274) + cc_disk_setup: fix RuntimeError (#270) (LP: #1868327) + cc_apt_configure/util: combine search_for_mirror implementations (#271) + bsd: boottime does not depend on the libc soname (#269) [Gonéri Le Bouder] + test_oracle,DataSourceOracle: sort imports (#266) + DataSourceOracle: update .network_config docstring (#257) + cloudinit/tests: remove unneeded with_logs configuration (#263) + .travis.yml: drop stale comment (#255) + .gitignore: add more common directories (#258) + ec2: render network on all NICs and add secondary IPs as static (#114) (LP: #1866930) + ec2 json validation: fix the reference to the 'merged_cfg' key (#256) [Paride Legovini] + releases.yaml: quote the Ubuntu version numbers (#254) [Paride Legovini] + cloudinit: remove six from packaging/tooling (#253) + util/netbsd: drop six usage (#252) + workflows: introduce stale pull request workflow (#125) + cc_resolv_conf: introduce tests and stabilise output across Python versions (#251) + fix minor issue with resolv_conf template (#144) [andreaf74] + doc: CloudInit also support NetBSD (#250) [Gonéri Le Bouder] + Add Netbsd support (#62) [Gonéri Le Bouder] + tox.ini: avoid substition syntax that causes a traceback on xenial (#245) + Add pub_key_ed25519 to cc_phone_home (#237) [Daniel Hensby] + Introduce and use of a list of GitHub usernames that have signed CLA (#244) + workflows/cla.yml: use correct username for CLA check (#243) + tox.ini: use xenial version of jsonpatch in CI (#242) + workflows: CLA validation altered to fail status on pull_request (#164) + tox.ini: bump pyflakes version to 2.1.1 (#239) + cloudinit: move to pytest for running tests (#211) + instance-data: add cloud-init merged_cfg and sys_info keys to json (#214) (LP: #1865969) + ec2: Do not fallback to IMDSv1 on EC2 (#216) + instance-data: write redacted cfg to instance-data.json (#233) (LP: #1865947) + net: support network-config:disabled on the kernel commandline (#232) (LP: #1862702) + ec2: only redact token request headers in logs, avoid altering request (#230) (LP: #1865882) + docs: typo fixed: dta → data [Alexey Vazhnov] + Fixes typo on Amazon Web Services (#217) [Nick Wales] + Fix docs for OpenStack DMI Asset Tag (#228) [Mark T. Voelker] (LP: #1669875) + Add physical network type: cascading to openstack helpers (#200) [sab-systems] + tests: add focal integration tests for ubuntu (#225)

From 20.1 (first vesrion after 19.4) + ec2: Do not log IMDSv2 token values, instead use REDACTED (#219) (LP: #1863943) + utils: use SystemRandom when generating random password. (#204) [Dimitri John Ledkov] + docs: mount_default_files is a list of 6 items, not 7 (#212) + azurecloud: fix issues with instances not starting (#205) (LP: #1861921) + unittest: fix stderr leak in cc_set_password random unittest output. (#208) + cc_disk_setup: add swap filesystem force flag (#207) + import sysvinit patches from freebsd-ports tree (#161) [Igor Galić] + docs: fix typo (#195) [Edwin Kofler] + sysconfig: distro-specific config rendering for BOOTPROTO option (#162) [Robert Schweikert] (LP: #1800854) + cloudinit: replace 'from six import X' imports (except in util.py) (#183) + run-container: use 'test -n' instead of 'test ! -z' (#202) [Paride Legovini] + net/cmdline: correctly handle static ip= config (#201) [Dimitri John Ledkov] (LP: #1861412) + Replace mock library with unittest.mock (#186) + HACKING.rst: update CLA link (#199) + Scaleway: Fix DatasourceScaleway to avoid backtrace (#128) [Louis Bouchard] + cloudinit/cmd/devel/net_convert.py: add missing space (#191) + tools/run-container: drop support for python2 (#192) [Paride Legovini] + Print ssh key fingerprints using sha256 hash (#188) (LP: #1860789) + Make the RPM build use Python 3 (#190) [Paride Legovini] + cc_set_password: increase random pwlength from 9 to 20 (#189) (LP: #1860795) + .travis.yml: use correct Python version for xenial tests (#185) + cloudinit: remove ImportError handling for mock imports (#182) + Do not use fallocate in swap file creation on xfs. (#70) [Eduardo Otubo] (LP: #1781781) + .readthedocs.yaml: install cloud-init when building docs (#181) (LP: #1860450) + Introduce an RTD config file, and pin the Sphinx version to the RTD default (#180) + Drop most of the remaining use of six (#179) + Start removing dependency on six (#178) + Add Rootbox & HyperOne to list of cloud in README (#176) [Adam Dobrawy] + docs: add proposed SRU testing procedure (#167) + util: rename get_architecture to get_dpkg_architecture (#173) + Ensure util.get_architecture() runs only once (#172) + Only use gpart if it is the BSD gpart (#131) [Conrad Hoffmann] + freebsd: remove superflu exception mapping (#166) [Gonéri Le Bouder] + ssh_auth_key_fingerprints_disable test: fix capitalization (#165) [Paride Legovini] + util: move uptime's else branch into its own boottime function (#53) [Igor Galić] (LP: #1853160) + workflows: add contributor license agreement checker (#155) + net: fix rendering of 'static6' in network config (#77) (LP: #1850988) + Make tests work with Python 3.8 (#139) [Conrad Hoffmann] + fixed minor bug with mkswap in cc_disk_setup.py (#143) [andreaf74] + freebsd: fix create_group() cmd (#146) [Gonéri Le Bouder] + doc: make apt_update example consistent (#154) + doc: add modules page toc with links (#153) (LP: #1852456) + Add support for the amazon variant in cloud.cfg.tmpl (#119) [Frederick Lefebvre] + ci: remove Python 2.7 from CI runs (#137) + modules: drop cc_snap_config config module (#134) + migrate-lp-user-to-github: ensure Launchpad repo exists (#136) + docs: add initial troubleshooting to FAQ (#104) [Joshua Powers] + doc: update cc_set_hostname frequency and descrip (#109) [Joshua Powers] (LP: #1827021) + freebsd: introduce the freebsd renderer (#61) [Gonéri Le Bouder] + cc_snappy: remove deprecated module (#127) + HACKING.rst: clarify that everyone needs to do the LP->GH dance (#130) + freebsd: cloudinit service requires devd (#132) [Gonéri Le Bouder] + cloud-init: fix capitalisation of SSH (#126) + doc: update cc_ssh clarify host and auth keys [Joshua Powers] (LP: #1827021) + ci: emit names of tests run in Travis (#120)

Advisory ID	SUSE-RU-2020:3327-1
Released	Sat Nov 14 07:22:33 2020
Summary	Recommended update for sap-suse-cluster-connector
Type	recommended
Severity	moderate
References	1136933,1166647,1177507

Description:

This update for sap-suse-cluster-connector fixes the following issues:

Add new cluster action names according to the documentation that leads out the old action names. (bsc#1166647)
Support the output format of different versions of the command '/usr/sbin/crm_simulate'. (bsc#1177507)
Remove unused and outdated /etc/sap_suse_cluster_connector file. (bsc#1136933)

Advisory ID	SUSE-RU-2020:3338-1
Released	Mon Nov 16 13:11:28 2020
Summary	Recommended update for prometheus-hanadb_exporter
Type	recommended
Severity	moderate
References	1178339

Description:

This update for prometheus-hanadb_exporter fixes the following issues:

Fix using systemd macros in spec file. (bsc#1178339)

Advisory ID	SUSE-SU-2020:3352-1
Released	Tue Nov 17 09:31:48 2020
Summary	Security update for raptor
Type	security
Severity	important
References	1178593,CVE-2017-18926

Description:

This update for raptor fixes the following issues:

Fixed a heap overflow vulnerability (bsc#1178593, CVE-2017-18926).

Advisory ID	SUSE-SU-2020:3359-1
Released	Tue Nov 17 13:18:30 2020
Summary	Security update for java-11-openjdk
Type	security
Severity	moderate
References	1177943,CVE-2020-14779,CVE-2020-14781,CVE-2020-14782,CVE-2020-14792,CVE-2020-14796,CVE-2020-14797,CVE-2020-14798,CVE-2020-14803

Description:

This update for java-11-openjdk fixes the following issues:

Update to upstream tag jdk-11.0.9-11 (October 2020 CPU, bsc#1177943) * New features + JDK-8250784: Shenandoah: A Low-Pause-Time Garbage Collector * Security fixes + JDK-8233624: Enhance JNI linkage + JDK-8236196: Improve string pooling + JDK-8236862, CVE-2020-14779: Enhance support of Proxy class + JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts + JDK-8237995, CVE-2020-14782: Enhance certificate processing + JDK-8240124: Better VM Interning + JDK-8241114, CVE-2020-14792: Better range handling + JDK-8242680, CVE-2020-14796: Improved URI Support + JDK-8242685, CVE-2020-14797: Better Path Validation + JDK-8242695, CVE-2020-14798: Enhanced buffer support + JDK-8243302: Advanced class supports + JDK-8244136, CVE-2020-14803: Improved Buffer supports + JDK-8244479: Further constrain certificates + JDK-8244955: Additional Fix for JDK-8240124 + JDK-8245407: Enhance zoning of times + JDK-8245412: Better class definitions + JDK-8245417: Improve certificate chain handling + JDK-8248574: Improve jpeg processing + JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit + JDK-8253019: Enhanced JPEG decoding * Other changes + JDK-6532025: GIF reader throws misleading exception with truncated images + JDK-6949753: [TEST BUG]: java/awt/print/PageFormat/ /PDialogTest.java needs update by removing an infinite loop + JDK-8022535: [TEST BUG] javax/swing/text/html/parser/ /Test8017492.java fails + JDK-8062947: Fix exception message to correctly represent LDAP connection failure + JDK-8067354: com/sun/jdi/GetLocalVariables4Test.sh failed + JDK-8134599: TEST_BUG: java/rmi/transport/closeServerSocket/ /CloseServerSocket.java fails intermittently with Address already in use + JDK-8151678: com/sun/jndi/ldap/LdapTimeoutTest.java failed due to timeout on DeadServerNoTimeoutTest is incorrect + JDK-8160768: Add capability to custom resolve host/domain names within the default JNDI LDAP provider + JDK-8172404: Tools should warn if weak algorithms are used before restricting them + JDK-8193367: Annotated type variable bounds crash javac + JDK-8202117: com/sun/jndi/ldap/RemoveNamingListenerTest.java fails intermittently: Connection reset + JDK-8203026: java.rmi.NoSuchObjectException: no such object in table + JDK-8203281: [Windows] JComboBox change in ui when editor.setBorder() is called + JDK-8203382: Rename SystemDictionary::initialize_wk_klass to resolve_wk_klass + JDK-8203393: com/sun/jdi/JdbMethodExitTest.sh and JdbExprTest.sh fail due to timeout + JDK-8203928: [Test] Convert non-JDB scaffolding serviceability shell script tests to java + JDK-8204963: javax.swing.border.TitledBorder has a memory leak + JDK-8204994: SA might fail to attach to process with 'Windbg Error: WaitForEvent failed' + JDK-8205534: Remove SymbolTable dependency from serviceability agent + JDK-8206309: Tier1 SA tests fail + JDK-8208281: java/nio/channels/ /AsynchronousSocketChannel/Basic.java timed out + JDK-8209109: [TEST] rewrite com/sun/jdi shell tests to java version - step1 + JDK-8209332: [TEST] test/jdk/com/sun/jdi/CatchPatternTest.sh is incorrect + JDK-8209342: Problemlist SA tests on Solaris due to Error attaching to process: Can't create thread_db agent! + JDK-8209343: Test javax/swing/border/TestTitledBorderLeak.java should be marked as headful + JDK-8209517: com/sun/jdi/BreakpointWithFullGC.java fails with timeout + JDK-8209604: [TEST] rewrite com/sun/jdi shell tests to java version - step2 + JDK-8209605: com/sun/jdi/BreakpointWithFullGC.java fails with ZGC + JDK-8209608: Problem list com/sun/jdi/BreakpointWithFullGC.java + JDK-8210131: vmTestbase/nsk/jvmti/scenarios/allocation/AP10/ /ap10t001/TestDescription.java failed with ObjectFree: GetCurrentThreadCpuTimerInfo returned unexpected error code + JDK-8210243: [TEST] rewrite com/sun/jdi shell tests to java version - step3 + JDK-8210527: JShell: NullPointerException in jdk.jshell.Eval.translateExceptionStack + JDK-8210560: [TEST] convert com/sun/jdi redefineClass-related tests + JDK-8210725: com/sun/jdi/RedefineClearBreakpoint.java fails with waitForPrompt timed out after 60 seconds + JDK-8210748: [TESTBUG] lib.jdb.Jdb.waitForPrompt() should clarify which output is the pending reply after a timeout + JDK-8210760: [TEST] rewrite com/sun/jdi shell tests to java version - step4 + JDK-8210977: jdk/jfr/event/oldobject/TestThreadLocalLeak.java fails to find ThreadLocalObject + JDK-8211292: [TEST] convert com/sun/jdi/DeferredStepTest.sh test + JDK-8211694: JShell: Redeclared variable should be reset + JDK-8212200: assert when shared java.lang.Object is redefined by JVMTI agent + JDK-8212629: [TEST] wrong breakpoint in test/jdk/com/sun/jdi/DeferredStepTest + JDK-8212665: com/sun/jdi/DeferredStepTest.java: jj1 (line 57) - unexpected. lastLine=52, minLine=52, maxLine=55 + JDK-8212807: tools/jar/multiRelease/Basic.java times out + JDK-8213182: Minimal VM build failure after JDK-8212200 (assert when shared java.lang.Object is redefined by JVMTI agent) + JDK-8213214: Set -Djava.io.tmpdir= when running tests + JDK-8213275: ReplaceCriticalClasses.java fails with jdk.internal.vm.PostVMInitHook not found + JDK-8213574: Deadlock in string table expansion when dumping lots of CDS classes + JDK-8213703: LambdaConversionException: Invalid receiver type not a subtype of implementation type interface + JDK-8214074: Ghash optimization using AVX instructions + JDK-8214491: Upgrade to JLine 3.9.0 + JDK-8214797: TestJmapCoreMetaspace.java timed out + JDK-8215243: JShell tests failing intermitently with 'Problem cleaning up the following threads:' + JDK-8215244: jdk/jshell/ToolBasicTest.java testHistoryReference failed + JDK-8215354: x86_32 build failures after JDK-8214074 (Ghash optimization using AVX instructions) + JDK-8215438: jshell tool: Ctrl-D causes EOF + JDK-8216021: RunTest.gmk might set concurrency level to 1 on Windows + JDK-8216974: HttpConnection not returned to the pool after 204 response + JDK-8218948: SimpleDateFormat :: format - Zone Names are not reflected correctly during run time + JDK-8219712: code_size2 (defined in stub_routines_x86.hpp) is too small on new Skylake CPUs + JDK-8220150: macos10.14 Mojave returns anti-aliased glyphs instead of aliased B&W glyphs + JDK-8221658: aarch64: add necessary predicate for ubfx patterns + JDK-8221759: Crash when completing 'java.io.File.path' + JDK-8221918: runtime/SharedArchiveFile/serviceability/ /ReplaceCriticalClasses.java fails: Shared archive not found + JDK-8222074: Enhance auto vectorization for x86 + JDK-8222079: Don't use memset to initialize fields decode_env constructor in disassembler.cpp + JDK-8222769: [TESTBUG] TestJFRNetworkEvents should not rely on hostname command + JDK-8223688: JShell: crash on the instantiation of raw anonymous class + JDK-8223777: In posix_spawn mode, failing to exec() jspawnhelper does not result in an error + JDK-8223940: Private key not supported by chosen signature algorithm + JDK-8224184: jshell got IOException at exiting with AIX + JDK-8224234: compiler/codegen/TestCharVect2.java fails in test_mulc + JDK-8225037: java.net.JarURLConnection::getJarEntry() throws NullPointerException + JDK-8225625: AES Electronic Codebook (ECB) encryption and decryption optimization using AVX512 + VAES instructions + JDK-8226536: Catch OOM from deopt that fails rematerializing objects + JDK-8226575: OperatingSystemMXBean should be made container aware + JDK-8226697: Several tests which need the @key headful keyword are missing it. + JDK-8226809: Circular reference in printed stack trace is not correctly indented & ambiguous + JDK-8227059: sun/security/tools/keytool/ /DefaultSignatureAlgorithm.java timed out + JDK-8227269: Slow class loading when running with JDWP + JDK-8227595: keytool/fakegen/DefaultSignatureAlgorithm.java fails due to 'exitValue = 6' + JDK-8228448: Jconsole can't connect to itself + JDK-8228967: Trust/Key store and SSL context utilities for tests + JDK-8229378: jdwp library loader in linker_md.c quietly truncates on buffer overflow + JDK-8229815: Upgrade Jline to 3.12.1 + JDK-8230000: some httpclients testng tests run zero test + JDK-8230002: javax/xml/jaxp/unittest/transform/ /SecureProcessingTest.java runs zero test + JDK-8230010: Remove jdk8037819/BasicTest1.java + JDK-8230094: CCE in createXMLEventWriter(Result) over an arbitrary XMLStreamWriter + JDK-8230402: Allocation of compile task fails with assert: 'Leaking compilation tasks?' + JDK-8230767: FlightRecorderListener returns null recording + JDK-8230870: (zipfs) Add a ZIP FS test that is similar to test/jdk/java/util/zip/EntryCount64k.java + JDK-8231209: [REDO] ThreadMXBean::getThreadAllocatedBytes() can be quicker for self thread + JDK-8231586: enlarge encoding space for OopMapValue offsets + JDK-8231953: Wrong assumption in assertion in oop::register_oop + JDK-8231968: getCurrentThreadAllocatedBytes default implementation s/b getThreadAllocatedBytes + JDK-8232083: Minimal VM is broken after JDK-8231586 + JDK-8232161: Align some one-way conversion in MS950 charset with Windows + JDK-8232855: jshell missing word in /help help + JDK-8233027: OopMapSet::all_do does oms.next() twice during iteration + JDK-8233228: Disable weak named curves by default in TLS, CertPath, and Signed JAR + JDK-8233386: Initialize NULL fields for unused decorations + JDK-8233452: java.math.BigDecimal.sqrt() with RoundingMode.FLOOR results in incorrect result + JDK-8233686: XML transformer uses excessive amount of memory + JDK-8233741: AES Countermode (AES-CTR) optimization using AVX512 + VAES instructions + JDK-8233829: javac cannot find non-ASCII module name under non-UTF8 environment + JDK-8233958: Memory retention due to HttpsURLConnection finalizer that serves no purpose + JDK-8234011: (zipfs) Memory leak in ZipFileSystem.releaseDeflater() + JDK-8234058: runtime/CompressedOops/ /CompressedClassPointers.java fails with 'Narrow klass base: 0x0000000000000000' missing from stdout/stderr + JDK-8234149: Several regression tests do not dispose Frame at end + JDK-8234347: 'Turkey' meta time zone does not generate composed localized names + JDK-8234385: [TESTBUG] java/awt/EventQueue/6980209/ /bug6980209.java fails in linux nightly + JDK-8234535: Cross compilation fails due to missing CFLAGS for the BUILD_CC + JDK-8234541: C1 emits an empty message when it inlines successfully + JDK-8234687: change javap reporting on unknown attributes + JDK-8236464: SO_LINGER option is ignored by SSLSocket in JDK 11 + JDK-8236548: Localized time zone name inconsistency between English and other locales + JDK-8236617: jtreg test containers/docker/ /TestMemoryAwareness.java fails after 8226575 + JDK-8237182: Update copyright header for shenandoah and epsilon files + JDK-8237888: security/infra/java/security/cert/ /CertPathValidator/certification/LuxTrustCA.java fails when checking validity interval + JDK-8237977: Further update javax/net/ssl/compatibility/Compatibility.java + JDK-8238270: java.net HTTP/2 client does not decrease stream count when receives 204 response + JDK-8238284: [macos] Zero VM build fails due to an obvious typo + JDK-8238380: java.base/unix/native/libjava/childproc.c 'multiple definition' link errors with GCC10 + JDK-8238386: (sctp) jdk.sctp/unix/native/libsctp/SctpNet.c 'multiple definition' link errors with GCC10 + JDK-8238388: libj2gss/NativeFunc.o 'multiple definition' link errors with GCC10 + JDK-8238448: RSASSA-PSS signature verification fail when using certain odd key sizes + JDK-8238710: LingeredApp doesn't log stdout/stderr if exits with non-zero code + JDK-8239083: C1 assert(known_holder == NULL || (known_holder->is_instance_klass() && (!known_holder->is_interface() || ((ciInstanceKlass*)known_holder)->has_nonstatic_concrete_methods())), 'should be non-static concrete method'); + JDK-8239385: KerberosTicket client name refers wrongly to sAMAccountName in AD + JDK-8240169: javadoc fails to link to non-modular api docs + JDK-8240295: hs_err elapsed time in seconds is not accurate enough + JDK-8240360: NativeLibraryEvent has wrong library name on Linux + JDK-8240676: Meet not symmetric failure when running lucene on jdk8 + JDK-8241007: Shenandoah: remove ShenandoahCriticalControlThreadPriority support + JDK-8241065: Shenandoah: remove leftover code after JDK-8231086 + JDK-8241086: Test runtime/NMT/HugeArenaTracking.java is failing on 32bit Windows + JDK-8241130: com.sun.jndi.ldap.EventSupport.removeDeadNotifier: java.lang.NullPointerException + JDK-8241138: http.nonProxyHosts=* causes StringIndexOutOfBoundsException in DefaultProxySelector + JDK-8241319: WB_GetCodeBlob doesn't have ResourceMark + JDK-8241478: vmTestbase/gc/gctests/Steal/steal001/steal001.java fails with OOME + JDK-8241574: Shenandoah: remove ShenandoahAssertToSpaceClosure + JDK-8241750: x86_32 build failure after JDK-8227269 + JDK-8242184: CRL generation error with RSASSA-PSS + JDK-8242283: Can't start JVM when java home path includes non-ASCII character + JDK-8242556: Cannot load RSASSA-PSS public key with non-null params from byte array + JDK-8243029: Rewrite javax/net/ssl/compatibility/ /Compatibility.java with a flexible interop test framework + JDK-8243138: Enhance BaseLdapServer to support starttls extended request + JDK-8243320: Add SSL root certificates to Oracle Root CA program + JDK-8243321: Add Entrust root CA - G4 to Oracle Root CA program + JDK-8243389: enhance os::pd_print_cpu_info on linux + JDK-8243453: java --describe-module failed with non-ASCII module name under non-UTF8 environment + JDK-8243470: [macos] bring back O2 opt level for unsafe.cpp + JDK-8243489: Thread CPU Load event may contain wrong data for CPU time under certain conditions + JDK-8243925: Toolkit#getScreenInsets() returns wrong value on HiDPI screens (Windows) + JDK-8244087: 2020-04-24 public suffix list update + JDK-8244151: Update MUSCLE PC/SC-Lite headers to the latest release 1.8.26 + JDK-8244164: AArch64: jaotc generates incorrect code for compressed OOPs with non-zero heap base + JDK-8244196: adjust output in os_linux + JDK-8244225: stringop-overflow warning on strncpy call from compile_the_world_in + JDK-8244287: JFR: Methods samples have line number 0 + JDK-8244703: 'platform encoding not initialized' exceptions with debugger, JNI + JDK-8244719: CTW: C2 compilation fails with 'assert(!VerifyHashTableKeys || _hash_lock == 0) failed: remove node from hash table before modifying it' + JDK-8244729: Shenandoah: remove resolve paths from SBSA::generate_shenandoah_lrb + JDK-8244763: Update --release 8 symbol information after JSR 337 MR3 + JDK-8244818: Java2D Queue Flusher crash while moving application window to external monitor + JDK-8245151: jarsigner should not raise duplicate warnings on verification + JDK-8245616: Bump update version for OpenJDK: jdk-11.0.9 + JDK-8245714: 'Bad graph detected in build_loop_late' when loads are pinned on loop limit check uncommon branch + JDK-8245801: StressRecompilation triggers assert 'redundunt OSR recompilation detected. memory leak in CodeCache!' + JDK-8245832: JDK build make-static-libs should build all JDK libraries + JDK-8245880: Shenandoah: check class unloading flag early in concurrent code root scan + JDK-8245981: Upgrade to jQuery 3.5.1 + JDK-8246027: Minimal fastdebug build broken after JDK-8245801 + JDK-8246094: [macos] Sound Recording and playback is not working + JDK-8246153: TestEliminateArrayCopy fails with -XX:+StressReflectiveCode + JDK-8246193: Possible NPE in ENC-PA-REP search in AS-REQ + JDK-8246196: javax/management/MBeanServer/OldMBeanServerTest fails with AssertionError + JDK-8246203: Segmentation fault in verification due to stack overflow with -XX:+VerifyIterativeGVN + JDK-8246330: Add TLS Tests for Legacy ECDSA curves + JDK-8246453: TestClone crashes with 'all collected exceptions must come from the same place' + JDK-8247246: Add explicit ResolvedJavaType.link and expose presence of default methods + JDK-8247350: [aarch64] assert(false) failed: wrong size of mach node + JDK-8247502: PhaseStringOpts crashes while optimising effectively dead code + JDK-8247615: Initialize the bytes left for the heap sampler + JDK-8247824: CTW: C2 (Shenandoah) compilation fails with SEGV in SBC2Support::pin_and_expand + JDK-8247874: Replacement in VersionProps.java.template not working when --with-vendor-bug-url contains '&' + JDK-8247979: aarch64: missing side effect of killing flags for clearArray_reg_reg + JDK-8248214: Add paddings for TaskQueueSuper to reduce false-sharing cache contention + JDK-8248219: aarch64: missing memory barrier in fast_storefield and fast_accessfield + JDK-8248348: Regression caused by the update to BCEL 6.0 + JDK-8248385: [testbug][11u] Adapt TestInitiExceptions to jtreg 5.1 + JDK-8248495: [macos] zerovm is broken due to libffi headers location + JDK-8248851: CMS: Missing memory fences between free chunk check and klass read + JDK-8248987: AOT's Linker.java seems to eagerly fail-fast on Windows + JDK-8249159: Downport test rework for SSLSocketTemplate from 8224650 + JDK-8249215: JFrame::setVisible crashed with -Dfile.encoding=UTF-8 on Japanese Windows. + JDK-8249251: [dark_mode ubuntu 20.04] The selected menu is not highlighted in GTKLookAndFeel + JDK-8249255: Build fails if source code in cygwin home dir + JDK-8249277: TestVerifyIterativeGVN.java is failing with timeout in OpenJDK 11 + JDK-8249278: Revert JDK-8226253 which breaks the spec of AccessibleState.SHOWING for JList + JDK-8249560: Shenandoah: Fix racy GC request handling + JDK-8249801: Shenandoah: Clear soft-refs on requested GC cycle + JDK-8249953: Shenandoah: gc/shenandoah/mxbeans tests should account for corner cases + JDK-8250582: Revert Principal Name type to NT-UNKNOWN when requesting TGS Kerberos tickets + JDK-8250609: C2 crash in IfNode::fold_compares + JDK-8250627: Use -XX:+/-UseContainerSupport for enabling/disabling Java container metrics + JDK-8250755: Better cleanup for jdk/test/javax/imageio/plugins/shared/CanWriteSequence.java + JDK-8250787: Provider.put no longer registering aliases in FIPS env + JDK-8250826: jhsdb does not work with coredump which comes from Substrate VM + JDK-8250827: Shenandoah: needs to reset/finish StringTable's dead count before/after parallel walk + JDK-8250844: Make sure {type,obj}ArrayOopDesc accessors check the bounds + JDK-8251117: Cannot check P11Key size in P11Cipher and P11AEADCipher + JDK-8251354: Shenandoah: Fix jdk/jfr/tool/TestPrintJSON.java test failure + JDK-8251451: Shenandoah: Remark ObjectSynchronizer roots with I-U + JDK-8251469: Better cleanup for test/jdk/javax/imageio/SetOutput.java + JDK-8251487: Shenandoah: missing detail timing tracking for final mark cleaning phase + JDK-8252120: compiler/oracle/TestCompileCommand.java misspells 'occured' + JDK-8252157: JDK-8231209 11u backport breaks jmm binary compatibility + JDK-8252258: [11u] JDK-8242154 changes the default vendor + JDK-8252804: [test] Fix 'ReleaseDeflater.java' test after downport of 8234011 + JDK-8253134: JMM_VERSION should remain at 0x20020000 (JDK 10) in JDK 11 + JDK-8253283: [11u] Test build/translations/ /VerifyTranslations.java failing after JDK-8252258 + JDK-8253813: Backout JDK-8244287 from 11u: it causes several crashes + Fix regression '8250861: Crash in MinINode::Ideal(PhaseGVN*, bool)' introduced in jdk 11.0.9

Advisory ID	SUSE-SU-2020:3373-1
Released	Thu Nov 19 09:27:44 2020
Summary	Security update for ucode-intel
Type	security
Severity	moderate
References	1170446,1173592,1173594,CVE-2020-8695,CVE-2020-8696,CVE-2020-8698

Description:

This update for ucode-intel fixes the following issues:

Updated Intel CPU Microcode to 20201110 official release. - CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) (bsc#1170446) - CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594) - CVE-2020-8696: Vector Register Sampling Active INTEL-SA-00381 (bsc#1173592)

Release notes: - Security updates for [INTEL-SA-00381](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html). - Security updates for [INTEL-SA-00389](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html). - Update for functional issues. Refer to [Second Generation Intel® Xeon® Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details. - Update for functional issues. Refer to [Intel® Xeon® Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/613537) for details. - Update for functional issues. Refer to [Intel® Xeon® Processor E5 v3 Product Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e5-v3-spec-update.html?wapkw=processor+spec+update+e5) for details. - Update for functional issues. Refer to [10th Gen Intel® Core™ Processor Families Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/10th-gen-core-families-specification-update.html) for details. - Update for functional issues. Refer to [8th and 9th Gen Intel® Core™ Processor Family Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/8th-gen-core-spec-update.html) for details. - Update for functional issues. Refer to [7th Gen and 8th Gen (U Quad-Core) Intel® Processor Families Specification Update](https://www.intel.com/content/www/us/en/processors/core/7th-gen-core-family-spec-update.html) for details. - Update for functional issues. Refer to [6th Gen Intel® Processor Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/332689) for details. - Update for functional issues. Refer to [Intel® Xeon® E3-1200 v6 Processor Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e3-1200v6-spec-update.html) for details. - Update for functional issues. Refer to [Intel® Xeon® E-2100 and E-2200 Processor Family Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-e-2100-specification-update.html) for details.

### New Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | CPX-SP | A1 | 06-55-0b/bf | | 0700001e | Xeon Scalable Gen3 | LKF | B2/B3 | 06-8a-01/10 | | 00000028 | Core w/Hybrid Technology | TGL | B1 | 06-8c-01/80 | | 00000068 | Core Gen11 Mobile | CML-H | R1 | 06-a5-02/20 | | 000000e0 | Core Gen10 Mobile | CML-S62 | G1 | 06-a5-03/22 | | 000000e0 | Core Gen10 | CML-S102 | Q0 | 06-a5-05/22 | | 000000e0 | Core Gen10 | CML-U62 V2 | K0 | 06-a6-01/80 | | 000000e0 | Core Gen10 Mobile ### Updated Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000043 | 00000044 | Core Gen4 X series; Xeon E5 v3 | SKL-U/Y | D0 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile | SKL-U23e | K1 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile | SKX-SP | B1 | 06-55-03/97 | 01000157 | 01000159 | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon Scalable | SKX-D | M1 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon D-21xx | CLX-SP | B0 | 06-55-06/bf | 04002f01 | 04003003 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05002f01 | 05003003 | Xeon Scalable Gen2 | APL | D0 | 06-5c-09/03 | 00000038 | 00000040 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx | APL | E0 | 06-5c-0a/03 | 00000016 | 0000001e | Atom x5-E39xx | SKL-H/S | R0/N0 | 06-5e-03/36 | 000000d6 | 000000e2 | Core Gen6; Xeon E3 v5 | GKL-R | R0 | 06-7a-08/01 | 00000016 | 00000018 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | ICL-U/Y | D1 | 06-7e-05/80 | 00000078 | 000000a0 | Core Gen10 Mobile | AML-Y22 | H0 | 06-8e-09/10 | 000000d6 | 000000de | Core Gen8 Mobile | KBL-U/Y | H0 | 06-8e-09/c0 | 000000d6 | 000000de | Core Gen7 Mobile | CFL-U43e | D0 | 06-8e-0a/c0 | 000000d6 | 000000e0 | Core Gen8 Mobile | WHL-U | W0 | 06-8e-0b/d0 | 000000d6 | 000000de | Core Gen8 Mobile | AML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile | CML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile | WHL-U | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen8 Mobile | KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000d6 | 000000de | Core Gen7; Xeon E3 v6 | CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000d6 | 000000de | Core Gen8 Desktop, Mobile, Xeon E | CFL-S | B0 | 06-9e-0b/02 | 000000d6 | 000000de | Core Gen8 | CFL-H/S | P0 | 06-9e-0c/22 | 000000d6 | 000000de | Core Gen9 | CFL-H | R0 | 06-9e-0d/22 | 000000d6 | 000000de | Core Gen9 Mobile | CML-U62 | A0 | 06-a6-00/80 | 000000ca | 000000e0 | Core Gen10 Mobile

Advisory ID	SUSE-SU-2020:3376-1
Released	Thu Nov 19 09:29:13 2020
Summary	Security update for wireshark
Type	security
Severity	moderate
References	1177406,1178291,CVE-2020-26575,CVE-2020-28030

Description:

This update for wireshark fixes the following issues:

wireshark was updated to 3.2.8: - CVE-2020-26575: Fixed an issue where FBZERO dissector was entering in infinite loop (bsc#1177406) - CVE-2020-28030: Fixed an issue where GQUIC dissector was crashing (bsc#1178291) * Infinite memory allocation while parsing this tcp packet

Advisory ID	SUSE-SU-2020:3380-1
Released	Thu Nov 19 09:31:15 2020
Summary	Security update for wpa_supplicant
Type	security
Severity	moderate
References	1131644,1131868,1131870,1131871,1131872,1131874,1133640,1144443,1150934,1156920,1166933,1167331,930077,930078,930079,CVE-2015-4141,CVE-2015-4142,CVE-2015-4143,CVE-2015-8041,CVE-2017-13077,CVE-2017-13078,CVE-2017-13079,CVE-2017-13080,CVE-2017-13081,CVE-2017-13082,CVE-2017-13086,CVE-2017-13087,CVE-2017-13088,CVE-2018-14526,CVE-2019-11555,CVE-2019-13377,CVE-2019-16275,CVE-2019-9494,CVE-2019-9495,CVE-2019-9497,CVE-2019-9498,CVE-2019-9499

Description:

This update for wpa_supplicant fixes the following issues:
Security issue fixed:

CVE-2019-16275: Fixed an AP mode PMF disconnection protection bypass (bsc#1150934).

Non-security issues fixed:

Enable SAE support (jsc#SLE-14992).
Limit P2P_DEVICE name to appropriate ifname size.
Fix wicked wlan (bsc#1156920)
Restore fi.epitest.hostap.WPASupplicant.service (bsc#1167331)
With v2.9 fi.epitest.hostap.WPASupplicant.service is obsolete (bsc#1167331)
Fix WLAN config on boot with wicked. (bsc#1166933)
Update to 2.9 release: * SAE changes - disable use of groups using Brainpool curves - improved protection against side channel attacks [https://w1.fi/security/2019-6/] * EAP-pwd changes - disable use of groups using Brainpool curves - allow the set of groups to be configured (eap_pwd_groups) - improved protection against side channel attacks [https://w1.fi/security/2019-6/] * fixed FT-EAP initial mobility domain association using PMKSA caching (disabled by default for backwards compatibility; can be enabled with ft_eap_pmksa_caching=1) * fixed a regression in OpenSSL 1.1+ engine loading * added validation of RSNE in (Re)Association Response frames * fixed DPP bootstrapping URI parser of channel list * extended EAP-SIM/AKA fast re-authentication to allow use with FILS * extended ca_cert_blob to support PEM format * improved robustness of P2P Action frame scheduling * added support for EAP-SIM/AKA using anonymous@realm identity * fixed Hotspot 2.0 credential selection based on roaming consortium to ignore credentials without a specific EAP method * added experimental support for EAP-TEAP peer (RFC 7170) * added experimental support for EAP-TLS peer with TLS v1.3 * fixed a regression in WMM parameter configuration for a TDLS peer * fixed a regression in operation with drivers that offload 802.1X 4-way handshake * fixed an ECDH operation corner case with OpenSSL * SAE changes - added support for SAE Password Identifier - changed default configuration to enable only groups 19, 20, 21 (i.e., disable groups 25 and 26) and disable all unsuitable groups completely based on REVmd changes - do not regenerate PWE unnecessarily when the AP uses the anti-clogging token mechanisms - fixed some association cases where both SAE and FT-SAE were enabled on both the station and the selected AP - started to prefer FT-SAE over SAE AKM if both are enabled - started to prefer FT-SAE over FT-PSK if both are enabled - fixed FT-SAE when SAE PMKSA caching is used - reject use of unsuitable groups based on new implementation guidance in REVmd (allow only FFC groups with prime >= 3072 bits and ECC groups with prime >= 256) - minimize timing and memory use differences in PWE derivation [https://w1.fi/security/2019-1/] (CVE-2019-9494, bsc#1131868) * EAP-pwd changes - minimize timing and memory use differences in PWE derivation [https://w1.fi/security/2019-2/] (CVE-2019-9495, bsc#1131870) - verify server scalar/element [https://w1.fi/security/2019-4/] (CVE-2019-9497, CVE-2019-9498, CVE-2019-9499, bsc#1131874, bsc#1131872, bsc#1131871, bsc#1131644) - fix message reassembly issue with unexpected fragment [https://w1.fi/security/2019-5/] (CVE-2019-11555, bsc#1133640) - enforce rand,mask generation rules more strictly - fix a memory leak in PWE derivation - disallow ECC groups with a prime under 256 bits (groups 25, 26, and 27) - SAE/EAP-pwd side-channel attack update [https://w1.fi/security/2019-6/] (CVE-2019-13377, bsc#1144443) * fixed CONFIG_IEEE80211R=y (FT) build without CONFIG_FILS=y * Hotspot 2.0 changes - do not indicate release number that is higher than the one AP supports - added support for release number 3 - enable PMF automatically for network profiles created from credentials * fixed OWE network profile saving * fixed DPP network profile saving * added support for RSN operating channel validation (CONFIG_OCV=y and network profile parameter ocv=1) * added Multi-AP backhaul STA support * fixed build with LibreSSL * number of MKA/MACsec fixes and extensions * extended domain_match and domain_suffix_match to allow list of values * fixed dNSName matching in domain_match and domain_suffix_match when using wolfSSL * started to prefer FT-EAP-SHA384 over WPA-EAP-SUITE-B-192 AKM if both are enabled * extended nl80211 Connect and external authentication to support SAE, FT-SAE, FT-EAP-SHA384 * fixed KEK2 derivation for FILS+FT * extended client_cert file to allow loading of a chain of PEM encoded certificates * extended beacon reporting functionality * extended D-Bus interface with number of new properties * fixed a regression in FT-over-DS with mac80211-based drivers * OpenSSL: allow systemwide policies to be overridden * extended driver flags indication for separate 802.1X and PSK 4-way handshake offload capability * added support for random P2P Device/Interface Address use * extended PEAP to derive EMSK to enable use with ERP/FILS * extended WPS to allow SAE configuration to be added automatically for PSK (wps_cred_add_sae=1) * removed support for the old D-Bus interface (CONFIG_CTRL_IFACE_DBUS) * extended domain_match and domain_suffix_match to allow list of values * added a RSN workaround for misbehaving PMF APs that advertise IGTK/BIP KeyID using incorrect byte order * fixed PTK rekeying with FILS and FT * fixed WPA packet number reuse with replayed messages and key reinstallation [https://w1.fi/security/2017-1/] (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088) * fixed unauthenticated EAPOL-Key decryption in wpa_supplicant [https://w1.fi/security/2018-1/] (CVE-2018-14526) * added support for FILS (IEEE 802.11ai) shared key authentication * added support for OWE (Opportunistic Wireless Encryption, RFC 8110; and transition mode defined by WFA) * added support for DPP (Wi-Fi Device Provisioning Protocol) * added support for RSA 3k key case with Suite B 192-bit level * fixed Suite B PMKSA caching not to update PMKID during each 4-way handshake * fixed EAP-pwd pre-processing with PasswordHashHash * added EAP-pwd client support for salted passwords * fixed a regression in TDLS prohibited bit validation * started to use estimated throughput to avoid undesired signal strength based roaming decision * MACsec/MKA: - new macsec_linux driver interface support for the Linux kernel macsec module - number of fixes and extensions * added support for external persistent storage of PMKSA cache (PMKSA_GET/PMKSA_ADD control interface commands; and MESH_PMKSA_GET/MESH_PMKSA_SET for the mesh case) * fixed mesh channel configuration pri/sec switch case * added support for beacon report * large number of other fixes, cleanup, and extensions * added support for randomizing local address for GAS queries (gas_rand_mac_addr parameter) * fixed EAP-SIM/AKA/AKA' ext auth cases within TLS tunnel * added option for using random WPS UUID (auto_uuid=1) * added SHA256-hash support for OCSP certificate matching * fixed EAP-AKA' to add AT_KDF into Synchronization-Failure * fixed a regression in RSN pre-authentication candidate selection * added option to configure allowed group management cipher suites (group_mgmt network profile parameter) * removed all PeerKey functionality * fixed nl80211 AP and mesh mode configuration regression with Linux 4.15 and newer * added ap_isolate configuration option for AP mode * added support for nl80211 to offload 4-way handshake into the driver * added support for using wolfSSL cryptographic library * SAE - added support for configuring SAE password separately of the WPA2 PSK/passphrase - fixed PTK and EAPOL-Key integrity and key-wrap algorithm selection for SAE; note: this is not backwards compatible, i.e., both the AP and station side implementations will need to be update at the same time to maintain interoperability - added support for Password Identifier - fixed FT-SAE PMKID matching * Hotspot 2.0 - added support for fetching of Operator Icon Metadata ANQP-element - added support for Roaming Consortium Selection element - added support for Terms and Conditions - added support for OSEN connection in a shared RSN BSS - added support for fetching Venue URL information * added support for using OpenSSL 1.1.1 * FT - disabled PMKSA caching with FT since it is not fully functional - added support for SHA384 based AKM - added support for BIP ciphers BIP-CMAC-256, BIP-GMAC-128, BIP-GMAC-256 in addition to previously supported BIP-CMAC-128 - fixed additional IE inclusion in Reassociation Request frame when using FT protocol

Changed service-files for start after network (systemd-networkd).

Advisory ID	SUSE-RU-2020:3382-1
Released	Thu Nov 19 11:03:01 2020
Summary	Recommended update for dmidecode
Type	recommended
Severity	moderate
References	1174257

Description:

This update for dmidecode fixes the following issues:

Add partial support for SMBIOS 3.4.0. (bsc#1174257)
Skip details of uninstalled memory modules. (bsc#1174257)

Advisory ID	SUSE-SU-2020:3384-1
Released	Thu Nov 19 11:33:53 2020
Summary	Security update for perl-DBI
Type	security
Severity	moderate
References	1176492,CVE-2014-10401,CVE-2014-10402

Description:

This update for perl-DBI fixes the following issues:

DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). [bsc#1176492, CVE-2014-10401, CVE-2014-10402]

Advisory ID	SUSE-RU-2020:3450-1
Released	Thu Nov 19 17:39:23 2020
Summary	Recommended update for hawk-apiserver
Type	recommended
Severity	moderate
References	1178228

Description:

This update for hawk-apiserver fixes the following issues:

Update from version 0.0.2 to version 0.0.4: - various enhancement security https related (bsc#1178228) - update go modules to 1.13 - add -version flag to show build version

Advisory ID	SUSE-RU-2020:3452-1
Released	Thu Nov 19 19:42:47 2020
Summary	Recommended update for tomcat
Type	recommended
Severity	moderate
References	1178396

Description:

This update for tomcat fixes the following issues:

Fixes an issue when after removing package rest remained in 'examples'.
Remove 'tomcat-9.0.init' and '/usr/lib/tmpfiles.d/tomcat.conf' because of using systemd. (bsc#1178396)

Advisory ID	SUSE-SU-2020:3458-1
Released	Fri Nov 20 11:09:46 2020
Summary	Security update for MozillaFirefox
Type	security
Severity	important
References	1178824,CVE-2020-15999,CVE-2020-16012,CVE-2020-26951,CVE-2020-26953,CVE-2020-26956,CVE-2020-26958,CVE-2020-26959,CVE-2020-26960,CVE-2020-26961,CVE-2020-26965,CVE-2020-26966,CVE-2020-26968

Description:

This update for MozillaFirefox fixes the following issues:

Firefox Extended Support Release 78.5.0 ESR (bsc#1178824) * CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code * CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls * CVE-2020-26953: Fullscreen could be enabled without displaying the security UI * CVE-2020-26956: XSS through paste (manual and clipboard API) * CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions * CVE-2020-26959: Use-after-free in WebRequestService * CVE-2020-26960: Potential use-after-free in uses of nsTArray * CVE-2020-15999: Heap buffer overflow in freetype * CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses * CVE-2020-26965: Software keyboards may have remembered typed passwords * CVE-2020-26966: Single-word search queries were also broadcast to local network * CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5

Advisory ID	SUSE-SU-2020:3460-1
Released	Fri Nov 20 12:41:23 2020
Summary	Security update for java-1_8_0-openjdk
Type	security
Severity	moderate
References	1174157,1177943,CVE-2020-14556,CVE-2020-14577,CVE-2020-14578,CVE-2020-14579,CVE-2020-14581,CVE-2020-14583,CVE-2020-14593,CVE-2020-14621,CVE-2020-14779,CVE-2020-14781,CVE-2020-14782,CVE-2020-14792,CVE-2020-14796,CVE-2020-14797,CVE-2020-14798,CVE-2020-14803

Description:

This update for java-1_8_0-openjdk fixes the following issues:

Fix regression '8250861: Crash in MinINode::Ideal(PhaseGVN*, bool)', introduced in October 2020 CPU.

Update to version jdk8u272 (icedtea 3.17.0) (July 2020 CPU, bsc#1174157, and October 2020 CPU, bsc#1177943) * New features + JDK-8245468: Add TLSv1.3 implementation classes from 11.0.7 + PR3796: Allow the number of curves supported to be specified * Security fixes + JDK-8028431, CVE-2020-14579: NullPointerException in DerValue.equals(DerValue) + JDK-8028591, CVE-2020-14578: NegativeArraySizeException in sun.security.util.DerInputStream.getUnalignedBitString() + JDK-8230613: Better ASCII conversions + JDK-8231800: Better listing of arrays + JDK-8232014: Expand DTD support + JDK-8233255: Better Swing Buttons + JDK-8233624: Enhance JNI linkage + JDK-8234032: Improve basic calendar services + JDK-8234042: Better factory production of certificates + JDK-8234418: Better parsing with CertificateFactory + JDK-8234836: Improve serialization handling + JDK-8236191: Enhance OID processing + JDK-8236196: Improve string pooling + JDK-8236862, CVE-2020-14779: Enhance support of Proxy class + JDK-8237117, CVE-2020-14556: Better ForkJoinPool behavior + JDK-8237592, CVE-2020-14577: Enhance certificate verification + JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts + JDK-8237995, CVE-2020-14782: Enhance certificate processing + JDK-8238002, CVE-2020-14581: Better matrix operations + JDK-8238804: Enhance key handling process + JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable + JDK-8238843: Enhanced font handing + JDK-8238920, CVE-2020-14583: Better Buffer support + JDK-8238925: Enhance WAV file playback + JDK-8240119, CVE-2020-14593: Less Affine Transformations + JDK-8240124: Better VM Interning + JDK-8240482: Improved WAV file playback + JDK-8241114, CVE-2020-14792: Better range handling + JDK-8241379: Update JCEKS support + JDK-8241522: Manifest improved jar headers redux + JDK-8242136, CVE-2020-14621: Better XML namespace handling + JDK-8242680, CVE-2020-14796: Improved URI Support + JDK-8242685, CVE-2020-14797: Better Path Validation + JDK-8242695, CVE-2020-14798: Enhanced buffer support + JDK-8243302: Advanced class supports + JDK-8244136, CVE-2020-14803: Improved Buffer supports + JDK-8244479: Further constrain certificates + JDK-8244955: Additional Fix for JDK-8240124 + JDK-8245407: Enhance zoning of times + JDK-8245412: Better class definitions + JDK-8245417: Improve certificate chain handling + JDK-8248574: Improve jpeg processing + JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit + JDK-8253019: Enhanced JPEG decoding * Import of OpenJDK 8 u262 build 01 + JDK-4949105: Access Bridge lacks html tags parsing + JDK-8003209: JFR events for network utilization + JDK-8030680: 292 cleanup from default method code assessment + JDK-8035633: TEST_BUG: java/net/NetworkInterface/Equals.java and some tests failed on windows intermittently + JDK-8041626: Shutdown tracing event + JDK-8141056: Erroneous assignment in HeapRegionSet.cpp + JDK-8149338: JVM Crash caused by Marlin renderer not handling NaN coordinates + JDK-8151582: (ch) test java/nio/channels/ /AsyncCloseAndInterrupt.java failing due to 'Connection succeeded' + JDK-8165675: Trace event for thread park has incorrect unit for timeout + JDK-8176182: 4 security tests are not run + JDK-8178910: Problemlist sample tests + JDK-8183925: Decouple crash protection from watcher thread + JDK-8191393: Random crashes during cfree+0x1c + JDK-8195817: JFR.stop should require name of recording + JDK-8195818: JFR.start should increase autogenerated name by one + JDK-8195819: Remove recording=x from jcmd JFR.check output + JDK-8199712: Flight Recorder + JDK-8202578: Revisit location for class unload events + JDK-8202835: jfr/event/os/TestSystemProcess.java fails on missing events + JDK-8203287: Zero fails to build after JDK-8199712 (Flight Recorder) + JDK-8203346: JFR: Inconsistent signature of jfr_add_string_constant + JDK-8203664: JFR start failure after AppCDS archive created with JFR StartFlightRecording + JDK-8203921: JFR thread sampling is missing fixes from JDK-8194552 + JDK-8203929: Limit amount of data for JFR.dump + JDK-8205516: JFR tool + JDK-8207392: [PPC64] Implement JFR profiling + JDK-8207829: FlightRecorderMXBeanImpl is leaking the first classloader which calls it + JDK-8209960: -Xlog:jfr* doesn't work with the JFR + JDK-8210024: JFR calls virtual is_Java_thread from ~Thread() + JDK-8210776: Upgrade X Window System 6.8.2 to the latest XWD 1.0.7 + JDK-8211239: Build fails without JFR: empty JFR events signatures mismatch + JDK-8212232: Wrong metadata for the configuration of the cutoff for old object sample events + JDK-8213015: Inconsistent settings between JFR.configure and -XX:FlightRecorderOptions + JDK-8213421: Line number information for execution samples always 0 + JDK-8213617: JFR should record the PID of the recorded process + JDK-8213734: SAXParser.parse(File, ..) does not close resources when Exception occurs. + JDK-8213914: [TESTBUG] Several JFR VM events are not covered by tests + JDK-8213917: [TESTBUG] Shutdown JFR event is not covered by test + JDK-8213966: The ZGC JFR events should be marked as experimental + JDK-8214542: JFR: Old Object Sample event slow on a deep heap in debug builds + JDK-8214750: Unnecessary
tags in jfr classes + JDK-8214896: JFR Tool left files behind + JDK-8214906: [TESTBUG] jfr/event/sampling/TestNative.java fails with UnsatisfiedLinkError + JDK-8214925: JFR tool fails to execute + JDK-8215175: Inconsistencies in JFR event metadata + JDK-8215237: jdk.jfr.Recording javadoc does not compile + JDK-8215284: Reduce noise induced by periodic task getFileSize() + JDK-8215355: Object monitor deadlock with no threads holding the monitor (using jemalloc 5.1) + JDK-8215362: JFR GTest JfrTestNetworkUtilization fails + JDK-8215771: The jfr tool should pretty print reference chains + JDK-8216064: -XX:StartFlightRecording:settings= doesn't work properly + JDK-8216486: Possibility of integer overflow in JfrThreadSampler::run() + JDK-8216528: test/jdk/java/rmi/transport/ /runtimeThreadInheritanceLeak/ /RuntimeThreadInheritanceLeak.java failing with Xcomp + JDK-8216559: [JFR] Native libraries not correctly parsed from /proc/self/maps + JDK-8216578: Remove unused/obsolete method in JFR code + JDK-8216995: Clean up JFR command line processing + JDK-8217744: [TESTBUG] JFR TestShutdownEvent fails on some systems due to process surviving SIGINT + JDK-8217748: [TESTBUG] Exclude TestSig test case from JFR TestShutdownEvent + JDK-8218935: Make jfr strncpy uses GCC 8.x friendly + JDK-8223147: JFR Backport + JDK-8223689: Add JFR Thread Sampling Support + JDK-8223690: Add JFR BiasedLock Event Support + JDK-8223691: Add JFR G1 Region Type Change Event Support + JDK-8223692: Add JFR G1 Heap Summary Event Support + JDK-8224172: assert(jfr_is_event_enabled(id)) failed: invariant + JDK-8224475: JTextPane does not show images in HTML rendering + JDK-8226253: JAWS reports wrong number of radio buttons when buttons are hidden. + JDK-8226779: [TESTBUG] Test JFR API from Java agent + JDK-8226892: ActionListeners on JRadioButtons don't get notified when selection is changed with arrow keys + JDK-8227011: Starting a JFR recording in response to JVMTI VMInit and / or Java agent premain corrupts memory + JDK-8227605: Kitchensink fails 'assert((((klass)->trace_id() & (JfrTraceIdEpoch::leakp_in_use_this_epoch_bit())) != 0)) failed: invariant' + JDK-8229366: JFR backport allows unchecked writing to memory + JDK-8229401: Fix JFR code cache test failures + JDK-8229708: JFR backport code does not initialize + JDK-8229873: 8229401 broke jdk8u-jfr-incubator + JDK-8230448: [test] JFRSecurityTestSuite.java is failing on Windows + JDK-8230707: JFR related tests are failing + JDK-8230782: Robot.createScreenCapture() fails if 'awt.robot.gtk' is set to false + JDK-8230856: Java_java_net_NetworkInterface_getByName0 on unix misses ReleaseStringUTFChars in early return + JDK-8230947: TestLookForUntestedEvents.java is failing after JDK-8230707 + JDK-8231995: two jtreg tests failed after 8229366 is fixed + JDK-8233623: Add classpath exception to copyright in EventHandlerProxyCreator.java file + JDK-8236002: CSR for JFR backport suggests not leaving out the package-info + JDK-8236008: Some backup files were accidentally left in the hotspot tree + JDK-8236074: Missed package-info + JDK-8236174: Should update javadoc since tags + JDK-8238076: Fix OpenJDK 7 Bootstrap Broken by JFR Backport + JDK-8238452: Keytool generates wrong expiration date if validity is set to 2050/01/01 + JDK-8238555: Allow Initialization of SunPKCS11 with NSS when there are external FIPS modules in the NSSDB + JDK-8238589: Necessary code cleanup in JFR for JDK8u + JDK-8238590: Enable JFR by default during compilation in 8u + JDK-8239055: Wrong implementation of VMState.hasListener + JDK-8239476: JDK-8238589 broke windows build by moving OrderedPair + JDK-8239479: minimal1 and zero builds are failing + JDK-8239867: correct over use of INCLUDE_JFR macro + JDK-8240375: Disable JFR by default for July 2020 release + JDK-8241444: Metaspace::_class_vsm not initialized if compressed class pointers are disabled + JDK-8241902: AIX Build broken after integration of JDK-8223147 (JFR Backport) + JDK-8242788: Non-PCH build is broken after JDK-8191393 * Import of OpenJDK 8 u262 build 02 + JDK-8130737: AffineTransformOp can't handle child raster with non-zero x-offset + JDK-8172559: [PIT][TEST_BUG] Move @test to be 1st annotation in java/awt/image/Raster/TestChildRasterOp.java + JDK-8230926: [macosx] Two apostrophes are entered instead of one with 'U.S. International - PC' layout + JDK-8240576: JVM crashes after transformation in C2 IdealLoopTree::merge_many_backedges + JDK-8242883: Incomplete backport of JDK-8078268: backport test part * Import of OpenJDK 8 u262 build 03 + JDK-8037866: Replace the Fun class in tests with lambdas + JDK-8146612: C2: Precedence edges specification violated + JDK-8150986: serviceability/sa/jmap-hprof/ /JMapHProfLargeHeapTest.java failing because expects HPROF JAVA PROFILE 1.0.1 file format + JDK-8229888: (zipfs) Updating an existing zip file does not preserve original permissions + JDK-8230597: Update GIFlib library to the 5.2.1 + JDK-8230769: BufImg_SetupICM add ReleasePrimitiveArrayCritical call in early return + JDK-8233880, PR3798: Support compilers with multi-digit major version numbers + JDK-8239852: java/util/concurrent tests fail with -XX:+VerifyGraphEdges: assert(!VerifyGraphEdges) failed: verification should have failed + JDK-8241638: launcher time metrics always report 1 on Linux when _JAVA_LAUNCHER_DEBUG set + JDK-8243059: Build fails when --with-vendor-name contains a comma + JDK-8243474: [TESTBUG] removed three tests of 0 bytes + JDK-8244461: [JDK 8u] Build fails with glibc 2.32 + JDK-8244548: JDK 8u: sun.misc.Version.jdkUpdateVersion() returns wrong result * Import of OpenJDK 8 u262 build 04 + JDK-8067796: (process) Process.waitFor(timeout, unit) doesn't throw NPE if timeout is less than, or equal to zero when unit == null + JDK-8148886: SEGV in sun.java2d.marlin.Renderer._endRendering + JDK-8171934: ObjectSizeCalculator.getEffectiveMemoryLayoutSpecification() does not recognize OpenJDK's HotSpot VM + JDK-8196969: JTreg Failure: serviceability/sa/ClhsdbJstack.java causes NPE + JDK-8243539: Copyright info (Year) should be updated for fix of 8241638 + JDK-8244777: ClassLoaderStats VM Op uses constant hash value * Import of OpenJDK 8 u262 build 05 + JDK-7147060: com/sun/org/apache/xml/internal/security/ /transforms/ClassLoaderTest.java doesn't run in agentvm mode + JDK-8178374: Problematic ByteBuffer handling in CipherSpi.bufferCrypt method + JDK-8181841: A TSA server returns timestamp with precision higher than milliseconds + JDK-8227269: Slow class loading when running with JDWP + JDK-8229899: Make java.io.File.isInvalid() less racy + JDK-8236996: Incorrect Roboto font rendering on Windows with subpixel antialiasing + JDK-8241750: x86_32 build failure after JDK-8227269 + JDK-8244407: JVM crashes after transformation in C2 IdealLoopTree::split_fall_in + JDK-8244843: JapanEraNameCompatTest fails * Import of OpenJDK 8 u262 build 06 + JDK-8246223: Windows build fails after JDK-8227269 * Import of OpenJDK 8 u262 build 07 + JDK-8233197: Invert JvmtiExport::post_vm_initialized() and Jfr:on_vm_start() start-up order for correct option parsing + JDK-8243541: (tz) Upgrade time-zone data to tzdata2020a + JDK-8245167: Top package in method profiling shows null in JMC + JDK-8246703: [TESTBUG] Add test for JDK-8233197 * Import of OpenJDK 8 u262 build 08 + JDK-8220293: Deadlock in JFR string pool + JDK-8225068: Remove DocuSign root certificate that is expiring in May 2020 + JDK-8225069: Remove Comodo root certificate that is expiring in May 2020 * Import of OpenJDK 8 u262 build 09 + JDK-8248399: Build installs jfr binary when JFR is disabled * Import of OpenJDK 8 u262 build 10 + JDK-8248715: New JavaTimeSupplementary localisation for 'in' installed in wrong package * Import of OpenJDK 8 u265 build 01 + JDK-8249677: Regression in 8u after JDK-8237117: Better ForkJoinPool behavior + JDK-8250546: Expect changed behaviour reported in JDK-8249846 * Import of OpenJDK 8 u272 build 01 + JDK-8006205: [TESTBUG] NEED_TEST: please JTREGIFY test/compiler/7177917/Test7177917.java + JDK-8035493: JVMTI PopFrame capability must instruct compilers not to prune locals + JDK-8036088: Replace strtok() with its safe equivalent strtok_s() in DefaultProxySelector.c + JDK-8039082: [TEST_BUG] Test java/awt/dnd/ /BadSerializationTest/BadSerializationTest.java fails + JDK-8075774: Small readability and performance improvements for zipfs + JDK-8132206: move ScanTest.java into OpenJDK + JDK-8132376: Add @requires os.family to the client tests with access to internal OS-specific API + JDK-8132745: minor cleanup of java/util/Scanner/ScanTest.java + JDK-8137087: [TEST_BUG] Cygwin failure of java/awt/ /appletviewer/IOExceptionIfEncodedURLTest/ /IOExceptionIfEncodedURLTest.sh + JDK-8145808: java/awt/Graphics2D/MTGraphicsAccessTest/ /MTGraphicsAccessTest.java hangs on Win. 8 + JDK-8151788: NullPointerException from ntlm.Client.type3 + JDK-8151834: Test SmallPrimeExponentP.java times out intermittently + JDK-8153430: jdk regression test MletParserLocaleTest, ParserInfiniteLoopTest reduce default timeout + JDK-8153583: Make OutputAnalyzer.reportDiagnosticSummary public + JDK-8156169: Some sound tests rarely hangs because of incorrect synchronization + JDK-8165936: Potential Heap buffer overflow when seaching timezone info files + JDK-8166148: Fix for JDK-8165936 broke solaris builds + JDK-8167300: Scheduling failures during gcm should be fatal + JDK-8167615: Opensource unit/regression tests for JavaSound + JDK-8172012: [TEST_BUG] delays needed in javax/swing/JTree/4633594/bug4633594.java + JDK-8177628: Opensource unit/regression tests for ImageIO + JDK-8183341: Better cleanup for javax/imageio/AllowSearch.java + JDK-8183351: Better cleanup for jdk/test/javax/imageio/spi/ /AppletContextTest/BadPluginConfigurationTest.sh + JDK-8193137: Nashorn crashes when given an empty script file + JDK-8194298: Add support for per Socket configuration of TCP keepalive + JDK-8198004: javax/swing/JFileChooser/6868611/bug6868611.java throws error + JDK-8200313: java/awt/Gtk/GtkVersionTest/GtkVersionTest.java fails + JDK-8210147: adjust some WSAGetLastError usages in windows network coding + JDK-8211714: Need to update vm_version.cpp to recognise VS2017 minor versions + JDK-8214862: assert(proj != __null) at compile.cpp:3251 + JDK-8217606: LdapContext#reconnect always opens a new connection + JDK-8217647: JFR: recordings on 32-bit systems unreadable + JDK-8226697: Several tests which need the @key headful keyword are missing it. + JDK-8229378: jdwp library loader in linker_md.c quietly truncates on buffer overflow + JDK-8230303: JDB hangs when running monitor command + JDK-8230711: ConnectionGraph::unique_java_object(Node* N) return NULL if n is not in the CG + JDK-8234617: C1: Incorrect result of field load due to missing narrowing conversion + JDK-8235243: handle VS2017 15.9 and VS2019 in abstract_vm_version + JDK-8235325: build failure on Linux after 8235243 + JDK-8235687: Contents/MacOS/libjli.dylib cannot be a symlink + JDK-8237951: CTW: C2 compilation fails with 'malformed control flow' + JDK-8238225: Issues reported after replacing symlink at Contents/MacOS/libjli.dylib with binary + JDK-8239385: KerberosTicket client name refers wrongly to sAMAccountName in AD + JDK-8239819: XToolkit: Misread of screen information memory + JDK-8240295: hs_err elapsed time in seconds is not accurate enough + JDK-8241888: Mirror jdk.security.allowNonCaAnchor system property with a security one + JDK-8242498: Invalid 'sun.awt.TimedWindowEvent' object leads to JVM crash + JDK-8243489: Thread CPU Load event may contain wrong data for CPU time under certain conditions + JDK-8244818: Java2D Queue Flusher crash while moving application window to external monitor + JDK-8246310: Clean commented-out code about ModuleEntry and PackageEntry in JFR + JDK-8246384: Enable JFR by default on supported architectures for October 2020 release + JDK-8248643: Remove extra leading space in JDK-8240295 8u backport + JDK-8249610: Make sun.security.krb5.Config.getBooleanObject(String... keys) method public * Import of OpenJDK 8 u272 build 02 + JDK-8023697: failed class resolution reports different class name in detail message for the first and subsequent times + JDK-8025886: replace [[ and == bash extensions in regtest + JDK-8046274: Removing dependency on jakarta-regexp + JDK-8048933: -XX:+TraceExceptions output should include the message + JDK-8076151: [TESTBUG] Test java/awt/FontClass/CreateFont/ /fileaccess/FontFile.java fails + JDK-8148854: Class names 'SomeClass' and 'LSomeClass;' treated by JVM as an equivalent + JDK-8154313: Generated javadoc scattered all over the place + JDK-8163251: Hard coded loop limit prevents reading of smart card data greater than 8k + JDK-8173300: [TESTBUG]compiler/tiered/NonTieredLevelsTest.java fails with compiler.whitebox.SimpleTestCaseHelper(int) must be compiled + JDK-8183349: Better cleanup for jdk/test/javax/imageio/ /plugins/shared/CanWriteSequence.java and WriteAfterAbort.java + JDK-8191678: [TESTBUG] Add keyword headful in java/awt FocusTransitionTest test. + JDK-8201633: Problems with AES-GCM native acceleration + JDK-8211049: Second parameter of 'initialize' method is not used + JDK-8219566: JFR did not collect call stacks when MaxJavaStackTraceDepth is set to zero + JDK-8220165: Encryption using GCM results in RuntimeException- input length out of bound + JDK-8220555: JFR tool shows potentially misleading message when it cannot access a file + JDK-8224217: RecordingInfo should use textual representation of path + JDK-8231779: crash HeapWord*ParallelScavengeHeap::failed_mem_allocate + JDK-8238380, PR3798: java.base/unix/native/libjava/childproc.c 'multiple definition' link errors with GCC10 + JDK-8238386, PR3798: (sctp) jdk.sctp/unix/native/libsctp/ /SctpNet.c 'multiple definition' link errors with GCC10 + JDK-8238388, PR3798: libj2gss/NativeFunc.o 'multiple definition' link errors with GCC10 + JDK-8242556: Cannot load RSASSA-PSS public key with non-null params from byte array + JDK-8250755: Better cleanup for jdk/test/javax/imageio/ /plugins/shared/CanWriteSequence.java * Import of OpenJDK 8 u272 build 03 + JDK-6574989: TEST_BUG: javax/sound/sampled/Clip/bug5070081.java fails sometimes + JDK-8148754: C2 loop unrolling fails due to unexpected graph shape + JDK-8192953: sun/management/jmxremote/bootstrap/*.sh tests fail with error : revokeall.exe: Permission denied + JDK-8203357: Container Metrics + JDK-8209113: Use WeakReference for lastFontStrike for created Fonts + JDK-8216283: Allow shorter method sampling interval than 10 ms + JDK-8221569: JFR tool produces incorrect output when both --categories and --events are specified + JDK-8233097: Fontmetrics for large Fonts has zero width + JDK-8248851: CMS: Missing memory fences between free chunk check and klass read + JDK-8250875: Incorrect parameter type for update_number in JDK_Version::jdk_update * Import of OpenJDK 8 u272 build 04 + JDK-8061616: HotspotDiagnosticMXBean.getVMOption() throws IllegalArgumentException for flags of type double + JDK-8177334: Update xmldsig implementation to Apache Santuario 2.1.1 + JDK-8217878: ENVELOPING XML signature no longer works in JDK 11 + JDK-8218629: XML Digital Signature throws NAMESPACE_ERR exception on OpenJDK 11, works 8/9/10 + JDK-8243138: Enhance BaseLdapServer to support starttls extended request * Import of OpenJDK 8 u272 build 05 + JDK-8026236: Add PrimeTest for BigInteger + JDK-8057003: Large reference arrays cause extremely long synchronization times + JDK-8060721: Test runtime/SharedArchiveFile/ /LimitSharedSizes.java fails in jdk 9 fcs new platforms/compiler + JDK-8152077: (cal) Calendar.roll does not always roll the hours during daylight savings + JDK-8168517: java/lang/ProcessBuilder/Basic.java failed + JDK-8211163: UNIX version of Java_java_io_Console_echo does not return a clean boolean + JDK-8220674: [TESTBUG] MetricsMemoryTester failcount test in docker container only works with debug JVMs + JDK-8231213: Migrate SimpleDateFormatConstTest to JDK Repo + JDK-8236645: JDK 8u231 introduces a regression with incompatible handling of XML messages + JDK-8240676: Meet not symmetric failure when running lucene on jdk8 + JDK-8243321: Add Entrust root CA - G4 to Oracle Root CA program + JDK-8249158: THREAD_START and THREAD_END event posted in primordial phase + JDK-8250627: Use -XX:+/-UseContainerSupport for enabling/disabling Java container metrics + JDK-8251546: 8u backport of JDK-8194298 breaks AIX and Solaris builds + JDK-8252084: Minimal VM fails to bootcycle: undefined symbol: AgeTableTracer::is_tenuring_distribution_event_enabled * Import of OpenJDK 8 u272 build 06 + JDK-8064319: Need to enable -XX:+TraceExceptions in release builds + JDK-8080462, PR3801: Update SunPKCS11 provider with PKCS11 v2.40 support + JDK-8160768: Add capability to custom resolve host/domain names within the default JNDI LDAP provider + JDK-8161973: PKIXRevocationChecker.getSoftFailExceptions() not working + JDK-8169925, PR3801: PKCS #11 Cryptographic Token Interface license + JDK-8184762: ZapStackSegments should use optimized memset + JDK-8193234: When using -Xcheck:jni an internally allocated buffer can leak + JDK-8219919: RuntimeStub name lost with PrintFrameConverterAssembly + JDK-8220313: [TESTBUG] Update base image for Docker testing to OL 7.6 + JDK-8222079: Don't use memset to initialize fields decode_env constructor in disassembler.cpp + JDK-8225695: 32-bit build failures after JDK-8080462 (Update SunPKCS11 provider with PKCS11 v2.40 support) + JDK-8226575: OperatingSystemMXBean should be made container aware + JDK-8226809: Circular reference in printed stack trace is not correctly indented & ambiguous + JDK-8228835: Memory leak in PKCS11 provider when using AES GCM + JDK-8233621: Mismatch in jsse.enableMFLNExtension property name + JDK-8238898, PR3801: Missing hash characters for header on license file + JDK-8243320: Add SSL root certificates to Oracle Root CA program + JDK-8244151: Update MUSCLE PC/SC-Lite headers to the latest release 1.8.26 + JDK-8245467: Remove 8u TLSv1.2 implementation files + JDK-8245469: Remove DTLS protocol implementation + JDK-8245470: Fix JDK8 compatibility issues + JDK-8245471: Revert JDK-8148188 + JDK-8245472: Backport JDK-8038893 to JDK8 + JDK-8245473: OCSP stapling support + JDK-8245474: Add TLS_KRB5 cipher suites support according to RFC-2712 + JDK-8245476: Disable TLSv1.3 protocol in the ClientHello message by default + JDK-8245477: Adjust TLS tests location + JDK-8245653: Remove 8u TLS tests + JDK-8245681: Add TLSv1.3 regression test from 11.0.7 + JDK-8251117: Cannot check P11Key size in P11Cipher and P11AEADCipher + JDK-8251120, PR3793: [8u] HotSpot build assumes ENABLE_JFR is set to either true or false + JDK-8251341: Minimal Java specification change + JDK-8251478: Backport TLSv1.3 regression tests to JDK8u * Import of OpenJDK 8 u272 build 07 + JDK-8246193: Possible NPE in ENC-PA-REP search in AS-REQ * Import of OpenJDK 8 u272 build 08 + JDK-8062947: Fix exception message to correctly represent LDAP connection failure + JDK-8151678: com/sun/jndi/ldap/LdapTimeoutTest.java failed due to timeout on DeadServerNoTimeoutTest is incorrect + JDK-8252573: 8u: Windows build failed after 8222079 backport * Import of OpenJDK 8 u272 build 09 + JDK-8252886: [TESTBUG] sun/security/ec/TestEC.java : Compilation failed * Import of OpenJDK 8 u272 build 10 + JDK-8254673: Call to JvmtiExport::post_vm_start() was removed by the fix for JDK-8249158 + JDK-8254937: Revert JDK-8148854 for 8u272 * Backports + JDK-8038723, PR3806: Openup some PrinterJob tests + JDK-8041480, PR3806: ArrayIndexOutOfBoundsException when JTable contains certain string + JDK-8058779, PR3805: Faster implementation of String.replace(CharSequence, CharSequence) + JDK-8130125, PR3806: [TEST_BUG] add @modules to the several client tests unaffected by the automated bulk update + JDK-8144015, PR3806: [PIT] failures of text layout font tests + JDK-8144023, PR3806: [PIT] failure of text measurements in javax/swing/text/html/parser/Parser/6836089/bug6836089.java + JDK-8144240, PR3806: [macosx][PIT] AIOOB in closed/javax/swing/text/GlyphPainter2/6427244/bug6427244.java + JDK-8145542, PR3806: The case failed automatically and thrown java.lang.ArrayIndexOutOfBoundsException exception + JDK-8151725, PR3806: [macosx] ArrayIndexOOB exception when displaying Devanagari text in JEditorPane + JDK-8152358, PR3800: code and comment cleanups found during the hunt for 8077392 + JDK-8152545, PR3804: Use preprocessor instead of compiling a program to generate native nio constants + JDK-8152680, PR3806: Regression in GlyphVector.getGlyphCharIndex behaviour + JDK-8158924, PR3806: Incorrect i18n text document layout + JDK-8166003, PR3806: [PIT][TEST_BUG] missing helper for javax/swing/text/GlyphPainter2/6427244/bug6427244.java + JDK-8166068, PR3806: test/java/awt/font/GlyphVector/ /GetGlyphCharIndexTest.java does not compile + JDK-8169879, PR3806: [TEST_BUG] javax/swing/text/ /GlyphPainter2/6427244/bug6427244.java - compilation failed + JDK-8191512, PR3806: T2K font rasterizer code removal + JDK-8191522, PR3806: Remove Bigelow&Holmes Lucida fonts from JDK sources + JDK-8236512, PR3801: PKCS11 Connection closed after Cipher.doFinal and NoPadding + JDK-8254177, PR3809: (tz) Upgrade time-zone data to tzdata2020b * Bug fixes + PR3798: Fix format-overflow error on GCC 10, caused by passing NULL to a '%s' directive + PR3795: ECDSAUtils for XML digital signatures should support the same curve set as the rest of the JDK + PR3799: Adapt elliptic curve patches to JDK-8245468: Add TLSv1.3 implementation classes from 11.0.7 + PR3808: IcedTea does not install the JFR *.jfc files + PR3810: Enable JFR on x86 (32-bit) now that JDK-8252096 has fixed its use with Shenandoah + PR3811: Don't attempt to install JFR files when JFR is disabled * Shenandoah + [backport] 8221435: Shenandoah should not mark through weak roots + [backport] 8221629: Shenandoah: Cleanup class unloading logic + [backport] 8222992: Shenandoah: Pre-evacuate all roots + [backport] 8223215: Shenandoah: Support verifying subset of roots + [backport] 8223774: Shenandoah: Refactor ShenandoahRootProcessor and family + [backport] 8224210: Shenandoah: Refactor ShenandoahRootScanner to support scanning CSet codecache roots + [backport] 8224508: Shenandoah: Need to update thread roots in final mark for piggyback ref update cycle + [backport] 8224579: ResourceMark not declared in shenandoahRootProcessor.inline.hpp with --disable-precompiled-headers + [backport] 8224679: Shenandoah: Make ShenandoahParallelCodeCacheIterator noncopyable + [backport] 8224751: Shenandoah: Shenandoah Verifier should select proper roots according to current GC cycle + [backport] 8225014: Separate ShenandoahRootScanner method for object_iterate + [backport] 8225216: gc/logging/TestMetaSpaceLog.java doesn't work for Shenandoah + [backport] 8225573: Shenandoah: Enhance ShenandoahVerifier to ensure roots to-space invariant + [backport] 8225590: Shenandoah: Refactor ShenandoahClassLoaderDataRoots API + [backport] 8226413: Shenandoah: Separate root scanner for SH::object_iterate() + [backport] 8230853: Shenandoah: replace leftover assert(is_in(...)) with rich asserts + [backport] 8231198: Shenandoah: heap walking should visit all roots most of the time + [backport] 8231244: Shenandoah: all-roots heap walking misses some weak roots + [backport] 8237632: Shenandoah: accept NULL fwdptr to cooperate with JVMTI and JFR + [backport] 8239786: Shenandoah: print per-cycle statistics + [backport] 8239926: Shenandoah: Shenandoah needs to mark nmethod's metadata + [backport] 8240671: Shenandoah: refactor ShenandoahPhaseTimings + [backport] 8240749: Shenandoah: refactor ShenandoahUtils + [backport] 8240750: Shenandoah: remove leftover files and mentions of ShenandoahAllocTracker + [backport] 8240868: Shenandoah: remove CM-with-UR piggybacking cycles + [backport] 8240872: Shenandoah: Avoid updating new regions from start of evacuation + [backport] 8240873: Shenandoah: Short-cut arraycopy barriers + [backport] 8240915: Shenandoah: Remove unused fields in init mark tasks + [backport] 8240948: Shenandoah: cleanup not-forwarded-objects paths after JDK-8240868 + [backport] 8241007: Shenandoah: remove ShenandoahCriticalControlThreadPriority support + [backport] 8241062: Shenandoah: rich asserts trigger 'empty statement' inspection + [backport] 8241081: Shenandoah: Do not modify update-watermark concurrently + [backport] 8241093: Shenandoah: editorial changes in flag descriptions + [backport] 8241139: Shenandoah: distribute mark-compact work exactly to minimize fragmentation + [backport] 8241142: Shenandoah: should not use parallel reference processing with single GC thread + [backport] 8241351: Shenandoah: fragmentation metrics overhaul + [backport] 8241435: Shenandoah: avoid disabling pacing with 'aggressive' + [backport] 8241520: Shenandoah: simplify region sequence numbers handling + [backport] 8241534: Shenandoah: region status should include update watermark + [backport] 8241574: Shenandoah: remove ShenandoahAssertToSpaceClosure + [backport] 8241583: Shenandoah: turn heap lock asserts into macros + [backport] 8241668: Shenandoah: make ShenandoahHeapRegion not derive from ContiguousSpace + [backport] 8241673: Shenandoah: refactor anti-false-sharing padding + [backport] 8241675: Shenandoah: assert(n->outcnt() > 0) at shenandoahSupport.cpp:2858 with java/util/Collections/FindSubList.java + [backport] 8241692: Shenandoah: remove ShenandoahHeapRegion::_reserved + [backport] 8241700: Shenandoah: Fold ShenandoahKeepAliveBarrier flag into ShenandoahSATBBarrier + [backport] 8241740: Shenandoah: remove ShenandoahHeapRegion::_heap + [backport] 8241743: Shenandoah: refactor and inline ShenandoahHeap::heap() + [backport] 8241748: Shenandoah: inline MarkingContext TAMS methods + [backport] 8241838: Shenandoah: no need to trash cset during final mark + [backport] 8241841: Shenandoah: ditch one of allocation type counters in ShenandoahHeapRegion + [backport] 8241842: Shenandoah: inline ShenandoahHeapRegion::region_number + [backport] 8241844: Shenandoah: rename ShenandoahHeapRegion::region_number + [backport] 8241845: Shenandoah: align ShenandoahHeapRegions to cache lines + [backport] 8241926: Shenandoah: only print heap changes for operations that directly affect it + [backport] 8241983: Shenandoah: simplify FreeSet logging + [backport] 8241985: Shenandoah: simplify collectable garbage logging + [backport] 8242040: Shenandoah: print allocation failure type + [backport] 8242041: Shenandoah: adaptive heuristics should account evac reserve in free target + [backport] 8242042: Shenandoah: tune down ShenandoahGarbageThreshold + [backport] 8242054: Shenandoah: New incremental-update mode + [backport] 8242075: Shenandoah: rename ShenandoahHeapRegionSize flag + [backport] 8242082: Shenandoah: Purge Traversal mode + [backport] 8242083: Shenandoah: split 'Prepare Evacuation' tracking into cset/freeset counters + [backport] 8242089: Shenandoah: per-worker stats should be summed up, not averaged + [backport] 8242101: Shenandoah: coalesce and parallelise heap region walks during the pauses + [backport] 8242114: Shenandoah: remove ShenandoahHeapRegion::reset_alloc_metadata_to_shared + [backport] 8242130: Shenandoah: Simplify arraycopy-barrier dispatching + [backport] 8242211: Shenandoah: remove ShenandoahHeuristics::RegionData::_seqnum_last_alloc + [backport] 8242212: Shenandoah: initialize ShenandoahHeuristics::_region_data eagerly + [backport] 8242213: Shenandoah: remove ShenandoahHeuristics::_bytes_in_cset + [backport] 8242217: Shenandoah: Enable GC mode to be diagnostic/experimental and have a name + [backport] 8242227: Shenandoah: transit regions to cset state when adding to collection set + [backport] 8242228: Shenandoah: remove unused ShenandoahCollectionSet methods + [backport] 8242229: Shenandoah: inline ShenandoahHeapRegion liveness-related methods + [backport] 8242267: Shenandoah: regions space needs to be aligned by os::vm_allocation_granularity() + [backport] 8242271: Shenandoah: add test to verify GC mode unlock + [backport] 8242273: Shenandoah: accept either SATB or IU barriers, but not both + [backport] 8242301: Shenandoah: Inline LRB runtime call + [backport] 8242316: Shenandoah: Turn NULL-check into assert in SATB slow-path entry + [backport] 8242353: Shenandoah: micro-optimize region liveness handling + [backport] 8242365: Shenandoah: use uint16_t instead of jushort for liveness cache + [backport] 8242375: Shenandoah: Remove ShenandoahHeuristic::record_gc_start/end methods + [backport] 8242641: Shenandoah: clear live data and update TAMS optimistically + [backport] 8243238: Shenandoah: explicit GC request should wait for a complete GC cycle + [backport] 8243301: Shenandoah: ditch ShenandoahAllowMixedAllocs + [backport] 8243307: Shenandoah: remove ShCollectionSet::live_data + [backport] 8243395: Shenandoah: demote guarantee in ShenandoahPhaseTimings::record_workers_end + [backport] 8243463: Shenandoah: ditch total_pause counters + [backport] 8243464: Shenandoah: print statistic counters in time order + [backport] 8243465: Shenandoah: ditch unused pause_other, conc_other counters + [backport] 8243487: Shenandoah: make _num_phases illegal phase type + [backport] 8243494: Shenandoah: set counters once per cycle + [backport] 8243573: Shenandoah: rename GCParPhases and related code + [backport] 8243848: Shenandoah: Windows build fails after JDK-8239786 + [backport] 8244180: Shenandoah: carry Phase to ShWorkerTimingsTracker explicitly + [backport] 8244200: Shenandoah: build breakages after JDK-8241743 + [backport] 8244226: Shenandoah: per-cycle statistics contain worker data from previous cycles + [backport] 8244326: Shenandoah: global statistics should not accept bogus samples + [backport] 8244509: Shenandoah: refactor ShenandoahBarrierC2Support::test_* methods + [backport] 8244551: Shenandoah: Fix racy update of update_watermark + [backport] 8244667: Shenandoah: SBC2Support::test_gc_state takes loop for wrong control + [backport] 8244730: Shenandoah: gc/shenandoah/options/ /TestHeuristicsUnlock.java should only verify the heuristics + [backport] 8244732: Shenandoah: move heuristics code to gc/shenandoah/heuristics + [backport] 8244737: Shenandoah: move mode code to gc/shenandoah/mode + [backport] 8244739: Shenandoah: break superclass dependency on ShenandoahNormalMode + [backport] 8244740: Shenandoah: rename ShenandoahNormalMode to ShenandoahSATBMode + [backport] 8245461: Shenandoah: refine mode name()-s + [backport] 8245463: Shenandoah: refine ShenandoahPhaseTimings constructor arguments + [backport] 8245464: Shenandoah: allocate collection set bitmap at lower addresses + [backport] 8245465: Shenandoah: test_in_cset can use more efficient encoding + [backport] 8245726: Shenandoah: lift/cleanup ShenandoahHeuristics names and properties + [backport] 8245754: Shenandoah: ditch ShenandoahAlwaysPreTouch + [backport] 8245757: Shenandoah: AlwaysPreTouch should not disable heap resizing or uncommits + [backport] 8245773: Shenandoah: Windows assertion failure after JDK-8245464 + [backport] 8245812: Shenandoah: compute root phase parallelism + [backport] 8245814: Shenandoah: reconsider format specifiers for stats + [backport] 8245825: Shenandoah: Remove diagnostic flag ShenandoahConcurrentScanCodeRoots + [backport] 8246162: Shenandoah: full GC does not mark code roots when class unloading is off + [backport] 8247310: Shenandoah: pacer should not affect interrupt status + [backport] 8247358: Shenandoah: reconsider free budget slice for marking + [backport] 8247367: Shenandoah: pacer should wait on lock instead of exponential backoff + [backport] 8247474: Shenandoah: Windows build warning after JDK-8247310 + [backport] 8247560: Shenandoah: heap iteration holds root locks all the time + [backport] 8247593: Shenandoah: should not block pacing reporters + [backport] 8247751: Shenandoah: options tests should run with smaller heaps + [backport] 8247754: Shenandoah: mxbeans tests can be shorter + [backport] 8247757: Shenandoah: split heavy tests by heuristics to improve parallelism + [backport] 8247860: Shenandoah: add update watermark line in rich assert failure message + [backport] 8248041: Shenandoah: pre-Full GC root updates may miss some roots + [backport] 8248652: Shenandoah: SATB buffer handling may assume no forwarded objects + [backport] 8249560: Shenandoah: Fix racy GC request handling + [backport] 8249649: Shenandoah: provide per-cycle pacing stats + [backport] 8249801: Shenandoah: Clear soft-refs on requested GC cycle + [backport] 8249953: Shenandoah: gc/shenandoah/mxbeans tests should account for corner cases + Fix slowdebug build after JDK-8230853 backport + JDK-8252096: Shenandoah: adjust SerialPageShiftCount for x86_32 and JFR + JDK-8252366: Shenandoah: revert/cleanup changes in graphKit.cpp + Shenandoah: add JFR roots to root processor after JFR integration + Shenandoah: add root statistics for string dedup table/queues + Shenandoah: enable low-frequency STW class unloading + Shenandoah: fix build failures after JDK-8244737 backport + Shenandoah: Fix build failure with +JFR -PCH + Shenandoah: fix forceful pacer claim + Shenandoah: fix formats in ShenandoahStringSymbolTableUnlinkTask + Shenandoah: fix runtime linking failure due to non-compiled shenandoahBarrierSetC1 + Shenandoah: hook statistics printing to PrintGCDetails, not PrintGC + Shenandoah: JNI weak roots are always cleared before Full GC mark + Shenandoah: missing SystemDictionary roots in ShenandoahHeapIterationRootScanner + Shenandoah: move barrier sets to their proper locations + Shenandoah: move parallelCleaning.* to shenandoah/ + Shenandoah: pacer should use proper Atomics for intptr_t + Shenandoah: properly deallocates class loader metadata + Shenandoah: specialize String Table scans for better pause performance + Shenandoah: Zero build fails after recent Atomic cleanup in Pacer * AArch64 port + JDK-8161072, PR3797: AArch64: jtreg compiler/uncommontrap/TestDeoptOOM failure + JDK-8171537, PR3797: aarch64: compiler/c1/Test6849574.java generates guarantee failure in C1 + JDK-8183925, PR3797: [AArch64] Decouple crash protection from watcher thread + JDK-8199712, PR3797: [AArch64] Flight Recorder + JDK-8203481, PR3797: Incorrect constraint for unextended_sp in frame:safe_for_sender + JDK-8203699, PR3797: java/lang/invoke/SpecialInterfaceCall fails with SIGILL on aarch64 + JDK-8209413, PR3797: AArch64: NPE in clhsdb jstack command + JDK-8215961, PR3797: jdk/jfr/event/os/TestCPUInformation.java fails on AArch64 + JDK-8216989, PR3797: CardTableBarrierSetAssembler::gen_write_ref_array_post_barrier() does not check for zero length on AARCH64 + JDK-8217368, PR3797: AArch64: C2 recursive stack locking optimisation not triggered + JDK-8221658, PR3797: aarch64: add necessary predicate for ubfx patterns + JDK-8237512, PR3797: AArch64: aarch64TestHook leaks a BufferBlob + JDK-8246482, PR3797: Build failures with +JFR -PCH + JDK-8247979, PR3797: aarch64: missing side effect of killing flags for clearArray_reg_reg + JDK-8248219, PR3797: aarch64: missing memory barrier in fast_storefield and fast_accessfield

Advisory ID	SUSE-RU-2020:3462-1
Released	Fri Nov 20 13:14:35 2020
Summary	Recommended update for pam and sudo
Type	recommended
Severity	moderate
References	1174593,1177858,1178727

Description:

This update for pam and sudo fixes the following issue:
pam:

pam_xauth: do not *free* a string which has been successfully passed to *putenv*. (bsc#1177858)
Initialize the local variable *daysleft* to avoid a misleading warning for password expire days. (bsc#1178727)
Run /usr/bin/xauth using the old user's and group's identifiers. (bsc#1174593)

sudo:

Fix a problem with pam_xauth which checks effective and real uids to get the real identity of the user. (bsc#1174593)

Advisory ID	SUSE-SU-2020:3463-1
Released	Fri Nov 20 13:49:58 2020
Summary	Security update for postgresql12
Type	security
Severity	important
References	1178666,1178667,1178668,CVE-2020-25694,CVE-2020-25695,CVE-2020-25696

Description:

This update for postgresql12 fixes the following issues:

Upgrade to version 12.5: * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. * CVE-2020-25694, bsc#1178667: a) Fix usage of complex connection-string parameters in pg_dump, pg_restore, clusterdb, reindexdb, and vacuumdb. b) When psql's \connect command re-uses connection parameters, ensure that all non-overridden parameters from a previous connection string are re-used. * CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from modifying specially-treated variables. * Fix recently-added timetz test case so it works when the USA is not observing daylight savings time. * https://www.postgresql.org/about/news/2111/ * https://www.postgresql.org/docs/12/release-12-5.html

Stop building the mini and lib packages as they are now coming from postgresql13.

Advisory ID	SUSE-RU-2020:3470-1
Released	Fri Nov 20 17:42:57 2020
Summary	Recommended update for monitoring-plugins
Type	recommended
Severity	moderate
References	1175828

Description:

This update for monitoring-plugins fixes the following issues:

Fixed a bug for hosts, that ran out of swap memory and reported 'ok' when running monitoring-plugins with '-n ok'. (bsc#1175828)

Advisory ID	SUSE-OU-2020:3471-1
Released	Fri Nov 20 17:43:45 2020
Summary	Optional update for brp-check-suse
Type	optional
Severity	low
References	1074711

Description:

This update for brp-check-suse doesn't fix any runtime specific errors, but improves the packaging related build procedure (bsc#1074711)

Advisory ID	SUSE-SU-2020:3478-1
Released	Mon Nov 23 09:33:17 2020
Summary	Security update for c-ares
Type	security
Severity	moderate
References	1178882,CVE-2020-8277

Description:

This update for c-ares fixes the following issues:

Version update to 1.17.0 * CVE-2020-8277: Fixed a Denial of Service through DNS request (bsc#1178882) * For further details see https://c-ares.haxx.se/changelog.html

Advisory ID	SUSE-SU-2020:3480-1
Released	Mon Nov 23 10:34:36 2020
Summary	Security update for dash
Type	security
Severity	moderate
References	1178978

Description:

This update for dash fixes the following issues:

Fixed an issue where code was executed even if noexec ('-n') was specified (bsc#1178978).

Advisory ID	SUSE-OU-2020:3481-1
Released	Mon Nov 23 11:17:09 2020
Summary	Optional update for vim
Type	optional
Severity	low
References	1166602,1173256,1174564,1176549

Description:

This update for vim doesn't fix any user visible issues and it is optional to install.

Introduce vim-small package with reduced requirements for small installations (bsc#1166602).
Stop owning /etc/vimrc so the old, distro provided config actually gets removed.
Own some dirs in vim-data-common so installation of vim-small doesn't leave not owned directories. (bsc#1173256)
Add vi as slave to update-alternatives so that every package has a matching 'vi' symlink. (bsc#1174564, bsc#1176549)

Advisory ID	SUSE-OU-2020:3495-1
Released	Tue Nov 24 06:22:06 2020
Summary	Optional update for ec2-instance-connect
Type	optional
Severity	low
References	1131916,1152806

Description:

This patch ships the package ec2-instance-connect for the first time. It enables support for the AWS EC2 instance connect.

Advisory ID	SUSE-SU-2020:3500-1
Released	Tue Nov 24 13:49:59 2020
Summary	Security update for mariadb
Type	security
Severity	moderate
References	1175596,1177472,1178428,CVE-2020-14765,CVE-2020-14776,CVE-2020-14789,CVE-2020-14812,CVE-2020-15180

Description:

This update for mariadb and mariadb-connector-c fixes the following issues:

Update mariadb to 10.2.36 GA [bsc#1177472, bsc#1178428] fixing for the following security vulnerabilities: CVE-2020-14812, CVE-2020-14765, CVE-2020-14776, CVE-2020-14789 CVE-2020-15180

Update mariadb-connector-c to 3.1.11 [bsc#1177472 and bsc#1178428]

Advisory ID	SUSE-RU-2020:3525-1
Released	Wed Nov 25 17:00:31 2020
Summary	Recommended update for ucode-intel
Type	recommended
Severity	important
References	1178971

Description:

This update for ucode-intel fixes the following issues:

Updated Intel CPU Microcode to 20201118 official release. (bsc#1178971)

- Removed TGL/06-8c-01/80 due to functional issues with some OEM platforms.

Advisory ID	SUSE-RU-2020:3535-1
Released	Thu Nov 26 15:14:08 2020
Summary	Recommended update for python-kiwi
Type	recommended
Severity	moderate
References	1170863,1175729,1176129,1176134,1176977

Description:

This update for python-kiwi fixes the following issues:
Update from version 9.21.7 to version 9.21.23

Do not exclude filesystem folders in OCI images. (bsc#1176129) This commit does not exclude filesystem folders during the rsync call in OCI images. It has been noted that including an empty /dev folder does not hurt and it can eventually help to work around some limitations of container related tools such as buildah.
Fix/Refactor s390 support (bsc#1170863, bsc#1176977, bsc#1170863,bsc#1175729, bsc#1176134)

- On s390 the boot process is based on zipl which boots into an initrd from which a userspace grub process is started to support the grub capabilities. The implementation of this concept is provided via the grub2-s390x-emu package. Once installed the setup of the bootloader is done via the grub2-mkconfig and grub2-install commands and therefore from a caller perspective the same as with any other grub2 setup process. For kiwi this means no extra zipl bootloader target code is needed. Therefore this commit deletes the zipl setup from kiwi and puts on the standard grub2 process. - To support different targettypes the grub2-s390x-emu provided zipl template must be adapted. Parts of the former zipl bootloader setup therefore now applies to an update of the zipl2grub template file - Support for CDL/LDL DASD targets has been disabled in the schema When testing 4k devices and a respective zipl2grub template setup for CDL/LDL targettype it has turned out that grub2-install is not able to run on such a device. My assumption is that the device code in grub2-install does not work for 4k devices with an fdasd created partition table. As this needs further investigations and most probably adaptions on the grub toolchain for s390, we disabled the setup of these modes for now. emulated DASD (FBA) and SCSI targets stays supported. - Fix compat link for rpmdb location Fix the symlink creation for `/var/lib/rpm`. More specific or derived container images in which the base root tree already included the `/var/lib/rpm` the link, the `ln` command was creating a symlink inside the `/var/lib/rpm` folder given that it was following the already existing symlink. Adding the `--no-target-directory` force `ln` command to treat `/var/lib/rpm` path as the fully qualified symlink name. - Fixed s390/sle15 Virtual disk integration test The integration test used FBA mode as target. As the target is expected to be KVM this is the wrong setting. SCSI should be used instead. - Support dynamic linux/linuxefi in any case Instead of restricting the dynamic linux vs. linuxefi setup to a specific grub version, support this setup for any version of grub.

Advisory ID	SUSE-RU-2020:3547-1
Released	Fri Nov 27 11:21:56 2020
Summary	Recommended update for xrdp
Type	recommended
Severity	moderate
References

Description:

This update for xrdp fixes the following issues:

Introduce more buffer protection fixes (jsc#SLE-11518): - Address memory allocation overflow security issues - Remove unnecessary g_malloc() call - Add checks to prevent buffer overruns during data chunk re-assembly

Advisory ID	SUSE-SU-2020:3551-1
Released	Fri Nov 27 14:54:37 2020
Summary	Security update for libssh2_org
Type	security
Severity	moderate
References	1130103,1178083,CVE-2019-17498,CVE-2019-3855,CVE-2019-3856,CVE-2019-3857,CVE-2019-3858,CVE-2019-3859,CVE-2019-3860,CVE-2019-3861,CVE-2019-3862,CVE-2019-3863

Description:

This update for libssh2_org fixes the following issues:

Version update to 1.9.0: [bsc#1178083, jsc#SLE-16922] Enhancements and bugfixes: * adds ECDSA keys and host key support when using OpenSSL * adds ED25519 key and host key support when using OpenSSL 1.1.1 * adds OpenSSH style key file reading * adds AES CTR mode support when using WinCNG * adds PEM passphrase protected file support for Libgcrypt and WinCNG * adds SHA256 hostkey fingerprint * adds libssh2_agent_get_identity_path() and libssh2_agent_set_identity_path() * adds explicit zeroing of sensitive data in memory * adds additional bounds checks to network buffer reads * adds the ability to use the server default permissions when creating sftp directories * adds support for building with OpenSSL no engine flag * adds support for building with LibreSSL * increased sftp packet size to 256k * fixed oversized packet handling in sftp * fixed building with OpenSSL 1.1 * fixed a possible crash if sftp stat gets an unexpected response * fixed incorrect parsing of the KEX preference string value * fixed conditional RSA and AES-CTR support * fixed a small memory leak during the key exchange process * fixed a possible memory leak of the ssh banner string * fixed various small memory leaks in the backends * fixed possible out of bounds read when parsing public keys from the server * fixed possible out of bounds read when parsing invalid PEM files * no longer null terminates the scp remote exec command * now handle errors when diffie hellman key pair generation fails * improved building instructions * improved unit tests

Version update to 1.8.2: [bsc#1130103] Bug fixes: * Fixed the misapplied userauth patch that broke 1.8.1 * moved the MAX size declarations from the public header

Advisory ID	SUSE-OU-2020:3561-1
Released	Mon Nov 30 13:18:20 2020
Summary	Optional update for kubernetes1.18
Type	optional
Severity	low
References

Description:

This patch provides the Kubernetes client at version 1.18.10.

Advisory ID	SUSE-SU-2020:3568-1
Released	Mon Nov 30 16:58:38 2020
Summary	Security update for mutt
Type	security
Severity	important
References	1179035,1179113,CVE-2020-28896

Description:

This update for mutt fixes the following issues:

CVE-2020-28896: incomplete connection termination could lead to sending credentials over unencrypted connections (bsc#1179035)
Avoid that message with a million tiny parts can freeze MUA for several minutes (bsc#1179113)

Advisory ID	SUSE-RU-2020:3576-1
Released	Tue Dec 1 09:34:12 2020
Summary	Recommended update for lifecycle-data-sle-module-live-patching
Type	recommended
Severity	moderate
References	1020320

Description:

This update for lifecycle-data-sle-module-live-patching fixes the following issues:

Added data for the live patches 4_12_14-197_61, 4_12_14-197_64, 4_12_14-197_67, 5_3_18-24_24, 5_3_18-24_29, 5_3_18-24_34, 5_3_18-24_37. (bsc#1020320)

Advisory ID	SUSE-RU-2020:3578-1
Released	Tue Dec 1 10:33:36 2020
Summary	Recommended update for bcache-tools
Type	recommended
Severity	moderate
References	1178725

Description:

This update for bcache-tools fixes the following issues:

Install *bcache-status*. (jsc#SLE-9807, bsc#1178725)
Add *_sbindir/bcache-status* for the new added *bcache-status* python script. (jsc#SLE-9807, bsc#1178725)

Advisory ID	SUSE-SU-2020:3588-1
Released	Tue Dec 1 16:31:58 2020
Summary	Security update for xorg-x11-server
Type	security
Severity	important
References	1174908,1177596,CVE-2020-14360,CVE-2020-25712

Description:

This update for xorg-x11-server fixes the following issues:

CVE-2020-25712: Fixed a heap-based buffer overflow which could have led to privilege escalation (bsc#1177596).
CVE-2020-14360: Fixed an out of bounds memory accesses on too short request which could lead to denial of service (bsc#1174908).

Advisory ID	SUSE-RU-2020:3590-1
Released	Tue Dec 1 18:09:24 2020
Summary	Recommended update for hawk2
Type	recommended
Severity	moderate
References	1163381

Description:

This update for hawk2 fixes the following issues:

Update from version 2.1.2+git.1594886920.d00b94aa to version 2.2.0+git.1603969748.10468582: - Fix server error after authentication if a resource has the same name as a node (bsc#1163381) - Allow also users in haclient to view history explorer (jsc#SLE-7358)

Advisory ID	SUSE-SU-2020:3591-1
Released	Wed Dec 2 09:58:31 2020
Summary	Security update for java-1_8_0-openjdk
Type	security
Severity	important
References	1179441

Description:

This update for java-1_8_0-openjdk fixes the following issues:

Update to version jdk8u275 (icedtea 3.17.1) * JDK-8214440, bsc#1179441: Fix StartTLS functionality that was broken in openjdk272. (bsc#1179441) * JDK-8223940: Private key not supported by chosen signature algorithm * JDK-8236512: PKCS11 Connection closed after Cipher.doFinal and NoPadding * JDK-8250861: Crash in MinINode::Ideal(PhaseGVN*, bool) * PR3815: Fix new s390 size_t issue in g1ConcurrentMarkObjArrayProcessor.cpp

Advisory ID	SUSE-SU-2020:3592-1
Released	Wed Dec 2 10:31:34 2020
Summary	Security update for python-cryptography
Type	security
Severity	moderate
References	1178168,CVE-2020-25659

Description:

This update for python-cryptography fixes the following issues:

CVE-2020-25659: Attempted to mitigate Bleichenbacher attacks on RSA decryption (bsc#1178168).

Advisory ID	SUSE-RU-2020:3603-1
Released	Wed Dec 2 15:11:46 2020
Summary	Recommended update for lifecycle-data-sle-module-development-tools
Type	recommended
Severity	moderate
References

Description:

This update for lifecycle-data-sle-module-development-tools fixes the following issues:

Added expiration data for the GCC 9 yearly update for the Toolchain/Development modules. (jsc#ECO-2373, jsc#SLE-10950, jsc#SLE-10951)

Advisory ID	SUSE-RU-2020:3608-1
Released	Wed Dec 2 18:16:12 2020
Summary	Recommended update for cloud-init
Type	recommended
Severity	important
References	1177526,1179150,1179151

Description:

This update for cloud-init contains the following fixes:

Add cloud-init-azure-def-usr-pass.patch (bsc#1179150, bsc#1179151) + Properly set the password for the default user in all circumstances

Patch the full package version into the cloud-init version file

Update cloud-init-write-routes.patch (bsc#1177526) + Fix missing default route when dual stack network setup is used. Once a default route was configured for Ipv6 or IPv4 the default route configuration for the othre protocol was skipped.

Advisory ID	SUSE-SU-2020:3613-1
Released	Thu Dec 3 09:34:21 2020
Summary	Security update for rpmlint
Type	security
Severity	moderate
References	1169614

Description:

This update for rpmlint fixes the following issues:

Whitelist PAM modules and DBUS rules for cockpit (bsc#1169614)

Advisory ID	SUSE-RU-2020:3616-1
Released	Thu Dec 3 10:56:12 2020
Summary	Recommended update for c-ares
Type	recommended
Severity	moderate
References	1178882

Description:

Fixed incomplete c-ares-devel dependencies introduced by the privous update (bsc#1178882).

Advisory ID	SUSE-RU-2020:3620-1
Released	Thu Dec 3 17:03:55 2020
Summary	Recommended update for pam
Type	recommended
Severity	moderate
References

Description:

This update for pam fixes the following issues:

Check if the password is part of the username. (jsc#SLE-16719, jsc#SLE-16720) - Check whether the password contains a substring of of the user's name of at least `` characters length in some form. This is enabled by the new parameter `usersubstr=`

Advisory ID	SUSE-RU-2020:3633-1
Released	Mon Dec 7 11:51:47 2020
Summary	Recommended update for mutt
Type	recommended
Severity	important
References	1179461

Description:

This update for mutt fixes the following issue:

Find and display the content of messages properly. (bsc#1179461)

Advisory ID	SUSE-RU-2020:3640-1
Released	Mon Dec 7 13:24:41 2020
Summary	Recommended update for binutils
Type	recommended
Severity	important
References	1179036,1179341

Description:

This update for binutils fixes the following issues:
Update binutils 2.35 branch to commit 1c5243df:

Fixes PR26520, aka [bsc#1179036], a problem in addr2line with certain DWARF variable descriptions.
Also fixes PR26711, PR26656, PR26655, PR26929, PR26808, PR25878, PR26740, PR26778, PR26763, PR26685, PR26699, PR26902, PR26869, PR26711
The above includes fixes for dwo files produced by modern dwp, fixing several problems in the DWARF reader.

Update binutils to 2.35.1 and rebased branch diff:

This is a point release over the previous 2.35 version, containing bug fixes, and as an exception to the usual rule, one new feature. The new feature is the support for a new directive in the assembler: '.nop'. This directive creates a single no-op instruction in whatever encoding is correct for the target architecture. Unlike the .space or .fill this is a real instruction, and it does affect the generation of DWARF line number tables, should they be enabled. This fixes an incompatibility introduced in the latest update that broke the install scripts of the Oracle server. [bsc#1179341]

Advisory ID	SUSE-RU-2020:3703-1
Released	Mon Dec 7 20:17:32 2020
Summary	Recommended update for aaa_base
Type	recommended
Severity	moderate
References	1179431

Description:

This update for aaa_base fixes the following issue:

Avoid semicolon within (t)csh login script on S/390. (bsc#1179431)

Advisory ID	SUSE-RU-2020:3708-1
Released	Tue Dec 8 10:22:36 2020
Summary	Recommended update for python-shaptools, salt-shaptools
Type	recommended
Severity	moderate
References

Description:

This update for python-shaptools, salt-shaptools fixes the following issues:
python-shaptools:
Update from version 0.3.10+git.1600699158.46fca28 to version 0.3.11+git.1605798399.b036435

Retrieve the currently installed ENSA version for Netweaver (only for ASCS and ERS instances). (jsc#SLE-4047)

salt-shaptools:
Update from version 0.3.10+git.1600699854.f5950bc to version 0.3.11+git.1605797958.ae2f08a

Improve extract_pydbapi to check recursively in subfolders (jsc#SLE-4047)
Implement a new state to set the ENSA version grains data

Advisory ID	SUSE-RU-2020:3731-1
Released	Wed Dec 9 15:52:32 2020
Summary	Recommended update for realmd
Type	recommended
Severity	moderate
References	1175617

Description:

This update for realmd fixes the following issues:

Fix the `Name Service Switch` (`nsswitch`) handling when joining and leaving a domain. (bsc#1175617)

Advisory ID	SUSE-SU-2020:3737-1
Released	Wed Dec 9 18:21:04 2020
Summary	Security update for python-pip, python-scripttest
Type	security
Severity	moderate
References	1175297,1176262,CVE-2019-20916

Description:

This update for python-pip, python-scripttest fixes the following issues:

Update in SLE-15 (bsc#1175297, jsc#ECO-3035, jsc#PM-2318)

python-pip was updated to 20.0.2:

Fix a regression in generation of compatibility tags
Rename an internal module, to avoid ImportErrors due to improper uninstallation
Switch to a dedicated CLI tool for vendoring dependencies.
Remove wheel tag calculation from pip and use packaging.tags. This should provide more tags ordered better than in prior releases.
Deprecate setup.py-based builds that do not generate an .egg-info directory.
The pip>=20 wheel cache is not retro-compatible with previous versions. Until pip 21.0, pip will continue to take advantage of existing legacy cache entries.
Deprecate undocumented --skip-requirements-regex option.
Deprecate passing install-location-related options via --install-option.
Use literal 'abi3' for wheel tag on CPython 3.x, to align with PEP 384 which only defines it for this platform.
Remove interpreter-specific major version tag e.g. cp3-none-any from consideration. This behavior was not documented strictly, and this tag in particular is not useful. Anyone with a use case can create an issue with pypa/packaging.
Wheel processing no longer permits wheels containing more than one top-level .dist-info directory.
Support for the git+git@ form of VCS requirement is being deprecated and will be removed in pip 21.0. Switch to git+https:// or git+ssh://. git+git:// also works but its use is discouraged as it is insecure.
Default to doing a user install (as if --user was passed) when the main site-packages directory is not writeable and user site-packages are enabled.
Warn if a path in PATH starts with tilde during pip install.
Cache wheels built from Git requirements that are considered immutable, because they point to a commit hash.
Add option --no-python-version-warning to silence warnings related to deprecation of Python versions.
Cache wheels that pip wheel built locally, matching what pip install does. This particularly helps performance in workflows where pip wheel is used for building before installing. Users desiring the original behavior can use pip wheel --no-cache-dir
Display CA information in pip debug.
Show only the filename (instead of full URL), when downloading from PyPI.
Suggest a more robust command to upgrade pip itself to avoid confusion when the current pip command is not available as pip.
Define all old pip console script entrypoints to prevent import issues in stale wrapper scripts.
The build step of pip wheel now builds all wheels to a cache first, then copies them to the wheel directory all at once. Before, it built them to a temporary directory and moved them to the wheel directory one by one.
Expand ~ prefix to user directory in path options, configs, and environment variables. Values that may be either URL or path are not currently supported, to avoid ambiguity:

--find-links --constraint, -c --requirement, -r --editable, -e

Correctly handle system site-packages, in virtual environments created with venv (PEP 405).
Fix case sensitive comparison of pip freeze when used with -r option.
Enforce PEP 508 requirement format in pyproject.toml build-system.requires.
Make ensure_dir() also ignore ENOTEMPTY as seen on Windows.
Fix building packages which specify backend-path in pyproject.toml.
Do not attempt to run setup.py clean after a pep517 build error, since a setup.py may not exist in that case.
Fix passwords being visible in the index-url in 'Downloading ' message.
Change method from shutil.remove to shutil.rmtree in noxfile.py.
Skip running tests which require subversion, when svn isn't installed
Fix not sending client certificates when using --trusted-host.
Make sure pip wheel never outputs pure python wheels with a python implementation tag. Better fix/workaround for #3025 by using a per-implementation wheel cache instead of caching pure python wheels with an implementation tag in their name.
Include subdirectory URL fragments in cache keys.
Fix typo in warning message when any of --build-option, --global-option and --install-option is used in requirements.txt
Fix the logging of cached HTTP response shown as downloading.
Effectively disable the wheel cache when it is not writable, as is the case with the http cache.
Correctly handle relative cache directory provided via --cache-dir.

Advisory ID	SUSE-RU-2020:3744-1
Released	Thu Dec 10 11:32:41 2020
Summary	Recommended update for enigmail
Type	recommended
Severity	moderate
References	1179505

Description:

This update for enigmail fixes the following issues:
Update from version 2.1.5 to version 2.2.4

Enigmail version 2.2.x is a specially modified version, which only works with Thunderbird 78 and later version. Enigmail 2.2.x doesn't provide the traditional functionality, rather it exists to help you migrate your keys and settings to Thunderbird 78.

Fixes included from version 2.1.5 to 2.1.8:

'Encrypt to key' action destroys PGP/MIME signature.
Filter fails silently on Enigmail's 'Encrypt to key' action.
Disable autocrypt header on custom sender address.
`VKS` keyserver with custom port cannot be accessed.
Thunderbird dies immediately when sending a signed empty-bodied mail.
Decrypted mail has empty `Content-Type` in the `MIME` part.
Improper `Content-Type` setting for keyserver upload.
Display information about Thunderbird 78.
Minor rendering problem with `Deep Dark` theme.
Setup Wizard gets Stuck if Keys in GnuPG available.
Cannot confirm publish GnuPG key on `WKS` server.
Automatic Key Refresh doesn't work with `keys.openpgp.org`.
Per-recipients rule `set enigmail rules for` field unable to edit.
File names of attachments are not encrypted.

Advisory ID	SUSE-SU-2020:3749-1
Released	Thu Dec 10 14:39:28 2020
Summary	Security update for gcc7
Type	security
Severity	moderate
References	1150164,1161913,1167939,1172798,1178577,1178614,1178624,1178675,CVE-2020-13844

Description:

This update for gcc7 fixes the following issues:

CVE-2020-13844: Added mitigation for aarch64 Straight Line Speculation issue (bsc#1172798)
Enable fortran for the nvptx offload compiler.
Update README.First-for.SuSE.packagers
avoid assembler errors with AVX512 gather and scatter instructions when using -masm=intel.
Backport the aarch64 -moutline-atomics feature and accumulated fixes but not its default enabling. [jsc#SLE-12209, bsc#1167939]
Fixed 32bit libgnat.so link. [bsc#1178675]
Fixed memcpy miscompilation on aarch64. [bsc#1178624, bsc#1178577]
Fixed debug line info for try/catch. [bsc#1178614]
Remove -mbranch-protection=standard (aarch64 flag) when gcc7 is used to build gcc7 (ie when ada is enabled)
Fixed corruption of pass private ->aux via DF. [gcc#94148]
Fixed debug information issue with inlined functions and passed by reference arguments. [gcc#93888]
Fixed binutils release date detection issue.
Fixed register allocation issue with exception handling code on s390x. [bsc#1161913]
Fixed miscompilation of some atomic code on aarch64. [bsc#1150164]

Advisory ID	SUSE-SU-2020:3762-1
Released	Fri Dec 11 14:12:48 2020
Summary	Security update for openssl-1_0_0
Type	security
Severity	important
References	1155346,1176029,1177479,1177575,1177673,1177793,1179491,CVE-2020-1971

Description:

This update for openssl-1_0_0 fixes the following issues:

CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491).
Initialized dh->nid to NID_undef in DH_new_method() (bsc#1177673).
Fixed a test failure in apache_ssl in fips mode (bsc#1177793).
Renamed BN_get_rfc3526_prime_* functions back to get_rfc3526_prime_* (bsc#1177575).
Restored private key check in EC_KEY_check_key (bsc#1177479).
Added shared secret KAT to FIPS DH selftest (bsc#1176029).
Included ECDH/DH Requirements from SP800-56Arev3 (bsc#1176029).
Used SHA-2 in the RSA pairwise consistency check (bsc#1155346)

Advisory ID	SUSE-RU-2020:3772-1
Released	Mon Dec 14 11:11:29 2020
Summary	Recommended update for hamcrest
Type	recommended
Severity	moderate
References	1174544

Description:

This update for hamcrest fixes the following issue:

Add obsoletes in the core API to solve conflicts during updates. (bsc#1174544)

Advisory ID	SUSE-RU-2020:3773-1
Released	Mon Dec 14 11:12:18 2020
Summary	Recommended update for cdrtools and schily-libs
Type	recommended
Severity	moderate
References	1178692

Description:

This update for cdrtools and schily-libs fixes the following issues:
cdrtools:

Initialize memory that created the partition table instead of writing random bytes to it. (bsc#1178692)

schily-libs:

Initialize memory that created the partition table instead of writing random bytes to it. (bsc#1178692)

Advisory ID	SUSE-SU-2020:3790-1
Released	Mon Dec 14 15:01:22 2020
Summary	Security update for clamav
Type	security
Severity	moderate
References	1104457,1118459,1130721,1144504,1149458,1157763,CVE-2019-12625,CVE-2019-12900,CVE-2019-15961,CVE-2019-1785,CVE-2019-1786,CVE-2019-1787,CVE-2019-1788,CVE-2019-1789,CVE-2019-1798,CVE-2020-3123,CVE-2020-3327,CVE-2020-3341,CVE-2020-3350,CVE-2020-3481

Description:

This update for clamav fixes the following issues:
clamav was updated to the new major release 0.103.0. (jsc#ECO-3010,bsc#1118459)
Note that libclamav was changed incompatible, if you have a 3rd party application that uses libclamav, it needs to be rebuilt.
Update to 0.103.0

clamd can now reload the signature database without blocking scanning. This multi-threaded database reload improvement was made possible thanks to a community effort.

- Non-blocking database reloads are now the default behavior. Some systems that are more constrained on RAM may need to disable non-blocking reloads as it will temporarily consume two times as much memory. We added a new clamd config option ConcurrentDatabaseReload, which may be set to no.
* Fix clamav-milter.service (requires clamd.service to run)
Update to 0.102.4
* CVE-2020-3350: Fix a vulnerability wherein a malicious user could replace a scan target's directory with a symlink to another path to trick clamscan, clamdscan, or clamonacc into removing or moving a different file (eg. a critical system file). The issue would affect users that use the --move or --remove options for clamscan, clamdscan, and clamonacc. * CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing module in ClamAV 0.102.3 that could cause a Denial-of-Service (DoS) condition. Improper bounds checking results in an out-of-bounds read which could cause a crash. The previous fix for this CVE in 0.102.3 was incomplete. This fix correctly resolves the issue. * CVE-2020-3481: Fix a vulnerability in the EGG archive module in ClamAV 0.102.0 - 0.102.3 could cause a Denial-of-Service (DoS) condition. Improper error handling may result in a crash due to a NULL pointer dereference. This vulnerability is mitigated for those using the official ClamAV signature databases because the file type signatures in daily.cvd will not enable the EGG archive parser in versions affected by the vulnerability.
Update to 0.102.3
* CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing module in ClamAV 0.102.2 that could cause a Denial-of-Service (DoS) condition. Improper bounds checking of an unsigned variable results in an out-of-bounds read which causes a crash. * CVE-2020-3341: Fix a vulnerability in the PDF parsing module in ClamAV 0.101 - 0.102.2 that could cause a Denial-of-Service (DoS) condition. Improper size checking of a buffer used to initialize AES decryption routines results in an out-of-bounds read which may cause a crash. * Fix 'Attempt to allocate 0 bytes' error when parsing some PDF documents. * Fix a couple of minor memory leaks. * Updated libclamunrar to UnRAR 5.9.2.
Update to 0.102.2:
* CVE-2020-3123: A denial-of-service (DoS) condition may occur when using the optional credit card data-loss-prevention (DLP) feature. Improper bounds checking of an unsigned variable resulted in an out-of-bounds read, which causes a crash. * Significantly improved the scan speed of PDF files on Windows. * Re-applied a fix to alleviate file access issues when scanning RAR files in downstream projects that use libclamav where the scanning engine is operating in a low-privilege process. This bug was originally fixed in 0.101.2 and the fix was mistakenly omitted from 0.102.0. * Fixed an issue where freshclam failed to update if the database version downloaded is one version older than advertised. This situation may occur after a new database version is published. The issue affected users downloading the whole CVD database file. * Changed the default freshclam ReceiveTimeout setting to 0 (infinite). The ReceiveTimeout had caused needless database update failures for users with slower internet connections. * Correctly display the number of kilobytes (KiB) in progress bar and reduced the size of the progress bar to accommodate 80-character width terminals. * Fixed an issue where running freshclam manually causes a daemonized freshclam process to fail when it updates because the manual instance deletes the temporary download directory. The freshclam temporary files will now download to a unique directory created at the time of an update instead of using a hardcoded directory created/destroyed at the program start/exit. * Fix for freshclam's OnOutdatedExecute config option. * Fixes a memory leak in the error condition handling for the email parser. * Improved bound checking and error handling in ARJ archive parser. * Improved error handling in PDF parser. * Fix for memory leak in byte-compare signature handler.

The freshclam.service should not be started before the network is online (it checks for updates immediately upon service start)

Update to 0.102.1:
* CVE-2019-15961, bsc#1157763: A Denial-of-Service (DoS) vulnerability may occur when scanning a specially crafted email file as a result of excessively long scan times. The issue is resolved by implementing several maximums in parsing MIME messages and by optimizing use of memory allocation. * Build system fixes to build clamav-milter, to correctly link with libxml2 when detected, and to correctly detect fanotify for on-access scanning feature support. * Signature load time is significantly reduced by changing to a more efficient algorithm for loading signature patterns and allocating the AC trie. Patch courtesy of Alberto Wu. * Introduced a new configure option to statically link libjson-c with libclamav. Static linking with libjson is highly recommended to prevent crashes in applications that use libclamav alongside another JSON parsing library. * Null-dereference fix in email parser when using the --gen-json metadata option. * Fixes for Authenticode parsing and certificate signature (.crb database) bugs.
Update to 0.102.0:
* The On-Access Scanning feature has been migrated out of clamd and into a brand new utility named clamonacc. This utility is similar to clamdscan and clamav-milter in that it acts as a client to clamd. This separation from clamd means that clamd no longer needs to run with root privileges while scanning potentially malicious files. Instead, clamd may drop privileges to run under an account that does not have super-user. In addition to improving the security posture of running clamd with On-Access enabled, this update fixed a few outstanding defects: - On-Access scanning for created and moved files (Extra-Scanning) is fixed. - VirusEvent for On-Access scans is fixed. - With clamonacc, it is now possible to copy, move, or remove a file if the scan triggered an alert, just like with clamdscan. * The freshclam database update utility has undergone a significant update. This includes: - Added support for HTTPS. - Support for database mirrors hosted on ports other than 80. - Removal of the mirror management feature (mirrors.dat). - An all new libfreshclam library API.

created new subpackage libfreshclam2

Update to 0.101.4:
* CVE-2019-12900: An out of bounds write in the NSIS bzip2 (bsc#1149458) * CVE-2019-12625: Introduce a configurable time limit to mitigate zip bomb vulnerability completely. Default is 2 minutes, configurable useing the clamscan --max-scantime and for clamd using the MaxScanTime config option (bsc#1144504)
Update to version 0.101.3:
* bsc#1144504: ZIP bomb causes extreme CPU spikes
Update to version 0.101.2 (bsc#1130721)
* CVE-2019-1787: An out-of-bounds heap read condition may occur when scanning PDF documents. The defect is a failure to correctly keep track of the number of bytes remaining in a buffer when indexing file data. * CVE-2019-1789: An out-of-bounds heap read condition may occur when scanning PE files (i.e. Windows EXE and DLL files) that have been packed using Aspack as a result of inadequate bound-checking. * CVE-2019-1788: An out-of-bounds heap write condition may occur when scanning OLE2 files such as Microsoft Office 97-2003 documents. The invalid write happens when an invalid pointer is mistakenly used to initialize a 32bit integer to zero. This is likely to crash the application. * CVE-2019-1786: An out-of-bounds heap read condition may occur when scanning malformed PDF documents as a result of improper bounds-checking. * CVE-2019-1785: A path-traversal write condition may occur as a result of improper input validation when scanning RAR archives. * CVE-2019-1798: A use-after-free condition may occur as a result of improper error handling when scanning nested RAR archives.

Advisory ID	SUSE-RU-2020:3791-1
Released	Mon Dec 14 17:39:19 2020
Summary	Recommended update for gzip
Type	recommended
Severity	moderate
References

Description:

This update for gzip fixes the following issue:

Enable `DFLTCC` (Deflate Conversion Call) compression for s390x for levels 1-6 to `CFLAGS`. (jsc#SLE-13775) Enable by adding `-DDFLTCC_LEVEL_MASK=0x7e` to `CFLAGS`.

Advisory ID	SUSE-RU-2020:3793-1
Released	Mon Dec 14 17:39:29 2020
Summary	Recommended update for sblim-sfcb
Type	recommended
Severity	moderate
References	1178415

Description:

This update for sblim-sfcb fixes the following issues:

Allow older SSL protocols to be disabled.
Add a configuration option `sslNoTLSv1_1` to optionally disable `TLSv1.1.` (bsc#1178415)

When the protocol version is disabled, the connection will fail and the error will be recorded in the logs.

Advisory ID	SUSE-OU-2020:3795-1
Released	Mon Dec 14 17:43:26 2020
Summary	Optional update for systemd-rpm-macros
Type	optional
Severity	low
References	1059627,1178481,1179020

Description:

This update for systemd-rpm-macros fixes the following issues:

Deprecate '-f'/'-n' options When used with %service_del_preun, support for these options will be dropped as DISABLE_STOP_ON_REMOVAL support will be removed on the next version of SLE (jsc#SLE-8968) When used with %service_del_postun, they should be replaced with their counterpart %service_del_postun_with_restart/%service_del_postun_without_restart
Introduced %service_del_postun_with_restart() It's the counterpart of %service_del_postun_without_restart() and replaces the '-f' option of %service_del_postun().
Does no longer apply presets when migrating from a disabled initscript (bsc#1178481)
Fix importing of %{_unitdir}

Advisory ID	SUSE-RU-2020:3619-1
Released	Tue Dec 15 13:41:16 2020
Summary	Recommended update for cloud-netconfig, google-guest-agent
Type	recommended
Severity	moderate
References	1159460,1178486,1179031,1179032

Description:

This update for cloud-netconfig, google-guest-agent fixes the following issues:
cloud-netconfig:

Update to version 1.5: + Add support for GCE (bsc#1159460, bsc#1178486, jsc#ECO-2800) + Improve default gateway determination

google-guest-agent:

Update to version 20201026.00 * remove old unused workflow files * fallback to IP for metadata * getPasswd: Check full prefix of line for username

dont_overwrite_ifcfg.patch: Do not overwrite existing ifcfg files to allow manual configuration and compatibility with cloud-netconfig. (bsc#1159460, bsc#1178486)

Update to version 20200929.00 * correct varname * don't call dhclient -x on network setup * add instance id dir override * update agent systemd service file * typo, change to noadjfile * add gaohannk to OWNERS * remove illfelder from OWNERS * Add all license files to packages

Advisory ID	SUSE-RU-2020:3812-1
Released	Tue Dec 15 15:23:59 2020
Summary	Recommended update for grafana-ha-cluster-dashboards
Type	recommended
Severity	moderate
References

Description:

This update for grafana-ha-cluster-dashboards fixes the following issue:

Update from version 1.0.3+git.1600360477.8b8f9ce to version 1.1.0+git.1605027022.a84d536 - Split the provider file to the sub-package grafana-sleha-provider

Advisory ID	SUSE-RU-2020:3840-1
Released	Wed Dec 16 10:32:03 2020
Summary	Recommended update for llvm7
Type	recommended
Severity	moderate
References	1176964,1179155

Description:

This update for llvm7 fixes the following issues:

Fix dsymutil crash on ELF file. (bsc#1176964)
Add Conflicts: clang-tools to clang7 and llvm7 packages to properly handle newer llvm versions. (bsc#1179155)

Advisory ID	SUSE-RU-2020:3856-1
Released	Wed Dec 16 17:56:03 2020
Summary	Recommended update for ucode-intel
Type	recommended
Severity	important
References	1179224

Description:

This update for ucode-intel fixes the following issues:

Reverted 3 CPU microcodes back to 20200616 release level after regression reports. (bsc#1179224)

- SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006906 | Xeon Scalable - SKX-D | M1 | 06-55-04/b7 | 02006906 | Xeon D-21xx - CLX-SP | B0 | 06-55-06/bf | 04002f01 | Xeon Scalable Gen2 - CLX-SP | B1 | 06-55-07/bf | 05002f01 | Xeon Scalable Gen2

Advisory ID	SUSE-RU-2020:3868-1
Released	Thu Dec 17 12:44:47 2020
Summary	Recommended update for perl-Test-Warnings
Type	recommended
Severity	moderate
References

Description:

This update for perl-Test-Warnings fixes the following issues:
Update from version 0.026 to version 0.030

Fix tests that can fail when there is already an installed module named `Foo::Bar::Baz`
`report_warnings` feature, for printing all of the (unexpected) warning content when `had_no_warnings()` is called
Allow for calling `warnings->import` being called after importing the 'warnings' sub
`fail_on_warning` feature, for more easily seeing where the surprising warning appeared during testing

Advisory ID	SUSE-SU-2020:3901-1
Released	Mon Dec 21 20:07:56 2020
Summary	Security update for MozillaFirefox
Type	security
Severity	critical
References	1180039,CVE-2020-16042,CVE-2020-26971,CVE-2020-26973,CVE-2020-26974,CVE-2020-26978,CVE-2020-35111,CVE-2020-35112,CVE-2020-35113

Description:

This update for MozillaFirefox fixes the following issues:

Firefox Extended Support Release 78.6.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2020-55 (bsc#1180039) * CVE-2020-16042 (bmo#1679003) Operations on a BigInt could have caused uninitialized memory to be exposed * CVE-2020-26971 (bmo#1663466) Heap buffer overflow in WebGL * CVE-2020-26973 (bmo#1680084) CSS Sanitizer performed incorrect sanitization * CVE-2020-26974 (bmo#1681022) Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free * CVE-2020-26978 (bmo#1677047) Internal network hosts could have been probed by a malicious webpage * CVE-2020-35111 (bmo#1657916) The proxy.onRequest API did not catch view-source URLs * CVE-2020-35112 (bmo#1661365) Opening an extension-less download may have inadvertently launched an executable instead * CVE-2020-35113 (bmo#1664831, bmo#1673589) Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6

Advisory ID	SUSE-SU-2020:3917-1
Released	Tue Dec 22 14:16:53 2020
Summary	Security update for groovy
Type	security
Severity	moderate
References	1179729,CVE-2020-17521

Description:

This update for groovy fixes the following issues:

groovy was updated to 2.4.21
CVE-2020-17521: Fixed an information disclosure vulnerability (bsc#1179729).

Advisory ID	SUSE-RU-2020:3920-1
Released	Tue Dec 22 15:16:47 2020
Summary	Recommended update for mutt
Type	recommended
Severity	moderate
References	1179461

Description:

This update for mutt fixes the following issues:

Add a further correction in for external bodies as well. (bsc#1179461)

Advisory ID	SUSE-SU-2020:3922-1
Released	Tue Dec 22 15:20:46 2020
Summary	Security update for jetty-minimal
Type	security
Severity	moderate
References	1179727,CVE-2020-27218

Description:

This update for jetty-minimal fixes the following issues:

jetty-minimal was upgraded to version 9.4.35.v20201120
CVE-2020-27218: Fixed an issue where buffer not correctly recycled in Gzip Request inflation (bsc#1179727).

Advisory ID	SUSE-RU-2020:3929-1
Released	Wed Dec 23 10:06:31 2020
Summary	Recommended update for lifecycle-data-sle-module-live-patching
Type	recommended
Severity	moderate
References	1020320

Description:

This update for lifecycle-data-sle-module-live-patching fixes the following issue:

Added data for 4_12_14-150_63, 4_12_14-197_72, 4_12_14-197_75, 5_3_18-24_43. (bsc#1020320)

Advisory ID	SUSE-SU-2020:3932-1
Released	Wed Dec 23 18:21:59 2020
Summary	Security update for java-1_8_0-ibm
Type	security
Severity	moderate
References	1177943,1180063,CVE-2020-14779,CVE-2020-14781,CVE-2020-14792,CVE-2020-14796,CVE-2020-14797,CVE-2020-14798,CVE-2020-14803

Description:

This update for java-1_8_0-ibm fixes the following issues:

Update to Java 8.0 Service Refresh 6 Fix Pack 20 [bsc#1180063,bsc#1177943] CVE-2020-14792 CVE-2020-14797 CVE-2020-14781 CVE-2020-14779 CVE-2020-14798 CVE-2020-14796 CVE-2020-14803 * Class libraries: - SOCKETADAPTOR$SOCKETINPUTSTREAM.READ is blocking for more time that the set timeout - Z/OS specific C function send_file is changing the file pointer position * Java Virtual Machine: - Crash on iterate java stack - Java process hang on SIGTERM * JIT Compiler: - JMS performance regression from JDK8 SR5 FP40 TO FP41

* Class Libraries: - z15 high utilization following Z/VM and Linux migration from z14 To z15 * Java Virtual Machine: - Assertion failed when trying to write a class file - Assertion failure at modronapi.cpp - Improve the performance of defining and finding classes * JIT Compiler: - An assert in ppcbinaryencoding.cpp may trigger when running with traps disabled on power - AOT field offset off by n bytes - Segmentation fault in jit module on ibm z platform

Advisory ID	SUSE-SU-2020:3933-1
Released	Thu Dec 24 12:35:40 2020
Summary	Security update for flac
Type	security
Severity	moderate
References	1180099,1180112,CVE-2020-0487,CVE-2020-0499

Description:

This update for flac fixes the following issues:

CVE-2020-0487: Fixed a memory leak (bsc#1180112).
CVE-2020-0499: Fixed an out-of-bounds access (bsc#1180099).

Advisory ID	SUSE-SU-2020:3934-1
Released	Thu Dec 24 12:37:11 2020
Summary	Security update for openexr
Type	security
Severity	moderate
References	1179879,CVE-2020-16587,CVE-2020-16588,CVE-2020-16589

Description:

This update for openexr fixes the following issues:
Security issues fixed:

CVE-2020-16587: Fixed a heap-based buffer overflow in chunkOffsetReconstruction in ImfMultiPartInputFile.cpp (bsc#1179879).
CVE-2020-16588: Fixed a null pointer deference in generatePreview (bsc#1179879).
CVE-2020-16589: Fixed a heap-based buffer overflow in writeTileData in ImfTiledOutputFile.cpp (bsc#1179879).

Advisory ID	SUSE-SU-2020:3935-1
Released	Fri Dec 25 09:26:54 2020
Summary	Security update for MozillaThunderbird
Type	security
Severity	critical
References	1179530,1180039,CVE-2020-16042,CVE-2020-26970,CVE-2020-26971,CVE-2020-26973,CVE-2020-26974,CVE-2020-26978,CVE-2020-35111,CVE-2020-35112,CVE-2020-35113

Description:

This update for MozillaThunderbird fixes the following issues:

Mozilla Thunderbird 78.6 * new: MailExtensions: Added browser.windows.openDefaultBrowser() (bmo#1664708) * changed: Thunderbird now only shows quota exceeded indications on the main window (bmo#1671748) * changed: MailExtensions: menus API enabled in messages being composed (bmo#1670832) * changed: MailExtensions: Honor allowScriptsToClose argument in windows.create API function (bmo#1675940) * changed: MailExtensions: APIs that returned an accountId will reflect the account the message belongs to, not what is stored in message headers (bmo#1644032) * fixed: Keyboard shortcut for toggling message 'read' status not shown in menus (bmo#1619248) * fixed: OpenPGP: After importing a secret key, Key Manager displayed properties of the wrong key (bmo#1667054) * fixed: OpenPGP: Inline PGP parsing improvements (bmo#1660041) * fixed: OpenPGP: Discovering keys online via Key Manager sometimes failed on Linux (bmo#1634053) * fixed: OpenPGP: Encrypted attachment 'Decrypt and Open/Save As' did not work (bmo#1663169) * fixed: OpenPGP: Importing keys failed on macOS (bmo#1680757) * fixed: OpenPGP: Verification of clear signed UTF-8 text failed (bmo#1679756) * fixed: Address book: Some columns incorrectly displayed no data (bmo#1631201) * fixed: Address book: The address book view did not update after changing the name format in the menu (bmo#1678555) * fixed: Calendar: Could not import an ICS file into a CalDAV calendar (bmo#1652984) * fixed: Calendar: Two 'Home' calendars were visible on a new profile (bmo#1656782) * fixed: Calendar: Dark theme was incomplete on Linux (bmo#1655543) * fixed: Dark theme did not apply to new mail notification popups (bmo#1681083) * fixed: Folder icon, message list, and contact side bar visual improvements (bmo#1679436) * fixed: MailExtensions: HTTP refresh in browser content tabs did not work (bmo#1667774) * fixed: MailExtensions: messageDisplayScripts failed to run in main window (bmo#1674932) * fixed: Various security fixes MFSA 2020-56 (bsc#1180039) * CVE-2020-16042 (bmo#1679003) Operations on a BigInt could have caused uninitialized memory to be exposed * CVE-2020-26971 (bmo#1663466) Heap buffer overflow in WebGL * CVE-2020-26973 (bmo#1680084) CSS Sanitizer performed incorrect sanitization * CVE-2020-26974 (bmo#1681022) Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free * CVE-2020-26978 (bmo#1677047) Internal network hosts could have been probed by a malicious webpage * CVE-2020-35111 (bmo#1657916) The proxy.onRequest API did not catch view-source URLs * CVE-2020-35112 (bmo#1661365) Opening an extension-less download may have inadvertently launched an executable instead * CVE-2020-35113 (bmo#1664831, bmo#1673589) Memory safety bugs fixed in Thunderbird 78.6

Mozilla Thunderbird 78.5.1

new: OpenPGP: Added option to disable email subject encryption (bmo#1666073)
changed: OpenPGP public key import now supports multi-file selection and bulk accepting imported keys (bmo#1665145)
changed: MailExtensions: getComposeDetails will wait for 'compose-editor-ready' event (bmo#1675012)
fixed: New mail icon was not removed from the system tray at shutdown (bmo#1664586)
fixed: 'Place replies in the folder of the message being replied to' did not work when using 'Reply to List' (bmo#522450)
fixed: Thunderbird did not honor the 'Run search on server' option when searching messages (bmo#546925)
fixed: Highlight color for folders with unread messages wasn't visible in dark theme (bmo#1676697)
fixed: OpenPGP: Key were missing from Key Manager (bmo#1674521)
fixed: OpenPGP: Option to import keys from clipboard always disabled (bmo#1676842)
fixed: The 'Link' button on the large attachments info bar failed to open up Filelink section in Options if the user had not yet configured Filelink (bmo#1677647)
fixed: Address book: Printing members of a mailing list resulted in incorrect output (bmo#1676859)
fixed: Unable to connect to LDAP servers configured with a self-signed SSL certificate (bmo#1659947)
fixed: Autoconfig via LDAP did not work as expected (bmo#1662433)
fixed: Calendar: Pressing Ctrl-Enter in the new event dialog would create duplicate events (bmo#1668478)
fixed: Various security fixes

MFSA 2020-53 (bsc#1179530)

CVE-2020-26970 (bmo#1677338) Stack overflow due to incorrect parsing of SMTP server response codes

Advisory ID	SUSE-RU-2020:3936-1
Released	Fri Dec 25 09:27:40 2020
Summary	Recommended update for gdb
Type	recommended
Severity	moderate
References

Description:

This update for gdb fixes the following issues:

gdb powerpc remove 512 bytes region limit if 2nd dawr is avaliable (jsc#SLE-13656)

Rebase to 10.1 release (as in fedora 33 @ 6c8ccd6).

Debuginfod support.
Multi-target debugging support.
Multithreaded symbol loading enabled by default.
New command set exec-file-mismatch.
New command tui new-layout.
Alias command can now specify default args for an alias.

Update libipt to v2.0.2.
Enable CTF support also for riscv64
Add BuildRequire babeltrace-devel. On Factory this adds bdeps babeltrace-devel, libuuid-devel, babeltrace, libglib-2_0-0, and libgmodule-2_0-0.
Fix internal error on aarch64 [swo#26316].

Rebase to 9.2 release.
Rebase to 9.1 release.

Breakpoints on nested functions and subroutines in Fortran.
Multithreaded symbol loading, disabled by default. Enable using 'maint set worker-threads unlimited'.
Multi-target debugging support.
New command pipe.
New command set logging debugredirect [on|off].
New fortran commands info modules, info module functions, info module variables.

Advisory ID	SUSE-RU-2020:3942-1
Released	Tue Dec 29 12:22:01 2020
Summary	Recommended update for libidn2
Type	recommended
Severity	moderate
References	1180138

Description:

This update for libidn2 fixes the following issues:

The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138)

Advisory ID	SUSE-RU-2021:10-1
Released	Mon Jan 4 10:01:52 2021
Summary	Recommended update for dmidecode
Type	recommended
Severity	moderate
References	1174257

Description:

This update for dmidecode fixes the following issue:

Two missing commas in the data arrays cause 'OUT OF SPEC' messages during the index resolution. (bnc#1174257)

Advisory ID	SUSE-SU-2021:28-1
Released	Tue Jan 5 15:57:44 2021
Summary	Security update for dovecot23
Type	security
Severity	important
References	1174920,1174922,1174923,1180405,1180406,CVE-2020-12100,CVE-2020-12673,CVE-2020-12674,CVE-2020-24386,CVE-2020-25275

Description:

This update for dovecot23 fixes the following issues:
Security issues fixed:

CVE-2020-12100: Fixed a resource exhaustion caused by deeply nested MIME parts (bsc#1174920).
CVE-2020-12673: Fixed an improper implementation of NTLM that did not check the message buffer size (bsc#1174922).
CVE-2020-12674: Fixed an improper implementation of the RPA mechanism (bsc#1174923).
CVE-2020-24386: Fixed an issue with IMAP hibernation that allowed users to access other users' emails (bsc#1180405).
CVE-2020-25275: Fixed a crash when the 10000th MIME part was message/rfc822 (bsc#1180406).

Non-security issues fixed:

Pigeonhole was updated to version 0.5.11.
Dovecot was updated to version 2.3.11.3.

Advisory ID	SUSE-RU-2021:35-1
Released	Wed Jan 6 12:31:37 2021
Summary	Recommended update for taglib
Type	recommended
Severity	moderate
References	1179817

Description:

This update for taglib fixes the following issues:

Fixed a possible file corruption of ogg files (bsc#1179817, gh#taglib/taglib#864):

Advisory ID	SUSE-SU-2021:41-1
Released	Thu Jan 7 11:51:31 2021
Summary	Security update for tomcat
Type	security
Severity	moderate
References	1179602,CVE-2020-17527

Description:

This update for tomcat fixes the following issue:

CVE-2020-17527: Fixed a HTTP/2 request header mix-up (bsc#1179602).

Advisory ID	SUSE-RU-2021:65-1
Released	Mon Jan 11 15:11:49 2021
Summary	Recommended update for hamcrest
Type	recommended
Severity	low
References	1120493,1179994

Description:

This update for hamcrest fixes the following issues:

Make hamcrest build reproducibly. (bsc#1120493)
Fix typo in hamcrest-core description. (bsc#1179994)

Advisory ID	SUSE-SU-2021:71-1
Released	Tue Jan 12 08:30:53 2021
Summary	Security update for MozillaFirefox
Type	security
Severity	important
References	1180623,CVE-2020-16044

Description:

This update for MozillaFirefox fixes the following issues:

Firefox Extended Support Release 78.6.1 ESR * Fixed: Critical security issue MFSA 2021-01 (bsc#1180623) * CVE-2020-16044 Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk

Advisory ID	SUSE-RU-2021:79-1
Released	Tue Jan 12 10:49:34 2021
Summary	Recommended update for gcc7
Type	recommended
Severity	moderate
References	1167939

Description:

This update for gcc7 fixes the following issues:

Amend the gcc7 aarch64 atomics for glibc namespace violation with getauxval. [bsc#1167939]

Advisory ID	SUSE-SU-2021:88-1
Released	Tue Jan 12 14:33:31 2021
Summary	Security update for hawk2
Type	security
Severity	important
References	1179998,CVE-2020-35458

Description:

This update for hawk2 fixes the following security issue:

CVE-2020-35458: Fixed an insufficient input handler that could have led to remote code execution (bsc#1179998).

Advisory ID	SUSE-RU-2021:105-1
Released	Tue Jan 12 19:50:06 2021
Summary	Recommended update for postgresql12
Type	recommended
Severity	low
References	1178961

Description:

This update for postgresql12 fixes the following issues:

Marked symlinks to pg_config and ecpg as ghost files, so that rpm doesn't complain when they are not there (bsc#1178961)

Advisory ID	SUSE-RU-2021:111-1
Released	Wed Jan 13 11:47:54 2021
Summary	Recommended update for prometheus-ha_cluster_exporter
Type	recommended
Severity	moderate
References

Description:

This update for prometheus-ha_cluster_exporter fixes the following issue:
Update to version 1.2.1

Remove Pacemaker dependency from systemd unit (jsc#TEAM-2169)

Advisory ID	SUSE-RU-2021:119-1
Released	Thu Jan 14 10:13:15 2021
Summary	Recommended update for bcache-tools
Type	recommended
Severity	moderate
References

Description:

This update for bcache-tools fixes the following issues:

Fix typo from `SUUP` to `SUPP` (jsc#SLE-9807) - change from `BCH_FEATURE_COMPAT_SUUP` to `BCH_FEATURE_COMPAT_SUPP` - change from `BCH_FEATURE_INCOMPAT_SUUP` to `BCH_FEATURE_INCOMPAT_SUPP` - change from `BCH_FEATURE_INCOMPAT_SUUP` to `BCH_FEATURE_RO_COMPAT_SUPP`

Call `set_bucket_size()` only for cache device (jsc#SLE-9807)
Add `BCH_FEATURE_INCOMPAT_LARGE_BUCKET` to `BCH_FEATURE_INCOMPAT_SUPP` (jsc#SLE-9807) - `BCH_FEATURE_INCOMPAT_LARGE_BUCKET` is a feature to support 32bits bucket size, which is incompatible feature for existing on-disk layout. This fix adds this feature bit to `BCH_FEATURE_INCOMPAT_SUPP` feature set.
Check for incompatible feature set (jsc#SLE-9807)
Introduce `BCH_FEATURE_INCOMPAT_LOG_LARGE_BUCKET_SIZE` for large bucket (jsc#SLE-9807)
Display obsoleted bucket size configuration (jsc#SLE-9807)
Recover the missing `sb.csum` for showing `bcache` device super block (jsc#SLE-9807)
Call `to_cache_sb()` only for `bcache` device in `may_add_item()` (jsc#SLE-9807)
Improve column alignment for `bcache show -m` output (jsc#SLE-9807)

Advisory ID	SUSE-SU-2021:123-1
Released	Thu Jan 14 10:28:40 2021
Summary	Security update for MozillaThunderbird
Type	security
Severity	important
References	1180623,CVE-2020-16044

Description:

This update for MozillaThunderbird fixes the following issues:

Mozilla Thunderbird 78.6.1 * changed: MailExtensions: browserAction, composeAction, and messageDisplayAction toolbar buttons now support label and default_label properties (bmo#1583478) * fixed: Running a quicksearch that returned no results did not offer to re-run as a global search (bmo#1663153) * fixed: Message search toolbar fixes (bmo#1681010) * fixed: Very long subject lines distorted the message compose and display windows, making them unusable (bmo#77806) * fixed: Compose window: Recipient addresses that had not yet been autocompleted were lost when clicking Send button (bmo#1674054) * fixed: Compose window: New message is no longer marked as 'changed' just from tabbing out of the recipient field without editing anything (bmo#1681389) * fixed: Account autodiscover fixes when using MS Exchange servers (bmo#1679759) * fixed: LDAP address book stability fix (bmo#1680914) * fixed: Messages with invalid vcard attachments were not marked as read when viewed in the preview window (bmo#1680468) * fixed: Chat: Could not add TLS certificate exceptions for XMPP connections (bmo#1590471) * fixed: Calendar: System timezone was not always properly detected (bmo#1678839) * fixed: Calendar: Descriptions were sometimes blank when editing a single occurrence of a repeating event (bmo#1664731) * fixed: Various printing bugfixes (bmo#1676166) * fixed: Visual consistency and theme improvements (bmo#1682808) MFSA 2021-02 (bsc#1180623) * CVE-2020-16044 (bmo#1683964) Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk

Advisory ID	SUSE-RU-2021:130-1
Released	Thu Jan 14 13:08:01 2021
Summary	Recommended update for aide
Type	recommended
Severity	moderate
References	1180165

Description:

This update for aide fixes the following issue:

Add a `syslog_format` to Advanced Intrusion Detection Environment (AIDE). (bsc#1180165)

Advisory ID	SUSE-RU-2021:134-1
Released	Fri Jan 15 10:30:56 2021
Summary	Recommended update for gnu-compilers-hpc
Type	recommended
Severity	important
References	1174439

Description:

This update for gnu-compilers-hpc fixes the following issues:

Add build support for gcc10 to HPC build. (bsc#1174439)
Fix version parsing for gcc10 and up.

Advisory ID	SUSE-SU-2021:175-1
Released	Wed Jan 20 09:23:50 2021
Summary	Security update for postgresql, postgresql13
Type	security
Severity	moderate
References	1178666,1178667,1178668,1178961,CVE-2020-25694,CVE-2020-25695,CVE-2020-25696

Description:

This update for postgresql, postgresql13 fixes the following issues:
This update ships postgresql13.
Upgrade to version 13.1:

CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries.
CVE-2020-25694, bsc#1178667: a) Fix usage of complex connection-string parameters in pg_dump, pg_restore, clusterdb, reindexdb, and vacuumdb. b) When psql's \connect command re-uses connection parameters, ensure that all non-overridden parameters from a previous connection string are re-used.
CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from modifying specially-treated variables.
Fix recently-added timetz test case so it works when the USA is not observing daylight savings time. (obsoletes postgresql-timetz.patch)
https://www.postgresql.org/about/news/2111/
https://www.postgresql.org/docs/13/release-13-1.html

Initial packaging of PostgreSQL 13:

https://www.postgresql.org/about/news/2077/
https://www.postgresql.org/docs/13/release-13.html

bsc#1178961: %ghost the symlinks to pg_config and ecpg.

Changes in postgresql wrapper package:

Bump major version to 13.
We also transfer PostgreSQL 9.4.26 to the new package layout in SLE12-SP2 and newer. Reflect this in the conflict with postgresql94.
Also conflict with PostgreSQL versions before 9.
Conflicting with older versions is not limited to SLE.

Advisory ID	SUSE-SU-2021:176-1
Released	Wed Jan 20 09:49:05 2021
Summary	Security update for xstream
Type	security
Severity	important
References	1180145,1180146,1180994,CVE-2020-26217,CVE-2020-26258,CVE-2020-26259

Description:

This update for xstream fixes the following issues:
xstream was updated to version 1.4.15.

CVE-2020-26217: Fixed a remote code execution due to insecure XML deserialization when relying on blocklists (bsc#1180994).
CVE-2020-26258: Fixed a server-side request forgery vulnerability (bsc#1180146).
CVE-2020-26259: Fixed an arbitrary file deletion vulnerability (bsc#1180145).

Advisory ID	SUSE-RU-2021:179-1
Released	Wed Jan 20 13:38:51 2021
Summary	Recommended update for timezone
Type	recommended
Severity	moderate
References	1177460

Description:

This update for timezone fixes the following issues:

timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug.

timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00.

timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug.

timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00.

Advisory ID	SUSE-SU-2021:183-1
Released	Thu Jan 21 11:35:36 2021
Summary	Security update for perl-Convert-ASN1
Type	security
Severity	moderate
References	1168934,CVE-2013-7488

Description:

This update for perl-Convert-ASN1 fixes the following issue:

CVE-2013-7488: Fixed an infinite loop via unexpected input (bsc#1168934).

Advisory ID	SUSE-SU-2021:186-1
Released	Thu Jan 21 14:55:16 2021
Summary	Security update for wavpack
Type	security
Severity	moderate
References	1091340,1091341,1091342,1091343,1091344,1180414,CVE-2018-10536,CVE-2018-10537,CVE-2018-10538,CVE-2018-10539,CVE-2018-10540,CVE-2018-19840,CVE-2018-19841,CVE-2018-6767,CVE-2018-7253,CVE-2018-7254,CVE-2019-1010319,CVE-2019-11498,CVE-2020-35738

Description:

This update for wavpack fixes the following issues:

Update to version 5.4.0 * CVE-2020-35738: Fixed an out-of-bounds write in WavpackPackSamples (bsc#1180414) * fixed: disable A32 asm code when building for Apple silicon * fixed: issues with Adobe-style floating-point WAV files * added: --normalize-floats option to wvunpack for correctly exporting un-normalized floating-point files
Update to version 5.3.0 * fixed: OSS-Fuzz issues 19925, 19928, 20060, 20448 * fixed: trailing garbage characters on imported ID3v2 TXXX tags * fixed: various minor undefined behavior and memory access issues * fixed: sanitize tag extraction names for length and path inclusion * improved: reformat wvunpack 'help' and split into long + short versions * added: regression testing to Travis CI for OSS-Fuzz crashers
Updated to version 5.2.0 *fixed: potential security issues including the following CVEs: CVE-2018-19840, CVE-2018-19841, CVE-2018-10536 (bsc#1091344), CVE-2018-10537 (bsc#1091343) CVE-2018-10538 (bsc#1091342), CVE-2018-10539 (bsc#1091341), CVE-2018-10540 (bsc#1091340), CVE-2018-7254, CVE-2018-7253, CVE-2018-6767, CVE-2019-11498 and CVE-2019-1010319 * added: support for CMake, Travis CI, and Google's OSS-fuzz * fixed: use correction file for encode verify (pipe input, Windows) * fixed: correct WAV header with actual length (pipe input, -i option) * fixed: thumb interworking and not needing v6 architecture (ARM asm) * added: handle more ID3v2.3 tag items and from all file types * fixed: coredump on Sparc64 (changed MD5 implementation) * fixed: handle invalid ID3v2.3 tags from sacd-ripper * fixed: several corner-case memory leaks

Advisory ID	SUSE-SU-2021:194-1
Released	Fri Jan 22 13:31:01 2021
Summary	Security update for stunnel
Type	security
Severity	moderate
References	1177580,1178533

Description:

This update for stunnel fixes the following issues:
Security issue fixed:

The 'redirect' option was fixed to properly handle 'verifyChain = yes' (bsc#1177580).

Non-security issues fixed:

Fix startup problem of the stunnel daemon (bsc#1178533)

update to 5.57: * Security bugfixes * New features - New securityLevel configuration file option. - Support for modern PostgreSQL clients - TLS 1.3 configuration updated for better compatibility. * Bugfixes - Fixed a transfer() loop bug. - Fixed memory leaks on configuration reloading errors. - DH/ECDH initialization restored for client sections. - Delay startup with systemd until network is online. - A number of testing framework fixes and improvements.

update to 5.56: - Various text files converted to Markdown format. - Support for realpath(3) implementations incompatible with POSIX.1-2008, such as 4.4BSD or Solaris. - Support for engines without PRNG seeding methods (thx to Petr Mikhalitsyn). - Retry unsuccessful port binding on configuration file reload. - Thread safety fixes in SSL_SESSION object handling. - Terminate clients on exit in the FORK threading model.

Fixup stunnel.conf handling: * Remove old static openSUSE provided stunnel.conf. * Use upstream stunnel.conf and tailor it for openSUSE using sed. * Don't show README.openSUSE when installing.

enable /etc/stunnel/conf.d
re-enable openssl.cnf

Advisory ID	SUSE-SU-2021:195-1
Released	Fri Jan 22 15:17:17 2021
Summary	Security update for mutt
Type	security
Severity	moderate
References	1181221,CVE-2021-3181

Description:

This update for mutt fixes the following issue:

CVE-2021-3181: Fixed a memory leak in recipient parsing (bsc#1181221).

Advisory ID	SUSE-SU-2021:200-1
Released	Fri Jan 22 15:39:33 2021
Summary	Security update for hawk2
Type	security
Severity	critical
References	1179998,CVE-2020-35458

Description:

This update for hawk2 fixes the following issues:
hawk2 was updated to version 2.4.0+git.1611141202.2fe6369e.
Security issue fixed:

Fixed another possible code execution vulnerability in the controller code (bsc#1179998).

Advisory ID	SUSE-RU-2021:207-1
Released	Mon Jan 25 16:16:05 2021
Summary	Recommended update for python-websockify
Type	recommended
Severity	moderate
References	1163513

Description:

This update for python-websockify fixes the following issues:

Add 'python-numpy' as requirement. (bsc#1163513)

Advisory ID	SUSE-RU-2021:220-1
Released	Tue Jan 26 14:00:51 2021
Summary	Recommended update for keyutils
Type	recommended
Severity	moderate
References	1180603

Description:

This update for keyutils fixes the following issues:

Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603)

Advisory ID	SUSE-RU-2021:228-1
Released	Tue Jan 26 23:05:38 2021
Summary	Recommended update for python-kiwi
Type	recommended
Severity	moderate
References	1179562,1180781

Description:

This update for python-kiwi fixes the following issues:

Azure generated images are not bootable. (bsc#1180781)
Fixed validation of bool value in dracut module. - The `oem-multipath-scan` setup results in a bool variable inside of the initrd code. The variable `kiwi_oemmultipath_scan` is therefore either set to `true` or `false`. This update fixes the validation to make use of the `bool()` method provided for these type of variables.
Azure `LI/VLI` Production image boot process drops to dracut rescue shell during boot randomly (bsc#1179562)
Omit multipath module by default - The plain installation of the multipath toolkit activates the dracut multipath code. The setup if the target image runs in a multipath environment or not should however be decided explicitly in the image description via `` and not implicitly by the presence of tools
Fixed multipath disk device assignment in kiwi lib - The former lookup of the multipath mapped disk device contained a race condition. If the lookup of the device mapper files happened before multipathd has finished the initialization, kiwi continues with the unix node name and fails when the device mapper keeps a busy state on it. Now, in case of an explicit request to use multipath the lookup of the mapped device becomes a mandatory process that runs until the `DEVICE_TIMEOUT` is reached. Default timeout is set to 60 sec.

Advisory ID	SUSE-RU-2021:237-1
Released	Thu Jan 28 18:22:24 2021
Summary	Recommended update for habootstrap-formula
Type	recommended
Severity	moderate
References	1177860

Description:

This update for drbd-formula, habootstrap-formula, iscsi-formula, saphanabootstrap-formula, sapnwbootstrap-formula fixes the following issues:
drbd-formula:

Version 0.4.0 - Change `salt-formulas-configuration` requirement in SLE12 codestream to a recommendation (bsc#1177860)

habootstrap-formula:

Version 0.4.0 - Change `salt-formulas-configuration` requirement in SLE12 codestream to a recommendation (bsc#1177860) - Remove lock states as this is done in `crmsh` now - Fix ssh keys management to run them once the first node is initialized - Remove `--no-overwrite-sshkey` option from the formula - `qdevice` support: it can be created when initializing a cluster when multiple nodes are joining in parallel

iscsi-formula:

Change `salt-formulas-configuration` requirement in SLE12 codestream to a recommendation (bsc#1177860)

saphanabootstrap-formula:

Version 0.7.0 - Change `salt-formulas-configuration` requirement in SLE12 codestream to a recommendation (bsc#1177860) - Start the `saptune` daemon service - Add requisite of HANA installation to subsequent salt states - Add support to extract and install HANA Client `sar` packages - Set the native fence mechanism usage for `CSP` as optional (jsc#SLE-4047) - Fix the HANA media extraction and installation logics when using `exe` archives - Update the SUSE Manager HANA form metadata, to show HANA form under SAP deployment group - Update SUSe Manager `form.yml` file and prevalidation state with latest changes in formula

sapnwbootstrap-formula:

Version 0.6.0 - Change `salt-formulas-configuration` requirement in SLE12 codestream to a recommendation (bsc#1177860) - Add requisites of `netweaver` installation to subsequent salt states - Start the `saptune` systemd service - Fix `additional_dvds` variable usage when salt uses python 2. - The variable is filtered by `tojson` option to avoid `u` prefix in lists - Set the native fence mechanism usage for `CSP` as optional - Add instance name suffix to `socat` resources - Remove meta `resource-stickness` to the `ERS` resources group - Update the db installation template to use correctly the schema names for S/4HANA - Update the default `nw_extract_dir` `SWPM` media extraction location

Advisory ID	SUSE-SU-2021:243-1
Released	Fri Jan 29 09:37:29 2021
Summary	Security update for jackson-databind
Type	security
Severity	moderate
References	1177616,1180391,1181118,CVE-2020-25649,CVE-2020-35728,CVE-2021-20190

Description:

This update for jackson-databind fixes the following issues:
jackson-databind was updated to 2.10.5.1: * #2589: `DOMDeserializer`: setExpandEntityReferences(false) may not prevent external entity expansion in all cases (CVE-2020-25649, bsc#1177616) * #2787 (partial fix): NPE after add mixin for enum * #2679: 'ObjectMapper.readValue('123', Void.TYPE)' throws 'should never occur'

Advisory ID	SUSE-SU-2021:257-1
Released	Mon Feb 1 14:46:06 2021
Summary	Security update for MozillaThunderbird
Type	security
Severity	important
References	1181414,CVE-2020-15685,CVE-2020-26976,CVE-2021-23953,CVE-2021-23954,CVE-2021-23960,CVE-2021-23964

Description:

This update for MozillaThunderbird fixes the following issues:

Mozilla Thunderbird was updated to 78.7.0 ESR (MFSA 2021-05, bsc#1181414) * CVE-2021-23953: Fixed a Cross-origin information leakage via redirected PDF requests * CVE-2021-23954: Fixed a type confusion when using logical assignment operators in JavaScript switch statements * CVE-2020-26976: Fixed an issue where HTTPS pages could have been intercepted by a registered service worker when they should not have been * CVE-2021-23960: Fixed a use-after-poison for incorrectly redeclared JavaScript variables during GC * CVE-2021-23964: Fixed Memory safety bugs * CVE-2020-15685: Fixed an IMAP Response Injection when using STARTTLS

Advisory ID	SUSE-SU-2021:259-1
Released	Mon Feb 1 14:50:33 2021
Summary	Security update for MozillaFirefox
Type	security
Severity	important
References	1181414,CVE-2020-26976,CVE-2021-23953,CVE-2021-23954,CVE-2021-23960,CVE-2021-23964

Description:

This update for MozillaFirefox fixes the following issues:

Firefox Extended Support Release 78.7.0 ESR (MFSA 2021-04, bsc#1181414) * CVE-2021-23953: Fixed a Cross-origin information leakage via redirected PDF requests * CVE-2021-23954: Fixed a type confusion when using logical assignment operators in JavaScript switch statements * CVE-2020-26976: Fixed an issue where HTTPS pages could have been intercepted by a registered service worker when they should not have been * CVE-2021-23960: Fixed a use-after-poison for incorrectly redeclared JavaScript variables during GC * CVE-2021-23964: Fixed Memory safety bugs

Advisory ID	SUSE-SU-2021:263-1
Released	Mon Feb 1 15:01:07 2021
Summary	Security update for terraform
Type	security
Severity	moderate
References	1168921,1170264,1177421,CVE-2020-14039

Description:

This update for terraform fixes the following issues:

Updated terraform to version 0.13.4 (bsc#1177421)

* Many features, bug fixes, and enhancements were made during this update. Please refer to the terraform rpm changelog, for a full list of all changes.

The following terraform providers were updated:

* terraform-provider-aws * terraform-provider-azurerm * terraform-provider-external * terraform-provider-google * terraform-provider-helm * terraform-provider-kubernetes * terraform-provider-local * terraform-provider-null * terraform-provider-random * terraform-provider-tls

Advisory ID	SUSE-RU-2021:271-1
Released	Mon Feb 1 21:04:13 2021
Summary	Recommended update for lshw
Type	recommended
Severity	moderate
References	1181411

Description:

This update for lshw fixes the following issues:

Display UUID on Power VM LPAR. (bsc#1181411, ltc#191040)

Advisory ID	SUSE-RU-2021:283-1
Released	Tue Feb 2 12:21:47 2021
Summary	Recommended maintenacne update for papi
Type	recommended
Severity	low
References	1181485

Description:

This update for papi fixes the following issue:

Provide the missing `papi-devel`package. (bsc#1181485)

Advisory ID	SUSE-SU-2021:285-1
Released	Tue Feb 2 13:08:54 2021
Summary	Security update for cups
Type	security
Severity	moderate
References	1170671,1180520,CVE-2019-8842,CVE-2020-10001

Description:

This update for cups fixes the following issues:

CVE-2020-10001: Fixed an out-of-bounds read in the ippReadIO function (bsc#1180520).
CVE-2019-8842: Fixed an out-of-bounds read in an extension field (bsc#1170671).

Advisory ID	SUSE-RU-2021:289-1
Released	Tue Feb 2 15:20:09 2021
Summary	Recommended update for arpwatch
Type	recommended
Severity	low
References

Description:

This update for arpwatch fixes the following issues:

Included arp2ethers script (jsc#SLE-17224)

Advisory ID	SUSE-RU-2021:292-1
Released	Wed Feb 3 11:46:32 2021
Summary	Recommended update for python-azure-agent
Type	recommended
Severity	moderate
References	1180719,1181600,1181601

Description:

This update for python-azure-agent contains the following fix:

Added sysvinit-tools as dependency (bsc#1181600, bsc#1181601)
Recognise SLE_HPC as SLES and use the proper RDMA handler and distro specific initialization code (bsc#1180719)

Advisory ID	SUSE-RU-2021:293-1
Released	Wed Feb 3 12:52:34 2021
Summary	Recommended update for gmp
Type	recommended
Severity	moderate
References	1180603

Description:

This update for gmp fixes the following issues:

correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603)

Advisory ID	SUSE-RU-2021:294-1
Released	Wed Feb 3 12:54:28 2021
Summary	Recommended update for libprotobuf
Type	recommended
Severity	moderate
References

Description:

libprotobuf was updated to fix:

ship the libprotobuf-lite15 on the basesystem module and the INSTALLER channel. (jsc#ECO-2911)

Advisory ID	SUSE-RU-2021:301-1
Released	Thu Feb 4 08:46:27 2021
Summary	Recommended update for timezone
Type	recommended
Severity	moderate
References	1177460

Description:

This update for timezone fixes the following issues:

timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.

timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.

Advisory ID	SUSE-RU-2021:337-1
Released	Mon Feb 8 13:14:24 2021
Summary	Recommended update for build
Type	recommended
Severity	low
References	1181646

Description:

This update for build fixes the following issues:
Features:

initial flatpak build support added
ccache support added
debtransform: Add Debian revision if not present
allow nodirindex filesystems via BuildFlags: vmfsoptions:nodirindex
rich dep handling for PreReqs
kiwi image: configure ndb database if we install the rpm-ndb package
Implement alternative method to specify build-ignores

A lot of fixes came with this update, please refer to this rpm's changelog to obtain a full list of all changes.

Advisory ID	SUSE-OU-2021:339-1
Released	Mon Feb 8 13:16:07 2021
Summary	Optional update for pam
Type	optional
Severity	low
References

Description:

This update for pam fixes the following issues:

Added rpm macros for this package, so that other packages can make use of it

This patch is optional to be installed - it doesn't fix any bugs.

Advisory ID	SUSE-SU-2021:352-1
Released	Tue Feb 9 15:02:05 2021
Summary	Security update for java-11-openjdk
Type	security
Severity	important
References	1181239

Description:

This update for java-11-openjdk fixes the following issues:
java-11-openjdk was upgraded to include January 2021 CPU (bsc#1181239)

Enable Sheandoah GC for x86_64 (jsc#ECO-3171)

Advisory ID	SUSE-RU-2021:417-1
Released	Wed Feb 10 12:02:41 2021
Summary	Recommended update for osc
Type	recommended
Severity	moderate
References	235071

Description:

This update for osc fixes the following issues:

support --lastsucceeded/--last-succeeded in 'osc buildlog', 'osc remotebuildlog' + friends (perform the corresponding operation on the build log of the last successful build)
several fixes in request related code paths (no double html_escape of a request's description etc.)
fix potential TypeErrors+UnicodeEncodeErrors in the util.cpio and util.ar modules
support local flatpak builds (requires a recent build version)
'osc init ' works for a non-existent (server-side) project
.old dir support for source services so that some services have access to the results of a previous service run
maintainer search: lookup via package name by default and binary as fallback
fix crash on console resize when downloading files during build
add proper repourls to osc reporuls
new command osc releaserequest: This command is used to transfer sources and binaries without rebuilding them.
It requires defined release targets set to trigger='manual'.
some improvements on output of help and error messages
Fix path and permissions for fish completion file to /usr/share/fish/vendor_completions.d

Advisory ID	SUSE-RU-2021:421-1
Released	Wed Feb 10 12:05:23 2021
Summary	Recommended update for hwdata
Type	recommended
Severity	low
References	1180422,1180482

Description:

This update for hwdata fixes the following issues:

Added merge-pciids.pl to fully duplicate behavior of pciutils-ids (bsc#1180422, bsc#1180482)
Updated pci, usb and vendor ids.

Advisory ID	SUSE-SU-2021:430-1
Released	Wed Feb 10 19:21:55 2021
Summary	Security update for MozillaFirefox
Type	security
Severity	low
References	1181848

Description:

This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 78.7.1 ESR (bsc#1181848)

Fixed: Prevent access to NTFS special paths that could lead to filesystem corruption.
Buffer overflow in depth pitch calculations for compressed textures

Advisory ID	SUSE-SU-2021:435-1
Released	Thu Feb 11 14:47:25 2021
Summary	Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork
Type	security
Severity	important
References	1174075,1176708,1178801,1178969,1180243,1180401,1181730,1181732,CVE-2020-15257,CVE-2021-21284,CVE-2021-21285

Description:

This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues:
Security issues fixed:

CVE-2020-15257: Fixed a privilege escalation in containerd (bsc#1178969).
CVE-2021-21284: potential privilege escalation when the root user in the remapped namespace has access to the host filesystem (bsc#1181732)
CVE-2021-21285: pulling a malformed Docker image manifest crashes the dockerd daemon (bsc#1181730)

Non-security issues fixed:

Update Docker to 19.03.15-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. This update includes fixes for bsc#1181732 (CVE-2021-21284) and bsc#1181730 (CVE-2021-21285).

Only apply the boo#1178801 libnetwork patch to handle firewalld on openSUSE. It appears that SLES doesn't like the patch. (bsc#1180401)

Update to containerd v1.3.9, which is needed for Docker v19.03.14-ce and fixes CVE-2020-15257. bsc#1180243

Update to containerd v1.3.7, which is required for Docker 19.03.13-ce. bsc#1176708

Update to Docker 19.03.14-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. CVE-2020-15257 bsc#1180243 https://github.com/docker/docker-ce/releases/tag/v19.03.14

Enable fish-completion

Add a patch which makes Docker compatible with firewalld with nftables backend. Backport of https://github.com/moby/libnetwork/pull/2548 (bsc#1178801, SLE-16460)

Update to Docker 19.03.13-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. bsc#1176708

Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075)

Emergency fix: %requires_eq does not work with provide symbols, only effective package names. Convert back to regular Requires.

Update to Docker 19.03.12-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md.
Use Go 1.13 instead of Go 1.14 because Go 1.14 can cause all sorts of spurrious errors due to Go returning -EINTR from I/O syscalls much more often (due to Go 1.14's pre-emptive goroutine support).
Add BuildRequires for all -git dependencies so that we catch missing dependencies much more quickly.

Update to libnetwork 55e924b8a842, which is required for Docker 19.03.14-ce. bsc#1180243

Add patch which makes libnetwork compatible with firewalld with nftables backend. Backport of https://github.com/moby/libnetwork/pull/2548 (bsc#1178801, SLE-16460)

Advisory ID	SUSE-SU-2021:443-1
Released	Thu Feb 11 16:36:24 2021
Summary	Security update for wpa_supplicant
Type	security
Severity	important
References	1181777,CVE-2021-0326

Description:

This update for wpa_supplicant fixes the following issues:

CVE-2021-0326: P2P group information processing vulnerability (bsc#1181777).

Advisory ID	SUSE-RU-2021:450-1
Released	Fri Feb 12 11:38:29 2021
Summary	Recommended update for drbd-formula, habootstrap-formula, saphanabootstrap-formula, sapnwbootstrap-formula
Type	recommended
Severity	moderate
References	1177860,1181453

Description:

This update for drbd-formula, habootstrap-formula, saphanabootstrap-formula, sapnwbootstrap-formula fixes the following issues:
habootstrap-formula:

Version 0.4.1 - Improved handling of sshkeys entry in pillar file (bsc#1181453) - Change `salt-formulas-configuration` requirement in SLE12 codestream to a recommendation (bsc#1177860) - Remove lock states as this is done in `crmsh` now - Fix ssh keys management to run them once the first node is initialized - Remove `--no-overwrite-sshkey` option from the formula - `qdevice` support: it can be created when initializing a cluster when multiple nodes are joining in parallel

saphanabootstrap-formula:

Version 0.7.0 - Change `salt-formulas-configuration` requirement in SLE12 codestream to a recommendation (bsc#1177860) - Start the `saptune` daemon service - Add requisite of HANA installation to subsequent salt states - Add support to extract and install HANA Client `sar` packages - Set the native fence mechanism usage for `CSP` as optional (jsc#SLE-4047) - Fix the HANA media extraction and installation logics when using `exe` archives - Update the SUSE Manager HANA form metadata, to show HANA form under SAP deployment group - Update SUSE Manager `form.yml` file and prevalidation state with latest changes in formula

sapnwbootstrap-formula:

Version 0.6.0 - Change `salt-formulas-configuration` requirement in SLE12 codestream to a recommendation (bsc#1177860) - Add requisites of `netweaver` installation to subsequent salt states - Start the `saptune` systemd service - Fix `additional_dvds` variable usage when salt uses python 2. - The variable is filtered by `tojson` option to avoid `u` prefix in lists - Set the native fence mechanism usage for `CSP` as optional - Add instance name suffix to `socat` resources - Remove meta `resource-stickness` to the `ERS` resources group - Update the db installation template to use correctly the schema names for S/4HANA - Update the default `nw_extract_dir` `SWPM` media extraction location

drbd-formula:

Version 0.4.0 - Change `salt-formulas-configuration` requirement in SLE12 codestream to a recommendation (bsc#1177860)

Advisory ID	SUSE-SU-2021:483-1
Released	Tue Feb 16 10:04:38 2021
Summary	Security update for python-bottle
Type	security
Severity	important
References	1182181,CVE-2020-28473

Description:

This update for python-bottle fixes the following issues:

CVE-2020-28473: Fixed Web Cache Poisoning vulnerability using parameter cloaking (bsc#1182181).

Advisory ID	SUSE-SU-2021:488-1
Released	Tue Feb 16 12:42:38 2021
Summary	Security update for jasper
Type	security
Severity	important
References	1179748,1181483,CVE-2020-27828,CVE-2021-3272

Description:

This update for jasper fixes the following issues:

bsc#1179748 CVE-2020-27828: Fix heap overflow by checking maxrlvls
bsc#1181483 CVE-2021-3272: Fix buffer over-read in jp2_decode

Advisory ID	SUSE-SU-2021:492-1
Released	Wed Feb 17 09:40:06 2021
Summary	Security update for screen
Type	security
Severity	important
References	1182092,CVE-2021-26937

Description:

This update for screen fixes the following issues:

CVE-2021-26937: Fixed double width combining char handling that could lead to a denial of service or code execution (bsc#1182092).

Advisory ID	SUSE-RU-2021:493-1
Released	Wed Feb 17 11:25:46 2021
Summary	Recommended update for python-kiwi
Type	recommended
Severity	moderate
References	1170863,1175729,1176129,1176134,1176977,1179562,1180781

Description:

This update for python-kiwi fixes the following issues:
Update to version 9.21.23

Azure generated images are not bootable. (bsc#1180781)
Fixed validation of bool value in dracut module. (bsc#1179562) - The `oem-multipath-scan` setup results in a bool variable inside of the initrd code. The variable `kiwi_oemmultipath_scan` is therefore either set to _true_ or _false_. This update fixes the validation to make use of the `bool()` method provided for these type of variables.
Omit multipath module by default (bsc#1179562) - The plain installation of the multipath toolkit activates the dracut multipath code. The setup if the target image runs in a multipath environment or not should however be decided explicitly in the image description via `` and not implicitly by the presence of tools.
Fixed multipath disk device assignment in kiwi lib (bsc#1179562) - The former lookup of the multipath mapped disk device contained a race condition. If the lookup of the device mapper files happened before multipathd has finished the initialization, kiwi continues with the unix node name and fails when the device mapper keeps a busy state on it. This update changes the code such that in case of an explicit request to use multipath the lookup of the mapped device becomes a mandatory process that runs until the `DEVICE_TIMEOUT` is reached. Default timeout is set to 60 sec.
Do not exclude filesystem folders in OCI images (bsc#1176129) - This update does not exclude filesystem folders during the rsync call in OCI images. It has been noted that including an empty `/dev` folder does not hurt and it can eventually help to workaround some limitations of container related tools such as `buildah`.
Fix/Refactor s390 support (bsc#1170863) - This changes the s390 support on several stages: - On s390 the boot process is based on zipl which boots into an initrd from which a userspace grub process is started to support the grub capabilities. The implementation of this concept is provided via the `grub2-s390x-emu` package. Once installed the setup of the bootloader is done via the `grub2-mkconfig` and `grub2-install` commands and therefore from a caller perspective the same as with any other grub2 setup process. For kiwi this means no extra zipl bootloader target code is needed. Therefore this update deletes the zipl setup from kiwi and puts on the standard grub2 process. - To support different targettypes the `grub2-s390x-emu` provided zipl template must be adapted. Parts of the former zipl bootloader setup therefore now applies to an update of the `zipl2grub` template file - Support for `CDL/LDL DASD` targets has been disabled in the schema. When testing 4k devices and a respective zipl2grub template setup for `CDL/LDL` targettype it has turned out that `grub2-install` is not able to run on such a device. Probably the device code in `grub2-install` does not work for 4k devices with an fdasd created partition table. As this needs further investigations and most probably adaptions on the grub toolchain for s390, we disabled the setup of these modes for now. Emulated DASD (FBA) and SCSI targets stays supported.

Fix compat link for rpmdb location. (bsc#1176977)

- This update fixes the symbolic link creation for `/var/lib/rpm`. More specific for derived container images in which the base root tree already included the `/var/lib/rpm` the link, the `ln` command was creating a symbolic link inside the `/var/lib/rpm` folder givent that it was following the already existing symbolic link. Adding the `--no-target-directory` force `ln` command to treat `/var/lib/rpm` path as the fully qualified symlink name.

Fixed s390/sle15 Virtual disk integration test. (bsc#1170863) - The integration test used FBA mode as target. As the target is expected to be KVM this is the wrong setting. SCSI should be used instead.
Support dynamic `linux/linuxefi` in any case. (bsc#1175729, bsc#1176134) - Instead of restricting the dynamic linux vs. linuxefi setup to a specific grub version, support this setup for any version of grub.

Advisory ID	SUSE-RU-2021:499-1
Released	Wed Feb 17 19:07:44 2021
Summary	Recommended update for MozillaThunderbird
Type	recommended
Severity	moderate
References	1181848

Description:

This update for MozillaThunderbird fixes the following issues:

Mozilla Thunderbird 78.7.1 (bsc#1181848) * changed: Building OpenPGP shared library linked to system libraries now supported * changed: MailExtension errors now shown in Developer Tools console by default * changed: MailExtensions: Dynamic registration of calendar providers now supported * fixed: OpenPGP improvements * fixed: Message preview was sometimes blank after upgrading from Thunderbird 68 * fixed: Email addresses whitelisted for remote content not displayed in preferences * fixed: Importing data from Seamonkey did not work * fixed: Renaming a mail list did not update the side bar * fixed: MailExtensions: messenger.* namespace was undefined

Advisory ID	SUSE-RU-2021:509-1
Released	Thu Feb 18 12:11:19 2021
Summary	Recommended update for ucode-intel
Type	recommended
Severity	important
References	1179224,1182347

Description:

This update for ucode-intel fixes the following issues:
Updated Intel CPU Microcode to 20210216 official release. (bsc#1182347 bsc#1179224)

| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006a08 | 02006a0a | Xeon Scalable
| SKX-D | M1 | 06-55-04/b7 | 02006a08 | 02006a0a | Xeon D-21xx
| CLX-SP | B0 | 06-55-06/bf | 04003003 | 04003006 | Xeon Scalable Gen2
| CLX-SP | B1 | 06-55-07/bf | 05003003 | 05003006 | Xeon Scalable Gen2

Advisory ID	SUSE-RU-2021:516-1
Released	Thu Feb 18 14:42:51 2021
Summary	Recommended update for docker, golang-github-docker-libnetwork
Type	recommended
Severity	moderate
References	1178801,1180401,1182168

Description:

This update for docker, golang-github-docker-libnetwork fixes the following issues:

A libnetwork firewalld integration enhancement was broken, disable it (bsc#1178801,bsc#1180401,bsc#1182168)

Advisory ID	SUSE-RU-2021:518-1
Released	Thu Feb 18 17:57:56 2021
Summary	Recommended update for highlight
Type	recommended
Severity	moderate
References	1142155

Description:

This update for highlight fixes the following issues:
Update from version 3.42 to 3.59:

HTML output: Added `white-space: pre-wrap` to pre tag CSS.
Updated mark_lines.lua plug-in accept a line range as input parameter and output xterm256 terminal sequences.
Improved Ruby code folding of the outhtml_codefold plug-in.
Updated astyle lib to rev 672.
Added support for reStructured Text.
Added support for Rego (openpolicyagent.org).
Added `outhtml_copy_clipboard.lua` plugin.
CLI: Adapted default xterm256/truecolor theme to terminal background colour.
CLI: Adapted ANSI line numbers to terminal background colour.
CLI: Fixed segfault if the user home directory cannot be determined.
GUI: Initial font set to Monospace.
GUI: Replaced highlight.xpm by highlight.png icon.
Add hicolor-icon-themes as build requirement: Required since move of highlight-gui icon.
Improved `--force` fallback argument handling.
Added C++ attribute syntax support.
Added Lua fuction `StoreValue` to set and retrieve information across Lua states.
Added `extras/eclipse-themes/eclipse_color_themes.py` script to retrieve themes from eclipsecolorthemes.org.
Added support for Web Assembly Text.
Updated mark_lines.lua to output 16m terminal sequences
Fixed issues in bash.lang. - Fixed Bash heredoc highlighting in bash_functions.lua
CLI: `highlight --version -q` only prints the version number. * GUI: Added theme contrast indicator.
Added support for Haml.
Added support for Wren. * Added Lua function `OverrideParam`.
Fixed regression in xterm256 or truecolor output * Fixed `--list-scripts` with read-only language definitions
Improved several language definitions. * Added support for Sequence Alignment Maps (SAM files). * Added empty-file mode to --no-trailing-nl
Fixed issue with --syntax-by-name waiting for stdin
Fixed issue with --syntax reading matching files in the current working directory
Fixed string parsing in lisp.lang * Fixed output of UTF-8 text in xterm256 or truecolor output * Fixed regex in js.lang. * Fixed calculation of testcase markers with UTF-8 input.
Allowed number literals with underscores in Java, Scala, D, Julia, C#, Perl and Ada definitions. * Added Nord theme.
Improved handling of empty files in xterm256 and truecolor output
Added EncodingHint attributes to filetypes.conf and language definitions
CLI: Allowed file paths as --theme and --syntax argument * GUI: Removed deprecated QTime API call.
Fixed default colour output in BBCode
Fixed corner case in sh.lang. * Fixed syntax tests with UTF-8 input
Added support for Bash in outhtml_codefold.lua plug-in. * Added ballerina.lang. * Added block strings to java.lang.
Added author hints in themes and language definitions. * Added C++20 reserved words in c.lang.
Added editorconfig file and validated all files accordingly. * CLI: Fixed --list-scripts with -d or HIGHLIGHT_DATADIR env variable * GUI: Removed AsciiDoc instruction lines from the README popup window.
Use lang_package macro for highlight-gui-lang declaration.
Fixed out-of-range exception with repeated AddKeyword calls.
Added KeywordFormatHints, Priority and Constraints elements to syntax definitions.
Added Lua function AddPersistentState
Renamed md.lang to markdown.lang.
Added Fish syntax definition.
Makefile: added _FILE_OFFSET_BITS=64 flag.
CLI: added optional fallback syntax to --force
CLI: added option --max-size * GUI: added multibyte path trace window. * GUI: fixed superfluous creation of the same stylesheet file.
Fix build instability (bsc#1142155).
Added negation `~` to test state indicators
Added support for Hugo. * Added 5 duotone themes.
CLI: fixed segfault with `--force` * GUI: limited font selection to monospace fonts * SVG output: Added `white-space: pre` in styles.
HTML output: Replaced `'` by `'`
HTML output: Fixed index file format (missing close tags).
CLI: Moved syntax recognition functions to DataDir class. * CLI: Added regular expressions and default false values to --verbose output.
CLI: Fixed `--list-cat` without `--list-scripts` * CLI: Added optional argument to `--base16` * CLI: Added default base16 themes
CLI: Added `--isolate` option
Added lineno, column parameters to OnStateChange hook.
Added support for Crystal.
Added support for Slim.
Fixed several typos in documentaion and manpages. * CLI: Added `--syntax-by-name` option. * CLI: Removed deprecated `--list-langs` and`--list-themes` options.
GUI: Added terminal sequence output options
Added support for Meson, Solidity, TOML and Terraform.
Improved Perl and Yaml highlighting.
Added Categories field to all config files.
CLI: added category info in --list-scripts output. * CLI: added --list-cat option
CLI: added optional topic parameter to --help. * GUI: added theme category selection.
GUI: display categories of selected syntax or theme.
Fixed --list-scripts abortion with Fedora default compile options * Fixed a problem with syntax test indicators reporting wrong states after comments.
Improved Verilog syntax.
Improved quoted string highlighting for Perl and Ruby.
Detection of pkg-config's Lua version in src/makefile.
Fixed xterm256 and truecolor whitespace output #2
Fixed LaTeX, TeX, SVG and ODT whitespace output (regression of version 3.45). * Added darkplus theme. * Converted ChangeLog to AsciiDoc.
Allowed state test indicators to match both whitespace (ws) and the enclosing state (others).
CLI: Default output changed to xterm256 or truecolor if run in a terminal with color support and only a single file is outputted.
GUI: Added checkbox in the clipboard tab to output selected lines only.
Fixed xterm256 and truecolor whitespace output
Converted manuals to AsciiDoc.
Added DocumentHeader and DocumentFooter plug-in hooks.
Added RemoveKeyword Lua function for syntax definitions.
Added syntax test indicators (see README_TESTCASES).
Added support for ISO and R10 variants of Modula2.
Fixed R identifiers.
Fixed ALAN IF identifiers.
Fixed issue with Bash string interpolation.
Added Swift keywords and types.
Added Gradle extension mapping.
Fixed Ruby string interpolation
Added support for ALAN IF.
Added 107 Base16 themes. * Updated Rust and Java reserved words lists. * Revised documentation.
Moved extras/css-themes into extras/themes-resources. * Added extras/themes-resources/base16. * GUI: added Base16 theme selection checkbox. * CLI: added --base16 option to enable the new themes.
CLI: accept - as argument to read from stdin
Make the build of gui subpackage conditional (built by default).
Updated astyle code to release 3.1 (Rev. 655).
Added webkit reformatting style.
Improved several language definitions.
Fixed Matlab string recognition
Fixed Autohotkey escape sequence recognition.
Added excel.lang
Improved Qt pro file
CLI: Added --reformat-option * CLI: Added --line-range
GUI: Added Bulgarian translation.

Advisory ID	SUSE-RU-2021:526-1
Released	Fri Feb 19 12:46:27 2021
Summary	Recommended update for python-distro
Type	recommended
Severity	moderate
References

Description:

This update for python-distro fixes the following issues:
Upgrade from version 1.2.0 to 1.5.0 (jsc#ECO-3212)

Backward compatibility: - Keep output as native string so we can compatible with python2 interface - Prefer the `VERSION_CODENAME` field of `os-release` to parsing it from `VERSION`

Bug Fixes: - Fix detection of RHEL 6 `ComputeNode` - Fix Oracle 4/5 `lsb_release` id and names - Ignore `/etc/plesk-release` file while parsing distribution - Return `_uname_info` from the `uname_info()` method - Fixed `CloudLinux` id discovery - Update Oracle matching - Warn about wrong locale.

Documentation: - Distro is the recommended replacement for `platform.linux_distribution` - Add Ansible reference implementation and fix arch-linux link - Add facter reference implementation

Advisory ID	SUSE-SU-2021:531-1
Released	Fri Feb 19 14:54:06 2021
Summary	Security update for tomcat
Type	security
Severity	moderate
References	1180947,CVE-2021-24122

Description:

This update for tomcat fixes the following issues:

CVE-2021-24122: Fixed an information disclosure if resources are served from the NTFS file system (bsc#1180947).

Advisory ID	SUSE-RU-2021:542-1
Released	Mon Feb 22 12:14:19 2021
Summary	Recommended update for poppler
Type	recommended
Severity	moderate
References	1181551

Description:

This update for poppler fixes the following issues:

Fixed an issue where it was not possible to open signed DocuSign documents with poppler (bsc#1181551)

Advisory ID	SUSE-SU-2021:543-1
Released	Mon Feb 22 13:54:49 2021
Summary	Security update for postgresql13
Type	security
Severity	moderate
References	1179765,1182039,1182040,CVE-2021-20229,CVE-2021-3393

Description:

This update for postgresql13 fixes the following issues:
Upgrade to version 13.2:
* Updating stored views and reindexing might be needed after applying this update. * CVE-2021-3393, bsc#1182040: Fix information leakage in constraint-violation error messages. * CVE-2021-20229, bsc#1182039: Fix failure to check per-column SELECT privileges in some join queries.

Advisory ID	SUSE-RU-2021:554-1
Released	Tue Feb 23 11:14:46 2021
Summary	Recommended update for lifecycle-data-sle-module-live-patching
Type	recommended
Severity	moderate
References	1020320

Description:

This update for lifecycle-data-sle-module-live-patching fixes the following issue:

Added data for 4_12_14-150_66, 4_12_14-197_78, 5_3_18-24_46, 5_3_18-24_49. (bsc#1020320)

Advisory ID	SUSE-RU-2021:571-1
Released	Tue Feb 23 16:11:33 2021
Summary	Recommended update for cloud-init
Type	recommended
Severity	moderate
References	1180176

Description:

This update for cloud-init contains the following fixes:

Update cloud-init-write-routes.patch (bsc#1180176) + Follow up to previous changes. Fix order of operations error to make gateway comparison between subnet configuration and route configuration valuable rather than self-comparing.

Add cloud-init-sle12-compat.patch (jsc#PM-2335) - Python 3.4 compatibility in setup.py - Disable some test for mock version compatibility

Advisory ID	SUSE-RU-2021:577-1
Released	Wed Feb 24 10:00:26 2021
Summary	Recommended update for fio
Type	recommended
Severity	moderate
References

Description:

This update for fio fixes the following issues:

Fixes for several bug fixes and issues.
Added support for NBD and ZBD

For a full list of changes, please refer to this rpm's changelog.

Advisory ID	SUSE-RU-2021:579-1
Released	Wed Feb 24 10:38:22 2021
Summary	Recommended update for arpwatch
Type	recommended
Severity	moderate
References	1181936

Description:

This update for arpwatch fixes the following issues:

Fix arp2ethers script (bsc#1181936).

Advisory ID	SUSE-OU-2021:582-1
Released	Wed Feb 24 11:24:09 2021
Summary	Optional update for netpbm
Type	optional
Severity	low
References	1181571

Description:

This update for netpbm fixes the following issues:

Skips failing test cases for armv7hl (bsc#1181571)

This patch is optional to install. It doesn't fix any issues for users.

Advisory ID	SUSE-RU-2021:589-1
Released	Thu Feb 25 06:11:06 2021
Summary	Recommended update for hawk2
Type	recommended
Severity	moderate
References	1181436,1182163

Description:

This update for hawk2 fixes the following issues:

Fixed an issue where the path to /usr/sbin/attrd_updater was wrong (bsc#1181436)
Removed the use of %x (bsc#1182163)

Advisory ID	SUSE-SU-2021:594-1
Released	Thu Feb 25 09:29:35 2021
Summary	Security update for python-cryptography
Type	security
Severity	important
References	1182066,CVE-2020-36242

Description:

This update for python-cryptography fixes the following issues:

CVE-2020-36242: Using the Fernet class to symmetrically encrypt multi gigabyte values could result in an integer overflow and buffer overflow (bsc#1182066).

Advisory ID	SUSE-RU-2021:596-1
Released	Thu Feb 25 10:26:30 2021
Summary	Recommended update for gcc7
Type	recommended
Severity	moderate
References	1181618

Description:

This update for gcc7 fixes the following issues:

Fixed webkit2gtk3 build (bsc#1181618)
Change GCC exception licenses to SPDX format
Remove include-fixed/pthread.h

Advisory ID	SUSE-OU-2021:612-1
Released	Fri Feb 26 04:55:47 2021
Summary	Optional update for m4
Type	optional
Severity	low
References	1181571

Description:

This update for m4 fixes the following issues:

Fixed an issue in building against newer glibc versions (bsc#1181571)

Advisory ID	SUSE-SU-2021:654-1
Released	Fri Feb 26 20:01:10 2021
Summary	Security update for python-Jinja2
Type	security
Severity	important
References	1181944,1182244,CVE-2020-28493

Description:

This update for python-Jinja2 fixes the following issues:

CVE-2020-28493: Fixed a ReDOS vulnerability where urlize could have been called with untrusted user data (bsc#1181944).

Advisory ID	SUSE-RU-2021:656-1
Released	Mon Mar 1 09:34:21 2021
Summary	Recommended update for protobuf
Type	recommended
Severity	moderate
References	1177127

Description:

This update for protobuf fixes the following issues:

Add missing dependency of python subpackages on python-six. (bsc#1177127)

Advisory ID	SUSE-SU-2021:659-1
Released	Mon Mar 1 13:41:20 2021
Summary	Security update for MozillaFirefox
Type	security
Severity	important
References	1182357,1182614,CVE-2021-23968,CVE-2021-23969,CVE-2021-23973,CVE-2021-23978

Description:

This update for MozillaFirefox fixes the following issues:

Firefox Extended Support Release 78.8.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2021-08 (bsc#1182614) * CVE-2021-23969: Content Security Policy violation report could have contained the destination of a redirect * CVE-2021-23968: Content Security Policy violation report could have contained the destination of a redirect * CVE-2021-23973: MediaError message property could have leaked information about cross-origin resources * CVE-2021-23978: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8

Advisory ID	SUSE-SU-2021:661-1
Released	Mon Mar 1 16:12:47 2021
Summary	Security update for MozillaThunderbird
Type	security
Severity	important
References	1182357,1182614,CVE-2021-23968,CVE-2021-23969,CVE-2021-23973,CVE-2021-23978

Description:

This update for MozillaThunderbird fixes the following issues:

Mozilla Thunderbird 78.8 * fixed: Importing an address book from a CSV file always reported an error * fixed: Security information for S/MIME messages was not displayed correctly prior to a draft being saved * fixed: Calendar: FileLink UI fixes for Caldav calendars * fixed: Recurring tasks were always marked incomplete; unable to use filters * fixed: Various UI widgets not working * fixed: Dark theme improvements * fixed: Extension manager was missing link to addon support web page * fixed: Various security fixes MFSA 2021-09 (bsc#1182614) * CVE-2021-23969: Content Security Policy violation report could have contained the destination of a redirect * CVE-2021-23968: Content Security Policy violation report could have contained the destination of a redirect * CVE-2021-23973: MediaError message property could have leaked information about cross-origin resources * CVE-2021-23978: Memory safety bugs fixed in Thunderbird 78.8

Advisory ID	SUSE-SU-2021:665-1
Released	Mon Mar 1 16:15:47 2021
Summary	Security update for java-1_8_0-openjdk
Type	security
Severity	moderate
References	1181239,CVE-2020-14803

Description:

This update for java-1_8_0-openjdk fixes the following issues:

Update to version jdk8u282 (icedtea 3.18.0) * January 2021 CPU (bsc#1181239) * Security fixes + JDK-8247619: Improve Direct Buffering of Characters (CVE-2020-14803) * Import of OpenJDK 8 u282 build 01 + JDK-6962725: Regtest javax/swing/JFileChooser/6738668/ /bug6738668.java fails under Linux + JDK-8025936: Windows .pdb and .map files does not have proper dependencies setup + JDK-8030350: Enable additional compiler warnings for GCC + JDK-8031423: Test java/awt/dnd/DisposeFrameOnDragCrash/ /DisposeFrameOnDragTest.java fails by Timeout on Windows + JDK-8036122: Fix warning 'format not a string literal' + JDK-8051853: new URI('x/').resolve('..').getSchemeSpecificPart() returns null! + JDK-8132664: closed/javax/swing/DataTransfer/DefaultNoDrop/ /DefaultNoDrop.java locks on Windows + JDK-8134632: Mark javax/sound/midi/Devices/ /InitializationHang.java as headful + JDK-8148854: Class names 'SomeClass' and 'LSomeClass;' treated by JVM as an equivalent + JDK-8148916: Mark bug6400879.java as intermittently failing + JDK-8148983: Fix extra comma in changes for JDK-8148916 + JDK-8160438: javax/swing/plaf/nimbus/8057791/bug8057791.java fails + JDK-8165808: Add release barriers when allocating objects with concurrent collection + JDK-8185003: JMX: Add a version of ThreadMXBean.dumpAllThreads with a maxDepth argument + JDK-8202076: test/jdk/java/io/File/WinSpecialFiles.java on windows with VS2017 + JDK-8207766: [testbug] Adapt tests for Aix. + JDK-8212070: Introduce diagnostic flag to abort VM on failed JIT compilation + JDK-8213448: [TESTBUG] enhance jfr/jvm/TestDumpOnCrash + JDK-8215727: Restore JFR thread sampler loop to old / previous behavior + JDK-8220657: JFR.dump does not work when filename is set + JDK-8221342: [TESTBUG] Generate Dockerfile for docker testing + JDK-8224502: [TESTBUG] JDK docker test TestSystemMetrics.java fails with access issues and OOM + JDK-8231209: [REDO] ThreadMXBean::getThreadAllocatedBytes() can be quicker for self thread + JDK-8231968: getCurrentThreadAllocatedBytes default implementation s/b getThreadAllocatedBytes + JDK-8232114: JVM crashed at imjpapi.dll in native code + JDK-8234270: [REDO] JDK-8204128 NMT might report incorrect numbers for Compiler area + JDK-8234339: replace JLI_StrTok in java_md_solinux.c + JDK-8238448: RSASSA-PSS signature verification fail when using certain odd key sizes + JDK-8242335: Additional Tests for RSASSA-PSS + JDK-8244225: stringop-overflow warning on strncpy call from compile_the_world_in + JDK-8245400: Upgrade to LittleCMS 2.11 + JDK-8248214: Add paddings for TaskQueueSuper to reduce false-sharing cache contention + JDK-8249176: Update GlobalSignR6CA test certificates + JDK-8250665: Wrong translation for the month name of May in ar_JO,LB,SY + JDK-8250928: JFR: Improve hash algorithm for stack traces + JDK-8251469: Better cleanup for test/jdk/javax/imageio/SetOutput.java + JDK-8251840: Java_sun_awt_X11_XToolkit_getDefaultScreenData should not be in make/mapfiles/libawt_xawt/mapfile-vers + JDK-8252384: [TESTBUG] Some tests refer to COMPAT provider rather than JRE + JDK-8252395: [8u] --with-native-debug-symbols=external doesn't include debuginfo files for binaries + JDK-8252497: Incorrect numeric currency code for ROL + JDK-8252754: Hash code calculation of JfrStackTrace is inconsistent + JDK-8252904: VM crashes when JFR is used and JFR event class is transformed + JDK-8252975: [8u] JDK-8252395 breaks the build for --with-native-debug-symbols=internal + JDK-8253284: Zero OrderAccess barrier mappings are incorrect + JDK-8253550: [8u] JDK-8252395 breaks the build for make STRIP_POLICY=no_strip + JDK-8253752: test/sun/management/jmxremote/bootstrap/ /RmiBootstrapTest.java fails randomly + JDK-8254081: java/security/cert/PolicyNode/ /GetPolicyQualifiers.java fails due to an expired certificate + JDK-8254144: Non-x86 Zero builds fail with return-type warning in os_linux_zero.cpp + JDK-8254166: Zero: return-type warning in zeroInterpreter_zero.cpp + JDK-8254683: [TEST_BUG] jdk/test/sun/tools/jconsole/ /WorkerDeadlockTest.java fails + JDK-8255003: Build failures on Solaris

Advisory ID	SUSE-SU-2021:670-1
Released	Mon Mar 1 17:35:51 2021
Summary	Security update for java-1_8_0-ibm
Type	security
Severity	important
References	1181239,1182186,CVE-2020-14803,CVE-2020-27221

Description:

This update for java-1_8_0-ibm fixes the following issues:

Update to Java 8.0 Service Refresh 6 Fix Pack 25 [bsc#1182186, bsc#1181239, CVE-2020-27221, CVE-2020-14803] * CVE-2020-27221: Potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding. * CVE-2020-14803: Unauthenticated attacker with network access via multiple protocols allows to compromise Java SE.

Advisory ID	SUSE-RU-2021:672-1
Released	Tue Mar 2 09:13:31 2021
Summary	Recommended update for bcache-tools
Type	recommended
Severity	moderate
References

Description:

This update for bcache-tools fixes the following issues:

Update super block version to fix the status tool reading 'sysfs' data properly. (jsc#SLE-9807)

Advisory ID	SUSE-RU-2021:690-1
Released	Wed Mar 3 17:14:42 2021
Summary	Recommended update for scap-security-guide
Type	recommended
Severity	moderate
References

Description:

This update for scap-security-guide fixes the following issues:
This update ships the ComplianceAsCode build version 0.1.54, containing the following supported file:

SCAP STIG automation for SUSE Linux Enterprise 12 (SUSE supplied)
CIS automation for SUSE Linux Enterprise 15 (community supplied)

It can be evaluated using 'oscap' from 'openscap-utils', e.g. by doing on SUSE Linux Enterprise 12:

oscap xccdf eval --profile stig /usr/share/xml/scap/ssg/content/ssg-sle12-ds.xml

or the community supplied CIS on SUSE Linux Enterprise 15:

oscap xccdf eval --profile cis /suse/meissner/scap/usr/share/xml/scap/ssg/content/ssg-sle15-ds.xml

More content will be added in future updates.
Also supplied are Red Hat, CentOS, Fedora, Debian, Ubuntu and related builds from ComplianceAsCode.

Advisory ID	SUSE-RU-2021:701-1
Released	Thu Mar 4 09:17:25 2021
Summary	Recommended update for sane-backends
Type	recommended
Severity	moderate
References	1179065

Description:

This update for sane-backends fixes the following issues:

updated sane-backends to 1.0.32: * Fixed double height image with the avision backend (bsc#1179065) * Removed udev rules mangling for USB devices (ATTR vs ATTRS) * Does no longer add SCSI id twice for EPSON Perfection 1640SU

Many more fixes came with this version bump. Please refer to the changelog file of this package.

Advisory ID	SUSE-RU-2021:707-1
Released	Thu Mar 4 09:19:36 2021
Summary	Recommended update for systemd-rpm-macros
Type	recommended
Severity	moderate
References	1177039

Description:

This update for systemd-rpm-macros fixes the following issues:

Bump to version 6

Make upstream '%systemd_{pre,post,preun,postun}' aliases to their SUSE counterparts. Packagers can now choose to use the upstream or the SUSE variants indifferently. For consistency the SUSE variants should be preferred since almost all SUSE packages already use them but the upstream versions might be usefull in certain cases where packages need to support multiple distros based on RPM.

Improve the logic used to apply the presets. (bsc#1177039) Before presests were applied at a) package installation b) new units introduced via a package update (but after making sure that it was not a SysV initscript being converted). The problem is that a) didn't handle package a renaming or split properly since the package with the new name is installed rather being updated and therefore the presets were applied even if they were already with the old name. We now cover this case (and the other ones) by applying presets only if the units are new and the services are not being migrated. This regardless of whether this happens during an install or an update.

Advisory ID	SUSE-RU-2021:717-1
Released	Fri Mar 5 17:22:41 2021
Summary	Recommended update for stunnel
Type	recommended
Severity	moderate
References	1182376

Description:

This update for stunnel fixes the following issues:

Do not replace the active config file (bsc#1182376)

Advisory ID	SUSE-SU-2021:721-1
Released	Mon Mar 8 16:41:21 2021
Summary	Security update for wpa_supplicant
Type	security
Severity	important
References	1182805,CVE-2021-27803

Description:

This update for wpa_supplicant fixes the following issues:

CVE-2021-27803: Fixed a P2P provision discovery processing vulnerability (bsc#1182805).

Advisory ID	SUSE-RU-2021:726-1
Released	Mon Mar 8 17:16:33 2021
Summary	Recommended update for regionServiceClientConfigEC2
Type	recommended
Severity	moderate
References	1176005,1176007

Description:

This update for regionServiceClientConfigEC2 contains the following fixes:

Update to version 3.0.0: (bsc#1176005, bsc#1176007) + Reduce the number of region servers + Require python3-ec2metadata to support IMDSv2 only setups

Advisory ID	SUSE-RU-2021:734-1
Released	Tue Mar 9 14:40:17 2021
Summary	Recommended update for dehydrated
Type	recommended
Severity	moderate
References	1154167,1178927

Description:

This update for dehydrated fixes the following issues:
Update to dehydrated 0.7.0 (jsc#SLE-15909)

Added

- Support for external account bindings - Special support for ZeroSSL - Support presets for some CAs instead of requiring URLs - Allow requesting preferred chain (--preferred-chain) - Added method to show CAs current terms of service (--display-terms) - Allow setting path to domains.txt using cli arguments (--domains-txt) - Added new cli command --cleanupdelete which deletes old files instead of archiving them

Fixed

- No more silent failures on broken hook-scripts - Better error-handling with KEEP_GOING enabled - Check actual order status instead of assuming it's valid - Don't include keyAuthorization in challenge validation (RFC compliance)

Changed

- Using EC secp384r1 as default certificate type - Use JSON.sh to parse JSON - Use account URL instead of account ID (RFC compliance) - Dehydrated now has a new home: https://github.com/dehydrated-io/dehydrated - Added OCSP_FETCH and OCSP_DAYS to per-certificate configurable options

dehydrated-apache2: Check for mod_compat (bsc#1178927)

Update maintainer file and package description, remove features that are better described in the (upstream maintained) man page.

Remove potentially harmful scriptlet (bsc#1154167).

Removed lighttpd 1.x integration package. If you still would like to use lighttpd with dehydrated, follow the instructions in the README.maintainers file.

Advisory ID	SUSE-RU-2021:746-1
Released	Tue Mar 9 16:57:49 2021
Summary	Recommended update for xorg-x11-server
Type	recommended
Severity	moderate
References	1182884

Description:

This update for xorg-x11-server fixes the following issues:

Fix for build issues with armv7. (bsc#1182884)

Advisory ID	SUSE-RU-2021:761-1
Released	Wed Mar 10 12:26:54 2021
Summary	Recommended update for libX11
Type	recommended
Severity	moderate
References	1181963

Description:

This update for libX11 fixes the following issues:
- Fixes a race condition in 'libX11' that causes various applications to crash randomly. (bsc#1181963)

Advisory ID	SUSE-SU-2021:769-1
Released	Thu Mar 11 20:22:29 2021
Summary	Security update for openssl-1_0_0
Type	security
Severity	moderate
References	1182331,1182333,CVE-2021-23840,CVE-2021-23841

Description:

This update for openssl-1_0_0 fixes the following issues:

CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333)
CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331)

Advisory ID	SUSE-SU-2021:772-1
Released	Fri Mar 12 11:56:21 2021
Summary	Security update for stunnel
Type	security
Severity	important
References	1177580,1182529,CVE-2021-20230

Description:

This update for stunnel fixes the following issues:

Security fix: [bsc#1177580, bsc#1182529, CVE-2021-20230] * 'redirect' option does not properly handle 'verifyChain = yes'

Advisory ID	SUSE-RU-2021:784-1
Released	Mon Mar 15 11:19:08 2021
Summary	Recommended update for efivar
Type	recommended
Severity	moderate
References	1181967

Description:

This update for efivar fixes the following issues:

Fixed an issue with the NVME path parsing (bsc#1181967)

Advisory ID	SUSE-RU-2021:786-1
Released	Mon Mar 15 11:19:23 2021
Summary	Recommended update for zlib
Type	recommended
Severity	moderate
References	1176201

Description:

This update for zlib fixes the following issues:

Fixed hw compression on z15 (bsc#1176201)

Advisory ID	SUSE-RU-2021:795-1
Released	Tue Mar 16 10:28:02 2021
Summary	Recommended update for systemd-rpm-macros
Type	recommended
Severity	low
References	1182661,1183012,1183051

Description:

This update for systemd-rpm-macros fixes the following issues:

Added a %systemd_user_pre macro (bsc#1183051, bsc#1183012)
Fixed an issue with %systemd_user_post, where the --global parameter was treated like if it was another service (bsc#1183051, bsc#1182661)

Advisory ID	SUSE-SU-2021:800-1
Released	Tue Mar 16 12:53:08 2021
Summary	Security update for velocity
Type	security
Severity	important
References	1183360,CVE-2020-13936

Description:

This update for velocity fixes the following issues:

CVE-2020-13936: Fixed an arbitrary code execution when attacker is able to modify templates (bsc#1183360).

Advisory ID	SUSE-RU-2021:873-1
Released	Thu Mar 18 09:40:58 2021
Summary	Recommended update for xorg-x11-server
Type	recommended
Severity	moderate
References	1182510

Description:

This update for xorg-x11-server fixes the following issues:

Fix broken man page in 'autoconf' build. (bsc#1182510)

Advisory ID	SUSE-RU-2021:880-1
Released	Fri Mar 19 04:14:38 2021
Summary	Recommended update for hwdata
Type	recommended
Severity	low
References	1170160,1182482

Description:

This update for hwdata fixes the following issues:

Updated pci, usb and vendor ids (bsc#1182482, bsc#1170160, jsc#SLE-13791)

Advisory ID	SUSE-RU-2021:881-1
Released	Fri Mar 19 04:16:42 2021
Summary	Recommended update for yast2-adcommon-python, yast2-aduc, samba
Type	recommended
Severity	moderate
References	1084864,1132565,1133568,1135130,1135224,1138203,1138487,1145508,1146898,1150394,1150612,1151713,1152052,1154121,1170998

Description:

This update for yast2-adcommon-python, yast2-aduc, samba fixes the following issues:

Update 'aduc' for 'realmd' customer. (jsc#SLE-5527)
Add ability to change/enable/unlock user's passwords. (bsc#1152052)
Fixes a Failure to authenticate on first try and throws a MemoryError on Ubuntu. (bsc#1151713)
Fixes an issue when unused 'xset' may cause exception in 'appimage'. (bsc#1150612)
Include other object creaiton options. (bsc#1138203)
Use the domain name stored in the samba credentials object. (bsc#1138487)
Display a backtrace if the connection fails.
Use new schema of desktop files. (bsc#1084864)
Move the module to Network Services.
Use common authentication from yast2-adcommon-python.
Switch to using a unified file/actions menu, instead of random buttons
Remove 'ad-dc' dependency. (jsc#ECO-2527)
Fix slow load of 'ADUC' caused by chatty ldap traffic. (bsc#1170998)
The domain label should be a text field, for manually entering the domain name. (bsc#1154121)
Fix to reconnect the 'ldap' session if it times out. (bsc#1150394)
'AD' modules should connect to an AD-DC via the SamDB interface, instead of 'python-ldap'. (bsc#1146898)
Fix incorrectly placed domain in change domain dialog (bsc#1145508)
YaST 'aduc/adsi/gpmc' should not exit after entering empty password and explicitly state that an Active Directory administrator should sign in. (bsc#1132565)
Move schema parsing code from adsi to the common code. (bsc#1138203)
'TypeError: Expected a string or unicode object' during auth. (bsc#1135224)
Authentication fails with 'Failed to initialize ldap connection'. (bsc#1135130)
Fix for an issue when 'yast2-adcommon-python' 'ldap' does not correctly parse 'ldap' urls. (bsc#1133568)
Initial version

Advisory ID	SUSE-RU-2021:906-1
Released	Fri Mar 19 16:18:34 2021
Summary	Recommended maintenance update for SUSE Manager 4.1: Server and Proxy
Type	recommended
Severity	moderate
References	1157711,1173893,1175660,1177508,1179579,1180145,1180146,1180224,1180439,1180547,1180558,1180757,1180994,1181048,1181165,1181228,1181290,1181416,1181423,1181635,1181807,1181814,1182001,1182006,1182008,1182071,1182200,1182492,1182685,CVE-2020-26217,CVE-2020-26258,CVE-2020-26259,CVE-2020-28477

Description:

Maintenance update for SUSE Manager 4.1: Server and Proxy
This is a codestream only patchinfo.

Advisory ID	SUSE-RU-2021:924-1
Released	Tue Mar 23 10:00:49 2021
Summary	Recommended update for filesystem
Type	recommended
Severity	moderate
References	1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094

Description:

This update for filesystem the following issues:

Remove duplicate line due to merge error
Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011)
Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705)
Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466)
Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519)

This update for systemd fixes the following issues:

Fix for a possible memory leak. (bsc#1180020)
Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596)
Fixed an issue when starting a container conflicts with another one. (bsc#1178775)
Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831)
Don't use shell redirections when calling a rpm macro. (bsc#1183094)
'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083)

Advisory ID	SUSE-RU-2021:925-1
Released	Tue Mar 23 10:39:19 2021
Summary	Recommended update for fetchmail
Type	recommended
Severity	moderate
References	1136538,1182807

Description:

This update for fetchmail fixes the following issues:

Remove comment about not available FETCHMAIL_USER configuration variable in sysconfig.fetchmail. (bsc#1136538)
Set the hostname for SNI when using TLS (bsc#1182807)

Advisory ID	SUSE-RU-2021:926-1
Released	Tue Mar 23 13:20:24 2021
Summary	Recommended update for systemd-presets-common-SUSE
Type	recommended
Severity	moderate
References	1083473,1112500,1115408,1165780,1183012

Description:

This update for systemd-presets-common-SUSE fixes the following issues:

Add default user preset containing: - enable `pulseaudio.socket` (bsc#1083473) - enable `pipewire.socket` (bsc#1183012) - enable `pipewire-pulse.socket` (bsc#1183012) - enable `pipewire-media-session.service` (used with pipewire >= 0.3.23)
Changes to the default preset: - enable `btrfsmaintenance-refresh.path`. - disable `btrfsmaintenance-refresh.service`. - enable `dnf-makecache.timer`. - enable `ignition-firstboot-complete.service`. - enable logwatch.timer and avoid to have logwatch out of sync with logrotate. (bsc#1112500) - enable `mlocate.timer`. Recent versions of mlocate don't use `updatedb.timer` any more. (bsc#1115408) - remove enable `updatedb.timer`
Avoid needless refresh on boot. (bsc#1165780)

Advisory ID	SUSE-RU-2021:927-1
Released	Tue Mar 23 14:07:06 2021
Summary	Recommended update for libreoffice
Type	recommended
Severity	moderate
References	1041090,1049382,1116658,1136234,1155141,1173404,1173409,1173410,1173471,1174465,1176547,1177955,1178807,1178943,1178944,1179025,1179203,1181122,1181644,1181872,1182790

Description:

This update for libreoffice provides the upgrade from version 6.4.5.2 to 7.1.1.2 (jsc#ECO-3150, bsc#1182790)

libreoffice:

Image shown with different aspect ratio (bsc#1176547)
Text changes are reproducibly lost on PPTX with SmartArt (bsc#1181644)
Adjust to new Box2D and enable KDE on SUSE Linux Enterprise 15-SP3 or newer (jsc#ECO-3375)
Wrong bullet points in Impress (bsc#1174465)
SmartArt: text wrongly aligned, background boxes not quite right (bsc#1177955)
Update the SUSE color palette to reflect the new SUSE branding. (bsc#1181122, bsc#1173471) - SUSE Mint - SUSE Midnight Blue - SUSE Waterhole Blue - SUSE Persimmon
Fix a crash opening a PPTX. (bsc#1179025)
Fix text box from PowerPoint renders vertically instead of horizontally (bsc#1178807)
Shadow effects for table completely missing (bsc#1178944, bsc#1178943)
Disable firebird integration for the time being (bsc#1179203)
Fixes hang on Writer on scrolling/saving of a document (bsc#1136234)
Wrong rendering of bulleted lists in PPTX document (bsc#1155141)
Sidebar: paragraph widget: numeric fields become inactive/unaccessible after saving (bsc#1173404)
Crash of Writer opening any document having 'invalid' python file in home directory (bsc#1116658)

libixion:
Update to 0.16.1:

fixed a build issue on 32-bit linux platforms, caused by slicing of integer string ID values.
worked around floating point rounding errors which prevented two theoretically-equal numeric values from being evaluated as equal in test code.
added new function to allow printing of single formula tokens.
added method for setting cached results on formula cells in model_context.
changed the model_context design to ensure that all sheets are of the same size.
added an accessor method to formula_model_access interface (and implicitly in model_context) that directly returns a string value from cell.
added cell_access class for querying of cell states without knowing its type ahead of time.
added document class which provides a layer on top of model_context, to abstract away the handling of formula calculations.
deprecated model_context::erase_cell() in favor of empty_cell().
added support for 3D references - references that contain multiple sheets.
added support for the exponent (^) and concatenation (&) operators.
fixed incorrect handling of range references containing whole columns such as A:A.
added support for unordered range references - range references whose start row or column is greater than their end position counterparts, such as A3:A1.
fixed a bug that prevented nested formula functions from working properly.
implemented Calc A1 style reference resolver.
formula results now directly store the string values when the results are of string type. They previously stored string ID values after interning the original strings.
Removed build-time dependency on spdlog.

libmwaw:
Update to 0.3.17:

add a parser for Jazz(Lotus) writer and spreasheet files. The writer parser can only be called if the file still contains its resource fork
add a parser for Canvas 3 and 3.5 files
AppleWorks parser: try to retrieve more Windows presentation
add a parser for Drawing Table files
add a parser for Canvas 2 files
API: add new reserved enums in MWAWDocument.hxx `MWAW_T_RESERVED10..MWAW_T_RESERVED29` and add a new define in libmwaw.hxx `MWAW_INTERFACE_VERSION` to check if these enums are defined
remove the QuarkXPress parser (must be in libqxp)
retrieve the annotation in MsWord 5 document
try to better understand RagTime 5-6 document

libnumbertext:
Update to 1.0.6
liborcus:
Update to 0.16.1

Add upstream changes to fix build with GCC 11 (bsc#1181872)

libstaroffice:
Update to 0.0.7:

fix `text:sender-lastname` when creating meta-data

libwps:
Update to 0.4.11:

XYWrite: add a parser to .fil v2 and v4 files
wks,wk1: correct some problems when retrieving cell's reference.

glfw:
New package provided on version 3.3.2:

See also: https://www.glfw.org/changelog.html
Sort list of input files to geany for reproducible builds (bsc#1049382, bsc#1041090) * Require pkgconfig(gl) for the devel package to supply needed include GL/gl.h * glfwFocusWindow could terminate on older WMs or without a WM * Creating an undecorated window could fail with BadMatch * Querying a disconnected monitor could segfault * Video modes with a duplicate screen area were discarded * The CMake files did not check for the XInput headers * Key names were not updated when the keyboard layout changed * Decorations could not be enabled after window creation * Content scale fallback value could be inconsistent * Disabled cursor mode was interrupted by indicator windows * Monitor physical dimensions could be reported as zero mm * Window position events were not emitted during resizing * Added on-demand loading of Vulkan and context creation API libraries * [X11] Bugfix: Window size limits were ignored if the minimum or maximum size was set to `GLFW_DONT_CARE` * [X11] Bugfix: Input focus was set before window was visible, causing BadMatch on some non-reparenting WMs * [X11] Bugfix: glfwGetWindowPos and glfwSetWindowPos operated on the window frame instead of the client area * [WGL] Added reporting of errors from `WGL_ARB_create_context` extension * [EGL] Added lib prefix matching between EGL and OpenGL ES library binaries * [EGL] Bugfix: Dynamically loaded entry points were not verified
Made build of geany-tags optional.

Box2D:
New package provided on version 2.4.1:
* Extended distance joint to have a minimum and maximum limit. * `B2_USER_SETTINGS` and `b2_user_settings.h` can control user data, length units, and maximum polygon vertices. * Default user data is now uintptr_t instead of void* * b2FixtureDef::restitutionThreshold lets you set the restitution velocity threshold per fixture. * Collision * Chain and edge shape must now be one-sided to eliminate ghost collisions * Broad-phase optimizations * Added b2ShapeCast for linear shape casting * Dynamics * Joint limits are now predictive and not stateful * Experimental 2D cloth (rope) * b2Body::SetActive -> b2Body::SetEnabled * Better support for running multiple worlds * Handle zero density better * The body behaves like a static body * The body is drawn with a red color * Added translation limit to wheel joint * World dump now writes to box2d_dump.inl * Static bodies are never awake * All joints with spring-dampers now use stiffness and damping * Added utility functions to convert frequency and damping ratio to stiffness and damping * Polygon creation now computes the convex hull. * The convex hull code will merge vertices closer than dm_linearSlop.

Advisory ID	SUSE-SU-2021:930-1
Released	Wed Mar 24 12:09:23 2021
Summary	Security update for nghttp2
Type	security
Severity	important
References	1172442,1181358,CVE-2020-11080

Description:

This update for nghttp2 fixes the following issues:

CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358)

Advisory ID	SUSE-SU-2021:933-1
Released	Wed Mar 24 12:16:14 2021
Summary	Security update for ruby2.5
Type	security
Severity	important
References	1177125,1177222,CVE-2020-25613

Description:

This update for ruby2.5 fixes the following issues:

CVE-2020-25613: Fixed a potential HTTP Request Smuggling in WEBrick (bsc#1177125).
Enable optimizations also on ARM64 (bsc#1177222)

Advisory ID	SUSE-SU-2021:936-1
Released	Wed Mar 24 12:21:17 2021
Summary	Security update for libass
Type	security
Severity	important
References	1177862,CVE-2020-26682

Description:

This update for libass fixes the following issues:

CVE-2020-26682: Fixed a signed integer overflow in the call to outline_stroke() (bsc#1177862).

Advisory ID	SUSE-SU-2021:940-1
Released	Wed Mar 24 12:25:20 2021
Summary	Security update for jetty-minimal
Type	security
Severity	important
References	1182898,CVE-2020-27223

Description:

This update for jetty-minimal fixes the following issues:

jetty-minimal was upgraded to version 9.4.38.v20210224 - CVE-2020-27223: Fixed an issue with Accept request header which might have led to Denial of Service (bsc#1182898).

Advisory ID	SUSE-SU-2021:941-1
Released	Wed Mar 24 12:25:53 2021
Summary	Security update for hawk2
Type	security
Severity	important
References	1179999,1182165,1182166,CVE-2020-35459,CVE-2021-25314

Description:

This update for hawk2 fixes the following issues:

Update to version 2.6.3: * Remove hawk_invoke and use capture3 instead of runas (bsc#1179999)(CVE-2020-35459) * Remove unnecessary chmod (bsc#1182166)(CVE-2021-25314) * Sanitize filename to contains whitelist of alphanumeric (bsc#1182165)

Advisory ID	SUSE-SU-2021:949-1
Released	Wed Mar 24 14:32:00 2021
Summary	Security update for evolution-data-server
Type	security
Severity	moderate
References	1173910,1174712,1182882,CVE-2020-14928,CVE-2020-16117

Description:

This update for evolution-data-server fixes the following issues:

CVE-2020-16117: Fix crash on malformed server response with minimal capabilities (bsc#1174712).
CVE-2020-14928: Response injection via STARTTLS in SMTP and POP3 (bsc#1173910).
Fix buffer overrun when parsing base64 data (bsc#1182882).

This update for evolution-ews fixes the following issue:

Fix buffer overrun when parsing base64 data (bsc#1182882).

Advisory ID	SUSE-RU-2021:952-1
Released	Thu Mar 25 14:36:56 2021
Summary	Recommended update for libunwind
Type	recommended
Severity	moderate
References	1160876,1171549

Description:

This update for libunwind fixes the following issues:

Update to version 1.5.0. (jsc#ECO-3395)
Enable s390x for building. (jsc#ECO-3395)
Fix compilation with 'fno-common'. (bsc#1171549)
Fix build with 'GCC-10'. (bsc#1160876)

Advisory ID	SUSE-RU-2021:953-1
Released	Thu Mar 25 14:37:26 2021
Summary	Recommended update for psmisc
Type	recommended
Severity	moderate
References	1178407

Description:

This update for psmisc fixes the following issues:

Fix for 'fuser' when it does not show open kvm storage image files such as 'qcow2' files. (bsc#1178407)

Advisory ID	SUSE-RU-2021:960-1
Released	Mon Mar 29 11:16:28 2021
Summary	Recommended update for cloud-init
Type	recommended
Severity	moderate
References	1181283

Description:

This update for cloud-init fixes the following issues:

Does no longer include the sudoers.d directory twice (bsc#1181283)

Advisory ID	SUSE-feature-2021:961-1
Released	Mon Mar 29 11:19:46 2021
Summary	Feature providing sapstartsrv-resource-agents
Type	feature
Severity	moderate
References

Description:

This update for sapstartsrv-resource-agents provides the following changes:
Simplified Cluster FS architecture for S/4HANA and NetWeaver (jsc#ECO-3341):

This is a resource agent for the instance specific SAP start framework. It controls the instance specific sapstartsrv process which provides the API to start, stop and check an SAP instance.

Advisory ID	SUSE-RU-2021:964-1
Released	Mon Mar 29 11:31:30 2021
Summary	Recommended update for clamsap
Type	recommended
Severity	moderate
References	1181586

Description:

This update for clamsap fixes the following issues:

updated the documentation about RAM allocation of anon memory segment for SAP worker processes (bsc#1181586)

Advisory ID	SUSE-SU-2021:966-1
Released	Mon Mar 29 13:06:24 2021
Summary	Security update for MozillaFirefox
Type	security
Severity	important
References	1183942,CVE-2021-23981,CVE-2021-23982,CVE-2021-23984,CVE-2021-23987

Description:

This update for MozillaFirefox fixes the following issues:

Firefox was updated to 78.9.0 ESR (MFSA 2021-11, bsc#1183942) * CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an out-of-bound read * CVE-2021-23982: Internal network hosts could have been probed by a malicious webpage * CVE-2021-23984: Malicious extensions could have spoofed popup information * CVE-2021-23987: Memory safety bugs

Advisory ID	SUSE-RU-2021:967-1
Released	Mon Mar 29 13:48:07 2021
Summary	Recommended update for scap-security-guide
Type	recommended
Severity	moderate
References

Description:

This update for scap-security-guide fixes the following issues:

Restore the Red Hat conflict when the package builds on Red Hat, Fedora or derivates.

Advisory ID	SUSE-SU-2021:974-1
Released	Mon Mar 29 19:31:27 2021
Summary	Security update for tar
Type	security
Severity	low
References	1181131,CVE-2021-20193

Description:

This update for tar fixes the following issues:
CVE-2021-20193: Memory leak in read_header() in list.c (bsc#1181131)

Advisory ID	SUSE-RU-2021:981-1
Released	Tue Mar 30 10:59:43 2021
Summary	Recommended update for cloud-regionsrv
Type	recommended
Severity	moderate
References	1029162,1171232,1171233

Description:

This update for cloud-regionsrv fixes the following issues:

Fix for region server that may return an incorrect region and during verification of the IP leads to a mismatch. (bsc#1171232, bsc#1171233)
Update to version 8.0.5 (bsc#1029162) - Improve region hint matching by forcing config settings and received 'regionHint' to lower case - IPv6 support

Advisory ID	SUSE-RU-2021:985-1
Released	Tue Mar 30 14:43:43 2021
Summary	Recommended update for the Azure SDK and CLI
Type	recommended
Severity	moderate
References	1125671,1140565,1154393,1174514,1175289,1176784,1176785,1178168,CVE-2020-14343,CVE-2020-25659

Description:

This update for the Azure SDK and CLI adds support for the AHB (Azure Hybrid Benefit). (bsc#1176784, jsc#ECO=3105)

Advisory ID	SUSE-RU-2021:991-1
Released	Wed Mar 31 13:28:37 2021
Summary	Recommended update for vim
Type	recommended
Severity	moderate
References	1182324

Description:

This update for vim provides the following fixes:

Install SUSE vimrc in /usr. (bsc#1182324)
Source correct suse.vimrc file. (bsc#1182324)

Advisory ID	SUSE-RU-2021:996-1
Released	Wed Mar 31 15:17:03 2021
Summary	Recommended update for mariadb-connector-c
Type	recommended
Severity	moderate
References	1182739

Description:

This update for mariadb-connector-c fixes the following issues:

mariadb-connector-c was updated to 3.1.12 (bsc#1182739): * MDEV-24577: Fix warnings generated during compilation of plugin/auth_pam/testing/pam_mariadb_mtr.c on FreeBSD * CONC-521: Fixed warning on MacOS when including ucontext.h * CONC-518: Check if mysql->options.extension was allocated before checking async_context * CONC-517: C/C looks for plugins in wrong location on Windows

Advisory ID	SUSE-RU-2021:1002-1
Released	Thu Apr 1 13:59:48 2021
Summary	Recommended update for wireguard-tools
Type	recommended
Severity	low
References	1181334

Description:

This update for wireguard-tools fixes the following issues:

Added tunnel config reload functionality (e.g. systemctl reload wg-quick@wg0.service)

Advisory ID	SUSE-SU-2021:1007-1
Released	Thu Apr 1 17:47:20 2021
Summary	Security update for MozillaFirefox
Type	security
Severity	important
References	1183942,CVE-2021-23981,CVE-2021-23982,CVE-2021-23984,CVE-2021-23987

Description:

This update for MozillaFirefox fixes the following issues:

Firefox was updated to 78.9.0 ESR (MFSA 2021-11, bsc#1183942) * CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an out-of-bound read * CVE-2021-23982: Internal network hosts could have been probed by a malicious webpage * CVE-2021-23984: Malicious extensions could have spoofed popup information * CVE-2021-23987: Memory safety bugs

Advisory ID	SUSE-SU-2021:1008-1
Released	Thu Apr 1 17:49:05 2021
Summary	Security update for tomcat
Type	security
Severity	important
References	1182909,1182912,CVE-2021-25122,CVE-2021-25329

Description:

This update for tomcat fixes the following issues:
CVE-2021-25122: Apache Tomcat h2c request mix-up (bsc#1182912) CVE-2021-25329: Complete fix for CVE-2020-9484 (bsc#1182909)

Advisory ID	SUSE-RU-2021:1017-1
Released	Tue Apr 6 14:27:58 2021
Summary	Recommended update for dehydrated
Type	recommended
Severity	moderate
References

Description:

This update for dehydrated fixes the following issues:

Add directory where cleanup can archive unused certificates
Clarified new default settings. KEY_ALGO=secp384r1. Please consult README.maintainer for details and how to return to RSA-based certificate issuance. (jsc#ECO-3435, jsc#SLE-15909)
Added a note about ACMEv1 deprecation
Added a note on new ACME providers and the new non-URL provider syntax. See README.maintainer for details.

Advisory ID	SUSE-RU-2021:1018-1
Released	Tue Apr 6 14:29:13 2021
Summary	Recommended update for gzip
Type	recommended
Severity	moderate
References	1180713

Description:

This update for gzip fixes the following issues:

Fixes an issue when 'gzexe' counts the lines to skip wrong. (bsc#1180713)

Advisory ID	SUSE-RU-2021:1019-1
Released	Tue Apr 6 14:29:37 2021
Summary	Recommended update for gdb
Type	recommended
Severity	moderate
References	1180786

Description:

This update for gdb fixes the following issues:

Fixed a heap-use-after-free issue in remote_async_inferior_event_handler
Changed the license back to 'GPL-3.0-or-later AND GPL-3.0-with-GCC-exception AND LGPL-2.1-or-later AND LGPL-3.0-or-later' - it was accidentally changed (bsc#1180786)

Advisory ID	SUSE-RU-2021:1021-1
Released	Tue Apr 6 14:30:30 2021
Summary	Recommended update for cups
Type	recommended
Severity	moderate
References	1175960

Description:

This update for cups fixes the following issues:

Fixed the web UI kerberos authentication (bsc#1175960)

Advisory ID	SUSE-SU-2021:1029-1
Released	Tue Apr 6 18:26:20 2021
Summary	Security update for gssproxy
Type	security
Severity	moderate
References	1180515,CVE-2020-12658

Description:

This update for gssproxy fixes the following issues:

CVE-2020-12658: Fixed an issue where gssproxy was not unlocking cond_mutex before pthread exit in gp_worker_main() (bsc#1180515).

Advisory ID	SUSE-SU-2021:1097-1
Released	Wed Apr 7 18:06:54 2021
Summary	Security update for openexr
Type	security
Severity	moderate
References	1184172,1184173,1184174,CVE-2021-3474,CVE-2021-3475,CVE-2021-3476

Description:

This update for openexr fixes the following issues:

CVE-2021-3474: Undefined-shift in Imf_2_5::FastHufDecoder::FastHufDecoder (bsc#1184174)
CVE-2021-3475: Integer-overflow in Imf_2_5::calculateNumTiles (bsc#1184173)
CVE-2021-3476: Undefined-shift in Imf_2_5::unpack14 (bsc#1184172)

Advisory ID	SUSE-RU-2021:1100-1
Released	Thu Apr 8 08:44:13 2021
Summary	Recommended update for sapconf
Type	recommended
Severity	moderate
References	1176061,1179524,1182314,1182906

Description:

This update for sapconf fixes the following issues:

Added sapconf_check and supportconfig plugin for sapconf
Added change log message for 'MIN_PERF_PCT' parameter to reduce the spot light (bsc#1179524)
Added an additional check to detect an active saptune service to improve log messages (bsc#1182314)
sapconf.service starts now automatically during package update, if tuned is running with sapconf as profile (bsc#1176061)
sapconf.service will now only be disabled if saptune is active (bsc#1182906)

Advisory ID	SUSE-SU-2021:1104-1
Released	Thu Apr 8 10:32:42 2021
Summary	Security update for fwupdate
Type	security
Severity	important
References	1182057

Description:

This update for fwupdate fixes the following issues:

Add SBAT section to EFI images (bsc#1182057)

Advisory ID	SUSE-SU-2021:1116-1
Released	Fri Apr 9 10:56:55 2021
Summary	Security update for umoci
Type	security
Severity	important
References	1184147,CVE-2021-29136

Description:

This update for umoci fixes the following issues:

Update to umoci v0.4.6.
CVE-2021-29136: malicious layer allows overwriting of host files (bsc#1184147)

Advisory ID	SUSE-RU-2021:1137-1
Released	Mon Apr 12 13:09:53 2021
Summary	Recommended update for lifecycle-data-sle-live-patching
Type	recommended
Severity	low
References	1020320

Description:

This update for lifecycle-data-sle-live-patching fixes the following issues:

Added data for 4_12_14-122_63, 4_12_14-95_71, 4_4_121-92_152, 4_4_180-94_141 (bsc#1020320)

Advisory ID	SUSE-RU-2021:1155-1
Released	Tue Apr 13 04:42:54 2021
Summary	Recommended update for sblim-sfcb
Type	recommended
Severity	important
References	1180753

Description:

This update for sblim-sfcb fixes the following issue:

Avoid a double free during a failed localhost client connection. (bsc#1180753)

Advisory ID	SUSE-SU-2021:1163-1
Released	Tue Apr 13 13:42:38 2021
Summary	Security update for spamassassin
Type	security
Severity	important
References	1159133,1184221,CVE-2019-12420,CVE-2020-1946

Description:

This update for spamassassin fixes the following issues:

CVE-2019-12420: memory leak via crafted messages (bsc#1159133)
CVE-2020-1946: security update (bsc#1184221)

Advisory ID	SUSE-SU-2021:1166-1
Released	Tue Apr 13 14:03:51 2021
Summary	Security update for wpa_supplicant
Type	security
Severity	moderate
References	1184348,CVE-2021-30004

Description:

This update for wpa_supplicant fixes the following issues:

CVE-2021-30004: Fixed an issue where forging attacks might have occured because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c (bsc#1184348).

Advisory ID	SUSE-SU-2021:1167-1
Released	Tue Apr 13 14:04:14 2021
Summary	Security update for MozillaThunderbird
Type	security
Severity	important
References	1177542,1183942,1184536,CVE-2021-23981,CVE-2021-23982,CVE-2021-23984,CVE-2021-23987,CVE-2021-23991,CVE-2021-23992

Description:

This update for MozillaThunderbird fixes the following issues:

Mozilla Thunderbird was updated to version 78.9.1 (MFSA 2021-12,MFSA 2021-13, bsc#1183942, bsc#1184536) * CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an out-of-bound read * CVE-2021-23982: Internal network hosts could have been probed by a malicious webpage * CVE-2021-23984: Malicious extensions could have spoofed popup information * CVE-2021-23987: Memory safety bugs * CVE-2021-23991: An attacker may use Thunderbird's OpenPGP key refresh mechanism to poison an existing key * CVE-2021-23993: Inability to send encrypted OpenPGP email after importing a crafted OpenPGP key
cleaned up and fixed mozilla.sh.in for wayland (bsc#1177542)

Advisory ID	SUSE-RU-2021:1169-1
Released	Tue Apr 13 15:01:42 2021
Summary	Recommended update for procps
Type	recommended
Severity	low
References	1181976

Description:

This update for procps fixes the following issues:

Corrected a statement in the man page about processor pinning via taskset (bsc#1181976)

Advisory ID	SUSE-SU-2021:1182-1
Released	Tue Apr 13 18:38:05 2021
Summary	Security update for xorg-x11-server
Type	security
Severity	important
References	1180128,CVE-2021-3472

Description:

This update for xorg-x11-server fixes the following issues:

CVE-2021-3472: XChangeFeedbackControl Integer Underflow Privilege Escalation (bsc#1180128)

Advisory ID	SUSE-SU-2021:1190-1
Released	Wed Apr 14 14:08:13 2021
Summary	Security update for clamav
Type	security
Severity	important
References	1181256,1184532,1184533,1184534,CVE-2021-1252,CVE-2021-1404,CVE-2021-1405

Description:

This update for clamav fixes the following issues:

CVE-2021-1252: Fix for Excel XLM parser infinite loop. (bsc#1184532)
CVE-2021-1404: Fix for PDF parser buffer over-read; possible crash. (bsc#1184533)
CVE-2021-1405: Fix for mail parser NULL-dereference crash. (bsc#1184534)
Fix errors when scanning files > 4G (bsc#1181256)
Update clamav.keyring
Update to 0.103.2

Advisory ID	SUSE-RU-2021:1230-1
Released	Thu Apr 15 17:09:58 2021
Summary	Recommended update for SUSE Manager Client Tools
Type	recommended
Severity	moderate
References	1131670,1178072,1181124,1181474,1182339,1182603,1183959

Description:

This update fixes the following issues:
golang-github-boynux-squid_exporter:

Build requires Go 1.15
Add %license macro for LICENSE file

golang-github-lusitaniae-apache_exporter:

Build with Go 1.15

golang-github-prometheus-prometheus:

Uyuni: `hostname` label is now set to FQDN instead of IP

grafana:

Update to version 7.4.2: * Make Datetime local (No date if today) working (#31274) (#31275) * 'Release: Updated versions in package to 7.4.2' (#31272) * [v7.4.x] Chore: grafana-toolkit uses grafana-ui and grafana-data workspaces (#31269) * Snapshots: Disallow anonymous user to create snapshots (#31263) (#31266) * only update usagestats every 30min (#31131) (#31262) * Prometheus: Fix enabling of disabled queries when editing in dashboard (#31055) (#31248) * CloudWatch: Ensure empty query row errors are not passed to the panel (#31172) (#31245) * StatPanels: Fixes to palette color scheme is not cleared when loading panel (#31126) (#31246) * QueryEditors: Fixes issue that happens after moving queries then editing would update other queries (#31193) (#31244) * LibraryPanels: Disconnect before connect during dashboard save (#31235) (#31238) * SqlDataSources: Fixes the Show Generated SQL button in query editors (#31236) (#31239) * Variables: Adds back default option for data source variable (#31208) (#31232) * IPv6: Support host address configured with enclosing square brackets (#31226) (#31228) * Postgres: Fix timeGroup macro converts long intervals to invalid numbers when TimescaleDB is enabled (#31179) (#31224) * Remove last synchronisation field from LDAP debug view (#30984) (#31221) * [v7.4.x]: Sync drone config from master to stable release branch (#31213) * DataSourceSrv: Filter out non queryable data sources by default (#31144) (#31214) * Alerting: Fix modal text for deleting obsolete notifier (#31171) (#31209) * Variables: Fixes missing empty elements from regex filters (#31156) (#31201) * DashboardLinks: Fixes links always cause full page reload (#31178) (#31181) * DashboardListPanel: Fixes issue with folder picker always showing All and using old form styles (#31160) (#31162) * Permissions: Fix team and role permissions on folders/dashboards not displayed for non Grafana Admin users (#31132) (#31176) * Prometheus: Multiply exemplars timestamp to follow api change (#31143) (#31170)
Added add-gotest-module.patch to fix 'inconsistent vendoring' build failure
Update to version 7.4.1: * 'Release: Updated versions in package to 7.4.1' (#31128) * Transforms: Fixes Outer join issue with duplicate field names not getting the same unique field names as before (#31121) (#31127) * MuxWriter: Handle error for already closed file (#31119) (#31120) * Logging: sourcemap transform asset urls from CDN in logged stacktraces (#31115) (#31117) * Exemplars: Change CTA style (#30880) (#31105) * test: add support for timeout to be passed in for addDatasource (#30736) (#31090) * Influx: Make max series limit configurable and show the limiting message if applied (#31025) (#31100) * Elasticsearch: fix log row context erroring out (#31088) (#31094) * test: update addDashboard flow for v7.4.0 changes (#31059) (#31084) * Usage stats: Adds source/distributor setting (#31039) (#31076) * DashboardLinks: Fixes crash when link has no title (#31008) (#31050) * Make value mappings correctly interpret numeric-like strings (#30893) (#30912) * Elasticsearch: Fix alias field value not being shown in query editor (#30992) (#31037) * BarGauge: Improvements to value sizing and table inner width calculations (#30990) (#31032) * convert path to posix by default (#31045) (#31053) * Alerting: Fixes so notification channels are properly deleted (#31040) (#31046) * Drone: Fix deployment image (#31027) (#31029) * Graph: Fixes so graph is shown for non numeric time values (#30972) (#31014) * instrumentation: make the first database histogram bucket smaller (#30995) (#31001) * Build: Releases e2e and e2e-selectors too (#31006) (#31007) * TextPanel: Fixes so panel title is updated when variables change (#30884) (#31005) * StatPanel: Fixes issue formatting date values using unit option (#30979) (#30991) * Units: Fixes formatting of duration units (#30982) (#30986) * Elasticsearch: Show Size setting for raw_data metric (#30980) (#30983) * Logging: sourcemap support for frontend stacktraces (#30590) (#30976) * e2e: extends selector factory to plugins (#30932) (#30934) * Variables: Adds queryparam formatting option (#30858) (#30924) * Exemplars: change api to reflect latest changes (#30910) (#30915) * 'Release: Updated versions in package to 7.4.0' (#30898) * DataSourceSettings: Adds info box and link to Grafana Cloud (#30891) (#30896) * GrafanaUI: Add a way to persistently close InfoBox (#30716) (#30895) * [7.4.x] AlertingNG: List saved Alert definitions in Alert Rule list (30890)(30603) * Alerting: Fixes alert panel header icon not showing (#30840) (#30885) * Plugins: Requests validator (#30445) (#30877) * PanelLibrary: Adds library panel meta information to dashboard json (#30770) (#30883) * bump grabpl version to 0.5.36 (#30874) (#30878) * Chore: remove __debug_bin (#30725) (#30857) * Grafana-ui: fixes closing modals with escape key (#30745) (#30873) * DashboardLinks: Support variable expression in to tooltip - Issue #30409 (#30569) (#30852) * Add alt text to plugin logos (#30710) (#30872) * InfluxDB: Add http configuration when selecting InfluxDB v2 flavor (#30827) (#30870) * Prometheus: Set type of labels to string (#30831) (#30835) * AlertingNG: change API permissions (#30781) (#30814) * Grafana-ui: fixes no data message in Table component (#30821) (#30855) * Prometheus: Add tooltip to explain possibility to use patterns in text and title fields in annotations (#30825) (#30843) * Chore: add more docs annotations (#30847) (#30851) * BarChart: inside-align strokes, upgrade uPlot to 1.6.4. (#30806) (#30846) * Transforms: allow boolean in field calculations (#30802) (#30845) * CDN: Fixes cdn path when Grafana is under sub path (#30822) (#30823) * bump cypress to 6.3.0 (#30644) (#30819) * Expressions: Measure total transformation requests and elapsed time (#30514) (#30789) * Grafana-UI: Add story/docs for ErrorBoundary (#30304) (#30811) * [v7.4.x]: Menu: Mark menu components as internal (#30801) * Graph: Fixes auto decimals issue in legend and tooltip (#30628) (#30635) * GraphNG: Disable Plot logging by default (#30390) (#30500) * Storybook: Migrate card story to use controls (#30535) (#30549) * GraphNG: add bar alignment option (#30499) (#30790) * Variables: Clears drop down state when leaving dashboard (#30810) (#30812) * Add missing callback dependency (#30797) (#30809) * GraphNG: improve behavior when switching between solid/dash/dots (#30796) (#30799) * Add width for Variable Editors (#30791) (#30795) * Panels: Fixes so panels are refreshed when scrolling past them fast (#30784) (#30792) * PanelEdit: Trigger refresh when changing data source (#30744) (#30767) * AlertingNG: Enable UI to Save Alert Definitions (#30394) (#30548) * CDN: Fix passing correct prefix to GetContentDeliveryURL (#30777) (#30779) * CDN: Adds support for serving assets over a CDN (#30691) (#30776) * Explore: Update styling of buttons (#30493) (#30508) * Loki: Append refId to logs uid (#30418) (#30537) * skip symlinks to directories when generating plugin manifest (#30721) (#30738) * Mobile: Fixes issue scrolling on mobile in chrome (#30746) (#30750) * BarChart: add alpha bar chart panel (#30323) (#30754) * Datasource: Use json-iterator configuration compatible with standard library (#30732) (#30739) * Variables: Fixes so text format will show All instead of custom all (#30730) (#30731) * AlertingNG: pause/unpause definitions via the API (#30627) (#30672) * PanelLibrary: better handling of deleted panels (#30709) (#30726) * Transform: improve the 'outer join' performance/behavior (#30407) (#30722) * DashboardPicker: switch to promise-based debounce, return dashboard UID (#30706) (#30714) * Use connected GraphNG in Explore (#30707) (#30708) * PanelLibrary: changes casing of responses and adds meta property (#30668) (#30711) * DeployImage: Switch base images to Debian (#30684) (#30699) * Trace: trace to logs design update (#30637) (#30702) * Influx: Show all datapoints for dynamically windowed flux query (#30688) (#30703) * ci(npm-publish): add missing github package token to env vars (#30665) (#30673) * Loki: Improve live tailing errors and fix Explore's logs container type errors (#30517) (#30681) * Grafana-UI: Fix setting default value for MultiSelect (#30671) (#30687) * Explore: Fix jumpy live tailing (#30650) (#30677) * Docs: Refer to product docs in whats new for alerting templating feature (#30652) (#30670) * Variables: Fixes display value when using capture groups in regex (#30636) (#30661) * Docs: Fix expressions enabled description (#30589) (#30651) * Licensing Docs: Adding license restrictions docs (#30216) (#30648) * DashboardSettings: fixes vertical scrolling (#30640) (#30643) * chore: bump redux toolkit to 1.5.0 for immer 8.0.1 vulnerability fix (#30605) (#30631) * Explore: Fix loading visualisation on the top of the new time series panel (#30553) (#30557) * Footer: Fixes layout issue in footer (#30443) (#30494) * Variables: Fixes so queries work for numbers values too (#30602) (#30624) * Admin: Fixes so form values are filled in from backend (#30544) (#30623) * Docs: Update 7.4 What's New to use more correct description of alerting notification template feature (#30502) (#30614) * NodeGraph: Add docs (#30504) (#30613) * Cloud Monitoring: Fix legend naming with display name override (#30440) (#30503) * Expressions: Add option to disable feature (#30541) (#30558) * OldGraph: Fix height issue in Firefox (#30565) (#30582) * XY Chart: fix editor error with empty frame (no fields) (#30573) (#30577) * XY Chart: share legend config with timeseries (#30559) (#30566) * DataFrame: cache frame/field index in field state (#30529) (#30560) * Prometheus: Fix show query instead of Value if no __name__ and metric (#30511) (#30556) * Decimals: Big Improvements to auto decimals and fixes to auto decimals bug found in 7.4-beta1 (#30519) (#30550) * chore: update packages dependent on dot-prop to fix security vulnerability (#30432) (#30487) * GraphNG: uPlot 1.6.3 (fix bands not filling below 0). close #30523. (#30527) (#30528) * GraphNG: uPlot 1.6.2 (#30521) (#30522) * Chore: Upgrade grabpl version (#30486) (#30513) * grafana/ui: Fix internal import from grafana/data (#30439) (#30507) * prevent field config from being overwritten (#30437) (#30442) * Chore: upgrade NPM security vulnerabilities (#30397) (#30495) * TimeSeriesPanel: Fixed default value for gradientMode (#30484) (#30492) * Admin: Fixes so whole org drop down is visible when adding users to org (#30481) (#30497) * Chore: adds wait to e2e test (#30488) (#30490) * Graph: Fixes so only users with correct permissions can add annotations (#30419) (#30466) * Alerting: Hides threshold handle for percentual thresholds (#30431) (#30467) * Timeseries: only migrage point size when configured (#30461) (#30470) * Expressions: Fix button icon (#30444) (#30450) * PanelModel: Make sure the angular options are passed to react panel type changed handler (#30441) (#30451) * Docs: Fix img link for alert notification template (#30436) (#30447) * Chore: Upgrade build pipeline tool (#30456) (#30457) * PanelOptions: Refactoring applying panel and field options out of PanelModel and add property clean up for properties not in field config registry (#30389) (#30438) * 'Release: Updated versions in package to 7.4.0-beta.1' (#30427) * Chore: Update what's new URL (#30423) * GraphNG: assume uPlot's series stroke is always a function (#30416) * PanelLibrary: adding library panels to Dashboard Api (#30278) * Prettier: Fixes to files that came in after main upgrade (#30410) * Cloud Monitoring: Add curated dashboards for the most popular GCP services (#29930) * Mssql integrated security (#30369) * Prettier: Upgrade to 2 (#30387) * GraphNG: sort ascending if the values appear reversed (#30405) * Docs: Grafana whats new 7.4 (#30404) * Dashboards: Adds cheat sheet toggle to supported query editors (#28857) * Docs: Update timeseries-dimensions.md (#30403) * Alerting: Evaluate data templating in alert rule name and message (#29908) * Docs: Add links to 7.3 patch release notes (#30292) * Docs: Update _index.md (#29546) * Docs: Update jaeger.md (#30401) * Expressions: Remove feature toggle (#30316) * Docs: Update tempo.md (#30399) * Docs: Update zipkin.md (#30400) * services/provisioning: Various cleanup (#30396) * DashboardSchemas: OpenAPI Schema Generation (#30242) * AlertingNG: Enforce unique alert definition title (non empty)/UID per organisation (#30380) * Licensing: Document new v7.4 options and APIs (#30217) * Auth: add expired token error and update CreateToken function (#30203) * NodeGraph: Add node graph visualization (#29706) * Add jwtTokenAuth to plugin metadata schema (#30346) * Plugins: Force POSIX style path separators for manifest generation (#30287) * Add enterprise reporting fonts to gitignore (#30385) * Field overrides: skipping overrides for properties no longer existing in plugin (#30197) * NgAlerting: View query result (#30218) * Grafana-UI: Make Card story public (#30388) * Dashboard: migrate version history list (#29970) * Search: use Card component (#29892) * PanelEvents: Isolate more for old angular query editors (#30379) * Loki: Remove showing of unique labels with the empty string value (#30363) * Chore: Lint all files for no-only-tests (#30364) * Clears errors after running new query (#30367) * Prometheus: Change exemplars endpoint (#30378) * Explore: Fix a bug where Typeahead crashes when a large amount of ite… (#29637) * Circular vector: improve generics (#30375) * Update signing docs (#30296) * Email: change the year in templates (#30294) * grafana/ui: export TLS auth component (#30320) * Query Editor: avoid word wrap (#30373) * Transforms: add sort by transformer (#30370) * AlertingNG: Save alert instances (#30223) * GraphNG: Color series from by value scheme & change to fillGradient to gradientMode (#29893) * Chore: Remove not used PanelOptionsGrid component (#30358) * Zipkin: Remove browser access mode (#30360) * Jaeger: Remove browser access mode (#30349) * chore: bump lodash to 4.17.20 (#30359) * ToolbarButton: New emotion based component to replace all navbar, DashNavButton and scss styles (#30333) * Badge: Increase contrast, remove rocket icon for plugin beta/alpha state (#30357) * Licensing: Send map of environment variables to plugins (#30347) * Dashboards: Exit to dashboard when deleting panel from panel view / edit view (#29032) * Cloud Monitoring: MQL support (#26551) * ReleaseNotes: Updated changelog and release notes for 7.4.0-beta1 (#30348) * Panel options UI: Allow collapsible categories (#30301) * Grafana-ui: Fix context menu item always using onClick instead of href (#30350) * Badge: Design improvement & reduce contrast (#30328) * make sure stats are added horizontally and not vertically (#30106) * Chore(deps): Bump google.golang.org/grpc from 1.33.1 to 1.35.0 (#30342) * Chore(deps): Bump github.com/stretchr/testify from 1.6.1 to 1.7.0 (#30341) * Chore(deps): Bump github.com/google/uuid from 1.1.2 to 1.1.5 (#30340) * Chore(deps): Bump github.com/hashicorp/go-version from 1.2.0 to 1.2.1 (#30339) * Fix HTML character entity error (#30334) * GraphNG: fix fillBelowTo regression (#30330) * GraphNG: implement softMin/softMax for auto-scaling stabilization. close #979. (#30326) * Legend: Fixes right y-axis legend from being pushed outside the bounds of the panel (#30327) * Grafana-toolkit: Update component generator templates (#30306) * Panels: remove beta flag from stat and bargauge panels (#30324) * GraphNG: support fill below to (bands) (#30268) * grafana-cli: Fix security issue (#28888) * AlertingNG: Modify queries and transform endpoint to get datasource UIDs (#30297) * Chore: Fix missing property from ExploreGraph (#30315) * Prometheus: Add support for Exemplars (#28057) * Grafana-UI: Enhances for TimeRangePicker and TimeRangeInput (#30102) * ReleaseNotes: Updated changelog and release notes for 7.4.0 (#30312) * Table: Fixes BarGauge cell display mode font size so that it is fixed to the default cell font size (#30303) * AngularGraph: Fixes issues with legend wrapping after legend refactoring (#30283) * Plugins: Add Open Distro to the list of data sources supported by sigv4 (#30308) * Chore: Moves common and response into separate packages (#30298) * GraphNG: remove y-axis position control from series color picker in the legend (#30302) * Table: migrate old-table config to new table config (#30142) * Elasticsearch: Support extended stats and percentiles in terms order by (#28910) * Docs: Update release notes index * GraphNG: stats in legend (#30251) * Grafana UI: EmptySearchResult docs (#30281) * Plugins: Use the includes.path (if exists) on sidebar includes links (#30291) * Fix spinner and broken buttons (#30286) * Graph: Consider reverse sorted data points on isOutsideRange check (#30289) * Update getting-started.md (#30257) * Backend: use sdk version (v0.81.0) without transform (gel) code (#29236) * Chore: update latest versions to 7.3.7 (#30282) * Loki: Fix hiding of series in table if labels have number values (#30185) * Loki: Lower min step to 1ms (#30135) * Prometheus: Improve autocomplete performance and remove disabling of dynamic label lookup (#30199) * Icons: Adds custom icon support ands new panel and interpolation icons (#30277) * ReleaseNotes: Updated changelog and release notes for 7.3.7 (#30280) * Grafana-ui: Allow context menu items to be open in new tab (#30141) * Cloud Monitoring: Convert datasource to use Dataframes (#29830) * GraphNG: added support to change series color from legend. (#30256) * AzureMonitor: rename labels for query type dropdown (#30143) * Decimals: Improving auto decimals logic for high numbers and scaled units (#30262) * Elasticsearch: Use minimum interval for alerts (#30049) * TimeSeriesPanel: The new graph panel now supports y-axis value mapping #30272 * CODEOWNERS: Make backend squad owners of backend style guidelines (#30266) * Auth: Add missing request headers to SigV4 middleware allowlist (#30115) * Grafana-UI: Add story/docs for FilterPill (#30252) * Grafana-UI: Add story/docs for Counter (#30253) * Backend style guide: Document JSON guidelines (#30267) * GraphNG: uPlot 1.6, hide 'Show points' in Points mode, enable 'dot' lineStyle (#30263) * Docs: Update prometheus.md (#30240) * Docs: Cloudwatch filter should be JSON format (#30243) * API: Add by UID routes for data sources (#29884) * Docs: Update datasource_permissions.md (#30255) * Cloudwatch: Move deep link creation to the backend (#30206) * Metrics API: Use jsoniter for JSON encoding (#30250) * Add option in database config to skip migrations for faster startup. (#30146) * Set signed in users email correctly (#30249) * Drone: Upgrade build pipeline tool (#30247) * runRequest: Fixes issue with request time range and time range returned to panels are off causing data points to be cut off (outside) (#30227) * Elasticsearch: fix handling of null values in query_builder (#30234) * Docs: help users connect to Prometheus using SigV4 (#30232) * Update documentation-markdown-guide.md (#30207) * Update documentation-markdown-guide.md (#30235) * Better logging of plugin scanning errors (#30231) * Print Node.js and Toolkit versions (#30230) * Chore: bump rollup across all packages (#29486) * Backend style guide: Document database patterns (#30219) * Chore: Bump plugin-ci-alpine Docker image version (#30225) * Legends: Refactoring and rewrites of legend components to simplify components & reuse (#30165) * Use Node.js 14.x in plugin CI (#30209) * Field overrides: extracting the field config factory into its own reusable module. (#30214) * LibraryPanels: adds connections (#30212) * PanelOptionsGroups: Only restore styles from PanelOptionsGroup (#30215) * Variables: Add deprecation warning for value group tags (#30160) * GraphNG: Hide grid for right-y axis if left x-axis exists (#30195) * Middleware: Add CSP support (#29740) * Updated image links to have newer format. (#30208) * Docs: Update usage-insights.md (#30150) * Share panel dashboard add images (#30201) * Update documentation-style-guide.md (#30202) * Docs: Fix links to transforms (#30194) * docs(badge): migrate story to use controls (#30180) * Chore(deps): Bump github.com/prometheus/common from 0.14.0 to 0.15.0 (#30188) * Fix alert definition routine stop (#30117) * Chore(deps): Bump gopkg.in/square/go-jose.v2 from 2.4.1 to 2.5.1 (#30189) * InlineSwitch: Minor story fix (#30186) * Chore(deps): Bump github.com/gosimple/slug from 1.4.2 to 1.9.0 (#30178) * Chore(deps): Bump github.com/fatih/color from 1.9.0 to 1.10.0 (#30183) * Chore(deps): Bump github.com/lib/pq from 1.3.0 to 1.9.0 (#30181) * Chore(deps): Bump github.com/hashicorp/go-plugin from 1.2.2 to 1.4.0 (#30175) * Chore(deps): Bump github.com/getsentry/sentry-go from 0.7.0 to 0.9.0 (#30171) * Gauge: Fixes issue with all null values cause min & max to be null (#30156) * Links: Add underline on hover for links in NewsPanel (#30166) * GraphNG: Update to test dashboards (#30153) * CleanUp: Removed old panel options group component (#30157) * AngularQueryEditors: Fixes to Graphite query editor and other who refer to other queries (#30154) * Chore(deps): Bump github.com/robfig/cron/v3 from 3.0.0 to 3.0.1 (#30172) * Chore(deps): Bump github.com/urfave/cli/v2 from 2.1.1 to 2.3.0 (#30173) * Chore: Fix spelling issue (#30168) * Revise README.md. (#30145) * Chore(deps): Bump github.com/mattn/go-sqlite3 from 1.11.0 to 1.14.6 (#30174) * InlineSwitch: Added missing InlineSwitch component and fixed two places that used unaligned inline switch (#30162) * GraphNG: add new alpha XY Chart (#30096) * Elastic: Support request cancellation properly (Uses new backendSrv.fetch Observable request API) (#30009) * OpenTSDB: Support request cancellation properly (#29992) * InfluxDB: Update Flux external link (#30158) * Allow dependabot to keep go packages up-to-date (#30170) * PluginState: Update comment * GraphNG: Minor polish & updates to new time series panel and move it from alpha to beta (#30163) * Share panel dashboard (#30147) * GraphNG: rename 'graph3' to 'timeseries' panel (#30123) * Add info about access mode (#30137) * Prometheus: Remove running of duplicated metrics query (#30108) * Prometheus: Fix autocomplete does not work on incomplete input (#29854) * GraphNG: remove graph2 panel (keep the parts needed for explore) (#30124) * Docs: Add metadata to activating licensing page (#30140) * MixedDataSource: Added missing variable support flag (#30110) * AngularPanels: Fixes issue with some panels not rendering when going into edit mode due to no height (#30113) * AngularPanels: Fixes issue with discrete panel that used the initialized event (#30133) * Explore: Make getFieldLinksForExplore more reusable (#30134) * Elasticsearch: Add Support for Serial Differencing Pipeline Aggregation (#28618) * Angular: Fixes issue with angular directive caused by angular upgrade in master (#30114) * Analytics: add data source type in data-request events (#30087) * GraphNG: 'Interpolation: Step after' test (#30127) * GraphNG: check cross-axis presence when auto-padding. close #30121. (#30126) * Alerting: improve alerting default datasource search when extracting alerts (#29993) * Loki: Timeseries should not produce 0-values for missing data (#30116) * GraphNG: support dashes (#30070) * GraphNG: fix spanGaps optimization in alignDataFrames(). see #30101. (#30118) * Alerting NG: update API to expect UIDs instead of IDs (#29896) * GraphNG: Overhaul of main test dashboard and update to null & gaps dashboard (#30101) * Chore: Fix intermittent time-related test failure in explore datasource instance update (#30109) * QueryEditorRow: Ability to change query name (#29779) * Frontend: Failed to load application files message improvement IE11 (#30011) * Drone: Upgrade build pipeline tool (#30104) * Fix phrasing. (#30075) * Chore: Add CloudWatch HTTP API tests (#29691) * Elastic: Fixes so templating queries work (#30003) * Chore: Rewrite elasticsearch client test to standard library (#30093) * Chore: Rewrite tsdb influxdb test to standard library (#30091) * Fix default maximum lifetime an authenticated user can be logged in (#30030) * Instrumentation: re-enable database wrapper feature to expose counter and histogram for database queries (#29662) * Docs: Update labels to fields transform (#30086) * GraphNG: adding possibility to toggle tooltip, graph and legend for series (#29575) * Chore: Rewrite tsdb cloudmonitoring test to standard library (#30090) * Chore: Rewrite tsdb azuremonitor time grain test to standard library (#30089) * Chore: Rewrite tsdb graphite test to standard library (#30088) * Chore: Upgrade Docker build image wrt. Go/golangci-lint/Node (#30077) * Usage Stats: Calculate concurrent users as a histogram (#30006) * Elasticsearch: Fix broken alerting when using pipeline aggregations (#29903) * Drone: Fix race conditions between Enterprise and Enterprise2 (#30076) * Chore: Rewrite models datasource cache test to standard library (#30040) * Plugins: prevent app plugin from rendering with wrong location (#30017) * Update NOTICE.md * Chore: Tiny typo fix `rage` -> `range` (#30067) * Docs: loki.md: Add example of Loki data source config (#29976) * ReleaseNotes: Updated changelog and release notes for 7.3.6 (#30066) * Docs: Update usage-insights.md (#30065) * Docs: Update white-labeling.md (#30064) * Chore(deps): Bump axios from 0.19.2 to 0.21.1 (#30059) * Chore: Rewrite models tags test to standard library (#30041) * Bump actions/setup-node from v1 to v2.1.4 (#29891) * Build(deps): Bump ini from 1.3.5 to 1.3.7 (#29787) * fall back to any architecture when getting plugin's checksum #30034 (#30035) * Lerna: Update to 3.22.1 (#30057) * SeriesToRows: Fixes issue in transform so that value field is always named Value (#30054) * [dashboard api] manage error when data in dashboard table is not valid json (#29999) * use sha256 checksum instead of md5 (#30018) * Chore: Rewrite brute force login protection test to standard library (#29986) * Chore: Rewrite login auth test to standard library (#29985) * Chore: Rewrite models dashboards test to standard library (#30023) * Chore: Rewrite models dashboard acl test to standard library (#30022) * Chore: Rewrite models alert test to standard library (#30021) * Chore: Rewrite ldap login test to standard library (#29998) * Chore: Rewrite grafana login test to standard library (#29997) * Fix two ini-file typos regarding LDAP (#29843) * Chore: Changes source map devtool to inline-source-map (#30004) * Chore: Sync Enterprise go.sum (#30005) * Chore: Add Enterprise dependencies (#29994) * SQLStore: customise the limit of retrieved datasources per organisation (#29358) * Chore: update crewjam/saml library to the latest master (#29991) * Graph: Fixes so users can not add annotations in readonly dash (#29990) * Currency: add Vietnamese dong (VND) (#29983) * Drone: Update pipelines for Enterprise (#29939) * Remove the bus from teamgroupsync (#29810) * Influx: Make variable query editor input uncontrolled (#29968) * PanelLibrary: Add PATCH to the API (#29956) * PanelEvents: Isolating angular panel events into it's own event bus + more event refactoring (#29904) * Bump node-notifier from 8.0.0 to 8.0.1 (#29952) * LDAP: Update use_ssl documentation (#29964) * Docs: Missing 's' on 'logs' (#29966) * Docs: Update opentsdb.md (#29963) * Docs: Minor typo correction (#29962) * librarypanels: Fix JSON field casing in tests (#29954) * TemplateSrv: Do not throw error for an unknown format but use glob as fallback and warn in the console (#29955) * PanelLibrary: Adds uid and renames title to name (#29944) * Docs: Fix raw format variable docs (#29945) * RedirectResponse: Implement all of api.Response (#29946) * PanelLibrary: Adds get and getAll to the api (#29772) * Chore: Remove duplicate interpolateString test (#29941) * Chore: Rewrite influxdb query parser test to standard library (#29940) * Folders: Removes the possibility to delete the General folder (#29902) * Chore: Convert tsdb request test to standard library (#29936) * Chore: Convert tsdb interval test to standard library (#29935) * Docs: Update configuration.md (#29912) * Docs: Update organization_roles.md (#29911) * Docs: Update _index.md (#29918) * GraphNG: bring back tooltip (#29910) * Ng Alerting: Remove scroll and fix SplitPane limiters (#29906) * Dashboard: Migrating dashboard settings to react (#27561) * Minor correction to explanation on correct MS SQL usage. (#29889) * AlertingNG: Create a scheduler to evaluate alert definitions (#29305) * Add changelog items for 7.3.6, 7.2.3 and 6.7.5 (#29901) * bump stable to 7.3.6 (#29899) * Upgrade go deps. (#29900) * Expressions: Replace query input fields with select. (#29816) * PanelEdit: Update UI if panel plugin changes field config (#29898) * Elasticsearch: Remove timeSrv dependency (#29770) * PanelEdit: Need new data after plugin change (#29874) * Chore(toolkit): disable react/prop-types for eslint config (#29888) * Field Config API: Add ability to hide field option or disable it from the overrides (#29879) * SharedQuery: Fixes shared query editor now showing queries (#29849) * GraphNG: support fill gradient (#29765) * Backend style guide: Add more guidelines (#29871) * Keep query keys consistent (#29855) * Alerting: Copy frame field labels to time series tags (#29886) * Update configure-docker.md (#29883) * Usage Stats: Introduce an interface for usage stats service (#29882) * DataFrame: add a writable flag to fields (#29869) * InlineForms: Changes to make inline forms more flexible for query editors (#29782) * Usage Stats: Allow to add additional metrics to the stats (#29774) * Fix the broken link of XORM documentation (#29865) * Move colors demo under theme colors (#29873) * Dashboard: Increase folder name size in search dashboard (#29821) * MSSQL: Config UI touches (#29834) * QueryOptions: Open QueryEditors: run queries after changing group options #29864 * GraphNG: uPlot 1.5.2, dynamic stroke/fill, Flot-style hover points (#29866) * Variables: Fixes so numerical sortorder works for options with null values (#29846) * GraphNG: only initialize path builders once (#29863) * GraphNG: Do not set fillColor from GraphNG only opacity (#29851) * add an example cloudwatch resource_arns() query that uses multiple tags (ref: #29499) (#29838) * Backend: Remove more globals (#29644) * MS SQL: Fix MS SQL add data source UI issues (#29832) * Display palette and colors for dark and light themes in storybook (#29848) * Docs: Fix broken link in logs-panel (#29833) * Docs: Add info about typing of connected props to Redux style guide (#29842) * Loki: Remove unnecessary deduplication (#29421) * Varibles: Fixes so clicking on Selected will not include All (#29844) * Explore/Logs: Correctly display newlines in detected fields (#29541) * Link suppliers: getLinks API update (#29757) * Select: Changes default menu placement for Select from auto to bottom (#29837) * Chore: Automatically infer types for dashgrid connected components (#29818) * Chore: Remove unused Loki and Cloudwatch syntax providers (#29686) * Pass row (#29839) * GraphNG: Context menu (#29745) * GraphNG: Enable scale distribution configuration (#29684) * Explore: Improve Explore performance but removing unnecessary re-renders (#29752) * DashboardDS: Fixes display of long queries (#29808) * Sparkline: Fixes issue with sparkline that sent in custom fillColor instead of fillOpacity (#29825) * Chore: Disable default golangci-lint filter (#29751) * Update style guide with correct usage of MS SQL (#29829) * QueryEditor: do not auto refresh on every update (#29762) * Chore: remove unused datasource status enum (#29827) * Expressions: support ${my var} syntax (#29819) * Docs: Update types-options.md (#29777) * Chore: Enable more go-ruleguard rules (#29781) * GraphNG: Load uPlot path builders lazily (#29813) * Elasticsearch: ensure query model has timeField configured in datasource settings (#29807) * Chore: Use Header.Set method instead of Header.Add (#29804) * Allow dependabot to check actions (#28159) * Grafana-UI: Support optgroup for MultiSelect (#29805) * Sliders: Update behavior and style tweak (#29795) * Grafana-ui: Fix collapsible children sizing (#29776) * Style guide: Document avoidance of globals in Go code (#29803) * Chore: Rewrite opentsdb test to standard library (#29792) * CloudWatch: Add support for AWS DirectConnect ConnectionErrorCount metric (#29583) * GraphNG: uPlot 1.5.1 (#29789) * GraphNG: update uPlot v1.5.0 (#29763) * Added httpMethod to webhook (#29780) * @grafana-runtime: Throw error if health check fails in DataSourceWithBackend (#29743) * Explore: Fix remounting of query row (#29771) * Expressions: Add placeholders to hint on input (#29773) * Alerting: Next gen Alerting page (#28397) * GraphNG: Add test dashboard for null & and gaps rendering (#29769) * Expressions: Field names from refId (#29755) * Plugins: Add support for signature manifest V2 (#29240) * Chore: Configure go-ruleguard via golangci-lint (#28419) * Move middleware context handler logic to service (#29605) * AlertListPanel: Add options to sort by Time(asc) and Time(desc) (#29764) * PanelLibrary: Adds delete Api (#29741) * Tracing: Release trace to logs feature (#29443) * ReleaseNotes: Updated changelog and release notes for 7.3.5 (#29753) * DataSourceSettings: Add servername field to DataSource TLS config (#29279) * Chore: update stable and testing versions (#29748) * ReleaseNotes: Updated changelog and release notes for 7.3.5 (#29744) * Elasticsearch: View in context feature for logs (#28764) * Chore: Disable gosec on certain line (#29382) * Logging: log frontend errors caught by ErrorBoundary, including component stack (#29345) * ChangePassword: improved keyboard navigation (#29567) * GrafanaDataSource: Fix selecting -- Grafana -- data source, broken after recent changes (#29737) * Docs: added version note for rename by regex transformation. (#29735) * @grafana/ui: Fix UI issues for cascader button dropdown and query input (#29727) * Docs: Update configuration.md (#29728) * Docs: Remove survey (#29549) * Logging: rate limit fronted logging endpoint (#29272) * API: add Status() to RedirectResponse (#29722) * Elasticsearch: Deprecate browser access mode (#29649) * Elasticsearch: Fix query initialization action (#29652) * PanelLibrary: Adds api and db to create Library/Shared/Reusable Panel (#29642) * Transformer: Rename metrics based on regex (#29281) * Variables: Fixes upgrade of legacy Prometheus queries (#29704) * Auth: Add SigV4 header allowlist to reduce chances of verification issues (#29650) * DataFrame: add path and description metadata (#29695) * Alerting: Use correct time series name override from frame fields (#29693) * GraphNG: fix bars migration and support color and linewidth (#29697) * PanelHeader: Fix panel header description inline code wrapping (#29628) * Bugfix 29848: Remove annotation_tag entries as part of annotations cleanup (#29534) * GraphNG: simple settings migration from flot panel (#29599) * GraphNG: replace bizcharts with uPlot for sparklines (#29632) * GitHubActions: Update node version in github action (#29683) * Adds go dep used by an Enterprise feature. (#29645) * Typescript: Raise strict error limit for enterprise (#29688) * Remove unnecessary escaping (#29677) * Update getting-started-prometheus.md (#29678) * instrumentation: align label name with our other projects (#29514) * Typescript: Fixing typescript strict error, and separate check from publishing (#29679) * CloudWatch: namespace in search expression should be quoted if match exact is enabled #29109 (#29563) * Docs: Plugin schema updates (#28232) * RadioButton: Fix flex issue in master for radio buttons (#29664) * Update getting-started.md (#29670) * Expr: fix time unit typo in ds queries (#29668) * Expr: make reduction nan/null more consistent (#29665) * Expr: fix func argument panic (#29663) * Update documentation-style-guide.md (#29661) * Update documentation-markdown-guide.md (#29659) * Docs: Changed image format (#29658) * Expr: fix failure to execute due to OrgID (#29653) * GraphNG: rename 'points' to 'showPoints' (#29635) * Expressions: Restore showing expression query editor even if main data source is not mixed (#29656) * GraphNG: time range should match the panel timeRange (#29596) * Support svg embedded favicons in whitelabeling (#29436) * Add changelog to docs style guide (#29581) * Loki: Retry web socket connection when connection is closed abnormally (#29438) * GraphNG: Fix annotations and exemplars plugins (#29613) * Chore: Rewrite tsdb sql engine test to standard library (#29590) * GraphNG: fix and optimize spanNulls (#29633) * Build(deps): Bump highlight.js from 10.4.0 to 10.4.1 (#29625) * Cloudwatch: session cache should use UTC consistently (#29627) * GraphNG: rename GraphMode to DrawStyle (#29623) * GraphNG: add spanNulls config option (#29512) * Docs: add docs for concatenate transformer (#28667) * Stat/Gauge: expose explicit font sizing (#29476) * GraphNG: add gaps/nulls support to staircase & smooth interpolation modes (#29593) * grafana/ui: Migrate Field knobs to controls (#29433) * Prometheus: Fix link to Prometheus graph in dashboard (#29543) * Build: Publish next and latest npm channels to Github (#29615) * Update broken aliases (#29603) * API: add ID to snapshot API responses (#29600) * Elasticsearch: Migrate queryeditor to React (#28033) * QueryGroup & DataSourceSrv & DataSourcePicker changes simplify usage, error handling and reduce duplication, support for uid (#29542) * Elastic: Fixes config UI issues (#29608) * GraphNG: Fix issues with plugins not retrieving plot instance (#29585) * middleware: Make scenario test functions take a testing.T argument (#29564) * Grafana/ui: Storybook controls understand component types (#29574) * Login: Fixes typo in tooltip (#29604) * Panel: making sure we support all versions of chrome when detecting position of click event. (#29544) * Chore: Rewrite sqlstore migration test to use standard library (#29589) * Chore: Rewrite tsdb prometheus test to standard library (#29592) * Security: Add gosec G304 auditing annotations (#29578) * Chore: Rewrite tsdb testdatasource scenarios test to standard library (#29591) * Docs: Add missing key to enable SigV4 for provisioning Elasticsearch data source (#29584) * Add Microsoft.Network/natGateways (#29479) * Update documentation-style-guide.md (#29586) * @grafana/ui: Add bell-slash to available icons (#29579) * Alert: Fix forwardRef warning (#29577) * Update documentation-style-guide.md (#29580) * Chore: Upgrade typescript to 4.1 (#29493) * PanelLibrary: Adds library_panel table (#29565) * Make build docker full fix (#29570) * Build: move canary packages to github (#29411) * Devenv: Add default db for influxdb (#29371) * Chore: Check errors from Close calls (#29562) * GraphNG: support auto and explicit axis width (#29553) * Chore: upgrading y18n to 4.0.1 for security reasons (#29523) * Middleware: Rewrite tests to use standard library (#29535) * Overrides: show category on the overrides (#29556) * GraphNG: Bars, Staircase, Smooth modes (#29359) * Docs: Fix docs sync actions (#29551) * Chore: Update dev guide node version for Mac (#29548) * Docs: Update formatting-multi-value-variables.md (#29547) * Arrow: toArray() on nullable values should include null values (#29520) * Docs: Update syntax.md (#29545) * NodeJS: Update to LTS (14) (#29467) * Docs: Update repeat-panels-or-rows.md (#29540) * 3 minor changes, including updating the title TOC (#29501) * Auth proxy: Return standard error type (#29502) * Data: use pre-defined output array length in vectorToArray() (#29516) * Dashboards: hide playlist edit functionality from viewers and snapshots link from unauthenticated users (#28992) * docker: use yarn to build (#29538) * QueryEditors: Refactoring & rewriting out dependency on PanelModel (#29419) * Chore: skip flaky tests (#29537) * Graph NG: Invalidate uPlot config on timezone changes (#29531) * IntelliSense: Fix autocomplete and highlighting for Loki, Prometheus, Cloudwatch (#29381) * Variables: Fixes Textbox current value persistence (#29481) * OptionsEditor: simplify the options editor interfaces (#29518) * Icon: Changed the icon for signing in (#29530) * fixes bug with invalid handler name for metrics (#29529) * Middleware: Simplifications (#29491) * GraphNG: simplify effects responsible for plot updates/initialization (#29496) * Alarting: fix alarm messages in dingding (Fixes #29470) (#29482) * PanelEdit: making sure the correct datasource query editor is being rendered. (#29500) * AzureMonitor: Unit MilliSeconds naming (#29399) * Devenv: update mysql_tests and postgres_tests blocks for allowing dynamically change of underlying docker image (#29525) * Chore: Enable remaining eslint-plugin-react rules (#29519) * Docs/Transformations: Add documentation about Binary operations in Add field from calculation (#29511) * Datasources: fixed long error message overflowing container (#29440) * docker: fix Dockerfile after Gruntfile.js removed (#29515) * Chore: Adds Panel Library featuretoggle (#29521) * Docs: Update filter-variables-with-regex.md (#29508) * Docs: InfluxDB_V2 datasource: adding an example on how to add InfluxQL as a datasource (#29490) * Loki: Add query type and line limit to query editor in dashboard (#29356) * Docs: Added Security Group support to Azure Auth (#29418) * DataLinks: Removes getDataSourceSettingsByUid from applyFieldOverrides (#29447) * Bug: trace viewer doesn't show more than 300 spans (#29377) * Live: publish all dashboard changes to a single channel (#29474) * Chore: Enable eslint-plugin-react partial rules (#29428) * Alerting: Update alertDef.ts with more time options (#29498) * DataSourceSrv: Look up data source by uid and name transparently (#29449) * Instrumentation: Add examplars for request histograms (#29357) * Variables: Fixes Constant variable persistence confusion (#29407) * Docs: Fix broken link for plugins (#29346) * Prometheus: don't override displayName property (#29441) * Grunt: Removes grunt dependency and replaces some of its usage (#29461) * Transformation: added support for excluding/including rows based on their values. (#26884) * Chore: Enable exhaustive linter (#29458) * Field overrides: added matcher to match all fields within frame/query. (#28872) * Log: Use os.Open to open file for reading (#29483) * MinMax: keep global min/main in field state (#29406) * ReactGridLayout: Update dependency to 1.2 (#29455) * Jest: Upgrade to latest (#29450) * Chore: bump grafana-ui rollup dependencies (#29315) * GraphNG: use uPlot's native ms support (#29445) * Alerting: Add support for Sensu Go notification channel (#28012) * adds tracing for all bus calls that passes ctx (#29434) * prometheus: Improve IsAPIError's documentation (#29432) * ReleaseNotes: Updated changelog and release notes for 7.3.4 (#29430) * Elasticsearch: Fix index pattern not working with multiple base sections (#28348) * Plugins: Add support for includes' icon (#29416) * Docs: fixing frontend docs issue where enums ending up in wrong folder level. (#29429) * Variables: Fixes issue with upgrading legacy queries (#29375) * Queries: Extract queries from dashboard (#29349) * Docs: docker -> Docker (#29331) * PanelEvents: Refactors and removes unnecessary events, fixes panel editor update issue when panel options change (#29414) * Fix: Correct panel edit uistate migration (#29413) * Alerting: Improve Prometheus Alert Rule error message (#29390) * Fix: Migrate Panel edit uiState percentage strings to number (#29412) * remove insecure cipher suit as default option (#29378) * * prometheus fix variables fetching when customQueryParameters used #28907 (#28949) * Chore: Removes observableTester (#29369) * Chore: Adds e2e tests for Variables (#29341) * Fix gosec finding of unhandled errors (#29398) * Getting started with Grafana and MS SQL (#29401) * Arrow: cast timestams to Number (#29402) * Docs: Add Cloud content links (#29317) * PanelEditor: allow access to the eventBus from panel options (#29327) * GraphNG: support x != time in library (#29353) * removes unused golint file (#29391) * prefer server cipher suites (#29379) * Panels/DashList: Fix order of recent dashboards (#29366) * Core: Move SplitPane layout from PanelEdit. (#29266) * Drone: Upgrade build pipeline tool (#29365) * Update yarn.lock to use latest rc-util (#29313) * Variables: Adds description field (#29332) * Chore: Update latest.json (#29351) * Drone: Upload artifacts for release branch builds (#29297) * Docs: fixing link issues in auto generated frontend docs. (#29326) * Drone: Execute artifact publishing for both editions in parallel during release (#29362) * Devenv: adding default credentials for influxdb (#29344) * Drone: Check CUE dashboard schemas (#29334) * Backend: fix IPv6 address parsing erroneous (#28585) * dashboard-schemas cue 3.0.0 compatible (#29352) * Update documentation-style-guide.md (#29354) * Docs: Update requirements.md (#29350) * ReleaseNotes: Updated changelog and release notes for 7.3.4 (#29347) * ReleaseNotes: Updated changelog and release notes for 7.3.4 (#29338) * Drone: Publish NPM packages after Storybook to avoid race condition (#29340) * Add an option to hide certain users in the UI (#28942) * Guardian: Rewrite tests from goconvey (#29292) * Docs: Fix editor role and alert notification channel description (#29301) * Docs: Improve custom Docker image instructions (#29263) * Security: Fixes minor security issue with alert notification webhooks that allowed GET & DELETE requests #29330 * Chore: Bump storybook to v6 (#28926) * ReleaseNotes: Updates release notes link in package.json (master) (#29329) * Docs: Accurately reflecting available variables (#29302) * Heatmap: Fixes issue introduced by new eventbus (#29322) * Dashboard Schemas (#28793) * devenv: Add docker load test which authenticates with API key (#28905) * Login: Fixes redirect url encoding issues of # %23 being unencoded after login (#29299) * InfluxDB: update flux library and support boolean label values (#29310) * Explore/Logs: Update Parsed fields to Detected fields (#28881) * GraphNG: Init refactorings and fixes (#29275) * fixing a broken relref link (#29312) * Drone: Upgrade build pipeline tool (#29308) * decreasing frontend docs threshold. (#29304) * Docker: update docker root group docs and docker image (#29222) * WebhookNotifier: Convert tests away from goconvey (#29291) * Annotations: fixing so when changing annotations query links submenu will be updated. (#28990) * [graph-ng] add temporal DataFrame alignment/outerJoin & move null-asZero pass inside (#29250) * Dashboard: Fixes kiosk state after being redirected to login page and back (#29273) * make it possible to hide change password link in profile menu (#29246) * Theme: Add missing color type (#29265) * Chore: Allow reducerTester to work with every data type & payload-less actions (#29241) * Explore/Prometheus: Update default query type option to 'Both' (#28935) * Loki/Explore: Add query type selector (#28817) * Variables: New Variables are stored immediately (#29178) * reduce severity level to warning (#28939) * Units: Changes FLOP/s to FLOPS and some other rates per second units get /s suffix (#28825) * Docs: Remove duplicate 'Transformations overview' topics from the TOC (#29247) * Docs: Fixed broken relrefs and chanfed TOC entry name from Alerting to Alerts. (#29251) * Docs: Remove duplicate Panel overview topic. (#29248) * Increase search limit on team add user and improve placeholder (#29258) * Fix warnings for conflicting style rules (#29249) * Make backwards compatible (#29212) * Minor cosmetic markdown tweaks in docs/cloudwatch.md (#29238) * Getting Started: Updated index topic, removed 'what-is-grafana', and adjusted weight o… (#29216) * BarGauge: Fix story for BarGauge, caused knobs to show for other stories (#29232) * Update glossary to add hyperlinks to Explore and Transformation entries (#29217) * Chore: Enable errorlint linter (#29227) * TimeRegions: Fixed issue with time regions and tresholds due to angular js upgrade (#29229) * CloudWatch: Support request cancellation properly (#28865) * CloudMonitoring: Support request cancellation properly (#28847) * Chore: Handle wrapped errors (#29223) * Expressions: Move GEL into core as expressions (#29072) * Chore: remove compress:release grunt task (#29225) * Refactor/Explore: Inline datasource actions into initialisation (#28953) * Fix README typo (#29219) * Grafana UI: Card API refactor (#29034) * Plugins: Changed alertlist alert url to view instead of edit (#29060) * React: Upgrading react to v17, wip (#29057) * Gauge: Tweaks short value auto-sizing (#29197) * BackendSrv: support binary responseType like $http did (#29004) * GraphNG: update the options config (#28917) * Backend: Fix build (#29206) * Permissions: Validate against Team/User permission role update (#29101) * ESlint: React fixes part 1 (#29062) * Tests: Adds expects for observables (#28929) * Variables: Adds new Api that allows proper QueryEditors for Query variables (#28217) * Introduce eslint-plugin-react (#29053) * Automation: Adds GitHub release action (#29194) * Refactor declarative series configuration to a config builder (#29106) * ReleaseNotes: Updated changelog and release notes for 7.3.3 (#29189) * Panels: fix positioning of the header title (#29167) * trace user login and datasource name instead of id (#29183) * playlist: Improve test (#29120) * Drone: Fix publish-packages invocation (#29179) * Table: Fix incorrect condtition for rendering table filter (#29165) * Chore: Upgrade grafana/build-ci-deploy image to latest Go (#29171) * DashboardLinks: will only refresh dashboard search when changing tags for link. (#29040) * ReleaseNotes: Updated changelog and release notes for 7.3.3 (#29169) * CloudWatch: added HTTP API Gateway specific metrics and dimensions (#28780) * Release: Adding release notes for 7.3.3 (#29168) * SQL: Define primary key for tables without it (#22255) * changed link format from MD to HTML (#29163) * Backend: Rename variables for style conformance (#29097) * Docs: Fixes what'new menu and creates index page, adds first draft of release notes to docs (#29158) * Drone: Upgrade build pipeline tool and build image (#29161) * ReleaseNotes: Updated changelog and release notes for 7.4.0 (#29160) * ReleaseNotes: Updated changelog and release notes for 7.3.3 (#29159) * Chore: Upgrade Go etc in build images (#29157) * Chore: Remove unused Go code (#28852) * API: Rewrite tests from goconvey (#29091) * Chore: Fix linting issues caught by ruleguard (#28799) * Fix panic when using complex dynamic URLs in app plugin routes (#27977) * Snapshots: Fixes so that dashboard snapshots show data when using Stat, Gauge, BarGauge or Table panels (#29031) * Fix authomation text: remove hyphen (#29149) * respect fronted-logging.enabled flag (#29107) * build paths in an os independent way (#29143) * Provisioning: always pin app to the sidebar when enabled (#29084) * Automation: Adds new changelog actions (#29142) * Chore: Rewrite preferences test from GoConvey to stdlib and testify (#29129) * Chore: Upgrade Go dev tools (#29124) * Automation: Adding version bump action * DataFrames: add utility function to check if structure has changed (#29006) * Drone: Fix Drone config verification for enterprise on Windows (#29118) * Chore: Require OrgId to be specified in delete playlist command (#29117) * Plugin proxy: Handle URL parsing errors (#29093) * Drone: Verify Drone config at beginning of pipelines (#29071) * Legend/GraphNG: Refactoring legend types and options (#29067) * Doc: Update documentation-style-guide.md (#29082) * Chore: Bumps types for jest (#29098) * LogsPanel: Fix scrolling in dashboards (#28974) * sort alphabetically unique labels, labels and parsed fields (#29030) * Data source proxy: Convert 401 from data source to 400 (#28962) * Plugins: Implement testDatasource for Jaeger (#28916) * Update react-testing-library (#29061) * Graph: Fixes stacking issues like floating bars when data is not aligned (#29051) * StatPanel: Fixes hanging issue when all values are zero (#29077) * Auth: Enable more complete credential chain for SigV4 default SDK auth option (#29065) * Chore: Convert API tests to standard Go lib (#29009) * Update README.md (#29075) * Update CODEOWNERS (#28906) * Enhance automation text for missing information (#29052) * GraphNG: Adding ticks test dashboard and improves tick spacing (#29044) * Chore: Migrate Dashboard List panel to React (#28607) * Test Datasource/Bug: Fixes division by zero in csv metric values scenario (#29029) * Plugins: Bring back coreplugin package (#29064) * Add 'EventBusName' dimension to CloudWatch 'AWS/Events' namespace (#28402) * CloudWatch: Add support for AWS/ClientVPN metrics and dimensions (#29055) * AlertingNG: manage and evaluate alert definitions via the API (#28377) * Fix linting issues (#28811) * Logging: Log frontend errors (#28073) * Fix for multi-value template variable for project selector (#29042) * Chore: Rewrite test helpers from GoConvey to stdlib (#28919) * GraphNG: Fixed axis measurements (#29036) * Fix links to logql docs (#29037) * latest 7.3.2 (#29041) * Elasticsearch: Add Moving Function Pipeline Aggregation (#28131) * changelog 7.3.2 (#29038) * MutableDataFrame: Remove unique field name constraint and values field index and unused/seldom used stuff (#27573) * Fix prometheus docs related to query variable (#29027) * Explore: support ANSI colors in live logs (#28895) * Docs: Add documentation about log levels (#28975) * Dashboard: remove usage of Legacyforms (#28707) * Docs: Troubleshoot starting docker containers on Mac (#28754) * Elasticsearch: interpolate variables in Filters Bucket Aggregation (#28969) * Chore: Bump build pipeline version (#29023) * Annotations: Fixes error when trying to create annotation when dashboard is unsaved (#29013) * TraceViewer: Make sure it does not break when no trace is passed (#28909) * Thresholds: Fixes color assigned to null values (#29010) * Backend: Remove unused code (#28933) * Fix documentation (#28998) * Tracing: Add setting for sampling server (#29011) * Logs Panel: Fix inconsistent higlighting (#28971) * MySQL: Update README.md (#29003) * IntervalVariable: Fix variable tooltip (#28988) * StatPanels: Fixes auto min max when latest value is zero (#28982) * Chore: Fix SQL related Go variable naming (#28887) * MSSQL: Support request cancellation properly (Uses new backendSrv.fetch Observable request API) (#28809) * Variables: Fixes loading with a custom all value in url (#28958) * Backend: Adds route for well-known change password URL (#28788) * docs: fix repeated dashboards link (#29002) * LogsPanel: Don't show scroll bars when not needed (#28972) * Drone: Fix docs building (#28986) * StatPanel: Fixed center of values in edge case scenarios (#28968) * Update getting-started-prometheus.md (#28502) * Docs: fix relref (#28977) * Docs: Minor docs update * Docs: Another workflow docs update * Docs: Workflow minor edit * Docs: Another minor edit * Docs: Update PR workflow docs * Docs: Update bot docs * StatPanels: set default to last (#28617) * Tracing: log traceID in request logger (#28952) * start tracking usage stats for tempo (#28948) * Docs: Update bot docs * GrafanaBot: Update labels and commands and adds docs (#28950) * Docs: updates for file-based menu (#28500) * Grot: Added command/label to close feature requests with standard message (#28937) * GraphNG: Restore focus option (#28946) * Docs: Fix links (#28945) * Short URL: Cleanup unvisited/stale short URLs (#28867) * GraphNG: Using new VizLayout, moving Legend into GraphNG and some other refactorings (#28913) * CloudWatch Logs: Change what we use to measure progress (#28912) * Chore: use jest without grunt (#28558) * Chore: Split Explore redux code into multiple sections (#28819) * TestData: Fix issue with numeric inputs in TestData query editor (#28936) * setting: Fix tests on Mac (#28886) * Plugins signing: Fix docs urls (#28930) * Field color: handling color changes when switching panel types (#28875) * Variables: make sure that we support both old and new syntax for custom variables. (#28896) * CodeEditor: added support for javascript language (#28818) * Update CHANGELOG.md (#28928) * Plugins: allow override when allowing unsigned plugins (#28901) * Chore: Fix spelling issue (#28904) * Grafana-UI: LoadingPlaceholder docs (#28874) * Gauge: making sure threshold panel json is correct before render (#28898) * Chore: Rewrite test in GoConvey to stdlib and testify (#28918) * Update documentation-style-guide.md (#28908) * Adding terms to glossary (#28884) * Devenv: Fix Prometheus basic auth proxy (#28889) * API: replace SendLoginLogCommand with LoginHook (#28777) * Dashboards / Folders: delete related data (permissions, stars, tags, versions, annotations) when deleting a dashboard or a folder (#28826) * Loki: Correct grammar in DerivedFields.tsx (#28885) * Docs: Update list of Enterprise plugins (#28882) * Live: update centrifuge and the ChannelHandler api (#28843) * Update share-panel.md (#28880) * CRLF (#28822) * PanelHeader: show streaming indicator (and allow unsubscribe) (#28682) * Docs: Plugin signing docs (#28671) * Chore: Fix issues reported by staticcheck; enable stylecheck linter (#28866) * Elasticsearch: Filter pipeline aggregations from order by options (#28620) * Variables: added __user.email to global variable (#28853) * Fix titles case and add missing punctuation marks (#28713) * VizLayout: Simple viz layout component for legend placement and scaling (#28820) * Chore: Fix staticcheck issues (#28860) * Chore: Fix staticcheck issues (#28854) * Disable selecting enterprise plugins with no license (#28758) * Tempo: fix test data source (#28836) * Prometheus: fix missing labels from value (#28842) * Chore: Fix issues found by staticcheck (#28802) * Chore: Remove dead code (#28664) * Units: added support to handle negative fractional numbers. (#28849) * Variables: Adds variables inspection (#25214) * Marked: Upgrade and always sanitize by default (#28796) * Currency: add Philippine peso currency (PHP) (#28823) * Alert: Remove z-index on Alert component so that it does not overlay ontop of other content (#28834) * increase blob column size for encrypted dashboard data (#28831) * Gauge: Improve font size auto sizing (#28797) * grafana/toolkit: allow builds with lint warnings (#28810) * core and grafana/toolkit: Use latest version of grafana-eslint-conifg (#28816) * Icon: Replace font awesome icons where possible (#28757) * Remove homelinks panel (#28808) * StatPanels: Add new calculation option for percentage difference (#26369) * Dashboard: Add Datetime local (No date if today) option in panel axes' units (#28011) * Variables: Adds named capture groups to variable regex (#28625) * Panel inspect: Interpolate variables in panel inspect title (#28779) * grafana/toolkit: Drop console and debugger statements by default when building plugin with toolkit (#28776) * Variables: Fixes URL values for dependent variables (#28798) * Graph: Fixes event emit function error (#28795) * Adds storybook integrity check to drone config (#28785) * Live: improve broadcast semantics and avoid double posting (#28765) * Events: Remove unused or unnecessary events (#28783) * Docs: added code comments to frontend packages. (#28784) * Plugin Dockerfiles: Upgrade Go, golangci-lint, gcloud SDK (#28767) * Dependencies: Update angularjs to 1.8.2 (#28736) * EventBus: Introduces new event bus with emitter backward compatible interface (#27564) * ColorSchemes: Add new color scheme (#28719) * Docs: Add NGINX example for using websockets to Loki (#27998) * Docs: Made usage of config/configuration consistent #19270 (#28167) * Cloudwatch: Fix issue with field calculation transform not working properly with Cloudwatch data (#28761) * grafana/toolkit: Extract CHANGELOG when building plugin (#28773) * Drone: Upgrade build pipeline tool (#28769) * devenv: Upgrade MSSQL Docker image (#28749) * Docs: Add docs for InfoBox component (#28705) * Reoeragnization. (#28760) * gtime: Add ParseDuration function (#28525) * Explore: Remove redundant decodeURI and fix urls (#28697) * Dashboard: fix view panel mode for Safari / iOS (#28702) * Provisioning: Fixed problem with getting started panel being added to custom home dashboard (#28750) * LoginPage: Removed auto-capitalization from the login form (#28716) * Plugin page: Fix dom validation warning (#28737) * Migration: Remove LegacyForms from dashboard folder permissions (#28564) * Dependencies: Remove unused dependency (#28711) * AlertRuleList: Add keys to alert rule items (#28735) * Chore: Pin nginx base image in nginx proxy Dockerfiles (#28730) * Drone: Upgrade build-pipeline tool (#28728) * TableFilters: Fixes filtering with field overrides (#28690) * Templating: Speeds up certain variable queries for Postgres, MySql and MSSql (#28686) * Fix typo in unsigned plugin warning (#28709) * Chore: Convert sqlstore annotation test from GoConvey to testify (#28715) * updates from https://github.com/grafana/grafana/pull/28679 (#28708) * Chore: Add some scenario tests for Explore (#28534) * Update latest version to 7.3.1 (#28701) * Changelog update - 7.3.1 (#28699) * Drone: Don't build on Windows for PRs (#28663) * Build: changing docs docker image to prevent setting up frontend devenv. (#28670) * Prometheus: Fix copy paste behaving as cut and paste (#28622) * Loki: Fix error when some queries return zero results (#28645) * Chore: allow higher nodejs version than 12 (#28624) * TextPanel: Fixes problems where text panel would show old content (#28643) * PanelMenu: Fixes panel submenu not being accessible for panels close to the right edge of the screen (#28666) * Cloudwatch: Fix duplicate metric data (#28642) * Add info about CSV download for Excel in What's new article (#28661) * Docs: Describe pipeline aggregation changes in v7.3 (#28660) * Plugins: Fix descendent frontend plugin signature validation (#28638) * Docker: use root group in the custom Dockerfile (#28639) * Bump rxjs to 6.6.3 (#28657) * StatPanel: Fixed value being under graph and reduced likley hood for white and dark value text mixing (#28641) * Table: Fix image cell mode so that it works with value mappings (#28644) * Build: support custom build tags (#28609) * Plugin signing: Fix copy on signed plugin notice (#28633) * Dashboard: Fix navigation from one SoloPanelPage to another one (#28578) * CloudWatch: Improve method name, performance optimization (#28632) * Developer guide: Update wrt. Windows (#28559) * Docs: Update graph panel for tabs (#28552) * update latest.json (#28603) * Docs: data source insights (#28542) * Field config API: add slider editor (#28007) * changelog: update for 7.3.0 (#28602) * Update uPlot to 1.2.2 and align timestamps config with new uPLot API (#28569) * Live: updated the reference to use lazy loaded Monaco in code editor. (#28597) * Dashboard: Allow add panel for viewers_can_edit (#28570) * Docs: Data source provisioning and sigV4 (#28593) * Docs: Additional 7.3 upgrade notes (#28592) * CI: Add GCC to Windows Docker image (#28562) * CloudWatch Logs queue and websocket support (#28176) * Explore/Loki: Update docs and cheatsheet (#28541) * Grafana-UI: Add Card component (#28216) * AddDatasource: Improve plugin categories (#28584) * StatPanel: Fixes BizChart error max: yyy should not be less than min zzz (#28587) * docs: a few tweaks for clarity and readability (#28579) * API: Reducing some api docs errors (#28575) * Grafana-UI: ContextMenu docs (#28508) * Short URL: Update last seen at when visiting a short URL (#28565) * Fix backend build on Windows (#28557) * add value prop (#28561) * Plugin signing: UI information (#28469) * Use fetch API in InfluxDB data source (#28555) * PanelEdit: Prevent the preview pane to be resized further than window height (#28370) * Docs: Update generic-oauth.md (#28517) * GCS image uploader: Add tests (#28521) * Move metrics collector queries to config (#28549) * Plugins: Fix plugin URL paths on Windows (#28548) * API: add login username in SendLoginLogCommand (#28544) * AzureMonitor: Support decimal (as float64) type in analytics/logs (#28480) * Auth: Fix SigV4 request verification step for Amazon Elasticsearch Service (#28481) * Grafana/ui: auto focus threshold editor input (#28360) * Docs: SigV4 What's New and AWS Elasticsearch documentation (#28506) * Drone: Upgrade build pipeline tool (#28533) * Drone: Refactor version branch pipeline logic (#28531) * Drone: Upgrade build-pipeline tool (#28520) * Docs: Update field color scheme docs and 7.3 what's new (#28496) * Templating: Custom variable edit UI, change text input into textarea (#28312) (#28322) * Currency: Adds Indonesian IDR currency (#28363) * Chore: Fix flaky sqlstore annotation test (#28527) * Checkbox: Fix component sample typo (#28518) * Image uploader: Fix uploading of images to GCS (#26493) * OAuth: Support Forward OAuth Identity for backend data source plugins (#27055) * Updated documentation style guide (#28488) * Cloud Monitoring: Fix help section for aliases (#28499) * Docs: what's new in enterprise 7.3 (#28472) * Plugins: Track plugin signing errors and expose them to the frontend (#28219) * Elasticsearch: Fix handling of errors when testing data source (#28498) * Auth: Should redirect to login when anonymous enabled and URL with different org than anonymous specified (#28158) * Drone: Don't build Windows installer for version branches (#28494) * Docs: Grafana Enterprise auditing feature (#28356) * Drone: Add version branch pipeline (#28490) * Getting Started section rehaul (#28090) * Docs: Add survey content (#28446) * Docs: Update prometheus.md (#28483) * Docs: Add view settings and view stats (#28155) * Remove entry from 7.3.0-beta2 Changelog (#28478) * Circle: Remove release pipeline (#28474) * Update latest.json (#28476) * Switch default version to Graphite 1.1 (#28471) * Plugin page: update readme icon (#28465) * Chore: Update changelog (#28473) * Explore: parse time range fix (#28467) * Alerting: Log alert warnings for obsolete notifiers when extracting alerts and remove spammy error (#28162) * Shorten url: Unification across Explore and Dashboards (#28434) * Explore: Support wide data frames (#28393) * Docs: updated cmd to build docs locally to generate docs prior to building site. (#28371) * Live: support real time measurements (alpha) (#28022) * CloudWatch/Athena - valid metrics and dimensions. (#28436) * Chore: Use net.JoinHostPort (#28421) * Chore: Upgrade grafana-eslint to latest (#28444) * Fix cut off icon (#28442) * Docs: Add shared (#28411) * Loki: Visually distinguish error logs for LogQL2 (#28359) * Database; Remove database metric feature flag and update changelog (#28438) * TestData: multiple arrow requests should return multiple frames (#28417) * Docs: Test survey code (#28437) * Docs: improved github action that syncs docs to website (#28277) * update latest.json with latest stable version (#28433) * 7.2.2 changelog update (#28406) * plugins: Don't exit on duplicate plugin (#28390) * API: Query database from /api/health endpoint (#28349) * Chore: Fix conversion of a 64-bit integer to a lower bit size type uint (#28425) * Prometheus: fix parsing of infinite sample values (#28287) (#28288) * Chore: Rewrite some tests to use testify (#28420) * Plugins: do not remount app plugin on nav change (#28105) * App Plugins: Add backend support (#28272) * Chore: react hooks eslint fixes in grafana-ui (#28026) * ci-e2e: Add Git (#28410) * TestData: Remove useEffect that triggeres query on component load (#28321) * FieldColor: Remove inverted color scheme (#28408) * Chore: Set timezone for tests to non utc. (#28405) * Chore: fix jsdoc desc and return (#28383) * Docs: Fixing v51 link (#28396) * fixes windows crlf warning (#28346) * Grafana/ui: pass html attributes to segment (#28316) * Alerting: Return proper status code when trying to create alert notification channel with duplicate name or uid (#28043) * OAuth: Able to skip auto login (#28357) * CloudWatch: Fix custom metrics (#28391) * Docs: Adds basic frontend data request concepts (#28253) * Instrumentation: Add histogram for request duration (#28364) * remove status label from histogram (#28387) * OAuth: configurable user name attribute (#28286) * Component/NewsPanel: Add rel='noopener' to NewsPanel links (#28379) * Webpack: Split out unicons and bizcharts (#28374) * Explore: Fix date formatting in url for trace logs link (#28381) * Docs: Add activate-license (#28156) * Instrumentation: Add counters and histograms for database queries (#28236) * Docs: Make tables formatting more consistent (#28164) * CloudWatch: Adding support for additional Amazon CloudFront metrics (#28378) * Add unique ids to query editor fields (#28376) * Plugins: Compose filesystem paths with filepath.Join (#28375) * Explore: Minor tweaks to exemplars marble (#28366) * Instrumentation: Adds environment_info metric (#28355) * AzureMonitor: Fix capitalization of NetApp 'volumes' namespace (#28369) * ColorSchemes: Adds more color schemes and text colors that depend on the background (#28305) * Automation: Update backport github action trigger (#28352) * Dashboard links: Places drop down list so it's always visible (#28330) * Docs: Add missing records from grafana-ui 7.2.1 CHANGELOG (#28302) * Templating: Replace all '$tag' in tag values query (#28343) * Docs: Add docs for valuepicker (#28327) * Git: Create .gitattributes for windows line endings (#28340) * Update auth-proxy.md (#28339) * area/grafana/toolkit: update e2e docker image (#28335) * AlertingNG: remove warn/crit from eval prototype (#28334) * Automation: Tweaks to more info message (#28332) * Loki: Run instant query only when doing metric query (#28325) * SAML: IdP-initiated SSO docs (#28280) * IssueTriage: Needs more info automation and messages (#28137) * GraphNG: Use AxisSide enum (#28320) * BackendSrv: Fixes queue countdown when unsubscribe is before response (#28323) * Automation: Add backport github action (#28318) * Build(deps): Bump http-proxy from 1.18.0 to 1.18.1 (#27507) * Bump handlebars from 4.4.3 to 4.7.6 (#27416) * Bump tree-kill from 1.2.1 to 1.2.2 (#27405) * Loki: Base maxDataPoints limits on query type (#28298) * Explore: respect min_refresh_interval (#27988) * Drone: Use ${DRONE_TAG} in release pipelines, since it should work (#28299) * Graph NG: fix toggling queries and extract Graph component from graph3 panel (#28290) * fix: for graph size not taking up full height or width * should only ignore the file in the grafana mixin root folder (#28306) * Drone: Fix grafana-mixin linting (#28308) * SQLStore: Run tests as integration tests (#28265) * Chore: Add cloud-middleware as code owners (#28310) * API: Fix short URLs (#28300) * CloudWatch: Add EC2CapacityReservations Namespace (#28309) * Jaeger: timeline collapser to show icons (#28284) * update latest.json with latest beta version (#28293) * Update changelog (#28292) * Docs : - Added period (#28260) * Add monitoring mixing for Grafana (#28285) * Chore: Update package.json (#28291) * Drone: Fix enterprise release pipeline (#28289) * Alerting: Append appSubUrl to back button on channel form (#28282)
Rework package Makefile & README now that Grunt is gone
Update to version 7.3.6: * fixes for saml vulnerability * [v7.3.x] Fix: Correct panel edit uistate migration (#29413) (#29711) * PanelEdit: Prevent the preview pane to be resized further than window height (#28370) (#29726) * Fix: Migrate Panel edit uiState percentage strings to number (#29412) (#29723) * 'Release: Updated versions in package to 7.3.5' (#29710) * Chore: upgrading y18n to 4.0.1 for security reasons (#29523) (#29709) * Panel: making sure we support all versions of chrome when detecting position of click event. (#29544) (#29708) * PanelEdit: making sure the correct datasource query editor is being rendered. (#29500) (#29707) * [v7.3.x] Auth: Add SigV4 header allowlist to reduce chances of verification issues (#29705) * Alerting: Use correct time series name override from frame fields (#29693) (#29698) * CloudWatch: namespace in search expression should be quoted if match exact is enabled #29109 (#29563) (#29687) * Adds go dep used by an Enterprise feature. (#29645) (#29690) * instrumentation: align label name with our other projects (#29514) (#29685) * Instrumentation: Add examplars for request histograms (#29357) (#29682) * Login: Fixes typo in tooltip (#29604) (#29606) * fixes bug with invalid handler name for metrics (#29529) (#29532) * AzureMonitor: Unit MilliSeconds naming (#29399) (#29526) * Alarting: fix alarm messages in dingding (Fixes #29470) (#29482) (#29527) * Bug: trace viewer doesn't show more than 300 spans (#29377) (#29504) * Prometheus: don't override displayName property (#29441) (#29488) * resolve conflicts (#29415) * Drone: Upgrade build pipeline tool (#29365) (#29368) * Drone: Upload artifacts for release branch builds (#29297) (#29364) * Drone: Execute artifact publishing for both editions in parallel during release (#29362) (#29363) * Drone: Publish NPM packages after Storybook to avoid race condition (#29340) (#29343) * Docs: Fix editor role and alert notification channel description (#29301) (#29337) * 'Release: Updated versions in package to 7.3.4' (#29336) * Security: Fixes minor security issue with alert notification webhooks that allowed GET & DELETE requests #29330 (#29335) * Backport of InfluxDB: update flux library and support boolean label values #29333 * ReleaseNotes: Update link in package.json (#29328) * Login: Fixes redirect url encoding issues of # %23 being unencoded after login (#29299) (#29323) * Drone: Upgrade build pipeline tool (#29308) (#29309) * Annotations: fixing so when changing annotations query links submenu will be updated. (#28990) (#29285) * Dashboard: Fixes kiosk state after being redirected to login page and back (#29273) (#29278) * Increase search limit on team add user and improve placeholder (#29258) (#29261) * Drone: Sync with master (#29205) * Drone: Fix publish-packages invocation (#29179) (#29184) * Chore: Upgrade grafana/build-ci-deploy image to latest Go (#29171) (#29180) * Table: Fix incorrect condtition for rendering table filter (#29165) (#29181) * DashboardLinks: will only refresh dashboard search when changing tags for link. (#29040) (#29177) * Drone: Upgrade build pipeline tool and build image (#29161) (#29162) * Release: Updated versions in package to 7.3.3 (#29126) * git cherry-pick -x 0f3bebb38daa488e108881ce17d4f68167a834e6 (#29155) * Build: support custom build tags (#28609) (#29128) * Revert 'Graph: Fixes stacking issues like floating bars when data is not aligned (#29051) (#29088)' (#29151) * Provisioning: always pin app to the sidebar when enabled (#29084) (#29146) * build paths in an os independent way (#29143) (#29147) * Chore: Upgrade Go dev tools (#29124) (#29132) * Automatin: set node version * Automation: Adding version bump action * Drone: Fix Drone config verification for enterprise on Windows (#29118) (#29119) * [v7.3.x] Drone: Verify Drone config at beginning of pipelines (#29111) * Test Datasource/Bug: Fixes division by zero in csv metric values scenario (#29029) (#29068) * [v7.3.x] StatPanel: Fixes hanging issue when all values are zero (#29087) * Data source proxy: Convert 401 from data source to 400 (#28962) (#29095) * Graph: Fixes stacking issues like floating bars when data is not aligned (#29051) (#29088) * Auth: Enable more complete credential chain for SigV4 default SDK auth option (#29065) (#29086) * Fix for multi-value template variable for project selector (#29042) (#29054) * Thresholds: Fixes color assigned to null values (#29010) (#29018) * [v7.3.x] Chore: Bump build pipeline version (#29025) * Release v7.3.2 (#29024) * Fix conflict (#29020) * StatPanels: Fixes auto min max when latest value is zero (#28982) (#29007) * Tracing: Add setting for sampling server (#29011) (#29015) * Gauge: making sure threshold panel json is correct before render (#28898) (#28984) * Variables: make sure that we support both old and new syntax for custom variables. (#28896) (#28985) * Explore: Remove redundant decodeURI and fix urls (#28697) (#28963) * [v7.3.x] Drone: Fix docs building (#28987) * Alerting: Append appSubUrl to back button on channel form (#28282) (#28983) * Plugins: allow override when allowing unsigned plugins (#28901) (#28927) * CloudWatch Logs: Change what we use to measure progress (#28912) (#28964) * Tracing: log traceID in request logger (#28952) (#28959) * Panel inspect: Interpolate variables in panel inspect title (#28779) (#28801) * UsageStats: start tracking usage stats for tempo (#28948) (#28951) * Short URL: Cleanup unvisited/stale short URLs (#28867) (#28944) * Plugins signing: Fix docs urls (#28930) (#28934) * Chore: Fix spelling issue (#28904) (#28925) * API: replace SendLoginLogCommand with LoginHook (#28777) (#28891) * Elasticsearch: Exclude pipeline aggregations from order by options (#28620) (#28873) * Dashboards / Folders: delete related data (permissions, stars, tags, versions, annotations) when deleting a dashboard or a folder (#28826) (#28890) * Disable selecting enterprise plugins with no license (#28758) (#28859) * Tempo: fix test data source (#28836) (#28856) * Prometheus: fix missing labels from value (#28842) (#28855) * Units: added support to handle negative fractional numbers. (#28849) (#28851) * increase blob column size for encrypted dashboard data (#28831) (#28832) * Gauge: Improve font size auto sizing (#28797) (#28828) * Variables: Fixes URL values for dependent variables (#28798) (#28800) * grafana/toolkit: Extract CHANGELOG when building plugin (#28773) (#28774) * Templating: Custom variable edit UI, change text input into textarea (#28312) (#28322) (#28704) * Cloudwatch: Fix issue with field calculation transform not working properly with Cloudwatch data (#28761) (#28775) * Plugin page: Fix dom validation warning (#28737) (#28741) * Dashboard: fix view panel mode for Safari / iOS (#28702) (#28755) * Fix typo in unsigned plugin warning (#28709) (#28722) * TableFilters: Fixes filtering with field overrides (#28690) (#28727) * Templating: Speeds up certain variable queries for Postgres, MySql and MSSql (#28686) (#28726) * Prometheus: Fix copy paste behaving as cut and paste (#28622) (#28691)

rhnlib:

Require missing python-backports.ssl_match_hostname on SLE 11 (bsc#1183959)

spacecmd:

Handle SIGPIPE without user-visible Exception (bsc#1181124)

spacewalk-client-tools:

Fallback to sysfs when reading info from python-dmidecode fails (bsc#1182603)
Log an error when product detection failed (bsc#1182339)

supportutils-plugin-salt:

Fix yaml.load() warnings and issues with Python versions (bsc#1178072) (bsc#1181474)
Fix errors when collecting data for salt-minion (bsc#1131670)

zypp-plugin-spacewalk:

Support for 'allow vendor change' for patching/upgrading

Advisory ID	SUSE-RU-2021:1234-1
Released	Thu Apr 15 17:21:44 2021
Summary	Recommended update for python-kiwi
Type	recommended
Severity	moderate
References	1178670,1182211,1182264,1182963,1183059

Description:

This update for python-kiwi fixes the following issues:
Upgrade from version 9.23.19 to version 9.23.20

Require `qemu-img` in any filesystem based image. Move the qemu-img requirement into the `kiwi-systemdeps-filesystems` to ensure ISO, OEM and PXE images include it in the build service. This is also required for images that are simple root-trees in a filesystem `(image=ext4)`.
Add a requirement for `kiwi-systemdeps-iso-media` on disk images. Add a requirement for `kiwi-systemdeps-iso-media` in `kiwi-systemdeps-disk-images`. This is to ensure that installing `kiwi-systemdeps-disk-images` is enough to build OEM images including install media.
Turn `fb-util-for-appx` requirement into a recommendation. Relax the requirement for `fb-util-for-appx` since the utiliy is not part of all SUSE Linux Enterprise 15 Service Packs.
Refactor grub2 installation. (bsc#1182211) Split the installation in two parts. Former `grub2.install` method was meant to run the `grub2-install` tool, however, in addition it was also running the secure boot installation `shim-install`. The install method in `KIWI` is skipped for those architectures and firmware combinations for which bios support doesn't exist. This was leading to skip the secure boot installation. The current approach strips the secure boot installation logic from the `grub2.install` method, so skipping the install method does not automatically result in skipping the secure boot installation.
Fix `lsblk` flags to get sorted output (bsc#1182264, bsc#1182963, bsc#1183059) Modify the `lsblk` command flags to get a sorted output according to the disk layout.
Avoid using generators in `pre-mount` hooks (bsc#1178670) Delete the generator that was creating the `sysroot.mount` unit for ramdisk deployments. Generators, specially the `sysroot.mount` is expected to be created on very early stages of the boot procedure as this has impact on relevant targets such as `initrd-root-fs.target`, which does not depend on `sysroot.mount` if the unit is not there. In ramdisk deployments some data is known on pre-mount stage as it is downloaded from the PXE server. At this stage it is not safe to generate a `sysroot.mount` unit that depends on `initrd-root-fs.target` as the target is close to finalize or even finalized already and could potentially skip `sysroot.mount` exection. Instead include a mount hook which is only executed on ramdisk deployments that simply runs the mount command to mount `/sysroot`.

Advisory ID	SUSE-RU-2021:1236-1
Released	Fri Apr 16 08:13:51 2021
Summary	Recommended update for tcsh
Type	recommended
Severity	important
References	1179316

Description:

This update for tcsh fixes the following issues:

Fixed an issue, where the history file continued growing, leading to csh processes consuming 100% of the CPU (bsc#1179316)

Advisory ID	SUSE-SU-2021:1280-1
Released	Tue Apr 20 14:34:19 2021
Summary	Security update for ruby2.5
Type	security
Severity	moderate
References	1184644,CVE-2021-28965

Description:

This update for ruby2.5 fixes the following issues:

Update to 2.5.9
CVE-2021-28965: XML round-trip vulnerability in REXML (bsc#1184644)

Advisory ID	SUSE-SU-2021:1282-1
Released	Tue Apr 20 14:47:17 2021
Summary	Security update for apache-commons-io
Type	security
Severity	moderate
References	1184755,CVE-2021-29425

Description:

This update for apache-commons-io fixes the following issues:

CVE-2021-29425: Limited path traversal when invoking the method FileNameUtils.normalize with an improper input string (bsc#1184755)

Advisory ID	SUSE-RU-2021:1289-1
Released	Wed Apr 21 14:02:46 2021
Summary	Recommended update for gzip
Type	recommended
Severity	moderate
References	1177047

Description:

This update for gzip fixes the following issues:

Fixed a potential segfault when zlib acceleration is enabled (bsc#1177047)

Advisory ID	SUSE-RU-2021:1291-1
Released	Wed Apr 21 14:04:06 2021
Summary	Recommended update for mpfr
Type	recommended
Severity	moderate
References	1141190

Description:

This update for mpfr fixes the following issues:

Fixed an issue when building for ppc64le (bsc#1141190)

Technical library fixes:

A subtraction of two numbers of the same sign or addition of two numbers of different signs can be rounded incorrectly (and the ternary value can be incorrect) when one of the two inputs is reused as the output (destination) and all these MPFR numbers have exactly GMP_NUMB_BITS bits of precision (typically, 32 bits on 32-bit machines, 64 bits on 64-bit machines).
The mpfr_fma and mpfr_fms functions can behave incorrectly in case of internal overflow or underflow.
The result of the mpfr_sqr function can be rounded incorrectly in a rare case near underflow when the destination has exactly GMP_NUMB_BITS bits of precision (typically, 32 bits on 32-bit machines, 64 bits on 64-bit machines) and the input has at most GMP_NUMB_BITS bits of precision.
The behavior and documentation of the mpfr_get_str function are inconsistent concerning the minimum precision (this is related to the change of the minimum precision from 2 to 1 in MPFR 4.0.0). The get_str patch fixes this issue in the following way: the value 1 can now be provided for n (4th argument of mpfr_get_str); if n = 0, then the number of significant digits in the output string can now be 1, as already implied by the documentation (but the code was increasing it to 2).
The mpfr_cmp_q function can behave incorrectly when the rational (mpq_t) number has a null denominator.
The mpfr_inp_str and mpfr_out_str functions might behave incorrectly when the stream is a null pointer: the stream is replaced by stdin and stdout, respectively. This behavior is useless, not documented (thus incorrect in case a null pointer would have a special meaning), and not consistent with other input/output functions.

Advisory ID	SUSE-RU-2021:1295-1
Released	Wed Apr 21 14:08:19 2021
Summary	Recommended update for systemd-presets-common-SUSE
Type	recommended
Severity	moderate
References	1184136

Description:

This update for systemd-presets-common-SUSE fixes the following issues:

Enabled hcn-init.service for HNV on POWER (bsc#1184136)

Advisory ID	SUSE-SU-2021:1307-1
Released	Fri Apr 23 09:15:01 2021
Summary	Security update for MozillaFirefox
Type	security
Severity	important
References	1184960,CVE-2021-23961,CVE-2021-23994,CVE-2021-23995,CVE-2021-23998,CVE-2021-23999,CVE-2021-24002,CVE-2021-29945,CVE-2021-29946

Description:

This update for MozillaFirefox fixes the following issues:

Firefox was updated to 78.10.0 ESR (bsc#1184960) * CVE-2021-23994: Out of bound write due to lazy initialization * CVE-2021-23995: Use-after-free in Responsive Design Mode * CVE-2021-23998: Secure Lock icon could have been spoofed * CVE-2021-23961: More internal network hosts could have been probed by a malicious webpage * CVE-2021-23999: Blob URLs may have been granted additional privileges * CVE-2021-24002: Arbitrary FTP command execution on FTP servers using an encoded URL * CVE-2021-29945: Incorrect size computation in WebAssembly JIT could lead to null-reads * CVE-2021-29946: Port blocking could be bypassed

Advisory ID	SUSE-SU-2021:1313-1
Released	Mon Apr 26 09:12:07 2021
Summary	Security update for python-aiohttp
Type	security
Severity	important
References	1184745,CVE-2021-21330

Description:

This update for python-aiohttp fixes the following issues:

CVE-2021-21330: Fixed the way pure-Python HTTP parser interprets `//` (bsc#1184745)

Advisory ID	SUSE-RU-2021:1320-1
Released	Mon Apr 26 15:07:58 2021
Summary	Recommended update for xorg-x11-server
Type	recommended
Severity	moderate
References	1184072,1184543

Description:

This update for xorg-x11-server fixes the following issues:

Fixed a crash that might occur when talking to Xwayland (bsc#1184072, bsc#1184543)

Advisory ID	SUSE-RU-2021:1327-1
Released	Tue Apr 27 13:41:31 2021
Summary	Recommended update for sapstartsrv-resource-agents
Type	recommended
Severity	moderate
References	1183969

Description:

This update for sapstartsrv-resource-agents fixes the following issues:

sapping.service does no longer run a second time after a restart/start of corosync (bsc#1183969)

Advisory ID	SUSE-RU-2021:1335-1
Released	Tue Apr 27 17:01:57 2021
Summary	Recommended update for hawk2
Type	recommended
Severity	important
References	1184274

Description:

This update for hawk2 fixes the following issue:
Update to version 2.6.4:

Fix the wizards User Interface and show it.(bsc#1184274)

Advisory ID	SUSE-RU-2021:1405-1
Released	Wed Apr 28 15:09:07 2021
Summary	Recommended update for brp-check-suse
Type	recommended
Severity	moderate
References	1184555

Description:

This update for brp-check-suse fixes the following issues:

Add patch to implement fipscheck. (bsc#1184555)

Advisory ID	SUSE-SU-2021:1409-1
Released	Wed Apr 28 16:32:50 2021
Summary	Security update for giflib
Type	security
Severity	low
References	1184123

Description:

This update for giflib fixes the following issues:

Enable Position Independent Code and inherit CFLAGS from the build system (bsc#1184123).

Advisory ID	SUSE-RU-2021:1414-1
Released	Wed Apr 28 18:32:11 2021
Summary	Recommended update for boost-legacy
Type	recommended
Severity	important
References	1006584,1038083,1076640,1082318,1175886,401964,439805,457699,461372,477603,479659,544958,621140,655747,714373,765443,951902,958150,994378,994381,994382,994383,996917,CVE-2008-0171

Description:

This update for boost-legacy fixes the following issues:

Create a new boost-legacy package with version 1.66.0. (bsc#1175886, jsc#SLE-17304, jsc#ECO-3147)

Remove duplicate license package that we get from original Boost
Add a backport of `Boost.Optional::has_value()` for LibreOffice
Use `%license` instead of `%doc` (bsc#1082318)
Multibuild requires versioned `Name: tag` . (bsc#1076640)

Changes in version 1.66.0:

`Beast`: new portable HTTP, WebSocket and network operations using `Boost.Asio`. Header-only library.
`Callable Traits`: new library and successor to `Boost.FunctionTypes`. Header-only library.
`Mp11:` new metaprogramming library
` Asio`: - implemented interface changes to reflect the Networking TS (N4656) - functions and classes that have been superseded by Networking TS functionality have been deprecated. - added support for customized handler tracking - removed previously deprecated functions
`Atomic`: improved compatibility with GCC 7. 128-bit operations on `x86_64` no longer require linking with compiled library.
`DateTime`: Fixed an integral overflow that could cause incorrect results when adding or subtracting many years from a date.
`Format`: New format specifiers added and volatile arguments can not be safely used with operator`%`
`Fusion`: - fix compile error with `std::array` - remove circular preprocessor include
`PolyCollection`: backported to GCC 4.8 and 4.9 with some limitations
`Uuid`: added `RTF-4122` namespaces in `boost::uuids::ns`

Advisory ID	SUSE-RU-2021:1416-1
Released	Thu Apr 29 06:19:16 2021
Summary	Recommended update for kyotocabinet
Type	recommended
Severity	low
References	1185033

Description:

This update for kyotocabinet fixes the following issues:

Proactive fix for a hardening making 'kyotokabinet' in SLE as position independent executable. (bsc#1185033)

Advisory ID	SUSE-RU-2021:1417-1
Released	Thu Apr 29 06:19:47 2021
Summary	Recommended update for ntp
Type	recommended
Severity	moderate
References	1185171

Description:

This update for ntp fixes the following issues:

Use '/run' instead of '/var/run' for PIDFile in 'ntpd.service'. (bsc#1185171)

Advisory ID	SUSE-RU-2021:1424-1
Released	Thu Apr 29 06:22:32 2021
Summary	Recommended update for openslp
Type	recommended
Severity	moderate
References	1166637,1184008

Description:

This update for openslp fixes the following issues:

Added automated active discovery retries so that DAs do not get dropped, if they are not reachable for some time (bsc#1166637, bsc#1184008)

Advisory ID	SUSE-RU-2021:1427-1
Released	Thu Apr 29 06:24:32 2021
Summary	Recommended update for scap-security-guide
Type	recommended
Severity	moderate
References

Description:

This update for scap-security-guide fixes the following issues:
This update ships the ComplianceAsCode build version 0.1.55+git containing the following supported file:

SCAP STIG automation for SUSE Linux Enterprise 12 (SUSE supplied, more rules added compared to 0.1.54)
SCAP STIG automation for SUSE Linux Enterprise 15 (SUSE supplied, new, first rules added)
CIS automation for SUSE Linux Enterprise 15 (community supplied)

It can be evaluated using 'oscap' from 'openscap-utils', e.g. by doing on SUSE Linux Enterprise 12:

oscap xccdf eval --profile stig /usr/share/xml/scap/ssg/content/ssg-sle12-ds.xml

On SUSE Linux Enterprise 15:

oscap xccdf eval --profile stig /usr/share/xml/scap/ssg/content/ssg-sle15-ds.xml

or the community supplied CIS on SUSE Linux Enterprise 15:

oscap xccdf eval --profile cis /usr/share/xml/scap/ssg/content/ssg-sle15-ds.xml

More content will be added in future updates.

Advisory ID	SUSE-SU-2021:1432-1
Released	Thu Apr 29 10:06:47 2021
Summary	Security update for MozillaThunderbird
Type	security
Severity	important
References	1184960,CVE-2021-23961,CVE-2021-23994,CVE-2021-23995,CVE-2021-23998,CVE-2021-23999,CVE-2021-24002,CVE-2021-29945,CVE-2021-29946,CVE-2021-29948

Description:

This update for MozillaThunderbird fixes the following issues:

Firefox was updated to 78.10.0 ESR (bsc#1184960) * CVE-2021-23994: Out of bound write due to lazy initialization * CVE-2021-23995: Use-after-free in Responsive Design Mode * CVE-2021-23998: Secure Lock icon could have been spoofed * CVE-2021-23961: More internal network hosts could have been probed by a malicious webpage * CVE-2021-23999: Blob URLs may have been granted additional privileges * CVE-2021-24002: Arbitrary FTP command execution on FTP servers using an encoded URL * CVE-2021-29945: Incorrect size computation in WebAssembly JIT could lead to null-reads * CVE-2021-29946: Port blocking could be bypassed * CVE-2021-29948: Race condition when reading from disk while verifying signatures

Advisory ID	SUSE-RU-2021:1448-1
Released	Fri Apr 30 08:08:17 2021
Summary	Recommended update for pidentd
Type	recommended
Severity	moderate
References	1185070

Description:

This update for pidentd fixes the following issues:

Use '/run' instead of '/var/run'. (bsc#1185070)

Advisory ID	SUSE-RU-2021:1449-1
Released	Fri Apr 30 08:08:25 2021
Summary	Recommended update for systemd-presets-branding-SLE
Type	recommended
Severity	moderate
References	1165780

Description:

This update for systemd-presets-branding-SLE fixes the following issues:

Don't enable 'btrfsmaintenance-refresh.service', 'btrfsmaintenance' is managed by systemd-presets-common-SUSE instead. (bsc#1165780)

Advisory ID	SUSE-RU-2021:1451-1
Released	Fri Apr 30 08:08:45 2021
Summary	Recommended update for dhcp
Type	recommended
Severity	moderate
References	1185157

Description:

This update for dhcp fixes the following issues:

Use '/run' instead of '/var/run' for PIDFile in 'dhcrelay.service'. (bsc#1185157)

Advisory ID	SUSE-SU-2021:1454-1
Released	Fri Apr 30 09:22:26 2021
Summary	Security update for cups
Type	security
Severity	important
References	1184161,CVE-2021-25317

Description:

This update for cups fixes the following issues:

CVE-2021-25317: ownership of /var/log/cups could allow privilege escalation from lp user to root via symlink attacks (bsc#1184161)

Advisory ID	SUSE-RU-2021:1462-1
Released	Fri Apr 30 14:54:23 2021
Summary	Recommended update for cloud-init
Type	recommended
Severity	moderate
References	1181283,1184085

Description:

This update for cloud-init fixes the following issues:

Fixed an issue, where the bonding options were wrongly configured in SLE and openSUSE (bsc#1184085)

Advisory ID	SUSE-RU-2021:1476-1
Released	Tue May 4 13:58:52 2021
Summary	Recommended update for cups-filters
Type	recommended
Severity	moderate
References	1182893

Description:

This update for cups-filters fixes the following issues:

Fixed an issue when 'foomatic-rip-Filter' crashes. (bsc#1182893)

Advisory ID	SUSE-RU-2021:1478-1
Released	Tue May 4 14:05:38 2021
Summary	Recommended update for libhugetlbfs
Type	recommended
Severity	moderate
References	1184123

Description:

This update for libhugetlbfs fixes the following issues:

Hardening: Link as PIE (bsc#1184123)

Advisory ID	SUSE-RU-2021:1487-1
Released	Tue May 4 15:31:45 2021
Summary	Recommended update for python-yarl
Type	recommended
Severity	moderate
References

Description:

This update for python-yarl contains the following fixes:

Fix python-yarl to build with new python3 version.

Allows mixing amps and semicolons in query strings as separators over previous changes.

Advisory ID	SUSE-SU-2021:1489-1
Released	Tue May 4 17:10:15 2021
Summary	Security update for openexr
Type	security
Severity	important
References	1184353,1184354,1184355,1185216,1185217,CVE-2021-20296,CVE-2021-23215,CVE-2021-26260,CVE-2021-3477,CVE-2021-3479

Description:

This update for openexr fixes the following issues:

CVE-2021-23215: Fixed an integer-overflow in Imf_2_5:DwaCompressor:initializeBuffers (bsc#1185216).
CVE-2021-26260: Fixed an Integer-overflow in Imf_2_5:DwaCompressor:initializeBuffers (bsc#1185217).
CVE-2021-20296: Fixed a Null Pointer dereference in Imf_2_5:hufUncompress (bsc#1184355).
CVE-2021-3477: Fixed a Heap-buffer-overflow in Imf_2_5::DeepTiledInputFile::readPixelSampleCounts (bsc#1184353).
CVE-2021-3479: Fixed an Out-of-memory caused by allocation of a very large buffer (bsc#1184354).

Advisory ID	SUSE-SU-2021:1491-1
Released	Tue May 4 17:11:03 2021
Summary	Security update for p7zip
Type	security
Severity	moderate
References	1184699,CVE-2021-3465

Description:

This update for p7zip fixes the following issues:

CVE-2021-3465: Fixed a NULL pointer dereference in NCompress:CCopyCoder:Code (bsc#1184699)

Advisory ID	SUSE-RU-2021:1532-1
Released	Thu May 6 15:32:21 2021
Summary	Recommended update for python-shaptools
Type	recommended
Severity	moderate
References	1185090

Description:

This update for python-shaptools fixes the following issues:

Fix the HANA 'sidadm' user creation to transform to lowercase properly. (bsc#1185090)

Advisory ID	SUSE-RU-2021:1533-1
Released	Thu May 6 17:04:28 2021
Summary	Recommended update for google-guest-agent, google-guest-configs, google-guest-oslogin, google-osconfig-agent
Type	recommended
Severity	moderate
References	1174304,1174306,1175740,1175741,1179031,1179032,1180304,1182793,1183414,1183415

Description:

This update for google-guest-agent, google-guest-configs, google-guest-oslogin, google-osconfig-agent contains the following fixes:
Changes in google-guest-agent:

Update to version 20210223.01 (bsc#1183414, bsc#1183415) * add a match block to sshd_config for SAs (#99) * add ipv6 forwarded ip support (#101) * call restorecon on ssh host keys (#98) * Include startup and shutdown in preset (#96) * set metadata URL earlier (#94)
Fix activation logic of systemd services (bsc#1182793)

Update to version 20201211.00 * Require snapshot scripts to live under /etc/google/snapshots (#90) * Adding support for Windows user account password lengths between 15 and 255 characters. (#91) * Adding bkatyl to OWNERS (#92)

Changes in google-guest-configs:

Update to version 20210317.00 (bsc#1183414, bsc#1183415) * dracut.conf wants spaces around values (#19) * make the same change for debian (#18) * change path back for google_nvme_id (#17) * move google_nvme_id to /usr/bin (#16) * correct udev rule syntax (#15) * prune el6 spec (#13) * Updated udev rules (#11)
Remove empty %{_sbindir} from %install and %files section

Remove service files (bsc#1180304) + google-optimize-local-ssd.service, google-set-multiqueue.service scripts are called from within the guest agent

Changes in google-guest-oslogin:

Update to version 20210316.00 (bsc#1183414, bsc#1183415) * call correct function in pwenthelper (#53)

Update to version 20210108.00 * Update logic in the cache_refresh binary (#52) * remove old unused workflow files (#49)

* add getpwnam,getpwuid,getgrnam,getgrgid (#42) * Change requires to not require the python library for policycoreutils. (#44) * add dial and recvline (#41) * PR feedback * new client component and tests
Changes in google-osconfig-agent:

Update to version 20210316.00 (bsc#1183414, bsc#1183415) * call correct function in pwenthelper (#53)

Update to version 20210108.00 * Update logic in the cache_refresh binary (#52) * remove old unused workflow files (#49)

Update to version 20200925.00 (bsc#1179031, bsc#1179032) * add getpwnam,getpwuid,getgrnam,getgrgid (#42) * Change requires to not require the python library for policycoreutils. (#44) * add dial and recvline (#41) * PR feedback * new client component and tests

Update to version 20200819.00 (bsc#1175740, bsc#1175741) * deny non-2fa users (#37) * use asterisks instead (#39) * set passwords to ! (#38) * correct index 0 bug (#36) * Support security key generated OTP challenges. (#35)

No post action for ssh

Initial build (bsc#1174304, bsc#1174306, jsc#ECO-2099, jsc#PM-1945) + Version 20200507.00 + Replaces google-compute-engine-oslogin package

Advisory ID	SUSE-RU-2021:1535-1
Released	Thu May 6 17:05:42 2021
Summary	Recommended update for spamassassin
Type	recommended
Severity	low
References	1185184

Description:

This update for spamassassin fixes the following issues:

Deprecated path '/var/run/' used in systemd-services (bsc#1185184)

Advisory ID	SUSE-RU-2021:1536-1
Released	Thu May 6 17:05:59 2021
Summary	Recommended update for dovecot
Type	recommended
Severity	moderate
References	1185074

Description:

This update for dovecot fixes the following issues:

Using /run instead of /var/run which was deprecated (bsc#1185074)
The home directories of the internal users was moved from /var/run/dovecot to /run/dovecot as well.

Advisory ID	SUSE-RU-2021:1543-1
Released	Fri May 7 15:16:33 2021
Summary	Recommended update for patterns-microos
Type	recommended
Severity	moderate
References	1184435

Description:

This update for patterns-microos provides the following fix:

Require the libvirt-daemon-qemu package and include the needed dependencies in the product. (bsc#1184435)

Advisory ID	SUSE-RU-2021:1549-1
Released	Mon May 10 13:48:00 2021
Summary	Recommended update for procps
Type	recommended
Severity	moderate
References	1185417

Description:

This update for procps fixes the following issues:

Support up to 2048 CPU as well. (bsc#1185417)

Advisory ID	SUSE-SU-2021:1554-1
Released	Tue May 11 09:43:41 2021
Summary	Security update for java-11-openjdk
Type	security
Severity	important
References	1184606,1185055,1185056,CVE-2021-2161,CVE-2021-2163

Description:

This update for java-11-openjdk fixes the following issues:

Update to upstream tag jdk-11.0.11+9 (April 2021 CPU) * CVE-2021-2163: Fixed incomplete enforcement of JAR signing disabled algorithms (bsc#1185055) * CVE-2021-2161: Fixed incorrect handling of partially quoted arguments in ProcessBuilder (bsc#1185056)
moved mozilla-nss dependency to java-11-openjdk-headless package, this is necessary to be able to do crypto with just java-11-openjdk-headless installed (bsc#1184606).

Advisory ID	SUSE-RU-2021:1562-1
Released	Tue May 11 11:12:51 2021
Summary	Recommended update for amazon-ecs-init
Type	recommended
Severity	moderate
References	1182343,1182344

Description:

This update for amazon-ecs-init contains the following fixes:

Fix for an issue where no restart happens when ECS Agent exits with exit code 5 (bsc#1182343, bsc#1182344)

Advisory ID	SUSE-RU-2021:1563-1
Released	Tue May 11 11:16:00 2021
Summary	Recommended update for maven
Type	recommended
Severity	moderate
References	1184022

Description:

This update for systemtap fixes the following issues:

Releasing maven for SLE-15 SP1 and SP2. (bsc#1184022)

Advisory ID	SUSE-RU-2021:1570-1
Released	Wed May 12 11:59:39 2021
Summary	Recommended update for python-paramiko
Type	recommended
Severity	moderate
References	1178341

Description:

This update for python-paramiko fixes the following issue:

Do not use deprecated methods. SUSE Linux Enterprise 15-SP1 and newer have `python-cryptography 2.8`. (bsc#1178341)

Advisory ID	SUSE-RU-2021:1583-1
Released	Wed May 12 13:40:35 2021
Summary	Recommended update for sensors
Type	recommended
Severity	moderate
References	1185183

Description:

This update for sensors fixes the following issues:

Change PIDFile path from '/var/run' to '/run' as the it is deprecated. (bsc#1185183)

Advisory ID	SUSE-RU-2021:1587-1
Released	Wed May 12 13:43:48 2021
Summary	Recommended update for cloud-regionsrv-client
Type	recommended
Severity	moderate
References	1182779,1185198,1185234

Description:

This update for cloud-regionsrv-client fixes the following issues:

Added a fix when the zypper lock is acquired by another process. In that case cloud-regionsrv-client will now wait up to 30 seconds for that lock to be freed (bsc#1182779, bsc#1185234, bsc#1185198)

Advisory ID	SUSE-RU-2021:1588-1
Released	Wed May 12 13:44:31 2021
Summary	Recommended update for python3-azuremetadata
Type	recommended
Severity	moderate
References	1172581,1184720

Description:

This update for python3-azuremetadata fixes the following issues:

Fixed an issue where SUSEConnect was unable to set cloud_provider when registering an instance the first time (bsc#1172581)
When querying the metdata server for access verification via a proxy, the wrong data was delivered. This has been fixed (bsc#1184720)

Advisory ID	SUSE-OU-2021:1591-1
Released	Wed May 12 13:46:23 2021
Summary	Optional update for apache2-mod_auth_openidc
Type	optional
Severity	low
References

Description:

This update for apache2-mod_auth_openidc fixes the following issues:

Avoid pulling hiredis-devel during build time (jsc#SLE-11726)

This patch is optional to install and does not address any user visible issues.

Advisory ID	SUSE-SU-2021:1598-1
Released	Thu May 13 13:14:33 2021
Summary	Security update for dtc
Type	security
Severity	low
References	1184122

Description:

This update for dtc fixes the following issues:

make all packaged binaries PIE-executables (bsc#1184122).

Advisory ID	SUSE-SU-2021:1599-1
Released	Thu May 13 13:15:20 2021
Summary	Security update for ipvsadm
Type	security
Severity	low
References	1184988

Description:

This update for ipvsadm fixes the following issues:

Hardening: link as position independent executable (bsc#1184988).

Advisory ID	SUSE-RU-2021:1601-1
Released	Thu May 13 16:34:34 2021
Summary	Recommended update for brp-check-suse
Type	recommended
Severity	moderate
References	1184555

Description:

This update for brp-check-suse fixes the following issues:

Make sure all brp-scripts are actually executable. (bsc#1184555)

Advisory ID	SUSE-RU-2021:1603-1
Released	Thu May 13 16:35:55 2021
Summary	Recommended update for gssproxy
Type	recommended
Severity	low
References	1185161

Description:

This update for gssproxy fixes the following issues:

Using now /run instead of /var/run for daemon PID files (bsc#1185161)

Advisory ID	SUSE-RU-2021:1604-1
Released	Thu May 13 16:36:13 2021
Summary	Recommended update for autofs
Type	recommended
Severity	low
References	1185155

Description:

This update for autofs fixes the following issues:

Changed pidfile path to /run from /var/run (bsc#1185155)

Advisory ID	SUSE-RU-2021:1618-1
Released	Mon May 17 13:11:28 2021
Summary	Recommended update for llvm7 and libqt5-qttools
Type	recommended
Severity	moderate
References	1067478,1109367,1145085,1184920

Description:

This update for llvm7 and libqt5-qttools fixes the following issues:
libqt5-qttools:

Use `libclang` instead of `clang`, now that `llvm7` moved the header files to `libclang` (bsc#1109367, bsc#1184920)

llvm7:

Remove unneeded and unused dependencies: - groff, bison, flex, jsoncpp

Devel packages are only required in other devel packages, when their headers are included in the installed headers.
Skip a test that is broken with 387 FPU registers and avoids check failure on i586. (bsc#1145085)
Link `libomp` with `atomic` if needed and fix build using gcc-4.8. (bsc#1145085)
Make build of `gnustep-libobjc2` package reproducible. (bsc#1067478)
Remove `-fno-strict-aliasing` which upstream doesn't use any more.
Package `clang` builtin headers with `libclang`. (bsc#1109367)

- The library is unusable without the builtin headers. Currently consumers of `libclang` have to require `clang` as well, although only the headers are needed.

Advisory ID	SUSE-SU-2021:1641-1
Released	Wed May 19 13:48:59 2021
Summary	Security update for djvulibre
Type	security
Severity	important
References	1185895,1185900,1185904,1185905,CVE-2021-32490,CVE-2021-32491,CVE-2021-32492,CVE-2021-32493

Description:

This update for djvulibre fixes the following issues:

CVE-2021-32490 [bsc#1185895]: Out of bounds write in function DJVU:filter_bv() via crafted djvu file
CVE-2021-32491 [bsc#1185900]: Integer overflow in function render() in tools/ddjvu via crafted djvu file
CVE-2021-32492 [bsc#1185904]: Out of bounds read in function DJVU:DataPool:has_data() via crafted djvu file
CVE-2021-32493 [bsc#1185905]: Heap buffer overflow in function DJVU:GBitmap:decode() via crafted djvu file

Advisory ID	SUSE-RU-2021:1643-1
Released	Wed May 19 13:51:48 2021
Summary	Recommended update for pam
Type	recommended
Severity	important
References	1181443,1184358,1185562

Description:

This update for pam fixes the following issues:

Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443)
Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358)
In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562)

Advisory ID	SUSE-RU-2021:1660-1
Released	Wed May 19 18:46:53 2021
Summary	Recommended update for python-kiwi
Type	recommended
Severity	moderate
References

Description:

This update for python-kiwi fixes the following issues:

Fix appx manifest for WSL containers This patch is two fold * This commit prevents KIWI from setting Identity Name attribute and DisplayName and PublisherDisplayName elements. Fixes #1780 * Fix WSL appx filemap relative paths not preserved During WSL appx image type creation step the file hierarchy under metadata_path is written to a temporary file for eventual use as argument to utility appx. The file hierarchy information is dropped resulting in all filemap entries appearing to be at the metadata_path root. The resulting image will side load and run but without icon and other resources. Stricter checks at Windows Store submission will fail due to mismatch between image manifest and contents. Fix by preserving relative path of filemap entries relative to metadata_path. Add log output showing both input absolute path and output relative path. (jsc#SLE-12986)
Recommend kiwi-systemdeps-containers This commit recommends 'kiwi-systemdeps-containers' instead of a hard requirement in kiwi-systemdeps package for SLE builds. This is needed because the containers tool chain is spread in different SLE modules.

Advisory ID	SUSE-RU-2021:1662-1
Released	Wed May 19 22:24:31 2021
Summary	Recommended update for saphanabootstrap-formula
Type	recommended
Severity	moderate
References	1185090

Description:

This update for saphanabootstrap-formula fixes the following issues:

Fix the HANA sidadm usage to transform to lowercase some states managing the sudoers file in ha_cluster.sls state file. (bsc#1185090)

Advisory ID	SUSE-RU-2021:1663-1
Released	Wed May 19 22:25:14 2021
Summary	Recommended update for drbd-formula
Type	recommended
Severity	moderate
References	1179529

Description:

This update for drbd-formula fixes the following issues:

Support different backing device per node. (bsc#1179529)

Advisory ID	SUSE-SU-2021:1664-1
Released	Thu May 20 08:03:30 2021
Summary	Security update for libass
Type	security
Severity	moderate
References	1184153,CVE-2020-24994

Description:

This update for libass fixes the following issues:

CVE-2020-24994: Fixed a stack overflow in the parse_tag (bsc#1184153).

Advisory ID	SUSE-RU-2021:1669-1
Released	Thu May 20 11:10:44 2021
Summary	Recommended update for nfs-utils
Type	recommended
Severity	moderate
References	1181540,1181651,1183194,1185170

Description:

This update for nfs-utils fixes the following issues:

The '/var/run' is long deprecated - switch all relevant paths to '/run'. (bsc#1185170)
Improve logging of authentication (bsc#1181540)
Add man page of the 'nconnect mount'. (bsc#1181651)
Fixed an issue when HANA crashed due to inaccessible/hanging NFS mount. (bsc#1183194)

Advisory ID	SUSE-RU-2021:1675-1
Released	Thu May 20 15:00:23 2021
Summary	Recommended update for snappy
Type	recommended
Severity	moderate
References	1080040,1184507

Description:

This update for snappy fixes the following issues:
Update from version 1.1.3 to 1.1.8

Small performance improvements.
Removed `snappy::string` alias for `std::string`.
Improved `CMake` configuration.
Improved packages descriptions.
Fix RPM groups.
Aarch64 fixes
PPC speedups
PIE improvements
Fix license install. (bsc#1080040)
Fix a 1% performance regression when snappy is used in PIE executable.
Improve compression performance by 5%.
Improve decompression performance by 20%.
Use better download URL.
Fix a build issue for tensorflow2. (bsc#1184507)

Advisory ID	SUSE-RU-2021:1677-1
Released	Thu May 20 15:29:32 2021
Summary	Recommended update for purge-kernels-service
Type	recommended
Severity	low
References	1184399

Description:

This update for purge-kernels-service fixes the following issues:

Add 'ZYPP_LOCK_TIMEOUT=-1' to keep waiting for the lock to avoid possible conflict with other background services uding zypper. (bsc#1184399)

Advisory ID	SUSE-RU-2021:1678-1
Released	Thu May 20 15:30:01 2021
Summary	Recommended update for prometheus-ha_cluster_exporter
Type	recommended
Severity	moderate
References	1184422

Description:

This update for prometheus-ha_cluster_exporter fixes the following issues:

Add parsing of the `crm_config` node in the CIB parser.
Update the minimum required Go version to 1.14.
Avoid duplicate metric recording errors for non-running OCFS resources. (bsc#1184422)

Advisory ID	SUSE-RU-2021:1679-1
Released	Thu May 20 15:31:35 2021
Summary	Recommended update for ddclient
Type	recommended
Severity	moderate
References	1185069

Description:

This update for ddclient fixes the following issues:

As '/var/run' is deprecated, replaced by '/run' in 'ddclient-tmpfiles.conf' (bsc#1185069)
Systemd expects the PID file to exist as soon as the main process exists. However, it takes quite a while until the pid file is created by the daemon process, so we delay the main process for 1 second before exit()ing. This gets rid of an annoying warning message in 'systemctl status'.

Advisory ID	SUSE-RU-2021:1681-1
Released	Thu May 20 16:49:23 2021
Summary	Recommended update for sapstartsrv-resource-agents
Type	recommended
Severity	moderate
References	1185152

Description:

This update for sapstartsrv-resource-agents fixes the following issues:

Remove deprecated option 'syslog' from the 'sapping.service' and 'sappong.service' files. (bsc#1185152)

Advisory ID	SUSE-RU-2021:1698-1
Released	Fri May 21 19:46:59 2021
Summary	Recommended update for SAPHanaSR-ScaleOut
Type	recommended
Severity	moderate
References	1144442,1182115,1182545

Description:

This update for SAPHanaSR-ScaleOut fixes the following issues:

The resource start and stop timeout is now configurable by increasing the timeout for the action 'start' and/or 'stop'. (bsc#1182545)
Add return codes for saphana_stop and saphana_StopSystem. (bsc#1182115)
Man page SAPhanaSR-ScaleOut minor mistakes. (bsc#1144442)

Advisory ID	SUSE-RU-2021:1700-1
Released	Mon May 24 16:39:35 2021
Summary	Recommended update for google-guest-agent, google-guest-oslogin, google-osconfig-agent
Type	recommended
Severity	moderate
References	1185848,1185849

Description:

This update for google-guest-agent, google-guest-oslogin, google-osconfig-agent contains the following fixes:

Update to version 20210414.00 (bsc#1185848, bsc#1185849) * start sshd (#106) * Add systemd-networkd.service restart dependency. (#104) * Update error message for handleHealthCheckRequest. (#105)

Update to version 20210429.00 (bsc#1185848, bsc#1185849) * correct pagetoken in groupsforuser (#59) * resolve self groups last (#58) * support empty groups (#57) * no paginating to find groups (#56) * clear users vector (#55) * correct usage of pagetoken (#54)

Update to version 20210506.00 (bsc#1185848, bsc#1185849) * Add more os policy assignment examples (#348) * e2e_tests: enable stable tests for OSPolicies (#347) * Align start and end task logs (#346) * ConfigTask: add additional info logs (#345) * e2e_tests: add validation tests (#344) * Config Task: make sure agent respects policy mode (#343) * update * e2e_tests: readd retries to OSPolicies * Set minWaitDuration as a string instead of object (#341) * e2e_tests: Fix a few SUSE tests (#339) * Remove pre-release flag from config (#340) * e2e_tests: fixup OSPolicy tests (#338) * e2e_tests: unlock mutex for CreatePolicies as soon as create finishes (#337) * e2e_tests: Don't retry failed OSPolicy tests, fix msi test (#336) * Examples for os policy assignments (#334) * e2e_tests: increase the deadline for OSPolicy tests and only start after a zone has been secured (#335) * Fix panic when installing MSI (#332) * e2e_tests: Add test cases of installing dbe, rpm and msi packages (#333) * e2e_tests: add more logging * e2e_tests: (#330) * e2e_test: Add timouts to OSPolicy tests so we don't wait forever (#329) * Create top level directories for gcloud and console for os policy assignment examples (#328) * e2e_tests: Move api from an internal directory (#327) * Make sure we use the same test name for reruns (#326) * Add CONFIG_V1 capability (#325) * e2e_tests: reduce size of instances, use pd-balanced, rerun failed tests once (#324) * Only report installed packages for dpkg (#322) * e2e_tests: fix windows package and repository tests (#323) * Add top level directories for os policy examples (#321) * e2e_tests: move to using inventory api for inventory reporting (#320) * e2e_tests: add ExecResource tests (#319) * ExecResource: make sure we set permissions correctly for downloaded files (#318) * Config task: only run post check on resources that have already been evaluated (#317) * e2e_test: reorganize OSPolicy tests to be per Resource type (#316) * Set custom user agent (#299) * e2e_tests: check InstanceOSPoliciesCompliance for each test case, add LocalPath FileResource test (#314) * PackageResource: make sure to run AptUpdate prior to package install (#315) * Fix bugs/add more logging for OSPolicies (#313) * Change metadata http client to ignore http proxies (#312) * e2e_test: add tests for FileResource (#311) * Add task_type context logging (#310) * Fix e2e_test typo (#309) * Fix e2e_tests (#308) * Disable OSPolicies by default since it is an unreleased feature (#307) * e2e_tests: Add more OSPolicies package and repo tests (#306) * Do not enforce repo_gpgcheck in guestpolicies (#305) * Gather inventory 3-5min after agent start (#303) * e2e_tests: add OSPolicies tests for package install (#302) * Add helpful error log if a service account is missing (#304) * OSPolicies: correct apt repo extension, remove yum/zypper gpgcheck override (#301) * Update cos library to parse new version of packages file (#300) * config_task: Rework config step logic (#296) * e2e_test: enable serial logs in cos to support ReportInventory test (#297)

Advisory ID	SUSE-RU-2021:1752-1
Released	Tue May 25 13:26:10 2021
Summary	Recommended update for expect
Type	recommended
Severity	moderate
References	1172681,1183904,1184122

Description:

This update for expect fixes the following issues:

Fixed an issue when expect in permanently open connection causes hanging for scripts. (bsc#1183904)
pass explicit -pie flag to CFLAGS and hack `make` invocation so that /usr/bin/expect actually becomes a PIE binary. This is especially awkard since the expect build system implicitly passes -fPIC which breaks our gcc-PIE package, but does not pass -pie while linking the executable. Shared libraries are also not linked with -shared so we need to explicitly pass this, too, to avoid build breakage. (bsc#1184122)
Add an unversioned symlink to make linking easier for applications that use libexpect without Tcl. (bsc#1172681)

Advisory ID	SUSE-SU-2021:1755-1
Released	Tue May 25 13:29:57 2021
Summary	Security update for libu2f-host
Type	security
Severity	moderate
References	1124781,1128140,1184648,CVE-2018-20340,CVE-2019-9578

Description:

This update for libu2f-host fixes the following issues:
This update ships the u2f-host package (jsc#ECO-3687 bsc#1184648)
Version 1.1.10 (released 2019-05-15)

Add new devices to udev rules.
Fix a potentially uninitialized buffer (CVE-2019-9578, bsc#1128140)

Version 1.1.9 (released 2019-03-06)

Fix CID copying from the init response, which broke compatibility with

some devices.
Version 1.1.8 (released 2019-03-05)

Add udev rules
Drop 70-old-u2f.rules and use 70-u2f.rules for everything
Use a random nonce for setting up CID to prevent fingerprinting
CVE-2019-9578: Parse the response to init in a more stable way to prevent leakage of uninitialized stack memory back to the device (bsc#1128140).

Version 1.1.7 (released 2019-01-08)

Fix for trusting length from device in device init.
Fix for buffer overflow when receiving data from device. (YSA-2019-01, CVE-2018-20340, bsc#1124781)
Add udev rules for some new devices.

Add udev rule for Feitian ePass FIDO - Add a timeout to the register and authenticate actions.

Advisory ID	SUSE-SU-2021:1759-1
Released	Wed May 26 11:16:44 2021
Summary	Security update for rubygem-actionpack-5_1
Type	security
Severity	important
References	1185715,CVE-2021-22885

Description:

This update for rubygem-actionpack-5_1 fixes the following issues:

CVE-2021-22885: Fixed possible information disclosure / unintended method execution in Action Pack (bsc#1185715).

Advisory ID	SUSE-SU-2021:1765-1
Released	Wed May 26 12:36:38 2021
Summary	Security update for libX11
Type	security
Severity	moderate
References	1182506,CVE-2021-31535

Description:

This update for libX11 fixes the following issues:

CVE-2021-31535: Fixed missing request length checks in libX11 (bsc#1182506).

Advisory ID	SUSE-RU-2021:1772-1
Released	Wed May 26 17:21:45 2021
Summary	Recommended update for motif
Type	recommended
Severity	moderate
References	1184184

Description:

This update for motif fixes the following issues:

Add patches to prevent the third party application crashing. (bsc#1184184)

Advisory ID	SUSE-SU-2021:1785-1
Released	Thu May 27 16:44:19 2021
Summary	Security update for postgresql13
Type	security
Severity	moderate
References	1179945,1183118,1183168,1185924,1185925,1185926,CVE-2021-32027,CVE-2021-32028,CVE-2021-32029

Description:

This update for postgresql13 fixes the following issues:

Upgrade to version 13.3:
CVE-2021-32027: Fixed integer overflows in array subscripting calculations (bsc#1185924).
CVE-2021-32028: Fixed mishandling of junk columns in INSERT ... ON CONFLICT ... UPDATE target lists (bsc#1185925).
CVE-2021-32029: Fixed possibly-incorrect computation of UPDATE ... RETURNING outputs for joined cross-partition updates (bsc#1185926).

Don't use %_stop_on_removal, because it was meant to be private and got removed from openSUSE. %_restart_on_update is also private, but still supported and needed for now (bsc#1183168).
Re-enable build of the llvmjit subpackage on SLE, but it will only be delivered on PackageHub for now (bsc#1183118).
Disable icu for PostgreSQL 10 (and older) on TW (bsc#1179945).

Advisory ID	SUSE-RU-2021:1794-1
Released	Thu May 27 19:25:29 2021
Summary	Recommended update for radvd
Type	recommended
Severity	moderate
References	1185066

Description:

This update for radvd fixes the following issues:

replace '/var/run' with '/run' in '/usr/lib/tmpfiles.d/radvd.conf' (bsc#1185066)

Advisory ID	SUSE-RU-2021:1797-1
Released	Fri May 28 12:56:31 2021
Summary	Recommended update for python-aliyun-img-utils, python-click-man, python-crcmod, python-oss2
Type	recommended
Severity	moderate
References	1181995

Description:

This update for python-aliyun-img-utils, python-click-man, python-crcmod, python-oss2 fixes the following issues:

Include in SLE-15 (bsc#1181995, jsc#ECO-3329, jsc#PM-2475)

Cleanup spec file
Use fdupes
Do not bundle html doc
singlespec auto-conversion
Include in SLE 12 (FATE #316168)
No need to use upstream tarball, download PyPI tarball instead
Switch to github archive as the tests are not present on pypi version.
Initial build

Advisory ID	SUSE-RU-2021:1800-1
Released	Fri May 28 15:28:23 2021
Summary	Recommended update for mdadm
Type	recommended
Severity	moderate
References	1175758,1181619

Description:

This update for mdadm fixes the following issues:

Fixed an issue when md device broke while adding another disk (bsc#1181619)
imsm: Addded nvme multipath support (bsc#1175758)

Advisory ID	SUSE-RU-2021:1805-1
Released	Mon May 31 15:34:37 2021
Summary	Recommended update for amazon-ssm-agent and amazon-ecs-init
Type	recommended
Severity	moderate
References	1186239,1186262

Description:

This update for amazon-ssm-agent and amazon-ecs-init fixes the following issues:

Added support for Amazon ECS Anywhere (bsc#1186239, bsc#1186262)

The amazon-ssm-agent package provides a RELEASENOTES.md file with a more detailed list of all changes.

Advisory ID	SUSE-SU-2021:1806-1
Released	Mon May 31 16:23:04 2021
Summary	Security update for python-httplib2
Type	security
Severity	moderate
References	1171998,1182053,CVE-2020-11078,CVE-2021-21240

Description:

This update for python-httplib2 fixes the following issues:

Update to version 0.19.0 (bsc#1182053).
CVE-2021-21240: Fixed regular expression denial of service via malicious header (bsc#1182053).
CVE-2020-11078: Fixed unescaped part of uri where an attacker could change request headers and body (bsc#1182053).

Advisory ID	SUSE-RU-2021:1817-1
Released	Tue Jun 1 10:09:53 2021
Summary	Recommended update for google-poppins-fonts
Type	recommended
Severity	moderate
References	1186642

Description:

This update of google-poppins-fonts releases it in a higher version than on SLES 15 SP2, to allow better migration and solve a openSUSE Leap 15.3 patch problem. (bsc#1186642)

Advisory ID	SUSE-SU-2021:1826-1
Released	Tue Jun 1 16:40:26 2021
Summary	Security update for bind
Type	security
Severity	important
References	1183453,1185073,CVE-2021-25214,CVE-2021-25215

Description:

This update for bind fixes the following issues:

CVE-2021-25214: Fixed a broken inbound incremental zone update (IXFR) which could have caused named to terminate unexpectedly (bsc#1185345).
CVE-2021-25215: Fixed an assertion check which could have failed while answering queries for DNAME records that required the DNAME to be processed to resolve itself (bsc#1185345).
Switched from /var/run to /run (bsc#1185073)
Hardening: Compiled binary with PIE flags to make it position independent

Advisory ID	SUSE-SU-2021:1840-1
Released	Wed Jun 2 16:29:28 2021
Summary	Security update for xstream
Type	security
Severity	important
References	1184372,1184373,1184374,1184375,1184376,1184377,1184378,1184379,1184380,1184796,1184797,CVE-2021-21341,CVE-2021-21342,CVE-2021-21343,CVE-2021-21344,CVE-2021-21345,CVE-2021-21346,CVE-2021-21347,CVE-2021-21348,CVE-2021-21349,CVE-2021-21350,CVE-2021-21351

Description:

This update for xstream fixes the following issues:

Upgrade to 1.4.16
CVE-2021-21351: remote attacker to load and execute arbitrary code (bsc#1184796)
CVE-2021-21349: SSRF can lead to a remote attacker to request data from internal resources (bsc#1184797)
CVE-2021-21350: arbitrary code execution (bsc#1184380)
CVE-2021-21348: remote attacker could cause denial of service by consuming maximum CPU time (bsc#1184374)
CVE-2021-21347: remote attacker to load and execute arbitrary code from a remote host (bsc#1184378)
CVE-2021-21344: remote attacker could load and execute arbitrary code from a remote host (bsc#1184375)
CVE-2021-21342: server-side forgery (bsc#1184379)
CVE-2021-21341: remote attacker could cause a denial of service by allocating 100% CPU time (bsc#1184377)
CVE-2021-21346: remote attacker could load and execute arbitrary code (bsc#1184373)
CVE-2021-21345: remote attacker with sufficient rights could execute commands (bsc#1184372)
CVE-2021-21343: replace or inject objects, that result in the deletion of files on the local host (bsc#1184376)

Advisory ID	SUSE-SU-2021:1841-1
Released	Wed Jun 2 16:30:17 2021
Summary	Security update for dhcp
Type	security
Severity	important
References	1186382,CVE-2021-25217

Description:

This update for dhcp fixes the following issues:

CVE-2021-25217: A buffer overrun in lease file parsing code can be used to exploit a common vulnerability shared by dhcpd and dhclient (bsc#1186382)

Advisory ID	SUSE-SU-2021:1843-1
Released	Thu Jun 3 16:22:36 2021
Summary	Security update for polkit
Type	security
Severity	important
References	1186497,CVE-2021-3560

Description:

This update for polkit fixes the following issues:

CVE-2021-3560: Fixed a local privilege escalation using polkit_system_bus_name_get_creds_sync() (bsc#1186497).

Advisory ID	SUSE-OU-2021:1847-1
Released	Fri Jun 4 08:47:12 2021
Summary	Optional update for bison
Type	optional
Severity	low
References	1183777

Description:

This update for bison fixes the following issues:

Fixed an issue when building bison for SUSE Linux Enterprise Server 15 SP3 (bsc#1183777)

This update does not fix any user visible issues, thus it is optional to install.

Advisory ID	SUSE-RU-2021:1848-1
Released	Fri Jun 4 08:48:03 2021
Summary	Recommended update for libraw
Type	recommended
Severity	low
References	1184123

Description:

This update for libraw fixes the following issues:

Hardening: Link as PIE (bsc#1184123)

Advisory ID	SUSE-RU-2021:1849-1
Released	Fri Jun 4 08:48:14 2021
Summary	Recommended update for fltk
Type	recommended
Severity	low
References	1184122

Description:

This update for fltk fixes the following issues:

Hardening: Removed non position independent binaries (bsc#1184122)

Advisory ID	SUSE-RU-2021:1850-1
Released	Fri Jun 4 08:48:41 2021
Summary	Recommended update for doxygen
Type	recommended
Severity	low
References	1184122

Description:

This update for doxygen fixes the following issues:

Hardeing: Removed non-PIE binaries (bsc#1184122)

Advisory ID	SUSE-RU-2021:1852-1
Released	Fri Jun 4 08:49:00 2021
Summary	Recommended update for libstoragemgmt
Type	recommended
Severity	low
References	1185067

Description:

This update for libstoragemgmt fixes the following issues:

Moved from /var/run to /run because of deprecation warnings (bsc#1185067)

Advisory ID	SUSE-RU-2021:1853-1
Released	Fri Jun 4 08:49:13 2021
Summary	Recommended update for exfatprogs
Type	recommended
Severity	moderate
References	1184882

Description:

This update for exfatprogs fixes the following issue:

Make `set_bit_le()` 64-bit compatible. (bsc#1184882)

bitmap data is not written normally in bitmap location s390x (64bit big endian system) and this fix makes it 64-bit compatible.

Advisory ID	SUSE-SU-2021:1854-1
Released	Fri Jun 4 08:54:10 2021
Summary	Security update for MozillaThunderbird
Type	security
Severity	moderate
References	1185086,1185633,1186198,1186199,CVE-2021-29950,CVE-2021-29951,CVE-2021-29956,CVE-2021-29957

Description:

This update for MozillaThunderbird fixes the following issues:

Mozilla Thunderbird 78.10.2
CVE-2021-29957: Fixed partial protection of inline OpenPGP message not indicated (bsc#1186198).
CVE-2021-29956: Fixed Thunderbird stored OpenPGP secret keys without master password protection (bsc#1186199).
CVE-2021-29951: Fixed Thunderbird Maintenance Service could have been started or stopped by domain users (bsc#1185633).
CVE-2021-29950: Fixed logic issue potentially leaves key material unlocked (bsc#1185086).

Advisory ID	SUSE-SU-2021:1859-1
Released	Fri Jun 4 09:02:38 2021
Summary	Security update for python-py
Type	security
Severity	moderate
References	1179805,1184505,CVE-2020-29651

Description:

This update for python-py fixes the following issues:

CVE-2020-29651: Fixed regular expression denial of service in svnwc.py (bsc#1179805, bsc#1184505).

Advisory ID	SUSE-SU-2021:1860-1
Released	Fri Jun 4 09:04:05 2021
Summary	Security update for libwebp
Type	security
Severity	critical
References	1185652,1185654,1185673,1185674,1185685,1185686,1185688,1185690,1185691,1186247,CVE-2018-25009,CVE-2018-25010,CVE-2018-25011,CVE-2018-25012,CVE-2018-25013,CVE-2020-36328,CVE-2020-36329,CVE-2020-36330,CVE-2020-36331,CVE-2020-36332

Description:

This update for libwebp fixes the following issues:

CVE-2018-25010: Fixed heap-based buffer overflow in ApplyFilter() (bsc#1185685).
CVE-2020-36330: Fixed heap-based buffer overflow in ChunkVerifyAndAssign() (bsc#1185691).
CVE-2020-36332: Fixed extreme memory allocation when reading a file (bsc#1185674).
CVE-2020-36329: Fixed use-after-free in EmitFancyRGB() (bsc#1185652).
CVE-2018-25012: Fixed heap-based buffer overflow in GetLE24() (bsc#1185690).
CVE-2020-36328: Fixed heap-based buffer overflow in WebPDecode*Into functions (bsc#1185688).
CVE-2018-25013: Fixed heap-based buffer overflow in ShiftBytes() (bsc#1185654).
CVE-2020-36331: Fixed heap-based buffer overflow in ChunkAssignData() (bsc#1185686).
CVE-2018-25009: Fixed heap-based buffer overflow in GetLE16() (bsc#1185673).
CVE-2018-25011: Fixed fail on multiple image chunks (bsc#1186247).

Advisory ID	SUSE-RU-2021:1861-1
Released	Fri Jun 4 09:59:40 2021
Summary	Recommended update for gcc10
Type	recommended
Severity	moderate
References	1029961,1106014,1178577,1178624,1178675,1182016

Description:

This update for gcc10 fixes the following issues:

Disable nvptx offloading for aarch64 again since it doesn't work
Fixed a build failure issue. (bsc#1182016)
Fix for memory miscompilation on 'aarch64'. (bsc#1178624, bsc#1178577)
Fix 32bit 'libgnat.so' link. (bsc#1178675)
prepare usrmerge: Install libgcc_s into %_libdir. ABI wise it stays /%lib. (bsc#1029961)
Build complete set of multilibs for arm-none target. (bsc#1106014)

Advisory ID	SUSE-SU-2021:1863-1
Released	Fri Jun 4 11:16:23 2021
Summary	Security update for umoci
Type	security
Severity	important
References	1184147,CVE-2021-29136

Description:

This update for umoci fixes the following issues:
Update to v0.4.7 (bsc#1184147).

CVE-2021-29136: Fixed overwriting of host files via malicious layer (bsc#1184147).

Advisory ID	SUSE-SU-2021:1876-1
Released	Mon Jun 7 14:01:09 2021
Summary	Security update for snakeyaml
Type	security
Severity	important
References	1159488,1186088,CVE-2017-18640

Description:

This update for snakeyaml fixes the following issues:

Upgrade to 1.28
CVE-2017-18640: The Alias feature allows entity expansion during a load operation (bsc#1159488, bsc#1186088)

Advisory ID	SUSE-RU-2021:1877-1
Released	Mon Jun 7 15:33:46 2021
Summary	Recommended update for gpm
Type	recommended
Severity	low
References	1160873,1182147

Description:

This update for gpm fixes the following issues:

Removed unnecessary StandardOutput override in the unit definition file. (bsc#1182147)
Fixed a compilation issue when using -fno-common during compilation (bsc#1160873)

Advisory ID	SUSE-SU-2021:1884-1
Released	Tue Jun 8 15:05:25 2021
Summary	Security update for MozillaFirefox
Type	security
Severity	important
References	1185633,1186696,CVE-2021-29951,CVE-2021-29964,CVE-2021-29967

Description:

This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 78.11.0 ESR (bsc#1186696)
* CVE-2021-29964: Out of bounds-read when parsing a `WM_COPYDATA` message * CVE-2021-29967: Memory safety bugs fixed in Firefox

Advisory ID	SUSE-SU-2021:1896-1
Released	Tue Jun 8 16:08:27 2021
Summary	Security update for pam_radius
Type	security
Severity	moderate
References	1163933,CVE-2015-9542

Description:

This update for pam_radius fixes the following issues:

CVE-2015-9542: pam_radius: buffer overflow in password field (bsc#1163933)

Advisory ID	SUSE-SU-2021:1897-1
Released	Tue Jun 8 16:15:17 2021
Summary	Security update for libX11
Type	security
Severity	important
References	1186643,CVE-2021-31535

Description:

This update for libX11 fixes the following issues:

Regression in the fix for CVE-2021-31535, causing segfaults for xforms applications like fdesign (bsc#1186643)

Advisory ID	SUSE-SU-2021:1914-1
Released	Wed Jun 9 14:29:32 2021
Summary	Security update for libopenmpt
Type	security
Severity	moderate
References	1186663

Description:

This update for libopenmpt fixes the following issues:
Various bugfix and stability issues were fixed, some of those might have security impact.
libopenmpt was updated to 0.3.28:

Fixed excessive memory consumption with malformed files in various formats.

Changes in 0.3.27:

AMS: Avoid allocating excessive amount of memory for compressed song message in malformed files.
S3M: Some samples were imported with a too high sample rate if module was saved with Scream Tracker 3.

Changes in 0.3.26:

DMF: Improve import of finetune effect with parameters larger than +/-15.

Changes in 0.3.25:

AMS: An upper bound for uncompressed sample size is now established to avoid memory exhaustion from malformed files.
MO3: Avoid certain ModPlug hacks from being fixed up twice, which could lead to e.g. very narrow pan swing range for old OpenMPT IT files saved with a recent MO3 encoder version.
IMF: Instrument sample mapping was off by one octave, notable in the guitar part of Astaris by Karsten Koch.
PLM: Percentage offset (Mxx) was slightly off.

Changes in 0.3.24:

PP20: The first few bytes of some files were not decompressed properly, making some files unplayable (depending on the original format).

Changes in 0.3.23:

IT: Global volume slides with both nibbles set preferred the “slide up” nibble over the “slide down” nibble in old OpenMPT versions, unlike other slides. Such old files are now imported correctly again.
IT: Fixed an edge case where, if the filter hit full cutoff / no resonance on the first tick of a row where a new delayed note would be triggered, the filter would be disabled even though it should stay active. Fixes trace.it by maddie.
XM: Out-of-range arpeggio clamping behaviour broke in OpenMPT 1.23.05.00. The arpeggios in Binary World by Dakota now play correctly again.
S3M: Support old-style sample pre-amp value in very early S3M files.
S3M: Only force-enable fast slides for files ST 3.00. Previously, any S3M file made with an ST3 version older than 3.20 enabled them.
M15: Improve tracker detection heuristics to never assume SoundTracker 2.0 if there is a huge number of Dxx commands, as that is a definite hint that they should be treated as volume slides. Fixes Monty On The Run by Master Blaster.

Changes in 0.3.22:

IT: Disable retrigger with short notes quirk for modules saved with Chibi Tracker, as it does not implement that quirk.
MOD: Fix early song ending due to ProTracker pattern jump quirk (EEx + Dxx on same row) if infinite looping is disabled. Fixes Haunted Tracks.mod by Triace.
MOD: Vibrato type “ramp down” was upside down.

Changes in 0.3.21:

IT: Vibrato was too fast in Old Effects mode since libopenmpt 0.3.
XM: Treat 8bitbubsy’s FT2 clone exactly like Fasttracker 2 with respect to compatibility and playback flags. For example, FT2 Pan Law was not applied.
DMF: Some files had a wrong tempo since libopenmpt 0.2.5705-beta15.

Advisory ID	SUSE-RU-2021:1923-1
Released	Thu Jun 10 08:37:00 2021
Summary	Recommended update for nfs-utils
Type	recommended
Severity	important
References	1183194

Description:

This update for nfs-utils fixes the following issues:

Ensured thread safety when opening files over NFS to prevent a use-after-free issue (bsc#1183194)

Advisory ID	SUSE-RU-2021:1926-1
Released	Thu Jun 10 08:38:14 2021
Summary	Recommended update for gcc
Type	recommended
Severity	moderate
References	1096677

Description:

This update for gcc fixes the following issues:

Added gccgo symlink and go and gofmt as alternatives to support parallel installation of golang (bsc#1096677)

Advisory ID	SUSE-SU-2021:1933-1
Released	Thu Jun 10 10:28:41 2021
Summary	Security update for ucode-intel
Type	security
Severity	important
References	1179833,1179836,1179837,1179839,CVE-2020-24489,CVE-2020-24511,CVE-2020-24512,CVE-2020-24513

Description:

This update for ucode-intel fixes the following issues:
Updated to Intel CPU Microcode 20210608 release.

CVE-2020-24513: A domain bypass transient execution vulnerability was discovered on some Intel Atom processors that use a micro-architectural incident channel. (INTEL-SA-00465 bsc#1179833) See also: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html

CVE-2020-24511: The IBRS feature to mitigate Spectre variant 2 transient execution side channel vulnerabilities may not fully prevent non-root (guest) branches from controlling the branch predictions of the root (host) (INTEL-SA-00464 bsc#1179836)

See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html)

CVE-2020-24512: Fixed trivial data value cache-lines such as all-zero value cache-lines may lead to changes in cache-allocation or write-back behavior for such cache-lines (bsc#1179837 INTEL-SA-00464)

See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html)
- CVE-2020-24489: Fixed Intel VT-d device pass through potential local privilege escalation (INTEL-SA-00442 bsc#1179839)
See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00442.html
Other fixes:

Update for functional issues. Refer to [Third Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/637780)for details.
Update for functional issues. Refer to [Second Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details.
Update for functional issues. Refer to [Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/613537) for details.
Update for functional issues. Refer to [Intel Xeon Processor D-1500, D-1500 NS and D-1600 NS Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-d-1500-specification-update.html) for details.
Update for functional issues. Refer to [Intel Xeon E7-8800 and E7-4800 v3 Processor Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e7-v3-spec-update.html) for details.
Update for functional issues. Refer to [Intel Xeon Processor E5 v3 Product Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e5-v3-spec-update.html?wapkw=processor+spec+update+e5) for details.
Update for functional issues. Refer to [10th Gen Intel Core Processor Families Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/10th-gen-core-families-specification-update.html) for details.
Update for functional issues. Refer to [8th and 9th Gen Intel Core Processor Family Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/8th-gen-core-spec-update.html) for details.
Update for functional issues. Refer to [7th Gen and 8th Gen (U Quad-Core) Intel Processor Families Specification Update](https://www.intel.com/content/www/us/en/processors/core/7th-gen-core-family-spec-update.html) for details.
Update for functional issues. Refer to [6th Gen Intel Processor Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/332689) for details.
Update for functional issues. Refer to [Intel Xeon E3-1200 v6 Processor Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e3-1200v6-spec-update.html) for details.
Update for functional issues. Refer to [Intel Xeon E-2100 and E-2200 Processor Family Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-e-2100-specification-update.html) for details.

New platforms:

| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | CLX-SP | A0 | 06-55-05/b7 | | 03000010 | Xeon Scalable Gen2 | ICX-SP | C0 | 06-6a-05/87 | | 0c0002f0 | Xeon Scalable Gen3 | ICX-SP | D0 | 06-6a-06/87 | | 0d0002a0 | Xeon Scalable Gen3 | SNR | B0 | 06-86-04/01 | | 0b00000f | Atom P59xxB | SNR | B1 | 06-86-05/01 | | 0b00000f | Atom P59xxB | TGL | B1 | 06-8c-01/80 | | 00000088 | Core Gen11 Mobile | TGL-R | C0 | 06-8c-02/c2 | | 00000016 | Core Gen11 Mobile | TGL-H | R0 | 06-8d-01/c2 | | 0000002c | Core Gen11 Mobile | EHL | B1 | 06-96-01/01 | | 00000011 | Pentium J6426/N6415, Celeron J6412/J6413/N6210/N6211, Atom x6000E | JSL | A0/A1 | 06-9c-00/01 | | 0000001d | Pentium N6000/N6005, Celeron N4500/N4505/N5100/N5105 | RKL-S | B0 | 06-a7-01/02 | | 00000040 | Core Gen11

Updated platforms:

| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000044 | 00000046 | Core Gen4 X series; Xeon E5 v3 | HSX-EX | E0 | 06-3f-04/80 | 00000016 | 00000019 | Xeon E7 v3 | SKL-U/Y | D0 | 06-4e-03/c0 | 000000e2 | 000000ea | Core Gen6 Mobile | SKL-U23e | K1 | 06-4e-03/c0 | 000000e2 | 000000ea | Core Gen6 Mobile | BDX-ML | B0/M0/R0 | 06-4f-01/ef | 0b000038 | 0b00003e | Xeon E5/E7 v4; Core i7-69xx/68xx | SKX-SP | B1 | 06-55-03/97 | 01000159 | 0100015b | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006a0a | 02006b06 | Xeon Scalable | SKX-D | M1 | 06-55-04/b7 | 02006a0a | 02006b06 | Xeon D-21xx | CLX-SP | B0 | 06-55-06/bf | 04003006 | 04003102 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05003006 | 05003102 | Xeon Scalable Gen2 | CPX-SP | A1 | 06-55-0b/bf | 0700001e | 07002302 | Xeon Scalable Gen3 | BDX-DE | V2/V3 | 06-56-03/10 | 07000019 | 0700001b | Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 | BDX-DE | Y0 | 06-56-04/10 | 0f000017 | 0f000019 | Xeon D-1557/59/67/71/77/81/87 | BDX-NS | A0 | 06-56-05/10 | 0e00000f | 0e000012 | Xeon D-1513N/23/33/43/53 | APL | D0 | 06-5c-09/03 | 00000040 | 00000044 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx | APL | E0 | 06-5c-0a/03 | 0000001e | 00000020 | Atom x5-E39xx | SKL-H/S | R0/N0 | 06-5e-03/36 | 000000e2 | 000000ea | Core Gen6; Xeon E3 v5 | DNV | B0 | 06-5f-01/01 | 0000002e | 00000034 | Atom C Series | GLK | B0 | 06-7a-01/01 | 00000034 | 00000036 | Pentium Silver N/J5xxx, Celeron N/J4xxx | GKL-R | R0 | 06-7a-08/01 | 00000018 | 0000001a | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | ICL-U/Y | D1 | 06-7e-05/80 | 000000a0 | 000000a6 | Core Gen10 Mobile | LKF | B2/B3 | 06-8a-01/10 | 00000028 | 0000002a | Core w/Hybrid Technology | AML-Y22 | H0 | 06-8e-09/10 | 000000de | 000000ea | Core Gen8 Mobile | KBL-U/Y | H0 | 06-8e-09/c0 | 000000de | 000000ea | Core Gen7 Mobile | CFL-U43e | D0 | 06-8e-0a/c0 | 000000e0 | 000000ea | Core Gen8 Mobile | WHL-U | W0 | 06-8e-0b/d0 | 000000de | 000000ea | Core Gen8 Mobile | AML-Y42 | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen10 Mobile | CML-Y42 | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen10 Mobile | WHL-U | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen8 Mobile | KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000de | 000000ea | Core Gen7; Xeon E3 v6 | CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000de | 000000ea | Core Gen8 Desktop, Mobile, Xeon E | CFL-S | B0 | 06-9e-0b/02 | 000000de | 000000ea | Core Gen8 | CFL-H/S | P0 | 06-9e-0c/22 | 000000de | 000000ea | Core Gen9 | CFL-H | R0 | 06-9e-0d/22 | 000000de | 000000ea | Core Gen9 Mobile | CML-H | R1 | 06-a5-02/20 | 000000e0 | 000000ea | Core Gen10 Mobile | CML-S62 | G1 | 06-a5-03/22 | 000000e0 | 000000ea | Core Gen10 | CML-S102 | Q0 | 06-a5-05/22 | 000000e0 | 000000ec | Core Gen10 | CML-U62 | A0 | 06-a6-00/80 | 000000e0 | 000000e8 | Core Gen10 Mobile | CML-U62 V2 | K0 | 06-a6-01/80 | 000000e0 | 000000ea | Core Gen10 Mobile

Advisory ID	SUSE-RU-2021:1934-1
Released	Thu Jun 10 10:35:09 2021
Summary	Recommended update for xorg-x11-server
Type	recommended
Severity	moderate
References	1184906,1186092

Description:

This update for xorg-x11-server fixes the following issues:

xwayland: Fix invisible window produced by Xwayland. (bsc#1186092, bsc#1184906)

Advisory ID	SUSE-RU-2021:1935-1
Released	Thu Jun 10 10:45:09 2021
Summary	Recommended update for gzip
Type	recommended
Severity	moderate
References	1186642

Description:

This update for gzip fixes the following issue:

gzip had a lower release number in 15 sp2 and sp3 than in 15 sp1, which could lead to migration issues. (bsc#1186642)

Advisory ID	SUSE-RU-2021:1937-1
Released	Thu Jun 10 10:47:09 2021
Summary	Recommended update for nghttp2
Type	recommended
Severity	moderate
References	1186642

Description:

This update for nghttp2 fixes the following issue:

The (lib)nghttp2 packages had a lower release number in SUSE Linux Enterprise 15 sp2 and sp3 than in 15 sp1, which could lead to migration issues. (bsc#1186642)

Advisory ID	SUSE-RU-2021:1941-1
Released	Thu Jun 10 10:49:52 2021
Summary	Recommended update for sysconfig
Type	recommended
Severity	moderate
References	1186642

Description:

This update for sysconfig fixes the following issue:

sysconfig had a lower release number in 15 sp2 and sp3 than in 15 sp1, which could lead to migration issues. (bsc#1186642)

Advisory ID	SUSE-SU-2021:1948-1
Released	Thu Jun 10 12:32:08 2021
Summary	Security update for djvulibre
Type	security
Severity	important
References	1186253,CVE-2021-3500

Description:

This update for djvulibre fixes the following issues:

CVE-2021-3500: Stack overflow in function DJVU:DjVuDocument:get_djvu_file() via crafted djvu file (bsc#1186253)

Advisory ID	SUSE-RU-2021:1950-1
Released	Thu Jun 10 14:42:00 2021
Summary	Recommended update for hwdata
Type	recommended
Severity	moderate
References	1170160,1182482,1185697

Description:

This update for hwdata fixes the following issues:

Update to version 0.347: + Updated pci, usb and vendor ids. (bsc#1185697)

Update to version 0.346: + Updated pci, usb and vendor ids. (bsc#1182482, jsc#SLE-13791, bsc#1170160)

Advisory ID	SUSE-SU-2021:1954-1
Released	Fri Jun 11 10:45:09 2021
Summary	Security update for containerd, docker, runc
Type	security
Severity	important
References	1168481,1175081,1175821,1181594,1181641,1181677,1181730,1181732,1181749,1182451,1182476,1182947,1183024,1183855,1184768,1184962,1185405,CVE-2021-21284,CVE-2021-21285,CVE-2021-21334,CVE-2021-30465

Description:

This update for containerd, docker, runc fixes the following issues:
Docker was updated to 20.10.6-ce (bsc#1184768, bsc#1182947, bsc#1181594)

Switch version to use -ce suffix rather than _ce to avoid confusing other tools (bsc#1182476).
CVE-2021-21284: Fixed a potential privilege escalation when the root user in the remapped namespace has access to the host filesystem (bsc#1181732)
CVE-2021-21285: Fixed an issue where pulling a malformed Docker image manifest crashes the dockerd daemon (bsc#1181730).
btrfs quotas being removed by Docker regularly (bsc#1183855, bsc#1175081)

runc was updated to v1.0.0~rc93 (bsc#1182451, bsc#1175821 bsc#1184962).

Use the upstream runc package (bsc#1181641, bsc#1181677, bsc#1175821).
Fixed /dev/null is not available (bsc#1168481).
CVE-2021-30465: Fixed a symlink-exchange attack vulnarability (bsc#1185405).

containerd was updated to v1.4.4

CVE-2021-21334: Fixed a potential information leak through environment variables (bsc#1183397).
Handle a requirement from docker (bsc#1181594).

Advisory ID	SUSE-RU-2021:1955-1
Released	Fri Jun 11 12:50:54 2021
Summary	Recommended update for webkit2gtk3
Type	recommended
Severity	moderate
References	1186642

Description:

This update for webkit2gtk3 fixes the following issue:

webkit2gtk3 had a lower release number in 15 sp2 and sp3 than in 15 sp1, which could lead to migration issues. (bsc#1186642)

Advisory ID	SUSE-RU-2021:1973-1
Released	Tue Jun 15 12:10:54 2021
Summary	Recommended update for libreoffice and xmlsec1
Type	recommended
Severity	important
References	1184527,1184961,1185505,1185797,1186110,1186706

Description:

This update for libreoffice and xmlsec1 fixes the following issues:
libreoffice:
Update from version 7.1.2.2 to version 7.1.3.2

Searching in PPTX document makes LibreOffice crash. (bsc#1185797)
Fix a text highlight issue when saving as PPTX. (bsc#1185505)
Recommend `libreoffice-qt5` only when it is actually created
Fix a build error with GCC11. (bsc#1186110)
LibreOffice requires at least java 1.8.0 to run properly.
Fix a potential dataloss in LibreOffice Math. (bsc#1184961, bsc#1184527)

The issue occurred only while trying to close the document via shortcuts. In this case LibreOffice Math was closed without asking to save the document.
xmlsec1:

Provide missing binaries to SUSE Linux Enterprise 15-SP3 with l3 support level. (bsc#1186706)

myspell-dictionaries:

Provide missing binaries to SUSE Linux Enterprise 15-SP3 with l2 support level. (bsc#1186706)

Advisory ID	SUSE-SU-2021:1989-1
Released	Thu Jun 17 09:51:26 2021
Summary	Security update for java-1_8_0-openjdk
Type	security
Severity	moderate
References	1185055,CVE-2021-2163

Description:

This update for java-1_8_0-openjdk fixes the following issues:

Update to version jdk8u292 (icedtea 3.19.0).
CVE-2021-2161: Fixed incomplete enforcement of JAR signing disabled algorithms (bsc#1185055).

Advisory ID	SUSE-SU-2021:1995-1
Released	Thu Jun 17 15:11:40 2021
Summary	Security update for xstream
Type	security
Severity	important
References	1186651,CVE-2021-29505

Description:

This update for xstream fixes the following issues:
Upgrade to 1.4.17

CVE-2021-29505: Fixed potential code execution when unmarshalling with XStream instances using an uninitialized security framework (bsc#1186651)

Advisory ID	SUSE-RU-2021:2000-1
Released	Thu Jun 17 16:50:00 2021
Summary	Recommended update for tomcat
Type	recommended
Severity	moderate
References	1186642

Description:

This update for tomcat fixes the following issue:

tomcat had a lower release number in 15 sp2 and sp3 than in 15 sp1, which could lead to migration issues. (bsc#1186642)

Advisory ID	SUSE-RU-2021:2001-1
Released	Thu Jun 17 16:54:07 2021
Summary	Recommended update for python-pycryptodome
Type	recommended
Severity	moderate
References	1186642

Description:

This update for python-pycryptodome fixes the following issue:

python-pycryptodome had a lower release number in 15 sp2 and sp3 than in 15 sp1, which could lead to migration issues. (bsc#1186642)

Advisory ID	SUSE-RU-2021:2002-1
Released	Thu Jun 17 17:27:47 2021
Summary	Recommended update for open-vm-tools
Type	recommended
Severity	moderate
References	1186642

Description:

This update for open-vm-tools fixes the following issue:

open-vm-tools had a lower release number in 15 sp2 and sp3 than in 15 sp1, which could lead to migration issues. (bsc#1186642)

Advisory ID	SUSE-SU-2021:2003-1
Released	Thu Jun 17 18:03:10 2021
Summary	Security update for MozillaThunderbird
Type	security
Severity	important
References	1186696,CVE-2021-29964,CVE-2021-29967

Description:

This update for MozillaThunderbird fixes the following issues:
Mozilla Thunderbird 78.11 (bsc#1186696)
Security issues fixed:

CVE-2021-29964: Out of bounds-read when parsing a `WM_COPYDATA` message
CVE-2021-29967: Memory safety bugs fixed in Thunderbird 78.11

General improvements:

OpenPGP could not be disabled for an account if a key was previously configured
Recipients were unable to decrypt some messages when the sender had changed the message encryption from OpenPGP to S/MIME
Contacts moved between CardDAV address books were not synced to the new server
CardDAV compatibility fixes for Google Contacts
Folder pane had no clear indication of focus on macOS

Advisory ID	SUSE-SU-2021:2005-1
Released	Thu Jun 17 18:04:06 2021
Summary	Security update for jetty-minimal
Type	security
Severity	important
References	1184366,1184367,1184368,1187117,CVE-2021-28163,CVE-2021-28164,CVE-2021-28165,CVE-2021-28169

Description:

This update for jetty-minimal fixes the following issues:
Update to version 9.4.42.v20210604

Fix: bsc#1187117, CVE-2021-28169 - possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory
Fix: bsc#1184367, CVE-2021-28165 - jetty server high CPU when client send data length > 17408
Fix: bsc#1184368, CVE-2021-28164 - Normalize ambiguous URIs
Fix: bsc#1184366, CVE-2021-28163 - Exclude webapps directory from deployment scan

Advisory ID	SUSE-SU-2021:2008-1
Released	Thu Jun 17 18:07:45 2021
Summary	Security update for python-rsa
Type	security
Severity	important
References	1172389,CVE-2020-13757

Description:

This update for python-rsa fixes the following issues:

CVE-2020-13757: Proper handling of leading '\0' bytes during decryption of ciphertext (bsc#1172389)

Advisory ID	SUSE-SU-2021:2011-1
Released	Fri Jun 18 09:14:39 2021
Summary	Security update for xterm
Type	security
Severity	important
References	1182091,CVE-2021-27135

Description:

This update for xterm fixes the following issues:

CVE-2021-27135: Fixed buffer-overflow when clicking on selected utf8 text. (bsc#1182091)

Advisory ID	SUSE-SU-2021:2012-1
Released	Fri Jun 18 09:15:13 2021
Summary	Security update for python-urllib3
Type	security
Severity	important
References	1187045,CVE-2021-33503

Description:

This update for python-urllib3 fixes the following issues:

CVE-2021-33503: Fixed a denial of service when the URL contained many @ characters in the authority component (bsc#1187045)

Advisory ID	SUSE-RU-2021:2076-1
Released	Fri Jun 18 13:47:19 2021
Summary	Recommended update for dovecot23
Type	recommended
Severity	moderate
References	1186642

Description:

This update for dovecot23 fixes the following issue:

dovecot23 had a lower release number in 15 sp2 and sp3 than in 15 sp1, which could lead to migration issues. (bsc#1186642)

Advisory ID	SUSE-RU-2021:2079-1
Released	Fri Jun 18 14:39:49 2021
Summary	Recommended update for build
Type	recommended
Severity	moderate
References	1186642

Description:

This update for build fixes the following issue:

build had a lower release number in 15 sp2 and sp3 than in 15 sp1, which could lead to migration issues. (bsc#1186642)

Advisory ID	SUSE-RU-2021:2089-1
Released	Mon Jun 21 08:19:42 2021
Summary	Recommended update for libreoffice
Type	recommended
Severity	important
References	1187354

Description:

This update for libreoffice fixes the following issue:

LibreOffice migration conflict from SUSE Linux Enterprise 15-SP2 to SUSE Linux Enterprise 15-SP3. (bsc#1187354)

Advisory ID	SUSE-OU-2021:2090-1
Released	Mon Jun 21 10:43:56 2021
Summary	Optional update for p7zip
Type	optional
Severity	low
References	1185910

Description:

This update for p7zip fixes the following issues:

Initial shipping of p7zip-full (bsc#1185910)

Advisory ID	SUSE-RU-2021:2091-1
Released	Mon Jun 21 10:45:13 2021
Summary	Recommended update for wget
Type	recommended
Severity	moderate
References	1181173

Description:

This update for wget fixes the following issue:

When running recursively, wget will verify the length of the whole URL when saving the files. This will make it overwrite files with truncated names, throwing the following message: 'The name is too long,... trying to shorten'. (bsc#1181173)

Advisory ID	SUSE-RU-2021:2095-1
Released	Mon Jun 21 13:35:08 2021
Summary	Recommended update for ntp
Type	recommended
Severity	low
References

Description:

This update for ntp fixes the following issues:

Adjusted the man page documentation to clarify that 'interface ignore all' does not cover the wildcard and localhost addresses (jsc#SLE-15482)

Advisory ID	SUSE-RU-2021:2096-1
Released	Mon Jun 21 13:35:38 2021
Summary	Recommended update for python-six
Type	recommended
Severity	moderate
References	1186642

Description:

This update for python-six fixes the following issue:

python-six had a lower release number in 15 sp2 and sp3 than in 15 sp1, which could lead to migration issues. (bsc#1186642)

Advisory ID	SUSE-RU-2021:2103-1
Released	Mon Jun 21 19:23:28 2021
Summary	Recommended update for SUSE Manager Client Tools
Type	recommended
Severity	moderate
References	1173557,1177884,1177928,1180583,1180584,1180585,1185178

Description:

This update fixes the following issues:
POS_Image-Graphical7:

Use absolute path in bootloader service
Update install-local-bootloader.service for recent saltboot
Use linuxefi only on x86

POS_Image-JeOS7:

Use absolute path in bootloader service
Update install-local-bootloader.service for recent saltboot
Use linuxefi only on x86

golang-github-prometheus-prometheus:

Add tarball with vendor modules and web assets
Read formula data from exporters map
Add support for TLS targets
Upgrade to upstream version 2.26.0 + Changes * Alerting: Using Alertmanager v2 API by default. * Prometheus/Promtool: Binaries are now printing help and usage to stdout instead of stderr. * UI: Make the React UI default. * Remote write: The following metrics were removed/renamed in remote write. > prometheus_remote_storage_succeeded_samples_total was removed and prometheus_remote_storage_samples_total was introduced for all the samples attempted to send. > prometheus_remote_storage_sent_bytes_total was removed and replaced with prometheus_remote_storage_samples_bytes_total and prometheus_remote_storage_metadata_bytes_total. > prometheus_remote_storage_failed_samples_total -> prometheus_remote_storage_samples_failed_total. > prometheus_remote_storage_retried_samples_total -> prometheus_remote_storage_samples_retried_total. > prometheus_remote_storage_dropped_samples_total -> prometheus_remote_storage_samples_dropped_total. > prometheus_remote_storage_pending_samples -> prometheus_remote_storage_samples_pending. * Remote: Do not collect non-initialized timestamp metrics. + Features * Remote: Add support for AWS SigV4 auth method for remote_write. * PromQL: Allow negative offsets. Behind --enable-feature=promql-negative-offset flag. * UI: Add advanced auto-completion, syntax highlighting and linting to graph page query input. * Include a new `--enable-feature=` flag that enables experimental features. * Add TLS and basic authentication to HTTP endpoints. * promtool: Add check web-config subcommand to check web config files. * promtool: Add tsdb create-blocks-from openmetrics subcommand to backfill metrics data from an OpenMetrics file. + Enhancements * PromQL: Add last_over_time, sgn, clamp functions. * Scrape: Add support for specifying type of Authorization header credentials with Bearer by default. * Scrape: Add follow_redirects option to scrape configuration. * Remote: Allow retries on HTTP 429 response code for remote_write. * Remote: Allow configuring custom headers for remote_read. * UI: Hitting Enter now triggers new query. * UI: Better handling of long rule and names on the /rules and /targets pages. * UI: Add collapse/expand all button on the /targets page. * Add optional name property to testgroup for better test failure output. * Add warnings into React Panel on the Graph page. * TSDB: Increase the number of buckets for the compaction duration metric. * Remote: Allow passing along custom remote_write HTTP headers. * Mixins: Scope grafana configuration. * Kubernetes SD: Add endpoint labels metadata. * UI: Expose total number of label pairs in head in TSDB stats page. * TSDB: Reload blocks every minute, to detect new blocks and enforce retention more often. * Cache basic authentication results to significantly improve performance of HTTP endpoints. * HTTP API: Fast-fail queries with only empty matchers. * HTTP API: Support matchers for labels API. * promtool: Improve checking of URLs passed on the command line. * SD: Expose IPv6 as a label in EC2 SD. * SD: Reuse EC2 client, reducing frequency of requesting credentials. * TSDB: Add logging when compaction takes more than the block time range. * TSDB: Avoid unnecessary GC runs after compaction. * Remote write: Added a metric prometheus_remote_storage_max_samples_per_send for remote write. * TSDB: Make the snapshot directory name always the same length. * TSDB: Create a checkpoint only once at the end of all head compactions. * TSDB: Avoid Series API from hitting the chunks. * TSDB: Cache label name and last value when adding series during compactions making compactions faster. * PromQL: Improved performance of Hash method making queries a bit faster. * promtool: tsdb list now prints block sizes. * promtool: Calculate mint and maxt per test avoiding unnecessary calculations. * SD: Add filtering of services to Docker Swarm SD. + Bug fixes * API: Fix global URL when external address has no port. * Deprecate unused flag --alertmanager.timeout.

mgr-cfg:

SPEC: Updated Python definitions for RHEL8 and quoted text comparisons.

mgr-custom-info:

Update package version to 4.2.0

mgr-daemon:

Update translation strings
Update the translations from weblate
Added quotes around %{_vendor} token for the if statements in spec file.
Fix removal of mgr-deamon with selinux enabled (bsc#1177928)
Updating translations from weblate

mgr-osad:

Change the log file permissions as expected by logrotate (bsc#1177884)
Change deprecated path /var/run into /run for systemd (bsc#1185178)
Python fixes
Removal of RHEL5

mgr-push:

Defined __python for python2.
Excluded RHEL8 for Python 2 build.

mgr-virtualization:

Update package version to 4.2.0

python-hwdata:

Modified to build on RHEL8.

rhnlib:

Update package version to 4.2.0

spacecmd:

Rename system migration to system transfer
Rename SP to product migration
Update translation strings
Add group_addconfigchannel and group_removeconfigchannel
Add group_listconfigchannels and configchannel_listgroups
Fix spacecmd compat with Python 3
Deprecated 'Software Crashes' feature
Document advanced package search on '--help' (bsc#1180583)
Fixed advanced search on 'package_listinstalledsystems'
Fixed duplicate results when using multiple search criteria (bsc#1180585)
Fixed 'non-advanced' package search when using multiple package names (bsc#1180584)
Update translations
Fix: make spacecmd build on Debian
Add Service Pack migration operations (bsc#1173557)

spacewalk-client-tools:

Update the translations from weblate
Drop the --noSSLServerURL option
Updated RHEL Python requirements.
Added quotes around %{_vendor}.

spacewalk-koan:

Fix for spacewalk-koan test

spacewalk-oscap:

Update package version to 4.2.0

spacewalk-remote-utils:

Update package version to 4.2.0

supportutils-plugin-susemanager-client:

Update package version to 4.2.0

suseRegisterInfo:

Add support for Amazon Linux 2
Add support for Alibaba Cloud Linux 2
Adapted for RHEL build.

uyuni-common-libs:

Cleaning up unused Python 2 build leftovers.
Disabled debug package build.

Advisory ID	SUSE-SU-2021:2106-1
Released	Mon Jun 21 19:26:19 2021
Summary	Security update for salt
Type	security
Severity	critical
References	1171257,1176293,1179831,1181368,1182281,1182293,1182382,1185092,1185281,1186674,CVE-2018-15750,CVE-2018-15751,CVE-2020-11651,CVE-2020-11652,CVE-2020-25592,CVE-2021-25315,CVE-2021-31607

Description:

This update for salt fixes the following issues:
Update to Salt release version 3002.2 (jsc#ECO-3212, jsc#SLE-18033, jsc#SLE-18028)

Check if dpkgnotify is executable (bsc#1186674)
Drop support for Python2. Obsoletes `python2-salt` package (jsc#SLE-18028)
virt module updates * network: handle missing ipv4 netmask attribute * more network support * PCI/USB host devices passthrough support
Set distro requirement to oldest supported version in requirements/base.txt
Bring missing part of async batch implementation back (CVE-2021-25315, bsc#1182382)
Always require `python3-distro` (bsc#1182293)
Remove deprecated warning that breaks minion execution when 'server_id_use_crc' opts is missing
Fix pkg states when DEB package has 'all' arch
Do not force beacons configuration to be a list.
Remove msgpack < 1.0.0 from base requirements (bsc#1176293)
msgpack support for version >= 1.0.0 (bsc#1171257)
Fix issue parsing errors in ansiblegate state module
Prevent command injection in the snapper module (bsc#1185281, CVE-2021-31607)
transactional_update: detect recursion in the executor
Add subpackage salt-transactional-update (jsc#SLE-18033)
Improvements on 'ansiblegate' module (bsc#1185092): * New methods: ansible.targets / ansible.discover_playbooks
Add support for Alibaba Cloud Linux 2 (Aliyun Linux)
Regression fix of salt-ssh on processing targets
Update target fix for salt-ssh and avoiding race condition on salt-ssh event processing (bsc#1179831, bsc#1182281)
Add notify beacon for Debian/Ubuntu systems
Fix zmq bug that causes salt-call to freeze (bsc#1181368)

Advisory ID	SUSE-RU-2021:2107-1
Released	Mon Jun 21 19:29:09 2021
Summary	Recommended update for golang-github-prometheus-node_exporter
Type	recommended
Severity	moderate
References	1151558

Description:

This update for golang-github-prometheus-node_exporter fixes the following issues:
Update from version 1.0.1 to version 1.1.2

Bug fixes: - Do not include sources (bsc#1151558) - Handle errors from disabled `Pressure Stall Information (PSI)` subsystem - Sanitize strings from `/sys/class/power_supply` - Silence missing `netclass` errors - Fix `ineffassign` issue - Demote some warning to `Debug` level - `filesystem_freebsd`: Fix label values - Fix various `procfs` parsing errors - Handle no data from the power supply class - `udp_queues_linux.go`: change `upd` to `udp` in two error strings - Fix `node_scrape_collector_success` behavior - Fix `NodeRAIDDegraded` to not use a string rule expressions - Fix `node_md_disks` state label from fail to failed - Handle `EPERM` for syscall in timex collector - `bcache`: fix typo in a metric name - Fix XFS read/write stats
Enhancements: - Improve filter flag names - Add `btrfs` and `powersupplyclass` to list of exporters enabled by default - Add more `InfiniBand` counters - Add a flag to aggregate `ipvs` metrics to avoid high cardinality metrics - Add `backlog/current` queue length to `qdisc` collector - Include `TCP OutRsts` in `netstat` metrics - Add the `pool size` to entropy collector - Remove `CGO` dependencies for OpenBSD amd64 - `bcache`: add `writeback_rate_debug` statistics - Add `check state` for `mdadm` arrays via `node_md_state metric` - Expose `XFS inode` statistics - Expose `zfs zpool` state - Add the ability to pass `collector.supervisord.url` via `SUPERVISORD_URL` environment variable

Features: - Add fiber channel collector - Expose cpu bugs and flags as info metrics. - Add `network_route` collector - Add `zoneinfo` collector

Advisory ID	SUSE-SU-2021:2123-1
Released	Tue Jun 22 14:29:43 2021
Summary	Security update for dovecot23
Type	security
Severity	important
References	1187418,1187419,CVE-2021-29157,CVE-2021-33515

Description:

This update for dovecot23 fixes the following issues:

CVE-2021-29157: Local attacker can login as any user and access their emails (bsc#1187418)
CVE-2021-33515: Attacker can potentially steal user credentials and mails (bsc#1187419)

Advisory ID	SUSE-SU-2021:2125-1
Released	Tue Jun 22 14:41:26 2021
Summary	Security update for wireshark
Type	security
Severity	important
References	1179930,1179931,1179932,1179933,1180102,1180232,1181598,1181599,1183353,1184110,1185128,CVE-2020-26418,CVE-2020-26419,CVE-2020-26420,CVE-2020-26421,CVE-2020-26422,CVE-2021-22173,CVE-2021-22174,CVE-2021-22191,CVE-2021-22207

Description:

This update for wireshark, libvirt, sbc and libqt5-qtmultimedia fixes the following issues:
Update wireshark to version 3.4.5

New and updated support and bug fixes for multiple protocols
Asynchronous DNS resolution is always enabled
Protobuf fields can be dissected as Wireshark (header) fields
UI improvements

Including security fixes for:

CVE-2021-22191: Wireshark could open unsafe URLs (bsc#1183353).
CVE-2021-22207: MS-WSP dissector excessive memory consumption (bsc#1185128)
CVE-2020-26422: QUIC dissector crash (bsc#1180232)
CVE-2020-26418: Kafka dissector memory leak (bsc#1179930)
CVE-2020-26419: Multiple dissector memory leaks (bsc#1179931)
CVE-2020-26420: RTPS dissector memory leak (bsc#1179932)
CVE-2020-26421: USB HID dissector crash (bsc#1179933)
CVE-2021-22173: Fix USB HID dissector memory leak (bsc#1181598)
CVE-2021-22174: Fix USB HID dissector crash (bsc#1181599)

libqt5-qtmultimedia and sbc are necessary dependencies. libvirt is needed to rebuild wireshark-plugin-libvirt.

Advisory ID	SUSE-SU-2021:2136-1
Released	Wed Jun 23 13:40:13 2021
Summary	Security update for cryptctl
Type	security
Severity	important
References	1186226,CVE-2019-18906

Description:

This update for cryptctl fixes the following issues:
Update to version 2.4:

CVE-2019-18906: Client side password hashing was equivalent to clear text password storage (bsc#1186226)
First step to use plain text password instead of hashed password.
Move repository into the SUSE github organization
in RPC server, if client comes from localhost, remember its ipv4 localhost address instead of ipv6 address
tell a record to clear expired pending commands upon saving a command result; introduce pending commands RPC test case
avoid hard coding 127.0.0.1 in host ID of alive message test; let system administrator mount and unmount disks by issuing these two commands on key server.

Advisory ID	SUSE-RU-2021:2140-1
Released	Wed Jun 23 14:53:09 2021
Summary	Recommended update for prometheus-ha_cluster_exporter
Type	recommended
Severity	moderate
References

Description:

This update for prometheus-ha_cluster_exporter fixes the following issues:
Update from version 1.2.2 to version 1.2.3:

Compress GitHub artifacts after having built them.
Fix cloned resource collection and track stopped resources even when they are cloned. `Pacemaker Clone Resources` appear multiple times in `crm_mon`; since the main discriminator field is the node, and that's missing when a resource is stopped, the cloned and stopped entries will appear multiple times in the `crm_mon` output, with the exact same fields and values: this is a problem for the `Prometheus SDK`, which doesn't expect duplicate metrics over the course of a single collection cycle.
Remove the `make download` target, which was required when using old Go versions.

Advisory ID	SUSE-RU-2021:2146-1
Released	Wed Jun 23 17:55:14 2021
Summary	Recommended update for openssh
Type	recommended
Severity	moderate
References	1115550,1174162

Description:

This update for openssh fixes the following issues:

Fixed a race condition leading to a sshd termination of multichannel sessions with non-root users (bsc#1115550, bsc#1174162).

Advisory ID	SUSE-RU-2021:2148-1
Released	Wed Jun 23 21:11:07 2021
Summary	Recommended update for csync2
Type	recommended
Severity	moderate
References	1187080

Description:

This update for csync2 fixes the following issues:

Removal of csync2 package throws error for non-existent service template. (bsc#1187080)

Advisory ID	SUSE-RU-2021:2150-1
Released	Thu Jun 24 09:59:44 2021
Summary	Recommended update for x3270
Type	recommended
Severity	moderate
References	1186642

Description:

This update for x3270 fixes the following issue:

x3270 had a lower release number in 15 sp3 than in 15 sp2, which could lead to migration issues. (bsc#1186642)

Advisory ID	SUSE-RU-2021:2154-1
Released	Thu Jun 24 13:49:13 2021
Summary	Recommended update for python-Cython
Type	recommended
Severity	moderate
References	1186642,1187450

Description:

This update for python-Cython fixes the following issue:

python-Cython had a lower release number in 15 sp2 and sp3 than in 15 sp1, which could lead to migration issues. (bsc#1186642 bsc#1187450)

Advisory ID	SUSE-SU-2021:2158-1
Released	Thu Jun 24 15:40:57 2021
Summary	Security update for openexr
Type	security
Severity	important
References	1187310,1187395,CVE-2021-3598,CVE-2021-3605

Description:

This update for openexr fixes the following issues:

Fixed CVE-2021-3605 [bsc#1187395]: Heap buffer overflow in the rleUncompress function
Fixed CVE-2021-3598 [bsc#1187310]: Heap buffer overflow in Imf_3_1:CharPtrIO:readChars

Advisory ID	SUSE-SU-2021:2163-1
Released	Fri Jun 25 18:03:45 2021
Summary	Security update for bouncycastle
Type	security
Severity	moderate
References	1186328,CVE-2020-15522

Description:

This update for bouncycastle fixes the following issues:

CVE-2020-15522: Fixed a timing issue within the EC math library (bsc#1186328).

Advisory ID	SUSE-RU-2021:2169-1
Released	Mon Jun 28 13:19:09 2021
Summary	Recommended update for hexchat
Type	recommended
Severity	moderate
References	1187587

Description:

This update for hexchat fixes the following issues:

Added Libera.chat to available servers (bsc#1187587)

Advisory ID	SUSE-RU-2021:2171-1
Released	Mon Jun 28 14:06:45 2021
Summary	Recommended update for btrfsmaintenance
Type	recommended
Severity	moderate
References	1178874

Description:

This update for btrfsmaintenance fixes the following issues:

Remove [Install] section from btrfsmaintenance. (bsc#1178874)

Advisory ID	SUSE-RU-2021:2173-1
Released	Mon Jun 28 14:59:45 2021
Summary	Recommended update for automake
Type	recommended
Severity	moderate
References	1040589,1047218,1182604,1185540,1186049

Description:

This update for automake fixes the following issues:

Implement generated autoconf makefiles reproducible (bsc#1182604)
Add fix to avoid date variations in docs. (bsc#1047218, jsc#SLE-17848)
Avoid bashisms in test-driver script. (bsc#1185540)

This update for pcre fixes the following issues:

Do not run profiling 'check' in parallel to make package build reproducible. (bsc#1040589)

This update for brp-check-suse fixes the following issues:

Add fixes to support reproducible builds. (bsc#1186049)

Advisory ID	SUSE-SU-2021:2177-1
Released	Mon Jun 28 15:47:27 2021
Summary	Security update for arpwatch
Type	security
Severity	important
References	1186240,CVE-2021-25321

Description:

This update for arpwatch fixes the following issues:

CVE-2021-25321: Fixed local privilege escalation from runtime user to root (bsc#1186240).

Advisory ID	SUSE-RU-2021:2178-1
Released	Mon Jun 28 15:56:15 2021
Summary	Recommended update for systemd-presets-common-SUSE
Type	recommended
Severity	moderate
References	1186561

Description:

This update for systemd-presets-common-SUSE fixes the following issues:
When installing the systemd-presets-common-SUSE package for the first time in a new system, it might happen that some services are installed before systemd so the %systemd_pre/post macros would not work. This is handled by enabling all preset services in this package's %posttrans section but it wasn't enabling user services, just system services. Now it enables also the user services installed before this package (bsc#1186561)

Advisory ID	SUSE-RU-2021:2179-1
Released	Mon Jun 28 17:36:37 2021
Summary	Recommended update for thin-provisioning-tools
Type	recommended
Severity	moderate
References	1184124

Description:

This update for thin-provisioning-tools fixes the following issues:

Link as position-independent executable (bsc#1184124)

Advisory ID	SUSE-RU-2021:2191-1
Released	Mon Jun 28 18:38:12 2021
Summary	Recommended update for patterns-microos
Type	recommended
Severity	moderate
References	1186791

Description:

This update for patterns-microos provides the following fix:

Add zypper-migration-plugin to the default pattern. (bsc#1186791)

Advisory ID	SUSE-RU-2021:2193-1
Released	Mon Jun 28 18:38:43 2021
Summary	Recommended update for tar
Type	recommended
Severity	moderate
References	1184124

Description:

This update for tar fixes the following issues:

Link '/var/lib/tests/tar/bin/genfile' as Position-Independent Executable (bsc#1184124)

Advisory ID	SUSE-SU-2021:2196-1
Released	Tue Jun 29 09:41:39 2021
Summary	Security update for lua53
Type	security
Severity	moderate
References	1175448,1175449,CVE-2020-24370,CVE-2020-24371

Description:

This update for lua53 fixes the following issues:
Update to version 5.3.6:

CVE-2020-24371: lgc.c mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage (bsc#1175449)
CVE-2020-24370: ldebug.c allows a negation overflow and segmentation fault in getlocal and setlocal (bsc#1175448)
Long brackets with a huge number of '=' overflow some internal buffer arithmetic.

Advisory ID	SUSE-RU-2021:2203-1
Released	Tue Jun 29 13:11:33 2021
Summary	Recommended update for postfix
Type	recommended
Severity	moderate
References	1186669

Description:

This update for postfix fixes the following issues:

Remove incorrect requirements from the postfix service configuration. (bsc#1186669)

Advisory ID	SUSE-RU-2021:2215-1
Released	Wed Jun 30 17:13:30 2021
Summary	Recommended update for scap-security-guide
Type	recommended
Severity	moderate
References

Description:

This update for scap-security-guide fixes the following issues:
The scap-security-guide was updated to 0.1.56 release (jsc#ECO-3319)

Align ism_o profile with latest ISM SSP (#6878)
Align RHEL 7 STIG profile with DISA STIG V3R3
Creating new RHEL 7 STIG GUI profile (#6863)
Creating new RHEL 8 STIG GUI profile (#6862)
Add the RHEL9 product (#6801)
Initial support for SUSE SLE-15 (#6666)
add support for osbuild blueprint remediations (#6970)

This update brings the following SUSE Linux Enterprise STIG SCAP automations:

SCAP STIG automation for SUSE Linux Enterprise 12 (SUSE supplied, nearly complete, missing 4 rules)
SCAP STIG automation for SUSE Linux Enterprise 15 (SUSE supplied, nearly complete, missing 4 rules)
CIS automation for SUSE Linux Enterprise 15 (community supplied)

It can be evaluated using 'oscap' from 'openscap-utils', e.g. by doing on SUSE Linux Enterprise 12:

oscap xccdf eval --profile stig /usr/share/xml/scap/ssg/content/ssg-sle12-ds.xml

On SUSE Linux Enterprise 15:

oscap xccdf eval --profile stig /usr/share/xml/scap/ssg/content/ssg-sle15-ds.xml

or the community supplied CIS on SUSE Linux Enterprise 15:

oscap xccdf eval --profile cis /usr/share/xml/scap/ssg/content/ssg-sle15-ds.xml

More content will be added in future updates.

Advisory ID	SUSE-RU-2021:2217-1
Released	Wed Jun 30 17:17:50 2021
Summary	Recommended update for supportutils-plugin-ha-sap
Type	recommended
Severity	moderate
References	1187373

Description:

This update for supportutils-plugin-ha-sap fixes the following issues:
Update to version 0.0.2+git.1623772960.fed5aa7 (bsc#1187373)

Added process list for 'sid' user
Added 'ENSA1' and 'ENSA2' informational messages
Added filter to gather logs for 'sap_suse_cluster_connector'
Updated Documentation Links
Added Authentication Section and capture information about 'sid' user
Obscure clear text password from cluster resources using 'crm configure show' output

Advisory ID	SUSE-RU-2021:2219-1
Released	Wed Jun 30 17:19:34 2021
Summary	Recommended update for lifecycle-data-sle-module-live-patching
Type	recommended
Severity	moderate
References	1020320

Description:

This update for lifecycle-data-sle-module-live-patching fixes the following issue:

Added data for 4_12_14-150_72, 4_12_14-197_89, 5_3_18-24_61, 5_3_18-24_64. (bsc#1020320)

Advisory ID	SUSE-RU-2021:2224-1
Released	Thu Jul 1 13:48:44 2021
Summary	Recommended update for psmisc
Type	recommended
Severity	important
References	1185208

Description:

This update for psmisc fixes the following issues:

It does no longer list all processes from different private namespaces when fuser is run on an NFS mount. This led to an issue where the wrong processes were terminated in an SAP application cluster environment (bsc#1185208)

Advisory ID	SUSE-RU-2021:2234-1
Released	Fri Jul 2 13:56:08 2021
Summary	Recommended update for ntp
Type	recommended
Severity	moderate
References	1186431

Description:

This update for ntp fixes the following issues:

Fix a typo in '%post' section. (bsc#1186431)

Advisory ID	SUSE-RU-2021:2245-1
Released	Mon Jul 5 12:14:52 2021
Summary	Recommended update for lifecycle-data-sle-module-development-tools
Type	recommended
Severity	moderate
References

Description:

This update for lifecycle-data-sle-module-development-tools fixes the following issues:

mark go1.14 as 'end of life' as go1.16 was released and we only support 2 go versions parallel (jsc#ECO-1484)

Advisory ID	SUSE-OU-2021:2248-1
Released	Mon Jul 5 15:40:28 2021
Summary	Recommended update for sysstat
Type	optional
Severity	low
References	1186827

Description:

This update for sysstat fixes the following issues:

Dropped systemd runtime requirement (bsc#1186827)

Advisory ID	SUSE-RU-2021:2254-1
Released	Tue Jul 6 09:23:54 2021
Summary	Recommended update for raptor
Type	recommended
Severity	moderate
References	1186642,1187464

Description:

This update for raptor fixes the following issue:

raptor was not delivered correctly for openSUSE Leap 15.3 (bsc#1186642)

Advisory ID	SUSE-RU-2021:2255-1
Released	Tue Jul 6 10:27:54 2021
Summary	Recommended update for myspell-dictionaries, ucpp
Type	recommended
Severity	moderate
References	1186642,1187464

Description:

This update rereleases myspell-dictionaries and ucpp for SUSE Linux Enterprise 15 sp3 to fix a migration issue.

Advisory ID	SUSE-RU-2021:2261-1
Released	Tue Jul 6 13:34:21 2021
Summary	Recommended update for xmlsec1
Type	recommended
Severity	moderate
References	1177233,1186642,1186706

Description:

This update rereleases xmlsec1 for SUSE Linux Enterprise 15 SP3 to fix a migration issue.

Advisory ID	SUSE-RU-2021:2265-1
Released	Tue Jul 6 17:13:10 2021
Summary	Recommended update for mariadb-connector-c
Type	recommended
Severity	moderate
References	1179921,1183878,1185868,1185870,1185872,1187459

Description:

This update for mariadb-connector-c fixes the following issues:
Update to release 3.1.13 [bsc#1185870], [bsc#1185872], [bsc#1185868]

CONC-537: Only read from MYSQL_HOME if MARIADB_HOME was not set
CONC-548: Symbol conflict with libsodium
CONC-490: Handshake error when CLIENT_CONNECT_WITH_DB flag was set without specifying database
CONC-543: Hash functions conflict with GnuTLS
CONC-539: Added cipher suites ECDHE-RSA-AES128-SHA256 (0xC027) and ECDHE-RSA-AES256-SHA384 (0xC028) to the cipher map which maps cipher suite names to the corresponding algorithm ids (Windows Schannel)
CONC-535: Disabled checksum ignored in events (replication/ binlog API)

Advisory ID	SUSE-RU-2021:2266-1
Released	Tue Jul 6 22:38:01 2021
Summary	Recommended update for clamav
Type	recommended
Severity	important
References	1187509

Description:

This update for clamav fixes the following issue:

In the 'clamscan' and 'clamdscan' manpages, document that files over a certain size by default will silently not be scanned and how this can be adjusted. (bsc#1187509)

Advisory ID	SUSE-RU-2021:2270-1
Released	Wed Jul 7 17:20:31 2021
Summary	Recommended update for migrate-sles-to-sles4sap
Type	recommended
Severity	important
References	1171033,1187433

Description:

This update for migrate-sles-to-sles4sap fixes the following issues:

Migrating SUSE Linux Enterprise Server to SUSE Linux Enterprise Server for SAP with SMT server fails. (bsc#1187433)
Fix setup scripts URL. (bsc#1171033)
Fix pattern to find release packages

Advisory ID	SUSE-RU-2021:2286-1
Released	Fri Jul 9 17:38:53 2021
Summary	Recommended update for dosfstools
Type	recommended
Severity	moderate
References	1172863

Description:

This update for dosfstools fixes the following issue:

Fixed a bug that was causing an installation issue when trying to create an EFI partition on an NVMe-over-Fabrics device (bsc#1172863)

Advisory ID	SUSE-RU-2021:2287-1
Released	Fri Jul 9 18:08:31 2021
Summary	Recommended update for xorg-x11-server
Type	recommended
Severity	moderate
References	1182955

Description:

This update for xorg-x11-server fixes the following issues:

Fixes an issue where screen rotation was not working (bsc#1182955)

Advisory ID	SUSE-RU-2021:2290-1
Released	Fri Jul 9 19:03:39 2021
Summary	Recommended update for postgresql13
Type	recommended
Severity	moderate
References	1183118,1187751

Description:

This update for postgresql13 fixes the following issue:

reduce requirement of clang and llvm to recommends in 'postgresql13-server-devel'.

Advisory ID	SUSE-SU-2021:2293-1
Released	Mon Jul 12 08:26:26 2021
Summary	Security update for jdom2
Type	security
Severity	important
References	1187446,CVE-2021-33813

Description:

This update for jdom2 fixes the following issues:

CVE-2021-33813: XXE issue in SAXBuilder can cause a denial of service via a crafted HTTP request (bsc#1187446)

Advisory ID	SUSE-RU-2021:2314-1
Released	Wed Jul 14 13:07:21 2021
Summary	Recommended update for netcontrol
Type	recommended
Severity	moderate
References	1179144

Description:

This update for netcontrol fixes the following issues:

Fixed an issue when the interface list takes too long with many interfaces. (bsc#1179144)
Install pkgconfig into libdir instead of datadir

Advisory ID	SUSE-SU-2021:2320-1
Released	Wed Jul 14 17:01:06 2021
Summary	Security update for sqlite3
Type	security
Severity	important
References	1157818,1158812,1158958,1158959,1158960,1159491,1159715,1159847,1159850,1160309,1160438,1160439,1164719,1172091,1172115,1172234,1172236,1172240,1173641,928700,928701,CVE-2015-3414,CVE-2015-3415,CVE-2019-19244,CVE-2019-19317,CVE-2019-19603,CVE-2019-19645,CVE-2019-19646,CVE-2019-19880,CVE-2019-19923,CVE-2019-19924,CVE-2019-19925,CVE-2019-19926,CVE-2019-19959,CVE-2019-20218,CVE-2020-13434,CVE-2020-13435,CVE-2020-13630,CVE-2020-13631,CVE-2020-13632,CVE-2020-15358,CVE-2020-9327

Description:

This update for sqlite3 fixes the following issues:

Update to version 3.36.0
CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization (bsc#1173641)
CVE-2020-9327: NULL pointer dereference and segmentation fault because of generated column optimizations in isAuxiliaryVtabOperator (bsc#1164719)
CVE-2019-20218: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error (bsc#1160439)
CVE-2019-19959: memory-management error via ext/misc/zipfile.c involving embedded '\0' input (bsc#1160438)
CVE-2019-19923: improper handling of certain uses of SELECT DISTINCT in flattenSubquery may lead to null pointer dereference (bsc#1160309)
CVE-2019-19924: improper error handling in sqlite3WindowRewrite() (bsc#1159850)
CVE-2019-19925: improper handling of NULL pathname during an update of a ZIP archive (bsc#1159847)
CVE-2019-19926: improper handling of certain errors during parsing multiSelect in select.c (bsc#1159715)
CVE-2019-19880: exprListAppendList in window.c allows attackers to trigger an invalid pointer dereference (bsc#1159491)
CVE-2019-19603: during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with a shadow table name (bsc#1158960)
CVE-2019-19646: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns (bsc#1158959)
CVE-2019-19645: alter.c allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements (bsc#1158958)
CVE-2019-19317: lookupName in resolve.c omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service (bsc#1158812)
CVE-2019-19244: sqlite3,sqlite2,sqlite: The function sqlite3Select in select.c allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage (bsc#1157818)
CVE-2015-3415: sqlite3VdbeExec comparison operator vulnerability (bsc#928701)
CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names (bsc#928700)
CVE-2020-13434: integer overflow in sqlite3_str_vappendf (bsc#1172115)
CVE-2020-13630: (bsc#1172234: use-after-free in fts3EvalNextRow
CVE-2020-13631: virtual table allowed to be renamed to one of its shadow tables (bsc#1172236)
CVE-2020-13632: NULL pointer dereference via crafted matchinfo() query (bsc#1172240)
CVE-2020-13435: Malicious SQL statements could have crashed the process that is running SQLite (bsc#1172091)

Advisory ID	SUSE-SU-2021:2322-1
Released	Wed Jul 14 17:03:03 2021
Summary	Security update for ffmpeg
Type	security
Severity	important
References	1172640,1186406,1186583,1186586,1186587,1186596,1186597,1186598,1186600,1186603,1186604,1186605,1186613,1186614,1186615,1186616,1186658,1186660,1186757,1186758,1186762,1186763,CVE-2019-17539,CVE-2020-13904,CVE-2020-20448,CVE-2020-20451,CVE-2020-21041,CVE-2020-22015,CVE-2020-22016,CVE-2020-22017,CVE-2020-22019,CVE-2020-22020,CVE-2020-22021,CVE-2020-22022,CVE-2020-22023,CVE-2020-22025,CVE-2020-22026,CVE-2020-22031,CVE-2020-22032,CVE-2020-22033,CVE-2020-22034,CVE-2020-22038,CVE-2020-22039,CVE-2020-22043,CVE-2020-22044

Description:

This update for ffmpeg fixes the following issues:

CVE-2020-13904: Fixed use-after-free via a crafted EXTINF duration in an m3u8 file (bsc#1172640).
CVE-2020-21041: Fixed buffer overflow vulnerability via apng_do_inverse_blend in libavcodec/pngenc.c (bsc#1186406).
CVE-2019-17539: Fixed NULL pointer dereference in avcodec_open2 in libavcodec/utils.c (bsc# 1154065).
CVE-2020-22026: Fixed buffer overflow vulnerability in config_input() at libavfilter/af_tremolo.c (bsc#1186583).
CVE-2020-22021: Fixed buffer overflow vulnerability in filter_edges function in libavfilter/vf_yadif.c (bsc#1186586).
CVE-2020-22020: Fixed buffer overflow vulnerability in build_diff_map() in libavfilter/vf_fieldmatch.c (bsc#1186587).
CVE-2020-22015: Fixed buffer overflow vulnerability in mov_write_video_tag() due to the out of bounds in libavformat/movenc.c (bsc#1186596).
CVE-2020-22016: Fixed a heap-based Buffer Overflow vulnerability at libavcodec/get_bits.h when writing .mov files (bsc#1186598).
CVE-2020-22017: Fixed a heap-based Buffer Overflow vulnerability in ff_fill_rectangle() in libavfilter/drawutils.c (bsc#1186600).
CVE-2020-22022: Fixed a heap-based Buffer Overflow vulnerability in filter_frame at libavfilter/vf_fieldorder.c (bsc#1186603).
CVE-2020-22023: Fixed a heap-based Buffer Overflow vulnerability in filter_frame at libavfilter/vf_bitplanenoise.c (bsc#1186604)
CVE-2020-22025: Fixed a heap-based Buffer Overflow vulnerability in gaussian_blur at libavfilter/vf_edgedetect.c (bsc#1186605).
CVE-2020-22031: Fixed a heap-based Buffer Overflow vulnerability at libavfilter/vf_w3fdif.c in filter16_complex_low() (bsc#1186613).
CVE-2020-22032: Fixed a heap-based Buffer Overflow vulnerability at libavfilter/vf_edgedetect.c in gaussian_blur() (bsc#1186614).
CVE-2020-22034: Fixed a heap-based Buffer Overflow vulnerability at libavfilter/vf_floodfill.c (bsc#1186616).
CVE-2020-20451: Fixed denial of service issue due to resource management errors via fftools/cmdutils.c (bsc#1186658).
CVE-2020-20448: Fixed divide by zero issue via libavcodec/ratecontrol.c (bsc#1186660).
CVE-2020-22038: Fixed denial of service vulnerability due to a memory leak in the ff_v4l2_m2m_create_context function in v4l2_m2m.c (bsc#1186757).
CVE-2020-22039: Fixed denial of service vulnerability due to a memory leak in the inavi_add_ientry function (bsc#1186758).
CVE-2020-22043: Fixed denial of service vulnerability due to a memory leak at the fifo_alloc_common function in libavutil/fifo.c (bsc#1186762).
CVE-2020-22044: Fixed denial of service vulnerability due to a memory leak in the url_open_dyn_buf_internal function in libavformat/aviobuf.c (bsc#1186763).
CVE-2020-22033,CVE-2020-22019: Fixed a heap-based Buffer Overflow Vulnerability at libavfilter/vf_vmafmotion.c in convolution_y_8bit() and in convolution_y_10bit() in libavfilter/vf_vmafmotion.c (bsc#1186615, bsc#1186597).

Advisory ID	SUSE-RU-2021:2351-1
Released	Thu Jul 15 13:48:23 2021
Summary	Recommended update for mgetty
Type	recommended
Severity	low
References	1184124

Description:

This update for mgetty fixes the following issues:

Link /usr/bin/newslock as PIE. (bsc#1184124)

Advisory ID	SUSE-SU-2021:2393-1
Released	Mon Jul 19 09:01:49 2021
Summary	Security update for MozillaFirefox
Type	security
Severity	important
References	1188275,CVE-2021-29970,CVE-2021-29976,CVE-2021-30547

Description:

This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 78.12.0 ESR

Fixed: Various stability, functionality, and security fixes

MFSA 2021-29 (bsc#1188275)

CVE-2021-29970 (bmo#1709976): Use-after-free in accessibility features of a document
CVE-2021-30547 (bmo#1715766): Out of bounds write in ANGLE
CVE-2021-29976 (bmo#1700895, bmo#1703334, bmo#1706910, bmo#1711576, bmo#1714391): Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12

Advisory ID	SUSE-RU-2021:2395-1
Released	Mon Jul 19 12:08:34 2021
Summary	Recommended update for efivar
Type	recommended
Severity	moderate
References	1187386

Description:

This update for efivar provides the following fix:

Fix the eMMC sysfs parsing. (bsc#1187386)

Advisory ID	SUSE-SU-2021:2412-1
Released	Tue Jul 20 15:25:21 2021
Summary	Security update for containerd
Type	security
Severity	moderate
References	1188282,CVE-2021-32760

Description:

This update for containerd fixes the following issues:

CVE-2021-32760: Fixed a bug which allows untrusted container images to change permissions in the host's filesystem. (bsc#1188282)

Advisory ID	SUSE-RU-2021:2444-1
Released	Wed Jul 21 15:53:37 2021
Summary	Recommended update for autogen
Type	recommended
Severity	low
References	1047218

Description:

This update for autogen fixes the following issue:
This update doesn't solve any visible issue to final users but it makes the builds reproducible. (bsc#1047218)
In particular:

it normalize 'tar'
it normalize date in 'man-pages'

Advisory ID	SUSE-RU-2021:2447-1
Released	Thu Jul 22 08:26:29 2021
Summary	Recommended update for hwdata
Type	recommended
Severity	moderate
References	1186749,1187948

Description:

This update for hwdata fixes the following issue:

Version 0.349: Updated pci, usb and vendor ids (bsc#1187948).

Advisory ID	SUSE-SU-2021:2454-1
Released	Thu Jul 22 13:16:58 2021
Summary	Security update for transfig
Type	security
Severity	moderate
References	1143650,1159130,1159293,1161698,1186329,CVE-2019-14275,CVE-2019-19555,CVE-2019-19746,CVE-2019-19797,CVE-2021-3561

Description:

This update for transfig fixes the following issues:
Update to version 3.2.8, including fixes for

CVE-2021-3561: overflow in fig2dev/read.c in function read_colordef() (bsc#1186329).
CVE-2019-19797: out-of-bounds write in read_colordef in read.c (bsc#1159293).
CVE-2019-19555: stack-based buffer overflow because of an incorrect sscanf (bsc#1161698).
CVE-2019-19746: segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type (bsc#1159130).
CVE-2019-14275: stack-based buffer overflow in the calc_arrow function in bound.c (bsc#1143650).

Advisory ID	SUSE-RU-2021:2455-1
Released	Thu Jul 22 15:28:19 2021
Summary	Recommended update for php7-pear
Type	recommended
Severity	moderate
References	1187372

Description:

This update for php7-pear fixes the following issues:

Fix for an issue when php-pear provides error messages with invalid variables. (bsc#1187372)

Advisory ID	SUSE-RU-2021:2456-1
Released	Thu Jul 22 15:28:39 2021
Summary	Recommended update for pam-config
Type	recommended
Severity	moderate
References	1187091

Description:

This update for pam-config fixes the following issues:

Add 'revoke' to the option list for 'pam_keyinit'.
Fixed an issue when pam-config fails to create a new service config file. (bsc#1187091)

Advisory ID	SUSE-SU-2021:2457-1
Released	Thu Jul 22 18:05:53 2021
Summary	Security update for wireshark
Type	security
Severity	moderate
References	1186790

Description:

This update for wireshark fixes the following issues:
Update wireshark to 3.4.6.
Including a fix for:

DVB-S2-BB dissector infinite loop (bsc#1186790).

Advisory ID	SUSE-SU-2021:2458-1
Released	Thu Jul 22 18:08:47 2021
Summary	Security update for MozillaThunderbird
Type	security
Severity	important
References	1188275,CVE-2021-29969,CVE-2021-29970,CVE-2021-29976,CVE-2021-30547

Description:

This update for MozillaThunderbird fixes the following issues:
Mozilla Thunderbird 78.12
* fixed: Sending an email containing HTML links with spaces in the URL sometimes resulted in broken links * fixed: Folder Pane display theme fixes for macOS * fixed: Chat account settings did not always save as expected * fixed: RSS feed subscriptions sometimes lost * fixed: Calendar: A parsing error for alarm triggers of type 'DURATION' caused sync problems for some users * fixed: Various security fixes
MFSA 2021-30 (bsc#1188275)

CVE-2021-29969: IMAP server responses sent by a MITM prior to STARTTLS could be processed
CVE-2021-29970: Use-after-free in accessibility features of a document
CVE-2021-30547: Out of bounds write in ANGLE
CVE-2021-29976: Memory safety bugs fixed in Thunderbird 78.12

Advisory ID	SUSE-RU-2021:2463-1
Released	Fri Jul 23 12:56:22 2021
Summary	Recommended update for python-pyzmq
Type	recommended
Severity	moderate
References	1186945

Description:

This update for python-pyzmq fixes the following issues:

Update to version 17.1.2 (bsc#1186945) * Fix possible hang when working with asyncio * Remove some outdated workarounds for old Cython versions * Fix some compilation with custom compilers * Remove unneeded link of libstdc++ on PyPy

Advisory ID	SUSE-RU-2021:2464-1
Released	Fri Jul 23 14:20:23 2021
Summary	Recommended update for shim
Type	recommended
Severity	moderate
References	1185232,1185261,1185441,1185464,1185961,1187071,1187260,1187696

Description:

This update for shim fixes the following issues:

shim-install: Always assume 'removable' for Azure to avoid the endless reset loop (bsc#1185464)
Avoid deleting the mirrored RT variables (bsc#1187696)
Split the keys in vendor-dbx.bin to vendor-dbx-sles and vendor-dbx-opensuse for shim-sles and shim-opensuse to reduce the size of MokListXRT (bsc#1185261) + Also update generate-vendor-dbx.sh in dbx-cert.tar.xz
Handle ignore_db and user_insecure_mode correctly (bsc#1185441, bsc#1187071)
Relax the maximum variable size check for u-boot (bsc#1185621)
Relax the check for import_mok_state() when Secure Boot is off. (bsc#1185261)
Ignore the odd LoadOptions length (bsc#1185232)
shim-install: reset def_shim_efi to 'shim.efi' if the given file doesn't exist
Fided the size of rela sections for AArch64
Disable exporting vendor-dbx to MokListXRT since writing a large RT variable could crash some machines (bsc#1185261)
Avoid potential crash when calling QueryVariableInfo in EFI 1.10 machines (bsc#1187260)
Avoid buffer overflow when copying data to the MOK config table (bsc#1185232)

Advisory ID	SUSE-RU-2021:2467-1
Released	Mon Jul 26 11:57:11 2021
Summary	Recommended update for jsch
Type	recommended
Severity	low
References

Description:

This update for jsch fixes the following issues:

Miscellaneous clean-up
Create the osgi manifest during the ant build.

Advisory ID	SUSE-RU-2021:2475-1
Released	Tue Jul 27 13:03:29 2021
Summary	Recommended update for novnc
Type	recommended
Severity	important
References	1183291

Description:

This update for novnc fixes the following issues:

Update to 1.2.0: * Quality and compression hints can now be modified dynamically * Added touch gestures to emulate common mouse actions * Support for full Unicode in clipboard * Support for VeNCrypt Plain authentication * Support for TightVNC Unix authentication * Support for alpha cursors * The session name is now updated whilst connected

Update to 1.1.0: Application: * New translations for Russian, Korean, Czech and Chinese (traditional) languages * Fixed an issue where you didn't get scrollbars in your browser on Windows you had a touch screen. * Added the Super/Windows key to the toolbar. * Added an option to show a dot when there otherwise wouldn't be a visible cursor. * View drag is no longer available when in scaling mode. Library: * A large number of coding style changes has been made to make the code easier to read and better to work with. * Many keyboard issues has been fixed. * Local cursor is now available on all platforms. * Fixed a number of crashes related to clipboard. * Fixed issues that occurred if data from the server was being received slowly. * A problem has been fixed where the display module would incorrectly handle high DPI systems causing scrollbars to show when they shouldn't.

Advisory ID	SUSE-RU-2021:2477-1
Released	Tue Jul 27 13:32:50 2021
Summary	Recommended update for growpart-rootgrow
Type	recommended
Severity	important
References	1165198,1188179

Description:

This update for growpart-rootgrow fixes the following issues:

Change the logic to determine the partition ID of the root filesystem (bsc#1188179) + Previously the algorithm depended on the order of the output from lsblk using an index to keep track of the known partitions. The new implementation is order independent, it depends on the partition ID being numerical in nature and at the end of the device string.

Add coverage config. Omit version module from coverage check.

Fix string formatting for flake8 formatting.

Replace travis testing with GitHub actions. Add ci testing workflow action.

Switch implementation to use Popen for Python 3.4 compatibility (bsc#1165198)

Bump version: 1.0.2 → 1.0.3

Fixed unit tests and style This clobbers several fixes into one. Sorry about it but I started on already made changes done by other people. This commit includes several pep8 style fixes mostly on the indentation level. In addition it fixes the unit tests to really cover all code and to make the exception tests really effective.

Switch to use Popen instead of run The run() fuction in the subprocess module was implemented after Python 3.4. However, we need to support Python 3.4 for SLES 12

Bump version: 1.0.1 → 1.0.2

Package LICENSE file The LICENSE file is part of the source repo but was not packaged with the rpm package

Advisory ID	SUSE-RU-2021:2481-1
Released	Tue Jul 27 14:20:27 2021
Summary	Recommended update for sysconfig
Type	recommended
Severity	moderate
References	1184124

Description:

This update for sysconfig fixes the following issues:

Link as Position Independent Executable (bsc#1184124).

Advisory ID	SUSE-RU-2021:2547-1
Released	Wed Jul 28 11:57:32 2021
Summary	Recommended update for fence-agents
Type	recommended
Severity	moderate
References	1182701,1185058

Description:

This update for fence-agents fixes the following issues:

Corrections to support Azure SDK greater than 15 - including backward compatibility (bsc#1185058)
Fixed an issue when libvirt breaks the connection in every 30 seconds.
ECO: Update fence-agents. (jsc#SLE-18182)
Add upstream PR to aws-vpc-move-ip and apply required resource and fence agent patches. (jsc#SLE-17998)
Fixed an issue when fence-agent does not restart the node properly. (bsc#1182701)
Major rework of the original agent: * fence_gce: default method moved back to powercycle (#389) * fence_gce: make serviceaccount work with new libraries * fence_virt*: simple_auth: use %zu for sizeof to avoid failing verbose builds on some archs * configure: dont fail when --with-agents contains virt * fence_mpath: watchdog retries support * fencing: add multi plug support for reboot-action * fence_redfish: add missing diag logic * fencing: fix issue with hardcoded help text length for metadata * fencing: add stonith_status_sleep parameter for sleep between status calls during a STONITH action * fence_aws: add filter parameter to be able to limit which nodes are listed * virt: fix a bunch of coverity scan errors in ip_lookup * virt: make sure to provide an empty default to strncpy * virt: make sure buffers are big enough for 0 byte end string * virt: increase buffer size to avoid overruns * virt: check return code in virt-sockets * virt: fix plugin (minor) memory leak and plug in load race * virt: attempt to open file directly and avoid race condition * virt: fix different coverity scan errors in common/tcp * virt: cleanup deadcode in client/vsock * virt: cleanup deadcode in client/tcp * virt: fix potential buffer overrun * virt: fix mcast coverity scan errors * virt: drop pm-fence plugin * virt: drop libvirt-qmf plugin * virt: drop null plugin * virt: drop fence_virtd non-modular build * virt: fix plugin installation regression on upgrades * fence_virt: metadata fixes, implement manpage generation and metadata/delay/rng checks * virt: make sure variable is initialized * zvm: reformat fence_zvm to avoid gcc warnings * virt: drop -Werror to avoid unnecessary failures * virt: disable -Wunused for yy generated files * virt: disable fence-virt on bsd variants * virt: merge spec files * build: fix more gcc warnings * build: remove unused / obsoleted options * build: fix some annoying warnings at ./autogen.sh time * virt: move all virt CFLAGS/LDFLAGS in the right location * virt: fix unused gcc warnings and re-enable all build warnings * virt: fix write-strings gcc warnings * virt: fix pointer-arith gcc warnings * virt: fix declaration-after-statement gcc warnings * virt: fix build with -Wmissing-prototypes * build: don´t override clean target * virt: plug fence_virt into the build * virt: allow fence_virt build to be optional * virt: drop support for LSB init script * virt: collect docs in one location * virt: remove unnecessary files and move build macros in place * Ignore fence-virt man pages * Move fence_virt to the correct location * spec: use python3 path for newer releases * spec: undo autosetup change that breaks builds w/git commit hashes * Ignore unknown options on stdin * fence_gce: support google-auth and oauthlib and fallback to deprecated libs when not available * spec: add aliyun subpackage and fence_mpath_check* to mpath subpackage * fence_gce: Adds cloud-platform scope for bare metal API and optional proxy flags (#382) * fence_virt: Fix minor typo in metadata * fence_gce: update module reqs for SLES 15 (#383) * Add fence_ipmilanplus as fence_ipmilan wrapper always enabling lanplus * fence_redfish: Add diag action * fence_vbox: updated metadata file * fence_vbox: do not flood host account with vboxmanage calls * fence_aws/fence_gce: allow building without cloud libs * fence_gce: default to onoff * fence_lpar: Make --managed a required option * fence_zvmip: fix shell-timeout when using new disable-timeout parameter * Adds service account authentication to GCE fence agent * spec: dont build -all subpackage as noarch * fence_virt: add plug parameter that obsoletes old port parameter * Try to detect directory for initscripts configuration * Accept SIGTERM while waiting for initialization. * Add man pages to fence_virtd service file. * Fix spelling error in fence_virt.conf.5 * build: fix BRs for suse distros * build: remove ExclusiveArch * build: removed gcc-c++ BR * build: add spec-file and rpm build targets * build: cleanup/improvements to reworked build system * [build] rework build system to use automake/libtool * fence_virtd: Fix segfault in vl_get when no domains are found * fence_virt: fix core dump * build: harden and make it possible to build with -fPIE * fence_virt: dont report success for incorrect parameters * fence_virt: mcast: config: Warn when provided mcast addr is not used * fence_virtd: Return control to main loop on select interruption * fence-virtd: Add missing vsock makefile bits * fence-virt: Add vsock support * fence_virtd: Fix transposed arguments in startup message * fence_virt: Rename challenge functions * fence_virtd: Cleanup: remove unused configuration options * fence_virt: Remove remaining references to checkpoints * fence_virt: Remove remaining references to checkpoints * fence-virt: Format string cleanup * fence_virtd: Implment hostlist for the cpg backend * fence_virt: Fix logic error in fence_xvm * fence_virtd: Cleanup config module * fence_virtd: cpg: Fail initialization if no hypervisor connections * fence_virtd: Make the libvirt backend survive libvirtd restarts * fence_virtd: Allow the cpg backend to survive libvirt failures * fence_virtd: cpg: Fix typo * fence-virtd: Add cpg-virt backend plugin * fence_virtd: Remove checkpoint, replace it with a CPG only plugin * fence-virt: Bump version * fence_virtd: Add better debugging messages for the TCP listner * fence_virtd: Fix potential unlocked pthread_cond_timedwait() * fence-virtd: Cleanup small memory leak * fence_virtd: Fix select logic in listener plugins * Factor out common libvirt code so that it can be reused by multiple backends * Document the fence_virtd -p command line flag * fence_virtd: Log an error when startup fails * Retry writes in the TCP, mcast, and serial listener plugins while sending a response to clients, if the write fails or is incomplete. * Make the packet authentication code more resilient in the face of transient failures. * Disable the libvirt-qmf backend by default * Bump the versions of the libvirt and checkpoint plugins * fence-virtd: Enable TCP listener plugin by default * fence-virtd: Cleanup documentation of the TCP listener * fence_xvm/fence_virt: Add support for the validate-all status op * fence-virt: Add list-status command to man page and metadata * fence-virt: Cleanup numeric argument parsing * fence-virt: Log message to syslog in addition to stdout/stderr * fence-virt: Permit explicitly setting delay to 0 * fence-virt: Add 'list-status' operation for compat with other agents * Allow fence_virtd to run as non-root * Remove delay from the status, monitor and list functions * Resolves serveral problems in checkpoint plugin, making it functional. * daemon_init: Removed PID check and update * fence_virtd: drop legacy SysVStartPriority from service unit * fence-virt: client: Do not truncate VM domains in list output * client: fix 'delay' parameter checking (copy-paste) * fence-virt: Fix broken restrictions on the port ranges * Clarify debug message * fence-virtd: Use perror only if the last system call returns an error. * fence-virtd: Fix printing wrong system call in perror * fence-virtd: Allow multiple hypervisors for the libvirt backend * fence-virt: Don't overrwrite saved errno * fence-virt: Fix small memory leak in the config module * fence-virt: Fix mismatched sizeof in memset call * fence-virt: Send complete hostlist info * fence-virt: Clarify the path option in serial mode * Bump version * fence-virt: Bump version * fence_virtd: Fix broken systemd service file * fence_virt/fence_xvm: Print status when invoked with -o status * fence-virt: Fix for missed libvirtd events * fence-virt: Fail properly if unable to bind the listener socket * client: dump all arguments structure in debug mode * Drop executable flag for man pages (finally) * Honor implicit 'ip_family=auto' in fence_xvm w/IPv6 mult.addr. * Fix using bad struct item for auth algorithm * Drop executable flag for man pages * use bswap_X() instead of b_swapX() * fence_virtd: Fix memcpy size params in the TCP plugin * Revert 'fence-virt: Fix possible descriptor leak' * fence_virtd: Return success if a domain exists but is already off. * fence-virt: Add back missing tcp_listener.h file * fence-virt: Fix a few fd leaks * fence-virt: Fix free of uninitialized variable * fence-virt: Fix possible null pointer dereference * fence-virt: Fix memory leak * fence-virt: Fix fd leak when finding local addresses * fence-virt: Fix possible descriptor leak * fence-virt: Fix possible fd leak * fence-virt: Fix null pointer deref * fence-virt: Explicitly set delay to 0 * fence-virt: Fix return with lock held * fence_virt: Fix typo in fence_virt(8) man page * fence_virt: Return failure for nonexistent domains * Improve fence_virt.conf man page description of 'hash' * Add a TCP listener plugin for use with viosproxy * In serial mode, return failure if the other end closes the connection before we see SERIAL_MAGIC in the reply or timeout. * Stop linking against unnecessary QPid libs. * Update libvirt-qmf plugin and docs * Fix crash when we fail to read key file. * Fix erroneous man page XML * Add 'interface' directive to example.conf * Add old wait_for_backend directive handling & docs * Return proper error if we can't set up our socket. * Fix startup in systemd environments * Add systemd unit file and generation * Don't override user's pick for backend server module * Use libvirt as default in shipped config * Clean up compiler warnings * Fix serial domain handling * Fix monolithic build * Clean up build and comments. * Add missing pm_fence source code * Disable CMAN / checkpoint build by default * Rename libvirt-qpid -> libvirt-qmf * Fix static analysis errors * Reword assignment to appease static analyzers * Handle return value from virDomainGetInfo * Fix bad sizeof() * Make listen() retry * Add map_check on 'status' action * Update README * Don't reference out-of-scope temporary * Ensure we don't try to strdup() or atoi() on NULL * Add libvirt-qmf support to the libvirt-qpid plugin * Convert libvirt-qpid plugin to QMFv2 * Fix incorrect return value on hash mismatch * Fix error getting status from libvirt-qpid plugin * Make fence-virt requests endian clean * Fix input parsing to allow domain again * Provide 'domain' in metadata output for compatibility * High: Fix UUID lookups in checkpoint backend * Curtail 'list' operation requests * Fix man page references: fence_virtd.conf -> fence_virt.conf * Add 'list' operation for plugins; fix missing getopt line * Fix build with newer versions of qpid * Make configure.in actually disable plugins * Rename parameters to match other fencing agents * Fix fence_xvm man page to point to the right location * client: Clarify license in serial.c * Return 2 for 'off' like other fencing agents * Reset flags before returning from connect_nb * Use nonblocking connect to vmchannel sockets * More parity with other fencing agents' parameters * Fix memory leaks found with valgrind * Add basic daemon functions * Fix bug in path pruning support for serial plugin * Fix libvirt-qpid bugs found while testing * Fix segfault caused by invalid map pointer assignment * Fix another compiler warning * Fix build warnings in client/serial.c * Add 'monitor' as an alias for 'status' * Add serial listener to configuration utility * Make serial/vmchannel module enabled by default * Add missing 'metadata' option to help text * Add missing static_map.h * Add metadata support to fence_xvm/fence_virt * Allow IPs to be members of groups * Allow use of static mappings w/ mcast listener * Make 'path' be a directory * Remove useless debug printfs * Enable VM Channel support in serial plugin * Pass source VM UUID (if known) to backend * Mirror libvirt-qpid's settings in libvirt-qpid plugin * libvirt-qpid: clean up global variable * Enable a configurable host/port on libvirt-qpid plugin * Minor config utility cleanups * Remove unnecessary name_mode from multicast plugin * Add prototypes and clean up build warnings * Use seqno in serial requests * Minor debugging message cleanup * Fix build error due to improper value * Static map support and permissions reporting * Sync up on SERIAL_MAGIC while waiting for a response * Don't build serial vmchannel module by default * Initial checkin of serial server-side support * Fix fence_virt.conf man page name * Add Fedora init script * Compiler warning cleanups in virt-serial.c * Add wait-for-backend mode * Fix up help text for clients * Minor XML cleanups, add missing free() call * add missing module_path to fence_virtd.conf.5 * Add capabilities to virt-serial * Note that serial support is experimental * Add a serial.so build target * Add vmchannel serial event interface * Split fence_virt vs. fence_xvm args * Add static map functions. * Fix build warning due to missing #include * Fix multiple query code * Better config query & multiple value/tag support * Add simple configuration mode * Allow setting config values to NULL to clear them * Clean up example config file * Sort plugins by type when printing them * Revert 'Sort plugins by type when printing them' * Sort plugins by type when printing them * Clean up some configuration plugin information * add empty line between names * Make libvirt to automatically use uuid or names * Improve error reporting * Fix build for hostlist functionality * Hostlist functionality for libvirt, libvirt-qpid * Work around broken nspr headers * Fix installation target for man pages * Add man page build infrastructure * Make fence_xvm compatibility mode enabled by default * Fix libvirt / mcast support for name_mode * Fix agent option parsing * Fix dlsym mapping of C++ module * Make uuids work with libvirt-qpid * Fix uninitialized variable causing false returns * Add 'help' to fence_virtd * Fix libvirt-qpid build * Fix libvirt-qpid build * Add libvirt-qpid build target * Initial checking of libvirt-qpid plugin * Fix build on i686 * Make symlink/compatibilty mode disabled by default * Add simple tarball / release script * Use immediate resolution of symbols * Example config tweaks * Use sysconfdir for /etc/fence_virt.conf * Fix package name and install locations * Add 'maintainer-clean' target * Fix build errors on Fedora * Add missing header file * Ignore automake error * Make the build script actually build * Make cluster mode plugin work * Add basic cpg stuff for later * Enable 'on' operation for libvirt backend * Clean up modular build * Minor build cleanups * Yet more build fixes * More build cleanups * Build cleanups * Initial port to autoconf * Add checkpoint.c stub functions * Add sequence numbers to requests for tracking * Include missing include * Call generic history functions * Make history functions generic * Make debugging work from modules again * Revert 'Fix build issue breaking debug printing from modules' * Fix build issue breaking debug printing from modules * Fix libvirt backend; VALIDATE was wrong * Cleanups, add daemon support * Add simple 'null' skeleton backend plugin * Make all plugins dynamically loaded. * Fix error message * Remove dummy serial prototypes * Remove modules in 'make clean' * Make listeners plugins. * Move name_mode to fence_virtd block * Add name_mode to example.conf * Move VM naming scheme to top level of config * Enable UUID use in libvirt.c * Move options.c to client directory * Drop duplicate fencing requests * Don't require specifying an interface in fence_virt.conf * Fix empty node parsing * Actually use the default port by default * Don't overwrite config files * Install modules, too. * Add temporary 'make install' target * Make a default configuration file * Make mcast work with UUIDs * Add checkpoint.so to the build * Fix missing carriage returns on debug prints * Add architecture overview description * Make serial_init match mcast_init. * Make multicast use config file * Integrate config file processing * Create server-side plugin architecture * Make libvirt a built-in plugin * Fix header in serial.c.

Advisory ID	SUSE-SU-2021:2555-1
Released	Thu Jul 29 08:29:55 2021
Summary	Security update for git
Type	security
Severity	moderate
References	1168930,1183026,1183580,CVE-2021-21300

Description:

This update for git fixes the following issues:
Update from version 2.26.2 to version 2.31.1 (jsc#SLE-18152)
Security fixes:

CVE-2021-21300: On case-insensitive file systems with support for symbolic links, if Git is configured globally to apply delay-capable clean/smudge filters (such as Git LFS), Git could run remote code during a clone. (bsc#1183026)

Non security changes:

Add `sysusers` file to create `git-daemon` user.
Remove `perl-base` and `openssh-server` dependency on `git-core`and provide a `perl-Git` package. (jsc#SLE-17838)
`fsmonitor` bug fixes
Fix `git bisect` to take an annotated tag as a good/bad endpoint
Fix a corner case in `git mv` on case insensitive systems
Require only `openssh-clients` where possible (like Tumbleweed or SUSE Linux Enterprise >= 15 SP3). (bsc#1183580)
Drop `rsync` requirement, not necessary anymore.
Use of `pack-redundant` command is discouraged and will trigger a warning. The replacement is `repack -d`.
The `--format=%(trailers)` mechanism gets enhanced to make it easier to design output for machine consumption.
No longer give message to choose between rebase or merge upon pull if the history `fast-forwards`.
The configuration variable `core.abbrev` can be set to `no` to force no abbreviation regardless of the hash algorithm
`git rev-parse` can be explicitly told to give output as absolute or relative path with the `--path-format=(absolute|relative)` option.
Bash completion update to make it easier for end-users to add completion for their custom `git` subcommands.
`git maintenance` learned to drive scheduled maintenance on platforms whose native scheduling methods are not 'cron'.
After expiring a reflog and making a single commit, the reflog for the branch would record a single entry that knows both `@{0}` and `@{1}`, but we failed to answer 'what commit were we on?', i.e. `@{1}`
`git bundle` learns `--stdin` option to read its refs from the standard input. Also, it now does not lose refs when they point at the same object.
`git log` learned a new `--diff-merges=` option.
`git ls-files` can and does show multiple entries when the index is unmerged, which is a source for confusion unless `-s/-u` option is in use. A new option `--deduplicate` has been introduced.
`git worktree list` now annotates worktrees as prunable, shows locked and prunable attributes in `--porcelain mode`, and gained a `--verbose` option.
`git clone` tries to locally check out the branch pointed at by HEAD of the remote repository after it is done, but the protocol did not convey the information necessary to do so when copying an empty repository. The protocol v2 learned how to do so.
There are other ways than `..` for a single token to denote a `commit range', namely `^!` and `^-`, but `git range-diff` did not understand them.
The `git range-diff` command learned `--(left|right)-only` option to show only one side of the compared range.
`git mergetool` feeds three versions (base, local and remote) of a conflicted path unmodified. The command learned to optionally prepare these files with unconflicted parts already resolved.
The `.mailmap` is documented to be read only from the root level of a working tree, but a stray file in a bare repository also was read by accident, which has been corrected.
`git maintenance` tool learned a new `pack-refs` maintenance task.
Improved error message given when a configuration variable that is expected to have a boolean value.
Signed commits and tags now allow verification of objects, whose two object names (one in SHA-1, the other in SHA-256) are both signed.
`git rev-list` command learned `--disk-usage` option.
`git diff`, `git log` `--{skip,rotate}-to=` allows the user to discard diff output for early paths or move them to the end of the output.
`git difftool` learned `--skip-to=` option to restart an interrupted session from an arbitrary path.
`git grep` has been tweaked to be limited to the sparse checkout paths.
`git rebase --[no-]fork-point` gained a configuration variable `rebase.forkPoint` so that users do not have to keep specifying a non-default setting.
`git stash` did not work well in a sparsely checked out working tree.
Newline characters in the host and path part of `git://` URL are now forbidden.
`Userdiff` updates for PHP, Rust, CSS
Avoid administrator error leading to data loss with `git push --force-with-lease[=]` by introducing `--force-if-includes`
only pull `asciidoctor` for the default ruby version
The `--committer-date-is-author-date` option of `rebase` and `am` subcommands lost the e-mail address by mistake in 2.29
The transport protocol v2 has become the default again
`git worktree` gained a `repair` subcommand, `git init --separate-git-dir` no longer corrupts administrative data related to linked worktrees
`git maintenance` introduced for repository maintenance tasks
`fetch.writeCommitGraph` is deemed to be still a bit too risky and is no longer part of the `feature.experimental` set.
The commands in the `diff` family honors the `diff.relative` configuration variable.
`git diff-files` has been taught to say paths that are marked as `intent-to-add` are new files, not modified from an empty blob.
`git gui` now allows opening work trees from the start-up dialog.
`git bugreport` reports what shell is in use.
Some repositories have commits that record wrong committer timezone; `git fast-import` has an option to pass these timestamps intact to allow recreating existing repositories as-is.
`git describe` will always use the `long` version when giving its output based misplaced tags
`git pull` issues a warning message until the `pull.rebase` configuration variable is explicitly given

Advisory ID	SUSE-RU-2021:2558-1
Released	Thu Jul 29 12:05:03 2021
Summary	Recommended update for python-pytz
Type	recommended
Severity	moderate
References	1185748

Description:

This update for python-pytz fixes the following issues:

Add %pyunittest shim for platforms where it is missing.
Remove real directory of %{python_sitelib}/pytz/zoneinfo when upgrading, before it is replaced by a symlink. (bsc#1185748)
Bump tzdata_version
update to 2021.1: * update to IANA 2021a timezone release

Advisory ID	SUSE-RU-2021:2568-1
Released	Thu Jul 29 14:18:37 2021
Summary	Recommended update for open-vm-tools
Type	recommended
Severity	moderate
References	1029961,1185103,1185175,1187567

Description:

This update for open-vm-tools fixes the following issues:
Update to 11.3.0 (bsc#1187567)

Reduce or eliminate Linux dependency on the 'net-tools' package. - The 'ifconfig' and 'netstat' commands are deprecated in more recent releases of Linux. Update the Linux 'vm-support' script to use the 'ip' and 'ss' commands when available. If the new commands are missing a fallback will be used. In Particular, 'ip' has a fallback on 'ifconfig', 'ip route' will fallback on 'route' and 'ss' will fallback on 'netstat'.
Configuring OVT with the '--without-pam' option will implicitly disable 'vgauth'. - When no 'vgauth' option is given alongside '--without-pam', a warning is displayed with a message 'Building without PAM; vgauth will be disabled.'. - When '--disable-vgauth' is supplied alongside '--without-pam', no warning or error message is displayed. - When '--enable-vgauth' is supplied alongside '--without-pam', an error will be shown and the configure stage will be aborted with an error message 'Cannot enable vgauth without PAM. Please configure without --without-pam or without --enable-vgauth.'
Fix issues using GCC 11 with gtk >= 3.20 and glib >=2.66.3
Fix more GCC 11 failures. (bsc#1185103)
Update the 'FreeBSD' specific sections of 'open-vm-tools' to adjust what necessary for 'ARM64'.
New command line tool 'vmwgfxctrl' introduced in 'open-vm-tools'. - A user can now control various aspects of the 'vmwgfx' Linux kernel module. Currently it can both display and set the current topology of the 'vmwgfx' kernel driver. It is useful when trying to configure custom resolutions on recent Linux distributions, including multi-monitor setups.
New command line tool 'vmware-alias-import' added to 'open-vm-tools' that can be used to import 'vgauth' config data and apply it to the running 'vgauth' service.
Enhancements to support or utilize various vSphere features.
In 'vmtoolsd.service' move the deprecated path '/var/run' to '/run' for it's 'PID' file. (bsc#1185175)
Finalize the 'UsrMerge'. (bsc#1029961)

Advisory ID	SUSE-RU-2021:2573-1
Released	Thu Jul 29 14:21:52 2021
Summary	Recommended update for timezone
Type	recommended
Severity	moderate
References	1188127

Description:

This update for timezone fixes the following issue:

From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by

the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127).

Advisory ID	SUSE-RU-2021:2579-1
Released	Sun Aug 1 15:57:01 2021
Summary	Recommended update for rust, rust1.43, rust1.53
Type	recommended
Severity	moderate
References

Description:

This update for rust, rust1.43, rust1.53 fixes the following issues:
This will ship multiple rust versions.

rust1.43: for Firefox ESR
rust1.53: The current rust release

The 'rust' package itself will be a wrapper package.

Advisory ID	SUSE-RU-2021:2580-1
Released	Sun Aug 1 15:57:20 2021
Summary	Recommended update for pdsh
Type	recommended
Severity	moderate
References	1186642

Description:

This update for pdsh fixes the following issue:

pdsh had a lower release number in 15 sp3 than in 15 sp2, which could lead to migration issues. (bsc#1186642)

Advisory ID	SUSE-RU-2021:2602-1
Released	Wed Aug 4 08:45:01 2021
Summary	Recommended update for amazon-ecs-init
Type	recommended
Severity	moderate
References	1187662

Description:

This update for amazon-ecs-init fixes the following issues:

Update to version 1.53.0-1 (bsc#1187662) * Cache Agent version 1.53.0
from version 1.52.2-2 * Cache Agent version 1.52.2 * ecs-anywhere-install: fix incorrect download url when running in cn region
from version 1.52.2-1 * Cache Agent version 1.52.2 * ecs-anywhere-install: remove dependency on gpg key server * ecs-anywhere-install: allow sandboxed apt installations

Advisory ID	SUSE-RU-2021:2606-1
Released	Wed Aug 4 13:16:09 2021
Summary	Recommended update for libcbor
Type	recommended
Severity	moderate
References	1102408

Description:

This update for libcbor fixes the following issues:

Implement a fix to avoid building shared library twice. (bsc#1102408)

Advisory ID	SUSE-SU-2021:2612-1
Released	Thu Aug 5 10:17:44 2021
Summary	Security update for apache-commons-compress
Type	security
Severity	important
References	1188463,1188464,1188465,1188466,CVE-2021-35515,CVE-2021-35516,CVE-2021-35517,CVE-2021-36090

Description:

This update for apache-commons-compress fixes the following issues:

Updated to 1.21
CVE-2021-35515: Fixed an infinite loop when reading a specially crafted 7Z archive. (bsc#1188463)
CVE-2021-35516: Fixed an excessive memory allocation when reading a specially crafted 7Z archive. (bsc#1188464)
CVE-2021-35517: Fixed an excessive memory allocation when reading a specially crafted TAR archive. (bsc#1188465)
CVE-2021-36090: Fixed an excessive memory allocation when reading a specially crafted ZIP archive. (bsc#1188466)

Advisory ID	SUSE-SU-2021:2614-1
Released	Thu Aug 5 10:19:19 2021
Summary	Security update for spice-vdagent
Type	security
Severity	important
References	1173749,1177780,1177781,1177782,1177783,CVE-2020-25650,CVE-2020-25651,CVE-2020-25652,CVE-2020-25653

Description:

This update for spice-vdagent fixes the following issues:

Update to version 0.21.0
CVE-2020-25650: memory DoS via arbitrary entries in `active_xfers` hash table (bsc#1177780)
CVE-2020-25651: possible file transfer DoS and information leak via `active_xfers` hash map (bsc#1177781)
CVE-2020-25652: possibility to exhaust file descriptors in `vdagentd` (bsc#1177782)
CVE-2020-25653: UNIX domain socket peer PID retrieved via `SO_PEERCRED` is subject to race condition (bsc#1177783)

Advisory ID	SUSE-SU-2021:2619-1
Released	Thu Aug 5 10:35:15 2021
Summary	Security update for djvulibre
Type	security
Severity	important
References	1187869,CVE-2021-3630

Description:

This update for djvulibre fixes the following issues:

CVE-2021-3630: out-of-bounds write in DJVU:DjVuTXT:decode() in DjVuText.cpp (bsc#1187869)

Advisory ID	SUSE-RU-2021:2625-1
Released	Thu Aug 5 12:10:27 2021
Summary	Recommended update for supportutils
Type	recommended
Severity	moderate
References	1185991,1185993,1186347,1186397,1186687,1188348

Description:

This update for supportutils fixes the following issues:
ethtool was updated to version 3.1.17:

Solve a downgrade issue between SUSE Linux Enterprise SP3 and lower (bsc#1188348)
Adding ethtool options g l m to network.txt (jsc#SLE-18240)
lsof options to improve performance (bsc#1186687)
Exclude rhn.conf from etc.txt (bsc#1186347)
analyzevmcore supports local directories (bsc#1186397)
getappcore checks for valid compression binary (bsc#1185991)
getappcore does not trigger errors with help message (bsc#1185993)

Advisory ID	SUSE-RU-2021:2627-1
Released	Thu Aug 5 12:10:46 2021
Summary	Recommended maintenance update for systemd-default-settings
Type	recommended
Severity	moderate
References	1188348

Description:

This update for systemd-default-settings fixes the following issue:

Solve a downgrade issue between SUSE Linux Enterprise SP3 and lower (bsc#1188348)

Advisory ID	SUSE-RU-2021:2629-1
Released	Thu Aug 5 12:11:09 2021
Summary	Recommended update for libreoffice
Type	recommended
Severity	moderate
References	1178806,1182969,1186871,1187173

Description:

This update for libreoffice fixes the following issues:
Update to version 7.1.4.2 (bsc#1178806)

Fix external URL connections issues when WebDav is built using 'libserf'. (bsc#1187173, bsc#1186871)
Fix a regression caused by 'Multi column textbox in editengine'.
Improve the build time on aarch64 to select only powerful buildhosts.
Fix an issue with PPTX where one column becomes two within one text frame. (bsc#1182969)

Advisory ID	SUSE-RU-2021:2640-1
Released	Fri Aug 6 13:25:58 2021
Summary	Recommended update for cloud-regionsrv-client
Type	recommended
Severity	moderate
References	1029162

Description:

This update for cloud-regionsrv-client contains the following fix:

Update to version 9.2.0: (bsc#1029162) + Support IPv6 as best-effort, with fallback to IPv4

Advisory ID	SUSE-RU-2021:2652-1
Released	Wed Aug 11 13:25:42 2021
Summary	Recommended update for cloud-regionsrv
Type	recommended
Severity	moderate
References	1029162

Description:

This update for cloud-regionsrv contains the following fix:

Update to version 8.1.0: (bsc#1029162) + Enable multiple IP assignments (IPv4+IPv6) on TLS Certificate

Advisory ID	SUSE-RU-2021:2681-1
Released	Thu Aug 12 14:59:06 2021
Summary	Recommended update for growpart-rootgrow
Type	recommended
Severity	important
References	1188868,1188904

Description:

This update for growpart-rootgrow fixes the following issues:

Fix root partition ID lookup. Only consider trailing digits to be part of the paritition ID. (bsc#1188868) (bsc#1188904)

Advisory ID	SUSE-SU-2021:2682-1
Released	Thu Aug 12 20:06:19 2021
Summary	Security update for rpm
Type	security
Severity	important
References	1179416,1181805,1183543,1183545,CVE-2021-20266,CVE-2021-20271,CVE-2021-3421

Description:

This update for rpm fixes the following issues:

Changed default package verification level to 'none' to be compatible to rpm-4.14.1
Made illegal obsoletes a warning
Fixed a potential access of freed mem in ndb's glue code (bsc#1179416)
Added support for enforcing signature policy and payload verification step to transactions (jsc#SLE-17817)
Added :humansi and :hmaniec query formatters for human readable output
Added query selectors for whatobsoletes and whatconflicts
Added support for sorting caret higher than base version
rpm does no longer require the signature header to be in a contiguous region when signing (bsc#1181805)

Security fixes:

CVE-2021-3421: A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity (bsc#1183543)

CVE-2021-20271: A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability (bsc#1183545)

CVE-2021-20266: A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability.

Advisory ID	SUSE-RU-2021:2688-1
Released	Sat Aug 14 10:18:12 2021
Summary	Recommended update for patterns-base, patterns-server-enterprise, sles15-image
Type	recommended
Severity	moderate
References	1183154

Description:

This update for patterns-base, patterns-server-enterprise, sles15-image fixes the following issues:

Add pattern to install necessary packages for FIPS (bsc#1183154)
Add patterns-base-fips to work also in FIPS environments (bsc#1183154)

Advisory ID	SUSE-SU-2021:2760-1
Released	Tue Aug 17 17:11:14 2021
Summary	Security update for c-ares
Type	security
Severity	important
References	1188881,CVE-2021-3672

Description:

This update for c-ares fixes the following issues:
Version update to git snapshot 1.17.1+20200724:

CVE-2021-3672: fixed missing input validation on hostnames returned by DNS servers (bsc#1188881)
If ares_getaddrinfo() was terminated by an ares_destroy(), it would cause crash
Crash in sortaddrinfo() if the list size equals 0 due to an unexpected DNS response
Expand number of escaped characters in DNS replies as per RFC1035 5.1 to prevent spoofing
Use unbuffered /dev/urandom for random data to prevent early startup performance issues

Advisory ID	SUSE-SU-2021:2764-1
Released	Tue Aug 17 17:17:17 2021
Summary	Security update for libsndfile
Type	security
Severity	critical
References	1100167,1116993,1117954,1188540,CVE-2018-13139,CVE-2018-19432,CVE-2018-19758,CVE-2021-3246

Description:

This update for libsndfile fixes the following issues:

CVE-2018-13139: Fixed a stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. (bsc#1100167)
CVE-2018-19432: Fixed a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service. (bsc#1116993)
CVE-2021-3246: Fixed a heap buffer overflow vulnerability in msadpcm_decode_block. (bsc#1188540)
CVE-2018-19758: Fixed a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service. (bsc#1117954)

Advisory ID	SUSE-SU-2021:2774-1
Released	Thu Aug 19 13:49:30 2021
Summary	Security update for MozillaFirefox
Type	security
Severity	important
References	1188891,CVE-2021-29980,CVE-2021-29984,CVE-2021-29985,CVE-2021-29986,CVE-2021-29988,CVE-2021-29989

Description:

This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 78.13.0 ESR (MFSA 2021-34, bsc#1188891):

CVE-2021-29986: Race condition when resolving DNS names could have led to memory corruption
CVE-2021-29988: Memory corruption as a result of incorrect style treatment
CVE-2021-29984: Incorrect instruction reordering during JIT optimization
CVE-2021-29980: Uninitialized memory in a canvas object could have led to memory corruption
CVE-2021-29985: Use-after-free media channels
CVE-2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13

Advisory ID	SUSE-RU-2021:2778-1
Released	Thu Aug 19 15:19:52 2021
Summary	Recommended update for compat-libpthread-nonshared
Type	recommended
Severity	moderate
References	1188004

Description:

This update for compat-libpthread-nonshared fixes the following issues:

Add build for 32-bit version for Oracle client. (bsc#1188004)

Advisory ID	SUSE-RU-2021:2781-1
Released	Thu Aug 19 18:54:14 2021
Summary	Recommended update for psqlODBC
Type	recommended
Severity	moderate
References

Description:

This update for psqlODBC fixes the following issues:

Update to 13.01.0000: * Fix a bug of CC_send_query_append() when the ignore_roundtrip_time flag is on. * Add a call for SQLDescribeCol() before SQLExecute() to prepare-test. * Add a *update returning* test case to insertreturning regression test. * Let SQLDescribeCol() use parsed result when the current executed result is NULL. * Let SQLExecute() destroy the old result first. * Forget to apply disable_convert_func flag to VARCHAR and LONGVARCHAR. * Prioritize DISABLE_KEEPALIVE checkbox over the disable_keepalive bit of ExtraOptions. * Format check for ExtraOptions of setup dialog.

Update to 13.00.0000: * Add support for CONVERT scalar function. * Cope with the case that openssl libraries link msvc runtimes other than libraries which psqlodbc or libpq links. * Call AC_CHECK_SIZEOF() or AC_CHECK_TYPES() macros at earlier stage where LIBS variable isn't set yet. * Fix a compilation error with GCC 10 due to conflicting variable names. * Remove curr_param_result property of StatementClass and separate parsed result from the exec result. * Add support for development with VC16(Visual Studio 2019). * Hold the first and last result for parametrized SQL statements with array of parameters. * This would improve the performance of bulk inserts/updates etc. * Revise the handling of QResultClass list. * Introduce macros QR_concat(), QR_detach() and QR_next(). * Correct the handling of SQL_ROW_ERROR and SQL_ROW_SUCCESS_WITH_INFO. * Remove the single table restriction in SC_set_SS_columnkey. * Improve error reporting about SC_pos_reload_needed().

Update to 12.02.0000: * Add a new *Display Optional Error Message* option. * Handle notice messages in libpq_bind_and_exec(). * Ignore PQtransactionStatus PQTRANS_ACTIVE in LIBPQ_update_transaction_status(). PQTRANS_ACTIVE isn't a transaction status. * Improve execution of parameterized SQL statements with arrays * Add a new option IgnoreTimeout. * An improvement for psqlodbc developpers. Make it possible to call some shell scripts from other directories.

Advisory ID	SUSE-SU-2021:2791-1
Released	Fri Aug 20 10:14:13 2021
Summary	Security update for fetchmail
Type	security
Severity	moderate
References	1188034,1188875,CVE-2021-36386

Description:

This update for fetchmail fixes the following issues:

CVE-2021-36386: Fixed a missing variable initialization that can cause read from bad memory locations. (bsc#1188875)
Change PASSWORDLEN from 64 to 256 (bsc#1188034)

Advisory ID	SUSE-SU-2021:2792-1
Released	Fri Aug 20 10:18:15 2021
Summary	Security update for libass
Type	security
Severity	important
References	1188539,CVE-2020-36430

Description:

This update for libass fixes the following issues:

CVE-2020-36430: Fixed heap-based buffer overflow in decode_chars (bsc#1188539).

Advisory ID	SUSE-SU-2021:2793-1
Released	Fri Aug 20 10:22:53 2021
Summary	Security update for openexr
Type	security
Severity	important
References	1188457,1188458,1188459,1188460,1188461,1188462,CVE-2021-20298,CVE-2021-20299,CVE-2021-20300,CVE-2021-20302,CVE-2021-20303,CVE-2021-20304,CVE-2021-3476

Description:

This update for openexr fixes the following issues:

CVE-2021-20298 [bsc#1188460]: Fixed Out-of-memory in B44Compressor
CVE-2021-20299 [bsc#1188459]: Fixed Null-dereference READ in Imf_2_5:Header:operator
CVE-2021-20300 [bsc#1188458]: Fixed Integer-overflow in Imf_2_5:hufUncompress
CVE-2021-20302 [bsc#1188462]: Fixed Floating-point-exception in Imf_2_5:precalculateTileInfot
CVE-2021-20303 [bsc#1188457]: Fixed Heap-buffer-overflow in Imf_2_5::copyIntoFrameBuffer
CVE-2021-20304 [bsc#1188461]: Fixed Undefined-shift in Imf_2_5:hufDecode

Advisory ID	SUSE-SU-2021:2794-1
Released	Fri Aug 20 10:25:35 2021
Summary	Security update for aspell
Type	security
Severity	important
References	1177523,1188576,CVE-2019-25051

Description:

This update for aspell fixes the following issues:

CVE-2019-25051: Fixed heap-buffer-overflow in acommon:ObjStack:dup_top (bsc#1188576).

Advisory ID	SUSE-SU-2021:2798-1
Released	Fri Aug 20 10:37:58 2021
Summary	Security update for java-1_8_0-openjdk
Type	security
Severity	important
References	1185056,1188564,1188565,1188566,CVE-2021-2161,CVE-2021-2341,CVE-2021-2369,CVE-2021-2388

Description:

This update for java-1_8_0-openjdk fixes the following issues:

Update to version jdk8u302 (icedtea 3.20.0)
CVE-2021-2341: Improve file transfers. (bsc#1188564)
CVE-2021-2369: Better jar file validation. (bsc#1188565)
CVE-2021-2388: Enhance compiler validation. (bsc#1188566)
CVE-2021-2161: Less ambiguous processing. (bsc#1185056)

Advisory ID	SUSE-SU-2021:2802-1
Released	Fri Aug 20 10:47:08 2021
Summary	Security update for libmspack
Type	security
Severity	moderate
References	1103032,CVE-2018-14679,CVE-2018-14681,CVE-2018-14682

Description:

This update for libmspack fixes the following issues:

CVE-2018-14681: Bad KWAJ file header extensions could cause a one or two byte overwrite. (bsc#1103032)
CVE-2018-14682: There is an off-by-one error in the TOLOWER() macro for CHM decompression. (bsc#1103032)
CVE-2018-14679: There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service. (bsc#1103032)

Advisory ID	SUSE-SU-2021:2812-1
Released	Mon Aug 23 12:17:44 2021
Summary	Security update for libvirt
Type	security
Severity	moderate
References	1184253,1187871,1188232,1188843,CVE-2021-3631,CVE-2021-3667

Description:

This update for libvirt fixes the following issues:
Security issues fixed:

CVE-2021-3631: fix SELinux label generation logic (bsc#1187871)
CVE-2021-3667: Unlock object on ACL fail in storagePoolLookupByTargetPath (bsc#1188843)

Non-security issues fixed:

virtlockd: Don't report error if lockspace exists (bsc#1184253)
Don't forcibly remove '--listen' arg from /etc/sysconfig/libvirtd. Add '--timeout 120' if '--listen' is not specified. (bsc#1188232)

Advisory ID	SUSE-OU-2021:2816-1
Released	Mon Aug 23 14:16:58 2021
Summary	Optional update for python-kubernetes
Type	optional
Severity	low
References

Description:

This patch provides the python3-kubernetes package to the following modules:

Container Module for SUSE Linux Enterprise 15 SP2
Container Module for SUSE Linux Enterprise 15 SP3

Advisory ID	SUSE-SU-2021:2817-1
Released	Mon Aug 23 15:05:36 2021
Summary	Security update for aws-cli, python-boto3, python-botocore, python-service_identity, python-trustme, python-urllib3
Type	security
Severity	moderate
References	1102408,1138715,1138746,1176389,1177120,1182421,1182422,CVE-2020-26137

Description:

This patch updates the Python AWS SDK stack in SLE 15:
General:
# aws-cli

Version updated to upstream release v1.19.9 For a detailed list of all changes, please refer to the changelog file of this package.

# python-boto3

Version updated to upstream release 1.17.9 For a detailed list of all changes, please refer to the changelog file of this package.

# python-botocore

Version updated to upstream release 1.20.9 For a detailed list of all changes, please refer to the changelog file of this package.

# python-urllib3

Version updated to upstream release 1.25.10 For a detailed list of all changes, please refer to the changelog file of this package.

# python-service_identity

Added this new package to resolve runtime dependencies for other packages. Version: 18.1.0

# python-trustme

Added this new package to resolve runtime dependencies for other packages. Version: 0.6.0

Security fixes:
# python-urllib3:

CVE-2020-26137: urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest() (bsc#1177120)

Advisory ID	SUSE-RU-2021:2821-1
Released	Tue Aug 24 10:53:01 2021
Summary	Recommended update for ClusterTools2
Type	recommended
Severity	moderate
References	1166943,1186119

Description:

This update for ClusterTools2 fixes the following issues:

change version from 3.1.0 to 3.1.1
As some of the supportconfig plugins of ClusterTools2 take very long time to process, we will disable these plugins by default. (bsc#1186119)
Add file samples to support SLE15. (bsc#1166943)

Advisory ID	SUSE-SU-2021:2827-1
Released	Tue Aug 24 16:16:26 2021
Summary	Security update for openssl-1_0_0
Type	security
Severity	important
References	1189521,CVE-2021-3712

Description:

This update for openssl-1_0_0 fixes the following issues:

CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521]

Advisory ID	SUSE-SU-2021:2838-1
Released	Wed Aug 25 12:34:01 2021
Summary	Security update for jetty-minimal
Type	security
Severity	moderate
References	1188438,CVE-2021-34429

Description:

This update for jetty-minimal fixes the following issues:

Update to version 9.4.43.v20210629
CVE-2021-34429: URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. (bsc#1188438)

Advisory ID	SUSE-RU-2021:2855-1
Released	Fri Aug 27 09:21:24 2021
Summary	Recommended update for rust
Type	recommended
Severity	moderate
References

Description:

This update for rust fixes the following issues:
This ships the new parallel rust 1.54 version.
Version 1.54.0 (2021-07-29)
Language:

You can now use macros for values in built-in attribute macros. While a seemingly minor addition on its own, this enables a lot of powerful functionality when combined correctly. Most notably you can now include external documentation in your crate by writing the following. ```rust #![doc = include_str!('README.md')] ``` You can also use this to include auto-generated modules: ```rust #[path = concat!(env!('OUT_DIR'), '/generated.rs')] mod generated; ```
You can now cast between unsized slice types (and types which contain unsized slices) in `const fn`.
You can now use multiple generic lifetimes with `impl Trait` where the lifetimes don't explicitly outlive another.

In code this means that you can now have `impl Trait<'a, 'b>` where as before you could only have `impl Trait<'a, 'b> where 'b: 'a`.
Compiler:

Rustc will now search for custom JSON targets in `/lib/rustlib//target.json` where `/` is the 'sysroot' directory. You can find your sysroot directory by running `rustc --print sysroot`.
Added `wasm` as a `target_family` for WebAssembly platforms.
You can now use `#[target_feature]` on safe functions when targeting WebAssembly platforms.
Improved debugger output for enums on Windows MSVC platforms.
Added tier 3\* support for `bpfel-unknown-none` and `bpfeb-unknown-none`.

\* Refer to Rust's platform support page for more information on Rust's tiered platform support.
Libraries:

`panic::panic_any` will now `#[track_caller]`.
Added `OutOfMemory` as a variant of `io::ErrorKind`.
`proc_macro::Literal` now implements `FromStr`.
The implementations of vendor intrinsics in core::arch have been significantly refactored. The main user-visible changes are a 50% reduction in the size of libcore.rlib and stricter validation of constant operands passed to intrinsics. The latter is technically a breaking change, but allows Rust to more closely match the C vendor intrinsics API.

Stabilized APIs:

BTreeMap::into_keys
BTreeMap::into_values
HashMap::into_keys
HashMap::into_values
arch::wasm32
VecDeque::binary_search
VecDeque::binary_search_by
VecDeque::binary_search_by_key
VecDeque::partition_point

Cargo:

Added the `--prune ` option to `cargo-tree` to remove a package from the dependency graph.
Added the `--depth` option to `cargo-tree` to print only to a certain depth in the tree.
Added the `no-proc-macro` value to `cargo-tree --edges` to hide procedural macro dependencies.
A new environment variable named `CARGO_TARGET_TMPDIR` is available. This variable points to a directory that integration tests and benches can use as a 'scratchpad' for testing filesystem operations.

Advisory ID	SUSE-SU-2021:2861-1
Released	Fri Aug 27 14:41:03 2021
Summary	Security update for spectre-meltdown-checker
Type	security
Severity	moderate
References	1189477,CVE-2017-5753

Description:

This update for spectre-meltdown-checker fixes the following issues:
spectre-meltdown-checker was updated to version 0.44 (bsc#1189477)

feat: add support for SRBDS related vulnerabilities
feat: add zstd kernel decompression (#370)
enh: arm: add experimental support for binary arm images
enh: rsb filling: no longer need the 'strings' tool to check for kernel support in live mode
fix: fwdb: remove Intel extract tempdir on exit
fix: has_vmm: ignore kernel threads when looking for a hypervisor (fixes #278)
fix: fwdb: use the commit date as the intel fwdb version
fix: fwdb: update Intel's repository URL
fix: arm64: CVE-2017-5753: kernels 4.19+ use a different nospec macro
fix: on CPU parse info under FreeBSD
chore: github: add check run on pull requests
chore: fwdb: update to v165.20201021+i20200616

Advisory ID	SUSE-RU-2021:2863-1
Released	Mon Aug 30 08:18:50 2021
Summary	Recommended update for python-dbus-python
Type	recommended
Severity	moderate
References	1183818

Description:

This update for python-dbus-python fixes the following issues:

Update to latest version from tumbleweed. (jsc#ECO-3589, bsc#1183818)

update to 1.2.16: * All tests are run even if the 'tap.py' module is not available, althoug diagnostics for failing tests will be better if it is present.

Support builds with more than one python3 flavor
Clean duplicate python flavor variables for configure

Version update to version 1.2.14: * Ensure that the numeric types from dbus.types get the same str() under Python 3.8 that they did under previous versions. * Disable -Winline. * Add clearer license information using SPDX-License-Identifier. * Include inherited methods and properties when documenting objects, which regressed when migrating from epydoc to sphinx. * Add missing variant_level member to UnixFd type, for parity with the other dbus.types types * Don't reply to method calls if they have the NO_REPLY_EXPECTED flag * Silence '-Wcast-function-type' with gcc 8. * Fix distcheck with python3.7 by deleting '__pycache__' during uninstall. * Consistently save and restore the exception indicator when called from C code.

Add missing dependency for pkg-config files

Version update to version 1.2.8: * Python 2.7 required or 3.4 respectively * Upstream dropped epydoc completely

Add dbus-1-python3 package
Make BusConnection.list_activatable_names actually call struct entries than the signature allows with libdbus 1.4 imports dbus, is finalized, is re-initialized, and re-imports - When removing signal matches, clean up internal state, avoiding a memory leak in long-lived Python processes that connect to
When setting the sender of a message, allow it to be org.freedesktop.DBus so you can implement a D-Bus daemon
New package: dbus-1-python-devel

Advisory ID	SUSE-SU-2021:2874-1
Released	Mon Aug 30 15:54:34 2021
Summary	Security update for MozillaThunderbird
Type	security
Severity	important
References	1188891,CVE-2021-29980,CVE-2021-29984,CVE-2021-29985,CVE-2021-29986,CVE-2021-29988,CVE-2021-29989

Description:

This update for MozillaThunderbird fixes the following issues:
Update to version 78.13 (MFSA 2021-35, bsc#1188891)

CVE-2021-29986: Race condition when resolving DNS names could have led to memory corruption
CVE-2021-29988: Memory corruption as a result of incorrect style treatment
CVE-2021-29984: Incorrect instruction reordering during JIT optimization
CVE-2021-29980: Uninitialized memory in a canvas object could have led to memory corruption
CVE-2021-29985: Use-after-free media channels
CVE-2021-29989: Memory safety bugs fixed in Thunderbird 78.13

Advisory ID	SUSE-RU-2021:2885-1
Released	Tue Aug 31 12:21:17 2021
Summary	Recommended update for publicsuffix
Type	recommended
Severity	low
References	1189124

Description:

This update for publicsuffix fixes the following issues:

Updates the list of known/accepted domains with recent data (bsc#1189124).

Advisory ID	SUSE-RU-2021:2886-1
Released	Tue Aug 31 13:21:20 2021
Summary	Recommended update for bind
Type	recommended
Severity	moderate
References	1187921

Description:

This update for bind fixes the following issues:

tsig-keygen is now used to generate DDNS keys (bsc#1187921)

Advisory ID	SUSE-RU-2021:2887-1
Released	Tue Aug 31 13:31:19 2021
Summary	Recommended update for cloud-init
Type	recommended
Severity	moderate
References	1183939,1184758

Description:

This update for cloud-init contains the following:

Change log file creation mode to 640. (bsc#1183939)
Do not write the generated password to the log file. (bsc#1184758)
Allow purging cache when Python when version change detected.

Advisory ID	SUSE-SU-2021:2892-1
Released	Tue Aug 31 16:38:22 2021
Summary	Security update for dovecot23
Type	security
Severity	moderate
References	1187418,1187419,1187420,CVE-2020-28200,CVE-2021-29157

Description:

This update for dovecot23 fixes the following issues:
Update dovecot to version 2.3.15 (jsc#SLE-19970):
Security issues fixed:

CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in JWT tokens. This may be used to supply attacker controlled keys to validate tokens, if attacker has local access. (bsc#1187418) Local attacker can login as any user and access their emails
CVE-2021-33515: On-path attacker could have injected plaintext commands before STARTTLS negotiation that would be executed after STARTTLS finished with the client. (bsc#1187419) Attacker can potentially steal user credentials and mails

Disconnection log messages are now more standardized across services. They also always now start with 'Disconnected' prefix.
Dovecot now depends on libsystemd for systemd integration.
Removed support for Lua 5.2. Use version 5.1 or 5.3 instead.
config: Some settings are now marked as 'hidden'. It's discouraged to change these settings. They will no longer be visible in doveconf output, except if they have been changed or if doveconf -s parameter is used. See https://doc.dovecot.org/settings/advanced/ for details.
imap-compress: Compression level is now algorithm specific. See https://doc.dovecot.org/settings/plugin/compress-plugin/
indexer-worker: Convert 'Indexed' info logs to an event named 'indexer_worker_indexing_finished'. See https://doc.dovecot.org/admin_manual/list_of_events/#indexer-worker-indexing-finished
Add TSLv1.3 support to min_protocols.
Allow configuring ssl_cipher_suites. (for TLSv1.3+)
acl: Add acl_ignore_namespace setting which allows to entirely ignore ACLs for the listed namespaces.
imap: Support official RFC8970 preview/snippet syntax. Old methods of retrieving preview information via IMAP commands ('SNIPPET and PREVIEW with explicit algorithm selection') have been deprecated.
imapc: Support INDEXPVT for imapc storage to enable private message flags for cluster wide shared mailboxes.
lib-storage: Add new events: mail_opened, mail_expunge_requested, mail_expunged, mail_cache_lookup_finished. See https://doc.dovecot.org/admin_manual/list_of_events/#mail
zlib, imap-compression, fs-compress: Support compression levels that the algorithm supports. Before, we would allow hardcoded value between 1 to 9 and would default to 6. Now we allow using per-algorithm value range and default to whatever default the algorithm specifies.
*-login: Commands pipelined together with and just after the authenticate command cause these commands to be executed twice. This applies to all protocols that involve user login, which currently comprises of imap, pop3, submisision and managesieve.
*-login: Processes are supposed to disconnect the oldest non-logged in connection when process_limit was reached. This didn't actually happen with the default 'high-security mode' (with service_count=1) where each connection is handled by a separate process.
*-login: When login process reaches client/process limits, oldest client connections are disconnected. If one of these was still doing anvil lookup, this caused a crash. This could happen only if the login process limits were very low or if the server was overloaded.
Fixed building with link time optimizations (-flto).
auth: Userdb iteration with passwd driver does not always return all users with some nss drivers.
dsync: Shared INBOX not synced when 'mail_shared_explicit_inbox' was disabled. If a user has a shared mailbox which is another user's INBOX, dsync didn't include the mailbox in syncing unless explicit naming is enabled with 'mail_shared_explicit_inbox' set to 'yes'.
dsync: Shared namespaces were not synced with '-n' flag.
dsync: Syncing shared INBOX failed if mail_attribute_dict was not set. If a user has a shared mailbox that is another user's INBOX, dsync failed to export the mailbox if mail attributes are disabled.
fts-solr, fts-tika: Using both Solr FTS and Tika may have caused HTTP requests to assert-crash: Panic: file http-client-request.c: line 1232 (http_client_request_send_more): assertion failed: (req->payload_input != NULL)
fts-tika: 5xx errors returned by Tika server as indexing failures. However, Tika can return 5xx for some attachments every time. So the 5xx error should be retried once, but treated as success if it happens on the retry as well. v2.3 regression.
fts-tika: v2.3.11 regression: Indexing messages with fts-tika may have resulted in Panic: file message-parser.c: line 802 (message_parser_deinit_from_parts): assertion failed: (ctx->nested_parts_count == 0 || i_stream_have_bytes_left(ctx->input))
imap: SETMETADATA could not be used to unset metadata values. Instead NIL was handled as a 'NIL' string. v2.3.14 regression.
imap: IMAP BINARY FETCH crashes at least on empty base64 body: Panic: file index-mail-binary.c: line 358 (blocks_count_lines): assertion failed: (block_count == 0 || block_idx+1 == block_count)
imap: If IMAP client using the NOTIFY command was disconnected while sending FETCH notifications to the client, imap could crash with Panic: Trying to close mailbox INBOX with open transactions.
imap: Using IMAP COMPRESS extension can cause IMAP connection to hang when IMAP commands are >8 kB long.
imapc: If remote server sent BYE but didn't immediately disconnect, it could cause infinite busy-loop.
lib-index: Corrupted cache record size in dovecot.index.cache file could have caused a crash (segfault) when accessing it.
lib-oauth2: JWT token time validation now works correctly with 32-bit systems.
lib-ssl-iostream: Checking hostnames against an SSL certificate was case-sensitive.
lib-storage: Corrupted mime.parts in dovecot.index.cache may have resulted in Panic: file imap-bodystructure.c: line 206 (part_write_body): assertion failed: (text == ((part->flags & MESSAGE_PART_FLAG_TEXT) != 0))
lib-storage: Index rebuilding (e.g. via doveadm force-resync) didn't preserve the 'hdr-pop3-uidl' header. Because of this, the next pop3 session could have accessed all of the emails' metadata to read their POP3 UIDL (opening dbox files).
listescape: When using the listescape plugin and a shared namespace the plugin didn't work properly anymore resulting in errors like: 'Invalid mailbox name: Name must not have '/' character.'
lmtp: Connection crashes if connection gets disconnected due to multiple bad commands and the last bad command is BDAT.
lmtp: The Dovecot-specific LMTP parameter XRCPTFORWARD was blindly forwarded by LMTP proxy without checking that the backend has support. This caused a command parameter error from the backend if it was running an older Dovecot release. This could only occur in more complex setups where the message was proxied twice; when the proxy generated the XRCPTFORWARD parameter itself the problem did not occur, so this only happened when it was forwarded.
lmtp: The LMTP proxy crashes with a panic when the remote server replies with an error while the mail is still being forwarded through a DATA/BDAT command.
lmtp: Username may have been missing from lmtp log line prefixes when it was performing autoexpunging.
master: Dovecot would incorrectly fail with haproxy 2.0.14 service checks.
master: Systemd service: Dovecot announces readiness for accepting connections earlier than it should. The following environment variables are now imported automatically and can be omitted from import_environment setting: NOTIFY_SOCKET LISTEN_FDS LISTEN_PID.
master: service { process_min_avail } was launching processes too slowly when master was forking a lot of processes.
util: Make the health-check.sh example script POSIX shell compatible.
Added new aliases for some variables. Usage of the old ones is possible, but discouraged. (These were partially added already to v2.3.13.) See https://doc.dovecot.org/configuration_manual/config_file/config_variables/ for more information.
Optimize imap/pop3/submission/managesieve proxies to use less CPU at the cost of extra memory usage.
Remove autocreate, expire, snarf and mail-filter plugins.
Remove cydir storage driver.
Remove XZ/LZMA write support. Read support will be removed in future release.
doveadm -D: Add timestamps to debug output even when LOG_STDERR_TIMESTAMP environment variable is not set. Timestamp format is taken from log_timestamp setting.
If BROKENCHAR or listescape plugin is used, the escaped folder names may be slightly different from before in some situations. This is unlikely to cause issues, although caching clients may redownload the folders.
imapc: It now enables BROKENCHAR=~ by default to escape remote folder names if necessary. This also means that if there are any '~' characters in the remote folder names, they will be visible as '~7e'.
imapc: When using local index files folder names were escaped on filesystem a bit differently. This affects only if there are folder names that actually require escaping, which isn't so common. The old style folders will be automatically deleted from filesystem.
stats: Update exported metrics to be compliant with OpenMetrics standard.
doveadm: Add an optional '-p' parameter to metadata list command. If enabled, '/private', and '/shared' metadata prefixes will be prepended to the keys in the list output.
doveconf: Support environment variables in config files. See https://doc.dovecot.org/configuration_manual/config_file/config_file_syntax/#environment-variables for more details.
indexer-worker: Change indexer to disconnect from indexer-worker after each request. This allows service indexer-worker's service_count & idle_kill settings to work. These can be used to restart indexer-worker processes once in a while to reduce their memory usage.
auth: 'nodelay' with various authentication mechanisms such as apop and digest-md5 crashed AUTH process if authentication failed.
auth: Auth lua script generating an error triggered an assertion failure: Panic: file db-lua.c: line 630 (auth_lua_call_password_verify): assertion failed: (lua_gettop(script->L) == 0).
configure: Fix libunwind detection to work on other than x86_64 systems.
doveadm-server: Process could crash if logging was done outside command handling. For example http-client could have done debug logging afterwards, resulting in either segfault or Panic: file http-client.c: line 642 (http_client_context_close): assertion failed: (cctx->clients_list == NULL).
dsync: Folder name escaping with BROKENCHAR didn't work completely correctly. This especially caused problems with dsync-migrations using imapc where some of the remote folder names may not have been accessible.
dsync: doveadm sync + imapc doesn't always sync all mails when doing an incremental sync (-1), which could lead to mail loss when it's used for migration. This happens only when GUIDs aren't used (i.e. imapc without imapc_features=guid-forced).
fts-tika: When tika server returns error, some mails cause Panic: file message-parser.c: line 802 (message_parser_deinit_from_parts): assertion failed: (ctx->nested_parts_count == 0 || i_stream_have_bytes_left(ctx->input))
lib-imap: imapc parsing illegal BODYSTRUCTUREs with NILs could have resulted in crashes. This exposed that Dovecot was wrongly accepting atoms in 'nstring' handling. Changed the IMAP parsing to be more strict about this now.
lib-index: If dovecot.index.cache has corrupted message size, fetching BODY/BODYSTRUCTURE may cause assert-crash: Panic: file index-mail.c: line 1140 (index_mail_parse_body_finish): assertion failed: (mail->data.parts != NULL).
lib-index: Minor error handling and race condition fixes related to rotating dovecot.index.log. These didn't usually cause problems, unless the log files were rotated rapidly.
lib-lua: Lua scripts using coroutines or lua libraries using coroutines (e.g., cqueues) panicked.
Message PREVIEW handled whitespace wrong so first space would get eaten from between words.
FTS and message PREVIEW (snippet) parsed HTML &entities case-sensitively.
lib-mail: When max nested MIME parts were reached, IMAP BODYSTRUCTURE was written in a way that may have caused confusion for IMAP clients and also Dovecot itself when parsing it. The truncated part is now written out using application/octet-stream MIME type.
lib-oauth2: HS512 and HS384 JWT token algorithms crash when you try to use them: Panic: file hmac.c: line 26 (hmac_init): assertion failed: (meth->context_size <= MAC_MAX_CONTEXT_SIZE).
event filters: NOT keyword did not have the correct associativity.
Ignore ECONNRESET when closing socket. This avoids logging useless errors on systems like FreeBSD.
event filters: event filter syntax error may lead to Panic: file event-filter.c: line 137 (event_filter_parse): assertion failed: (state.output == NULL)
lib: timeval_cmp_margin() was broken on 32-bit systems. This could potentially have caused HTTP timeouts to be handled incorrectly.
log: instance_name wasn't used as syslog ident by the log process.
master: After a service reached process_limit and client_limit, it could have taken up to 1 second to realize that more client connections became available. During this time client connections could have been unnecessarily rejected and a warning logged: Warning: service(...): process_limit (...) reached, client connections are being dropped
stats: Crash would occur when generating openmetrics data for metrics using aggregating functions.
stats: Event filters comparing against empty strings crash the stats process.
CVE-2020-24386: Specially crafted command can cause IMAP hibernate to allow logged in user to access other people's emails and filesystem information.
Metric filter and global event filter variable syntax changed to a SQL-like format. See https://doc.dovecot.org/configuration_manual/event_filter/
auth: Added new aliases for %{variables}. Usage of the old ones is possible, but discouraged.
auth: Removed RPA auth mechanism, SKEY auth mechanism, NTLM auth mechanism and related password schemes.
auth: Removed passdb-sia, passdb-vpopmail and userdb-vpopmail.
auth: Removed postfix postmap socket
auth: Added new fields for auth server events. These fields are now also available for all auth events. See https://doc.dovecot.org/admin_manual/list_of_events/#authentication-server for details.
imap-hibernate: Added imap_client_hibernated, imap_client_unhibernated and imap_client_unhibernate_retried events. See https://doc.dovecot.org/admin_manual/list_of_events/ for details.
lib-index: Added new mail_index_recreated event. See https://doc.dovecot.org/admin_manual/list_of_events/#mail-index-recreated
lib-sql: Support TLS options for cassandra driver. This requires cpp-driver v2.15 (or later) to work reliably.
lib-storage: Missing $HasAttachment / $HasNoAttachment flags are now added to existing mails if mail_attachment_detection_option=add-flags and it can be done inexpensively.
login proxy: Added login_proxy_max_reconnects setting (default 3) to control how many reconnections are attempted.
login proxy: imap/pop3/submission/managesieve proxying now supports reconnection retrying on more than just connect() failure. Any error except a non-temporary authentication failure will result in reconnect attempts.
auth: Lua passdb/userdb leaks stack elements per call, eventually causing the stack to become too deep and crashing the auth or auth-worker process.
auth: SASL authentication PLAIN mechanism could be used to trigger read buffer overflow. However, this doesn't seem to be exploitable in any way.
auth: v2.3.11 regression: GSSAPI authentication fails because dovecot disallows NUL bytes for it.
dict: Process used too much CPU when iterating keys, because each key used a separate write() syscall.
doveadm-server: Crash could occur if logging was done outside command handling. For example http-client could have done debug logging afterwards, resulting in either segfault or Panic: file http-client.c: line 642 (http_client_context_close): assertion failed: (cctx->clients_list == NULL).
doveadm-server: v2.3.11 regression: Trying to connect to doveadm server process via starttls assert-crashed if there were no ssl=yes listeners: Panic: file master-service-ssl.c: line 22 (master_service_ssl_init): assertion failed: (service->ssl_ctx_initialized).
fts-solr: HTTP requests may have assert-crashed: Panic: file http-client-request.c: line 1232 (http_client_request_send_more): assertion failed: (req->payload_input != NULL)
imap: IMAP NOTIFY could crash with a segmentation fault due to a bad configuration that causes errors. Sending the error responses to the client can cause the segmentation fault. This can for example happen when several namespaces use the same mail storage location.
imap: IMAP NOTIFY used on a shared namespace that doesn't actually exist (e.g. public namespace for a nonexistent user) can crash with a panic: Panic: Leaked view for index /tmp/home/asdf/mdbox/dovecot.list.index: Opened in (null):0
imap: IMAP session can crash with QRESYNC extension if many changes are done before asking for expunged mails since last sync.
imap: Process might hang indefinitely if client disconnects after sending some long-running commands pipelined, for example FETCH+LOGOUT.
lib-compress: Mitigate crashes when configuring a not compiled in compression. Errors with compression configuration now distinguish between not supported and unknown.
lib-compression: Using xz/lzma compression in v2.3.11 could have written truncated output in some situations. This would result in 'Broken pipe' read errors when trying to read it back.
lib-compression: zstd compression could have crashed in some situations: Panic: file ostream.c: line 287 (o_stream_sendv_int): assertion failed: (!stream->blocking)
lib-dict: dict client could have crashed in some rare situations when iterating keys.
lib-http: Fix several assert-crashes in HTTP client.
lib-index: v2.3.11 regression: When mails were expunged at the same time as lots of new content was being saved to the cache (e.g. cache file was lost and is being re-filled) a deadlock could occur with dovecot.index.cache / dovecot.index.log.
lib-index: v2.3.11 regression: dovecot.index.cache file was being purged (rewritten) too often when it had a field that hadn't been accessed for over 1 month, but less than 2 months. Every cache file change caused a purging in this situation.
lib-mail: MIME parts were not returned correctly by Dovecot MIME parser. Regression caused by fixing CVE-2020-12100.
lib-mail: When max nested MIME parts were reached, IMAP BODYSTRUCTURE was written in a way that may have caused confusion for both IMAP clients and Dovecot itself when parsing it. The truncated part is now written out using application/octet-stream MIME type.
lib-mail: v2.3.11 regression: Mail delivery / parsing crashed when the 10000th MIME part was message/rfc822 (or if parent was multipart/digest): Panic: file message-parser.c: line 167 (message_part_append): assertion failed: (ctx->total_parts_count <= ctx->max_total_mime_parts).
lib-oauth2: Dovecot incorrectly required oauth2 server introspection reply to contain username with invalid token.
lib-ssl-iostream, lib-dcrypt: Fix building with OpenSSL that has deprecated APIs disabled.
lib-storage: When mail's size is different from the cached one (in dovecot.index.cache or Maildir S=size in the filename), this is handled by logging 'Cached message size smaller/larger than expected' error. However, in some situations this also ended up crashing with: Panic: file istream.c: line 315 (i_stream_read_memarea): assertion failed: (old_size <= _stream->pos - _stream->skip).
lib-storage: v2.3 regression: Copying/moving mails was taking much more memory than before. This was mainly visible when copying/moving thousands of mails in a single transaction.
lib-storage: v2.3.11 regression: Searching messages assert-crashed (without FTS): Panic: file message-parser.c: line 174 (message_part_finish): assertion failed: (ctx->nested_parts_count > 0).
lib: Dovecot v2.3 moved signal handlers around in ioloops, causing more CPU usage than in v2.2.
lib: Fixed JSON parsing: '\' escape sequence may have wrongly resulted in error if it happened to be at read boundary. Any NUL characters and '\u0000' will now result in parsing error instead of silently truncating the data.
lmtp, submission: Server may hang if SSL client connection disconnects during the delivery. If this happened repeated, it could have ended up reaching process_limit and preventing any further lmtp/submission deliveries.
lmtp: Proxy does not always properly log TLS connection problems as errors; in some cases, only a debug message is logged if enabled.
lmtp: The LMTP service can hang when commands are pipelined. This can particularly occur when one command in the middle of the pipeline fails. One example of this occurs for proxied LMTP transactions in which the final DATA or BDAT command is pipelined after a failing RCPT command.
login-proxy: The login_source_ips setting has no effect, and therefore the proxy source IPs are not cycled through as they should be.
master: Process was using 100% CPU in some situations when a broken service was being throttled.
pop3-login: POP3 login would fail with 'Input buffer full' if the initial response for SASL was too long.
stats: Crash would occur when generating openmetrics data for metrics using aggregating functions.

Update pigeonhole to version 0.5.15

CVE-2020-28200: Sieve interpreter is not protected against abusive scripts that claim excessive resource usage. Fixed by limiting the user CPU time per single script execution and cumulatively over several script runs within a configurable timeout period. Sufficiently large CPU time usage is summed in the Sieve script binary and execution is blocked when the sum exceeds the limit within that time. The block is lifted when the script is updated after the resource usage times out. (bsc#1187420) Attacker can DoS the mail delivery system (jsc#PM-2746) ECO: Dovecot 2.3.15 version upgrade
Disconnection log messages are now more standardized across services. They also always now start with 'Disconnected' prefix.
managesieve: Commands pipelined together with and just after the authenticate command cause these commands to be executed twice.
duplicate: The test was handled badly in a multiscript (sieve_before, sieve_after) scenario in which an earlier script in the sequence with a duplicate test succeeded, while a later script caused a runtime failure. In that case, the message is recorded for duplicate tracking, while the message may not actually have been delivered in the end.
editheader: Sieve interpreter entered infinite loop at startup when the 'editheader' configuration listed an invalid header name. This problem can only be triggered by the administrator.
relational: The Sieve relational extension can cause a segfault at compile time. This is triggered by invalid script syntax. The segfault happens when this match type is the last argument of the test command. This situation is not possible in a valid script; positional arguments are normally present after that, which would prevent the segfault.
sieve: For some Sieve commands the provided mailbox name is not properly checked for UTF-8 validity, which can cause assert crashes at runtime when an invalid mailbox name is encountered. This can be caused by the user by writing a bad Sieve script involving the affected commands ('mailboxexists', 'specialuse_exists'). This can be triggered by the remote sender only when the user has written a Sieve script that passes message content to one of the affected commands.
sieve: Large sequences of 8-bit octets passed to certain Sieve commands that create or modify message headers that allow UTF-8 text (vacation, notify and addheader) can cause the delivery or IMAP process (when IMAPSieve is used) to enter a memory-consuming semi-infinite loop that ends when the process exceeds its memory limits. Logged in users can cause these hangs only for their own processes.

Advisory ID	SUSE-RU-2021:2895-1
Released	Tue Aug 31 19:40:32 2021
Summary	Recommended update for unixODBC
Type	recommended
Severity	moderate
References

Description:

This update for unixODBC fixes the following issues:

ECO: Update unixODBC to 2.3.9 in SLE 15. (jsc#SLE-18004)
Fix incorrect permission for documentation files.
Update requires and baselibs for new libodbc2.
Employ shared library packaging guideline: new subpacakge libodbc2.
Update to 2.3.9: * Remove '#define UNIXODBC_SOURCE' from unixodbc_conf.h

Update to 2.3.8: * Add configure support for editline * SQLDriversW was ignoring user config * SQLDataSources Fix termination character * Fix for pooling seg fault * Make calling SQLSetStmtAttrW call the W function in the driver is its there * Try and fix race condition clearing system odbc.ini file * Remove trailing space from isql/iusql SQL * When setting connection attributes set before connect also check if the W entry poins can be used * Try calling the W error functions first if available in the driver * Add iconvperdriver configure option to allow calling unicode_setup in SQLAllocHandle * iconv handles was being lost when reusing pooled connection * Catch null copy in iniPropertyInsert * Fix a few leaks

Update to 2.3.7: * Fix for pkg-config file update on no linux platforms * Add W entry for GUI work * Various fixes for SQLBrowseConnect/W, SQLGetConnectAttr/W,and SQLSetConnectAttr/W * Fix buffer overflows in SQLConnect/W and refine behaviour of SQLGet/WritePrivateProfileString * SQLBrowseConnect/W allow disconnecting a started browse session after error * Add --with-stats-ftok-name configure option to allow the selection of a file name used to generate the IPC id when collecting stats. Default is the system odbc.ini file * Improve diag record handling with the behavior of Windows DM and export SQLCancelHandle * bug fix when SQLGetPrivateProfileString() is called to get a list of sections or a list of keys * Connection pooling: Fix liveness check for Unicode drivers

Advisory ID	SUSE-RU-2021:2897-1
Released	Tue Aug 31 23:04:07 2021
Summary	Recommended update for postfix
Type	recommended
Severity	moderate
References	1189684

Description:

This update for postfix fixes the following issues:

Include 'submissions' service in master configuration (bsc#1189684)

Advisory ID	SUSE-RU-2021:2899-1
Released	Wed Sep 1 08:30:58 2021
Summary	Recommended update for systemd-rpm-macros
Type	recommended
Severity	moderate
References	1186282,1187332

Description:

This update for systemd-rpm-macros fixes the following issues:

Fixed an issue whe zypper ignores the ordering constraints. (bsc#1187332)
Introduce '%sysusers_create_package': '%sysusers_create' and '%sysusers_create_inline' are now deprecated and the new macro should be used instead.
%sysusers_create_inline: use here-docs instead of echo (bsc#1186282)

Advisory ID	SUSE-RU-2021:2901-1
Released	Wed Sep 1 10:34:50 2021
Summary	Recommended update for insserv-compat
Type	recommended
Severity	moderate
References	1187941

Description:

This update for insserv-compat fixes the following issues:

Require sysvinit-tools. (bsc#1187941)

Advisory ID	SUSE-RU-2021:2905-1
Released	Wed Sep 1 14:18:41 2021
Summary	Recommended update for corosync
Type	recommended
Severity	important
References	1189680

Description:

This update for corosync fixes the following issue:

Add 'cancel_hold_on_retransmit' config option on corosync totem (bsc#1189680) - This option allows Corosync to hold the token by representative when there are too many retransmit messages. This allows the network to process increased load without overloading it. The used mechanism is same as described for the hold directive. Some deployments may prefer to never hold token when there is retransmit messages. If so, the option should be set to yes. The default value is no.

Advisory ID	SUSE-SU-2021:2919-1
Released	Thu Sep 2 10:04:41 2021
Summary	Security update for ffmpeg
Type	security
Severity	important
References	1129714,1186849,1186859,1186861,1186863,1189142,1189348,1189350,CVE-2019-9721,CVE-2020-21688,CVE-2020-21697,CVE-2020-22046,CVE-2020-22048,CVE-2020-22049,CVE-2020-22054,CVE-2021-38114

Description:

This update for ffmpeg fixes the following issues:

CVE-2019-9721: Fix denial of service in the subtitle decoder in handle_open_brace from libavcodec/htmlsubtitles.c (bsc#1129714).
CVE-2020-22046: Fix a denial of service vulnerability exists in FFmpeg 4.2 due to a memory leak in the avpriv_float_dsp_allocl function in libavutil/float_dsp.c (bsc#1186849).
CVE-2020-22048: Fix a denial of service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_frame_pool_get function in framepool.c (bsc#1186859).
CVE-2020-22049: Fix a denial of service vulnerability exists in FFmpeg 4.2 due to a memory leak in the wtvfile_open_sector function in wtvdec.c (bsc#1186861).
CVE-2020-22054: Fix a denial of service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_dict_set function in dict.c (bsc#1186863).
CVE-2020-21688: Fixed a heap-use-after-free in the av_freep function in libavutil/mem.c (bsc#1189348).
CVE-2020-21697: Fixed a heap-use-after-free in the mpeg_mux_write_packet function in libavformat/mpegenc.c (bsc#1189350).
CVE-2021-38114: Fixed a not checked return value of the init_vlc function (bsc#1189142).

Advisory ID	SUSE-RU-2021:2934-1
Released	Thu Sep 2 18:29:50 2021
Summary	Recommended update for SAPHanaSR-ScaleOut
Type	recommended
Severity	important
References	1144312,1144442,1173581,1182115,1182545

Description:

This update for SAPHanaSR-ScaleOut fixes the following issues:

change version to 0.180.1
Extent the SAP HANA ressource agents from single replication automation to multi replication automation (jsc#SLE-17452, jsc#SLE-20081)
The resource start and stop timeout is now configurable by increasing the timeout for the action 'start' and/or 'stop' in the cluster. (bsc#1182545)
Improve handling of return codes in 'saphana_stopSystem' and 'saphana_stop' function. (bsc#1182115)
Integrate man pages back to the base package SAPHanaSR-ScaleOut.
Fixed an issue when HANA failover returns and empty site name. (bsc#1173581)
Add SAPHanaSR-call-monitor
Fixed an issue when HANA is configured to have only one master name server, but no additional master name server candidates, there may be the situation, where the master name server died and so the landscape has no active name server anymore.
Manual page updates: SAPHanaSR-ScaleOut.7 (bsc#1144442) SAPHanaSR-showAttr.8 (bsc#1144312) and others

Advisory ID	SUSE-RU-2021:2935-1
Released	Thu Sep 2 18:30:33 2021
Summary	Recommended update for yast2-saptune
Type	recommended
Severity	moderate
References	1188321

Description:

This update for yast2-saptune fixes the following issues:

Exchange the tuned daemon handling with the new saptune service. (bsc#1188321)
Add information, if the service is enabled or disabled.

Advisory ID	SUSE-SU-2021:2937-1
Released	Fri Sep 3 09:18:45 2021
Summary	Security update for libesmtp
Type	security
Severity	important
References	1160462,1189097,CVE-2019-19977

Description:

This update for libesmtp fixes the following issues:

CVE-2019-19977: Fixed stack-based buffer over-read in ntlm/ntlmstruct.c (bsc#1160462).

Advisory ID	SUSE-RU-2021:2947-1
Released	Fri Sep 3 09:49:40 2021
Summary	Recommended update for lifecycle-data-sle-module-live-patching
Type	recommended
Severity	moderate
References	1020320

Description:

This update for lifecycle-data-sle-module-live-patching fixes the following issues:

Added data for 4_12_14-197_92, 5_3_18-24_53_4, 5_3_18-24_67, 5_3_18-57, 5_3_18-59_10, 5_3_18-59_5. (bsc#1020320)

Advisory ID	SUSE-RU-2021:2951-1
Released	Fri Sep 3 14:18:50 2021
Summary	Recommended update for scap-security-guide
Type	recommended
Severity	moderate
References

Description:

This update for scap-security-guide fixes the following issues:
Updated to 0.1.57 release (jsc#ECO-3319)

Small bugfixes for SUSE Linux Enterprise STIG profiles.
CIS profile for RHEL 7 is updated.
Initial CIS profiles for Ubuntu 20.04.
Major improvement of RHEL 9 content.

Advisory ID	SUSE-SU-2021:2952-1
Released	Fri Sep 3 14:38:44 2021
Summary	Security update for java-11-openjdk
Type	security
Severity	important
References	1185476,1188564,1188565,1188566,CVE-2021-2341,CVE-2021-2369,CVE-2021-2388

Description:

This update for java-11-openjdk fixes the following issues:

Update to jdk-11.0.12+7
CVE-2021-2369: Fixed JAR file handling problem containing multiple MANIFEST.MF files. (bsc#1188565)
CVE-2021-2388: Fixed a flaw inside the Hotspot component performed range check elimination. (bsc#1188566)
CVE-2021-2341: Fixed a flaw inside the FtpClient. (bsc#1188564)

Advisory ID	SUSE-RU-2021:2960-1
Released	Mon Sep 6 13:35:58 2021
Summary	Recommended update for habootstrap-formula
Type	recommended
Severity	moderate
References	1181731

Description:

This update for habootstrap-formula fixes the following issue:

Fix SUSE Manager integration. (bsc#1181731)

Advisory ID	SUSE-RU-2021:2962-1
Released	Mon Sep 6 18:23:01 2021
Summary	Recommended update for runc
Type	recommended
Severity	critical
References	1189743

Description:

This update for runc fixes the following issues:

Fixed an issue when toolbox container fails to start. (bsc#1189743)

Advisory ID	SUSE-SU-2021:2971-1
Released	Tue Sep 7 10:45:21 2021
Summary	Security update for ntfs-3g_ntfsprogs
Type	security
Severity	important
References	1189720,CVE-2019-9755,CVE-2021-33285,CVE-2021-33286,CVE-2021-33287,CVE-2021-33289,CVE-2021-35266,CVE-2021-35267,CVE-2021-35268,CVE-2021-35269,CVE-2021-39251,CVE-2021-39252,CVE-2021-39253,CVE-2021-39255,CVE-2021-39256,CVE-2021-39257,CVE-2021-39258,CVE-2021-39259,CVE-2021-39260,CVE-2021-39261,CVE-2021-39262,CVE-2021-39263

Description:

This update for ntfs-3g_ntfsprogs fixes the following issues:
Update to version 2021.8.22 (bsc#1189720):

Fixed compile error when building with libfuse < 2.8.0
Fixed obsolete macros in configure.ac
Signalled support of UTIME_OMIT to external libfuse2
Fixed an improper macro usage in ntfscp.c
Updated the repository change in the README
Fixed vulnerability threats caused by maliciously tampered NTFS partitions
Security fixes: CVE-2021-33285, CVE-2021-33286, CVE-2021-33287, CVE-2021-33289, CVE-2021-35266, CVE-2021-35267, CVE-2021-35268, CVE-2021-35269, CVE-2021-39251, CVE-2021-39252, CVE-2021-39253, CVE_2021-39254, CVE-2021-39255, CVE-2021-39256, CVE-2021-39257, CVE-2021-39258, CVE-2021-39259, CVE-2021-39260, CVE-2021-39261, CVE-2021-39262, CVE-2021-39263.

Library soversion is now 89

Changes in version 2017.3.23
Delegated processing of special reparse points to external plugins
Allowed kernel cacheing by lowntfs-3g when not using Posix ACLs
Enabled fallback to read-only mount when the volume is hibernated
Made a full check for whether an extended attribute is allowed
Moved secaudit and usermap to ntfsprogs (now ntfssecaudit and ntfsusermap)
Enabled encoding broken UTF-16 into broken UTF-8
Autoconfigured selecting vs
Allowed using the full library API on systems without extended attributes support
Fixed DISABLE_PLUGINS as the condition for not using plugins
Corrected validation of multi sector transfer protected records
Denied creating/removing files from $Extend
Returned the size of locale encoded target as the size of symlinks

Advisory ID	SUSE-RU-2021:2973-1
Released	Tue Sep 7 16:56:08 2021
Summary	Recommended update for hwdata
Type	recommended
Severity	moderate
References	1190091

Description:

This update for hwdata fixes the following issue:

Update pci, usb and vendor ids (bsc#1190091)

Advisory ID	SUSE-RU-2021:2974-1
Released	Tue Sep 7 17:17:23 2021
Summary	Recommended update for librdkafka
Type	recommended
Severity	important
References	1189792

Description:

This update for librdkafka fixes the following issue:

Fixed thread creation on SUSE Linux Enterprise Server 15 SP3. (bsc#1189792)

Advisory ID	SUSE-RU-2021:2977-1
Released	Wed Sep 8 11:54:32 2021
Summary	Recommended update for usbutils
Type	recommended
Severity	moderate
References

Description:

This update for usbutils fixes the following issue:

Update to version 0.14 (jira#SLE-19451)

Advisory ID	SUSE-RU-2021:2987-1
Released	Thu Sep 9 00:00:13 2021
Summary	Recommended update for pesign
Type	recommended
Severity	low
References	1184124

Description:

This update for pesign fixes the following issues:

Link as Position Independent Executable (bsc#1184124).

Advisory ID	SUSE-RU-2021:2993-1
Released	Thu Sep 9 14:31:33 2021
Summary	Recommended update for gcc
Type	recommended
Severity	moderate
References	1185348

Description:

This update for gcc fixes the following issues:

With gcc-PIE add -pie even when -fPIC is specified but we are not linking a shared library. [bsc#1185348]
Fix postun of gcc-go alternative.

Advisory ID	SUSE-SU-2021:2994-1
Released	Thu Sep 9 14:33:21 2021
Summary	Security update for openssl-1_0_0
Type	security
Severity	low
References	1189521,CVE-2021-3712

Description:

This update for openssl-1_0_0 fixes the following issues:

CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521).

Advisory ID	SUSE-RU-2021:2997-1
Released	Thu Sep 9 14:37:34 2021
Summary	Recommended update for python3
Type	recommended
Severity	moderate
References	1187338,1189659

Description:

This update for python3 fixes the following issues:

Fixed an issue when the missing 'stropts.h' causing build errors for different python modules. (bsc#1187338)

Advisory ID	SUSE-RU-2021:3000-1
Released	Thu Sep 9 15:08:04 2021
Summary	Recommended update for vncmanager-controller
Type	recommended
Severity	moderate
References	1188118

Description:

This update for vncmanager-controller fixes the following issues:

Fix extension loading error that disables 'Vnc session configuration' option (bsc#1188118)

Advisory ID	SUSE-RU-2021:3001-1
Released	Thu Sep 9 15:08:13 2021
Summary	Recommended update for netcfg
Type	recommended
Severity	moderate
References	1189683

Description:

This update for netcfg fixes the following issues:

add submissions port/protocol to services file for message submission over TLS protocol [bsc#1189683]

Advisory ID	SUSE-SU-2021:3004-1
Released	Thu Sep 9 15:20:43 2021
Summary	Security update for libtpms
Type	security
Severity	important
References	1189935,CVE-2021-3746

Description:

This update for libtpms fixes the following issues:

CVE-2021-3746: Fixed out-of-bounds access via specially crafted TPM 2 command packets (bsc#1189935).

Advisory ID	SUSE-SU-2021:3017-1
Released	Mon Sep 13 09:13:11 2021
Summary	Security update for wireshark
Type	security
Severity	moderate
References	1188375,CVE-2021-22235

Description:

This update for wireshark fixes the following issues:

Update to Wireshark 3.4.7

CVE-2021-22235: Fixed DNP dissector crash (bsc#1188375).

Advisory ID	SUSE-SU-2021:3018-1
Released	Mon Sep 13 09:13:56 2021
Summary	Security update for php7-pear
Type	security
Severity	important
References	1189591,CVE-2020-36193

Description:

This update for php7-pear fixes the following issues:

CVE-2020-36193: Fixed Archive_Tar directory traversal due to inadequate checking of symbolic links (bsc#1189591).

Advisory ID	SUSE-SU-2021:3020-1
Released	Mon Sep 13 09:17:14 2021
Summary	Security update for apache2-mod_auth_openidc
Type	security
Severity	moderate
References	1188638,1188639,1188848,1188849,CVE-2021-32785,CVE-2021-32786,CVE-2021-32791,CVE-2021-32792

Description:

This update for apache2-mod_auth_openidc fixes the following issues:

CVE-2021-32785: format string bug via hiredis (bsc#1188638)
CVE-2021-32786: open redirect in logout functionality (bsc#1188639)
CVE-2021-32791: Hardcoded static IV and AAD with a reused key in AES GCM encryption (bsc#1188849)
CVE-2021-32792: XSS when using OIDCPreservePost On (bsc#1188848)

Advisory ID	SUSE-RU-2021:3022-1
Released	Mon Sep 13 10:48:16 2021
Summary	Recommended update for c-ares
Type	recommended
Severity	important
References	1190225

Description:

This update for c-ares fixes the following issue:

Allow '_' as part of DNS response. (bsc#1190225) - 'c-ares' 1.17.2 introduced response validation to prevent a security issue, however it was not listing '_' as a valid character for domain name responses which caused issues when a 'CNAME' referenced a 'SRV' record which contained underscores.

Advisory ID	SUSE-feature-2021:3027-1
Released	Mon Sep 13 14:53:51 2021
Summary	Feature providing NVIDIA GPU utilities
Type	feature
Severity	moderate
References

Description:

This feature provides NVIDIA GPU utilities (jsc#SLE-18750, jsc#SLE-19341):
Provide:

'bmake' version 20181221
'libnvidia-container' version 1.4.0
'nvidia-container-runtime' version 3.5.0
'nvidia-container-toolkit' version 1.5.1

Advisory ID	SUSE-RU-2021:3028-1
Released	Mon Sep 13 14:55:33 2021
Summary	Recommended update for wxWidgets-3_0
Type	recommended
Severity	moderate
References	1162418,1180492

Description:

This update for wxWidgets-3_0 fixes the following issues:
Update from version 3.0.3 to 3.0.5.1 (bsc#1180492, jsc#ECO-3376)

Workaround for the problem with overflowing the maximum command line length in MinGW builds not using configure.
Fix for a problem with 'wxSpinCtrl' in 'wxGTK'
Update the 'SOVERSION'
Relax the ABI changes avoiding to check for the exact match of '__GXX_ABI_VERSION'.
Build 'wxWidgets-3_0-nostl' variant with LTO disabled. (bsc#1162418)
Don't crash on trailing '%' in 'wxDateTime::Format()'.
Fix various problems when parsing invalid ZIP files.
Fix generic 'wxTimePickerCtrl' to accept max values from keyboard.
Multiple surrogate-related fixes in UTF-16 support.
Fix reading wide character data in 'wxFile::ReadAll()'.
Make parsing 'WAV' data more robust.
Fix copy 'ctor' in numeric validators classes.
Fix a memory error when 'wxDataViewCtrl' is deleted.
Avoid some GTK+ run-time errors when using 'wx{File,Dir}PickerCtrl'.
Prevent breaking binaries, if C++11 is enabled.

Advisory ID	SUSE-RU-2021:3029-1
Released	Tue Sep 14 07:32:31 2021
Summary	Recommended update for sapconf
Type	recommended
Severity	moderate
References	1189496

Description:

This update for sapconf fixes the following issues:

Adapt the activity detection of saptune to the upcoming saptune version 3. (bsc#1189496)

Advisory ID	SUSE-RU-2021:3036-1
Released	Tue Sep 14 15:21:53 2021
Summary	Recommended update for ocl-icd
Type	recommended
Severity	moderate
References	1172303

Description:

This update for ocl-icd fixes the following issue:

provide a libOpenCL1-32bit for use by Wine.

Advisory ID	SUSE-RU-2021:3040-1
Released	Tue Sep 14 17:35:59 2021
Summary	Recommended update for lifecycle-data-sle-module-live-patching
Type	recommended
Severity	moderate
References	1020320

Description:

This update for lifecycle-data-sle-module-live-patching fixes the following issue:
Lifecycle data updates. (bsc#1020320)

Updates for 4_12_14-150_75, 4_12_14-197_99, 5_3_18-24_70, 5_3_18-24_75, 5_3_18-24_78, 5_3_18-59_13, 5_3_18-59_16,

5_3_18-59_19.

Advisory ID	SUSE-SU-2021:3044-1
Released	Wed Sep 15 10:17:23 2021
Summary	Security update for ghostscript
Type	security
Severity	critical
References	1184123,1190381,CVE-2021-3781

Description:

This update for ghostscript fixes the following issues:
Security issue fixed:

CVE-2021-3781: Fixed a trivial -dSAFER bypass command injection (bsc#1190381)

Also a hardening fix was added:

Link as position independent executable (bsc#1184123)

Advisory ID	SUSE-RU-2021:3045-1
Released	Wed Sep 15 10:32:15 2021
Summary	Recommended update for golang-github-vpenso-prometheus_slurm_exporter
Type	recommended
Severity	important
References	1188619

Description:

This update for golang-github-vpenso-prometheus_slurm_exporter fixes the following issues:

Update to version 0.19 - GPUs accounting has to be activated explicitly via cmd line option. - Export detailed usage info for every node (CPU, Memory).
With the present version of Slurm (20.11), GPU accounting in the prometheus-slurm-exporter will cause the exporter to terminate, thus it must not be enabled for the time being. (bsc#1188619)
Do not ship sources.

Advisory ID	SUSE-RU-2021:3052-1
Released	Thu Sep 16 10:05:24 2021
Summary	Recommended update for lshw
Type	recommended
Severity	moderate
References

Description:

This update for lshw fixes the following issues:

Update to version B.02.19.2+git.20210619 (jsc#SLE-19399)

Advisory ID	SUSE-RU-2021:3115-1
Released	Thu Sep 16 14:04:26 2021
Summary	Recommended update for mozilla-nspr, mozilla-nss
Type	recommended
Severity	moderate
References	1029961,1174697,1176206,1176934,1179382,1188891,CVE-2020-12400,CVE-2020-12401,CVE-2020-12403,CVE-2020-25648,CVE-2020-6829

Description:

This update for mozilla-nspr fixes the following issues:
mozilla-nspr was updated to version 4.32:

implement new socket option PR_SockOpt_DontFrag
support larger DNS records by increasing the default buffer size for DNS queries
Lock access to PRCallOnceType members in PR_CallOnce* for thread safety bmo#1686138
PR_GetSystemInfo supports a new flag PR_SI_RELEASE_BUILD to get information about the operating system build version.

Mozilla NSS was updated to version 3.68:

bmo#1713562 - Fix test leak.
bmo#1717452 - NSS 3.68 should depend on NSPR 4.32.
bmo#1693206 - Implement PKCS8 export of ECDSA keys.
bmo#1712883 - DTLS 1.3 draft-43.
bmo#1655493 - Support SHA2 HW acceleration using Intel SHA Extension.
bmo#1713562 - Validate ECH public names.
bmo#1717610 - Add function to get seconds from epoch from pkix::Time.

update to NSS 3.67

bmo#1683710 - Add a means to disable ALPN.
bmo#1715720 - Fix nssckbi version number in NSS 3.67 (was supposed to be incremented in 3.66).
bmo#1714719 - Set NSS_USE_64 on riscv64 target when using GYP/Ninja.
bmo#1566124 - Fix counter increase in ppc-gcm-wrap.c.
bmo#1566124 - Fix AES_GCM mode on ppc64le for messages of length more than 255-byte.

update to NSS 3.66

bmo#1710716 - Remove Expired Sonera Class2 CA from NSS.
bmo#1710716 - Remove Expired Root Certificates from NSS - QuoVadis Root Certification Authority.
bmo#1708307 - Remove Trustis FPS Root CA from NSS.
bmo#1707097 - Add Certum Trusted Root CA to NSS.
bmo#1707097 - Add Certum EC-384 CA to NSS.
bmo#1703942 - Add ANF Secure Server Root CA to NSS.
bmo#1697071 - Add GLOBALTRUST 2020 root cert to NSS.
bmo#1712184 - NSS tools manpages need to be updated to reflect that sqlite is the default database.
bmo#1712230 - Don't build ppc-gcm.s with clang integrated assembler.
bmo#1712211 - Strict prototype error when trying to compile nss code that includes blapi.h.
bmo#1710773 - NSS needs FIPS 180-3 FIPS indicators.
bmo#1709291 - Add VerifyCodeSigningCertificateChain.

update to NSS 3.65

bmo#1709654 - Update for NetBSD configuration.
bmo#1709750 - Disable HPKE test when fuzzing.
bmo#1566124 - Optimize AES-GCM for ppc64le.
bmo#1699021 - Add AES-256-GCM to HPKE.
bmo#1698419 - ECH -10 updates.
bmo#1692930 - Update HPKE to final version.
bmo#1707130 - NSS should use modern algorithms in PKCS#12 files by default.
bmo#1703936 - New coverity/cpp scanner errors.
bmo#1697303 - NSS needs to update it's csp clearing to FIPS 180-3 standards.
bmo#1702663 - Need to support RSA PSS with Hashing PKCS #11 Mechanisms.
bmo#1705119 - Deadlock when using GCM and non-thread safe tokens.

update to NSS 3.64

bmo#1705286 - Properly detect mips64.
bmo#1687164 - Introduce NSS_DISABLE_CRYPTO_VSX and

disable_crypto_vsx.

bmo#1698320 - replace __builtin_cpu_supports('vsx') with

ppc_crypto_support() for clang.

bmo#1613235 - Add POWER ChaCha20 stream cipher vector

acceleration.
Fixed in 3.63

bmo#1697380 - Make a clang-format run on top of helpful contributions.
bmo#1683520 - ECCKiila P384, change syntax of nested structs

initialization to prevent build isses with GCC 4.8.

bmo#1683520 - [lib/freebl/ecl] P-384: allow zero scalars in dual

scalar multiplication.

bmo#1683520 - ECCKiila P521, change syntax of nested structs

initialization to prevent build isses with GCC 4.8.

bmo#1683520 - [lib/freebl/ecl] P-521: allow zero scalars in dual

scalar multiplication.

bmo#1696800 - HACL* update March 2021 - c95ab70fcb2bc21025d8845281bc4bc8987ca683.

bmo#1694214 - tstclnt can't enable middlebox compat mode.

bmo#1694392 - NSS does not work with PKCS #11 modules not supporting

profiles.

bmo#1685880 - Minor fix to prevent unused variable on early return.

bmo#1685880 - Fix for the gcc compiler version 7 to support setenv

with nss build.

bmo#1693217 - Increase nssckbi.h version number for March 2021 batch

of root CA changes, CA list version 2.48.

bmo#1692094 - Set email distrust after to 21-03-01 for Camerfirma's

'Chambers of Commerce' and 'Global Chambersign' roots.

bmo#1618407 - Symantec root certs - Set CKA_NSS_EMAIL_DISTRUST_AFTER.

bmo#1693173 - Add GlobalSign R45, E45, R46, and E46 root certs to NSS.

bmo#1683738 - Add AC RAIZ FNMT-RCM SERVIDORES SEGUROS root cert to NSS.

bmo#1686854 - Remove GeoTrust PCA-G2 and VeriSign Universal root certs

from NSS.

bmo#1687822 - Turn off Websites trust bit for the “Staat der

Nederlanden Root CA - G3” root cert in NSS.

bmo#1692094 - Turn off Websites Trust Bit for 'Chambers of Commerce

Root - 2008' and 'Global Chambersign Root - 2008’.

bmo#1694291 - Tracing fixes for ECH.

update to NSS 3.62

bmo#1688374 - Fix parallel build NSS-3.61 with make
bmo#1682044 - pkix_Build_GatherCerts() + pkix_CacheCert_Add()

can corrupt 'cachedCertTable'

bmo#1690583 - Fix CH padding extension size calculation

bmo#1690421 - Adjust 3.62 ABI report formatting for new libabigail

bmo#1690421 - Install packaged libabigail in docker-builds image

bmo#1689228 - Minor ECH -09 fixes for interop testing, fuzzing

bmo#1674819 - Fixup a51fae403328, enum type may be signed

bmo#1681585 - Add ECH support to selfserv

bmo#1681585 - Update ECH to Draft-09

bmo#1678398 - Add Export/Import functions for HPKE context

bmo#1678398 - Update HPKE to draft-07

update to NSS 3.61

bmo#1682071 - Fix issue with IKE Quick mode deriving incorrect key

values under certain conditions.

bmo#1684300 - Fix default PBE iteration count when NSS is compiled

with NSS_DISABLE_DBM.

bmo#1651411 - Improve constant-timeness in RSA operations.

bmo#1677207 - Upgrade Google Test version to latest release.

bmo#1654332 - Add aarch64-make target to nss-try.

Update to NSS 3.60.1:
Notable changes in NSS 3.60:

TLS 1.3 Encrypted Client Hello (draft-ietf-tls-esni-08) support has been added, replacing the previous ESNI (draft-ietf-tls-esni-01) implementation. See bmo#1654332 for more information.
December 2020 batch of Root CA changes, builtins library updated to version 2.46. See bmo#1678189, bmo#1678166, and bmo#1670769 for more information.

Update to NSS 3.59.1:

bmo#1679290 - Fix potential deadlock with certain third-party

PKCS11 modules
Update to NSS 3.59:
Notable changes:

Exported two existing functions from libnss: CERT_AddCertToListHeadWithData and CERT_AddCertToListTailWithData

Bugfixes

bmo#1607449 - Lock cert->nssCertificate to prevent a potential data race
bmo#1672823 - Add Wycheproof test cases for HMAC, HKDF, and DSA
bmo#1663661 - Guard against NULL token in nssSlot_IsTokenPresent
bmo#1670835 - Support enabling and disabling signatures via Crypto Policy
bmo#1672291 - Resolve libpkix OCSP failures on SHA1 self-signed

root certs when SHA1 signatures are disabled.

bmo#1644209 - Fix broken SelectedCipherSuiteReplacer filter to

solve some test intermittents

bmo#1672703 - Tolerate the first CCS in TLS 1.3 to fix a regression in

our CVE-2020-25648 fix that broke purple-discord (boo#1179382)

bmo#1666891 - Support key wrap/unwrap with RSA-OAEP

bmo#1667989 - Fix gyp linking on Solaris

bmo#1668123 - Export CERT_AddCertToListHeadWithData and

CERT_AddCertToListTailWithData from libnss

bmo#1634584 - Set CKA_NSS_SERVER_DISTRUST_AFTER for Trustis FPS Root CA

bmo#1663091 - Remove unnecessary assertions in the streaming

ASN.1 decoder that affected decoding certain PKCS8 private keys when using NSS debug builds

bmo#670839 - Use ARM crypto extension for AES, SHA1 and SHA2 on MacOS.

update to NSS 3.58
Bugs fixed:

bmo#1641480 (CVE-2020-25648) Tighten CCS handling for middlebox compatibility mode.
bmo#1631890 - Add support for Hybrid Public Key Encryption (draft-irtf-cfrg-hpke) support for TLS Encrypted Client Hello (draft-ietf-tls-esni).
bmo#1657255 - Add CI tests that disable SHA1/SHA2 ARM crypto extensions.
bmo#1668328 - Handle spaces in the Python path name when using gyp on Windows.
bmo#1667153 - Add PK11_ImportDataKey for data object import.
bmo#1665715 - Pass the embedded SCT list extension (if present) to TrustDomain::CheckRevocation instead of the notBefore value.

update to NSS 3.57

The following CA certificates were Added: bmo#1663049 - CN=Trustwave Global Certification Authority SHA-256 Fingerprint: 97552015F5DDFC3C8788C006944555408894450084F100867086BC1A2BB58DC8 bmo#1663049 - CN=Trustwave Global ECC P256 Certification Authority SHA-256 Fingerprint: 945BBC825EA554F489D1FD51A73DDF2EA624AC7019A05205225C22A78CCFA8B4 bmo#1663049 - CN=Trustwave Global ECC P384 Certification Authority SHA-256 Fingerprint: 55903859C8C0C3EBB8759ECE4E2557225FF5758BBD38EBD48276601E1BD58097
The following CA certificates were Removed: bmo#1651211 - CN=EE Certification Centre Root CA SHA-256 Fingerprint: 3E84BA4342908516E77573C0992F0979CA084E4685681FF195CCBA8A229B8A76 bmo#1656077 - O=Government Root Certification Authority; C=TW SHA-256 Fingerprint: 7600295EEFE85B9E1FD624DB76062AAAAE59818A54D2774CD4C0B2C01131E1B3
Trust settings for the following CA certificates were Modified: bmo#1653092 - CN=OISTE WISeKey Global Root GA CA Websites (server authentication) trust bit removed.
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.57_release_notes

update to NSS 3.56
Notable changes

bmo#1650702 - Support SHA-1 HW acceleration on ARMv8
bmo#1656981 - Use MPI comba and mulq optimizations on x86-64 MacOS.
bmo#1654142 - Add CPU feature detection for Intel SHA extension.
bmo#1648822 - Add stricter validation of DH keys in FIPS mode.
bmo#1656986 - Properly detect arm64 during GYP build architecture

detection.

bmo#1652729 - Add build flag to disable RC2 and relocate to

lib/freebl/deprecated.

bmo#1656429 - Correct RTT estimate used in 0-RTT anti-replay.

bmo#1588941 - Send empty certificate message when scheme selection

fails.

bmo#1652032 - Fix failure to build in Windows arm64 makefile

cross-compilation.

bmo#1625791 - Fix deadlock issue in nssSlot_IsTokenPresent.

bmo#1653975 - Fix 3.53 regression by setting 'all' as the default

makefile target.

bmo#1659792 - Fix broken libpkix tests with unexpired PayPal cert.

bmo#1659814 - Fix interop.sh failures with newer tls-interop

commit and dependencies.

bmo#1656519 - NSPR dependency updated to 4.28

update to NSS 3.55
Notable changes

P384 and P521 elliptic curve implementations are replaced with verifiable implementations from Fiat-Crypto [0] and ECCKiila [1].
PK11_FindCertInSlot is added. With this function, a given slot can be queried with a DER-Encoded certificate, providing performance and usability improvements over other mechanisms. (bmo#1649633)
DTLS 1.3 implementation is updated to draft-38. (bmo#1647752)

Relevant Bugfixes

bmo#1631583 (CVE-2020-6829, CVE-2020-12400) - Replace P384 and P521 with new, verifiable implementations from Fiat-Crypto and ECCKiila.
bmo#1649487 - Move overzealous assertion in VFY_EndWithSignature.
bmo#1631573 (CVE-2020-12401) - Remove unnecessary scalar padding.
bmo#1636771 (CVE-2020-12403) - Explicitly disable multi-part ChaCha20 (which was not functioning correctly) and more strictly enforce tag length.
bmo#1649648 - Don't memcpy zero bytes (sanitizer fix).
bmo#1649316 - Don't memcpy zero bytes (sanitizer fix).
bmo#1649322 - Don't memcpy zero bytes (sanitizer fix).
bmo#1653202 - Fix initialization bug in blapitest when compiled with NSS_DISABLE_DEPRECATED_SEED.
bmo#1646594 - Fix AVX2 detection in makefile builds.
bmo#1649633 - Add PK11_FindCertInSlot to search a given slot for a DER-encoded certificate.
bmo#1651520 - Fix slotLock race in NSC_GetTokenInfo.
bmo#1647752 - Update DTLS 1.3 implementation to draft-38.
bmo#1649190 - Run cipher, sdr, and ocsp tests under standard test cycle in CI.
bmo#1649226 - Add Wycheproof ECDSA tests.
bmo#1637222 - Consistently enforce IV requirements for DES and 3DES.
bmo#1067214 - Enforce minimum PKCS#1 v1.5 padding length in RSA_CheckSignRecover.
bmo#1646324 - Advertise PKCS#1 schemes for certificates in the signature_algorithms extension.

update to NSS 3.54
Notable changes

Support for TLS 1.3 external pre-shared keys (bmo#1603042).
Use ARM Cryptography Extension for SHA256, when available (bmo#1528113)
The following CA certificates were Added: bmo#1645186 - certSIGN Root CA G2. bmo#1645174 - e-Szigno Root CA 2017. bmo#1641716 - Microsoft ECC Root Certificate Authority 2017. bmo#1641716 - Microsoft RSA Root Certificate Authority 2017.
The following CA certificates were Removed: bmo#1645199 - AddTrust Class 1 CA Root. bmo#1645199 - AddTrust External CA Root. bmo#1641718 - LuxTrust Global Root 2. bmo#1639987 - Staat der Nederlanden Root CA - G2. bmo#1618402 - Symantec Class 2 Public Primary Certification Authority - G4. bmo#1618402 - Symantec Class 1 Public Primary Certification Authority - G4. bmo#1618402 - VeriSign Class 3 Public Primary Certification Authority - G3.

A number of certificates had their Email trust bit disabled. See bmo#1618402 for a complete list.

Bugs fixed

bmo#1528113 - Use ARM Cryptography Extension for SHA256.
bmo#1603042 - Add TLS 1.3 external PSK support.
bmo#1642802 - Add uint128 support for HACL* curve25519 on Windows.
bmo#1645186 - Add 'certSIGN Root CA G2' root certificate.
bmo#1645174 - Add Microsec's 'e-Szigno Root CA 2017' root certificate.
bmo#1641716 - Add Microsoft's non-EV root certificates.
bmo1621151 - Disable email trust bit for 'O=Government

Root Certification Authority; C=TW' root.

bmo#1645199 - Remove AddTrust root certificates.

bmo#1641718 - Remove 'LuxTrust Global Root 2' root certificate.

bmo#1639987 - Remove 'Staat der Nederlanden Root CA - G2' root

certificate.

bmo#1618402 - Remove Symantec root certificates and disable email trust

bit.

bmo#1640516 - NSS 3.54 should depend on NSPR 4.26.

bmo#1642146 - Fix undefined reference to `PORT_ZAlloc_stub' in seed.c.

bmo#1642153 - Fix infinite recursion building NSS.

bmo#1642638 - Fix fuzzing assertion crash.

bmo#1642871 - Enable SSL_SendSessionTicket after resumption.

bmo#1643123 - Support SSL_ExportEarlyKeyingMaterial with External PSKs.

bmo#1643557 - Fix numerous compile warnings in NSS.

bmo#1644774 - SSL gtests to use ClearServerCache when resetting

self-encrypt keys.

bmo#1645479 - Don't use SECITEM_MakeItem in secutil.c.

bmo#1646520 - Stricter enforcement of ASN.1 INTEGER encoding.

Advisory ID	SUSE-RU-2021:3128-1
Released	Fri Sep 17 16:23:21 2021
Summary	Recommended update for rpmlint
Type	recommended
Severity	moderate
References	1169494,1189106

Description:

This update for rpmlint fixes the following issues:

Backport whitelisting of oddjob (bsc#1189106, bsc#1169494).

Advisory ID	SUSE-RU-2021:3131-1
Released	Fri Sep 17 16:36:55 2021
Summary	Recommended update for xorg-x11-fonts
Type	recommended
Severity	moderate
References	1174895

Description:

This update for xorg-x11-fonts fixes the following issues:

Convert the 'helv*.otb' and 'cour*.otb' files in a different way, generating all available font sizes. (bsc#1174895)
As part of the above fix, don't remove the 'Regular' suffix from the full name of fonts in 'convertfont.py'

This update for fonttosfnt fixes the following issues:

Fix more metric calculations (bsc#1174895):

Advisory ID	SUSE-RU-2021:3132-1
Released	Fri Sep 17 16:37:37 2021
Summary	Recommended update for google-guest-oslogin
Type	recommended
Severity	moderate
References	1188992,1189041

Description:

This update for google-guest-oslogin contains the following fixes:

Update to version 20210728.00 (bsc#1188992, bsc#1189041) * JSON object cleanup (#65)

Update to version 20210707.00 * throw exceptions in cache_refresh (#64)

from version 20210702.00 * Use IP address for calling the metadata server. (#63)

Update to version 20210618.00 * flush each group member write (#62)

Advisory ID	SUSE-RU-2021:3138-1
Released	Fri Sep 17 17:01:08 2021
Summary	Recommended update for mdadm
Type	recommended
Severity	moderate
References	1180661,1182642

Description:

This update for mdadm fixes the following issues:

Remove Spare drives line from details for external metadata. (bsc#1180661, bsc#1182642) - Arrays with external metadata do not have spare disks directly assigned to volumes; spare disks belong to containers and are moved to arrays when the array is degraded/reshaping. Thus, the display of zero spare disks in volume details is incorrect and can be confusing.
Don't associate spares with other arrays during RAID Examine. (bsc#1180661, bsc#1182642) - Spares in imsm belong to containers, not volumes, and must go into a separate container when assembling the RAID. Remove association spares with other arrays and make Examine print separate containers for spares. Auto assemble without config file already works like this. So make creating a config file and assembling from it consistent with auto assemble. With this change, 'mdadm -Es' will add this line to output if spares are found: 'ARRAY metadata=imsm UUID=00000000:00000000:00000000:00000000'

Advisory ID	SUSE-RU-2021:3139-1
Released	Fri Sep 17 21:48:32 2021
Summary	Recommended update for openhpi
Type	recommended
Severity	moderate
References	1185173,1190042

Description:

This update for openhpi fixes the following issues:

Use /run not /var/run for PID file creation (bsc#1185173)
Remove group rights on config file (bsc#1190042)

Advisory ID	SUSE-RU-2021:3171-1
Released	Mon Sep 20 17:26:34 2021
Summary	Recommended update for java-11-openjdk
Type	recommended
Severity	important
References	1189201,1190252

Description:

This update for java-11-openjdk fixes the following issues:

Implement FIPS support in OpenJDK
Fix build with 'glibc-2.34' (bsc#1189201)
Add support for 'riscv64' (zero VM)
Make NSS the default security provider. (bsc#1190252)

Advisory ID	SUSE-RU-2021:3182-1
Released	Tue Sep 21 17:04:26 2021
Summary	Recommended update for file
Type	recommended
Severity	moderate
References	1189996

Description:

This update for file fixes the following issues:

Fixes exception thrown by memory allocation problem (bsc#1189996)

Advisory ID	SUSE-SU-2021:3187-1
Released	Wed Sep 22 15:09:23 2021
Summary	Security update for samba
Type	security
Severity	important
References	1182830,1183572,1183574,1184677,1189875,CVE-2020-27840,CVE-2021-20254,CVE-2021-20277

Description:

This update for samba fixes the following issues:

CVE-2021-20277: Fixed an out of bounds read in ldb_handler_fold (bsc#1183574).
CVE-2021-20254: Fixed a buffer overrun in sids_to_unixids() (bsc#1184677).
CVE-2020-27840: Fixed an unauthenticated remote heap corruption via bad DNs (bsc#1183572).

Spec file fixes around systemd and requires (bsc#1182830)
Fix dependency problem upgrading from libndr0 to libndr1 (bsc#1189875)
Fix dependency problem upgrading from libsmbldap0 to libsmbldap2 (bsc#1189875)

Advisory ID	SUSE-RU-2021:3188-1
Released	Wed Sep 22 15:45:22 2021
Summary	Recommended update for sapnwbootstrap-formula
Type	recommended
Severity	moderate
References	1181541,1185093,1185627,1186236

Description:

This update for sapnwbootstrap-formula fixes the following issues:
Update to version 0.6.4+git.1621842068.a86c37c:

Set the default empty dictionary for 'virtual_addresses'. (bsc#1185627) - This also ensures that a dictionary is obtained if the value is None (needed by SUSE Manager)
Fix issue when 'azure-lb' resource for 'ASCS/ERS' is not added in the corresponding Resource Group (bsc#1186236)
Set the virtual ip addresses as permanent, except for HA scenarios, to have them even after a reboot of the machine. (bsc#1185093)
Give the option to mount '/sapmnt' folder locally without using a 'NFS' share.
Make '/sapmnt' path configurable using 'sapmnt_path' pillar variable
Update PAS and AAS templates to use HANA sid and instance number to create the configuration file
Fix error about missing instance installation requisite when monitoring is enabled. (bsc#1181541)

Advisory ID	SUSE-SU-2021:3193-1
Released	Thu Sep 23 11:24:50 2021
Summary	Security update for ffmpeg
Type	security
Severity	important
References	1189724,CVE-2021-38171

Description:

This update for ffmpeg fixes the following issues:

CVE-2021-38171: Fixed adts_decode_extradata in libavformat/adtsenc.c to check the init_get_bits return value (bsc#1189724).

Advisory ID	SUSE-RU-2021:3203-1
Released	Thu Sep 23 14:41:35 2021
Summary	Recommended update for kmod
Type	recommended
Severity	moderate
References	1189537,1190190

Description:

This update for kmod fixes the following issues:

Use docbook 4 rather than docbook 5 for building man pages (bsc#1190190).
Enable support for ZSTD compressed modules
Display module information even for modules built into the running kernel (bsc#1189537)
'/usr/lib' should override '/lib' where both are available. Support '/usr/lib' for depmod.d as well.
Remove test patches included in release 29

Update to release 29 * Fix `modinfo -F` not working for built-in modules and certain fields. * Fix a memory leak, overflow and double free on error path.

Advisory ID	SUSE-RU-2021:3221-1
Released	Fri Sep 24 10:20:35 2021
Summary	Recommended update for apache2-mod_wsgi
Type	recommended
Severity	moderate
References	1189467

Description:

This update for apache2-mod_wsgi fixes the following issue:

Enable installation of Python 'sitelib' wrapper. (bsc#1189467) - This update will solve a 'DistributionNotFound' error providing the Python metadata and wrapper for 'mod_wsgi'.

Advisory ID	SUSE-RU-2021:3224-1
Released	Fri Sep 24 11:34:33 2021
Summary	Recommended update for shim-susesigned
Type	recommended
Severity	moderate
References	1177315,1177789,1182057,1184454,1185232,1185261,1185441,1185464,1185621,1185961,1187260,1187696

Description:

This update for shim-susesigned fixes the following issues:
Sync with Microsoft signed shim to Thu Jul 15 08:13:26 UTC 2021.
This update addresses the 'susesigned' shim component.
shim was updated to 15.4 (bsc#1182057)

console: Move the countdown function to console.c
fallback: show a countdown menu before reset
MOK: Fix the missing vendor cert in MokListRT
mok: fix the mirroring of RT variables
Add the license change statement for errlog.c and mok.c
Remove a couple of incorrect license claims.
MokManager: Use CompareMem on MokListNode.Type instead of CompareGuid
Make EFI variable copying fatal only on secureboot enabled systems
Remove call to TPM2 get_event_log
tpm: Fix off-by-one error when calculating event size
tpm: Define EFI_VARIABLE_DATA_TREE as packed
tpm: Don't log duplicate identical events
VLogError(): Avoid NULL pointer dereferences in (V)Sprint calls
OpenSSL: always provide OBJ_create() with name strings.
translate_slashes(): don't write to string literals
Fix a use of strlen() instead of Strlen()
shim: Update EFI_LOADED_IMAGE with the second stage loader file path
tpm: Include information about PE/COFF images in the TPM Event Log
Fix a broken tpm type
All newly released openSUSE kernels enable kernel lockdown and signature verification, so there is no need to add the prompt anymore.
Fix the NULL pointer dereference in AuthenticodeVerify()
Remove the build ID to make the binary reproducible when building with AArch64 container
Prevent the build id being added to the binary. That can cause issues with the signature
Allocate MOK config table as BootServicesData to avoid the error message from linux kernel
Handle ignore_db and user_insecure_mode correctly (bsc#1185441)
Relax the maximum variable size check for u-boot
Relax the check for import_mok_state() when Secure Boot is off
Relax the check for the LoadOptions length
Fix the size of rela* sections for AArch64
Disable exporting vendor-dbx to MokListXRT
Don't call QueryVariableInfo() on EFI 1.10 machines
Avoid buffer overflow when copying the MOK config table
Avoid deleting the mirrored RT variables
Update to 15.3 for SBAT support (bsc#1182057)
Generate vender-specific SBAT metadata
Rename the SBAT variable and fix the self-check of SBAT
Split the keys in vendor-dbx.bin to vendor-dbx-sles and vendor-dbx-opensuse for shim-sles and shim-opensuse to reduce the size of MokListXRT (bsc#1185261)
shim-install: reset def_shim_efi to 'shim.efi' if the given file doesn't exist
shim-install: instead of assuming 'removable' for Azure, remove fallback.efi from \EFI\Boot and copy grub.efi/cfg to \EFI\Boot to make \EFI\Boot bootable and keep the boot option created by efibootmgr (bsc#1185464, bsc#1185961)
shim-install: always assume 'removable' for Azure to avoid the endless reset loop (bsc#1185464)
shim-install: Support changing default shim efi binary in /usr/etc/default/shim and /etc/default/shim (bsc#1177315)
Update dbx-cert.tar.xz and vendor-dbx.bin to block the following sign keys: + SLES-UEFI-SIGN-Certificate-2020-07.crt + openSUSE-UEFI-SIGN-Certificate-2020-07.crt

Advisory ID	SUSE-RU-2021:3227-1
Released	Mon Sep 27 09:50:51 2021
Summary	Recommended update for createrepo_c, libmodulemd, and zchunk
Type	recommended
Severity	moderate
References

Description:

This update for createrepo_c fixes the following issues:
createrepo_c:

Does no longer perform a dir walk when --recycle-pkglist is specified
Added automatic module metadata handling for repos
Fixed a couple of memory leaks
Added --arch-expand option
Added --recycle-pkglist option
Set global_exit_status on sigint so that .repodata are cleaned up
Enhance error handling when locating repositories

libmodulemd:

Just a rebuild of the package, no source changes

zchunk:

Initial shipment of zchunk to SUSE Linux Enterprise

Advisory ID	SUSE-SU-2021:3236-1
Released	Mon Sep 27 16:37:22 2021
Summary	Security update for gd
Type	security
Severity	moderate
References	1190400,CVE-2021-40812

Description:

This update for gd fixes the following issues:

CVE-2021-40812: Fixed out-of-bounds read caused by the lack of certain gdGetBuf and gdPutBuf return value checks (bsc#1190400).

Advisory ID	SUSE-RU-2021:3242-1
Released	Tue Sep 28 10:50:36 2021
Summary	Recommended update for apache2-mod_auth_mellon, lasso
Type	recommended
Severity	moderate
References

Description:

This update for lasso fixes the following issues:

Implement package 'apache2-mod_auth_mellon' along with its dependency 'lasso' in SLE-15-SP2. (jsc#SLE-8958, jsc#ECO-1309)

Advisory ID	SUSE-SU-2021:3244-1
Released	Tue Sep 28 13:17:04 2021
Summary	Security update for shibboleth-sp
Type	security
Severity	low
References	1184222

Description:

This update for shibboleth-sp fixes the following issues:

Template generation allows external parameters to override placeholders (bsc#1184222)

Advisory ID	SUSE-RU-2021:3245-1
Released	Tue Sep 28 13:54:31 2021
Summary	Recommended update for docker
Type	recommended
Severity	important
References	1190670

Description:

This update for docker fixes the following issues:

Return ENOSYS for clone3 in the seccomp profile to avoid breaking containers using glibc 2.34.
Add shell requires for the *-completion subpackages.

Advisory ID	SUSE-SU-2021:3255-1
Released	Wed Sep 29 16:29:48 2021
Summary	Security update for postgresql13
Type	security
Severity	moderate
References	1179945,1185952,1187751,1189748,CVE-2021-3677

Description:

This update for postgresql13 fixes the following issues:

CVE-2021-3677: Fixed memory disclosure in certain queries (bsc#1189748).

Fixed build with llvm12 on s390x (bsc#1185952).
Re-enabled icu for PostgreSQL 10 (bsc#1179945).
Made the dependency of postgresqlXX-server-devel on llvm and clang optional (bsc#1187751).
llvm12 breaks PostgreSQL 11 and 12 on s390x. Use llvm11 as a workaround (bsc#1185952).

Advisory ID	SUSE-RU-2021:3274-1
Released	Fri Oct 1 10:34:17 2021
Summary	Recommended update for ca-certificates-mozilla
Type	recommended
Severity	important
References	1190858

Description:

This update for ca-certificates-mozilla fixes the following issues:

remove one of the Letsencrypt CAs DST_Root_CA_X3.pem, as it expires September 30th 2021 and openssl certificate chain handling does not handle this correctly in openssl 1.0.2 and older. (bsc#1190858)

Advisory ID	SUSE-SU-2021:3291-1
Released	Wed Oct 6 16:45:36 2021
Summary	Security update for glibc
Type	security
Severity	moderate
References	1186489,1187911,CVE-2021-33574,CVE-2021-35942

Description:

This update for glibc fixes the following issues:

CVE-2021-33574: Fixed use __pthread_attr_copy in mq_notify (bsc#1186489).
CVE-2021-35942: Fixed wordexp handle overflow in positional parameter number (bsc#1187911).

Advisory ID	SUSE-SU-2021:3293-1
Released	Wed Oct 6 16:47:31 2021
Summary	Security update for ffmpeg
Type	security
Severity	moderate
References	1186761,CVE-2020-22042

Description:

This update for ffmpeg fixes the following issues:

CVE-2020-22042: Fixed a denial of service vulnerability led by a memory leak in the link_filter_inouts function in libavfilter/graphparser.c. (bsc#1186761)

Advisory ID	SUSE-RU-2021:3307-1
Released	Wed Oct 6 18:12:07 2021
Summary	Recommended update for virt-what
Type	recommended
Severity	moderate
References	1161850,1176132

Description:

This update for virt-what fixes the following issues:

Nutanix Acropolis Hypervisor detection
podman detection
Add 'which' to requires

Advisory ID	SUSE-RU-2021:3315-1
Released	Wed Oct 6 19:29:43 2021
Summary	Recommended update for go1.17
Type	recommended
Severity	moderate
References	1190589,1190649,CVE-2021-39293

Description:

This update for go1.17 fixes the following issues:
This is the initial go 1.17 shipment.
go1.17.1 (released 2021-09-09) includes a security fix to the archive/zip package, as well as bug fixes to the compiler, linker, the go command, and to the crypto/rand, embed, go/types, html/template, and net/http packages. (bsc#1190649)
CVE-2021-39293: Fixed an overflow in preallocation check that can cause OOM panic in archive/zip (bsc#1190589)
go1.17 (released 2021-08-16) is a major release of Go.
go1.17.x minor releases will be provided through August 2022.
See https://github.com/golang/go/wiki/Go-Release-Cycle
Most changes are in the implementation of the toolchain, runtime, and libraries. As always, the release maintains the Go 1 promise of compatibility. We expect almost all Go programs to continue to compile and run as before. (bsc#1190649)

See release notes https://golang.org/doc/go1.17. Excerpts relevant to OBS environment and for SUSE/openSUSE follow:
The compiler now implements a new way of passing function arguments and results using registers instead of the stack. Benchmarks for a representative set of Go packages and programs show performance improvements of about 5%, and a typical reduction in binary size of about 2%. This is currently enabled for Linux, macOS, and Windows on the 64-bit x86 architecture (the linux/amd64, darwin/amd64, and windows/amd64 ports). This change does not affect the functionality of any safe Go code and is designed to have no impact on most assembly code.
When the linker uses external linking mode, which is the default when linking a program that uses cgo, and the linker is invoked with a -I option, the option will now be passed to the external linker as a -Wl,--dynamic-linker option.
The runtime/cgo package now provides a new facility that allows to turn any Go values to a safe representation that can be used to pass values between C and Go safely. See runtime/cgo.Handle for more information.
ARM64 Go programs now maintain stack frame pointers on the 64-bit ARM architecture on all operating systems. Previously, stack frame pointers were only enabled on Linux, macOS, and iOS.
Pruned module graphs in go 1.17 modules: If a module specifies go 1.17 or higher, the module graph includes only the immediate dependencies of other go 1.17 modules, not their full transitive dependencies. To convert the go.mod file for an existing module to Go 1.17 without changing the selected versions of its dependencies, run: go mod tidy -go=1.17 By default, go mod tidy verifies that the selected versions of dependencies relevant to the main module are the same versions that would be used by the prior Go release (Go 1.16 for a module that specifies go 1.17), and preserves the go.sum entries needed by that release even for dependencies that are not normally needed by other commands. The -compat flag allows that version to be overridden to support older (or only newer) versions, up to the version specified by the go directive in the go.mod file. To tidy a go 1.17 module for Go 1.17 only, without saving checksums for (or checking for consistency with) Go 1.16: go mod tidy -compat=1.17 Note that even if the main module is tidied with -compat=1.17, users who require the module from a go 1.16 or earlier module will still be able to use it, provided that the packages use only compatible language and library features. The go mod graph subcommand also supports the -go flag, which causes it to report the graph as seen by the indicated Go version, showing dependencies that may otherwise be pruned out.
Module deprecation comments: Module authors may deprecate a module by adding a // Deprecated: comment to go.mod, then tagging a new version. go get now prints a warning if a module needed to build packages named on the command line is deprecated. go list -m -u prints deprecations for all dependencies (use -f or -json to show the full message). The go command considers different major versions to be distinct modules, so this mechanism may be used, for example, to provide users with migration instructions for a new major version.
go get -insecure flag is deprecated and has been removed. To permit the use of insecure schemes when fetching dependencies, please use the GOINSECURE environment variable. The -insecure flag also bypassed module sum validation, use GOPRIVATE or GONOSUMDB if you need that functionality. See go help environment for details.
go get prints a deprecation warning when installing commands outside the main module (without the -d flag). go install cmd@version should be used instead to install a command at a specific version, using a suffix like @latest or @v1.2.3. In Go 1.18, the -d flag will always be enabled, and go get will only be used to change dependencies in go.mod.
go.mod files missing go directives: If the main module's go.mod file does not contain a go directive and the go command cannot update the go.mod file, the go command now assumes go 1.11 instead of the current release. (go mod init has added go directives automatically since Go 1.12.) If a module dependency lacks an explicit go.mod file, or its go.mod file does not contain a go directive, the go command now assumes go 1.16 for that dependency instead of the current release. (Dependencies developed in GOPATH mode may lack a go.mod file, and the vendor/modules.txt has to date never recorded the go versions indicated by dependencies' go.mod files.)
vendor contents: If the main module specifies go 1.17 or higher, go mod vendor now annotates vendor/modules.txt with the go version indicated by each vendored module in its own go.mod file. The annotated version is used when building the module's packages from vendored source code. If the main module specifies go 1.17 or higher, go mod vendor now omits go.mod and go.sum files for vendored dependencies, which can otherwise interfere with the ability of the go command to identify the correct module root when invoked within the vendor tree.
Password prompts: The go command by default now suppresses SSH password prompts and Git Credential Manager prompts when fetching Git repositories using SSH, as it already did previously for other Git password prompts. Users authenticating to private Git repos with password-protected SSH may configure an ssh-agent to enable the go command to use password-protected SSH keys.
go mod download: When go mod download is invoked without arguments, it will no longer save sums for downloaded module content to go.sum. It may still make changes to go.mod and go.sum needed to load the build list. This is the same as the behavior in Go 1.15. To save sums for all modules, use: go mod download all
The go command now understands //go:build lines and prefers them over // +build lines. The new syntax uses boolean expressions, just like Go, and should be less error-prone. As of this release, the new syntax is fully supported, and all Go files should be updated to have both forms with the same meaning. To aid in migration, gofmt now automatically synchronizes the two forms. For more details on the syntax and migration plan, see https://golang.org/design/draft-gobuild.
go run now accepts arguments with version suffixes (for example, go run example.com/cmd@v1.0.0). This causes go run to build and run packages in module-aware mode, ignoring the go.mod file in the current directory or any parent directory, if there is one. This is useful for running executables without installing them or without changing dependencies of the current module.
The format of stack traces from the runtime (printed when an uncaught panic occurs, or when runtime.Stack is called) is improved.
TLS strict ALPN: When Config.NextProtos is set, servers now enforce that there is an overlap between the configured protocols and the ALPN protocols advertised by the client, if any. If there is no mutually supported protocol, the connection is closed with the no_application_protocol alert, as required by RFC 7301. This helps mitigate the ALPACA cross-protocol attack. As an exception, when the value 'h2' is included in the server's Config.NextProtos, HTTP/1.1 clients will be allowed to connect as if they didn't support ALPN. See issue go#46310 for more information.
crypto/ed25519: The crypto/ed25519 package has been rewritten, and all operations are now approximately twice as fast on amd64 and arm64. The observable behavior has not otherwise changed.
crypto/elliptic: CurveParams methods now automatically invoke faster and safer dedicated implementations for known curves (P-224, P-256, and P-521) when available. Note that this is a best-effort approach and applications should avoid using the generic, not constant-time CurveParams methods and instead use dedicated Curve implementations such as P256. The P521 curve implementation has been rewritten using code generated by the fiat-crypto project, which is based on a formally-verified model of the arithmetic operations. It is now constant-time and three times faster on amd64 and arm64. The observable behavior has not otherwise changed.
crypto/tls: The new Conn.HandshakeContext method allows the user to control cancellation of an in-progress TLS handshake. The provided context is accessible from various callbacks through the new ClientHelloInfo.Context and CertificateRequestInfo.Context methods. Canceling the context after the handshake has finished has no effect. Cipher suite ordering is now handled entirely by the crypto/tls package. Currently, cipher suites are sorted based on their security, performance, and hardware support taking into account both the local and peer's hardware. The order of the Config.CipherSuites field is now ignored, as well as the Config.PreferServerCipherSuites field. Note that Config.CipherSuites still allows applications to choose what TLS 1.0–1.2 cipher suites to enable. The 3DES cipher suites have been moved to InsecureCipherSuites due to fundamental block size-related weakness. They are still enabled by default but only as a last resort, thanks to the cipher suite ordering change above. Beginning in the next release, Go 1.18, the Config.MinVersion for crypto/tls clients will default to TLS 1.2, disabling TLS 1.0 and TLS 1.1 by default. Applications will be able to override the change by explicitly setting Config.MinVersion. This will not affect crypto/tls servers.
crypto/x509: CreateCertificate now returns an error if the provided private key doesn't match the parent's public key, if any. The resulting certificate would have failed to verify.
crypto/x509: The temporary GODEBUG=x509ignoreCN=0 flag has been removed.
crypto/x509: ParseCertificate has been rewritten, and now consumes ~70% fewer resources. The observable behavior has not otherwise changed, except for error messages.
crypto/x509: Beginning in the next release, Go 1.18, crypto/x509 will reject certificates signed with the SHA-1 hash function. This doesn't apply to self-signed root certificates. Practical attacks against SHA-1 have been demonstrated in 2017 and publicly trusted Certificate Authorities have not issued SHA-1 certificates since 2015.
go/build: The new Context.ToolTags field holds the build tags appropriate to the current Go toolchain configuration.
net/http package now uses the new (*tls.Conn).HandshakeContext with the Request context when performing TLS handshakes in the client or server.
syscall: On Unix-like systems, the process group of a child process is now set with signals blocked. This avoids sending a SIGTTOU to the child when the parent is in a background process group.
time: The new Time.IsDST method can be used to check whether the time is in Daylight Savings Time in its configured location.
time: The new Time.UnixMilli and Time.UnixMicro methods return the number of milliseconds and microseconds elapsed since January 1, 1970 UTC respectively.
time: The new UnixMilli and UnixMicro functions return the local Time corresponding to the given Unix time.

Add bash scripts used by go tool commands to provide a more complete cross-compiling go toolchain install.

Advisory ID	SUSE-SU-2021:3325-1
Released	Sat Oct 9 19:45:01 2021
Summary	Security update for rabbitmq-server
Type	security
Severity	moderate
References	1185075,1186203,1187818,1187819,CVE-2021-22116,CVE-2021-32718,CVE-2021-32719

Description:

This update for rabbitmq-server fixes the following issues:

CVE-2021-32718: Fixed improper neutralization of script-related HTML tags in a web page (basic XSS) in management UI (bsc#1187818).
CVE-2021-32719: Fixed improper neutralization of script-related HTML tags in a web page (basic XSS) in federation management plugin (bsc#1187819).
CVE-2021-22116: Fixed improper input validation may lead to DoS (bsc#1186203).

Use /run instead of /var/run in tmpfiles.d configuration (bsc#1185075).

Advisory ID	SUSE-RU-2021:3349-1
Released	Tue Oct 12 13:21:48 2021
Summary	Recommended update for libgphoto2
Type	recommended
Severity	moderate
References	1172301

Description:

This update for libgphoto2 fixes the following issues:
libgphoto2 was updated to the 2.5.27 release (jsc#SLE-21615)

Lots of new camera models added.
Camera support enhanced for Sony Alpha, Fuji XT, Nikon Z, Canon EOS R, Panasonic Lumix, Leica SL, ...
Better support for files over 4GB
Lumix Wifi, Docupen support added.
Lots of bugfixes

Advisory ID	SUSE-RU-2021:3382-1
Released	Tue Oct 12 14:30:17 2021
Summary	Recommended update for ca-certificates-mozilla
Type	recommended
Severity	moderate
References

Description:

This update for ca-certificates-mozilla fixes the following issues:

A new sub-package for minimal base containers (jsc#SLE-22162)

Advisory ID	SUSE-RU-2021:3390-1
Released	Tue Oct 12 18:53:38 2021
Summary	Recommended update for fcoe-utils
Type	recommended
Severity	moderate
References	1010047,1182804

Description:

This update for fcoe-utils fixes the following issues:
Update to version 1.0.34 (bsc#1182804)

Fix 21 string-op truncation, format truncation, and format overflow errors
Use of uninitialized values detected during LTO
fix VLAN device name overflow check
Fix an issue caused by 'safe_makepath' change in 'libopenfcoe.c'
Char can be unsigned on ARM, so set signed explicitly as the check expects it can be negative
Handle NIC names longer than 7 characters. (bsc#1010047)
Change debug->log message if daemon running
Remove references to 'open-fcoe.org'
Fix two gcc-11 compiler warnings.
Exit 'fcoemon' command if 'fcoemon' daemon is already running.
Update systemd service files

Advisory ID	SUSE-RU-2021:3406-1
Released	Wed Oct 13 10:40:44 2021
Summary	Recommended update for ServiceReport
Type	recommended
Severity	moderate
References

Description:

This update for ServiceReport fixes the following issues:

ServiceReport v2.2.3 release.(jsc#18193)
Added hardening to systemd service(s).
Run-on supported architectures only.
[fadump] Update crashkernel recommendation.
[Daemon] check active status along with enabled.
Take crashkernel recommendation from kdump-lib.sh scripts.

Advisory ID	SUSE-RU-2021:3409-1
Released	Wed Oct 13 10:41:02 2021
Summary	Recommended update for libGLw
Type	recommended
Severity	low
References	1191122

Description:

This update for libGLw fixes the following issue:

fix libGLw.so symlink of devel package. (bsc#1191122)

Advisory ID	SUSE-RU-2021:3410-1
Released	Wed Oct 13 10:41:36 2021
Summary	Recommended update for xkeyboard-config
Type	recommended
Severity	moderate
References	1191242

Description:

This update for xkeyboard-config fixes the following issue:

Wrong keyboard mapping causing input delays with ABNT2 keyboards. (bsc#1191242)

Advisory ID	SUSE-SU-2021:3445-1
Released	Fri Oct 15 09:03:39 2021
Summary	Security update for rpm
Type	security
Severity	important
References	1183659,1185299,1187670,1188548

Description:

This update for rpm fixes the following issues:
Security issues fixed:

PGP hardening changes (bsc#1185299)

Maintaince issues fixed:

Fixed zstd detection (bsc#1187670)
Added ndb rofs support (bsc#1188548)
Fixed deadlock when multiple rpm processes try tp acquire the database lock (bsc#1183659)

Advisory ID	SUSE-RU-2021:3448-1
Released	Fri Oct 15 09:12:28 2021
Summary	Recommended update for scap-security-guide
Type	recommended
Severity	moderate
References	1191431,1191432

Description:

This update for scap-security-guide fixes the following issues:
The scap-security-guide was updated to 0.1.58 release (jsc#ECO-3319)

Support for Script Checking Engine (SCE)
Split RHEL 8 CIS profile using new controls file format
CIS Profiles for SUSE Linux Enterprise 12
Initial Ubuntu 20.04 STIG Profiles
Addition of an automated CCE adder

Advisory ID	SUSE-SU-2021:3451-1
Released	Sat Oct 16 10:49:25 2021
Summary	Security update for MozillaFirefox
Type	security
Severity	important
References	1188891,1189547,1190269,1190274,1190710,1191332,CVE-2021-29980,CVE-2021-29981,CVE-2021-29982,CVE-2021-29983,CVE-2021-29984,CVE-2021-29985,CVE-2021-29986,CVE-2021-29987,CVE-2021-29988,CVE-2021-29989,CVE-2021-29990,CVE-2021-29991,CVE-2021-32810,CVE-2021-38492,CVE-2021-38495,CVE-2021-38496,CVE-2021-38497,CVE-2021-38498,CVE-2021-38500,CVE-2021-38501

Description:

This update for MozillaFirefox fixes the following issues:
This update contains the Firefox Extended Support Release 91.2.0 ESR.
Release 91.2.0 ESR:

Fixed: Various stability, functionality, and security fixes

MFSA 2021-45 (bsc#1191332):

CVE-2021-38496: Use-after-free in MessageTask
CVE-2021-38497: Validation message could have been overlaid on another origin
CVE-2021-38498: Use-after-free of nsLanguageAtomService object
CVE-2021-32810: Fixed Data race in crossbeam-deque
CVE-2021-38500: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2
CVE-2021-38501: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2

Fixed crash in FIPS mode (bsc#1190710)

Release 91.1.0 ESR:

Fixed: Various stability, functionality, and security fixes

MFSA 2021-40 (bsc#1190269, bsc#1190274):

CVE-2021-38492: Navigating to `mk:` URL scheme could load Internet Explorer
CVE-2021-38495: Memory safety bugs fixed in Firefox 92 and Firefox ESR 91.1

Release 91.0.1esr ESR:

Fixed: Fixed an issue causing buttons on the tab bar to be resized when loading certain websites (bug 1704404)
Fixed: Fixed an issue which caused tabs from private windows to be visible in non-private windows when viewing switch-to- tab results in the address bar panel (bug 1720369)
Fixed: Various stability fixes
Fixed: Security fix MFSA 2021-37 (bsc#1189547)
CVE-2021-29991 (bmo#1724896) Header Splitting possible with HTTP/3 Responses

Firefox Extended Support Release 91.0 ESR

New: Some of the highlights of the new Extended Support Release are:

- A number of user interface changes. For more information, see the Firefox 89 release notes. - Firefox now supports logging into Microsoft, work, and school accounts using Windows single sign-on. Learn more - On Windows, updates can now be applied in the background while Firefox is not running. - Firefox for Windows now offers a new page about:third-party to help identify compatibility issues caused by third-party applications - Version 2 of Firefox's SmartBlock feature further improves private browsing. Third party Facebook scripts are blocked to prevent you from being tracked, but are now automatically loaded 'just in time' if you decide to 'Log in with Facebook' on any website. - Enhanced the privacy of the Firefox Browser's Private Browsing mode with Total Cookie Protection, which confines cookies to the site where they were created, preventing companis from using cookies to track your browsing across sites. This feature was originally launched in Firefox's ETP Strict mode. - PDF forms now support JavaScript embedded in PDF files. Some PDF forms use JavaScript for validation and other interactive features. - You'll encounter less website breakage in Private Browsing and Strict Enhanced Tracking Protection with SmartBlock, which provides stand-in scripts so that websites load properly. - Improved Print functionality with a cleaner design and better integration with your computer's printer settings. - Firefox now protects you from supercookies, a type of tracker that can stay hidden in your browser and track you online, even after you clear cookies. By isolating supercookies, Firefox prevents them from tracking your web browsing from one site to the next. - Firefox now remembers your preferred location for saved bookmarks, displays the bookmarks toolbar by default on new tabs, and gives you easy access to all of your bookmarks via a toolbar folder. - Native support for macOS devices built with Apple Silicon CPUs brings dramatic performance improvements over the non- native build that was shipped in Firefox 83: Firefox launches over 2.5 times faster and web apps are now twice as responsive (per the SpeedoMeter 2.0 test). If you are on a new Apple device, follow these steps to upgrade to the latest Firefox. - Pinch zooming will now be supported for our users with Windows touchscreen devices and touchpads on Mac devices. Firefox users may now use pinch to zoom on touch-capable devices to zoom in and out of webpages. - We’ve improved functionality and design for a number of Firefox search features: * Selecting a search engine at the bottom of the search panel now enters search mode for that engine, allowing you to see suggestions (if available) for your search terms. The old behavior (immediately performing a search) is available with a shift-click. * When Firefox autocompletes the URL of one of your search engines, you can now search with that engine directly in the address bar by selecting the shortcut in the address bar results. * We’ve added buttons at the bottom of the search panel to allow you to search your bookmarks, open tabs, and history. - Firefox supports AcroForm, which will allow you to fill in, print, and save supported PDF forms and the PDF viewer also has a new fresh look. - For our users in the US and Canada, Firefox can now save, manage, and auto-fill credit card information for you, making shopping on Firefox ever more convenient. - In addition to our default, dark and light themes, with this release, Firefox introduces the Alpenglow theme: a colorful appearance for buttons, menus, and windows. You can update your Firefox themes under settings or preferences.

Changed: Firefox no longer supports Adobe Flash. There is no setting available to re-enable Flash support.
Enterprise: Various bug fixes and new policies have been implemented in the latest version of Firefox. See more details in the Firefox for Enterprise 91 Release Notes.

MFSA 2021-33 (bsc#1188891):

CVE-2021-29986: Race condition when resolving DNS names could have led to memory corruption
CVE-2021-29981: Live range splitting could have led to conflicting assignments in the JIT
CVE-2021-29988: Memory corruption as a result of incorrect style treatment
CVE-2021-29983: Firefox for Android could get stuck in fullscreen mode
CVE-2021-29984: Incorrect instruction reordering during JIT optimization
CVE-2021-29980: Uninitialized memory in a canvas object could have led to memory corruption
CVE-2021-29987: Users could have been tricked into accepting unwanted permissions on Linux
CVE-2021-29985: Use-after-free media channels
CVE-2021-29982: Single bit data leak due to incorrect JIT optimization and type confusion
CVE-2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13
CVE-2021-29990: Memory safety bugs fixed in Firefox 91

Advisory ID	SUSE-RU-2021:3465-1
Released	Tue Oct 19 13:12:46 2021
Summary	Recommended update for cloud-regionsrv
Type	recommended
Severity	moderate
References	1190250

Description:

This update for cloud-regionsrv contains the following fixes:

Update to version 8.1.2 (bsc#1190250) + Place certificate key in proper destination

Update to version 8.1.1 (bsc#1190250) + Use a cross-filesystem compatible method to move certificates

Advisory ID	SUSE-RU-2021:3471-1
Released	Wed Oct 20 08:39:41 2021
Summary	Recommended update for habootstrap-formula
Type	recommended
Severity	moderate
References	1190940

Description:

This update for habootstrap-formula fixes the following issues:
Update to version 0.4.4

Wait for cluster startup after a 'corosync' restart. (bsc#1190940)
Add support for The Oracle Cluster File System v2 (OCFS2)
Enable native fencing for 'microsoft-azure'
Add documentation on how to enable native fencing

Advisory ID	SUSE-SU-2021:3476-1
Released	Wed Oct 20 08:42:00 2021
Summary	Security update for xstream
Type	security
Severity	important
References	1189798,CVE-2021-39139,CVE-2021-39140,CVE-2021-39141,CVE-2021-39144,CVE-2021-39145,CVE-2021-39146,CVE-2021-39147,CVE-2021-39148,CVE-2021-39149,CVE-2021-39150,CVE-2021-39151,CVE-2021-39152,CVE-2021-39153,CVE-2021-39154

Description:

This update for xstream fixes the following issues:

Upgrade to 1.4.18
CVE-2021-39139: Fixed an issue that allowed an attacker to execute arbitrary code execution by manipulating the processed input stream with type information. (bsc#1189798)
CVE-2021-39140: Fixed an issue that allowed an attacker to execute a DoS attack by manipulating the processed input stream. (bsc#1189798)
CVE-2021-39141: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798)
CVE-2021-39144: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798)
CVE-2021-39145: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798)
CVE-2021-39146: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798)
CVE-2021-39147: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798)
CVE-2021-39148: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798)
CVE-2021-39149: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798)
CVE-2021-39150: Fixed an issue that allowed an attacker to access protected resources hosted within the intranet or in the host itself. (bsc#1189798)
CVE-2021-39151: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798)
CVE-2021-39152: Fixed an issue that allowed an attacker to access protected resources hosted within the intranet or in the host itself. (bsc#1189798)
CVE-2021-39153: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798)
CVE-2021-39154: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798)

Advisory ID	SUSE-feature-2021:3483-1
Released	Wed Oct 20 16:08:18 2021
Summary	Feature update for saptune
Type	feature
Severity	moderate
References	1149205,1164720,1167213,1167416,1167618,1170672,1176243,1178207,1179275,1182009,1182287,1182289,1185702

Description:

This update for saptune fixes the following issues:
Update saptune from version 2.0.3 to version 3.0.0 (jsc#SLE-20985)

This will be additional reflected in the saptune version found in '/etc/sysconfig/saptune' '(SAPTUNE_VERSION)'
Strengthen configuration process with staging, checks of external changes and expansion of automation to new platforms (Azure, AWS) and hardware specifics (jsc#SLE-20985)
Remove saptune version 1 (jsc#SLE-10823, jsc#SLE-10842)
Remove usage of 'tuned' from saptune - Add an own systemd service file for saptune to 'start/stop' tuning of parameter values during a reboot of the system. - Add a new saptune action 'service' to handle the 'saptune.service' supporting 'start/stop/enable/disable/status'. - The saptune action 'daemon', which handled 'tuned.service' in the past, is now flagged as 'deprecated' and internally linked to the new action 'service'. (jsc#SLE-5589, jsc#SLE-5588, jsc#SLE-6457)
Add a sanity check to detect Note definition files which do not exist anymore. (bsc#1149205) This can happen when a Note is renamed or deleted, but without reverting the Note before. saptune will now print an error message, remove the Note from the tracking variables in '/etc/sysconfig/saptune' and try to revert the related parameter settings.
Validate if the json input file is empty and handle left-over files from the migration from saptune v1 to saptune v2 (bsc#1167618)
To support system parameters only relevant for specific SUSE Linux Enterprise Server releases, service packs and/or hardware architectures saptune now supports 'tagged' sections inside the Note definition files. (jsc#SLE-13246, jsc#SLE-13245)
New kernel requirement for Power added to SAP-Note 2205917 and 2684254 (bsc#1167416) SAP Note 2205917 updated to Version 61 SAP Note 2684254 updated to Version 15
SAP Note 2382421 updated to Version 37 (bsc#1170672) - Move all 'not-well-defined' parameters from the 'reminder' section into the 'sysctl' section, but with 'empty' values. - Use an override file to define the values fitting your system requirements
Support empty parameter values in the Note definition files and not only in the override file. (bsc#1170672, jsc#TEAM-1702) - This is needed for the support of SAP Notes like 2382421, so that the customer is able to simply use an override file to define some special parameters instead of using a customer specific Note definition file.
Report an 'error' instead of 'info' and set the exit code to '1', if we reject the apply of a solution (bsc#1167213)
Skip perf bias change if secure boot is enabled. (bsc#1176243) - When a system is in lockdown mode, i.e., Secure Boot is enabled, MSR cannot be altered in user-space. So check, if Secure Boot is enabled using the mokutil utility and skip setting the perf bias in case it is.
Rework the internal block device handling to speed up the apply of block device related tunings on systems with a high number of block devices. (bsc#1178207)
Change block device handling to handle multipath devices correctly. Only the DM multipath devices will be used for the settings, but not its paths. (bsc#1179275)
fixed wrong comparison used for setting FORCE_LATENCY (bsc#1185702)
add keyword 'all' to the 'rpm' section description in the man page saptune-note(5). (bsc#1182287)
support note definition versions containing digits, upper-case and lower-case letters, dots, underscores, minus and plus signs. (bsc#1182289)
fixed issue with 'verify' operation and parameter 'VSZ_TMPFS_PERCENT'. As this parameter is only used to calculate the value of 'ShmFileSystemSizeMB' (if it is not set to a value >0 in the Note definition file) it will not be checked and compared during the saptune operation 'verify'. A footnote is pointing this out. (bsc#1182009)
SAP Note 1771258 update nofile values (bsc#1164720)
SAP Note 2684254 updated to Version 20 SAP Note 2578899 updated to Version 39 SAP Note 1680803 updated to Version 26
enhancements for saptune version 3 (jsc#SLE-16972) - Implement a lock to avoid multiple instances of saptune running in parallel. (jsc#TEAM-1700) - Support for non-colorized output (jsc#TEAM-1679) - If redirecting the output from saptune to a pipe, you no longer need to deal with the

'ugly' control sequences for the colorized output. - Add enable/disable for systemd units and support all systemd unit types in section [service] (jsc#TEAM-1701) - remove script '/usr/share/doc/packages/saptune/sapconf2saptune' and the associated man page (jsc#TEAM-1707) - implement staging of Note definition file and solution definitions. (jsc#TEAM-1844) - The idea is to freeze the saptune configuration to avoid config changes on package update when adding/removing/changing notes or solutions within the package - support custom solutions and override files for solutions. (jsc#TEAM-1706) - Partners and customers will now be able to define their own solution definitions by using files in '/etc/saptune/extra' or to override the shipped solution definitions by using override files in '/etc/saptune/override' - support for device specific configurations (jsc#TEAM-1728) - only supported for the [block] section, tags are 'vendor' and 'model' to support special block devices of a dedicated hardware vendor or a dedicated hardware model - add support for AZURE cloud (SAP Note 2993054) (jsc#TEAM-2676) - add support for AWS cloud (SAP Note 1656250) (jsc#TEAM-1754, jsc#TEAM-1755) - add NVMe support to the block device handling to support AWS (jsc#TEAM-2675) - add SAP Note 3024346 (a NetApp note) (jsc#TEAM-3454) - rework daemon and service actions (jsc#TEAM-3154) - add support for 'read_ahead_kb' and 'max_sectors_kb' to the [block] section (jsc#TEAM-1699) - add a warning to the reminder section of SAP Note 2382421 regarding iSCSI devices and setting of 'net.ipv4.tcp_syn_retries' (jsc#TEAM-1705) - For the actions 'note customise' and 'note create' check, if the customer has changed something during the editor session. If not, remove the temporary created note definition file. (jsc#TEAM-825) - add support for [sys] section and handle double configurations for parameters defined in the [sys] section (jsc#TEAM-3342) - check system sysctl config files as mentioned in the comments of '/etc/sysctl.conf' and in man page 'sysctl.conf(5)' for 'sysctl' parameters currently set by saptune notes. Print a warning and a footnote for 'verify' and 'customize'. (jsc#TEAM-1696) - add support for [filesystem] section only check filesystem mount options, not modify. Starting with filesystem type 'xfs' (jsc#TEAM-4093) - add SAP Note 900929 for SAP Netweaver workloads. (jsc#TEAM-4386) - It's the equivalent to the HANA Note 1980196. - move state files from '/var/lib/saptune' to '/run/saptune' to solve the problem of state files surviving a reboot. - add '/sbin/saptune_check' - add the description of the solution definitions shipped with saptune to the man page saptune(8) (jsc#TEAM-4260)

Advisory ID	SUSE-SU-2021:3488-1
Released	Wed Oct 20 16:18:39 2021
Summary	Security update for go1.17
Type	security
Severity	moderate
References	1190649,1191468,CVE-2021-38297

Description:

This update for go1.17 fixes the following issues:
Update to go1.17.2

CVE-2021-38297: misc/wasm, cmd/link: do not let command line args overwrite global data (bsc#1191468)

Advisory ID	SUSE-SU-2021:3490-1
Released	Wed Oct 20 16:31:55 2021
Summary	Security update for ncurses
Type	security
Severity	moderate
References	1190793,CVE-2021-39537

Description:

This update for ncurses fixes the following issues:

CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793)

Advisory ID	SUSE-SU-2021:3493-1
Released	Wed Oct 20 16:37:44 2021
Summary	Security update for fetchmail
Type	security
Severity	moderate
References	1190069,CVE-2021-39272

Description:

This update for fetchmail fixes the following issues:

CVE-2021-39272: Fix failure to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH. (bsc#1190069)

Advisory ID	SUSE-RU-2021:3494-1
Released	Wed Oct 20 16:48:46 2021
Summary	Recommended update for pam
Type	recommended
Severity	moderate
References	1190052

Description:

This update for pam fixes the following issues:

Added pam_faillock to the set of available PAM modules. (jsc#SLE-20638)
Added new file macros.pam on request of systemd. (bsc#1190052)

Advisory ID	SUSE-RU-2021:3496-1
Released	Thu Oct 21 09:57:47 2021
Summary	Recommended update for bash-completion
Type	recommended
Severity	low
References	1190929

Description:

This update for bash-completion fixes the following issue:

modinfo completion fails to recognize .ko.xz (bsc#1190929)

Advisory ID	SUSE-RU-2021:3500-1
Released	Fri Oct 22 09:42:21 2021
Summary	Recommended update for open-vm-tools
Type	recommended
Severity	moderate
References	1190987

Description:

This update for open-vm-tools fixes the following issues:

New/Updated features: * Added a configurable logging capability to the network script * The hgfsmounter (mount.vmhgfs) command has been removed from open-vm-tools. It has been replaced by hgfs-fuse.
Resolved issues: * Customization: Retry the Linux reboot if telinit is a soft link to systemctl * open-vm-tools commands would hang if configured with '--enable-valgrind'

Advisory ID	SUSE-RU-2021:3501-1
Released	Fri Oct 22 10:42:46 2021
Summary	Recommended update for libzypp, zypper, libsolv, protobuf
Type	recommended
Severity	moderate
References	1186503,1186602,1187224,1187425,1187466,1187738,1187760,1188156,1188435,1189031,1190059,1190199,1190465,1190712,1190815

Description:

This update for libzypp, zypper, libsolv and protobuf fixes the following issues:

Choice rules: treat orphaned packages as newest (bsc#1190465)
Avoid calling 'su' to detect a too restrictive sudo user umask (bsc#1186602)
Do not check of signatures and keys two times(redundant) (bsc#1190059)
Rephrase vendor conflict message in case 2 packages are involved (bsc#1187760)
Show key fpr from signature when signature check fails (bsc#1187224)
Fix solver jobs for PTFs (bsc#1186503)
Fix purge-kernels fails (bsc#1187738)
Fix obs:// platform guessing for Leap (bsc#1187425)
Make sure to keep states alives while transitioning. (bsc#1190199)
Manpage: Improve description about patch updates(bsc#1187466)
Manpage: Recommend the needs-rebooting command to test whether a system reboot is suggested.
Fix kernel-*-livepatch removal in purge-kernels. (bsc#1190815)
Fix crashes in logging code when shutting down (bsc#1189031)
Do not download full files even if the checkExistsOnly flag is set. (bsc#1190712)
Add need reboot/restart hint to XML install summary (bsc#1188435)
Prompt: choose exact match if prompt options are not prefix free (bsc#1188156)
Include libprotobuf-lite20 in products to enable parallel downloads. (jsc#ECO-2911, jsc#SLE-16862)

Advisory ID	SUSE-SU-2021:3506-1
Released	Mon Oct 25 10:20:22 2021
Summary	Security update for containerd, docker, runc
Type	security
Severity	important
References	1102408,1185405,1187704,1188282,1190826,1191015,1191121,1191334,1191355,1191434,CVE-2021-30465,CVE-2021-32760,CVE-2021-41089,CVE-2021-41091,CVE-2021-41092,CVE-2021-41103

Description:

This update for containerd, docker, runc fixes the following issues:
Docker was updated to 20.10.9-ce. (bsc#1191355)
See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md.
CVE-2021-41092 CVE-2021-41089 CVE-2021-41091 CVE-2021-41103
container was updated to v1.4.11, to fix CVE-2021-41103. bsc#1191355

CVE-2021-32760: Fixed that a archive package allows chmod of file outside of unpack target directory (bsc#1188282)

Install systemd service file as well (bsc#1190826)

Update to runc v1.0.2. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.0.2

Fixed a failure to set CPU quota period in some cases on cgroup v1.
Fixed the inability to start a container with the 'adding seccomp filter rule for syscall ...' error, caused by redundant seccomp rules (i.e. those that has action equal to the default one). Such redundant rules are now skipped.
Made release builds reproducible from now on.
Fixed a rare debug log race in runc init, which can result in occasional harmful 'failed to decode ...' errors from runc run or exec.
Fixed the check in cgroup v1 systemd manager if a container needs to be frozen before Set, and add a setting to skip such freeze unconditionally. The previous fix for that issue, done in runc 1.0.1, was not working.

Update to runc v1.0.1. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.0.1

Fixed occasional runc exec/run failure ('interrupted system call') on an Azure volume.
Fixed 'unable to find groups ... token too long' error with /etc/group containing lines longer than 64K characters.
cgroup/systemd/v1: fix leaving cgroup frozen after Set if a parent cgroup is frozen. This is a regression in 1.0.0, not affecting runc itself but some of libcontainer users (e.g Kubernetes).
cgroupv2: bpf: Ignore inaccessible existing programs in case of permission error when handling replacement of existing bpf cgroup programs. This fixes a regression in 1.0.0, where some SELinux policies would block runc from being able to run entirely.
cgroup/systemd/v2: don't freeze cgroup on Set.
cgroup/systemd/v1: avoid unnecessary freeze on Set.
fix issues with runc under openSUSE MicroOS's SELinux policy. bsc#1187704

Update to runc v1.0.0. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.0.0
! The usage of relative paths for mountpoints will now produce a warning (such configurations are outside of the spec, and in future runc will produce an error when given such configurations).

cgroupv2: devices: rework the filter generation to produce consistent results with cgroupv1, and always clobber any existing eBPF program(s) to fix runc update and avoid leaking eBPF programs (resulting in errors when managing containers).
cgroupv2: correctly convert 'number of IOs' statistics in a cgroupv1-compatible way.
cgroupv2: support larger than 32-bit IO statistics on 32-bit architectures.
cgroupv2: wait for freeze to finish before returning from the freezing code, optimize the method for checking whether a cgroup is frozen.
cgroups/systemd: fixed 'retry on dbus disconnect' logic introduced in rc94
cgroups/systemd: fixed returning 'unit already exists' error from a systemd cgroup manager (regression in rc94)
cgroupv2: support SkipDevices with systemd driver
cgroup/systemd: return, not ignore, stop unit error from Destroy
Make 'runc --version' output sane even when built with go get or otherwise outside of our build scripts.
cgroups: set SkipDevices during runc update (so we don't modify cgroups at all during runc update).
cgroup1: blkio: support BFQ weights.
cgroupv2: set per-device io weights if BFQ IO scheduler is available.

Update to runc v1.0.0~rc95. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc95
This release of runc contains a fix for CVE-2021-30465, and users are strongly recommended to update (especially if you are providing semi-limited access to spawn containers to untrusted users). (bsc#1185405)
Update to runc v1.0.0~rc94. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc94
Breaking Changes:

cgroupv1: kernel memory limits are now always ignored, as kmemcg has been effectively deprecated by the kernel. Users should make use of regular memory cgroup controls.

Regression Fixes:

seccomp: fix 32-bit compilation errors
runc init: fix a hang caused by deadlock in seccomp/ebpf loading code
runc start: fix 'chdir to cwd: permission denied' for some setups

Advisory ID	SUSE-RU-2021:3510-1
Released	Tue Oct 26 11:22:15 2021
Summary	Recommended update for pam
Type	recommended
Severity	important
References	1191987

Description:

This update for pam fixes the following issues:

Fixed a bad directive file which resulted in the 'securetty' file to be installed as 'macros.pam'. (bsc#1191987)

Advisory ID	SUSE-RU-2021:3512-1
Released	Tue Oct 26 13:33:17 2021
Summary	Recommended update for MozillaFirefox
Type	recommended
Severity	moderate
References	1190141,1191815

Description:

This update for MozillaFirefox fixes the following issues:

Allow accessing /proc/sys/crypto/fips_enabled from within the newly introduced socket process sandbox. (bsc#1191815, bsc#1190141)
Add a way to let users overwrite MOZ_ENABLE_WAYLAND

Advisory ID	SUSE-RU-2021:3516-1
Released	Tue Oct 26 14:42:44 2021
Summary	Recommended update for azure-cli, azure-cli-core, python-azure-mgmt, python-azure-mgmt-billing, python-azure-mgmt-cdn, python-azure-mgmt-hdinsight, python-azure-mgmt-netapp, python-azure-mgmt-resource, python-azure-mgmt-synapse
Type	recommended
Severity	important
References	1187880,1188178

Description:

This update for azure-cli, azure-cli-core, python-azure-mgmt, python-azure-mgmt-billing, python-azure-mgmt-cdn, python-azure-mgmt-hdinsight, python-azure-mgmt-netapp, python-azure-mgmt-resource, python-azure-mgmt-synapse contains the following fixes:
Changes in python-azure-mgmt:

Remove all version constraints in Requires. (bsc#1187880, bsc#1188178)

Changes in azure-cli-core:

Update in SLE-15 (bsc#1187880, bsc#1188178)

New upstream release + Version 2.16.0 + For detailed information about changes see the HISTORY.rst file provided with this package
Refresh patches for new version
Update Requires from setup.py + Temporarily use a vendored copy of azure-mgmt-resource

New upstream release + Version 2.15.0 + For detailed information about changes see the HISTORY.rst file provided with this package
Update Requires from setup.py

Changes in azure-cli:

Update in SLE-15 (bsc#1187880, bsc#1188178)

Add missing python3-azure-mgmt-resource dependency to Requires

New upstream release + Version 2.16.0 + For detailed information about changes see the HISTORY.rst file provided with this package
Update Requires from setup.py

New upstream release + Version 2.15.0 + For detailed information about changes see the HISTORY.rst file provided with this package
Update Requires from setup.py

Changes in python-azure-mgmt-billing:

Update in SLE-15 (bsc#1187880, bsc#1188178)

New upstream release + Version 1.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package
Update Requires from setup.py

Changes in python-azure-mgmt-cdn:

Update in SLE-15 (bsc#1187880, bsc#1188178)

New upstream release + Version 5.2.0 + For detailed information about changes see the CHANGELOG.md file provided with this package

Changes in python-azure-mgmt-hdinsight:

Update in SLE-15 (bsc#1187880, bsc#1188178)

New upstream release + Version 2.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package

Changes in python-azure-mgmt-netapp:

Update in SLE-15 (bsc#1187880, bsc#1188178)

New upstream release + Version 0.14.0 + For detailed information about changes see the CHANGELOG.md file provided with this package

Changes in python-azure-mgmt-resource:

Update in SLE-15 (bsc#1187880, bsc#1188178)

New upstream release + Version 15.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package
Update Requires from setup.py

Changes in python-azure-mgmt-synapse:

Update in SLE-15 (bsc#1187880, bsc#1188178)

New upstream release + Version 0.5.0 + For detailed information about changes see the CHANGELOG.md file provided with this package

Advisory ID	SUSE-SU-2021:3521-1
Released	Tue Oct 26 15:38:44 2021
Summary	Security update for ffmpeg
Type	security
Severity	moderate
References	1186756,1187852,1189166,1190718,1190719,1190722,1190723,1190726,1190729,1190733,1190734,1190735,CVE-2020-20891,CVE-2020-20892,CVE-2020-20895,CVE-2020-20896,CVE-2020-20899,CVE-2020-20902,CVE-2020-22037,CVE-2020-35965,CVE-2021-3566,CVE-2021-38092,CVE-2021-38093,CVE-2021-38094

Description:

This update for ffmpeg fixes the following issues:

CVE-2021-3566: Fixed information leak (bsc#1189166).
CVE-2021-38093: Fixed integer overflow vulnerability in filter_robert() (bsc#1190734)
CVE-2021-38092: Fixed integer overflow vulnerability in filter_prewitt() (bsc#1190733)
CVE-2021-38094: Fixed integer overflow vulnerability in filter_sobel() (bsc#1190735)
CVE-2020-22037: Fixed denial of service vulnerability caused by memory leak in avcodec_alloc_context3() (bsc#1186756)
CVE-2020-35965: Fixed out-of-bounds write in decode_frame() (bsc#1187852)
CVE-2020-20892: Fixed an issue with filter_frame() (bsc#1190719)
CVE-2020-20891: Fixed a buffer overflow vulnerability in config_input() (bsc#1190718)
CVE-2020-20895: Fixed a buffer overflow vulnerability in function filter_vertically_##name (bsc#1190722)
CVE-2020-20896: Fixed an issue with latm_write_packet() (bsc#1190723)
CVE-2020-20899: Fixed a buffer overflow vulnerability in config_props() (bsc#1190726)
CVE-2020-20902: Fixed an out-of-bounds read vulnerabilit long_term_filter() (bsc#1190729)

Advisory ID	SUSE-SU-2021:3527-1
Released	Tue Oct 26 17:03:06 2021
Summary	Security update for wireguard-tools
Type	security
Severity	moderate
References	1191224

Description:

This update for wireguard-tools fixes the following issues:

Removed world-readable permissions from /etc/wireguard (bsc#1191224)

Advisory ID	SUSE-SU-2021:3529-1
Released	Wed Oct 27 09:23:32 2021
Summary	Security update for pcre
Type	security
Severity	moderate
References	1172973,1172974,CVE-2019-20838,CVE-2020-14155

Description:

This update for pcre fixes the following issues:
Update pcre to version 8.45:

CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974).
CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973)

Advisory ID	SUSE-RU-2021:3571-1
Released	Thu Oct 28 09:32:19 2021
Summary	Recommended update for postfix
Type	recommended
Severity	moderate
References	1190945

Description:

This update for postfix fixes the following issues:

Adapt config.postfix to filter out lmdb files from the alias maps (bsc#1190945)

Advisory ID	SUSE-RU-2021:3574-1
Released	Thu Oct 28 12:50:07 2021
Summary	Recommended update for rpmlint
Type	recommended
Severity	moderate
References	1190790,1191821

Description:

This update for rpmlint fixes the following issues:

whitelisting of systemd-od (bsc#1191821) and pam_u2f (bsc#1190790 jsc#SLE-21888)

Advisory ID	SUSE-RU-2021:3578-1
Released	Fri Oct 29 11:36:22 2021
Summary	Recommended update for migrate-sles-to-sles4sap
Type	recommended
Severity	moderate
References	1189481

Description:

This update for migrate-sles-to-sles4sap fixes the following issues:

migrate-sles-to-sles4sap package has dependency perl-XML-Twig that is not installed. (bsc#1189481)

Advisory ID	SUSE-RU-2021:3579-1
Released	Fri Oct 29 14:56:48 2021
Summary	Recommended update for cloud-regionsrv-client
Type	recommended
Severity	moderate
References	1182026,1189362

Description:

This update for cloud-regionsrv-client fixes the following issues:

Avoid race confition with ca-certificates. (bsc#1189362) + Make the service run after ca-sertificates is done + Attempt multiple times to update the trust chain

New package to enable/disable access due to AHB. (bsc#1182026, jsc#SLE-21246, jsc#SLE-21247, jsc#SLE-21248, jsc#SLE-21249)

Advisory ID	SUSE-SU-2021:3584-1
Released	Fri Oct 29 16:27:43 2021
Summary	Security update for transfig
Type	security
Severity	important
References	1189325,1189343,1189345,1189346,1190607,1190611,1190612,1190615,1190616,1190617,1190618,1192019,CVE-2020-21529,CVE-2020-21530,CVE-2020-21531,CVE-2020-21532,CVE-2020-21533,CVE-2020-21534,CVE-2020-21535,CVE-2020-21680,CVE-2020-21681,CVE-2020-21682,CVE-2020-21683,CVE-2021-32280

Description:

This update for transfig fixes the following issues:
Update to fig2dev version 3.2.8 Patchlevel 8b (Aug 2021)

bsc#1190618, CVE-2020-21529: stack buffer overflow in the bezier_spline function in genepic.c.
bsc#1190615, CVE-2020-21530: segmentation fault in the read_objects function in read.c.
bsc#1190617, CVE-2020-21531: global buffer overflow in the conv_pattern_index function in gencgm.c.
bsc#1190616, CVE-2020-21532: global buffer overflow in the setfigfont function in genepic.c.
bsc#1190612, CVE-2020-21533: stack buffer overflow in the read_textobject function in read.c.
bsc#1190611, CVE-2020-21534: global buffer overflow in the get_line function in read.c.
bsc#1190607, CVE-2020-21535: segmentation fault in the gencgm_start function in gencgm.c.
bsc#1192019, CVE-2021-32280: NULL pointer dereference in compute_closed_spline() in trans_spline.c

Advisory ID	SUSE-RU-2021:3591-1
Released	Tue Nov 2 06:26:33 2021
Summary	Recommended update for man-pages
Type	recommended
Severity	moderate
References	1185534

Description:

This update for man-pages fixes the following issues:

Added missing manual entry for kernel_lockdown in section 7 (bsc#1185534)

Advisory ID	SUSE-RU-2021:3599-1
Released	Wed Nov 3 10:29:54 2021
Summary	Recommended update for postgresql, postgresql13, postgresql14
Type	recommended
Severity	moderate
References

Description:

This update for postgresql, postgresql13, postgresql14 fixes the following issues:
This update ships postgresql14. (jsc#SLE-20675 jsc#SLE-20676)
Feature changes in postgresql14:

https://www.postgresql.org/about/news/postgresql-14-released-2318/
https://www.postgresql.org/docs/14/release-14.html

Changes in postgresql13:

Stop building the mini and lib packages as they are now coming from postgresql14.

Changes in postgresql:

Bump version to 14, leave default at 12.

Advisory ID	SUSE-SU-2021:3616-1
Released	Thu Nov 4 12:29:16 2021
Summary	Security update for binutils
Type	security
Severity	moderate
References	1179898,1179899,1179900,1179901,1179902,1179903,1180451,1180454,1180461,1181452,1182252,1183511,1184620,1184794,CVE-2020-16590,CVE-2020-16591,CVE-2020-16592,CVE-2020-16593,CVE-2020-16598,CVE-2020-16599,CVE-2020-35448,CVE-2020-35493,CVE-2020-35496,CVE-2020-35507,CVE-2021-20197,CVE-2021-20284,CVE-2021-3487

Description:

This update for binutils fixes the following issues:
Update to binutils 2.37:

The GNU Binutils sources now requires a C99 compiler and library to build.
Support for Realm Management Extension (RME) for AArch64 has been added.
A new linker option '-z report-relative-reloc' for x86 ELF targets has been added to report dynamic relative relocations.
A new linker option '-z start-stop-gc' has been added to disable special treatment of __start_*/__stop_* references when --gc-sections.
A new linker options '-Bno-symbolic' has been added which will cancel the '-Bsymbolic' and '-Bsymbolic-functions' options.
The readelf tool has a new command line option which can be used to specify how the numeric values of symbols are reported. --sym-base=0|8|10|16 tells readelf to display the values in base 8, base 10 or base 16. A sym base of 0 represents the default action of displaying values under 10000 in base 10 and values above that in base 16.
A new format has been added to the nm program. Specifying '--format=just-symbols' (or just using -j) will tell the program to only display symbol names and nothing else.
A new command line option '--keep-section-symbols' has been added to objcopy and strip. This stops the removal of unused section symbols when the file is copied. Removing these symbols saves space, but sometimes they are needed by other tools.
The '--weaken', '--weaken-symbol' and '--weaken-symbols' options supported by objcopy now make undefined symbols weak on targets that support weak symbols.
Readelf and objdump can now display and use the contents of .debug_sup sections.
Readelf and objdump will now follow links to separate debug info files by default. This behaviour can be stopped via the use of the new '-wN' or '--debug-dump=no-follow-links' options for readelf and the '-WN' or '--dwarf=no-follow-links' options for objdump. Also the old behaviour can be restored by the use of the '--enable-follow-debug-links=no' configure time option.

The semantics of the =follow-links option have also been slightly changed. When enabled, the option allows for the loading of symbol tables and string tables from the separate files which can be used to enhance the information displayed when dumping other sections, but it does not automatically imply that information from the separate files should be displayed.
If other debug section display options are also enabled (eg '--debug-dump=info') then the contents of matching sections in both the main file and the separate debuginfo file *will* be displayed. This is because in most cases the debug section will only be present in one of the files.
If however non-debug section display options are enabled (eg '--sections') then the contents of matching parts of the separate debuginfo file will *not* be displayed. This is because in most cases the user probably only wanted to load the symbol information from the separate debuginfo file. In order to change this behaviour a new command line option --process-links can be used. This will allow di0pslay options to applied to both the main file and any separate debuginfo files.

Nm has a new command line option: '--quiet'. This suppresses 'no symbols' diagnostic.

Update to binutils 2.36:
New features in the Assembler:

General:

* When setting the link order attribute of ELF sections, it is now possible to use a numeric section index instead of symbol name. * Added a .nop directive to generate a single no-op instruction in a target neutral manner. This instruction does have an effect on DWARF line number generation, if that is active. * Removed --reduce-memory-overheads and --hash-size as gas now uses hash tables that can be expand and shrink automatically.

X86/x86_64:

* Add support for AVX VNNI, HRESET, UINTR, TDX, AMX and Key Locker instructions. * Support non-absolute segment values for lcall and ljmp. * Add {disp16} pseudo prefix to x86 assembler. * Configure with --enable-x86-used-note by default for Linux/x86.

ARM/AArch64:

* Add support for Cortex-A78, Cortex-A78AE and Cortex-X1, Cortex-R82, Neoverse V1, and Neoverse N2 cores. * Add support for ETMv4 (Embedded Trace Macrocell), ETE (Embedded Trace Extension), TRBE (Trace Buffer Extension), CSRE (Call Stack Recorder Extension) and BRBE (Branch Record Buffer Extension) system registers. * Add support for Armv8-R and Armv8.7-A ISA extensions. * Add support for DSB memory nXS barrier, WFET and WFIT instruction for Armv8.7. * Add support for +csre feature for -march. Add CSR PDEC instruction for CSRE feature in AArch64. * Add support for +flagm feature for -march in Armv8.4 AArch64. * Add support for +ls64 feature for -march in Armv8.7 AArch64. Add atomic 64-byte load/store instructions for this feature. * Add support for +pauth (Pointer Authentication) feature for -march in AArch64.
New features in the Linker:
* Add --error-handling-script= command line option to allow a helper script to be invoked when an undefined symbol or a missing library is encountered. This option can be suppressed via the configure time switch: --enable-error-handling-script=no. * Add -z x86-64-{baseline|v[234]} to the x86 ELF linker to mark x86-64-{baseline|v[234]} ISA level as needed. * Add -z unique-symbol to avoid duplicated local symbol names. * The creation of PE format DLLs now defaults to using a more secure set of DLL characteristics. * The linker now deduplicates the types in .ctf sections. The new command-line option --ctf-share-types describes how to do this: its default value, share-unconflicted, produces the most compact output. * The linker now omits the 'variable section' from .ctf sections by default, saving space. This is almost certainly what you want unless you are working on a project that has its own analogue of symbol tables that are not reflected in the ELF symtabs.
New features in other binary tools:
* The ar tool's previously unused l modifier is now used for specifying dependencies of a static library. The arguments of this option (or --record-libdeps long form option) will be stored verbatim in the __.LIBDEP member of the archive, which the linker may read at link time. * Readelf can now display the contents of LTO symbol table sections when asked to do so via the --lto-syms command line option. * Readelf now accepts the -C command line option to enable the demangling of symbol names. In addition the --demangle=