----------------------------------------- Version 2.2.63 2024-02-06T09:00:15 ----------------------------------------- Patch: SUSE-2018-1292 Released: Mon Jul 9 11:57:14 2018 Summary: Security update for openslp Severity: important References: 1090638,CVE-2017-17833 Description: This update for openslp fixes the following issues: - CVE-2017-17833: Prevent heap-related memory corruption issue which may have manifested itself as a denial-of-service or a remote code-execution vulnerability (bsc#1090638) - Prevent out of bounds reads in message parsing ----------------------------------------- Patch: SUSE-2018-1332 Released: Tue Jul 17 09:01:19 2018 Summary: Recommended update for timezone Severity: moderate References: 1073299,1093392 Description: This update for timezone provides the following fixes: - North Korea switches back from +0830 to +09 on 2018-05-05. - Ireland's standard time is in the summer, with negative DST offset to standard time used in Winter. (bsc#1073299) - yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid setting an incorrect timezone. (bsc#1093392) ----------------------------------------- Patch: SUSE-2018-1999 Released: Tue Sep 25 08:20:35 2018 Summary: Recommended update for zlib Severity: moderate References: 1071321 Description: This update for zlib provides the following fixes: - Speedup zlib on power8. (fate#325307) - Add safeguard against negative values in uInt. (bsc#1071321) ----------------------------------------- Patch: SUSE-2018-2340 Released: Fri Oct 19 16:05:53 2018 Summary: Security update for fuse Severity: moderate References: 1101797,CVE-2018-10906 Description: This update for fuse fixes the following issues: - CVE-2018-10906: fusermount was vulnerable to a restriction bypass when SELinux is active. This allowed non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects (bsc#1101797) ----------------------------------------- Patch: SUSE-2018-2463 Released: Thu Oct 25 14:48:34 2018 Summary: Recommended update for timezone, timezone-java Severity: moderate References: 1104700,1112310 Description: This update for timezone, timezone-java fixes the following issues: The timezone database was updated to 2018f: - Volgograd moves from +03 to +04 on 2018-10-28. - Fiji ends DST 2019-01-13, not 2019-01-20. - Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700) - Corrections to past timestamps of DST transitions - Use 'PST' and 'PDT' for Philippine time - minor code changes to zic handling of the TZif format - documentation updates Other bugfixes: - Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310) ----------------------------------------- Patch: SUSE-2018-2484 Released: Fri Oct 26 10:16:04 2018 Summary: Security update for wpa_supplicant Severity: moderate References: 1080798,1098854,1099835,1104205,1109209,1111873,CVE-2018-14526 Description: This update for wpa_supplicant provides the following fixes: This security issues was fixe: - CVE-2018-14526: Under certain conditions, the integrity of EAPOL-Key messages was not checked, leading to a decryption oracle. An attacker within range of the Access Point and client could have abused the vulnerability to recover sensitive information (bsc#1104205) These non-security issues were fixed: - Fix reading private key passwords from the configuration file. (bsc#1099835) - Enable PWD as EAP method. This allows for password-based authentication, which is easier to setup than most of the other methods, and is used by the Eduroam network. (bsc#1109209) - compile eapol_test binary to allow testing via radius proxy and server (note: this does not match CONFIG_EAPOL_TEST which sets -Werror and activates an assert call inside the code of wpa_supplicant) (bsc#1111873), (fate#326725) - Enabled timestamps in log file when being invoked by systemd service file (bsc#1080798). - Fixes the default file permissions of the debug log file to more sane values, i.e. it is no longer world-readable (bsc#1098854). - Open the debug log file with O_CLOEXEC, which will prevent file descriptor leaking to child processes (bsc#1098854). ----------------------------------------- Patch: SUSE-2018-2550 Released: Wed Oct 31 16:16:56 2018 Summary: Recommended update for timezone, timezone-java Severity: moderate References: 1113554 Description: This update provides the latest time zone definitions (2018g), including the following change: - Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554) ----------------------------------------- Patch: SUSE-2018-2569 Released: Fri Nov 2 19:00:18 2018 Summary: Recommended update for pam Severity: moderate References: 1110700 Description: This update for pam fixes the following issues: - Remove limits for nproc from /etc/security/limits.conf (bsc#1110700) ----------------------------------------- Patch: SUSE-2018-2607 Released: Wed Nov 7 15:42:48 2018 Summary: Optional update for gcc8 Severity: low References: 1084812,1084842,1087550,1094222,1102564 Description: The GNU Compiler GCC 8 is being added to the Development Tools Module by this update. The update also supplies gcc8 compatible libstdc++, libgcc_s1 and other gcc derived libraries for the Basesystem module of SUSE Linux Enterprise 15. Various optimizers have been improved in GCC 8, several of bugs fixed, quite some new warnings added and the error pin-pointing and fix-suggestions have been greatly improved. The GNU Compiler page for GCC 8 contains a summary of all the changes that have happened: https://gcc.gnu.org/gcc-8/changes.html Also changes needed or common pitfalls when porting software are described on: https://gcc.gnu.org/gcc-8/porting_to.html ----------------------------------------- Patch: SUSE-2018-2825 Released: Mon Dec 3 15:35:02 2018 Summary: Security update for pam Severity: important References: 1115640,CVE-2018-17953 Description: This update for pam fixes the following issue: Security issue fixed: - CVE-2018-17953: Fixed IP address and subnet handling of pam_access.so that was not honoured correctly when a single host was specified (bsc#1115640). ----------------------------------------- Patch: SUSE-2018-2861 Released: Thu Dec 6 14:32:01 2018 Summary: Security update for ncurses Severity: important References: 1103320,1115929,CVE-2018-19211 Description: This update for ncurses fixes the following issues: Security issue fixed: - CVE-2018-19211: Fixed denial of service issue that was triggered by a NULL pointer dereference at function _nc_parse_entry (bsc#1115929). Non-security issue fixed: - Remove scree.xterm from terminfo data base as with this screen uses fallback TERM=screen (bsc#1103320). ----------------------------------------- Patch: SUSE-2018-3044 Released: Fri Dec 21 18:47:21 2018 Summary: Security update for MozillaFirefox, mozilla-nspr and mozilla-nss Severity: important References: 1097410,1106873,1119069,1119105,CVE-2018-0495,CVE-2018-12384,CVE-2018-12404,CVE-2018-12405,CVE-2018-17466,CVE-2018-18492,CVE-2018-18493,CVE-2018-18494,CVE-2018-18498 Description: This update for MozillaFirefox, mozilla-nss and mozilla-nspr fixes the following issues: Issues fixed in MozillaFirefox: - Update to Firefox ESR 60.4 (bsc#1119105) - CVE-2018-17466: Fixed a buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 - CVE-2018-18492: Fixed a use-after-free with select element - CVE-2018-18493: Fixed a buffer overflow in accelerated 2D canvas with Skia - CVE-2018-18494: Fixed a Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs - CVE-2018-18498: Fixed a integer overflow when calculating buffer sizes for images - CVE-2018-12405: Fixed a few memory safety bugs Issues fixed in mozilla-nss: - Update to NSS 3.40.1 (bsc#1119105) - CVE-2018-12404: Fixed a cache side-channel variant of the Bleichenbacher attack (bsc#1119069) - CVE-2018-12384: Fixed an issue in the SSL handshake. NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. (bsc#1106873) - CVE-2018-0495: Fixed a memory-cache side-channel attack with ECDSA signatures (bsc#1097410) - Fixed a decryption failure during FFDHE key exchange - Various security fixes in the ASN.1 code Issues fixed in mozilla-nspr: - Update mozilla-nspr to 4.20 (bsc#1119105) ----------------------------------------- Patch: SUSE-2019-44 Released: Tue Jan 8 13:07:32 2019 Summary: Recommended update for acl Severity: low References: 953659 Description: This update for acl fixes the following issues: - test: Add helper library to fake passwd/group files. - quote: Escape literal backslashes. (bsc#953659) ----------------------------------------- Patch: SUSE-2019-102 Released: Tue Jan 15 18:02:58 2019 Summary: Recommended update for timezone Severity: moderate References: 1120402 Description: This update for timezone fixes the following issues: - Update 2018i: São Tomé and Príncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402) - Update 2018h: Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21 New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move Metlakatla, Alaska observes PST this winter only Guess Morocco will continue to adjust clocks around Ramadan Add predictions for Iran from 2038 through 2090 ----------------------------------------- Patch: SUSE-2019-247 Released: Wed Feb 6 07:18:45 2019 Summary: Security update for lua53 Severity: moderate References: 1123043,CVE-2019-6706 Description: This update for lua53 fixes the following issues: Security issue fixed: - CVE-2019-6706: Fixed a use-after-free bug in the lua_upvaluejoin function of lapi.c (bsc#1123043) ----------------------------------------- Patch: SUSE-2019-495 Released: Tue Feb 26 16:42:35 2019 Summary: Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc Severity: important References: 1048046,1051429,1114832,1118897,1118898,1118899,1121967,1124308,CVE-2018-16873,CVE-2018-16874,CVE-2018-16875,CVE-2019-5736 Description: This update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc fixes the following issues: Security issues fixed: - CVE-2018-16875: Fixed a CPU Denial of Service (bsc#1118899). - CVE-2018-16874: Fixed a vulnerabity in go get command which could allow directory traversal in GOPATH mode (bsc#1118898). - CVE-2018-16873: Fixed a vulnerability in go get command which could allow remote code execution when executed with -u in GOPATH mode (bsc#1118897). - CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967). Other changes and fixes: - Update shell completion to use Group: System/Shells. - Add daemon.json file with rotation logs configuration (bsc#1114832) - Update to Docker 18.09.1-ce (bsc#1124308) and to to runc 96ec2177ae84. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. - Update go requirements to >= go1.10 - Use -buildmode=pie for tests and binary build (bsc#1048046 and bsc#1051429). - Remove the usage of 'cp -r' to reduce noise in the build logs. ----------------------------------------- Patch: SUSE-2019-571 Released: Thu Mar 7 18:13:46 2019 Summary: Security update for file Severity: moderate References: 1096974,1096984,1126117,1126118,1126119,CVE-2018-10360,CVE-2019-8905,CVE-2019-8906,CVE-2019-8907 Description: This update for file fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-10360: Fixed an out-of-bounds read in the function do_core_note in readelf.c, which allowed remote attackers to cause a denial of service (application crash) via a crafted ELF file (bsc#1096974) - CVE-2019-8905: Fixed a stack-based buffer over-read in do_core_note in readelf.c (bsc#1126118) - CVE-2019-8906: Fixed an out-of-bounds read in do_core_note in readelf. c (bsc#1126119) - CVE-2019-8907: Fixed a stack corruption in do_core_note in readelf.c (bsc#1126117) ----------------------------------------- Patch: SUSE-2019-748 Released: Tue Mar 26 14:35:56 2019 Summary: Security update for libmspack Severity: moderate References: 1113038,1113039,CVE-2018-18584,CVE-2018-18585 Description: This update for libmspack fixes the following issues: Security issues fixed: - CVE-2018-18584: The CAB block input buffer was one byte too small for the maximal Quantum block, leading to an out-of-bounds write. (bsc#1113038) - CVE-2018-18585: chmd_read_headers accepted a filename that has '\0' as its first or second character (such as the '/\0' name). (bsc#1113039) - Fix off-by-one bounds check on CHM PMGI/PMGL chunk numbers and reject empty filenames. ----------------------------------------- Patch: SUSE-2019-788 Released: Thu Mar 28 11:55:06 2019 Summary: Security update for sqlite3 Severity: moderate References: 1119687,CVE-2018-20346 Description: This update for sqlite3 to version 3.27.2 fixes the following issue: Security issue fixed: - CVE-2018-20346: Fixed a remote code execution vulnerability in FTS3 (Magellan) (bsc#1119687). Release notes: https://www.sqlite.org/releaselog/3_27_2.html ----------------------------------------- Patch: SUSE-2019-790 Released: Thu Mar 28 12:06:17 2019 Summary: Recommended update for timezone Severity: moderate References: 1130557 Description: This update for timezone fixes the following issues: timezone was updated 2019a: * Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23 * Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00 * Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25) * zic now has an -r option to limit the time range of output data ----------------------------------------- Patch: SUSE-2019-926 Released: Wed Apr 10 16:33:12 2019 Summary: Security update for tar Severity: moderate References: 1120610,1130496,CVE-2018-20482,CVE-2019-9923 Description: This update for tar fixes the following issues: Security issues fixed: - CVE-2019-9923: Fixed a denial of service while parsing certain archives with malformed extended headers in pax_decode_header() (bsc#1130496). - CVE-2018-20482: Fixed a denial of service when the '--sparse' option mishandles file shrinkage during read access (bsc#1120610). ----------------------------------------- Patch: SUSE-2019-1002 Released: Wed Apr 24 10:13:34 2019 Summary: Recommended update for zlib Severity: moderate References: 1110304,1129576 Description: This update for zlib fixes the following issues: - Fixes a segmentation fault error (bsc#1110304, bsc#1129576) ----------------------------------------- Patch: SUSE-2019-1127 Released: Thu May 2 09:39:24 2019 Summary: Security update for sqlite3 Severity: moderate References: 1130325,1130326,CVE-2019-9936,CVE-2019-9937 Description: This update for sqlite3 to version 3.28.0 fixes the following issues: Security issues fixed: - CVE-2019-9936: Fixed a heap-based buffer over-read, when running fts5 prefix queries inside transaction (bsc#1130326). - CVE-2019-9937: Fixed a denial of service related to interleaving reads and writes in a single transaction with an fts5 virtual table (bsc#1130325). ----------------------------------------- Patch: SUSE-2019-1368 Released: Tue May 28 13:15:38 2019 Summary: Recommended update for sles12sp3-docker-image, sles12sp4-image, system-user-root Severity: important References: 1134524,CVE-2019-5021 Description: This update for sles12sp3-docker-image, sles12sp4-image, system-user-root fixes the following issues: - CVE-2019-5021: Include an invalidated root password by default, not an empty one (bsc#1134524) ----------------------------------------- Patch: SUSE-2019-1398 Released: Fri May 31 12:54:22 2019 Summary: Security update for libpng16 Severity: low References: 1100687,1121624,1124211,CVE-2018-13785,CVE-2019-7317 Description: This update for libpng16 fixes the following issues: Security issues fixed: - CVE-2019-7317: Fixed a use-after-free vulnerability, triggered when png_image_free() was called under png_safe_execute (bsc#1124211). - CVE-2018-13785: Fixed a wrong calculation of row_factor in the png_check_chunk_length function in pngrutil.c, which could haved triggered and integer overflow and result in an divide-by-zero while processing a crafted PNG file, leading to a denial of service (bsc#1100687) ----------------------------------------- Patch: SUSE-2019-1631 Released: Fri Jun 21 11:17:21 2019 Summary: Recommended update for xz Severity: low References: 1135709 Description: This update for xz fixes the following issues: Add SUSE-Public-Domain licence as some parts of xz utils (liblzma, xz, xzdec, lzmadec, documentation, translated messages, tests, debug, extra directory) are in public domain licence [bsc#1135709] ----------------------------------------- Patch: SUSE-2019-1815 Released: Thu Jul 11 07:47:55 2019 Summary: Recommended update for timezone Severity: moderate References: 1140016 Description: This update for timezone fixes the following issues: - Timezone update 2019b. (bsc#1140016): - Brazil no longer observes DST. - 'zic -b slim' outputs smaller TZif files. - Palestine's 2019 spring-forward transition was on 03-29, not 03-30. - Add info about the Crimea situation. ----------------------------------------- Patch: SUSE-2019-1892 Released: Thu Jul 18 15:54:35 2019 Summary: Recommended update for openslp Severity: moderate References: 1117969,1136136 Description: This update for openslp fixes the following issues: - Use tcp connects to talk with other directory agents (DAs) (bsc#1117969) - Fix segfault in predicate match if a registered service has a malformed attribute list (bsc#1136136) ----------------------------------------- Patch: SUSE-2019-2134 Released: Wed Aug 14 11:54:56 2019 Summary: Recommended update for zlib Severity: moderate References: 1136717,1137624,1141059,SLE-5807 Description: This update for zlib fixes the following issues: - Update the s390 patchset. (bsc#1137624) - Tweak zlib-power8 to have type of crc32_vpmsum conform to usage. (bsc#1141059) - Use FAT LTO objects in order to provide proper static library. - Do not enable the previous patchset on s390 but just s390x. (bsc#1137624) - Add patchset for s390 improvements. (jsc#SLE-5807, bsc#1136717) ----------------------------------------- Patch: SUSE-2019-2142 Released: Wed Aug 14 18:14:04 2019 Summary: Recommended update for mozilla-nspr, mozilla-nss Severity: moderate References: 1141322 Description: This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to NSS 3.45 (bsc#1141322) : * New function in pk11pub.h: PK11_FindRawCertsWithSubject * The following CA certificates were Removed: CN = Certinomis - Root CA (bmo#1552374) * Implement Delegated Credentials (draft-ietf-tls-subcerts) (bmo#1540403) This adds a new experimental function SSL_DelegateCredential Note: In 3.45, selfserv does not yet support delegated credentials (See bmo#1548360). Note: In 3.45 the SSLChannelInfo is left unmodified, while an upcoming change in 3.46 will set SSLChannelInfo.authKeyBits to that of the delegated credential for better policy enforcement (See bmo#1563078). * Replace ARM32 Curve25519 implementation with one from fiat-crypto (bmo#1550579) * Expose a function PK11_FindRawCertsWithSubject for finding certificates with a given subject on a given slot (bmo#1552262) * Add IPSEC IKE support to softoken (bmo#1546229) * Add support for the Elbrus lcc compiler (<=1.23) (bmo#1554616) * Expose an external clock for SSL (bmo#1543874) This adds new experimental functions: SSL_SetTimeFunc, SSL_CreateAntiReplayContext, SSL_SetAntiReplayContext, and SSL_ReleaseAntiReplayContext. The experimental function SSL_InitAntiReplay is removed. * Various changes in response to the ongoing FIPS review (bmo#1546477) Note: The source package size has increased substantially due to the new FIPS test vectors. This will likely prompt follow-on work, but please accept our apologies in the meantime. mozilla-nspr was updated to version 4.21 * Changed prbit.h to use builtin function on aarch64. * Removed Gonk/B2G references. ----------------------------------------- Patch: SUSE-2019-2218 Released: Mon Aug 26 11:29:57 2019 Summary: Recommended update for pinentry Severity: moderate References: 1141883 Description: This update for pinentry fixes the following issues: - Fix a dangling pointer in qt/main.cpp that caused crashes. (bsc#1141883) ----------------------------------------- Patch: SUSE-2019-2223 Released: Tue Aug 27 15:42:56 2019 Summary: Security update for podman, slirp4netns and libcontainers-common Severity: moderate References: 1096726,1123156,1123387,1135460,1136974,1137860,1143386,CVE-2018-15664,CVE-2019-10152,CVE-2019-6778 Description: This is a version update for podman to version 1.4.4 (bsc#1143386). Additional changes by SUSE on top: - Remove fuse-overlayfs because it's (currently) an unsatisfied dependency on SLE (bsc#1143386) - Update libpod.conf to use correct infra_command - Update libpod.conf to use better versioned pause container - Update libpod.conf to use official kubic pause container - Update libpod.conf to match latest features set: detach_keys, lock_type, runtime_supports_json - Add podman-remote varlink client Version update podman to v1.4.4: - Features - Podman now has greatly improved support for containers using multiple OCI runtimes. Containers now remember if they were created with a different runtime using --runtime and will always use that runtime - The cached and delegated options for volume mounts are now allowed for Docker compatability (#3340) - The podman diff command now supports the --latest flag - Bugfixes - Fixed a bug where rootless Podman would attempt to use the entire root configuration if no rootless configuration was present for the user, breaking rootless Podman for new installations - Fixed a bug where rootless Podman's pause process would block SIGTERM, preventing graceful system shutdown and hanging until the system's init send SIGKILL - Fixed a bug where running Podman as root with sudo -E would not work after running rootless Podman at least once - Fixed a bug where options for tmpfs volumes added with the --tmpfs flag were being ignored - Fixed a bug where images with no layers could not properly be displayed and removed by Podman - Fixed a bug where locks were not properly freed on failure to create a container or pod - Fixed a bug where podman cp on a single file would create a directory at the target and place the file in it (#3384) - Fixed a bug where podman inspect --format '{{.Mounts}}' would print a hexadecimal address instead of a container's mounts - Fixed a bug where rootless Podman would not add an entry to container's /etc/hosts files for their own hostname (#3405) - Fixed a bug where podman ps --sync would segfault (#3411) - Fixed a bug where podman generate kube would produce an invalid ports configuration (#3408) - Misc - Updated containers/storage to v1.12.13 - Podman now performs much better on systems with heavy I/O load - The --cgroup-manager flag to podman now shows the correct default setting in help if the default was overridden by libpod.conf - For backwards compatability, setting --log-driver=json-file in podman run is now supported as an alias for --log-driver=k8s-file. This is considered deprecated, and json-file will be moved to a new implementation in the future ([#3363](https://github.com/containers/libpo\ d/issues/3363)) - Podman's default libpod.conf file now allows the crun OCI runtime to be used if it is installed Update podman to v1.4.2: - Fixed a bug where Podman could not run containers using an older version of Systemd as init - Updated vendored Buildah to v1.9.0 to resolve a critical bug with Dockerfile RUN instructions - The error message for running podman kill on containers that are not running has been improved - Podman remote client can now log to a file if syslog is not available - The podman exec command now sets its error code differently based on whether the container does not exist, and the command in the container does not exist - The podman inspect command on containers now outputs Mounts JSON that matches that of docker inspect, only including user-specified volumes and differentiating bind mounts and named volumes - The podman inspect command now reports the path to a container's OCI spec with the OCIConfigPath key (only included when the container is initialized or running) - The podman run --mount command now supports the bind-nonrecursive option for bind mounts - Fixed a bug where podman play kube would fail to create containers due to an unspecified log driver - Fixed a bug where Podman would fail to build with musl libc - Fixed a bug where rootless Podman using slirp4netns networking in an environment with no nameservers on the host other than localhost would result in nonfunctional networking - Fixed a bug where podman import would not properly set environment variables, discarding their values and retaining only keys - Fixed a bug where Podman would fail to run when built with Apparmor support but run on systems without the Apparmor kernel module loaded - Remote Podman will now default the username it uses to log in to remote systems to the username of the current user - Podman now uses JSON logging with OCI runtimes that support it, allowing for better error reporting - Updated vendored containers/image to v2.0 - Update conmon to v0.3.0 - Support OOM Monitor under cgroup V2 - Add config binary and make target for configuring conmon with a go library for importing values Updated podman to version 1.4.0 (bsc#1137860) and (bsc#1135460) - Podman checkpoint and podman restore commands can now be used to migrate containers between Podman installations on different systems. - The podman cp now supports pause flag. - The remote client now supports a configuration file for pre-configuring connections to remote Podman installations - CVE-2019-10152: Fixed an iproper dereference of symlinks of the the podman cp command which introduced in version 1.1.0 (bsc#1136974). - Fixed a bug where podman commit could improperly set environment variables that contained = characters - Fixed a bug where rootless podman would sometimes fail to start containers with forwarded ports - Fixed a bug where podman version on the remote client could segfault - Fixed a bug where podman container runlabel would use /proc/self/exe instead of the path of the Podman command when printing the command being executed - Fixed a bug where filtering images by label did not work - Fixed a bug where specifying a bing mount or tmpfs mount over an image volume would cause a container to be unable to start - Fixed a bug where podman generate kube did not work with containers with named volumes - Fixed a bug where rootless podman would receive permission denied errors accessing conmon.pid - Fixed a bug where podman cp with a folder specified as target would replace the folder, as opposed to copying into it - Fixed a bug where rootless Podman commands could double-unlock a lock, causing a crash - Fixed a bug where podman incorrectly set tmpcopyup on /dev/ mounts, causing errors when using the Kata containers runtime - Fixed a bug where podman exec would fail on older kernels - Podman commit command is now usable with the Podman remote client - Signature-policy flag has been deprecated - Updated vendored containers/storage and containers/image libraries with numerous bugfixes - Updated vendored Buildah to v1.8.3 - Podman now requires Conmon v0.2.0 - The podman cp command is now aliased as podman container cp - Rootless podman will now default init_path using root Podman's configuration files (/etc/containers/libpod.conf and /usr/share/containers/libpod.conf) if not overridden in the rootless configuration - Added fuse-overlayfs dependency to support overlay based rootless image manipulations - The podman cp command can now read input redirected to STDIN, and output to STDOUT instead of a file, using - instead of an argument. - The podman remote client now displays version information from both the client and server in podman version - The podman unshare command has been added, allowing easy entry into the user namespace set up by rootless Podman (allowing the removal of files created by rootless podman, among other things) - Fixed a bug where Podman containers with the --rm flag were removing created volumes when they were automatically removed - Fixed a bug where container and pod locks were incorrectly marked as released after a system reboot, causing errors on container and pod removal - Fixed a bug where Podman pods could not be removed if any container in the pod encountered an error during removal - Fixed a bug where Podman pods run with the cgroupfs CGroup driver would encounter a race condition during removal, potentially failing to remove the pod CGroup - Fixed a bug where the podman container checkpoint and podman container restore commands were not visible in the remote client - Fixed a bug where podman remote ps --ns would not print the container's namespaces - Fixed a bug where removing stopped containers with healthchecks could cause an error - Fixed a bug where the default libpod.conf file was causing parsing errors - Fixed a bug where pod locks were not being freed when pods were removed, potentially leading to lock exhaustion - Fixed a bug where 'podman run' with SD_NOTIFY set could, on short-running containers, create an inconsistent state rendering the container unusable - The remote Podman client now uses the Varlink bridge to establish remote connections by default - Fixed an issue with apparmor_parser (bsc#1123387) - Update to libpod v1.4.0 (bsc#1137860): - The podman checkpoint and podman restore commands can now be used to migrate containers between Podman installations on different systems - The podman cp command now supports a pause flag to pause containers while copying into them - The remote client now supports a configuration file for pre-configuring connections to remote Podman installations - Fixed CVE-2019-10152 - The podman cp command improperly dereferenced symlinks in host context - Fixed a bug where podman commit could improperly set environment variables that contained = characters - Fixed a bug where rootless Podman would sometimes fail to start containers with forwarded ports - Fixed a bug where podman version on the remote client could segfault - Fixed a bug where podman container runlabel would use /proc/self/exe instead of the path of the Podman command when printing the command being executed - Fixed a bug where filtering images by label did not work - Fixed a bug where specifying a bing mount or tmpfs mount over an image volume would cause a container to be unable to start - Fixed a bug where podman generate kube did not work with containers with named volumes - Fixed a bug where rootless Podman would receive permission denied errors accessing conmon.pid - Fixed a bug where podman cp with a folder specified as target would replace the folder, as opposed to copying into it - Fixed a bug where rootless Podman commands could double-unlock a lock, causing a crash - Fixed a bug where Podman incorrectly set tmpcopyup on /dev/ mounts, causing errors when using the Kata containers runtime - Fixed a bug where podman exec would fail on older kernels - The podman commit command is now usable with the Podman remote client - The --signature-policy flag (used with several image-related commands) has been deprecated - The podman unshare command now defines two environment variables in the spawned shell: CONTAINERS_RUNROOT and CONTAINERS_GRAPHROOT, pointing to temporary and permanent storage for rootless containers - Updated vendored containers/storage and containers/image libraries with numerous bugfixes - Updated vendored Buildah to v1.8.3 - Podman now requires Conmon v0.2.0 - The podman cp command is now aliased as podman container cp - Rootless Podman will now default init_path using root Podman's configuration files (/etc/containers/libpod.conf and /usr/share/containers/libpod.conf) if not overridden in the rootless configuration - Update to image v1.5.1 - Vendor in latest containers/storage - docker/docker_client: Drop redundant Domain(ref.ref) call - pkg/blobinfocache: Split implementations into subpackages - copy: progress bar: show messages on completion - docs: rename manpages to *.5.command - add container-certs.d.md manpage - pkg/docker/config: Bring auth tests from docker/docker_client_test - Don't allocate a sync.Mutex separately Update to storage v1.12.10: - Add function to parse out mount options from graphdriver - Merge the disparate parts of all of the Unix-like lockfiles - Fix unix-but-not-Linux compilation - Return XDG_RUNTIME_DIR as RootlessRuntimeDir if set - Cherry-pick moby/moby #39292 for CVE-2018-15664 fixes - lockfile: add RecursiveLock() API - Update generated files - Fix crash on tesing of aufs code - Let consumers know when Layers and Images came from read-only stores - chown: do not change owner for the mountpoint - locks: correctly mark updates to the layers list - CreateContainer: don't worry about mapping layers unless necessary - docs: fix manpage for containers-storage.conf - docs: sort configuration options alphabetically - docs: document OSTree file deduplication - Add missing options to man page for containers-storage - overlay: use the layer idmapping if present - vfs: prefer layer custom idmappings - layers: propagate down the idmapping settings - Recreate symlink when not found - docs: fix manpage for configuration file - docs: add special handling for manpages in sect 5 - overlay: fix single-lower test - Recreate symlink when not found - overlay: propagate errors from mountProgram - utils: root in a userns uses global conf file - Fix handling of additional stores - Correctly check permissions on rootless directory - Fix possible integer overflow on 32bit builds - Evaluate device path for lvm - lockfile test: make concurrent RW test determinisitc - lockfile test: make concurrent read tests deterministic - drivers.DirCopy: fix filemode detection - storage: move the logic to detect rootless into utils.go - Don't set (struct flock).l_pid - Improve documentation of getLockfile - Rename getLockFile to createLockerForPath, and document it - Add FILES section to containers-storage.5 man page - add digest locks - drivers/copy: add a non-cgo fallback slirp4netns was updated to 0.3.0: - CVE-2019-6778: Fixed a heap buffer overflow in tcp_emu() (bsc#1123156) This update also includes: - fuse3 and fuse-overlayfs to support rootless containers. ----------------------------------------- Patch: SUSE-2019-2533 Released: Thu Oct 3 15:02:50 2019 Summary: Security update for sqlite3 Severity: moderate References: 1150137,CVE-2019-16168 Description: This update for sqlite3 fixes the following issues: Security issue fixed: - CVE-2019-16168: Fixed improper validation of sqlite_stat1 field that could lead to denial of service (bsc#1150137). ----------------------------------------- Patch: SUSE-2019-2762 Released: Thu Oct 24 07:08:44 2019 Summary: Recommended update for timezone Severity: moderate References: 1150451 Description: This update for timezone fixes the following issues: - Fiji observes DST from 2019-11-10 to 2020-01-12. - Norfolk Island starts observing Australian-style DST. ----------------------------------------- Patch: SUSE-2019-2810 Released: Tue Oct 29 14:56:44 2019 Summary: Security update for runc Severity: moderate References: 1131314,1131553,1152308,CVE-2019-16884 Description: This update for runc fixes the following issues: Security issue fixed: - CVE-2019-16884: Fixed an LSM bypass via malicious Docker images that mount over a /proc directory. (bsc#1152308) Non-security issues fixed: - Includes upstreamed patches for regressions (bsc#1131314 bsc#1131553). ----------------------------------------- Patch: SUSE-2019-2997 Released: Mon Nov 18 15:16:38 2019 Summary: Security update for ncurses Severity: moderate References: 1103320,1154036,1154037,CVE-2019-17594,CVE-2019-17595 Description: This update for ncurses fixes the following issues: Security issues fixed: - CVE-2019-17594: Fixed a heap-based buffer over-read in the _nc_find_entry function (bsc#1154036). - CVE-2019-17595: Fixed a heap-based buffer over-read in the fmt_entry function (bsc#1154037). Non-security issue fixed: - Removed screen.xterm from terminfo database (bsc#1103320). ----------------------------------------- Patch: SUSE-2019-3061 Released: Mon Nov 25 17:34:22 2019 Summary: Security update for gcc9 Severity: moderate References: 1114592,1135254,1141897,1142649,1142654,1148517,1149145,CVE-2019-14250,CVE-2019-15847,SLE-6533,SLE-6536 Description: This update includes the GNU Compiler Collection 9. A full changelog is provided by the GCC team on: https://www.gnu.org/software/gcc/gcc-9/changes.html The base system compiler libraries libgcc_s1, libstdc++6 and others are now built by the gcc 9 packages. To use it, install 'gcc9' or 'gcc9-c++' or other compiler brands and use CC=gcc-9 / CXX=g++-9 during configuration for using it. Security issues fixed: - CVE-2019-15847: Fixed a miscompilation in the POWER9 back end, that optimized multiple calls of the __builtin_darn intrinsic into a single call. (bsc#1149145) - CVE-2019-14250: Fixed a heap overflow in the LTO linker. (bsc#1142649) Non-security issues fixed: - Split out libstdc++ pretty-printers into a separate package supplementing gdb and the installed runtime. (bsc#1135254) - Fixed miscompilation for vector shift on s390. (bsc#1141897) ----------------------------------------- Patch: SUSE-2019-3086 Released: Thu Nov 28 10:02:24 2019 Summary: Security update for libidn2 Severity: moderate References: 1154884,1154887,CVE-2019-12290,CVE-2019-18224 Description: This update for libidn2 to version 2.2.0 fixes the following issues: - CVE-2019-12290: Fixed an improper round-trip check when converting A-labels to U-labels (bsc#1154884). - CVE-2019-18224: Fixed a heap-based buffer overflow that was caused by long domain strings (bsc#1154887). ----------------------------------------- Patch: SUSE-2019-3395 Released: Mon Dec 30 14:05:06 2019 Summary: Security update for mozilla-nspr, mozilla-nss Severity: moderate References: 1141322,1158527,1159819,CVE-2018-18508,CVE-2019-11745,CVE-2019-17006 Description: This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to NSS 3.47.1: Security issues fixed: - CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819). - CVE-2019-11745: EncryptUpdate should use maxout, not block size (bsc#1158527). - CVE-2019-11727: Fixed vulnerability sign CertificateVerify with PKCS#1 v1.5 signatures issue (bsc#1141322). mozilla-nspr was updated to version 4.23: - Whitespace in C files was cleaned up and no longer uses tab characters for indenting. ----------------------------------------- Patch: SUSE-2020-52 Released: Thu Jan 9 10:09:11 2020 Summary: Optional update for openslp Severity: low References: 1149792 Description: This update for openslp doesn't fix any user visible bugs. ----------------------------------------- Patch: SUSE-2020-525 Released: Fri Feb 28 11:49:36 2020 Summary: Recommended update for pam Severity: moderate References: 1164562 Description: This update for pam fixes the following issues: - Add libdb as build-time dependency to enable pam_userdb module. Enable pam_userdb.so (jsc#sle-7258, bsc#1164562) ----------------------------------------- Patch: SUSE-2020-654 Released: Thu Mar 12 11:35:09 2020 Summary: Recommended update for wpa_supplicant Severity: moderate References: 1165266 Description: This update for wpa_supplicant fixes the following issues: - Adjust the wpa_supplicant service to start after network.target (bsc#1165266) ----------------------------------------- Patch: SUSE-2020-689 Released: Fri Mar 13 17:09:01 2020 Summary: Recommended update for pam Severity: moderate References: 1166510 Description: This update for PAM fixes the following issue: - The license of libdb linked against pam_userdb is not always wanted, so we temporary disabled pam_userdb again. It will be published in a different package at a later time. (bsc#1166510) ----------------------------------------- Patch: SUSE-2020-697 Released: Mon Mar 16 13:17:10 2020 Summary: Security update for cni, cni-plugins, conmon, fuse-overlayfs, podman Severity: moderate References: 1155217,1160460,1164390,CVE-2019-18466 Description: This update for cni, cni-plugins, conmon, fuse-overlayfs, podman fixes the following issues: podman was updated to 1.8.0: - CVE-2019-18466: Fixed a bug where podman cp would improperly copy files on the host when copying a symlink in the container that included a glob operator (#3829 bsc#1155217) - The name of the cni-bridge in the default config changed from 'cni0' to 'podman-cni0' with podman-1.6.0. Add a %trigger to rename the bridge in the system to the new default if it exists. The trigger is only excuted when updating podman-cni-config from something older than 1.6.0. This is mainly needed for SLE where we're updating from 1.4.4 to 1.8.0 (bsc#1160460). Update podman to v1.8.0 (bsc#1160460): * Features - The podman system service command has been added, providing a preview of Podman's new Docker-compatible API. This API is still very new, and not yet ready for production use, but is available for early testing - Rootless Podman now uses Rootlesskit for port forwarding, which should greatly improve performance and capabilities - The podman untag command has been added to remove tags from images without deleting them - The podman inspect command on images now displays previous names they used - The podman generate systemd command now supports a --new option to generate service files that create and run new containers instead of managing existing containers - Support for --log-opt tag= to set logging tags has been added to the journald log driver - Added support for using Seccomp profiles embedded in images for podman run and podman create via the new --seccomp-policy CLI flag - The podman play kube command now honors pull policy * Bugfixes - Fixed a bug where the podman cp command would not copy the contents of directories when paths ending in /. were given - Fixed a bug where the podman play kube command did not properly locate Seccomp profiles specified relative to localhost - Fixed a bug where the podman info command for remote Podman did not show registry information - Fixed a bug where the podman exec command did not support having input piped into it - Fixed a bug where the podman cp command with rootless Podman on CGroups v2 systems did not properly determine if the container could be paused while copying - Fixed a bug where the podman container prune --force command could possible remove running containers if they were started while the command was running - Fixed a bug where Podman, when run as root, would not properly configure slirp4netns networking when requested - Fixed a bug where podman run --userns=keep-id did not work when the user had a UID over 65535 - Fixed a bug where rootless podman run and podman create with the --userns=keep-id option could change permissions on /run/user/$UID and break KDE - Fixed a bug where rootless Podman could not be run in a systemd service on systems using CGroups v2 - Fixed a bug where podman inspect would show CPUShares as 0, instead of the default (1024), when it was not explicitly set - Fixed a bug where podman-remote push would segfault - Fixed a bug where image healthchecks were not shown in the output of podman inspect - Fixed a bug where named volumes created with containers from pre-1.6.3 releases of Podman would be autoremoved with their containers if the --rm flag was given, even if they were given names - Fixed a bug where podman history was not computing image sizes correctly - Fixed a bug where Podman would not error on invalid values to the --sort flag to podman images - Fixed a bug where providing a name for the image made by podman commit was mandatory, not optional as it should be - Fixed a bug where the remote Podman client would append an extra ' to %PATH - Fixed a bug where the podman build command would sometimes ignore the -f option and build the wrong Containerfile - Fixed a bug where the podman ps --filter command would only filter running containers, instead of all containers, if --all was not passed - Fixed a bug where the podman load command on compressed images would leave an extra copy on disk - Fixed a bug where the podman restart command would not properly clean up the network, causing it to function differently from podman stop; podman start - Fixed a bug where setting the --memory-swap flag to podman create and podman run to -1 (to indicate unlimited) was not supported * Misc - Initial work on version 2 of the Podman remote API has been merged, but is still in an alpha state and not ready for use. Read more here - Many formatting corrections have been made to the manpages - The changes to address (#5009) may cause anonymous volumes created by Podman versions 1.6.3 to 1.7.0 to not be removed when their container is removed - Updated vendored Buildah to v1.13.1 - Updated vendored containers/storage to v1.15.8 - Updated vendored containers/image to v5.2.0 - Add apparmor-abstractions as required runtime dependency to have `tunables/global` available. - fixed the --force flag for the 'container prune' command. (https://github.com/containers/libpod/issues/4844) Update podman to v1.7.0 * Features - Added support for setting a static MAC address for containers - Added support for creating macvlan networks with podman network create, allowing Podman containers to be attached directly to networks the host is connected to - The podman image prune and podman container prune commands now support the --filter flag to filter what will be pruned, and now prompts for confirmation when run without --force (#4410 and #4411) - Podman now creates CGroup namespaces by default on systems using CGroups v2 (#4363) - Added the podman system reset command to remove all Podman files and perform a factory reset of the Podman installation - Added the --history flag to podman images to display previous names used by images (#4566) - Added the --ignore flag to podman rm and podman stop to not error when requested containers no longer exist - Added the --cidfile flag to podman rm and podman stop to read the IDs of containers to be removed or stopped from a file - The podman play kube command now honors Seccomp annotations (#3111) - The podman play kube command now honors RunAsUser, RunAsGroup, and selinuxOptions - The output format of the podman version command has been changed to better match docker version when using the --format flag - Rootless Podman will no longer initialize containers/storage twice, removing a potential deadlock preventing Podman commands from running while an image was being pulled (#4591) - Added tmpcopyup and notmpcopyup options to the --tmpfs and --mount type=tmpfs flags to podman create and podman run to control whether the content of directories are copied into tmpfs filesystems mounted over them - Added support for disabling detaching from containers by setting empty detach keys via --detach-keys='' - The podman build command now supports the --pull and --pull-never flags to control when images are pulled during a build - The podman ps -p command now shows the name of the pod as well as its ID (#4703) - The podman inspect command on containers will now display the command used to create the container - The podman info command now displays information on registry mirrors (#4553) * Bugfixes - Fixed a bug where Podman would use an incorrect runtime directory as root, causing state to be deleted after root logged out and making Podman in systemd services not function properly - Fixed a bug where the --change flag to podman import and podman commit was not being parsed properly in many cases - Fixed a bug where detach keys specified in libpod.conf were not used by the podman attach and podman exec commands, which always used the global default ctrl-p,ctrl-q key combination (#4556) - Fixed a bug where rootless Podman was not able to run podman pod stats even on CGroups v2 enabled systems (#4634) - Fixed a bug where rootless Podman would fail on kernels without the renameat2 syscall (#4570) - Fixed a bug where containers with chained network namespace dependencies (IE, container A using --net container=B and container B using --net container=C) would not properly mount /etc/hosts and /etc/resolv.conf into the container (#4626) - Fixed a bug where podman run with the --rm flag and without -d could, when run in the background, throw a 'container does not exist' error when attempting to remove the container after it exited - Fixed a bug where named volume locks were not properly reacquired after a reboot, potentially leading to deadlocks when trying to start containers using the volume (#4605 and #4621) - Fixed a bug where Podman could not completely remove containers if sent SIGKILL during removal, leaving the container name unusable without the podman rm --storage command to complete removal (#3906) - Fixed a bug where checkpointing containers started with --rm was allowed when --export was not specified (the container, and checkpoint, would be removed after checkpointing was complete by --rm) (#3774) - Fixed a bug where the podman pod prune command would fail if containers were present in the pods and the --force flag was not passed (#4346) - Fixed a bug where containers could not set a static IP or static MAC address if they joined a non-default CNI network (#4500) - Fixed a bug where podman system renumber would always throw an error if a container was mounted when it was run - Fixed a bug where podman container restore would fail with containers using a user namespace - Fixed a bug where rootless Podman would attempt to use the journald events backend even on systems without systemd installed - Fixed a bug where podman history would sometimes not properly identify the IDs of layers in an image (#3359) - Fixed a bug where containers could not be restarted when Conmon v2.0.3 or later was used - Fixed a bug where Podman did not check image OS and Architecture against the host when starting a container - Fixed a bug where containers in pods did not function properly with the Kata OCI runtime (#4353) - Fixed a bug where `podman info --format '{{ json . }}' would not produce JSON output (#4391) - Fixed a bug where Podman would not verify if files passed to --authfile existed (#4328) - Fixed a bug where podman images --digest would not always print digests when they were available - Fixed a bug where rootless podman run could hang due to a race with reading and writing events - Fixed a bug where rootless Podman would print warning-level logs despite not be instructed to do so (#4456) - Fixed a bug where podman pull would attempt to fetch from remote registries when pulling an unqualified image using the docker-daemon transport (#4434) - Fixed a bug where podman cp would not work if STDIN was a pipe - Fixed a bug where podman exec could stop accepting input if anything was typed between the command being run and the exec session starting (#4397) - Fixed a bug where podman logs --tail 0 would print all lines of a container's logs, instead of no lines (#4396) - Fixed a bug where the timeout for slirp4netns was incorrectly set, resulting in an extremely long timeout (#4344) - Fixed a bug where the podman stats command would print CPU utilizations figures incorrectly (#4409) - Fixed a bug where the podman inspect --size command would not print the size of the container's read/write layer if the size was 0 (#4744) - Fixed a bug where the podman kill command was not properly validating signals before use (#4746) - Fixed a bug where the --quiet and --format flags to podman ps could not be used at the same time - Fixed a bug where the podman stop command was not stopping exec sessions when a container was created without a PID namespace (--pid=host) - Fixed a bug where the podman pod rm --force command was not removing anonymous volumes for containers that were removed - Fixed a bug where the podman checkpoint command would not export all changes to the root filesystem of the container if performed more than once on the same container (#4606) - Fixed a bug where containers started with --rm would not be automatically removed on being stopped if an exec session was running inside the container (#4666) * Misc - The fixes to runtime directory path as root can cause strange behavior if an upgrade is performed while containers are running - Updated vendored Buildah to v1.12.0 - Updated vendored containers/storage library to v1.15.4 - Updated vendored containers/image library to v5.1.0 - Kata Containers runtimes (kata-runtime, kata-qemu, and kata-fc) are now present in the default libpod.conf, but will not be available unless Kata containers is installed on the system - Podman previously did not allow the creation of containers with a memory limit lower than 4MB. This restriction has been removed, as the crun runtime can create containers with significantly less memory Update podman to v1.6.4 - Remove winsz FIFO on container restart to allow use with Conmon 2.03 and higher - Ensure volumes reacquire locks on system restart, preventing deadlocks when starting containers - Suppress spurious log messages when running rootless Podman - Update vendored containers/storage to v1.13.6 - Fix a deadlock related to writing events - Do not use the journald event logger when it is not available Update podman to v1.6.2 * Features - Added a --runtime flag to podman system migrate to allow the OCI runtime for all containers to be reset, to ease transition to the crun runtime on CGroups V2 systems until runc gains full support - The podman rm command can now remove containers in broken states which previously could not be removed - The podman info command, when run without root, now shows information on UID and GID mappings in the rootless user namespace - Added podman build --squash-all flag, which squashes all layers (including those of the base image) into one layer - The --systemd flag to podman run and podman create now accepts a string argument and allows a new value, always, which forces systemd support without checking if the the container entrypoint is systemd * Bugfixes - Fixed a bug where the podman top command did not work on systems using CGroups V2 (#4192) - Fixed a bug where rootless Podman could double-close a file, leading to a panic - Fixed a bug where rootless Podman could fail to retrieve some containers while refreshing the state - Fixed a bug where podman start --attach --sig-proxy=false would still proxy signals into the container - Fixed a bug where Podman would unconditionally use a non-default path for authentication credentials (auth.json), breaking podman login integration with skopeo and other tools using the containers/image library - Fixed a bug where podman ps --format=json and podman images --format=json would display null when no results were returned, instead of valid JSON - Fixed a bug where podman build --squash was incorrectly squashing all layers into one, instead of only new layers - Fixed a bug where rootless Podman would allow volumes with options to be mounted (mounting volumes requires root), creating an inconsistent state where volumes reported as mounted but were not (#4248) - Fixed a bug where volumes which failed to unmount could not be removed (#4247) - Fixed a bug where Podman incorrectly handled some errors relating to unmounted or missing containers in containers/storage - Fixed a bug where podman stats was broken on systems running CGroups V2 when run rootless (#4268) - Fixed a bug where the podman start command would print the short container ID, instead of the full ID - Fixed a bug where containers created with an OCI runtime that is no longer available (uninstalled or removed from the config file) would not appear in podman ps and could not be removed via podman rm - Fixed a bug where containers restored via podman container restore --import would retain the CGroup path of the original container, even if their container ID changed; thus, multiple containers created from the same checkpoint would all share the same CGroup * Misc - The default PID limit for containers is now set to 4096. It can be adjusted back to the old default (unlimited) by passing --pids-limit 0 to podman create and podman run - The podman start --attach command now automatically attaches STDIN if the container was created with -i - The podman network create command now validates network names using the same regular expression as container and pod names - The --systemd flag to podman run and podman create will now only enable systemd mode when the binary being run inside the container is /sbin/init, /usr/sbin/init, or ends in systemd (previously detected any path ending in init or systemd) - Updated vendored Buildah to 1.11.3 - Updated vendored containers/storage to 1.13.5 - Updated vendored containers/image to 4.0.1 Update podman to v1.6.1 * Features - The podman network create, podman network rm, podman network inspect, and podman network ls commands have been added to manage CNI networks used by Podman - The podman volume create command can now create and mount volumes with options, allowing volumes backed by NFS, tmpfs, and many other filesystems - Podman can now run containers without CGroups for better integration with systemd by using the --cgroups=disabled flag with podman create and podman run. This is presently only supported with the crun OCI runtime - The podman volume rm and podman volume inspect commands can now refer to volumes by an unambiguous partial name, in addition to full name (e.g. podman volume rm myvol to remove a volume named myvolume) (#3891) - The podman run and podman create commands now support the --pull flag to allow forced re-pulling of images (#3734) - Mounting volumes into a container using --volume, --mount, and --tmpfs now allows the suid, dev, and exec mount options (the inverse of nosuid, nodev, noexec) (#3819) - Mounting volumes into a container using --mount now allows the relabel=Z and relabel=z options to relabel mounts. - The podman push command now supports the --digestfile option to save a file containing the pushed digest - Pods can now have their hostname set via podman pod create --hostname or providing Pod YAML with a hostname set to podman play kube (#3732) - The podman image sign command now supports the --cert-dir flag - The podman run and podman create commands now support the --security-opt label=filetype:$LABEL flag to set the SELinux label for container files - The remote Podman client now supports healthchecks * Bugfixes - Fixed a bug where remote podman pull would panic if a Varlink connection was not available (#4013) - Fixed a bug where podman exec would not properly set terminal size when creating a new exec session (#3903) - Fixed a bug where podman exec would not clean up socket symlinks on the host (#3962) - Fixed a bug where Podman could not run systemd in containers that created a CGroup namespace - Fixed a bug where podman prune -a would attempt to prune images used by Buildah and CRI-O, causing errors (#3983) - Fixed a bug where improper permissions on the ~/.config directory could cause rootless Podman to use an incorrect directory for storing some files - Fixed a bug where the bash completions for podman import threw errors - Fixed a bug where Podman volumes created with podman volume create would not copy the contents of their mountpoint the first time they were mounted into a container (#3945) - Fixed a bug where rootless Podman could not run podman exec when the container was not run inside a CGroup owned by the user (#3937) - Fixed a bug where podman play kube would panic when given Pod YAML without a securityContext (#3956) - Fixed a bug where Podman would place files incorrectly when storage.conf configuration items were set to the empty string (#3952) - Fixed a bug where podman build did not correctly inherit Podman's CGroup configuration, causing crashed on CGroups V2 systems (#3938) - Fixed a bug where remote podman run --rm would exit before the container was completely removed, allowing race conditions when removing container resources (#3870) - Fixed a bug where rootless Podman would not properly handle changes to /etc/subuid and /etc/subgid after a container was launched - Fixed a bug where rootless Podman could not include some devices in a container using the --device flag (#3905) - Fixed a bug where the commit Varlink API would segfault if provided incorrect arguments (#3897) - Fixed a bug where temporary files were not properly cleaned up after a build using remote Podman (#3869) - Fixed a bug where podman remote cp crashed instead of reporting it was not yet supported (#3861) - Fixed a bug where podman exec would run as the wrong user when execing into a container was started from an image with Dockerfile USER (or a user specified via podman run --user) (#3838) - Fixed a bug where images pulled using the oci: transport would be improperly named - Fixed a bug where podman varlink would hang when managed by systemd due to SD_NOTIFY support conflicting with Varlink (#3572) - Fixed a bug where mounts to the same destination would sometimes not trigger a conflict, causing a race as to which was actually mounted - Fixed a bug where podman exec --preserve-fds caused Podman to hang (#4020) - Fixed a bug where removing an unmounted container that was unmounted might sometimes not properly clean up the container (#4033) - Fixed a bug where the Varlink server would freeze when run in a systemd unit file (#4005) - Fixed a bug where Podman would not properly set the $HOME environment variable when the OCI runtime did not set it - Fixed a bug where rootless Podman would incorrectly print warning messages when an OCI runtime was not found (#4012) - Fixed a bug where named volumes would conflict with, instead of overriding, tmpfs filesystems added by the --read-only-tmpfs flag to podman create and podman run - Fixed a bug where podman cp would incorrectly make the target directory when copying to a symlink which pointed to a nonexistent directory (#3894) - Fixed a bug where remote Podman would incorrectly read STDIN when the -i flag was not set (#4095) - Fixed a bug where podman play kube would create an empty pod when given an unsupported YAML type (#4093) - Fixed a bug where podman import --change improperly parsed CMD (#4000) - Fixed a bug where rootless Podman on systems using CGroups V2 would not function with the cgroupfs CGroups manager - Fixed a bug where rootless Podman could not correctly identify the DBus session address, causing containers to fail to start (#4162) - Fixed a bug where rootless Podman with slirp4netns networking would fail to start containers due to mount leaks * Misc - Significant changes were made to Podman volumes in this release. If you have pre-existing volumes, it is strongly recommended to run podman system renumber after upgrading. - Version 0.8.1 or greater of the CNI Plugins is now required for Podman - Version 2.0.1 or greater of Conmon is strongly recommended - Updated vendored Buildah to v1.11.2 - Updated vendored containers/storage library to v1.13.4 - Improved error messages when trying to create a pod with no name via podman play kube - Improved error messages when trying to run podman pause or podman stats on a rootless container on a system without CGroups V2 enabled - TMPDIR has been set to /var/tmp by default to better handle large temporary files - podman wait has been optimized to detect stopped containers more rapidly - Podman containers now include a ContainerManager annotation indicating they were created by libpod - The podman info command now includes information about slirp4netns and fuse-overlayfs if they are available - Podman no longer sets a default size of 65kb for tmpfs filesystems - The default Podman CNI network has been renamed in an attempt to prevent conflicts with CRI-O when both are run on the same system. This should only take effect on system restart - The output of podman volume inspect has been more closely matched to docker volume inspect - Add katacontainers as a recommended package, and include it as an additional OCI runtime in the configuration. Update podman to v1.5.1 * Features - The hostname of pods is now set to the pod's name * Bugfixes - Fixed a bug where podman run and podman create did not honor the --authfile option (#3730) - Fixed a bug where containers restored with podman container restore --import would incorrectly duplicate the Conmon PID file of the original container - Fixed a bug where podman build ignored the default OCI runtime configured in libpod.conf - Fixed a bug where podman run --rm (or force-removing any running container with podman rm --force) were not retrieving the correct exit code (#3795) - Fixed a bug where Podman would exit with an error if any configured hooks directory was not present - Fixed a bug where podman inspect and podman commit would not use the correct CMD for containers run with podman play kube - Fixed a bug created pods when using rootless Podman and CGroups V2 (#3801) - Fixed a bug where the podman events command with the --since or --until options could take a very long time to complete * Misc - Rootless Podman will now inherit OCI runtime configuration from the root configuration (#3781) - Podman now properly sets a user agent while contacting registries (#3788) - Add zsh completion for podman commands Update podman to v1.5.0 * Features - Podman containers can now join the user namespaces of other containers with --userns=container:$ID, or a user namespace at an arbitary path with --userns=ns:$PATH - Rootless Podman can experimentally squash all UIDs and GIDs in an image to a single UID and GID (which does not require use of the newuidmap and newgidmap executables) by passing --storage-opt ignore_chown_errors - The podman generate kube command now produces YAML for any bind mounts the container has created (#2303) - The podman container restore command now features a new flag, --ignore-static-ip, that can be used with --import to import a single container with a static IP multiple times on the same host - Added the ability for podman events to output JSON by specifying --format=json - If the OCI runtime or conmon binary cannot be found at the paths specified in libpod.conf, Podman will now also search for them in the calling user's path - Added the ability to use podman import with URLs (#3609) - The podman ps command now supports filtering names using regular expressions (#3394) - Rootless Podman containers with --privileged set will now mount in all host devices that the user can access - The podman create and podman run commands now support the --env-host flag to forward all environment variables from the host into the container - Rootless Podman now supports healthchecks (#3523) - The format of the HostConfig portion of the output of podman inspect on containers has been improved and synced with Docker - Podman containers now support CGroup namespaces, and can create them by passing --cgroupns=private to podman run or podman create - The podman create and podman run commands now support the --ulimit=host flag, which uses any ulimits currently set on the host for the container - The podman rm and podman rmi commands now use different exit codes to indicate 'no such container' and 'container is running' errors - Support for CGroups V2 through the crun OCI runtime has been greatly improved, allowing resource limits to be set for rootless containers when the CGroups V2 hierarchy is in use * Bugfixes - Fixed a bug where a race condition could cause podman restart to fail to start containers with ports - Fixed a bug where containers restored from a checkpoint would not properly report the time they were started at - Fixed a bug where podman search would return at most 25 results, even when the maximum number of results was set higher - Fixed a bug where podman play kube would not honor capabilities set in imported YAML (#3689) - Fixed a bug where podman run --env, when passed a single key (to use the value from the host), would set the environment variable in the container even if it was not set on the host (#3648) - Fixed a bug where podman commit --changes would not properly set environment variables - Fixed a bug where Podman could segfault while working with images with no history - Fixed a bug where podman volume rm could remove arbitrary volumes if given an ambiguous name (#3635) - Fixed a bug where podman exec invocations leaked memory by not cleaning up files in tmpfs - Fixed a bug where the --dns and --net=container flags to podman run and podman create were not mutually exclusive (#3553) - Fixed a bug where rootless Podman would be unable to run containers when less than 5 UIDs were available - Fixed a bug where containers in pods could not be removed without removing the entire pod (#3556) - Fixed a bug where Podman would not properly clean up all CGroup controllers for created cgroups when using the cgroupfs CGroup driver - Fixed a bug where Podman containers did not properly clean up files in tmpfs, resulting in a memory leak as containers stopped - Fixed a bug where healthchecks from images would not use default settings for interval, retries, timeout, and start period when they were not provided by the image (#3525) - Fixed a bug where healthchecks using the HEALTHCHECK CMD format where not properly supported (#3507) - Fixed a bug where volume mounts using relative source paths would not be properly resolved (#3504) - Fixed a bug where podman run did not use authorization credentials when a custom path was specified (#3524) - Fixed a bug where containers checkpointed with podman container checkpoint did not properly set their finished time - Fixed a bug where running podman inspect on any container not created with podman run or podman create (for example, pod infra containers) would result in a segfault (#3500) - Fixed a bug where healthcheck flags for podman create and podman run were incorrectly named (#3455) - Fixed a bug where Podman commands would fail to find targets if a partial ID was specified that was ambiguous between a container and pod (#3487) - Fixed a bug where restored containers would not have the correct SELinux label - Fixed a bug where Varlink endpoints were not working properly if more was not correctly specified - Fixed a bug where the Varlink PullImage endpoint would crash if an error occurred (#3715) - Fixed a bug where the --mount flag to podman create and podman run did not allow boolean arguments for its ro and rw options (#2980) - Fixed a bug where pods did not properly share the UTS namespace, resulting in incorrect behavior from some utilities which rely on hostname (#3547) - Fixed a bug where Podman would unconditionally append ENTRYPOINT to CMD during podman commit (and when reporting CMD in podman inspect) (#3708) - Fixed a bug where podman events with the journald events backend would incorrectly print 6 previous events when only new events were requested (#3616) - Fixed a bug where podman port would exit prematurely when a port number was specified (#3747) - Fixed a bug where passing . as an argument to the --dns-search flag to podman create and podman run was not properly clearing DNS search domains in the container * Misc - Updated vendored Buildah to v1.10.1 - Updated vendored containers/image to v3.0.2 - Updated vendored containers/storage to v1.13.1 - Podman now requires conmon v2.0.0 or higher - The podman info command now displays the events logger being in use - The podman inspect command on containers now includes the ID of the pod a container has joined and the PID of the container's conmon process - The -v short flag for podman --version has been re-added - Error messages from podman pull should be significantly clearer - The podman exec command is now available in the remote client - The podman-v1.5.0.tar.gz file attached is podman packaged for MacOS. It can be installed using Homebrew. - Update libpod.conf to support latest path discovery feature for `runc` and `conmon` binaries. conmon was included in version 2.0.10. (bsc#1160460, bsc#1164390, jsc#ECO-1048, jsc#SLE-11485, jsc#SLE-11331): fuse-overlayfs was updated to v0.7.6 (bsc#1160460) - do not look in lower layers for the ino if there is no origin xattr set - attempt to use the file path if the operation on the fd fails with ENXIO - do not expose internal xattrs through listxattr and getxattr - fix fallocate for deleted files. - ignore O_DIRECT. It causes issues with libfuse not using an aligned buffer, causing write(2) to fail with EINVAL. - on copyup, do not copy the opaque xattr. - fix a wrong lookup for whiteout files, that could happen on a double unlink. - fix possible segmentation fault in direct_fsync() - use the data store to create missing whiteouts - after a rename, force a directory reload - introduce inodes cache - correctly read inode for unix sockets - avoid hash map lookup when possible - use st_dev for the ino key - check whether writeback is supported - set_attrs: don't require write to S_IFREG - ioctl: do not reuse fi->fh for directories - fix skip whiteout deletion optimization - store the new mode after chmod - support fuse writeback cache and enable it by default - add option to disable fsync - add option to disable xattrs - add option to skip ino number check in lower layers - fix fd validity check - fix memory leak - fix read after free - fix type for flistxattr return - fix warnings reported by lgtm.com - enable parallel dirops cni was updated to 0.7.1: - Set correct CNI version for 99-loopback.conf Update to version 0.7.1 (bsc#1160460): * Library changes: + invoke : ensure custom envs of CNIArgs are prepended to process envs + add GetNetworkListCachedResult to CNI interface + delegate : allow delegation funcs override CNI_COMMAND env automatically in heritance * Documentation & Convention changes: + Update cnitool documentation for spec v0.4.0 + Add cni-route-override to CNI plugin list Update to version 0.7.0: * Spec changes: + Use more RFC2119 style language in specification (must, should...) + add notes about ADD/DEL ordering + Make the container ID required and unique. + remove the version parameter from ADD and DEL commands. + Network interface name matters + be explicit about optional and required structure members + add CHECK method + Add a well-known error for 'try again' + SPEC.md: clarify meaning of 'routes' * Library changes: + pkg/types: Makes IPAM concrete type + libcni: return error if Type is empty + skel: VERSION shouldn't block on stdin + non-pointer instances of types.Route now correctly marshal to JSON + libcni: add ValidateNetwork and ValidateNetworkList functions + pkg/skel: return error if JSON config has no network name + skel: add support for plugin version string + libcni: make exec handling an interface for better downstream testing + libcni: api now takes a Context to allow operations to be timed out or cancelled + types/version: add helper to parse PrevResult + skel: only print about message, not errors + skel,invoke,libcni: implementation of CHECK method + cnitool: Honor interface name supplied via CNI_IFNAME environment variable. + cnitool: validate correct number of args + Don't copy gw from IP4.Gateway to Route.GW When converting from 0.2.0 + add PrintTo method to Result interface + Return a better error when the plugin returns none - Install sleep binary into CNI plugin directory cni-plugins was updated to 0.8.4: Update to version 0.8.4 (bsc#1160460): * add support for mips64le * Add missing cniVersion in README example * bump go-iptables module to v0.4.5 * iptables: add idempotent functions * portmap doesn't fail if chain doesn't exist * fix portmap port forward flakiness * Add Bruce Ma and Piotr Skarmuk as owners Update to version 0.8.3: * Enhancements: * static: prioritize the input sources for IPs (#400). * tuning: send gratuitous ARP in case of MAC address update (#403). * bandwidth: use uint64 for Bandwidth value (#389). * ptp: only override DNS conf if DNS settings provided (#388). * loopback: When prevResults are not supplied to loopback plugin, create results to return (#383). * loopback support CNI CHECK and result cache (#374). * Better input validation: * vlan: add MTU validation to loadNetConf (#405). * macvlan: add MTU validation to loadNetConf (#404). * bridge: check vlan id when loading net conf (#394). * Bugfixes: * bugfix: defer after err check, or it may panic (#391). * portmap: Fix dual-stack support (#379). * firewall: don't return error in DEL if prevResult is not found (#390). * bump up libcni back to v0.7.1 (#377). * Docs: * contributing doc: revise test script name to run (#396). * contributing doc: describe cnitool installation (#397). Update plugins to v0.8.2 + New features: * Support 'args' in static and tuning * Add Loopback DSR support, allow l2tunnel networks to be used with the l2bridge plugin * host-local: return error if same ADD request is seen twice * bandwidth: fix collisions * Support ips capability in static and mac capability in tuning * pkg/veth: Make host-side veth name configurable + Bug fixes: * Fix: failed to set bridge addr: could not add IP address to 'cni0': file exists * host-device: revert name setting to make retries idempotent (#357). * Vendor update go-iptables. Vendor update go-iptables to obtain commit f1d0510cabcb710d5c5dd284096f81444b9d8d10 * Update go.mod & go.sub * Remove link Down/Up in MAC address change to prevent route flush (#364). * pkg/ip unit test: be agnostic of Linux version, on Linux 4.4 the syscall error message is 'invalid argument' not 'file exists' * bump containernetworking/cni to v0.7.1 Updated plugins to v0.8.1: + Bugs: * bridge: fix ipMasq setup to use correct source address * fix compilation error on 386 * bandwidth: get bandwidth interface in host ns through container interface + Improvements: * host-device: add pciBusID property Updated plugins to v0.8.0: + New plugins: * bandwidth - limit incoming and outgoing bandwidth * firewall - add containers to firewall rules * sbr - convert container routes to source-based routes * static - assign a fixed IP address * win-bridge, win-overlay: Windows plugins + Plugin features / changelog: * CHECK Support * macvlan: - Allow to configure empty ipam for macvlan - Make master config optional * bridge: - Add vlan tag to the bridge cni plugin - Allow the user to assign VLAN tag - L2 bridge Implementation. * dhcp: - Include Subnet Mask option parameter in DHCPREQUEST - Add systemd unit file to activate socket with systemd - Add container ifName to the dhcp clientID, making the clientID value * flannel: - Pass through runtimeConfig to delegate * host-local: - host-local: add ifname to file tracking IP address used * host-device: - Support the IPAM in the host-device - Handle empty netns in DEL for loopback and host-device * tuning: - adds 'ip link' command related feature into tuning + Bug fixes & minor changes * Correctly DEL on ipam failure for all plugins * Fix bug on ip revert if cmdAdd fails on macvlan and host-device * host-device: Ensure device is down before rename * Fix -hostprefix option * some DHCP servers expect to request for explicit router options * bridge: release IP in case of error * change source of ipmasq rule from ipn to ip from version v0.7.5: + This release takes a minor change to the portmap plugin: * Portmap: append, rather than prepend, entry rules + This fixes a potential issue where firewall rules may be bypassed by port mapping ----------------------------------------- Patch: SUSE-2020-825 Released: Tue Mar 31 13:30:37 2020 Summary: Recommended update for openslp Severity: moderate References: 1165050,1165121 Description: This update for openslp fixes the following issues: - Add missing group prerequisites to the openslp-server package. (bsc#1165050) - Add missing openslp prerequisites to the openslp-server package. (bsc#1165121) ----------------------------------------- Patch: SUSE-2020-913 Released: Fri Apr 3 12:03:35 2020 Summary: Recommended update for wpa_supplicant Severity: moderate References: 1166933 Description: This update for wpa_supplicant fixes the following issue: - Change wpa_supplicant.service to ensure wpa_supplicant gets started before network. Fix WLAN config on boot with wicked. (bsc#1166933) ----------------------------------------- Patch: SUSE-2020-917 Released: Fri Apr 3 15:02:25 2020 Summary: Recommended update for pam Severity: moderate References: 1166510 Description: This update for pam fixes the following issues: - Moved pam_userdb into a separate package pam-extra. (bsc#1166510) ----------------------------------------- Patch: SUSE-2020-944 Released: Tue Apr 7 15:49:33 2020 Summary: Security update for runc Severity: moderate References: 1149954,1160452,CVE-2019-19921 Description: This update for runc fixes the following issues: runc was updated to v1.0.0~rc10 - CVE-2019-19921: Fixed a mount race condition with shared mounts (bsc#1160452). - Fixed an issue where podman run hangs when spawned by salt-minion process (bsc#1149954). ----------------------------------------- Patch: SUSE-2020-948 Released: Wed Apr 8 07:44:21 2020 Summary: Security update for gmp, gnutls, libnettle Severity: moderate References: 1152692,1155327,1166881,1168345,CVE-2020-11501 Description: This update for gmp, gnutls, libnettle fixes the following issues: Security issue fixed: - CVE-2020-11501: Fixed zero random value in DTLS client hello (bsc#1168345) FIPS related bugfixes: - FIPS: Install checksums for binary integrity verification which are required when running in FIPS mode (bsc#1152692, jsc#SLE-9518) - FIPS: Fixed a cfb8 decryption issue, no longer truncate output IV if input is shorter than block size. (bsc#1166881) - FIPS: Added Diffie Hellman public key verification test. (bsc#1155327) ----------------------------------------- Patch: SUSE-2020-1226 Released: Fri May 8 10:51:05 2020 Summary: Recommended update for gcc9 Severity: moderate References: 1149995,1152590,1167898 Description: This update for gcc9 fixes the following issues: This update ships the GCC 9.3 release. - Includes a fix for Internal compiler error when building HepMC (bsc#1167898) - Includes fix for binutils version parsing - Add libstdc++6-pp provides and conflicts to avoid file conflicts with same minor version of libstdc++6-pp from gcc10. - Add gcc9 autodetect -g at lto link (bsc#1149995) - Install go tool buildid for bootstrapping go ----------------------------------------- Patch: SUSE-2020-1294 Released: Mon May 18 07:38:36 2020 Summary: Security update for file Severity: moderate References: 1154661,1169512,CVE-2019-18218 Description: This update for file fixes the following issues: Security issues fixed: - CVE-2019-18218: Fixed a heap-based buffer overflow in cdf_read_property_info() (bsc#1154661). Non-security issue fixed: - Fixed broken '--help' output (bsc#1169512). ----------------------------------------- Patch: SUSE-2020-1303 Released: Mon May 18 09:40:36 2020 Summary: Recommended update for timezone Severity: moderate References: 1169582 Description: This update for timezone fixes the following issues: - timezone update 2020a. (bsc#1169582) * Morocco springs forward on 2020-05-31, not 2020-05-24. * Canada's Yukon advanced to -07 year-round on 2020-03-08. * America/Nuuk renamed from America/Godthab. * zic now supports expiration dates for leap second lists. ----------------------------------------- Patch: SUSE-2020-1328 Released: Mon May 18 17:16:04 2020 Summary: Recommended update for grep Severity: moderate References: 1155271 Description: This update for grep fixes the following issues: - Update testsuite expectations, no functional changes (bsc#1155271) ----------------------------------------- Patch: SUSE-2020-1353 Released: Wed May 20 13:02:32 2020 Summary: Security update for freetype2 Severity: moderate References: 1079603,1091109,CVE-2018-6942 Description: This update for freetype2 to version 2.10.1 fixes the following issues: Security issue fixed: - CVE-2018-6942: Fixed a NULL pointer dereference within ttinerp.c (bsc#1079603). Non-security issues fixed: - Update to version 2.10.1 * The bytecode hinting of OpenType variation fonts was flawed, since the data in the `CVAR' table wasn't correctly applied. * Auto-hinter support for Mongolian. * The handling of the default character in PCF fonts as introduced in version 2.10.0 was partially broken, causing premature abortion of charmap iteration for many fonts. * If `FT_Set_Named_Instance' was called with the same arguments twice in a row, the function returned an incorrect error code the second time. * Direct rendering using FT_RASTER_FLAG_DIRECT crashed (bug introduced in version 2.10.0). * Increased precision while computing OpenType font variation instances. * The flattening algorithm of cubic Bezier curves was slightly changed to make it faster. This can cause very subtle rendering changes, which aren't noticeable by the eye, however. * The auto-hinter now disables hinting if there are blue zones defined for a `style' (i.e., a certain combination of a script and its related typographic features) but the font doesn't contain any characters needed to set up at least one blue zone. - Add tarball signatures and freetype2.keyring - Update to version 2.10.0 * A bunch of new functions has been added to access and process COLR/CPAL data of OpenType fonts with color-layered glyphs. * As a GSoC 2018 project, Nikhil Ramakrishnan completely overhauled and modernized the API reference. * The logic for computing the global ascender, descender, and height of OpenType fonts has been slightly adjusted for consistency. * `TT_Set_MM_Blend' could fail if called repeatedly with the same arguments. * The precision of handling deltas in Variation Fonts has been increased.The problem did only show up with multidimensional designspaces. * New function `FT_Library_SetLcdGeometry' to set up the geometry of LCD subpixels. * FreeType now uses the `defaultChar' property of PCF fonts to set the glyph for the undefined character at glyph index 0 (as FreeType already does for all other supported font formats). As a consequence, the order of glyphs of a PCF font if accessed with FreeType can be different now compared to previous versions. This change doesn't affect PCF font access with cmaps. * `FT_Select_Charmap' has been changed to allow parameter value `FT_ENCODING_NONE', which is valid for BDF, PCF, and Windows FNT formats to access built-in cmaps that don't have a predefined `FT_Encoding' value. * A previously reserved field in the `FT_GlyphSlotRec' structure now holds the glyph index. * The usual round of fuzzer bug fixes to better reject malformed fonts. * `FT_Outline_New_Internal' and `FT_Outline_Done_Internal' have been removed.These two functions were public by oversight only and were never documented. * A new function `FT_Error_String' returns descriptions of error codes if configuration macro FT_CONFIG_OPTION_ERROR_STRINGS is defined. * `FT_Set_MM_WeightVector' and `FT_Get_MM_WeightVector' are new functions limited to Adobe MultiMaster fonts to directly set and get the weight vector. - Enable subpixel rendering with infinality config: - Re-enable freetype-config, there is just too many fallouts. - Update to version 2.9.1 * Type 1 fonts containing flex features were not rendered correctly (bug introduced in version 2.9). * CVE-2018-6942: Older FreeType versions can crash with certain malformed variation fonts. * Bug fix: Multiple calls to `FT_Get_MM_Var' returned garbage. * Emboldening of bitmaps didn't work correctly sometimes, showing various artifacts (bug introduced in version 2.8.1). * The auto-hinter script ranges have been updated for Unicode 11. No support for new scripts have been added, however, with the exception of Georgian Mtavruli. - freetype-config is now deprecated by upstream and not enabled by default. - Update to version 2.10.1 * The `ftmulti' demo program now supports multiple hidden axes with the same name tag. * `ftview', `ftstring', and `ftgrid' got a `-k' command line option to emulate a sequence of keystrokes at start-up. * `ftview', `ftstring', and `ftgrid' now support screen dumping to a PNG file. * The bytecode debugger, `ttdebug', now supports variation TrueType fonts; a variation font instance can be selected with the new `-d' command line option. - Add tarball signatures and freetype2.keyring - Update to version 2.10.0 * The `ftdump' demo program has new options `-c' and `-C' to display charmaps in compact and detailed format, respectively. Option `-V' has been removed. * The `ftview', `ftstring', and `ftgrid' demo programs use a new command line option `-d' to specify the program window's width, height, and color depth. * The `ftview' demo program now displays red boxes for zero-width glyphs. * `ftglyph' has limited support to display fonts with color-layered glyphs.This will be improved later on. * `ftgrid' can now display bitmap fonts also. * The `ttdebug' demo program has a new option `-f' to select a member of a TrueType collection (TTC). * Other various improvements to the demo programs. - Remove 'Supplements: fonts-config' to avoid accidentally pulling in Qt dependencies on some non-Qt based desktops.(bsc#1091109) fonts-config is fundamental but ft2demos seldom installs by end users. only fonts-config maintainers/debuggers may use ft2demos along to debug some issues. - Update to version 2.9.1 * No changelog upstream. ----------------------------------------- Patch: SUSE-2020-1404 Released: Mon May 25 15:32:34 2020 Summary: Recommended update for zlib Severity: moderate References: 1138793,1166260 Description: This update for zlib fixes the following issues: - Including the latest fixes from IBM (bsc#1166260) IBM Z mainframes starting from version z15 provide DFLTCC instruction, which implements deflate algorithm in hardware with estimated compression and decompression performance orders of magnitude faster than the current zlib and ratio comparable with that of level 1. - Add SUSE specific fix to solve bsc#1138793. The fix will avoid to test if the app was linked with exactly same version of zlib like the one that is present on the runtime. ----------------------------------------- Patch: SUSE-2020-1493 Released: Wed May 27 18:55:51 2020 Summary: Security update for libmspack Severity: low References: 1130489,1141680,CVE-2019-1010305 Description: This update for libmspack fixes the following issues: Security issue fixed: - CVE-2019-1010305: Fixed a buffer overflow triggered by a crafted chm file which could have led to information disclosure (bsc#1141680). Other issue addressed: - Enable build-time tests (bsc#1130489) ----------------------------------------- Patch: SUSE-2020-1542 Released: Thu Jun 4 13:24:37 2020 Summary: Recommended update for timezone Severity: moderate References: 1172055 Description: This update for timezone fixes the following issue: - zdump --version reported 'unknown' (bsc#1172055) ----------------------------------------- Patch: SUSE-2020-1677 Released: Thu Jun 18 18:16:39 2020 Summary: Security update for mozilla-nspr, mozilla-nss Severity: important References: 1159819,1169746,1171978,CVE-2019-17006,CVE-2020-12399 Description: This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to version 3.53 - CVE-2020-12399: Fixed a timing attack on DSA signature generation (bsc#1171978). - CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819). Release notes: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.53_release_notes mozilla-nspr to version 4.25 ----------------------------------------- Patch: SUSE-2020-1852 Released: Mon Jul 6 16:50:23 2020 Summary: Recommended update for fontforge, ghostscript-fonts, ttf-converter, xorg-x11-fonts Severity: moderate References: 1169444 Description: This update for fontforge, ghostscript-fonts, ttf-converter, xorg-x11-fonts fixes the following issues: Changes in fontforge: - Support transforming bitmap glyphs from python. (bsc#1169444) - Allow python-Sphinx >= 3 Changes in ttf-converter: - Update from version 1.0 to version 1.0.6: * ftdump is now shipped additionally as new dependency for ttf-converter * Standardize output when converting vector and bitmap fonts * Add more subfamilies fixes (bsc#1169444) * Add --family and --subfamily arguments to force values on those fields * Add parameters to fix glyph unicode values --fix-glyph-unicode : Try to fix unicode points and glyph names based on glyph names containing hexadecimal codes (like '$0C00', 'char12345' or 'uni004F') --replace-unicode-values: When passed 2 comma separated numbers a,b the glyph with an unicode value of a is replaced with the unicode value b. Can be used more than once. --shift-unicode-values: When passed 3 comma separated numbers a,b,c this shifts the unicode values of glyphs between a and b (both included) by adding c. Can be used more than once. * Add --bitmapTransform parameter to transform bitmap glyphs. (bsc#1169444) When used, all glyphs are modified with the transformation function and values passed as parameters. The parameter has three values separated by commas: fliph|flipv|rotate90cw|rotate90ccw|rotate180|skew|transmove,xoff,yoff * Add support to convert bitmap fonts (bsc#1169444) * Rename MediumItalic subfamily to Medium Italic * Show some more information when removing duplicated glyphs * Add a --force-monospaced argument instead of hardcoding font names * Convert `BoldCond` subfamily to `Bold Condensed` * Fixes for Monospaced fonts and force the Nimbus Mono L font to be Monospaced. (bsc#1169444 #c41) * Add a --version argument * Fix subfamily names so the converted font's subfamily match the original ones. (bsc#1169444 #c41) Changes in xorg-x11-fonts: - Use ttf-converter 1.0.6 to build an Italic version of cu12.pcf.gz in the converted subpackage - Include the subfamily in the filename of converted fonts - Use ttf-converter's new bitmap font support to convert Schumacher Clean and Schumacher Clean Wide (bsc#1169444 #c41) - Replace some unicode values in cu-pua12.pcf.gz to fix them - Shift some unicode values in arabic24.pcf.gz and cuarabic12.pcf.gz so glyphs don't pretend to be latin characters when they're not. - Don't distribute converted fonts with wrong unicode values in their glyphs. (bsc#1169444) Bitstream-Charter-*.otb, Cursor.ttf,Sun-OPEN-LOOK-*.otb, MUTT-ClearlyU-Devangari-Extra-Regular, MUTT-ClearlyU-Ligature-Wide-Regular, and MUTT-ClearlyU-Devanagari-Regular Changes in ghostscript-fonts: - Force the converted Nimbus Mono font to be monospaced. (bsc#1169444 #c41) Use the --force-monospaced argument of ttf-converter 1.0.3 ----------------------------------------- Patch: SUSE-2020-1954 Released: Sat Jul 18 03:07:15 2020 Summary: Recommended update for cracklib Severity: moderate References: 1172396 Description: This update for cracklib fixes the following issues: - Fixed a buffer overflow when processing long words. ----------------------------------------- Patch: SUSE-2020-1957 Released: Mon Jul 20 13:47:31 2020 Summary: Security update for cni-plugins Severity: moderate References: 1172410,CVE-2020-10749 Description: This update for cni-plugins fixes the following issues: cni-plugins updated to version 0.8.6 - CVE-2020-10749: Fixed a potential Man-in-the-Middle attacks in IPv4 clusters by spoofing IPv6 router advertisements (bsc#1172410). Release notes: https://github.com/containernetworking/plugins/releases/tag/v0.8.6 ----------------------------------------- Patch: SUSE-2020-2080 Released: Wed Jul 29 20:09:09 2020 Summary: Recommended update for libtool Severity: moderate References: 1171566 Description: This update for libtool provides missing the libltdl 32bit library. (bsc#1171566) ----------------------------------------- Patch: SUSE-2020-2083 Released: Thu Jul 30 10:27:59 2020 Summary: Recommended update for diffutils Severity: moderate References: 1156913 Description: This update for diffutils fixes the following issue: - Disable a sporadically failing test for ppc64 and ppc64le builds. (bsc#1156913) ----------------------------------------- Patch: SUSE-2020-2420 Released: Tue Sep 1 13:48:35 2020 Summary: Recommended update for zlib Severity: moderate References: 1174551,1174736 Description: This update for zlib provides the following fixes: - Permit a deflateParams() parameter change as soon as possible. (bsc#1174736) - Fix DFLTCC not flushing EOBS when creating raw streams. (bsc#1174551) ----------------------------------------- Patch: SUSE-2020-2651 Released: Wed Sep 16 14:42:55 2020 Summary: Recommended update for zlib Severity: moderate References: 1175811,1175830,1175831 Description: This update for zlib fixes the following issues: - Fix compression level switching (bsc#1175811, bsc#1175830, bsc#1175831) - Enable hardware compression on s390/s390x (jsc#SLE-13776) ----------------------------------------- Patch: SUSE-2020-2731 Released: Thu Sep 24 07:42:32 2020 Summary: Security update for conmon, fuse-overlayfs, libcontainers-common, podman Severity: moderate References: 1162432,1164090,1165738,1171578,1174075,1175821,1175957,CVE-2020-1726 Description: This update for conmon, fuse-overlayfs, libcontainers-common, podman fixes the following issues: podman was updated to v2.0.6 (bsc#1175821) - install missing systemd units for the new Rest API (bsc#1175957) and a few man-pages that where missing before - Drop varlink API related bits (in favor of the new API) - fix install location for zsh completions * Fixed a bug where running systemd in a container on a cgroups v1 system would fail. * Fixed a bug where /etc/passwd could be re-created every time a container is restarted if the container's /etc/passwd did not contain an entry for the user the container was started as. * Fixed a bug where containers without an /etc/passwd file specifying a non-root user would not start. * Fixed a bug where the --remote flag would sometimes not make remote connections and would instead attempt to run Podman locally. Update to v2.0.6: * Features - Rootless Podman will now add an entry to /etc/passwd for the user who ran Podman if run with --userns=keep-id. - The podman system connection command has been reworked to support multiple connections, and reenabled for use! - Podman now has a new global flag, --connection, to specify a connection to a remote Podman API instance. * Changes - Podman's automatic systemd integration (activated by the --systemd=true flag, set by default) will now activate for containers using /usr/local/sbin/init as their command, instead of just /usr/sbin/init and /sbin/init (and any path ending in systemd). - Seccomp profiles specified by the --security-opt seccomp=... flag to podman create and podman run will now be honored even if the container was created using --privileged. * Bugfixes - Fixed a bug where the podman play kube would not honor the hostIP field for port forwarding (#5964). - Fixed a bug where the podman generate systemd command would panic on an invalid restart policy being specified (#7271). - Fixed a bug where the podman images command could take a very long time (several minutes) to complete when a large number of images were present. - Fixed a bug where the podman logs command with the --tail flag would not work properly when a large amount of output would be printed ((#7230)[https://github.com//issues/7230]). - Fixed a bug where the podman exec command with remote Podman would not return a non-zero exit code when the exec session failed to start (e.g. invoking a non-existent command) (#6893). - Fixed a bug where the podman load command with remote Podman would did not honor user-specified tags (#7124). - Fixed a bug where the podman system service command, when run as a non-root user by Systemd, did not properly handle the Podman pause process and would not restart properly as a result (#7180). - Fixed a bug where the --publish flag to podman create, podman run, and podman pod create did not properly handle a host IP of 0.0.0.0 (attempting to bind to literal 0.0.0.0, instead of all IPs on the system) (#7104). - Fixed a bug where the podman start --attach command would not print the container's exit code when the command exited due to the container exiting. - Fixed a bug where the podman rm command with remote Podman would not remove volumes, even if the --volumes flag was specified (#7128). - Fixed a bug where the podman run command with remote Podman and the --rm flag could exit before the container was fully removed. - Fixed a bug where the --pod new:... flag to podman run and podman create would create a pod that did not share any namespaces. - Fixed a bug where the --preserve-fds flag to podman run and podman exec could close the wrong file descriptors while trying to close user-provided descriptors after passing them into the container. - Fixed a bug where default environment variables ($PATH and $TERM) were not set in containers when not provided by the image. - Fixed a bug where pod infra containers were not properly unmounted after exiting. - Fixed a bug where networks created with podman network create with an IPv6 subnet did not properly set an IPv6 default route. - Fixed a bug where the podman save command would not work properly when its output was piped to another command (#7017). - Fixed a bug where containers using a systemd init on a cgroups v1 system could leak mounts under /sys/fs/cgroup/systemd to the host. - Fixed a bug where podman build would not generate an event on completion (#7022). - Fixed a bug where the podman history command with remote Podman printed incorrect creation times for layers (#7122). - Fixed a bug where Podman would not create working directories specified by the container image if they did not exist. - Fixed a bug where Podman did not clear CMD from the container image if the user overrode ENTRYPOINT (#7115). - Fixed a bug where error parsing image names were not fully reported (part of the error message containing the exact issue was dropped). - Fixed a bug where the podman images command with remote Podman did not support printing image tags in Go templates supplied to the --format flag (#7123). - Fixed a bug where the podman rmi --force command would not attempt to unmount containers it was removing, which could cause a failure to remove the image. - Fixed a bug where the podman generate systemd --new command could incorrectly quote arguments to Podman that contained whitespace, leading to nonfunctional unit files (#7285). - Fixed a bug where the podman version command did not properly include build time and Git commit. - Fixed a bug where running systemd in a Podman container on a system that did not use the systemd cgroup manager would fail (#6734). - Fixed a bug where capabilities from --cap-add were not properly added when a container was started as a non-root user via --user. - Fixed a bug where Pod infra containers were not properly cleaned up when they stopped, causing networking issues (#7103). * API - Fixed a bug where the libpod and compat Build endpoints did not accept the application/tar content type (instead only accepting application/x-tar) (#7185). - Fixed a bug where the libpod Exists endpoint would attempt to write a second header in some error conditions (#7197). - Fixed a bug where compat and libpod Network Inspect and Network Remove endpoints would return a 500 instead of 404 when the requested network was not found. - Added a versioned _ping endpoint (e.g. http://localhost/v1.40/_ping). - Fixed a bug where containers started through a systemd-managed instance of the REST API would be shut down when podman system service shut down due to its idle timeout (#7294). - Added stronger parameter verification for the libpod Network Create endpoint to ensure subnet mask is a valid value. - The Pod URL parameter to the Libpod Container List endpoint has been deprecated; the information previously gated by the Pod boolean will now be included in the response unconditionally. - Change hard requires for AppArmor to Recommends. They are not needed for runtime or with SELinux but already installed if AppArmor is used [jsc#SMO-15] - Add BuildRequires for pkg-config(libselinux) to build with SELinux support [jsc#SMO-15] Update to v2.0.4 * Fixed a bug where the output of podman image search did not populate the Description field as it was mistakenly assigned to the ID field. * Fixed a bug where podman build - and podman build on an HTTP target would fail. * Fixed a bug where rootless Podman would improperly chown the copied-up contents of anonymous volumes (#7130). * Fixed a bug where Podman would sometimes HTML-escape special characters in its CLI output. * Fixed a bug where the podman start --attach --interactive command would print the container ID of the container attached to when exiting (#7068). * Fixed a bug where podman run --ipc=host --pid=host would only set --pid=host and not --ipc=host (#7100). * Fixed a bug where the --publish argument to podman run, podman create and podman pod create would not allow binding the same container port to more than one host port (#7062). * Fixed a bug where incorrect arguments to podman images --format could cause Podman to segfault. * Fixed a bug where podman rmi --force on an image ID with more than one name and at least one container using the image would not completely remove containers using the image (#7153). * Fixed a bug where memory usage in bytes and memory use percentage were swapped in the output of podman stats --format=json. * Fixed a bug where the libpod and compat events endpoints would fail if no filters were specified (#7078). * Fixed a bug where the CgroupVersion field in responses from the compat Info endpoint was prefixed by 'v' (instead of just being '1' or '2', as is documented). - Suggest katacontainers instead of recommending it. It's not enabled by default, so it's just bloat Update to v2.0.3 * Fix handling of entrypoint * log API: add context to allow for cancelling * fix API: Create container with an invalid configuration * Remove all instances of named return 'err' from Libpod * Fix: Correct connection counters for hijacked connections * Fix: Hijacking v2 endpoints to follow rfc 7230 semantics * Remove hijacked connections from active connections list * version/info: format: allow more json variants * Correctly print STDOUT on non-terminal remote exec * Fix container and pod create commands for remote create * Mask out /sys/dev to prevent information leak from the host * Ensure sig-proxy default is propagated in start * Add SystemdMode to inspect for containers * When determining systemd mode, use full command * Fix lint * Populate remaining unused fields in `pod inspect` * Include infra container information in `pod inspect` * play-kube: add suport for 'IfNotPresent' pull type * docs: user namespace can't be shared in pods * Fix 'Error: unrecognized protocol \'TCP\' in port mapping' * Error on rootless mac and ip addresses * Fix & add notes regarding problematic language in codebase * abi: set default umask and rlimits * Used reference package with errors for parsing tag * fix: system df error when an image has no name * Fix Generate API title/description * Add noop function disable-content-trust * fix play kube doesn't override dockerfile ENTRYPOINT * Support default profile for apparmor * Bump github.com/containers/common to v0.14.6 * events endpoint: backwards compat to old type * events endpoint: fix panic and race condition * Switch references from libpod.conf to containers.conf * podman.service: set type to simple * podman.service: set doc to podman-system-service * podman.service: use default registries.conf * podman.service: use default killmode * podman.service: remove stop timeout * systemd: symlink user->system * vendor golang.org/x/text@v0.3.3 * Fix a bug where --pids-limit was parsed incorrectly * search: allow wildcards * [CI:DOCS]Do not copy policy.json into gating image * Fix systemd pid 1 test * Cirrus: Rotate keys post repo. rename * The libpod.conf(5) man page got removed and all references are now pointing towards containers.conf(5), which will be part of the libcontainers-common package. Update to podman v2.0.2 * fix race condition in `libpod.GetEvents(...)` * Fix bug where `podman mount` didn't error as rootless * remove podman system connection * Fix imports to ensure v2 is used with libpod * Update release notes for v2.0.2 * specgen: fix order for setting rlimits * Ensure umask is set appropriately for 'system service' * generate systemd: improve pod-flags filter * Fix a bug with APIv2 compat network remove to log an ErrNetworkNotFound instead of nil * Fixes --remote flag issues * Pids-limit should only be set if the user set it * Set console mode for windows * Allow empty host port in --publish flag * Add a note on the APIs supported by `system service` * fix: Don't override entrypoint if it's `nil` * Set TMPDIR to /var/tmp by default if not set * test: add tests for --user and volumes * container: move volume chown after spec generation * libpod: volume copyup honors namespace mappings * Fix `system service` panic from early hangup in events * stop podman service in e2e tests * Print errors from individual containers in pods * auto-update: clarify systemd-unit requirements * podman ps truncate the command * move go module to v2 * Vendor containers/common v0.14.4 * Bump to imagebuilder v1.1.6 on v2 branch * Account for non-default port number in image name - Changes since v2.0.1 * Update release notes with further v2.0.1 changes * Fix inspect to display multiple label: changes * Set syslog for exit commands on log-level=debug * Friendly amendment for pr 6751 * podman run/create: support all transports * systemd generate: allow manual restart of container units in pods * Revert sending --remote flag to containers * Print port mappings in `ps` for ctrs sharing network * vendor github.com/containers/common@v0.14.3 * Update release notes for v2.0.1 * utils: drop default mapping when running uid!=0 * Set stop signal to 15 when not explicitly set * podman untag: error if tag doesn't exist * Reformat inspect network settings * APIv2: Return `StatusCreated` from volume creation * APIv2:fix: Remove `/json` from compat network EPs * Fix ssh-agent support * libpod: specify mappings to the storage * APIv2:doc: Fix swagger doc to refer to volumes * Add podman network to bash command completions * Fix typo in manpage for `podman auto update`. * Add JSON output field for ps * V2 podman system connection * image load: no args required * Re-add PODMAN_USERNS environment variable * Fix conflicts between privileged and other flags * Bump required go version to 1.13 * Add explicit command to alpine container in test case. * Use POLL_DURATION for timer * Stop following logs using timers * 'pod' was being truncated to 'po' in the names of the generated systemd unit files. * rootless_linux: improve error message * Fix podman build handling of --http-proxy flag * correct the absolute path of `rm` executable * Makefile: allow customizable GO_BUILD * Cirrus: Change DEST_BRANCH to v2.0 Update to podman v2.0.0 * The `podman generate systemd` command now supports the `--new` flag when used with pods, allowing portable services for pods to be created. * The `podman play kube` command now supports running Kubernetes Deployment YAML. * The `podman exec` command now supports the `--detach` flag to run commands in the container in the background. * The `-p` flag to `podman run` and `podman create` now supports forwarding ports to IPv6 addresses. * The `podman run`, `podman create` and `podman pod create` command now support a `--replace` flag to remove and replace any existing container (or, for `pod create`, pod) with the same name * The `--restart-policy` flag to `podman run` and `podman create` now supports the `unless-stopped` restart policy. * The `--log-driver` flag to `podman run` and `podman create` now supports the `none` driver, which does not log the container's output. * The `--mount` flag to `podman run` and `podman create` now accepts `readonly` option as an alias to `ro`. * The `podman generate systemd` command now supports the `--container-prefix`, `--pod-prefix`, and `--separator` arguments to control the name of generated unit files. * The `podman network ls` command now supports the `--filter` flag to filter results. * The `podman auto-update` command now supports specifying an authfile to use when pulling new images on a per-container basis using the `io.containers.autoupdate.authfile` label. * Fixed a bug where the `podman exec` command would log to journald when run in containers loggined to journald ([#6555](https://github.com/containers/libpod/issues/6555)). * Fixed a bug where the `podman auto-update` command would not preserve the OS and architecture of the original image when pulling a replacement ([#6613](https://github.com/containers/libpod/issues/6613)). * Fixed a bug where the `podman cp` command could create an extra `merged` directory when copying into an existing directory ([#6596](https://github.com/containers/libpod/issues/6596)). * Fixed a bug where the `podman pod stats` command would crash on pods run with `--network=host` ([#5652](https://github.com/containers/libpod/issues/5652)). * Fixed a bug where containers logs written to journald did not include the name of the container. * Fixed a bug where the `podman network inspect` and `podman network rm` commands did not properly handle non-default CNI configuration paths ([#6212](https://github.com/containers/libpod/issues/6212)). * Fixed a bug where Podman did not properly remove containers when using the Kata containers OCI runtime. * Fixed a bug where `podman inspect` would sometimes incorrectly report the network mode of containers started with `--net=none`. * Podman is now better able to deal with cases where `conmon` is killed before the container it is monitoring. Update to podman v1.9.3: * Fixed a bug where, on FIPS enabled hosts, FIPS mode secrets were not properly mounted into containers * Fixed a bug where builds run over Varlink would hang * Fixed a bug where podman save would fail when the target image was specified by digest * Fixed a bug where rootless containers with ports forwarded to them could panic and dump core due to a concurrency issue (#6018) * Fixed a bug where rootless Podman could race when opening the rootless user namespace, resulting in commands failing to run * Fixed a bug where HTTP proxy environment variables forwarded into the container by the --http-proxy flag could not be overridden by --env or --env-file * Fixed a bug where rootless Podman was setting resource limits on cgroups v2 systems that were not using systemd-managed cgroups (and thus did not support resource limits), resulting in containers failing to start Update podman to v1.9.1: * Bugfixes - Fixed a bug where healthchecks could become nonfunctional if container log paths were manually set with --log-path and multiple container logs were placed in the same directory - Fixed a bug where rootless Podman could, when using an older libpod.conf, print numerous warning messages about an invalid CGroup manager config - Fixed a bug where rootless Podman would sometimes fail to close the rootless user namespace when joining it Update podman to v1.9.0: * Features - Experimental support has been added for podman run --userns=auto, which automatically allocates a unique UID and GID range for the new container's user namespace - The podman play kube command now has a --network flag to place the created pod in one or more CNI networks - The podman commit command now supports an --iidfile flag to write the ID of the committed image to a file - Initial support for the new containers.conf configuration file has been added. containers.conf allows for much more detailed configuration of some Podman functionality * Changes - There has been a major cleanup of the podman info command resulting in breaking changes. Many fields have been renamed to better suit usage with APIv2 - All uses of the --timeout flag have been switched to prefer the alternative --time. The --timeout flag will continue to work, but man pages and --help will use the --time flag instead * Bugfixes - Fixed a bug where some volume mounts from the host would sometimes not properly determine the flags they should use when mounting - Fixed a bug where Podman was not propagating $PATH to Conmon and the OCI runtime, causing issues for some OCI runtimes that required it - Fixed a bug where rootless Podman would print error messages about missing support for systemd cgroups when run in a container with no cgroup support - Fixed a bug where podman play kube would not properly handle container-only port mappings (#5610) - Fixed a bug where the podman container prune command was not pruning containers in the created and configured states - Fixed a bug where Podman was not properly removing CNI IP address allocations after a reboot (#5433) - Fixed a bug where Podman was not properly applying the default Seccomp profile when --security-opt was not given at the command line * HTTP API - Many Libpod API endpoints have been added, including Changes, Checkpoint, Init, and Restore - Resolved issues where the podman system service command would time out and exit while there were still active connections - Stability overall has greatly improved as we prepare the API for a beta release soon with Podman 2.0 * Misc - The default infra image for pods has been upgraded to k8s.gcr.io/pause:3.2 (from 3.1) to address a bug in the architecture metadata for non-AMD64 images - The slirp4netns networking utility in rootless Podman now uses Seccomp filtering where available for improved security - Updated Buildah to v1.14.8 - Updated containers/storage to v1.18.2 - Updated containers/image to v5.4.3 - Updated containers/common to v0.8.1 - Add 'systemd' BUILDFLAGS to build with support for journald logging (bsc#1162432) Update podman to v1.8.2: * Features - Initial support for automatically updating containers managed via Systemd unit files has been merged. This allows containers to automatically upgrade if a newer version of their image becomes available * Bugfixes - Fixed a bug where unit files generated by podman generate systemd --new would not force containers to detach, causing the unit to time out when trying to start - Fixed a bug where podman system reset could delete important system directories if run as rootless on installations created by older Podman (#4831) - Fixed a bug where image built by podman build would not properly set the OS and Architecture they were built with (#5503) - Fixed a bug where attached podman run with --sig-proxy enabled (the default), when built with Go 1.14, would repeatedly send signal 23 to the process in the container and could generate errors when the container stopped (#5483) - Fixed a bug where rootless podman run commands could hang when forwarding ports - Fixed a bug where rootless Podman would not work when /proc was mounted with the hidepid option set - Fixed a bug where the podman system service command would use large amounts of CPU when --timeout was set to 0 (#5531) * HTTP API - Initial support for Libpod endpoints related to creating and operating on image manifest lists has been added - The Libpod Healthcheck and Events API endpoints are now supported - The Swagger endpoint can now handle cases where no Swagger documentation has been generated Update podman to v1.8.1: * Features - Many networking-related flags have been added to podman pod create to enable customization of pod networks, including --add-host, --dns, --dns-opt, --dns-search, --ip, --mac-address, --network, and --no-hosts - The podman ps --format=json command now includes the ID of the image containers were created with - The podman run and podman create commands now feature an --rmi flag to remove the image the container was using after it exits (if no other containers are using said image) ([#4628](https://github.com/containers/libpod/issues/4628)) - The podman create and podman run commands now support the --device-cgroup-rule flag (#4876) - While the HTTP API remains in alpha, many fixes and additions have landed. These are documented in a separate subsection below - The podman create and podman run commands now feature a --no-healthcheck flag to disable healthchecks for a container (#5299) - Containers now recognize the io.containers.capabilities label, which specifies a list of capabilities required by the image to run. These capabilities will be used as long as they are more restrictive than the default capabilities used - YAML produced by the podman generate kube command now includes SELinux configuration passed into the container via --security-opt label=... (#4950) * Bugfixes - Fixed CVE-2020-1726, a security issue where volumes manually populated before first being mounted into a container could have those contents overwritten on first being mounted into a container - Fixed a bug where Podman containers with user namespaces in CNI networks with the DNS plugin enabled would not have the DNS plugin's nameserver added to their resolv.conf ([#5256](https://github.com/containers/libpod/issues/5256)) - Fixed a bug where trailing / characters in image volume definitions could cause them to not be overridden by a user-specified mount at the same location ([#5219](https://github.com/containers/libpod/issues/5219)) - Fixed a bug where the label option in libpod.conf, used to disable SELinux by default, was not being respected (#5087) - Fixed a bug where the podman login and podman logout commands required the registry to log into be specified (#5146) - Fixed a bug where detached rootless Podman containers could not forward ports (#5167) - Fixed a bug where rootless Podman could fail to run if the pause process had died - Fixed a bug where Podman ignored labels that were specified with only a key and no value (#3854) - Fixed a bug where Podman would fail to create named volumes when the backing filesystem did not support SELinux labelling (#5200) - Fixed a bug where --detach-keys='' would not disable detaching from a container (#5166) - Fixed a bug where the podman ps command was too aggressive when filtering containers and would force --all on in too many situations - Fixed a bug where the podman play kube command was ignoring image configuration, including volumes, working directory, labels, and stop signal (#5174) - Fixed a bug where the Created and CreatedTime fields in podman images --format=json were misnamed, which also broke Go template output for those fields ([#5110](https://github.com/containers/libpod/issues/5110)) - Fixed a bug where rootless Podman containers with ports forwarded could hang when started (#5182) - Fixed a bug where podman pull could fail to parse registry names including port numbers - Fixed a bug where Podman would incorrectly attempt to validate image OS and architecture when starting containers - Fixed a bug where Bash completion for podman build -f would not list available files that could be built (#3878) - Fixed a bug where podman commit --change would perform incorrect validation, resulting in valid changes being rejected (#5148) - Fixed a bug where podman logs --tail could take large amounts of memory when the log file for a container was large (#5131) - Fixed a bug where Podman would sometimes incorrectly generate firewall rules on systems using firewalld - Fixed a bug where the podman inspect command would not display network information for containers properly if a container joined multiple CNI networks ([#4907](https://github.com/containers/libpod/issues/4907)) - Fixed a bug where the --uts flag to podman create and podman run would only allow specifying containers by full ID (#5289) - Fixed a bug where rootless Podman could segfault when passed a large number of file descriptors - Fixed a bug where the podman port command was incorrectly interpreting additional arguments as container names, instead of port numbers - Fixed a bug where units created by podman generate systemd did not depend on network targets, and so could start before the system network was ready (#4130) - Fixed a bug where exec sessions in containers which did not specify a user would not inherit supplemental groups added to the container via --group-add - Fixed a bug where Podman would not respect the $TMPDIR environment variable for placing large temporary files during some operations (e.g. podman pull) ([#5411](https://github.com/containers/libpod/issues/5411)) * HTTP API - Initial support for secure connections to servers via SSH tunneling has been added - Initial support for the libpod create and logs endpoints for containers has been added - Added a /swagger/ endpoint to serve API documentation - The json endpoint for containers has received many fixes - Filtering images and containers has been greatly improved, with many bugs fixed and documentation improved - Image creation endpoints (commit, pull, etc) have seen many fixes - Server timeout has been fixed so that long operations will no longer trigger the timeout and shut the server down - The stats endpoint for containers has seen major fixes and now provides accurate output - Handling the HTTP 304 status code has been fixed for all endpoints - Many fixes have been made to API documentation to ensure it matches the code * Misc - The Created field to podman images --format=json has been renamed to CreatedSince as part of the fix for (#5110). Go templates using the old name shou ld still work - The CreatedTime field to podman images --format=json has been renamed to CreatedAt as part of the fix for (#5110). Go templates using the old name should still work - The before filter to podman images has been renamed to since for Docker compatibility. Using before will still work, but documentation has been changed to use the new since filter - Using the --password flag to podman login now warns that passwords are being passed in plaintext - Some common cases where Podman would deadlock have been fixed to warn the user that podman system renumber must be run to resolve the deadlock - Configure br_netfilter for podman automatically (bsc#1165738) The trigger is only excuted when updating podman-cni-config while the command was running conmon was update to v2.0.20 (bsc#1175821) - journald: fix logging container name - container logging: Implement none driver - 'off', 'null' or 'none' all work. - ctrl: warn if we fail to unlink - Drop fsync calls - Reap PIDs before running exit command - Fix log path parsing - Add --sync option to prevent conmon from double forking - Add --no-sync-log option to instruct conmon to not sync the logs of the containers upon shutting down. This feature fixes a regression where we unconditionally dropped the log sync. It is possible the container logs could be corrupted on a sudden power-off. If you need container logs to remain in consistent state after a sudden shutdown, please update from v2.0.19 to v2.0.20 - Update to v2.0.17: - Add option to delay execution of exit command - Update to v2.0.16: - tty: flush pending data when fd is ready - Enable support for journald logging (bsc#1162432) - Update to v2.0.15: - store status while waiting for pid - Update to v2.0.14: - drop usage of splice(2) - avoid hanging on stdin - stdio: sometimes quit main loop after io is done - ignore sigpipe - Update to v2.0.12 - oom: fix potential race between verification steps - Update to v2.0.11 - log: reject --log-tag with k8s-file - chmod std files pipes - adjust score to -1000 to prevent conmon from ever being OOM killed - container OOM: verify cgroup hasn't been cleaned up before reporting OOM - journal logging: write to /dev/null instead of -1 fuse-overlayfs was updated to 1.1.2 (bsc#1175821): - fix memory leak when creating whiteout files. - fix lookup for overflow uid when it is different than the overflow gid. - use openat2(2) when available. - accept 'ro' as mount option. - fix set mtime for a symlink. - fix some issues reported by static analysis. - fix potential infinite loop on a short read. - fix creating a directory if the destination already exists in the upper layer. - report correctly the number of links for a directory also for subsequent stat calls - stop looking up the ino in the lower layers if the file could not be opened - make sure the destination is deleted before doing a rename(2). It prevents a left over directory to cause delete to fail with EEXIST. - honor --debug. libcontainers-common was updated to fix: - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) - Added containers/common tarball for containers.conf(5) man page - Install containers.conf default configuration in /usr/share/containers - libpod repository on github got renamed to podman - Update to image 5.5.1 - Add documentation for credHelpera - Add defaults for using the rootless policy path - Update libpod/podman to 2.0.3 - docs: user namespace can't be shared in pods - Switch references from libpod.conf to containers.conf - Allow empty host port in --publish flag - update document login see config.json as valid - Update storage to 1.20.2 - Add back skip_mount_home - Remove remaining difference between SLE and openSUSE package and ship the some mounts.conf default configuration on both platforms. As the sources for the mount point do not exist on openSUSE by default this config will basically have no effect on openSUSE. (jsc#SLE-12122, bsc#1175821) - Update to image 5.4.4 - Remove registries.conf VERSION 2 references from man page - Intial authfile man page - Add $HOME/.config/containers/certs.d to perHostCertDirPath - Add $HOME/.config/containers/registries.conf to config path - registries.conf.d: add stances for the registries.conf - update to libpod 1.9.3 - userns: support --userns=auto - Switch to using --time as opposed to --timeout to better match Docker - Add support for specifying CNI networks in podman play kube - man pages: fix inconsistencies - Update to storage 1.19.1 - userns: add support for auto - store: change the default user to containers - config: honor XDG_CONFIG_HOME - Remove the /var/lib/ca-certificates/pem/SUSE.pem workaround again. It never ended up in SLES and a different way to fix the underlying problem is being worked on. - Add registry.opensuse.org as default registry [bsc#1171578] - Add /var/lib/ca-certificates/pem/SUSE.pem to the SLES mounts. This for making container-suseconnect working in the public cloud on-demand images. It needs that file for being able to verify the server certificates of the RMT servers hosted in the public cloud. (https://github.com/SUSE/container-suseconnect/issues/41) ----------------------------------------- Patch: SUSE-2020-2735 Released: Thu Sep 24 13:32:25 2020 Summary: Recommended update for systemd-rpm-macros Severity: moderate References: 1173034 Description: This update for systemd-rpm-macros fixes the following issues: - Introduce macro '%service_del_postun_without_restart' to resolve blocking new releases based on this. (bsc#1173034) ----------------------------------------- Patch: SUSE-2020-2782 Released: Tue Sep 29 11:40:22 2020 Summary: Recommended update for systemd-rpm-macros Severity: important References: 1176932 Description: This update for systemd-rpm-macros fixes the following issues: - Backport missing macros of directory paths from upstream + %_environmentdir + %_modulesloaddir + %_modprobedir - Make sure %_restart_on_update_never and %_stop_on_removal_never don't expand to the empty string. (bsc#1176932) Otherwise sequences like the following code: if [ ... ]; then %_restart_on_update_never fi would result in the following incorrect shell syntax: if [ ... ]; then fi ----------------------------------------- Patch: SUSE-2020-2947 Released: Fri Oct 16 15:23:07 2020 Summary: Security update for gcc10, nvptx-tools Severity: moderate References: 1172798,1172846,1173972,1174753,1174817,1175168,CVE-2020-13844 Description: This update for gcc10, nvptx-tools fixes the following issues: This update provides the GCC10 compiler suite and runtime libraries. The base SUSE Linux Enterprise libraries libgcc_s1, libstdc++6 are replaced by the gcc10 variants. The new compiler variants are available with '-10' suffix, you can specify them via: CC=gcc-10 CXX=g++-10 or similar commands. For a detailed changelog check out https://gcc.gnu.org/gcc-10/changes.html Changes in nvptx-tools: - Enable build on aarch64 ----------------------------------------- Patch: SUSE-2020-2965 Released: Tue Oct 20 13:27:21 2020 Summary: Recommended update for cni, cni-plugins Severity: moderate References: 1172786 Description: This update ships cni and cni-plugins to the Public Cloud Module of SUSE Linux Enterprise 15 SP2. ----------------------------------------- Patch: SUSE-2020-2983 Released: Wed Oct 21 15:03:03 2020 Summary: Recommended update for file Severity: moderate References: 1176123 Description: This update for file fixes the following issues: - Fixes an issue when file displays broken 'ELF' interpreter. (bsc#1176123) ----------------------------------------- Patch: SUSE-2020-2995 Released: Thu Oct 22 10:03:09 2020 Summary: Security update for freetype2 Severity: important References: 1177914,CVE-2020-15999 Description: This update for freetype2 fixes the following issues: - CVE-2020-15999: fixed a heap buffer overflow found in the handling of embedded PNG bitmaps (bsc#1177914). ----------------------------------------- Patch: SUSE-2020-3091 Released: Thu Oct 29 16:35:37 2020 Summary: Security update for MozillaThunderbird and mozilla-nspr Severity: important References: 1174230,1176384,1176756,1176899,1177977,CVE-2020-15673,CVE-2020-15676,CVE-2020-15677,CVE-2020-15678,CVE-2020-15683,CVE-2020-15969 Description: This update for MozillaThunderbird and mozilla-nspr fixes the following issues: - Mozilla Thunderbird 78.4 * new: MailExtensions: browser.tabs.sendMessage API added * new: MailExtensions: messageDisplayScripts API added * changed: Yahoo and AOL mail users using password authentication will be migrated to OAuth2 * changed: MailExtensions: messageDisplay APIs extended to support multiple selected messages * changed: MailExtensions: compose.begin functions now support creating a message with attachments * fixed: Thunderbird could freeze when updating global search index * fixed: Multiple issues with handling of self-signed SSL certificates addressed * fixed: Recipient address fields in compose window could expand to fill all available space * fixed: Inserting emoji characters in message compose window caused unexpected behavior * fixed: Button to restore default folder icon color was not keyboard accessible * fixed: Various keyboard navigation fixes * fixed: Various color-related theme fixes * fixed: MailExtensions: Updating attachments with onBeforeSend.addListener() did not work MFSA 2020-47 (bsc#1177977) * CVE-2020-15969 Use-after-free in usersctp * CVE-2020-15683 Memory safety bugs fixed in Thunderbird 78.4 - Mozilla Thunderbird 78.3.3 * OpenPGP: Improved support for encrypting with subkeys * OpenPGP message status icons were not visible in message header pane * Creating a new calendar event did not require an event title - Mozilla Thunderbird 78.3.2 (bsc#1176899) * OpenPGP: Improved support for encrypting with subkeys * OpenPGP: Encrypted messages with international characters were sometimes displayed incorrectly * Single-click deletion of recipient pills with middle mouse button restored * Searching an address book list did not display results * Dark mode, high contrast, and Windows theming fixes - Mozilla Thunderbird 78.3.1 * fix crash in nsImapProtocol::CreateNewLineFromSocket - Mozilla Thunderbird 78.3.0 MFSA 2020-44 (bsc#1176756) * CVE-2020-15677 Download origin spoofing via redirect * CVE-2020-15676 XSS when pasting attacker-controlled data into a contenteditable element * CVE-2020-15678 When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after- free scenario * CVE-2020-15673 Memory safety bugs fixed in Thunderbird 78.3 - update mozilla-nspr to version 4.25.1 * The macOS platform code for shared library loading was changed to support macOS 11. * Dependency needed for the MozillaThunderbird udpate ----------------------------------------- Patch: SUSE-2020-3099 Released: Thu Oct 29 19:33:41 2020 Summary: Recommended update for timezone Severity: moderate References: 1177460 Description: This update for timezone fixes the following issues: - timezone update 2020b (bsc#1177460) * Revised predictions for Morocco's changes starting in 2023. * Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08. * Macquarie Island has stayed in sync with Tasmania since 2011. * Casey, Antarctica is at +08 in winter and +11 in summer. * zic no longer supports -y, nor the TYPE field of Rules. ----------------------------------------- Patch: SUSE-2020-3123 Released: Tue Nov 3 09:48:13 2020 Summary: Recommended update for timezone Severity: important References: 1177460,1178346,1178350,1178353 Description: This update for timezone fixes the following issues: - Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353) - Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460) - Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460) ----------------------------------------- Patch: SUSE-2020-3380 Released: Thu Nov 19 09:31:15 2020 Summary: Security update for wpa_supplicant Severity: moderate References: 1131644,1131868,1131870,1131871,1131872,1131874,1133640,1144443,1150934,1156920,1166933,1167331,930077,930078,930079,CVE-2015-4141,CVE-2015-4142,CVE-2015-4143,CVE-2015-8041,CVE-2017-13077,CVE-2017-13078,CVE-2017-13079,CVE-2017-13080,CVE-2017-13081,CVE-2017-13082,CVE-2017-13086,CVE-2017-13087,CVE-2017-13088,CVE-2018-14526,CVE-2019-11555,CVE-2019-13377,CVE-2019-16275,CVE-2019-9494,CVE-2019-9495,CVE-2019-9497,CVE-2019-9498,CVE-2019-9499 Description: This update for wpa_supplicant fixes the following issues: Security issue fixed: - CVE-2019-16275: Fixed an AP mode PMF disconnection protection bypass (bsc#1150934). Non-security issues fixed: - Enable SAE support (jsc#SLE-14992). - Limit P2P_DEVICE name to appropriate ifname size. - Fix wicked wlan (bsc#1156920) - Restore fi.epitest.hostap.WPASupplicant.service (bsc#1167331) - With v2.9 fi.epitest.hostap.WPASupplicant.service is obsolete (bsc#1167331) - Fix WLAN config on boot with wicked. (bsc#1166933) - Update to 2.9 release: * SAE changes - disable use of groups using Brainpool curves - improved protection against side channel attacks [https://w1.fi/security/2019-6/] * EAP-pwd changes - disable use of groups using Brainpool curves - allow the set of groups to be configured (eap_pwd_groups) - improved protection against side channel attacks [https://w1.fi/security/2019-6/] * fixed FT-EAP initial mobility domain association using PMKSA caching (disabled by default for backwards compatibility; can be enabled with ft_eap_pmksa_caching=1) * fixed a regression in OpenSSL 1.1+ engine loading * added validation of RSNE in (Re)Association Response frames * fixed DPP bootstrapping URI parser of channel list * extended EAP-SIM/AKA fast re-authentication to allow use with FILS * extended ca_cert_blob to support PEM format * improved robustness of P2P Action frame scheduling * added support for EAP-SIM/AKA using anonymous@realm identity * fixed Hotspot 2.0 credential selection based on roaming consortium to ignore credentials without a specific EAP method * added experimental support for EAP-TEAP peer (RFC 7170) * added experimental support for EAP-TLS peer with TLS v1.3 * fixed a regression in WMM parameter configuration for a TDLS peer * fixed a regression in operation with drivers that offload 802.1X 4-way handshake * fixed an ECDH operation corner case with OpenSSL * SAE changes - added support for SAE Password Identifier - changed default configuration to enable only groups 19, 20, 21 (i.e., disable groups 25 and 26) and disable all unsuitable groups completely based on REVmd changes - do not regenerate PWE unnecessarily when the AP uses the anti-clogging token mechanisms - fixed some association cases where both SAE and FT-SAE were enabled on both the station and the selected AP - started to prefer FT-SAE over SAE AKM if both are enabled - started to prefer FT-SAE over FT-PSK if both are enabled - fixed FT-SAE when SAE PMKSA caching is used - reject use of unsuitable groups based on new implementation guidance in REVmd (allow only FFC groups with prime >= 3072 bits and ECC groups with prime >= 256) - minimize timing and memory use differences in PWE derivation [https://w1.fi/security/2019-1/] (CVE-2019-9494, bsc#1131868) * EAP-pwd changes - minimize timing and memory use differences in PWE derivation [https://w1.fi/security/2019-2/] (CVE-2019-9495, bsc#1131870) - verify server scalar/element [https://w1.fi/security/2019-4/] (CVE-2019-9497, CVE-2019-9498, CVE-2019-9499, bsc#1131874, bsc#1131872, bsc#1131871, bsc#1131644) - fix message reassembly issue with unexpected fragment [https://w1.fi/security/2019-5/] (CVE-2019-11555, bsc#1133640) - enforce rand,mask generation rules more strictly - fix a memory leak in PWE derivation - disallow ECC groups with a prime under 256 bits (groups 25, 26, and 27) - SAE/EAP-pwd side-channel attack update [https://w1.fi/security/2019-6/] (CVE-2019-13377, bsc#1144443) * fixed CONFIG_IEEE80211R=y (FT) build without CONFIG_FILS=y * Hotspot 2.0 changes - do not indicate release number that is higher than the one AP supports - added support for release number 3 - enable PMF automatically for network profiles created from credentials * fixed OWE network profile saving * fixed DPP network profile saving * added support for RSN operating channel validation (CONFIG_OCV=y and network profile parameter ocv=1) * added Multi-AP backhaul STA support * fixed build with LibreSSL * number of MKA/MACsec fixes and extensions * extended domain_match and domain_suffix_match to allow list of values * fixed dNSName matching in domain_match and domain_suffix_match when using wolfSSL * started to prefer FT-EAP-SHA384 over WPA-EAP-SUITE-B-192 AKM if both are enabled * extended nl80211 Connect and external authentication to support SAE, FT-SAE, FT-EAP-SHA384 * fixed KEK2 derivation for FILS+FT * extended client_cert file to allow loading of a chain of PEM encoded certificates * extended beacon reporting functionality * extended D-Bus interface with number of new properties * fixed a regression in FT-over-DS with mac80211-based drivers * OpenSSL: allow systemwide policies to be overridden * extended driver flags indication for separate 802.1X and PSK 4-way handshake offload capability * added support for random P2P Device/Interface Address use * extended PEAP to derive EMSK to enable use with ERP/FILS * extended WPS to allow SAE configuration to be added automatically for PSK (wps_cred_add_sae=1) * removed support for the old D-Bus interface (CONFIG_CTRL_IFACE_DBUS) * extended domain_match and domain_suffix_match to allow list of values * added a RSN workaround for misbehaving PMF APs that advertise IGTK/BIP KeyID using incorrect byte order * fixed PTK rekeying with FILS and FT * fixed WPA packet number reuse with replayed messages and key reinstallation [https://w1.fi/security/2017-1/] (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088) * fixed unauthenticated EAPOL-Key decryption in wpa_supplicant [https://w1.fi/security/2018-1/] (CVE-2018-14526) * added support for FILS (IEEE 802.11ai) shared key authentication * added support for OWE (Opportunistic Wireless Encryption, RFC 8110; and transition mode defined by WFA) * added support for DPP (Wi-Fi Device Provisioning Protocol) * added support for RSA 3k key case with Suite B 192-bit level * fixed Suite B PMKSA caching not to update PMKID during each 4-way handshake * fixed EAP-pwd pre-processing with PasswordHashHash * added EAP-pwd client support for salted passwords * fixed a regression in TDLS prohibited bit validation * started to use estimated throughput to avoid undesired signal strength based roaming decision * MACsec/MKA: - new macsec_linux driver interface support for the Linux kernel macsec module - number of fixes and extensions * added support for external persistent storage of PMKSA cache (PMKSA_GET/PMKSA_ADD control interface commands; and MESH_PMKSA_GET/MESH_PMKSA_SET for the mesh case) * fixed mesh channel configuration pri/sec switch case * added support for beacon report * large number of other fixes, cleanup, and extensions * added support for randomizing local address for GAS queries (gas_rand_mac_addr parameter) * fixed EAP-SIM/AKA/AKA' ext auth cases within TLS tunnel * added option for using random WPS UUID (auto_uuid=1) * added SHA256-hash support for OCSP certificate matching * fixed EAP-AKA' to add AT_KDF into Synchronization-Failure * fixed a regression in RSN pre-authentication candidate selection * added option to configure allowed group management cipher suites (group_mgmt network profile parameter) * removed all PeerKey functionality * fixed nl80211 AP and mesh mode configuration regression with Linux 4.15 and newer * added ap_isolate configuration option for AP mode * added support for nl80211 to offload 4-way handshake into the driver * added support for using wolfSSL cryptographic library * SAE - added support for configuring SAE password separately of the WPA2 PSK/passphrase - fixed PTK and EAPOL-Key integrity and key-wrap algorithm selection for SAE; note: this is not backwards compatible, i.e., both the AP and station side implementations will need to be update at the same time to maintain interoperability - added support for Password Identifier - fixed FT-SAE PMKID matching * Hotspot 2.0 - added support for fetching of Operator Icon Metadata ANQP-element - added support for Roaming Consortium Selection element - added support for Terms and Conditions - added support for OSEN connection in a shared RSN BSS - added support for fetching Venue URL information * added support for using OpenSSL 1.1.1 * FT - disabled PMKSA caching with FT since it is not fully functional - added support for SHA384 based AKM - added support for BIP ciphers BIP-CMAC-256, BIP-GMAC-128, BIP-GMAC-256 in addition to previously supported BIP-CMAC-128 - fixed additional IE inclusion in Reassociation Request frame when using FT protocol - Changed service-files for start after network (systemd-networkd). ----------------------------------------- Patch: SUSE-2020-3462 Released: Fri Nov 20 13:14:35 2020 Summary: Recommended update for pam and sudo Severity: moderate References: 1174593,1177858,1178727 Description: This update for pam and sudo fixes the following issue: pam: - pam_xauth: do not *free* a string which has been successfully passed to *putenv*. (bsc#1177858) - Initialize the local variable *daysleft* to avoid a misleading warning for password expire days. (bsc#1178727) - Run /usr/bin/xauth using the old user's and group's identifiers. (bsc#1174593) sudo: - Fix a problem with pam_xauth which checks effective and real uids to get the real identity of the user. (bsc#1174593) ----------------------------------------- Patch: SUSE-2020-3620 Released: Thu Dec 3 17:03:55 2020 Summary: Recommended update for pam Severity: moderate References: Description: This update for pam fixes the following issues: - Check if the password is part of the username. (jsc#SLE-16719, jsc#SLE-16720) - Check whether the password contains a substring of of the user's name of at least `` characters length in some form. This is enabled by the new parameter `usersubstr=` ----------------------------------------- Patch: SUSE-2020-3791 Released: Mon Dec 14 17:39:19 2020 Summary: Recommended update for gzip Severity: moderate References: Description: This update for gzip fixes the following issue: - Enable `DFLTCC` (Deflate Conversion Call) compression for s390x for levels 1-6 to `CFLAGS`. (jsc#SLE-13775) Enable by adding `-DDFLTCC_LEVEL_MASK=0x7e` to `CFLAGS`. ----------------------------------------- Patch: SUSE-2020-3795 Released: Mon Dec 14 17:43:26 2020 Summary: Optional update for systemd-rpm-macros Severity: low References: 1059627,1178481,1179020 Description: This update for systemd-rpm-macros fixes the following issues: - Deprecate '-f'/'-n' options When used with %service_del_preun, support for these options will be dropped as DISABLE_STOP_ON_REMOVAL support will be removed on the next version of SLE (jsc#SLE-8968) When used with %service_del_postun, they should be replaced with their counterpart %service_del_postun_with_restart/%service_del_postun_without_restart - Introduced %service_del_postun_with_restart() It's the counterpart of %service_del_postun_without_restart() and replaces the '-f' option of %service_del_postun(). - Does no longer apply presets when migrating from a disabled initscript (bsc#1178481) - Fix importing of %{_unitdir} ----------------------------------------- Patch: SUSE-2020-3942 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Severity: moderate References: 1180138 Description: This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------- Patch: SUSE-2021-179 Released: Wed Jan 20 13:38:51 2021 Summary: Recommended update for timezone Severity: moderate References: 1177460 Description: This update for timezone fixes the following issues: - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. ----------------------------------------- Patch: SUSE-2021-220 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Severity: moderate References: 1180603 Description: This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------- Patch: SUSE-2021-293 Released: Wed Feb 3 12:52:34 2021 Summary: Recommended update for gmp Severity: moderate References: 1180603 Description: This update for gmp fixes the following issues: - correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603) ----------------------------------------- Patch: SUSE-2021-301 Released: Thu Feb 4 08:46:27 2021 Summary: Recommended update for timezone Severity: moderate References: 1177460 Description: This update for timezone fixes the following issues: - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. ----------------------------------------- Patch: SUSE-2021-339 Released: Mon Feb 8 13:16:07 2021 Summary: Optional update for pam Severity: low References: Description: This update for pam fixes the following issues: - Added rpm macros for this package, so that other packages can make use of it This patch is optional to be installed - it doesn't fix any bugs. ----------------------------------------- Patch: SUSE-2021-443 Released: Thu Feb 11 16:36:24 2021 Summary: Security update for wpa_supplicant Severity: important References: 1181777,CVE-2021-0326 Description: This update for wpa_supplicant fixes the following issues: - CVE-2021-0326: P2P group information processing vulnerability (bsc#1181777). ----------------------------------------- Patch: SUSE-2021-707 Released: Thu Mar 4 09:19:36 2021 Summary: Recommended update for systemd-rpm-macros Severity: moderate References: 1177039 Description: This update for systemd-rpm-macros fixes the following issues: - Bump to version 6 - Make upstream '%systemd_{pre,post,preun,postun}' aliases to their SUSE counterparts. Packagers can now choose to use the upstream or the SUSE variants indifferently. For consistency the SUSE variants should be preferred since almost all SUSE packages already use them but the upstream versions might be usefull in certain cases where packages need to support multiple distros based on RPM. - Improve the logic used to apply the presets. (bsc#1177039) Before presests were applied at a) package installation b) new units introduced via a package update (but after making sure that it was not a SysV initscript being converted). The problem is that a) didn't handle package a renaming or split properly since the package with the new name is installed rather being updated and therefore the presets were applied even if they were already with the old name. We now cover this case (and the other ones) by applying presets only if the units are new and the services are not being migrated. This regardless of whether this happens during an install or an update. ----------------------------------------- Patch: SUSE-2021-721 Released: Mon Mar 8 16:41:21 2021 Summary: Security update for wpa_supplicant Severity: important References: 1182805,CVE-2021-27803 Description: This update for wpa_supplicant fixes the following issues: - CVE-2021-27803: Fixed a P2P provision discovery processing vulnerability (bsc#1182805). ----------------------------------------- Patch: SUSE-2021-786 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Severity: moderate References: 1176201 Description: This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) ----------------------------------------- Patch: SUSE-2021-795 Released: Tue Mar 16 10:28:02 2021 Summary: Recommended update for systemd-rpm-macros Severity: low References: 1182661,1183012,1183051 Description: This update for systemd-rpm-macros fixes the following issues: - Added a %systemd_user_pre macro (bsc#1183051, bsc#1183012) - Fixed an issue with %systemd_user_post, where the --global parameter was treated like if it was another service (bsc#1183051, bsc#1182661) ----------------------------------------- Patch: SUSE-2021-927 Released: Tue Mar 23 14:07:06 2021 Summary: Recommended update for libreoffice Severity: moderate References: 1041090,1049382,1116658,1136234,1155141,1173404,1173409,1173410,1173471,1174465,1176547,1177955,1178807,1178943,1178944,1179025,1179203,1181122,1181644,1181872,1182790 Description: This update for libreoffice provides the upgrade from version 6.4.5.2 to 7.1.1.2 (jsc#ECO-3150, bsc#1182790) libreoffice: - Image shown with different aspect ratio (bsc#1176547) - Text changes are reproducibly lost on PPTX with SmartArt (bsc#1181644) - Adjust to new Box2D and enable KDE on SUSE Linux Enterprise 15-SP3 or newer (jsc#ECO-3375) - Wrong bullet points in Impress (bsc#1174465) - SmartArt: text wrongly aligned, background boxes not quite right (bsc#1177955) - Update the SUSE color palette to reflect the new SUSE branding. (bsc#1181122, bsc#1173471) - SUSE Mint - SUSE Midnight Blue - SUSE Waterhole Blue - SUSE Persimmon - Fix a crash opening a PPTX. (bsc#1179025) - Fix text box from PowerPoint renders vertically instead of horizontally (bsc#1178807) - Shadow effects for table completely missing (bsc#1178944, bsc#1178943) - Disable firebird integration for the time being (bsc#1179203) - Fixes hang on Writer on scrolling/saving of a document (bsc#1136234) - Wrong rendering of bulleted lists in PPTX document (bsc#1155141) - Sidebar: paragraph widget: numeric fields become inactive/unaccessible after saving (bsc#1173404) - Crash of Writer opening any document having 'invalid' python file in home directory (bsc#1116658) libixion: Update to 0.16.1: - fixed a build issue on 32-bit linux platforms, caused by slicing of integer string ID values. - worked around floating point rounding errors which prevented two theoretically-equal numeric values from being evaluated as equal in test code. - added new function to allow printing of single formula tokens. - added method for setting cached results on formula cells in model_context. - changed the model_context design to ensure that all sheets are of the same size. - added an accessor method to formula_model_access interface (and implicitly in model_context) that directly returns a string value from cell. - added cell_access class for querying of cell states without knowing its type ahead of time. - added document class which provides a layer on top of model_context, to abstract away the handling of formula calculations. - deprecated model_context::erase_cell() in favor of empty_cell(). - added support for 3D references - references that contain multiple sheets. - added support for the exponent (^) and concatenation (&) operators. - fixed incorrect handling of range references containing whole columns such as A:A. - added support for unordered range references - range references whose start row or column is greater than their end position counterparts, such as A3:A1. - fixed a bug that prevented nested formula functions from working properly. - implemented Calc A1 style reference resolver. - formula results now directly store the string values when the results are of string type. They previously stored string ID values after interning the original strings. - Removed build-time dependency on spdlog. libmwaw: Update to 0.3.17: - add a parser for Jazz(Lotus) writer and spreasheet files. The writer parser can only be called if the file still contains its resource fork - add a parser for Canvas 3 and 3.5 files - AppleWorks parser: try to retrieve more Windows presentation - add a parser for Drawing Table files - add a parser for Canvas 2 files - API: add new reserved enums in MWAWDocument.hxx `MWAW_T_RESERVED10..MWAW_T_RESERVED29` and add a new define in libmwaw.hxx `MWAW_INTERFACE_VERSION` to check if these enums are defined - remove the QuarkXPress parser (must be in libqxp) - retrieve the annotation in MsWord 5 document - try to better understand RagTime 5-6 document libnumbertext: Update to 1.0.6 liborcus: Update to 0.16.1 - Add upstream changes to fix build with GCC 11 (bsc#1181872) libstaroffice: Update to 0.0.7: - fix `text:sender-lastname` when creating meta-data libwps: Update to 0.4.11: - XYWrite: add a parser to .fil v2 and v4 files - wks,wk1: correct some problems when retrieving cell's reference. glfw: New package provided on version 3.3.2: - See also: https://www.glfw.org/changelog.html - Sort list of input files to geany for reproducible builds (bsc#1049382, bsc#1041090) * Require pkgconfig(gl) for the devel package to supply needed include GL/gl.h * glfwFocusWindow could terminate on older WMs or without a WM * Creating an undecorated window could fail with BadMatch * Querying a disconnected monitor could segfault * Video modes with a duplicate screen area were discarded * The CMake files did not check for the XInput headers * Key names were not updated when the keyboard layout changed * Decorations could not be enabled after window creation * Content scale fallback value could be inconsistent * Disabled cursor mode was interrupted by indicator windows * Monitor physical dimensions could be reported as zero mm * Window position events were not emitted during resizing * Added on-demand loading of Vulkan and context creation API libraries * [X11] Bugfix: Window size limits were ignored if the minimum or maximum size was set to `GLFW_DONT_CARE` * [X11] Bugfix: Input focus was set before window was visible, causing BadMatch on some non-reparenting WMs * [X11] Bugfix: glfwGetWindowPos and glfwSetWindowPos operated on the window frame instead of the client area * [WGL] Added reporting of errors from `WGL_ARB_create_context` extension * [EGL] Added lib prefix matching between EGL and OpenGL ES library binaries * [EGL] Bugfix: Dynamically loaded entry points were not verified - Made build of geany-tags optional. Box2D: New package provided on version 2.4.1: * Extended distance joint to have a minimum and maximum limit. * `B2_USER_SETTINGS` and `b2_user_settings.h` can control user data, length units, and maximum polygon vertices. * Default user data is now uintptr_t instead of void* * b2FixtureDef::restitutionThreshold lets you set the restitution velocity threshold per fixture. * Collision * Chain and edge shape must now be one-sided to eliminate ghost collisions * Broad-phase optimizations * Added b2ShapeCast for linear shape casting * Dynamics * Joint limits are now predictive and not stateful * Experimental 2D cloth (rope) * b2Body::SetActive -> b2Body::SetEnabled * Better support for running multiple worlds * Handle zero density better * The body behaves like a static body * The body is drawn with a red color * Added translation limit to wheel joint * World dump now writes to box2d_dump.inl * Static bodies are never awake * All joints with spring-dampers now use stiffness and damping * Added utility functions to convert frequency and damping ratio to stiffness and damping * Polygon creation now computes the convex hull. * The convex hull code will merge vertices closer than dm_linearSlop. ----------------------------------------- Patch: SUSE-2021-930 Released: Wed Mar 24 12:09:23 2021 Summary: Security update for nghttp2 Severity: important References: 1172442,1181358,CVE-2020-11080 Description: This update for nghttp2 fixes the following issues: - CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358) ----------------------------------------- Patch: SUSE-2021-974 Released: Mon Mar 29 19:31:27 2021 Summary: Security update for tar Severity: low References: 1181131,CVE-2021-20193 Description: This update for tar fixes the following issues: CVE-2021-20193: Memory leak in read_header() in list.c (bsc#1181131) ----------------------------------------- Patch: SUSE-2021-1007 Released: Thu Apr 1 17:47:20 2021 Summary: Security update for MozillaFirefox Severity: important References: 1183942,CVE-2021-23981,CVE-2021-23982,CVE-2021-23984,CVE-2021-23987 Description: This update for MozillaFirefox fixes the following issues: - Firefox was updated to 78.9.0 ESR (MFSA 2021-11, bsc#1183942) * CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an out-of-bound read * CVE-2021-23982: Internal network hosts could have been probed by a malicious webpage * CVE-2021-23984: Malicious extensions could have spoofed popup information * CVE-2021-23987: Memory safety bugs ----------------------------------------- Patch: SUSE-2021-1018 Released: Tue Apr 6 14:29:13 2021 Summary: Recommended update for gzip Severity: moderate References: 1180713 Description: This update for gzip fixes the following issues: - Fixes an issue when 'gzexe' counts the lines to skip wrong. (bsc#1180713) ----------------------------------------- Patch: SUSE-2021-1166 Released: Tue Apr 13 14:03:51 2021 Summary: Security update for wpa_supplicant Severity: moderate References: 1184348,CVE-2021-30004 Description: This update for wpa_supplicant fixes the following issues: - CVE-2021-30004: Fixed an issue where forging attacks might have occured because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c (bsc#1184348). ----------------------------------------- Patch: SUSE-2021-1289 Released: Wed Apr 21 14:02:46 2021 Summary: Recommended update for gzip Severity: moderate References: 1177047 Description: This update for gzip fixes the following issues: - Fixed a potential segfault when zlib acceleration is enabled (bsc#1177047) ----------------------------------------- Patch: SUSE-2021-1424 Released: Thu Apr 29 06:22:32 2021 Summary: Recommended update for openslp Severity: moderate References: 1166637,1184008 Description: This update for openslp fixes the following issues: - Added automated active discovery retries so that DAs do not get dropped, if they are not reachable for some time (bsc#1166637, bsc#1184008) ----------------------------------------- Patch: SUSE-2021-1643 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Severity: important References: 1181443,1184358,1185562 Description: This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------- Patch: SUSE-2021-1843 Released: Thu Jun 3 16:22:36 2021 Summary: Security update for polkit Severity: important References: 1186497,CVE-2021-3560 Description: This update for polkit fixes the following issues: - CVE-2021-3560: Fixed a local privilege escalation using polkit_system_bus_name_get_creds_sync() (bsc#1186497). ----------------------------------------- Patch: SUSE-2021-1861 Released: Fri Jun 4 09:59:40 2021 Summary: Recommended update for gcc10 Severity: moderate References: 1029961,1106014,1178577,1178624,1178675,1182016 Description: This update for gcc10 fixes the following issues: - Disable nvptx offloading for aarch64 again since it doesn't work - Fixed a build failure issue. (bsc#1182016) - Fix for memory miscompilation on 'aarch64'. (bsc#1178624, bsc#1178577) - Fix 32bit 'libgnat.so' link. (bsc#1178675) - prepare usrmerge: Install libgcc_s into %_libdir. ABI wise it stays /%lib. (bsc#1029961) - Build complete set of multilibs for arm-none target. (bsc#1106014) ----------------------------------------- Patch: SUSE-2021-1935 Released: Thu Jun 10 10:45:09 2021 Summary: Recommended update for gzip Severity: moderate References: 1186642 Description: This update for gzip fixes the following issue: - gzip had a lower release number in 15 sp2 and sp3 than in 15 sp1, which could lead to migration issues. (bsc#1186642) ----------------------------------------- Patch: SUSE-2021-1937 Released: Thu Jun 10 10:47:09 2021 Summary: Recommended update for nghttp2 Severity: moderate References: 1186642 Description: This update for nghttp2 fixes the following issue: - The (lib)nghttp2 packages had a lower release number in SUSE Linux Enterprise 15 sp2 and sp3 than in 15 sp1, which could lead to migration issues. (bsc#1186642) ----------------------------------------- Patch: SUSE-2021-1954 Released: Fri Jun 11 10:45:09 2021 Summary: Security update for containerd, docker, runc Severity: important References: 1168481,1175081,1175821,1181594,1181641,1181677,1181730,1181732,1181749,1182451,1182476,1182947,1183024,1183855,1184768,1184962,1185405,CVE-2021-21284,CVE-2021-21285,CVE-2021-21334,CVE-2021-30465 Description: This update for containerd, docker, runc fixes the following issues: Docker was updated to 20.10.6-ce (bsc#1184768, bsc#1182947, bsc#1181594) * Switch version to use -ce suffix rather than _ce to avoid confusing other tools (bsc#1182476). * CVE-2021-21284: Fixed a potential privilege escalation when the root user in the remapped namespace has access to the host filesystem (bsc#1181732) * CVE-2021-21285: Fixed an issue where pulling a malformed Docker image manifest crashes the dockerd daemon (bsc#1181730). * btrfs quotas being removed by Docker regularly (bsc#1183855, bsc#1175081) runc was updated to v1.0.0~rc93 (bsc#1182451, bsc#1175821 bsc#1184962). * Use the upstream runc package (bsc#1181641, bsc#1181677, bsc#1175821). * Fixed /dev/null is not available (bsc#1168481). * CVE-2021-30465: Fixed a symlink-exchange attack vulnarability (bsc#1185405). containerd was updated to v1.4.4 * CVE-2021-21334: Fixed a potential information leak through environment variables (bsc#1183397). * Handle a requirement from docker (bsc#1181594). ----------------------------------------- Patch: SUSE-2021-2173 Released: Mon Jun 28 14:59:45 2021 Summary: Recommended update for automake Severity: moderate References: 1040589,1047218,1182604,1185540,1186049 Description: This update for automake fixes the following issues: - Implement generated autoconf makefiles reproducible (bsc#1182604) - Add fix to avoid date variations in docs. (bsc#1047218, jsc#SLE-17848) - Avoid bashisms in test-driver script. (bsc#1185540) This update for pcre fixes the following issues: - Do not run profiling 'check' in parallel to make package build reproducible. (bsc#1040589) This update for brp-check-suse fixes the following issues: - Add fixes to support reproducible builds. (bsc#1186049) ----------------------------------------- Patch: SUSE-2021-2179 Released: Mon Jun 28 17:36:37 2021 Summary: Recommended update for thin-provisioning-tools Severity: moderate References: 1184124 Description: This update for thin-provisioning-tools fixes the following issues: - Link as position-independent executable (bsc#1184124) ----------------------------------------- Patch: SUSE-2021-2193 Released: Mon Jun 28 18:38:43 2021 Summary: Recommended update for tar Severity: moderate References: 1184124 Description: This update for tar fixes the following issues: - Link '/var/lib/tests/tar/bin/genfile' as Position-Independent Executable (bsc#1184124) ----------------------------------------- Patch: SUSE-2021-2196 Released: Tue Jun 29 09:41:39 2021 Summary: Security update for lua53 Severity: moderate References: 1175448,1175449,CVE-2020-24370,CVE-2020-24371 Description: This update for lua53 fixes the following issues: Update to version 5.3.6: - CVE-2020-24371: lgc.c mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage (bsc#1175449) - CVE-2020-24370: ldebug.c allows a negation overflow and segmentation fault in getlocal and setlocal (bsc#1175448) - Long brackets with a huge number of '=' overflow some internal buffer arithmetic. ----------------------------------------- Patch: SUSE-2021-2286 Released: Fri Jul 9 17:38:53 2021 Summary: Recommended update for dosfstools Severity: moderate References: 1172863 Description: This update for dosfstools fixes the following issue: - Fixed a bug that was causing an installation issue when trying to create an EFI partition on an NVMe-over-Fabrics device (bsc#1172863) ----------------------------------------- Patch: SUSE-2021-2320 Released: Wed Jul 14 17:01:06 2021 Summary: Security update for sqlite3 Severity: important References: 1157818,1158812,1158958,1158959,1158960,1159491,1159715,1159847,1159850,1160309,1160438,1160439,1164719,1172091,1172115,1172234,1172236,1172240,1173641,928700,928701,CVE-2015-3414,CVE-2015-3415,CVE-2019-19244,CVE-2019-19317,CVE-2019-19603,CVE-2019-19645,CVE-2019-19646,CVE-2019-19880,CVE-2019-19923,CVE-2019-19924,CVE-2019-19925,CVE-2019-19926,CVE-2019-19959,CVE-2019-20218,CVE-2020-13434,CVE-2020-13435,CVE-2020-13630,CVE-2020-13631,CVE-2020-13632,CVE-2020-15358,CVE-2020-9327 Description: This update for sqlite3 fixes the following issues: - Update to version 3.36.0 - CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization (bsc#1173641) - CVE-2020-9327: NULL pointer dereference and segmentation fault because of generated column optimizations in isAuxiliaryVtabOperator (bsc#1164719) - CVE-2019-20218: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error (bsc#1160439) - CVE-2019-19959: memory-management error via ext/misc/zipfile.c involving embedded '\0' input (bsc#1160438) - CVE-2019-19923: improper handling of certain uses of SELECT DISTINCT in flattenSubquery may lead to null pointer dereference (bsc#1160309) - CVE-2019-19924: improper error handling in sqlite3WindowRewrite() (bsc#1159850) - CVE-2019-19925: improper handling of NULL pathname during an update of a ZIP archive (bsc#1159847) - CVE-2019-19926: improper handling of certain errors during parsing multiSelect in select.c (bsc#1159715) - CVE-2019-19880: exprListAppendList in window.c allows attackers to trigger an invalid pointer dereference (bsc#1159491) - CVE-2019-19603: during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with a shadow table name (bsc#1158960) - CVE-2019-19646: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns (bsc#1158959) - CVE-2019-19645: alter.c allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements (bsc#1158958) - CVE-2019-19317: lookupName in resolve.c omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service (bsc#1158812) - CVE-2019-19244: sqlite3,sqlite2,sqlite: The function sqlite3Select in select.c allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage (bsc#1157818) - CVE-2015-3415: sqlite3VdbeExec comparison operator vulnerability (bsc#928701) - CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names (bsc#928700) - CVE-2020-13434: integer overflow in sqlite3_str_vappendf (bsc#1172115) - CVE-2020-13630: (bsc#1172234: use-after-free in fts3EvalNextRow - CVE-2020-13631: virtual table allowed to be renamed to one of its shadow tables (bsc#1172236) - CVE-2020-13632: NULL pointer dereference via crafted matchinfo() query (bsc#1172240) - CVE-2020-13435: Malicious SQL statements could have crashed the process that is running SQLite (bsc#1172091) ----------------------------------------- Patch: SUSE-2021-2456 Released: Thu Jul 22 15:28:39 2021 Summary: Recommended update for pam-config Severity: moderate References: 1187091 Description: This update for pam-config fixes the following issues: - Add 'revoke' to the option list for 'pam_keyinit'. - Fixed an issue when pam-config fails to create a new service config file. (bsc#1187091) ----------------------------------------- Patch: SUSE-2021-2573 Released: Thu Jul 29 14:21:52 2021 Summary: Recommended update for timezone Severity: moderate References: 1188127 Description: This update for timezone fixes the following issue: - From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127). ----------------------------------------- Patch: SUSE-2021-2627 Released: Thu Aug 5 12:10:46 2021 Summary: Recommended maintenance update for systemd-default-settings Severity: moderate References: 1188348 Description: This update for systemd-default-settings fixes the following issue: - Solve a downgrade issue between SUSE Linux Enterprise SP3 and lower (bsc#1188348) ----------------------------------------- Patch: SUSE-2021-2802 Released: Fri Aug 20 10:47:08 2021 Summary: Security update for libmspack Severity: moderate References: 1103032,CVE-2018-14679,CVE-2018-14681,CVE-2018-14682 Description: This update for libmspack fixes the following issues: - CVE-2018-14681: Bad KWAJ file header extensions could cause a one or two byte overwrite. (bsc#1103032) - CVE-2018-14682: There is an off-by-one error in the TOLOWER() macro for CHM decompression. (bsc#1103032) - CVE-2018-14679: There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service. (bsc#1103032) ----------------------------------------- Patch: SUSE-2021-2895 Released: Tue Aug 31 19:40:32 2021 Summary: Recommended update for unixODBC Severity: moderate References: Description: This update for unixODBC fixes the following issues: - ECO: Update unixODBC to 2.3.9 in SLE 15. (jsc#SLE-18004) - Fix incorrect permission for documentation files. - Update requires and baselibs for new libodbc2. - Employ shared library packaging guideline: new subpacakge libodbc2. - Update to 2.3.9: * Remove '#define UNIXODBC_SOURCE' from unixodbc_conf.h - Update to 2.3.8: * Add configure support for editline * SQLDriversW was ignoring user config * SQLDataSources Fix termination character * Fix for pooling seg fault * Make calling SQLSetStmtAttrW call the W function in the driver is its there * Try and fix race condition clearing system odbc.ini file * Remove trailing space from isql/iusql SQL * When setting connection attributes set before connect also check if the W entry poins can be used * Try calling the W error functions first if available in the driver * Add iconvperdriver configure option to allow calling unicode_setup in SQLAllocHandle * iconv handles was being lost when reusing pooled connection * Catch null copy in iniPropertyInsert * Fix a few leaks - Update to 2.3.7: * Fix for pkg-config file update on no linux platforms * Add W entry for GUI work * Various fixes for SQLBrowseConnect/W, SQLGetConnectAttr/W,and SQLSetConnectAttr/W * Fix buffer overflows in SQLConnect/W and refine behaviour of SQLGet/WritePrivateProfileString * SQLBrowseConnect/W allow disconnecting a started browse session after error * Add --with-stats-ftok-name configure option to allow the selection of a file name used to generate the IPC id when collecting stats. Default is the system odbc.ini file * Improve diag record handling with the behavior of Windows DM and export SQLCancelHandle * bug fix when SQLGetPrivateProfileString() is called to get a list of sections or a list of keys * Connection pooling: Fix liveness check for Unicode drivers ----------------------------------------- Patch: SUSE-2021-2899 Released: Wed Sep 1 08:30:58 2021 Summary: Recommended update for systemd-rpm-macros Severity: moderate References: 1186282,1187332 Description: This update for systemd-rpm-macros fixes the following issues: - Fixed an issue whe zypper ignores the ordering constraints. (bsc#1187332) - Introduce '%sysusers_create_package': '%sysusers_create' and '%sysusers_create_inline' are now deprecated and the new macro should be used instead. - %sysusers_create_inline: use here-docs instead of echo (bsc#1186282) ----------------------------------------- Patch: SUSE-2021-2962 Released: Mon Sep 6 18:23:01 2021 Summary: Recommended update for runc Severity: critical References: 1189743 Description: This update for runc fixes the following issues: - Fixed an issue when toolbox container fails to start. (bsc#1189743) ----------------------------------------- Patch: SUSE-2021-3001 Released: Thu Sep 9 15:08:13 2021 Summary: Recommended update for netcfg Severity: moderate References: 1189683 Description: This update for netcfg fixes the following issues: - add submissions port/protocol to services file for message submission over TLS protocol [bsc#1189683] ----------------------------------------- Patch: SUSE-2021-3115 Released: Thu Sep 16 14:04:26 2021 Summary: Recommended update for mozilla-nspr, mozilla-nss Severity: moderate References: 1029961,1174697,1176206,1176934,1179382,1188891,CVE-2020-12400,CVE-2020-12401,CVE-2020-12403,CVE-2020-25648,CVE-2020-6829 Description: This update for mozilla-nspr fixes the following issues: mozilla-nspr was updated to version 4.32: * implement new socket option PR_SockOpt_DontFrag * support larger DNS records by increasing the default buffer size for DNS queries * Lock access to PRCallOnceType members in PR_CallOnce* for thread safety bmo#1686138 * PR_GetSystemInfo supports a new flag PR_SI_RELEASE_BUILD to get information about the operating system build version. Mozilla NSS was updated to version 3.68: * bmo#1713562 - Fix test leak. * bmo#1717452 - NSS 3.68 should depend on NSPR 4.32. * bmo#1693206 - Implement PKCS8 export of ECDSA keys. * bmo#1712883 - DTLS 1.3 draft-43. * bmo#1655493 - Support SHA2 HW acceleration using Intel SHA Extension. * bmo#1713562 - Validate ECH public names. * bmo#1717610 - Add function to get seconds from epoch from pkix::Time. update to NSS 3.67 * bmo#1683710 - Add a means to disable ALPN. * bmo#1715720 - Fix nssckbi version number in NSS 3.67 (was supposed to be incremented in 3.66). * bmo#1714719 - Set NSS_USE_64 on riscv64 target when using GYP/Ninja. * bmo#1566124 - Fix counter increase in ppc-gcm-wrap.c. * bmo#1566124 - Fix AES_GCM mode on ppc64le for messages of length more than 255-byte. update to NSS 3.66 * bmo#1710716 - Remove Expired Sonera Class2 CA from NSS. * bmo#1710716 - Remove Expired Root Certificates from NSS - QuoVadis Root Certification Authority. * bmo#1708307 - Remove Trustis FPS Root CA from NSS. * bmo#1707097 - Add Certum Trusted Root CA to NSS. * bmo#1707097 - Add Certum EC-384 CA to NSS. * bmo#1703942 - Add ANF Secure Server Root CA to NSS. * bmo#1697071 - Add GLOBALTRUST 2020 root cert to NSS. * bmo#1712184 - NSS tools manpages need to be updated to reflect that sqlite is the default database. * bmo#1712230 - Don't build ppc-gcm.s with clang integrated assembler. * bmo#1712211 - Strict prototype error when trying to compile nss code that includes blapi.h. * bmo#1710773 - NSS needs FIPS 180-3 FIPS indicators. * bmo#1709291 - Add VerifyCodeSigningCertificateChain. update to NSS 3.65 * bmo#1709654 - Update for NetBSD configuration. * bmo#1709750 - Disable HPKE test when fuzzing. * bmo#1566124 - Optimize AES-GCM for ppc64le. * bmo#1699021 - Add AES-256-GCM to HPKE. * bmo#1698419 - ECH -10 updates. * bmo#1692930 - Update HPKE to final version. * bmo#1707130 - NSS should use modern algorithms in PKCS#12 files by default. * bmo#1703936 - New coverity/cpp scanner errors. * bmo#1697303 - NSS needs to update it's csp clearing to FIPS 180-3 standards. * bmo#1702663 - Need to support RSA PSS with Hashing PKCS #11 Mechanisms. * bmo#1705119 - Deadlock when using GCM and non-thread safe tokens. update to NSS 3.64 * bmo#1705286 - Properly detect mips64. * bmo#1687164 - Introduce NSS_DISABLE_CRYPTO_VSX and disable_crypto_vsx. * bmo#1698320 - replace __builtin_cpu_supports('vsx') with ppc_crypto_support() for clang. * bmo#1613235 - Add POWER ChaCha20 stream cipher vector acceleration. Fixed in 3.63 * bmo#1697380 - Make a clang-format run on top of helpful contributions. * bmo#1683520 - ECCKiila P384, change syntax of nested structs initialization to prevent build isses with GCC 4.8. * bmo#1683520 - [lib/freebl/ecl] P-384: allow zero scalars in dual scalar multiplication. * bmo#1683520 - ECCKiila P521, change syntax of nested structs initialization to prevent build isses with GCC 4.8. * bmo#1683520 - [lib/freebl/ecl] P-521: allow zero scalars in dual scalar multiplication. * bmo#1696800 - HACL* update March 2021 - c95ab70fcb2bc21025d8845281bc4bc8987ca683. * bmo#1694214 - tstclnt can't enable middlebox compat mode. * bmo#1694392 - NSS does not work with PKCS #11 modules not supporting profiles. * bmo#1685880 - Minor fix to prevent unused variable on early return. * bmo#1685880 - Fix for the gcc compiler version 7 to support setenv with nss build. * bmo#1693217 - Increase nssckbi.h version number for March 2021 batch of root CA changes, CA list version 2.48. * bmo#1692094 - Set email distrust after to 21-03-01 for Camerfirma's 'Chambers of Commerce' and 'Global Chambersign' roots. * bmo#1618407 - Symantec root certs - Set CKA_NSS_EMAIL_DISTRUST_AFTER. * bmo#1693173 - Add GlobalSign R45, E45, R46, and E46 root certs to NSS. * bmo#1683738 - Add AC RAIZ FNMT-RCM SERVIDORES SEGUROS root cert to NSS. * bmo#1686854 - Remove GeoTrust PCA-G2 and VeriSign Universal root certs from NSS. * bmo#1687822 - Turn off Websites trust bit for the “Staat der Nederlanden Root CA - G3” root cert in NSS. * bmo#1692094 - Turn off Websites Trust Bit for 'Chambers of Commerce Root - 2008' and 'Global Chambersign Root - 2008’. * bmo#1694291 - Tracing fixes for ECH. update to NSS 3.62 * bmo#1688374 - Fix parallel build NSS-3.61 with make * bmo#1682044 - pkix_Build_GatherCerts() + pkix_CacheCert_Add() can corrupt 'cachedCertTable' * bmo#1690583 - Fix CH padding extension size calculation * bmo#1690421 - Adjust 3.62 ABI report formatting for new libabigail * bmo#1690421 - Install packaged libabigail in docker-builds image * bmo#1689228 - Minor ECH -09 fixes for interop testing, fuzzing * bmo#1674819 - Fixup a51fae403328, enum type may be signed * bmo#1681585 - Add ECH support to selfserv * bmo#1681585 - Update ECH to Draft-09 * bmo#1678398 - Add Export/Import functions for HPKE context * bmo#1678398 - Update HPKE to draft-07 update to NSS 3.61 * bmo#1682071 - Fix issue with IKE Quick mode deriving incorrect key values under certain conditions. * bmo#1684300 - Fix default PBE iteration count when NSS is compiled with NSS_DISABLE_DBM. * bmo#1651411 - Improve constant-timeness in RSA operations. * bmo#1677207 - Upgrade Google Test version to latest release. * bmo#1654332 - Add aarch64-make target to nss-try. Update to NSS 3.60.1: Notable changes in NSS 3.60: * TLS 1.3 Encrypted Client Hello (draft-ietf-tls-esni-08) support has been added, replacing the previous ESNI (draft-ietf-tls-esni-01) implementation. See bmo#1654332 for more information. * December 2020 batch of Root CA changes, builtins library updated to version 2.46. See bmo#1678189, bmo#1678166, and bmo#1670769 for more information. Update to NSS 3.59.1: * bmo#1679290 - Fix potential deadlock with certain third-party PKCS11 modules Update to NSS 3.59: Notable changes: * Exported two existing functions from libnss: CERT_AddCertToListHeadWithData and CERT_AddCertToListTailWithData Bugfixes * bmo#1607449 - Lock cert->nssCertificate to prevent a potential data race * bmo#1672823 - Add Wycheproof test cases for HMAC, HKDF, and DSA * bmo#1663661 - Guard against NULL token in nssSlot_IsTokenPresent * bmo#1670835 - Support enabling and disabling signatures via Crypto Policy * bmo#1672291 - Resolve libpkix OCSP failures on SHA1 self-signed root certs when SHA1 signatures are disabled. * bmo#1644209 - Fix broken SelectedCipherSuiteReplacer filter to solve some test intermittents * bmo#1672703 - Tolerate the first CCS in TLS 1.3 to fix a regression in our CVE-2020-25648 fix that broke purple-discord (boo#1179382) * bmo#1666891 - Support key wrap/unwrap with RSA-OAEP * bmo#1667989 - Fix gyp linking on Solaris * bmo#1668123 - Export CERT_AddCertToListHeadWithData and CERT_AddCertToListTailWithData from libnss * bmo#1634584 - Set CKA_NSS_SERVER_DISTRUST_AFTER for Trustis FPS Root CA * bmo#1663091 - Remove unnecessary assertions in the streaming ASN.1 decoder that affected decoding certain PKCS8 private keys when using NSS debug builds * bmo#670839 - Use ARM crypto extension for AES, SHA1 and SHA2 on MacOS. update to NSS 3.58 Bugs fixed: * bmo#1641480 (CVE-2020-25648) Tighten CCS handling for middlebox compatibility mode. * bmo#1631890 - Add support for Hybrid Public Key Encryption (draft-irtf-cfrg-hpke) support for TLS Encrypted Client Hello (draft-ietf-tls-esni). * bmo#1657255 - Add CI tests that disable SHA1/SHA2 ARM crypto extensions. * bmo#1668328 - Handle spaces in the Python path name when using gyp on Windows. * bmo#1667153 - Add PK11_ImportDataKey for data object import. * bmo#1665715 - Pass the embedded SCT list extension (if present) to TrustDomain::CheckRevocation instead of the notBefore value. update to NSS 3.57 * The following CA certificates were Added: bmo#1663049 - CN=Trustwave Global Certification Authority SHA-256 Fingerprint: 97552015F5DDFC3C8788C006944555408894450084F100867086BC1A2BB58DC8 bmo#1663049 - CN=Trustwave Global ECC P256 Certification Authority SHA-256 Fingerprint: 945BBC825EA554F489D1FD51A73DDF2EA624AC7019A05205225C22A78CCFA8B4 bmo#1663049 - CN=Trustwave Global ECC P384 Certification Authority SHA-256 Fingerprint: 55903859C8C0C3EBB8759ECE4E2557225FF5758BBD38EBD48276601E1BD58097 * The following CA certificates were Removed: bmo#1651211 - CN=EE Certification Centre Root CA SHA-256 Fingerprint: 3E84BA4342908516E77573C0992F0979CA084E4685681FF195CCBA8A229B8A76 bmo#1656077 - O=Government Root Certification Authority; C=TW SHA-256 Fingerprint: 7600295EEFE85B9E1FD624DB76062AAAAE59818A54D2774CD4C0B2C01131E1B3 * Trust settings for the following CA certificates were Modified: bmo#1653092 - CN=OISTE WISeKey Global Root GA CA Websites (server authentication) trust bit removed. * https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.57_release_notes update to NSS 3.56 Notable changes * bmo#1650702 - Support SHA-1 HW acceleration on ARMv8 * bmo#1656981 - Use MPI comba and mulq optimizations on x86-64 MacOS. * bmo#1654142 - Add CPU feature detection for Intel SHA extension. * bmo#1648822 - Add stricter validation of DH keys in FIPS mode. * bmo#1656986 - Properly detect arm64 during GYP build architecture detection. * bmo#1652729 - Add build flag to disable RC2 and relocate to lib/freebl/deprecated. * bmo#1656429 - Correct RTT estimate used in 0-RTT anti-replay. * bmo#1588941 - Send empty certificate message when scheme selection fails. * bmo#1652032 - Fix failure to build in Windows arm64 makefile cross-compilation. * bmo#1625791 - Fix deadlock issue in nssSlot_IsTokenPresent. * bmo#1653975 - Fix 3.53 regression by setting 'all' as the default makefile target. * bmo#1659792 - Fix broken libpkix tests with unexpired PayPal cert. * bmo#1659814 - Fix interop.sh failures with newer tls-interop commit and dependencies. * bmo#1656519 - NSPR dependency updated to 4.28 update to NSS 3.55 Notable changes * P384 and P521 elliptic curve implementations are replaced with verifiable implementations from Fiat-Crypto [0] and ECCKiila [1]. * PK11_FindCertInSlot is added. With this function, a given slot can be queried with a DER-Encoded certificate, providing performance and usability improvements over other mechanisms. (bmo#1649633) * DTLS 1.3 implementation is updated to draft-38. (bmo#1647752) Relevant Bugfixes * bmo#1631583 (CVE-2020-6829, CVE-2020-12400) - Replace P384 and P521 with new, verifiable implementations from Fiat-Crypto and ECCKiila. * bmo#1649487 - Move overzealous assertion in VFY_EndWithSignature. * bmo#1631573 (CVE-2020-12401) - Remove unnecessary scalar padding. * bmo#1636771 (CVE-2020-12403) - Explicitly disable multi-part ChaCha20 (which was not functioning correctly) and more strictly enforce tag length. * bmo#1649648 - Don't memcpy zero bytes (sanitizer fix). * bmo#1649316 - Don't memcpy zero bytes (sanitizer fix). * bmo#1649322 - Don't memcpy zero bytes (sanitizer fix). * bmo#1653202 - Fix initialization bug in blapitest when compiled with NSS_DISABLE_DEPRECATED_SEED. * bmo#1646594 - Fix AVX2 detection in makefile builds. * bmo#1649633 - Add PK11_FindCertInSlot to search a given slot for a DER-encoded certificate. * bmo#1651520 - Fix slotLock race in NSC_GetTokenInfo. * bmo#1647752 - Update DTLS 1.3 implementation to draft-38. * bmo#1649190 - Run cipher, sdr, and ocsp tests under standard test cycle in CI. * bmo#1649226 - Add Wycheproof ECDSA tests. * bmo#1637222 - Consistently enforce IV requirements for DES and 3DES. * bmo#1067214 - Enforce minimum PKCS#1 v1.5 padding length in RSA_CheckSignRecover. * bmo#1646324 - Advertise PKCS#1 schemes for certificates in the signature_algorithms extension. update to NSS 3.54 Notable changes * Support for TLS 1.3 external pre-shared keys (bmo#1603042). * Use ARM Cryptography Extension for SHA256, when available (bmo#1528113) * The following CA certificates were Added: bmo#1645186 - certSIGN Root CA G2. bmo#1645174 - e-Szigno Root CA 2017. bmo#1641716 - Microsoft ECC Root Certificate Authority 2017. bmo#1641716 - Microsoft RSA Root Certificate Authority 2017. * The following CA certificates were Removed: bmo#1645199 - AddTrust Class 1 CA Root. bmo#1645199 - AddTrust External CA Root. bmo#1641718 - LuxTrust Global Root 2. bmo#1639987 - Staat der Nederlanden Root CA - G2. bmo#1618402 - Symantec Class 2 Public Primary Certification Authority - G4. bmo#1618402 - Symantec Class 1 Public Primary Certification Authority - G4. bmo#1618402 - VeriSign Class 3 Public Primary Certification Authority - G3. * A number of certificates had their Email trust bit disabled. See bmo#1618402 for a complete list. Bugs fixed * bmo#1528113 - Use ARM Cryptography Extension for SHA256. * bmo#1603042 - Add TLS 1.3 external PSK support. * bmo#1642802 - Add uint128 support for HACL* curve25519 on Windows. * bmo#1645186 - Add 'certSIGN Root CA G2' root certificate. * bmo#1645174 - Add Microsec's 'e-Szigno Root CA 2017' root certificate. * bmo#1641716 - Add Microsoft's non-EV root certificates. * bmo1621151 - Disable email trust bit for 'O=Government Root Certification Authority; C=TW' root. * bmo#1645199 - Remove AddTrust root certificates. * bmo#1641718 - Remove 'LuxTrust Global Root 2' root certificate. * bmo#1639987 - Remove 'Staat der Nederlanden Root CA - G2' root certificate. * bmo#1618402 - Remove Symantec root certificates and disable email trust bit. * bmo#1640516 - NSS 3.54 should depend on NSPR 4.26. * bmo#1642146 - Fix undefined reference to `PORT_ZAlloc_stub' in seed.c. * bmo#1642153 - Fix infinite recursion building NSS. * bmo#1642638 - Fix fuzzing assertion crash. * bmo#1642871 - Enable SSL_SendSessionTicket after resumption. * bmo#1643123 - Support SSL_ExportEarlyKeyingMaterial with External PSKs. * bmo#1643557 - Fix numerous compile warnings in NSS. * bmo#1644774 - SSL gtests to use ClearServerCache when resetting self-encrypt keys. * bmo#1645479 - Don't use SECITEM_MakeItem in secutil.c. * bmo#1646520 - Stricter enforcement of ASN.1 INTEGER encoding. ----------------------------------------- Patch: SUSE-2021-3182 Released: Tue Sep 21 17:04:26 2021 Summary: Recommended update for file Severity: moderate References: 1189996 Description: This update for file fixes the following issues: - Fixes exception thrown by memory allocation problem (bsc#1189996) ----------------------------------------- Patch: SUSE-2021-3203 Released: Thu Sep 23 14:41:35 2021 Summary: Recommended update for kmod Severity: moderate References: 1189537,1190190 Description: This update for kmod fixes the following issues: - Use docbook 4 rather than docbook 5 for building man pages (bsc#1190190). - Enable support for ZSTD compressed modules - Display module information even for modules built into the running kernel (bsc#1189537) - '/usr/lib' should override '/lib' where both are available. Support '/usr/lib' for depmod.d as well. - Remove test patches included in release 29 - Update to release 29 * Fix `modinfo -F` not working for built-in modules and certain fields. * Fix a memory leak, overflow and double free on error path. ----------------------------------------- Patch: SUSE-2021-3291 Released: Wed Oct 6 16:45:36 2021 Summary: Security update for glibc Severity: moderate References: 1186489,1187911,CVE-2021-33574,CVE-2021-35942 Description: This update for glibc fixes the following issues: - CVE-2021-33574: Fixed use __pthread_attr_copy in mq_notify (bsc#1186489). - CVE-2021-35942: Fixed wordexp handle overflow in positional parameter number (bsc#1187911). ----------------------------------------- Patch: SUSE-2021-3490 Released: Wed Oct 20 16:31:55 2021 Summary: Security update for ncurses Severity: moderate References: 1190793,CVE-2021-39537 Description: This update for ncurses fixes the following issues: - CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793) ----------------------------------------- Patch: SUSE-2021-3494 Released: Wed Oct 20 16:48:46 2021 Summary: Recommended update for pam Severity: moderate References: 1190052 Description: This update for pam fixes the following issues: - Added pam_faillock to the set of available PAM modules. (jsc#SLE-20638) - Added new file macros.pam on request of systemd. (bsc#1190052) ----------------------------------------- Patch: SUSE-2021-3506 Released: Mon Oct 25 10:20:22 2021 Summary: Security update for containerd, docker, runc Severity: important References: 1102408,1185405,1187704,1188282,1190826,1191015,1191121,1191334,1191355,1191434,CVE-2021-30465,CVE-2021-32760,CVE-2021-41089,CVE-2021-41091,CVE-2021-41092,CVE-2021-41103 Description: This update for containerd, docker, runc fixes the following issues: Docker was updated to 20.10.9-ce. (bsc#1191355) See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. CVE-2021-41092 CVE-2021-41089 CVE-2021-41091 CVE-2021-41103 container was updated to v1.4.11, to fix CVE-2021-41103. bsc#1191355 - CVE-2021-32760: Fixed that a archive package allows chmod of file outside of unpack target directory (bsc#1188282) - Install systemd service file as well (bsc#1190826) Update to runc v1.0.2. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.2 * Fixed a failure to set CPU quota period in some cases on cgroup v1. * Fixed the inability to start a container with the 'adding seccomp filter rule for syscall ...' error, caused by redundant seccomp rules (i.e. those that has action equal to the default one). Such redundant rules are now skipped. * Made release builds reproducible from now on. * Fixed a rare debug log race in runc init, which can result in occasional harmful 'failed to decode ...' errors from runc run or exec. * Fixed the check in cgroup v1 systemd manager if a container needs to be frozen before Set, and add a setting to skip such freeze unconditionally. The previous fix for that issue, done in runc 1.0.1, was not working. Update to runc v1.0.1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.1 * Fixed occasional runc exec/run failure ('interrupted system call') on an Azure volume. * Fixed 'unable to find groups ... token too long' error with /etc/group containing lines longer than 64K characters. * cgroup/systemd/v1: fix leaving cgroup frozen after Set if a parent cgroup is frozen. This is a regression in 1.0.0, not affecting runc itself but some of libcontainer users (e.g Kubernetes). * cgroupv2: bpf: Ignore inaccessible existing programs in case of permission error when handling replacement of existing bpf cgroup programs. This fixes a regression in 1.0.0, where some SELinux policies would block runc from being able to run entirely. * cgroup/systemd/v2: don't freeze cgroup on Set. * cgroup/systemd/v1: avoid unnecessary freeze on Set. - fix issues with runc under openSUSE MicroOS's SELinux policy. bsc#1187704 Update to runc v1.0.0. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0 ! The usage of relative paths for mountpoints will now produce a warning (such configurations are outside of the spec, and in future runc will produce an error when given such configurations). * cgroupv2: devices: rework the filter generation to produce consistent results with cgroupv1, and always clobber any existing eBPF program(s) to fix runc update and avoid leaking eBPF programs (resulting in errors when managing containers). * cgroupv2: correctly convert 'number of IOs' statistics in a cgroupv1-compatible way. * cgroupv2: support larger than 32-bit IO statistics on 32-bit architectures. * cgroupv2: wait for freeze to finish before returning from the freezing code, optimize the method for checking whether a cgroup is frozen. * cgroups/systemd: fixed 'retry on dbus disconnect' logic introduced in rc94 * cgroups/systemd: fixed returning 'unit already exists' error from a systemd cgroup manager (regression in rc94) + cgroupv2: support SkipDevices with systemd driver + cgroup/systemd: return, not ignore, stop unit error from Destroy + Make 'runc --version' output sane even when built with go get or otherwise outside of our build scripts. + cgroups: set SkipDevices during runc update (so we don't modify cgroups at all during runc update). + cgroup1: blkio: support BFQ weights. + cgroupv2: set per-device io weights if BFQ IO scheduler is available. Update to runc v1.0.0~rc95. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc95 This release of runc contains a fix for CVE-2021-30465, and users are strongly recommended to update (especially if you are providing semi-limited access to spawn containers to untrusted users). (bsc#1185405) Update to runc v1.0.0~rc94. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc94 Breaking Changes: * cgroupv1: kernel memory limits are now always ignored, as kmemcg has been effectively deprecated by the kernel. Users should make use of regular memory cgroup controls. Regression Fixes: * seccomp: fix 32-bit compilation errors * runc init: fix a hang caused by deadlock in seccomp/ebpf loading code * runc start: fix 'chdir to cwd: permission denied' for some setups ----------------------------------------- Patch: SUSE-2021-3510 Released: Tue Oct 26 11:22:15 2021 Summary: Recommended update for pam Severity: important References: 1191987 Description: This update for pam fixes the following issues: - Fixed a bad directive file which resulted in the 'securetty' file to be installed as 'macros.pam'. (bsc#1191987) ----------------------------------------- Patch: SUSE-2021-3529 Released: Wed Oct 27 09:23:32 2021 Summary: Security update for pcre Severity: moderate References: 1172973,1172974,CVE-2019-20838,CVE-2020-14155 Description: This update for pcre fixes the following issues: Update pcre to version 8.45: - CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974). - CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973) ----------------------------------------- Patch: SUSE-2021-3792 Released: Wed Nov 24 06:12:09 2021 Summary: Recommended update for kmod Severity: moderate References: 1192104 Description: This update for kmod fixes the following issues: - Enable ZSTD compression (bsc#1192104)(jsc#SLE-21256) ----------------------------------------- Patch: SUSE-2021-3799 Released: Wed Nov 24 18:07:54 2021 Summary: Recommended update for gcc11 Severity: moderate References: 1187153,1187273,1188623 Description: This update for gcc11 fixes the following issues: The additional GNU compiler collection GCC 11 is provided: To select these compilers install the packages: - gcc11 - gcc-c++11 - and others with 11 prefix. to select them for building: - CC='gcc-11' - CXX='g++-11' The compiler baselibraries (libgcc_s1, libstdc++6 and others) are being replaced by the GCC 11 variants. ----------------------------------------- Patch: SUSE-2021-3872 Released: Thu Dec 2 07:25:55 2021 Summary: Recommended update for cracklib Severity: moderate References: 1191736 Description: This update for cracklib fixes the following issues: - Enable build time tests (bsc#1191736) ----------------------------------------- Patch: SUSE-2021-3883 Released: Thu Dec 2 11:47:07 2021 Summary: Recommended update for timezone Severity: moderate References: 1177460 Description: This update for timezone fixes the following issues: Update timezone to 2021e (bsc#1177460) - Palestine will fall back 10-29 (not 10-30) at 01:00 - Fiji suspends DST for the 2021/2022 season - 'zic -r' marks unspecified timestamps with '-00' - Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers - Refresh timezone info for china ----------------------------------------- Patch: SUSE-2021-3891 Released: Fri Dec 3 10:21:49 2021 Summary: Recommended update for keyutils Severity: moderate References: 1029961,1113013,1187654 Description: This update for keyutils fixes the following issues: - Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654) keyutils was updated to 1.6.3 (jsc#SLE-20016): * Revert the change notifications that were using /dev/watch_queue. * Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE). * Allow 'keyctl supports' to retrieve raw capability data. * Allow 'keyctl id' to turn a symbolic key ID into a numeric ID. * Allow 'keyctl new_session' to name the keyring. * Allow 'keyctl add/padd/etc.' to take hex-encoded data. * Add 'keyctl watch*' to expose kernel change notifications on keys. * Add caps for namespacing and notifications. * Set a default TTL on keys that upcall for name resolution. * Explicitly clear memory after it's held sensitive information. * Various manual page fixes. * Fix C++-related errors. * Add support for keyctl_move(). * Add support for keyctl_capabilities(). * Make key=val list optional for various public-key ops. * Fix system call signature for KEYCTL_PKEY_QUERY. * Fix 'keyctl pkey_query' argument passing. * Use keyctl_read_alloc() in dump_key_tree_aux(). * Various manual page fixes. Updated to 1.6: * Apply various specfile cleanups from Fedora. * request-key: Provide a command line option to suppress helper execution. * request-key: Find least-wildcard match rather than first match. * Remove the dependency on MIT Kerberos. * Fix some error messages * keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes. * Fix doc and comment typos. * Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20). * Add pkg-config support for finding libkeyutils. * upstream isn't offering PGP signatures for the source tarballs anymore Updated to 1.5.11 (bsc#1113013) * Add keyring restriction support. * Add KDF support to the Diffie-Helman function. * DNS: Add support for AFS config files and SRV records ----------------------------------------- Patch: SUSE-2021-3942 Released: Mon Dec 6 14:46:05 2021 Summary: Security update for brotli Severity: moderate References: 1175825,CVE-2020-8927 Description: This update for brotli fixes the following issues: - CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825). ----------------------------------------- Patch: SUSE-2021-3946 Released: Mon Dec 6 14:57:42 2021 Summary: Security update for gmp Severity: moderate References: 1192717,CVE-2021-43618 Description: This update for gmp fixes the following issues: - CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717). ----------------------------------------- Patch: SUSE-2021-3980 Released: Thu Dec 9 16:42:19 2021 Summary: Recommended update for glibc Severity: moderate References: 1191592 Description: glibc was updated to fix the following issue: - Support for new IBM Z Hardware (bsc#1191592, jsc#IBM-869) ----------------------------------------- Patch: SUSE-2021-4009 Released: Mon Dec 13 11:24:43 2021 Summary: Recommended update for systemd-rpm-macros Severity: low References: Description: This update for systemd-rpm-macros fixes the following issues: - Introduce rpm macro %_systemd_util_dir ----------------------------------------- Patch: SUSE-2021-4165 Released: Wed Dec 22 22:52:11 2021 Summary: Recommended update for kmod Severity: moderate References: 1193430 Description: This update for kmod fixes the following issues: - Ensure that kmod and packages linking to libkmod provide same features. (bsc#1193430) ----------------------------------------- Patch: SUSE-2021-4171 Released: Thu Dec 23 09:55:13 2021 Summary: Security update for runc Severity: moderate References: 1193436,CVE-2021-43784 Description: This update for runc fixes the following issues: Update to runc v1.0.3. * CVE-2021-43784: Fixed a potential vulnerability related to the internal usage of netlink, which is believed to not be exploitable with any released versions of runc (bsc#1193436) * Fixed inability to start a container with read-write bind mount of a read-only fuse host mount. * Fixed inability to start when read-only /dev in set in spec. * Fixed not removing sub-cgroups upon container delete, when rootless cgroup v2 is used with older systemd. * Fixed returning error from GetStats when hugetlb is unsupported (which causes excessive logging for kubernetes). ----------------------------------------- Patch: SUSE-2021-4182 Released: Thu Dec 23 11:51:51 2021 Summary: Recommended update for zlib Severity: moderate References: 1192688 Description: This update for zlib fixes the following issues: - Fix hardware compression incorrect result on z15 hardware (bsc#1192688) ----------------------------------------- Patch: SUSE-2022-69 Released: Thu Jan 13 15:12:30 2022 Summary: Security update for libmspack Severity: low References: 1113040,CVE-2018-18586 Description: This update for libmspack fixes the following issues: - CVE-2018-18586: Fixed directory traversal in chmextract by adding anti '../' and leading slash protection (bsc#1113040). ----------------------------------------- Patch: SUSE-2022-84 Released: Mon Jan 17 04:40:30 2022 Summary: Recommended update for dosfstools Severity: moderate References: 1172863,1188401 Description: This update for dosfstools fixes the following issues: - To be able to create filesystems compatible with previous version, add -g command line option to mkfs (bsc#1188401) - BREAKING CHANGES: After fixing of bsc#1172863 in the last update, mkfs started to create different images than before. Applications that depend on exact FAT file format (e. g. embedded systems) may be broken in two ways: * The introduction of the alignment may create smaller images than before, with a different positions of important image elements. It can break existing software that expect images in doststools <= 4.1 style. To work around these problems, use '-a' command line argument. * The new image may contain a different geometry values. Geometry sensitive applications expecting doststools <= 4.1 style images can fails to accept different geometry values. There is no direct work around for this problem. But you can take the old image, use 'file -s $IMAGE', check its 'sectors/track' and 'heads', and use them in the newly introduced '-g' command line argument. ----------------------------------------- Patch: SUSE-2022-184 Released: Tue Jan 25 18:20:56 2022 Summary: Security update for json-c Severity: important References: 1171479,CVE-2020-12762 Description: This update for json-c fixes the following issues: - CVE-2020-12762: Fixed integer overflow and out-of-bounds write. (bsc#1171479) ----------------------------------------- Patch: SUSE-2022-190 Released: Tue Jan 25 19:10:04 2022 Summary: Security update for polkit Severity: important References: 1194568,CVE-2021-4034 Description: This update for polkit fixes the following issues: - CVE-2021-4034: Fixed a local privilege escalation in pkexec (bsc#1194568). ----------------------------------------- Patch: SUSE-2022-207 Released: Thu Jan 27 09:24:49 2022 Summary: Recommended update for glibc Severity: moderate References: Description: This update for glibc fixes the following issues: - Add support for livepatches on x86_64 for SUSE Linux Enterprise 15 SP4 (jsc#SLE-20049). ----------------------------------------- Patch: SUSE-2022-330 Released: Fri Feb 4 09:29:08 2022 Summary: Security update for glibc Severity: important References: 1194640,1194768,1194770,1194785,CVE-2021-3999,CVE-2022-23218,CVE-2022-23219 Description: This update for glibc fixes the following issues: - CVE-2021-3999: Fixed incorrect errno in getcwd (bsc#1194640) - CVE-2022-23219: Fixed buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768) - CVE-2022-23218: Fixed buffer overflow in sunrpc svcunix_create (bsc#1194770) Features added: - IBM Power 10 string operation improvements (bsc#1194785, jsc#SLE-18195) ----------------------------------------- Patch: SUSE-2022-353 Released: Tue Feb 8 17:41:48 2022 Summary: Recommended update for systemd-rpm-macros Severity: moderate References: Description: This update for systemd-rpm-macros fixes the following issues: - Bump version to 10 - %sysusers_create_inline was wrongly marked as deprecated - %sysusers_create can be useful in certain cases and won't go away until we'll move to file triggers. So don't mark it as deprecated too ----------------------------------------- Patch: SUSE-2022-383 Released: Tue Feb 15 17:47:36 2022 Summary: Recommended update for cyrus-sasl Severity: moderate References: 1194265 Description: This update for cyrus-sasl fixes the following issues: - Fixed an issue when in postfix 'sasl' authentication with password fails. (bsc#1194265) - Add config parameter '--with-dblib=gdbm' - Avoid converting of '/etc/sasldb2 by every update. Convert '/etc/sasldb2' only if it is a Berkeley DB. ----------------------------------------- Patch: SUSE-2022-525 Released: Fri Feb 18 15:12:10 2022 Summary: Security update for polkit Severity: moderate References: 1195542,CVE-2021-4115 Description: This update for polkit fixes the following issues: - CVE-2021-4115: Fixed a denial of service via file descriptor leak (bsc#1195542). ----------------------------------------- Patch: SUSE-2022-716 Released: Fri Mar 4 09:42:53 2022 Summary: Security update for wpa_supplicant Severity: important References: 1194732,1194733,CVE-2022-23303,CVE-2022-23304 Description: This update for wpa_supplicant fixes the following issues: - CVE-2022-23303: Fixed side-channel attacks in SAE (bsc#1194732). - CVE-2022-23304: Fixed side-channel attacks in EAP-pwd (bsc#1194733). ----------------------------------------- Patch: SUSE-2022-743 Released: Mon Mar 7 22:08:12 2022 Summary: Security update for cyrus-sasl Severity: important References: 1194265,1196036,CVE-2022-24407 Description: This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). The following non-security bugs were fixed: - postfix: sasl authentication with password fails (bsc#1194265). ----------------------------------------- Patch: SUSE-2022-789 Released: Thu Mar 10 11:22:05 2022 Summary: Recommended update for update-alternatives Severity: moderate References: 1195654 Description: This update for update-alternatives fixes the following issues: - Break bash - update-alternatives cycle rewrite of '%post' in 'lua'. (bsc#1195654) ----------------------------------------- Patch: SUSE-2022-861 Released: Tue Mar 15 23:30:48 2022 Summary: Recommended update for openssl-1_1 Severity: moderate References: 1182959,1195149,1195792,1195856 Description: This update for openssl-1_1 fixes the following issues: openssl-1_1: - Fix PAC pointer authentication in ARM (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) glibc: - Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1 linux-glibc-devel: - Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1 libxcrypt: - Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1 zlib: - Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1 ----------------------------------------- Patch: SUSE-2022-936 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Severity: moderate References: 1196275,1196406 Description: This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------- Patch: SUSE-2022-1047 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Severity: moderate References: 1196093,1197024 Description: This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------- Patch: SUSE-2022-1061 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Severity: important References: 1197459,CVE-2018-25032 Description: This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------- Patch: SUSE-2022-1118 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Severity: moderate References: 1177460 Description: This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data ----------------------------------------- Patch: SUSE-2022-1158 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Severity: important References: 1198062,CVE-2022-1271 Description: This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------- Patch: SUSE-2022-1281 Released: Wed Apr 20 12:26:38 2022 Summary: Recommended update for libtirpc Severity: moderate References: 1196647 Description: This update for libtirpc fixes the following issues: - Add option to enforce connection via protocol version 2 first (bsc#1196647) ----------------------------------------- Patch: SUSE-2022-1374 Released: Mon Apr 25 15:02:13 2022 Summary: Recommended update for openldap2 Severity: moderate References: 1191157,1197004 Description: This update for openldap2 fixes the following issues: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------- Patch: SUSE-2022-1409 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Severity: moderate References: 1195628,1196107 Description: This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. ----------------------------------------- Patch: SUSE-2022-1451 Released: Thu Apr 28 10:47:22 2022 Summary: Recommended update for perl Severity: moderate References: 1193489 Description: This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) ----------------------------------------- Patch: SUSE-2022-1465 Released: Fri Apr 29 11:36:02 2022 Summary: Security update for libslirp Severity: important References: 1187364,1187366,1187367,1198773,CVE-2021-3592,CVE-2021-3594,CVE-2021-3595 Description: This update for libslirp fixes the following issues: - CVE-2021-3592: Fixed invalid pointer initialization may lead to information disclosure (bootp) (bsc#1187364). - CVE-2021-3594: Fixed invalid pointer initialization may lead to information disclosure (udp) (bsc#1187367). - CVE-2021-3595: Fixed invalid pointer initialization may lead to information disclosure (tftp) (bsc#1187366). - Fix a dhcp regression [bsc#1198773] ----------------------------------------- Patch: SUSE-2022-1548 Released: Thu May 5 16:45:28 2022 Summary: Security update for tar Severity: moderate References: 1029961,1120610,1130496,1181131,CVE-2018-20482,CVE-2019-9923,CVE-2021-20193 Description: This update for tar fixes the following issues: - CVE-2021-20193: Fixed a memory leak in read_header() in list.c (bsc#1181131). - CVE-2019-9923: Fixed a null-pointer dereference in pax_decode_header in sparse.c (bsc#1130496). - CVE-2018-20482: Fixed infinite read loop in sparse_dump_region in sparse.c (bsc#1120610). - Update to GNU tar 1.34: * Fix extraction over pipe * Fix memory leak in read_header (CVE-2021-20193) (bsc#1181131) * Fix extraction when . and .. are unreadable * Gracefully handle duplicate symlinks when extracting * Re-initialize supplementary groups when switching to user privileges - Update to GNU tar 1.33: * POSIX extended format headers do not include PID by default * --delay-directory-restore works for archives with reversed member ordering * Fix extraction of a symbolic link hardlinked to another symbolic link * Wildcards in exclude-vcs-ignore mode don't match slash * Fix the --no-overwrite-dir option * Fix handling of chained renames in incremental backups * Link counting works for file names supplied with -T * Accept only position-sensitive (file-selection) options in file list files - prepare usrmerge (bsc#1029961) - Update to GNU 1.32 * Fix the use of --checkpoint without explicit --checkpoint-action * Fix extraction with the -U option * Fix iconv usage on BSD-based systems * Fix possible NULL dereference (savannah bug #55369) [bsc#1130496] [CVE-2019-9923] * Improve the testsuite - Update to GNU 1.31 * Fix heap-buffer-overrun with --one-top-level, bug introduced with the addition of that option in 1.28 * Support for zstd compression * New option '--zstd' instructs tar to use zstd as compression program. When listing, extractng and comparing, zstd compressed archives are recognized automatically. When '-a' option is in effect, zstd compression is selected if the destination archive name ends in '.zst' or '.tzst'. * The -K option interacts properly with member names given in the command line. Names of members to extract can be specified along with the '-K NAME' option. In this case, tar will extract NAME and those of named members that appear in the archive after it, which is consistent with the semantics of the option. Previous versions of tar extracted NAME, those of named members that appeared before it, and everything after it. * Fix CVE-2018-20482 - When creating archives with the --sparse option, previous versions of tar would loop endlessly if a sparse file had been truncated while being archived. ----------------------------------------- Patch: SUSE-2022-1617 Released: Tue May 10 14:40:12 2022 Summary: Security update for gzip Severity: important References: 1198062,1198922,CVE-2022-1271 Description: This update for gzip fixes the following issues: - CVE-2022-1271: Fix escaping of malicious filenames. (bsc#1198062) ----------------------------------------- Patch: SUSE-2022-1655 Released: Fri May 13 15:36:10 2022 Summary: Recommended update for pam Severity: moderate References: 1197794 Description: This update for pam fixes the following issue: - Do not include obsolete header files (bsc#1197794) ----------------------------------------- Patch: SUSE-2022-1658 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Severity: important References: 1197771 Description: This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) ----------------------------------------- Patch: SUSE-2022-1670 Released: Mon May 16 10:06:30 2022 Summary: Security update for openldap2 Severity: important References: 1199240,CVE-2022-29155 Description: This update for openldap2 fixes the following issues: - CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240). ----------------------------------------- Patch: SUSE-2022-1718 Released: Tue May 17 17:44:43 2022 Summary: Security update for e2fsprogs Severity: important References: 1198446,CVE-2022-1304 Description: This update for e2fsprogs fixes the following issues: - CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault and possibly arbitrary code execution. (bsc#1198446) ----------------------------------------- Patch: SUSE-2022-1730 Released: Wed May 18 16:56:21 2022 Summary: Security update for libslirp Severity: important References: 1187364,1187366,1187367,1198773,CVE-2021-3592,CVE-2021-3594,CVE-2021-3595 Description: This update for libslirp fixes the following issues: - CVE-2021-3592: Fixed invalid pointer initialization may lead to information disclosure (bootp) (bsc#1187364). - CVE-2021-3594: Fixed invalid pointer initialization may lead to information disclosure (udp) (bsc#1187367). - CVE-2021-3595: Fixed invalid pointer initialization may lead to information disclosure (tftp) (bsc#1187366). - Fix a dhcp regression [bsc#1198773] ----------------------------------------- Patch: SUSE-2022-1887 Released: Tue May 31 09:24:18 2022 Summary: Recommended update for grep Severity: moderate References: 1040589 Description: This update for grep fixes the following issues: - Make profiling deterministic. (bsc#1040589, SLE-24115) ----------------------------------------- Patch: SUSE-2022-1899 Released: Wed Jun 1 10:43:22 2022 Summary: Recommended update for libtirpc Severity: important References: 1198176 Description: This update for libtirpc fixes the following issues: - Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176) ----------------------------------------- Patch: SUSE-2022-1909 Released: Wed Jun 1 16:25:35 2022 Summary: Recommended update for glibc Severity: moderate References: 1198751 Description: This update for glibc fixes the following issues: - Add the correct name for the IBM Z16 (bsc#1198751). ----------------------------------------- Patch: SUSE-2022-1923 Released: Thu Jun 2 14:04:06 2022 Summary: Security update for kernel-firmware Severity: important References: 1195786,1199459,1199470,CVE-2021-26312,CVE-2021-26339,CVE-2021-26342,CVE-2021-26347,CVE-2021-26348,CVE-2021-26349,CVE-2021-26350,CVE-2021-26364,CVE-2021-26372,CVE-2021-26373,CVE-2021-26375,CVE-2021-26376,CVE-2021-26378,CVE-2021-26388,CVE-2021-33139,CVE-2021-33155,CVE-2021-46744 Description: This update for kernel-firmware fixes the following issues: Update to version 20220411 (git commit f219d616f42b, bsc#1199459): - CVE-2021-26373, CVE-2021-26347, CVE-2021-26376, CVE-2021-26350, CVE-2021-26375, CVE-2021-26378, CVE-2021-26372, CVE-2021-26339, CVE-2021-26348, CVE-2021-26342, CVE-2021-26388, CVE-2021-26349, CVE-2021-26364, CVE-2021-26312: Update AMD cpu microcode Update to version 20220309 (git commit cd01f857da28, bsc#1199470): - CVE-2021-46744: Ciphertext Side Channels on AMD SEV Update Intel Bluetooth firmware (INTEL-SA-00604, bsc#1195786): - CVE-2021-33139, CVE-2021-33155: Improper conditions check in the firmware for some Intel Wireless Bluetooth and Killer Bluetooth products may allow an authenticated user to potentially cause denial of service via adjacent access. ----------------------------------------- Patch: SUSE-2022-2019 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 Description: This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h ----------------------------------------- Patch: SUSE-2022-2035 Released: Fri Jun 10 10:16:40 2022 Summary: Security update for grub2 Severity: important References: 1191184,1191185,1191186,1193282,1197948,1198460,1198493,1198495,1198496,1198581,CVE-2021-3695,CVE-2021-3696,CVE-2021-3697,CVE-2022-28733,CVE-2022-28734,CVE-2022-28735,CVE-2022-28736 Description: This update for grub2 fixes the following issues: This update provides security fixes and hardenings for Boothole 3 / Boothole 2022 (bsc#1198581) - CVE-2021-3695: Fixed that a crafted PNG grayscale image could lead to out-of-bounds write in heap (bsc#1191184) - CVE-2021-3696: Fixed that a crafted PNG image could lead to out-of-bound write during huffman table handling (bsc#1191185) - CVE-2021-3697: Fixed that a crafted JPEG image could lead to buffer underflow write in the heap (bsc#1191186) - CVE-2022-28733: Fixed fragmentation math in net/ip (bsc#1198460) - CVE-2022-28734: Fixed an out-of-bound write for split http headers (bsc#1198493) - CVE-2022-28735: Fixed some verifier framework changes (bsc#1198495) - CVE-2022-28736: Fixed a use-after-free in chainloader command (bsc#1198496) - Update SBAT security contact (bsc#1193282) - Bump grub's SBAT generation to 2 - Use boot disks in OpenFirmware, fixing regression caused when the root LV is completely in the boot LUN (bsc#1197948) ----------------------------------------- Patch: SUSE-2022-2294 Released: Wed Jul 6 13:34:15 2022 Summary: Security update for expat Severity: important References: 1196025,1196026,1196168,1196169,1196171,1196784,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 Description: This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). ----------------------------------------- Patch: SUSE-2022-2305 Released: Wed Jul 6 13:38:42 2022 Summary: Security update for curl Severity: important References: 1200734,1200735,1200736,1200737,CVE-2022-32205,CVE-2022-32206,CVE-2022-32207,CVE-2022-32208 Description: This update for curl fixes the following issues: - CVE-2022-32205: Set-Cookie denial of service (bsc#1200734) - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32207: Unpreserved file permissions (bsc#1200736) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) ----------------------------------------- Patch: SUSE-2022-2308 Released: Wed Jul 6 14:15:13 2022 Summary: Security update for openssl-1_1 Severity: important References: 1185637,1199166,1200550,1201099,CVE-2022-1292,CVE-2022-2068,CVE-2022-2097 Description: This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). ----------------------------------------- Patch: SUSE-2022-2341 Released: Fri Jul 8 16:09:12 2022 Summary: Security update for containerd, docker and runc Severity: important References: 1192051,1199460,1199565,1200088,1200145,CVE-2022-29162,CVE-2022-31030 Description: This update for containerd, docker and runc fixes the following issues: containerd: - CVE-2022-31030: Fixed denial of service via invocation of the ExecSync API (bsc#1200145) docker: - Update to Docker 20.10.17-ce. See upstream changelog online at https://docs.docker.com/engine/release-notes/#201017. (bsc#1200145) runc: Update to runc v1.1.3. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.3. * Our seccomp `-ENOSYS` stub now correctly handles multiplexed syscalls on s390 and s390x. This solves the issue where syscalls the host kernel did not support would return `-EPERM` despite the existence of the `-ENOSYS` stub code (this was due to how s390x does syscall multiplexing). * Retry on dbus disconnect logic in libcontainer/cgroups/systemd now works as intended; this fix does not affect runc binary itself but is important for libcontainer users such as Kubernetes. * Inability to compile with recent clang due to an issue with duplicate constants in libseccomp-golang. * When using systemd cgroup driver, skip adding device paths that don't exist, to stop systemd from emitting warnings about those paths. * Socket activation was failing when more than 3 sockets were used. * Various CI fixes. * Allow to bind mount /proc/sys/kernel/ns_last_pid to inside container. - Fixed issues with newer syscalls (namely faccessat2) on older kernels on s390(x) caused by that platform's syscall multiplexing semantics. (bsc#1192051 bsc#1199565) Update to runc v1.1.2. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.2. Security issue fixed: - CVE-2022-29162: A bug was found in runc where runc exec --cap executed processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment. (bsc#1199460) - `runc spec` no longer sets any inheritable capabilities in the created example OCI spec (`config.json`) file. Update to runc v1.1.1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.1. * runc run/start can now run a container with read-only /dev in OCI spec, rather than error out. (#3355) * runc exec now ensures that --cgroup argument is a sub-cgroup. (#3403) libcontainer systemd v2 manager no longer errors out if one of the files listed in /sys/kernel/cgroup/delegate do not exist in container's cgroup. (#3387, #3404) * Loosen OCI spec validation to avoid bogus 'Intel RDT is not supported' error. (#3406) * libcontainer/cgroups no longer panics in cgroup v1 managers if stat of /sys/fs/cgroup/unified returns an error other than ENOENT. (#3435) Update to runc v1.1.0. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0. - libcontainer will now refuse to build without the nsenter package being correctly compiled (specifically this requires CGO to be enabled). This should avoid folks accidentally creating broken runc binaries (and incorrectly importing our internal libraries into their projects). (#3331) Update to runc v1.1.0~rc1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0-rc.1. + Add support for RDMA cgroup added in Linux 4.11. * runc exec now produces exit code of 255 when the exec failed. This may help in distinguishing between runc exec failures (such as invalid options, non-running container or non-existent binary etc.) and failures of the command being executed. + runc run: new --keep option to skip removal exited containers artefacts. This might be useful to check the state (e.g. of cgroup controllers) after the container hasexited. + seccomp: add support for SCMP_ACT_KILL_PROCESS and SCMP_ACT_KILL_THREAD (the latter is just an alias for SCMP_ACT_KILL). + seccomp: add support for SCMP_ACT_NOTIFY (seccomp actions). This allows users to create sophisticated seccomp filters where syscalls can be efficiently emulated by privileged processes on the host. + checkpoint/restore: add an option (--lsm-mount-context) to set a different LSM mount context on restore. + intelrdt: support ClosID parameter. + runc exec --cgroup: an option to specify a (non-top) in-container cgroup to use for the process being executed. + cgroup v1 controllers now support hybrid hierarchy (i.e. when on a cgroup v1 machine a cgroup2 filesystem is mounted to /sys/fs/cgroup/unified, runc run/exec now adds the container to the appropriate cgroup under it). + sysctl: allow slashes in sysctl names, to better match sysctl(8)'s behaviour. + mounts: add support for bind-mounts which are inaccessible after switching the user namespace. Note that this does not permit the container any additional access to the host filesystem, it simply allows containers to have bind-mounts configured for paths the user can access but have restrictive access control settings for other users. + Add support for recursive mount attributes using mount_setattr(2). These have the same names as the proposed mount(8) options -- just prepend r to the option name (such as rro). + Add runc features subcommand to allow runc users to detect what features runc has been built with. This includes critical information such as supported mount flags, hook names, and so on. Note that the output of this command is subject to change and will not be considered stable until runc 1.2 at the earliest. The runtime-spec specification for this feature is being developed in opencontainers/runtime-spec#1130. * system: improve performance of /proc/$pid/stat parsing. * cgroup2: when /sys/fs/cgroup is configured as a read-write mount, change the ownership of certain cgroup control files (as per /sys/kernel/cgroup/delegate) to allow for proper deferral to the container process. * runc checkpoint/restore: fixed for containers with an external bind mount which destination is a symlink. * cgroup: improve openat2 handling for cgroup directory handle hardening. runc delete -f now succeeds (rather than timing out) on a paused container. * runc run/start/exec now refuses a frozen cgroup (paused container in case of exec). Users can disable this using --ignore-paused. - Update version data embedded in binary to correctly include the git commit of the release. ----------------------------------------- Patch: SUSE-2022-2360 Released: Tue Jul 12 12:01:39 2022 Summary: Security update for pcre2 Severity: important References: 1199232,CVE-2022-1586 Description: This update for pcre2 fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------- Patch: SUSE-2022-2361 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Severity: important References: 1199232,CVE-2022-1586 Description: This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------- Patch: SUSE-2022-2396 Released: Thu Jul 14 11:57:58 2022 Summary: Security update for logrotate Severity: important References: 1192449,1199652,1200278,1200802,CVE-2022-1348 Description: This update for logrotate fixes the following issues: Security issues fixed: - CVE-2022-1348: Fixed insecure permissions for state file creation (bsc#1199652). - Improved coredump handing for SUID binaries (bsc#1192449). Non-security issues fixed: - Fixed 'logrotate emits unintended warning: keyword size not properly separated, found 0x3d' (bsc#1200278, bsc#1200802). ----------------------------------------- Patch: SUSE-2022-2406 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Severity: moderate References: 1197718,1199140,1200334,1200855 Description: This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). ----------------------------------------- Patch: SUSE-2022-2469 Released: Thu Jul 21 04:38:31 2022 Summary: Recommended update for systemd Severity: important References: 1137373,1181658,1194708,1195157,1197570,1198732,1200170,1201276 Description: This update for systemd fixes the following issues: - Make {/etc,/usr/lib}/systemd/network owned by both udev and systemd-network. The configuration files put in these directories are read by both udevd and systemd-networkd (bsc#1201276) - Allow control characters in environment variable values (bsc#1200170) - Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570) - Fix parsing error in s390 udev rules conversion script (bsc#1198732) - core/device: device_coldplug(): don't set DEVICE_DEAD - core/device: do not downgrade device state if it is already enumerated - core/device: drop unnecessary condition ----------------------------------------- Patch: SUSE-2022-2493 Released: Thu Jul 21 14:35:08 2022 Summary: Recommended update for rpm-config-SUSE Severity: moderate References: 1193282 Description: This update for rpm-config-SUSE fixes the following issues: - Add SBAT values macros for other packages (bsc#1193282) ----------------------------------------- Patch: SUSE-2022-2494 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Severity: important References: 1200855,1201560,1201640 Description: This update for glibc fixes the following issues: - Remove tunables from static tls surplus patch which caused crashes (bsc#1200855) - i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) ----------------------------------------- Patch: SUSE-2022-2533 Released: Fri Jul 22 17:37:15 2022 Summary: Security update for mozilla-nss Severity: important References: 1192079,1192080,1192086,1192087,1192228,1198486,1200027,CVE-2022-31741 Description: This update for mozilla-nss fixes the following issues: Various FIPS 140-3 related fixes were backported from SUSE Linux Enterprise 15 SP4: - Makes the PBKDF known answer test compliant with NIST SP800-132. (bsc#1192079). - FIPS: Add on-demand integrity tests through sftk_FIPSRepeatIntegrityCheck() (bsc#1198980). - FIPS: mark algorithms as approved/non-approved according to security policy (bsc#1191546, bsc#1201298). - FIPS: remove hard disabling of unapproved algorithms. This requirement is now fulfilled by the service level indicator (bsc#1200325). - Run test suite at build time, and make it pass (bsc#1198486). - FIPS: skip algorithms that are hard disabled in FIPS mode. - Prevent expired PayPalEE cert from failing the tests. - Allow checksumming to be disabled, but only if we entered FIPS mode due to NSS_FIPS being set, not if it came from /proc. - FIPS: Make the PBKDF known answer test compliant with NIST SP800-132. - Update FIPS validation string to version-release format. - FIPS: remove XCBC MAC from list of FIPS approved algorithms. - Enable NSS_ENABLE_FIPS_INDICATORS and set NSS_FIPS_MODULE_ID for build. - FIPS: claim 3DES unapproved in FIPS mode (bsc#1192080). - FIPS: allow testing of unapproved algorithms (bsc#1192228). - FIPS: add version indicators. (bmo#1729550, bsc#1192086). - FIPS: fix some secret clearing (bmo#1697303, bsc#1192087). Version update to NSS 3.79: - Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls. - Update mercurial in clang-format docker image. - Use of uninitialized pointer in lg_init after alloc fail. - selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo. - Add SECMOD_LockedModuleHasRemovableSlots. - Fix secasn1d parsing of indefinite SEQUENCE inside indefinite GROUP. - Added RFC8422 compliant TLS <= 1.2 undefined/compressed ECPointFormat extension alerts. - TLS 1.3 Server: Send protocol_version alert on unsupported ClientHello.legacy_version. - Correct invalid record inner and outer content type alerts. - NSS does not properly import or export pkcs12 files with large passwords and pkcs5v2 encoding. - improve error handling after nssCKFWInstance_CreateObjectHandle. - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. - NSS 3.79 should depend on NSPR 4.34 Version update to NSS 3.78.1: - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple Version update to NSS 3.78: - Added TLS 1.3 zero-length inner plaintext checks and tests, zero-length record/fragment handling tests. - Reworked overlong record size checks and added TLS1.3 specific boundaries. - Add ECH Grease Support to tstclnt - Add a strict variant of moz::pkix::CheckCertHostname. - Change SSL_REUSE_SERVER_ECDHE_KEY default to false. - Make SEC_PKCS12EnableCipher succeed - Update zlib in NSS to 1.2.12. Version update to NSS 3.77: - Fix link to TLS page on wireshark wiki - Add two D-TRUST 2020 root certificates. - Add Telia Root CA v2 root certificate. - Remove expired explicitly distrusted certificates from certdata.txt. - support specific RSA-PSS parameters in mozilla::pkix - Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate. - Remove token member from NSSSlot struct. - Provide secure variants of mpp_pprime and mpp_make_prime. - Support UTF-8 library path in the module spec string. - Update nssUTF8_Length to RFC 3629 and fix buffer overrun. - Update googletest to 1.11.0 - Add SetTls13GreaseEchSize to experimental API. - TLS 1.3 Illegal legacy_version handling/alerts. - Fix calculation of ECH HRR Transcript. - Allow ld path to be set as environment variable. - Ensure we don't read uninitialized memory in ssl gtests. - Fix DataBuffer Move Assignment. - internal_error alert on Certificate Request with sha1+ecdsa in TLS 1.3 - rework signature verification in mozilla::pkix Version update to NSS 3.76.1 - Remove token member from NSSSlot struct. - Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots. - Check return value of PK11Slot_GetNSSToken. - Use Wycheproof JSON for RSASSA-PSS - Add SHA256 fingerprint comments to old certdata.txt entries. - Avoid truncating files in nss-release-helper.py. - Throw illegal_parameter alert for illegal extensions in handshake message. Version update to NSS 3.75 - Make DottedOIDToCode.py compatible with python3. - Avoid undefined shift in SSL_CERT_IS while fuzzing. - Remove redundant key type check. - Update ABI expectations to match ECH changes. - Enable CKM_CHACHA20. - check return on NSS_NoDB_Init and NSS_Shutdown. - Run ECDSA test vectors from bltest as part of the CI tests. - Add ECDSA test vectors to the bltest command line tool. - Allow to build using clang's integrated assembler. - Allow to override python for the build. - test HKDF output rather than input. - Use ASSERT macros to end failed tests early. - move assignment operator for DataBuffer. - Add test cases for ECH compression and unexpected extensions in SH. - Update tests for ECH-13. - Tidy up error handling. - Add tests for ECH HRR Changes. - Server only sends GREASE HRR extension if enabled by preference. - Update generation of the Associated Data for ECH-13. - When ECH is accepted, reject extensions which were only advertised in the Outer Client Hello. - Allow for compressed, non-contiguous, extensions. - Scramble the PSK extension in CHOuter. - Split custom extension handling for ECH. - Add ECH-13 HRR Handling. - Client side ECH padding. - Stricter ClientHelloInner Decompression. - Remove ECH_inner extension, use new enum format. - Update the version number for ECH-13 and adjust the ECHConfig size. Version update to NSS 3.74 - mozilla::pkix: support SHA-2 hashes in CertIDs in OCSP responses - Ensure clients offer consistent ciphersuites after HRR - NSS does not properly restrict server keys based on policy - Set nssckbi version number to 2.54 - Replace Google Trust Services LLC (GTS) R4 root certificate - Replace Google Trust Services LLC (GTS) R3 root certificate - Replace Google Trust Services LLC (GTS) R2 root certificate - Replace Google Trust Services LLC (GTS) R1 root certificate - Replace GlobalSign ECC Root CA R4 - Remove Expired Root Certificates - DST Root CA X3 - Remove Expiring Cybertrust Global Root and GlobalSign root certificates - Add renewed Autoridad de Certificacion Firmaprofesional CIF A62634068 root certificate - Add iTrusChina ECC root certificate - Add iTrusChina RSA root certificate - Add ISRG Root X2 root certificate - Add Chunghwa Telecom's HiPKI Root CA - G1 root certificate - Avoid a clang 13 unused variable warning in opt build - Check for missing signedData field - Ensure DER encoded signatures are within size limits - enable key logging option (boo#1195040) Version update to NSS 3.73.1: - Add SHA-2 support to mozilla::pkix's OSCP implementation Version update to NSS 3.73 - check for missing signedData field. - Ensure DER encoded signatures are within size limits. - NSS needs FiPS 140-3 version indicators. - pkix_CacheCert_Lookup doesn't return cached certs - sunset Coverity from NSS Fixed MFSA 2021-51 (bsc#1193170) CVE-2021-43527: Memory corruption via DER-encoded DSA and RSA-PSS signatures Version update to NSS 3.72 - Fix nsinstall parallel failure. - Increase KDF cache size to mitigate perf regression in about:logins Version update to NSS 3.71 - Set nssckbi version number to 2.52. - Respect server requirements of tlsfuzzer/test-tls13-signature-algorithms.py - Import of PKCS#12 files with Camellia encryption is not supported - Add HARICA Client ECC Root CA 2021. - Add HARICA Client RSA Root CA 2021. - Add HARICA TLS ECC Root CA 2021. - Add HARICA TLS RSA Root CA 2021. - Add TunTrust Root CA certificate to NSS. Version update to NSS 3.70 - Update test case to verify fix. - Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max - Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback - Avoid using a lookup table in nssb64d. - Use HW accelerated SHA2 on AArch64 Big Endian. - Change default value of enableHelloDowngradeCheck to true. - Cache additional PBE entries. - Read HPKE vectors from official JSON. Version update to NSS 3.69.1: - Disable DTLS 1.0 and 1.1 by default - integrity checks in key4.db not happening on private components with AES_CBC NSS 3.69: - Disable DTLS 1.0 and 1.1 by default (backed out again) - integrity checks in key4.db not happening on private components with AES_CBC (backed out again) - SSL handling of signature algorithms ignores environmental invalid algorithms. - sqlite 3.34 changed it's open semantics, causing nss failures. - Gtest update changed the gtest reports, losing gtest details in all.sh reports. - NSS incorrectly accepting 1536 bit DH primes in FIPS mode - SQLite calls could timeout in starvation situations. - Coverity/cpp scanner errors found in nss 3.67 - Import the NSS documentation from MDN in nss/doc. - NSS using a tempdir to measure sql performance not active Version Update to 3.68.4 (bsc#1200027) - CVE-2022-31741: Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. (bmo#1767590) Mozilla NSPR was updated to version 4.34: * add an API that returns a preferred loopback IP on hosts that have two IP stacks available. ----------------------------------------- Patch: SUSE-2022-2546 Released: Mon Jul 25 14:43:22 2022 Summary: Security update for gpg2 Severity: important References: 1196125,1201225,CVE-2022-34903 Description: This update for gpg2 fixes the following issues: - CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225). - Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125) ----------------------------------------- Patch: SUSE-2022-2552 Released: Tue Jul 26 14:55:40 2022 Summary: Security update for libxml2 Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 Description: This update for libxml2 fixes the following issues: Update to 2.9.14: - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). Update to version 2.9.13: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes. (bsc#1196490) ----------------------------------------- Patch: SUSE-2022-2566 Released: Wed Jul 27 15:04:49 2022 Summary: Security update for pcre2 Severity: important References: 1199235,CVE-2022-1587 Description: This update for pcre2 fixes the following issues: - CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235). ----------------------------------------- Patch: SUSE-2022-2595 Released: Fri Jul 29 16:00:42 2022 Summary: Security update for mozilla-nss Severity: important References: 1192079,1192080,1192086,1192087,1192228,1198486,1200027,CVE-2022-31741 Description: This update for mozilla-nss fixes the following issues: Various FIPS 140-3 related fixes were backported from SUSE Linux Enterprise 15 SP4: - Makes the PBKDF known answer test compliant with NIST SP800-132. (bsc#1192079). - FIPS: Add on-demand integrity tests through sftk_FIPSRepeatIntegrityCheck() (bsc#1198980). - FIPS: mark algorithms as approved/non-approved according to security policy (bsc#1191546, bsc#1201298). - FIPS: remove hard disabling of unapproved algorithms. This requirement is now fulfilled by the service level indicator (bsc#1200325). - Run test suite at build time, and make it pass (bsc#1198486). - FIPS: skip algorithms that are hard disabled in FIPS mode. - Prevent expired PayPalEE cert from failing the tests. - Allow checksumming to be disabled, but only if we entered FIPS mode due to NSS_FIPS being set, not if it came from /proc. - FIPS: Make the PBKDF known answer test compliant with NIST SP800-132. - Update FIPS validation string to version-release format. - FIPS: remove XCBC MAC from list of FIPS approved algorithms. - Enable NSS_ENABLE_FIPS_INDICATORS and set NSS_FIPS_MODULE_ID for build. - FIPS: claim 3DES unapproved in FIPS mode (bsc#1192080). - FIPS: allow testing of unapproved algorithms (bsc#1192228). - FIPS: add version indicators. (bmo#1729550, bsc#1192086). - FIPS: fix some secret clearing (bmo#1697303, bsc#1192087). Version update to NSS 3.79: - Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls. - Update mercurial in clang-format docker image. - Use of uninitialized pointer in lg_init after alloc fail. - selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo. - Add SECMOD_LockedModuleHasRemovableSlots. - Fix secasn1d parsing of indefinite SEQUENCE inside indefinite GROUP. - Added RFC8422 compliant TLS <= 1.2 undefined/compressed ECPointFormat extension alerts. - TLS 1.3 Server: Send protocol_version alert on unsupported ClientHello.legacy_version. - Correct invalid record inner and outer content type alerts. - NSS does not properly import or export pkcs12 files with large passwords and pkcs5v2 encoding. - improve error handling after nssCKFWInstance_CreateObjectHandle. - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. - NSS 3.79 should depend on NSPR 4.34 Version update to NSS 3.78.1: - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple Version update to NSS 3.78: - Added TLS 1.3 zero-length inner plaintext checks and tests, zero-length record/fragment handling tests. - Reworked overlong record size checks and added TLS1.3 specific boundaries. - Add ECH Grease Support to tstclnt - Add a strict variant of moz::pkix::CheckCertHostname. - Change SSL_REUSE_SERVER_ECDHE_KEY default to false. - Make SEC_PKCS12EnableCipher succeed - Update zlib in NSS to 1.2.12. Version update to NSS 3.77: - Fix link to TLS page on wireshark wiki - Add two D-TRUST 2020 root certificates. - Add Telia Root CA v2 root certificate. - Remove expired explicitly distrusted certificates from certdata.txt. - support specific RSA-PSS parameters in mozilla::pkix - Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate. - Remove token member from NSSSlot struct. - Provide secure variants of mpp_pprime and mpp_make_prime. - Support UTF-8 library path in the module spec string. - Update nssUTF8_Length to RFC 3629 and fix buffer overrun. - Update googletest to 1.11.0 - Add SetTls13GreaseEchSize to experimental API. - TLS 1.3 Illegal legacy_version handling/alerts. - Fix calculation of ECH HRR Transcript. - Allow ld path to be set as environment variable. - Ensure we don't read uninitialized memory in ssl gtests. - Fix DataBuffer Move Assignment. - internal_error alert on Certificate Request with sha1+ecdsa in TLS 1.3 - rework signature verification in mozilla::pkix Version update to NSS 3.76.1 - Remove token member from NSSSlot struct. - Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots. - Check return value of PK11Slot_GetNSSToken. - Use Wycheproof JSON for RSASSA-PSS - Add SHA256 fingerprint comments to old certdata.txt entries. - Avoid truncating files in nss-release-helper.py. - Throw illegal_parameter alert for illegal extensions in handshake message. Version update to NSS 3.75 - Make DottedOIDToCode.py compatible with python3. - Avoid undefined shift in SSL_CERT_IS while fuzzing. - Remove redundant key type check. - Update ABI expectations to match ECH changes. - Enable CKM_CHACHA20. - check return on NSS_NoDB_Init and NSS_Shutdown. - Run ECDSA test vectors from bltest as part of the CI tests. - Add ECDSA test vectors to the bltest command line tool. - Allow to build using clang's integrated assembler. - Allow to override python for the build. - test HKDF output rather than input. - Use ASSERT macros to end failed tests early. - move assignment operator for DataBuffer. - Add test cases for ECH compression and unexpected extensions in SH. - Update tests for ECH-13. - Tidy up error handling. - Add tests for ECH HRR Changes. - Server only sends GREASE HRR extension if enabled by preference. - Update generation of the Associated Data for ECH-13. - When ECH is accepted, reject extensions which were only advertised in the Outer Client Hello. - Allow for compressed, non-contiguous, extensions. - Scramble the PSK extension in CHOuter. - Split custom extension handling for ECH. - Add ECH-13 HRR Handling. - Client side ECH padding. - Stricter ClientHelloInner Decompression. - Remove ECH_inner extension, use new enum format. - Update the version number for ECH-13 and adjust the ECHConfig size. Version update to NSS 3.74 - mozilla::pkix: support SHA-2 hashes in CertIDs in OCSP responses - Ensure clients offer consistent ciphersuites after HRR - NSS does not properly restrict server keys based on policy - Set nssckbi version number to 2.54 - Replace Google Trust Services LLC (GTS) R4 root certificate - Replace Google Trust Services LLC (GTS) R3 root certificate - Replace Google Trust Services LLC (GTS) R2 root certificate - Replace Google Trust Services LLC (GTS) R1 root certificate - Replace GlobalSign ECC Root CA R4 - Remove Expired Root Certificates - DST Root CA X3 - Remove Expiring Cybertrust Global Root and GlobalSign root certificates - Add renewed Autoridad de Certificacion Firmaprofesional CIF A62634068 root certificate - Add iTrusChina ECC root certificate - Add iTrusChina RSA root certificate - Add ISRG Root X2 root certificate - Add Chunghwa Telecom's HiPKI Root CA - G1 root certificate - Avoid a clang 13 unused variable warning in opt build - Check for missing signedData field - Ensure DER encoded signatures are within size limits - enable key logging option (boo#1195040) Version update to NSS 3.73.1: - Add SHA-2 support to mozilla::pkix's OSCP implementation Version update to NSS 3.73 - check for missing signedData field. - Ensure DER encoded signatures are within size limits. - NSS needs FiPS 140-3 version indicators. - pkix_CacheCert_Lookup doesn't return cached certs - sunset Coverity from NSS Fixed MFSA 2021-51 (bsc#1193170) CVE-2021-43527: Memory corruption via DER-encoded DSA and RSA-PSS signatures Version update to NSS 3.72 - Fix nsinstall parallel failure. - Increase KDF cache size to mitigate perf regression in about:logins Version update to NSS 3.71 - Set nssckbi version number to 2.52. - Respect server requirements of tlsfuzzer/test-tls13-signature-algorithms.py - Import of PKCS#12 files with Camellia encryption is not supported - Add HARICA Client ECC Root CA 2021. - Add HARICA Client RSA Root CA 2021. - Add HARICA TLS ECC Root CA 2021. - Add HARICA TLS RSA Root CA 2021. - Add TunTrust Root CA certificate to NSS. Version update to NSS 3.70 - Update test case to verify fix. - Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max - Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback - Avoid using a lookup table in nssb64d. - Use HW accelerated SHA2 on AArch64 Big Endian. - Change default value of enableHelloDowngradeCheck to true. - Cache additional PBE entries. - Read HPKE vectors from official JSON. Version update to NSS 3.69.1: - Disable DTLS 1.0 and 1.1 by default - integrity checks in key4.db not happening on private components with AES_CBC NSS 3.69: - Disable DTLS 1.0 and 1.1 by default (backed out again) - integrity checks in key4.db not happening on private components with AES_CBC (backed out again) - SSL handling of signature algorithms ignores environmental invalid algorithms. - sqlite 3.34 changed it's open semantics, causing nss failures. - Gtest update changed the gtest reports, losing gtest details in all.sh reports. - NSS incorrectly accepting 1536 bit DH primes in FIPS mode - SQLite calls could timeout in starvation situations. - Coverity/cpp scanner errors found in nss 3.67 - Import the NSS documentation from MDN in nss/doc. - NSS using a tempdir to measure sql performance not active Version Update to 3.68.4 (bsc#1200027) - CVE-2022-31741: Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. (bmo#1767590) ----------------------------------------- Patch: SUSE-2022-2625 Released: Tue Aug 2 12:15:42 2022 Summary: Recommended update for dracut Severity: important References: 1177461,1184970,1187654,1195047,1195508,1195604,1196267,1197635,1197967,1200236,1200251,1200360 Description: This update for dracut fixes the following issues: - fix(bluetooth): accept compressed firmwares in inst_multiple (bsc#1200236) - fix(bluetooth): make hostonly configuration files optional (bsc#1195047) - fix(convertfs): ignore commented lines in fstab (bsc#1200251) - fix(crypt): remove quotes from cryptsetupopts (bsc#1197635) - fix(dracut-install): copy files preserving ownership attributes (bsc#1197967) - fix(dracut-systemd): do not require vconsole-setup.service (bsc#1195508) - fix(integrity): do not display any error if there is no IMA certificate (bsc#1187654) - fix(iscsi): remove unneeded iscsi NOP-disable code (bsc#1196267) - fix(lvm): restore setting LVM_MD_PV_ACTIVATED (bsc#1195604) - fix(network-legacy): support rd.net.timeout.dhcp (bsc#1200360) - fix(nfs): /var is not mounted during the transactional-update run (bsc#1184970) - fix(nfs): give /run/rpcbind ownership to rpc user (bsc#1177461) ----------------------------------------- Patch: SUSE-2022-2632 Released: Wed Aug 3 09:51:00 2022 Summary: Security update for permissions Severity: important References: 1198720,1200747,1201385 Description: This update for permissions fixes the following issues: * apptainer: fix starter-suid location (bsc#1198720) * static permissions: remove deprecated bind / named chroot entries (bsc#1200747) * postfix: add postlog setgid for maildrop binary (bsc#1201385) ----------------------------------------- Patch: SUSE-2022-2717 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Severity: moderate References: 1198627,CVE-2022-29458 Description: This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). ----------------------------------------- Patch: SUSE-2022-2735 Released: Wed Aug 10 04:31:41 2022 Summary: Recommended update for tar Severity: moderate References: 1200657 Description: This update for tar fixes the following issues: - Fix race condition while creating intermediate subdirectories (bsc#1200657) ----------------------------------------- Patch: SUSE-2022-2796 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Severity: moderate References: Description: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------- Patch: SUSE-2022-2825 Released: Tue Aug 16 17:12:47 2022 Summary: Security update for rsync Severity: important References: 1201840,CVE-2022-29154 Description: This update for rsync fixes the following issues: - CVE-2022-29154: Fixed an arbitrary file write when connecting to a malicious server (bsc#1201840). ----------------------------------------- Patch: SUSE-2022-2834 Released: Wed Aug 17 16:51:55 2022 Summary: Security update for podman Severity: important References: 1182428,1196338,1197284,CVE-2022-1227,CVE-2022-21698,CVE-2022-27191 Description: This update for podman fixes the following issues: Updated to version 3.4.7: - CVE-2022-1227: Fixed an issue that could allow an attacker to publish a malicious image to a public registry and run arbitrary code in the victim's context via the 'podman top' command (bsc#1182428). - CVE-2022-27191: Fixed a potential crash via SSH under specific configurations (bsc#1197284). - CVE-2022-21698: Fixed a potential denial of service that affected servers that used Prometheus instrumentation (bsc#1196338). ----------------------------------------- Patch: SUSE-2022-2844 Released: Thu Aug 18 14:41:25 2022 Summary: Recommended update for tar Severity: important References: 1202436 Description: This update for tar fixes the following issues: - A regression in a previous update lead to potential deadlocks when extracting an archive. (bsc#1202436) ----------------------------------------- Patch: SUSE-2022-2901 Released: Fri Aug 26 03:34:23 2022 Summary: Recommended update for elfutils Severity: moderate References: Description: This update for elfutils fixes the following issues: - Fix runtime dependency for devel package ----------------------------------------- Patch: SUSE-2022-2904 Released: Fri Aug 26 05:28:34 2022 Summary: Recommended update for openldap2 Severity: moderate References: 1198341 Description: This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) ----------------------------------------- Patch: SUSE-2022-2920 Released: Fri Aug 26 15:17:02 2022 Summary: Recommended update for systemd Severity: important References: 1195059,1201795 Description: This update for systemd fixes the following issues: - Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795) - Drop or soften some of the deprecation warnings (jsc#PED-944) - Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059) - Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default - analyze: Fix offline check for syscal filter - calendarspec: Fix timer skipping the next elapse - core: Allow command argument to be longer - hwdb: Add AV production controllers to hwdb and add uaccess - hwdb: Allow console users access to rfkill - hwdb: Allow end-users root-less access to TL866 EPROM readers - hwdb: Permit unsetting power/persist for USB devices - hwdb: Tag IR cameras as such - hwdb: Fix parsing issue - hwdb: Make usb match patterns uppercase - hwdb: Update the hardware database - journal-file: Stop using the event loop if it's already shutting down - journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called - journald: Ensure resources are properly allocated for SIGTERM handling - kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed - macro: Account for negative values in DECIMAL_STR_WIDTH() - manager: Disallow clone3() function call in seccomp filters - missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing - pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable - resolve: Fix typo in dns_class_is_pseudo() - sd-event: Improve handling of process events and termination of processes - sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces - stdio-bridge: Improve the meaning of the error message - tmpfiles: Check for the correct directory ----------------------------------------- Patch: SUSE-2022-2929 Released: Mon Aug 29 11:21:47 2022 Summary: Recommended update for timezone Severity: important References: 1202310 Description: This update for timezone fixes the following issue: - Reflect new Chile DST change (bsc#1202310) ----------------------------------------- Patch: SUSE-2022-2939 Released: Mon Aug 29 14:49:17 2022 Summary: Recommended update for mozilla-nss Severity: moderate References: 1201298,1202645 Description: This update for mozilla-nss fixes the following issues: Update to NSS 3.79.1 (bsc#1202645) * compare signature and signatureAlgorithm fields in legacy certificate verifier. * Uninitialized value in cert_ComputeCertType. * protect SFTKSlot needLogin with slotLock. * avoid data race on primary password change. * check for null template in sec_asn1{d,e}_push_state. - FIPS: unapprove the rest of the DSA ciphers, keeping signature verification only (bsc#1201298). ----------------------------------------- Patch: SUSE-2022-2941 Released: Tue Aug 30 10:51:09 2022 Summary: Security update for libslirp Severity: moderate References: 1187365,1201551,CVE-2021-3593 Description: This update for libslirp fixes the following issues: - CVE-2021-3593: Fixed invalid pointer initialization may lead to information disclosure (udp6) (bsc#1187365). Non-security fixes: - Fix the version header (bsc#1201551) ----------------------------------------- Patch: SUSE-2022-2947 Released: Wed Aug 31 09:16:21 2022 Summary: Security update for zlib Severity: important References: 1202175,CVE-2022-37434 Description: This update for zlib fixes the following issues: - CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175). ----------------------------------------- Patch: SUSE-2022-2973 Released: Thu Sep 1 11:37:02 2022 Summary: Recommended update for dracut Severity: important References: 1198709,1201975 Description: This update for dracut fixes the following issues: - Include fixes to make network-manager module work properly with dracut (bsc#1201975) - Add auto timeout to wicked DHCP test (bsc#1198709) ----------------------------------------- Patch: SUSE-2022-2977 Released: Thu Sep 1 12:30:19 2022 Summary: Recommended update for util-linux Severity: moderate References: 1197178,1198731 Description: This update for util-linux fixes the following issues: - agetty: Resolve tty name even if stdin is specified (bsc#1197178) - libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731) ----------------------------------------- Patch: SUSE-2022-2992 Released: Fri Sep 2 03:20:19 2022 Summary: Recommended update for kernel-firmware Severity: moderate References: 1200889 Description: This update for kernel-firmware fixes the following issues: - Fix missing aliases (bsc#1200889) ----------------------------------------- Patch: SUSE-2022-3003 Released: Fri Sep 2 15:01:44 2022 Summary: Security update for curl Severity: low References: 1202593,CVE-2022-35252 Description: This update for curl fixes the following issues: - CVE-2022-35252: Fixed a potential injection of control characters into cookies, which could be exploited by sister sites to cause a denial of service (bsc#1202593). ----------------------------------------- Patch: SUSE-2022-3118 Released: Tue Sep 6 15:43:53 2022 Summary: Recommended update for lvm2 Severity: moderate References: 1202011 Description: This update for lvm2 fixes the following issues: - Do not use udev for device listing or device information (bsc#1202011) ----------------------------------------- Patch: SUSE-2022-3127 Released: Wed Sep 7 04:36:10 2022 Summary: Recommended update for libtirpc Severity: moderate References: 1198752,1200800 Description: This update for libtirpc fixes the following issues: - Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800) - Fix memory leak in params.r_addr assignement (bsc#1198752) ----------------------------------------- Patch: SUSE-2022-3142 Released: Wed Sep 7 09:54:18 2022 Summary: Security update for icu Severity: moderate References: 1193951,CVE-2020-21913 Description: This update for icu fixes the following issues: - CVE-2020-21913: Fixed a memory safetey issue that could lead to use after free (bsc#1193951). ----------------------------------------- Patch: SUSE-2022-3214 Released: Thu Sep 8 15:41:33 2022 Summary: Recommended update for wpa_supplicant Severity: low References: Description: This update for wpa_supplicant fixes the following issues: - Enable WPA3-Enterprise (SuiteB-192) support. (jsc#SLE-14992) ----------------------------------------- Patch: SUSE-2022-3252 Released: Mon Sep 12 09:07:53 2022 Summary: Security update for freetype2 Severity: moderate References: 1198823,1198830,1198832,CVE-2022-27404,CVE-2022-27405,CVE-2022-27406 Description: This update for freetype2 fixes the following issues: - CVE-2022-27404 Fixed a segmentation fault via a crafted typeface (bsc#1198830). - CVE-2022-27405 Fixed a buffer overflow via a crafted typeface (bsc#1198832). - CVE-2022-27406 Fixed a segmentation fault via a crafted typeface (bsc#1198823). Non-security fixes: - Updated to version 2.10.4 ----------------------------------------- Patch: SUSE-2022-3262 Released: Tue Sep 13 15:34:29 2022 Summary: Recommended update for gcc11 Severity: moderate References: 1199140 Description: This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140) ----------------------------------------- Patch: SUSE-2022-3271 Released: Wed Sep 14 06:45:39 2022 Summary: Security update for perl Severity: moderate References: 1047178,CVE-2017-6512 Description: This update for perl fixes the following issues: - CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178). ----------------------------------------- Patch: SUSE-2022-3304 Released: Mon Sep 19 11:43:25 2022 Summary: Recommended update for libassuan Severity: moderate References: Description: This update for libassuan fixes the following issues: - Add a timeout for writing to a SOCKS5 proxy - Add workaround for a problem with LD_LIBRARY_PATH on newer systems - Fix issue in the logging code - Fix some build trivialities - Upgrade autoconf ----------------------------------------- Patch: SUSE-2022-3305 Released: Mon Sep 19 11:45:57 2022 Summary: Security update for libtirpc Severity: important References: 1201680,CVE-2021-46828 Description: This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680). ----------------------------------------- Patch: SUSE-2022-3307 Released: Mon Sep 19 13:26:51 2022 Summary: Security update for sqlite3 Severity: moderate References: 1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737 Description: This update for sqlite3 fixes the following issues: - CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783). - CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802). - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). ----------------------------------------- Patch: SUSE-2022-3328 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Severity: moderate References: 1202870 Description: This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------- Patch: SUSE-2022-3353 Released: Fri Sep 23 15:23:40 2022 Summary: Security update for permissions Severity: moderate References: 1203018,CVE-2022-31252 Description: This update for permissions fixes the following issues: - CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018). ----------------------------------------- Patch: SUSE-2022-3435 Released: Tue Sep 27 14:55:38 2022 Summary: Recommended update for runc Severity: important References: 1202821 Description: This update for runc fixes the following issues: - Fix mounting via wrong proc fd. When the user and mount namespaces are used, and the bind mount is followed by the cgroup mount in the spec, the cgroup was mounted using the bind mount's mount fd. - Fix 'permission denied' error from runc run on noexec fs - Fix regression causing a failed 'exec' error after systemctl daemon-reload (bsc#1202821) ----------------------------------------- Patch: SUSE-2022-3449 Released: Tue Sep 27 20:12:03 2022 Summary: Recommended update for perl-Bootloader Severity: moderate References: 1198197,1198828 Description: This update for perl-Bootloader fixes the following issues: - Fix sysconfig parsing (bsc#1198828) - grub2/install: Reset error code when passing through recover code. (bsc#1198197) ----------------------------------------- Patch: SUSE-2022-3452 Released: Wed Sep 28 12:13:43 2022 Summary: Recommended update for glibc Severity: moderate References: 1201942 Description: This update for glibc fixes the following issues: - Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942) - powerpc: Optimized memcmp for power10 (jsc#PED-987) ----------------------------------------- Patch: SUSE-2022-3489 Released: Sat Oct 1 13:35:24 2022 Summary: Security update for expat Severity: important References: 1203438,CVE-2022-40674 Description: This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). ----------------------------------------- Patch: SUSE-2022-3521 Released: Tue Oct 4 14:18:56 2022 Summary: Recommended update for lvm2 Severity: critical References: 1198523 Description: This update for lvm2 fixes the following issues: - Add additional check in the package to prevent removal of device-mapper library files during install (bsc#1198523) ----------------------------------------- Patch: SUSE-2022-3551 Released: Fri Oct 7 17:03:55 2022 Summary: Recommended update for libgcrypt Severity: moderate References: 1182983,1190700,1191020,1202117 Description: This update for libgcrypt fixes the following issues: - FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while typing Tab key to Auto-Completion. [bsc#1182983] - FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941] * Enable the jitter based entropy generator by default in random.conf * Update the internal jitterentropy to version 3.4.0 - FIPS: Get most of the entropy from rndjent_poll [bsc#1202117] - FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700] * Consider approved keylength greater or equal to 112 bits. - FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020] ----------------------------------------- Patch: SUSE-2022-3555 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Severity: important References: 1199492 Description: This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------- Patch: SUSE-2022-3663 Released: Wed Oct 19 19:05:21 2022 Summary: Recommended update for openssl-1_1 Severity: moderate References: 1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069 Description: This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC-7919 groups for genparam and dhparam - FIPS: list only FIPS approved digest and public key algorithms [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472] - FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069] - FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293] * The FIPS_drbg implementation is not FIPS validated anymore. To provide backwards compatibility for applications that need FIPS compliant RNG number generation and use FIPS_drbg_generate, this function was re-wired to call the FIPS validated DRBG instance instead through the RAND_bytes() call. - FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046] - FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941] libcrypto.so now requires libjitterentropy3 library. - FIPS: OpenSSL Provide a service-level indicator [bsc#1190651] - FIPS: Add zeroization of temporary variables to the hmac integrity function FIPSCHECK_verify(). [bsc#1190653] ----------------------------------------- Patch: SUSE-2022-3683 Released: Fri Oct 21 11:48:39 2022 Summary: Security update for libksba Severity: critical References: 1204357,CVE-2022-3515 Description: This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357). ----------------------------------------- Patch: SUSE-2022-3692 Released: Fri Oct 21 16:15:07 2022 Summary: Security update for libxml2 Severity: important References: 1204366,1204367,CVE-2022-40303,CVE-2022-40304 Description: This update for libxml2 fixes the following issues: - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). ----------------------------------------- Patch: SUSE-2022-3785 Released: Wed Oct 26 20:20:19 2022 Summary: Security update for curl Severity: important References: 1204383,1204386,CVE-2022-32221,CVE-2022-42916 Description: This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386). ----------------------------------------- Patch: SUSE-2022-3787 Released: Thu Oct 27 04:41:09 2022 Summary: Recommended update for permissions Severity: important References: 1194047,1203911 Description: This update for permissions fixes the following issues: - Fix regression introduced by backport of security fix (bsc#1203911) - Add permissions for enlightenment helper on 32bit arches (bsc#1194047) ----------------------------------------- Patch: SUSE-2022-3806 Released: Thu Oct 27 17:21:11 2022 Summary: Security update for dbus-1 Severity: important References: 1087072,1204111,1204112,1204113,CVE-2022-42010,CVE-2022-42011,CVE-2022-42012 Description: This update for dbus-1 fixes the following issues: - CVE-2022-42010: Fixed potential crash that could be triggered by an invalid signature (bsc#1204111). - CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112). - CVE-2022-42012: Fixed a use-after-free that could be trigged by a message in non-native endianness with out-of-band Unix file descriptor (bsc#1204113). Bugfixes: - Disable asserts (bsc#1087072). ----------------------------------------- Patch: SUSE-2022-3820 Released: Mon Oct 31 12:52:56 2022 Summary: Security update for podman Severity: moderate References: 1202809,CVE-2022-2989 Description: This update for podman fixes the following issues: - CVE-2022-2989: Fixed possible information disclosure and modification (bsc#1202809). ----------------------------------------- Patch: SUSE-2022-3845 Released: Wed Nov 2 07:22:59 2022 Summary: Feature update for grub2 Severity: important References: 1196668,1201361 Description: This feature update for grub2 fixes the following issues: - Include loopback into signed grub2 image (jsc#PED-2151, jsc#PED-2150) - Enable 'Automatic TPM Disk Unlock' mechanism (jsc#PED-1423, jsc#PED-1091, bsc#1196668) - Fix installation failure due to unavailable nvram device on ppc64le (bsc#1201361) ----------------------------------------- Patch: SUSE-2022-3851 Released: Wed Nov 2 12:34:17 2022 Summary: Recommended update for rsync Severity: important References: 1202970,1204538 Description: This update for rsync fixes the following issues: - Fix regression with `--delay-updates` where files never update after interruption (bsc#1204538) - Add support for `--trust-sender` parameter (bsc#1202970) ----------------------------------------- Patch: SUSE-2022-3870 Released: Fri Nov 4 11:12:08 2022 Summary: Recommended update for openssl-1_1 Severity: moderate References: 1190651,1202148 Description: This update for openssl-1_1 fixes the following issues: - FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel (bsc#1202148) - FIPS: OpenSSL service-level indicator: Allow AES XTS 256 (bsc#1190651) ----------------------------------------- Patch: SUSE-2022-3873 Released: Fri Nov 4 14:58:08 2022 Summary: Recommended update for mozilla-nspr, mozilla-nss Severity: moderate References: 1191546,1198980,1201298,1202870,1204729 Description: This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nspr was updated to version 4.34.1: * add file descriptor sanity checks in the NSPR poll function. mozilla-nss was updated to NSS 3.79.2 (bsc#1204729): * Bump minimum NSPR version to 4.34.1. * Gracefully handle null nickname in CERT_GetCertNicknameWithValidity. Other fixes that were applied: - FIPS: Allow the use of DSA keys (verification only) (bsc#1201298). - FIPS: Add sftk_FIPSRepeatIntegrityCheck() to softoken's .def file (bsc#1198980). - FIPS: Allow the use of longer symmetric keys via the service level indicator (bsc#1191546). - FIPS: Prevent TLS sessions from getting flagged as non-FIPS (bsc#1191546). - FIPS: Mark DSA keygen unapproved (bsc#1191546, bsc#1201298). - FIPS: Use libjitterentropy for entropy (bsc#1202870). - FIPS: Fixed an abort() when both NSS_FIPS and /proc FIPS mode are enabled. ----------------------------------------- Patch: SUSE-2022-3884 Released: Mon Nov 7 10:59:26 2022 Summary: Security update for expat Severity: important References: 1204708,CVE-2022-43680 Description: This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). ----------------------------------------- Patch: SUSE-2022-3910 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Severity: moderate References: Description: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) ----------------------------------------- Patch: SUSE-2022-3927 Released: Wed Nov 9 14:55:47 2022 Summary: Recommended update for runc Severity: moderate References: 1202021,1202821 Description: This update for runc fixes the following issues: - Update to runc v1.1.4 (bsc#1202021) - Fix failed exec after systemctl daemon-reload (bsc#1202821) - Fix mounting via wrong proc - Fix 'permission denied' error from runc run on noexec filesystem ----------------------------------------- Patch: SUSE-2022-3958 Released: Fri Nov 11 15:20:45 2022 Summary: Recommended update for mozilla-nss Severity: moderate References: 1191546,1198980,1201298,1202870,1204729 Description: This update for mozilla-nss fixes the following issues: mozilla-nss was updated to NSS 3.79.2 (bsc#1204729) * Bump minimum NSPR version to 4.34.1. * Gracefully handle null nickname in CERT_GetCertNicknameWithValidity. - FIPS: Allow the use of DSA keys (verification only) (bsc#1201298). - FIPS: Add sftk_FIPSRepeatIntegrityCheck() to softoken's .def file (bsc#1198980). - FIPS: Allow the use of longer symmetric keys via the service level indicator (bsc#1191546). - FIPS: Export sftk_FIPSRepeatIntegrityCheck() correctly (bsc#1198980). - FIPS: Prevent sessions from getting flagged as non-FIPS (bsc#1191546). - FIPS: Mark DSA keygen unapproved (bsc#1191546, bsc#1201298). - FIPS: Enable userspace entropy gathering via libjitterentropy (bsc#1202870). - FIPS: Prevent keys from getting flagged as non-FIPS and add remaining TLS mechanisms. - FIPS: Use libjitterentropy for entropy. - FIPS: Fixed an abort() when both NSS_FIPS and /proc FIPS mode are enabled. ----------------------------------------- Patch: SUSE-2022-3961 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Severity: important References: 1203652 Description: This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------- Patch: SUSE-2022-3974 Released: Mon Nov 14 15:39:20 2022 Summary: Recommended update for util-linux Severity: moderate References: 1201959,1204211 Description: This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. ----------------------------------------- Patch: SUSE-2022-3999 Released: Tue Nov 15 17:08:04 2022 Summary: Security update for systemd Severity: moderate References: 1204179,1204968,CVE-2022-3821 Description: This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 * 0469b9f2bc pstore: do not try to load all known pstore modules * ad05f54439 pstore: Run after modules are loaded * ccad817445 core: Add trigger limit for path units * 281d818fe3 core/mount: also add default before dependency for automount mount units * ffe5b4afa8 logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179) - Make 'sle15-sp3' net naming scheme still available for backward compatibility reason ----------------------------------------- Patch: SUSE-2022-4006 Released: Wed Nov 16 08:25:00 2022 Summary: Recommended update for kernel-firmware Severity: important References: 1203699 Description: This update for kernel-firmware fixes the following issues: - Update firmware for CS35L41 codecs (bsc#1203699) ----------------------------------------- Patch: SUSE-2022-4019 Released: Wed Nov 16 15:44:20 2022 Summary: Recommended update for apparmor Severity: low References: 1202344 Description: This update for apparmor fixes the following issues: - profiles: permit php-fpm pid files directly under run/ (bsc#1202344) ----------------------------------------- Patch: SUSE-2022-4062 Released: Fri Nov 18 09:05:07 2022 Summary: Recommended update for libusb-1_0 Severity: moderate References: 1201590 Description: This update for libusb-1_0 fixes the following issues: - Fix regression where some devices no longer work if they have a configuration value of 0 (bsc#1201590) ----------------------------------------- Patch: SUSE-2022-4066 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Severity: important References: 1177460,1202324,1204649,1205156 Description: This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------- Patch: SUSE-2022-4081 Released: Fri Nov 18 15:40:46 2022 Summary: Security update for dpkg Severity: low References: 1199944,CVE-2022-1664 Description: This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). ----------------------------------------- Patch: SUSE-2022-4135 Released: Mon Nov 21 00:13:40 2022 Summary: Recommended update for libeconf Severity: moderate References: 1198165 Description: This update for libeconf fixes the following issues: - Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165) - Update to version 0.4.5+git - econftool: New call 'syntax' for checking the configuration files only. Returns an error string with line number if error. New options '--comment' and '--delimeters' ----------------------------------------- Patch: SUSE-2022-4141 Released: Mon Nov 21 09:28:07 2022 Summary: Security update for grub2 Severity: important References: 1205178,1205182,CVE-2022-2601,CVE-2022-3775 Description: This update for grub2 fixes the following issues: - CVE-2022-2601: Fixed buffer overflow in grub_font_construct_glyph (bsc#1205178). - CVE-2022-3775: Fixed integer underflow in blit_comb() (bsc#1205182). Other: - Bump upstream SBAT generation to 3 ----------------------------------------- Patch: SUSE-2022-4153 Released: Mon Nov 21 14:34:09 2022 Summary: Security update for krb5 Severity: important References: 1205126,CVE-2022-42898 Description: This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). ----------------------------------------- Patch: SUSE-2022-4162 Released: Tue Nov 22 10:56:10 2022 Summary: Recommended update for dracut Severity: moderate References: 1202014,1203267,1203368,1203749,1203894 Description: This update for dracut fixes the following issues: - A series of fixes for NVMeoF boot to resolve wrong information that is added by dracut (bsc#1203368) - network-manager: always install the library plugins directory (bsc#1202014) - dmsquash-live: correct regression introduced with shellcheck changes (bsc#1203894) - systemd: add missing modprobe@.service (bsc#1203749) - i18n: do not fail if FONT in /etc/vconsole.conf has the file extension (bsc#1203267) ----------------------------------------- Patch: SUSE-2022-4212 Released: Thu Nov 24 15:53:48 2022 Summary: Recommended update for openssl-1_1 Severity: moderate References: 1190651 Description: This update for openssl-1_1 fixes the following issues: - FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651) - FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651) - FIPS: Return the correct indicator for a given EC group order bits (bsc#1190651) ----------------------------------------- Patch: SUSE-2022-4256 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Severity: moderate References: Description: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------- Patch: SUSE-2022-4262 Released: Tue Nov 29 05:45:23 2022 Summary: Recommended update for lvm2 Severity: important References: 1199074,1203216,1203482 Description: This update for lvm2 fixes the following issues: - Fix terminated lvmlockd not clearing/adopting locks, leading to inability to start volume group (bsc#1203216) - Fix device-mapper rpm package versioning to prevent migration issues (bsc#1199074) - Fix lvmlockd to support sanlock (bsc#1203482) ----------------------------------------- Patch: SUSE-2022-4312 Released: Fri Dec 2 11:16:47 2022 Summary: Recommended update for tar Severity: moderate References: 1200657,1203600 Description: This update for tar fixes the following issues: - Fix unexpected inconsistency when making directory (bsc#1203600) - Update race condition fix (bsc#1200657) ----------------------------------------- Patch: SUSE-2022-4492 Released: Wed Dec 14 13:52:39 2022 Summary: Recommended update for mozilla-nss Severity: moderate References: 1191546,1198980,1201298 Description: This update for mozilla-nss fixes the following issues: - FIPS: Disapprove the creation of DSA keys, i.e. mark them as not-fips (bsc#1201298) - FIPS: Allow the use SHA keygen mechs (bsc#1191546). - FIPS: ensure abort() is called when the repeat integrity check fails (bsc#1198980). ----------------------------------------- Patch: SUSE-2022-4592 Released: Tue Dec 20 16:51:35 2022 Summary: Security update for cni Severity: important References: 1181961,CVE-2021-20206 Description: This update for cni fixes the following issues: - CVE-2021-20206: Fixed arbitrary path injection via type field in CNI configuration (bsc#1181961). ----------------------------------------- Patch: SUSE-2022-4593 Released: Tue Dec 20 16:55:16 2022 Summary: Security update for cni-plugins Severity: important References: 1181961,CVE-2021-20206 Description: This update for cni-plugins fixes the following issues: - CVE-2021-20206: Fixed arbitrary path injection via type field in CNI configuration (bsc#1181961). ----------------------------------------- Patch: SUSE-2022-4597 Released: Wed Dec 21 10:13:11 2022 Summary: Security update for curl Severity: important References: 1206308,1206309,CVE-2022-43551,CVE-2022-43552 Description: This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308). ----------------------------------------- Patch: SUSE-2022-4601 Released: Wed Dec 21 12:23:59 2022 Summary: Feature update for GNOME 41 Severity: moderate References: 1175622,1179584,1188882,1196205,1200581,1203274,1204867,944832 Description: This update for GNOME 41 fixes the following issues: atkmm1_6: - Version update from 2.28.1 to 2.28.3 (jsc#PED-2235): * Meson build: Avoid unnecessary configuration warnings * Meson build: Perl is not required by new versions of mm-common * Meson build: Require meson >= 0.55.0 * Meson build: Specify 'check' option in run_command(). Will be necessary with future versions of Meson. * Require atk >= 2.12.0 Not a new requirement, but previously it was not specified in configure.ac and meson.build * Support building with Visual Studio 2022 eog: - Version update from 41.1 to 41.2 (jsc#PED-2235): * eog-window: use correct type for display_profile * Fix discovery of Evince for multi-page images evince: - Version update 41.3 to 41.4 (jsc#PED-2235): * shell: Fix failures when thumbnail extraction takes too long * Fix build with meson 0.60.0 and newer evolution: - Ensure evolution-devel is forward compatible with evolution-data-server-devel in a same major version (jsc#PED-2235) evolution-data-center: - Version update from 3.42.4 to 3.42.5 (jsc#PED-2235): * Google OAuth out-of-band (oob) flow will be deprecated folks: - Version update 0.15.3 to 0.15.5 (jsc#PED-2235): * vapi: Add missing generic type argument * Fix docs build against newer eds version * Fix build against newer eds version * Remove volatile keyword from tests gcr: - Version update 3.41.0 to 3.41.1 (jsc#PED-2235): * Add G_SPAWN_CLOEXEC_PIPES flag to all the g_spawn commands * Add gi-docgen dependency which is needed by the docs * Fix build with meson 0.60.0 and newer * Fix build without systemd * Several CI fixes geocode-glib: - Version update from 3.26.2 to 3.26.4 (jsc#PED-2235): * Fix to a test data file not being installed, and a bug fix for a bug in the libsoup3 port * Add support for libsoup 3.x gjs: - Version update from 1.70.1 to 1.70.2 (jsc#PED-2235): * Build and compatibility fixes backported from the development branch * Reverse order of running-from-source checks - Require xorg-x11-Xvfb for proper package build (bsc#1203274) glib2: - Version update from 2.70.4 to 2.70.5 (jsc#PED-2235): * Bugs fixed: glgo#GNOME/GLib#2620, glgo#GNOME/GLib!2537, glgo#GNOME/GLib!2555 * Split gtk-docs from -devel package, these are not needed during building projects using glib2 gnome-control-center: - Fix the size of logo icon in About system (bsc#1200581) - Version update from 41.4 to 41.7 (jsc#PED-2235): * Cellular: Remove duplicate line from .desktop * Info: Allow changing 'Device Name' by pressing 'Enter' * Info: Remove trailing space after CPU name * Keyboard: Fix crash resetting all keyboard shortcuts * Keyboard: Fix leaks * Network: Fix saving passwords for non-wifi connections * Network: Fix critical when opening VPN details page * Wacom: Fix leaks gnome-desktop: - Version update from 41.2 to 41.8 (jsc#PED-2235): * Version increase but no actual changes gnome-music: - Version update from 41.0 to 41.1 (jsc#PED-2235): * Ensure the correct album is played * Fix build with meson 0.61.0 and newer * Fix crash on empty selection * Fix incorrect playlist import * Fix time displayed in RTL languages * Improve async queue work * Make random shuffle actually random * Make shuffle random * Speed increase on first startup on larger collections * Time is reversed in RTL gnome-remote-desktop: - Version update from 41.2 to 41.3 (jsc#PED-2235): * Add Icelandic translation gnome-session: - Clear error messages that can be ignored because expected to happen for GDM sessions (bsc#1204867) - Add fix for gnome-session to exit immediately when lost name on bus (bsc#1175622, bsc#1188882) gnome-shell: - Disable offline update suggestion before shutdown/reboot in SLE and openSUSE Leap (bsc#944832) - Version update from 41.4 to 41.9 (jsc#PED-2235): * Allow extension updates with only Extension Manager installed * Allow more intermediate icon sizes in app grid * Disable workspace switching while in search. * Do not create systemd scope for D-Bus activated apps * Fix calendar to correctly align world clocks header in RTL * Fix drag placeholder position in dash in RTL locales * Fix edge case where windows stay dimmed after a modal is closed * Fix feedback when turning on a11y features by keyboard * Fix focus tracking in magnifier on wayland * Fix fractional timezone offsets in world clock * Fix glitches in overview transition * Fix logging in with realmd * Fix memory leak * Fix opening device settings for enterprise WPA networks * Fix programatically set scrollview fade * Fix regression in ibus support * Fix unresponsive top bar in overview when in fullscreen * Handle monitor changes during startup animation * Hide overview after 'Show Details' from app context menu * Improve Belgian on-screen keyboard layout * Improve CSS shadow appearance * Make sure startup animation completes * Misc. bug fixes and cleanups * Only close messages via delete key if they can be closed * Respect IM hint for candidates list in on-screen keyboard gnome-software: - Disable offline update feature in SUSE Linux Enterprise and openSUSE Leap (bsc#944832) - Version update from 41.4 to 41.5 (jsc#PED-2235): * Added several appstream-related fixed * Disable scroll-by-mouse-wheel on featured carousel * Ensure details page shows app provided on command line gnome-terminal: - Version update from 3.42.2 to 3.42.3 (jsc#PED-2235): * Fix build with meson 0.61.0 and newer * window: Use a normal menu for the popup menu gnome-user-docs: - Version update from 41.1 to 41.5 (jsc#PED-2235): * Added missing icon for network-wired-symbolic gspell: - Version update from 1.8.4 to 1.10.0 (jsc#PED-2235): * Build: distribute more files in tarballs * Documentation improvements gtkmm3: - Version update from 3.24.5 to 3.24.6 (jsc#PED-2235): * Build with Meson: MSVC build: Support Visual Studio 2022 * Check if Perl is required for building documentation * Don't use deprecated python3.path() and execute (..., gui_app...) * GTK: TreeValueProxy: Declare copy constructor = default, avoiding warnings from the claing++ compiler * Object::_release_c_instance(): Unref orphan managed widgets * SizeGroup demo: Set active items in the combo boxs, so something is shown * Specify 'check' option in run_command() gtk-vnc: - Version update from 1.3.0 to 1.3.1 (jsc#PED-2235): * Add 'check' arg to meson run_command() * Fix invalid use of subprojects with meson * Support ZRLE encoding for zero size alpha cursors gupnp-av: - Version update from 0.12.11 to 0.14.1 (jsc#PED-2235): * Add utility function to format GDateTime to the iso variant DIDL expects * Allow to be used as a subproject * Drop autotools * Fix stripping @refID * Fix unsetting subtitleFileType * Make Feature derivable again * Obsolete code removal. * Port to modern GObject * Remove hand-written ref-counting, use RcBox/AtomicRcBox instead. * Switch to meson build system, following upstream - Rename libgupnp-av-1_0-2 subpackage to libgupnp-av-1_0-3, correcting the package name to match the provided library - Conflict with the wrongly provided libgupnp-av-1_0-2 gvfs: - Version update from 1.48.1 to 1.48.2 (jsc#PED-2235): * sftp: Adapt on new OpenSSH password prompts * smb: Rework anonymous handling to avoid EINVAL * smb: Ignore EINVAL for kerberos/ccache login libgsf: - Version update from 1.14.48 to 1.14.50 (jsc#PED-2235): * Fix error handling problem when writing ole files * Fix problems with non-western text in OLE properties * Use g_date_time_new_from_iso8601 and g_date_time_format_iso8601 when available libmediaart: - Version update from 1.9.5 to 1.9.6 (jsc#PED-2235): * build: Add introspection/vapi/tests options * build: Use library() to optionally build a static library libnma: - Version update from 1.8.32 to 1.8.40 (jsc#PED-2235): * Ad-Hoc networks now default to using WPA2 instead of WEP * Add possibility of building libnma-gtk4 library with Gtk4 support * Do not allow setting empty 802.1x domain for EAP TLS * Fixed keyboard accelerator for certificate chooser * Fixed libnma-gtk4 version of mobile-wizard * Include OWE wireless security option * The GtkBuilder files for Gtk4 are now included in the release tarball * WEP is no longer provided as an option for connecting to hidden networks due to its deprecated status - New sub-packages libnma-gtk4-0, typelib-1_0-NMA4-1_0 and libnma-gtk4-devel - Split out documentation files in own docs sub-package libnotify: - Version update from 0.7.10 to 0.7.12 (jsc#PED-2235): * Delete unused notifynotification.xml * Fix potential build errors with old glib version we require * docs/notify-send: Add --transient option to manpage * notification: Bookend calling NotifyActionCallback with temporary reference * notification: Include sender-pid hint by default if not provided * notify-send: Add debug message about server not supporting persistence * notify-send: Add explicit option to create transient notifications * notify-send: Add support for boolean hints * notify-send: Move server capabilities check to a separate function * notify-send: Support passing any hint value, by parsing variant strings libpeas: - Version update from 1.30.0 to 1.32.0 (jsc#PED-2235): * Icon licenses have been corrected * Parallel build system operation fixes * Use gi-docgen for documentation * Various build warnings squashed * Various GIR data that should not have been exported was removed - Stop packaging the demo files/sub-package librsvg: - Version update from 2.52.6 to 2.52.9 (jsc#PED-2235): * Catch circular references when rendering patterns * Fix regressions when computing element geometries * Fix regression outputting all text as paths libsecret: - Version update from 0.20.4 to 0.20.5 (jsc#PED-2235): * Add bash-completion for secret-tool * Add locking capabilities to secret tool * Add support for TPM2 based secret storage * Create default collection after DBus.Error.UnknownObject * Detect local storage in snaps in the same way as flatpaks * Drop autotools-based build * GI annotation and documentation fixes * Port documentation to gi-docgen * Use G_GNUC_NULL_TERMINATED where appropriate collection, methods, prompt: Port to GTask * secret-file-backend: Avoid closing the same file descriptor twice mutter: - Version update from 41.5 to 41.9 (jsc#PED-2235): * Fix '--replace option' * Fix missing root window properties after XWayland start * Fix night light without GAMMA_LUT property * KMS: Survive missing GAMMA_LUT property * wayland: Fix rotation transform * Misc. bug fixes nautilus: - Version update from 41.2 to 41.5(jsc#PED-2235): * Drag-and-drop bugfixes * HighContrast style fixes orca: - Version update from 41.1 to 41.3 (jsc#PED-2235): * Add more event-flood detection and handling for improved performance * Fix bug causing accessing preferences to fail for Esperanto * Web: Fix bug causing widgets descending from off-screen label elements to be skipped over * Web: Fix presentation of the FluentUI react dialog (and any other dialog which has an ARIA document-role descendant) * WebKitGtk: Fail gracefully when structural navigation commands are used in WebKitGtk 2.36.x python-cairo: - Add python3-cairo to SUSE Linux Enterprise Micro 5.3 as it is now required by python3-gobject-cairo python-gobject: - Add dependency on python-cairo to python-gobject-cairo: The introspection wrapper needs pycairo (bsc#1179584) - Version update from 3.42.0 to 3.42.2 (jsc#PED-2235): * Add a workaround for a PyPy 3.9+ bug when threads are used * Do not error out for unknown scopes * Prompt an error instead of crashing when marshaling unsupported fundamental types in some cases * Fix a crash/refcounting error in case marshaling a hash table fails * Fix crashes when marshaling zero terminated arrays for certain item types * Implement DynamicImporter.find_spec() to silence deprecation warning * Make the test suite pass again with PyPy * Some test/CI fixes * gtk overrides: Do not override Treeview.enable_model_drag_xx for GTK4 * gtk overrides: restore Gtk.ListStore.insert_with_valuesv with newer GTK4 * interface: Fix leak when overriding GInterfaceInfo * setup.py: look up pycairo headers without importing the module trackers-python: - Allow system calls used by gstreamer (bsc#1196205) - Version update from 3.2.2 to 3.2.1 (jsc#PED-2235): * Backport seccomp rules for rseq and mbind syscalls vala: - Version update from 0.54.6 to 0.54.8 (jsc#PED-2235): * Add missing TraverseVisitor.visit_data_type() * Add support for 'copy_/free_function' metadata for compact classes * Catch and throw possible inner error of lock statements * Clear SemanticAnalyzer.current_{symbol,source_file} when not needed anymore * Don't count instance-parameter when checking for backwards closure reference * Fix a few binding errors * Free empty stack list for code contexts * Handle duplicated and unnamed symbols. * Improve UI parsing and handling of nested objects and properties * Make sure to drop our 'trap' jump target in case of an error * Move dynamic property errors to semantic analyzer pass * Require lvalue access of delegate target/destroy 'fields' * Show source location when reporting deprecations * Transform assignment of an array element as needed * manual: Update from wiki.gnome.org * parser: Improve handling of nullable VarType in with-statement * parser: Reduce the source reference of main block method to its beginning xdg-desktop-portal-gnome: - Version update from 0.54.6 to 0.54.8 (jsc#PED-2235): * Properly bind property in Lockdown portal ----------------------------------------- Patch: SUSE-2022-4617 Released: Fri Dec 23 11:39:15 2022 Summary: Security update for the Linux Kernel Severity: important References: 1023051,1032323,1065729,1071995,1152472,1152489,1156395,1164051,1177471,1184350,1185032,1188238,1189297,1189999,1190256,1190497,1190969,1192968,1193629,1194023,1194592,1194869,1194904,1195480,1195917,1196018,1196444,1196616,1196632,1196867,1196869,1197158,1197391,1197659,1197755,1197756,1197757,1197763,1198189,1198410,1198577,1198702,1198971,1199086,1199364,1199515,1199670,1199904,1200015,1200058,1200268,1200288,1200301,1200313,1200431,1200465,1200494,1200544,1200567,1200622,1200644,1200651,1200692,1200788,1200845,1200868,1200869,1200870,1200871,1200872,1200873,1201019,1201308,1201309,1201310,1201361,1201427,1201442,1201455,1201489,1201610,1201675,1201725,1201726,1201768,1201865,1201940,1201941,1201948,1201954,1201956,1201958,1202095,1202096,1202097,1202113,1202131,1202154,1202187,1202262,1202265,1202312,1202341,1202346,1202347,1202385,1202393,1202447,1202471,1202558,1202623,1202636,1202672,1202681,1202685,1202686,1202700,1202710,1202711,1202712,1202713,1202715,1202716,1202757,1202758,1202759,1202761,1202762,1202763,1202764,1202765,1202766,1202767,1202768,1202769,1202770,1202771,1202773,1202774,1202775,1202776,1202778,1202779,1202780,1202781,1202782,1202783,1202822,1202823,1202824,1202860,1202867,1202872,1202874,1202898,1202914,1202960,1202989,1202992,1202993,1203002,1203008,1203036,1203039,1203041,1203063,1203066,1203067,1203098,1203101,1203107,1203116,1203117,1203138,1203139,1203159,1203183,1203197,1203208,1203229,1203263,1203290,1203338,1203360,1203361,1203389,1203391,1203410,1203435,1203505,1203511,1203514,1203552,1203606,1203664,1203693,1203699,1203767,1203769,1203770,1203794,1203798,1203802,1203829,1203893,1203902,1203906,1203908,1203922,1203935,1203939,1203960,1203969,1203987,1203992,1203994,1204017,1204051,1204059,1204060,1204092,1204125,1204132,1204142,1204166,1204168,1204170,1204171,1204183,1204228,1204241,1204289,1204290,1204291,1204292,1204353,1204354,1204355,1204402,1204405,1204413,1204414,1204415,1204417,1204424,1204428,1204431,1204432,1204439,1204470,1204479,1204486,1204498,1204533,1204569,1204574,1204575,1204576,1204619,1204624,1204631,1204635,1204636,1204637,1204646,1204647,1204650,1204653,1204693,1204705,1204719,1204728,1204745,1204753,1204780,1204810,1204850,1204868,1204926,1204933,1204934,1204947,1204957,1204963,1204970,1205007,1205100,1205111,1205113,1205128,1205130,1205149,1205153,1205220,1205257,1205264,1205282,1205313,1205331,1205332,1205427,1205428,1205473,1205496,1205507,1205514,1205521,1205567,1205616,1205617,1205653,1205671,1205679,1205683,1205700,1205705,1205709,1205711,1205744,1205764,1205796,1205882,1205993,1206035,1206036,1206037,1206045,1206046,1206047,1206048,1206049,1206050,1206051,1206056,1206057,1206113,1206114,1206147,1206149,1206207,1206273,1206391,CVE-2016-3695,CVE-2020-16119,CVE-2020-36516,CVE-2021-33135,CVE-2021-4037,CVE-2022-1184,CVE-2022-1263,CVE-2022-1882,CVE-2022-20368,CVE-2022-20369,CVE-2022-2153,CVE-2022-2586,CVE-2022-2588,CVE-2022-2602,CVE-2022-26373,CVE-2022-2639,CVE-2022-2663,CVE-2022-28356,CVE-2022-28693,CVE-2022-2873,CVE-2022-28748,CVE-2022-2905,CVE-2022-2938,CVE-2022-2959,CVE-2022-2964,CVE-2022-2977,CVE-2022-2978,CVE-2022-3028,CVE-2022-3078,CVE-2022-3114,CVE-2022-3169,CVE-2022-3176,CVE-2022-3202,CVE-2022-32250,CVE-2022-32296,CVE-2022-3239,CVE-2022-3303,CVE-2022-33981,CVE-2022-3424,CVE-2022-3435,CVE-2022-3521,CVE-2022-3524,CVE-2022-3526,CVE-2022-3535,CVE-2022-3542,CVE-2022-3545,CVE-2022-3565,CVE-2022-3566,CVE-2022-3567,CVE-2022-3577,CVE-2022-3586,CVE-2022-3594,CVE-2022-3619,CVE-2022-3621,CVE-2022-3625,CVE-2022-3628,CVE-2022-3629,CVE-2022-3633,CVE-2022-3635,CVE-2022-3640,CVE-2022-3643,CVE-2022-3646,CVE-2022-3649,CVE-2022-36879,CVE-2022-36946,CVE-2022-3707,CVE-2022-3903,CVE-2022-39188,CVE-2022-39189,CVE-2022-39190,CVE-2022-40476,CVE-2022-40768,CVE-2022-4095,CVE-2022-41218,CVE-2022-4129,CVE-2022-4139,CVE-2022-41674,CVE-2022-41848,CVE-2022-41849,CVE-2022-41850,CVE-2022-41858,CVE-2022-42328,CVE-2022-42329,CVE-2022-42703,CVE-2022-42719,CVE-2022-42720,CVE-2022-42721,CVE-2022-42722,CVE-2022-42895,CVE-2022-42896,CVE-2022-43750,CVE-2022-4378,CVE-2022-43945,CVE-2022-45869,CVE-2022-45888,CVE-2022-45934 Description: The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-42328: Guests could trigger denial of service via the netback driver (bsc#1206114). - CVE-2022-42329: Guests could trigger denial of service via the netback driver (bsc#1206113). - CVE-2022-3643: Guests could trigger NIC interface reset/abort/crash via netback driver (bsc#1206113). - CVE-2022-3633: Fixed a memory leak in j1939_session_destroy of the file net/can/j1939/transport.c (bsc#1204650). - CVE-2022-3114: Fixed a denial of service in imx_register_uart_clocks() in drivers/clk/imx/clk.c (bsc#1206391). - CVE-2022-3619: Fixed a memory leak in l2cap_recv_acldata of the file net/bluetooth/l2cap_core.c (bsc#1204569). - CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c (bsc#1204631). - CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960). - CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796). - CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414). - CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671). - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514). - CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220). - CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709). - CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705). - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204166). - CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868). - CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices (bsc#1202686). - CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set (bsc#1198702). - CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bsc#1204653). - CVE-2022-3542: Fixed memory leak in bnx2x_tpa_stop() in drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c (bsc#1204402). - CVE-2022-3629: Fixed memory leak in vsock_connect() in net/vmw_vsock/af_vsock.c (bsc#1204635). - CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bsc#1204646). - CVE-2022-3649: Fixed use-after-free in nilfs_new_inode() in fs/nilfs2/inode.c (bsc#1204647). - CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bsc#1204574). - CVE-2022-3594: Fixed excessive data logging in intr_callback() in drivers/net/usb/r8152.c (bsc#1204479). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439). - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bsc#1204431). - CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bsc#1204354). - CVE-2022-40768: Fixed information leak in the scsi driver which allowed local users to obtain sensitive information from kernel memory (bsc#1203514). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bsc#1204168). - CVE-2022-3169: Fixed an denial of service though request to NVME_IOCTL_RESET and NVME_IOCTL_SUBSYS_RESET (bsc#1203290). - CVE-2022-3545: Fixed a use-after-free vulnerability is area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415). - CVE-2022-3521: Fixed a race condition in kcm_tx_work() of the file net/kcm/kcmsock.c (bsc#1204355). - CVE-2022-2153: Fixed a NULL pointer dereference in KVM when attempting to set a SynIC IRQ (bsc#1200788). - CVE-2022-33981: Fixed a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function (bsc#1200692). - CVE-2022-45869: Fixed a race condition in the x86 KVM subsystem which could cause a denial of service (bsc#1205882). - CVE-2022-45888: Fixed a use-after-free during physical removal of a USB devices when using drivers/char/xillybus/xillyusb.c (bsc#1205764). - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700). - CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711) - CVE-2022-3566: Fixed a race condition in the functions tcp_getsockopt/tcp_setsockopt. The manipulation leads to a race condition (bsc#1204405). - CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1204228). - CVE-2022-3176: Fixed a use-after-free in io_uring related to signalfd_poll() and binder_poll() (bsc#1203391). - CVE-2022-3707: Fixed a double free in the Intel GVT-g graphics driver (bsc#1204780). - CVE-2022-3625: Fixed a user-after-free vulnerability in devlink_param_set/devlink_param_get of the file net/core/devlink.c (bsc#1204637). - CVE-2022-3535: Fixed a memory leak in mvpp2_dbgfs_port_init of the file drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c (bsc#1204417). - CVE-2022-39189: Fixed an issue were an unprivileged guest users can compromise the guest kernel because TLB flush operations were mishandled in certain KVM_VCPU_PREEMPTED situations (bsc#1203066). - CVE-2022-3577: Fixed an out-of-bounds memory write in bigben_probe of drivers/hid/hid-bigbenff.c (bsc#1204470). - CVE-2022-2978: Fixed a use-after-free in the NILFS file system (bsc#1202700). - CVE-2022-1184: Fixed a use-after-free and memory errors in ext4 when mounting and operating on a corrupted image (bsc#1198577). - CVE-2022-1263: Fixed a NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allowed an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service (bsc#1198189). - CVE-2022-1882: Fixed a use-after-free flaw in free_pipe_info() that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1199904). - CVE-2022-20369: Fixed possible out of bounds write due to improper input validation in v4l2_m2m_querybuf of v4l2-mem2mem.c (bsc#1202347). - CVE-2022-2586: Fixed a use-after-free which can be triggered when a nft table is deleted (bsc#1202095). - CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096). - CVE-2022-26373: Fixed CPU information leak via post-barrier RSB predictions (bsc#1201726). - CVE-2022-2639: Fixed integer underflow that could lead to out-of-bounds write in reserve_sfa_size() (bsc#1202154). - CVE-2022-2663: Fixed an issue which allowed a firewall to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured (bsc#1202097). - CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg() (bsc#1202346). - CVE-2022-28356: Fixed a refcount bug in llc_ui_bind and llc_ui_autobind which could allow an unprivileged user to execute a denial of service. (bsc#1197391) - CVE-2022-2873: Fixed an out-of-bounds memory access flaw that was found in iSMT SMBus host controller driver (bsc#1202558). - CVE-2022-2905: Fixed tnum_range usage on array range checking for poke descriptors (bsc#1202860). - CVE-2022-2938: Fixed a flaw that was found inside the Pressure Stall Information implementation that could have been used to allow an attacker to crash the system or have other memory-corruption side effects (bsc#1202623). - CVE-2022-2959: Fixed a race condition that was found inside the watch queue due to a missing lock in pipe_resize_ring() (bsc#1202681). - CVE-2022-2977: Fixed reference counting for struct tpm_chip (bsc#1202672). - CVE-2022-3028: Fixed a race condition that was found in the IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously (bsc#1202898). - CVE-2022-3078: Fixed a lack of check after calling vzalloc() and lack of free after allocation in drivers/media/test-drivers/vidtv/vidtv_s302m.c (bsc#1203041). - CVE-2022-3202: Fixed a NULL pointer dereference flaw in Journaled File System. This could allow a local attacker to crash the system or leak kernel internal information (bsc#1203389). - CVE-2022-32250: Fixed user-after-free in net/netfilter/nf_tables_api.c that could allow local privilege escalation (bsc#1200015). - CVE-2022-32296: Fixed vulnerability where TCP servers were allowed to identify clients by observing what source ports are used (bsc#1200288). - CVE-2022-3239: Fixed an use-after-free in the video4linux driver that could lead a local user to able to crash the system or escalate their privileges (bsc#1203552). - CVE-2022-3303: Fixed a race condition in the sound subsystem due to improper locking (bsc#1203769). - CVE-2022-3435: Fixed an out-of-bounds read in fib_nh_match() of the file net/ipv4/fib_semantics.c (bsc#1204171). - CVE-2022-3526: Fixed a memory leak in macvlan_handle_frame() from drivers/net/macvlan.c (bsc#1204353). - CVE-2022-3640: Fixed use-after-free in l2cap_conn_del() in net/bluetooth/l2cap_core.c (bsc#1204619). - CVE-2022-36879: Fixed an issue in xfrm_expand_policies in net/xfrm/xfrm_policy.c where a refcount could be dropped twice (bsc#1201948). - CVE-2022-36946: Fixed a denial of service inside nfqnl_mangle in net/netfilter/nfnetlink_queue.c (bsc#1201940). - CVE-2022-39188: Fixed race condition in include/asm-generic/tlb.h where a device driver can free a page while it still has stale TLB entries (bsc#1203107). - CVE-2022-39190: Fixed an issue that was discovered in net/netfilter/nf_tables_api.c and could cause a denial of service upon binding to an already bound chain (bsc#1203117). - CVE-2022-40476: Fixed a null pointer dereference in fs/io_uring.c (bsc#1203435). - CVE-2022-41218: Fixed an use-after-free caused by refcount races in drivers/media/dvb-core/dmxdev.c (bsc#1202960). - CVE-2022-41674: Fixed a DoS issue where kernel can crash on the reception of specific WiFi Frames (bsc#1203770). - CVE-2022-41848: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl (bsc#1203987). - CVE-2022-41849: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open (bsc#1203992). - CVE-2022-42719: Fixed remote code execution with wlan frames when parsing a multi-BSSID element (bsc#1204051). - CVE-2022-42720: Fixed remote code execution due to refcounting bugs (bsc#1204059). - CVE-2022-42721: Fixed remote code execution due list corruption in the wlan stack (bsc#1204060). - CVE-2022-42722: Fixed crash in beacon protection for P2P-device. (bsc#1204125) - CVE-2021-33135: Fixed uncontrolled resource consumption inside Intel(R) SGX that may have allowed an authenticated user to potentially enable denial of service via local access (bsc#1199515). - CVE-2020-16119: Fixed a use-after-free vulnerability exploitable by a local attacker due to reuse of a DCCP socket. (bsc#1177471) - CVE-2020-36516: Fixed an issue in the mixed IPID assignment method where an attacker was able to inject data into or terminate a victim's TCP session (bsc#1196616). - CVE-2016-3695: Fixed an issue inside the einj_error_inject function in drivers/acpi/apei/einj.c that allowed users to simulate hardware errors and consequently cause a denial of service (bsc#1023051). The following non-security bugs were fixed: - 9p: Fix refcounting during full path walks for fid lookups (git-fixes). - 9p: fix fid refcount leak in v9fs_vfs_atomic_open_dotl (git-fixes). - 9p: fix fid refcount leak in v9fs_vfs_get_link (git-fixes). - ACPI / scan: Create platform device for CS35L41 (bsc#1203699). - ACPI: APEI: Better fix to avoid spamming the console with old error logs (git-fixes). - ACPI: APEI: Fix integer overflow in ghes_estatus_pool_init() (git-fixes). - ACPI: APEI: do not add task_work to kernel thread to avoid memory leak (git-fixes). - ACPI: APEI: explicit init of HEST and GHES in apci_init() (git-fixes). - ACPI: CPPC: Do not prevent CPPC from working in the future (git-fixes). - ACPI: EC: Drop the EC_FLAGS_IGNORE_DSDT_GPE quirk (git-fixes). - ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks (git-fixes). - ACPI: HMAT: Fix initiator registration for single-initiator systems (git-fixes). - ACPI: HMAT: Release platform device in case of platform_device_add_data() fails (git-fixes). - ACPI: HMAT: remove unnecessary variable initialization (git-fixes). - ACPI: LPSS: Fix missing check in register_device_clock() (git-fixes). - ACPI: PM: save NVS memory for Lenovo G40-45 (git-fixes). - ACPI: VIOT: Fix ACS setup (git-fixes). - ACPI: extlog: Handle multiple records (git-fixes). - ACPI: processor idle: Practically limit 'Dummy wait' workaround to old Intel systems (bsc#1203767). - ACPI: processor/idle: Annotate more functions to live in cpuidle section (git-fixes). - ACPI: processor: Remove freq Qos request for all CPUs (git-fixes). - ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool (git-fixes). - ACPI: resource: skip IRQ override on AMD Zen platforms (git-fixes). - ACPI: scan: Add CLSA0101 Laptop Support (bsc#1203699). - ACPI: scan: Add LATT2021 to acpi_ignore_dep_ids[] (git-fixes). - ACPI: tables: FPDT: Do not call acpi_os_map_memory() on invalid phys address (git-fixes). - ACPI: thermal: drop an always true check (git-fixes). - ACPI: utils: Add api to read _SUB from ACPI (bsc#1203699). - ACPI: video: Add Toshiba Satellite/Portege Z830 quirk (git-fixes). - ACPI: video: Force backlight native for some TongFang devices (git-fixes). - ACPI: video: Make backlight class device registration a separate step (v2) (git-fixes). - ACPI: video: Shortening quirk list by identifying Clevo by board_name only (git-fixes). - ACPI: x86: Add a quirk for Dell Inspiron 14 2-in-1 for StorageD3Enable (git-fixes). - ACPI: x86: Add another system to quirk list for forcing StorageD3Enable (git-fixes). - ALSA: Use del_timer_sync() before freeing timer (git-fixes). - ALSA: ac97: fix possible memory leak in snd_ac97_dev_register() (git-fixes). - ALSA: aloop: Fix random zeros in capture data when using jiffies timer (git-fixes). - ALSA: aoa: Fix I2S device accounting (git-fixes). - ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() (git-fixes). - ALSA: asihpi - Remove useless code in hpi_meter_get_peak() (git-fixes). - ALSA: au88x0: use explicitly signed char (git-fixes). - ALSA: bcd2000: Fix a UAF bug on the error path of probing (git-fixes). - ALSA: core: Fix double-free at snd_card_new() (git-fixes). - ALSA: cs35l41: Check hw_config before using it (bsc#1203699). - ALSA: cs35l41: Enable Internal Boost in shared lib (bsc#1203699). - ALSA: cs35l41: Move cs35l41_gpio_config to shared lib (bsc#1203699). - ALSA: cs35l41: Unify hardware configuration (bsc#1203699). - ALSA: dice: fix regression for Lexicon I-ONIX FW810S (git-fixes). - ALSA: dmaengine: increment buffer pointer atomically (git-fixes). - ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() (git-fixes). - ALSA: hda/ca0132: add quirk for EVGA Z390 DARK (git-fixes). - ALSA: hda/cirrus - support for iMac 12,1 model (git-fixes). - ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model (git-fixes). - ALSA: hda/conexant: add a new hda codec SN6140 (git-fixes). - ALSA: hda/cs8409: Add Speaker Playback Switch for Cyborg (bsc#1203699). - ALSA: hda/cs8409: Add Speaker Playback Switch for Warlock (bsc#1203699). - ALSA: hda/cs8409: Add new Dolphin HW variants (bsc#1203699). - ALSA: hda/cs8409: Disable HSBIAS_SENSE_EN for Cyborg (bsc#1203699). - ALSA: hda/cs8409: Fix Full Scale Volume setting for all variants (bsc#1203699). - ALSA: hda/cs8409: Fix Warlock to use mono mic configuration (bsc#1203699). - ALSA: hda/cs8409: Re-order quirk table into ascending order (bsc#1203699). - ALSA: hda/cs8409: Support manual mode detection for CS42L42 (bsc#1203699). - ALSA: hda/cs8409: Support new Dolphin Variants (bsc#1203699). - ALSA: hda/cs8409: Support new Odin Variants (bsc#1203699). - ALSA: hda/cs8409: Support new Warlock MLK Variants (bsc#1203699). - ALSA: hda/cs8409: Use general cs42l42 include in cs8409 hda driver (bsc#1203699). - ALSA: hda/cs8409: change cs8409_fixups v.pins initializers to static (bsc#1203699). - ALSA: hda/cs_dsp_ctl: Fix mutex inversion when creating controls (bsc#1203699). - ALSA: hda/hdmi - enable runtime pm for more AMD display audio (git-fixes). - ALSA: hda/hdmi: Do not skip notification handling during PM operation (git-fixes). - ALSA: hda/hdmi: Fix the converter allocation for the silent stream (git-fixes). - ALSA: hda/hdmi: Fix the converter reuse for the silent stream (git-fixes). - ALSA: hda/hdmi: change type for the 'assigned' variable (git-fixes). - ALSA: hda/realtek: Add CS35L41 support for Thinkpad laptops (bsc#1203699). - ALSA: hda/realtek: Add Intel Reference SSID to support headset keys (git-fixes). - ALSA: hda/realtek: Add Positivo C6300 model quirk (git-fixes). - ALSA: hda/realtek: Add a quirk for HP OMEN 15 (8786) mute LED (git-fixes). - ALSA: hda/realtek: Add a quirk for HP OMEN 16 (8902) mute LED (git-fixes). - ALSA: hda/realtek: Add another HP ZBook G9 model quirks (bsc#1203699). - ALSA: hda/realtek: Add mute and micmut LED support for Zbook Fury 17 G9 (bsc#1203699). - ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack (git-fixes). - ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GA503R laptop (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GV601R laptop (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS Zenbook using CS35L41 (bsc#1203922). - ALSA: hda/realtek: Add quirk for ASUS Zenbook using CS35L41 (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NS50PU, NS70PU (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NV45PZ (git-fixes). - ALSA: hda/realtek: Add quirk for HP Spectre x360 15-eb0xxx (git-fixes). - ALSA: hda/realtek: Add quirk for HP Zbook Firefly 14 G9 model (bsc#1203699). - ALSA: hda/realtek: Add quirk for Huawei WRT-WX9 (git-fixes). - ALSA: hda/realtek: Add quirk for Lenovo Yoga7 14IAL7 (bsc#1203699). - ALSA: hda/realtek: Add quirk for Lenovo Yoga9 14IAP7 (git-fixes). - ALSA: hda/realtek: Add quirk for another Asus K42JZ model (git-fixes). - ALSA: hda/realtek: Add quirks for ASUS Zenbooks using CS35L41 (bsc#1203699). - ALSA: hda/realtek: Add speaker AMP init for Samsung laptops with ALC298 (git-fixes). - ALSA: hda/realtek: Add support for HP Laptops (bsc#1203699). - ALSA: hda/realtek: Add support for Legion 7 16ACHg6 laptop (bsc#1203699). - ALSA: hda/realtek: Correct pin configs for ASUS G533Z (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5570 laptop (git-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook 845/865 G9 (bsc#1203699). - ALSA: hda/realtek: Enable mute/micmute LEDs support for HP Laptops (bsc#1203699). - ALSA: hda/realtek: Enable speaker and mute LEDs for HP laptops (bsc#1203699). - ALSA: hda/realtek: Fix LED on Zbook Studio G9 (bsc#1203699). - ALSA: hda/realtek: Fix mute led issue on thinkpad with cs35l41 s-codec (bsc#1203699). - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 (bsc#1205100). - ALSA: hda/realtek: More robust component matching for CS35L41 (bsc#1203699). - ALSA: hda/realtek: Re-arrange quirk table entries (git-fixes). - ALSA: hda/realtek: fix speakers for Samsung Galaxy Book Pro (bsc#1205100). - ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530 (git-fixes). - ALSA: hda/sigmatel: Fix unused variable warning for beep power change (git-fixes). - ALSA: hda/sigmatel: Keep power up while beep is enabled (bsc#1200544). - ALSA: hda/tegra: Add Tegra234 hda driver support (git-fixes). - ALSA: hda/tegra: Align BDL entry to 4KB boundary (git-fixes). - ALSA: hda/tegra: Update scratch reg. communication (git-fixes). - ALSA: hda/tegra: set depop delay for tegra (git-fixes). - ALSA: hda: Fix Nvidia dp infoframe (git-fixes). - ALSA: hda: Fix dependencies of CS35L41 on SPI/I2C buses (bsc#1203699). - ALSA: hda: Fix dependency on ASoC cs35l41 codec (bsc#1203699). - ALSA: hda: Fix hang at HD-audio codec unbinding due to refcount saturation (git-fixes). - ALSA: hda: Fix position reporting on Poulsbo (git-fixes). - ALSA: hda: add Intel 5 Series / 3400 PCI DID (git-fixes). - ALSA: hda: cs35l41: Add Amp Name based on channel and index (bsc#1203699). - ALSA: hda: cs35l41: Add Boost type flag (bsc#1203699). - ALSA: hda: cs35l41: Add Support for Interrupts (bsc#1203699). - ALSA: hda: cs35l41: Add calls to newly added test key function (bsc#1203699). - ALSA: hda: cs35l41: Add defaulted values into dsp bypass config sequence (bsc#1203699). - ALSA: hda: cs35l41: Add initial DSP support and firmware loading (bsc#1203699). - ALSA: hda: cs35l41: Add missing default cases (bsc#1203699). - ALSA: hda: cs35l41: Add module parameter to control firmware load (bsc#1203699). - ALSA: hda: cs35l41: Add support for CS35L41 in HDA systems (bsc#1203699). - ALSA: hda: cs35l41: Allow compilation test on non-ACPI configurations (bsc#1203699). - ALSA: hda: cs35l41: Always configure the DAI (bsc#1203699). - ALSA: hda: cs35l41: Avoid overwriting register patch (bsc#1203699). - ALSA: hda: cs35l41: Clarify support for CSC3551 without _DSD Properties (bsc#1203699). - ALSA: hda: cs35l41: Consolidate selections under SND_HDA_SCODEC_CS35L41 (bsc#1203699). - ALSA: hda: cs35l41: Do not dereference fwnode handle (bsc#1203699). - ALSA: hda: cs35l41: Drop wrong use of ACPI_PTR() (bsc#1203699). - ALSA: hda: cs35l41: Enable GPIO2 Interrupt for CLSA0100 laptops (bsc#1203699). - ALSA: hda: cs35l41: Fix I2S params comments (bsc#1203699). - ALSA: hda: cs35l41: Fix comments wrt serial-multi-instantiate reference (bsc#1203699). - ALSA: hda: cs35l41: Fix error in spi cs35l41 hda driver name (bsc#1203699). - ALSA: hda: cs35l41: Handle all external boost setups the same way (bsc#1203699). - ALSA: hda: cs35l41: Improve dev_err_probe() messaging (bsc#1203699). - ALSA: hda: cs35l41: Make cs35l41_hda_remove() return void (bsc#1203699). - ALSA: hda: cs35l41: Make use of the helper function dev_err_probe() (bsc#1203699). - ALSA: hda: cs35l41: Move boost config to initialization code (bsc#1203699). - ALSA: hda: cs35l41: Move cs35l41* calls to its own symbol namespace (bsc#1203699). - ALSA: hda: cs35l41: Move external boost handling to lib for ASoC use (bsc#1203699). - ALSA: hda: cs35l41: Mute the device before shutdown (bsc#1203699). - ALSA: hda: cs35l41: Put the device into safe mode for external boost (bsc#1203699). - ALSA: hda: cs35l41: Read Speaker Calibration data from UEFI variables (bsc#1203699). - ALSA: hda: cs35l41: Remove Set Channel Map api from binding (bsc#1203699). - ALSA: hda: cs35l41: Remove cs35l41_hda_reg_sequence struct (bsc#1203699). - ALSA: hda: cs35l41: Remove suspend/resume hda hooks (bsc#1203699). - ALSA: hda: cs35l41: Reorganize log for playback actions (bsc#1203699). - ALSA: hda: cs35l41: Save Subsystem ID inside CS35L41 Driver (bsc#1203699). - ALSA: hda: cs35l41: Save codec object inside component struct (bsc#1203699). - ALSA: hda: cs35l41: Set Speaker Position for CLSA0100 Laptop (bsc#1203699). - ALSA: hda: cs35l41: Support CLSA0101 (bsc#1203699). - ALSA: hda: cs35l41: Support Firmware switching and reloading (bsc#1203699). - ALSA: hda: cs35l41: Support Hibernation during Suspend (bsc#1203699). - ALSA: hda: cs35l41: Support Speaker ID for laptops (bsc#1203699). - ALSA: hda: cs35l41: Support System Suspend (bsc#1203699). - ALSA: hda: cs35l41: Support multiple load paths for firmware (bsc#1203699). - ALSA: hda: cs35l41: Support reading subsystem id from ACPI (bsc#1203699). - ALSA: hda: cs35l41: Tidyup code (bsc#1203699). - ALSA: hda: cs35l41: Use the CS35L41 HDA internal define (bsc#1203699). - ALSA: hda: cs35l41: fix double free on error in probe() (bsc#1203699). - ALSA: hda: fix potential memleak in 'add_widget_node' (git-fixes). - ALSA: hda: hda_cs_dsp_ctl: Add Library to support CS_DSP ALSA controls (bsc#1203699). - ALSA: hda: hda_cs_dsp_ctl: Add apis to write the controls directly (bsc#1203699). - ALSA: hda: hda_cs_dsp_ctl: Add fw id strings (bsc#1203699). - ALSA: hda: hda_cs_dsp_ctl: Ensure pwr_lock is held before reading/writing controls (bsc#1203699). - ALSA: hda: hda_cs_dsp_ctl: Minor clean and redundant code removal (bsc#1203699). - ALSA: hda: intel-dsp-config: Add RaptorLake PCI IDs (jsc#PED-720). - ALSA: hda: intel-nhlt: Correct the handling of fmt_config flexible array (git-fixes). - ALSA: hiface: fix repeated words in comments (git-fixes). - ALSA: info: Fix llseek return value when using callback (git-fixes). - ALSA: line6: Replace sprintf() with sysfs_emit() (git-fixes). - ALSA: line6: remove line6_set_raw declaration (git-fixes). - ALSA: oss: Fix potential deadlock at unregistration (git-fixes). - ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC (git-fixes). - ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free() (git-fixes). - ALSA: rme9652: use explicitly signed char (git-fixes). - ALSA: scarlett2: Add Focusrite Clarett+ 8Pre support (git-fixes). - ALSA: scarlett2: Add support for the internal 'standalone' switch (git-fixes). - ALSA: scarlett2: Split scarlett2_config_items[] into 3 sections (git-fixes). - ALSA: seq: Fix data-race at module auto-loading (git-fixes). - ALSA: seq: oss: Fix data-race for max_midi_devs access (git-fixes). - ALSA: usb-audio: Add DSD support for Accuphase DAC-60 (git-fixes). - ALSA: usb-audio: Add endianness annotations (git-fixes). - ALSA: usb-audio: Add mixer mapping for Gigabyte B450/550 Mobos (git-fixes). - ALSA: usb-audio: Add quirk entry for M-Audio Micro (git-fixes). - ALSA: usb-audio: Add quirk for Behringer UMC202HD (git-fixes). - ALSA: usb-audio: Add quirk for LH Labs Geek Out HD Audio 1V5 (git-fixes). - ALSA: usb-audio: Add quirk to enable Avid Mbox 3 support (git-fixes). - ALSA: usb-audio: Add quirks for M-Audio Fast Track C400/600 (git-fixes). - ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() (git-fixes). - ALSA: usb-audio: Fix NULL dererence at error path (git-fixes). - ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() (git-fixes). - ALSA: usb-audio: Fix last interface check for registration (git-fixes). - ALSA: usb-audio: Fix potential memory leaks (git-fixes). - ALSA: usb-audio: Fix regression with Dell Dock jack detection (bsc#1204719). - ALSA: usb-audio: Inform the delayed registration more properly (git-fixes). - ALSA: usb-audio: More comprehensive mixer map for ASUS ROG Zenith II (git-fixes). - ALSA: usb-audio: Register card again for iface over delayed_register option (git-fixes). - ALSA: usb-audio: Register card at the last interface (git-fixes). - ALSA: usb-audio: Remove redundant workaround for Roland quirk (bsc#1205111). - ALSA: usb-audio: Split endpoint setups for hw_params and prepare (git-fixes). - ALSA: usb-audio: Support jack detection on Dell dock (git-fixes). - ALSA: usb-audio: Turn off 'manual mode' on Dell dock (git-fixes). - ALSA: usb-audio: Yet more regression for for the delayed card registration (bsc#1205111). - ALSA: usb-audio: add quirk to fix Hamedal C20 disconnect issue (git-fixes). - ALSA: usb-audio: make read-only array marker static const (git-fixes). - ALSA: usb-audio: remove redundant assignment to variable c (git-fixes). - ALSA: usb-audio: scarlett2: Use struct_size() helper in scarlett2_usb() (git-fixes). - ALSA: usb/6fire: fix repeated words in comments (git-fixes). - ARM: 9216/1: Fix MAX_DMA_ADDRESS overflow (git-fixes). - ARM: 9242/1: kasan: Only map modules if CONFIG_KASAN_VMALLOC=n (git-fixes). - ARM: 9244/1: dump: Fix wrong pg_level in walk_pmd() (git-fixes). - ARM: 9247/1: mm: set readonly for MT_MEMORY_RO with ARM_LPAE (git-fixes). - ARM: Drop CMDLINE_* dependency on ATAGS (git-fixes). - ARM: OMAP2+: Fix refcount leak in omap3xxx_prm_late_init (git-fixes). - ARM: OMAP2+: Fix refcount leak in omapdss_init_of (git-fixes). - ARM: OMAP2+: display: Fix refcount leak bug (git-fixes). - ARM: OMAP2+: pdata-quirks: Fix refcount leak bug (git-fixes). - ARM: at91: rm9200: fix usb device clock id (git-fixes). - ARM: bcm: Fix refcount leak in bcm_kona_smc_init (git-fixes). - ARM: decompressor: Include .data.rel.ro.local (git-fixes). - ARM: defconfig: clean up multi_v4t and multi_v5 configs (git-fixes). - ARM: defconfig: drop CONFIG_PTP_1588_CLOCK=y (git-fixes). - ARM: defconfig: drop CONFIG_SERIAL_OMAP references (git-fixes). - ARM: defconfig: drop CONFIG_USB_FSL_USB2 (git-fixes). - ARM: dts: BCM5301X: Add DT for Meraki MR26 (git-fixes). - ARM: dts: am335x-pcm-953: Define fixed regulators in root node (git-fixes). - ARM: dts: am33xx: Fix MMCHS0 dma properties (git-fixes). - ARM: dts: armada-38x: Add gpio-ranges for pin muxing (git-fixes). - ARM: dts: ast2500-evb: fix board compatible (git-fixes). - ARM: dts: ast2600-evb-a1: fix board compatible (git-fixes). - ARM: dts: ast2600-evb: fix board compatible (git-fixes). - ARM: dts: at91: sam9g20ek: enable udc vbus gpio pinctrl (git-fixes). - ARM: dts: at91: sama5d27_wlsom1: do not keep ldo2 enabled all the time (git-fixes). - ARM: dts: at91: sama5d27_wlsom1: specify proper regulator output ranges (git-fixes). - ARM: dts: at91: sama5d2_icp: do not keep vdd_other enabled all the time (git-fixes). - ARM: dts: at91: sama5d2_icp: specify proper regulator output ranges (git-fixes). - ARM: dts: exynos: correct s5k6a3 reset polarity on Midas family (git-fixes). - ARM: dts: exynos: fix polarity of VBUS GPIO of Origen (git-fixes). - ARM: dts: fix Moxa SDIO 'compatible', remove 'sdhci' misnomer (git-fixes). - ARM: dts: imx6dl: add missing properties for sram (git-fixes). - ARM: dts: imx6q-prti6q: Fix ref/tcxo-clock-frequency properties (git-fixes). - ARM: dts: imx6q: add missing properties for sram (git-fixes). - ARM: dts: imx6qdl-gw59{10,13}: fix user pushbutton GPIO offset (git-fixes). - ARM: dts: imx6qdl-kontron-samx6i: fix spi-flash compatible (git-fixes). - ARM: dts: imx6qdl-kontron-samx6i: hook up DDC i2c bus (git-fixes). - ARM: dts: imx6qdl-kontron-samx6i: remove duplicated node (git-fixes). - ARM: dts: imx6qp: add missing properties for sram (git-fixes). - ARM: dts: imx6sl: add missing properties for sram (git-fixes). - ARM: dts: imx6sll: add missing properties for sram (git-fixes). - ARM: dts: imx6sx: add missing properties for sram (git-fixes). - ARM: dts: imx6ul: add missing properties for sram (git-fixes). - ARM: dts: imx6ul: change operating-points to uint32-matrix (git-fixes). - ARM: dts: imx6ul: fix csi node compatible (git-fixes). - ARM: dts: imx6ul: fix keypad compatible (git-fixes). - ARM: dts: imx6ul: fix lcdif node compatible (git-fixes). - ARM: dts: imx6ul: fix qspi node compatible (git-fixes). - ARM: dts: imx7: Fix NAND controller size-cells (git-fixes). - ARM: dts: imx7d-colibri-emmc: add cpu1 supply (git-fixes). - ARM: dts: imx7d-sdb: config the max pressure for tsc2046 (git-fixes). - ARM: dts: imx: align SPI NOR node name with dtschema (git-fixes). - ARM: dts: integrator: Tag PCI host with device_type (git-fixes). - ARM: dts: kirkwood: lsxl: fix serial line (git-fixes). - ARM: dts: kirkwood: lsxl: remove first ethernet port (git-fixes). - ARM: dts: qcom: mdm9615: add missing PMIC GPIO reg (git-fixes). - ARM: dts: qcom: pm8841: add required thermal-sensor-cells (git-fixes). - ARM: dts: qcom: sdx55: Fix the IRQ trigger type for UART (git-fixes). - ARM: dts: turris-omnia: Add label for wan port (git-fixes). - ARM: dts: turris-omnia: Fix mpp26 pin name and comment (git-fixes). - ARM: dts: uniphier: Fix USB interrupts for PXs2 SoC (git-fixes). - ARM: findbit: fix overflowing offset (git-fixes). - ARM: mxs: fix memory leak in mxs_machine_init() (git-fixes). - ARM: shmobile: rcar-gen2: Increase refcount for new reference (git-fixes). - ASoC: Intel: bytcht_es8316: Add quirk for the Nanote UMPC-01 (git-fixes). - ASoC: Intel: sof_sdw: add quirk variant for LAPBC710 NUC15 (git-fixes). - ASoC: SOF: Intel: pci-tgl: add ADL-PS support (jsc#PED-720). - ASoC: SOF: Intel: pci-tgl: add RPL-P support (jsc#PED-720). - ASoC: SOF: Intel: pci-tgl: add RPL-S support (jsc#PED-652). - ASoC: SOF: debug: Fix potential buffer overflow by snprintf() (git-fixes). - ASoC: SOF: pci: Change DMI match info to support all Chrome platforms (git-fixes). - ASoC: audio-graph-card: Add of_node_put() in fail path (git-fixes). - ASoC: codec: tlv320aic32x4: fix mono playback via I2S (git-fixes). - ASoC: codecs: da7210: add check for i2c_add_driver (git-fixes). - ASoC: codecs: jz4725b: Fix spelling mistake 'Sourc' -> 'Source', 'Routee' -> 'Route' (git-fixes). - ASoC: codecs: jz4725b: add missed Line In power control bit (git-fixes). - ASoC: codecs: jz4725b: fix capture selector naming (git-fixes). - ASoC: codecs: jz4725b: fix reported volume for Master ctl (git-fixes). - ASoC: codecs: jz4725b: use right control for Capture Volume (git-fixes). - ASoC: codecs: msm8916-wcd-digital: move gains from SX_TLV to S8_TLV (git-fixes). - ASoC: codecs: tx-macro: fix kcontrol put (git-fixes). - ASoC: codecs: wcd9335: move gains from SX_TLV to S8_TLV (git-fixes). - ASoC: core: Fix use-after-free in snd_soc_exit() (git-fixes). - ASoC: cros_ec_codec: Fix refcount leak in cros_ec_codec_platform_probe (git-fixes). - ASoC: cs35l41: Add ASP TX3/4 source to register patch (bsc#1203699). - ASoC: cs35l41: Add bindings for CS35L41 (bsc#1203699). - ASoC: cs35l41: Add common cs35l41 enter hibernate function (bsc#1203699). - ASoC: cs35l41: Add cs35l51/53 IDs (bsc#1203699). - ASoC: cs35l41: Add endianness flag in snd_soc_component_driver (bsc#1203699). - ASoC: cs35l41: Add one more variable in the debug log (bsc#1203699). - ASoC: cs35l41: Add support for CLSA3541 ACPI device ID (bsc#1203699). - ASoC: cs35l41: Add support for hibernate memory retention mode (bsc#1203699). - ASoC: cs35l41: Binding fixes (bsc#1203699). - ASoC: cs35l41: CS35L41 Boosted Smart Amplifier (bsc#1203699). - ASoC: cs35l41: Change monitor widgets to siggens (bsc#1203699). - ASoC: cs35l41: Combine adjacent register writes (bsc#1203699). - ASoC: cs35l41: Convert tables to shared source code (bsc#1203699). - ASoC: cs35l41: Correct DSP power down (bsc#1203699). - ASoC: cs35l41: Correct handling of some registers in the cache (bsc#1203699). - ASoC: cs35l41: Correct some control names (bsc#1203699). - ASoC: cs35l41: Create shared function for boost configuration (bsc#1203699). - ASoC: cs35l41: Create shared function for errata patches (bsc#1203699). - ASoC: cs35l41: Create shared function for setting channels (bsc#1203699). - ASoC: cs35l41: DSP Support (bsc#1203699). - ASoC: cs35l41: Do not overwrite returned error code (bsc#1203699). - ASoC: cs35l41: Do not print error when waking from hibernation (bsc#1203699). - ASoC: cs35l41: Document CS35l41 External Boost (bsc#1203699). - ASoC: cs35l41: Fix DSP mbox start command and global enable order (bsc#1203699). - ASoC: cs35l41: Fix GPIO2 configuration (bsc#1203699). - ASoC: cs35l41: Fix a bunch of trivial code formating/style issues (bsc#1203699). - ASoC: cs35l41: Fix a shift-out-of-bounds warning found by UBSAN (bsc#1203699). - ASoC: cs35l41: Fix an out-of-bounds access in otp_packed_element_t (bsc#1203699). - ASoC: cs35l41: Fix link problem (bsc#1203699). - ASoC: cs35l41: Fix max number of TX channels (bsc#1203699). - ASoC: cs35l41: Fix undefined reference to core functions (bsc#1203699). - ASoC: cs35l41: Fix use of an uninitialised variable (bsc#1203699). - ASoC: cs35l41: Fixup the error messages (bsc#1203699). - ASoC: cs35l41: Make cs35l41_remove() return void (bsc#1203699). - ASoC: cs35l41: Move cs35l41 exit hibernate function into shared code (bsc#1203699). - ASoC: cs35l41: Move cs35l41 fs errata into shared code (bsc#1203699). - ASoC: cs35l41: Move cs35l41_otp_unpack to shared code (bsc#1203699). - ASoC: cs35l41: Move cs35l41_set_cspl_mbox_cmd to shared code (bsc#1203699). - ASoC: cs35l41: Move cs_dsp config struct into shared code (bsc#1203699). - ASoC: cs35l41: Move power initializations to reg_sequence (bsc#1203699). - ASoC: cs35l41: Read System Name from ACPI _SUB to identify firmware (bsc#1203699). - ASoC: cs35l41: Remove incorrect comment (bsc#1203699). - ASoC: cs35l41: Remove unnecessary param (bsc#1203699). - ASoC: cs35l41: Set the max SPI speed for the whole device (bsc#1203699). - ASoC: cs35l41: Support external boost (bsc#1203699). - ASoC: cs35l41: Update handling of test key registers (bsc#1203699). - ASoC: cs35l41: Use regmap_read_poll_timeout to wait for OTP boot (bsc#1203699). - ASoC: cs42l42: Add control for audio slow-start switch (bsc#1203699). - ASoC: cs42l42: Add warnings about DETECT_MODE and PLL_START (bsc#1203699). - ASoC: cs42l42: Allow time for HP/ADC to power-up after enable (bsc#1203699). - ASoC: cs42l42: Always enable TS_PLUG and TS_UNPLUG interrupts (bsc#1203699). - ASoC: cs42l42: Change jack_detect_mutex to a lock of all IRQ handling (bsc#1203699). - ASoC: cs42l42: Do not claim to support 192k (bsc#1203699). - ASoC: cs42l42: Do not reconfigure the PLL while it is running (bsc#1203699). - ASoC: cs42l42: Fix WARN in remove() if running without an interrupt (bsc#1203699). - ASoC: cs42l42: Handle system suspend (bsc#1203699). - ASoC: cs42l42: Implement Manual Type detection as fallback (bsc#1203699). - ASoC: cs42l42: Mark OSC_SWITCH_STATUS register volatile (bsc#1203699). - ASoC: cs42l42: Minor fix all errors reported by checkpatch.pl script (bsc#1203699). - ASoC: cs42l42: Move CS42L42 register descriptions to general include (bsc#1203699). - ASoC: cs42l42: Only report button state if there was a button interrupt (git-fixes). - ASoC: cs42l42: Prevent NULL pointer deref in interrupt handler (bsc#1203699). - ASoC: cs42l42: Remove redundant pll_divout member (bsc#1203699). - ASoC: cs42l42: Remove redundant writes to DETECT_MODE (bsc#1203699). - ASoC: cs42l42: Remove redundant writes to RS_PLUG/RS_UNPLUG masks (bsc#1203699). - ASoC: cs42l42: Remove unused runtime_suspend/runtime_resume callbacks (bsc#1203699). - ASoC: cs42l42: Report full jack status when plug is detected (bsc#1203699). - ASoC: cs42l42: Report initial jack state (bsc#1203699). - ASoC: cs42l42: Reset and power-down on remove() and failed probe() (bsc#1203699). - ASoC: cs42l42: Set correct SRC MCLK (bsc#1203699). - ASoC: cs42l42: Simplify reporting of jack unplug (bsc#1203699). - ASoC: cs42l42: Use PLL for SCLK > 12.288MHz (bsc#1203699). - ASoC: cs42l42: Use two thresholds and increased wait time for manual type detection (bsc#1203699). - ASoC: cs42l42: free_irq() before powering-down on probe() fail (bsc#1203699). - ASoC: da7219: Fix an error handling path in da7219_register_dai_clks() (git-fixes). - ASoC: dt-bindings: cs42l42: Convert binding to yaml (bsc#1203699). - ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API (git-fixes). - ASoC: fsl-asoc-card: force cast the asrc_format type (git-fixes). - ASoC: fsl_asrc fsl_esai fsl_sai: allow CONFIG_PM=N (git-fixes). - ASoC: fsl_asrc: force cast the asrc_format type (git-fixes). - ASoC: fsl_easrc: use snd_pcm_format_t type for sample_format (git-fixes). - ASoC: fsl_sai: Remove unnecessary FIFO reset in ISR (git-fixes). - ASoC: fsl_sai: use local device pointer (git-fixes). - ASoC: imx-audmux: Silence a clang warning (git-fixes). - ASoC: imx-card: Fix DSD/PDM mclk frequency (git-fixes). - ASoC: imx-card: Fix refcount issue with of_node_put (git-fixes). - ASoC: imx-card: use snd_pcm_format_t type for asrc_format (git-fixes). - ASoC: max98373: Add checks for devm_kcalloc (git-fixes). - ASoC: mchp-spdifrx: disable end of block interrupt on failures (git-fixes). - ASoC: mchp-spdiftx: Fix clang -Wbitfield-constant-conversion (git-fixes). - ASoC: mchp-spdiftx: remove references to mchp_i2s_caps (git-fixes). - ASoC: mt6359: Fix refcount leak bug (git-fixes). - ASoC: mt6359: fix tests for platform_get_irq() failure (git-fixes). - ASoC: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe (git-fixes). - ASoC: mt6660: Keep the pm_runtime enables before component stuff in mt6660_i2c_probe (git-fixes). - ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe (git-fixes). - ASoC: nau8824: Fix semaphore unbalance at error paths (git-fixes). - ASoC: ops: Fix bounds check for _sx controls (git-fixes). - ASoC: qcom: Fix missing of_node_put() in asoc_qcom_lpass_cpu_platform_probe() (git-fixes). - ASoC: qcom: lpass-cpu: Mark HDMI TX parity register as volatile (git-fixes). - ASoC: qcom: lpass-cpu: mark HDMI TX registers as volatile (git-fixes). - ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp() (git-fixes). - ASoC: qcom: sm8250: add missing module owner (git-fixes). - ASoC: rsnd: Add check for rsnd_mod_power_on (git-fixes). - ASoC: rsnd: care default case on rsnd_ssiu_busif_err_irq_ctrl() (git-fixes). - ASoC: rt1019: Fix the TDM settings (git-fixes). - ASoC: samsung: Fix error handling in aries_audio_probe (git-fixes). - ASoC: samsung: change gpiod_speaker_power and rx1950_audio from global to static variables (git-fixes). - ASoC: samsung: change neo1973_audio from a global to static (git-fixes). - ASoC: samsung: h1940_uda1380: include proepr GPIO consumer header (git-fixes). - ASoC: sgtl5000: Reset the CHIP_CLK_CTRL reg on remove (git-fixes). - ASoC: soc-pcm: Do not zero TDM masks in __soc_pcm_open() (git-fixes). - ASoC: soc-utils: Remove __exit for snd_soc_util_exit() (git-fixes). - ASoC: stm32: dfsdm: manage cb buffers cleanup (git-fixes). - ASoC: tas2764: Allow mono streams (git-fixes). - ASoC: tas2764: Drop conflicting set_bias_level power setting (git-fixes). - ASoC: tas2764: Fix mute/unmute (git-fixes). - ASoC: tas2764: Fix set_tdm_slot in case of single slot (git-fixes). - ASoC: tas2770: Allow mono streams (git-fixes). - ASoC: tas2770: Drop conflicting set_bias_level power setting (git-fixes). - ASoC: tas2770: Fix handling of mute/unmute (git-fixes). - ASoC: tas2770: Fix set_tdm_slot in case of single slot (git-fixes). - ASoC: tas2770: Reinit regcache on reset (git-fixes). - ASoC: tas2770: Set correct FSYNC polarity (git-fixes). - ASoC: wcd9335: fix order of Slimbus unprepare/disable (git-fixes). - ASoC: wcd934x: fix order of Slimbus unprepare/disable (git-fixes). - ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe (git-fixes). - ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe (git-fixes). - ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK (git-fixes). - ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe (git-fixes). - ASoC: wm_adsp: Add support for 'toggle' preloaders (bsc#1203699). - ASoC: wm_adsp: Add trace caps to speaker protection FW (bsc#1203699). - ASoC: wm_adsp: Cancel ongoing work when removing controls (bsc#1203699). - ASoC: wm_adsp: Compressed stream DSP memory structs should be __packed (bsc#1203699). - ASoC: wm_adsp: Correct control read size when parsing compressed buffer (bsc#1203699). - ASoC: wm_adsp: Expand firmware loading search options (bsc#1203699). - ASoC: wm_adsp: Fix event for preloader (bsc#1203699). - ASoC: wm_adsp: Handle optional legacy support (git-fixes). - ASoC: wm_adsp: Introduce cs_dsp logging macros (bsc#1203699). - ASoC: wm_adsp: Make compressed buffers optional (bsc#1203699). - ASoC: wm_adsp: Minor clean and redundant code removal (bsc#1203699). - ASoC: wm_adsp: Move check for control existence (bsc#1203699). - ASoC: wm_adsp: Move check of dsp->running to better place (bsc#1203699). - ASoC: wm_adsp: Move sys_config_size to wm_adsp (bsc#1203699). - ASoC: wm_adsp: Pass firmware names as parameters when starting DSP core (bsc#1203699). - ASoC: wm_adsp: Remove pointless string comparison (bsc#1203699). - ASoC: wm_adsp: Remove the wmfw_add_ctl helper function (bsc#1203699). - ASoC: wm_adsp: Remove use of snd_ctl_elem_type_t (bsc#1203699). - ASoC: wm_adsp: Rename generic DSP support (bsc#1203699). - ASoC: wm_adsp: Separate generic cs_dsp_coeff_ctl handling (bsc#1203699). - ASoC: wm_adsp: Separate some ASoC and generic functions (bsc#1203699). - ASoC: wm_adsp: Separate wm_adsp specifics in cs_dsp_client_ops (bsc#1203699). - ASoC: wm_adsp: Split DSP power operations into helper functions (bsc#1203699). - ASoC: wm_adsp: Split out struct cs_dsp from struct wm_adsp (bsc#1203699). - ASoC: wm_adsp: Switch to using wm_coeff_read_ctrl for compressed buffers (bsc#1203699). - ASoC: wm_adsp: move firmware loading to client (bsc#1203699). - ASoC: wm_adsp: remove a repeated including (bsc#1203699). - ASoC: wm_adsp: wm_adsp_control_add() error: uninitialized symbol 'ret' (bsc#1203699). - Bluetooth: 6LoWPAN: add missing hci_dev_put() in get_l2cap_conn() (git-fixes). - Bluetooth: Add bt_skb_sendmmsg helper (git-fixes). - Bluetooth: Add bt_skb_sendmsg helper (git-fixes). - Bluetooth: Fix bt_skb_sendmmsg not allocating partial chunks (git-fixes). - Bluetooth: Fix not cleanup led when bt_init fails (git-fixes). - Bluetooth: Fix passing NULL to PTR_ERR (git-fixes). - Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM (git-fixes). - Bluetooth: L2CAP: Fix attempting to access uninitialized memory (git-fixes). - Bluetooth: L2CAP: Fix build errors in some archs (git-fixes). - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (git-fixes). - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression (git-fixes). - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put (git-fixes). - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (git-fixes). - Bluetooth: L2CAP: Fix user-after-free (git-fixes). - Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() (git-fixes). - Bluetooth: MGMT: Fixes build warnings with C=1 (git-fixes). - Bluetooth: RFCOMM: Fix possible deadlock on socket shutdown/release (git-fixes). - Bluetooth: RFCOMM: Replace use of memcpy_from_msg with bt_skb_sendmmsg (git-fixes). - Bluetooth: SCO: Fix sco_send_frame returning skb->len (git-fixes). - Bluetooth: SCO: Replace use of memcpy_from_msg with bt_skb_sendmsg (git-fixes). - Bluetooth: btintel: Mark Intel controller to support LE_STATES quirk (git-fixes). - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x04C5:0x1675 (git-fixes). - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x04CA:0x4007 (git-fixes). - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x0CB8:0xC558 (git-fixes). - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x13D3:0x3586 (git-fixes). - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x13D3:0x3587 (git-fixes). - Bluetooth: btusb: Add support of IMC Networks PID 0x3568 (git-fixes). - Bluetooth: btusb: mediatek: fix WMT failure during runtime suspend (git-fixes). - Bluetooth: hci_bcm: Add BCM4349B1 variant (git-fixes). - Bluetooth: hci_bcm: Add DT compatible for CYW55572 (git-fixes). - Bluetooth: hci_core: Fix not handling link timeouts propertly (git-fixes). - Bluetooth: hci_intel: Add check for platform_driver_register (git-fixes). - Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times (git-fixes). - Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure (git-fixes). - Bluetooth: virtio_bt: Use skb_put to set length (git-fixes). - Decrease the number of SMB3 smbdirect client SGEs (bsc#1193629). - Documentation: ACPI: EINJ: Fix obsolete example (git-fixes). - Documentation: PM: Drop pme_interrupt reference (git-fixes). - Documentation: add description for net.core.gro_normal_batch (git-fixes). - Documentation: add description for net.sctp.ecn_enable (git-fixes). - Documentation: add description for net.sctp.intl_enable (git-fixes). - Documentation: add description for net.sctp.reconf_enable (git-fixes). - Documentation: devres: add missing I2C helper (git-fixes). - Documentation: dm writecache: Render status list as list (git-fixes). - Documentation: fix sctp_wmem in ip-sysctl.rst (git-fixes). - Documentation: fix udp_wmem_min in ip-sysctl.rst (git-fixes). - Documentation: move watch_queue to core-api (git-fixes). - Documentation: siphash: Fix typo in the name of offsetofend macro (git-fixes). - Drivers: hv: Always reserve framebuffer region for Gen1 VMs (git-fixes). - Drivers: hv: Fix syntax errors in comments (git-fixes). - Drivers: hv: Never allocate anything besides framebuffer from framebuffer memory region (git-fixes). - Drivers: hv: fix repeated words in comments (git-fixes). - Drivers: hv: remove duplicate word in a comment (git-fixes). - Drivers: hv: vmbus: Accept hv_sock offers in isolated guests (git-fixes). - Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes). - Drivers: hv: vmbus: Do not wait for the ACPI device upon initialization (git-fixes). - Drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1204017). - Drivers: hv: vmbus: Fix kernel-doc (git-fixes). - Drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017). - Drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017). - Drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017). - Drivers: hv: vmbus: Optimize vmbus_on_event (git-fixes). - Drivers: hv: vmbus: Release cpu lock in error case (git-fixes). - Drivers: hv: vmbus: Use PCI_VENDOR_ID_MICROSOFT for better discoverability (git-fixes). - Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes). - Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes). - Drivers: hv: vmbus: fix typo in comment (git-fixes). - EDAC/dmc520: Do not print an error for each unconfigured interrupt line (bsc#1190497). - EDAC/ghes: Set the DIMM label unconditionally (bsc#1201768). - Enable livepatching related packages on -RT (jsc#PED-1706) - HID: AMD_SFH: Add a DMI quirk entry for Chromebooks (git-fixes). - HID: add Lenovo Yoga C630 battery quirk (git-fixes). - HID: alps: Declare U1_UNICORN_LEGACY support (git-fixes). - HID: amd_sfh: Add NULL check for hid device (git-fixes). - HID: amd_sfh: Handle condition of 'no sensors' (git-fixes). - HID: asus: ROG NKey: Ignore portion of 0x5a report (git-fixes). - HID: core: fix shift-out-of-bounds in hid_report_raw_event (git-fixes). - HID: cp2112: prevent a buffer overflow in cp2112_xfer() (git-fixes). - HID: hid-input: add Surface Go battery quirk (git-fixes). - HID: hid-lg4ff: Add check for empty lbuf (git-fixes). - HID: hidraw: fix memory leak in hidraw_release() (git-fixes). - HID: hyperv: fix possible memory leak in mousevsc_probe() (git-fixes). - HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo (git-fixes). - HID: magicmouse: Do not set BTN_MOUSE on double report (git-fixes). - HID: mcp2221: prevent a buffer overflow in mcp_smbus_write() (git-fixes). - HID: multitouch: Add memory barriers (git-fixes). - HID: multitouch: new device class fix Lenovo X12 trackpad sticky (git-fixes). - HID: playstation: add initial DualSense Edge controller support (git-fixes). - HID: roccat: Fix use-after-free in roccat_read() (git-fixes). - HID: saitek: add madcatz variant of MMO7 mouse device ID (git-fixes). - HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report (git-fies). - HID: thrustmaster: Add sparco wheel and fix array length (git-fixes). - HID: usbhid: Add ALWAYS_POLL quirk for some mice (git-fixes). - HID: wacom: Do not register pad_input for touch switch (git-fixes). - HID: wacom: Only report rotation for art pen (git-fixes). - HSI: omap_ssi: Fix refcount leak in ssi_probe (git-fixes). - HSI: omap_ssi_port: Fix dma_map_sg error check (git-fixes). - Handle variable number of SGEs in client smbdirect send (bsc#1193629). - IB/core: Fix a nested dead lock as part of ODP flow (git-fixes) - IB/hfi1: Correctly move list in sc_disable() (git-fixes) - IB/rdmavt: Add __init/__exit annotations to module init/exit funcs (git-fixes) - IB: Set IOVA/LENGTH on IB_MR in core/uverbs layers (git-fixes) - Input: exc3000 - fix return value check of wait_for_completion_timeout (git-fixes). - Input: goodix - add compatible string for GT1158 (git-fixes). - Input: goodix - add support for GT1158 (git-fixes). - Input: goodix - try resetting the controller when no config is set (git-fixes). - Input: gscps2 - check return value of ioremap() in gscps2_probe() (git-fixes). - Input: i8042 - add TUXEDO devices to i8042 quirk tables (git-fies). - Input: i8042 - add additional TUXEDO devices to i8042 quirk tables (git-fies). - Input: i8042 - fix leaking of platform device on module removal (git-fixes). - Input: i8042 - fix refount leak on sparc (git-fixes). - Input: i8042 - merge quirk tables (git-fies). - Input: i8042 - move __initconst to fix code styling warning (git-fies). - Input: iforce - add support for Boeder Force Feedback Wheel (git-fixes). - Input: iforce - invert valid length check when fetching device IDs (git-fixes). - Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag (git-fixes). - Input: iqs62x-keys - drop unused device node references (git-fixes). - Input: melfas_mip4 - fix return value check in mip4_probe() (git-fixes). - Input: raydium_ts_i2c - fix memory leak in raydium_i2c_send() (git-fixes). - Input: rk805-pwrkey - fix module autoloading (git-fixes). - Input: snvs_pwrkey - fix SNVS_HPVIDR1 register address (git-fixes). - Input: soc_button_array - add Acer Switch V 10 to dmi_use_low_level_irq[] (git-fixes). - Input: soc_button_array - add use_low_level_irq module parameter (git-fixes). - Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode (git-fixes). - Input: synaptics-rmi4 - fix firmware update operations with bootloader v8 (git-fixes). - Input: xpad - add supported devices as contributed on github (git-fixes). - Input: xpad - fix wireless 360 controller breaking after suspend (git-fixes). - KABI: cgroup: Restore KABI of css_set (bsc#1201610). - KEYS: asymmetric: enforce SM2 signature use pkey algo (git-fixes). - KVM-x86-Avoid-theoretical-NULL-pointer-dereference-i.patch - KVM-x86-Check-lapic_in_kernel-before-attempting-to-s.patch - KVM-x86-Forbid-VMM-to-set-SYNIC-STIMER-MSRs-when-Syn.patch - KVM: LAPIC: Also cancel preemption timer during SET_LAPIC (git-fixes). - KVM: MMU: shadow nested paging does not have PKU (git-fixes). - KVM: Move wiping of the kvm->vcpus array to common code (git-fixes). - KVM: PPC: Book3S HV: Check return value of kvmppc_radix_init (bsc#1194869). - KVM: PPC: Book3S HV: Prevent POWER7/8 TLB flush flushing SLB (bsc#1156395). - KVM: PPC: Book3S HV: Remove kvmhv_p9_[set,restore]_lpcr declarations (bsc#1194869). - KVM: PPC: Book3S HV: Use GLOBAL_TOC for kvmppc_h_set_dabr/xdabr() (bsc#1156395). - KVM: PPC: Book3S HV: fix incorrect NULL check on list iterator (bsc#1194869). - KVM: PPC: Book3s HV: Remove unused function kvmppc_bad_interrupt (bsc#1194869). - KVM: PPC: Fix vmx/vsx mixup in mmio emulation (bsc#1156395). - KVM: PPC: Use arch_get_random_seed_long instead of powernv variant (bsc#1156395). - KVM: SEV: Mark nested locking of vcpu->lock (git-fixes). - KVM: SVM: Create a separate mapping for the GHCB save area (jsc#SLE-19924, jsc#SLE-24814). - KVM: SVM: Create a separate mapping for the SEV-ES save area (jsc#SLE-19924, jsc#SLE-24814). - KVM: SVM: Define sev_features and VMPL field in the VMSA (jsc#SLE-19924, jsc#SLE-24814). - KVM: SVM: Disable SEV-ES support if MMIO caching is disable (git-fixes). - KVM: SVM: Do not BUG if userspace injects an interrupt with GIF=0 (git-fixes). - KVM: SVM: Do not intercept #GP for SEV guests (git-fixes). - KVM: SVM: Exit to userspace on ENOMEM/EFAULT GHCB errors (git-fixes). - KVM: SVM: Stuff next_rip on emulated INT3 injection if NRIPS is supported (git-fixes). - KVM: SVM: Unwind 'speculative' RIP advancement if INTn injection 'fails' (git-fixes). - KVM: SVM: Update the SEV-ES save area mapping (jsc#SLE-19924, jsc#SLE-24814). - KVM: SVM: adjust register allocation for __svm_vcpu_run() (git-fixes). - KVM: SVM: fix panic on out-of-bounds guest IRQ (git-fixes). - KVM: SVM: fix tsc scaling cache logic (bsc#1203263). - KVM: SVM: move guest vmsave/vmload back to assembly (git-fixes). - KVM: SVM: replace regs argument of __svm_vcpu_run() with vcpu_svm (git-fixes). - KVM: SVM: retrieve VMCB from assembly (git-fixes). - KVM: VMX: Add helper to check if the guest PMU has PERF_GLOBAL_CTRL (git-fixes). - KVM: VMX: Drop bits 31:16 when shoving exception error code into VMCS (git-fixes). - KVM: VMX: Heed the 'msr' argument in msr_write_intercepted() (git-fixes). - KVM: VMX: Inject #PF on ENCLS as 'emulated' #PF (git-fixes). - KVM: VMX: Mark all PERF_GLOBAL_(OVF)_CTRL bits reserved if there's no vPMU (git-fixes). - KVM: VMX: Print VM-instruction error as unsigned (git-fixes). - KVM: VMX: clear vmx_x86_ops.sync_pir_to_irr if APICv is disabled (bsc#1205007). - KVM: VMX: fully disable SGX if SECONDARY_EXEC_ENCLS_EXITING unavailable (git-fixes). - KVM: VMX: prepare sync_pir_to_irr for running with APICv disabled (git-fixes). - KVM: VMX: switch blocked_vcpu_on_cpu_lock to raw spinlock (git-fixes). - KVM: X86: Fix when shadow_root_level=5 && guest root_level<4 (git-fixes). - KVM: X86: Use vcpu->arch.walk_mmu for kvm_mmu_invlpg() (git-fixes). - KVM: X86: avoid uninitialized 'fault.async_page_fault' from fixed-up #PF (git-fixes). - KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2 (bsc#1201442) - KVM: fix avic_set_running for preemptable kernels (git-fixes). - KVM: nVMX: Always enable TSC scaling for L2 when it was enabled for L1 (git-fixes). - KVM: nVMX: Attempt to load PERF_GLOBAL_CTRL on nVMX xfer iff it exists (git-fixes). - KVM: nVMX: Defer APICv updates while L2 is active until L1 is active (git-fixes). - KVM: nVMX: Ignore SIPI that arrives in L2 when vCPU is not in WFS (git-fixes). - KVM: nVMX: Inject #UD if VMXON is attempted with incompatible CR0/CR4 (git-fixes). - KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported value (git-fixes). - KVM: nVMX: Rename handle_vm{on,off}() to handle_vmx{on,off}() (git-fixes). - KVM: nVMX: Set UMIP bit CR4_FIXED1 MSR when emulating UMIP (git-fixes). - KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case (git-fixes). - KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case (git-fixes). - KVM: nVMX: Synthesize TRIPLE_FAULT for L2 if emulation is required (git-fixes). - KVM: nVMX: Unconditionally purge queued/injected events on nested 'exit' (git-fixes). - KVM: nVMX: do not use vcpu->arch.efer when checking host state on nested state load (git-fixes). - KVM: s390: Add a routine for setting userspace CPU state (git-fixes jsc#PED-611). - KVM: s390: Clarify SIGP orders versus STOP/RESTART (git-fixes). - KVM: s390: Simplify SIGP Set Arch handling (git-fixes jsc#PED-611). - KVM: s390: pv: do not allow userspace to set the clock under PV (git-fixes). - KVM: s390: pv: do not present the ecall interrupt twice (bsc#1203229 LTC#199905). - KVM: s390: pv: leak the topmost page table when destroy fails (git-fixes). - KVM: s390x: fix SCK locking (git-fixes). - KVM: selftests: Make sure kvm_create_max_vcpus test won't hit RLIMIT_NOFILE (git-fixes). - KVM: selftests: Silence compiler warning in the kvm_page_table_test (git-fixes). - KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility (git-fixes). - KVM: x86/mmu: Do not advance iterator after restart due to yielding (git-fixes). - KVM: x86/mmu: Do not freak out if pml5_root is NULL on 4-level host (git-fixes). - KVM: x86/mmu: Fix wrong/misleading comments in TDP MMU fast zap (git-fixes). - KVM: x86/mmu: Move 'invalid' check out of kvm_tdp_mmu_get_root() (git-fixes). - KVM: x86/mmu: Retry page fault if root is invalidated by memslot update (git-fixes). - KVM: x86/mmu: WARN if old _or_ new SPTE is REMOVED in non-atomic path (git-fixes). - KVM: x86/mmu: Zap _all_ roots when unmapping gfn range in TDP MMU (git-fixes). - KVM: x86/mmu: fix memoryleak in kvm_mmu_vendor_module_init() (git-fixes). - KVM: x86/mmu: include EFER.LMA in extended mmu role (git-fixes). - KVM: x86/mmu: make apf token non-zero to fix bug (git-fixes). - KVM: x86/pmu: Add pmc->intr to refactor kvm_perf_overflow{_intr}() (git-fixes). - KVM: x86/pmu: Do not truncate the PerfEvtSeln MSR when creating a perf event (git-fixes). - KVM: x86/pmu: Fix and isolate TSX-specific performance event logic (git-fixes). - KVM: x86/pmu: Fix available_event_types check for REF_CPU_CYCLES event (git-fixes). - KVM: x86/pmu: Refactoring find_arch_event() to pmc_perf_hw_id() (git-fixes). - KVM: x86/pmu: Update AMD PMC sample period to fix guest NMI-watchdog (git-fixes). - KVM: x86/pmu: Use different raw event masks for AMD and Intel (git-fixes). - KVM: x86/svm: Account for family 17h event renumberings in amd_pmc_perf_hw_id (git-fixes). - KVM: x86: Add KVM_CAP_ENABLE_CAP to x86 (git-fixes). - KVM: x86: Add compat handler for KVM_X86_SET_MSR_FILTER (git-fixes). - KVM: x86: Always set kvm_run->if_flag (git-fixes). - KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() (git-fixes). - KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq (git-fixes). - KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't activated (git-fixes). - KVM: x86: Forcibly leave nested virt when SMM state is toggled (git-fixes). - KVM: x86: Fully initialize 'struct kvm_lapic_irq' in kvm_pv_kick_cpu_op() (git-fixes). - KVM: x86: Hide IA32_PLATFORM_DCA_CAP[31:0] from the guest (git-fixes). - KVM: x86: Inject #UD on emulated XSETBV if XSAVES isn't enabled (git-fixes). - KVM: x86: Keep MSR_IA32_XSS unchanged for INIT (git-fixes). - KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.80000001H (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.80000006H (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.80000008H (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.8000001AH (git-fixes). - KVM: x86: Move lookup of indexed CPUID leafs to helper (jsc#SLE-19924, jsc#SLE-24814). - KVM: x86: Register perf callbacks after calling vendor's hardware_setup() (git-fixes). - KVM: x86: Report error when setting CPUID if Hyper-V allocation fails (git-fixes). - KVM: x86: Retry page fault if MMU reload is pending and root has no sp (bsc#1205744). - KVM: x86: SVM: do not passthrough SMAP/SMEP/PKE bits in !NPT && !gCR0.PG case (git-fixes). - KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP (git-fixes). - KVM: x86: Signal #GP, not -EPERM, on bad WRMSR(MCi_CTL/STATUS) (git-fixes). - KVM: x86: Sync the states size with the XCR0/IA32_XSS at, any time (git-fixes). - KVM: x86: Treat #DBs from the emulator as fault-like (code and DR7.GD=1) (git-fixes). - KVM: x86: Update vPMCs when retiring branch instructions (git-fixes). - KVM: x86: Update vPMCs when retiring instructions (git-fixes). - KVM: x86: Use __try_cmpxchg_user() to emulate atomic accesses (git-fixes). - KVM: x86: Use __try_cmpxchg_user() to update guest PTE A/D bits (git-fixes). - KVM: x86: avoid loading a vCPU after .vm_destroy was called (git-fixes). - KVM: x86: check PIR even for vCPUs with disabled APICv (git-fixes). - KVM: x86: do not report preemption if the steal time cache is stale (git-fixes). - KVM: x86: emulator: em_sysexit should update ctxt->mode (git-fixes). - KVM: x86: emulator: introduce emulator_recalc_and_set_mode (git-fixes). - KVM: x86: emulator: update the emulation mode after CR0 write (git-fixes). - KVM: x86: emulator: update the emulation mode after rsm (git-fixes). - KVM: x86: hyper-v: Drop redundant 'ex' parameter from kvm_hv_flush_tlb() (git-fixes). - KVM: x86: hyper-v: Drop redundant 'ex' parameter from kvm_hv_send_ipi() (git-fixes). - KVM: x86: hyper-v: HVCALL_SEND_IPI_EX is an XMM fast hypercall (git-fixes). - KVM: x86: ignore APICv if LAPIC is not enabled (git-fixes). - KVM: x86: nSVM/nVMX: set nested_run_pending on VM entry which is a result of RSM (git-fixes). - KVM: x86: nSVM: fix potential NULL derefernce on nested migration (git-fixes). - KVM: x86: nSVM: mark vmcb01 as dirty when restoring SMM saved state (git-fixes). - KVM: x86: remove PMU FIXED_CTR3 from msrs_to_save_all (git-fixes). - KVM: x86: revalidate steal time cache if MSR value changes (git-fixes). - KVM: x86: use a separate asm-offsets.c file (git-fixes). - MIPS: Loongson: Use hwmon_device_register_with_groups() to register hwmon (git-fixes). - NFC: nci: Bounds check struct nfc_target arrays (git-fixes). - NFC: nci: fix memory leak in nci_rx_data_packet() (git-fixes). - NFS: Fix WARN_ON due to unionization of nfs_inode.nrequests (git-fixes). - NFS: Fix another fsync() issue after a server reboot (git-fixes). - NFS: LOOKUP_DIRECTORY is also ok with symlinks (git-fixes). - NFSD: Clamp WRITE offsets (git-fixes). - NFSD: Clean up the show_nf_flags() macro (git-fixes). - NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes (git-fixes). - NFSD: Fix ia_size underflow (git-fixes). - NFSD: Fix offset type in I/O trace points (git-fixes). - NFSD: Fix possible sleep during nfsd4_release_lockowner() (git-fixes). - NFSD: prevent integer overflow on 32 bit systems (git-fixes). - NFSD: prevent underflow in nfssvc_decode_writeargs() (git-fixes). - NFSD: restore EINVAL error translation in nfsd_commit() (git-fixes). - NFSv4.1: Do not decrease the value of seq_nr_highest_sent (git-fixes). - NFSv4.1: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly (git-fixes). - NFSv4.1: RECLAIM_COMPLETE must handle EACCES (git-fixes). - NFSv4.2 fix problems with __nfs42_ssc_open (git-fixes). - NFSv4.2: Update mode bits after ALLOCATE and DEALLOCATE (git-fixes). - NFSv4: Fix races in the legacy idmapper upcall (git-fixes). - NFSv4: Fixes for nfs4_inode_return_delegation() (git-fixes). - NFSv4: Turn off open-by-filehandle and NFS re-export for NFSv4.0 (git-fixes). - NTB: ntb_tool: uninitialized heap data in tool_fn_write() (git-fixes). - PCI/ACPI: Guard ARM64-specific mcfg_quirks (git-fixes). - PCI/AER: Iterate over error counters instead of error strings (git-fixes). - PCI/ASPM: Correct LTR_L1.2_THRESHOLD computation (git-fixes). - PCI/ASPM: Ignore L1 PM Substates if device lacks capability (git-fixes). - PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited (jsc#PED-387). - PCI/portdrv: Do not disable AER reporting in get_port_device_capability() (git-fixes). - PCI: Add ACS quirk for Broadcom BCM5750x NICs (git-fixes). - PCI: Correct misspelled words (git-fixes). - PCI: Disable MSI for Tegra234 Root Ports (git-fixes). - PCI: Fix used_buses calculation in pci_scan_child_bus_extend() (git-fixes). - PCI: Move PCI_VENDOR_ID_MICROSOFT/PCI_DEVICE_ID_HYPERV_VIDEO definitions to pci_ids.h (git-fixes). - PCI: Prefer 'unsigned int' over bare 'unsigned' (git-fixes). - PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge (git-fixes). - PCI: aardvark: Fix reporting Slot capabilities on emulated bridge (git-fixes). - PCI: dwc: Add unroll iATU space support to dw_pcie_disable_atu() (git-fixes). - PCI: dwc: Always enable CDM check if 'snps,enable-cdm-check' exists (git-fixes). - PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors (git-fixes). - PCI: dwc: Disable outbound windows only for controllers using iATU (git-fixes). - PCI: dwc: Set INCREASE_REGION_SIZE flag based on limit address (git-fixes). - PCI: dwc: Stop link on host_init errors and de-initialization (git-fixes). - PCI: endpoint: Do not stop controller when unbinding endpoint function (git-fixes). - PCI: hv: Add validation for untrusted Hyper-V values (git-fixes). - PCI: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (bsc#1204017). - PCI: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (bsc#1204017). - PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (git-fixes). - PCI: hv: Only reuse existing IRTE allocation for Multi-MSI (bsc#1200845). - PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (bsc#1204017). - PCI: mediatek-gen3: Change driver name to mtk-pcie-gen3 (git-fixes). - PCI: microchip: Fix refcount leak in mc_pcie_init_irq_domains() (git-fixes). - PCI: qcom: Power on PHY before IPQ8074 DBI register accesses (git-fixes). - PCI: qcom: Set up rev 2.1.0 PARF_PHY before enabling clocks (git-fixes). - PCI: tegra194: Fix PM error handling in tegra_pcie_config_ep() (git-fixes). - PCI: tegra194: Fix Root Port interrupt handling (git-fixes). - PCI: tegra194: Fix link up retry sequence (git-fixes). - PM: domains: Ensure genpd_debugfs_dir exists before remove (git-fixes). - PM: domains: Fix handling of unavailable/disabled idle states (git-fixes). - PM: hibernate: Allow hybrid sleep to work with s2idle (git-fixes). - PM: hibernate: defer device probing when resuming from hibernation (git-fixes). - RDMA/cm: Fix memory leak in ib_cm_insert_listen (git-fixes) - RDMA/cm: Use SLID in the work completion as the DLID in responder side (git-fixes) - RDMA/cma: Fix arguments order in net device validation (git-fixes) - RDMA/cma: Use output interface for net_dev check (git-fixes) - RDMA/core: Fix null-ptr-deref in ib_core_cleanup() (git-fixes) - RDMA/hfi1: Fix potential integer multiplication overflow errors (git-fixes) - RDMA/hfi1: Prevent panic when SDMA is disabled (git-fixes) - RDMA/hfi1: Prevent use of lock before it is initialized (git-fixes) - RDMA/hfi1: fix potential memory leak in setup_base_ctxt() (git-fixes) - RDMA/hns: Add the detection for CMDQ status in the device initialization process (git-fixes) - RDMA/hns: Correct the type of variables participating in the shift operation (git-fixes) - RDMA/hns: Disable local invalidate operation (git-fixes) - RDMA/hns: Fix incorrect clearing of interrupt status register (git-fixes) - RDMA/hns: Fix supported page size (git-fixes) - RDMA/hns: Fix wrong fixed value of qp->rq.wqe_shift (git-fixes) - RDMA/hns: Remove magic number (git-fixes) - RDMA/hns: Remove the num_cqc_timer variable (git-fixes) - RDMA/hns: Remove the num_qpc_timer variable (git-fixes) - RDMA/hns: Remove unnecessary check for the sgid_attr when modifying QP (git-fixes) - RDMA/hns: Replace tab with space in the right-side comments (git-fixes) - RDMA/hns: Use hr_reg_xxx() instead of remaining roce_set_xxx() (git-fixes) - RDMA/irdma: Add support for address handle re-use (git-fixes) - RDMA/irdma: Align AE id codes to correct flush code and event (git-fixes) - RDMA/irdma: Do not advertise 1GB page size for x722 (git-fixes) - RDMA/irdma: Fix VLAN connection with wildcard address (git-fixes) - RDMA/irdma: Fix a window for use-after-free (git-fixes) - RDMA/irdma: Fix deadlock in irdma_cleanup_cm_core() (git-fixes) - RDMA/irdma: Fix setting of QP context err_rq_idx_valid field (git-fixes) - RDMA/irdma: Fix sleep from invalid context BUG (git-fixes) - RDMA/irdma: Move union irdma_sockaddr to header file (git-fixes) - RDMA/irdma: Remove the unnecessary variable saddr (git-fixes) - RDMA/irdma: Report RNR NAK generation in device caps (git-fixes) - RDMA/irdma: Report the correct max cqes from query device (git-fixes) - RDMA/irdma: Return correct WC error for bind operation failure (git-fixes) - RDMA/irdma: Return error on MR deregister CQP failure (git-fixes) - RDMA/irdma: Use net_type to check network type (git-fixes) - RDMA/irdma: Use s/g array in post send only when its valid (git-fixes) - RDMA/irdma: Validate udata inlen and outlen (git-fixes) - RDMA/mlx5: Add missing check for return value in get namespace flow (git-fixes) - RDMA/mlx5: Do not compare mkey tags in DEVX indirect mkey (git-fixes) - RDMA/mlx5: Set local port to one when accessing counters (git-fixes) - RDMA/qedr: Fix potential memory leak in __qedr_alloc_mr() (git-fixes) - RDMA/qedr: Fix reporting QP timeout attribute (git-fixes) - RDMA/qedr: clean up work queue on failure in qedr_alloc_resources() (git-fixes) - RDMA/rtrs-clt: Use the right sg_cnt after ib_dma_map_sg (git-fixes) - RDMA/rtrs-srv: Fix modinfo output for stringify (git-fixes) - RDMA/rxe: Fix 'kernel NULL pointer dereference' error (git-fixes) - RDMA/rxe: Fix deadlock in rxe_do_local_ops() (git-fixes) - RDMA/rxe: Fix error unwind in rxe_create_qp() (git-fixes) - RDMA/rxe: Fix mw bind to allow any consumer key portion (git-fixes) - RDMA/rxe: Fix resize_finish() in rxe_queue.c (git-fixes) - RDMA/rxe: Fix rnr retry behavior (git-fixes) - RDMA/rxe: Fix the error caused by qp->sk (git-fixes) - RDMA/rxe: For invalidate compare according to set keys in mr (git-fixes) - RDMA/rxe: Generate a completion for unsupported/invalid opcode (git-fixes) - RDMA/rxe: Limit the number of calls to each tasklet (git-fixes) - RDMA/rxe: Remove useless pkt parameters (git-fixes) - RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall. (git-fixes) - RDMA/siw: Fix QP destroy to wait for all references dropped. (git-fixes) - RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event (git-fixes) - RDMA/siw: Pass a pointer to virt_to_page() (git-fixes) - RDMA/srp: Fix srp_abort() (git-fixes) - RDMA/srp: Handle dev_set_name() failure (git-fixes) - RDMA/srp: Rework the srp_add_port() error path (git-fixes) - RDMA/srp: Set scmnd->result only when scmnd is not NULL (git-fixes) - RDMA/srp: Support more than 255 rdma ports (git-fixes) - RDMA/srp: Use the attribute group mechanism for sysfs attributes (git-fixes) - RDMA/srpt: Duplicate port name members (git-fixes) - RDMA/srpt: Fix a use-after-free (git-fixes) - RDMA/srpt: Introduce a reference count in struct srpt_device (git-fixes) - RDMA/usnic: fix set-but-not-unused variable 'flags' warning (git-fixes) - RDMA: remove useless condition in siw_create_cq() (git-fixes) - Reduce client smbdirect max receive segment size (bsc#1193629). - Refresh nvme in-band authentication patches (bsc#1199086) - Refresh patches.suse/iommu-vt-d-Acquiring-lock-in-domain-ID-allocation-helpers Fix spin deadlock in intel_iommu (bsc#1203505) - Refresh patches.suse/iwlwifi-module-firmware-ucode-fix.patch (bsc#1202131) Now iwlwifi queries *-72.ucode, but again, this is non-existing version. Correct to the existing *-71.ucode - Refresh patches.suse/ppc64-kdump-Limit-kdump-base-to-512MB.patch to upstream version. - Remove doubly applied amdgpu patches - Replace the in-house patch by the above upstream version, patches.suse/md-raid0-fix-buffer-overflow-at-debug-print.patch. - Revert 'ALSA: hda: cs35l41: Allow compilation test on non-ACPI configurations' (bsc#1203699). - Revert 'ALSA: usb-audio: Split endpoint setups for hw_params and prepare' (git-fixes). - Revert 'SUNRPC: Remove unreachable error condition' (git-fixes). - Revert 'arm64: Mitigate MTE issues with str{n}cmp()' (git-fixes) - Revert 'clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops' (git-fixes). - Revert 'constraints: increase disk space for all architectures' (bsc#1203693). This reverts commit 43a9011f904bc7328d38dc340f5e71aecb6b19ca. - Revert 'crypto: qat - reduce size of mapped region' (git-fixes). - Revert 'drivers/video/backlight/platform_lcd.c: add support for device tree based probe' (git-fixes). - Revert 'drm/amdgpu: use dirty framebuffer helper' (git-fixes). - Revert 'drm/i915: Hold reference to intel_context over life of i915_request' (git-fixes). - Revert 'drm/udl: Kill pending URBs at suspend and disconnect' (bsc#1195917). - Revert 'drm/vc4: hvs: Reset muxes at probe time (git-fixes).' (bsc#1202341) This reverts commit 303122d0f2160411fa1068220bc59849d848550d. The reverted change clears hardware state on the RPi4, which leaves the screen blank. Without it, the display works correctly. - Revert 'drm: bridge: analogix/dp: add panel prepare/unprepare in suspend/resume time' (git-fixes). - Revert 'firmware: arm_scmi: Add clock management to the SCMI power domain' (git-fixes). - Revert 'ice: Hide bus-info in ethtool for PRs in switchdev mode' (git-fixes). - Revert 'ipv6: Honor all IPv6 PIO Valid Lifetime values' (bsc#1202989). - Revert 'net: phy: meson-gxl: improve link-up behavior' (git-fixes). - Revert 'net: usb: ax88179_178a needs FLAG_SEND_ZLP' (git-fixes). - Revert 'pNFS: nfs3_set_ds_client should set NFS_CS_NOPING' (git-fixes). - Revert 'powerpc/rtas: Implement reentrant rtas call' (bsc#1203664 ltc#199236). - Revert 'scripts/mod/modpost.c: permit '.cranges' secton for sh64 architecture.' (git-fixes). - Revert 'tty: n_gsm: avoid call of sleeping functions from atomic context' (git-fixes). - Revert 'tty: n_gsm: replace kicktimer with delayed_work' (git-fixes). - Revert 'usb: add quirks for Lenovo OneLink+ Dock' (git-fixes). - Revert 'usb: dwc3: disable USB core PHY management' (git-fixes). - Revert 'usb: gadget: udc-xilinx: replace memcpy with memcpy_toio' (git-fixes). - Revert 'usb: storage: Add quirk for Samsung Fit flash' (git-fixes). - Revert 'workqueue: remove unused cancel_work()' (bsc#1204933). - Revert 'x86/sev: Expose sev_es_ghcb_hv_call() for use by HyperV' (bsc#1190497). - Revert selftest patches that have been reverted in stable-5.15.y - SCSI: scsi_probe_lun: retry INQUIRY after timeout (bsc#1189297). - SMB3: fix lease break timeout when multiple deferred close handles for the same file (bsc#1193629). - SUNRPC: Do not call connect() more than once on a TCP socket (git-fixes). - SUNRPC: Do not leak sockets in xs_local_connect() (git-fixes). - SUNRPC: Fix NFSD's request deferral on RDMA transports (git-fixes). - SUNRPC: Fix READ_PLUS crasher (git-fixes). - SUNRPC: Fix xdr_encode_bool() (git-fixes). - SUNRPC: Prevent immediate close+reconnect (git-fixes). - SUNRPC: RPC level errors should set task->tk_rpc_status (git-fixes). - SUNRPC: Reinitialise the backchannel request buffers before reuse (git-fixes). - USB: Fix ehci infinite suspend-resume loop issue in zhaoxin (git-fixes). - USB: Follow-up to SPDX GPL-2.0+ identifiers addition - remove now useless comments (git-fixes). - USB: Follow-up to SPDX identifiers addition - remove now useless comments (git-fixes). - USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM (git-fixes). - USB: bcma: Make GPIO explicitly optional (git-fixes). - USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (git-fixes). - USB: core: Fix RST error in hub.c (git-fixes). - USB: core: Prevent nested device-reset calls (git-fixes). - USB: serial: ch314: use usb_control_msg_recv() (git-fixes). - USB: serial: ch341: fix disabled rx timer on older devices (git-fixes). - USB: serial: ch341: fix lost character on LCR updates (git-fixes). - USB: serial: console: move mutex_unlock() before usb_serial_put() (git-fixes). - USB: serial: cp210x: add Decagon UCA device id (git-fixes). - USB: serial: fix tty-port initialized comments (git-fixes). - USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id (git-fixes). - USB: serial: ftdi_sio: fix 300 bps rate for SIO (git-fixes). - USB: serial: option: add Fibocom FM160 0x0111 composition (git-fixes). - USB: serial: option: add Quectel BG95 0x0203 composition (git-fixes). - USB: serial: option: add Quectel EM060K modem (git-fixes). - USB: serial: option: add Quectel RM520N (git-fixes). - USB: serial: option: add Sierra Wireless EM9191 (git-fixes). - USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode (git-fixes). - USB: serial: option: add support for OPPO R11 diag port (git-fixes). - USB: serial: option: add u-blox LARA-L6 modem (git-fixes). - USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes). - USB: serial: option: remove old LARA-R6 PID (git-fixes). - USB: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes). - XArray: Update the LRU list in xas_split() (git-fixes). - add another bug reference to some hyperv changes (bsc#1205617). - apparmor: Fix failed mount permission check error message (git-fixes). - apparmor: Fix memleak in aa_simple_write_to_buffer() (git-fixes). - apparmor: fix aa_label_asxprint return check (git-fixes). - apparmor: fix absroot causing audited secids to begin with = (git-fixes). - apparmor: fix overlapping attachment computation (git-fixes). - apparmor: fix quiet_denied for file rules (git-fixes). - apparmor: fix reference count leak in aa_pivotroot() (git-fixes). - apparmor: fix setting unconfined mode on a loaded profile (git-fixes). - arcnet: fix potential memory leak in com20020_probe() (git-fixes). - arm64/bti: Disable in kernel BTI when cross section thunks are broken (git-fixes) - arm64/mm: Consolidate TCR_EL1 fields (git-fixes). - arm64/syscall: Include asm/ptrace.h in syscall_wrapper header (git-fixes). - arm64: Add AMPERE1 to the Spectre-BHB affected list (git-fixes). - arm64: Do not forget syscall when starting a new thread (git-fixes). - arm64: Fix bit-shifting UB in the MIDR_CPU_MODEL() macro (git-fixes) - arm64: Fix match_list for erratum 1286807 on Arm Cortex-A76 (git-fixes). - arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1 (git-fixes). - arm64: dts: allwinner: a64: orangepi-win: Fix LED node name (git-fixes). - arm64: dts: imx8: correct clock order (git-fixes). - arm64: dts: imx8mm: Fix NAND controller size-cells (git-fixes). - arm64: dts: imx8mn: Fix NAND controller size-cells (git-fixes). - arm64: dts: imx8mp: Add snps,gfladj-refclk-lpm-sel quirk to USB nodes (git-fixes). - arm64: dts: imx8mq-librem5: Add bq25895 as max17055's power supply (git-fixes). - arm64: dts: juno: Add thermal critical trip points (git-fixes). - arm64: dts: ls1088a: specify clock frequencies for the MDIO controllers (git-fixes). - arm64: dts: ls208xa: specify clock frequencies for the MDIO controllers (git-fixes). - arm64: dts: lx2160a: specify clock frequencies for the MDIO controllers (git-fixes). - arm64: dts: mt7622: fix BPI-R64 WPS button (git-fixes). - arm64: dts: mt8192: Fix idle-states entry-method (git-fixes). - arm64: dts: mt8192: Fix idle-states nodes naming scheme (git-fixes). - arm64: dts: qcom: ipq8074: fix NAND node name (git-fixes). - arm64: dts: qcom: msm8916: Fix typo in pronto remoteproc node (git-fixes). - arm64: dts: qcom: qcs404: Fix incorrect USB2 PHYs assignment (git-fixes). - arm64: dts: qcom: sa8155p-adp: Specify which LDO modes are allowed (git-fixes). - arm64: dts: qcom: sc7280: Cleanup the lpasscc node (git-fixes). - arm64: dts: qcom: sm8150-xperia-kumano: Specify which LDO modes are allowed (git-fixes). - arm64: dts: qcom: sm8250-xperia-edo: Specify which LDO modes are allowed (git-fixes). - arm64: dts: qcom: sm8250: add missing PCIe PHY clock-cells (git-fixes). - arm64: dts: qcom: sm8350-hdk: Specify which LDO modes are allowed (git-fixes). - arm64: dts: qcom: sm8350: fix UFS PHY serdes size (git-fixes). - arm64: dts: renesas: Fix thermal-sensors on single-zone sensors (git-fixes). - arm64: dts: renesas: beacon: Fix regulator node names (git-fixes). - arm64: dts: rockchip: Fix typo in lisense text for PX30.Core (git-fixes). - arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob (git-fixes). - arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma (git-fixes). - arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz (git-fixes). - arm64: dts: rockchip: add enable-strobe-pulldown to emmc phy on nanopi4 (git-fixes). - arm64: dts: rockchip: lower rk3399-puma-haikou SD controller clock frequency (git-fixes). - arm64: dts: ti: k3-j7200: fix main pinmux range (git-fixes). - arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC (git-fixes). - arm64: efi: Fix handling of misaligned runtime regions and drop warning (git-fixes). - arm64: entry: avoid kprobe recursion (git-fixes). - arm64: errata: Add Cortex-A510 to the repeat tlbi list (git-fixes) Enable this errata fix configuration option to arm64/default. - arm64: errata: Add Cortex-A55 to the repeat tlbi list (git-fixes). Enable CONFIG_ARM64_ERRATUM_2441007, too - arm64: errata: Remove AES hwcap for COMPAT tasks (git-fixes) Enable CONFIG_ARM64_ERRATUM_1742098 in arm64/default - arm64: fix oops in concurrently setting insn_emulation sysctls (git-fixes). - arm64: fix rodata=full (git-fixes). - arm64: fix rodata=full again (git-fixes) - arm64: ftrace: fix module PLTs with mcount (git-fixes). - arm64: kasan: Revert 'arm64: mte: reset the page tag in page->flags' (git-fixes). - arm64: kexec_file: use more system keyrings to verify kernel image signature (bsc#1196444). - arm64: lib: Import latest version of Arm Optimized Routines' strcmp (git-fixes) - arm64: mte: Avoid setting PG_mte_tagged if no tags cleared or restored (git-fixes). - arm64: select TRACE_IRQFLAGS_NMI_SUPPORT (git-fixes) - arm64: set UXN on swapper page tables (git-fixes). - arm64: tegra: Fix SDMMC1 CD on P2888 (git-fixes). - arm64: tegra: Fixup SYSRAM references (git-fixes). - arm64: tegra: Mark BPMP channels as no-memory-wc (git-fixes). - arm64: tegra: Update Tegra234 BPMP channel addresses (git-fixes). - arm64: topology: fix possible overflow in amu_fie_setup() (git-fixes). - arm64: topology: move store_cpu_topology() to shared code (git-fixes). - arm_pmu: Validate single/group leader events (git-fixes). - asm-generic: remove a broken and needless ifdef conditional (git-fixes). - asm-generic: sections: refactor memory_intersects (git-fixes). - ata: ahci-imx: Fix MODULE_ALIAS (git-fixes). - ata: fix ata_id_has_devslp() (git-fixes). - ata: fix ata_id_has_dipm() (git-fixes). - ata: fix ata_id_has_ncq_autosense() (git-fixes). - ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting() (git-fixes). - ata: libahci_platform: Sanity check the DT child nodes number (git-fixes). - ata: libata-core: do not issue non-internal commands once EH is pending (git-fixes). - ata: libata-eh: Add missing command name (git-fixes). - ata: libata-scsi: fix SYNCHRONIZE CACHE (16) command failure (git-fixes). - ata: libata-scsi: simplify __ata_scsi_queuecmd() (git-fixes). - ata: libata-transport: fix double ata_host_put() in ata_tport_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tdev_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tlink_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tport_add() (git-fixes). - ata: pata_legacy: fix pdc20230_set_piomode() (git-fixes). - ath10k: do not enforce interrupt trigger type (git-fixes). - ath11k: Fix incorrect debug_mask mappings (git-fixes). - ath11k: fix netdev open race (git-fixes). - atm: idt77252: fix use-after-free bugs caused by tst_timer (git-fixes). - audit: fix potential double free on error path from fsnotify_add_inode_mark (git-fixes). - audit: fix undefined behavior in bit shift for AUDIT_BIT (git-fixes). - ax25: Fix ax25 session cleanup problems (git-fixes). - batman-adv: Fix hang up with small MTU hard-interface (git-fixes). - bitfield.h: Fix 'type of reg too small for mask' test (git-fixes). - blk-cgroup: fix missing put device in error path from blkg_conf_pref() (git-fixes). - blk-mq: Properly init requests from blk_mq_alloc_request_hctx() (git-fixes). - blk-mq: do not create hctx debugfs dir until q->debugfs_dir is created (git-fixes). - blk-mq: fix io hung due to missing commit_rqs (git-fixes). - blk-wbt: call rq_qos_add() after wb_normal is initialized (git-fixes). - blktrace: Trace remapped requests correctly (git-fixes). - block/rnbd-srv: Set keep_id to true after mutex_trylock (git-fixes). - block: Do not reread partition table on exclusively open device (bsc#1190969). - block: Fix fsync always failed if once failed (bsc#1202779). - block: Fix wrong offset in bio_truncate() (bsc#1202780). - block: add bio_start_io_acct_time() to control start_time (git-fixes). - block: blk_queue_enter() / __bio_queue_enter() must return -EAGAIN for nowait (git-fixes). - block: drop unused includes in <linux/genhd.h> (git-fixes). - block: fix rq-qos breakage from skipping rq_qos_done_bio() (bsc#1202781). - block: only mark bio as tracked if it really is tracked (bsc#1202782). - bnx2x: Invalidate fastpath HSI version for VFs (git-fixes). - bnx2x: Utilize firmware 7.13.21.0 (git-fixes). - bnx2x: fix built-in kernel driver load failure (git-fixes). - bnx2x: fix driver load from initrd (git-fixes). - bnxt_en: Fix bnxt_refclk_read() (git-fixes). - bnxt_en: Fix bnxt_reinit_after_abort() code path (git-fixes). - bnxt_en: fix livepatch query (git-fixes). - bnxt_en: reclaim max resources if sriov enable fails (git-fixes). - bonding: 802.3ad: fix no transmission of LACPDUs (git-fixes). - bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers (git-fixes). - bridge: switchdev: Fix memory leaks when changing VLAN protocol (git-fixes). - btrfs-fix-deadlock-between-quota-enable-and-other-qu.patch: (bsc#1205521). - btrfs: check if root is readonly while setting security xattr (bsc#1206147). - btrfs: do not allow compression on nodatacow files (bsc#1206149). - btrfs: export a helper for compression hard check (bsc#1206149). - btrfs: fix processing of delayed data refs during backref walking (bsc#1206056). - btrfs: fix processing of delayed tree block refs during backref walking (bsc#1206057). - btrfs: fix relocation crash due to premature return from btrfs_commit_transaction() (bsc#1203360). - btrfs: fix space cache corruption and potential double allocations (bsc#1203361). - btrfs: prevent subvol with swapfile from being deleted (bsc#1206035). - btrfs: properly flag filesystem with BTRFS_FEATURE_INCOMPAT_BIG_METADATA (git-fixes). - btrfs: send: always use the rbtree based inode ref management infrastructure (bsc#1206036). - btrfs: send: fix failures when processing inodes with no links (bsc#1206036). - btrfs: send: fix send failure of a subcase of orphan inodes (bsc#1206036). - btrfs: send: fix sending link commands for existing file paths (bsc#1206036). - btrfs: send: introduce recorded_ref_alloc and recorded_ref_free (bsc#1206036). - btrfs: send: refactor arguments of get_inode_info() (bsc#1206036). - btrfs: send: remove unused found_type parameter to lookup_dir_item_inode() (bsc#1206036). - btrfs: send: remove unused type parameter to iterate_inode_ref_t (bsc#1206036). - btrfs: send: use boolean types for current inode status (bsc#1206036). - bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe() (git-fixes). - bus: sunxi-rsb: Remove the shutdown callback (git-fixes). - bus: sunxi-rsb: Support atomic transfers (git-fixes). - ca8210: Fix crash by zero initializing data (git-fixes). - can: Break loopback loop on loopback documentation (git-fixes). - can: af_can: fix NULL pointer dereference in can_rx_register() (git-fixes). - can: bcm: check the result of can_send() in bcm_can_tx() (git-fixes). - can: cc770: cc770_isa_probe(): add missing free_cc770dev() (git-fixes). - can: do not increase rx statistics when generating a CAN rx error message frame (git-fixes). - can: do not increase rx_bytes statistics for RTR frames (git-fixes). - can: ems_usb: fix clang's -Wunaligned-access warning (git-fixes). - can: error: specify the values of data[5..7] of CAN error frames (git-fixes). - can: etas_es58x: es58x_init_netdev(): free netdev when register_candev() (git-fixes). - can: gs_usb: gs_can_open(): fix race dev->can.state condition (git-fixes). - can: hi311x: do not report txerr and rxerr during bus-off (git-fixes). - can: j1939: j1939_send_one(): fix missing CAN header initialization (git-fixes). - can: j1939: j1939_sk_queue_activate_next_locked(): replace WARN_ON_ONCE with netdev_warn_once() (git-fixes). - can: j1939: transport: j1939_session_skb_drop_old(): spin_unlock_irqrestore() before kfree_skb() (git-fixes). - can: kvaser_usb: Fix possible completions during init_completion (git-fixes). - can: kvaser_usb: Fix use of uninitialized completion (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency regression (git-fixes). - can: kvaser_usb: make use of units.h in assignment of frequency (git-fixes). - can: kvaser_usb: replace run-time checks with struct kvaser_usb_driver_info (git-fixes). - can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off (git-fixes). - can: kvaser_usb_leaf: Fix CAN state after restart (git-fixes). - can: kvaser_usb_leaf: Fix TX queue out of sync after restart (git-fixes). - can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off (git-fixes). - can: m_can: Add check for devm_clk_get (git-fixes). - can: m_can: fix typo prescalar -> prescaler (git-fixes). - can: m_can: is_lec_err(): clean up LEC error handling (git-fixes). - can: m_can: pci: add missing m_can_class_free_dev() in probe/remove methods (git-fixes). - can: mcp251x: Fix race condition on receive interrupt (git-fixes). - can: mcp251x: mcp251x_can_probe(): add missing unregister_candev() in error path (git-fixes). - can: mcp251xfd: mcp251xfd_dump(): fix comment (git-fixes). - can: mcp251xfd: mcp251xfd_register_get_dev_id(): fix endianness conversion (git-fixes). - can: mcp251xfd: mcp251xfd_register_get_dev_id(): use correct length to read dev_id (git-fixes). - can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path (git-fixes). - can: netlink: allow configuring of fixed bit rates without need for do_set_bittiming callback (git-fixes). - can: netlink: allow configuring of fixed data bit rates without need for do_set_data_bittiming callback (git-fixes). - can: pch_can: do not report txerr and rxerr during bus-off (git-fixes). - can: pch_can: pch_can_error(): initialize errc before using it (git-fixes). - can: rcar_can: do not report txerr and rxerr during bus-off (git-fixes). - can: rx-offload: can_rx_offload_init_queue(): fix typo (git-fixes). - can: sja1000: do not report txerr and rxerr during bus-off (git-fixes). - can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev() (git-fixes). - can: sun4i_can: do not report txerr and rxerr during bus-off (git-fixes). - can: usb_8dev: do not report txerr and rxerr during bus-off (git-fixes). - capabilities: fix potential memleak on error path from vfs_getxattr_alloc() (git-fixes). - capabilities: fix undefined behavior in bit shift for CAP_TO_MASK (git-fixes). - ceph: allow ceph.dir.rctime xattr to be updatable (bsc#1206050). - ceph: avoid putting the realm twice when decoding snaps fails (bsc#1206051). - ceph: do not leak snap_rwsem in handle_cap_grant (bsc#1202823). - ceph: do not truncate file in atomic_open (bsc#1202824). - ceph: do not update snapshot context when there is no new snapshot (bsc#1206047). - ceph: fix inode reference leakage in ceph_get_snapdir() (bsc#1206048). - ceph: fix memory leak in ceph_readdir when note_last_dentry returns error (bsc#1206049). - ceph: properly handle statfs on multifs setups (bsc#1206045). - ceph: switch netfs read ops to use rreq->inode instead of rreq->mapping->host (bsc#1206046). - ceph: use correct index when encoding client supported features (bsc#1202822). - cfg80211/mac80211: assume CHECKSUM_COMPLETE includes SNAP (bsc#1202131). - cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset (bsc#1204753). - cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all() (bsc#1196869). - cgroup: Fix race condition at rebind_subsystems() (bsc#1203902). - cgroup: Fix threadgroup_rwsem <-> cpus_read_lock() deadlock (bsc#1196869). - cgroup: Use separate src/dst nodes when preloading css_sets for migration (bsc#1201610). - cgroup: cgroup_get_from_id() must check the looked-up kn is a directory (bsc#1203906). - char: tpm: Protect tpm_pm_suspend with locks (git-fixes). - cifs: Add constructor/destructors for tcon->cfid (bsc#1193629). - cifs: Add helper function to check smb1+ server (bsc#1193629). - cifs: Do not access tcon->cfids->cfid directly from is_path_accessible (bsc#1193629). - cifs: Do not use tcon->cfid directly, use the cfid we get from open_cached_dir (bsc#1193629). - cifs: Fix connections leak when tlink setup failed (git-fixes). - cifs: Fix memory leak on the deferred close (bsc#1193629). - cifs: Fix memory leak when build ntlmssp negotiate blob failed (bsc#1193629). - cifs: Fix pages array leak when writedata alloc failed in cifs_writedata_alloc() (bsc#1193629). - cifs: Fix pages leak when writedata alloc failed in cifs_write_from_iter() (bsc#1193629). - cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message (bsc#1193629). - cifs: Fix wrong return value checking when GETFLAGS (git-fixes). - cifs: Fix xid leak in cifs_copy_file_range() (bsc#1193629). - cifs: Fix xid leak in cifs_create() (bsc#1193629). - cifs: Fix xid leak in cifs_flock() (bsc#1193629). - cifs: Fix xid leak in cifs_get_file_info_unix() (bsc#1193629). - cifs: Fix xid leak in cifs_ses_add_channel() (bsc#1193629). - cifs: Make tcon contain a wrapper structure cached_fids instead of cached_fid (bsc#1193629). - cifs: Move cached-dir functions into a separate file (bsc#1193629). - cifs: Replace a couple of one-element arrays with flexible-array members (bsc#1193629). - cifs: Use after free in debug code (git-fixes). - cifs: Use help macro to get the header preamble size (bsc#1193629). - cifs: Use help macro to get the mid header size (bsc#1193629). - cifs: add check for returning value of SMB2_close_init (git-fixes). - cifs: add check for returning value of SMB2_set_info_init (git-fixes). - cifs: add missing spinlock around tcon refcount (bsc#1193629). - cifs: alloc_mid function should be marked as static (bsc#1193629). - cifs: always initialize struct msghdr smb_msg completely (bsc#1193629). - cifs: always iterate smb sessions using primary channel (bsc#1193629). - cifs: avoid deadlocks while updating iface (bsc#1193629). - cifs: avoid unnecessary iteration of tcp sessions (bsc#1193629). - cifs: avoid use of global locks for high contention data (bsc#1193629). - cifs: cache the dirents for entries in a cached directory (bsc#1193629). - cifs: change iface_list from array to sorted linked list (bsc#1193629). - cifs: destage dirty pages before re-reading them for cache=none (bsc#1193629). - cifs: do not send down the destination address to sendmsg for a SOCK_STREAM (bsc#1193629). - cifs: drop the lease for cached directories on rmdir or rename (bsc#1193629). - cifs: during reconnect, update interface if necessary (bsc#1193629). - cifs: enable caching of directories for which a lease is held (bsc#1193629). - cifs: find and use the dentry for cached non-root directories also (bsc#1193629). - cifs: fix double-fault crash during ntlmssp (bsc#1193629). - cifs: fix lock length calculation (bsc#1193629). - cifs: fix memory leaks in session setup (bsc#1193629). - cifs: fix missing unlock in cifs_file_copychunk_range() (git-fixes). - cifs: fix race condition with delayed threads (bsc#1193629). - cifs: fix reconnect on smb3 mount types (bsc#1201427). - cifs: fix skipping to incorrect offset in emit_cached_dirents (bsc#1193629). - cifs: fix small mempool leak in SMB2_negotiate() (bsc#1193629). - cifs: fix static checker warning (bsc#1193629). - cifs: fix uninitialised var in smb2_compound_op() (bsc#1193629). - cifs: fix use-after-free caused by invalid pointer `hostname` (bsc#1193629). - cifs: fix use-after-free on the link name (bsc#1193629). - cifs: fix wrong unlock before return from cifs_tree_connect() (bsc#1193629). - cifs: improve handlecaching (bsc#1193629). - cifs: improve symlink handling for smb2+ (bsc#1193629). - cifs: lease key is uninitialized in smb1 paths (bsc#1193629). - cifs: lease key is uninitialized in two additional functions when smb1 (bsc#1193629). - cifs: list_for_each() -> list_for_each_entry() (bsc#1193629). - cifs: misc: fix spelling typo in comment (bsc#1193629). - cifs: move from strlcpy with unused retval to strscpy (bsc#1193629). - cifs: periodically query network interfaces from server (bsc#1193629). - cifs: populate empty hostnames for extra channels (bsc#1193629). - cifs: prevent copying past input buffer boundaries (bsc#1193629). - cifs: remove 'cifs_' prefix from init/destroy mids functions (bsc#1193629). - cifs: remove initialization value (bsc#1193629). - cifs: remove minor build warning (bsc#1193629). - cifs: remove redundant initialization to variable mnt_sign_enabled (bsc#1193629). - cifs: remove remaining build warnings (bsc#1193629). - cifs: remove some camelCase and also some static build warnings (bsc#1193629). - cifs: remove unnecessary (void*) conversions (bsc#1193629). - cifs: remove unnecessary locking of chan_lock while freeing session (bsc#1193629). - cifs: remove unnecessary type castings (bsc#1193629). - cifs: remove unused server parameter from calc_smb_size() (bsc#1193629). - cifs: remove useless DeleteMidQEntry() (bsc#1193629). - cifs: remove useless parameter 'is_fsctl' from SMB2_ioctl() (bsc#1193629). - cifs: replace kfree() with kfree_sensitive() for sensitive data (bsc#1193629). - cifs: return correct error in ->calc_signature() (bsc#1193629). - cifs: return errors during session setup during reconnects (bsc#1193629). - cifs: revalidate mapping when doing direct writes (bsc#1193629). - cifs: secmech: use shash_desc directly, remove sdesc (bsc#1193629). - cifs: set rc to -ENOENT if we can not get a dentry for the cached dir (bsc#1193629). - cifs: skip extra NULL byte in filenames (bsc#1193629). - cifs: store a pointer to a fid in the cfid structure instead of the struct (bsc#1193629). - cifs: truncate the inode and mapping when we simulate fcollapse (bsc#1193629). - cifs: update cifs_ses::ip_addr after failover (bsc#1193629). - cifs: update internal module number (bsc#1193629). - cifs: use ALIGN() and round_up() macros (bsc#1193629). - cifs: use LIST_HEAD() and list_move() to simplify code (bsc#1193629). - cifs: when a channel is not found for server, log its connection id (bsc#1193629). - cifs: when insecure legacy is disabled shrink amount of SMB1 code (bsc#1193629). - clk: ast2600: BCLK comes from EPLL (git-fixes). - clk: at91: fix the build with binutils 2.27 (git-fixes). - clk: baikal-t1: Add SATA internal ref clock buffer (git-fixes). - clk: baikal-t1: Add shared xGMAC ref/ptp clocks internal parent (git-fixes). - clk: baikal-t1: Fix invalid xGMAC PTP clock divider (git-fixes). - clk: bcm2835: Make peripheral PLLC critical (git-fixes). - clk: bcm2835: Round UART input clock up (bsc#1188238) - clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration (git-fixes). - clk: bcm: rpi: Add support for VEC clock (bsc#1196632) - clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate (git-fixes). - clk: bcm: rpi: Prevent out-of-bounds access (git-fixes). - clk: bcm: rpi: Use correct order for the parameters of devm_kcalloc() (git-fixes). - clk: berlin: Add of_node_put() for of_get_parent() (git-fixes). - clk: core: Fix runtime PM sequence in clk_core_unprepare() (git-fixes). - clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops (git-fixes). - clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks (git-fixes). - clk: imx: scu: fix memleak on platform_device_add() fails (git-fixes). - clk: ingenic-tcu: Properly enable registers before accessing timers (git-fixes). - clk: iproc: Do not rely on node name for correct PLL setup (git-fixes). - clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent (git-fixes). - clk: mediatek: reset: Fix written reset bit offset (git-fixes). - clk: meson: Hold reference returned by of_get_parent() (git-fixes). - clk: oxnas: Hold reference returned by of_get_parent() (git-fixes). - clk: qcom: apss-ipq6018: mark apcs_alias0_core_clk as critical (git-fixes). - clk: qcom: camcc-sdm845: Fix topology around titan_top power domain (git-fixes). - clk: qcom: camcc-sm8250: Fix halt on boot by reducing driver's init level (git-fixes). - clk: qcom: camcc-sm8250: Fix topology around titan_top power domain (git-fixes). - clk: qcom: clk-alpha-pll: fix clk_trion_pll_configure description (git-fixes). - clk: qcom: clk-krait: unlock spin after mux completion (git-fixes). - clk: qcom: clk-rcg2: Fail Duty-Cycle configuration if MND divider is not enabled (git-fixes). - clk: qcom: clk-rcg2: Make sure to not write d=0 to the NMD register (git-fixes). - clk: qcom: gcc-msm8916: use ARRAY_SIZE instead of specifying num_parents (git-fixes). - clk: qcom: gcc-msm8939: Add missing SYSTEM_MM_NOC_BFDCD_CLK_SRC (git-fixes). - clk: qcom: gcc-msm8939: Add missing system_mm_noc_bfdcd_clk_src (git-fixes). - clk: qcom: gcc-msm8939: Fix bimc_ddr_clk_src rcgr base address (git-fixes). - clk: qcom: gcc-msm8939: Fix weird field spacing in ftbl_gcc_camss_cci_clk (git-fixes). - clk: qcom: gcc-msm8939: Point MM peripherals to system_mm_noc clock (git-fixes). - clk: qcom: ipq8074: SW workaround for UBI32 PLL lock (git-fixes). - clk: qcom: ipq8074: dont disable gcc_sleep_clk_src (git-fixes). - clk: qcom: ipq8074: fix NSS core PLL-s (git-fixes). - clk: qcom: ipq8074: fix NSS port frequency tables (git-fixes). - clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks (git-fixes). - clk: qoriq: Hold reference returned by of_get_parent() (git-fixes). - clk: renesas: r9a06g032: Fix UART clkgrp bitsel (git-fixes). - clk: sprd: Hold reference returned by of_get_parent() (git-fixes). - clk: tegra20: Fix refcount leak in tegra20_clock_init (git-fixes). - clk: tegra: Fix refcount leak in tegra114_clock_init (git-fixes). - clk: tegra: Fix refcount leak in tegra210_clock_init (git-fixes). - clk: ti: Stop using legacy clkctrl names for omap4 and 5 (git-fixes). - clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe (git-fixes). - clk: vc5: Fix 5P49V6901 outputs disabling when enabling FOD (git-fixes). - clk: zynqmp: Fix stack-out-of-bounds in strncpy` (git-fixes). - clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate (git-fixes). - clocksource/drivers/hyperv: add data structure for reference TSC MSR (git-fixes). - configfs: fix a race in configfs_{,un}register_subsystem() (git-fixes). - constraints: increase disk space for all architectures References: bsc#1203693 aarch64 is already suffering. SLE15-SP5 x86_64 stats show that it is very close to the limit. - cpufreq: intel_pstate: Handle no_turbo in frequency invariance (jsc#PED-849). - cpufreq: intel_pstate: Support Sapphire Rapids OOB mode (jsc#PED-849). - cpufreq: qcom: fix memory leak in error path (git-fixes). - cpufreq: qcom: fix writes in read-only memory region (git-fixes). - cpufreq: zynq: Fix refcount leak in zynq_get_revision (git-fixes). - cpuidle: intel_idle: Drop redundant backslash at line end (jsc#PED-1936). - crypto: akcipher - default implementation for setting a private key (git-fixes). - crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes) - crypto: arm64/poly1305 - fix a read out-of-bound (git-fixes). - crypto: cavium - prevent integer overflow loading firmware (git-fixes). - crypto: ccp - During shutdown, check SEV data pointer before using (git-fixes). - crypto: ccp - Release dma channels before dmaengine unrgister (git-fixes). - crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak (git-fixes). - crypto: hisilicon - Kunpeng916 crypto driver do not sleep when in softirq (git-fixes). - crypto: hisilicon/hpre - do not use GFP_KERNEL to alloc mem during softirq (git-fixes). - crypto: hisilicon/sec - do not sleep when in softirq (git-fixes). - crypto: hisilicon/sec - fix auth key size error (git-fixes). - crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr (git-fixes). - crypto: inside-secure - Add missing MODULE_DEVICE_TABLE for of (git-fixes). - crypto: inside-secure - Change swab to swab32 (git-fixes). - crypto: inside-secure - Replace generic aes with libaes (git-fixes). - crypto: marvell/octeontx - prevent integer overflows (git-fixes). - crypto: qat - fix default value of WDT timer (git-fixes). - crypto: sahara - do not sleep when in softirq (git-fixes). - crypto: sun8i-ss - do not allocate memory when handling hash requests (git-fixes). - crypto: sun8i-ss - fix error codes in allocate_flows() (git-fixes). - crypto: sun8i-ss - fix infinite loop in sun8i_ss_setup_ivs() (git-fixes). - cs-dsp and serial-multi-instantiate enablement (bsc#1203699) - device property: Check fwnode->secondary when finding properties (git-fixes). - device property: Fix documentation for *_match_string() APIs (git-fixes). - devlink: Fix use-after-free after a failed reload (git-fixes). - dm btree remove: fix use after free in rebalance_children() (git-fixes). - dm crypt: make printing of the key constant-time (git-fixes). - dm era: commit metadata in postsuspend after worker stops (git-fixes). - dm integrity: fix memory corruption when tag_size is less than digest size (git-fixes). - dm mirror log: clear log bits up to BITS_PER_LONG boundary (git-fixes). - dm raid: fix KASAN warning in raid5_add_disks (git-fixes). - dm raid: fix accesses beyond end of raid member array (git-fixes). - dm stats: add cond_resched when looping over entries (git-fixes). - dm thin: fix use-after-free crash in dm_sm_register_threshold_callback (git-fixes). - dm: fix double accounting of flush with data (git-fixes). - dm: interlock pending dm_io and dm_wait_for_bios_completion (git-fixes). - dm: properly fix redundant bio-based IO accounting (git-fixes). - dm: remove unnecessary assignment statement in alloc_dev() (git-fixes). - dm: return early from dm_pr_call() if DM device is suspended (git-fixes). - dm: revert partial fix for redundant bio-based IO accounting (git-fixes). - dma-buf: fix racing conflict of dma_heap_add() (git-fixes). - dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC (git-fixes). - dma-debug: make things less spammy under memory pressure (git-fixes). - dmaengine: at_hdmac: Check return code of dma_async_device_register (git-fixes). - dmaengine: at_hdmac: Do not allow CPU to reorder channel enable (git-fixes). - dmaengine: at_hdmac: Do not call the complete callback on device_terminate_all (git-fixes). - dmaengine: at_hdmac: Do not start transactions at tx_submit level (git-fixes). - dmaengine: at_hdmac: Fix at_lli struct definition (git-fixes). - dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors (git-fixes). - dmaengine: at_hdmac: Fix concurrency over descriptor (git-fixes). - dmaengine: at_hdmac: Fix concurrency over the active list (git-fixes). - dmaengine: at_hdmac: Fix concurrency problems by removing atc_complete_all() (git-fixes). - dmaengine: at_hdmac: Fix descriptor handling when issuing it to hardware (git-fixes). - dmaengine: at_hdmac: Fix impossible condition (git-fixes). - dmaengine: at_hdmac: Fix premature completion of desc in issue_pending (git-fixes). - dmaengine: at_hdmac: Free the memset buf without holding the chan lock (git-fixes). - dmaengine: at_hdmac: Protect atchan->status with the channel lock (git-fixes). - dmaengine: at_hdmac: Start transfer for cyclic channels in issue_pending (git-fixes). - dmaengine: dw-axi-dmac: do not print NULL LLI during error (git-fixes). - dmaengine: dw-axi-dmac: ignore interrupt if no descriptor (git-fixes). - dmaengine: dw-edma: Fix eDMA Rd/Wr-channels and DMA-direction semantics (git-fixes). - dmaengine: hisilicon: Add multi-thread support for a DMA channel (git-fixes). - dmaengine: hisilicon: Disable channels when unregister hisi_dma (git-fixes). - dmaengine: hisilicon: Fix CQ head update (git-fixes). - dmaengine: idxd: add helper for per interrupt handle drain (jsc#PED-682). - dmaengine: idxd: add knob for enqcmds retries (jsc#PED-755). - dmaengine: idxd: change MSIX allocation based on per wq activation (jsc#PED-664). - dmaengine: idxd: change bandwidth token to read buffers (jsc#PED-679). - dmaengine: idxd: create locked version of idxd_quiesce() call (jsc#PED-682). - dmaengine: idxd: deprecate token sysfs attributes for read buffers (jsc#PED-679). - dmaengine: idxd: embed irq_entry in idxd_wq struct (jsc#PED-664). - dmaengine: idxd: fix descriptor flushing locking (jsc#PED-664). - dmaengine: idxd: fix retry value to be constant for duration of function call (git-fixes). - dmaengine: idxd: force wq context cleanup on device disable path (git-fixes). - dmaengine: idxd: handle interrupt handle revoked event (jsc#PED-682). - dmaengine: idxd: handle invalid interrupt handle descriptors (jsc#PED-682). - dmaengine: idxd: int handle management refactoring (jsc#PED-682). - dmaengine: idxd: match type for retries var in idxd_enqcmds() (git-fixes). - dmaengine: idxd: move interrupt handle assignment (jsc#PED-682). - dmaengine: idxd: rework descriptor free path on failure (jsc#PED-682). - dmaengine: idxd: set defaults for wq configs (jsc#PED-688). - dmaengine: idxd: update IAA definitions for user header (jsc#PED-763). - dmaengine: imx-dma: Cast of_device_get_match_data() with (uintptr_t) (git-fixes). - dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup() (git-fixes). - dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() (git-fixes). - dmaengine: mxs: use platform_driver_register (git-fixes). - dmaengine: pxa_dma: use platform_get_irq_optional (git-fixes). - dmaengine: sf-pdma: Add multithread support for a DMA channel (git-fixes). - dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed (git-fixes). - dmaengine: stm32-mdma: Remove dead code in stm32_mdma_irq_handler() (git-fixes). - dmaengine: ti: k3-udma-glue: fix memory leak when register device fail (git-fixes). - dmaengine: ti: k3-udma-private: Fix refcount leak bug in of_xudma_dev_get() (git-fixes). - dmaengine: ti: k3-udma: Reset UDMA_CHAN_RT byte counters to prevent overflow (git-fixes). - dmaengine: xilinx_dma: Fix devm_platform_ioremap_resource error handling (git-fixes). - dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure (git-fixes). - dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property (git-fixes). - docs, kprobes: Fix the wrong location of Kprobes (git-fixes). - docs/core-api: expand Fedora instructions for GCC plugins (git-fixes). - docs/kernel-parameters: Update descriptions for 'mitigations=' param with retbleed (git-fixes). - docs: i2c: i2c-sysfs: fix hyperlinks (git-fixes). - docs: i2c: i2c-topology: fix incorrect heading (git-fixes). - docs: zh_CN: fix a broken reference (git-fixes). - dpaa2-eth: fix ethtool statistics (git-fixes). - dpaa2-eth: trace the allocated address instead of page struct (git-fixes). - dpaa2-ptp: Fix refcount leak in dpaa2_ptp_probe (git-fixes). - driver core: Do not probe devices after bus_type.match() probe deferral (git-fixes). - driver core: fix potential deadlock in __driver_attach (git-fixes). - drivers/iio: Remove all strcpy() uses (git-fixes). - drivers: serial: jsm: fix some leaks in probe (git-fixes). - drivers: usb: dwc3-qcom: Add sdm660 compatible (git-fixes). - drm/amd/amd_shared.h: Add missing doc for PP_GFX_DCS_MASK (git-fixes). - drm/amd/amdgpu: fixing read wrong pf2vf data in SRIOV (git-fixes). - drm/amd/amdgpu: skip ucode loading if ucode_size == 0 (git-fixes). - drm/amd/display: Add HUBP surface flip interrupt handler (git-fixes). - drm/amd/display: Add option to defer works of hpd_rx_irq (git-fixes). - drm/amd/display: Assume an LTTPR is always present on fixed_vs links (git-fixes). - drm/amd/display: Avoid MPC infinite loop (git-fixes). - drm/amd/display: Changed pipe split policy to allow for multi-display (bsc#1152472) Backporting notes: * remove changes to non-existing 201 and 31 directories - drm/amd/display: Check correct bounds for stream encoder instances for DCN303 (git-fixes). - drm/amd/display: Correct MPC split policy for DCN301 (git-fixes). - drm/amd/display: Enable building new display engine with KCOV enabled (git-fixes). - drm/amd/display: Fix HDMI VSIF V3 incorrect issue (git-fixes). - drm/amd/display: Fix build breakage with CONFIG_DEBUG_FS=n (git-fixes). - drm/amd/display: Fix double cursor on non-video RGB MPO (git-fixes). - drm/amd/display: Fix pixel clock programming (git-fixes). - drm/amd/display: Fix surface optimization regression on Carrizo (git-fixes). - drm/amd/display: Fix vblank refcount in vrr transition (git-fixes). - drm/amd/display: For stereo keep 'FLIP_ANY_FRAME' (git-fixes). - drm/amd/display: Ignore First MST Sideband Message Return Error (git-fixes). - drm/amd/display: Limit user regamma to a valid value (git-fixes). - drm/amd/display: Mark dml30's UseMinimumDCFCLK() as noinline for stack usage (git-fixes). - drm/amd/display: Optimize bandwidth on following fast update (git-fixes). - drm/amd/display: Reduce number of arguments of dml31's CalculateFlipSchedule() (git-fixes). - drm/amd/display: Reduce number of arguments of dml31's CalculateWatermarksAndDRAMSpeedChangeSupport() (git-fixes). - drm/amd/display: Remove interface for periodic interrupt 1 (git-fixes). - drm/amd/display: Reset DMCUB before HW init (git-fixes). - drm/amd/display: Revert 'drm/amd/display: turn DPMS off on connector unplug' (git-fixes). - drm/amd/display: avoid doing vm_init multiple time (git-fixes). - drm/amd/display: clear optc underflow before turn off odm clock (git-fixes). - drm/amd/display: skip audio setup when audio stream is enabled (git-fixes). - drm/amd/display: update gamut remap if plane has changed (git-fixes). - drm/amd/pm: add missing ->fini_microcode interface for Sienna Cichlid (git-fixes). - drm/amd/pm: disable BACO entry/exit completely on several sienna cichlid cards (git-fixes). - drm/amd/pm: smu7_hwmgr: fix potential off-by-one overflow in 'performance_levels' (git-fixes). - drm/amdgpu/display: change pipe policy for DCN 2.0 (git-fixes). - drm/amdgpu/display: change pipe policy for DCN 2.1 (git-fixes). - drm/amdgpu/gfx10: add wraparound gpu counter check for APUs as well (bsc#1152472) Backporting notes: * also fix default branch - drm/amdgpu/gfx9: switch to golden tsc registers for renoir+ (bsc#1152472) Backporting notes: * replace IP_VERSION() with CHIP_ constants - drm/amdgpu: Check BO's requested pinning domains against its preferred_domains (git-fixes). - drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup (git-fixes). - drm/amdgpu: Increase tlb flush timeout for sriov (git-fixes). - drm/amdgpu: Move psp_xgmi_terminate call from amdgpu_xgmi_remove_device to psp_hw_fini (git-fixes). - drm/amdgpu: Remove one duplicated ef removal (git-fixes). - drm/amdgpu: Separate vf2pf work item init from virt data exchange (git-fixes). - drm/amdgpu: add missing pci_disable_device() in amdgpu_pmops_runtime_resume() (git-fixes). - drm/amdgpu: disable BACO on special BEIGE_GOBY card (git-fixes). - drm/amdgpu: do not register a dirty callback for non-atomic (git-fixes). - drm/amdgpu: fix initial connector audio value (git-fixes). - drm/amdgpu: fix sdma doorbell init ordering on APUs (git-fixes). - drm/amdgpu: make sure to init common IP before gmc (git-fixes). - drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly (git-fixes). - drm/amdgpu: move nbio ih_doorbell_range() into ih code for vega (git-fixes). - drm/amdgpu: move nbio sdma_doorbell_range() into sdma code for vega (git-fixes). - drm/amdgpu: remove useless condition in amdgpu_job_stop_all_jobs_on_sched() (git-fixes). - drm/amdgpu: set vm_update_mode=0 as default for Sienna Cichlid in SRIOV case (git-fixes). - drm/amdgpu: use dirty framebuffer helper (git-fixes). - drm/amdkfd: Fix NULL pointer dereference in svm_migrate_to_ram() (git-fixes). - drm/amdkfd: Fix memory leak in kfd_mem_dmamap_userptr() (git-fixes). - drm/amdkfd: Migrate in CPU page fault use current mm (git-fixes). - drm/amdkfd: avoid recursive lock in migrations back to RAM (git-fixes). - drm/amdkfd: handle CPU fault on COW mapping (git-fixes). - drm/bridge: Avoid uninitialized variable warning (git-fixes). - drm/bridge: display-connector: implement bus fmts callbacks (git-fixes). - drm/bridge: lt8912b: add vsync hsync (git-fixes). - drm/bridge: lt8912b: fix corrupted image output (git-fixes). - drm/bridge: lt8912b: set hdmi or dvi mode (git-fixes). - drm/bridge: lt9611uxc: Cancel only driver's work (git-fixes). - drm/bridge: megachips: Fix a null pointer dereference bug (git-fixes). - drm/bridge: parade-ps8640: Fix regulator supply order (git-fixes). - drm/bridge: tc358767: Fix (e)DP bridge endpoint parsing in dedicated function (git-fixes). - drm/bridge: tc358767: Make sure Refclk clock are enabled (git-fixes). - drm/bridge: tc358767: Move (e)DP bridge endpoint parsing into dedicated function (git-fixes). - drm/doc: Fix comment typo (git-fixes). - drm/drv: Fix potential memory leak in drm_dev_init() (git-fixes). - drm/exynos/exynos7_drm_decon: free resources when clk_set_parent() failed (git-fixes). - drm/gem: Fix GEM handle release errors (git-fixes). - drm/gem: Properly annotate WW context on drm_gem_lock_reservations() error (git-fixes). - drm/gma500: Fix BUG: sleeping function called from invalid context errors (git-fixes). - drm/hyperv: Add ratelimit on error message (git-fixes). - drm/hyperv: Do not overwrite dirt_needed value set by host (git-fixes). - drm/i915/display: avoid warnings when registering dual panel backlight (git-fixes). - drm/i915/dmabuf: fix sg_table handling in map_dma_buf (git-fixes). - drm/i915/dp: Reset frl trained flag before restarting FRL training (git-fixes). - drm/i915/ehl: Update MOCS table for EHL (git-fixes). - drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk (git-fixes). - drm/i915/gt: Restrict forced preemption to the active context (git-fixes). - drm/i915/gt: Skip TLB invalidations once wedged (git-fixes). - drm/i915/gvt: fix a memory leak in intel_gvt_init_vgpu_types (git-fixes). - drm/i915/hdmi: convert intel_hdmi_to_dev to intel_hdmi_to_i915 (bsc#1152489) Backporting notes: * update additional patch on top - drm/i915/reg: Fix spelling mistake 'Unsupport' -> 'Unsupported' (git-fixes). - drm/i915/sdvo: Filter out invalid outputs more sensibly (git-fixes). - drm/i915/sdvo: Setup DDC fully before output init (git-fixes). - drm/i915: Implement WaEdpLinkRateDataReload (git-fixes). - drm/i915: Reject unsupported TMDS rates on ICL+ (git-fixes). - drm/i915: Skip wm/ddb readout for disabled pipes (git-fixes). - drm/i915: fix null pointer dereference (git-fixes). - drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid (git-fixes). - drm/komeda: Fix handling of atomic commits in the atomic_commit_tail hook (git-fixes). - drm/mcde: Fix refcount leak in mcde_dsi_bind (git-fixes). - drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function (git-fixes). - drm/mediatek: Allow commands to be sent during video mode (git-fixes). - drm/mediatek: Keep dsi as LP00 before dcs cmds transfer (git-fixes). - drm/mediatek: Modify dsi funcs to atomic operations (git-fixes). - drm/mediatek: Separate poweron/poweroff from enable/disable and define new funcs (git-fixes). - drm/mediatek: dpi: Only enable dpi after the bridge is enabled (git-fixes). - drm/mediatek: dpi: Remove output format of YUV (git-fixes). - drm/mediatek: dsi: Add atomic {destroy,duplicate}_state, reset callbacks (git-fixes). - drm/mediatek: dsi: Move mtk_dsi_stop() call back to mtk_dsi_poweroff() (git-fixes). - drm/meson: Correct OSD1 global alpha value (git-fixes). - drm/meson: Fix OSD1 RGB to YCbCr coefficient (git-fixes). - drm/meson: Fix overflow implicit truncation warnings (git-fixes). - drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors() (git-fixes). - drm/meson: explicitly remove aggregate driver at module unload time (git-fixes). - drm/mipi-dbi: align max_chunk to 2 in spi_transfer (git-fixes). - drm/mipi-dsi: Detach devices when removing the host (git-fixes). - drm/msm/dp: Silence inconsistent indent warning (git-fixes). - drm/msm/dp: correct 1.62G link rate at dp_catalog_ctrl_config_msa() (git-fixes). - drm/msm/dp: delete DP_RECOVERED_CLOCK_OUT_EN to fix tps4 (git-fixes). - drm/msm/dp: fix IRQ lifetime (git-fixes). - drm/msm/dpu: Fix comment typo (git-fixes). - drm/msm/dpu: Fix for non-visible planes (git-fixes). - drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx (git-fixes). - drm/msm/dsi: Fix number of regulators for SDM660 (git-fixes). - drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg (git-fixes). - drm/msm/dsi: fix memory corruption with too many bridges (git-fixes). - drm/msm/dsi: fix the inconsistent indenting (git-fixes). - drm/msm/hdmi: Remove spurious IRQF_ONESHOT flag (git-fixes). - drm/msm/hdmi: drop empty 'none' regulator lists (git-fixes). - drm/msm/hdmi: enable core-vcc/core-vdda-supply for 8996 platform (git-fixes). - drm/msm/hdmi: fix IRQ lifetime (git-fixes). - drm/msm/hdmi: fix memory corruption with too many bridges (git-fixes). - drm/msm/mdp5: Fix global state lock backoff (git-fixes). - drm/msm/rd: Fix FIFO-full deadlock (git-fixes). - drm/msm: Avoid dirtyfb stalls on video mode displays (v2) (git-fixes). - drm/msm: Fix dirtyfb refcounting (git-fixes). - drm/msm: Fix return type of mdp4_lvds_connector_mode_valid (git-fixes). - drm/msm: Make .remove and .shutdown HW shutdown consistent (git-fixes). - drm/msm: fix use-after-free on probe deferral (git-fixes). - drm/nouveau/acpi: Do not print error when we get -EINPROGRESS from pm_runtime (git-fixes). - drm/nouveau/kms/nv140-: Disable interlacing (git-fixes). - drm/nouveau/kms: Fix failure path for creating DP connectors (git-fixes). - drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc() (git-fixes). - drm/nouveau: Do not pm_runtime_put_sync(), only pm_runtime_put_autosuspend() (git-fixes). - drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table() (git-fixes). - drm/nouveau: fix another off-by-one in nvbios_addr (git-fixes). - drm/nouveau: recognise GA103 (git-fixes). - drm/nouveau: wait for the exclusive fence after the shared ones v2 (bsc#1152472) Backporting notes: * context changes - drm/omap: dss: Fix refcount leak bugs (git-fixes). - drm/panel: simple: Fix innolux_g121i1_l01 bus_format (git-fixes). - drm/panel: simple: set bpc field for logic technologies displays (git-fixes). - drm/panfrost: devfreq: set opp to the recommended one to configure regulator (git-fixes). - drm/radeon: add a force flush to delay work when radeon (git-fixes). - drm/radeon: fix incorrrect SPDX-License-Identifiers (git-fixes). - drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() (git-fixes). - drm/rockchip: Fix an error handling path rockchip_dp_probe() (git-fixes). - drm/rockchip: Fix return type of cdn_dp_connector_mode_valid (git-fixes). - drm/rockchip: dsi: Force synchronous probe (git-fixes). - drm/rockchip: vop: Do not crash for invalid duplicate_state() (git-fixes). - drm/scheduler: quieten kernel-doc warnings (git-fixes). - drm/shmem-helper: Add missing vunmap on error (git-fixes). - drm/simpledrm: Fix return type of simpledrm_simple_display_pipe_mode_valid() (git-fixes). - drm/st7735r: Fix module autoloading for Okaya RH128128T (git-fixes). - drm/sun4i: dsi: Prevent underflow when computing packet sizes (git-fixes). - drm/tegra: vic: Fix build warning when CONFIG_PM=n (git-fixes). - drm/ttm: Fix dummy res NULL ptr deref bug (git-fixes). - drm/udl: Add parameter to set number of URBs (bsc#1195917). - drm/udl: Add reset_resume (bsc#1195917) - drm/udl: Do not re-initialize stuff at retrying the URB list allocation (bsc#1195917). - drm/udl: Drop unneeded alignment (bsc#1195917). - drm/udl: Enable damage clipping (bsc#1195917). - drm/udl: Fix inconsistent urbs.count value during udl_free_urb_list() (bsc#1195917). - drm/udl: Fix potential URB leaks (bsc#1195917). - drm/udl: Increase the default URB list size to 20 (bsc#1195917). - drm/udl: Kill pending URBs at suspend and disconnect (bsc#1195917). - drm/udl: Replace BUG_ON() with WARN_ON() (bsc#1195917). - drm/udl: Replace semaphore with a simple wait queue (bsc#1195917). - drm/udl: Restore display mode on resume (bsc#1195917) - drm/udl: Suppress error print for -EPROTO at URB completion (bsc#1195917). - drm/udl: Sync pending URBs at suspend / disconnect (bsc#1195917). - drm/udl: Sync pending URBs at the end of suspend (bsc#1195917). - drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register() (git-fixes). - drm/vc4: change vc4_dma_range_matches from a global to static (git-fixes). - drm/vc4: drv: Adopt the dma configuration from the HVS or V3D component (git-fixes). - drm/vc4: dsi: Add correct stop condition to vc4_dsi_encoder_disable iteration (git-fixes). - drm/vc4: dsi: Correct DSI divider calculations (git-fixes). - drm/vc4: dsi: Correct pixel order for DSI0 (git-fixes). - drm/vc4: dsi: Fix dsi0 interrupt support (git-fixes). - drm/vc4: dsi: Register dsi0 as the correct vc4 encoder type (git-fixes). - drm/vc4: hdmi: Correct HDMI timing registers for interlaced modes (git-fixes). - drm/vc4: hdmi: Disable audio if dmas property is present but empty (git-fixes). - drm/vc4: hdmi: Fix timings for interlaced modes (git-fixes). - drm/vc4: hdmi: Reset HDMI MISC_CONTROL register (git-fixes). - drm/vc4: kms: Fix IS_ERR() vs NULL check for vc4_kms (git-fixes). - drm/vc4: plane: Fix margin calculations for the right/bottom edges (git-fixes). - drm/vc4: plane: Remove subpixel positioning check (git-fixes). - drm/virtio: Check whether transferred 2D BO is shmem (git-fixes). - drm/virtio: Unlock reservations on virtio_gpu_object_shmem_init() error (git-fixes). - drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() (git-fixes). - drm: Prevent drm_copy_field() to attempt copying a NULL pointer (git-fixes). - drm: Use size_t type for len variable in drm_copy_field() (git-fixes). - drm: adv7511: override i2c address of cec before accessing it (git-fixes). - drm: bridge: adv7511: Add check for mipi_dsi_driver_register (git-fixes). - drm: bridge: adv7511: fix CEC power down control register offset (git-fixes). - drm: bridge: dw_hdmi: only trigger hotplug event on link change (git-fixes). - drm: bridge: sii8620: fix possible off-by-one (git-fixes). - drm: fix drm_mipi_dbi build errors (git-fixes). - drm: panel-orientation-quirks: Add quirk for Anbernic Win600 (git-fixes). - drm:pl111: Add of_node_put() when breaking out of for_each_available_child_of_node() (git-fixes). - dsa: mv88e6xxx: fix debug print for SPEED_UNFORCED (git-fixes). - dt-bindings: PCI: microchip,pcie-host: fix missing clocks properties (git-fixes). - dt-bindings: PCI: microchip,pcie-host: fix missing dma-ranges (git-fixes). - dt-bindings: arm: qcom: fix MSM8916 MTP compatibles (git-fixes). - dt-bindings: arm: qcom: fix MSM8994 boards compatibles (git-fixes). - dt-bindings: bluetooth: broadcom: Add BCM4349B1 DT binding (git-fixes). - dt-bindings: clock: qcom,gcc-msm8996: add more GCC clock sources (git-fixes). - dt-bindings: clocks: imx8mp: Add ID for usb suspend clock (git-fixes). - dt-bindings: crypto: ti,sa2ul: drop dma-coherent property (git-fixes). - dt-bindings: display/msm: dpu-sc7180: add missing DPU opp-table (git-fixes). - dt-bindings: display/msm: dpu-sdm845: add missing DPU opp-table (git-fixes). - dt-bindings: gpio: zynq: Add missing compatible strings (git-fixes). - dt-bindings: hwmon: (mr75203) fix 'intel,vm-map' property to be optional (git-fixes). - dt-bindings: iio: accel: Add DT binding doc for ADXL355 (git-fixes). - dt-bindings: mtd: intel: lgm-nand: Fix compatible string (git-fixes). - dt-bindings: mtd: intel: lgm-nand: Fix maximum chip select value (git-fixes). - dt-bindings: phy: qcom,qmp-usb3-dp: fix bogus clock-cells property (git-fixes). - dt-bindings: phy: qcom,qmp: fix bogus clock-cells property (git-fixes). - dt-bindings: power: gpcv2: add power-domains property (git-fixes). - dt-bindings: usb: mtk-xhci: Allow wakeup interrupt-names to be optional (git-fixes). - dtb: Do not include sources in src.rpm - refer to kernel-source Same as other kernel binary packages there is no need to carry duplicate sources in dtb packages. - dyndbg: fix module.dyndbg handling (git-fixes). - dyndbg: fix static_branch manipulation (git-fixes). - dyndbg: let query-modname override actual module name (git-fixes). - e1000e: Fix TX dispatch condition (git-fixes). - e100: Fix possible use after free in e100_xmit_prepare (git-fixes). - eeprom: idt_89hpesx: uninitialized data in idt_dbgfs_csr_write() (git-fixes). - efi/tpm: Pass correct address to memblock_reserve (git-fixes). - efi: Correct Macmini DMI match in uefi cert quirk (git-fixes). - efi: capsule-loader: Fix use-after-free in efi_capsule_write (git-fixes). - efi: libstub: Disable struct randomization (git-fixes). - efi: libstub: drop pointless get_memory_map() call (git-fixes). - efi: random: Use 'ACPI reclaim' memory for random seed (git-fixes). - efi: random: reduce seed size to 32 bytes (git-fixes). - erofs: fix deadlock when shrink erofs slab (git-fixes). - eth: alx: take rtnl_lock on resume (git-fixes). - eth: sun: cassini: remove dead code (git-fixes). - ethernet: rocker: fix sleep in atomic context bug in neigh_timer_handler (git-fies). - exfat: Define NLS_NAME_* as bit flags explicitly (bsc#1201725). - exfat: Downgrade ENAMETOOLONG error message to debug messages (bsc#1201725). - exfat: Drop superfluous new line for error messages (bsc#1201725). - exfat: Expand exfat_err() and co directly to pr_*() macro (bsc#1201725). - exfat: Return ENAMETOOLONG consistently for oversized paths (bsc#1201725). - exfat: fix i_blocks for files truncated over 4 GiB (git-fixes). - exfat: fix referencing wrong parent directory information after renaming (git-fixes). - exfat: reuse exfat_inode_info variable instead of calling EXFAT_I() (git-fixes). - exfat: use updated exfat_chain directly during renaming (git-fixes). - export: fix string handling of namespace in EXPORT_SYMBOL_NS (git-fixes). - ext4: Fix BUG_ON in ext4_bread when write quota data (bsc#1197755). - ext4: add new helper interface ext4_try_to_trim_range() (bsc#1202783). - ext4: add reserved GDT blocks check (bsc#1202712). - ext4: avoid BUG_ON when creating xattrs (bsc#1205496). - ext4: do not use the orphan list when migrating an inode (bsc#1197756). - ext4: fast commit may miss tracking unwritten range during ftruncate (bsc#1202759). - ext4: filter out EXT4_FC_REPLAY from on-disk superblock field s_state (bsc#1202771). - ext4: fix a possible ABBA deadlock due to busy PA (bsc#1202762). - ext4: fix bug_on in ext4_writepages (bsc#1200872). - ext4: fix error handling in ext4_fc_record_modified_inode() (bsc#1202767). - ext4: fix error handling in ext4_restore_inline_data() (bsc#1197757). - ext4: fix fallocate to use file_modified to update permissions consistently (bsc#1202769). Refresh ext4-fix-race-condition-between-ext4_write-and-ext4_.patch - ext4: fix fast commit may miss tracking range for FALLOC_FL_ZERO_RANGE (bsc#1202757). - ext4: fix fs corruption when tring to remove a non-empty directory with IO error (bsc#1202768). - ext4: fix incorrect type issue during replay_del_range (bsc#1202867). - ext4: fix null-ptr-deref in '__ext4_journal_ensure_credits' (bsc#1202764). - ext4: fix overhead calculation to account for the reserved gdt blocks (bsc#1200869). - ext4: fix race when reusing xattr blocks (bsc#1198971). - ext4: fix super block checksum incorrect after mount (bsc#1202773). - ext4: fix symlink file size not match to file content (bsc#1200868). - ext4: fix use-after-free in ext4_rename_dir_prepare (bsc#1200871). - ext4: fix use-after-free in ext4_search_dir (bsc#1202710). - ext4: fix warning in ext4_handle_inode_extension (bsc#1202711). - ext4: force overhead calculation if the s_overhead_cluster makes no sense (bsc#1200870). - ext4: initialize err_blk before calling __ext4_get_inode_loc (bsc#1202763). - ext4: make sure quota gets properly shutdown on error (bsc#1195480). - ext4: make sure to reset inode lockdep class when quota enabling fails (bsc#1202761). - ext4: mark group as trimmed only if it was fully scanned (bsc#1202770). - ext4: modify the logic of ext4_mb_new_blocks_simple (bsc#1202766). - ext4: prevent used blocks from being allocated during fast commit replay (bsc#1202765). - ext4: recover csum seed of tmp_inode after migrating to extents (bsc#1202713). - ext4: remove EA inode entry from mbcache on inode eviction (bsc#1198971). - ext4: unindent codeblock in ext4_xattr_block_set() (bsc#1198971). - ext4: use ext4_ext_remove_space() for fast commit replay delete range (bsc#1202758). - fat: add ratelimit to fat*_ent_bread() (git-fixes). - fbcon: Add option to enable legacy hardware acceleration (bsc#1152472) Backporting changes: * context fixes in other patch * update config - fbcon: Fix accelerated fbdev scrolling while logo is still shown (bsc#1152472) - fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters (git-fixes). - fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init() (git-fixes). - fbdev: cyber2000fb: fix missing pci_disable_device() (git-fixes). - fbdev: da8xx-fb: Fix error handling in .remove() (git-fixes). - fbdev: fb_pm2fb: Avoid potential divide by zero error (git-fixes). - fbdev: fbcon: Properly revert changes when vc_resize() failed (git-fies). - fbdev: smscufx: Fix several use-after-free bugs (git-fixes). - fec: Fix timer capture timing in `fec_ptp_enable_pps()` (git-fixes). - filemap: Handle sibling entries in filemap_get_read_batch() (bsc#1202774). - firmware: arm_scmi: Add SCMI PM driver remove routine (git-fixes). - firmware: arm_scmi: Fix the asynchronous reset requests (git-fixes). - firmware: arm_scmi: Harden accesses to the reset domains (git-fixes). - firmware: arm_scmi: Harden accesses to the sensor domains (git-fixes). - firmware: arm_scmi: Improve checks in the info_get operations (git-fixes). - firmware: arm_scmi: Make Rx chan_setup fail on memory errors (git-fixes). - firmware: arm_scmi: Suppress the driver's bind attributes (git-fixes). - firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails (git-fixes). - firmware: coreboot: Register bus in module init (git-fixes). - firmware: cs_dsp: Add lockdep asserts to interface functions (bsc#1203699). - firmware: cs_dsp: Add memory chunk helpers (bsc#1203699). - firmware: cs_dsp: Add offset to cs_dsp read/write (bsc#1203699). - firmware: cs_dsp: Add pre_run callback (bsc#1203699). - firmware: cs_dsp: Add pre_stop callback (bsc#1203699). - firmware: cs_dsp: Add support for rev 2 coefficient files (bsc#1203699). - firmware: cs_dsp: Add version checks on coefficient loading (bsc#1203699). - firmware: cs_dsp: Allow creation of event controls (bsc#1203699). - firmware: cs_dsp: Clarify some kernel doc comments (bsc#1203699). - firmware: cs_dsp: Clear core reset for cache (bsc#1203699). - firmware: cs_dsp: Fix overrun of unterminated control name string (bsc#1203699). - firmware: cs_dsp: Move lockdep asserts to avoid potential null pointer (bsc#1203699). - firmware: cs_dsp: Perform NULL check in cs_dsp_coeff_write/read_ctrl (bsc#1203699). - firmware: cs_dsp: Print messages from bin files (bsc#1203699). - firmware: cs_dsp: add driver to support firmware loading on Cirrus Logic DSPs (bsc#1203699). - firmware: cs_dsp: tidy includes in cs_dsp.c and cs_dsp.h (bsc#1203699). - firmware: google: Test spinlock on panic path to avoid lockups (git-fixes). - firmware: tegra: Fix error check return value of debugfs_create_file() (git-fixes). - firmware: tegra: bpmp: Do only aligned access to IPC memory area (git-fixes). - fix race between exit_itimers() and /proc/pid/timers (git-fixes). - fm10k: Fix error handling in fm10k_init_module() (git-fixes). - fpga: altera-pr-ip: fix unsigned comparison with less than zero (git-fixes). - fpga: prevent integer overflow in dfl_feature_ioctl_set_irq() (git-fixes). - fs-writeback: writeback_sb_inodes: Recalculate 'wrote' according skipped pages (bsc#1200873). - fs/binfmt_elf: Fix memory leak in load_elf_binary() (git-fixes). - ftrace/x86: Add back ftrace_expected assignment (git-fixes). - ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead (git-fixes). - ftrace: Fix char print issue in print_ip_ins() (git-fixes). - ftrace: Fix null pointer dereference in ftrace_add_mod() (git-fixes). - ftrace: Fix the possible incorrect kernel message (git-fixes). - ftrace: Fix use-after-free for dynamic ftrace_ops (git-fixes). - ftrace: Optimize the allocation for mcount entries (git-fixes). - ftrace: Properly unset FTRACE_HASH_FL_MOD (git-fixes). - fuse: Remove the control interface for virtio-fs (bsc#1203798). - fuse: add file_modified() to fallocate (bsc#1205332). - fuse: fix deadlock between atomic O_TRUNC and page invalidation (bsc#1204533). - fuse: fix readdir cache race (bsc#1205331). - fuse: ioctl: translate ENOSYS (bsc#1203139). - fuse: limit nsec (bsc#1203138). - fuse: lock inode unconditionally in fuse_fallocate() (bsc#1206273). - gadgetfs: ep_io - wait until IRQ finishes (git-fixes). - gcov: support GCC 12.1 and newer compilers (git-fixes). - geneve: do not use RT_TOS for IPv6 flowlabel (git-fixes). - geneve: fix TOS inheriting for ipv4 (git-fixes). - gpio: amd8111: Fix PCI device reference count leak (git-fixes). - gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data() (git-fixes). - gpio: mockup: fix NULL pointer dereference when removing debugfs (git-fixes). - gpio: mockup: remove gpio debugfs when remove device (git-fixes). - gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx (git-fixes). - gpio: mvebu: Fix check for pwm support on non-A8K platforms (git-fixes). - gpio: pca953x: Add mutex_lock for regcache sync in PM (git-fixes). - gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully (git-fixes). - gpu: lontium-lt9611: Fix NULL pointer dereference in lt9611_connector_init() (git-fixes). - gve: Fix GFP flags when allocing pages (git-fixes). - habanalabs/gaudi: fix shift out of bounds (git-fixes). - habanalabs/gaudi: mask constant value before cast (git-fixes). - hamradio: fix issue of dev reference count leakage in bpq_device_event() (git-fixes). - hid: hid-logitech-hidpp: avoid unnecessary assignments in hidpp_connect_event (git-fixes). - hid: intel-ish-hid: ishtp: Fix ishtp client sending disordered message (git-fixes). - hinic: Avoid some over memory allocation (git-fixes). - hv_netvsc: Fix potential dereference of NULL pointer (git-fixes). - hv_netvsc: Fix race between VF offering and VF association message from host (bsc#1204850). - hv_netvsc: Print value of invalid ID in netvsc_send_{completion,tx_complete}() (git-fixes). - hv_sock: Add validation for untrusted Hyper-V values (git-fixes). - hv_sock: Check hv_pkt_iter_first_raw()'s return value (git-fixes). - hv_sock: Copy packets sent by Hyper-V out of the ring buffer (git-fixes). - hwmon/coretemp: Handle large core ID value (git-fixes). - hwmon: (coretemp) Check for null before removing sysfs attrs (git-fixes). - hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() (git-fixes). - hwmon: (dell-smm) Add Dell XPS 13 7390 to fan control whitelist (git-fixes). - hwmon: (drivetemp) Add module alias (git-fixes). - hwmon: (gpio-fan) Fix array out of bounds access (git-fixes). - hwmon: (gsc-hwmon) Call of_node_get() before of_find_xxx API (git-fixes). - hwmon: (i5500_temp) fix missing pci_disable_device() (git-fixes). - hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails (git-fixes). - hwmon: (ina3221) Fix shunt sum critical calculation (git-fixes). - hwmon: (ltc2947) fix temperature scaling (git-fixes). - hwmon: (mr75203) enable polling for all VM channels (git-fixes). - hwmon: (mr75203) fix VM sensor allocation when 'intel,vm-map' not defined (git-fixes). - hwmon: (mr75203) fix multi-channel voltage reading (git-fixes). - hwmon: (mr75203) fix voltage equation for negative source input (git-fixes). - hwmon: (mr75203) update pvt->v_num and vm_num to the actual number of used sensors (git-fixes). - hwmon: (pmbus/mp2888) Fix sensors readouts for MPS Multi-phase mp2888 controller (git-fixes). - hwmon: (sht15) Fix wrong assumptions in device remove callback (git-fixes). - hwmon: (sht4x) do not overflow clamping operation on 32-bit platforms (git-fixes). - hwmon: (tps23861) fix byte order in resistance register (git-fixes). - i2c: Fix a potential use after free (git-fixes). - i2c: acpi: Add an i2c_acpi_client_count() helper function (bsc#1203699). - i2c: cadence: Support PEC for SMBus block read (git-fixes). - i2c: designware: Fix handling of real but unexpected device interrupts (git-fixes). - i2c: i801: Add support for Intel Ice Lake PCH-N (jsc#PED-634). - i2c: i801: Add support for Intel Meteor Lake-P (jsc#PED-732). - i2c: i801: Add support for Intel Raptor Lake PCH-S (jsc#PED-634). - i2c: i801: Improve handling of chip-specific feature definitions (jsc#PED-634). - i2c: i801: add lis3lv02d's I2C address for Vostro 5568 (git-fixes). - i2c: imx: If pm_runtime_get_sync() returned 1 device access is possible (git-fixes). - i2c: imx: Make sure to unregister adapter on remove() (git-fixes). - i2c: imx: Only DMA messages with I2C_M_DMA_SAFE flag set (git-fixes). - i2c: mlxbf: Fix frequency calculation (git-fixes). - i2c: mlxbf: incorrect base address passed during io write (git-fixes). - i2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction() (git-fixes). - i2c: mlxbf: support lock mechanism (git-fixes). - i2c: mux-gpmux: Add of_node_put() when breaking out of loop (git-fixes). - i2c: mxs: Silence a clang warning (git-fixes). - i2c: npcm7xx: Fix error handling in npcm_i2c_init() (git-fixes). - i2c: npcm: Capitalize the one-line comment (git-fixes). - i2c: npcm: Correct slave role behavior (git-fixes). - i2c: npcm: Remove own slave addresses 2:10 (git-fixes). - i2c: piix4: Fix adapter not be removed in piix4_remove() (git-fixes). - i2c: qcom-cci: Fix ordering of pm_runtime_xx and i2c_add_adapter (git-fixes). - i2c: tegra: Allocate DMA memory for DMA engine (git-fixes). - i2c: xiic: Add platform module alias (git-fixes). - i40e: Fix call trace in setup_tx_descriptors (git-fixes). - i40e: Fix dropped jumbo frames statistics (git-fixes). - i40e: Fix to stop tx_timeout recovery if GLOBR fails (git-fixes). - iavf: Fix adminq error handling (git-fixes). - iavf: Fix handling of dummy receive descriptors (git-fixes). - iavf: Fix reset error handling (git-fixes). - ibmvnic: Free rwi on reset success (bsc#1184350 ltc#191533 git-fixes). - ice: Allow operation with reduced device MSI-X (bsc#1201987). - ice: Do not skip not enabled queues in ice_vc_dis_qs_msg (git-fixes). - ice: Fix KASAN error in LAG NETDEV_UNREGISTER handler (git-fixes). - ice: Fix race during aux device (un)plugging (git-fixes). - ice: Fix switchdev rules book keeping (git-fixes). - ice: Match on all profiles in slow-path (git-fixes). - ice: arfs: fix use-after-free when freeing @rx_cpu_rmap (git-fixes). - ice: check (DD | EOF) bits on Rx descriptor rather than (EOP | RS) (git-fixes). - ice: do not setup vlan for loopback VSI (git-fixes). - ice: fix 'scheduling while atomic' on aux critical err interrupt (git-fixes). - ice: fix crash when writing timestamp on RX rings (git-fixes). - ice: fix possible under reporting of ethtool Tx and Rx statistics (git-fixes). - ieee80211: add EHT 1K aggregation definitions (bsc#1202131). - ieee80211: change HE nominal packet padding value defines (bsc#1202131). - ieee802154/adf7242: defer destroy_workqueue call (git-fixes). - ieee802154: cc2520: Fix error return code in cc2520_hw_init() (git-fixes). - ieee802154: cc2520: add rc code in cc2520_tx() (git-fixes). - igb: Make DMA faster when CPU is active on the PCIe link (git-fixes). - igb: fix a use-after-free issue in igb_clean_tx_ring (git-fixes). - igb: skip phy status check where unavailable (git-fixes). - iio: ABI: Fix wrong format of differential capacitance channel ABI (git-fixes). - iio: accel: bma220: Fix alignment for DMA safety (git-fixes). - iio: accel: bma400: Fix the scale min and max macro values (git-fixes). - iio: accel: bma400: Reordering of header files (git-fixes). - iio: accel: sca3000: Fix alignment for DMA safety (git-fixes). - iio: accel: sca3300: Fix alignment for DMA safety (git-fixes). - iio: ad7292: Prevent regulator double disable (git-fixes). - iio: adc: ad7266: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7292: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7298: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7476: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7766: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7768-1: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7887: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7923: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7923: fix channel readings for some variants (git-fixes). - iio: adc: at91-sama5d2_adc: check return status for pressure and touch (git-fixes). - iio: adc: at91-sama5d2_adc: disable/prepare buffer on suspend/resume (git-fixes). - iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX (git-fixes). - iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq (git-fixes). - iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() (git-fixes). - iio: adc: hi8435: Fix alignment for DMA safety (git-fixes). - iio: adc: ltc2496: Fix alignment for DMA safety (git-fixes). - iio: adc: ltc2497: Fix alignment for DMA safety (git-fixes). - iio: adc: max1027: Fix alignment for DMA safety (git-fixes). - iio: adc: max11100: Fix alignment for DMA safety (git-fixes). - iio: adc: max1118: Fix alignment for DMA safety (git-fixes). - iio: adc: max1241: Fix alignment for DMA safety (git-fixes). - iio: adc: mcp320x: Fix alignment for DMA safety (git-fixes). - iio: adc: mcp3911: make use of the sign bit (git-fixes). - iio: adc: mcp3911: use correct formula for AD conversion (git-fixes). - iio: adc: mcp3911: use correct id bits (git-fixes). - iio: adc: mp2629: fix potential array out of bound access (git-fixes). - iio: adc: mp2629: fix wrong comparison of channel (git-fixes). - iio: adc: ti-adc0832: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc084s021: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc108s102: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc12138: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc128s052: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc161s626: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads124s08: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads131e08: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads7950: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads8344: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads8688: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-tlc4541: Fix alignment for DMA safety (git-fixes). - iio: adxl372: Fix unsafe buffer attributes (git-fixes). - iio: amplifiers: ad8366: Fix alignment for DMA safety (git-fixes). - iio: bmc150-accel-core: Fix unsafe buffer attributes (git-fixes). - iio: common: ssp: Fix alignment for DMA safety (git-fixes). - iio: core: Fix IIO_ALIGN and rename as it was not sufficiently large (git-fixes). - iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails (git-fixes). - iio: dac: ad5064: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5360: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5421: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5449: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5504: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5593r: Fix i2c read protocol requirements (git-fixes). - iio: dac: ad5755: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5761: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5764: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5766: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5770r: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5791: Fix alignment for DMA saftey (git-fixes). - iio: dac: ad7303: Fix alignment for DMA safety (git-fixes). - iio: dac: ad8801: Fix alignment for DMA safety (git-fixes). - iio: dac: mcp4922: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac082s085: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac5571: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac7311: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac7612: Fix alignment for DMA safety (git-fixes). - iio: fix iio_format_avail_range() printing for none IIO_VAL_INT (git-fixes). - iio: frequency: ad9523: Fix alignment for DMA safety (git-fixes). - iio: frequency: adf4350: Fix alignment for DMA safety (git-fixes). - iio: frequency: adf4371: Fix alignment for DMA safety (git-fixes). - iio: gyro: adis16080: Fix alignment for DMA safety (git-fixes). - iio: gyro: adis16130: Fix alignment for DMA safety (git-fixes). - iio: gyro: adxrs450: Fix alignment for DMA safety (git-fixes). - iio: gyro: fxas210002c: Fix alignment for DMA safety (git-fixes). - iio: health: afe4403: Fix oob read in afe4403_read_raw (git-fixes). - iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw (git-fixes). - iio: imu: fxos8700: Fix alignment for DMA safety (git-fixes). - iio: inkern: fix return value in devm_of_iio_channel_get_by_name() (git-fixes). - iio: inkern: only release the device node when done with it (git-fixes). - iio: light: apds9960: fix wrong register for gesture gain (git-fixes). - iio: light: isl29028: Fix the warning in isl29028_remove() (git-fixes). - iio: light: rpr0521: add missing Kconfig dependencies (git-fixes). - iio: light: tsl2583: Fix module unloading (git-fixes). - iio: ltc2497: Fix reading conversion results (git-fixes). - iio: magnetometer: yas530: Change data type of hard_offsets to signed (git-fixes). - iio: ms5611: Simplify IO callback parameters (git-fixes). - iio: potentiometer: ad5272: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: max5481: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: mcp41010: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: mcp4131: Fix alignment for DMA safety (git-fixes). - iio: pressure: dps310: Refactor startup procedure (git-fixes). - iio: pressure: dps310: Reset chip after timeout (git-fixes). - iio: pressure: ms5611: changed hardcoded SPI speed to value limited (git-fixes). - iio: pressure: ms5611: fixed value compensation bug (git-fixes). - iio: proximity: as3935: Fix alignment for DMA safety (git-fixes). - iio: resolver: ad2s1200: Fix alignment for DMA safety (git-fixes). - iio: resolver: ad2s90: Fix alignment for DMA safety (git-fixes). - iio: temp: ltc2983: Fix alignment for DMA safety (git-fixes). - iio: temp: maxim_thermocouple: Fix alignment for DMA safety (git-fixes). - iio: temperature: ltc2983: allocate iio channels once (git-fixes). - iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() (git-fixes). - ima: fix blocking of security.ima xattrs of unsupported algorithms (git-fixes). - inet_diag: fix kernel-infoleak for UDP sockets (git-fixes). - init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash (git-fixes). - intel_idle: Add AlderLake support (jsc#PED-824). - intel_idle: Fix SPR C6 optimization (jsc#PED-824 jsc#PED-1936). - intel_idle: Fix the 'preferred_cstates' module parameter (jsc#PED-824 jsc#PED-1936). - intel_idle: make SPR C1 and C1E be independent (jsc#PED-1936). - intel_th: Fix a resource leak in an error handling path (git-fixes). - intel_th: msu-sink: Potential dereference of null pointer (git-fixes). - intel_th: msu: Fix vmalloced buffers (git-fixes). - intel_th: pci: Add Meteor Lake-P support (git-fixes). - intel_th: pci: Add Raptor Lake-S CPU support (git-fixes). - intel_th: pci: Add Raptor Lake-S PCH support (git-fixes). - interconnect: imx: fix max_node_id (git-fixes). - io-wq: Remove duplicate code in io_workqueue_create() (bnc#1205113). - io-wq: do not retry task_work creation failure on fatal conditions (bnc#1205113). - io-wq: ensure we exit if thread group is exiting (git-fixes). - io-wq: exclusively gate signal based exit on get_signal() return (git-fixes). - io-wq: fix cancellation on create-worker failure (bnc#1205113). - io-wq: fix silly logic error in io_task_work_match() (bnc#1205113). - io_uring: add a schedule point in io_add_buffers() (git-fixes). - io_uring: correct __must_hold annotation (git-fixes). - io_uring: drop ctx->uring_lock before acquiring sqd->lock (git-fixes). - io_uring: ensure IORING_REGISTER_IOWQ_MAX_WORKERS works with SQPOLL (git-fixes). - io_uring: fix io_timeout_remove locking (git-fixes). - io_uring: fix missing mb() before waitqueue_active (git-fixes). - io_uring: fix missing sigmask restore in io_cqring_wait() (git-fixes). - io_uring: fix possible poll event lost in multi shot mode (git-fixes). - io_uring: pin SQPOLL data before unlocking ring lock (git-fixes). - io_uring: terminate manual loop iterator loop correctly for non-vecs (git-fixes). - iommu/amd: Clarify AMD IOMMUv2 initialization messages (git-fixes). - iommu/amd: Enable swiotlb in all cases (git-fixes). - iommu/amd: Fix I/O page table memory leak (git-fixes). - iommu/amd: Recover from event log overflow (git-fixes). - iommu/amd: Simplify and Consolidate Virtual APIC (AVIC) Enablement (git-fixes). - iommu/arm-smmu-v3-sva: Fix mm use-after-free (git-fixes). - iommu/arm-smmu-v3: Fix size calculation in arm_smmu_mm_invalidate_range() (git-fixes). - iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop (git-fixes). - iommu/dart: Add missing module owner to ops structure (git-fixes). - iommu/dart: check return value after calling platform_get_resource() (git-fixes). - iommu/exynos: Handle failed IOMMU device registration properly (git-fixes). - iommu/iova: Improve 32-bit free space estimate (git-fixes). - iommu/ipmmu-vmsa: Check for error num after setting mask (git-fixes). - iommu/mediatek: Add list_del in mtk_iommu_remove (git-fixes). - iommu/mediatek: Add mutex for m4u_group and m4u_dom in data (git-fixes). - iommu/mediatek: Fix 2 HW sharing pgtable issue (git-fixes). - iommu/mediatek: Fix NULL pointer dereference when printing dev_name (git-fixes). - iommu/mediatek: Remove clk_disable in mtk_iommu_remove (git-fixes). - iommu/msm: Fix an incorrect NULL check on list iterator (git-fixes). - iommu/omap: Fix regression in probe for NULL pointer dereference (git-fixes). - iommu/tegra-smmu: Fix missing put_device() call in tegra_smmu_find (git-fixes). - iommu/vt-d: Acquiring lock in domain ID allocation helpers (bsc#1200301). - iommu/vt-d: Calculate mask for non-aligned flushes (git-fixes). - iommu/vt-d: Do not falsely log intel_iommu is unsupported kernel option (bsc#1204947). - iommu/vt-d: Drop stop marker messages (git-fixes). - iommu/vt-d: Fix PCI bus rescan device hot add (git-fixes). - iommu/vt-d: Fix RID2PASID setup/teardown failure (git-fixes). - iommu/vt-d: Make DMAR_UNITS_SUPPORTED default 1024 (bsc#1200301). - iommu/vt-d: Refactor iommu information of each domain (bsc#1200301). - iommu/vt-d: Remove global g_iommus array (bsc#1200301). - iommu/vt-d: Remove intel_iommu::domains (bsc#1200301). - iommu/vt-d: Remove unnecessary check in intel_iommu_add() (bsc#1200301). - iommu/vt-d: Use IDA interface to manage iommu sequence id (bsc#1200301). - iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) (git-fixes). - iommu: Fix potential use-after-free during probe (git-fixes). - iov_iter: Fix iter_xarray_get_pages{,_alloc}() (git-fixes). - iov_iter: fix build issue due to possible type mis-match (git-fixes). - ip: Fix data-races around sysctl_ip_fwd_update_priority (git-fixes). - ipmi: fix initialization when workqueue allocation fails (git-fixes). - ipv4: Fix data-races around sysctl_fib_multipath_hash_policy (git-fixes). - ipv6: ping: fix wrong checksum for large frames (bsc#1203183). - irqchip/ls-extirq: Fix invalid wait context by avoiding to use regmap (git-fixes). - irqchip/sifive-plic: Add missing thead,c900-plic match string (git-fixes). - irqchip/tegra: Fix overflow implicit truncation warnings (git-fixes). - isdn: mISDN: netjet: fix wrong check of device registration (git-fixes). - iwlwifi/fw: use struct_size over open coded arithmetic (bsc#1202131). - iwlwifi: ACPI: support revision 3 WGDS tables (bsc#1202131). - iwlwifi: Add support for getting rf id with blank otp (bsc#1202131). - iwlwifi: Add support for more BZ HWs (bsc#1202131). - iwlwifi: BZ Family BUS_MASTER_DISABLE_REQ code duplication (bsc#1202131). - iwlwifi: BZ Family SW reset support (bsc#1202131). - iwlwifi: Configure FW debug preset via module param (bsc#1202131). - iwlwifi: Fix FW name for gl (bsc#1202131). - iwlwifi: Fix missing error code in iwl_pci_probe() (bsc#1202131). - iwlwifi: Fix syntax errors in comments (bsc#1202131). - iwlwifi: Make use of the helper macro LIST_HEAD() (bsc#1202131). - iwlwifi: Read the correct addresses when getting the crf id (bsc#1202131). - iwlwifi: Start scratch debug register for Bz family (bsc#1202131). - iwlwifi: acpi: fix wgds rev 3 size (bsc#1202131). - iwlwifi: acpi: move ppag code from mvm to fw/acpi (bsc#1202131). - iwlwifi: add missing entries for Gf4 with So and SoF (bsc#1202131). - iwlwifi: add new Qu-Hr device (bsc#1202131). - iwlwifi: add new ax1650 killer device (bsc#1202131). - iwlwifi: add new device id 7F70 (bsc#1202131). - iwlwifi: add new pci SoF with JF (bsc#1202131). - iwlwifi: add some missing kernel-doc in struct iwl_fw (bsc#1202131). - iwlwifi: add support for BNJ HW (bsc#1202131). - iwlwifi: add support for BZ-U and BZ-L HW (bsc#1202131). - iwlwifi: add support for Bz-Z HW (bsc#1202131). - iwlwifi: add vendor specific capabilities for some RFs (bsc#1202131). - iwlwifi: advertise support for HE - DCM BPSK RX/TX (bsc#1202131). - iwlwifi: allow rate-limited error messages (bsc#1202131). - iwlwifi: api: fix struct iwl_wowlan_status_v7 kernel-doc (bsc#1202131). - iwlwifi: api: remove ttl field from TX command (bsc#1202131). - iwlwifi: api: remove unused RX status bits (bsc#1202131). - iwlwifi: avoid variable shadowing (bsc#1202131). - iwlwifi: avoid void pointer arithmetic (bsc#1202131). - iwlwifi: bump FW API to 67 for AX devices (bsc#1202131). - iwlwifi: bump FW API to 68 for AX devices (bsc#1202131). - iwlwifi: bump FW API to 69 for AX devices (bsc#1202131). - iwlwifi: bump FW API to 70 for AX devices (bsc#1202131). - iwlwifi: bump FW API to 71 for AX devices (bsc#1202131). - iwlwifi: bump FW API to 72 for AX devices (bsc#1202131). - iwlwifi: cfg: add support for 1K BA queue (bsc#1202131). - iwlwifi: dbg-tlv: clean up iwl_dbg_tlv_update_drams() (bsc#1202131). - iwlwifi: dbg: add infra for tracking free buffer size (bsc#1202131). - iwlwifi: dbg: check trigger data before access (bsc#1202131). - iwlwifi: dbg: disable ini debug in 8000 family and below (bsc#1202131). - iwlwifi: dbg: in sync mode do not call schedule (bsc#1202131). - iwlwifi: dbg: treat dbgc allocation failure when tlv is missing (bsc#1202131). - iwlwifi: dbg: treat non active regions as unsupported regions (bsc#1202131). - iwlwifi: dbg_ini: Split memcpy() to avoid multi-field write (bsc#1202131). - iwlwifi: de-const properly where needed (bsc#1202131). - iwlwifi: debugfs: remove useless double condition (bsc#1202131). - iwlwifi: do not dump_stack() when we get an unexpected interrupt (bsc#1202131). - iwlwifi: do not use __unused as variable name (bsc#1202131). - iwlwifi: drv: load tlv debug data earlier (bsc#1202131). - iwlwifi: dump CSR scratch from outer function (bsc#1202131). - iwlwifi: dump RCM error tables (bsc#1202131). - iwlwifi: dump both TCM error tables if present (bsc#1202131). - iwlwifi: dump host monitor data when NIC does not init (bsc#1202131). - iwlwifi: dvm: use struct_size over open coded arithmetic (bsc#1202131). - iwlwifi: eeprom: clean up macros (bsc#1202131). - iwlwifi: fix LED dependencies (bsc#1202131). - iwlwifi: fix debug TLV parsing (bsc#1202131). - iwlwifi: fix fw/img.c license statement (bsc#1202131). - iwlwifi: fix iwl_legacy_rate_to_fw_idx (bsc#1202131). - iwlwifi: fix small doc mistake for iwl_fw_ini_addr_val (bsc#1202131). - iwlwifi: fix various more -Wcast-qual warnings (bsc#1202131). - iwlwifi: fw dump: add infrastructure for dump scrubbing (bsc#1202131). - iwlwifi: fw: add support for splitting region type bits (bsc#1202131). - iwlwifi: fw: api: add link to PHY context command struct v1 (bsc#1202131). - iwlwifi: fw: correctly detect HW-SMEM region subtype (bsc#1202131). - iwlwifi: fw: fix some scan kernel-doc (bsc#1202131). - iwlwifi: fw: init SAR GEO table only if data is present (bsc#1202131). - iwlwifi: fw: make dump_start callback void (bsc#1202131). - iwlwifi: fw: remove dead error log code (bsc#1202131). - iwlwifi: implement reset flow for Bz devices (bsc#1202131). - iwlwifi: iwl-eeprom-parse: mostly dvm only (bsc#1202131). - iwlwifi: make iwl_fw_lookup_cmd_ver() take a cmd_id (bsc#1202131). - iwlwifi: make iwl_txq_dyn_alloc_dma() return the txq (bsc#1202131). - iwlwifi: make some functions friendly to sparse (bsc#1202131). - iwlwifi: move symbols into a separate namespace (bsc#1202131). - iwlwifi: mvm/api: define system control command (bsc#1202131). - iwlwifi: mvm: Add RTS and CTS flags to iwl_tx_cmd_flags (bsc#1202131). - iwlwifi: mvm: Add list of OEMs allowed to use TAS (bsc#1202131). - iwlwifi: mvm: Add support for a new version of scan request command (bsc#1202131). - iwlwifi: mvm: Add support for new rate_n_flags in tx_cmd (bsc#1202131). - iwlwifi: mvm: Consider P2P GO operation during scan (bsc#1202131). - iwlwifi: mvm: Disable WiFi bands selectively with BIOS (bsc#1202131). - iwlwifi: mvm: Do not fail if PPAG isn't supported (bsc#1202131). - iwlwifi: mvm: Fix wrong documentation for scan request command (bsc#1202131). - iwlwifi: mvm: Passively scan non PSC channels only when requested so (bsc#1202131). - iwlwifi: mvm: Read acpi dsm to get channel activation bitmap (bsc#1202131). - iwlwifi: mvm: Remove antenna c references (bsc#1202131). - iwlwifi: mvm: Support new TX_RSP and COMPRESSED_BA_RES versions (bsc#1202131). - iwlwifi: mvm: Support new rate_n_flags for REPLY_RX_MPDU_CMD and RX_NO_DATA_NOTIF (bsc#1202131). - iwlwifi: mvm: Support new version of BEACON_TEMPLATE_CMD (bsc#1202131). - iwlwifi: mvm: Support new version of ranging response notification (bsc#1202131). - iwlwifi: mvm: Support version 3 of tlc_update_notif (bsc#1202131). - iwlwifi: mvm: Unify the scan iteration functions (bsc#1202131). - iwlwifi: mvm: Use all Rx chains for roaming scan (bsc#1202131). - iwlwifi: mvm: add US/CA to TAS block list if OEM isn't allowed (bsc#1202131). - iwlwifi: mvm: add a flag to reduce power command (bsc#1202131). - iwlwifi: mvm: add additional info for boot info failures (bsc#1202131). - iwlwifi: mvm: add dbg_time_point to debugfs (bsc#1202131). - iwlwifi: mvm: add definitions for new rate & flags (bsc#1202131). - iwlwifi: mvm: add lmac/umac PC info in case of error (bsc#1202131). - iwlwifi: mvm: add missing min_size to kernel-doc (bsc#1202131). - iwlwifi: mvm: add some missing command strings (bsc#1202131). - iwlwifi: mvm: add support for 160Mhz in ranging measurements (bsc#1202131). - iwlwifi: mvm: add support for CT-KILL notification version 2 (bsc#1202131). - iwlwifi: mvm: add support for IMR based on platform (bsc#1202131). - iwlwifi: mvm: add support for OCE scan (bsc#1202131). - iwlwifi: mvm: add support for PHY context command v4 (bsc#1202131). - iwlwifi: mvm: add support for statistics update version 15 (bsc#1202131). - iwlwifi: mvm: allow enabling UHB TAS in the USA via ACPI setting (bsc#1202131). - iwlwifi: mvm: always remove the session protection after association (bsc#1202131). - iwlwifi: mvm: always store the PPAG table as the latest version (bsc#1202131). - iwlwifi: mvm: always use 4K RB size by default (bsc#1202131). - iwlwifi: mvm: change old-SN drop threshold (bsc#1202131). - iwlwifi: mvm: clean up indenting in iwl_mvm_tlc_update_notif() (bsc#1202131). - iwlwifi: mvm: convert old rate & flags to the new format (bsc#1202131). - iwlwifi: mvm: correct sta-state logic for TDLS (bsc#1202131). - iwlwifi: mvm: correctly set channel flags (bsc#1202131). - iwlwifi: mvm: correctly set schedule scan profiles (bsc#1202131). - iwlwifi: mvm: d3: move GTK rekeys condition (bsc#1202131). - iwlwifi: mvm: d3: support v12 wowlan status (bsc#1202131). - iwlwifi: mvm: d3: use internal data representation (bsc#1202131). - iwlwifi: mvm: demote non-compliant kernel-doc header (bsc#1202131). - iwlwifi: mvm: do not get address of mvm->fwrt just to dereference as a pointer (bsc#1202131). - iwlwifi: mvm: do not send BAID removal to the FW during hw_restart (bsc#1202131). - iwlwifi: mvm: do not trust hardware queue number (bsc#1202131). - iwlwifi: mvm: drop too short packets silently (bsc#1202131). - iwlwifi: mvm: extend session protection on association (bsc#1202131). - iwlwifi: mvm: fix WGDS table print in iwl_mvm_chub_update_mcc() (bsc#1202131). - iwlwifi: mvm: fix a stray tab (bsc#1202131). - iwlwifi: mvm: fix condition which checks the version of rate_n_flags (bsc#1202131). - iwlwifi: mvm: fix delBA vs. NSSN queue sync race (bsc#1202131). - iwlwifi: mvm: fix ieee80211_get_he_iftype_cap() iftype (bsc#1202131). - iwlwifi: mvm: fix off by one in iwl_mvm_stat_iterator_all_macs() (bsc#1202131). - iwlwifi: mvm: fw: clean up hcmd struct creation (bsc#1202131). - iwlwifi: mvm: handle RX checksum on Bz devices (bsc#1202131). - iwlwifi: mvm: improve log when processing CSA (bsc#1202131). - iwlwifi: mvm: isolate offload assist (checksum) calculation (bsc#1202131). - iwlwifi: mvm: make iwl_mvm_reconfig_scd() static (bsc#1202131). - iwlwifi: mvm: offload channel switch timing to FW (bsc#1202131). - iwlwifi: mvm: only enable HE DCM if we also support TX (bsc#1202131). - iwlwifi: mvm: optionally suppress assert log (bsc#1202131). - iwlwifi: mvm: parse firmware alive message version 6 (bsc#1202131). - iwlwifi: mvm: read 6E enablement flags from DSM and pass to FW (bsc#1202131). - iwlwifi: mvm: reduce WARN_ON() in TX status path (bsc#1202131). - iwlwifi: mvm: refactor iwl_mvm_sta_rx_agg() (bsc#1202131). - iwlwifi: mvm: refactor setting PPE thresholds in STA_HE_CTXT_CMD (bsc#1202131). - iwlwifi: mvm: remove card state notification code (bsc#1202131). - iwlwifi: mvm: remove cipher scheme support (bsc#1202131). - iwlwifi: mvm: remove csi from iwl_mvm_pass_packet_to_mac80211() (bsc#1202131). - iwlwifi: mvm: remove iwl_mvm_disable_txq() flags argument (bsc#1202131). - iwlwifi: mvm: remove session protection after auth/assoc (bsc#1202131). - iwlwifi: mvm: remove session protection on disassoc (bsc#1202131). - iwlwifi: mvm: remove session protection upon station removal (bsc#1202131). - iwlwifi: mvm: rfi: handle deactivation notification (bsc#1202131). - iwlwifi: mvm: rfi: update rfi table (bsc#1202131). - iwlwifi: mvm: rfi: use kmemdup() to replace kzalloc + memcpy (bsc#1202131). - iwlwifi: mvm: scrub key material in firmware dumps (bsc#1202131). - iwlwifi: mvm: set BT-coex high priority for 802.1X/4-way-HS (bsc#1202131). - iwlwifi: mvm: set inactivity timeouts also for PS-poll (bsc#1202131). - iwlwifi: mvm: starting from 22000 we have 32 Rx AMPDU sessions (bsc#1202131). - iwlwifi: mvm: support Bz TX checksum offload (bsc#1202131). - iwlwifi: mvm: support RLC configuration command (bsc#1202131). - iwlwifi: mvm: support new BAID allocation command (bsc#1202131). - iwlwifi: mvm: support revision 1 of WTAS table (bsc#1202131). - iwlwifi: mvm: support v3 of station HE context command (bsc#1202131). - iwlwifi: mvm: update BAID allocation command again (bsc#1202131). - iwlwifi: mvm: update RFI TLV (bsc#1202131). - iwlwifi: mvm: update definitions due to new rate & flags (bsc#1202131). - iwlwifi: mvm: update rate scale in moving back to assoc state (bsc#1202131). - iwlwifi: mvm: use a define for checksum flags mask (bsc#1202131). - iwlwifi: mvm: use debug print instead of WARN_ON() (bsc#1202131). - iwlwifi: nvm: Correct HE capability (bsc#1202131). - iwlwifi: parse debug exclude data from firmware file (bsc#1202131). - iwlwifi: parse error tables from debug TLVs (bsc#1202131). - iwlwifi: pcie: Adapt rx queue write pointer for Bz family (bsc#1202131). - iwlwifi: pcie: add jacket bit to device configuration parsing (bsc#1202131). - iwlwifi: pcie: add support for MS devices (bsc#1202131). - iwlwifi: pcie: adjust to Bz completion descriptor (bsc#1202131). - iwlwifi: pcie: fix SW error MSI-X mapping (bsc#1202131). - iwlwifi: pcie: fix constant-conversion warning (bsc#1202131). - iwlwifi: pcie: fix killer name matching for AX200 (bsc#1202131). - iwlwifi: pcie: iwlwifi: fix device id 7F70 struct (bsc#1202131). - iwlwifi: pcie: make sure iwl_rx_packet_payload_len() will not underflow (bsc#1202131). - iwlwifi: pcie: refactor dev_info lookup (bsc#1202131). - iwlwifi: pcie: remove duplicate entry (bsc#1202131). - iwlwifi: pcie: remove two duplicate PNJ device entries (bsc#1202131). - iwlwifi: pcie: retake ownership after reset (bsc#1202131). - iwlwifi: pcie: simplify iwl_pci_find_dev_info() (bsc#1202131). - iwlwifi: pcie: support Bz suspend/resume trigger (bsc#1202131). - iwlwifi: pcie: try to grab NIC access early (bsc#1202131). - iwlwifi: pcie: update sw error interrupt for BZ family (bsc#1202131). - iwlwifi: pnvm: print out the version properly (bsc#1202131). - iwlwifi: prefer WIDE_ID() over iwl_cmd_id() (bsc#1202131). - iwlwifi: propagate (const) type qualifier (bsc#1202131). - iwlwifi: recognize missing PNVM data and then log filename (bsc#1202131). - iwlwifi: remove MODULE_AUTHOR() statements (bsc#1202131). - iwlwifi: remove command ID argument from queue allocation (bsc#1202131). - iwlwifi: remove contact information (bsc#1202131). - iwlwifi: remove deprecated broadcast filtering feature (bsc#1202131). - iwlwifi: remove redundant iwl_finish_nic_init() argument (bsc#1202131). - iwlwifi: remove unused DC2DC_CONFIG_CMD definitions (bsc#1202131). - iwlwifi: remove unused iwlax210_2ax_cfg_so_hr_a0 structure (bsc#1202131). - iwlwifi: remove unused macros (bsc#1202131). - iwlwifi: rename CHANNEL_SWITCH_NOA_NOTIF to CHANNEL_SWITCH_START_NOTIF (bsc#1202131). - iwlwifi: rename GEO_TX_POWER_LIMIT to PER_CHAIN_LIMIT_OFFSET_CMD (bsc#1202131). - iwlwifi: rs: add support for TLC config command ver 4 (bsc#1202131). - iwlwifi: scan: Modify return value of a function (bsc#1202131). - iwlwifi: support 4-bits in MAC step value (bsc#1202131). - iwlwifi: support SAR GEO Offset Mapping override via BIOS (bsc#1202131). - iwlwifi: support new queue allocation command (bsc#1202131). - iwlwifi: swap 1650i and 1650s killer struct names (bsc#1202131). - iwlwifi: tlc: Add logs in rs_fw_rate_init func to print TLC configuration (bsc#1202131). - iwlwifi: use 4k queue size for Bz A-step (bsc#1202131). - iwlwifi: yoyo: Avoid using dram data if allocation failed (bsc#1202131). - iwlwifi: yoyo: add IMR DRAM dump support (bsc#1202131). - iwlwifi: yoyo: disable IMR DRAM region if IMR is disabled (bsc#1202131). - iwlwifi: yoyo: dump IMR DRAM only for HW and FW error (bsc#1202131). - iwlwifi: yoyo: fix DBGC allocation flow (bsc#1202131). - iwlwifi: yoyo: fix DBGI_SRAM ini dump header (bsc#1202131). - iwlwifi: yoyo: fix issue with new DBGI_SRAM region read (bsc#1202131). - iwlwifi: yoyo: fw debug config from context info and preset (bsc#1202131). - iwlwifi: yoyo: send hcmd to fw after dump collection completes (bsc#1202131). - iwlwifi: yoyo: support TLV-based firmware reset (bsc#1202131). - iwlwifi: yoyo: support dump policy for the dump size (bsc#1202131). - iwlwifi: yoyo: support for DBGC4 for dram (bsc#1202131). - iwlwifi: yoyo: support for ROM usniffer (bsc#1202131). - ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero (git-fixes). - ixgbe: fix bcast packets Rx on VF after promisc removal (git-fixes). - ixgbe: fix unexpected VLAN Rx in promisc mode on VF (git-fixes). - jbd2: export jbd2_journal_[grab|put]_journal_head (bsc#1202775). - jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted (bsc#1202716). - jbd2: fix outstanding credits assert in jbd2_journal_commit_transaction() (bsc#1202715). - kABI workaround for spi changes (bsc#1203699). - kABI: Add back removed struct paca member (bsc#1203664 ltc#199236). - kABI: Fix after adding trace_iterator.wait_index (git-fixes). - kABI: Fix kABI after 'KVM: x86/pmu: Use different raw event masks for AMD and Intel' (git-fixes). - kABI: Fix kABI after SNP-Guest backport (jsc#SLE-19924, jsc#SLE-24814). - kABI: Fix kABI after backport Add pmc->intr to refactor kvm_perf_overflow{_intr}() (git-fixes). - kABI: Fix kABI after backport Always set kvm_run->if_flag (git-fixes). - kABI: Fix kABI after backport Forcibly leave nested virt when SMM state is toggled (git-fixes). - kABI: Fix kABI after backport Refactoring find_arch_event() to pmc_perf_hw_id() (git-fixes). - kABI: fix adding another field to scsi_device (bsc#1203039). - kABI: reintroduce a non-inline usleep_range (git-fixes). - kABI: scsi: libiscsi: fix removal of iscsi_create_conn (bsc#1198410). - kabi/severities: Exclude ppc kvm - kabi/severities: add Qlogic qed symbols - kabi/severities: add drivers/scsi/hisi_sas for bsc#1202471 - kabi/severities: add hisilicon hns3 symbols - kabi/severities: add microchip dsa drivers - kabi/severities: ignore CS35L41-specific exports (bsc#1203699) - kabi/severities: ignore kABI changes in mwifiex drivers Those symbols are used only locally in mwifiex (sub-)modules. - kabi/severities: octeontx2 driver (jsc#SLE-24682) - kbuild: Add skip_encoding_btf_enum64 option to pahole (git-fixes). - kbuild: Unify options for BTF generation for vmlinux and modules (bsc#1204693). - kbuild: disable header exports for UML in a straightforward way (git-fixes). - kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (git-fixes). - kbuild: fix the modules order between drivers and libs (git-fixes). - kbuild: link vmlinux only once for CONFIG_TRIM_UNUSED_KSYMS (2nd attempt) (git-fixes). - kbuild: remove the target in signal traps when interrupted (git-fixes). - kbuild: rpm-pkg: fix breakage when V=1 is used (git-fixes). - kcm: fix strp_init() order and cleanup (git-fies). - kernel-binary: move @NOSOURCE@ to @SOURCES@ as in other packages - kernel-source: include the kernel signature file We assume that the upstream tarball is used for released kernels. Then we can also include the signature file and keyring in the kernel-source src.rpm. Because of mkspec code limitation exclude the signature and keyring from binary packages always - mkspec does not parse spec conditionals. - kernfs: fix use-after-free in __kernfs_remove (git-fixes). - kexec, KEYS, s390: Make use of built-in and secondary keyring for signature verification (bsc#1196444). - kexec, KEYS: make the code in bzImage64_verify_sig generic (bsc#1196444). - kexec: clean up arch_kexec_kernel_verify_sig (bsc#1196444). - kexec: drop weak attribute from functions (bsc#1196444). - kexec: turn all kexec_mutex acquisitions into trylocks (git-fixes). - kexec_file: drop weak attribute from functions (bsc#1196444). - kfifo: fix kfifo_to_user() return type (git-fixes). - kselftest/arm64: Fix validatation termination record after EXTRA_CONTEXT (git-fixes). - kselftest/cgroup: fix test_stress.sh to use OUTPUT dir (git-fixes). - kselftest/vm: fix tests build with old libc (git-fixes). - kselftest: Fix vdso_test_abi return status (git-fixes). - kselftest: signal all child processes (git-fixes). - kvm: selftests: do not use bitfields larger than 32-bits for PTEs (git-fixes). - l3mdev: l3mdev_master_upper_ifindex_by_index_rcu should be using netdev_master_upper_dev_get_rcu (git-fixes). - landlock: Add clang-format exceptions (git-fixes). - landlock: Change landlock_add_rule(2) argument check ordering (git-fixes). - landlock: Change landlock_restrict_self(2) check ordering (git-fixes). - landlock: Create find_rule() from unmask_layers() (git-fixes). - landlock: Define access_mask_t to enforce a consistent access mask size (git-fixes). - landlock: Fix landlock_add_rule(2) documentation (git-fixes). - landlock: Fix same-layer rule unions (git-fixes). - landlock: Format with clang-format (git-fixes). - landlock: Reduce the maximum number of layers to 16 (git-fixes). - landlock: Use square brackets around 'landlock-ruleset' (git-fixes). - lib/list_debug.c: Detect uninitialized lists (git-fixes). - lib/raid6/test: fix multiple definition linking error (git-fixes). - lib/sg_pool: change module_init(sg_pool_init) to subsys_initcall (git-fixes). - lib/smp_processor_id: fix imbalanced instrumentation_end() call (git-fixes). - libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205 (git-fixes). - livepatch: Add a missing newline character in klp_module_coming() (bsc#1071995). - livepatch: fix race between fork and KLP transition (bsc#1071995). - lkdtm: Disable return thunks in rodata.c (bsc#1190497). - lockd: detect and reject lock arguments that overflow (git-fixes). - lockdep: Correct lock_classes index mapping (git-fixes). - locking/lockdep: Avoid potential access of invalid memory in lock_class (git-fixes). - locking/lockdep: Fix lockdep_init_map_*() confusion (git-fixes). - locking/lockdep: Iterate lock_classes directly when reading lockdep files (git-fixes). - loop: Check for overflow while configuring loop (git-fies). - loop: Use pr_warn_once() for loop_control_remove() warning (git-fixes). - loop: use sysfs_emit() in the sysfs xxx show() (git-fixes). - mISDN: fix misuse of put_device() in mISDN_register_device() (git-fixes). - mISDN: fix possible memory leak in mISDN_dsp_element_register() (git-fixes). - mISDN: fix possible memory leak in mISDN_register_device() (git-fixes). - mISDN: fix use-after-free bugs in l1oip timer handlers (git-fixes). - mISDN: hfcpci: Fix use-after-free bug in hfcpci_softirq (git-fixes). - mac80211: fix a memory leak where sta_info is not freed (git-fixes). - mac80211: introduce channel switch disconnect function (bsc#1202131). - mac80211: radiotap: Use BIT() instead of shifts (git-fixes). - mac802154: Fix LQI recording (git-fixes). - mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add() (git-fixes). - macsec: Fix invalid error code set (git-fixes). - macsec: add missing attribute validation for offload (git-fixes). - macsec: always read MACSEC_SA_ATTR_PN as a u64 (git-fixes). - macsec: clear encryption keys from the stack after setting up offload (git-fixes). - macsec: delete new rxsc when offload fails (git-fixes). - macsec: fix NULL deref in macsec_add_rxsa (git-fixes). - macsec: fix detection of RXSCs when toggling offloading (git-fixes). - macsec: fix error message in macsec_add_rxsa and _txsa (git-fixes). - macsec: fix secy->n_rx_sc accounting (git-fixes). - macsec: limit replay window size with XPN (git-fixes). - macvlan: enforce a consistent minimal mtu (git-fixes). - mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg (git-fixes). - mailbox: mpfs: account for mbox offsets while sending (git-fixes). - mailbox: mpfs: fix handling of the reg property (git-fixes). - marvell: octeontx2: build error: unknown type name 'u64' (jsc#SLE-24682). - mbcache: add functions to delete entry if unused (bsc#1198971). - mbcache: do not reclaim used entries (bsc#1198971). - md-raid10: fix KASAN warning (git-fixes). - md/bitmap: do not set sb values if can't pass sanity check (bsc#1197158). - md/raid0: Ignore RAID0 layout if the second zone has only one device (git-fixes). - md/raid1: fix missing bitmap update w/o WriteMostly devices (bsc#1203036). - md/raid5: Ensure stripe_fill happens on non-read IO with journal (git-fixes). - md/raid5: Remove unnecessary bio_put() in raid5_read_one_chunk() (git-fixes). - md: Replace snprintf with scnprintf (git-fixes, bsc#1164051). - md: call __md_stop_writes in md_stop (git-fixes). - md: unlock mddev before reap sync_thread in action_store (bsc#1197659). - media: [PATCH] pci: atomisp_cmd: fix three missing checks on list iterator (git-fixes). - media: aspeed: Fix an error handling path in aspeed_video_probe() (git-fixes). - media: atmel: atmel-sama7g5-isc: fix warning in configs without OF (git-fixes). - media: atomisp: prevent integer overflow in sh_css_set_black_frame() (git-fixes). - media: cedrus: Fix endless loop in cedrus_h265_skip_bits() (git-fixes). - media: cedrus: Set the platform driver data earlier (git-fixes). - media: cedrus: h265: Fix flag name (git-fixes). - media: cedrus: hevc: Add check for invalid timestamp (git-fixes). - media: coda: Add more H264 levels for CODA960 (git-fixes). - media: coda: Fix reported H264 profile (git-fixes). - media: cros-ec-cec: limit msg.len to CEC_MAX_MSG_SIZE (git-fixes). - media: cx88: Fix a null-ptr-deref bug in buffer_prepare() (git-fixes). - media: driver/nxp/imx-jpeg: fix a unexpected return value problem (git-fixes). - media: dvb-frontends/drxk: initialize err to 0 (git-fixes). - media: dvb_vb2: fix possible out of bound access (git-fixes). - media: exynos4-is: Change clk_disable to clk_disable_unprepare (git-fixes). - media: exynos4-is: Fix PM disable depth imbalance in fimc_is_probe (git-fixes). - media: flexcop-usb: fix endpoint type check (git-fixes). - media: hantro: postproc: Fix motion vector space size (git-fixes). - media: hdpvr: fix error value returns in hdpvr_read (git-fixes). - media: hevc: Embedded indexes in RPS (git-fixes). - media: imx-jpeg: Add pm-runtime support for imx-jpeg (git-fixes). - media: imx-jpeg: Add pm-sleep support for imx-jpeg (git-fixes). - media: imx-jpeg: Correct some definition according specification (git-fixes). - media: imx-jpeg: Disable slot interrupt when frame done (git-fixes). - media: imx-jpeg: Fix potential array out of bounds in queue_setup (git-fixes). - media: imx-jpeg: Leave a blank space before the configuration data (git-fixes). - media: imx-jpeg: Refactor function mxc_jpeg_parse (git-fixes). - media: imx-jpeg: use NV12M to represent non contiguous NV12 (git-fixes). - media: ipu3-imgu: Fix NULL pointer dereference in active selection access (git-fixes). - media: mceusb: Use new usb_control_msg_*() routines (git-fixes). - media: mceusb: set timeout to at least timeout provided (git-fixes). - media: meson: vdec: add missing clk_disable_unprepare on error in vdec_hevc_start() (git-fixes). - media: meson: vdec: fix possible refcount leak in vdec_probe() (git-fixes). - media: platform: mtk-mdp: Fix mdp_ipi_comm structure alignment. - media: pvrusb2: fix memory leak in pvr_probe (git-fixes). - media: rkisp1: Do not pass the quantization to rkisp1_csm_config() (git-fixes). - media: rkisp1: Initialize color space on resizer sink and source pads (git-fixes). - media: rkisp1: Use correct macro for gradient registers (git-fixes). - media: rkisp1: Zero v4l2_subdev_format fields in when validating links (git-fixes). - media: rkvdec: Disable H.264 error detection (git-fixes). - media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE (git-fixes). - media: st-delta: Fix PM disable depth imbalance in delta_probe (git-fixes). - media: tw686x: Fix memory leak in tw686x_video_init (git-fixes). - media: tw686x: Register the irq at the end of probe (git-fixes). - media: uvcvideo: Fix memory leak in uvc_gpio_parse (git-fixes). - media: uvcvideo: Use entity get_cur in uvc_ctrl_set (git-fixes). - media: v4l2-compat-ioctl32.c: zero buffer passed to v4l2_compat_get_array_args() (git-fixes). - media: v4l2-dv-timings: add sanity checks for blanking values (git-fixes). - media: v4l2-mem2mem: prevent pollerr when last_buffer_dequeued is set (git-fixes). - media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation (git-fixes). - media: v4l: subdev: Fail graciously when getting try data for NULL state (git-fixes). - media: venus: dec: Handle the case where find_format fails (git-fixes). - media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced' (git-fixes). - media: vivid: dev->bitmap_cap wasn't freed in all cases (git-fixes). - media: vivid: s_fbuf: add more sanity checks (git-fixes). - media: vivid: set num_in/outputs to 0 if not supported (git-fixes). - media: vsp1: Fix offset calculation for plane cropping. - media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init (git-fixes). - mediatek: mt76: eeprom: fix missing of_node_put() in mt76_find_power_limits_node() (git-fixes). - mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init() (git-fixes). - memory: of: Fix refcount leak bug in of_get_ddr_timings() (git-fixes). - memory: of: Fix refcount leak bug in of_lpddr3_get_ddr_timings() (git-fixes). - memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe() (git-fixes). - memstick/ms_block: Fix a memory leak (git-fixes). - memstick/ms_block: Fix some incorrect memory allocation (git-fixes). - meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init (git-fixes). - mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq() (git-fixes). - mfd: fsl-imx25: Fix check for platform_get_irq() errors (git-fixes). - mfd: intel-lpss: Add Intel Raptor Lake PCH-S PCI IDs (jsc#PED-634). - mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe() (git-fixes). - mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init() (git-fixes). - mfd: lp8788: Fix an error handling path in lp8788_probe() (git-fixes). - mfd: max77620: Fix refcount leak in max77620_initialise_fps (git-fixes). - mfd: sm501: Add check for platform_driver_register() (git-fixes). - mfd: t7l66xb: Drop platform disable callback (git-fixes). - minix: fix bug when opening a file with O_DIRECT (git-fixes). - misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (git-fixes). - misc: cs35l41: Remove unused pdn variable (bsc#1203699). - misc: fastrpc: fix memory corruption on open (git-fixes). - misc: fastrpc: fix memory corruption on probe (git-fixes). - misc: ocxl: fix possible refcount leak in afu_ioctl() (git-fixes). - misc: pci_endpoint_test: Aggregate params checking for xfer (git-fixes). - misc: pci_endpoint_test: Fix pci_endpoint_test_{copy,write,read}() panic (git-fixes). - misc: rtsx: Fix an error handling path in rtsx_pci_probe() (git-fixes). - mkspec: eliminate @NOSOURCE@ macro This should be alsways used with @SOURCES@, just include the content there. - mlxsw: i2c: Fix initialization error flow (git-fixes). - mlxsw: spectrum: Clear PTP configuration after unregistering the netdevice (git-fixes). - mlxsw: spectrum_cnt: Reorder counter pools (git-fixes). - mlxsw: spectrum_router: Fix IPv4 nexthop gateway indication (git-fixes). - mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page (bsc#1204575). - mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse (git-fixes). kABI: Fix kABI after 'mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse' (git-fixes). - mm: Fix PASID use-after-free issue (bsc#1203908). - mm: bdi: initialize bdi_min_ratio when bdi is unregistered (bsc#1197763). - mm: memcontrol: fix potential oom_lock recursion deadlock (bsc#1202447). - mm: pagewalk: Fix race between unmap and page walker (git-fixes, bsc#1203159). - mmc: au1xmmc: Fix an error handling path in au1xmmc_probe() (git-fixes). - mmc: block: Add single read for 4k sector cards (git-fixes). - mmc: cavium-octeon: Add of_node_put() when breaking out of loop (git-fixes). - mmc: cavium-thunderx: Add of_node_put() when breaking out of loop (git-fixes). - mmc: core: Fix UHS-I SD 1.8V workaround branch (git-fixes). - mmc: core: Fix ambiguous TRIM and DISCARD arg (git-fixes). - mmc: core: Fix inconsistent sd3_bus_mode at UHS-I SD voltage switch failure (git-fixes). - mmc: core: Fix kernel panic when remove non-standard SDIO card (git-fixes). - mmc: core: Replace with already defined values for readability (git-fixes). - mmc: core: Terminate infinite loop in SD-UHS voltage switch (git-fixes). - mmc: core: properly select voltage range without power cycle (git-fixes). - mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI (git-fixes). - mmc: hsq: Fix data stomping during mmc recovery (git-fixes). - mmc: meson-gx: Fix an error handling path in meson_mmc_probe() (git-fixes). - mmc: mmc_test: Fix removal of debugfs file (git-fixes). - mmc: moxart: fix 4-bit bus width and remove 8-bit bus width (git-fixes). - mmc: mxcmmc: Silence a clang warning (git-fixes). - mmc: pxamci: Fix an error handling path in pxamci_probe() (git-fixes). - mmc: pxamci: Fix another error handling path in pxamci_probe() (git-fixes). - mmc: renesas_sdhi: Get the reset handle early in the probe (git-fixes). - mmc: sdhci-brcmstb: Enable Clock Gating to save power (git-fixes). - mmc: sdhci-brcmstb: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: sdhci-brcmstb: Re-organize flags (git-fixes). - mmc: sdhci-esdhc-imx: Propagate ESDHC_FLAG_HS400* only on 8bit bus (git-fixes). - mmc: sdhci-esdhc-imx: correct CQHCI exit halt state check (git-fixes). - mmc: sdhci-esdhc-imx: use the correct host caps for MMC_CAP_8_BIT_DATA (git-fixes). - mmc: sdhci-msm: add compatible string check for sdm670 (git-fixes). - mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R (git-fixes). - mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch (git-fixes). - mmc: sdhci-pci-core: Disable ES for ASUS BIOS on Jasper Lake (git-fixes). - mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce timeout (git-fixes). - mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() (git-fixes). - mmc: sdhci-sprd: Fix minimum clock limit (git-fixes). - mmc: sdhci-sprd: Fix no reset data and command after voltage switch (git-fixes). - mmc: sdhci-tegra: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: sdhci_am654: 'select', not 'depends' REGMAP_MMIO (git-fixes). - mmc: sdhci_am654: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: tmio: avoid glitches when resetting (git-fixes). - mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe() (git-fixes). - mms: sdhci-esdhc-imx: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - module: change to print useful messages from elf_validity_check() (git-fixes). - module: fix [e_shstrndx].sh_size=0 OOB access (git-fixes). - msft-hv-2570-hv_netvsc-Add-support-for-XDP_REDIRECT.patch: (bsc#1199364). - mt76: mt7615: do not update pm stats in case of error (git-fixes). - mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg (git-fixes). - mt76: mt7921: enlarge maximum VHT MPDU length to 11454 (git-fixes). - mt76: mt7921: fix aggregation subframes setting to HE max (git-fixes). - mtd: dataflash: Add SPI ID table (git-fixes). - mtd: devices: docg3: check the return value of devm_ioremap() in the probe (git-fixes). - mtd: maps: Fix refcount leak in ap_flash_init (git-fixes). - mtd: maps: Fix refcount leak in of_flash_probe_versatile (git-fixes). - mtd: parsers: bcm47xxpart: Fix halfblock reads (git-fixes). - mtd: parsers: bcm47xxpart: print correct offset on read error (git-fixes). - mtd: parsers: ofpart: Fix refcount leak in bcm4908_partitions_fw_offset (git-fixes). - mtd: partitions: Fix refcount leak in parse_redboot_of (git-fixes). - mtd: rawnand: arasan: Fix clock rate in NV-DDR (git-fixes). - mtd: rawnand: arasan: Update NAND bus clock instead of system clock (git-fixes). - mtd: rawnand: atmel: Unmap streaming DMA mappings (git-fixes). - mtd: rawnand: fsl_elbc: Fix none ECC mode (git-fixes). - mtd: rawnand: gpmi: Set WAIT_FOR_READY timeout based on program/erase times (git-fixes). - mtd: rawnand: gpmi: validate controller clock rate (git-fixes). - mtd: rawnand: intel: Do not re-define NAND_DATA_IFACE_CHECK_ONLY (git-fixes). - mtd: rawnand: intel: Read the chip-select line from the correct OF node (git-fixes). - mtd: rawnand: intel: Remove undocumented compatible string (git-fixes). - mtd: rawnand: marvell: Use correct logic for nand-keep-config (git-fixes). - mtd: rawnand: meson: Fix a potential double free issue (git-fixes). - mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct() (git-fixes). - mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release (git-fixes). - mtd: spi-nor: fix spi_nor_spimem_setup_op() call in spi_nor_erase_{sector,chip}() (git-fixes). - mtd: spi-nor: intel-spi: Disable write protection only if asked (git-fixes). - mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path (git-fixes). - musb: fix USB_MUSB_TUSB6010 dependency (git-fixes). - mwifiex: Ignore BTCOEX events from the 88W8897 firmware (git-fixes). - mwifiex: fix sleep in atomic context bugs caused by dev_coredumpv (git-fixes). - n_gsm: remove unused parameters from gsm_error() (git-fixes). - nbd: Fix incorrect error handle when first_minor is illegal in nbd_dev_add (git-fixes). - net/dsa/hirschmann: Add missing of_node_get() in hellcreek_led_setup() (git-fixes). - net/ice: fix initializing the bitmap in the switch code (git-fixes). - net/ieee802154: fix uninit value bug in dgram_sendmsg (git-fixes). - net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure (git-fixes). - net/mlx5: CT: Fix header-rewrite re-use for tupels (git-fixes). - net/mlx5: Drain fw_reset when removing device (git-fixes). - net/mlx5e: Block rx-gro-hw feature in switchdev mode (git-fixes). - net/mlx5e: Disable softirq in mlx5e_activate_rq to avoid race condition (git-fixes). - net/mlx5e: Fix enabling sriov while tc nic rules are offloaded (git-fixes). - net/mlx5e: Properly block HW GRO when XDP is enabled (git-fixes). - net/mlx5e: Properly block LRO when XDP is enabled (git-fixes). - net/mlx5e: Properly disable vlan strip on non-UL reps (git-fixes). - net/mlx5e: Remove HW-GRO from reported features (git-fixes). - net/mlx5e: Remove WARN_ON when trying to offload an unsupported TLS cipher/version (git-fixes). - net/mlx5e: Ring the TX doorbell on DMA errors (git-fixes). - net/mlx5e: TC NIC mode, fix tc chains miss table (git-fixes). - net/mlx5e: TC, fix decap fallback to uplink when int port not supported (git-fixes). - net/mlx5e: Update netdev features after changing XDP state (git-fixes). - net/mlx5e: xsk: Account for XSK RQ UMRs when calculating ICOSQ size (git-fixes). - net/qla3xxx: Fix a test in ql_reset_work() (git-fixes). - net/smc: Avoid overwriting the copies of clcsock callback functions (git-fixes). - net/smc: Fix an error code in smc_lgr_create() (git-fixes). - net/smc: Fix possible access to freed memory in link clear (git-fixes). - net/smc: Fix possible leaked pernet namespace in smc_init() (git-fixes). - net/smc: Fix slab-out-of-bounds issue in fallback (git-fixes). - net/smc: Fix sock leak when release after smc_shutdown() (git-fixes). - net/smc: Forward wakeup to smc socket waitqueue after fallback (git-fixes). - net/smc: Only save the original clcsock callback functions (git-fixes). - net/smc: Send directly when TCP_CORK is cleared (git-fixes). - net/smc: kABI workarounds for struct smc_link (git-fixes). - net/smc: kABI workarounds for struct smc_sock (git-fixes). - net/smc: send directly on setting TCP_NODELAY (git-fixes). - net/sunrpc: fix potential memory leaks in rpc_sysfs_xprt_state_change() (git-fixes). - net/x25: Fix skb leak in x25_lapb_receive_frame() (git-fixes). - net: altera: Fix refcount leak in altera_tse_mdio_create (git-fixes). - net: asix: fix 'can't send until first packet is send' issue (git-fixes). - net: atlantic: fix aq_vec index out of range error (git-fixes). - net: axienet: fix RX ring refill allocation failure handling (git-fixes). - net: axienet: reset core on initialization prior to MDIO access (git-fixes). - net: bcmgenet: Indicate MAC is in charge of PHY PM (git-fixes). - net: bcmgenet: Revert 'Use stronger register read/writes to assure ordering' (git-fixes). - net: bcmgenet: Use stronger register read/writes to assure ordering (git-fixes). - net: bcmgenet: hide status block before TX timestamping (git-fixes). - net: bgmac: Fix a BUG triggered by wrong bytes_compl (git-fixes). - net: bgmac: Fix an erroneous kfree() in bgmac_remove() (git-fixes). - net: bgmac: support MDIO described in DT (git-fixes). - net: bonding: fix possible NULL deref in rlb code (git-fixes). - net: bonding: fix use-after-free after 802.3ad slave unbind (git-fixes). - net: chelsio: cxgb4: Avoid potential negative array offset (git-fixes). - net: cpsw: add missing of_node_put() in cpsw_probe_dt() (git-fixes). - net: dp83822: disable false carrier interrupt (git-fixes). - net: dp83822: disable rx error interrupt (git-fixes). - net: dsa: b53: Add SPI ID table (git-fixes). - net: dsa: bcm_sf2: Fix Wake-on-LAN with mac_link_down() (git-fixes). - net: dsa: bcm_sf2: force pause link settings (git-fixes). - net: dsa: bcm_sf2_cfp: fix an incorrect NULL check on list iterator (git-fixes). - net: dsa: felix: Fix memory leak in felix_setup_mmio_filtering (git-fixes). - net: dsa: felix: fix tagging protocol changes with multiple CPU ports (git-fixes). - net: dsa: felix: purge skb from TX timestamping queue if it cannot be sent (git-fies). - net: dsa: felix: suppress -EPROBE_DEFER errors (git-fixes). - net: dsa: hellcreek: Add STP forwarding rule (git-fixes). - net: dsa: hellcreek: Add missing PTP via UDP rules (git-fixes). - net: dsa: hellcreek: Allow PTP P2P measurements on blocked ports (git-fixes). - net: dsa: hellcreek: Fix insertion of static FDB entries (git-fixes). - net: dsa: introduce helpers for iterating through ports using dp (git-fixes). - net: dsa: ksz9477: port mirror sniffing limited to one port (git-fixes). - net: dsa: lantiq_gswip: Do not set GSWIP_MII_CFG_RMII_CLK (git-fixes). - net: dsa: lantiq_gswip: Fix refcount leak in gswip_gphy_fw_list (git-fixes). - net: dsa: lantiq_gswip: fix use after free in gswip_remove() (git-fixes). - net: dsa: microchip: fix bridging with more than two member ports (git-fixes). - net: dsa: microchip: implement multi-bridge support (git-fixes). - net: dsa: microchip: ksz9477: fix fdb_dump last invalid entry (git-fixes). - net: dsa: microchip: ksz_common: Fix refcount leak bug (git-fixes). - net: dsa: mt7530: 1G can also support 1000BASE-X link mode (git-fixes). - net: dsa: mt7530: add missing of_node_put() in mt7530_setup() (git-fixes). - net: dsa: mv88e6060: prevent crash on an unused port (git-fixes). - net: dsa: mv88e6xxx: Add fix for erratum 5.2 of 88E6393X family (git-fixes). - net: dsa: mv88e6xxx: Drop unnecessary check in mv88e6393x_serdes_erratum_4_6() (git-fixes). - net: dsa: mv88e6xxx: Enable port policy support on 6097 (git-fixes). - net: dsa: mv88e6xxx: Fix application of erratum 4.8 for 88E6393X (git-fixes). - net: dsa: mv88e6xxx: Fix inband AN for 2500base-x on 88E6393X family (git-fixes). - net: dsa: mv88e6xxx: Fix port_hidden_wait to account for port_base_addr (git-fixes). - net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register (git-fixes). - net: dsa: mv88e6xxx: Link in pcs_get_state() if AN is bypassed (git-fixes). - net: dsa: mv88e6xxx: Save power by disabling SerDes trasmitter and receiver (git-fixes). - net: dsa: mv88e6xxx: Unforce speed & duplex in mac_link_down() (git-fixes). - net: dsa: mv88e6xxx: allow use of PHYs on CPU and DSA ports (git-fixes). - net: dsa: mv88e6xxx: error handling for serdes_power functions (git-fixes). - net: dsa: mv88e6xxx: fix 'do not use PHY_DETECT on internal PHY's' (git-fixes). - net: dsa: mv88e6xxx: use BMSR_ANEGCOMPLETE bit for filling an_complete (git-fixes). - net: dsa: ocelot: seville: utilize of_mdiobus_register (git-fixes). - net: dsa: qca8k: fix MTU calculation (git-fixes). - net: dsa: restrict SMSC_LAN9303_I2C kconfig (git-fixes). - net: dsa: seville: register the mdiobus under devres (git-fixes). - net: dsa: sja1105: fix buffer overflow in sja1105_setup_devlink_regions() (git-fixes). - net: dsa: sja1105: silent spi_device_id warnings (git-fixes). - net: dsa: tag_ocelot_8021q: break circular dependency with ocelot switch lib (git-fies). - net: dsa: vitesse-vsc73xx: silent spi_device_id warnings (git-fixes). - net: emaclite: Add error handling for of_address_to_resource() (git-fixes). - net: enetc: Use pci_release_region() to release some resources (git-fixes). - net: enetc: report software timestamping via SO_TIMESTAMPING (git-fixes). - net: ethernet: bgmac: Fix refcount leak in bcma_mdio_mii_register (git-fixes). - net: ethernet: mediatek: ppe: fix wrong size passed to memset() (git-fixes). - net: ethernet: mv643xx: Fix over zealous checking of_get_mac_address() (git-fixes). - net: ethernet: nixge: fix NULL dereference (git-fixes). - net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed (git-fixes). - net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link (git-fixes). - net: ethernet: stmmac: fix write to sgmii_adapter_base (git-fixes). - net: ethernet: ti: am65-cpsw: Fix devlink port register sequence (git-fixes). - net: ethernet: ti: am65-cpsw: fix error handling in am65_cpsw_nuss_probe() (git-fixes). - net: ethernet: ti: davinci_mdio: Add workaround for errata i2329 (git-fixes). - net: ethernet: ti: davinci_mdio: fix build for mdio bitbang uses (git-fixes). - net: fec: add missing of_node_put() in fec_enet_init_stop_mode() (git-fixes). - net: fix IFF_TX_SKB_NO_LINEAR definition (git-fixes). - net: ftgmac100: Hold reference returned by of_get_child_by_name() (git-fixes). - net: ftgmac100: access hardware register after clock ready (git-fixes). - net: hns3: add netdev reset check for hns3_set_tunable() (git-fixes). - net: hns3: clean residual vf config after disable sriov (git-fixes). - net: hns3: do not push link state to VF if unalive (git-fixes). - net: hns3: fix the concurrency between functions reading debugfs (git-fixes). - net: hns3: set port base vlan tbl_sta to false before removing old vlan (git-fixes). - net: huawei: hinic: Use devm_kcalloc() instead of devm_kzalloc() (git-fixes). - net: hyperv: remove use of bpf_op_t (git-fixes). - net: ieee802154: return -EINVAL for unknown addr type (git-fixes). - net: ipa: do not assume SMEM is page-aligned (git-fixes). - net: ipa: get rid of a duplicate initialization (git-fixes). - net: ipa: kill ipa_cmd_pipeline_clear() (git-fixes). - net: ipa: record proper RX transaction count (git-fixes). - net: ipvtap - add __init/__exit annotations to module init/exit funcs (git-fixes). - net: macb: Fix PTP one step sync support (git-fixes). - net: macb: Increment rx bd head after allocating skb and buffer (git-fixes). - net: macsec: fix potential resource leak in macsec_add_rxsa() and macsec_add_txsa() (git-fixes). - net: mana: Add rmb after checking owner bits (git-fixes). - net: mana: Add support of XDP_REDIRECT action (bug#1201310, jsc#PED-529). - net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529). - net: mana: Fix race on per-CQ variable napi work_done (git-fixes). - net: marvell: prestera: fix incorrect structure access (git-fixes). - net: mdio: Fix ENOMEM return value in BCM6368 mux bus controller (git-fixes). - net: mdio: fix unbalanced fwnode reference count in mdio_device_release() (git-fixes). - net: mdiobus: fix unbalanced node reference count (git-fixes). - net: moxa: get rid of asymmetry in DMA mapping/unmapping (git-fixes). - net: moxa: pass pdev instead of ndev to DMA functions (git-fixes). - net: mscc: ocelot: avoid corrupting hardware counters when moving VCAP filters (git-fixes). - net: mscc: ocelot: correctly report the timestamping RX filters in ethtool (git-fixes). - net: mscc: ocelot: create a function that replaces an existing VCAP filter (git-fixes). - net: mscc: ocelot: do not dereference NULL pointers with shared tc filters (git-fixes). - net: mscc: ocelot: do not downgrade timestamping RX filters in SIOCSHWTSTAMP (git-fixes). - net: mscc: ocelot: fix VCAP IS2 filters matching on both lookups (git-fixes). - net: mscc: ocelot: fix address of SYS_COUNT_TX_AGING counter (git-fixes). - net: mscc: ocelot: fix all IP traffic getting trapped to CPU with PTP over IP (git-fixes). - net: mscc: ocelot: fix broken IP multicast flooding (git-fixes). - net: mscc: ocelot: fix incorrect balancing with down LAG ports (git-fixes). - net: mscc: ocelot: fix last VCAP IS1/IS2 filter persisting in hardware when deleted (git-fixes). - net: mscc: ocelot: fix missing unlock on error in ocelot_hwstamp_set() (git-fixes). - net: mscc: ocelot: restrict tc-trap actions to VCAP IS2 lookup 0 (git-fixes). - net: mscc: ocelot: set up traps for PTP packets (git-fixes). - net: openvswitch: do not send internal clone attribute to the userspace (git-fixes). - net: openvswitch: fix leak of nested actions (git-fixes). - net: openvswitch: fix misuse of the cached connection on tuple changes (git-fixes). - net: openvswitch: fix parsing of nw_proto for IPv6 fragments (git-fixes). - net: pcs: xpcs: propagate xpcs_read error to xpcs_get_state_c37_sgmii (git-fixes). - net: phy: Do not WARN for PHY_READY state in mdio_bus_phy_resume() (git-fixes). - net: phy: Do not WARN for PHY_UP state in mdio_bus_phy_resume() (git-fixes). - net: phy: Warn about incorrect mdio_bus_phy_resume() state (git-fixes). - net: phy: aquantia: wait for the suspend/resume operations to finish (git-fixes). - net: phy: at803x: move page selection fix to config_init (git-fixes). - net: phy: dp83822: disable MDI crossover status change interrupt (git-fixes). - net: phy: dp83867: Extend RX strap quirk for SGMII mode (git-fixes). - net: phy: fix null-ptr-deref while probe() failed (git-fixes). - net: phy: marvell: add sleep time after enabling the loopback bit (git-fixes). - net: phy: mscc: macsec: clear encryption keys when freeing a flow (git-fixes). - net: phy: smsc: Disable Energy Detect Power-Down in interrupt mode (git-fixes). - net: ptp: add a definition for the UDP port for IEEE 1588 general messages (git-fixes). - net: rose: fix netdev reference changes (git-fixes). - net: smsc95xx: add support for Microchip EVB-LAN8670-USB (git-fixes). - net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale pointer (git-fixes). - net: sparx5: depends on PTP_1588_CLOCK_OPTIONAL (git-fixes). - net: sparx5: uses, depends on BRIDGE or !BRIDGE (git-fixes). - net: stmmac: Fix unset max_speed difference between DT and non-DT platforms (git-fixes). - net: stmmac: Use readl_poll_timeout_atomic() in atomic state (git-fixes). - net: stmmac: clean up impossible condition (git-fixes). - net: stmmac: disable Split Header (SPH) for Intel platforms (bsc#1194904). - net: stmmac: dwc-qos: Disable split header for Tegra194 (bsc#1194904). - net: stmmac: dwmac-qcom-ethqos: Enable RGMII functional clock on resume (git-fixes). - net: stmmac: dwmac-qcom-ethqos: add platform level clocks management (git-fixes). - net: stmmac: dwmac-sun8i: add missing of_node_put() in sun8i_dwmac_register_mdio_mux() (git-fixes). - net: stmmac: enhance XDP ZC driver level switching performance (git-fixes). - net: stmmac: fix dma queue left shift overflow issue (git-fixes). - net: stmmac: fix leaks in probe (git-fixes). - net: stmmac: fix off-by-one error in sanity check (git-fixes). - net: stmmac: fix out-of-bounds access in a selftest (git-fixes). - net: stmmac: fix pm runtime issue in stmmac_dvr_remove() (git-fixes). - net: stmmac: fix unbalanced ptp clock issue in suspend/resume flow (git-fixes). - net: stmmac: only enable DMA interrupts when ready (git-fixes). - net: stmmac: perserve TX and RX coalesce value during XDP setup (git-fixes). - net: stmmac: remove redunctant disable xPCS EEE call (git-fixes). - net: stmmac: remove unused get_addr() callback (git-fixes). - net: stmmac: work around sporadic tx issue on link-up (git-fixes). - net: sungem_phy: Add of_node_put() for reference returned by of_get_parent() (git-fixes). - net: systemport: Fix an error handling path in bcm_sysport_probe() (git-fixes). - net: tap: NULL pointer derefence in dev_parse_header_protocol when skb->dev is null (git-fixes). - net: thunderbolt: Enable DMA paths only after rings are enabled (git-fixes). - net: thunderbolt: Fix error handling in tbnet_init() (git-fixes). - net: thunderbolt: fix memory leak in tbnet_open() (git-fixes). - net: thunderx: Fix the ACPI memory leak (git-fixes). - net: usb: Correct PHY handling of smsc95xx (git-fixes). - net: usb: Correct reset handling of smsc95xx (git-fixes). - net: usb: ax88179_178a needs FLAG_SEND_ZLP (git-fixes). - net: usb: ax88179_178a: add Allied Telesis AT-UMCs (git-fixes). - net: usb: make USB_RTL8153_ECM non user configurable (git-fixes). - net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (git-fixes). - net: usb: qmi_wwan: add Quectel RM520N (git-fixes). - net: usb: qmi_wwan: add Telit 0x103a composition (git-fixes). - net: usb: r8152: Add in new Devices that are supported for Mac-Passthru (git-fixes). - net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() (bsc#1200431). - net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() (bsc#1200431). - net: vmxnet3: remove multiple false checks in vmxnet3_ethtool.c (bsc#1200431). - net: wwan: iosm: Call mutex_init before locking it (git-fixes). - net: wwan: iosm: fix dma_alloc_coherent incompatible pointer type (git-fixes). - net: wwan: iosm: fix kernel test robot reported error (git-fixes). - net: wwan: iosm: remove pointless null check (git-fixes). - net:enetc: allocate CBD ring data memory using DMA coherent methods (git-fixes). - net_sched: cls_route: disallow handle of 0 (bsc#1202393). - netdevsim: fib: Fix reference count leak on route deletion failure (git-fixes). - nfc/nci: fix race with opening and closing (git-fixes). - nfc: fdp: Fix potential memory leak in fdp_nci_send() (git-fixes). - nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (git-fixes). - nfc: nxp-nci: Fix potential memory leak in nxp_nci_send() (git-fixes). - nfc: pn533: Fix use-after-free bugs caused by pn532_cmd_timeout (git-fixes). - nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (git-fixes). - nfc: st-nci: fix incorrect sizing calculations in EVT_TRANSACTION (git-fixes). - nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION (git-fixes). - nfc: st-nci: fix memory leaks in EVT_TRANSACTION (git-fixes). - nfp: ethtool: fix the display error of `ethtool -m DEVNAME` (git-fixes). - nfsd: eliminate the NFSD_FILE_BREAK_* flags (git-fixes). - nfsd: fix use-after-free due to delegation race (git-fixes). - nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry() (git-fixes). - nilfs2: fix deadlock in nilfs_count_free_blocks() (git-fixes). - nilfs2: fix incorrect masking of permission flags for symlinks (git-fixes). - nilfs2: fix lockdep warnings during disk space reclamation (git-fixes). - nilfs2: fix lockdep warnings in page operations for btree nodes (git-fixes). - nilfs2: fix nilfs_sufile_mark_dirty() not set segment usage as dirty (git-fixes). - nilfs2: fix use-after-free bug of ns_writer on remount (git-fixes). - nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure (git-fixes). - nohz/full, sched/rt: Fix missed tick-reenabling bug in dequeue_task_rt() (bnc#1189999 (Scheduler functional and performance backports)). - nouveau/svm: Fix to migrate all requested pages (git-fixes). - nouveau: explicitly wait on the fence in nouveau_bo_move_m2mf (git-fies). - ntb_hw_amd: Add NTB PCI ID for new gen CPU (bsc#1202113). - nvme-auth: align to pre-upstream FFDHE implementation (bsc#1202265). - nvme-auth: retry command if DNR bit is not set (bsc#1201675). - nvme-fabrics: parse nvme connect Linux error codes (bsc#1201865). - nvme-rdma: Handle number of queue changes (bsc#1201865). - nvme-tcp: Handle number of queue changes (bsc#1201865). - nvme-tcp: fix UAF when detecting digest errors (bsc#1200313 bsc#1201489). - nvme: consider also host_iface when checking ip options (bsc#1199670). - nvme: do not print verbose errors for internal passthrough requests (bsc#1202187). - nvme: fix RCU hole that allowed for endless looping in multipath round robin (bsc#1202636). - nvme: implement In-Band authentication (jsc#SLE-20183). - nvme: kabi fixes for in-band authentication (bsc#1199086). - nvmem: core: Check input parameter for NULL in nvmem_unregister() (bsc#1204241). - nvmet-auth: expire authentication sessions (jsc#SLE-20183). - nvmet: Expose max queues to configfs (bsc#1201865). - nvmet: implement basic In-Band Authentication (jsc#SLE-20183). - ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock (bsc#1202778). - ocfs2: fix a deadlock when commit trans (bsc#1202776). - octeontx2-af: Add KPU changes to parse NGIO as separate layer (jsc#SLE-24682). - octeontx2-af: Add PTP device id for CN10K and 95O silcons (jsc#SLE-24682). - octeontx2-af: Add SDP interface support (jsc#SLE-24682). - octeontx2-af: Add debug messages for failures (jsc#SLE-24682). - octeontx2-af: Add external ptp input clock (jsc#SLE-24682). - octeontx2-af: Add free rsrc count mbox msg (jsc#SLE-24682). - octeontx2-af: Add mbox to retrieve bandwidth profile free count (jsc#SLE-24682). - octeontx2-af: Add support to flush full CPT CTX cache (jsc#SLE-24682). - octeontx2-af: Adjust LA pointer for cpt parse header (jsc#SLE-24682). - octeontx2-af: Allocate low priority entries for PF (jsc#SLE-24682). - octeontx2-af: Allow to configure flow tag LSB byte as RSS adder (jsc#SLE-24682). - octeontx2-af: Apply tx nibble fixup always (git-fixes). - octeontx2-af: Change the order of queue work and interrupt disable (jsc#SLE-24682). - octeontx2-af: Do not enable Pause frames by default (jsc#SLE-24682). - octeontx2-af: Enable CPT HW interrupts (jsc#SLE-24682). - octeontx2-af: Enhance mailbox trace entry (jsc#SLE-24682). - octeontx2-af: Fix LBK backpressure id count (jsc#SLE-24682). - octeontx2-af: Fix inconsistent license text (jsc#SLE-24682). - octeontx2-af: Fix interrupt name strings (jsc#SLE-24682). - octeontx2-af: Fix key checking for source mac (git-fixes). - octeontx2-af: Fix mcam entry resource leak (git-fixes). - octeontx2-af: Fix spelling mistake 'Makesure' -> 'Make sure' (jsc#SLE-24682). - octeontx2-af: Fix uninitialized variable val (jsc#SLE-24682). - octeontx2-af: Flow control resource management (jsc#SLE-24682). - octeontx2-af: Handle return value in block reset (jsc#SLE-24682). - octeontx2-af: Hardware configuration for inline IPsec (jsc#SLE-24682). - octeontx2-af: Increase link credit restore polling timeout (jsc#SLE-24682). - octeontx2-af: Increase number of reserved entries in KPU (jsc#SLE-24682). - octeontx2-af: Increment ptp refcount before use (jsc#SLE-24682). - octeontx2-af: Limit KPU parsing for GTPU packets (jsc#SLE-24682). - octeontx2-af: Modify install flow error codes (jsc#SLE-24682). - octeontx2-af: Optimize KPU1 processing for variable-length headers (jsc#SLE-24682). - octeontx2-af: Perform cpt lf teardown in non FLR path (jsc#SLE-24682). - octeontx2-af: Priority flow control configuration support (jsc#SLE-24682). - octeontx2-af: Remove channel verification while installing MCAM rules (jsc#SLE-24682). - octeontx2-af: Remove redundant initialization of variable blkaddr (jsc#SLE-24682). - octeontx2-af: Remove redundant initialization of variable pin (jsc#SLE-24682). - octeontx2-af: Reset PTP config in FLR handler (jsc#SLE-24682). - octeontx2-af: Retry until RVU block reset complete (jsc#SLE-24682). - octeontx2-af: Use DMA_ATTR_FORCE_CONTIGUOUS attribute in DMA alloc (jsc#SLE-24682). - octeontx2-af: Use NDC TX for transmit packet data (jsc#SLE-24682). - octeontx2-af: Use ptp input clock info from firmware data (jsc#SLE-24682). - octeontx2-af: Wait for TX link idle for credits change (jsc#SLE-24682). - octeontx2-af: add proper return codes for AF mailbox handlers (jsc#SLE-24682). - octeontx2-af: cn10K: Get NPC counters value (jsc#SLE-24682). - octeontx2-af: cn10K: support for sched lmtst and other features (jsc#SLE-24682). - octeontx2-af: cn10k: DWRR MTU configuration (jsc#SLE-24682). - octeontx2-af: cn10k: RPM hardware timestamp configuration (jsc#SLE-24682). - octeontx2-af: cn10k: Set cache lines for NPA batch alloc (jsc#SLE-24682). - octeontx2-af: cn10k: Use appropriate register for LMAC enable (jsc#SLE-24682). - octeontx2-af: cn10k: add workaround for ptp errata (jsc#SLE-24682). - octeontx2-af: cn10k: debugfs for dumping LMTST map table (jsc#SLE-24682). - octeontx2-af: configure npc for cn10k to allow packets from cpt (jsc#SLE-24682). - octeontx2-af: debugfs: Add channel and channel mask (jsc#SLE-24682). - octeontx2-af: debugfs: Minor changes (jsc#SLE-24682). - octeontx2-af: debugfs: do not corrupt user memory (jsc#SLE-24682). - octeontx2-af: debugfs: fix error return of allocations (jsc#SLE-24682). - octeontx2-af: enable tx shaping feature for 96xx C0 (jsc#SLE-24682). - octeontx2-af: fix array bound error (jsc#SLE-24682). - octeontx2-af: fix error code in is_valid_offset() (jsc#SLE-24682). - octeontx2-af: initialize action variable (jsc#SLE-24682). - octeontx2-af: nix and lbk in loop mode in 98xx (jsc#SLE-24682). - octeontx2-af: remove redudant second error check on variable err (jsc#SLE-24682). - octeontx2-af: suppress external profile loading warning (git-fixes). - octeontx2-af: use swap() to make code cleaner (jsc#SLE-24682). - octeontx2-af: verify CQ context updates (jsc#SLE-24682). - octeontx2-nic: fix mixed module build (jsc#SLE-24682). - octeontx2-nicvf: Add PTP hardware clock support to NIX VF (jsc#SLE-24682). - octeontx2-nicvf: Free VF PTP resources (jsc#SLE-24682). - octeontx2-pf: Add TC feature for VFs (jsc#SLE-24682). - octeontx2-pf: Add XDP support to netdev PF (jsc#SLE-24682). - octeontx2-pf: Add check for non zero mcam flows (jsc#SLE-24682). - octeontx2-pf: Add support for adaptive interrupt coalescing (jsc#SLE-24682). - octeontx2-pf: Add vlan-etype to ntuple filters (jsc#SLE-24682). - octeontx2-pf: Allow VLAN priority also in ntuple filters (jsc#SLE-24682). - octeontx2-pf: CN10K: Hide RPM stats over ethtool (jsc#SLE-24682). - octeontx2-pf: Do not mask out supported link modes (jsc#SLE-24682). - octeontx2-pf: Enable NETIF_F_RXALL support for VF driver (jsc#SLE-24682). - octeontx2-pf: Fix NIX_AF_TL3_TL2X_LINKX_CFG register configuration (git-fixes). - octeontx2-pf: Fix UDP/TCP src and dst port tc filters (git-fixes). - octeontx2-pf: Fix inconsistent license text (jsc#SLE-24682). - octeontx2-pf: Ntuple filters support for VF netdev (jsc#SLE-24682). - octeontx2-pf: PFC config support with DCBx (jsc#SLE-24682). - octeontx2-pf: Remove unnecessary synchronize_irq() before free_irq() (jsc#SLE-24682). - octeontx2-pf: Simplify the receive buffer size calculation (jsc#SLE-24682). - octeontx2-pf: Sort the allocated MCAM entry indices (jsc#SLE-24682). - octeontx2-pf: Unify flow management variables (jsc#SLE-24682). - octeontx2-pf: Use hardware register for CQE count (jsc#SLE-24682). - octeontx2-pf: cn10K: Reserve LMTST lines per core (jsc#SLE-24682). - octeontx2-pf: cn10k: Config DWRR weight based on MTU (jsc#SLE-24682). - octeontx2-pf: cn10k: Ensure valid pointers are freed to aura (jsc#SLE-24682). - octeontx2-pf: cn10k: Fix egress ratelimit configuration (git-fixes). - octeontx2-pf: cn10k: add support for new ptp timestamp format (jsc#SLE-24682). - octeontx2-pf: devlink params support to set mcam entry count (jsc#SLE-24682). - octeontx2-pf: replace bitmap_weight with bitmap_empty where appropriate (jsc#SLE-24682). - octeontx2-pf: select CONFIG_NET_DEVLINK (jsc#SLE-24682). - octeontx2-vf: Add support for adaptive interrupt coalescing (jsc#SLE-24682). - octeontx2: Move devlink registration to be last devlink command (jsc#SLE-24682). - of/device: Fix up of_dma_configure_id() stub (git-fixes). - of: fdt: fix off-by-one error in unflatten_dt_nodes() (git-fixes). - openvswitch: Fix double reporting of drops in dropwatch (git-fixes). - openvswitch: Fix overreporting of drops in dropwatch (git-fixes). - openvswitch: Fix setting ipv6 fields causing hw csum failure (git-fixes). - openvswitch: Fixed nd target mask field in the flow dump (git-fixes). - openvswitch: add nf_ct_is_confirmed check before assigning the helper (git-fixes). - openvswitch: always update flow key after nat (git-fixes). - openvswitch: switch from WARN to pr_warn (git-fixes). - optee: add error checks in optee_ffa_do_call_with_arg() (git-fixes). - overflow.h: restore __ab_c_size (git-fixes). - overflow: Implement size_t saturating arithmetic helpers (jsc#PED-1211). - pNFS/flexfiles: Report RDMA connection errors to the server (git-fixes). - padata: Fix list iterator in padata_do_serial() (git-fixes). - panic, kexec: make __crash_kexec() NMI safe (git-fixes). - parisc/sticon: fix reverse colors (bsc#1152489) - parisc/stifb: Fix fb_is_primary_device() only available with (bsc#1152489) - parisc/stifb: Implement fb_is_primary_device() (bsc#1152489) - parisc/stifb: Keep track of hardware path of graphics card (bsc#1152489) - parport_pc: Avoid FIFO port location truncation (git-fixes). - perf bench futex: Fix memory leak of perf_cpu_map__new() (git-fixes). - phy: amlogic: phy-meson-axg-mipi-pcie-analog: Hold reference returned by of_get_parent() (git-fixes). - phy: qualcomm: call clk_disable_unprepare in the error handling (git-fixes). - phy: ralink: mt7621-pci: add sentinel to quirks table (git-fixes). - phy: samsung: phy-exynos-pcie: sanitize init/power_on callbacks (git-fixes). - phy: stm32: fix an error code in probe (git-fixes). - phy: stm32: fix error return in stm32_usbphyc_phy_init (git-fixes). - pinctrl: Ingenic: JZ4755 bug fixes (git-fixes). - pinctrl: alderlake: Add Intel Alder Lake-N pin controller support (jsc#PED-676). - pinctrl: alderlake: Add Raptor Lake-S ACPI ID (jsc#PED-634). - pinctrl: alderlake: Fix register offsets for ADL-N variant (jsc#PED-676). - pinctrl: amd: Do not save/restore interrupt status and wake status bits (git-fixes). - pinctrl: armada-37xx: Add missing GPIO-only pins (git-fixes). - pinctrl: armada-37xx: Checks for errors in gpio_request_enable callback (git-fixes). - pinctrl: armada-37xx: Convert to use dev_err_probe() (git-fixes). - pinctrl: armada-37xx: Fix definitions for MPP pins 20-22 (git-fixes). - pinctrl: armada-37xx: Make use of the devm_platform_ioremap_resource() (git-fixes). - pinctrl: armada-37xx: Use temporary variable for struct device (git-fixes). - pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map (git-fixes). - pinctrl: intel: Check against matching data instead of ACPI companion (git-fixes). - pinctrl: intel: Save and restore pins in 'direct IRQ' mode (git-fixes). - pinctrl: microchip-sgpio: Correct the fwnode_irq_get() return value check (git-fixes). - pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map (git-fixes). - pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed (git-fixes). - pinctrl: qcom: sc8180x: Fix gpio_wakeirq_map (git-fixes). - pinctrl: qcom: sc8180x: Fix wrong pin numbers (git-fixes). - pinctrl: qcom: sm8250: Fix PDC map (git-fixes). - pinctrl: rockchip: list all pins in a possible mux route for PX30 (git-fixes). - pinctrl: single: Fix potential division by zero (git-fixes). - pinctrl: sunxi: Add I/O bias setting for H6 R-PIO (git-fixes). - pinctrl: sunxi: Fix name for A100 R_PIO (git-fixes). - platform/chrome: cros_ec: Always expose last resume result (git-fixes). - platform/chrome: cros_ec: Notify the PM of wake events during resume (git-fixes). - platform/chrome: cros_ec_proto: Update version on GET_NEXT_EVENT failure (git-fixes). - platform/chrome: cros_ec_proto: do not show MKBP version if unsupported (git-fixes). - platform/chrome: cros_ec_typec: Correct alt mode index (git-fixes). - platform/chrome: fix double-free in chromeos_laptop_prepare() (git-fixes). - platform/chrome: fix memory corruption in ioctl (git-fixes). - platform/olpc: Fix uninitialized data in debugfs write (git-fixes). - platform/surface: aggregator: Do not check for repeated unsequenced packets (git-fixes). - platform/surface: aggregator_registry: Add support for Surface Laptop Go 2 (git-fixes). - platform/x86/intel/pmt: Sapphire Rapids PMT errata fix (jsc#PED-2684 bsc#1205683). - platform/x86/intel: hid: add quirk to support Surface Go 3 (git-fixes). - platform/x86/intel: pmc: Do not unconditionally attach Intel PMC when virtualized (git-fixes). - platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes (git-fixes). - platform/x86: acer-wmi: Enable SW_TABLET_MODE on Switch V 10 (SW5-017) (git-fixes). - platform/x86: asus-wmi: Document the dgpu_disable sysfs attribute (git-fixes). - platform/x86: asus-wmi: Document the egpu_enable sysfs attribute (git-fixes). - platform/x86: asus-wmi: Document the panel_od sysfs attribute (git-fixes). - platform/x86: asus-wmi: add missing pci_dev_put() in asus_wmi_set_xusb2pr() (git-fixes). - platform/x86: hp-wmi: Ignore Smart Experience App event (git-fixes). - platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi (git-fixes). - platform/x86: i2c-multi-instantiate: Rename it for a generic serial driver name (bsc#1203699). - platform/x86: ideapad-laptop: Disable touchpad_switch (git-fixes). - platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading (git-fixes). - platform/x86: msi-laptop: Fix old-ec check for backlight registering (git-fixes). - platform/x86: msi-laptop: Fix resource cleanup (git-fixes). - platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask (git-fixes). - platform/x86: pmc_atom: Match all Lex BayTrail boards with critclk_systems DMI table (git-fixes). - platform/x86: serial-multi-instantiate: Add CLSA0101 Laptop (bsc#1203699). - platform/x86: serial-multi-instantiate: Add SPI support (bsc#1203699). - platform/x86: serial-multi-instantiate: Reorganize I2C functions (bsc#1203699). - platform/x86: touchscreen_dmi: Add info for the RCA Cambio W101 v2 2-in-1 (git-fixes). - plip: avoid rcu debug splat (git-fixes). - power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() (git-fixes). - powerpc-pseries-mobility-set-NMI-watchdog-factor-dur.patch. - powerpc-watchdog-introduce-a-NMI-watchdog-s-factor.patch. - powerpc/64: Fix build failure with allyesconfig in book3s_64_entry.S (bsc#1194869). - powerpc/64: Remove unused SYS_CALL_TABLE symbol (jsc#SLE-9246 git-fixes). - powerpc/64: pcpu setup avoid reading mmu_linear_psize on 64e or radix (bsc#1204413 ltc#200176). - powerpc/64s: Fix build failure when CONFIG_PPC_64S_HASH_MMU is not set (bsc#1204413 ltc#200176). - powerpc/64s: Make flush_and_reload_slb a no-op when radix is enabled (bsc#1204413 ltc#200176). - powerpc/64s: Make hash MMU support configurable (bsc#1204413 ltc#200176). - powerpc/64s: Move and rename do_bad_slb_fault as it is not hash specific (bsc#1204413 ltc#200176). - powerpc/64s: Move hash MMU support code under CONFIG_PPC_64S_HASH_MMU (bsc#1204413 ltc#200176). - powerpc/64s: Rename hash_hugetlbpage.c to hugetlbpage.c (bsc#1204413 ltc#200176). - powerpc/boot: Explicitly disable usage of SPE instructions (bsc#1156395). - powerpc/fadump: align destination address to pagesize (bsc#1204728 ltc#200074). - powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe() (jsc#SLE-13847 git-fixes). - powerpc/kvm: Fix kvm_use_magic_page (bsc#1156395). - powerpc/mm/64s: Drop pgd_huge() (bsc#1065729). - powerpc/pci_dn: Add missing of_node_put() (bsc#1065729). - powerpc/perf: Optimize clearing the pending PMI and remove WARN_ON for PMI check in power_pmu_disable (bsc#1156395). - powerpc/powernv/kvm: Use darn for H_RANDOM on Power9 (bsc#1065729). - powerpc/powernv: Avoid crashing if rng is NULL (bsc#1065729). - powerpc/powernv: add missing of_node_put() in opal_export_attrs() (bsc#1065729). - powerpc/powernv: delay rng platform device creation until later in boot (bsc#1065729). - powerpc/powernv: rename remaining rng powernv_ functions to pnv_ (bsc#1065729). - powerpc/powernv: wire up rng during setup_arch (bsc#1065729). - powerpc/pseries/vas: Add VAS IRQ primary handler (bsc#1204413 ltc#200176). - powerpc/pseries/vas: Declare pseries_vas_fault_thread_fn() as static (bsc#1194869). - powerpc/pseries/vas: Pass hw_cpu_id to node associativity HCALL (bsc#1194869). - powerpc/pseries: Interface to represent PAPR firmware attributes (bsc#1200465 ltc#197256 jsc#SLE-18130). - powerpc/pseries: Rename TYPE1_AFFINITY to FORM1_AFFINITY (bsc#1200465 ltc#197256 jsc#SLE-18130). - powerpc/pseries: Stop selecting PPC_HASH_MMU_NATIVE (bsc#1204413 ltc#200176). - powerpc/pseries: lparcfg do not include slb_size line in radix mode (bsc#1204413 ltc#200176). - powerpc/pseries: rename min_common_depth to primary_domain_index (bsc#1200465 ltc#197256 jsc#SLE-18130). - powerpc/pseries: wire up rng during setup_arch() (bsc#1065729). - powerpc/xive: Fix refcount leak in xive_get_max_prio (git-fixess). - powerpc: Avoid discarding flags in system_call_exception() (bsc#1194869). - powerpc: Enable execve syscall exit tracepoint (bsc#1065729). - powerpc: Ignore DSI error caused by the copy/paste instruction (bsc#1204413 ltc#200176). - powerpc: Rename PPC_NATIVE to PPC_HASH_MMU_NATIVE (bsc#1204413 ltc#200176). Update config files. - powerpc: make memremap_compat_align 64s-only (bsc#1204413 ltc#200176). - powerpc: powernv: kABI: add back powernv_get_random_long (bsc#1065729). - ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904). - printk: add missing memory barrier to wake_up_klogd() (bsc#1204934). - printk: use atomic updates for klogd work (bsc#1204934). - printk: wake waiters for safe and NMI contexts (bsc#1204934). - proc: avoid integer type confusion in get_proc_long (git-fixes). - proc: fix a dentry lock race between release_task and lookup (git-fixes). - proc: fix dentry/inode overinstantiating under /proc/${pid}/net (git-fixes). - proc: proc_skip_spaces() shouldn't think it is working on C strings (git-fixes). - profiling: fix shift too large makes kernel panic (git-fixes). - pwm: lpc18xx-sct: Reduce number of devm memory allocations (git-fixes). - pwm: lpc18xx-sct: Simplify driver by not using pwm_[gs]et_chip_data() (git-fixes). - pwm: lpc18xx: Fix period handling (git-fixes). - qed: validate and restrict untrusted VFs vlan promisc mode (git-fixes). - r8152: add PID for the Lenovo OneLink+ Dock (git-fixes). - r8152: fix the RX FIFO settings when suspending (git-fixes). - r8152: fix the units of some registers for RTL8156A (git-fixes). - random: remove useless header comment (git-fixes). - ratelimit: Fix data-races in ___ratelimit() (git-fixes). - rbd: fix possible memory leak in rbd_sysfs_init() (git-fixes). - regulator: core: Clean up on enable failure (git-fixes). - regulator: core: Prevent integer underflow (git-fixes). - regulator: core: fix UAF in destroy_regulator() (git-fixes). - regulator: core: fix kobject release warning and memory leak in regulator_register() (git-fixes). - regulator: of: Fix refcount leak bug in of_get_regulation_constraints() (git-fixes). - regulator: pca9450: Remove restrictions for regulator-name (git-fixes). - regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe() (git-fixes). - regulator: qcom_rpm: Fix circular deferral regression (git-fixes). - regulator: qcom_smd: Fix pm8916_pldo range (git-fixes). - regulator: twl6030: re-add TWL6032_SUBCLASS (git-fixes). - remoteproc: imx_rproc: Fix refcount leak in imx_rproc_addr_init (git-fixes). - remoteproc: imx_rproc: Simplify some error message (git-fixes). - remoteproc: k3-r5: Fix refcount leak in k3_r5_cluster_of_init (git-fixes). - remoteproc: qcom: pas: Check if coredump is enabled (git-fixes). - remoteproc: qcom: pas: Mark devices as wakeup capable (git-fixes). - remoteproc: qcom: q6v5-mss: add powerdomains to MSM8996 config (git-fixes). - remoteproc: qcom: wcnss: Fix handling of IRQs (git-fixes). - remoteproc: sysmon: Wait for SSCTL service to come up (git-fixes). - reset: imx7: Fix the iMX8MP PCIe PHY PERST support (git-fixes). - restore m_can_lec_type (git-fixes). - ring-buffer: Add ring_buffer_wake_waiters() (git-fixes). - ring-buffer: Allow splice to read previous partially read pages (git-fixes). - ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters() (bsc#1204705). - ring-buffer: Check pending waiters when doing wake ups as well (git-fixes). - ring-buffer: Fix race between reset page and reading page (git-fixes). - ring-buffer: Have the shortest_full queue be the shortest not longest (git-fixes). - ring-buffer: Include dropped pages in counting dirty patches (git-fixes). - ring_buffer: Do not deactivate non-existant pages (git-fixes). - rose: Fix NULL pointer dereference in rose_send_frame() (git-fixes). - rose: check NULL rose_loopback_neigh->loopback (git-fixes). - rpm/check-for-config-changes: add TOOLCHAIN_HAS_* to IGNORED_CONFIGS_RE This new form was added in commit b8c86872d1dc (riscv: fix detection of toolchain Zicbom support). - rpm/check-for-config-changes: loosen pattern for AS_HAS_* This is needed to handle CONFIG_AS_HAS_NON_CONST_LEB128. - rpm/kernel-binary.spec.in: move vdso to a separate package (bsc#1202385) We do the move only on 15.5+. - rpm/kernel-binary.spec.in: simplify find for usrmerged The type test and print line are the same for both cases. The usrmerged case only ignores more, so refactor it to make it more obvious. - rpm/kernel-source.spec.in: simplify finding of broken symlinks 'find -xtype l' will report them, so use that to make the search a bit faster (without using shell). - rpmsg: char: Add mutex protection for rpmsg_eptdev_open() (git-fixes). - rpmsg: mtk_rpmsg: Fix circular locking dependency (git-fixes). - rpmsg: qcom: glink: replace strncpy() with strscpy_pad() (git-fixes). - rpmsg: qcom_smd: Fix refcount leak in qcom_smd_parse_edge (git-fixes). - rtc: stmp3xxx: Add failure handling for stmp3xxx_wdt_register() (git-fixes). - rtmutex: Add acquire semantics for rtmutex lock acquisition slow path (bnc#1203829). - s390/boot: add secure boot trailer (bsc#1205257 LTC#200451). - s390/boot: fix absolute zero lowcore corruption on boot (git-fixes). - s390/cpumf: Handle events cycles and instructions identical (git-fixes). - s390/crash: fix incorrect number of bytes to copy to user space (git-fixes). - s390/crash: make copy_oldmem_page() return number of bytes copied (git-fixes). - s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup (git-fixes). - s390/futex: add missing EX_TABLE entry to __futex_atomic_op() (bsc#1205427 LTC#200502). - s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages (git-fixes). - s390/hypfs: avoid error message under KVM (bsc#1032323). - s390/kexec: handle R_390_PLT32DBL rela in arch_kexec_apply_relocations_add() (git-fixes). - s390/mm: do not trigger write fault when vma does not allow VM_WRITE (git-fixes). - s390/mm: use non-quiescing sske for KVM switch to keyed guest (git-fixes). - s390/pci: add missing EX_TABLE entries to __pcistg_mio_inuser()/__pcilg_mio_inuser() (bsc#1205427 LTC#200502). - s390/qeth: cache link_info for ethtool (bsc#1202262 LTC#199322). - s390/smp: enforce lowcore protection on CPU restart (git-fixes). - s390/stp: clock_delta should be signed (git-fixes). - s390/uaccess: add missing EX_TABLE entries to __clear_user(), copy_in_user_mvcos(), copy_in_user_mvc(), clear_user_xc() and __strnlen_user() (bsc#1205428 LTC#200501). - s390/zcore: fix race when reading from hardware system area (git-fixes). - s390: fix double free of GS and RI CBs on fork() failure (bsc#1203197 LTC#199895). - s390: fix nospec table alignments (git-fixes). - samples/landlock: Add clang-format exceptions (git-fixes). - samples/landlock: Fix path_list memory leak (git-fixes). - samples/landlock: Format with clang-format (git-fixes). - sbitmap: Avoid leaving waitqueue in invalid state in __sbq_wake_up() (git-fixes). - sbitmap: fix possible io hung due to lost wakeup (git-fixes). - sched-core-Do-not-requeue-task-on-CPU-excluded-from-cpus_mask.patch - sched/core: Always flush pending blk_plug (bnc#1189999 (Scheduler functional and performance backports)). - sched/deadline: Fix BUG_ON condition for deboosted tasks (git-fixes) - sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq (bnc#1189999 (Scheduler functional and performance backports)). - sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq -kabi (git fixes (sched/fair)). - sched/fair: Remove redundant word ' *' (bnc#1189999 (Scheduler functional and performance backports)). - sched/uclamp: Fix iowait boost escaping uclamp restriction (git-fixes) - sched/uclamp: Fix rq->uclamp_max not set on first enqueue (git-fixes) - sched: Allow newidle balancing to bail out of load_balance (bnc#1189999 (Scheduler functional and performance backports)). - sched: Clear ttwu_pending after enqueue_task() (git fixes (sched/core)). - sched: Disable sched domain debugfs creation on ppc64 unless sched_verbose is specified (bnc#1205653). - sched: Fix the check of nr_running at queue wakelist (bnc#1189999 (Scheduler functional and performance backports)). - sched: Remove the limitation of WF_ON_CPU on wakelist if wakee cpu is idle (bnc#1189999 (Scheduler functional and performance backports)). Refresh - sched: Remove unused function group_first_cpu() (bnc#1189999 (Scheduler functional and performance backports)). - scripts/dtc: Call pkg-config POSIXly correct (git-fixes). - scripts/faddr2line: Fix regression in name resolution on ppc64le (git-fixes). - scripts/faddr2line: Fix vmlinux detection on arm64 (git-fixes). - scripts/gdb: change kernel config dumping method (git-fixes). - scripts: sphinx-pre-install: Fix ctex support on Debian (git-fixes). - scripts: sphinx-pre-install: add required ctex dependency (git-fixes). - scsi: Revert 'scsi: qla2xxx: Fix disk failure to rediscover' (git-fixes). - scsi: core: Add BLIST_NO_ASK_VPD_SIZE for some VDASD (bsc#1203039). - scsi: hisi_sas: Keep controller active between ISR of phyup and the event being processed (bsc#1202471). - scsi: hisi_sas: Use autosuspend for the host controller (bsc#1202471). - scsi: ibmvfc: Avoid path failures during live migration (bsc#1065729). - scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024 (bsc#1156395). - scsi: libiscsi: Add iscsi_cls_conn to sysfs after initialization (bsc#1198410). - scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() (git-fixes). - scsi: lpfc: Add missing destroy_workqueue() in error path (bsc#1203939). - scsi: lpfc: Add missing free iocb and nlp kref put for early return VMID cases (bsc#1203939). - scsi: lpfc: Add reporting capability for Link Degrade Signaling (bsc#1203939). - scsi: lpfc: Add warning notification period to CMF_SYNC_WQE (bsc#1203063). - scsi: lpfc: Check the return value of alloc_workqueue() (bsc#1203063). - scsi: lpfc: Copyright updates for 14.2.0.5 patches (bsc#1201956). - scsi: lpfc: Copyright updates for 14.2.0.6 patches (bsc#1203063). - scsi: lpfc: Create a sysfs entry called lpfc_xcvr_data for transceiver info (bsc#1204957). - scsi: lpfc: Fix FLOGI ACC with wrong SID in PT2PT topology (bsc#1203939). - scsi: lpfc: Fix attempted FA-PWWN usage after feature disable (bsc#1201956). - scsi: lpfc: Fix hard lockup when reading the rx_monitor from debugfs (bsc#1204957). - scsi: lpfc: Fix lost NVMe paths during LIF bounce stress test (bsc#1201956). - scsi: lpfc: Fix mbuf pool resource detected as busy at driver unload (bsc#1203939). - scsi: lpfc: Fix memory leak in lpfc_create_port() (bsc#1204957). - scsi: lpfc: Fix multiple NVMe remoteport registration calls for the same NPort ID (bsc#1203939). - scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFT_ID (bsc#1203063). - scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE (bsc#1201956). - scsi: lpfc: Fix prli_fc4_req checks in PRLI handling (bsc#1203939). - scsi: lpfc: Fix spelling mistake 'unsolicted' -> 'unsolicited' (bsc#1204957). - scsi: lpfc: Fix uninitialized cqe field in lpfc_nvme_cancel_iocb() (bsc#1201956). - scsi: lpfc: Fix unsolicited FLOGI receive handling during PT2PT discovery (bsc#1203063). - scsi: lpfc: Fix various issues reported by tools (bsc#1203939). - scsi: lpfc: Log when congestion management limits are in effect (bsc#1204957). - scsi: lpfc: Move scsi_host_template outside dynamically allocated/freed phba (bsc#1185032 bsc#1203939). Dropped: patches.suse/lpfc-decouple-port_template-and-vport_template.patch - scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input (bsc#1201956). - scsi: lpfc: Refactor lpfc_nvmet_prep_abort_wqe() into lpfc_sli_prep_abort_xri() (bsc#1201956). - scsi: lpfc: Remove Menlo/Hornet related code (bsc#1201956). - scsi: lpfc: Remove SANDiags related code (bsc#1203063). - scsi: lpfc: Remove extra atomic_inc on cmd_pending in queuecommand after VMID (bsc#1201956). - scsi: lpfc: Remove the unneeded result variable (bsc#1203939). - scsi: lpfc: Remove unneeded result variable (bsc#1203939). - scsi: lpfc: Rename mp/bmp dma buffers to rq/rsp in lpfc_fdmi_cmd (bsc#1203939). - scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE (bsc#1203939). - scsi: lpfc: Revert RSCN_MEMENTO workaround for misbehaved configuration (bsc#1201956). - scsi: lpfc: Rework FDMI attribute registration for unintential padding (bsc#1203939). - scsi: lpfc: Rework MIB Rx Monitor debug info logic (bsc#1203063). - scsi: lpfc: Rework lpfc_fdmi_cmd() routine for cleanup and consistency (bsc#1203939). - scsi: lpfc: Set PU field when providing D_ID in XMIT_ELS_RSP64_CX iocb (bsc#1201956). - scsi: lpfc: Set sli4_param's cmf option to zero when CMF is turned off (bsc#1204957). - scsi: lpfc: Update congestion mode logging for Emulex SAN Manager application (bsc#1203939). - scsi: lpfc: Update lpfc version to 14.2.0.5 (bsc#1201956). - scsi: lpfc: Update lpfc version to 14.2.0.6 (bsc#1203063). - scsi: lpfc: Update lpfc version to 14.2.0.7 (bsc#1203939). - scsi: lpfc: Update lpfc version to 14.2.0.8 (bsc#1204957). - scsi: lpfc: Update the obsolete adapter list (bsc#1204142). - scsi: megaraid: Clear READ queue map's nr_queues (git-fixes). - scsi: megaraid_sas: Correct value passed to scsi_device_lookup() (git-fixes). - scsi: mpi3mr: Schedule IRQ kthreads only on non-RT kernels (bnc#1204498). - scsi: mpt3sas: Fix return value check of dma_get_required_mask() (git-fixes). - scsi: mpt3sas: Fix use-after-free warning (git-fixes). - scsi: mpt3sas: Stop fw fault watchdog work item during system shutdown (git-fixes). - scsi: qedf: Populate sysfs attributes for vport (git-fixes). - scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image Status (bsc#1203935). - scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935). - scsi: qla2xxx: Always wait for qlt_sess_work_fn() from qlt_stop_phase1() (bsc#1203935). - scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935). - scsi: qla2xxx: Check correct variable in qla24xx_async_gffid() (bsc#1201958). - scsi: qla2xxx: Define static symbols (bsc#1203935). - scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX (bsc#1203935). - scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935). - scsi: qla2xxx: Enhance driver tracing with separate tunable and more (bsc#1203935). - scsi: qla2xxx: Fix discovery issues in FC-AL topology (bsc#1201958). - scsi: qla2xxx: Fix disk failure to rediscover (git-fixes). - scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201958). - scsi: qla2xxx: Fix incorrect display of max frame size (bsc#1201958). - scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() (bsc#1203935). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1201958). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1203935). - scsi: qla2xxx: Fix serialization of DCBX TLV data request (bsc#1204963). - scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201958). - scsi: qla2xxx: Fix spelling mistake 'definiton' -> 'definition' (bsc#1203935). - scsi: qla2xxx: Log message 'skipping scsi_scan_host()' as informational (bsc#1203935). - scsi: qla2xxx: Remove unused declarations for qla2xxx (bsc#1203935). - scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935). - scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935). - scsi: qla2xxx: Revert 'scsi: qla2xxx: Fix response queue handler reading stale packets' (bsc#1203935). - scsi: qla2xxx: Update manufacturer details (bsc#1201958). - scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958). - scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935). - scsi: qla2xxx: Use transport-defined speed mask for supported_speeds (bsc#1204963). - scsi: qla2xxx: Zero undefined mailbox IN registers (bsc#1201958). - scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201958). - scsi: scsi_transport_fc: Use %u for dev_loss_tmo (bsc#1202914). - scsi: scsi_transport_sas: Fix error handling in sas_phy_add() (git-fixes). - scsi: sg: Allow waiting for commands to complete on removed device (git-fixes). - scsi: smartpqi: Add module param to disable managed ints (bsc#1203893). - scsi: smartpqi: Fix DMA direction for RAID requests (git-fixes). - scsi: smartpqi: Shorten drive visibility after removal (bsc#1200622). - scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes). - scsi: storvsc: Fix handling of srb_status and capacity change events (git-fixes). - scsi: storvsc: Fix typo in comment (git-fixes). - scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes). - scsi: storvsc: remove an extraneous 'to' in a comment (git-fixes). - scsi: ufs: core: Fix another task management completion race (git-fixes). - scsi: ufs: core: Fix task management completion timeout race (git-fixes). - scsi: ufs: ufs-pci: Add support for Intel ADL (jsc#PED-707). - scsi: ufs: ufs-pci: Add support for Intel MTL (jsc#PED-732). - scsi: zfcp: Fix double free of FSF request when qdio send fails (git-fixes). - scsi: zfcp: Fix missing auto port scan and thus missing target ports (git-fixes). - seccomp: Invalidate seccomp mode to catch death failures (git-fixes). - selftest/net/forwarding: declare NETIFS p9 p10 (git-fixes). - selftest/powerpc: Add PAPR sysfs attributes sniff test (bsc#1200465 ltc#197256 jsc#SLE-18130). - selftest/vm: fix map_fixed_noreplace test failure (git-fixes). - selftest/vm: verify mmap addr in mremap_test (git-fixes). - selftest/vm: verify remap destination address in mremap_test (git-fixes). - selftest: tpm2: Add Client.__del__() to close /dev/tpm* handle (git-fixes). - selftests, x86: fix how check_cc.sh is being invoked (git-fixes). - selftests/exec: Add non-regular to TEST_GEN_PROGS (git-fixes). - selftests/exec: Remove pipe from TEST_GEN_FILES (git-fixes). - selftests/fib_tests: Rework fib_rp_filter_test() (git-fixes). - selftests/ftrace: Do not trace do_softirq because of PREEMPT_RT (git-fixes). - selftests/ftrace: make kprobe profile testcase description unique (git-fixes). - selftests/intel_pstate: fix build for ARCH=x86_64 (git-fixes). - selftests/landlock: Add clang-format exceptions (git-fixes). - selftests/landlock: Add tests for O_PATH (git-fixes). - selftests/landlock: Add tests for unknown access rights (git-fixes). - selftests/landlock: Extend access right tests to directories (git-fixes). - selftests/landlock: Extend tests for minimal valid attribute size (git-fixes). - selftests/landlock: Format with clang-format (git-fixes). - selftests/landlock: Fully test file rename with 'remove' access (git-fixes). - selftests/landlock: Make tests build with old libc (git-fixes). - selftests/landlock: Normalize array assignment (git-fixes). - selftests/landlock: Test landlock_create_ruleset(2) argument check ordering (git-fixes). - selftests/livepatch: better synchronize test_klp_callbacks_busy (bsc#1071995). - selftests/memfd: clean up mapping in mfd_fail_write (git-fixes). - selftests/memfd: remove unused variable (git-fixes). - selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test (git-fixes). - selftests/net: so_txtime: fix parsing of start time stamp on 32 bit systems (git-fixes). - selftests/net: so_txtime: usage(): fix documentation of default clock (git-fixes). - selftests/net: timestamping: Fix bind_phc check (git-fixes). - selftests/net: udpgso_bench_tx: fix dst ip argument (git-fixes). - selftests/pidfd_test: Remove the erroneous ',' (git-fixes). - selftests/powerpc/spectre_v2: Return skip code when miss_percent is high (git-fixes). - selftests/powerpc: Add a test of sigreturning to the kernel (git-fixes). - selftests/powerpc: Skip energy_scale_info test on older firmware (git-fixes). - selftests/resctrl: Fix null pointer dereference on open failed (git-fixes). - selftests/rseq: Change type of rseq_offset to ptrdiff_t (git-fixes). - selftests/rseq: Fix ppc32 missing instruction selection 'u' and 'x' for load/store (git-fixes). - selftests/rseq: Fix ppc32 offsets by using long rather than off_t (git-fixes). - selftests/rseq: Fix ppc32: wrong rseq_cs 32-bit field pointer on big endian (git-fixes). - selftests/rseq: Fix warnings about #if checks of undefined tokens (git-fixes). - selftests/rseq: Fix: work-around asm goto compiler bugs (git-fixes). - selftests/rseq: Introduce rseq_get_abi() helper (git-fixes). - selftests/rseq: Introduce thread pointer getters (git-fixes). - selftests/rseq: Remove arm/mips asm goto compiler work-around (git-fixes). - selftests/rseq: Remove useless assignment to cpu variable (git-fixes). - selftests/rseq: Remove volatile from __rseq_abi (git-fixes). - selftests/rseq: Uplift rseq selftests for compatibility with glibc-2.35 (git-fixes). - selftests/rseq: introduce own copy of rseq uapi header (git-fixes). - selftests/rseq: remove ARRAY_SIZE define from individual tests (git-fixes). - selftests/rseq: x86-32: use %gs segment selector for accessing rseq thread area (git-fixes). - selftests/rseq: x86-64: use %fs segment selector for accessing rseq thread area (git-fixes). - selftests/seccomp: Do not call read() on TTY from background pgrp (git-fixes). - selftests/seccomp: Fix compile warning when CC=clang (git-fixes). - selftests/seccomp: Fix seccomp failure by adding missing headers (git-fixes). - selftests/sgx: Treat CC as one argument (git-fixes). - selftests/vm/transhuge-stress: fix ram size thinko (git-fixes). - selftests/vm: make charge_reserved_hugetlb.sh work with existing cgroup setting (git-fixes). - selftests/x86: Add validity check and allow field splitting (git-fixes). - selftests/zram01.sh: Fix compression ratio calculation (git-fixes). - selftests/zram: Adapt the situation that /dev/zram0 is being used (git-fixes). - selftests/zram: Skip max_comp_streams interface on newer kernel (git-fixes). - selftests: Add duplicate config only for MD5 VRF tests (git-fixes). - selftests: Fix IPv6 address bind tests (git-fixes). - selftests: Fix raw socket bind tests with VRF (git-fixes). - selftests: Fix the if conditions of in test_extra_filter() (git-fixes). - selftests: add ping test with ping_group_range tuned (git-fixes). - selftests: cgroup: Make cg_create() use 0755 for permission instead of 0644 (git-fixes). - selftests: cgroup: Test open-time cgroup namespace usage for migration checks (git-fixes). - selftests: cgroup: Test open-time credential usage for migration checks (git-fixes). - selftests: clone3: clone3: add case CLONE3_ARGS_NO_TEST (git-fixes). - selftests: fixup build warnings in pidfd / clone3 tests (git-fixes). - selftests: forwarding: Fix failing tests with old libnet (git-fixes). - selftests: forwarding: add shebang for sch_red.sh (git-fixes). - selftests: forwarding: fix error message in learning_test (git-fixes). - selftests: forwarding: fix flood_unicast_test when h2 supports IFF_UNICAST_FLT (git-fixes). - selftests: forwarding: fix learning_test when h1 supports IFF_UNICAST_FLT (git-fixes). - selftests: futex: Use variable MAKE instead of make (git-fixes). - selftests: gpio: fix gpio compiling error (git-fixes). - selftests: harness: avoid false negatives if test has no ASSERTs (git-fixes). - selftests: icmp_redirect: pass xfail=0 to log_test() (git-fixes). - selftests: kvm: set rax before vmcall (git-fixes). - selftests: mirror_gre_bridge_1q: Avoid changing PVID while interface is operational (git-fixes). - selftests: mlxsw: resource_scale: Fix return value (git-fixes). - selftests: mlxsw: tc_police_scale: Make test more robust (git-fixes). - selftests: mlxsw: vxlan_flooding: Prevent flooding of unwanted packets (git-fixes). - selftests: mptcp: add csum mib check for mptcp_connect (git-fixes). - selftests: mptcp: fix diag instability (git-fixes). - selftests: mptcp: fix ipv6 routing setup (git-fixes). - selftests: mptcp: fix mibit vs mbit mix up (git-fixes). - selftests: mptcp: make sendfile selftest work (git-fixes). - selftests: mptcp: more stable diag tests (git-fixes). - selftests: mptcp: more stable simult_flows tests (git-fixes). - selftests: net: Correct case name (git-fixes). - selftests: net: Correct ping6 expected rc from 2 to 1 (git-fixes). - selftests: net: Fix a typo in udpgro_fwd.sh (git-fixes). - selftests: net: tls: remove unused variable and code (git-fixes). - selftests: net: udpgro_fwd.sh: explicitly checking the available ping feature (git-fixes). - selftests: net: using ping6 for IPv6 in udpgro_fwd.sh (git-fixes). - selftests: netfilter: Fix nft_fib.sh for all.rp_filter=1 (git-fixes). - selftests: netfilter: add a vrf+conntrack testcase (git-fixes). - selftests: netfilter: correct PKTGEN_SCRIPT_PATHS in nft_concat_range.sh (git-fixes). - selftests: netfilter: disable rp_filter on router (git-fixes). - selftests: netfilter: fix exit value for nft_concat_range (git-fixes). - selftests: nft_concat_range: add test for reload with no element add/del (git-fixes). - selftests: ocelot: tc_flower_chains: specify conform-exceed action for policer (git-fixes). - selftests: openat2: Add missing dependency in Makefile (git-fixes). - selftests: openat2: Print also errno in failure messages (git-fixes). - selftests: openat2: Skip testcases that fail with EOPNOTSUPP (git-fixes). - selftests: pmtu.sh: Kill nettest processes launched in subshell (git-fixes). - selftests: pmtu.sh: Kill tcpdump processes launched by subshell (git-fixes). - selftests: rtc: Increase test timeout so that all tests run (git-fixes). - selftests: rtnetlink: correct xfrm policy rule in kci_test_ipsec_offload (git-fixes). - selftests: skip mincore.check_file_mmap when fs lacks needed support (git-fixes). - selftests: test_vxlan_under_vrf: Fix broken test case (git-fixes). - selftests: timers: clocksource-switch: fix passing errors from child (git-fixes). - selftests: timers: valid-adjtimex: build fix for newer toolchains (git-fixes). - selftests: vm: Makefile: rename TARGETS to VMTARGETS (git-fixes). - selftests: vm: fix clang build error multiple output files (git-fixes). - selftests: x86: fix [-Wstringop-overread] warn in test_process_vm_readv() (git-fixes). - selinux: Add boundary check in put_entry() (git-fixes). - selinux: access superblock_security_struct in LSM blob way (git-fixes). - selinux: allow FIOCLEX and FIONCLEX with policy capability (git-fixes). - selinux: check return value of sel_make_avc_files (git-fixes). - selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context() (git-fixes). - selinux: fix bad cleanup on error in hashtab_duplicate() (git-fixes). - selinux: fix double free of cond_list on error paths (git-fixes). - selinux: fix memleak in security_read_state_kernel() (git-fixes). - selinux: fix misuse of mutex_is_locked() (git-fixes). - selinux: use 'grep -E' instead of 'egrep' (git-fixes). - selinux: use correct type for context length (git-fixes). - serial: 8250: 8250_omap: Avoid RS485 RTS glitch on ->set_termios() (git-fixes). - serial: 8250: Add proper clock handling for OxSemi PCIe devices (git-fixes). - serial: 8250: Export ICR access helpers for internal use (git-fixes). - serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs (git-fixes). - serial: 8250: Fix restoring termios speed after suspend (git-fixes). - serial: 8250: Flush DMA Rx on RLSI (git-fixes). - serial: 8250: Fold EndRun device support into OxSemi Tornado code (git-fixes). - serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove() (git-fixes). - serial: 8250: omap: Flush PM QOS work on remove (git-fixes). - serial: 8250_bcm7271: Save/restore RTS in suspend/resume (git-fixes). - serial: 8250_dw: Store LSR into lsr_saved_flags in dw8250_tx_wait_empty() (git-fixes). - serial: 8250_fsl: Do not report FE, PE and OE twice (git-fixes). - serial: 8250_lpss: Configure DMA also w/o DMA filter (git-fixes). - serial: 8250_omap: remove wait loop from Errata i202 workaround (git-fixes). - serial: 8250_pci: Refactor the loop in pci_ite887x_init() (git-fixes). - serial: 8250_pci: Replace dev_*() by pci_*() macros (git-fixes). - serial: Create uart_xmit_advance() (git-fixes). - serial: atmel: remove redundant assignment in rs485_config (git-fixes). - serial: core: move RS485 configuration tasks from drivers into core (git-fixes). - serial: fsl_lpuart: RS485 RTS polariy is inverse (git-fixes). - serial: fsl_lpuart: Reset prior to registration (git-fixes). - serial: imx: Add missing .thaw_noirq hook (git-fixes). - serial: mvebu-uart: uart2 error bits clearing (git-fixes). - serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes). - serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes). - sfc: disable softirqs for ptp TX (git-fixes). - sfc: fix kernel panic when creating VF (git-fixes). - sfc: fix use after free when disabling sriov (git-fixes). - signal: break out of wait loops on kthread_stop() (bsc#1204926). - siox: fix possible memory leak in siox_device_add() (git-fixes). - slimbus: qcom-ngd: cleanup in probe error path (git-fixes). - slimbus: qcom-ngd: use correct error in message of pdr_add_lookup() failure (git-fixes). - slimbus: stream: correct presence rate frequencies (git-fixes). - smb2: small refactor in smb2_check_message() (bsc#1193629). - smb3: Move the flush out of smb2_copychunk_range() into its callers (bsc#1193629). - smb3: add dynamic trace points for tree disconnect (bsc#1193629). - smb3: add trace point for SMB2_set_eof (bsc#1193629). - smb3: allow deferred close timeout to be configurable (bsc#1193629). - smb3: check xattr value length earlier (bsc#1193629). - smb3: clarify multichannel warning (bsc#1193629). - smb3: do not log confusing message when server returns no network interfaces (bsc#1193629). - smb3: fix empty netname context on secondary channels (bsc#1193629). - smb3: fix oops in calculating shash_setkey (bsc#1193629). - smb3: fix temporary data corruption in collapse range (bsc#1193629). - smb3: fix temporary data corruption in insert range (bsc#1193629). - smb3: improve SMB3 change notification support (bsc#1193629). - smb3: interface count displayed incorrectly (bsc#1193629). - smb3: missing inode locks in punch hole (bsc#1193629). - smb3: missing inode locks in zero range (bsc#1193629). - smb3: must initialize two ACL struct fields to zero (bsc#1193629). - smb3: remove unneeded null check in cifs_readdir (bsc#1193629). - smb3: rename encryption/decryption TFMs (bsc#1193629). - smb3: use filemap_write_and_wait_range instead of filemap_write_and_wait (bsc#1193629). - smb3: use netname when available on secondary channels (bsc#1193629). - smb3: workaround negprot bug in some Samba servers (bsc#1193629). - smsc95xx: Ignore -ENODEV errors when device is unplugged (git-fixes). - soc/tegra: fuse: Drop Kconfig dependency on TEGRA20_APB_DMA (git-fixes). - soc: amlogic: Fix refcount leak in meson-secure-pwrc.c (git-fixes). - soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs (git-fixes). - soc: fsl: guts: machine variable might be unset (git-fixes). - soc: fsl: select FSL_GUTS driver for DPIO (git-fixes). - soc: imx8m: Enable OCOTP clock before reading the register (git-fixes). - soc: imx: gpcv2: Assert reset before ungating clock (git-fixes). - soc: qcom: Make QCOM_RPMPD depend on PM (git-fixes). - soc: qcom: aoss: Fix refcount leak in qmp_cooling_devices_register (git-fixes). - soc: qcom: ocmem: Fix refcount leak in of_get_ocmem (git-fixes). - soc: qcom: smem_state: Add refcounting for the 'state->of_node' (git-fixes). - soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() (git-fixes). - soc: renesas: r8a779a0-sysc: Fix A2DP1 and A2CV[2357] PDR values (git-fixes). - soc: sunxi: sram: Actually claim SRAM regions (git-fixes). - soc: sunxi: sram: Fix debugfs info for A64 SRAM C (git-fixes). - soc: sunxi: sram: Fix probe function ordering issues (git-fixes). - soc: sunxi: sram: Prevent the driver from being unbound (git-fixes). - soc: sunxi_sram: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - soundwire: bus_type: fix remove and shutdown support (git-fixes). - soundwire: cadence: Do not overwrite msg->buf during write commands (git-fixes). - soundwire: intel: Initialize clock stop timeout (bsc#1205507). - soundwire: intel: fix error handling on dai registration issues (git-fixes). - soundwire: qcom: Check device status before reading devid (git-fixes). - soundwire: qcom: check for outanding writes before doing a read (git-fixes). - soundwire: qcom: fix device status array range (git-fixes). - soundwire: qcom: reinit broadcast completion (git-fixes). - speakup: fix a segfault caused by switching consoles (git-fixes). - spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe (git-fixes). - spi: Add API to count spi acpi resources (bsc#1203699). - spi: Create helper API to lookup ACPI info for spi device (bsc#1203699). - spi: Ensure that sg_table won't be used after being freed (git-fixes). - spi: Fix incorrect cs_setup delay handling (git-fixes). - spi: Fix simplification of devm_spi_register_controller (git-fixes). - spi: Return deferred probe error when controller isn't yet available (bsc#1203699). - spi: Support selection of the index of the ACPI Spi Resource before alloc (bsc#1203699). - spi: dt-bindings: cadence: add missing 'required' (git-fixes). - spi: dt-bindings: zynqmp-qspi: add missing 'required' (git-fixes). - spi: dw-dma: decrease reference count in dw_spi_dma_init_mfld() (git-fixes). - spi: dw: Fix PM disable depth imbalance in dw_spi_bt1_probe (git-fixes). - spi: meson-spicc: add local pow2 clock ops to preserve rate between messages (git-fixes). - spi: meson-spicc: do not rely on busy flag in pow2 clk ops (git-fixes). - spi: mt7621: Fix an error message in mt7621_spi_probe() (git-fixes). - spi: propagate error code to the caller of acpi_spi_device_alloc() (bsc#1203699). - spi: pxa2xx: Add support for Intel Meteor Lake-P (jsc#PED-732). - spi: pxa2xx: Add support for Intel Raptor Lake PCH-S (jsc#PED-634). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime() (git-fixes). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume() (git-fixes). - spi: s3c64xx: Fix large transfers with DMA (git-fixes). - spi: spi-altera-dfl: Fix an error handling path (git-fixes). - spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input clock (git-fixes). - spi: spi-rspi: Fix PIO fallback on RZ platforms (git-fixes). - spi: stm32: Print summary 'callbacks suppressed' message (git-fixes). - spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for every run (git-fixes). - spi: synquacer: Add missing clk_disable_unprepare() (git-fixes). - spi: tegra20-slink: fix UAF in tegra_slink_remove() (git-fixes). - spi: tegra210-quad: Fix duplicate resource error (git-fixes). - spmi: pmic-arb: correct duplicate APID to PPID mapping logic (git-fixes). - spmi: pmic-arb: do not ack and clear peripheral interrupts in cleanup_irq (git-fixes). - spmi: trace: fix stack-out-of-bound access in SPMI tracing functions (git-fixes). - staging: rtl8192u: Fix sleep in atomic context bug in dm_fsync_timer_callback (git-fixes). - staging: rtl8712: fix use after free bugs (git-fixes). - staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() (git-fixes). - staging: rtl8723bs: fix potential memory leak in rtw_init_drv_sw() (git-fixes). - staging: vt6655: fix potential memory leak (git-fixes). - staging: vt6655: fix some erroneous memory clean-up loops (git-fixes). - stmmac: intel: Add a missing clk_disable_unprepare() call in intel_eth_pci_remove() (git-fixes). - stmmac: intel: Fix an error handling path in intel_eth_pci_probe() (git-fixes). - struct ehci_hcd: hide new element going into a hole (git-fixes). - struct xhci_hcd: restore member now dynamically allocated (git-fixes). - sunrpc: fix expiry of auth creds (git-fixes). - supported.conf: Add cs_dsp firmware module (bsc#1203699) - supported.conf: Add drivers/virt/coco/sevguest/sevguest - supported.conf: added drivers/net/ethernet/marvell/octeontx2/nic/otx2_ptp and changed all octeontx2 modules as supported (jsc#SLE-24682) - supported.conf: mark drivers/nvme/common as supported (jsc#SLE-20183) - supported.conf: mark lib/objagg supported as dependency of mlxsw - supported.conf: mark mlxsw modules supported (jsc#SLE-23766) - supported.conf: mark spi-pxa2xx-platform as supported (bsc#1203699) It's required for the sound on recent Intel machines - tee: optee: do not check memref size on return from Secure World (git-fixes). - tee: tee_get_drvdata(): fix description of return value (git-fixes). - testing/selftests/mqueue: Fix mq_perf_tests to free the allocated cpu set (git-fixes). - testing: nvdimm: asm/mce.h is not needed in nfit.c (git-fixes). - testing: nvdimm: iomap: make __nfit_test_ioremap a macro (git-fixes). - tests: fix idmapped mount_setattr test (git-fixes). - thermal/drivers/qcom/tsens-v0_1: Fix MSM8939 fourth sensor hw_id (git-fixes). - thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR (bsc#1201308). - thermal/tools/tmon: Include pthread and time headers in tmon.h (git-fixes). - thermal: cpufreq_cooling: Check the policy first in cpufreq_cooling_register() (git-fixes). - thermal: int340x: Mode setting with new OS handshake (jsc#PED-678). - thermal: int340x: Update OS policy capability handshake (jsc#PED-678). - thermal: intel_powerclamp: Use first online CPU as control_cpu (git-fixes). - thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash (git-fixes). - thermal: sysfs: Fix cooling_device_stats_setup() error code path (git-fixes). - thunderbolt: Add DP OUT resource when DP tunnel is discovered (git-fixes). - thunderbolt: Add back Intel Falcon Ridge end-to-end flow control workaround (git-fixes). - thunderbolt: Add missing device ID to tb_switch_is_alpine_ridge() (git-fixes). - thunderbolt: Add support for Intel Maple Ridge single port controller (git-fixes). - thunderbolt: Add support for Intel Raptor Lake (jsc#PED-634). - thunderbolt: Disable LTTPR on Intel Titan Ridge (git-fixes). - thunderbolt: Explicitly enable lane adapter hotplug events at startup (git-fixes). - thunderbolt: Explicitly reset plug events delay back to USB4 spec value (git-fixes). - thunderbolt: Fix buffer allocation of devices with no DisplayPort adapters (git-fixes). - thunderbolt: Use the actual buffer in tb_async_error() (git-fixes). - timers: implement usleep_idle_range() (git-fixes). - tools include UAPI: Sync sound/asound.h copy with the kernel sources (git-fixes). - tools/nolibc: fix incorrect truncation of exit code (git-fixes). - tools/nolibc: i386: fix initial stack alignment (git-fixes). - tools/nolibc: x86-64: Fix startup code bug (git-fixes). - tools/testing/scatterlist: add missing defines (git-fixes). - tools/thermal: Fix possible path truncations (git-fixes). - tools: hv: Remove an extraneous 'the' (git-fixes). - tools: hv: kvp: remove unnecessary (void*) conversions (git-fixes). - tools: iio: iio_generic_buffer: Fix read size (git-fixes). - tpm: eventlog: Fix section mismatch for DEBUG_SECTION_MISMATCH (git-fixes). - trace/osnoise: Add migrate-disabled field to the osnoise header (git-fixes). - trace/timerlat: Add migrate-disabled field to the timerlat header (git-fixes). - tracing/histograms: Fix memory leak problem (git-fixes). - tracing/kprobes: Check whether get_kretprobe() returns NULL in kretprobe_dispatcher() (git-fixes). - tracing/osnoise: Fix duration type (git-fixes). - tracing/osnoise: Fix possible recursive locking in stop_per_cpu_kthreads (git-fixes). - tracing/probes: Have kprobes and uprobes use $COMM too (git-fixes). - tracing/ring-buffer: Have polling block on watermark (git-fixes). - tracing: Add '(fault)' name injection to kernel probes (git-fixes). - tracing: Add ioctl() to force ring buffer waiters to wake up (git-fixes). - tracing: Add tracing_reset_all_online_cpus_unlocked() function (git-fixes). - tracing: Add ustring operation to filtering string pointers (git-fixes). - tracing: Disable interrupt or preemption before acquiring arch_spinlock_t (git-fixes). - tracing: Do not free snapshot if tracer is on cmdline (git-fixes). - tracing: Fix memory leak in test_gen_synth_cmd() and test_empty_synth_event() (git-fixes). - tracing: Fix memory leak in tracing_read_pipe() (git-fixes). - tracing: Fix reading strings from synthetic events (git-fixes). - tracing: Fix sleeping while atomic in kdb ftdump (git-fixes). - tracing: Fix wild-memory-access in register_synth_event() (git-fixes). - tracing: Free buffers when a used dynamic event is removed (git-fixes). - tracing: Have filter accept 'common_cpu' to be consistent (git-fixes). - tracing: Move duplicate code of trace_kprobe/eprobe.c into header (git-fixes). - tracing: Replace deprecated CPU-hotplug functions (git-fixes). - tracing: Simplify conditional compilation code in tracing_set_tracer() (git-fixes). - tracing: Use a struct alignof to determine trace event field alignment (git-fixes). - tracing: Wake up ring buffer waiters on closing of the file (git-fixes). - tracing: Wake up waiters when tracing is disabled (git-fixes). - tracing: hold caller_addr to hardirq_{enable,disable}_ip (git-fixes). - tracing: kprobe: Fix kprobe event gen test module on exit (git-fixes). - tracing: kprobe: Fix memory leak in test_gen_kprobe/kretprobe_cmd() (git-fixes). - tracing: kprobe: Fix potential null-ptr-deref on trace_array in kprobe_event_gen_test_exit() (git-fixes). - tracing: kprobe: Fix potential null-ptr-deref on trace_event_file in kprobe_event_gen_test_exit() (git-fixes). - tracing: kprobe: Make gen test module work in arm and riscv (git-fixes). - tty: 8250: Add support for Brainboxes PX cards (git-fixes). - tty: n_gsm: Delete gsm_disconnect when config requester (git-fixes). - tty: n_gsm: Delete gsmtty open SABM frame when config requester (git-fixes). - tty: n_gsm: Modify CR,PF bit printk info when config requester (git-fixes). - tty: n_gsm: Modify CR,PF bit when config requester (git-fixes). - tty: n_gsm: Modify cr bit value when config requester (git-fixes). - tty: n_gsm: Modify gsmtty driver register method when config requester (git-fixes). - tty: n_gsm: Save dlci address open status when config requester (git-fixes). - tty: n_gsm: add sanity check for gsm->receive in gsm_receive_buf() (git-fixes). - tty: n_gsm: avoid call of sleeping functions from atomic context (git-fixes). - tty: n_gsm: clean up dead code in gsm_queue() (git-fixes). - tty: n_gsm: clean up implicit CR bit encoding in address field (git-fixes). - tty: n_gsm: clean up indenting in gsm_queue() (git-fixes). - tty: n_gsm: fix DM command (git-fixes). - tty: n_gsm: fix broken virtual tty handling (git-fixes). - tty: n_gsm: fix buffer over-read in gsm_dlci_data() (git-fixes). - tty: n_gsm: fix deadlock and link starvation in outgoing data path (git-fixes). - tty: n_gsm: fix decoupled mux resource (git-fixes). - tty: n_gsm: fix encoding of command/response bit (git-fixes). - tty: n_gsm: fix flow control handling in tx path (git-fixes). - tty: n_gsm: fix frame reception handling (git-fixes). - tty: n_gsm: fix incorrect UA handling (git-fixes). - tty: n_gsm: fix insufficient txframe size (git-fixes). - tty: n_gsm: fix invalid gsmtty_write_room() result (git-fixes). - tty: n_gsm: fix invalid use of MSC in advanced option (git-fixes). - tty: n_gsm: fix malformed counter for out of frame data (git-fixes). - tty: n_gsm: fix missing corner cases in gsmld_poll() (git-fixes). - tty: n_gsm: fix missing explicit ldisc flush (git-fixes). - tty: n_gsm: fix missing mux reset on config change at responder (git-fixes). - tty: n_gsm: fix missing timer to handle stalled links (git-fixes). - tty: n_gsm: fix missing tty wakeup in convergence layer type 2 (git-fixes). - tty: n_gsm: fix missing update of modem controls after DLCI open (git-fixes). - tty: n_gsm: fix mux activation issues in gsm_config() (git-fixes). - tty: n_gsm: fix mux cleanup after unregister tty device (git-fixes). - tty: n_gsm: fix non flow control frames during mux flow off (git-fixes). - tty: n_gsm: fix packet re-transmission without open control channel (git-fixes). - tty: n_gsm: fix race condition in gsmld_write() (git-fixes). - tty: n_gsm: fix reset fifo race condition (git-fixes). - tty: n_gsm: fix resource allocation order in gsm_activate_mux() (git-fixes). - tty: n_gsm: fix restart handling via CLD command (git-fixes). - tty: n_gsm: fix sleep-in-atomic-context bug in gsm_control_send (git-fixes). - tty: n_gsm: fix software flow control handling (git-fixes). - tty: n_gsm: fix sometimes uninitialized warning in gsm_dlci_modem_output() (git-fixes). - tty: n_gsm: fix tty registration before control channel open (git-fixes). - tty: n_gsm: fix user open not possible at responder until initiator open (git-fixes). - tty: n_gsm: fix wrong DLCI release order (git-fixes). - tty: n_gsm: fix wrong T1 retry count handling (git-fixes). - tty: n_gsm: fix wrong command frame length field encoding (git-fixes). - tty: n_gsm: fix wrong command retry handling (git-fixes). - tty: n_gsm: fix wrong queuing behavior in gsm_dlci_data_output() (git-fixes). - tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2 (git-fixes). - tty: n_gsm: fix wrong signal octets encoding in MSC (git-fixes). - tty: n_gsm: initialize more members at gsm_alloc_mux() (git-fixes). - tty: n_gsm: replace kicktimer with delayed_work (git-fixes). - tty: serial: Fix refcount leak bug in ucc_uart.c (git-fixes). - tty: serial: atmel: Preserve previous USART mode if RS485 disabled (git-fixes). - tty: serial: fsl_lpuart: correct the count of break characters (git-fixes). - tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown (git-fixes). - tty: serial: fsl_lpuart: do not break the on-going transfer when global reset (git-fixes). - tty: serial: lpuart: disable flow control while waiting for the transmit engine to complete (git-fixes). - tty: vt: initialize unicode screen buffer (git-fixes). - tty: xilinx_uartps: Fix the ignore_status (git-fixes). - tun: avoid double free in tun_free_netdev (git-fixes). - tunnels: do not assume mac header is set in skb_tunnel_check_pmtu() (git-fixes). - tuntap: add sanity checks about msg_controllen in sendmsg (git-fixes). - uaccess: fix type mismatch warnings from access_ok() (git-fixes). - uas: add no-uas quirk for Hiksemi usb_disk (git-fixes). - uas: ignore UAS for Thinkplus chips (git-fixes). - ucounts: Base set_cred_ucounts changes on the real user (git-fixes). - ucounts: Fix rlimit max values check (git-fixes). - ucounts: Fix systemd LimitNPROC with private users regression (git-fixes). - ucounts: Handle wrapping in is_ucounts_overlimit (git-fixes). - ucounts: In set_cred_ucounts assume new->ucounts is non-NULL (git-fixes). - udf: Fix crash after seekdir (bsc#1194592). - udmabuf: Set the DMA mask for the udmabuf device (v2) (git-fixes). - udmabuf: Set ubuf->sg = NULL if the creation of sg table fails (git-fixes). - udmabuf: add back sanity check (git-fixes). - units: Add SI metric prefix definitions (git-fixes). - units: add the HZ macros (git-fixes). - usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS (git-fixes). - usb-storage: Add ignore-residue quirk for NXP PN7462AU (git-fixes). - usb.h: struct usb_device: hide new member (git-fixes). - usb/hcd: Fix dma_map_sg error check (git-fixes). - usb: Drop commas after SoC match table sentinels (git-fixes). - usb: add NO_LPM quirk for Realforce 87U Keyboard (git-fixes). - usb: add quirks for Lenovo OneLink+ Dock (git-fixes). - usb: aspeed-vhub: Fix refcount leak bug in ast_vhub_init_desc() (git-fixes). - usb: bdc: change state when port disconnected (git-fixes). - usb: cdc-wdm: Use skb_put_data() instead of skb_put/memcpy pair (git-fixes). - usb: cdns3 fix use-after-free at workaround 2 (git-fixes). - usb: cdns3: Do not use priv_dev uninitialized in cdns3_gadget_ep_enable() (git-fixes). - usb: cdns3: change place of 'priv_ep' assignment in cdns3_gadget_ep_dequeue(), cdns3_gadget_ep_enable() (git-fixes). - usb: cdns3: fix incorrect handling TRB_SMM flag for ISOC transfer (git-fixes). - usb: cdns3: fix issue with rearming ISO OUT endpoint (git-fixes). - usb: cdns3: fix random warning message when driver load (git-fixes). - usb: cdns3: host: fix endless superspeed hub port reset (git-fixes). - usb: cdnsp: Fix issue with Clear Feature Halt Endpoint (git-fixes). - usb: cdnsp: fix issue with ZLP - added TD_SIZE = 1 (git-fixes). - usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes). - usb: common: debug: Check non-standard control requests (git-fixes). - usb: dwc2: fix wrong order of phy_power_on and phy_init (git-fixes). - usb: dwc2: gadget: remove D+ pull-up while no vbus with usb-role-switch (git-fixes). - usb: dwc3: core: Deprecate GCTL.CORESOFTRESET (git-fixes). - usb: dwc3: core: Do not perform GCTL_CORE_SOFTRESET during bootup (git-fixes). - usb: dwc3: core: Enable GUCTL1 bit 10 for fixing termination error after resume bug (git-fixes). - usb: dwc3: core: leave default DMA if the controller does not support 64-bit DMA (git-fixes). - usb: dwc3: disable USB core PHY management (git-fixes). - usb: dwc3: dwc3-qcom: Add missing platform_device_put() in dwc3_qcom_acpi_register_core (git-fixes). - usb: dwc3: dwc3-qcom: Fix typo in the dwc3 vbus override API (git-fixes). - usb: dwc3: exynos: Fix remove() function (git-fixes). - usb: dwc3: gadget: Avoid duplicate requests to enable Run/Stop (git-fixes). - usb: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind (git-fixes). - usb: dwc3: gadget: Clear ep descriptor last (git-fixes). - usb: dwc3: gadget: Do not modify GEVNTCOUNT in pullup() (git-fixes). - usb: dwc3: gadget: Do not set IMI for no_interrupt (git-fixes). - usb: dwc3: gadget: Refactor pullup() (git-fixes). - usb: dwc3: gadget: Return -ESHUTDOWN on ep disable (git-fixes). - usb: dwc3: gadget: Stop processing more requests on IMI (git-fixes). - usb: dwc3: gadget: conditionally remove requests (git-fixes). - usb: dwc3: gadget: fix high speed multiplier setting (git-fixes). - usb: dwc3: gadget: refactor dwc3_repare_one_trb (git-fixes). - usb: dwc3: pci: Add support for Intel Raptor Lake (git-fixes). - usb: dwc3: qcom: Add helper functions to enable,disable wake irqs (git-fixes). - usb: dwc3: qcom: fix missing optional irq warnings (git-fixes). - usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup (git-fixes). - usb: ehci: Fix a function name in comments (git-fixes). - usb: gadget: bdc: fix typo in comment (git-fixes). - usb: gadget: f_fs: stricter integer overflow checks (git-fixes). - usb: gadget: f_uac2: clean up some inconsistent indenting (git-fixes). - usb: gadget: f_uac2: fix superspeed transfer (git-fixes). - usb: gadget: function: fix dangling pnp_string in f_printer.c (git-fixes). - usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS (git-fixes). - usb: gadget: tegra-xudc: Fix error check in tegra_xudc_powerdomain_init() (git-fixes). - usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes). - usb: gadget: udc: amd5536 depends on HAS_DMA (git-fixes). - usb: gadget: uvc: call uvc uvcg_warn on completed status instead of uvcg_info (git-fixes). - usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe (git-fixes). - usb: host: ohci-ppc-of: Fix refcount leak bug (git-fixes). - usb: host: xhci-plat: suspend and resume clocks (git-fixes). - usb: host: xhci-plat: suspend/resume clks for brcm (git-fixes). - usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() (git-fixes). - usb: host: xhci: fix a comment typo in xhci_mem_init() (git-fixes). - usb: host: xhci: use ffs() in xhci_mem_init() (git-fixes). - usb: host: xhci: use snprintf() in xhci_decode_trb() (git-fixes). - usb: hub: avoid warm port reset during USB3 disconnect (git-fixes). - usb: idmouse: fix an uninit-value in idmouse_open (git-fixes). - usb: mon: make mmapped memory read only (git-fixes). - usb: mtu3: fix failed runtime suspend in host only mode (git-fixes). - usb: musb: Fix musb_gadget.c rxstate overflow bug (git-fixes). - usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe (git-fixes). - usb: renesas: Fix refcount leak bug (git-fixes). - usb: smsc: use eth_hw_addr_set() (git-fixes). - usb: storage: Add ASUS <0x0b05:0x1932> to IGNORE_UAS (git-fixes). - usb: typec: altmodes/displayport: correct pin assignment for UFP receptacles (git-fixes). - usb: typec: intel_pmc_mux: Add new ACPI ID for Meteor Lake IOM device (git-fixes). - usb: typec: mux: Enter safe mode only when pins need to be reconfigured (git-fixes). - usb: typec: tcpm: Return ENOTSUPP for power supply prop writes (git-fixes). - usb: typec: tcpm: fix typo in comment (git-fixes). - usb: typec: tipd: Add an additional overflow check (git-fixes). - usb: typec: tipd: Do not read/write more bytes than required (git-fixes). - usb: typec: ucsi: Acknowledge the GET_ERROR_STATUS command completion (git-fixes). - usb: typec: ucsi: Remove incorrect warning (git-fixes). - usb: xhci-mtk: check boundary before check tt (git-fixes). - usb: xhci-mtk: relax TT periodic bandwidth allocation (git-fixes). - usb: xhci-mtk: update fs bus bandwidth by bw_budget_table (git-fixes). - usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller (git-fixes). - usb: xhci: tegra: Fix error check (git-fixes). - usbnet: Fix linkwatch use-after-free on disconnect (git-fixes). - usbnet: Fix memory leak in usbnet_disconnect() (git-fixes). - usbnet: Run unregister_netdev() before unbind() again (git-fixes). - usbnet: smsc95xx: Avoid link settings race on interrupt reception (git-fixes). - usbnet: smsc95xx: Do not clear read-only PHY interrupt (git-fixes). - usbnet: smsc95xx: Do not reset PHY behind PHY driver's back (git-fixes). - usbnet: smsc95xx: Fix deadlock on runtime resume (git-fixes). - usbnet: smsc95xx: Forward PHY interrupts to PHY driver to avoid polling (git-fixes). - userfaultfd/selftests: fix hugetlb area allocations (git-fixes). - v3 of 'PCI: hv: Only reuse existing IRTE allocation for Multi-MSI' - vboxguest: Do not use devm for irq (git-fixes). - vdpa_sim: avoid putting an uninitialized iova_domain (git-fixes). - venus: pm_helpers: Fix warning in OPP during probe (git-fixes). - vfio/ccw: Do not change FSM state in subchannel event (git-fixes). - vfio/ccw: Remove UUID from s390 debug log (git-fixes). - vfio/type1: Unpin zero pages (git-fixes). - vfio: Clear the caps->buf to NULL after free (git-fixes). - vhost/vsock: Use kvmalloc/kvfree for larger packets (git-fixes). - video/fbdev/stifb: Implement the stifb_fillrect() function (git-fixes). - video: fbdev: amba-clcd: Fix refcount leak bugs (git-fixes). - video: fbdev: arkfb: Check the size of screen before memset_io() (git-fixes). - video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() (git-fixes). - video: fbdev: i740fb: Check the argument of i740_calc_vclk() (git-fixes). - video: fbdev: i740fb: Error out if 'pixclock' equals zero (git-fixes). - video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write (git-fixes). - video: fbdev: s3fb: Check the size of screen before memset_io() (git-fixes). - video: fbdev: sis: fix typos in SiS_GetModeID() (git-fixes). - video: fbdev: vt8623fb: Check the size of screen before memset_io() (git-fixes). - virt: Add SEV-SNP guest driver (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Add documentation for SEV-SNP CPUID Enforcement (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Add support to derive key (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Add support to get extended report (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Fix bool function returning negative value (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Fix return value check in alloc_shared_pages() (jsc#SLE-19924, jsc#SLE-24814). - virt: vbox: convert to use dev_groups (git-fixes). - virtio-blk: Use blk_validate_block_size() to validate block size (git-fixes). - virtio-gpu: fix a missing check to avoid NULL dereference (git-fixes). - virtio-net: fix the race between refill work and close (git-fixes). - virtio_net: fix memory leak inside XPD_TX with mergeable (git-fixes). - vmxnet3: Implement ethtool's get_channels command (bsc#1200431). - vmxnet3: Record queue number to incoming packets (bsc#1200431). - vmxnet3: Remove useless DMA-32 fallback configuration (bsc#1200431). - vmxnet3: add command to set ring buffer sizes (bsc#1200431). - vmxnet3: add support for capability registers (bsc#1200431). - vmxnet3: add support for large passthrough BAR register (bsc#1200431). - vmxnet3: add support for out of order rx completion (bsc#1200431). - vmxnet3: correctly report encapsulated LRO packet (git-fixes). - vmxnet3: disable overlay offloads if UPT device does not support (bsc#1200431). - vmxnet3: do not reschedule napi for rx processing (bsc#1200431). - vmxnet3: limit number of TXDs used for TSO packet (bsc#1200431). - vmxnet3: prepare for version 7 changes (bsc#1200431). - vmxnet3: switch from 'pci_' to 'dma_' API (bsc#1200431). - vmxnet3: update to version 7 (bsc#1200431). - vmxnet3: use correct intrConf reference when using extended queues (git-fixes). - vmxnet3: use ext1 field to indicate encapsulated packet (bsc#1200431). - vrf: do not run conntrack on vrf with !dflt qdisc (git-fixes). - vrf: fix packet sniffing for traffic originating from ip tunnels (git-fixes). - vsock/virtio: enable VQs early on probe (git-fixes). - vsock/virtio: initialize vdev->priv before using VQs (git-fixes). - vsock/virtio: read the negotiated features before using VQs (git-fixes). - vsock: Fix memory leak in vsock_connect() (git-fixes). - vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout() (git-fixes). - vsock: fix possible infinite sleep in vsock_connectible_wait_data() (git-fixes). - vsock: remove the unused 'wait' in vsock_connectible_recvmsg() (git-fixes). - vsock: remove vsock from connected table when connect is interrupted by a signal (git-fixes). - vt: Clear selection before changing the font (git-fixes). - watch-queue: remove spurious double semicolon (git-fixes). - watch_queue: Fix missing locking in add_watch_to_object() (git-fixes). - watch_queue: Fix missing rcu annotation (git-fixes). - watchdog-export-lockup_detector_reconfigure.patch. - watchdog/hpwdt: Include nmi.h only if CONFIG_HPWDT_NMI_DECODING (git-fixes). - watchdog: armada_37xx_wdt: Fix .set_timeout callback (git-fixes). - watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in armada_37xx_wdt_probe() (git-fixes). - watchdog: ftwdt010_wdt: fix test for platform_get_irq() failure (git-fixes). - watchdog: sp5100_tco: Fix a memory leak of EFCH MMIO resource (git-fixes). - watchdog: wdat_wdt: Set the min and max timeout values properly (bsc#1194023). - watchqueue: make sure to serialize 'wqueue->defunct' properly (git-fixes). - wifi: airo: do not assign -1 to unsigned char (git-fixes). - wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() (git-fixes). - wifi: ath11k: Fix QCN9074 firmware boot on x86 (git-fixes). - wifi: ath11k: avoid deadlock during regulatory update in ath11k_regd_update() (git-fixes). - wifi: ath11k: fix number of VHT beamformee spatial streams (git-fixes). - wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() (git-fixes). - wifi: brcmfmac: fix invalid address access when enabling SCAN log level (git-fixes). - wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (git-fixes). - wifi: cfg80211/mac80211: reject bad MBSSID elements (git-fixes). - wifi: cfg80211: debugfs: fix return type in ht40allow_map_read() (git-fixes). - wifi: cfg80211: do not allow multi-BSSID in S1G (git-fixes). - wifi: cfg80211: fix buffer overflow in elem comparison (git-fixes). - wifi: cfg80211: fix ieee80211_data_to_8023_exthdr handling of small packets (git-fixes). - wifi: cfg80211: fix memory leak in query_regdb_file() (git-fixes). - wifi: cfg80211: silence a sparse RCU warning (git-fixes). - wifi: cfg80211: update hidden BSSes to avoid WARN_ON (git-fixes). - wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes). - wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes). - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (git-fixes). - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (other cases) (git-fixes). - wifi: libertas: Fix possible refcount leak in if_usb_probe() (git-fixes). - wifi: mac80211: Do not finalize CSA in IBSS mode if state is disconnected (git-fixes). - wifi: mac80211: Fix UAF in ieee80211_scan_rx() (git-fixes). - wifi: mac80211: Fix ack frame idr leak when mesh has no route (git-fixes). - wifi: mac80211: allow bw change during channel switch in mesh (git-fixes). - wifi: mac80211: do not drop packets smaller than the LLC-SNAP header on fast-rx (git-fixes). - wifi: mac80211: fix decap offload for stations on AP_VLAN interfaces (git-fixes). - wifi: mac80211: fix memory free error when registering wiphy fail (git-fixes). - wifi: mac80211: fix probe req HE capabilities access (git-fixes). - wifi: mac80211: fix regression with non-QoS drivers (git-fixes). - wifi: mac80211: limit A-MSDU subframes for client too (git-fixes). - wifi: mac80211_hwsim: add back erroneously removed cast (git-fixes). - wifi: mac80211_hwsim: avoid mac80211 warning on bad rate (git-fixes). - wifi: mac80211_hwsim: check length for virtio packets (git-fixes). - wifi: mac80211_hwsim: fix debugfs attribute ps with rc table support (git-fixes). - wifi: mac80211_hwsim: fix race condition in pending packet (git-fixes). - wifi: mac80211_hwsim: use 32-bit skb cookie (git-fixes). - wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration (git-fixes). - wifi: mt76: fix reading current per-tid starting sequence number for aggregation (git-fixes). - wifi: mt76: mt7615: add mt7615_mutex_acquire/release in mt7615_sta_set_decap_offload (git-fixes). - wifi: mt76: mt7915: do not check state before configuring implicit beamform (git-fixes). - wifi: mt76: mt7921: reset msta->airtime_ac while clearing up hw value (git-fixes). - wifi: mt76: sdio: fix transmitting packet hangs (git-fixes). - wifi: p54: Fix an error handling path in p54spi_probe() (git-fixes). - wifi: p54: add missing parentheses in p54_flush() (git-fixes). - wifi: rt2x00: correctly set BBP register 86 for MT7620 (git-fixes). - wifi: rt2x00: do not run Rt5592 IQ calibration on MT7620 (git-fixes). - wifi: rt2x00: set SoC wmac clock register (git-fixes). - wifi: rt2x00: set VGC gain for both chains of MT7620 (git-fixes). - wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620 (git-fixes). - wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM (git-fixes). - wifi: rtl8xxxu: Fix skb misuse in TX queue selection (git-fixes). - wifi: rtl8xxxu: Improve rtl8xxxu_queue_select (git-fixes). - wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask (git-fixes). - wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration (git-fixes). - wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse() (git-fixes). - wifi: rtlwifi: 8192de: correct checking of IQK reload (git-fixes). - wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c() (git-fixes). - wifi: rtlwifi: remove always-true condition pointed out by GCC 12 (git-fies). - wifi: rtw88: add missing destroy_workqueue() on error path in rtw_core_init() (git-fixes). - wifi: rtw88: check the return value of alloc_workqueue() (git-fixes). - wifi: rtw89: 8852a: rfk: fix div 0 exception (git-fixes). - wifi: wext: use flex array destination for memcpy() (git-fixes). - wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() (git-fixes). - wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()` (git-fixes). - wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_CHANNEL_LIST attribute (git-fixes). - wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_OPER_CHANNEL attribute (git-fixes). - wifi: wilc1000: validate number of channels (git-fixes). - wifi: wilc1000: validate pairwise and authentication suite offsets (git-fixes). - wireguard: device: check for metadata_dst with skb_valid_dst() (git-fixes). - wireless: Remove redundant 'flush_workqueue()' calls (bsc#1202131). - workqueue: do not skip lockdep work dependency in cancel_work_sync() (git-fixes). - wwan_hwsim: fix possible memory leak in wwan_hwsim_dev_new() (git-fixes). - x86/Hyper-V: Add SEV negotiate protocol support in Isolation VM (bsc#1190497). - x86/Xen: streamline (and fix) PV CPU enumeration (git-fixes). - x86/boot: Add Confidential Computing type to setup_data (jsc#SLE-19924, jsc#SLE-24814). - x86/boot: Add a pointer to Confidential Computing blob in bootparams (jsc#SLE-19924, jsc#SLE-24814). - x86/boot: Do not propagate uninitialized boot_params->cc_blob_address (bsc#1204970). - x86/boot: Fix the setup data types max limit (bsc#1204970). - x86/boot: Introduce helpers for MSR reads/writes (jsc#SLE-19924, jsc#SLE-24814). - x86/boot: Put globals that are accessed early into the .data section (jsc#SLE-19924, jsc#SLE-24814). - x86/boot: Use MSR read/write helpers instead of inline assembly (jsc#SLE-19924, jsc#SLE-24814). - x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3 (bsc#1206037). - x86/compressed/64: Add identity mapping for Confidential Computing blob (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/64: Add identity mappings for setup_data entries (bsc#1204970). - x86/compressed/64: Add support for SEV-SNP CPUID table in #VC handlers (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/64: Detect/setup SEV/SME features earlier during boot (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI config table lookup to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI detection to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI kexec handling into common code (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI system table lookup to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI vendor table lookup to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Add SEV-SNP feature detection/setup (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Add helper for validating pages in the decompression stage (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Export and rename add_identity_map() (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Register GHCB memory when SEV-SNP is active (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Use firmware-validated CPUID leaves for SEV-SNP guests (jsc#SLE-19924, jsc#SLE-24814). - x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473). - x86/entry: Work around Clang __bdos() bug (git-fixes). - x86/extable: Extend extable functionality (git-fixes). - x86/fpu: Drop fpregs lock before inheriting FPU permissions (bnc#1205282). - x86/futex: Remove .fixup usage (git-fixes). - x86/head/64: Re-enable stack protection (jsc#SLE-19924, jsc#SLE-24814). - x86/hyperv: Disable hardlockup detector by default in Hyper-V guests (git-fixes). - x86/hyperv: Fix 'struct hv_enlightened_vmcs' definition (git-fixes). - x86/hyperv: Update 'struct hv_enlightened_vmcs' definition (git-fixes). - x86/hyperv: fix invalid writes to MSRs during root partition kexec (git-fixes). - x86/ibt,ftrace: Make function-graph play nice (bsc#1203969). - x86/kernel: Mark the .bss..decrypted section as shared in the RMP table (jsc#SLE-19924, jsc#SLE-24814). - x86/kernel: Validate ROM memory before accessing when SEV-SNP is active (jsc#SLE-19924, jsc#SLE-24814). - x86/kexec: Fix double-free of elf header buffer (bsc#1205567). - x86/kexec: fix memory leak of elf header buffer (bsc#1196444). - x86/microcode/AMD: Apply the patch early on every logical thread (bsc#1205264). - x86/mm: Extend cc_attr to include AMD SEV-SNP (jsc#SLE-19924, jsc#SLE-24814). - x86/mm: Validate memory when changing the C-bit (jsc#SLE-19924, jsc#SLE-24814). - x86/olpc: fix 'logical not is only applied to the left hand side' (git-fixes). - x86/retbleed: Add fine grained Kconfig knobs (bsc#1190497). - x86/sev: Add SEV-SNP feature detection/setup (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Add a helper for the PVALIDATE instruction (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Add a sev= cmdline option (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Add helper for validating pages in early enc attribute changes (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Add missing __init annotations to SEV init routines (jsc#SLE-19924 jsc#SLE-24814). - x86/sev: Annotate stack change in the #VC handler (bsc#1204970). - x86/sev: Check SEV-SNP features support (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Check the VMPL level (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Define the Linux-specific guest termination reasons (bsc#1190497). - x86/sev: Detect/setup SEV/SME features earlier in boot (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Do not use cc_platform_has() for early SEV-SNP calls (bsc#1204970). - x86/sev: Get the AP jump table address from secrets page (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Move MSR-based VMGEXITs for CPUID to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Provide support for SNP guest request NAEs (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Register GHCB memory when SEV-SNP is active (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Register SEV-SNP guest request platform device (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Remove duplicated assignment to variable info (bsc#1204970). - x86/sev: Save the negotiated GHCB version (bsc#1190497). - x86/sev: Use SEV-SNP AP creation to start secondary CPUs (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Use firmware-validated CPUID for SEV-SNP guests (jsc#SLE-19924, jsc#SLE-24814). - x86/uaccess: Implement macros for CMPXCHG on user addresses (git-fixes). - x86/xen: Remove undefined behavior in setup_features() (git-fixes). - xen-blkback: Advertise feature-persistent as user requested (git-fixes). - xen-blkback: Apply 'feature_persistent' parameter when connect (git-fixes). - xen-blkback: fix persistent grants negotiation (git-fixes). - xen-blkfront: Advertise feature-persistent as user requested (git-fixes). - xen-blkfront: Apply 'feature_persistent' parameter when connect (git-fixes). - xen-blkfront: Cache feature_persistent value before advertisement (git-fixes). - xen-blkfront: Handle NULL gendisk (git-fixes). - xen-netback: only remove 'hotplug-status' when the vif is actually destroyed (git-fixes). - xen/gntdev: Accommodate VMA splitting (git-fixes). - xen/gntdev: Avoid blocking in unmap_grant_pages() (git-fixes). - xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (git-fixes). - xen/gntdev: Prevent leaking grants (git-fixes). - xen/gntdev: fix unmap notification order (git-fixes). - xen/grants: prevent integer overflow in gnttab_dma_alloc_pages() (git-fixes). - xen/pcpu: fix possible memory leak in register_pcpu() (git-fixes). - xen/privcmd: fix error exit of privcmd_ioctl_dm_op() (git-fixes). - xen/usb: do not use arbitrary_virt_to_machine() (git-fixes). - xen/xenbus: fix return type in xenbus_file_read() (git-fixes). - xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32 (git-fixes). - xen: detect uninitialized xenbus in xenbus_init (git-fixes). - xen: do not continue xenstore initialization in case of errors (git-fixes). - xfs: Fix the free logic of state in xfs_attr_node_hasname (git-fixes). - xfs: check sb_meta_uuid for dabuf buffer recovery (git-fixes). - xfs: convert XLOG_FORCED_SHUTDOWN() to xlog_is_shutdown() (git-fixes). - xfs: fix perag reference leak on iteration race with growfs (git-fixes). - xfs: fix soft lockup via spinning in filestream ag selection loop (git-fixes). - xfs: fix use-after-free in xattr node block inactivation (git-fixes). - xfs: fix xfs_ifree() error handling to not leak perag ref (git-fixes). - xfs: fold perag loop iteration logic into helper function (git-fixes). - xfs: make xfs_rtalloc_query_range input parameters const (git-fixes). - xfs: only bother with sync_filesystem during readonly remount (git-fixes). - xfs: prevent UAF in xfs_log_item_in_current_chkpt (git-fixes). - xfs: prevent a UAF when log IO errors race with unmount (git-fixes). - xfs: remove incorrect ASSERT in xfs_rename (git-fixes). - xfs: rename the next_agno perag iteration variable (git-fixes). - xfs: reorder iunlink remove operation in xfs_ifree (git-fixes). - xfs: reserve quota for dir expansion when linking/unlinking files (bsc#1205616). - xfs: reserve quota for target dir expansion when renaming files (bsc#1205679). - xfs: revert 'xfs: actually bump warning counts when we send warnings' (git-fixes). - xfs: terminate perag iteration reliably on agcount (git-fixes). - xfs: use invalidate_lock to check the state of mmap_lock (git-fixes). - xfs: use kmem_cache_free() for kmem_cache objects (git-fixes). - xfs: use setattr_copy to set vfs inode attributes (git-fixes). - xhci-pci: Set runtime PM as default policy on all xHC 1.2 or later devices (git-fixes). - xhci: Add quirk to reset host back to default state at shutdown (git-fixes). - xhci: Allocate separate command structures for each LPM command (git-fixes). - xhci: Do not show warning for reinit on known broken suspend (git-fixes). - xhci: Remove device endpoints from bandwidth list when freeing the device (git-fixes). - xhci: Set HCD flag to defer primary roothub registration (git-fixes). - xhci: dbc: Fix memory leak in xhci_alloc_dbc() (git-fixes). - xhci: dbc: Rename xhci_dbc_init and xhci_dbc_exit (git-fixes). - xhci: dbc: create and remove dbc structure in dbgtty driver (git-fixes). - xhci: dbc: refactor xhci_dbc_init() (git-fixes). - xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create (git-fixes). - xprtrdma: treat all calls not a bcall when bc_serv is NULL (git-fixes). - zonefs: Clear inode information flags on inode creation (git-fixes). - zonefs: Fix management of open zones (git-fixes). - zonefs: add MODULE_ALIAS_FS (git-fixes). ----------------------------------------- Patch: SUSE-2022-4618 Released: Fri Dec 23 13:02:31 2022 Summary: Recommended update for catatonit Severity: moderate References: Description: This update for catatonit fixes the following issues: Update to catatonit v0.1.7: - This release adds the ability for catatonit to be used as the only process in a pause container, by passing the -P flag (in this mode no subprocess is spawned and thus no signal forwarding is done). Update to catatonit v0.1.6: - which fixes a few bugs -- mainly ones related to socket activation or features somewhat adjacent to socket activation (such as passing file descriptors). ----------------------------------------- Patch: SUSE-2022-4628 Released: Wed Dec 28 09:23:13 2022 Summary: Security update for sqlite3 Severity: moderate References: 1206337,CVE-2022-46908 Description: This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). ----------------------------------------- Patch: SUSE-2022-4629 Released: Wed Dec 28 09:24:07 2022 Summary: Security update for systemd Severity: important References: 1200723,1205000,CVE-2022-4415 Description: This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). ----------------------------------------- Patch: SUSE-2022-4635 Released: Thu Dec 29 12:31:19 2022 Summary: Security update for conmon Severity: moderate References: 1200285,CVE-2022-1708 Description: This update for conmon fixes the following issues: conmon was updated to version 2.1.5: * don't leak syslog_identifier * logging: do not read more that the buf size * logging: fix error handling * Makefile: Fix install for FreeBSD * signal: Track changes to get_signal_descriptor in the FreeBSD version * Packit: initial enablement Update to version 2.1.4: * Fix a bug where conmon crashed when it got a SIGCHLD update to 2.1.3: * Stop using g_unix_signal_add() to avoid threads * Rename CLI optionlog-size-global-max to log-global-size-max Update to version 2.1.2: * add log-global-size-max option to limit the total output conmon processes (CVE-2022-1708 bsc#1200285) * journald: print tag and name if both are specified * drop some logs to debug level Update to version 2.1.0 * logging: buffer partial messages to journald * exit: close all fds >= 3 * fix: cgroup: Free memory_cgroup_file_path if open fails. Update to version 2.0.32 * Fix: Avoid mainfd_std{in,out} sharing the same file descriptor. * exit_command: Fix: unset subreaper attribute before running exit command Update to version 2.0.31 * logging: new mode -l passthrough * ctr_logs: use container name or ID as SYSLOG_IDENTIFIER for journald * conmon: Fix: free userdata files before exec cleanup ----------------------------------------- Patch: SUSE-2023-25 Released: Thu Jan 5 09:51:41 2023 Summary: Recommended update for timezone Severity: moderate References: 1177460 Description: This update for timezone fixes the following issues: Version update from 2022f to 2022g (bsc#1177460): - In the Mexican state of Chihuahua: * The border strip near the US will change to agree with nearby US locations on 2022-11-30. * The strip's western part, represented by Ciudad Juarez, switches from -06 all year to -07/-06 with US DST rules, like El Paso, TX. * The eastern part, represented by Ojinaga, will observe US DST next year, like Presidio, TX. * A new Zone America/Ciudad_Juarez splits from America/Ojinaga. - Much of Greenland, represented by America/Nuuk, stops observing winter time after March 2023, so its daylight saving time becomes standard time. - Changes for pre-1996 northern Canada - Update to past DST transition in Colombia (1993), Singapore (1981) - 'timegm' is now supported by default ----------------------------------------- Patch: SUSE-2023-45 Released: Mon Jan 9 10:32:26 2023 Summary: Recommended update for libxml2 Severity: moderate References: 1204585 Description: This update for libxml2 fixes the following issues: - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz ----------------------------------------- Patch: SUSE-2023-48 Released: Mon Jan 9 10:37:54 2023 Summary: Recommended update for libtirpc Severity: moderate References: 1199467 Description: This update for libtirpc fixes the following issues: - Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467) ----------------------------------------- Patch: SUSE-2023-51 Released: Mon Jan 9 10:42:58 2023 Summary: Recommended update for suse-module-tools Severity: moderate References: 1195391,1200107,1203092,1204423 Description: This update for suse-module-tools fixes the following issues: - 80-hotplug-cpu-mem.rules: Restrict udev rule for Hotplug physical CPU to x86_64 architecture (bsc#1204423) - driver-check.sh, unblacklist: Convert `egrep` to `grep -E` (bsc#1203092) - driver-check.sh: Avoid false positive error messages (bsc#1200107) - kernel-scriptlets: Don't pass flags to weak-modules2 (bsc#1195391) ----------------------------------------- Patch: SUSE-2023-52 Released: Mon Jan 9 10:43:57 2023 Summary: Recommended update for xfsprogs Severity: moderate References: 1205266,1205272,1205284,1205377 Description: This update for xfsprogs fixes the following issues: - mkfs: don't trample the gid set in the protofile (bsc#1205266) - mkfs: prevent corruption of passed-in suboption string values (bsc#1205377) - mkfs: terminate getsubopt arrays properly (bsc#1205284) - xfs_repair: ignore empty xattr leaf blocks (bsc#1205272) ----------------------------------------- Patch: SUSE-2023-56 Released: Mon Jan 9 11:13:43 2023 Summary: Security update for libksba Severity: moderate References: 1206579,CVE-2022-47629 Description: This update for libksba fixes the following issues: - CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579). ----------------------------------------- Patch: SUSE-2023-119 Released: Fri Jan 20 10:28:07 2023 Summary: Security update for mozilla-nss Severity: important References: 1204272,1207038,CVE-2022-23491,CVE-2022-3479 Description: This update for mozilla-nss fixes the following issues: - CVE-2022-3479: Fixed a potential crash that could be triggered when a server requested a client authentication certificate, but the client had no certificates stored (bsc#1204272). - Updated to version 3.79.3 (bsc#1207038): - CVE-2022-23491: Removed trust for 3 root certificates from TrustCor. ----------------------------------------- Patch: SUSE-2023-147 Released: Thu Jan 26 09:24:14 2023 Summary: Security update for the Linux Kernel Severity: important References: 1065729,1187428,1188605,1191259,1193629,1199294,1201068,1203219,1203740,1204614,1204652,1204760,1204911,1204989,1205263,1205485,1205601,1205695,1206073,1206098,1206101,1206188,1206209,1206344,1206389,1206390,1206393,1206394,1206395,1206396,1206397,1206398,1206399,1206456,1206468,1206515,1206536,1206554,1206602,1206619,1206664,1206703,1206794,1206896,1206912,1207016,CVE-2022-3104,CVE-2022-3105,CVE-2022-3106,CVE-2022-3107,CVE-2022-3108,CVE-2022-3111,CVE-2022-3112,CVE-2022-3113,CVE-2022-3115,CVE-2022-3344,CVE-2022-3564,CVE-2022-4379,CVE-2022-4662,CVE-2022-47520 Description: The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-3344: Fixed a flaw found in the KVM's AMD nested virtualization (SVM). A malicious L1 guest could purposely fail to intercept the shutdown of a cooperative nested guest (L2), possibly leading to a page fault and kernel panic in the host (L0). (bsc#1204652) - CVE-2022-4662: Fixed a recursive locking violation in usb-storage that can cause the kernel to deadlock. (bsc#1206664) - CVE-2022-3115: Fixed a null pointer dereference in malidp_crtc.c caused by a lack of checks of the return value of kzalloc. (bsc#1206393) - CVE-2022-47520: Fixed an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet. (bsc#1206515) - CVE-2022-3112: Fixed a null pointer dereference caused by a missing check of the return value of kzalloc() in vdec_helpers.c:amvdec_set_canvases. (bsc#1206399) - CVE-2022-3564: Fixed a bug which could lead to use after free, it was found in the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. (bsc#1206073) - CVE-2022-4379: Fixed a use-after-free vulnerability in nfs4file.c:__nfs42_ssc_open. (bsc#1206209) - CVE-2022-3108: Fixed a bug in kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c where a lack of check of the return value of kmemdup() could lead to a NULL pointer dereference. (bsc#1206389) - CVE-2022-3104: Fixed a null pointer dereference caused by a missing check of the return value of kzalloc() in bugs.c:lkdtm_ARRAY_BOUNDS. (bsc#1206396) - CVE-2022-3113: Fixed a null pointer dereference caused by a missing check of the return value of devm_kzalloc. (bsc#1206390) - CVE-2022-3107: Fixed a null pointer dereference caused by a missing check of the return value of kvmalloc_array. (bsc#1206395) - CVE-2022-3111: Fixed a missing release of resource after effective lifetime bug caused by a missing free of the WM8350_IRQ_CHG_FAST_RDY in wm8350_init_charger. (bsc#1206394) - CVE-2022-3105: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc_array. (bsc#1206398) - CVE-2022-3106: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc. (bsc#1206397) The following non-security bugs were fixed: - acct: fix potential integer overflow in encode_comp_t() (git-fixes). - ACPI: resource: Skip IRQ override on Asus Vivobook K3402ZA/K3502ZA (git-fixes). - ACPICA: Fix error code path in acpi_ds_call_control_method() (git-fixes). - ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage() (git-fixes). - ALSA: asihpi: fix missing pci_disable_device() (git-fixes). - ALSA: control-led: use strscpy in set_led_id() (git-fixes). - ALSA: hda - Enable headset mic on another Dell laptop with ALC3254 (git-fixes). - ALSA: hda: cs35l41: Check runtime suspend capability at runtime_idle (git-fixes). - ALSA: hda: cs35l41: Do not return -EINVAL from system suspend/resume (git-fixes). - ALSA: hda/hdmi: Add a HP device 0x8715 to force connect list (git-fixes). - ALSA: hda/hdmi: Add HP Device 0x8711 to force connect list (git-fixes). - ALSA: hda/realtek - Turn on power early (git-fixes). - ALSA: hda/realtek: Add quirk for Lenovo TianYi510Pro-14IOB (git-fixes). - ALSA: hda/realtek: Apply dual codec fixup for Dell Latitude laptops (git-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs on HP Spectre x360 13-aw0xxx (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). - ALSA: line6: correct midi status byte when receiving data from podxt (git-fixes). - ALSA: line6: fix stack overflow in line6_midi_transmit (git-fixes). - ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt (git-fixes). - ALSA: patch_realtek: Fix Dell Inspiron Plus 16 (git-fixes). - ALSA: pcm: fix undefined behavior in bit shift for SNDRV_PCM_RATE_KNOT (git-fixes). - ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (git-fixes). - ALSA: pcm: Set missing stop_operating flag at undoing trigger start (git-fixes). - ALSA: seq: Fix function prototype mismatch in snd_seq_expand_var_event (git-fixes). - ALSA: seq: fix undefined behavior in bit shift for SNDRV_SEQ_FILTER_USE_EVENT (git-fixes). - ALSA: usb-audio: add the quirk for KT0206 device (git-fixes). - ALSA: usb-audio: Make sure to stop endpoints before closing EPs (git-fixes). - ALSA: usb-audio: Relax hw constraints for implicit fb sync (git-fixes). - amdgpu/pm: prevent array underflow in vega20_odn_edit_dpm_table() (git-fixes). - apparmor: fix a memleak in multi_transaction_new() (git-fixes). - apparmor: Fix abi check to include v8 abi (git-fixes). - apparmor: fix lockdep warning when removing a namespace (git-fixes). - apparmor: Fix memleak in alloc_ns() (git-fixes). - apparmor: Use pointer to struct aa_label for lbs_cred (git-fixes). - ARM: 9251/1: perf: Fix stacktraces for tracepoint events in THUMB2 kernels (git-fixes). - ARM: 9256/1: NWFPE: avoid compiler-generated __aeabi_uldivmod (git-fixes). - ARM: dts: armada-370: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: armada-375: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: armada-38x: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: armada-38x: Fix compatible string for gpios (git-fixes). - ARM: dts: armada-39x: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: armada-39x: Fix compatible string for gpios (git-fixes). - ARM: dts: armada-xp: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: dove: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: nuvoton: Remove bogus unit addresses from fixed-partition nodes (git-fixes). - ARM: dts: qcom: apq8064: fix coresight compatible (git-fixes). - ARM: dts: rockchip: disable arm_global_timer on rk3066 and rk3188 (git-fixes). - ARM: dts: rockchip: fix ir-receiver node names (git-fixes). - ARM: dts: rockchip: fix node name for hym8563 rtc (git-fixes). - ARM: dts: rockchip: remove clock-frequency from rtc (git-fixes). - ARM: dts: rockchip: rk3188: fix lcdc1-rgb24 node name (git-fixes). - ARM: dts: spear600: Fix clcd interrupt (git-fixes). - ARM: dts: stm32: Drop stm32mp15xc.dtsi from Avenger96 (git-fixes). - ARM: dts: stm32: Fix AV96 WLAN regulator gpio property (git-fixes). - ARM: dts: turris-omnia: Add ethernet aliases (git-fixes). - ARM: dts: turris-omnia: Add switch port 6 node (git-fixes). - ARM: mmp: fix timer_read delay (git-fixes). - ARM: ux500: do not directly dereference __iomem (git-fixes). - arm64: Avoid repeated AA64MMFR1_EL1 register read on pagefault path (performance bsc#1203219). - arm64: dts: armada-3720-turris-mox: Add missing interrupt for RTC (git-fixes). - arm64: dts: mediatek: mt6797: Fix 26M oscillator unit name (git-fixes). - arm64: dts: mediatek: pumpkin-common: Fix devicetree warnings (git-fixes). - arm64: dts: mt2712-evb: Fix usb vbus regulators unit names (git-fixes). - arm64: dts: mt2712-evb: Fix vproc fixed regulators unit names (git-fixes). - arm64: dts: mt2712e: Fix unit address for pinctrl node (git-fixes). - arm64: dts: mt2712e: Fix unit_address_vs_reg warning for oscillators (git-fixes). - arm64: dts: mt6779: Fix devicetree build warnings (git-fixes). - arm64: dts: mt7622: drop r_smpl property from mmc node (git-fixes). - arm64: dts: mt8183: drop drv-type from mmc-node (git-fixes). - arm64: dts: mt8183: Fix Mali GPU clock (git-fixes). - arm64: dts: qcom: ipq6018-cp01-c1: use BLSPI1 pins (git-fixes). - arm64: dts: qcom: msm8916: Drop MSS fallback compatible (git-fixes). - arm64: dts: qcom: msm8996: Add MSM8996 Pro support (git-fixes). - arm64: dts: qcom: msm8996: fix GPU OPP table (git-fixes). - arm64: dts: qcom: msm8996: fix supported-hw in cpufreq OPP tables (git-fixes). - arm64: dts: qcom: sdm630: fix UART1 pin bias (git-fixes). - arm64: dts: qcom: sdm845-cheza: fix AP suspend pin bias (git-fixes). - arm64: dts: qcom: sdm845-db845c: correct SPI2 pins drive strength (git-fixes). - arm64: dts: qcom: sdm850-lenovo-yoga-c630: correct I2C12 pins drive strength (git-fixes). - arm64: dts: qcom: sm8250-sony-xperia-edo: fix touchscreen bias-disable (git-fixes). - arm64: dts: qcom: sm8250: correct LPASS pin pull down (git-fixes). - arm64: dts: qcom: sm8250: drop bogus DP PHY clock (git-fixes). - arm64: dts: qcom: sm8250: fix USB-DP PHY registers (git-fixes). - arm64: dts: rockchip: fix ir-receiver node names (git-fixes). - arm64: dts: rockchip: keep I2S1 disabled for GPIO function on ROCK Pi 4 series (git-fixes). - arm64: dts: ti: k3-am65-main: Drop dma-coherent in crypto node (git-fixes). - arm64: dts: ti: k3-j721e-main: Drop dma-coherent in crypto node (git-fixes). - ASoC: audio-graph-card: fix refcount leak of cpu_ep in __graph_for_each_link() (git-fixes). - ASoC: codecs: rt298: Add quirk for KBL-R RVP platform (git-fixes). - ASoC: cs42l51: Correct PGA Volume minimum value (git-fixes). - ASoC: dt-bindings: wcd9335: fix reset line polarity in example (git-fixes). - ASoC: fsl_micfil: explicitly clear CHnF flags (git-fixes). - ASoC: fsl_micfil: explicitly clear software reset bit (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Advantech MICA-071 tablet (git-fixes). - ASoC: jz4740-i2s: Handle independent FIFO flush bits (git-fixes). - ASoC: mediatek: mt8173-rt5650-rt5514: fix refcount leak in mt8173_rt5650_rt5514_dev_probe() (git-fixes). - ASoC: mediatek: mt8173: Enable IRQ when pdata is ready (git-fixes). - ASoC: mediatek: mt8183: fix refcount leak in mt8183_mt6358_ts3a227_max98357_dev_probe() (git-fixes). - ASoC: mediatek: mtk-btcvsd: Add checks for write and read of mtk_btcvsd_snd (git-fixes). - ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx() (git-fixes). - ASoC: ops: Correct bounds check for second channel on SX controls (git-fixes). - ASoC: pcm512x: Fix PM disable depth imbalance in pcm512x_probe (git-fixes). - ASoC: pxa: fix null-pointer dereference in filter() (git-fixes). - ASoC: qcom: Add checks for devm_kcalloc (git-fixes). - ASoC: qcom: lpass-cpu: Fix fallback SD line index handling (git-fixes). - ASoC: rockchip: pdm: Add missing clk_disable_unprepare() in rockchip_pdm_runtime_resume() (git-fixes). - ASoC: rockchip: spdif: Add missing clk_disable_unprepare() in rk_spdif_runtime_resume() (git-fixes). - ASoC: rt5670: Remove unbalanced pm_runtime_put() (git-fixes). - ASoC: rt711-sdca: fix the latency time of clock stop prepare state machine transitions (git-fixes). - ASoC: soc-pcm: Add NULL check in BE reparenting (git-fixes). - ASoC: wm8904: fix wrong outputs volume after power reactivation (git-fixes). - ASoC: wm8962: Wait for updated value of WM8962_CLOCKING1 register (git-fixes). - ASoC: wm8994: Fix potential deadlock (git-fixes). - ata: ahci: Fix PCS quirk application for suspend (git-fixes). - binfmt_elf: fix documented return value for load_elf_phdrs() (git-fixes). - binfmt_misc: fix shift-out-of-bounds in check_special_flags (git-fixes). - binfmt: Fix error return code in load_elf_fdpic_binary() (git-fixes). - Bluetooth: btintel: Fix missing free skb in btintel_setup_combined() (git-fixes). - Bluetooth: btusb: Add debug message for CSR controllers (git-fixes). - Bluetooth: btusb: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_bcsp: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_core: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_h5: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_ll: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_qca: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: MGMT: Fix error report for ADD_EXT_ADV_PARAMS (git-fixes). - Bluetooth: RFCOMM: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - brcmfmac: return error when getting invalid max_flowrings from dongle (git-fixes). - caif: fix memory leak in cfctrl_linkup_request() (git-fixes). - can: kvaser_usb_leaf: Fix bogus restart events (git-fixes). - can: kvaser_usb_leaf: Fix wrong CAN state after stopping (git-fixes). - can: kvaser_usb_leaf: Set Warning state even without bus errors (git-fixes). - can: kvaser_usb: do not increase tx statistics when sending error message frames (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits (git-fixes). - can: mcba_usb: Fix termination command argument (git-fixes). - can: sja1000: fix size of OCR_MODE_MASK define (git-fixes). - can: tcan4x5x: Remove invalid write in clear_interrupts (git-fixes). - chardev: fix error handling in cdev_device_add() (git-fixes). - cifs: Add 'extbuf' and 'extbuflen' args to smb2_compound_op() (bsc#1193629). - cifs: do not block in dfs_cache_noreq_update_tgthint() (bsc#1193629). - cifs: do not leak -ENOMEM in smb2_open_file() (bsc#1193629). - cifs: do not refresh cached referrals from unactive mounts (bsc#1193629). - cifs: fix confusing debug message (bsc#1193629). - cifs: Fix kmap_local_page() unmapping (git-fixes). - cifs: fix missing display of three mount options (bsc#1193629). - cifs: fix oops during encryption (bsc#1199294). - cifs: fix refresh of cached referrals (bsc#1193629). - cifs: fix source pathname comparison of dfs supers (bsc#1193629). - cifs: fix various whitespace errors in headers (bsc#1193629). - cifs: get rid of mount options string parsing (bsc#1193629). - cifs: minor cleanup of some headers (bsc#1193629). - cifs: optimize reconnect of nested links (bsc#1193629). - cifs: Parse owner/group for stat in smb311 posix extensions (bsc#1193629). - cifs: print warning when conflicting soft vs. hard mount options specified (bsc#1193629). - cifs: reduce roundtrips on create/qinfo requests (bsc#1193629). - cifs: refresh root referrals (bsc#1193629). - cifs: Remove duplicated include in cifsglob.h (bsc#1193629). - cifs: remove unused smb3_fs_context::mount_options (bsc#1193629). - cifs: set correct ipc status after initial tree connect (bsc#1193629). - cifs: set correct status of tcon ipc when reconnecting (bsc#1193629). - cifs: set correct tcon status after initial tree connect (bsc#1193629). - cifs: set resolved ip in sockaddr (bsc#1193629). - cifs: share dfs connections and supers (bsc#1193629). - cifs: skip alloc when request has no pages (bsc#1193629). - cifs: split out ses and tcon retrieval from mount_get_conns() (bsc#1193629). - cifs: update internal module number (bsc#1193629). - cifs: use fs_context for automounts (bsc#1193629). - cifs: use origin fullpath for automounts (bsc#1193629). - class: fix possible memory leak in __class_register() (git-fixes). - clk: Fix pointer casting to prevent oops in devm_clk_release() (git-fixes). - clk: generalize devm_clk_get() a bit (git-fixes). - clk: imx: imx8mp: add shared clk gate for usb suspend clk (git-fixes). - clk: imx: replace osc_hdmi with dummy (git-fixes). - clk: nomadik: correct struct name kernel-doc warning (git-fixes). - clk: Provide new devm_clk helpers for prepared and enabled clocks (git-fixes). - clk: qcom: clk-krait: fix wrong div2 functions (git-fixes). - clk: qcom: gcc-sm8250: Use retention mode for USB GDSCs (git-fixes). - clk: qcom: lpass-sc7180: Fix pm_runtime usage (git-fixes). - clk: renesas: r9a06g032: Repair grave increment error (git-fixes). - clk: rockchip: Fix memory leak in rockchip_clk_register_pll() (git-fixes). - clk: samsung: Fix memory leak in _samsung_clk_register_pll() (git-fixes). - clk: socfpga: Fix memory leak in socfpga_gate_init() (git-fixes). - clk: st: Fix memory leak in st_of_quadfs_setup() (git-fixes). - clk: sunxi-ng: v3s: Correct the header guard of ccu-sun8i-v3s.h (git-fixes). - clocksource/drivers/sh_cmt: Access registers according to spec (git-fixes). - clocksource/drivers/timer-ti-dm: Fix missing clk_disable_unprepare in dmtimer_systimer_init_clock() (git-fixes). - cpufreq: ACPI: Defer setting boost MSRs (bsc#1205485). - cpufreq: ACPI: Only set boost MSRs on supported CPUs (bsc#1205485). - cpufreq: ACPI: Remove unused variables 'acpi_cpufreq_online' and 'ret' (bsc#1205485). - cpufreq: intel_pstate: Add Sapphire Rapids support in no-HWP mode (bsc#1201068). - crypto: ccree - Make cc_debugfs_global_fini() available for module init function (git-fixes). - crypto: ccree - Remove debugfs when platform_driver_register failed (git-fixes). - crypto: cryptd - Use request context instead of stack for sub-request (git-fixes). - crypto: hisilicon/qm - fix missing destroy qp_idr (git-fixes). - crypto: img-hash - Fix variable dereferenced before check 'hdev->req' (git-fixes). - crypto: n2 - add missing hash statesize (git-fixes). - crypto: nitrox - avoid double free on error path in nitrox_sriov_init() (git-fixes). - crypto: omap-sham - Use pm_runtime_resume_and_get() in omap_sham_probe() (git-fixes). - crypto: rockchip - add fallback for ahash (git-fixes). - crypto: rockchip - add fallback for cipher (git-fixes). - crypto: rockchip - better handle cipher key (git-fixes). - crypto: rockchip - do not do custom power management (git-fixes). - crypto: rockchip - do not store mode globally (git-fixes). - crypto: rockchip - remove non-aligned handling (git-fixes). - crypto: rockchip - rework by using crypto_engine (git-fixes). - crypto: sun8i-ss - use dma_addr instead u32 (git-fixes). - crypto: tcrypt - Fix multibuffer skcipher speed test mem leak (git-fixes). - device property: Fix documentation for fwnode_get_next_parent() (git-fixes). - dmaengine: idxd: Fix crc_val field for completion record (git-fixes). - docs/zh_CN: Fix '.. only::' directive's expression (git-fixes). - drbd: destroy workqueue when drbd device was freed (git-fixes). - drbd: remove call to memset before free device/resource/connection (git-fixes). - drbd: remove usage of list iterator variable after loop (git-fixes). - drbd: set QUEUE_FLAG_STABLE_WRITES (git-fixes). - drbd: use after free in drbd_create_device() (git-fixes). - driver core: Fix bus_type.match() error handling in __driver_attach() (git-fixes). - drivers: dio: fix possible memory leak in dio_init() (git-fixes). - drivers: soc: ti: knav_qmss_queue: Mark knav_acc_firmwares as static (git-fixes). - drm: bridge: dw_hdmi: fix preference of RGB modes over YUV420 (git-fixes). - drm/amd/display: fix array index out of bound error in bios parser (git-fixes). - drm/amd/display: Manually adjust strobe for DCN303 (git-fixes). - drm/amd/display: prevent memory leak (git-fixes). - drm/amd/display: Use the largest vready_offset in pipe group (git-fixes). - drm/amd/pm/smu11: BACO is supported when it's in BACO state (git-fixes). - drm/amdgpu: fix pci device refcount leak (git-fixes). - drm/amdgpu: Fix PCI device refcount leak in amdgpu_atrm_get_bios() (git-fixes). - drm/amdgpu: Fix type of second parameter in odn_edit_dpm_table() callback (git-fixes). - drm/amdgpu: Fix type of second parameter in trans_msg() callback (git-fixes). - drm/amdgpu: handle polaris10/11 overlap asics (v2) (git-fixes). - drm/amdgpu: make display pinning more flexible (v2) (git-fixes). - drm/amdgpu/powerplay/psm: Fix memory leak in power state init (git-fixes). - drm/amdgpu/sdma_v4_0: turn off SDMA ring buffer in the s2idle suspend (git-fixes). - drm/amdkfd: Fix memory leakage (git-fixes). - drm/bridge: adv7533: remove dynamic lane switching from adv7533 bridge (git-fixes). - drm/bridge: anx7625: Fix edid_read break case in sp_tx_edid_read() (git-fixes). - drm/bridge: ti-sn65dsi86: Fix output polarity setting bug (git-fixes). - drm/connector: send hotplug uevent on connector cleanup (git-fixes). - drm/edid: Fix minimum bpc supported with DSC1.2 for HDMI sink (git-fixes). - drm/etnaviv: add missing quirks for GC300 (git-fixes). - drm/etnaviv: do not truncate physical page address (git-fixes). - drm/fourcc: Add packed 10bit YUV 4:2:0 format (git-fixes). - drm/fourcc: Fix vsub/hsub for Q410 and Q401 (git-fixes). - drm/fsl-dcu: Fix return type of fsl_dcu_drm_connector_mode_valid() (git-fixes). - drm/i915: Fix documentation for intel_uncore_forcewake_put__locked (git-fixes). - drm/i915: remove circ_buf.h includes (git-fixes). - drm/i915: unpin on error in intel_vgpu_shadow_mm_pin() (git-fixes). - drm/i915/display: Do not disable DDI/Transcoder when setting phy test pattern (git-fixes). - drm/i915/dsi: fix VBT send packet port selection for dual link DSI (git-fixes). - drm/i915/gvt: fix gvt debugfs destroy (git-fixes). - drm/i915/gvt: fix vgpu debugfs clean in remove (git-fixes). - drm/i915/migrate: do not check the scratch page (git-fixes). - drm/i915/migrate: fix length calculation (git-fixes). - drm/i915/migrate: fix offset calculation (git-fixes). - drm/i915/ttm: never purge busy objects (git-fixes). - drm/imx: ipuv3-plane: Fix overlay plane width (git-fixes). - drm/ingenic: Fix missing platform_driver_unregister() call in ingenic_drm_init() (git-fixes). - drm/mediatek: Fix return type of mtk_hdmi_bridge_mode_valid() (git-fixes). - drm/mediatek: Modify dpi power on/off sequence (git-fixes). - drm/meson: Reduce the FIFO lines held when AFBC is not used (git-fixes). - drm/msm: another fix for the headless Adreno GPU (git-fixes). - drm/msm: Use drm_mode_copy() (git-fixes). - drm/msm/adreno: Make adreno quirks not overwrite each other (git-fixes). - drm/msm/dp: do not complete dp_aux_cmd_fifo_tx() if irq is not for aux transfer (git-fixes). - drm/panel/panel-sitronix-st7701: Remove panel on DSI attach failure (git-fixes). - drm/panfrost: Fix GEM handle creation ref-counting (git-fixes). - drm/radeon: Add the missed acpi_put_table() to fix memory leak (git-fixes). - drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios() (git-fixes). - drm/rockchip: lvds: fix PM usage counter unbalance in poweron (git-fixes). - drm/rockchip: Use drm_mode_copy() (git-fixes). - drm/shmem-helper: Avoid vm_open error paths (git-fixes). - drm/shmem-helper: Remove errant put in error path (git-fixes). - drm/sti: Fix return type of sti_{dvo,hda,hdmi}_connector_mode_valid() (git-fixes). - drm/sti: Use drm_mode_copy() (git-fixes). - drm/tegra: Add missing clk_disable_unprepare() in tegra_dc_probe() (git-fixes). - drm/virtio: Fix GEM handle creation UAF (git-fixes). - drm/vmwgfx: Do not use screen objects when SEV is active (git-fixes). - drm/vmwgfx: Fix a sparse warning in kernel docs (git-fixes). - drm/vmwgfx: Validate the box size for the snooped cursor (git-fixes). - Drop FIPS mode DRBG->getrandom(2) wire-up (bsc#1191259) - dt-bindings: clock: qcom,aoncc-sm8250: fix compatible (git-fixes). - dt-bindings: display: sun6i-dsi: Fix clock conditional (git-fixes). - dt-bindings: gpio: gpio-davinci: Increase maxItems in gpio-line-names (git-fixes). - dt-bindings: msm: dsi-controller-main: Fix description of core clock (git-fixes). - dt-bindings: msm: dsi-controller-main: Fix operating-points-v2 constraint (git-fixes). - dt-bindings: msm: dsi-phy-28nm: Add missing qcom, dsi-phy-regulator-ldo-mode (git-fixes). - dt-bindings: msm/dsi: Do not require vcca-supply on 14nm PHY (git-fixes). - dt-bindings: msm/dsi: Do not require vdds-supply on 10nm PHY (git-fixes). - dt-bindings: net: sun8i-emac: Add phy-supply property (git-fixes). - EDAC/mc_sysfs: Increase legacy channel support to 12 (bsc#1205263). - efi: Add iMac Pro 2017 to uefi skip cert quirk (git-fixes). - efi: fix userspace infinite retry read efivars after EFI runtime services page fault (git-fixes). - extcon: usbc-tusb320: Add support for mode setting and reset (git-fixes). - extcon: usbc-tusb320: Add support for TUSB320L (git-fixes). - extcon: usbc-tusb320: Factor out extcon into dedicated functions (git-fixes). - fbcon: Use kzalloc() in fbcon_prepare_logo() (git-fixes). - fbdev: fbcon: release buffer when fbcon_do_set_font() failed (git-fixes). - fbdev: geode: do not build on UML (git-fixes). - fbdev: matroxfb: G200eW: Increase max memory from 1 MB to 16 MB (git-fixes). - fbdev: pm2fb: fix missing pci_disable_device() (git-fixes). - fbdev: ssd1307fb: Drop optional dependency (git-fixes). - fbdev: uvesafb: do not build on UML (git-fixes). - fbdev: uvesafb: Fixes an error handling path in uvesafb_probe() (git-fixes). - fbdev: vermilion: decrease reference count in error path (git-fixes). - fbdev: via: Fix error in via_core_init() (git-fixes). - firmware: raspberrypi: fix possible memory leak in rpi_firmware_probe() (git-fixes). - floppy: Fix memory leak in do_floppy_init() (git-fixes). - gpio: sifive: Fix refcount leak in sifive_gpio_probe (git-fixes). - gpiolib: cdev: fix NULL-pointer dereferences (git-fixes). - gpiolib: check the 'ngpios' property in core gpiolib code (git-fixes). - gpiolib: fix memory leak in gpiochip_setup_dev() (git-fixes). - gpiolib: Get rid of redundant 'else' (git-fixes). - gpiolib: improve coding style for local variables (git-fixes). - gpiolib: make struct comments into real kernel docs (git-fixes). - hamradio: baycom_epp: Fix return type of baycom_send_packet() (git-fixes). - hamradio: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes). - HID: hid-sensor-custom: set fixed size for custom attributes (git-fixes). - HID: ite: Enable QUIRK_TOUCHPAD_ON_OFF_REPORT on Acer Aspire Switch V 10 (git-fixes). - HID: mcp2221: do not connect hidraw (git-fixes). - HID: multitouch: fix Asus ExpertBook P2 P2451FA trackpoint (git-fixes). - HID: plantronics: Additional PIDs for double volume key presses quirk (git-fixes). - HID: uclogic: Add HID_QUIRK_HIDINPUT_FORCE quirk (git-fixes). - HID: wacom: Ensure bootloader PID is usable in hidraw mode (git-fixes). - HSI: omap_ssi_core: Fix error handling in ssi_init() (git-fixes). - HSI: omap_ssi_core: fix possible memory leak in ssi_probe() (git-fixes). - HSI: omap_ssi_core: fix unbalanced pm_runtime_disable() (git-fixes). - hwmon: (jc42) Convert register access and caching to regmap/regcache (git-fixes). - hwmon: (jc42) Fix missing unlock on error in jc42_write() (git-fixes). - hwmon: (jc42) Restore the min/max/critical temperatures on resume (git-fixes). - hwrng: amd - Fix PCI device refcount leak (git-fixes). - i2c: ismt: Fix an out-of-bounds bug in ismt_access() (git-fixes). - i2c: mux: reg: check return value after calling platform_get_resource() (git-fixes). - i2c: pxa-pci: fix missing pci_disable_device() on error in ce4100_i2c_probe (git-fixes). - IB/IPoIB: Fix queue count inconsistency for PKEY child interfaces (git-fixes) - ibmveth: Always stop tx queues during close (bsc#1065729). - iio: adc: ad_sigma_delta: do not use internal iio_dev lock (git-fixes). - iio: adc128s052: add proper .data members in adc128_of_match table (git-fixes). - iio: fix memory leak in iio_device_register_eventset() (git-fixes). - iio: temperature: ltc2983: make bulk write buffer DMA-safe (git-fixes). - ima: Fix a potential NULL pointer access in ima_restore_measurement_list (git-fixes). - Input: elants_i2c - properly handle the reset GPIO when power is off (git-fixes). - Input: joystick - fix Kconfig warning for JOYSTICK_ADC (git-fixes). - Input: wistron_btns - disable on UML (git-fixes). - integrity: Fix memory leakage in keyring allocation error path (git-fixes). - ipmi: fix long wait in unload when IPMI disconnect (git-fixes). - ipmi: fix memleak when unload ipmi driver (git-fixes). - ipmi: fix use after free in _ipmi_destroy_user() (git-fixes). - ipmi: kcs: Poll OBF briefly to reduce OBE latency (git-fixes). - ipu3-imgu: Fix NULL pointer dereference in imgu_subdev_set_selection() (git-fixes). - lib/debugobjects: fix stat count and optimize debug_objects_mem_init (git-fixes). - lib/fonts: fix undefined behavior in bit shift for get_default_font (git-fixes). - mailbox: arm_mhuv2: Fix return value check in mhuv2_probe() (git-fixes). - mailbox: mpfs: read the system controller's status (git-fixes). - mailbox: zynq-ipi: fix error handling while device_register() fails (git-fixes). - media: adv748x: afe: Select input port when initializing AFE (git-fixes). - media: camss: Clean up received buffers on failed start of streaming (git-fixes). - media: dvb-core: Fix double free in dvb_register_device() (git-fixes). - media: dvb-core: Fix ignored return value in dvb_register_frontend() (git-fixes). - media: dvb-frontends: fix leak of memory fw (git-fixes). - media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer() (git-fixes). - media: dvb-usb: fix memory leak in dvb_usb_adapter_init() (git-fixes). - media: i2c: ad5820: Fix error path (git-fixes). - media: imon: fix a race condition in send_packet() (git-fixes). - media: saa7164: fix missing pci_disable_device() (git-fixes). - media: si470x: Fix use-after-free in si470x_int_in_callback() (git-fixes). - media: solo6x10: fix possible memory leak in solo_sysfs_init() (git-fixes). - media: stv0288: use explicitly signed char (git-fixes). - media: v4l2-ctrls: Fix off-by-one error in integer menu control check (git-fixes). - media: v4l2-dv-timings.c: fix too strict blanking sanity checks (git-fixes). - media: videobuf-dma-contig: use dma_mmap_coherent (git-fixes). - media: vidtv: Fix use-after-free in vidtv_bridge_dvb_init() (git-fixes). - media: vimc: Fix wrong function called when vimc_init() fails (git-fixes). - media: vivid: fix compose size exceed boundary (git-fixes). - memcg, kmem: further deprecate kmem.limit_in_bytes (bsc#1206896). - memcg: Fix possible use-after-free in memcg_write_event_control() (bsc#1206344). - mfd: bd957x: Fix Kconfig dependency on REGMAP_IRQ (git-fixes). - mfd: mt6360: Add bounds checking in Regmap read/write call-backs (git-fixes). - mfd: pm8008: Fix return value check in pm8008_probe() (git-fixes). - mfd: pm8008: Remove driver data structure pm8008_data (git-fixes). - mfd: qcom_rpm: Fix an error handling path in qcom_rpm_probe() (git-fixes). - mfd: qcom_rpm: Use devm_of_platform_populate() to simplify code (git-fixes). - misc: ocxl: fix possible name leak in ocxl_file_register_afu() (git-fixes). - misc: tifm: fix possible memory leak in tifm_7xx1_switch_media() (git-fixes). - mISDN: hfcmulti: do not call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (git-fixes). - mISDN: hfcpci: do not call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (git-fixes). - mISDN: hfcsusb: do not call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (git-fixes). - mm: fix race between MADV_FREE reclaim and blkdev direct IO read (bsc#1204989,bsc#1205601). - mm/mempolicy: fix memory leak in set_mempolicy_home_node system call (bsc#1206468). - mmc: alcor: fix return value check of mmc_add_host() (git-fixes). - mmc: atmel-mci: fix return value check of mmc_add_host() (git-fixes). - mmc: core: Normalize the error handling branch in sd_read_ext_regs() (git-fixes). - mmc: f-sdh30: Add quirks for broken timeout clock capability (git-fixes). - mmc: meson-gx: fix return value check of mmc_add_host() (git-fixes). - mmc: mmci: fix return value check of mmc_add_host() (git-fixes). - mmc: moxart: fix return value check of mmc_add_host() (git-fixes). - mmc: mtk-sd: Fix missing clk_disable_unprepare in msdc_of_clock_parse() (git-fixes). - mmc: mxcmmc: fix return value check of mmc_add_host() (git-fixes). - mmc: omap_hsmmc: fix return value check of mmc_add_host() (git-fixes). - mmc: pxamci: fix return value check of mmc_add_host() (git-fixes). - mmc: renesas_sdhi: alway populate SCC pointer (git-fixes). - mmc: renesas_sdhi: better reset from HS400 mode (git-fixes). - mmc: rtsx_pci: fix return value check of mmc_add_host() (git-fixes). - mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host() (git-fixes). - mmc: sdhci-sprd: Disable CLK_AUTO when the clock is less than 400K (git-fixes). - mmc: toshsd: fix return value check of mmc_add_host() (git-fixes). - mmc: via-sdmmc: fix return value check of mmc_add_host() (git-fixes). - mmc: vub300: fix return value check of mmc_add_host() (git-fixes). - mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING (git-fixes). - mmc: wbsd: fix return value check of mmc_add_host() (git-fixes). - mmc: wmt-sdmmc: fix return value check of mmc_add_host() (git-fixes). - mt76: stop the radar detector after leaving dfs channel (git-fixes). - mtd: Fix device name leak when register device failed in add_mtd_device() (git-fixes). - mtd: lpddr2_nvm: Fix possible null-ptr-deref (git-fixes). - mtd: maps: pxa2xx-flash: fix memory leak in probe (git-fixes). - mtd: spi-nor: Check for zero erase size in spi_nor_find_best_erase_type() (git-fixes). - mtd: spi-nor: Fix the number of bytes for the dummy cycles (git-fixes). - mtd: spi-nor: hide jedec_id sysfs attribute if not present (git-fixes). - net: allow retransmitting a TCP packet if original is still in queue (bsc#1188605 bsc#1187428 bsc#1206619). - net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe (git-fixes). - net: usb: qmi_wwan: add u-blox 0x1342 composition (git-fixes). - net: usb: smsc95xx: fix external PHY reset (git-fixes). - net/mlx5: Fix mlx5_get_next_dev() peer device matching (bsc#1206536). - net/mlx5: Lag, filter non compatible devices (bsc#1206536). - netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() (bsc#1204614). - nfc: Fix potential resource leaks (git-fixes). - nfc: pn533: Clear nfc_target before being used (git-fixes). - nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame() (git-fixes). - NFS: Handle missing attributes in OPEN reply (bsc#1203740). - nilfs2: fix shift-out-of-bounds due to too large exponent of block size (git-fixes). - nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset() (git-fixes). - octeontx2-af: Add PTP PPS Errata workaround on CN10K silicon (jsc#SLE-24682). - octeontx2-af: Allow mkex profile without DMAC and add L2M/L2B header extraction support (jsc#SLE-24682). - octeontx2-af: Do not reset previous pfc config (jsc#SLE-24682). - octeontx2-af: fix operand size in bitwise operation (jsc#SLE-24682). - octeontx2-af: Initialize PTP_SEC_ROLLOVER register properly (jsc#SLE-24682). - octeontx2-af: Limit link bringup time at firmware (jsc#SLE-24682). - octeontx2-af: return correct ptp timestamp for CN10K silicon (jsc#SLE-24682). - octeontx2-af: Set NIX link credits based on max LMAC (jsc#SLE-24682). - octeontx2-af: Skip CGX/RPM probe incase of zero lmac count (jsc#SLE-24682). - octeontx2-pf: Add egress PFC support (jsc#SLE-24682). - octeontx2-pf: Add support for ptp 1-step mode on CN10K silicon (jsc#SLE-24682). - octeontx2-pf: Fix lmtst ID used in aura free (jsc#SLE-24682). - octeontx2-pf: Fix pfc_alloc_status array overflow (jsc#SLE-24682). - octeontx2-pf: Fix SQE threshold checking (jsc#SLE-24682). - octeontx2-pf: Fix unused variable build error (jsc#SLE-24682). - octeontx2-pf: NIX TX overwrites SQ_CTX_HW_S[SQ_INT] (jsc#SLE-24682). - octeontx2-pf: Reduce minimum mtu size to 60 (jsc#SLE-24682). - octeontx2: Modify mbox request and response structures (jsc#SLE-24682). - PCI: Check for alloc failure in pci_request_irq() (git-fixes). - PCI: dwc: Fix n_fts[] array overrun (git-fixes). - PCI: Fix pci_device_is_present() for VFs by checking PF (git-fixes). - PCI: pci-epf-test: Register notifier if only core_init_notifier is enabled (git-fixes). - PCI: vmd: Disable MSI remapping after suspend (git-fixes). - PCI/sysfs: Fix double free in error path (git-fixes). - phy: usb: s2 WoL wakeup_count not incremented for USB->Eth devices (git-fixes). - pinctrl: k210: call of_node_put() (git-fixes). - pinctrl: meditatek: Startup with the IRQs disabled (git-fixes). - pinctrl: pinconf-generic: add missing of_node_put() (git-fixes). - platform/chrome: cros_ec_typec: Cleanup switch handle return paths (git-fixes). - platform/chrome: cros_usbpd_notify: Fix error handling in cros_usbpd_notify_init() (git-fixes). - platform/mellanox: mlxbf-pmc: Fix event typo (git-fixes). - platform/surface: aggregator: Add missing call to ssam_request_sync_free() (git-fixes). - platform/surface: aggregator: Ignore command messages not intended for us (git-fixes). - platform/x86: dell-privacy: Fix SW_CAMERA_LENS_COVER reporting (git-fixes). - platform/x86: dell-privacy: Only register SW_CAMERA_LENS_COVER if present (git-fixes). - platform/x86: huawei-wmi: fix return value calculation (git-fixes). - platform/x86: intel_scu_ipc: fix possible name leak in __intel_scu_ipc_register() (git-fixes). - platform/x86: mxm-wmi: fix memleak in mxm_wmi_call_mx[ds|mx]() (git-fixes). - platform/x86: sony-laptop: Do not turn off 0x153 keyboard backlight during probe (git-fixes). - PM: hibernate: Fix mistake in kerneldoc comment (git-fixes). - PM: runtime: Do not call __rpm_callback() from rpm_idle() (git-fixes). - PNP: fix name memory leak in pnp_alloc_dev() (git-fixes). - power: supply: ab8500: Fix error handling in ab8500_charger_init() (git-fixes). - power: supply: fix null pointer dereferencing in power_supply_get_battery_info (git-fixes). - power: supply: fix residue sysfs file in error handle route of __power_supply_register() (git-fixes). - power: supply: z2_battery: Fix possible memleak in z2_batt_probe() (git-fixes). - powerpc: export the CPU node count (bsc#1207016 ltc#201108). - powerpc: Take in account addition CPU node when building kexec FDT (bsc#1207016 ltc#201108). - powerpc/64: Init jump labels before parse_early_param() (bsc#1065729). - powerpc/pci: Fix get_phb_number() locking (bsc#1065729). - powerpc/perf: callchain validate kernel stack pointer bounds (bsc#1065729). - powerpc/powernv: add missing of_node_put (bsc#1065729). - powerpc/pseries: unregister VPA when hot unplugging a CPU (bsc#1205695 ltc#200603). - powerpc/pseries/eeh: use correct API for error log size (bsc#1065729). - powerpc/rtas: avoid device tree lookups in rtas_os_term() (bsc#1065729). - powerpc/rtas: avoid scheduling in rtas_os_term() (bsc#1065729). - powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data() (git-fixes). - powerpc/xive/spapr: correct bitmap allocation size (git-fixes). - proc: fixup uptime selftest (git-fixes). - pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP (git-fixes). - pstore: Make sure CONFIG_PSTORE_PMSG selects CONFIG_RT_MUTEXES (git-fixes). - pstore: Properly assign mem_type property (git-fixes). - pstore: Switch pmsg_lock to an rt_mutex to avoid priority inversion (git-fixes). - pstore/ram: Fix error return code in ramoops_probe() (git-fixes). - pstore/zone: Use GFP_ATOMIC to allocate zone buffer (git-fixes). - pwm: lpc18xx-sct: Fix a comment to match code (git-fixes). - pwm: mediatek: always use bus clock for PWM on MT7622 (git-fixes). - pwm: sifive: Call pwm_sifive_update_clock() while mutex is held (git-fixes). - pwm: tegra: Improve required rate calculation (git-fixes). - r6040: Fix kmemleak in probe and remove (git-fixes). - random: allow partial reads if later user copies fail (bsc#1204911). - random: check for signals every PAGE_SIZE chunk of /dev/random (bsc#1204911). - random: convert to using fops->read_iter() (bsc#1204911). - random: convert to using fops->write_iter() (bsc#1204911). - random: remove outdated INT_MAX >> 6 check in urandom_read() (bsc#1204911). - random: zero buffer after reading entropy from userspace (bsc#1204911). - RDMA: Disable IB HW for UML (git-fixes) - RDMA/core: Fix order of nldev_exit call (git-fixes) - RDMA/core: Make sure 'ib_port' is valid when access sysfs node (git-fixes) - RDMA/efa: Add EFA 0xefa2 PCI ID (git-fixes) - RDMA/hfi: Decrease PCI device reference count in error path (git-fixes) - RDMA/hfi1: Fix error return code in parse_platform_config() (git-fixes) - RDMA/hns: Fix AH attr queried by query_qp (git-fixes) - RDMA/hns: Fix error code of CMD (git-fixes) - RDMA/hns: Fix ext_sge num error when post send (git-fixes) - RDMA/hns: fix memory leak in hns_roce_alloc_mr() (git-fixes) - RDMA/hns: Fix page size cap from firmware (git-fixes) - RDMA/hns: Fix PBL page MTR find (git-fixes) - RDMA/hns: Fix XRC caps on HIP08 (git-fixes) - RDMA/hns: Repacing 'dseg_len' by macros in fill_ext_sge_inl_data() (git-fixes) - RDMA/irdma: Do not request 2-level PBLEs for CQ alloc (git-fixes) - RDMA/irdma: Initialize net_type before checking it (git-fixes) - RDMA/irdma: Report the correct link speed (git-fixes) - RDMA/nldev: Add checks for nla_nest_start() in fill_stat_counter_qps() (git-fixes) - RDMA/nldev: Fix failure to send large messages (git-fixes) - RDMA/nldev: Return '-EAGAIN' if the cm_id isn't from expected port (git-fixes) - RDMA/restrack: Release MR restrack when delete (git-fixes) - RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed (git-fixes) - RDMA/siw: Fix immediate work request flush to completion queue (git-fixes) - RDMA/siw: Fix pointer cast warning (git-fixes) - RDMA/siw: Set defined status for work completion with undefined status (git-fixes) - RDMA/srp: Fix error return code in srp_parse_options() (git-fixes) - regulator: bd718x7: Drop unnecessary info print (git-fixes). - regulator: core: fix deadlock on regulator enable (git-fixes). - regulator: core: fix module refcount leak in set_supply() (git-fixes). - regulator: core: fix resource leak in regulator_register() (git-fixes). - regulator: core: fix unbalanced of node refcount in regulator_dev_lookup() (git-fixes). - regulator: core: fix use_count leakage when handling boot-on (git-fixes). - regulator: core: use kfree_const() to free space conditionally (git-fixes). - regulator: qcom-labibb: Fix missing of_node_put() in qcom_labibb_regulator_probe() (git-fixes). - regulator: qcom-rpmh: Fix PMR735a S3 regulator spec (git-fixes). - regulator: slg51000: Wait after asserting CS pin (git-fixes). - regulator: twl6030: fix get status of twl6032 regulators (git-fixes). - remoteproc: core: Do pm_relax when in RPROC_OFFLINE state (git-fixes). - remoteproc: qcom_q6v5_pas: detach power domains on remove (git-fixes). - remoteproc: qcom_q6v5_pas: disable wakeup on probe fail or remove (git-fixes). - remoteproc: qcom_q6v5_pas: Fix missing of_node_put() in adsp_alloc_memory_region() (git-fixes). - remoteproc: qcom: q6v5: Fix missing clk_disable_unprepare() in q6v5_wcss_qcs404_power_on() (git-fixes). - remoteproc: qcom: q6v5: Fix potential null-ptr-deref in q6v5_wcss_init_mmio() (git-fixes). - remoteproc: sysmon: fix memory leak in qcom_add_sysmon_subdev() (git-fixes). - rtc: cmos: fix build on non-ACPI platforms (git-fixes). - rtc: cmos: Fix event handler registration ordering issue (git-fixes). - rtc: cmos: Fix wake alarm breakage (git-fixes). - rtc: ds1347: fix value written to century register (git-fixes). - rtc: mxc_v2: Add missing clk_disable_unprepare() (git-fixes). - rtc: pcf85063: fix pcf85063_clkout_control (gut-fixes). - rtc: pcf85063: Fix reading alarm (git-fixes). - rtc: pic32: Move devm_rtc_allocate_device earlier in pic32_rtc_probe() (git-fixes). - rtc: rtc-cmos: Do not check ACPI_FADT_LOW_POWER_S0 (git-fixes). - rtc: snvs: Allow a time difference on clock register read (git-fixes). - rtc: st-lpc: Add missing clk_disable_unprepare in st_rtc_probe() (git-fixes). - sbitmap: fix lockup while swapping (bsc#1206602). - sched/core: Fix comparison in sched_group_cookie_match() (git-fixes) - sched/core: Fix the bug that task won't enqueue into core (git-fixes) - sched/topology: Remove redundant variable and fix incorrect (git-fixes) - sched/uclamp: Fix relationship between uclamp and migration (git-fixes) - sched/uclamp: Make task_fits_capacity() use util_fits_cpu() (git-fixes) - scsi: 3w-9xxx: Avoid disabling device if failing to enable it (git-fixes). - scsi: advansys: Fix kernel pointer leak (git-fixes). - scsi: aha152x: Fix aha152x_setup() __setup handler return value (git-fixes). - scsi: bfa: Replace snprintf() with sysfs_emit() (git-fixes). - scsi: core: Fix sbitmap depth in scsi_realloc_sdev_budget_map() (git-fixes). - scsi: core: Fix scsi_mode_sense() buffer length handling (git-fixes). - scsi: core: Reallocate device's budget map on queue depth change (git-fixes). - scsi: core: Restrict legal sdev_state transitions via sysfs (git-fixes). - scsi: hisi_sas: Free irq vectors in order for v3 HW (git-fixes). - scsi: hisi_sas: Limit max hw sectors for v3 HW (git-fixes). - scsi: hisi_sas: Use managed PCI functions (git-fixes). - scsi: ipr: Fix missing/incorrect resource cleanup in error case (git-fixes). - scsi: iscsi: Add recv workqueue helpers (git-fixes). - scsi: iscsi: Fix harmless double shift bug (git-fixes). - scsi: iscsi: Fix possible memory leak when device_register() failed (git-fixes). - scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername() (git-fixes). - scsi: iscsi: kabi: add iscsi_conn_queue_work back (git-fixes). - scsi: iscsi: kabi: fix libiscsi new field (git-fixes). - scsi: iscsi: Merge suspend fields (git-fixes). - scsi: iscsi: Rename iscsi_conn_queue_work() (git-fixes). - scsi: iscsi: Run recv path from workqueue (git-fixes). - scsi: iscsi: Unblock session then wake up error handler (git-fixes). - scsi: libfc: Fix use after free in fc_exch_abts_resp() (git-fixes). - scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() (git-fixes). - scsi: lpfc: Correct bandwidth logging during receipt of congestion sync WCQE (jsc#PED-1445). - scsi: lpfc: Fix crash involving race between FLOGI timeout and devloss handler (jsc#PED-1445). - scsi: lpfc: Fix MI capability display in cmf_info sysfs attribute (jsc#PED-1445). - scsi: lpfc: Fix WQ|CQ|EQ resource check (jsc#PED-1445). - scsi: lpfc: Remove linux/msi.h include (jsc#PED-1445). - scsi: lpfc: Remove redundant pointer 'lp' (jsc#PED-1445). - scsi: lpfc: Update lpfc version to 14.2.0.9 (jsc#PED-1445). - scsi: lpfc: Use memset_startat() helper (jsc#PED-1445). - scsi: megaraid_sas: Fix double kfree() (git-fixes). - scsi: megaraid_sas: Target with invalid LUN ID is deleted during scan (git-fixes). - scsi: megaraid: Fix error check return value of register_chrdev() (git-fixes). - scsi: mpi3mr: Fix memory leaks (git-fixes). - scsi: mpi3mr: Fix reporting of actual data transfer size (git-fixes). - scsi: mpi3mr: Fixes around reply request queues (git-fixes). - scsi: mpt3sas: Do not change DMA mask while reallocating pools (bsc#1206912,bsc#1206098). - scsi: mpt3sas: Fail reset operation if config request timed out (git-fixes). - scsi: mpt3sas: Fix out-of-bounds compiler warning (git-fixes). - scsi: mpt3sas: re-do lost mpt3sas DMA mask fix (bsc#1206912,bsc#1206098). - scsi: mpt3sas: Remove usage of dma_get_required_mask() API (bsc#1206912,bsc#1206098). - scsi: mvsas: Add PCI ID of RocketRaid 2640 (git-fixes). - scsi: mvsas: Replace snprintf() with sysfs_emit() (git-fixes). - scsi: myrb: Fix up null pointer access on myrb_cleanup() (git-fixes). - scsi: myrs: Fix crash in error case (git-fixes). - scsi: ncr53c8xx: Remove unused retrieve_from_waiting_list() function (git-fixes). - scsi: pm8001: Fix bogus FW crash for maxcpus=1 (git-fixes). - scsi: pm8001: Fix memory leak in pm8001_chip_fw_flash_update_req() (git-fixes). - scsi: pm8001: Fix pm8001_mpi_task_abort_resp() (git-fixes). - scsi: pm8001: Fix pm80xx_pci_mem_copy() interface (git-fixes). - scsi: pm8001: Fix tag leaks on error (git-fixes). - scsi: pm8001: Fix task leak in pm8001_send_abort_all() (git-fixes). - scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task (git-fixes). - scsi: pm8001: Fix use-after-free for aborted TMF sas_task (git-fixes). - scsi: pm80xx: Fix double completion for SATA devices (git-fixes). - scsi: pm80xx: Fix memory leak during rmmod (git-fixes). - scsi: pmcraid: Fix missing resource cleanup in error case (git-fixes). - scsi: qedf: Add stag_work to all the vports (git-fixes). - scsi: qedf: Change context reset messages to ratelimited (git-fixes). - scsi: qedf: Fix a UAF bug in __qedf_probe() (git-fixes). - scsi: qedf: Fix refcount issue when LOGO is received during TMF (git-fixes). - scsi: qla2xxx: Fix crash when I/O abort times out (jsc#PED-568). - scsi: qla2xxx: Fix set-but-not-used variable warnings (jsc#PED-568). - scsi: qla2xxx: Initialize vha->unknown_atio_[list, work] for NPIV hosts (jsc#PED-568). - scsi: qla2xxx: Remove duplicate of vha->iocb_work initialization (jsc#PED-568). - scsi: qla2xxx: Remove unused variable 'found_devs' (jsc#PED-568). - scsi: scsi_debug: Fix out-of-bound read in resp_readcap16() (git-fixes). - scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs() (git-fixes). - scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper() (git-fixes). - scsi: scsi_debug: Make the READ CAPACITY response compliant with ZBC (git-fixes). - scsi: scsi_dh_alua: Properly handle the ALUA transitioning state (git-fixes). - scsi: smartpqi: Fix kdump issue when controller is locked up (git-fixes). - scsi: sr: Do not use GFP_DMA (git-fixes). - scsi: ufs: core: Fix ufshcd_probe_hba() prototype to match the definition (git-fixes). - scsi: ufs: Fix a kernel crash during shutdown (git-fixes). - scsi: ufs: Treat link loss as fatal error (git-fixes). - scsi: ufs: ufshcd-pltfrm: Check the return value of devm_kstrdup() (git-fixes). - scsi: ufs: Use generic error code in ufshcd_set_dev_pwr_mode() (git-fixes). - scsi: ufs: Use pm_runtime_resume_and_get() instead of pm_runtime_get_sync() (git-fixes). - scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (git-fixes). - sctp: sysctl: make extra pointers netns aware (bsc#1204760). - selftests: devlink: fix the fd redirect in dummy_reporter_test (git-fixes). - selftests: set the BUILD variable to absolute path (git-fixes). - selftests: Use optional USERCFLAGS and USERLDFLAGS (git-fixes). - selftests/efivarfs: Add checking of the test return value (git-fixes). - selftests/ftrace: event_triggers: wait longer for test_event_enable (git-fixes). - selftests/powerpc: Fix resource leaks (git-fixes). - serial: 8250_bcm7271: Fix error handling in brcmuart_init() (git-fixes). - serial: amba-pl011: avoid SBSA UART accessing DMACR register (git-fixes). - serial: pch: Fix PCI device refcount leak in pch_request_dma() (git-fixes). - serial: pl011: Do not clear RX FIFO & RX interrupt in unthrottle (git-fixes). - serial: stm32: move dma_request_chan() before clk_prepare_enable() (git-fixes). - serial: sunsab: Fix error handling in sunsab_init() (git-fixes). - serial: tegra: Read DMA status before terminating (git-fixes). - soc: mediatek: pm-domains: Fix the power glitch issue (git-fixes). - soc: qcom: llcc: make irq truly optional (git-fixes). - soc: qcom: Select REMAP_MMIO for LLCC driver (git-fixes). - soc: ti: knav_qmss_queue: Fix PM disable depth imbalance in knav_queue_probe (git-fixes). - soc: ti: knav_qmss_queue: Use pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes). - soc: ti: smartreflex: Fix PM disable depth imbalance in omap_sr_probe (git-fixes). - soundwire: dmi-quirks: add quirk variant for LAPBC710 NUC15 (git-fixes). - spi: spi-gpio: Do not set MOSI as an input if not 3WIRE mode (git-fixes). - spi: spidev: mask SPI_CS_HIGH in SPI_IOC_RD_MODE (git-fixes). - spi: Update reference to struct spi_controller (git-fixes). - staging: media: tegra-video: fix chan->mipi value on error (git-fixes). - staging: media: tegra-video: fix device_node use after free (git-fixes). - staging: rtl8192e: Fix potential use-after-free in rtllib_rx_Monitor() (git-fixes). - staging: rtl8192u: Fix use after free in ieee80211_rx() (git-fixes). - string.h: Introduce memset_startat() for wiping trailing members and padding (jsc#PED-1445). - test_firmware: fix memory leak in test_firmware_init() (git-fixes). - thermal: core: fix some possible name leaks in error paths (git-fixes). - thermal: int340x: Add missing attribute for data rate base (git-fixes). - thermal/drivers/imx8mm_thermal: Validate temperature range (git-fixes). - thermal/drivers/qcom/temp-alarm: Fix inaccurate warning for gen2 (git-fixes). - tpm: acpi: Call acpi_put_table() to fix memory leak (git-fixes). - tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak (git-fixes). - tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak (git-fixes). - tpm/tpm_crb: Fix error message in __crb_relinquish_locality() (git-fixes). - tpm/tpm_ftpm_tee: Fix error handling in ftpm_mod_init() (git-fixes). - tracing/doc: Fix typos on the timerlat tracer documentation (git-fixes). - tty: serial: altera_uart_{r,t}x_chars() need only uart_port (git-fixes). - tty: serial: clean up stop-tx part in altera_uart_tx_chars() (git-fixes). - uio: uio_dmem_genirq: Fix deadlock between irq config and handling (git-fixes). - uio: uio_dmem_genirq: Fix missing unlock in irq configuration (git-fixes). - usb: cdnsp: fix lack of ZLP for ep0 (git-fixes). - usb: dwc3: core: defer probe on ulpi_read_id timeout (git-fixes). - usb: dwc3: fix PHY disable sequence (git-fixes). - usb: dwc3: Fix race between dwc3_set_mode and __dwc3_set_mode (git-fixes). - usb: dwc3: gadget: Disable GUSB2PHYCFG.SUSPHY for End Transfer (git-fixes). - usb: dwc3: pci: Update PCIe device ID for USB3 controller on CPU sub-system for Raptor Lake (git-fixes). - usb: dwc3: qcom: fix runtime PM wakeup (git-fixes). - usb: gadget: uvc: Prevent buffer overflow in setup handler (git-fixes). - usb: gadget: uvc: Rename bmInterfaceFlags -> bmInterlaceFlags (git-fixes). - usb: rndis_host: Secure rndis_query check against int overflow (git-fixes). - usb: roles: fix of node refcount leak in usb_role_switch_is_parent() (git-fixes). - usb: serial: cp210x: add Kamstrup RF sniffer PIDs (git-fixes). - usb: serial: f81232: fix division by zero on line-speed change (git-fixes). - usb: serial: f81534: fix division by zero on line-speed change (git-fixes). - usb: serial: option: add Quectel EM05-G modem (git-fixes). - usb: storage: Add check for kcalloc (git-fixes). - usb: typec: Check for ops->exit instead of ops->enter in altmode_exit (git-fixes). - usb: typec: Factor out non-PD fwnode properties (git-fixes). - usb: typec: tcpci: fix of node refcount leak in tcpci_register_port() (git-fixes). - usb: typec: tipd: Cleanup resources if devm_tps6598_psy_register fails (git-fixes). - usb: typec: tipd: Fix spurious fwnode_handle_put in error path (git-fixes). - usb: ulpi: defer ulpi_register on ulpi_read_id timeout (git-fixes). - usb: xhci-mtk: fix leakage of shared hcd when fail to set wakeup irq (git-fixes). - vdpa_sim: fix possible memory leak in vdpasim_net_init() and vdpasim_blk_init() (git-fixes). - vdpa_sim: fix vringh initialization in vdpasim_queue_ready() (git-fixes). - vfio: platform: Do not pass return buffer to ACPI _RST method (git-fixes). - vhost: fix range used in translate_desc() (git-fixes). - vhost/vsock: Fix error handling in vhost_vsock_init() (git-fixes). - vmxnet3: correctly report csum_level for encapsulated packet (git-fixes). - vringh: fix range used in iotlb_translate() (git-fixes). - vsock: Enable y2038 safe timeval for timeout (bsc#1206101). - vsock: Refactor vsock_*_getsockopt to resemble sock_getsockopt (bsc#1206101). - wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out (git-fixes). - wifi: ath10k: Fix return value in ath10k_pci_init() (git-fixes). - wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs() (git-fixes). - wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb() (git-fixes). - wifi: ath9k: verify the expected usb_endpoints are present (git-fixes). - wifi: brcmfmac: Fix error return code in brcmf_sdio_download_firmware() (git-fixes). - wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request() (git-fixes). - wifi: cfg80211: Fix not unregister reg_pdev when load_builtin_regdb_keys() fails (git-fixes). - wifi: iwlwifi: mvm: fix double free on tx path (git-fixes). - wifi: mac80211: fix memory leak in ieee80211_if_add() (git-fixes). - wifi: mt76: do not run mt76u_status_worker if the device is not running (git-fixes). - wifi: mt76: fix coverity overrun-call in mt76_get_txpower() (git-fixes). - wifi: rsi: Fix handling of 802.3 EAPOL frames sent via control port (git-fixes). - wifi: rtl8xxxu: Add __packed to struct rtl8723bu_c2h (git-fixes). - wifi: rtl8xxxu: Fix the channel width reporting (git-fixes). - wifi: rtl8xxxu: gen2: Turn on the rate control (git-fixes). - wifi: rtw89: fix physts IE page check (git-fixes). - wifi: rtw89: Fix some error handling path in rtw89_core_sta_assoc() (git-fixes). - wifi: rtw89: use u32_encode_bits() to fill MAC quota value (git-fixes). - wifi: wilc1000: sdio: fix module autoloading (git-fixes). - xfrm: Fix oops in __xfrm_state_delete() (bsc#1206794). - xhci: Apply XHCI_RESET_TO_DEFAULT quirk to ADL-N (git-fixes). ----------------------------------------- Patch: SUSE-2023-177 Released: Thu Jan 26 20:57:35 2023 Summary: Recommended update for util-linux Severity: moderate References: 1194038,1205646 Description: This update for util-linux fixes the following issues: - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). ----------------------------------------- Patch: SUSE-2023-178 Released: Thu Jan 26 20:58:21 2023 Summary: Recommended update for openssl-1_1 Severity: moderate References: 1207182 Description: This update for openssl-1_1 fixes the following issues: - FIPS: Add Pair-wise Consistency Test when generating DH key [bsc#1207182] ----------------------------------------- Patch: SUSE-2023-179 Released: Thu Jan 26 21:54:30 2023 Summary: Recommended update for tar Severity: low References: 1202436 Description: This update for tar fixes the following issue: - Fix hang when unpacking test tarball (bsc#1202436) ----------------------------------------- Patch: SUSE-2023-187 Released: Fri Jan 27 11:26:55 2023 Summary: Security update for podman Severity: important References: 1181640,1181961,1193166,1193273,1197672,1199790,1202809,CVE-2021-20199,CVE-2021-20206,CVE-2021-4024,CVE-2021-41190,CVE-2022-27649,CVE-2022-2989 Description: This update for podman fixes the following issues: podman was updated to version 4.3.1: 4.3.1: * Bugfixes - Fixed a deadlock between the `podman ps` and `podman container inspect` commands * Misc - Updated the containers/image library to v5.23.1 4.3.0: * Features - A new command, `podman generate spec`, has been added, which creates a JSON struct based on a given container that can be used with the Podman REST API to create containers. - A new command, `podman update`, has been added,which makes changes to the resource limits of existing containers. Please note that these changes do not persist if the container is restarted - A new command, `podman kube down`, has been added, which removes pods and containers created by the given Kubernetes YAML (functionality is identical to `podman kube play --down`, but it now has its own command). - The `podman kube play` command now supports Kubernetes secrets using Podman's secrets backend. - Systemd-managed pods created by the `podman kube play` command now integrate with sd-notify, using the `io.containers.sdnotify` annotation (or `io.containers.sdnotify/$name` for specific containers). - Systemd-managed pods created by `podman kube play` can now be auto-updated, using the `io.containers.auto-update` annotation (or `io.containers.auto-update/$name` for specific containers). - The `podman kube play` command can now read YAML from URLs, e.g. `podman kube play https://example.com/demo.yml` - The `podman kube play` command now supports the `emptyDir` volume type - The `podman kube play` command now supports the `HostUsers` field in the pod spec. - The `podman play kube` command now supports `binaryData` in ConfigMaps. - The `podman pod create` command can now set additional resource limits for pods using the new `--memory-swap`, `--cpuset-mems`, `--device-read-bps`, `--device-write-bps`, `--blkio-weight`, `--blkio-weight-device`, and `--cpu-shares` options. - The `podman machine init` command now supports a new option, `--username`, to set the username that will be used to connect to the VM as a non-root user - The `podman volume create` command's `-o timeout=` option can now set a timeout of 0, indicating volume plugin operations will never time out. - Added support for a new volume driver, `image`, which allows volumes to be created that are backed by images. - The `podman run` and `podman create` commands support a new option, `--env-merge`, allowing environment variables to be specified relative to other environment variables in the image (e.g. `podman run --env-merge 'PATH=$PATH:/my/app' ...`) - The `podman run` and `podman create` commands support a new option, `--on-failure`, to allow action to be taken when a container fails health checks, with the following supported actions: `none` (take no action, the default), `kill` (kill the container), `restart` (restart the container), and `stop` (stop the container). - The `--keep-id` option to `podman create` and `podman run` now supports new options, `uid` and `gid`, to set the UID and GID of the user in the container that will be mapped to the user running Podman (e.g. `--userns=keep-id:uid=11` will made the user running Podman to UID 11 in the container) - The `podman generate systemd` command now supports a new option, `--env`/`-e`, to set environment variables in the generated unit file - The `podman pause` and `podman unpause` commands now support the `--latest`, `--cidfile`, and `--filter` options. - The `podman restart` command now supports the `--cidfile` and `--filter` options. - The `podman rm` command now supports the `--filter` option to select which containers will be removed. - The `podman rmi` command now supports a new option, `--no-prune`, to prevent the removal of dangling parents of removed images. - The `--dns-opt` option to `podman create`, `podman run`, and `podman pod create` has received a new alias, `--dns-option`, to improve Docker compatibility. - The `podman` command now features a new global flag, `--debug`/`-D`, which enables debug-level logging (identical to `--log-level=debug`), improving Docker compatibility. - The `podman` command now features a new global flag, `--config`. This flag is ignored, and is only included for Docker compatibility - The `podman manifest create` command now accepts a new option, `--amend`/`-a`. - The `podman manifest create`, `podman manifest add` and `podman manifest push` commands now accept a new option, `--insecure` (identical to `--tls-verify=false`), improving Docker compatibility. - The `podman secret create` command's `--driver` and `--format` options now have new aliases, `-d` for `--driver` and `-f` for `--format`. - The `podman secret create` command now supports a new option, `--label`/`-l`, to add labels to created secrets. - The `podman secret ls` command now accepts the `--quiet`/`-q` option. - The `podman secret inspect` command now accepts a new option, `--pretty`, to print output in human-readable format. - The `podman stats` command now accepts the `--no-trunc` option. - The `podman save` command now accepts the `--signature-policy` option - The `podman pod inspect` command now allows multiple arguments to be passed. If so, it will return a JSON array of the inspected pods - A series of new hidden commands have been added under `podman context` as aliases to existing `podman system connection` commands, to improve Docker compatibility. - The remote Podman client now supports proxying signals for attach sessions when the `--sig-proxy` option is set ### Changes - Duplicate volume mounts are now allowed with the `-v` option to `podman run`, `podman create`, and `podman pod create`, so long as source, destination, and options all match - The `podman generate kube` and `podman play kube` commands have been renamed to `podman kube generate` and `podman kube play` to group Kubernetes-related commands. Aliases have been added to ensure the old command names still function. - A number of Podman commands (`podman init`, `podman container checkpoint`, `podman container restore`, `podman container cleanup`) now print the user-inputted name of the container, instead of its full ID, on success. - When an unsupported option (e.g. resource limit) is specified for a rootless container on a cgroups v1 system, a warning message is now printed that the limit will not be honored. - The installer for the Windows Podman client has been improved. - The `--cpu-rt-period` and `--cpu-rt-runtime` options to `podman run` and `podman create` now print a warning and are ignored on cgroups v2 systems (cgroups v2 having dropped support for these controllers) - Privileged containers running systemd will no longer mount `/dev/tty*` devices other than `/dev/tty` itself into the container - Events for containers that are part of a pod now include the ID of the pod in the event. - SSH functionality for `podman machine` commands has seen a thorough rework, addressing many issues about authentication. - The `--network` option to `podman kube play` now allows passing `host` to set the pod to use host networking, even if the YAML does not request this. - The `podman inspect` command on containers now includes the digest of the image used to create the container. - Pods created by `podman play kube` are now, by default, placed into a network named `podman-kube`. If the `podman-kube` network does not exist, it will be created. This ensures pods can connect to each other by their names, as the network has DNS enabled. Update to version 4.2.0: * Features - Podman now supports the Gitlab Runner (using the Docker executor), allowing its use in Gitlab CI/CD pipelines. - A new command has been added, podman pod clone, to create a copy of an existing pod. It supports several options, including --start to start the new pod, --destroy to remove the original pod, and --name to change the name of the new pod - A new command has been added, podman volume reload, to sync changes in state between Podman's database and any configured volume plugins - A new command has been added, podman machine info, which displays information about the host and the versions of various machine components. - Pods created by podman play kube can now be managed by systemd unit files. This can be done via a new systemd service, podman-kube@.service - e.g. systemctl --user start podman-play-kube@$(systemd-escape my.yaml).service will run the Kubernetes pod or deployment contained in my.yaml under systemd. - The podman play kube command now honors the RunAsUser, RunAsGroup, and SupplementalGroups setting from the Kubernetes pod's security context. - The podman play kube command now supports volumes with the BlockDevice and CharDevice types - The podman play kube command now features a new flag, --userns, to set the user namespace of created pods. Two values are allowed at present: host and auto - The podman play kube command now supports setting the type of created init containers via the io.podman.annotations.init.container.type annotation. - Pods now have include an exit policy (configurable via the --exit-policy option to podman pod create), which determines what will happen to the pod's infra container when the entire pod stops. The default, continue, acts as Podman currently does, while a new option, stop, stops the infra container after the last container in the pod stops, and is used by default for pods from podman play kube - The podman pod create command now allows the pod's name to be specified as an argument, instead of using the --name option - for example, podman pod create mypod instead of the prior podman pod create --name mypod. Please note that the --name option is not deprecated and will continue to work. - The podman pod create command's --share option now supports adding namespaces to the set by prefacing them with + (as opposed to specifying all namespaces that should be shared) - The podman pod create command has a new option, --shm-size, to specify the size of the /dev/shm mount that will be shared if the pod shares its UTS namespace (#14609). - The podman pod create command has a new option, --uts, to configure the UTS namespace that will be shared by containers in the pod. - The podman pod create command now supports setting pod-level resource limits via the --cpus, --cpuset-cpus, and --memory options. These will set a limit for all containers in the pod, while individual containers within the pod are allowed to set further limits. Look forward to more options for resource limits in our next release! - The podman create and podman run commands now include the -c short option for the --cpu-shares option. - The podman create and podman run commands can now create containers from a manifest list (and not an image) as long as the --platform option is specified (#14773). - The podman build command now supports a new option, --cpp-flag, to specify options for the C preprocessor when using Containerfile.in files that require preprocessing. - The podman build command now supports a new option, --build-context, allowing the user to specify an additional build context. - The podman machine inspect command now prints the location of the VM's Podman API socket on the host (#14231). - The podman machine init command on Windows now fetches an image with packages pre-installed (#14698). - Unused, cached Podman machine VM images are now cleaned up automatically. Note that because Podman now caches in a different directory, this will not clean up old images pulled before this change (#14697). - The default for the --image-volume option to podman run and podman create can now have its default set through the image_volume_mode setting in containers.conf (#14230). - Overlay volumes now support two new options, workdir and upperdir, to allow multiple overlay volumes from different containers to reuse the same workdir or upperdir (#14427). - The podman volume create command now supports two new options, copy and nocopy, to control whether contents from the overmounted folder in a container will be copied into the newly-created named volume (copy-up). - Volumes created using a volume plugin can now specify a timeout for all operations that contact the volume plugin (replacing the standard 5 second timeout) via the --opt o=timeout= option to podman volume create (BZ 2080458). - The podman volume ls command's --filter name= option now supports regular expression matching for volume names (#14583). - When used with a podman machine VM, volumes now support specification of the 9p security model using the security_model option to podman create -v and podman run -v. - The remote Podman client's podman push command now supports the --remove-signatures option (#14558). - The remote Podman client now supports the podman image scp command. - The podman image scp command now supports tagging the transferred image with a new name. - The podman network ls command supports a new filter, --filter dangling=, to list networks not presently used by any containers (#14595). - The --condition option to podman wait can now be specified multiple times to wait on any one of multiple conditions. - The podman events command now includes the -f short option for the --filter option. - The podman pull command now includes the -a short option for the --all-tags option. - The podman stop command now includes a new flag, --filter, to filter which containers will be stopped (e.g. podman stop --all --filter label=COM.MY.APP). - The Podman global option --url now has two aliases: -H and --host. - The podman network create command now supports a new option with the default bridge driver, --opt isolate=, which isolates the network by blocking any traffic from it to any other network with the isolate option enabled. This option is enabled by default for networks created using the Docker-compatible API. - Added the ability to create sigstore signatures in podman push and podman manifest push. - Added an option to read image signing passphrase from a file. * Changes - Paused containers can now be killed with the podman kill command. - The podman system prune command now removes unused networks. - The --userns=keep-id and --userns=nomap options to the podman run and podman create commands are no longer allowed (instead of simply being ignored) with root Podman. - If the /run directory for a container is part of a volume, Podman will not create the /run/.containerenv file (#14577). - The podman machine stop command on macOS now waits for the machine to be completely stopped to exit (#14148). - All podman machine commands now only support being run as rootless, given that VMs only functioned when run rootless. - The podman unpause --all command will now only attempt to unpause containers that are paused, not all containers. - Init containers created with podman play kube now default to the once type (#14877). - Pods created with no shared namespaces will no longer create an infra container unless one is explicitly requested (#15048). - The podman create, podman run, and podman cp commands can now autocomplete paths in the image or container via the shell completion. - The libpod/common package has been removed as it's not used anywhere. - The --userns option to podman create and podman run is no longer accepted when an explicit UID or GID mapping is specified (#15233). * Misc - Podman will now check for nameservers in /run/NetworkManager/no-stub-resolv.conf if the /etc/resolv.conf file only contains a localhost server. - The podman build command now supports caching with builds that specify --squash-all by allowing the --layers flag to be used at the same time. - Podman Machine support for QEMU installations at non-default paths has been improved. - The podman machine ssh command no longer prints spurious warnings every time it is run. - When accessing the WSL prompt on Windows, the rootless user will be preferred. - The podman info command now includes a field for information on supported authentication plugins for improved Docker compatibility. Authentication plugins are not presently supported by Podman, so this field is always empty. - The podman system prune command now no longer prints the Deleted Images header if no images were pruned. - The podman system service command now automatically creates and moves to a sub-cgroup when running in the root cgroup (#14573). - Updated Buildah to v1.27.0 (fixes CVE-2022-21698 / bsc#1196338) - Updated the containers/image library to v5.22.0 - Updated the containers/storage library to v1.42.0 (fixes bsc#1196751) - Updated the containers/common library to v0.49.1 - Podman will automatically create a sub-cgroup and move itself into it when it detects that it is running inside a container (#14884). - Fixed an incorrect release note about regexp. - A new MacOS installer (via pkginstaller) is now supported. Update to version 4.1.1: * The output of the podman load command now mirrors that of docker load. * Podman now supports Docker Compose v2.2 and higher. Please note that it may be necessary to disable the use of Buildkit by setting the environment variable DOCKER_BUILDKIT=0. * A new container command has been added, podman container clone. This command makes a copy of an existing container, with the ability to change some settings (e.g. resource limits) while doing so. * Podman now supports sending JSON events related to machines to a Unix socket named machine_events.*\.sock in XDG_RUNTIME_DIR/podman or to a socket whose path is set in the PODMAN_MACHINE_EVENTS_SOCK environment variable. * Two new volume commands have been added, podman volume mount and podman volume unmount. These allow for Podman-managed named volumes to be mounted and accessed from outside containers. * The podman container checkpoint and podman container restore options now support checkpointing to and restoring from OCI images. This allows checkpoints to be distributed via standard image registries. * The podman play kube command now supports environment variables that are specified using the fieldRef and resourceFieldRef sources. * The podman play kube command will now set default resource limits when the provided YAML does not include them. * The podman play kube command now supports a new option, --annotation, to add annotations to created containers. * The podman play kube --build command now supports a new option, --context-dir, which allows the user to specify the context directory to use when building the Containerfile. * The podman container commit command now supports a new option, --squash, which squashes the generated image into a single layer. * The podman pod logs command now supports two new options, --names, which identifies which container generated a log message by name, instead of ID and --color, which colors messages based on what container generated them. * The podman rmi command now supports a new option, --ignore, which will ignore errors caused by missing images. * The podman network create command now features a new option, --ipam-driver, to specify details about how IP addresses are assigned to containers in the network. * The podman machine list command now features a new option, --quiet, to print only the names of configured VMs and no other information. * The --ipc option to the podman create, podman run, and podman pod create commands now supports three new modes: none, private, and shareable. The default IPC mode is now shareable, indicating the the IPC namespace can be shared with other containers. * The --mount option to the podman create and podman run commands can now set options for created named volumes via the volume-opt parameter. * The --mount option to the podman create and podman run commands now allows parameters to be passed in CSV format. * The --userns option to the podman create and podman run commands now supports a new option, nomap, that (only for rootless containers) does not map the UID of the user that started the container into the container, increasing security. * The podman import command now supports three new options, --arch, --os, and --variant, to specify what system the imported image was built for. * The podman inspect command now includes information on the network configuration of containers that joined a pre-configured network namespace with the --net ns: option to podman run, podman create, and podman pod create. * The podman run and podman create commands now support a new option, --chrootdirs, which specifies additional locations where container-specific files managed by Podman (e.g. /etc/hosts, `/etc/resolv.conf, etc) will be mounted inside the container (#12961). * The podman run and podman create commands now support a new option, --passwd-entry, allowing entries to be added to the container's /etc/passwd file. * The podman images --format command now accepts two new format directives: {{.CreatedAt}} and {{.CreatedSince}}. * The podman volume create command's -o option now accepts a new argument, o=noquota, to disable XFS quotas entirely and avoid potential issues when Podman is run on an XFS filesystem with existing quotas defined. * The podman info command now includes additional information on the machine Podman is running on, including disk utilization on the drive Podman is storing containers and images on, and CPU utilization. * Fix CVE-2022-27191 / bsc#1197284 - Require catatonit >= 0.1.7 for pause functionality needed by pods Update to version 4.0.3: * Security - This release fixes CVE-2022-27649, where containers run by Podman would have excess inheritable capabilities set. * Changes - The podman machine rm --force command will now remove running machines as well (such machines are shut down first, then removed) (#13448). - When a podman machine VM is started that is using a too-old VM image, it will now start in a reduced functionality mode, and provide instructions on how to recreate it (previously, VMs were effectively unusable) (#13510). - Updated the containers/common library to v0.47.5 - This release addresses CVE-2021-4024 / bsc#1193166, where the podman machine command opened the gvproxy API (used to forward ports to podman machine VMs) to the public internet on port 7777. - This release addresses CVE-2021-41190 / bsc#1193273, where incomplete specification of behavior regarding image manifests could lead to inconsistent decoding on different clients. Update to version 3.1.0: (bsc#1181961, CVE-2021-20206) - A fix for CVE-2021-20199 / bsc#1181640 is included. Podman between v1.8.0 and v2.2.1 used 127.0.0.1 as the source address for all traffic forwarded into rootless containers by a forwarded port; this has been changed to address the issue. ----------------------------------------- Patch: SUSE-2023-188 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Severity: important References: 1203652 Description: This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------- Patch: SUSE-2023-201 Released: Fri Jan 27 15:24:15 2023 Summary: Security update for systemd Severity: moderate References: 1204944,1205000,1207264,CVE-2022-4415 Description: This update for systemd fixes the following issues: - CVE-2022-4415: Fixed an issue where users could access coredumps with changed uid, gid or capabilities (bsc#1205000). Non-security fixes: - Enabled the pstore service (jsc#PED-2663). - Fixed an issue accessing TPM when secure boot is enabled (bsc#1204944). - Fixed an issue where a pamd file could get accidentally overwritten after an update (bsc#1207264). ----------------------------------------- Patch: SUSE-2023-311 Released: Tue Feb 7 17:36:32 2023 Summary: Security update for openssl-1_1 Severity: important References: 1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 Description: This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). ----------------------------------------- Patch: SUSE-2023-429 Released: Wed Feb 15 17:41:22 2023 Summary: Security update for curl Severity: important References: 1207990,1207991,1207992,CVE-2023-23914,CVE-2023-23915,CVE-2023-23916 Description: This update for curl fixes the following issues: - CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990). - CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). ----------------------------------------- Patch: SUSE-2023-434 Released: Thu Feb 16 09:08:05 2023 Summary: Security update for mozilla-nss Severity: important References: 1208138,CVE-2023-0767 Description: This update for mozilla-nss fixes the following issues: Updated to NSS 3.79.4 (bsc#1208138): - CVE-2023-0767: Fixed handling of unknown PKCS#12 safe bag types. ----------------------------------------- Patch: SUSE-2023-439 Released: Thu Feb 16 13:09:30 2023 Summary: Recommended update for dracut Severity: moderate References: 1069169,1186056,1204929,1205175 Description: This update for dracut fixes the following issues: - Exclude USB drivers in strict hostonly mode (bsc#1186056) - Warn if included with no multipath devices and no user conf (bsc#1069169) - Improve detection of installed kernel versions (bsc#1205175) - chown using rpc default group (bsc#1204929) ----------------------------------------- Patch: SUSE-2023-463 Released: Mon Feb 20 16:33:39 2023 Summary: Security update for tar Severity: moderate References: 1202436,1207753,CVE-2022-48303 Description: This update for tar fixes the following issues: - CVE-2022-48303: Fixed a one-byte out-of-bounds read that resulted in use of uninitialized memory for a conditional jump (bsc#1207753). Bug fixes: - Fix hang when unpacking test tarball (bsc#1202436). ----------------------------------------- Patch: SUSE-2023-464 Released: Mon Feb 20 18:11:37 2023 Summary: Recommended update for systemd Severity: moderate References: Description: This update for systemd fixes the following issues: - Merge of v249.15 - Drop workaround related to systemd-timesyncd that addressed a Factory issue. - Conditionalize the use of /lib/modprobe.d only on systems with split usr support enabled (i.e. SLE). - Make use of the %systemd_* rpm macros consistently. Using the upstream variants will ease the backports of Factory changes to SLE since Factory systemd uses the upstream variants exclusively. - machines.target belongs to systemd-container, do its init/cleanup steps from the scriptlets of this sub-package. - Make sure we apply the presets on units shipped by systemd package. - systemd-testsuite: move the integration tests in a dedicated sub directory. - Move systemd-cryptenroll into udev package. ----------------------------------------- Patch: SUSE-2023-488 Released: Thu Feb 23 11:08:26 2023 Summary: Security update for the Linux-RT Kernel Severity: important References: 1166486,1185861,1185863,1186449,1191256,1192868,1193629,1194869,1195175,1195655,1196058,1199701,1203332,1204063,1204356,1204662,1205495,1206006,1206036,1206056,1206057,1206224,1206258,1206363,1206459,1206616,1206640,1206677,1206784,1206876,1206877,1206878,1206880,1206881,1206882,1206883,1206884,1206885,1206886,1206887,1206888,1206889,1206890,1206893,1206894,1207010,1207034,1207036,1207050,1207125,1207134,1207149,1207158,1207184,1207186,1207188,1207189,1207190,1207237,1207263,1207269,1207328,1207497,1207500,1207501,1207506,1207507,1207588,1207589,1207590,1207591,1207592,1207593,1207594,1207602,1207603,1207605,1207606,1207607,1207608,1207609,1207610,1207611,1207612,1207613,1207614,1207615,1207616,1207617,1207618,1207619,1207620,1207621,1207622,1207623,1207624,1207625,1207626,1207627,1207628,1207629,1207630,1207631,1207632,1207633,1207634,1207635,1207636,1207637,1207638,1207639,1207640,1207641,1207642,1207643,1207644,1207645,1207646,1207647,1207648,1207649,1207650,1207651,1207652,1207653,1207734,1207768,1207769,1207770,1207771,1207773,1207795,1207842,1207875,1207878,1207933,1208030,1208044,1208085,1208149,1208153,1208183,1208428,1208429,CVE-2020-24588,CVE-2022-36280,CVE-2022-4382,CVE-2022-47929,CVE-2023-0045,CVE-2023-0122,CVE-2023-0179,CVE-2023-0266,CVE-2023-0590,CVE-2023-23454,CVE-2023-23455 Description: The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-36280: Fixed an out-of-bounds memory access vulnerability that was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c (bnc#1203332). - CVE-2023-0045: Fixed flush IBP in ib_prctl_set() (bsc#1207773). - CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). - CVE-2023-0122: Fixed a NULL pointer dereference vulnerability in nvmet_setup_auth(), that allowed an attacker to perform a Pre-Auth Denial of Service (DoS) attack on a remote machine (bnc#1207050). - CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207125). - CVE-2023-23454: Fixed denial or service in cbq_classify in net/sched/sch_cbq.c (bnc#1207036). - CVE-2020-24588: Fixed injection of arbitrary network packets against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n) (bsc#1199701). - CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header bits (bsc#1207034). - CVE-2022-4382: Fixed a use-after-free flaw that was caused by a race condition among the superblock operations inside the gadgetfs code (bsc#1206258). - CVE-2023-0266: Fixed a use-after-free vulnerability inside the ALSA PCM package. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 was missing locks that could have been used in a use-after-free that could have resulted in a priviledge escalation to gain ring0 access from the system user (bsc#1207134). - CVE-2022-47929: Fixed NULL pointer dereference bug in the traffic control subsystem (bnc#1207237). The following non-security bugs were fixed: - ACPI: EC: Fix EC address space handler unregistration (bsc#1207149). - ACPI: EC: Fix ECDT probe ordering issues (bsc#1207149). - ACPI: PM: s2idle: Add support for upcoming AMD uPEP HID AMDI008 (bsc#1206224). - ACPI: PM: s2idle: Use LPS0 idle if ACPI_FADT_LOW_POWER_S0 is unset (bsc#1206224). - ACPI: PRM: Check whether EFI runtime is available (git-fixes). - ACPI: x86: s2idle: Add a quirk for ASUS ROG Zephyrus G14 (bsc#1206224). - ACPI: x86: s2idle: Add a quirk for ASUS TUF Gaming A17 FA707RE (bsc#1206224). - ACPI: x86: s2idle: Add a quirk for ASUSTeK COMPUTER INC. ROG Flow X13 (bsc#1206224). - ACPI: x86: s2idle: Add a quirk for Lenovo Slim 7 Pro 14ARH7 (bsc#1206224). - ACPI: x86: s2idle: Add another ID to s2idle_dmi_table (bsc#1206224). - ACPI: x86: s2idle: Add module parameter to prefer Microsoft GUID (bsc#1206224). - ACPI: x86: s2idle: Fix a NULL pointer dereference (bsc#1206224). - ACPI: x86: s2idle: Force AMD GUID/_REV 2 on HP Elitebook 865 (bsc#1206224). - ACPI: x86: s2idle: If a new AMD _HID is missing assume Rembrandt (bsc#1206224). - ACPI: x86: s2idle: Move _HID handling for AMD systems into structures (bsc#1206224). - ACPI: x86: s2idle: Stop using AMD specific codepath for Rembrandt+ (bsc#1206224). - ACPICA: Allow address_space_handler Install and _REG execution as 2 separate steps (bsc#1207149). - ACPICA: include/acpi/acpixf.h: Fix indentation (bsc#1207149). - ALSA: emux: Avoid potential array out-of-bound in snd_emux_xg_control() (git-fixes). - ALSA: hda/realtek: Add Acer Predator PH315-54 (git-fixes). - ALSA: hda/realtek: Add Positivo N14KP6-TG (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS UM3402 using CS35L41 (git-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs on HP Elitebook, 645 G9 (git-fixes). - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro 360 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs, speaker do not work for a HP platform (git-fixes). - ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path() (git-fixes). - ALSA: pci: lx6464es: fix a debug loop (git-fixes). - ARM: dts: at91: sam9x60: fix the ddr clock for sam9x60 (git-fixes). - ARM: dts: imx6qdl-gw560x: Remove incorrect 'uart-has-rtscts' (git-fixes). - ARM: dts: imx6ul-pico-dwarf: Use 'clock-frequency' (git-fixes). - ARM: dts: imx7d-pico: Use 'clock-frequency' (git-fixes). - ARM: dts: imx: Fix pca9547 i2c-mux node name (git-fixes). - ARM: dts: vf610: Fix pca9548 i2c-mux node names (git-fixes). - ARM: imx: add missing of_node_put() (git-fixes). - ASoC: Intel: boards: fix spelling in comments (git-fixes). - ASoC: Intel: bytcht_es8316: Drop reference count of ACPI device after use (git-fixes). - ASoC: Intel: bytcht_es8316: move comment to the right place (git-fixes). - ASoC: Intel: bytcr_rt5651: Drop reference count of ACPI device after use (git-fixes). - ASoC: Intel: bytcr_wm5102: Drop reference count of ACPI device after use (git-fixes). - ASoC: fsl-asoc-card: Fix naming of AC'97 CODEC widgets (git-fixes). - ASoC: fsl_micfil: Correct the number of steps on SX controls (git-fixes). - ASoC: fsl_ssi: Rename AC'97 streams to avoid collisions with AC'97 CODEC (git-fixes). - ASoC: topology: Return -ENOMEM on memory allocation failure (git-fixes). - Bluetooth: Fix possible deadlock in rfcomm_sk_state_change (git-fixes). - Bluetooth: hci_qca: Fix driver shutdown on closed serdev (git-fixes). - Fix page corruption caused by racy check in __free_pages (bsc#1208149). - HID: betop: check shape of output reports (git-fixes). - HID: betop: check shape of output reports (git-fixes, bsc#1207186). - HID: check empty report_list in bigben_probe() (git-fixes). - HID: check empty report_list in hid_validate_values() (git-fixes). - HID: check empty report_list in hid_validate_values() (git-fixes, bsc#1206784). - HID: intel_ish-hid: Add check for ishtp_dma_tx_map (git-fixes). - HID: playstation: sanity check DualSense calibration data (git-fixes). - HID: revert CHERRY_MOUSE_000C quirk (git-fixes). - IB/IPoIB: Fix legacy IPoIB due to wrong number of queues (git-fixes) - IB/hfi1: Fix expected receive setup error exit issues (git-fixes) - IB/hfi1: Immediately remove invalid memory from hardware (git-fixes) - IB/hfi1: Reject a zero-length user expected buffer (git-fixes) - IB/hfi1: Remove user expected buffer invalidate race (git-fixes) - IB/hfi1: Reserve user expected TIDs (git-fixes) - IB/hfi1: Restore allocated resources on failed copyout (git-fixes) - IB/mad: Do not call to function that might sleep while in atomic context (git-fixes). - KVM: x86: Check for existing Hyper-V vCPU in kvm_hv_vcpu_init() (bsc#1206616). - Move upstreamed net patch into sorted section - PCI/PM: Define pci_restore_standard_config() only for CONFIG_PM_SLEEP (bsc#1207269). - PM: AVS: qcom-cpr: Fix an error handling path in cpr_probe() (git-fixes). - RDMA/core: Fix ib block iterator counter overflow (bsc#1207878). - RDMA/core: Fix ib block iterator counter overflow (git-fixes) - RDMA/irdma: Fix potential NULL-ptr-dereference (git-fixes) - RDMA/mlx5: Fix mlx5_ib_get_hw_stats when used for device (git-fixes) - RDMA/mlx5: Fix validation of max_rd_atomic caps for DC (git-fixes) - RDMA/rxe: Prevent faulty rkey generation (git-fixes) - RDMA/srp: Move large values to a new enum for gcc13 (git-fixes) - RDMA/usnic: use iommu_map_atomic() under spin_lock() (git-fixes) - Remove duplicate Git-commit tag in patch file - Revert 'ARM: dts: armada-38x: Fix compatible string for gpios' (git-fixes). - Revert 'ARM: dts: armada-39x: Fix compatible string for gpios' (git-fixes). - Revert 'Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode' (git-fixes). - Revert 'Revert 'block, bfq: honor already-setup queue merges'' (git-fixes). - Revert 'arm64: dts: meson-sm1-odroid-hc4: disable unused USB PHY0' (git-fixes). - Revert 'wifi: mac80211: fix memory leak in ieee80211_if_add()' (git-fixes). - SUNRPC: Do not dereference xprt->snd_task if it's a cookie (git-fixes). - SUNRPC: Use BIT() macro in rpc_show_xprt_state() (git-fixes). - USB: gadget: Fix use-after-free during usb config switch (git-fixes). - USB: misc: iowarrior: fix up header size for USB_DEVICE_ID_CODEMERCS_IOW100 (git-fixes). - USB: serial: cp210x: add SCALANCE LPE-9000 device id (git-fixes). - USB: serial: option: add Quectel EC200U modem (git-fixes). - USB: serial: option: add Quectel EM05-G (CS) modem (git-fixes). - USB: serial: option: add Quectel EM05-G (GR) modem (git-fixes). - USB: serial: option: add Quectel EM05-G (RS) modem (git-fixes). - USB: serial: option: add Quectel EM05CN (SG) modem (git-fixes). - USB: serial: option: add Quectel EM05CN modem (git-fixes). - arm64: Fix Freescale LPUART dependency (boo#1204063). - arm64: atomics: format whitespace consistently (git-fixes). - arm64: dts: imx8mm-beacon: Fix ecspi2 pinmux (git-fixes). - arm64: dts: imx8mm-venice-gw7901: fix USB2 controller OC polarity (git-fixes). - arm64: dts: imx8mm: Fix pad control for UART1_DTE_RX (git-fixes). - arm64: dts: imx8mq-thor96: fix no-mmc property for SDHCI (git-fixes). - arm64: dts: meson-axg: Make mmc host controller interrupts level-sensitive (git-fixes). - arm64: dts: meson-g12-common: Make mmc host controller interrupts level-sensitive (git-fixes). - arm64: dts: meson-gx: Make mmc host controller interrupts level-sensitive (git-fixes). - arm64: dts: qcom: msm8992-libra: Add CPU regulators (git-fixes). - arm64: dts: qcom: msm8992-libra: Fix the memory map (git-fixes). - arm64: dts: qcom: msm8992: Do not use sfpb mutex (git-fixes). - arm64: efi: Execute runtime services from a dedicated stack (git-fixes). - ata: libata: Fix sata_down_spd_limit() when no link speed is reported (git-fixes). - ath11k: Fix unexpected return buffer manager error for QCA6390 (git-fixes). - bcache: fix set_at_max_writeback_rate() for multiple attached devices (git-fixes). - bfq: fix use-after-free in bfq_dispatch_request (git-fixes). - bfq: fix waker_bfqq inconsistency crash (git-fixes). - blk-cgroup: fix missing pd_online_fn() while activating policy (git-fixes). - blk-mq: fix possible memleak when register 'hctx' failed (git-fixes). - blk-throttle: prevent overflow while calculating wait time (git-fixes). - blk-wbt: fix that 'rwb->wc' is always set to 1 in wbt_init() (git-fixes). - blktrace: Fix output non-blktrace event when blk_classic option enabled (git-fixes). - block, bfq: do not move oom_bfqq (git-fixes). - block, bfq: fix null pointer dereference in bfq_bio_bfqg() (git-fixes). - block, bfq: fix possible uaf for 'bfqq->bic' (git-fixes). - block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq (git-fixes). - block, bfq: fix uaf for bfqq in bic_set_bfqq() (git-fixes). - block, bfq: protect 'bfqd->queued' by 'bfqd->lock' (git-fixes). - block/bfq-iosched.c: use 'false' rather than 'BLK_RW_ASYNC' (git-fixes). - block/bfq_wf2q: correct weight to ioprio (git-fixes). - block/bio: remove duplicate append pages code (git-fixes). - block: check minor range in device_add_disk() (git-fixes). - block: clear ->slave_dir when dropping the main slave_dir reference (git-fixes). - block: do not allow splitting of a REQ_NOWAIT bio (git-fixes). - block: ensure iov_iter advances for added pages (git-fixes). - block: fix and cleanup bio_check_ro (git-fixes). - block: fix infinite loop for invalid zone append (git-fixes). - block: mq-deadline: Do not break sequential write streams to zoned HDDs (git-fixes). - block: mq-deadline: Fix dd_finish_request() for zoned devices (git-fixes). - block: mq-deadline: Rename deadline_is_seq_writes() (git-fixes). - block: use bdev_get_queue() in bio.c (git-fixes). - bnx2x: fix pci device refcount leak in bnx2x_vf_is_pcie_pending() (git-fixes). - bnxt_en: Fix possible crash in bnxt_hwrm_set_coal() (git-fixes). - bnxt_en: Remove debugfs when pci_register_driver failed (git-fixes). - bnxt_en: add dynamic debug support for HWRM messages (git-fixes). - bnxt_en: fix potentially incorrect return value for ndo_rx_flow_steer (git-fixes). - bnxt_en: fix the handling of PCIE-AER (git-fixes). - bnxt_en: refactor bnxt_cancel_reservations() (git-fixes). - bpf: Fix a possible task gone issue with bpf_send_signal[_thread]() helpers (git-fixes). - bpf: Skip task with pid=1 in send_signal_common() (git-fixes). - btrfs: add helper to delete a dir entry from a log tree (bsc#1207263). - btrfs: avoid inode logging during rename and link when possible (bsc#1207263). - btrfs: avoid logging all directory changes during renames (bsc#1207263). - btrfs: backport recent fixes for send/receive into SLE15 SP4/SP5 (bsc#1206036 bsc#1207500 ltc#201363). - btrfs: do not log unnecessary boundary keys when logging directory (bsc#1207263). - btrfs: fix assertion failure when logging directory key range item (bsc#1207263). - btrfs: fix processing of delayed data refs during backref walking (bsc#1206056 bsc#1207507 ltc#201367). - btrfs: fix processing of delayed tree block refs during backref walking (bsc#1206057 bsc#1207506 ltc#201368). - btrfs: fix race between quota enable and quota rescan ioctl (bsc#1207158). - btrfs: fix race between quota rescan and disable leading to NULL pointer deref (bsc#1207158). - btrfs: fix trace event name typo for FLUSH_DELAYED_REFS (git-fixes). - btrfs: join running log transaction when logging new name (bsc#1207263). - btrfs: move QUOTA_ENABLED check to rescan_should_stop from btrfs_qgroup_rescan_worker (bsc#1207158). - btrfs: pass the dentry to btrfs_log_new_name() instead of the inode (bsc#1207263). - btrfs: prepare extents to be logged before locking a log tree path (bsc#1207263). - btrfs: put initial index value of a directory in a constant (bsc#1207263). - btrfs: qgroup: remove duplicated check in adding qgroup relations (bsc#1207158). - btrfs: qgroup: remove outdated TODO comments (bsc#1207158). - btrfs: remove unnecessary NULL check for the new inode during rename exchange (bsc#1207263). - btrfs: remove useless path release in the fast fsync path (bsc#1207263). - btrfs: remove write and wait of struct walk_control (bsc#1207263). - btrfs: stop copying old dir items when logging a directory (bsc#1207263). - btrfs: stop doing unnecessary log updates during a rename (bsc#1207263). - btrfs: stop trying to log subdirectories created in past transactions (bsc#1207263). - btrfs: use single variable to track return value at btrfs_log_inode() (bsc#1207263). - bus: sunxi-rsb: Fix error handling in sunxi_rsb_init() (git-fixes). - can: j1939: do not wait 250 ms if the same addr was already claimed (git-fixes). - can: j1939: fix errant WARN_ON_ONCE in j1939_session_deactivate (git-fixes). - ceph: flush cap releases when the session is flushed (bsc#1208428). - cifs: Fix uninitialized memory read for smb311 posix symlink create (git-fixes). - cifs: avoid re-lookups in dfs_cache_find() (bsc#1193629). - cifs: do not include page data when checking signature (git-fixes). - cifs: do not query ifaces on smb1 mounts (git-fixes). - cifs: do not take exclusive lock for updating target hints (bsc#1193629). - cifs: fix double free on failed kerberos auth (git-fixes). - cifs: fix file info setting in cifs_open_file() (git-fixes). - cifs: fix file info setting in cifs_query_path_info() (git-fixes). - cifs: fix potential memory leaks in session setup (bsc#1193629). - cifs: fix race in assemble_neg_contexts() (bsc#1193629). - cifs: fix return of uninitialized rc in dfs_cache_update_tgthint() (bsc#1193629). - cifs: handle cache lookup errors different than -ENOENT (bsc#1193629). - cifs: ignore ipc reconnect failures during dfs failover (bsc#1193629). - cifs: protect access of TCP_Server_Info::{dstaddr,hostname} (bsc#1193629). - cifs: remove duplicate code in __refresh_tcon() (bsc#1193629). - cifs: remove redundant assignment to the variable match (bsc#1193629). - cifs: remove unused function (bsc#1193629). - comedi: adv_pci1760: Fix PWM instruction handling (git-fixes). - cpufreq: Add Tegra234 to cpufreq-dt-platdev blocklist (git-fixes). - cpufreq: armada-37xx: stop using 0 as NULL pointer (git-fixes). - crypto: fixed DH and ECDH implemention for FIPS PCT (jsc#SLE-21132,bsc#1191256,bsc#1207184). - dm btree: add a defensive bounds check to insert_at() (git-fixes). - dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort (git-fixes). - dm cache: Fix UAF in destroy() (git-fixes). - dm cache: set needs_check flag after aborting metadata (git-fixes). - dm clone: Fix UAF in clone_dtr() (git-fixes). - dm integrity: Fix UAF in dm_integrity_dtr() (git-fixes). - dm integrity: clear the journal on suspend (git-fixes). - dm integrity: flush the journal on suspend (git-fixes). - dm ioctl: fix misbehavior if list_versions races with module loading (git-fixes). - dm ioctl: prevent potential spectre v1 gadget (git-fixes). - dm raid: fix address sanitizer warning in raid_resume (git-fixes). - dm raid: fix address sanitizer warning in raid_status (git-fixes). - dm space map common: add bounds check to sm_ll_lookup_bitmap() (git-fixes). - dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata (git-fixes). - dm thin: Fix UAF in run_timer_softirq() (git-fixes). - dm thin: Use last transaction's pmd->root when commit failed (git-fixes). - dm thin: resume even if in FAIL mode (git-fixes). - dm writecache: set a default MAX_WRITEBACK_JOBS (git-fixes). - dm: fix alloc_dax error handling in alloc_dev (git-fixes). - dm: requeue IO if mapping table not yet available (git-fixes). - dmaengine: Fix double increment of client_count in dma_chan_get() (git-fixes). - dmaengine: idxd: Do not call DMX TX callbacks during workqueue disable (git-fixes). - dmaengine: idxd: Let probe fail when workqueue cannot be enabled (git-fixes). - dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init (git-fixes). - dmaengine: lgm: Move DT parsing after initialization (git-fixes). - dmaengine: tegra210-adma: fix global intr clear (git-fixes). - dmaengine: ti: k3-udma: Do conditional decrement of UDMA_CHAN_RT_PEER_BCNT_REG (git-fixes). - dmaengine: xilinx_dma: call of_node_put() when breaking out of for_each_child_of_node() (git-fixes). - docs: Fix the docs build with Sphinx 6.0 (git-fixes). - driver core: Fix test_async_probe_init saves device in wrong array (git-fixes). - drivers/md/md-bitmap: check the return value of md_bitmap_get_counter() (git-fixes). - drivers: net: xgene: disable napi when register irq failed in xgene_enet_open() (git-fixes). - drivers:md:fix a potential use-after-free bug (git-fixes). - drm/amd/display: Calculate output_color_space after pixel encoding adjustment (git-fixes). - drm/amd/display: Fail atomic_check early on normalize_zpos error (git-fixes). - drm/amd/display: Fix COLOR_SPACE_YCBCR2020_TYPE matrix (git-fixes). - drm/amd/display: Fix set scaling doesn's work (git-fixes). - drm/amd/display: Fix timing not changning when freesync video is enabled (git-fixes). - drm/amd/display: Take emulated dc_sink into account for HDCP (bsc#1207734). - drm/amd/display: fix issues with driver unload (git-fixes). - drm/amdgpu/fence: Fix oops due to non-matching drm_sched init/fini (git-fixes). - drm/amdgpu: complete gfxoff allow signal during suspend without delay (git-fixes). - drm/amdgpu: disable runtime pm on several sienna cichlid cards(v2) (git-fixes). - drm/amdgpu: drop experimental flag on aldebaran (git-fixes). - drm/hyperv: Add error message for fb size greater than allocated (git-fixes). - drm/i915/adlp: Fix typo for reference clock (git-fixes). - drm/i915/display: Check source height is > 0 (git-fixes). - drm/i915/gt: Reset twice (git-fixes). - drm/i915/selftest: fix intel_selftest_modify_policy argument types (git-fixes). - drm/i915: Fix VBT DSI DVO port handling (git-fixes). - drm/i915: Fix potential bit_17 double-free (git-fixes). - drm/i915: Initialize the obj flags for shmem objects (git-fixes). - drm/i915: re-disable RC6p on Sandy Bridge (git-fixes). - drm/panfrost: fix GENERIC_ATOMIC64 dependency (git-fixes). - drm/vc4: hdmi: make CEC adapter name unique (git-fixes). - drm/virtio: exbuf->fence_fd unmodified on interrupted wait (git-fixes). - drm: Add orientation quirk for Lenovo ideapad D330-10IGL (git-fixes). - efi: Accept version 2 of memory attributes table (git-fixes). - efi: fix potential NULL deref in efi_mem_reserve_persistent (git-fixes). - efi: rt-wrapper: Add missing include (git-fixes). - efi: tpm: Avoid READ_ONCE() for accessing the event log (git-fixes). - exit: Add and use make_task_dead (bsc#1207328). - exit: Allow oops_limit to be disabled (bsc#1207328). - exit: Guarantee make_task_dead leaks the tsk when calling do_task_exit (bsc#1207328). - exit: Move force_uaccess back into do_exit (bsc#1207328). - exit: Move oops specific logic from do_exit into make_task_dead (bsc#1207328). - exit: Put an upper limit on how often we can oops (bsc#1207328). - exit: Stop poorly open coding do_task_dead in make_task_dead (bsc#1207328). - exit: Use READ_ONCE() for all oops/warn limit reads (bsc#1207328). - ext4,f2fs: fix readahead of verity data (bsc#1207648). - ext4: Fixup pages without buffers (bsc#1205495). - ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode (bsc#1207619). - ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878). - ext4: add helper to check quota inums (bsc#1207618). - ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop (bsc#1207617). - ext4: add missing validation of fast-commit record lengths (bsc#1207626). - ext4: allocate extended attribute value in vmalloc area (bsc#1207635). - ext4: avoid crash when inline data creation follows DIO write (bsc#1206883). - ext4: avoid resizing to a partial cluster size (bsc#1206880). - ext4: avoid unaccounted block allocation when expanding inode (bsc#1207634). - ext4: continue to expand file system when the target size does not reach (bsc#1206882). - ext4: correct cluster len and clusters changed accounting in ext4_mb_mark_bb (bsc#1207592). - ext4: correct max_inline_xattr_value_size computing (bsc#1206878). - ext4: correct the misjudgment in ext4_iget_extra_inode (bsc#1206878). - ext4: disable fast-commit of encrypted dir operations (bsc#1207623). - ext4: do not allow journal inode to have encrypt flag (bsc#1207621). - ext4: do not increase iversion counter for ea_inodes (bsc#1207605). - ext4: do not run ext4lazyinit for read-only filesystems (bsc#1207603). - ext4: do not set up encryption key during jbd2 transaction (bsc#1207624). - ext4: drop ineligible txn start stop APIs (bsc#1207588). - ext4: ext4_read_bh_lock() should submit IO if the buffer isn't uptodate (bsc#1207606). - ext4: factor out ext4_fc_get_tl() (bsc#1207615). - ext4: fast commit may miss file actions (bsc#1207591). - ext4: fast commit may not fallback for ineligible commit (bsc#1207590). - ext4: fix BUG_ON() when directory entry has invalid rec_len (bsc#1206886). - ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0 (bsc#1206881). - ext4: fix bug_on in __es_tree_search caused by bad boot loader inode (bsc#1207620). - ext4: fix bug_on in start_this_handle during umount filesystem (bsc#1207594). - ext4: fix deadlock due to mbcache entry corruption (bsc#1207653). - ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline (bsc#1207631). - ext4: fix dir corruption when ext4_dx_add_entry() fails (bsc#1207608). - ext4: fix error code return to user-space in ext4_get_branch() (bsc#1207630). - ext4: fix ext4_mb_mark_bb() with flex_bg with fast_commit (bsc#1207593). - ext4: fix extent status tree race in writeback error recovery path (bsc#1206877). - ext4: fix inode leak in ext4_xattr_inode_create() on an error path (bsc#1207636). - ext4: fix kernel BUG in 'ext4_write_inline_data_end()' (bsc#1206894). - ext4: fix leaking uninitialized memory in fast-commit journal (bsc#1207625). - ext4: fix miss release buffer head in ext4_fc_write_inode (bsc#1207609). - ext4: fix null-ptr-deref in ext4_write_info (bsc#1206884). - ext4: fix off-by-one errors in fast-commit block filling (bsc#1207628). - ext4: fix potential memory leak in ext4_fc_record_modified_inode() (bsc#1207611). - ext4: fix potential memory leak in ext4_fc_record_regions() (bsc#1207612). - ext4: fix potential out of bound read in ext4_fc_replay_scan() (bsc#1207616). - ext4: fix reserved cluster accounting in __es_remove_extent() (bsc#1207637). - ext4: fix unaligned memory access in ext4_fc_reserve_space() (bsc#1207627). - ext4: fix undefined behavior in bit shift for ext4_check_flag_values (bsc#1206890). - ext4: fix uninititialized value in 'ext4_evict_inode' (bsc#1206893). - ext4: fix use-after-free in ext4_ext_shift_extents (bsc#1206888). - ext4: fix use-after-free in ext4_orphan_cleanup (bsc#1207622). - ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878). - ext4: fix warning in 'ext4_da_release_space' (bsc#1206887). - ext4: goto right label 'failed_mount3a' (bsc#1207610). - ext4: init quota for 'old.inode' in 'ext4_rename' (bsc#1207629). - ext4: initialize quota before expanding inode in setproject ioctl (bsc#1207633). - ext4: introduce EXT4_FC_TAG_BASE_LEN helper (bsc#1207614). - ext4: limit the number of retries after discarding preallocations blocks (bsc#1207602). - ext4: make ext4_lazyinit_thread freezable (bsc#1206885). - ext4: place buffer head allocation before handle start (bsc#1207607). - ext4: silence the warning when evicting inode with dioread_nolock (bsc#1206889). - ext4: simplify updating of fast commit stats (bsc#1207589). - ext4: update 'state->fc_regions_size' after successful memory allocation (bsc#1207613). - ext4: update s_overhead_clusters in the superblock during an on-line resize (bsc#1206876). - extcon: usbc-tusb320: fix kernel-doc warning (git-fixes). - fbcon: Check font dimension limits (git-fixes). - fbdev: omapfb: avoid stack overflow warning (git-fixes). - fbdev: smscufx: fix error handling code in ufx_usb_probe (git-fixes). - firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region (git-fixes). - firmware: arm_scmi: Harden shared memory access in fetch_notification (git-fixes). - firmware: arm_scmi: Harden shared memory access in fetch_response (git-fixes). - fpga: stratix10-soc: Fix return value check in s10_ops_write_init() (git-fixes). - fs: ext4: initialize fsdata in pagecache_write() (bsc#1207632). - fs: remove __sync_filesystem (git-fixes). - fscache_cookie_enabled: check cookie is valid before accessing it (bsc#1208429). - ftrace/x86: Add back ftrace_expected for ftrace bug reports (git-fixes). - ftrace: Clean comments related to FTRACE_OPS_FL_PER_CPU (git-fixes). - genirq: Provide new interfaces for affinity hints (bsc#1208153). - git_sort: add usb-linus branch for gregkh/usb - gsmi: fix null-deref in gsmi_get_variable (git-fixes). - hv_netvsc: Fix missed pagebuf entries in netvsc_dma_map/unmap() (git-fixes). - i2c: designware-pci: Add new PCI IDs for AMD NAVI GPU (git-fixes). - i2c: mv64xxx: Add atomic_xfer method to driver (git-fixes). - i2c: mv64xxx: Remove shutdown method from driver (git-fixes). - i2c: mxs: suppress probe-deferral error message (git-fixes). - i2c: rk3x: fix a bunch of kernel-doc warnings (git-fixes). - i40e: Disallow ip4 and ip6 l4_4_bytes (git-fixes). - i40e: Fix error handling in i40e_init_module() (git-fixes). - i40e: Fix not setting default xps_cpus after reset (git-fixes). - igb: Allocate MSI-X vector when testing (git-fixes). - iio: adc: berlin2-adc: Add missing of_node_put() in error path (git-fixes). - iio: adc: stm32-dfsdm: fill module aliases (git-fixes). - iio: hid: fix the retval in accel_3d_capture_sample (git-fixes). - iio: hid: fix the retval in gyro_3d_capture_sample (git-fixes). - iio: imu: fxos8700: fix ACCEL measurement range selection (git-fixes). - iio: imu: fxos8700: fix IMU data bits returned to user space (git-fixes). - iio: imu: fxos8700: fix MAGN sensor scale and unit (git-fixes). - iio: imu: fxos8700: fix failed initialization ODR mode assignment (git-fixes). - iio: imu: fxos8700: fix incomplete ACCEL and MAGN channels readback (git-fixes). - iio: imu: fxos8700: fix incorrect ODR mode readback (git-fixes). - iio: imu: fxos8700: fix map label of channel type to MAGN sensor (git-fixes). - iio: imu: fxos8700: fix swapped ACCEL and MAGN channels readback (git-fixes). - iio: imu: fxos8700: remove definition FXOS8700_CTRL_ODR_MIN (git-fixes). - iio:adc:twl6030: Enable measurement of VAC (git-fixes). - iio:adc:twl6030: Enable measurements of VUSB, VBAT and others (git-fixes). - ipmi:ssif: Add 60ms time internal between write retries (bsc#1206459). - ipmi:ssif: Add a timer between request retries (bsc#1206459). - ipmi:ssif: Increase the message retry time (bsc#1206459). - ipmi:ssif: Remove rtc_us_timer (bsc#1206459). - ipmi:ssif: resend_msg() cannot fail (bsc#1206459). - ipmi_ssif: Rename idle state and check (bsc#1206459). - ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network (git-fixes). - ixgbevf: Fix resource leak in ixgbevf_init_module() (git-fixes). - jbd2: Fix up kABI of ext4 fast commit interface (bsc#1207590). - jbd2: add miss release buffer head in fc_do_one_pass() (bsc#1207646). - jbd2: fix a potential race while discarding reserved buffers after an abort (bsc#1207641). - jbd2: fix potential buffer head reference count leak (bsc#1207644). - jbd2: fix potential use-after-free in jbd2_fc_wait_bufs (bsc#1207645). - jbd2: use the correct print format (git-fixes). - jbd2: wake up journal waiters in FIFO order, not LIFO (bsc#1207643). - kABI workaround for struct acpi_ec (bsc#1207149). - kABI: Preserve TRACE_EVENT_FL values (git-fixes). - kabi/severities: add mlx5 internal symbols - kasan: no need to unset panic_on_warn in end_report() (bsc#1207328). - l2tp: Do not sleep and disable BH under writer-side sk_callback_lock (git-fixes). - loop: Fix the max_loop commandline argument treatment when it is set to 0 (git-fixes). - mbcache: Avoid nesting of cache->c_list_lock under bit locks (bsc#1207647). - mbcache: Fixup kABI of mb_cache_entry (bsc#1207653). - md/bitmap: Fix bitmap chunk size overflow issues (git-fixes). - md/raid1: stop mdx_raid1 thread when raid1 array run failed (git-fixes). - md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes). - md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes). - md: Notify sysfs sync_completed in md_reap_sync_thread() (git-fixes). - md: fix a crash in mempool_free (git-fixes). - md: protect md_unregister_thread from reentrancy (git-fixes). - mei: me: add meteor lake point M DID (git-fixes). - memory: atmel-sdramc: Fix missing clk_disable_unprepare in atmel_ramc_probe() (git-fixes). - memory: mvebu-devbus: Fix missing clk_disable_unprepare in mvebu_devbus_probe() (git-fixes). - memory: tegra: Remove clients SID override programming (git-fixes). - misc: fastrpc: Do not remove map on creater_process and device_release (git-fixes). - misc: fastrpc: Fix use-after-free race condition for maps (git-fixes). - mm: /proc/pid/smaps_rollup: fix no vma's null-deref (bsc#1207769). - mm: compaction: kABI: avoid pglist_data kABI breakage (bsc#1207010). - mm: compaction: support triggering of proactive compaction by user (bsc#1207010). - mmc: sdhci-esdhc-imx: correct the tuning start tap and step setting (git-fixes). - mmc: sunxi-mmc: Fix clock refcount imbalance during unbind (git-fixes). - module: Do not wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662). - mt76: fix use-after-free by removing a non-RCU wcid pointer (git-fixes). - mt76: mt7921: avoid unnecessary spin_lock/spin_unlock in mt7921_mcu_tx_done_event (git-fixes). - nbd: Fix hung on disconnect request if socket is closed before (git-fixes). - nbd: Fix hung when signal interrupts nbd_start_device_ioctl() (git-fixes). - nbd: call genl_unregister_family() first in nbd_cleanup() (git-fixes). - nbd: fix io hung while disconnecting device (git-fixes). - nbd: fix race between nbd_alloc_config() and module removal (git-fixes). - net/mlx4: Check retval of mlx4_bitmap_init (git-fixes). - net/mlx5: Dynamically resize flow counters query buffer (bsc#1195175). - net/tg3: resolve deadlock in tg3_reset_task() during EEH (bsc#1207842). - net/usb: kalmia: Do not pass act_len in usb_bulk_msg error path (git-fixes). - net/x25: Fix to not accept on connected socket (git-fixes). - net: USB: Fix wrong-direction WARNING in plusb.c (git-fixes). - net: cxgb3_main: disable napi when bind qsets failed in cxgb_up() (git-fixes). - net: ena: Fix error handling in ena_init() (git-fixes). - net: liquidio: release resources when liquidio driver open failed (git-fixes). - net: liquidio: simplify if expression (git-fixes). - net: macvlan: Use built-in RCU list checking (git-fixes). - net: macvlan: fix memory leaks of macvlan_common_newlink (git-fixes). - net: mana: Assign interrupts to CPUs based on NUMA nodes (bsc#1208153). - net: mana: Fix IRQ name - add PCI and queue number (bsc#1207875). - net: mana: Fix accessing freed irq affinity_hint (bsc#1208153). - net: mdio: validate parameter addr in mdiobus_get_phy() (git-fixes). - net: nfc: Fix use-after-free in local_cleanup() (git-fixes). - net: openvswitch: fix possible memory leak in ovs_meter_cmd_set() (git-fixes). - net: phy: dp83822: Fix null pointer access on DP83825/DP83826 devices (git-fixes). - net: phy: meson-gxl: Add generic dummy stubs for MMD register access (git-fixes). - net: phy: meson-gxl: use MMD access dummy stubs for GXL, internal PHY (git-fixes). - net: tun: Fix memory leaks of napi_get_frags (git-fixes). - net: tun: Fix use-after-free in tun_detach() (git-fixes). - net: tun: call napi_schedule_prep() to ensure we own a napi (git-fixes). - net: usb: cdc_ether: add support for Thales Cinterion PLS62-W modem (git-fixes). - net: usb: sr9700: Handle negative len (git-fixes). - net: wan: Add checks for NULL for utdm in undo_uhdlc_init and unmap_si_regs (git-fixes). - netrom: Fix use-after-free caused by accept on already connected socket (git-fixes). - netrom: Fix use-after-free of a listening socket (git-fixes). - nilfs2: fix general protection fault in nilfs_btree_insert() (git-fixes). - null_blk: fix ida error handling in null_add_dev() (git-fixes). - nvdimm: disable namespace on error (bsc#1166486). - objtool: Add a missing comma to avoid string concatenation (bsc#1207328). - ocfs2: clear dinode links count in case of error (bsc#1207650). - ocfs2: fix BUG when iput after ocfs2_mknod fails (bsc#1207649). - ocfs2: fix crash when mount with quota enabled (bsc#1207640). - ocfs2: fix memory leak in ocfs2_mount_volume() (bsc#1207652). - ocfs2: fix memory leak in ocfs2_stack_glue_init() (bsc#1207651). - ocfs2: ocfs2_mount_volume does cleanup job before return error (bsc#1207770). - ocfs2: quota_local: fix possible uninitialized-variable access in ocfs2_local_read_info() (bsc#1207768). - ocfs2: rewrite error handling of ocfs2_fill_super (bsc#1207771). - octeontx2-af: Fix reference count issue in rvu_sdp_init() (jsc#SLE-24682). - octeontx2-af: debugsfs: fix pci device refcount leak (git-fixes). - octeontx2-pf: Add check for devm_kcalloc (git-fixes). - octeontx2-pf: Fix potential memory leak in otx2_init_tc() (jsc#SLE-24682). - of/address: Return an error when no valid dma-ranges are found (git-fixes). - panic: Consolidate open-coded panic_on_warn checks (bsc#1207328). - panic: Introduce warn_limit (bsc#1207328). - panic: unset panic_on_warn inside panic() (bsc#1207328). - phy: Revert 'phy: qualcomm: usb28nm: Add MDM9607 init sequence' (git-fixes). - phy: phy-can-transceiver: Skip warning if no 'max-bitrate' (git-fixes). - phy: rockchip-inno-usb2: Fix missing clk_disable_unprepare() in rockchip_usb2phy_power_on() (git-fixes). - phy: ti: fix Kconfig warning and operator precedence (git-fixes). - pinctrl: amd: Add dynamic debugging for active GPIOs (git-fixes). - pinctrl: aspeed: Fix confusing types in return value (git-fixes). - pinctrl: intel: Restore the pins that used to be in Direct IRQ mode (git-fixes). - pinctrl: mediatek: Fix the drive register definition of some Pins (git-fixes). - pinctrl: rockchip: fix mux route data for rk3568 (git-fixes). - pinctrl: single: fix potential NULL dereference (git-fixes). - platform/x86: asus-nb-wmi: Add alternate mapping for KEY_SCREENLOCK (git-fixes). - platform/x86: dell-wmi: Add a keymap for KEY_MUTE in type 0x0010 table (git-fixes). - platform/x86: gigabyte-wmi: add support for B450M DS3H WIFI-CF (git-fixes). - platform/x86: touchscreen_dmi: Add info for the CSL Panther Tab HD (git-fixes). - powerpc/64s/radix: Fix RWX mapping with relocated kernel (bsc#1194869). - powerpc/64s/radix: Fix crash with unaligned relocated kernel (bsc#1194869). - powerpc/64s: Fix local irq disable when PMIs are disabled (bsc#1195655 ltc#1195655 git-fixes). - powerpc/kexec_file: Count hot-pluggable memory in FDT estimate (bsc#1194869). - powerpc/kexec_file: Fix division by zero in extra size estimation (bsc#1194869). - powerpc/vmlinux.lds: Add an explicit symbol for the SRWX boundary (bsc#1194869). - powerpc/vmlinux.lds: Ensure STRICT_ALIGN_SIZE is at least page aligned (bsc#1194869). - powerpc: move __end_rodata to cover arch read-only sections (bsc#1194869). - qlcnic: fix sleep-in-atomic-context bugs caused by msleep (git-fixes). - quota: Check next/prev free block number after reading from quota file (bsc#1206640). - quota: Prevent memory allocation recursion while holding dq_lock (bsc#1207639). - r8152: add vendor/device ID pair for Microsoft Devkit (git-fixes). - r8169: move rtl_wol_enable_rx() and rtl_prepare_power_down() (git-fixes). - regulator: da9211: Use irq handler when ready (git-fixes). - rpm/mkspec-dtb: add riscv64 dtb-renesas subpackage - s390/qeth: fix various format strings (git-fixes). - sched, cpuset: Fix dl_cpu_busy() panic due to empty (git-fixes) - sched/core: Fix arch_scale_freq_tick() on tickless systems (git-fixes) - sched/core: Introduce sched_asym_cpucap_active() (git-fixes) - sched/deadline: Merge dl_task_can_attach() and dl_cpu_busy() (git-fixes) - sched/tracing: Report TASK_RTLOCK_WAIT tasks as (git-fixes) - sched/uclamp: Make asym_fits_capacity() use util_fits_cpu() (git-fixes) - sched: Avoid double preemption in __cond_resched_*lock*() (git-fixes) - scsi: Revert 'scsi: core: map PQ=1, PDT=other values to SCSI_SCAN_TARGET_PRESENT' (git-fixes). - scsi: core: Fix a race between scsi_done() and scsi_timeout() (git-fixes). - scsi: efct: Fix possible memleak in efct_device_init() (git-fixes). - scsi: elx: libefc: Fix second parameter type in state callbacks (git-fixes). - scsi: fcoe: Fix possible name leak when device_register() fails (git-fixes). - scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails (git-fixes). - scsi: hpsa: Fix allocation size for scsi_host_alloc() (git-fixes). - scsi: hpsa: Fix error handling in hpsa_add_sas_host() (git-fixes). - scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device() (git-fixes). - scsi: hpsa: Fix possible memory leak in hpsa_init_one() (git-fixes). - scsi: ipr: Fix WARNING in ipr_init() (git-fixes). - scsi: mpi3mr: Refer CONFIG_SCSI_MPI3MR in Makefile (git-fixes). - scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add() (git-fixes). - scsi: mpt3sas: Remove scsi_dma_map() error messages (git-fixes). - scsi: scsi_debug: Fix a warning in resp_report_zones() (git-fixes). - scsi: scsi_debug: Fix a warning in resp_verify() (git-fixes). - scsi: scsi_debug: Fix a warning in resp_write_scat() (git-fixes). - scsi: scsi_debug: Fix possible name leak in sdebug_add_host_helper() (git-fixes). - scsi: snic: Fix possible UAF in snic_tgt_create() (git-fixes). - scsi: storvsc: Correct reporting of Hyper-V I/O size limits (git-fixes). - scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM (bsc#1206006). - scsi: tracing: Fix compile error in trace_array calls when TRACING is disabled (git-fixes). - scsi: ufs: Stop using the clock scaling lock in the error handler (git-fixes). - scsi: ufs: core: Enable link lost interrupt (git-fixes). - sctp: fail if no bound addresses can be used for a given scope (bsc#1206677). - selftests/vm: remove ARRAY_SIZE define from individual tests (git-fixes). - selftests: Provide local define of __cpuid_count() (git-fixes). - selftests: forwarding: lib: quote the sysctl values (git-fixes). - selftests: net: udpgso_bench: Fix racing bug between the rx/tx programs (git-fixes). - selftests: net: udpgso_bench_rx/tx: Stop when wrong CLI args are provided (git-fixes). - selftests: net: udpgso_bench_rx: Fix 'used uninitialized' compiler warning (git-fixes). - selftests: net: udpgso_bench_tx: Cater for pending datagrams zerocopy benchmarking (git-fixes). - serial: 8250_dma: Fix DMA Rx rearm race (git-fixes). - serial: atmel: fix incorrect baudrate setup (git-fixes). - serial: pch_uart: Pass correct sg to dma_unmap_sg() (git-fixes). - sfc: fix potential memleak in __ef100_hard_start_xmit() (git-fixes). - signal/vm86_32: Properly send SIGSEGV when the vm86 state cannot be saved (git-fixes). - soc: imx8m: Fix incorrect check for of_clk_get_by_name() (git-fixes). - spi: dw: Fix wrong FIFO level setting for long xfers (git-fixes). - spi: spidev: remove debug messages that access spidev->spi without locking (git-fixes). - staging: mt7621-dts: change some node hex addresses to lower case (git-fixes). - staging: vchiq_arm: fix enum vchiq_status return types (git-fixes). - swim3: add missing major.h include (git-fixes). - sysctl: add a new register_sysctl_init() interface (bsc#1207328). - tcp: prohibit TCP_REPAIR_OPTIONS if data was already sent (git-fixes). - thermal/core: Remove duplicate information when an error occurs (git-fixes). - thunderbolt: Do not call PM runtime functions in tb_retimer_scan() (git-fixes). - thunderbolt: Do not report errors if on-board retimers are found (git-fixes). - thunderbolt: Use correct function to calculate maximum USB3 link rate (git-fixes). - tick/nohz: Use WARN_ON_ONCE() to prevent console saturation. - tick/sched: Fix non-kernel-doc comment (git-fixes). - tomoyo: fix broken dependency on *.conf.default (git-fixes). - tools: fix ARRAY_SIZE defines in tools and selftests hdrs (git-fixes). - trace_events_hist: add check for return value of 'create_hist_field' (git-fixes). - tracing/hist: Fix issue of losting command info in error_log (git-fixes). - tracing/hist: Fix out-of-bound write on 'action_data.var_ref_idx' (git-fixes). - tracing/hist: Fix wrong return value in parse_action_params() (git-fixes). - tracing/osnoise: Make osnoise_main to sleep for microseconds (git-fixes). - tracing/perf: Avoid -Warray-bounds warning for __rel_loc macro (git-fixes). - tracing/probes: Handle system names with hyphens (git-fixes). - tracing: Add '__rel_loc' using trace event macros (git-fixes). - tracing: Add DYNAMIC flag for dynamic events (git-fixes). - tracing: Add trace_event helper macros __string_len() and __assign_str_len() (git-fixes). - tracing: Avoid -Warray-bounds warning for __rel_loc macro (git-fixes). - tracing: Do not use out-of-sync va_list in event printing (git-fixes). - tracing: Ensure trace buffer is at least 4096 bytes large (git-fixes). - tracing: Fix a kmemleak false positive in tracing_map (git-fixes). - tracing: Fix complicated dependency of CONFIG_TRACER_MAX_TRACE (git-fixes). - tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line (git-fixes). - tracing: Fix issue of missing one synthetic field (git-fixes). - tracing: Fix mismatched comment in __string_len (git-fixes). - tracing: Fix poll() and select() do not work on per_cpu trace_pipe and trace_pipe_raw (git-fixes). - tracing: Fix possible memory leak in __create_synth_event() error path (git-fixes). - tracing: Fix race where histograms can be called before the event (git-fixes). - tracing: Fix sleeping function called from invalid context on RT kernel (git-fixes). - tracing: Fix tp_printk option related with tp_printk_stop_on_boot (git-fixes). - tracing: Fix warning on variable 'struct trace_array' (git-fixes). - tracing: Have TRACE_DEFINE_ENUM affect trace event types as well (git-fixes). - tracing: Have syscall trace events use trace_event_buffer_lock_reserve() (git-fixes). - tracing: Have type enum modifications copy the strings (git-fixes). - tracing: Make sure trace_printk() can output as soon as it can be used (git-fixes). - tracing: Make tp_printk work on syscall tracepoints (git-fixes). - tracing: Use alignof__(struct {type b;}) instead of offsetof() (git-fixes). - tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate (git-fixes). - tty: fix possible null-ptr-defer in spk_ttyio_release (git-fixes). - tty: serial: qcom-geni-serial: fix slab-out-of-bounds on RX FIFO buffer (git-fixes). - ubsan: no need to unset panic_on_warn in ubsan_epilogue() (bsc#1207328). - usb-storage: apply IGNORE_UAS only for HIKSEMI MD202 on RTL9210 (git-fixes). - usb: acpi: add helper to check port lpm capability using acpi _DSM (git-fixes). - usb: cdns3: remove fetched trb from cache before dequeuing (git-fixes). - usb: core: add quirk for Alcor Link AK9563 smartcard reader (git-fixes). - usb: core: hub: disable autosuspend for TI TUSB8041 (git-fixes). - usb: dwc3: qcom: enable vbus override when in OTG dr-mode (git-fixes). - usb: fotg210-udc: Fix ages old endianness issues (git-fixes). - usb: gadget: f_fs: Ensure ep0req is dequeued before free_request (git-fixes). - usb: gadget: f_fs: Fix unbalanced spinlock in __ffs_ep0_queue_wait (git-fixes). - usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait (git-fixes). - usb: gadget: f_hid: fix f_hidg lifetime vs cdev (git-fixes). - usb: gadget: f_hid: fix refcount leak on error path (git-fixes). - usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate() (git-fixes). - usb: gadget: f_uac2: Fix incorrect increment of bNumEndpoints (git-fixes). - usb: gadget: g_webcam: Send color matching descriptor per frame (git-fixes). - usb: gadget: udc: core: Print error code in usb_gadget_probe_driver() (git-fixes). - usb: gadget: udc: core: Revise comments for USB ep enable/disable (git-fixes). - usb: gadget: udc: core: Use pr_fmt() to prefix messages (git-fixes). - usb: gadget: udc: core: remove usage of list iterator past the loop body (git-fixes). - usb: host: ehci-fsl: Fix module alias (git-fixes). - usb: typec: altmodes/displayport: Add pin assignment helper (git-fixes). - usb: typec: altmodes/displayport: Fix pin assignment calculation (git-fixes). - usb: typec: altmodes/displayport: Fix probe pin assign check (git-fixes). - usb: typec: tcpm: Fix altmode re-registration causes sysfs create fail (git-fixes). - usb: xhci: Check endpoint is valid before dereferencing it (git-fixes). - vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF (git-fixes). - vfs: Check the truncate maximum size in inode_newsize_ok() (bsc#1207642). - vfs: make sync_filesystem return errors from ->sync_fs (git-fixes). - virtio-blk: modify the value type of num in virtio_queue_rq() (git-fixes). - virtio-net: correctly enable callback during start_xmit (git-fixes). - virtio_pci: modify ENOENT to EINVAL (git-fixes). - w1: fix WARNING after calling w1_process() (git-fixes). - w1: fix deadloop in __w1_remove_master_device() (git-fixes). - wait: Fix __wait_event_hrtimeout for RT/DL tasks (git-fixes) - watchdog-diag288_wdt-fix-__diag288-inline-assembly.patch - watchdog/hpwdt: Enable HP_WATCHDOG for ARM64 systems. (jsc#PED-3210) - watchdog: diag288_wdt: do not use stack buffers for hardware data (bsc#1207497). - watchdog: diag288_wdt: fix __diag288() inline assembly (bsc#1207497). - wifi: brcmfmac: fix regression for Broadcom PCIe wifi devices (git-fixes). - wifi: mac80211: sdata can be NULL during AMPDU start (git-fixes). - wifi: mt76: mt7921: add mt7921_mutex_acquire at mt7921_sta_set_decap_offload (git-fixes). - wifi: mt76: mt7921e: fix race issue between reset and suspend/resume (git-fixes). - wifi: mt76: sdio: fix the deadlock caused by sdio->stat_work (git-fixes). - wifi: mt76: sdio: poll sta stat when device transmits data (git-fixes). - wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid (git-fixes). - writeback: avoid use-after-free after removing device (bsc#1207638). - x86/MCE/AMD: Clear DFR errors found in THR handler (git-fixes). - x86/asm: Fix an assembler warning with current binutils (git-fixes). - x86/boot: Avoid using Intel mnemonics in AT&T syntax asm (git-fixes). - x86/hyperv: Remove unregister syscore call from Hyper-V cleanup (git-fixes). - x86/hyperv: Restore VP assist page after cpu offlining/onlining (git-fixes). - x86/kprobes: Fix kprobes instruction boudary check with CONFIG_RETHUNK (git-fixes). - x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK (git-fixes). - x86/kvm: Remove unused virt to phys translation in kvm_guest_cpu_init() (git-fixes). - x86/microcode/intel: Do not retry microcode reloading on the APs (git-fixes). - x86: ACPI: cstate: Optimize C3 entry on AMD CPUs (git-fixes). - xfs: Fix unreferenced object reported by kmemleak in xfs_sysfs_init() (git-fixes). - xfs: estimate post-merge refcounts correctly (bsc#1208183). - xfs: fix incorrect error-out in xfs_remove (git-fixes). - xfs: fix incorrect i_nlink caused by inode racing (git-fixes). - xfs: fix maxlevels comparisons in the btree staging code (git-fixes). - xfs: fix memory leak in xfs_errortag_init (git-fixes). - xfs: get rid of assert from xfs_btree_islastblock (git-fixes). - xfs: get root inode correctly at bulkstat (git-fixes). - xfs: hoist refcount record merge predicates (bsc#1208183). - xfs: initialize the check_owner object fully (git-fixes). - xfs: prevent a WARN_ONCE() in xfs_ioc_attr_list() (git-fixes). - xfs: reject crazy array sizes being fed to XFS_IOC_GETBMAP* (git-fixes). - xfs: return errors in xfs_fs_sync_fs (git-fixes). - xfs: xfstest fails with error missing kernel patch (git-fixes bsc#1207501 ltc#201370). - xhci-pci: set the dma max_seg_size (git-fixes). - xhci: Fix null pointer dereference when host dies (git-fixes). - zram: Delete patch for regression addressed (bsc#1207933). - zram: do not lookup algorithm in backends table (git-fixes). ----------------------------------------- Patch: SUSE-2023-557 Released: Tue Feb 28 09:29:15 2023 Summary: Security update for libxslt Severity: important References: 1208574,CVE-2021-30560 Description: This update for libxslt fixes the following issues: - CVE-2021-30560: Fixing a use after free vulnerability in Blink XSLT (bsc#1208574). ----------------------------------------- Patch: SUSE-2023-563 Released: Tue Feb 28 10:51:46 2023 Summary: Recommended update for openssl-1_1 Severity: moderate References: 1207994 Description: This update for openssl-1_1 fixes the following issues: - FIPS: Serialize jitterentropy calls to avoid thread safety issues [bsc#1207994] ----------------------------------------- Patch: SUSE-2023-617 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Severity: moderate References: 1207789 Description: This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) ----------------------------------------- Patch: SUSE-2023-709 Released: Fri Mar 10 16:04:41 2023 Summary: Recommended update for console-setup Severity: moderate References: 1202853 Description: This update for console-setup and kbd fixes the following issue: - Fix Caps_Lock mapping for us.map and others (bsc#1202853) ----------------------------------------- Patch: SUSE-2023-776 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Severity: moderate References: Description: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------- Patch: SUSE-2023-782 Released: Thu Mar 16 19:08:34 2023 Summary: Recommended update for libgcrypt Severity: moderate References: 1208924,1208925,1208926 Description: This update for libgcrypt fixes the following issues: - FIPS: ECC: Transition to error-state if PCT fail [bsc#1208925] - FIPS: ECDSA: Avoid no-keytest in ECDSA keygen [bsc#1208924] - FIPS: PBKDF2: Added additional checks for the minimum key length, salt length, iteration count and passphrase length to the kdf FIPS indicator in _gcry_fips_indicator_kdf() [bsc#1208926] ----------------------------------------- Patch: SUSE-2023-783 Released: Thu Mar 16 19:09:03 2023 Summary: Recommended update for openssl-1_1 Severity: moderate References: 1208998 Description: This update for openssl-1_1 fixes the following issues: FIPS: Service-level indicator changes [bsc#1208998] * Add additional checks required by FIPS 140-3. Minimum values for PBKDF2 are: 112 bits for key, 128 bits for salt, 1000 for iteration count and 20 characters for password. ----------------------------------------- Patch: SUSE-2023-785 Released: Thu Mar 16 19:34:43 2023 Summary: Recommended update for grub2 Severity: moderate References: 1205200,1205554 Description: This update for grub2 fixes the following issues: - Remove zfs modules (bsc#1205554) - Make grub.cfg invariant to efi and legacy platforms (bsc#1205200) ----------------------------------------- Patch: SUSE-2023-1582 Released: Mon Mar 27 10:31:52 2023 Summary: Security update for curl Severity: moderate References: 1209209,1209210,1209211,1209212,1209214,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538 Description: This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). ----------------------------------------- Patch: SUSE-2023-1609 Released: Tue Mar 28 09:25:48 2023 Summary: Security update for the Linux Kernel Severity: important References: 1177529,1193629,1197534,1197617,1198438,1200054,1202353,1202633,1203200,1203331,1204363,1204993,1205544,1205846,1206103,1206232,1206492,1206493,1206824,1206935,1207051,1207270,1207529,1207560,1207845,1207846,1208179,1208212,1208420,1208449,1208534,1208541,1208542,1208570,1208598,1208599,1208601,1208605,1208607,1208628,1208700,1208741,1208759,1208776,1208777,1208784,1208787,1208816,1208837,1208843,1208848,1209008,1209159,1209188,1209256,1209258,1209262,1209291,1209436,1209457,1209504,CVE-2022-3523,CVE-2022-38096,CVE-2023-0461,CVE-2023-0597,CVE-2023-1075,CVE-2023-1076,CVE-2023-1078,CVE-2023-1095,CVE-2023-1118,CVE-2023-22995,CVE-2023-22998,CVE-2023-23000,CVE-2023-23004,CVE-2023-23559,CVE-2023-25012,CVE-2023-26545,CVE-2023-28328 Description: The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes. - CVE-2022-3523: Fixed use after free related to device private page handling (bsc#1204363). - CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331). - CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208787). - CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845). - CVE-2023-1075: Fixed a type confusion in tls_is_tx_ready (bsc#1208598). - CVE-2023-1076: Fixed incorrect UID assigned to tun/tap sockets (bsc#1208599). - CVE-2023-1078: Fixed a heap out-of-bounds write in rds_rm_zerocopy_callback (bsc#1208601). - CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head (bsc#1208777). - CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). - CVE-2023-22995: Fixed lacks of certain platform_device_put and kfree in drivers/usb/dwc3/dwc3-qcom.c (bsc#1208741). - CVE-2023-22998: Fixed misinterpretation of the irtio_gpu_object_shmem_init() return value (bsc#1208776). - CVE-2023-23000: Fixed return value of tegra_xusb_find_port_node function phy/tegra (bsc#1208816). - CVE-2023-23004: Fixed misinterpretation of the get_sg_table return value in arm/malidp_planes.c (bsc#1208843). - CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051). - CVE-2023-25012: Fixed a use-After-Free in bigben_set_led() in hid (bsc#1207560). - CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700). - CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c (bsc#1209291). The following non-security bugs were fixed: - [xen] fix 'direction' argument of iov_iter_kvec() (git-fixes). - acpi: Do not build ACPICA with '-Os' (git-fixes). - acpi: NFIT: fix a potential deadlock during NFIT teardown (git-fixes). - acpi: battery: Fix missing NUL-termination with large strings (git-fixes). - acpi: resource: Add helper function acpi_dev_get_memory_resources() (git-fixes). - acpi: video: Fix Lenovo Ideapad Z570 DMI match (git-fixes). - acpica: Drop port I/O validation for some regions (git-fixes). - acpica: nsrepair: handle cases without a return value correctly (git-fixes). - alsa: hda/ca0132: minor fix for allocation size (git-fixes). - alsa: hda/conexant: add a new hda codec SN6180 (git-fixes). - alsa: hda/realtek - fixed wrong gpio assigned (git-fixes). - alsa: hda/realtek: Add quirk for HP EliteDesk 800 G6 Tower PC (git-fixes). - alsa: hda: Do not unset preset when cleaning up codec (git-fixes). - alsa: hda: Match only Intel devices with CONTROLLER_IN_GPU() (git-fixes). - alsa: ice1712: Delete unreachable code in aureon_add_controls() (git-fixes). - alsa: ice1712: Do not left ice->gpio_mutex locked in aureon_add_controls() (git-fixes). - applicom: Fix PCI device refcount leak in applicom_init() (git-fixes). - arm64: Treat ESR_ELx as a 64-bit register (git-fixes) - arm64: atomics: remove LL/SC trampolines (git-fixes) - arm64: cacheinfo: Fix incorrect assignment of signed error value to (git-fixes) - arm64: cmpxchg_double*: hazard against entire exchange variable (git-fixes) - arm64: dts: amlogic: meson-axg: fix SCPI clock dvfs node name (git-fixes). - arm64: dts: amlogic: meson-gx-libretech-pc: fix update button name (git-fixes). - arm64: dts: amlogic: meson-gx: add missing SCPI sensors compatible (git-fixes). - arm64: dts: amlogic: meson-gx: add missing unit address to rng node name (git-fixes). - arm64: dts: amlogic: meson-gx: fix SCPI clock dvfs node name (git-fixes). - arm64: dts: amlogic: meson-gxbb-kii-pro: fix led node name (git-fixes). - arm64: dts: amlogic: meson-gxl-s905d-phicomm-n1: fix led node name (git-fixes). - arm64: dts: amlogic: meson-gxl-s905d-sml5442tw: drop invalid clock-names property (git-fixes). - arm64: dts: amlogic: meson-gxl: add missing unit address to eth-phy-mux node name (git-fixes). - arm64: dts: amlogic: meson-sm1-bananapi-m5: fix adc keys node names (git-fixes). - arm64: dts: amlogic: meson-sm1-odroid-hc4: fix active fan thermal trip (git-fixes). - arm64: dts: arm: drop unused interrupt-names in MHU (git-fixes) - arm64: dts: imx8m: Align SoC unique ID node unit address (git-fixes). - arm64: dts: juno: Add missing MHU secure-irq (git-fixes) - arm64: dts: mediatek: mt7622: Add missing pwm-cells to pwm node (git-fixes). - arm64: dts: mediatek: mt8183: Fix systimer 13 MHz clock description (git-fixes). - arm64: dts: meson-g12a: Fix internal Ethernet PHY unit name (git-fixes). - arm64: dts: meson-gx: Fix Ethernet MAC address unit name (git-fixes). - arm64: dts: meson-gx: Fix the SCPI DVFS node name and unit address (git-fixes). - arm64: dts: meson: bananapi-m5: switch VDDIO_C pin to OPEN_DRAIN (git-fixes). - arm64: dts: meson: remove CPU opps below 1GHz for G12A boards (git-fixes). - arm64: dts: mt8192: Fix CPU map for single-cluster SoC (git-fixes). - arm64: dts: qcom: Fix IPQ8074 PCIe PHY nodes (git-fixes). - arm64: dts: qcom: ipq8074: correct Gen2 PCIe ranges (git-fixes). - arm64: dts: qcom: ipq8074: correct PCIe QMP PHY output clock names (git-fixes). - arm64: dts: qcom: ipq8074: correct USB3 QMP PHY-s clock output names (git-fixes). - arm64: dts: qcom: ipq8074: fix Gen2 PCIe QMP PHY (git-fixes). - arm64: dts: qcom: ipq8074: fix Gen3 PCIe QMP PHY (git-fixes). - arm64: dts: qcom: ipq8074: fix Gen3 PCIe node (git-fixes). - arm64: dts: qcom: ipq8074: fix PCIe PHY serdes size (git-fixes). - arm64: dts: qcom: pmk8350: Specify PBS register for PON (git-fixes). - arm64: dts: qcom: pmk8350: Use the correct PON compatible (git-fixes). - arm64: dts: qcom: qcs404: use symbol names for PCIe resets (git-fixes). - arm64: dts: qcom: sc7180: correct SPMI bus address cells (git-fixes). - arm64: dts: qcom: sc7280: correct SPMI bus address cells (git-fixes). - arm64: dts: qcom: sdm845-db845c: fix audio codec interrupt pin name (git-fixes). - arm64: dts: qcom: sm8150-kumano: Panel framebuffer is 2.5k instead of 4k (git-fixes). - arm64: dts: renesas: beacon-renesom: Fix gpio expander reference (git-fixes). - arm64: dts: rockchip: drop unused LED mode property from rk3328-roc-cc (git-fixes). - arm64: dts: ti: k3-j7200: Fix wakeup pinmux range (git-fixes). - arm64: efi: Make efi_rt_lock a raw_spinlock (git-fixes). - arm64: make is_ttbrX_addr() noinstr-safe (git-fixes) - arm64: mm: kfence: only handle translation faults (git-fixes) - arm: OMAP1: call platform_device_put() in error case in omap1_dm_timer_init() (git-fixes). - arm: OMAP2+: Fix memory leak in realtime_counter_init() (git-fixes). - arm: bcm2835_defconfig: Enable the framebuffer (git-fixes). - arm: dts: am5748: keep usb4_tm disabled (git-fixes) - arm: dts: exynos: Use Exynos5420 compatible for the MIPI video phy (git-fixes). - arm: dts: exynos: correct HDMI phy compatible in Exynos4 (git-fixes). - arm: dts: exynos: correct TMU phandle in Exynos4 (git-fixes). - arm: dts: exynos: correct TMU phandle in Exynos4210 (git-fixes). - arm: dts: exynos: correct TMU phandle in Exynos5250 (git-fixes). - arm: dts: exynos: correct TMU phandle in Odroid HC1 (git-fixes). - arm: dts: exynos: correct TMU phandle in Odroid XU (git-fixes). - arm: dts: exynos: correct TMU phandle in Odroid XU3 family (git-fixes). - arm: dts: exynos: correct wr-active property in Exynos3250 Rinato (git-fixes). - arm: dts: imx7-colibri-eval-v3: correct can controller comment (git-fixes) - arm: dts: imx7s: correct iomuxc gpr mux controller cells (git-fixes). - arm: dts: qcom: msm8974: add required ranges to OCMEM (git-fixes) - arm: dts: qcom: sdx55: Add Qcom SMMU-500 as the fallback for IOMMU node (git-fixes). - arm: dts: rockchip: add power-domains property to dp node on rk3288 (git-fixes). - arm: dts: spear320-hmi: correct STMPE GPIO compatible (git-fixes). - arm: dts: stm32: add missing usbh clock and fix clk order on (git-fixes) - arm: dts: stm32: use usbphyc ck_usbo_48m as USBH OHCI clock on (git-fixes) - arm: dts: sun8i: nanopi-duo2: Fix regulator GPIO reference (git-fixes). - arm: imx: Call ida_simple_remove() for ida_simple_get (git-fixes). - arm: imx: rename DEBUG_IMX21_IMX27_UART to DEBUG_IMX27_UART (git-fixes) - arm: omap: remove debug-leds driver (git-fixes) - arm: remove some dead code (git-fixes) - arm: renumber bits related to _TIF_WORK_MASK (git-fixes) - arm: s3c: fix s3c64xx_set_timer_source prototype (git-fixes). - arm: shmobile: rcar-gen2: Add missing of_node_put() (git-fixes) - arm: zynq: Fix refcount leak in zynq_early_slcr_init (git-fixes). - ascpi / x86: Add support for LPS0 callback handler (git-fixes). - asoc: Intel: sof_cs42l42: always set dpcm_capture for amplifiers (git-fixes). - asoc: Intel: sof_rt5682: always set dpcm_capture for amplifiers (git-fixes). - asoc: adau7118: do not disable regulators on device unbind (git-fixes). - asoc: codecs: Change bulk clock voting to optional voting in digital codecs (git-fixes). - asoc: codecs: lpass: fix incorrect mclk rate (git-fixes). - asoc: codecs: rx-macro: move clk provider to managed variants (git-fixes). - asoc: codecs: rx-macro: move to individual clks from bulk (git-fixes). - asoc: codecs: tx-macro: move clk provider to managed variants (git-fixes). - asoc: codecs: tx-macro: move to individual clks from bulk (git-fixes). - asoc: cs42l56: fix DT probe (git-fixes). - asoc: dt-bindings: meson: fix gx-card codec node regex (git-fixes). - asoc: fsl_sai: Update to modern clocking terminology (git-fixes). - asoc: kirkwood: Iterate over array indexes instead of using pointer math (git-fixes). - asoc: mchp-spdifrx: Fix uninitialized use of mr in mchp_spdifrx_hw_params() (git-fixes). - asoc: mchp-spdifrx: disable all interrupts in mchp_spdifrx_dai_remove() (git-fixes). - asoc: mchp-spdifrx: fix controls which rely on rsr register (git-fixes). - asoc: rsnd: Remove unnecessary rsnd_dbg_dai_call() (git-fixes). - asoc: rsnd: fixup #endif position (git-fixes). - asoc: rt715-sdca: fix clock stop prepare timeout issue (git-fixes). - asoc: soc-compress.c: fixup private_data on snd_soc_new_compress() (git-fixes). - asoc: soc-compress: Reposition and add pcm_mutex (git-fixes). - asoc: soc-dapm.h: fixup warning struct snd_pcm_substream not declared (git-fixes). - asoc: tlv320adcx140: fix 'ti,gpio-config' DT property init (git-fixes). - asoc: zl38060 add gpiolib dependency (git-fixes). - asoc: zl38060: Remove spurious gpiolib select (git-fixes). - ath9k: hif_usb: simplify if-if to if-else (git-fixes). - ath9k: htc: clean up statistics macros (git-fixes). - auxdisplay: hd44780: Fix potential memory leak in hd44780_remove() (git-fixes). - avoid deadlock for recursive I/O on dm-thin when used as swap (bsc#1177529). - backlight: backlight: Fix doc for backlight_device_get_by_name (git-fixes). - block: bio-integrity: Copy flags when bio_integrity_payload is cloned (bsc#1208541). - bluetooth: L2CAP: Fix potential user-after-free (git-fixes). - bluetooth: btusb: Add VID:PID 13d3:3529 for Realtek RTL8821CE (git-fixes). - bluetooth: hci_qca: get wakeup status from serdev device handle (git-fixes). - bluetooth: hci_sock: purge socket queues in the destruct() callback (git-fixes). - bpf, perf: Use subprog name when reporting subprog ksymbol (git fixes). - bpf, x64: Factor out emission of REX byte in more cases (git-fixes). - bpf: Fix extable address check (git-fixes). - bpf: Fix extable fixup offset (git-fixes). - ceph: update the time stamps and try to drop the suid/sgid (bsc#1209504). - cifs: Check the lease context if we actually got a lease (bsc#1193629). - cifs: Convert struct fealist away from 1-element array (bsc#1193629). - cifs: Fix lost destroy smbd connection when MR allocate failed (git-fixes). - cifs: Fix oops due to uncleared server->smbd_conn in reconnect (git-fixes). - cifs: Fix uninitialized memory read in smb3_qfs_tcon() (bsc#1193629). - cifs: Fix uninitialized memory reads for oparms.mode (bsc#1193629). - cifs: Fix use-after-free in rdata->read_into_pages() (git-fixes). - cifs: Fix warning and UAF when destroy the MR list (git-fixes). - cifs: Get rid of unneeded conditional in the smb2_get_aead_req() (bsc#1193629). - cifs: Replace remaining 1-element arrays (bsc#1193629). - cifs: Replace zero-length arrays with flexible-array members (bsc#1193629). - cifs: Use kstrtobool() instead of strtobool() (bsc#1193629). - cifs: do not try to use rdma offload on encrypted connections (bsc#1193629). - cifs: fix mount on old smb servers (boo#1206935). - cifs: get rid of dns resolve worker (bsc#1193629). - cifs: get rid of unneeded conditional in cifs_get_num_sgs() (bsc#1193629). - cifs: improve checking of DFS links over STATUS_OBJECT_NAME_INVALID (git-fixes). - cifs: introduce cifs_io_parms in smb2_async_writev() (bsc#1193629). - cifs: match even the scope id for ipv6 addresses (bsc#1193629). - cifs: prevent data race in cifs_reconnect_tcon() (bsc#1193629). - cifs: prevent data race in smb2_reconnect() (bsc#1193629). - cifs: print last update time for interface list (bsc#1193629). - cifs: remove unneeded 2bytes of padding from smb2 tree connect (bsc#1193629). - cifs: return a single-use cfid if we did not get a lease (bsc#1193629). - cifs: reuse cifs_match_ipaddr for comparison of dstaddr too (bsc#1193629). - cifs: split out smb3_use_rdma_offload() helper (bsc#1193629). - cifs: update ip_addr for ses only for primary chan setup (bsc#1193629). - cifs: use tcon allocation functions even for dummy tcon (git-fixes). - cifs: use the least loaded channel for sending requests (bsc#1193629). - clk: HI655X: select REGMAP instead of depending on it (git-fixes). - clk: Honor CLK_OPS_PARENT_ENABLE in clk_core_is_enabled() (git-fixes). - clk: imx: avoid memory leak (git-fixes). - clk: mxl: Add option to override gate clks (git-fixes). - clk: mxl: Fix a clk entry by adding relevant flags (git-fixes). - clk: mxl: Remove redundant spinlocks (git-fixes). - clk: mxl: Switch from direct readl/writel based IO to regmap based IO (git-fixes). - clk: mxl: syscon_node_to_regmap() returns error pointers (git-fixes). - clk: qcom: gcc-qcs404: disable gpll[04]_out_aux parents (git-fixes). - clk: qcom: gcc-qcs404: fix names of the DSI clocks used as parents (git-fixes). - clk: ralink: fix 'mt7621_gate_is_enabled()' function (git-fixes). - clk: renesas: cpg-mssr: Fix use after free if cpg_mssr_common_init() failed (git-fixes). - clk: renesas: cpg-mssr: Remove superfluous check in resume code (git-fixes). - clocksource: Suspend the watchdog temporarily when high read latency detected (git-fixes). - comedi: use menuconfig for main Comedi menu (git-fixes). - crypto: arm64 - Fix unused variable compilation warnings of (git-fixes) - crypto: ccp - Avoid page allocation failure warning for SEV_GET_ID2 (git-fixes). - crypto: ccp - Failure on re-initialization due to duplicate sysfs filename (git-fixes). - crypto: crypto4xx - Call dma_unmap_page when done (git-fixes). - crypto: essiv - Handle EBUSY correctly (git-fixes). - crypto: qat - fix out-of-bounds read (git-fixes). - crypto: rsa-pkcs1pad - Use akcipher_request_complete (git-fixes). - crypto: seqiv - Handle EBUSY correctly (git-fixes). - crypto: x86/ghash - fix unaligned access in ghash_setkey() (git-fixes). - crypto: xts - Handle EBUSY correctly (git-fixes). - delete suse/drm-i915-Don-t-use-BAR-mappings-for-ring-buffers-wit Resulted in an Oops / hang at boot (bsc#1209436) - dmaengine: dw-axi-dmac: Do not dereference NULL structure (git-fixes). - dmaengine: dw-edma: Do not permit non-inc interleaved xfers (git-fixes). - dmaengine: dw-edma: Drop chancnt initialization (git-fixes). - dmaengine: dw-edma: Fix invalid interleaved xfers semantics (git-fixes). - dmaengine: dw-edma: Fix missing src/dst address of interleaved xfers (git-fixes). - dmaengine: dw-edma: Fix readq_ch() return value truncation (git-fixes). - dmaengine: idxd: Set traffic class values in GRPCFG on DSA 2.0 (git-fixes). - dmaengine: ptdma: check for null desc before calling pt_cmd_callback (git-fixes). - dmaengine: sf-pdma: pdma_desc memory leak fix (git-fixes). - do not sign the vanilla kernel (bsc#1209008). - docs/scripts/gdb: add necessary make scripts_gdb step (git-fixes). - docs: Correct missing 'd_' prefix for dentry_operations member d_weak_revalidate (git-fixes). - docs: ftrace: fix a issue with duplicated subtitle number (git-fixes). - docs: gdbmacros: print newest record (git-fixes). - documentation/hw-vuln: Document the interaction between IBRS and STIBP (git-fixes). - documentation: simplify and clarify DCO contribution example language (git-fixes). - driver core: fix potential null-ptr-deref in device_add() (git-fixes). - driver core: fix resource leak in device_add() (git-fixes). - driver core: fw_devlink: Add DL_FLAG_CYCLE support to device links (git-fixes). - drivers: base: transport_class: fix possible memory leak (git-fixes). - drivers: base: transport_class: fix resource leak when transport_add_device() fails (git-fixes). - drm/amd/display: Fix potential null-deref in dm_resume (git-fixes). - drm/amd/display: Properly handle additional cases where DCN is not supported (git-fixes). - drm/amd/display: reduce else-if to else in dcn10_blank_pixel_data() (git-fixes). - drm/amdgpu: fix enum odm_combine_mode mismatch (git-fixes). - drm/amdgpu: fix error checking in amdgpu_read_mm_registers for soc15 (git-fixes). - drm/bridge: Fix returned array size name for atomic_get_input_bus_fmts kdoc (git-fixes). - drm/bridge: lt8912b: Add hot plug detection (git-fixes). - drm/bridge: lt9611: fix HPD reenablement (git-fixes). - drm/bridge: lt9611: fix clock calculation (git-fixes). - drm/bridge: lt9611: fix polarity programming (git-fixes). - drm/bridge: lt9611: fix programming of video modes (git-fixes). - drm/bridge: lt9611: fix sleep mode setup (git-fixes). - drm/bridge: lt9611: pass a pointer to the of node (git-fixes). - drm/bridge: megachips: Fix error handling in i2c_register_driver() (git-fixes). - drm/connector: print max_requested_bpc in state debugfs (git-fixes). - drm/edid: fix AVI infoframe aspect ratio handling (git-fixes). - drm/fourcc: Add missing big-endian XRGB1555 and RGB565 formats (git-fixes). - drm/hyperv : Removing the restruction of VRAM allocation with PCI bar size (git-fixes). - drm/hyperv: Fix an error handling path in hyperv_vmbus_probe() (git-fixes). - drm/i915/gen11: Moving WAs to icl_gt_workarounds_init() (git-fixes). - drm/i915/gen11: Wa_1408615072/Wa_1407596294 should be on GT list (git-fixes). - drm/i915/quirks: Add inverted backlight quirk for HP 14-r206nv (git-fixes). - drm/i915: Do not use BAR mappings for ring buffers with LLC (git-fixes). - drm/mediatek: Clean dangling pointer on bind error path (git-fixes). - drm/mediatek: Drop unbalanced obj unref (git-fixes). - drm/mediatek: Use NULL instead of 0 for NULL pointer (git-fixes). - drm/mediatek: dsi: Reduce the time of dsi from LP11 to sending cmd (git-fixes). - drm/mediatek: mtk_drm_crtc: Add checks for devm_kcalloc (git-fixes). - drm/meson: fix 1px pink line on GXM when scaling video overlay (git-fixes). - drm/mipi-dsi: Fix byte order of 16-bit DCS set/get brightness (git-fixes). - drm/msm/a5xx: fix context faults during ring switch (git-fixes). - drm/msm/a5xx: fix highest bank bit for a530 (git-fixes). - drm/msm/a5xx: fix setting of the CP_PREEMPT_ENABLE_LOCAL register (git-fixes). - drm/msm/a5xx: fix the emptyness check in the preempt code (git-fixes). - drm/msm/adreno: Fix null ptr access in adreno_gpu_cleanup() (git-fixes). - drm/msm/disp/dpu: fix sc7280_pp base offset (git-fixes). - drm/msm/dpu: Add check for cstate (git-fixes). - drm/msm/dpu: Add check for pstates (git-fixes). - drm/msm/dpu: Disallow unallocated resources to be returned (git-fixes). - drm/msm/dpu: drop stale comment from struct dpu_mdp_cfg doc (git-fixes). - drm/msm/dpu: fix len of sc7180 ctl blocks (git-fixes). - drm/msm/dpu: set pdpu->is_rt_pipe early in dpu_plane_sspp_atomic_update() (git-fixes). - drm/msm/dsi: Add missing check for alloc_ordered_workqueue (git-fixes). - drm/msm/gem: Add check for kmalloc (git-fixes). - drm/msm/hdmi: Add missing check for alloc_ordered_workqueue (git-fixes). - drm/msm/mdp5: Add check for kzalloc (git-fixes). - drm/msm: Fix potential invalid ptr free (git-fixes). - drm/msm: clean event_thread->worker in case of an error (git-fixes). - drm/msm: use strscpy instead of strncpy (git-fixes). - drm/nouveau/devinit/tu102-: wait for GFW_BOOT_PROGRESS == COMPLETED (git-fixes). - drm/nouveau/kms/nv50-: remove unused functions (git-fixes). - drm/nouveau/kms/nv50: fix nv50_wndw_new_ prototype (git-fixes). - drm/omap: dsi: Fix excessive stack usage (git-fixes). - drm/omapdrm: Remove unused struct csc_coef_rgb2yuv (git-fixes). - drm/panfrost: Do not sync rpm suspension after mmu flushing (git-fixes). - drm/radeon: Fix eDP for single-display iMac11,2 (git-fixes). - drm/radeon: free iio for atombios when driver shutdown (git-fixes). - drm/shmem-helper: Remove another errant put in error path (git-fixes). - drm/sun4i: fix missing component unbind on bind errors (git-fixes). - drm/tiny: ili9486: Do not assume 8-bit only SPI controllers (git-fixes). - drm/vc4: dpi: Add option for inverting pixel clock and output enable (git-fixes). - drm/vc4: dpi: Fix format mapping for RGB565 (git-fixes). - drm/vc4: hdmi: Correct interlaced timings again (git-fixes). - drm/vc4: hvs: Fix colour order for xRGB1555 on HVS5 (git-fixes). - drm/vc4: hvs: Set AXI panic modes (git-fixes). - drm/vc4: vec: Use pm_runtime_resume_and_get() in vc4_vec_encoder_enable() (git-fixes). - drm/vkms: Fix memory leak in vkms_init() (git-fixes). - drm/vkms: Fix null-ptr-deref in vkms_release() (git-fixes). - drm: Fix potential null-ptr-deref due to drmm_mode_config_init() (git-fixes). - drm: amd: display: Fix memory leakage (git-fixes). - drm: mxsfb: DRM_MXSFB should depend on ARCH_MXS || ARCH_MXC (git-fixes). - drm: panel-orientation-quirks: Add quirk for Lenovo IdeaPad Duet 3 10IGL5 (git-fixes). - drm: tidss: Fix pixel format definition (git-fixes). - dt-bindings: arm: fsl: Fix bindings for APF28Dev board (git-fixes). - dt-bindings: hwlock: sun6i: Add missing #hwlock-cells (git-fixes). - dt-bindings: input: iqs626a: Redefine trackpad property types (git-fixes). - dt-bindings: msm: dsi-controller-main: Add vdd* descriptions back in (git-fixes). - dt-bindings: net: snps,dwmac: Fix snps,reset-delays-us dependency (git-fixes). - dt-bindings: power: supply: pm8941-coincell: Do not require charging properties (git-fixes). - dt-bindings: usb: amlogic,meson-g12a-usb-ctrl: make G12A usb3-phy0 optional (git-fixes). - eeprom: idt_89hpesx: Fix error handling in idt_init() (git-fixes). - fbdev: omapfb: cleanup inconsistent indentation (git-fixes). - firmware/efi sysfb_efi: Add quirk for Lenovo IdeaPad Duet 3 (git-fixes). - firmware: coreboot: Remove GOOGLE_COREBOOT_TABLE_ACPI/OF Kconfig entries (git-fixes). - firmware: coreboot: framebuffer: Ignore reserved pixel color bits (git-fixes). - firmware: dmi-sysfs: Fix null-ptr-deref in dmi_sysfs_register_handle (git-fixes). - firmware: stratix10-svc: add missing gen_pool_destroy() in stratix10_svc_drv_probe() (git-fixes). - firmware: xilinx: do not make a sleepable memory allocation from an atomic context (git-fixes). - fork: allow CLONE_NEWTIME in clone3 flags (bsc#1209258). - fuse: add inode/permission checks to fileattr_get/fileattr_set (bsc#1208759). - gpio: tegra186: remove unneeded loop in tegra186_gpio_init_route_mapping() (git-fixes). - gpio: vf610: connect GPIO label to dev name (git-fixes). - gpu: host1x: Do not skip assigning syncpoints to channels (git-fixes). - gpu: ipu-v3: common: Add of_node_put() for reference returned by of_graph_get_port_by_id() (git-fixes). - hid: Add Mapping for System Microphone Mute (git-fixes). - hid: asus: use spinlock to protect concurrent accesses (git-fixes). - hid: asus: use spinlock to safely schedule workers (git-fixes). - hid: bigben: use spinlock to protect concurrent accesses (git-fixes). - hid: bigben: use spinlock to safely schedule workers (git-fixes). - hid: bigben_probe(): validate report count (git-fixes). - hid: bigben_worker() remove unneeded check on report_field (git-fixes). - hid: core: Fix deadloop in hid_apply_multiplier (git-fixes). - hid: elecom: add support for TrackBall 056E:011C (git-fixes). - hid: logitech-hidpp: Do not restart communication if not necessary (git-fixes). - hid: multitouch: Add quirks for flipped axes (git-fixes). - hid: retain initial quirks set up when creating HID devices (git-fixes). - hv: fix comment typo in vmbus_channel/low_latency (git-fixes). - hv_netvsc: Allocate memory in netvsc_dma_map() with GFP_ATOMIC (git-fixes). - hv_netvsc: Check status in SEND_RNDIS_PKT completion message (git-fixes). - hwmon: (adm1266) Set `can_sleep` flag for GPIO chip (git-fixes). - hwmon: (adt7475) Display smoothing attributes in correct order (git-fixes). - hwmon: (adt7475) Fix masking of hysteresis registers (git-fixes). - hwmon: (coretemp) Simplify platform device handling (git-fixes). - hwmon: (ftsteutates) Fix scaling of measurements (git-fixes). - hwmon: (ina3221) return prober error code (git-fixes). - hwmon: (k10temp): Add support for new family 17h and 19h models (bsc#1208848). - hwmon: (ltc2945) Handle error case in ltc2945_value_store (git-fixes). - hwmon: (ltc2992) Set `can_sleep` flag for GPIO chip (git-fixes). - hwmon: (mlxreg-fan) Return zero speed for broken fan (git-fixes). - hwmon: (ucd90320) Add minimum delay between bus accesses (git-fixes). - hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition (git-fixes). - hwmon: tmp512: drop of_match_ptr for ID table (git-fixes). - i2c: designware: fix i2c_dw_clk_rate() return size to be u32 (git-fixes). - ib/hfi1: Assign npages earlier (git-fixes) - ib/hfi1: Fix math bugs in hfi1_can_pin_pages() (git-fixes) - ib/hfi1: Fix sdma.h tx->num_descs off-by-one errors (git-fixes) - ib/hfi1: Update RMT size calculation (git-fixes) - iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_config_word() (git-fixes). - iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_status_word() (git-fixes). - iio: light: tsl2563: Do not hardcode interrupt trigger type (git-fixes). - input: ads7846 - always set last command to PWRDOWN (git-fixes). - input: ads7846 - do not check penirq immediately for 7845 (git-fixes). - input: ads7846 - do not report pressure for ads7845 (git-fixes). - input: iqs269a - configure device with a single block write (git-fixes). - input: iqs269a - drop unused device node references (git-fixes). - input: iqs269a - increase interrupt handler return delay (git-fixes). - input: iqs626a - drop unused device node references (git-fixes). - interconnect: exynos: fix node leak in probe PM QoS error path (git-fixes). - interconnect: fix mem leak when freeing nodes (git-fixes). - interconnect: qcom: osm-l3: fix icc_onecell_data allocation (git-fixes). - iommu/hyper-v: Allow hyperv irq remapping without x2apic (git-fixes). - irqchip/gic-v3: Refactor ISB + EOIR at ack time (git-fixes) - iw_cxgb4: Fix potential NULL dereference in c4iw_fill_res_cm_id_entry() (git-fixes) - kABI workaround for hid quirks (git-fixes). - kABI: pci: Reduce warnings on possible RW1C corruption (kabi). - kABI: pci: dwc: Add dw_pcie_ops.host_deinit() callback (kabi). - kabi fix for nfsv4: Fix free of uninitialized nfs4_label on referral lookup (git-fixes). - kabi fix for: nfs: Further optimisations for 'ls -l' (git-fixes). - kabi fix for: nfsd: Have legacy NFSD WRITE decoders use xdr_stream_subsegment() (git-fixes). - kabi fix for: nfsv3: handle out-of-order write replies (bsc#1205544). - kabi fix for: nfsv4.1 query for fs_location attr on a new file system (Never, kabi). - kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). When -b is specified the script is prefixed with KMP_NEEDS_MKINITRD=1 which sets the variable for a simple command. However, the script is no longer a simple command. Export the variable instead. - keys: asymmetric: Fix ECDSA use via keyctl uapi (git-fixes). - kmap_local: do not assume kmap PTEs are linear arrays in memory (git-fixes) Update config/armv7hl/default too. - leds: led-class: Add missing put_device() to led_put() (git-fixes). - leds: led-core: Fix refcount leak in of_led_get() (git-fixes). - lib/mpi: Fix buffer overrun when SG is too long (git-fixes). - lib/zlib: remove redundation assignement of avail_in dfltcc_gdht() (git-fixes). - locking/rwsem: Allow slowpath writer to ignore handoff bit if not set by first waiter (bsc#1207270). - locking/rwsem: Always try to wake waiters in out_nolock path (bsc#1207270). - locking/rwsem: Conditionally wake waiters in reader/writer slowpaths (bsc#1207270). - locking/rwsem: Disable preemption in all down_read*() and up_read() code paths (bsc#1207270). - locking/rwsem: Disable preemption in all down_write*() and up_write() code paths (bsc#1207270). - locking/rwsem: Disable preemption while trying for rwsem lock (bsc#1207270). - locking/rwsem: Make handoff bit handling more consistent (bsc#1207270). - locking/rwsem: No need to check for handoff bit if wait queue empty (bsc#1207270). - locking/rwsem: Prevent non-first waiter from spinning in down_write() slowpath (bsc#1207270). - locking: Add missing __sched attributes (bsc#1207270). - makefile: link with -z noexecstack --no-warn-rwx-segments (bsc#1203200). - media: coda: Add check for dcoda_iram_alloc (git-fixes). - media: coda: Add check for kmalloc (git-fixes). - media: i2c: imx219: Fix binning for RAW8 capture (git-fixes). - media: i2c: imx219: Split common registers from mode tables (git-fixes). - media: i2c: ov7670: 0 instead of -EINVAL was returned (git-fixes). - media: i2c: ov772x: Fix memleak in ov772x_probe() (git-fixes). - media: imx: imx7-media-csi: fix missing clk_disable_unprepare() in imx7_csi_init() (git-fixes). - media: ipu3-cio2: Fix PM runtime usage_count in driver unbind (git-fixes). - media: m5mols: fix off-by-one loop termination error (git-fixes). - media: max9286: Fix memleak in max9286_v4l2_register() (git-fixes). - media: ov2740: Fix memleak in ov2740_init_controls() (git-fixes). - media: ov5640: Fix analogue gain control (git-fixes). - media: ov5675: Fix memleak in ov5675_init_controls() (git-fixes). - media: platform: ti: Add missing check for devm_regulator_get (git-fixes). - media: rc: Fix use-after-free bugs caused by ene_tx_irqsim() (git-fixes). - media: rc: gpio-ir-recv: add remove function (git-fixes). - media: saa7134: Use video_unregister_device for radio_dev (git-fixes). - media: ti: cal: fix possible memory leak in cal_ctx_create() (git-fixes). - media: usb: siano: Fix use after free bugs caused by do_submit_urb (git-fixes). - media: uvcvideo: Add support for V4L2_CTRL_TYPE_CTRL_CLASS (git-fixes). - media: uvcvideo: Check controls flags before accessing them (git-fixes). - media: uvcvideo: Check for INACTIVE in uvc_ctrl_is_accessible() (git-fixes). - media: uvcvideo: Do not check for V4L2_CTRL_WHICH_DEF_VAL (git-fixes). - media: uvcvideo: Fix memory leak of object map on error exit path (git-fixes). - media: uvcvideo: Fix race condition with usb_kill_urb (git-fixes). - media: uvcvideo: Handle cameras with invalid descriptors (git-fixes). - media: uvcvideo: Handle errors from calls to usb_string (git-fixes). - media: uvcvideo: Quirk for autosuspend in Logitech B910 and C910 (git-fixes). - media: uvcvideo: Remove s_ctrl and g_ctrl (git-fixes). - media: uvcvideo: Silence memcpy() run-time false positive warnings (git-fixes). - media: uvcvideo: Use control names from framework (git-fixes). - media: uvcvideo: refactor __uvc_ctrl_add_mapping (git-fixes). - media: v4l2-jpeg: correct the skip count in jpeg_parse_app14_data (git-fixes). - media: v4l2-jpeg: ignore the unknown APP14 marker (git-fixes). - mei: bus-fixup:upon error print return values of send and receive (git-fixes). - mfd: arizona: Use pm_runtime_resume_and_get() to prevent refcnt leak (git-fixes). - mfd: cs5535: Do not build on UML (git-fixes). - mfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read() (git-fixes). - misc/mei/hdcp: Use correct macros to initialize uuid_le (git-fixes). - misc: enclosure: Fix doc for enclosure_find() (git-fixes). - mm: memcg: fix NULL pointer in mem_cgroup_track_foreign_dirty_slowpath() (bsc#1209262). - mmc: jz4740: Work around bug on JZ4760(B) (git-fixes). - mmc: mmc_spi: fix error handling in mmc_spi_probe() (git-fixes). - mmc: sdhci_am654: lower power-on failed message severity (git-fixes). - mmc: sdio: fix possible resource leaks in some error paths (git-fixes). - move upstreamed i915 and media fixes into sorted section - mt76: mt7915: fix polling firmware-own status (git-fixes). - mtd: dataflash: remove duplicate SPI ID table (git-fixes). - mtd: rawnand: fsl_elbc: Propagate HW ECC settings to HW (git-fixes). - mtd: rawnand: sunxi: Clean up chips after failed init (git-fixes). - mtd: rawnand: sunxi: Fix the size of the last OOB region (git-fixes). - mtd: spi-nor: Fix shift-out-of-bounds in spi_nor_set_erase_type (git-fixes). - mtd: spi-nor: core: fix implicit declaration warning (git-fixes). - mtd: spi-nor: sfdp: Fix index value for SCCR dwords (git-fixes). - mtd: spi-nor: spansion: Consider reserved bits in CFR5 register (git-fixes). - net/rose: Fix to not accept on connected socket (git-fixes). - net/sunrpc: fix reference count leaks in rpc_sysfs_xprt_state_change (git-fixes). - nfc: change order inside nfc_se_io error path (git-fixes). - nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties (git-fixes). - nfc: fix memory leak of se_io context in nfc_genl_se_io (git-fixes). - nfc: pn533: initialize struct pn533_out_arg properly (git-fixes). - nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition (git-fixes). - nfs4/pnfs: Always return layout stats on layout return for flexfiles (git-fixes). - nfs4: Fix kmemleak when allocate slot failed (git-fixes). - nfs: Always initialise fattr->label in nfs_fattr_alloc() (git-fixes). - nfs: Avoid writeback threads getting stuck in mempool_alloc() (git-fixes). - nfs: Create a new nfs_alloc_fattr_with_label() function (git-fixes). - nfs: Do not allocate nfs_fattr on the stack in __nfs42_ssc_open() (git-fixes). - nfs: Further optimisations for 'ls -l' (git-fixes). - nfs: nfs4clinet: check the return value of kstrdup() (git-fixes). - nfs: nfsiod should not block forever in mempool_alloc() (git-fixes). - nfs: nfsiod should not block forever in mempool_alloc() (git-fixes). - nfsd: COMMIT operations must not return NFS?ERR_INVAL (git-fixes). - nfsd: De-duplicate net_generic(nf->nf_net, nfsd_net_id) (git-fixes). - nfsd: Finish converting the NFSv2 GETACL result encoder (git-fixes). - nfsd: Finish converting the NFSv3 GETACL result encoder (git-fixes). - nfsd: Fix a memory leak in an error handling path (git-fixes). - nfsd: Fix handling of oversized NFSv4 COMPOUND requests (git-fixes). - nfsd: Fix nfsd_breaker_owns_lease() return values (git-fixes). - nfsd: Have legacy NFSD WRITE decoders use xdr_stream_subsegment() (git-fixes). - nfsd: Return nfserr_serverfault if splice_ok but buf->pages have data (git-fixes). - nfsd: do not call nfsd_file_put from client states seqfile display (git-fixes). - nfsd: fix use-after-free on source server when doing inter-server copy (git-fixes). - nfsd: pass range end to vfs_fsync_range() instead of count (git-fixes). - nfsv3: handle out-of-order write replies (bsc#1205544). - nfsv4 expose nfs_parse_server_name function (git-fixes). - nfsv4 handle port presence in fs_location server string (git-fixes). - nfsv4 only print the label when its queried (git-fixes). - nfsv4 remove zero number of fs_locations entries error check (git-fixes). - nfsv4 store server support for fs_location attribute (git-fixes). - nfsv4.1 query for fs_location attr on a new file system (git-fixes). - nfsv4.1: Fix uninitialised variable in devicenotify (git-fixes). - nfsv4.1: Handle RECLAIM_COMPLETE trunking errors (git-fixes). - nfsv4.1: We must always send RECLAIM_COMPLETE after a reboot (git-fixes). - nfsv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding (git-fixes). - nfsv4.2: Fix a memory stomp in decode_attr_security_label (git-fixes). - nfsv4.2: Fixup CLONE dest file size for zero-length count (git-fixes). - nfsv4.2: fix reference count leaks in _nfs42_proc_copy_notify() (git-fixes). - nfsv4/pnfs: Fix a use-after-free bug in open (git-fixes). - nfsv4: Add an fattr allocation to _nfs4_discover_trunking() (git-fixes). - nfsv4: Do not hold the layoutget locks across multiple RPC calls (git-fixes). - nfsv4: Fix a potential state reclaim deadlock (git-fixes). - nfsv4: Fix free of uninitialized nfs4_label on referral lookup (git-fixes). - nfsv4: Protect the state recovery thread against direct reclaim (git-fixes). - nfsv4: Retry LOCK on OLD_STATEID during delegation return (git-fixes). - nvme-auth: check chap ctrl_key once constructed (bsc#1202633). - nvme-auth: clear sensitive info right after authentication completes (bsc#1202633). - nvme-auth: convert dhchap_auth_list to an array (bsc#1202633). - nvme-auth: do not ignore key generation failures when initializing ctrl keys (bsc#1202633). - nvme-auth: do not keep long lived 4k dhchap buffer (bsc#1202633). - nvme-auth: do not override ctrl keys before validation (bsc#1202633). - nvme-auth: do not re-authenticate if the controller is not LIVE (bsc#1202633). - nvme-auth: do not use NVMe status codes (bsc#1202633). - nvme-auth: fix an error code in nvme_auth_process_dhchap_challenge() (bsc#1202633). - nvme-auth: fix smatch warning complaints (bsc#1202633). - nvme-auth: guarantee dhchap buffers under memory pressure (bsc#1202633). - nvme-auth: have dhchap_auth_work wait for queues auth to complete (bsc#1202633). - nvme-auth: mark nvme_auth_wq static (bsc#1202633). - nvme-auth: no need to reset chap contexts on re-authentication (bsc#1202633). - nvme-auth: remove redundant auth_work flush (bsc#1202633). - nvme-auth: remove redundant buffer deallocations (bsc#1202633). - nvme-auth: remove redundant deallocations (bsc#1202633). - nvme-auth: remove redundant if statement (bsc#1202633). - nvme-auth: remove symbol export from nvme_auth_reset (bsc#1202633). - nvme-auth: rename __nvme_auth_[reset|free] to nvme_auth[reset|free]_dhchap (bsc#1202633). - nvme-auth: rename authentication work elements (bsc#1202633). - nvme-auth: use workqueue dedicated to authentication (bsc#1202633). - nvme-fabrics: show well known discovery name (bsc#1200054). - ocfs2: Fix data corruption after failed write (bsc#1208542). - pci/ioc: Enlarge virtfn sysfs name buffer (git-fixes). - pci/pm: Always disable PTM for all devices during suspend (git-fixes). - pci/pm: Avoid putting Elo i2 PCIe Ports in D3cold (git-fixes). - pci/pm: Fix bridge_d3_blacklist Elo i2 overwrite of Gigabyte X299 (git-fixes). - pci/pm: Observe reset delay irrespective of bridge_d3 (git-fixes). - pci/ptm: Add pci_suspend_ptm() and pci_resume_ptm() (git-fixes). - pci: Add ACS quirk for Wangxun NICs (git-fixes). - pci: Add SolidRun vendor ID (git-fixes). - pci: Align extra resources for hotplug bridges properly (git-fixes). - pci: Avoid FLR for AMD FCH AHCI adapters (git-fixes). - pci: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() (git-fixes). - pci: Fix dropping valid root bus resources with .end = zero (git-fixes). - pci: Reduce warnings on possible RW1C corruption (git-fixes). - pci: Take other bus devices into account when distributing resources (git-fixes). - pci: Unify delay handling for reset and resume (git-fixes). - pci: aardvark: Check return value of generic_handle_domain_irq() when processing INTx IRQ (git-fixes). - pci: aardvark: Fix link training (git-fixes). - pci: dwc: Add dw_pcie_ops.host_deinit() callback (git-fixes). - pci: hotplug: Allow marking devices as disconnected during bind/unbind (git-fixes). - pci: hv: update comment in x86 specific hv_arch_irq_unmask (git-fixes). - pci: mediatek-gen3: Assert resets to ensure expected init state (git-fixes). - pci: mediatek-gen3: Fix refcount leak in mtk_pcie_init_irq_domains() (git-fixes). - pci: qcom: Fix host-init error handling (git-fixes). - pci: qcom: Fix pipe clock imbalance (git-fixes). - pci: switchtec: Return -EFAULT for copy_to_user() errors (git-fixes). - pci: xgene: Revert 'PCI: xgene: Use inbound resources for setup' (git-fixes). - perf/amd/ibs: Use interrupt regs ip for stack unwinding (git fixes). - perf/core: Call LSM hook after copying perf_event_attr (git fixes). - perf/core: Fix data race between perf_event_set_output() and perf_mmap_close() (git fixes). - perf/core: Inherit event_caps (git fixes). - perf/x86/amd: fix potential integer overflow on shift of a int (git fixes). - perf/x86/intel/ds: Fix precise store latency handling (git fixes). - perf/x86/intel/lbr: Use setup_clear_cpu_cap() instead of clear_cpu_cap() (git fixes). - perf/x86/intel/pt: Fix sampling using single range output (git fixes). - perf/x86/intel/pt: Relax address filter validation (git fixes). - perf/x86/intel/uncore: Add Emerald Rapids (git fixes). - perf/x86/intel/uncore: Clear attr_update properly (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Disable I/O stacks to PMU mapping on ICX-D (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Enable UPI topology discovery for Icelake Server (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Enable UPI topology discovery for Sapphire Rapids (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Enable UPI topology discovery for Skylake Server (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Fix broken read_counter() for SNB IMC PMU (git fixes). - perf/x86/intel/uncore: Fix reference count leak in __uncore_imc_init_box() (git fixes). - perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox() (git fixes). - perf/x86/intel/uncore: Fix reference count leak in sad_cfg_iio_topology() (git fixes). - perf/x86/intel/uncore: Fix reference count leak in snr_uncore_mmio_map() (git fixes). - perf/x86/intel/uncore: Generalize IIO topology support (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Generalize get_topology() for SKX PMUs (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Get UPI NodeID and GroupID (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Introduce UPI topology type (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Make set_mapping() procedure void (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Update sysfs-devices-mapping file (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel: Add Cooper Lake stepping to isolation_ucodes (git fixes). - perf/x86/intel: Add Emerald Rapids (git fixes). - perf/x86/intel: Do not extend the pseudo-encoding to GP counters (git fixes). - perf/x86/intel: Fix PEBS data source encoding for ADL (git fixes). - perf/x86/intel: Fix PEBS memory access info encoding for ADL (git fixes). - perf/x86/intel: Fix event constraints for ICL (git fixes). - perf/x86/intel: Fix pebs event constraints for ADL (git fixes). - perf/x86/intel: Fix pebs event constraints for ICL (git fixes). - perf/x86/intel: Fix pebs event constraints for SPR (git fixes). - perf/x86/lbr: Enable the branch type for the Arch LBR by default (git fixes). - perf/x86/msr: Add Emerald Rapids (git fixes). - perf/x86/rapl: Add support for Intel AlderLake-N (git fixes). - perf/x86/rapl: Treat Tigerlake like Icelake (git fixes). - perf/x86/rapl: Use standard Energy Unit for SPR Dram RAPL domain (git fixes). - perf/x86/rapl: fix AMD event handling (git fixes). - perf/x86/uncore: Add Raptor Lake uncore support (git fixes). - perf/x86/uncore: Add a quirk for UPI on SPR (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/uncore: Add new Alder Lake and Raptor Lake support (git fixes). - perf/x86/uncore: Add new Raptor Lake S support (git fixes). - perf/x86/uncore: Clean up uncore_pci_ids (git fixes). - perf/x86/uncore: Do not WARN_ON_ONCE() for a broken discovery table (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/uncore: Factor out uncore_device_to_die() (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/uncore: Fix potential NULL pointer in uncore_get_alias_name (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/uncore: Ignore broken units in discovery table (bsc#1206824, bsc#1206493, bsc#1206492). - perf: Always wake the parent event (git fixes). - perf: Fix possible memleak in pmu_dev_alloc() (git fixes). - phy: rockchip-typec: Fix unsigned comparison with less than zero (git-fixes). - phy: rockchip-typec: fix tcphy_get_mode error case (git-fixes). - pinctrl: at91: use devm_kasprintf() to avoid potential leaks (git-fixes). - pinctrl: mediatek: Initialize variable *buf to zero (git-fixes). - pinctrl: mediatek: fix coding style (git-fixes). - pinctrl: qcom: pinctrl-msm8976: Correct function names for wcss pins (git-fixes). - pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups (git-fixes). - pinctrl: stm32: Fix refcount leak in stm32_pctrl_get_irq_domain (git-fixes). - platform/x86: ISST: PUNIT device mapping with Sub-NUMA clustering (bsc#1208420). - platform/x86: amd-pmc: Correct usage of SMU version (git-fixes). - platform/x86: amd-pmc: Export Idlemask values based on the APU (git-fixes). - platform/x86: amd-pmc: Fix compilation when CONFIG_DEBUGFS is disabled (git-fixes). - platform/x86: touchscreen_dmi: Add Chuwi Vi8 (CWI501) DMI match (git-fixes). - platform: x86: MLX_PLATFORM: select REGMAP instead of depending on it (git-fixes). - powercap: fix possible name leak in powercap_register_zone() (git-fixes). - powerpc/eeh: Set channel state after notifying the drivers (bsc#1208784 ltc#201612). - printf: fix errname.c list (git-fixes). - prlimit: do_prlimit needs to have a speculation check (bsc#1209256). - pwm: stm32-lp: fix the check on arr and cmp registers update (git-fixes). - qede: avoid uninitialized entries in coal_entry array (bsc#1205846). - qede: fix interrupt coalescing configuration (bsc#1205846). - rcu: Tighten rcu_advance_cbs_nowake() checks (bsc#1209159). - rdma/cxgb4: Fix potential null-ptr-deref in pass_establish() (git-fixes) - rdma/cxgb4: add null-ptr-check after ip_dev_find() (git-fixes) - rdma/cxgb4: remove unnecessary NULL check in __c4iw_poll_cq_one() (git-fixes) - rdma/irdma: Cap MSIX used to online CPUs + 1 (git-fixes) - rdma/rxe: Fix missing memory barriers in rxe_queue.h (git-fixes) - rdma/siw: Fix user page pinning accounting (git-fixes) - refresh suse/NFSv3-handle-out-of-order-write-replies. Careless typo - might cause bsc#1209457 - refresh suse/ice-clear-stale-Tx-queue-settings-before-configuring. Fix bug introduced by broken backport (bsc#1208628). - regulator: Flag uncontrollable regulators as always_on (git-fixes). - regulator: core: Fix off-on-delay-us for always-on/boot-on regulators (git-fixes). - regulator: core: Use ktime_get_boottime() to determine how long a regulator was off (git-fixes). - regulator: max77802: Bounds check regulator id against opmode (git-fixes). - regulator: s5m8767: Bounds check id indexing into arrays (git-fixes). - remoteproc/mtk_scp: Move clk ops outside send_lock (git-fixes). - remoteproc: qcom_q6v5_mss: Use a carveout to authenticate modem headers (git-fixes). - replace mkinitrd dependency with dracut (bsc#1202353). Also update mkinitrd refrences in documentation and comments. - require suse-kernel-rpm-scriptlets at all times. The kernel packages call scriptlets for each stage, add the dependency to make it clear to libzypp that the scriptlets are required. There is no special dependency for posttrans, these scriptlets run when transactions are resolved. The plain dependency has to be used to support posttrans. - revert 'char: pcmcia: cm4000_cs: Replace mdelay with usleep_range in set_protocol' (git-fixes). - revert 'crypto: rsa-pkcs1pad - Replace GFP_ATOMIC with GFP_KERNEL in pkcs1pad_encrypt_sign_complete' (git-fixes). - revert 'hid: logitech-hidpp: add a module parameter to keep firmware gestures' (git-fixes). - revert 'usb: dwc3: qcom: Keep power domain on to retain controller status' (git-fixes). - rpm/group-source-files.pl: Deal with {pre,post}fixed / in location When the source file location provided with -L is either prefixed or postfixed with forward slash, the script get stuck in a infinite loop inside calc_dirs() where $path is an empty string. user@localhost:/tmp> perl '$HOME/group-source-files.pl' -D devel.files -N nondevel.files -L /usr/src/linux-5.14.21-150500.41/ ... path = /usr/src/linux-5.14.21-150500.41/Documentation/Kconfig path = /usr/src/linux-5.14.21-150500.41/Documentation path = /usr/src/linux-5.14.21-150500.41 path = /usr/src path = /usr path = path = path = ... # Stuck in an infinite loop This workarounds the issue by breaking out the loop once path is an empty string. For a proper fix we'd want something that filesystem-aware, but this workaround should be enough for the rare occation that this script is ran manually. Link: http://mailman.suse.de/mlarch/SuSE/kernel/2023/kernel.2023.03/msg00024.html - rpm/kernel-obs-build.spec.in: Remove SLE11 cruft - rtc: allow rtc_read_alarm without read_alarm callback (git-fixes). - rtc: pm8xxx: fix set-alarm race (git-fixes). - rtc: sun6i: Always export the internal oscillator (git-fixes). - s390/dasd: Fix potential memleak in dasd_eckd_init() (git-fixes). - s390/kexec: fix ipl report address for kdump (bsc#1207529). - scsi: lpfc: Copyright updates for 14.2.0.10 patches (bsc#1208607). - scsi: lpfc: Exit PRLI completion handling early if ndlp not in PRLI_ISSUE state (bsc#1208607). - scsi: lpfc: Fix space indentation in lpfc_xcvr_data_show() (bsc#1208607). - scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write (bsc#1208607). - scsi: lpfc: Introduce new attention types for lpfc_sli4_async_fc_evt() handler (bsc#1208607). - scsi: lpfc: Reinitialize internal VMID data structures after FLOGI completion (bsc#1208607). - scsi: lpfc: Remove duplicate ndlp kref decrement in lpfc_cleanup_rpis() (bsc#1208607 bsc#1208534). - scsi: lpfc: Remove redundant clean up code in disable_vport() (bsc#1208607). - scsi: lpfc: Replace outdated strncpy() with strscpy() (bsc#1208607). - scsi: lpfc: Resolve miscellaneous variable set but not used compiler warnings (bsc#1208607). - scsi: lpfc: Set max DMA segment size to HBA supported SGE length (bsc#1208607). - scsi: lpfc: Update lpfc version to 14.2.0.10 (bsc#1208607). - scsi: qla2xxx: Add option to disable FC2 Target support (bsc#1198438 bsc#1206103). - scsi: qla2xxx: Check if port is online before sending ELS (bsc#1208570). - scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests (bsc#1208570). - scsi: qla2xxx: Fix IOCB resource check warning (bsc#1208570). - scsi: qla2xxx: Fix erroneous link down (bsc#1208570). - scsi: qla2xxx: Fix exchange oversubscription (bsc#1208570). - scsi: qla2xxx: Fix exchange oversubscription for management commands (bsc#1208570). - scsi: qla2xxx: Fix link failure in NPIV environment (bsc#1208570). - scsi: qla2xxx: Fix printk() format string (bsc#1208570). - scsi: qla2xxx: Fix stalled login (bsc#1208570). - scsi: qla2xxx: Make qla_trim_buf() and __qla_adjust_buf() static (bsc#1208570). - scsi: qla2xxx: Relocate/rename vp map (bsc#1208570). - scsi: qla2xxx: Remove dead code (GNN ID) (bsc#1208570). - scsi: qla2xxx: Remove dead code (GPNID) (bsc#1208570). - scsi: qla2xxx: Remove dead code (bsc#1208570). - scsi: qla2xxx: Remove increment of interface err cnt (bsc#1208570). - scsi: qla2xxx: Remove the unused variable wwn (bsc#1208570). - scsi: qla2xxx: Remove unintended flag clearing (bsc#1208570). - scsi: qla2xxx: Select qpair depending on which CPU post_cmd() gets called (bsc#1208570). - scsi: qla2xxx: Simplify if condition evaluation (bsc#1208570). - scsi: qla2xxx: Update version to 10.02.08.100-k (bsc#1208570). - scsi: qla2xxx: Update version to 10.02.08.200-k (bsc#1208570). - scsi: qla2xxx: Use a variable for repeated mem_size computation (bsc#1208570). - scsi: qla2xxx: edif: Fix clang warning (bsc#1208570). - scsi: qla2xxx: edif: Fix performance dip due to lock contention (bsc#1208570). - scsi: qla2xxx: edif: Fix stall session after app start (bsc#1208570). - scsi: qla2xxx: edif: Reduce memory usage during low I/O (bsc#1208570). - scsi: storvsc: Handle BlockSize change in Hyper-V VHD/VHDX file (git-fixes). - sefltests: netdevsim: wait for devlink instance after netns removal (git-fixes). - selftest/lkdtm: Skip stack-entropy test if lkdtm is not available (git-fixes). - selftests/ftrace: Add check for ping command for trigger tests (bsc#1204993 ltc#200103). - selftests/ftrace: Convert tracer tests to use 'requires' to specify program dependency (bsc#1204993 ltc#200103). - selftests/powerpc: Account for offline cpus in perf-hwbreak test (bsc#1206232). - selftests/powerpc: Bump up rlimit for perf-hwbreak test (bsc#1206232). - selftests/powerpc: Move perror closer to its use (bsc#1206232). - serial: 8250_em: Fix UART port type (git-fixes). - serial: 8250_fsl: fix handle_irq locking (git-fixes). - serial: fsl_lpuart: fix RS485 RTS polariy inverse issue (git-fixes). - serial: qcom-geni: fix console shutdown hang (git-fixes). - serial: sc16is7xx: setup GPIO controller later in probe (git-fixes). - serial: tegra: Add missing clk_disable_unprepare() in tegra_uart_hw_init() (git-fixes). - signal/seccomp: Refactor seccomp signal and coredump generation (git-fixes). - signal/x86: In emulate_vsyscall force a signal instead of calling do_exit (git-fixes). - signal: Implement force_fatal_sig (git-fixes). - smb3: Replace smb2pdu 1-element arrays with flex-arrays (bsc#1193629). - soundwire: cadence: Do not overflow the command FIFOs (git-fixes). - spi: bcm63xx-hsspi: Endianness fix for ARM based SoC (git-fixes). - spi: dw_bt1: fix MUX_MMIO dependencies (git-fixes). - spi: synquacer: Fix timeout handling in synquacer_spi_transfer_one() (git-fixes). - spi: tegra210-quad: Fix validate combined sequence (git-fixes). - staging: emxx_udc: Add checks for dma_alloc_coherent() (git-fixes). - staging: mt7621-dts: change palmbus address to lower case (git-fixes). - struct uvc_device move flush_status new member to end (git-fixes). - sunrpc allow for unspecified transport time in rpc_clnt_add_xprt (git-fixes). - sunrpc: Do not leak netobj memory when gss_read_proxy_verf() fails (git-fixes). - sunrpc: Fix null-ptr-deref when xps sysfs alloc failed (git-fixes). - sunrpc: Fix potential race conditions in rpc_sysfs_xprt_state_change() (git-fixes). - sunrpc: Fix socket waits for write buffer space (git-fixes). - sunrpc: Return true/false (not 1/0) from bool functions (git-fixes). - supported.conf: Remove duplicate entry. - thermal/drivers/hisi: Drop second sensor hi3660 (git-fixes). - thermal/drivers/tsens: Add compat string for the qcom,msm8960 (git-fixes). - thermal/drivers/tsens: Drop msm8976-specific defines (git-fixes). - thermal/drivers/tsens: Sort out msm8976 vs msm8956 data (git-fixes). - thermal/drivers/tsens: fix slope values for msm8939 (git-fixes). - thermal/drivers/tsens: limit num_sensors to 9 for msm8939 (git-fixes). - thermal: intel: BXT_PMIC: select REGMAP instead of depending on it (git-fixes). - thermal: intel: Fix unsigned comparison with less than zero (git-fixes). - thermal: intel: intel_pch: Add support for Wellsburg PCH (git-fixes). - thermal: intel: powerclamp: Fix cur_state for multi package system (git-fixes). - thermal: intel: quark_dts: fix error pointer dereference (git-fixes). - tools/iio/iio_utils:fix memory leak (git-fixes). - tpm/eventlog: Do not abort tpm_read_log on faulty ACPI address (git-fixes). - tty: fix out-of-bounds access in tty_driver_lookup_tty() (git-fixes). - tty: serial: fsl_lpuart: Fix the wrong RXWATER setting for rx dma case (git-fixes). - tty: serial: fsl_lpuart: clear LPUART Status Register in lpuart32_shutdown() (git-fixes). - tty: serial: fsl_lpuart: disable Rx/Tx DMA in lpuart32_shutdown() (git-fixes). - tty: serial: fsl_lpuart: disable the CTS when send break signal (git-fixes). - tty: serial: imx: Handle RS485 DE signal active high (git-fixes). - tty: serial: imx: disable Ageing Timer interrupt request irq (git-fixes). - tty: serial: qcom-geni-serial: stop operations in progress at shutdown (git-fixes). - update internal module version number for cifs.ko (bsc#1193629). - update suse/hid-bigben_probe-validate-report-count (bsc#1208605). Added bugzilla reference to fix already applied - usb: core: Do not hold device lock while reading the 'descriptors' sysfs file (git-fixes). - usb: dwc3: core: Host wake up support from system suspend (git-fixes). - usb: dwc3: pci: add support for the Intel Meteor Lake-M (git-fixes). - usb: dwc3: qcom: Configure wakeup interrupts during suspend (git-fixes). - usb: dwc3: qcom: Fix memory leak in dwc3_qcom_interconnect_init (git-fixes). - usb: dwc3: qcom: Keep power domain on to retain controller status (git-fixes). - usb: dwc3: qcom: clean up icc init (git-fixes). - usb: dwc3: qcom: clean up suspend callbacks (git-fixes). - usb: dwc3: qcom: fix gadget-only builds (git-fixes). - usb: dwc3: qcom: fix peripheral and OTG suspend (git-fixes). - usb: dwc3: qcom: fix wakeup implementation (git-fixes). - usb: dwc3: qcom: only parse 'maximum-speed' once (git-fixes). - usb: dwc3: qcom: suppress unused-variable warning (git-fixes). - usb: early: xhci-dbc: Fix a potential out-of-bound memory access (git-fixes). - usb: ene_usb6250: Allocate enough memory for full object (git-fixes). - usb: gadget: configfs: Restrict symlink creation is UDC already binded (git-fixes). - usb: gadget: configfs: remove using list iterator after loop body as a ptr (git-fixes). - usb: gadget: configfs: use to_config_usb_cfg() in os_desc_link() (git-fixes). - usb: gadget: configfs: use to_usb_function_instance() in cfg (un)link func (git-fixes). - usb: gadget: fusb300_udc: free irq on the error path in fusb300_probe() (git-fixes). - usb: gadget: u_serial: Add null pointer check in gserial_resume (git-fixes). - usb: host: xhci: mvebu: Iterate over array indexes instead of using pointer math (git-fixes). - usb: max-3421: Fix setting of I/O pins (git-fixes). - usb: musb: Add and use inline function musb_otg_state_string (git-fixes). - usb: musb: Add and use inline functions musb_{get,set}_state (git-fixes). - usb: musb: mediatek: do not unregister something that wasn't registered (git-fixes). - usb: musb: remove schedule work called after flush (git-fixes). - usb: serial: option: add support for VW/Skoda 'Carstick LTE' (git-fixes). - usb: typec: intel_pmc_mux: Do not leak the ACPI device reference count (git-fixes). - usb: typec: intel_pmc_mux: Use the helper acpi_dev_get_memory_resources() (git-fixes). - usb: uvc: Enumerate valid values for color matching (git-fixes). - vc_screen: do not clobber return value in vcs_read (git-fixes). - vc_screen: modify vcs_size() handling in vcs_read() (git-fixes). - vdpa_sim: not reset state in vdpasim_queue_ready (git-fixes). - vfio/type1: prevent underflow of locked_vm via exec() (git-fixes). - vfio/type1: restore locked_vm (git-fixes). - vfio/type1: track locked_vm per dma (git-fixes). - vfs: filename_create(): fix incorrect intent (bsc#1197534). - virt/sev-guest: Add a MODULE_ALIAS (bsc#1208449). - virt/sev-guest: Prevent IV reuse in the SNP guest driver (bsc#1208449). - virt/sev-guest: Remove unnecessary free in init_crypto() (bsc#1208449). - virt: sev-guest: Pass the appropriate argument type to iounmap() (bsc#1208449). - virt: sevguest: Change driver name to reflect generic SEV support (bsc#1208449). - virt: sevguest: Rename the sevguest dir and files to sev-guest (bsc#1208449). - vmci: check context->notify_page after call to get_user_pages_fast() to avoid GPF (git-fixes). - vmxnet3: move rss code block under eop descriptor (bsc#1208212). - watch_queue: fix IOC_WATCH_QUEUE_SET_SIZE alloc error paths (bsc#1197617). - watchdog: Fix kmemleak in watchdog_cdev_register (git-fixes). - watchdog: at91sam9_wdt: use devm_request_irq to avoid missing free_irq() in error path (git-fixes). - watchdog: pcwd_usb: Fix attempting to access uninitialized memory (git-fixes). - watchdog: sbsa_wdog: Make sure the timeout programming is within the limits (git-fixes). - wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup (git-fixes). - wifi: ath11k: allow system suspend to survive ath11k (git-fixes). - wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() (git-fixes). - wifi: ath9k: Fix use-after-free in ath9k_hif_usb_disconnect() (git-fixes). - wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails (git-fixes). - wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function (git-fixes). - wifi: ath9k: use proper statements in conditionals (git-fixes). - wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds() (git-fixes). - wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-bounds (git-fixes). - wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit() (git-fixes). - wifi: brcmfmac: unmap dma buffer in brcmf_msgbuf_alloc_pktid() (git-fixes). - wifi: cfg80211: Fix extended KCK key length check in nl80211_set_rekey_data() (git-fixes). - wifi: cfg80211: Fix use after free for wext (git-fixes). - wifi: cfg80211: Partial revert 'wifi: cfg80211: Fix use after free for wext' (git-fixes). - wifi: ipw2200: fix memory leak in ipw_wdev_init() (git-fixes). - wifi: ipw2x00: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: iwl3945: Add missing check for create_singlethread_workqueue (git-fixes). - wifi: iwl4965: Add missing check for create_singlethread_workqueue() (git-fixes). - wifi: iwlegacy: common: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: libertas: cmdresp: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: libertas: fix memory leak in lbs_init_adapter() (git-fixes). - wifi: libertas: if_usb: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: libertas: main: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: libertas_tf: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: mac80211: make rate u32 in sta_set_rate_info_rx() (git-fixes). - wifi: mt7601u: fix an integer underflow (git-fixes). - wifi: mt76: dma: free rx_head in mt76_dma_rx_cleanup (git-fixes). - wifi: mwifiex: Add missing compatible string for SD8787 (git-fixes). - wifi: mwifiex: fix loop iterator in mwifiex_update_ampdu_txwinsize() (git-fixes). - wifi: orinoco: check return value of hermes_write_wordrec() (git-fixes). - wifi: rsi: Fix memory leak in rsi_coex_attach() (git-fixes). - wifi: rtl8xxxu: Fix memory leaks with RTL8723BU, RTL8192EU (git-fixes). - wifi: rtl8xxxu: Use a longer retry limit of 48 (git-fixes). - wifi: rtl8xxxu: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: rtl8xxxu: fixing transmisison failure for rtl8192eu (git-fixes). - wifi: rtlwifi: Fix global-out-of-bounds bug in _rtl8812ae_phy_set_txpower_limit() (git-fixes). - wifi: rtlwifi: rtl8188ee: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: rtlwifi: rtl8723be: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: rtlwifi: rtl8821ae: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: rtw89: Add missing check for alloc_workqueue (git-fixes). - wifi: wilc1000: fix potential memory leak in wilc_mac_xmit() (git-fixes). - wifi: wl3501_cs: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - x86/64/mm: Map all kernel memory into trampoline_pgd (git-fixes). - x86/amd_nb: Add AMD PCI IDs for SMN communication (bsc#1208848). - x86/cpu: Add CPU model numbers for Meteor Lake (git fixes). - x86/cpu: Add Raptor Lake to Intel family (git fixes). - x86/cpu: Add new Alderlake and Raptorlake CPU model numbers (git fixes). - x86/cpu: Add new Raptor Lake CPU model number (git fixes). - x86/cpu: Add several Intel server CPU model numbers (git fixes). - x86/cpu: Drop spurious underscore from RAPTOR_LAKE #define (git fixes). - x86/hyperv: Introduce HV_MAX_SPARSE_VCPU_BANKS/HV_VCPUS_PER_SPARSE_BANK constants (git-fixes). - x86/perf/zhaoxin: Add stepping check for ZXC (git fixes). - x86/perf: Avoid warning for Arch LBR without XSAVE (git fixes). - x86/perf: Default set FREEZE_ON_SMI for all (git fixes). - x86/sgx: Fix free page accounting (git-fixes). - x86/xen: Fix memory leak in xen_init_lock_cpu() (git-fixes). - x86/xen: Fix memory leak in xen_smp_intr_init{_pv}() (git-fixes). - x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (bsc#1203200). - xen-netfront: Fix NULL sring after live migration (git-fixes). - xen-pciback: Allow setting PCI_MSIX_FLAGS_MASKALL too (git-fixes). - xen/arm: Fix race in RB-tree based P2M accounting (git-fixes) - xen/netback: do some code cleanup (git-fixes). - xen/netback: fix build warning (git-fixes). - xen/netfront: destroy queues before real_num_tx_queues is zeroed (git-fixes). - xen/platform-pci: add missing free_irq() in error path (git-fixes). - xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource() (git-fixes). ----------------------------------------- Patch: SUSE-2023-1636 Released: Tue Mar 28 13:26:02 2023 Summary: Recommended update for suse-module-tools Severity: moderate References: 1207853 Description: This update for suse-module-tools fixes the following issues: - Update to version 15.4.16: * modprobe.conf: s390x: remove softdep on fbcon (bsc#1207853) ----------------------------------------- Patch: SUSE-2023-1688 Released: Wed Mar 29 18:19:10 2023 Summary: Security update for zstd Severity: moderate References: 1209533,CVE-2022-4899 Description: This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------- Patch: SUSE-2023-1717 Released: Fri Mar 31 15:18:35 2023 Summary: Security update for grub2 Severity: moderate References: 1209188 Description: This update of grub2 fixes the following issues: - rebuild the package with the new secure boot key (bsc#1209188). ----------------------------------------- Patch: SUSE-2023-1718 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 Description: This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) ----------------------------------------- Patch: SUSE-2023-1745 Released: Tue Apr 4 09:05:23 2023 Summary: Security update for openssl-1_1 Severity: moderate References: 1209624,CVE-2023-0464 Description: This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). ----------------------------------------- Patch: SUSE-2023-1774 Released: Wed Apr 5 13:13:19 2023 Summary: Recommended update for libcontainers-common Severity: moderate References: 1171578,1175821,1182998,1197093,1200524,1205536,1207509 Description: This update for libcontainers-common fixes the following issues: - Add registry.suse.com to the unqualified-search-registries (bsc#1205536) - New upstream release 20230214 - bump c/storage to 1.45.3 - bump c/image to 5.24.1 - bump c/common to 0.51.0 - containers.conf: - add commented out options containers.read_only, engine.platform_to_oci_runtime, engine.events_container_create_inspect_data, network.volume_plugin_timeout, engine.runtimes.youki, machine.provider - remove deprecated setting containers.userns_size - add youki to engine.runtime_supports_json - shortnames.conf: pull in latest upstream version - storage.conf: add commented out option storage.transient_store - correct license to APACHE-2.0 - Changes introduced to c/storage's storage.conf which adds a driver_priority attribute would break consumers of libcontainer-common as long as those packages are vendoring an older c/storage version. (bsc#1207509) - storage.conf: Unset 'driver' and set 'driver_priority' to allow podman to use 'btrfs' if available and fallback to 'overlay' if not. - .spec: rm %post script to set 'btrfs' as storage driver in storage.conf - Remove registry.suse.com from search unqualified-search-registries - add requires on util-linux-systemd for findmnt in profile script - only set storage_driver env when no libpod exists - add container-storage-driver.sh (bsc#1197093) - postinstall script: slight cleanup, no functional change - set detached sigstore attachments for the SUSE controlled registries - Fix obvious typo in containers.conf - Resync containers.conf / storage.conf with Fedora - Create /etc/containers/registries.conf.d and add 000-shortnames.conf to it. - Use $() again in %post, but with a space for POSIX compliance - Add missing Requires(post): sed (bsc#1200524) - Make %post compatible with dash - Switch registries.conf to v2 format - Reintroduce SLE specific mounts config, to avoid errors on non-SLE systems - Require util-linux-systemd for %post scripts (bsc#1182998, jsc#SLE-12122, bsc#1175821) - Update default registry (bsc#1171578) ----------------------------------------- Patch: SUSE-2023-1779 Released: Thu Apr 6 08:16:58 2023 Summary: Recommended update for systemd Severity: moderate References: 1208432 Description: This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers ----------------------------------------- Patch: SUSE-2023-1796 Released: Fri Apr 7 11:06:47 2023 Summary: Security update for conmon Severity: moderate References: 1209307 Description: This update for conmon fixes the following issues: - rebuild against supported go 1.19 (bsc#1209307) - no functional changes. ----------------------------------------- Patch: SUSE-2023-1805 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Severity: important References: Description: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. ----------------------------------------- Patch: SUSE-2023-1814 Released: Tue Apr 11 14:40:34 2023 Summary: Security update for podman Severity: important References: 1197093,1208364,1208510,1209495,CVE-2023-0778 Description: This update for podman fixes the following issues: Update to version 4.4.4: * libpod: always use direct mapping * macos pkginstaller: do not fail when podman-mac-helper fails * podman-mac-helper: install: do not error if already installed - podman.spec: Bump required version for libcontainers-common (bsc#1209495) Update to version 4.4.3: * compat: /auth: parse server address correctly * vendor github.com/containers/common@v0.51.1 * pkginstaller: bump Qemu to version 7.2.0 * podman machine: Adjust Chrony makestep config * [v4.4] fix --health-on-failure=restart in transient unit * podman logs passthrough driver support --cgroups=split * journald logs: simplify entry parsing * podman logs: read journald with passthrough * journald: remove initializeJournal() * netavark: only use aardvark ip as nameserver * compat API: network create return 409 for duplicate * fix 'podman logs --since --follow' flake * system service --log-level=trace: support hijack * podman-mac-helper: exit 1 on error * bump golang.org/x/net to v0.8.0 * Fix package restore * Quadlet - use the default runtime Update to version 4.4.2: * Revert 'CI: Temporarily disable all AWS EC2-based tasks' * kube play: only enforce passthrough in Quadlet * Emergency fix for man pages: check for broken includes * CI: Temporarily disable all AWS EC2-based tasks * quadlet system tests: add useful defaults, logging * volume,container: chroot to source before exporting content * install sigproxy before start/attach * Update to c/image 5.24.1 * events + container inspect test: RHEL fixes - podman.spec: add `crun` requirement for quadlet - podman.spec: set PREFIX at build stage (bsc#1208510) - CVE-2023-0778: Fixed symlink exchange attack in podman export volume (bsc#1208364) Update to version 4.4.1: * kube play: do not teardown unconditionally on error * Resolve symlink path for qemu directory if possible * events: document journald identifiers * Quadlet: exit 0 when there are no files to process * Cleanup podman-systemd.unit file * Install podman-systemd.unit man page, make quadlet discoverable * Add missing return after errors * oci: bind mount /sys with --userns=(auto|pod:) * docs: specify order preference for FROM * Cirrus: Fix & remove GraphQL API tests * test: adapt test to work on cgroupv1 * make hack/markdown-preprocess parallel-safe * Fix default handling of pids-limit * system tests: fix volume exec/noexec test Update to version 4.4.0: * Emergency fix for RHEL8 gating tests * Do not mount /dev/tty into rootless containers * Fixes port collision issue on use of --publish-all * Fix usage of absolute windows paths with --image-path * fix #17244: use /etc/timezone where `timedatectl` is missing on Linux * podman-events: document verbose create events * Making gvproxy.exe optional for building Windows installer * Add gvproxy to Windows packages * Match VT device paths to be blocked from mounting exactly * Clean up more language for inclusiveness * Set runAsNonRoot=true in gen kube * quadlet: Add device support for .volume files * fix: running check error when podman is default in wsl * fix: don't output 'ago' when container is currently up and running * journald: podman logs only show logs for current user * journald: podman events only show events for current user * Add (podman {image,manifest} push --sign-by-sigstore=param-file.yaml) * DB: make loading container states optional * ps: do not sync container * Allow --device-cgroup-rule to be passed in by docker API * Create release notes for v4.4.0 * Cirrus: Update operating branch * fix APIv2 python attach test flake * ps: query health check in batch mode * make example volume import, not import volume * Correct output when inspecting containers created with --ipc * Vendor containers/(storage, image, common, buildah) * Get correct username in pod when using --userns=keep-id * ps: get network data in batch mode * build(deps): bump github.com/onsi/gomega from 1.25.0 to 1.26.0 * add hack/perf for comparing two container engines * systems: retrofit dns options test to honor other search domains * ps: do not create copy of container config * libpod: set search domain independently of nameservers * libpod,netavark: correctly populate /etc/resolv.conf with custom dns server * podman: relay custom DNS servers to network stack * (fix) mount_program is in storage.options.overlay * Change example target to default in doc * network create: do not allow `default` as name * kube-play: add support for HostPID in podSpec * build(deps): bump github.com/docker/docker * Let's see if #14653 is fixed or not * Add support for podman build --group-add * vendor in latests containers/(storage, common, build, image) * unskip network update test * do not install swagger by default * pasta: skip 'Local forwarder, IPv4' test * add testbindings Makefile target * update CI images to include pasta * [CI:DOCS] Add CNI deprecation notices to documentation * Cirrus: preserve podman-server logs * waitPidStop: reduce sleep time to 10ms * StopContainer: return if cleanup process changed state * StopSignal: add a comment * StopContainer: small refactor * waitPidStop: simplify code * e2e tests: reenable long-skipped build test * Add openssh-clients to podmanimage * Reworks Windows smoke test to tunnel through interactive session. * fix bud-multiple-platform-with-base-as-default-arg flake * Remove ReservedAnnotations from kube generate specification * e2e: update test/README.md * e2e: use isRootless() instead of rootless.IsRootless() * Cleanup documentation on --userns=auto * Vendor in latest c/common * sig-proxy system test: bump timeout * build(deps): bump github.com/containernetworking/plugins * rootless: rename auth-scripts to preexec-hooks * Docs: version-check updates * commit: use libimage code to parse changes * [CI:DOCS] Remove experimental mac tutorial * man: Document the interaction between --systemd and --privileged * Make rootless privileged containers share the same tty devices as rootfull ones * container kill: handle stopped/exited container * Vendor in latest containers/(image,ocicrypt) * add a comment to container removal * Vendor in latest containers/storage * Cirrus: Run machine tests on PR merge * fix flake in kube system test * kube play: complete container spec * E2E Tests: Use inspect instead of actual data to avoid UDP flake * Use containers/storage/pkg/regexp in place of regexp * Vendor in latest containers/storage * Cirrus: Support using updated/latest NV/AV in PRs * Limit replica count to 1 when deploying from kubernetes YAML * Set StoppedByUser earlier in the process of stopping * podman-play system test: refactor * network: add support for podman network update and --network-dns-server * service container: less verbose error logs * Quadlet Kube - add support for PublishPort key * e2e: fix systemd_activate_test * Compile regex on demand not in init * [docker compat] Don't overwrite the NetworkMode if containers.conf overrides netns. * E2E Test: Play Kube set deadline to connection to avoid hangs * Only prevent VTs to be mounted inside privileged systemd containers * e2e: fix play_kube_test * Updated error message for supported VolumeSource types * Introduce pkg retry logic in win installer task * logformatter: include base SHA, with history link * Network tests: ping redhat.com, not podman.io * cobra: move engine shutdown to Execute * Updated options for QEMU on Windows hosts * Update Mac installer to use gvproxy v0.5.0 * podman: podman rm -f doesn't leave processes * oci: check for valid PID before kill(pid, 0) * linux: add /sys/fs/cgroup if /sys is a bind mount * Quadlet: Add support for ConfigMap key in Kube section * remove service container _after_ pods * Kube Play - allow setting and overriding published host ports * oci: terminate all container processes on cleanup * Update win-sshproxy to 0.5.0 gvisor tag * Vendor in latest containers/common * Fix a potential defer logic error around locking * logformatter: nicer formatting for bats failures * logformatter: refactor verbose line-print * e2e tests: stop using UBI images * k8s-file: podman logs --until --follow exit after time * journald: podman logs --until --follow exit after time * journald: seek to time when --since is used * podman logs: journald fix --since and --follow * Preprocess files in UTF-8 mode * Vendor in latest containers/(common, image, storage) * Switch to C based msi hooks for win installer * hack/bats: improve usage message * hack/bats: add --remote option * hack/bats: fix root/rootless logic * Describe copy volume options * Support sig-proxy for podman-remote attach and start * libpod: fix race condition rm'ing stopping containers * e2e: fix run_volume_test * Add support for Windows ARM64 * Add shared --compress to man pages * Add container error message to ContainerState * Man page checker: require canonical name in SEE ALSO * system df: improve json output code * kube play: fix the error logic with --quiet * System tests: quadlet network test * Fix: List container with volume filter * adding -dryrun flag * Quadlet Container: Add support for EnvironmentFile and EnvironmentHost * Kube Play: use passthrough as the default log-driver if service-container is set * System tests: add missing cleanup * System tests: fix unquoted question marks * Build and use a newer systemd image * Quadlet Network - Fix the name of the required network service * System Test Quadlet - Volume dependency test did not test the dependency * fix `podman system connection - tcp` flake * vendor: bump c/storage to a747b27 * Fix instructions about setting storage driver on command-line * Test README - point users to hack/bats * System test: quadlet kube basic test * Fixed `podman update --pids-limit` * podman-remote,bindings: trim context path correctly when its emptydir * Quadlet Doc: Add section for .kube files * e2e: fix containers_conf_test * Allow '/' to prefix container names to match Docker * Remove references to qcow2 * Fix typos in man page regarding transient storage mode. * make: Use PYTHON var for .install.pre-commit * Add containers.conf read-only flag support * Explain that relabeling/chowning of volumes can take along time * events: support 'die' filter * infra/abi: refactor ContainerRm * When in transient store mode, use rundir for bundlepath * quadlet: Support Type=oneshot container files * hacks/bats: keep QUADLET env var in test env * New system tests for conflicting options * Vendor in latest containers/(buildah, image, common) * Output Size and Reclaimable in human form for json output * podman service: close duplicated /dev/null fd * ginkgo tests: apply ginkgolinter fixes * Add support for hostPath and configMap subpath usage * export: use io.Writer instead of file * rootless: always create userns with euid != 0 * rootless: inhibit copy mapping for euid != 0 * pkg/domain/infra/abi: introduce `type containerWrapper` * vendor: bump to buildah ca578b290144 and use new cache API * quadlet: Handle booleans that have defaults better * quadlet: Rename parser.LookupBoolean to LookupBooleanWithDefault * Add podman-clean-transient.service service * Stop recording annotations set to false * Unify --noheading and -n to be consistent on all commands * pkg/domain/infra/abi: add `getContainers` * Update vendor of containters/(common, image) * specfile: Drop user-add depedency from quadlet subpackage. * quadlet: Default BINDIR to /usr/bin if tag not specified * Quadlet: add network support * Add comment for jsonMarshal command * Always allow pushing from containers-storage * libpod: move NetNS into state db instead of extra bucket * Add initial system tests for quadlets * quadlet: Add --user option * libpod: remove CNI word were no longer applicable * libpod: fix header length in http attach with logs * podman-kube@ template: use `podman kube` * build(deps): bump github.com/docker/docker * wait: add --ignore option * qudlet: Respect $PODMAN env var for podman binary * e2e: Add assert-key-is-regex check to quadlet e2e testsuite * e2e: Add some assert to quadlet test to make sure testcases are sane * remove unmapped ports from inspect port bindings * update podman-network-create for clarity * Vendor in latest containers/common with default capabilities * pkg/rootless: Change error text ... * rootless: add cli validator * rootless: define LIBEXECPODMAN * doc: fix documentation for idmapped mounts * bump golangci-lint to v1.50.1 * build(deps): bump github.com/onsi/gomega from 1.24.1 to 1.24.2 * [CI:DOCS] podman-mount: s/umount/unmount/ * create/pull --help: list pull policies * Network Create: Add --ignore flag to support idempotent script * Make qemu security model none * libpod: use OCI idmappings for mounts * stop reporting errors removing containers that don't exist * test: added test from wait endpoint with to long label * quadlet: Default VolatileTmp to off * build(deps): bump github.com/ulikunitz/xz from 0.5.10 to 0.5.11 * docs/options/ipc: fix list syntax * Docs: Add dedicated DOWNLOAD doc w/ links to bins * Make a consistently-named windows installer * checkpoint restore: fix --ignore-static-ip/mac * add support for subpath in play kube for named volumes * build(deps): bump golang.org/x/net from 0.2.0 to 0.4.0 * golangci-lint: remove three deprecated linters * parse-localbenchmarks: separate standard deviation * build(deps): bump golang.org/x/term from 0.2.0 to 0.3.0 * podman play kube support container startup probe * Add podman buildx version support * Cirrus: Collect benchmarks on machine instances * Cirrus: Remove escape codes from log files * [CI:DOCS] Clarify secret target behavior * Fix typo on network docs * podman-remote build add --volume support * remote: allow --http-proxy for remote clients * Cleanup kube play workloads if error happens * health check: ignore dependencies of transient systemd units/timers * fix: event read from syslog * Fixes secret (un)marshaling for kube play. * Remove 'you' from man pages * build(deps): bump golang.org/x/tools from 0.3.0 to 0.4.0 in /test/tools * [CI:DOCS] test/README.md: run tests with podman-remote * e2e: keeps the http_proxy value * Makefile: Add podman-mac-helper to darwin client zip * test/e2e: enable 'podman run with ipam none driver' for nv * [skip-ci] GHA/Cirrus-cron: Fix execution order * kube sdnotify: run proxies for the lifespan of the service * Update containers common package * podman manpage: Use man-page links instead of file names * e2e: fix e2e tests in proxy environment * Fix test * disable healthchecks automatically on non systemd systems * Quadlet Kube: Add support for userns flag * [CI:DOCS] Add warning about --opts,o with mount's -o * Add podman system prune --external * Add some tests for transient store * runtime: In transient_store mode, move bolt_state.db to rundir * runtime: Handle the transient store options * libpod: Move the creation of TmpDir to an earlier time * network create: support '-o parent=XXX' for ipvlan * compat API: allow MacAddress on container config * Quadlet Kube: Add support for relative path for YAML file * notify k8s system test: move sending message into exec * runtime: do not chown idmapped volumes * quadlet: Drop ExecStartPre=rm %t/%N.cid * Quadlet Kube: Set SyslogIdentifier if was not set * Add a FreeBSD cross build to the cirrus alt build task * Add completion for --init-ctr * Fix handling of readonly containers when defined in kube.yaml * Build cross-compilation fixes * libpod: Track healthcheck API changes in healthcheck_unsupported.go * quadlet: Use same default capability set as podman run * quadlet: Drop --pull=never * quadlet: Change default of ReadOnly to no * quadlet: Change RunInit default to no * quadlet: Change NoNewPrivileges default to false * test: podman run with checkpoint image * Enable 'podman run' for checkpoint images * test: Add tests for checkpoint images * CI setup: simplify environment passthrough code * Init containers should not be restarted * Update c/storage after https://github.com/containers/storage/pull/1436 * Set the latest release explicitly * add friendly comment * fix an overriding logic and load config problem * Update the issue templates * Update vendor of containers/(image, buildah) * [CI:DOCS] Skip windows-smoke when not useful * [CI:DOCS] Remove broken gate-container docs * OWNERS: add Jason T. Greene * hack/podmansnoop: print arguments * Improve atomicity of VM state persistence on Windows * [CI:BUILD] copr: enable podman-restart.service on rpm installation * macos: pkg: Use -arm64 suffix instead of -aarch64 * linux: Add -linux suffix to podman-remote-static binaries * linux: Build amd64 and arm64 podman-remote-static binaries * container create: add inspect data to event * Allow manual override of install location * Run codespell on code * Add missing parameters for checkpoint/restore endpoint * Add support for startup healthchecks * Add information on metrics to the `network create` docs * Introduce podman machine os commands * Document that ignoreRootFS depends on export/import * Document ignoreVolumes in checkpoint/restore endpoint * Remove leaveRunning from swagger restore endpoint * libpod: Add checks to avoid nil pointer dereference if network setup fails * Address golangci-lint issues * Documenting Hyper-V QEMU acceleration settings * Kube Play: fix the handling of the optional field of SecretVolumeSource * Update Vendor of containers/(common, image, buildah) * Fix swapped NetInput/-Output stats * libpod: Use O_CLOEXEC for descriptors returned by (*Container).openDirectory * chore: Fix MD for Troubleshooting Guide link in GitHub Issue Template * test/tools: rebuild when files are changed * ginkgo tests: apply ginkgolinter fixes * ginkgo: restructure install work flow * Fix manpage emphasis * specgen: support CDI devices from containers.conf * vendor: update containers/common * pkg/trust: Take the default policy path from c/common/pkg/config * Add validate-in-container target * Adding encryption decryption feature * container restart: clean up healthcheck state * Add support for podman-remote manifest annotate * Quadlet: Add support for .kube files * Update vendor of containers/(buildah, common, storage, image) * specgen: honor user namespace value * [CI:DOCS] Migrate OSX Cross to M1 * quadlet: Rework uid/gid remapping * GHA: Fix cirrus re-run workflow for other repos. * ssh system test: skip until it becomes a test * shell completion: fix hard coded network drivers * libpod: Report network setup errors properly on FreeBSD * E2E Tests: change the registry for the search test to avoid authentication * pkginstaller: install podman-mac-helper by default * Fix language. Mostly spelling a -> an * podman machine: Propagate SSL_CERT_FILE and SSL_CERT_DIR to systemd environment. * [CI:DOCS] Fix spelling and typos * Modify man page of '--pids-limit' option to correct a default value. * Update docs/source/markdown/podman-remote.1.md * Update pkg/bindings/connection.go * Add more documentation on UID/GID Mappings with --userns=keep-id * support podman-remote to connect tcpURL with proxy * Removing the RawInput from the API output * fix port issues for CONTAINER_HOST * CI: Package versions: run in the 'main' step * build(deps): bump github.com/rootless-containers/rootlesskit * pkg/domain: Make checkExecPreserveFDs platform-specific * e2e tests: fix restart race * Fix podman --noout to suppress all output * remove pod if creation has failed * pkg/rootless: Implement rootless.IsFdInherited on FreeBSD * Fix more podman-logs flakes * healthcheck system tests: try to fix flake * libpod: treat ESRCH from /proc/PID/cgroup as ENOENT * GHA: Configure workflows for reuse * compat,build: handle docker's preconfigured cacheTo,cacheFrom * docs: deprecate pasta network name * utils: Enable cgroup utils for FreeBSD * pkg/specgen: Disable kube play tests on FreeBSD * libpod/lock: Fix build and tests for SHM locks on FreeBSD * podman cp: fix copying with '.' suffix * pkginstaller: bump Qemu to version 7.1.0 * specgen,wasm: switch to crun-wasm wherever applicable * vendor: bump c/common to v0.50.2-0.20221111184705-791b83e1cdf1 * libpod: Make unit test for statToPercent Linux only * Update vendor of containers/storage * fix connection usage with containers.conf * Add --quiet and --no-info flags to podman machine start * Add hidden podman manifest inspect -v option * Add podman volume create -d short option for driver * Vendor in latest containers/(common,image,storage) * Add podman system events alias to podman events * Fix search_test to return correct version of alpine * GHA: Fix undefined secret env. var. * Release notes for 4.3.1 * GHA: Fix make_email-body script reference * Add release keys to README * GHA: Fix typo setting output parameter * GHA: Fix typo. * New tool, docs/version-check * Formalize our compare-against-docker mechanism * Add restart-sec for container service files * test/tools: bump module to go 1.17 * contrib/cirrus/check_go_changes.sh: ignore test/tools/vendor * build(deps): bump golang.org/x/tools from 0.1.12 to 0.2.0 in /test/tools * libpod: Add FreeBSD support in packageVersion * Allow podman manigest push --purge|-p as alias for --rm * [CI:DOCS] Add performance tutorial * [CI:DOCS] Fix build targets in build_osx.md. * fix --format {{json .}} output to match docker * remote: fix manifest add --annotation * Skip test if `--events-backend` is necessary with podman-remote * kube play: update the handling of PersistentVolumeClaim * system tests: fix a system test in proxy environment * Use single unqualified search registry on Windows * test/system: Add, use tcp_port_probe() to check for listeners rather than binds * test/system: Add tests for pasta(1) connectivity * test/system: Move network-related helpers to helpers.network.bash * test/system: Use procfs to find bound ports, with optional address and protocol * test/system: Use port_is_free() from wait_for_port() * libpod: Add pasta networking mode * More log-flake work * Fix test flakes caused by improper podman-logs * fix incorrect systemd booted check * Cirrus: Add tests for GHA scripts * GHA: Update scripts to pass shellcheck * Cirrus: Shellcheck github-action scripts * Cirrus: shellcheck support for github-action scripts * GHA: Fix cirrus-cron scripts * Makefile: don't install to tmpfiles.d on FreeBSD * Make sure we can build and read each line of docker py's api client * Docker compat build api - make sure only one line appears per flush * Run codespell on code * Update vendor of containers/(image, storage, common) * Allow namespace path network option for pods. * Cirrus: Never skip running Windows Cross task * GHA: Auto. re-run failed cirrus-cron builds once * GHA: Migrate inline script to file * GHA: Simplify script reference * test/e2e: do not use apk in builds * remove container/pod id file along with container/pod * Cirrus: Synchronize windows image * Add --insecure,--tls-verify,--verbose flags to podman manifest inspect * runtime: add check for valid pod systemd cgroup * CI: set and verify DESIRED_NETWORK (netavark, cni) * [CI:DOCS] troubleshooting: document keep-id options * Man pages: refactor common options: --security-opt * Cirrus: Guarantee CNI testing w/o nv/av present * Cirrus: temp. disable all Ubuntu testing * Cirrus: Update to F37beta * buildah bud tests: better handling of remote * quadlet: Warn in generator if using short names * Add Windows Smoke Testing * Add podman kube apply command * docs: offer advice on installing test dependencies * Fix documentation on read-only-tmpfs * version bump to 4.4.0-dev * deps: bump go-criu to v6 * Makefile: Add cross build targets for freebsd * pkg/machine: Make this build on FreeBSD/arm64 * pkg/rctl: Remove unused cgo dependency * man pages: assorted underscore fixes * Upgrade GitHub actions packages from v2 to v3 * vendor github.com/godbus/dbus/v5@4b691ce * [CI:DOCS] fix --tmpdir typos * Do not report that /usr/share/containers/storage.conf has been edited. * Eval symlinks on XDG_RUNTIME_DIR * hack/podmansnoop * rootless: support keep-id with one mapping * rootless: add argument to GetConfiguredMappings * Update vendor containers/(common,storage,buildah,image) * Fix deadlock between 'podman ps' and 'container inspect' commands * Add information about where the libpod/boltdb database lives * Consolidate the dependencies for the IsTerminal() API * Ensure that StartAndAttach locks while sending signals * ginkgo testing: fix podman usernamespace join * Test runners: nuke podman from $PATH before tests * volumes: Fix idmap not working for volumes * FIXME: Temporary workaround for ubi8 CI breakage * System tests: teardown: clean up volumes * update api versions on docs.podman.io * system tests: runlabel: use podman-under-test * system tests: podman network create: use random port * sig-proxy test: bump timeout * play kube: Allow the user to import the contents of a tar file into a volume * Clarify the docs on DropCapability * quadlet tests: Disable kmsg logging while testing * quadlet: Support multiple Network= * quadlet: Add support for Network=... * Fix manpage for podman run --network option * quadlet: Add support for AddDevice= * quadlet: Add support for setting seccomp profile * quadlet: Allow multiple elements on each Add/DropCaps line * quadlet: Embed the correct binary name in the generated comment * quadlet: Drop the SocketActivated key * quadlet: Switch log-driver to passthrough * quadlet: Change ReadOnly to default to enabled * quadlet tests: Run the tests even for (exected) failed tests * quadlet tests: Fix handling of stderr checks * Remove unused script file * notifyproxy: fix container watcher * container/pod id file: truncate instead of throwing an error * quadlet: Use the new podman create volume --ignore * Add podman volume create --ignore * logcollector: include aardvark-dns * build(deps): bump github.com/stretchr/testify from 1.8.0 to 1.8.1 * build(deps): bump github.com/BurntSushi/toml from 1.2.0 to 1.2.1 * docs: generate systemd: point to kube template * docs: kube play: mention restart policy * Fixes: 15858 (podman system reset --force destroy machine) * fix search flake * use cached containers.conf * adding regex support to the ancestor ps filter function * Fix `system df` issues with `-f` and `-v` * markdown-preprocess: cross-reference where opts are used * Default qemu flags for Windows amd64 * build(deps): bump golang.org/x/text from 0.3.8 to 0.4.0 * Update main to reflect v4.3.0 release * build(deps): bump github.com/docker/docker * move quadlet packages into pkg/systemd * system df: fix image-size calculations * Add man page for quadlet * Fix small typo * testimage: add iproute2 & socat, for pasta networking * Set up minikube for k8s testing * Makefile: don't install systemd generator binaries on FreeBSD * [CI:BUILD] copr: podman rpm should depend on containers-common-extra * Podman image: Set default_sysctls to empty for rootless containers * Don't use github.com/docker/distribution * libpod: Add support for 'podman top' on FreeBSD * libpod: Factor out jail name construction from stats_freebsd.go * pkg/util: Add pid information descriptors for FreeBSD * Initial quadlet version integrated in golang * bump golangci-lint to v1.49.0 * Update vendor containers/(common,image,storage) * Allow volume mount dups, iff source and dest dirs * rootless: fix return value handling * Change to correct break statements * vendor containers/psgo@v1.8.0 * Clarify that MacOSX docs are client specific * libpod: Factor out the call to PidFdOpen from (*Container).WaitForExit * Add swagger install + allow version updates in CI * Cirrus: Fix windows clone race * build(deps): bump github.com/docker/docker * kill: wait for the container * generate systemd: set --stop-timeout for stopping containers * hack/tree_status.sh: print diff at the end * Fix markdown header typo * markdown-preprocess: add generic include mechanism * markdown-preprocess: almost complete OO rewrite * Update tests for changed error messages * Update c/image after https://github.com/containers/image/pull/1299 * Man pages: refactor common options (misc) * Man pages: Refactor common options: --detach-keys * vendor containers/storage@main * Man pages: refactor common options: --attach * build(deps): bump github.com/fsnotify/fsnotify from 1.5.4 to 1.6.0 * KillContainer: improve error message * docs: add missing options * Man pages: refactor common options: --annotation (manifest) * build(deps): bump github.com/spf13/cobra from 1.5.0 to 1.6.0 * system tests: health-on-failure: fix broken logic * build(deps): bump golang.org/x/text from 0.3.7 to 0.3.8 * build(deps): bump github.com/onsi/gomega from 1.20.2 to 1.22.1 * ContainerEngine.SetupRootless(): Avoid calling container.Config() * Container filters: Avoid use of ctr.Config() * Avoid unnecessary calls to Container.Spec() * Add and use Container.LinuxResource() helper * play kube: notifyproxy: listen before starting the pod * play kube: add support for configmap binaryData * Add and use libpod/Container.Terminal() helper * Revert 'Add checkpoint image tests' * Revert 'cmd/podman: add support for checkpoint images' * healthcheck: fix --on-failure=stop * Man pages: Add mention of behavior due to XDG_CONFIG_HOME * build(deps): bump github.com/containers/ocicrypt from 1.1.5 to 1.1.6 * Avoid unnecessary timeout of 250msec when waiting on container shutdown * health checks: make on-failure action retry aware * libpod: Remove 100msec delay during shutdown * libpod: Add support for 'podman pod' on FreeBSD * libpod: Factor out cgroup validation from (*Runtime).NewPod * libpod: Move runtime_pod_linux.go to runtime_pod_common.go * specgen/generate: Avoid a nil dereference in MakePod * libpod: Factor out cgroups handling from (*Pod).refresh * Adds a link to OSX docs in CONTRIBUTING.md * Man pages: refactor common options: --os-version * Create full path to a directory when DirectoryOrCreate is used with play kube * Return error in podman system service if URI scheme is not unix/tcp * Man pages: refactor common options: --time * man pages: document some --format options: images * Clean up when stopping pods * Update vendor of containers/buildah v1.28.0 * Proof of concept: nightly dependency treadmill - Make the priority for picking the storage driver configurable (bsc#1197093) ----------------------------------------- Patch: SUSE-2023-1880 Released: Tue Apr 18 11:11:27 2023 Summary: Recommended update for systemd-rpm-macros Severity: low References: 1208079 Description: This update for systemd-rpm-macros fixes the following issue: - Don't emit a warning when the flag file in /var/lib/systemd/migrated/ is not present as it's expected (bsc#1208079). ----------------------------------------- Patch: SUSE-2023-1885 Released: Tue Apr 18 11:15:17 2023 Summary: Recommended update for dracut Severity: moderate References: 1206195,1206439 Description: This update for dracut fixes the following issues: - Update to version 055+suse.335.gccf7fbc6: * Always include all drivers that LVM can use (bsc#1206195) * Require libopenssl1_1-hmac for dracut-fips (bsc#1206439) ----------------------------------------- Patch: SUSE-2023-1911 Released: Wed Apr 19 13:02:33 2023 Summary: Security update for openssl-1_1 Severity: moderate References: 1209873,1209878,CVE-2023-0465,CVE-2023-0466 Description: This update for openssl-1_1 fixes the following issues: - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ----------------------------------------- Patch: SUSE-2023-1913 Released: Wed Apr 19 14:23:14 2023 Summary: Recommended update for libslirp, slirp4netns Severity: moderate References: 1201551 Description: This update for libslirp and slirp4netns fixes the following issues: libslirp was updated to version 4.7.0+44 (current git master): * Fix vmstate regression * Align outgoing packets * Bump incoming packet alignment to 8 bytes * vmstate: only enable when building under GNU C * ncsitest: Fix build with msvc * Separate out SLIRP_PACKED to SLIRP_PACKED_BEGIN/END * ncsi: Add Mellanox Get Mac Address handler * slirp: Add out-of-band ethernet address * ncsi: Add OEM command handler * ncsi: Add basic test for Get Version ID response * ncsi: Use response header for payload length * ncsi: Pass command header to response handlers * ncsi: Add Get Version ID command * ncsi: Pass Slirp structure to response handlers * slirp: Add manufacturer's ID Release v4.7.0 * slirp: invoke client callback before creating timers * pingtest: port to timer_new_opaque * introduce timer_new_opaque callback * introduce slirp_timer_new wrapper * icmp6: make ndp_send_ra static * socket: Handle ECONNABORTED from recv * bootp: fix g_str_has_prefix warning/critical * slirp: Don't duplicate packet in tcp_reass * Rename insque/remque -> slirp_[ins|rem]que * mbuf: Use SLIRP_DEBUG to enable mbuf debugging instead of DEBUG * Replace inet_ntoa() with safer inet_ntop() * Add VMS_END marker * bootp: add support for UEFI HTTP boot * IPv6 DNS proxying support * Add missing scope_id in caching * socket: Move closesocket(so->s_aux) to sofree * socket: Check so_type instead of so_tcpcb for Unix-to-inet translation * socket: Add s_aux field to struct socket for storing auxilliary socket * socket: Initialize so_type in socreate * socket: Allocate Unix-to-TCP hostfwd port from OS by binding to port 0 * Allow to disable internal DHCP server * slirp_pollfds_fill: Explain why dividing so_snd.sb_datalen by two * CI: run integration tests with slirp4netns * socket: Check address family for Unix-to-inet accept translation * socket: Add debug args for tcpx_listen (inet and Unix sockets) * socket: Restore original definition of fhost * socket: Move include to socket.h * Support Unix sockets in hostfwd * resolv: fix IPv6 resolution on Darwin * Use the exact sockaddr size in getnameinfo call * Initialize sin6_scope_id to zero * slirp_socketpair_with_oob: Connect pair through 127.0.0.1 * resolv: fix memory leak when using libresolv * pingtest: Add a trivial ping test * icmp: Support falling back on trying a SOCK_RAW socket Update to version 4.6.1+7: * Haiku: proper path to resolv.conf for DNS server * Fix for Haiku * dhcp: Always send DHCP_OPT_LEN bytes in options Update to version 4.6.1: * Fix 'DHCP broken in libslirp v4.6.0' Update to version 4.6.0: * udp: check upd_input buffer size * tftp: introduce a header structure * tftp: check tftp_input buffer size * upd6: check udp6_input buffer size * bootp: check bootp_input buffer size * bootp: limit vendor-specific area to input packet memory buffer Update to version 4.4.0: * socket: consume empty packets * slirp: check pkt_len before reading protocol header * Add DNS resolving for iOS * sosendoob: better document what urgc is used for * TCPIPHDR_DELTA: Fix potential negative value * udp, udp6, icmp, icmp6: Enable forwarding errors on Linux * icmp, icmp6: Add icmp_forward_error and icmp6_forward_error * udp, udp6, icmp: handle TTL value * ip_stripoptions use memmove slirp4netns was updated to 1.2.0: * Add slirp4netns --target-type=bess /path/to/bess.sock for supporting UML (#281) * Explicitly support DHCP (#270) * Update parson to v1.1.3 (#273) kgabis/parson@70dc239...2d7b3dd Update to version 1.1.11: * Add --macaddress option to specify the MAC address of the tap interface. * Updated the man page. Update to version 1.1.8: Update to 1.0.0: * --enable-sandbox is now out of experimental ----------------------------------------- Patch: SUSE-2023-1939 Released: Fri Apr 21 11:14:30 2023 Summary: Recommended update for mozilla-nss Severity: moderate References: 1191546,1207209,1208242,1208999 Description: This update for mozilla-nss fixes the following issues: - FIPS 140-3: Adjust SLI reporting for PBKDF2 parameter validation (bsc#1208999) - FIPS 140-3: Update session->lastOpWasFIPS before destroying the key after derivation in the CKM_TLS12_KEY_AND_MAC_DERIVE, CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256, CKM_TLS_KEY_AND_MAC_DERIVE and CKM_SSL3_KEY_AND_MAC_DERIVE cases. (bsc#1191546) - FIPS 140-3: more changes for pairwise consistency checks. (bsc#1207209) - Add manpages to mozilla-nss-tools (bsc#1208242) ----------------------------------------- Patch: SUSE-2023-1963 Released: Mon Apr 24 15:03:10 2023 Summary: Recommended update for grub2 Severity: moderate References: 1187810,1189036,1207064,1209165,1209234,1209372,1209667 Description: This update for grub2 fixes the following issues: - Fix aarch64 kiwi image's file not found due to '/@' prepended to path in btrfs filesystem. (bsc#1209165) - Make grub more robust against storage race condition causing system boot failures (bsc#1189036) - Fix unknown filesystem error on disks with 4096 sector size (bsc#1207064, bsc#1209234) - Fix installation over serial console ends up in infinite boot loop (bsc#1187810, bsc#1209667, bsc#1209372) ----------------------------------------- Patch: SUSE-2023-1992 Released: Tue Apr 25 13:38:03 2023 Summary: Security update for the Linux Kernel Severity: important References: 1065729,1109158,1189998,1193629,1194869,1198400,1203200,1206552,1207168,1207185,1207574,1208602,1208815,1208829,1208902,1209052,1209118,1209256,1209290,1209292,1209366,1209532,1209547,1209556,1209572,1209600,1209634,1209635,1209636,1209681,1209684,1209687,1209779,1209788,1209798,1209799,1209804,1209805,1210050,1210203,CVE-2017-5753,CVE-2022-4744,CVE-2023-0394,CVE-2023-1281,CVE-2023-1513,CVE-2023-1582,CVE-2023-1611,CVE-2023-1637,CVE-2023-1652,CVE-2023-1838,CVE-2023-23001,CVE-2023-28327,CVE-2023-28464,CVE-2023-28466 Description: The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547). - CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256). - CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635). - CVE-2023-0394: Fixed a null pointer dereference flaw in the network subcomponent in the Linux kernel which could lead to system crash (bsc#1207168). - CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209634). - CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532). - CVE-2023-1582: Fixed soft lockup in __page_mapcount (bsc#1209636). - CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687). - CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779, bsc#1198400). - CVE-2023-1652: Fixed use-after-free that could lead to DoS and information leak in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c (bsc#1209788). - CVE-2023-1838: Fixed an use-after-free flaw in virtio network subcomponent. This flaw could allow a local attacker to crash the system and lead to a kernel information leak problem. (bsc#1210203). - CVE-2023-23001: Fixed misinterpretation of regulator_get return value in drivers/scsi/ufs/ufs-mediatek.c (bsc#1208829). - CVE-2023-28327: Fixed DoS in in_skb in unix_diag_get_exact() (bsc#1209290). - CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/bluetooth/hci_conn.c (bsc#1209052). - CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1209366). The following non-security bugs were fixed: - ACPI: x86: utils: Add Cezanne to the list for forcing StorageD3Enable (git-fixes). - ALSA: asihpi: check pao in control_message() (git-fixes). - ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set() (git-fixes). - ALSA: hda/conexant: Partial revert of a quirk for Lenovo (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo X370SNW (git-fixes). - ALSA: hda/realtek: Add quirk for Lenovo ZhaoYang CF4620Z (git-fixes). - ALSA: hda/realtek: Add quirks for some Clevo laptops (git-fixes). - ALSA: hda/realtek: Fix support for Dell Precision 3260 (git-fixes). - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). - ALSA: hda: intel-dsp-config: add MTL PCI id (git-fixes). - ALSA: usb-audio: Fix recursive locking at XRUN during syncing (git-fixes). - ALSA: usb-audio: Fix regression on detection of Roland VS-100 (git-fixes). - ALSA: ymfpci: Fix BUG_ON in probe function (git-fixes). - ARM: dts: imx6sl: tolino-shine2hd: fix usbotg1 pinctrl (git-fixes). - ARM: dts: imx6sll: e60k02: fix usbotg1 pinctrl (git-fixes). - ASoC: codecs: tx-macro: Fix for KASAN: slab-out-of-bounds (git-fixes). - Bluetooth: L2CAP: Fix responding with wrong PDU type (git-fixes). - Bluetooth: btqcomsmd: Fix command timeout after setting BD address (git-fixes). - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work (git-fixes). - Fix error path in pci-hyperv to unlock the mutex state_lock - HID: cp2112: Fix driver not registering GPIO IRQ chip as threaded (git-fixes). - HID: intel-ish-hid: ipc: Fix potential use-after-free in work function (git-fixes). - Input: alps - fix compatibility with -funsigned-char (bsc#1209805). - Input: focaltech - use explicitly signed char type (git-fixes). - Input: goodix - add Lenovo Yoga Book X90F to nine_bytes_report DMI table (git-fixes). - KABI FIX FOR: NFSv4: keep state manager thread active if swap is enabled (Never, kabi). - KVM: x86: fix sending PV IPI (git-fixes). - NFS: Fix an Oops in nfs_d_automount() (git-fixes). - NFS: fix disabling of swap (git-fixes). - NFSD: Protect against filesystem freezing (git-fixes). - NFSD: fix leaked reference count of nfsd4_ssc_umount_item (git-fixes). - NFSD: fix problems with cleanup on errors in nfsd4_copy (git-fixes). - NFSD: fix use-after-free in nfsd4_ssc_setup_dul() (git-fixes). - NFSd: fix handling of readdir in v4root vs. mount upcall timeout (git-fixes). - NFSd: fix race to check ls_layouts (git-fixes). - NFSd: shut down the NFSv4 state objects before the filecache (git-fixes). - NFSd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure (git-fixes). - NFSd: zero out pointers after putting nfsd_files on COPY setup error (git-fixes). - NFSv4.1 provide mount option to toggle trunking discovery (git-fixes). - NFSv4.2: Fix initialisation of struct nfs4_label (git-fixes). - NFSv4.x: Fail client initialisation if state manager thread can't run (git-fixes). - NFSv4: Fix a credential leak in _nfs4_discover_trunking() (git-fixes). - NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn (git-fixes). - NFSv4: Fix hangs when recovering open state after a server reboot (git-fixes). - NFSv4: fix state manager flag printing (git-fixes). - NFSv4: keep state manager thread active if swap is enabled (git-fixes). - PCI/DPC: Await readiness of secondary bus after reset (git-fixes). - PCI: hv: Add a per-bus mutex state_lock (bsc#1207185). - PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1207185). - PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1207185). - PCI: hv: Use async probing to reduce boot time (bsc#1207185). - PCI: hv: fix a race condition bug in hv_pci_query_relations() (bsc#1207185). - SUNRPC: Fix a server shutdown leak (git-fixes). - SUNRPC: Fix missing release socket in rpc_sockname() (git-fixes). - SUNRPC: ensure the matching upcall is in-flight upon downcall (git-fixes). - USB: cdns3: Fix issue with using incorrect PCI device function (git-fixes). - USB: cdnsp: Fixes error: uninitialized symbol 'len' (git-fixes). - USB: cdnsp: Fixes issue with redundant Status Stage (git-fixes). - USB: cdnsp: changes PCI Device ID to fix conflict with CNDS3 driver (git-fixes). - USB: chipdea: core: fix return -EINVAL if request role is the same with current role (git-fixes). - USB: chipidea: fix memory leak with using debugfs_lookup() (git-fixes). - USB: dwc2: fix a devres leak in hw_enable upon suspend resume (git-fixes). - USB: dwc3: Fix a typo in field name (git-fixes). - USB: dwc3: fix memory leak with using debugfs_lookup() (git-fixes). - USB: dwc3: gadget: Add 1ms delay after end transfer command without IOC (git-fixes). - USB: fix memory leak with using debugfs_lookup() (git-fixes). - USB: fotg210: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: bcm63xx_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: gr_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: lpc32xx_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: pxa25x_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: pxa27x_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: u_audio: do not let userspace block driver unbind (git-fixes). - USB: isp116x: fix memory leak with using debugfs_lookup() (git-fixes). - USB: isp1362: fix memory leak with using debugfs_lookup() (git-fixes). - USB: sl811: fix memory leak with using debugfs_lookup() (git-fixes). - USB: typec: altmodes/displayport: Fix configure initial pin assignment (git-fixes). - USB: typec: tcpm: fix warning when handle discover_identity message (git-fixes). - USB: ucsi: Fix NULL pointer deref in ucsi_connector_change() (git-fixes). - USB: ucsi: Fix ucsi->connector race (git-fixes). - USB: uhci: fix memory leak with using debugfs_lookup() (git-fixes). - USB: xhci: tegra: fix sleep in atomic call (git-fixes). - alarmtimer: Prevent starvation by small intervals and SIG_IGN (git-fixes) - arch: fix broken BuildID for arm64 and riscv (bsc#1209798). - arm64/cpufeature: Fix field sign for DIT hwcap detection (git-fixes) - arm64: dts: freescale: Fix pca954x i2c-mux node names (git-fixes) - arm64: dts: imx8mm-nitrogen-r2: fix WM8960 clock name (git-fixes). - arm64: dts: imx8mn: specify #sound-dai-cells for SAI nodes (git-fixes). - arm64: dts: imx8mp-phycore-som: Remove invalid PMIC property (git-fixes) - arm64: dts: imx8mp: correct usb clocks (git-fixes) - arm64: dts: imx8mq: add mipi csi phy and csi bridge descriptions (git-fixes) - arm64: dts: imx8mq: fix mipi_csi bidirectional port numbers (git-fixes) - arm64: dts: qcom: sm8350: Mark UFS controller as cache coherent (git-fixes). - atm: idt77252: fix kmemleak when rmmod idt77252 (git-fixes). - ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx() (git-fixes). - ca8210: fix mac_len negative array access (git-fixes). - can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write (git-fixes). - can: isotp: isotp_ops: fix poll() to not report false EPOLLOUT events (git-fixes). - can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access (git-fixes). - cifs: Fix smb2_set_path_size() (git-fixes). - cifs: Move the in_send statistic to __smb_send_rqst() (git-fixes). - cifs: append path to open_enter trace event (bsc#1193629). - cifs: avoid race conditions with parallel reconnects (bsc#1193629). - cifs: avoid races in parallel reconnects in smb1 (bsc#1193629). - cifs: check only tcon status on tcon related functions (bsc#1193629). - cifs: do not poll server interfaces too regularly (bsc#1193629). - cifs: double lock in cifs_reconnect_tcon() (git-fixes). - cifs: dump pending mids for all channels in DebugData (bsc#1193629). - cifs: empty interface list when server does not support query interfaces (bsc#1193629). - cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL (bsc#1193629). - cifs: fix dentry lookups in directory handle cache (bsc#1193629). - cifs: fix missing unload_nls() in smb2_reconnect() (bsc#1193629). - cifs: fix use-after-free bug in refresh_cache_worker() (bsc#1193629). - cifs: generate signkey for the channel that's reconnecting (bsc#1193629). - cifs: get rid of dead check in smb2_reconnect() (bsc#1193629). - cifs: lock chan_lock outside match_session (bsc#1193629). - cifs: prevent infinite recursion in CIFSGetDFSRefer() (bsc#1193629). - cifs: print session id while listing open files (bsc#1193629). - cifs: return DFS root session id in DebugData (bsc#1193629). - cifs: set DFS root session in cifs_get_smb_ses() (bsc#1193629). - cifs: use DFS root session instead of tcon ses (bsc#1193629). - clocksource/drivers/mediatek: Optimize systimer irq clear flow on shutdown (git-fixes). - debugfs: add debugfs_lookup_and_remove() (git-fixes). - drivers/base: Fix unsigned comparison to -1 in CPUMAP_FILE_MAX_BYTES (bsc#1208815). - drivers/base: fix userspace break from using bin_attributes for cpumap and cpulist (bsc#1208815). - drm/amd/display: Add DSC Support for Synaptics Cascaded MST Hub (git-fixes). - drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes (git-fixes). - drm/amdkfd: Fix an illegal memory access (git-fixes). - drm/bridge: lt8912b: return EPROBE_DEFER if bridge is not found (git-fixes). - drm/etnaviv: fix reference leak when mmaping imported buffer (git-fixes). - drm/i915/active: Fix missing debug object activation (git-fixes). - drm/i915/active: Fix misuse of non-idle barriers as fence trackers (git-fixes). - drm/i915/display/psr: Handle plane and pipe restrictions at every page flip (git-fixes). - drm/i915/display/psr: Use drm damage helpers to calculate plane damaged area (git-fixes). - drm/i915/display: Workaround cursor left overs with PSR2 selective fetch enabled (git-fixes). - drm/i915/display: clean up comments (git-fixes). - drm/i915/gt: perform uc late init after probe error injection (git-fixes). - drm/i915/psr: Use calculated io and fast wake lines (git-fixes). - drm/i915/tc: Fix the ICL PHY ownership check in TC-cold state (git-fixes). - drm/i915: Do not use BAR mappings for ring buffers with LLC (git-fixes). - drm/i915: Do not use stolen memory for ring buffers with LLC (git-fixes). - drm/i915: Preserve crtc_state->inherited during state clearing (git-fixes). - drm/i915: Remove unused bits of i915_vma/active api (git-fixes). - drm/panfrost: Fix the panfrost_mmu_map_fault_addr() error path (git-fixes). - dt-bindings: serial: renesas,scif: Fix 4th IRQ for 4-IRQ SCIFs (git-fixes). - efi: sysfb_efi: Fix DMI quirks not working for simpledrm (git-fixes). - fbdev: au1200fb: Fix potential divide by zero (git-fixes). - fbdev: intelfb: Fix potential divide by zero (git-fixes). - fbdev: lxfb: Fix potential divide by zero (git-fixes). - fbdev: nvidia: Fix potential divide by zero (git-fixes). - fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks (git-fixes). - fbdev: tgafb: Fix potential divide by zero (git-fixes). - firmware: arm_scmi: Fix device node validation for mailbox transport (git-fixes). - fotg210-udc: Add missing completion handler (git-fixes). - ftrace: Fix invalid address access in lookup_rec() when index is 0 (git-fixes). - ftrace: Fix issue that 'direct->addr' not restored in modify_ftrace_direct() (git-fixes). - ftrace: Mark get_lock_parent_ip() __always_inline (git-fixes). - gpio: GPIO_REGMAP: select REGMAP instead of depending on it (git-fixes). - gpio: davinci: Add irq chip flag to skip set wake (git-fixes). - hwmon: fix potential sensor registration fail if of_node is missing (git-fixes). - i2c: hisi: Only use the completion interrupt to finish the transfer (git-fixes). - i2c: imx-lpi2c: check only for enabled interrupt flags (git-fixes). - i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() (git-fixes). - iio: adc: ad7791: fix IRQ flags (git-fixes). - iio: adc: ti-ads7950: Set `can_sleep` flag for GPIO chip (git-fixes). - iio: adis16480: select CONFIG_CRC32 (git-fixes). - iio: dac: cio-dac: Fix max DAC write value check for 12-bit (git-fixes). - iio: light: cm32181: Unregister second I2C client if present (git-fixes). - kABI workaround for xhci (git-fixes). - kABI: x86/msr: Remove .fixup usage (kabi). - kconfig: Update config changed flag before calling callback (git-fixes). - keys: Do not cache key in task struct if key is requested from kernel thread (git-fixes). - lan78xx: Add missing return code checks (git-fixes). - lan78xx: Fix exception on link speed change (git-fixes). - lan78xx: Fix memory allocation bug (git-fixes). - lan78xx: Fix partial packet errors on suspend/resume (git-fixes). - lan78xx: Fix race condition in disconnect handling (git-fixes). - lan78xx: Fix race conditions in suspend/resume handling (git-fixes). - lan78xx: Fix white space and style issues (git-fixes). - lan78xx: Remove unused pause frame queue (git-fixes). - lan78xx: Remove unused timer (git-fixes). - lan78xx: Set flow control threshold to prevent packet loss (git-fixes). - lockd: set file_lock start and end when decoding nlm4 testargs (git-fixes). - locking/rwbase: Mitigate indefinite writer starvation (bsc#1189998 (PREEMPT_RT prerequisite backports), bsc#1206552). - mm: memcg: fix swapcached stat accounting (bsc#1209804). - mm: mmap: remove newline at the end of the trace (git-fixes). - mmc: atmel-mci: fix race between stop command and start of next command (git-fixes). - mtd: rawnand: meson: fix bitmask for length in command word (git-fixes). - mtd: rawnand: meson: invalidate cache on polling ECC bit (git-fixes). - mtd: rawnand: stm32_fmc2: remove unsupported EDO mode (git-fixes). - mtd: rawnand: stm32_fmc2: use timings.mode instead of checking tRC_min (git-fixes). - mtdblock: tolerate corrected bit-flips (git-fixes). - net: asix: fix modprobe 'sysfs: cannot create duplicate filename' (git-fixes). - net: mdio: thunder: Add missing fwnode_handle_put() (git-fixes). - net: phy: Ensure state transitions are processed from phy_stop() (git-fixes). - net: phy: dp83869: fix default value for tx-/rx-internal-delay (git-fixes). - net: phy: nxp-c45-tja11xx: fix MII_BASIC_CONFIG_REV bit (git-fixes). - net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails (git-fixes). - net: qcom/emac: Fix use after free bug in emac_remove due to race condition (git-fixes). - net: usb: asix: remove redundant assignment to variable reg (git-fixes). - net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990 (git-fixes). - net: usb: lan78xx: Limit packet length to skb->len (git-fixes). - net: usb: qmi_wwan: add Telit 0x1080 composition (git-fixes). - net: usb: smsc75xx: Limit packet length to skb->len (git-fixes). - net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull (git-fixes). - net: usb: smsc95xx: Limit packet length to skb->len (git-fixes). - net: usb: use eth_hw_addr_set() (git-fixes). - nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() (git-fixes). - nilfs2: fix sysfs interface lifetime (git-fixes). - nvme-tcp: always fail a request when sending it failed (bsc#1208902). - pNFS/filelayout: Fix coalescing test for single DS (git-fixes). - pinctrl: amd: Disable and mask interrupts on resume (git-fixes). - pinctrl: at91-pio4: fix domain name assignment (git-fixes). - pinctrl: ocelot: Fix alt mode for ocelot (git-fixes). - platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl (git-fixes). - platform/x86/intel/pmc: Alder Lake PCH slp_s0_residency fix (git-fixes). - platform/x86: think-lmi: Add possible_values for ThinkStation (git-fixes). - platform/x86: think-lmi: Certificate authentication support (bsc#1210050). - platform/x86: think-lmi: Clean up display of current_value on Thinkstation (git-fixes). - platform/x86: think-lmi: Fix memory leak when showing current settings (git-fixes). - platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI strings (git-fixes). - platform/x86: think-lmi: Move kobject_init() call into tlmi_create_auth() (bsc#1210050). - platform/x86: think-lmi: Opcode support (bsc#1210050). - platform/x86: think-lmi: Prevent underflow in index_store() (bsc#1210050). - platform/x86: think-lmi: Simplify tlmi_analyze() error handling a bit (bsc#1210050). - platform/x86: think-lmi: Use min_t() for comparison and assignment (bsc#1210050). - platform/x86: think-lmi: add debug_cmd (bsc#1210050). - platform/x86: think-lmi: add missing type attribute (git-fixes). - platform/x86: think-lmi: certificate support clean ups (bsc#1210050). - platform/x86: think-lmi: only display possible_values if available (git-fixes). - platform/x86: think-lmi: use correct possible_values delimiters (git-fixes). - platform/x86: thinkpad-acpi: Add support for automatic mode transitions (bsc#1210050). - platform/x86: thinkpad-acpi: Enable AMT by default on supported systems (bsc#1210050). - platform/x86: thinkpad-acpi: profile capabilities as integer (bsc#1210050). - platform/x86: thinkpad_acpi: Accept ibm_init_struct.init() returning -ENODEV (bsc#1210050). - platform/x86: thinkpad_acpi: Add LED_RETAIN_AT_SHUTDOWN to led_class_devs (bsc#1210050). - platform/x86: thinkpad_acpi: Add PSC mode support (bsc#1210050). - platform/x86: thinkpad_acpi: Add a s2idle resume quirk for a number of laptops (bsc#1210050). - platform/x86: thinkpad_acpi: Add dual fan probe (bsc#1210050). - platform/x86: thinkpad_acpi: Add dual-fan quirk for T15g (2nd gen) (bsc#1210050). - platform/x86: thinkpad_acpi: Add hotkey_notify_extended_hotkey() helper (bsc#1210050). - platform/x86: thinkpad_acpi: Add lid_logo_dot to the list of safe LEDs (bsc#1210050). - platform/x86: thinkpad_acpi: Add quirk for ThinkPads without a fan (bsc#1210050). - platform/x86: thinkpad_acpi: Cleanup dytc_profile_available (bsc#1210050). - platform/x86: thinkpad_acpi: Convert btusb DMI list to quirks (bsc#1210050). - platform/x86: thinkpad_acpi: Convert platform driver to use dev_groups (bsc#1210050). - platform/x86: thinkpad_acpi: Correct dual fan probe (bsc#1210050). - platform/x86: thinkpad_acpi: Do not use test_bit on an integer (bsc#1210050). - platform/x86: thinkpad_acpi: Enable s2idle quirk for 21A1 machine type (bsc#1210050). - platform/x86: thinkpad_acpi: Explicitly set to balanced mode on startup (bsc#1210050). - platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO resource (bsc#1210050). - platform/x86: thinkpad_acpi: Fix coccinelle warnings (bsc#1210050). - platform/x86: thinkpad_acpi: Fix compiler warning about uninitialized err variable (bsc#1210050). - platform/x86: thinkpad_acpi: Fix incorrect use of platform profile on AMD platforms (bsc#1210050). - platform/x86: thinkpad_acpi: Fix max_brightness of thinklight (bsc#1210050). - platform/x86: thinkpad_acpi: Fix profile mode display in AMT mode (bsc#1210050). - platform/x86: thinkpad_acpi: Fix profile modes on Intel platforms (bsc#1210050). - platform/x86: thinkpad_acpi: Fix reporting a non present second fan on some models (bsc#1210050). - platform/x86: thinkpad_acpi: Fix the hwmon sysfs-attr showing up in the wrong place (bsc#1210050). - platform/x86: thinkpad_acpi: Fix thermal_temp_input_attr sorting (bsc#1210050). - platform/x86: thinkpad_acpi: Fix thinklight LED brightness returning 255 (bsc#1210050). - platform/x86: thinkpad_acpi: Get privacy-screen / lcdshadow ACPI handles only once (bsc#1210050). - platform/x86: thinkpad_acpi: Make *_init() functions return -ENODEV instead of 1 (bsc#1210050). - platform/x86: thinkpad_acpi: Properly indent code in tpacpi_dytc_profile_init() (bsc#1210050). - platform/x86: thinkpad_acpi: Register tpacpi_pdriver after subdriver init (bsc#1210050). - platform/x86: thinkpad_acpi: Remove 'goto err_exit' from hotkey_init() (bsc#1210050). - platform/x86: thinkpad_acpi: Remove unused sensors_pdev_attrs_registered flag (bsc#1210050). - platform/x86: thinkpad_acpi: Restore missing hotkey_tablet_mode and hotkey_radio_sw sysfs-attr (bsc#1210050). - platform/x86: thinkpad_acpi: Simplify dytc_version handling (bsc#1210050). - platform/x86: thinkpad_acpi: Switch to common use of attributes (bsc#1210050). - platform/x86: thinkpad_acpi: Use backlight helper (bsc#1210050). - platform/x86: thinkpad_acpi: clean up dytc profile convert (bsc#1210050). - platform/x86: thinkpad_acpi: consistently check fan_get_status return (bsc#1210050). - platform/x86: thinkpad_acpi: do not use PSC mode on Intel platforms (bsc#1210050). - platform/x86: thinkpad_acpi: tpacpi_attr_group contains driver attributes not device attrs (bsc#1210050). - platform/x86: thinkpad_acpi: use strstarts() (bsc#1210050). - power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition (git-fixes). - powerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch (bsc#1194869). - powerpc/btext: add missing of_node_put (bsc#1065729). - powerpc/ioda/iommu/debugfs: Generate unique debugfs entries (bsc#1194869). - powerpc/iommu: Add missing of_node_put in iommu_init_early_dart (bsc#1194869). - powerpc/iommu: fix memory leak with using debugfs_lookup() (bsc#1194869). - powerpc/kcsan: Exclude udelay to prevent recursive instrumentation (bsc#1194869). - powerpc/kexec_file: fix implicit decl error (bsc#1194869). - powerpc/powernv/ioda: Skip unallocated resources when mapping to PE (bsc#1065729). - powerpc/powernv: fix missing of_node_put in uv_init() (bsc#1194869). - powerpc/pseries/lpar: add missing RTAS retry status handling (bsc#1109158 ltc#169177 git-fixes). - powerpc/pseries/lparcfg: add missing RTAS retry status handling (bsc#1065729). - powerpc/rtas: ensure 4KB alignment for rtas_data_buf (bsc#1065729). - powerpc/vmlinux.lds: Define RUNTIME_DISCARD_EXIT (bsc#1194869). - powerpc/vmlinux.lds: Do not discard .comment (bsc#1194869). - powerpc/vmlinux.lds: Do not discard .rela* for relocatable builds (bsc#1194869). - powerpc/xmon: Fix -Wswitch-unreachable warning in bpt_cmds (bsc#1194869). - powerpc: Remove linker flag from KBUILD_AFLAGS (bsc#1194869). - ppc64le: HWPOISON_INJECT=m (bsc#1209572). - pwm: cros-ec: Explicitly set .polarity in .get_state() (git-fixes). - pwm: sprd: Explicitly set .polarity in .get_state() (git-fixes). - r8169: fix RTL8168H and RTL8107E rx crc error (git-fixes). - rcu: Fix rcu_torture_read ftrace event (git-fixes). - ring-buffer: Fix race while reader and writer are on the same page (git-fixes). - ring-buffer: Handle race between rb_move_tail and rb_check_pages (git-fixes). - ring-buffer: remove obsolete comment for free_buffer_page() (git-fixes). - s390/boot: simplify and fix kernel memory layout setup (bsc#1209600). - s390/dasd: fix no record found for raw_track_access (bsc#1207574). - s390/vfio-ap: fix memory leak in vfio_ap device driver (git-fixes). - sbitmap: Avoid lockups when waker gets preempted (bsc#1209118). - sched/psi: Fix use-after-free in ep_remove_wait_queue() (bsc#1209799). - scsi: qla2xxx: Synchronize the IOCB count to be in order (bsc#1209292 bsc#1209684 bsc#1209556). - sctp: sctp_sock_filter(): avoid list_entry() on possibly empty list (bsc#1208602, git-fixes). - serial: 8250: ASPEED_VUART: select REGMAP instead of depending on it (git-fixes). - serial: 8250: SERIAL_8250_ASPEED_VUART should depend on ARCH_ASPEED (git-fixes). - serial: fsl_lpuart: Fix comment typo (git-fixes). - smb3: fix unusable share after force unmount failure (bsc#1193629). - smb3: lower default deferred close timeout to address perf regression (bsc#1193629). - struct dwc3: mask new member (git-fixes). - thunderbolt: Add missing UNSET_INBOUND_SBTX for retimer access (git-fixes). - thunderbolt: Call tb_check_quirks() after initializing adapters (git-fixes). - thunderbolt: Disable interrupt auto clear for rings (git-fixes). - thunderbolt: Rename shadowed variables bit to interrupt_bit and auto_clear_bit (git-fixes). - thunderbolt: Use const qualifier for `ring_interrupt_index` (git-fixes). - thunderbolt: Use scale field when allocating USB3 bandwidth (git-fixes). - timers: Prevent union confusion from unexpected (git-fixes) - trace/hwlat: Do not start per-cpu thread if it is already running (git-fixes). - trace/hwlat: Do not wipe the contents of per-cpu thread data (git-fixes). - trace/hwlat: make use of the helper function kthread_run_on_cpu() (git-fixes). - tracing: Add trace_array_puts() to write into instance (git-fixes). - tracing: Fix wrong return in kprobe_event_gen_test.c (git-fixes). - tracing: Free error logs of tracing instances (git-fixes). - tracing: Have tracing_snapshot_instance_cond() write errors to the appropriate instance (git-fixes). - tty: serial: fsl_lpuart: avoid checking for transfer complete when UARTCTRL_SBK is asserted in lpuart32_tx_empty (git-fixes). - tty: serial: fsl_lpuart: skip waiting for transmission complete when UARTCTRL_SBK is asserted (git-fixes). - tty: serial: sh-sci: Fix Rx on RZ/G2L SCI (git-fixes). - tty: serial: sh-sci: Fix transmit end interrupt handler (git-fixes). - uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2 (git-fixes). - vdpa_sim: set last_used_idx as last_avail_idx in vdpasim_queue_ready (git-fixes). - wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta (git-fixes). - wifi: mac80211: fix qos on mesh interfaces (git-fixes). - wireguard: ratelimiter: use hrtimer in selftest (git-fixes) - x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes). - x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes). - x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes). - x86/fpu: Cache xfeature flags from CPUID (git-fixes). - x86/fpu: Remove unused supervisor only offsets (git-fixes). - x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes). - x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes). - x86/mce: Allow instrumentation during task work queueing (git-fixes). - x86/mce: Mark mce_end() noinstr (git-fixes). - x86/mce: Mark mce_panic() noinstr (git-fixes). - x86/mce: Mark mce_read_aux() noinstr (git-fixes). - x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes). - x86/msr: Remove .fixup usage (git-fixes). - x86/sgx: Free backing memory after faulting the enclave page (git-fixes). - x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes). - x86/uaccess: Move variable into switch case statement (git-fixes). - x86: Annotate call_on_stack() (git-fixes). - x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (bsc#1203200). - xfs: convert ptag flags to unsigned (git-fixes). - xfs: do not assert fail on perag references on teardown (git-fixes). - xfs: do not leak btree cursor when insrec fails after a split (git-fixes). - xfs: pass the correct cursor to xfs_iomap_prealloc_size (git-fixes). - xfs: remove xfs_setattr_time() declaration (git-fixes). - xfs: zero inode fork buffer at allocation (git-fixes). - xhci: Free the command allocated for setting LPM if we return early (git-fixes). - xhci: also avoid the XHCI_ZERO_64B_REGS quirk with a passthrough iommu (git-fixes). - xirc2ps_cs: Fix use after free bug in xirc2ps_detach (git-fixes). - xprtrdma: Fix regbuf data not freed in rpcrdma_req_create() (git-fixes). ----------------------------------------- Patch: SUSE-2023-2003 Released: Tue Apr 25 18:05:42 2023 Summary: Security update for runc Severity: important References: 1168481,1208962,1209884,1209888,CVE-2023-25809,CVE-2023-27561,CVE-2023-28642 Description: This update for runc fixes the following issues: Update to runc v1.1.5: Security fixes: - CVE-2023-25809: Fixed rootless `/sys/fs/cgroup` is writable when cgroupns isn't unshared (bnc#1209884). - CVE-2023-27561: Fixed regression that reintroduced CVE-2019-19921 vulnerability (bnc#1208962). - CVE-2023-28642: Fixed AppArmor/SELinux bypass with symlinked /proc (bnc#1209888). Other fixes: - Fix the inability to use `/dev/null` when inside a container. - Fix changing the ownership of host's `/dev/null` caused by fd redirection (bsc#1168481). - Fix rare runc exec/enter unshare error on older kernels. - nsexec: Check for errors in `write_log()`. - Drop version-specific Go requirement. ----------------------------------------- Patch: SUSE-2023-2053 Released: Thu Apr 27 11:31:08 2023 Summary: Security update for libxml2 Severity: moderate References: 1209918,1210411,1210412,CVE-2023-28484,CVE-2023-29469 Description: This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). The following non-security bug was fixed: - Remove unneeded dependency (bsc#1209918). ----------------------------------------- Patch: SUSE-2023-2060 Released: Thu Apr 27 17:04:25 2023 Summary: Security update for glib2 Severity: moderate References: 1209713,1209714,1210135,CVE-2023-24593,CVE-2023-25180 Description: This update for glib2 fixes the following issues: - CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714). - CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713). The following non-security bug was fixed: - Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978). ----------------------------------------- Patch: SUSE-2023-2111 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Severity: moderate References: 1210434,CVE-2023-29491 Description: This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------- Patch: SUSE-2023-2133 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Severity: moderate References: 1206513 Description: This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) ----------------------------------------- Patch: SUSE-2023-2157 Released: Wed May 10 13:21:20 2023 Summary: Security update for conmon Severity: important References: 1200441 Description: This update of conmon fixes the following issues: - rebuild the package with the go 19.9 secure release (bsc#1200441). ----------------------------------------- Patch: SUSE-2023-2224 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 Description: This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). ----------------------------------------- Patch: SUSE-2023-2231 Released: Wed May 17 10:08:22 2023 Summary: Security update for the Linux Kernel Severity: important References: 1142685,1155798,1174777,1189999,1194869,1203039,1203325,1206649,1206891,1206992,1207088,1208076,1208845,1209615,1209693,1209739,1209871,1209927,1209999,1210034,1210158,1210202,1210206,1210301,1210329,1210336,1210337,1210439,1210453,1210454,1210469,1210506,1210629,1210725,1210762,1210763,1210764,1210765,1210766,1210767,1210768,1210769,1210770,1210771,1210793,1210816,1210817,1210827,1210943,1210953,1210986,1211025,CVE-2022-2196,CVE-2023-0386,CVE-2023-1670,CVE-2023-1855,CVE-2023-1989,CVE-2023-1990,CVE-2023-1998,CVE-2023-2008,CVE-2023-2019,CVE-2023-2176,CVE-2023-2235,CVE-2023-23006,CVE-2023-30772 Description: The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2235: A use-after-free vulnerability in the Performance Events system can be exploited to achieve local privilege escalation (bsc#1210986). - CVE-2022-2196: Fixed a regression related to KVM that allowed for speculative execution attacks (bsc#1206992). - CVE-2023-23006: Fixed NULL checking against IS_ERR in dr_domain_init_resources (bsc#1208845). - CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871). - CVE-2023-2176: A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege (bsc#1210629). - CVE-2023-0386: A flaw was found where unauthorized access to the execution of the setuid file with capabilities was found in the OverlayFS subsystem, when a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allowed a local user to escalate their privileges on the system (bsc#1209615). - CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506). - CVE-2023-1855: Fixed a use after free in xgene_hwmon_remove (bsc#1210202). - CVE-2023-30772: Fixed a race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329). - CVE-2023-2019: A flaw was found in the netdevsim device driver, more specifically within the scheduling of events. This issue results from the improper management of a reference count and may lead to a denial of service (bsc#1210454). - CVE-2023-2008: A flaw was found in the fault handler of the udmabuf device driver. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code (bsc#1210453). - CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336). - CVE-2023-1990: Fixed a use after free in ndlc_remove (bsc#1210337). The following non-security bugs were fixed: - ACPI: CPPC: Disable FIE if registers in PCC regions (bsc#1210953). - ACPI: VIOT: Initialize the correct IOMMU fwspec (git-fixes). - ACPI: resource: Add Medion S17413 to IRQ override quirk (git-fixes). - ALSA: emu10k1: do not create old pass-through playback device on Audigy (git-fixes). - ALSA: emu10k1: fix capture interrupt handler unlinking (git-fixes). - ALSA: firewire-tascam: add missing unwind goto in snd_tscm_stream_start_duplex() (git-fixes). - ALSA: hda/cirrus: Add extra 10 ms delay to allow PLL settle and lock (git-fixes). - ALSA: hda/realtek: Add quirks for Lenovo Z13/Z16 Gen2 (git-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs and speaker support for HP Laptops (git-fixes). - ALSA: hda/realtek: Remove specific patch for Dell Precision 3260 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). - ALSA: hda/realtek: fix speaker, mute/micmute LEDs not work on a HP platform (git-fixes). - ALSA: hda/sigmatel: add pin overrides for Intel DP45SG motherboard (git-fixes). - ALSA: hda/sigmatel: fix S/PDIF out on Intel D*45* motherboards (git-fixes). - ALSA: hda: cs35l41: Enable Amp High Pass Filter (git-fixes). - ALSA: hda: patch_realtek: add quirk for Asus N7601ZM (git-fixes). - ALSA: i2c/cs8427: fix iec958 mixer control deactivation (git-fixes). - ARM: 9290/1: uaccess: Fix KASAN false-positives (git-fixes). - ARM: dts: exynos: fix WM8960 clock name in Itop Elite (git-fixes). - ARM: dts: gta04: fix excess dma channel usage (git-fixes). - ARM: dts: qcom: ipq4019: Fix the PCI I/O port range (git-fixes). - ARM: dts: rockchip: fix a typo error for rk3288 spdif node (git-fixes). - ARM: dts: s5pv210: correct MIPI CSIS clock name (git-fixes). - ASN.1: Fix check for strdup() success (git-fixes). - ASoC: cs35l41: Only disable internal boost (git-fixes). - ASoC: es8316: Handle optional IRQ assignment (git-fixes). - ASoC: fsl_asrc_dma: fix potential null-ptr-deref (git-fixes). - ASoC: fsl_mqs: move of_node_put() to the correct location (git-fixes). - Add 42a11bf5c543 cgroup/cpuset: Make cpuset_fork() handle CLONE_INTO_CGROUP properly - Add eee878537941 cgroup/cpuset: Add cpuset_can_fork() and cpuset_cancel_fork() methods - Bluetooth: Fix race condition in hidp_session_thread (git-fixes). - Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp} (git-fixes). - Drivers: vmbus: Check for channel allocation before looking up relids (git-fixes). - IB/mlx5: Add support for 400G_8X lane speed (git-fixes) - Input: hp_sdc_rtc - mark an unused function as __maybe_unused (git-fixes). - Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe (git-fixes). - KEYS: Add missing function documentation (git-fixes). - KEYS: Create static version of public_key_verify_signature (git-fixes). - NFS: Cleanup unused rpc_clnt variable (git-fixes). - NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL (git-fixes). - NFSD: callback request does not use correct credential for AUTH_SYS (git-fixes). - PCI/EDR: Clear Device Status after EDR error recovery (git-fixes). - PCI: dwc: Fix PORT_LINK_CONTROL update when CDM check enabled (git-fixes). - PCI: imx6: Install the fault handler only on compatible match (git-fixes). - PCI: loongson: Add more devices that need MRRS quirk (git-fixes). - PCI: loongson: Prevent LS7A MRRS increases (git-fixes). - PCI: pciehp: Fix AB-BA deadlock between reset_lock and device_lock (git-fixes). - PCI: qcom: Fix the incorrect register usage in v2.7.0 config (git-fixes). - RDMA/cma: Allow UD qp_type to join multicast only (git-fixes) - RDMA/core: Fix GID entry ref leak when create_ah fails (git-fixes) - RDMA/irdma: Add ipv4 check to irdma_find_listener() (git-fixes) - RDMA/irdma: Fix memory leak of PBLE objects (git-fixes) - RDMA/irdma: Increase iWARP CM default rexmit count (git-fixes) - Remove obsolete KMP obsoletes (bsc#1210469). - Revert 'Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work' (git-fixes). - Revert 'pinctrl: amd: Disable and mask interrupts on resume' (git-fixes). - USB: dwc3: fix runtime pm imbalance on probe errors (git-fixes). - USB: dwc3: fix runtime pm imbalance on unbind (git-fixes). - USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs (git-fixes). - USB: serial: option: add Quectel RM500U-CN modem (git-fixes). - USB: serial: option: add Telit FE990 compositions (git-fixes). - USB: serial: option: add UNISOC vendor and TOZED LT70C product (git-fixes). - amdgpu: disable powerpc support for the newer display engine (bsc#1194869). - arm64: dts: imx8mm-evk: correct pmic clock source (git-fixes). - arm64: dts: meson-g12-common: specify full DMC range (git-fixes). - arm64: dts: qcom: ipq8074-hk01: enable QMP device, not the PHY node (git-fixes). - arm64: dts: qcom: ipq8074: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: msm8994-kitakami: drop unit address from PMI8994 regulator (git-fixes). - arm64: dts: qcom: msm8994-msft-lumia-octagon: drop unit address from PMI8994 regulator (git-fixes). - arm64: dts: qcom: msm8996: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: msm8998: Fix stm-stimulus-base reg name (git-fixes). - arm64: dts: qcom: msm8998: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: sc7180-trogdor-lazor: correct trackpad supply (git-fixes). - arm64: dts: qcom: sdm845: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: sm8250: Fix the PCI I/O port range (git-fixes). - arm64: dts: renesas: r8a774c0: Remove bogus voltages from OPP table (git-fixes). - arm64: dts: renesas: r8a77990: Remove bogus voltages from OPP table (git-fixes). - arm64: dts: ti: k3-j721e-main: Remove ti,strobe-sel property (git-fixes). - arm64: enable jump-label jump-label was disabled on arm64 by a backport error. - bluetooth: Perform careful capability checks in hci_sock_ioctl() (git-fixes). - cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach() (bsc#1210827). - cifs: fix negotiate context parsing (bsc#1210301). - clk: add missing of_node_put() in 'assigned-clocks' property parsing (git-fixes). - clk: at91: clk-sam9x60-pll: fix return value check (git-fixes). - clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src to reparent (git-fixes). - clk: sprd: set max_register according to mapping range (git-fixes). - clocksource/drivers/davinci: Fix memory leak in davinci_timer_register when init fails (git-fixes). - config: arm64: enable ERRATUM_843419 Config option was incorrectly replaced by the rt-refresh-configs script - cpufreq: CPPC: Fix build error without CONFIG_ACPI_CPPC_CPUFREQ_FIE (bsc#1210953). - cpufreq: CPPC: Fix performance/frequency conversion (git-fixes). - cpumask: fix incorrect cpumask scanning result checks (bsc#1210943). - crypto: caam - Clear some memory in instantiate_rng (git-fixes). - crypto: drbg - Only fail when jent is unavailable in FIPS mode (git-fixes). - crypto: sa2ul - Select CRYPTO_DES (git-fixes). - crypto: safexcel - Cleanup ring IRQ workqueues on load failure (git-fixes). - driver core: Do not require dynamic_debug for initcall_debug probe timing (git-fixes). - drivers: staging: rtl8723bs: Fix locking in _rtw_join_timeout_handler() (git-fixes). - drivers: staging: rtl8723bs: Fix locking in rtw_scan_timeout_handler() (git-fixes). - drm/amd/display/dc/dce60/Makefile: Fix previous attempt to silence known override-init warnings (git-fixes). - drm/amd/display: Fix potential null dereference (git-fixes). - drm/amdgpu: Re-enable DCN for 64-bit powerpc (bsc#1194869). - drm/armada: Fix a potential double free in an error handling path (git-fixes). - drm/bridge: adv7533: Fix adv7533_mode_valid for adv7533 and adv7535 (git-fixes). - drm/bridge: lt8912b: Fix DSI Video Mode (git-fixes). - drm/bridge: lt9611: Fix PLL being unable to lock (git-fixes). - drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var (git-fixes). - drm/i915/dsi: fix DSS CTL register offsets for TGL+ (git-fixes). - drm/i915: Fix fast wake AUX sync len (git-fixes). - drm/i915: Make intel_get_crtc_new_encoder() less oopsy (git-fixes). - drm/i915: fix race condition UAF in i915_perf_add_config_ioctl (git-fixes). - drm/lima/lima_drv: Add missing unwind goto in lima_pdev_probe() (git-fixes). - drm/msm/adreno: drop bogus pm_runtime_set_active() (git-fixes). - drm/msm/disp/dpu: check for crtc enable rather than crtc active to release shared resources (git-fixes). - drm/msm: fix NULL-deref on snapshot tear down (git-fixes). - drm/nouveau/disp: Support more modes by checking with lower bpc (git-fixes). - drm/panel: otm8009a: Set backlight parent to panel device (git-fixes). - drm/probe-helper: Cancel previous job before starting new one (git-fixes). - drm/rockchip: Drop unbalanced obj unref (git-fixes). - drm/vgem: add missing mutex_destroy (git-fixes). - drm: msm: adreno: Disable preemption on Adreno 510 (git-fixes). - drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Book X90F (git-fixes). - drm: rcar-du: Fix a NULL vs IS_ERR() bug (git-fixes). - dt-bindings: arm: fsl: Fix copy-paste error in comment (git-fixes). - dt-bindings: iio: ti,tmp117: fix documentation link (git-fixes). - dt-bindings: mailbox: qcom,apcs-kpss-global: fix SDX55 'if' match (git-fixes). - dt-bindings: nvmem: qcom,spmi-sdam: fix example 'reg' property (git-fixes). - dt-bindings: remoteproc: stm32-rproc: Typo fix (git-fixes). - dt-bindings: soc: qcom: smd-rpm: re-add missing qcom,rpm-msm8994 (git-fixes). - e1000e: Disable TSO on i219-LM card to increase speed (git-fixes). - efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L (git-fixes). - ext4: Fix deadlock during directory rename (bsc#1210763). - ext4: Fix possible corruption when moving a directory (bsc#1210763). - ext4: fix RENAME_WHITEOUT handling for inline directories (bsc#1210766). - ext4: fix another off-by-one fsmap error on 1k block filesystems (bsc#1210767). - ext4: fix bad checksum after online resize (bsc#1210762 bsc#1208076). - ext4: fix cgroup writeback accounting with fs-layer encryption (bsc#1210765). - ext4: fix corruption when online resizing a 1K bigalloc fs (bsc#1206891). - ext4: fix incorrect options show of original mount_opt and extend mount_opt2 (bsc#1210764). - ext4: fix possible double unlock when moving a directory (bsc#1210763). - ext4: use ext4_journal_start/stop for fast commit transactions (bsc#1210793). - fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace (git-fixes). - firmware: qcom_scm: Clear download bit during reboot (git-fixes). - firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe (git-fixes). - fpga: bridge: fix kernel-doc parameter description (git-fixes). - hwmon: (adt7475) Use device_property APIs when configuring polarity (git-fixes). - hwmon: (k10temp) Check range scale when CUR_TEMP register is read-write (git-fixes). - hwmon: (pmbus/fsp-3y) Fix functionality bitmask in FSP-3Y YM-2151E (git-fixes). - i2c: cadence: cdns_i2c_master_xfer(): Fix runtime PM leak on error path (git-fixes). - i2c: hisi: Avoid redundant interrupts (git-fixes). - i2c: imx-lpi2c: clean rx/tx buffers upon new message (git-fixes). - i2c: ocores: generate stop condition after timeout in polling mode (git-fixes). - i915/perf: Replace DRM_DEBUG with driver specific drm_dbg call (git-fixes). - ice: avoid bonding causing auxiliary plug/unplug under RTNL lock (bsc#1210158). - iio: adc: at91-sama5d2_adc: fix an error code in at91_adc_allocate_trigger() (git-fixes). - iio: light: tsl2772: fix reading proximity-diodes from device tree (git-fixes). - ipmi: fix SSIF not responding under certain cond (git-fixes). - ipmi:ssif: Add send_retries increment (git-fixes). - k-m-s: Drop Linux 2.6 support - kABI: PCI: loongson: Prevent LS7A MRRS increases (kabi). - kABI: x86/msi: Fix msi message data shadow struct (kabi). - kabi/severities: ignore KABI for NVMe target (bsc#1174777) The target code is only for testing and there are no external users. - keys: Fix linking a duplicate key to a keyring's assoc_array (bsc#1207088). - locking/rwbase: Mitigate indefinite writer starvation. - media: av7110: prevent underflow in write_ts_to_decoder() (git-fixes). - media: dm1105: Fix use after free bug in dm1105_remove due to race condition (git-fixes). - media: max9286: Free control handler (git-fixes). - media: rc: gpio-ir-recv: Fix support for wake-up (git-fixes). - media: rkvdec: fix use after free bug in rkvdec_remove (git-fixes). - media: saa7134: fix use after free bug in saa7134_finidev due to race condition (git-fixes). - media: venus: dec: Fix handling of the start cmd (git-fixes). - memstick: fix memory leak if card device is never registered (git-fixes). - mm/filemap: fix page end in filemap_get_read_batch (bsc#1210768). - mm: page_alloc: skip regions with hugetlbfs pages when allocating 1G pages (bsc#1210034). - mm: take a page reference when removing device exclusive entries (bsc#1211025). - mmc: sdhci-of-esdhc: fix quirk to ignore command inhibit for data (git-fixes). - mmc: sdhci_am654: Set HIGH_SPEED_ENA for SDR12 and SDR25 (git-fixes). - mtd: core: fix error path for nvmem provider (git-fixes). - mtd: core: fix nvmem error reporting (git-fixes). - mtd: core: provide unique name for nvmem device, take two (git-fixes). - mtd: spi-nor: Fix a trivial typo (git-fixes). - net: phy: nxp-c45-tja11xx: add remove callback (git-fixes). - net: phy: nxp-c45-tja11xx: fix unsigned long multiplication overflow (git-fixes). - nfsd: call op_release, even when op_func returns an error (git-fixes). - nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread() (git-fixes). - nilfs2: initialize unused bytes in segment summary blocks (git-fixes). - nvme initialize core quirks before calling nvme_init_subsystem (git-fixes). - nvme-auth: uninitialized variable in nvme_auth_transform_key() (git-fixes). - nvme-fcloop: fix 'inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage' (git-fixes). - nvme-hwmon: consistently ignore errors from nvme_hwmon_init (git-fixes). - nvme-hwmon: kmalloc the NVME SMART log buffer (git-fixes). - nvme-multipath: fix possible hang in live ns resize with ANA access (git-fixes). - nvme-pci: fix doorbell buffer value endianness (git-fixes). - nvme-pci: fix mempool alloc size (git-fixes). - nvme-pci: fix page size checks (git-fixes). - nvme-pci: fix timeout request state check (git-fixes). - nvme-rdma: fix possible hang caused during ctrl deletion (git-fixes). - nvme-tcp: fix possible circular locking when deleting a controller under memory pressure (git-fixes). - nvme-tcp: fix possible hang caused during ctrl deletion (git-fixes). - nvme-tcp: fix regression that causes sporadic requests to time out (git-fixes). - nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme devices (git-fixes). - nvme: add device name to warning in uuid_show() (git-fixes). - nvme: catch -ENODEV from nvme_revalidate_zones again (git-fixes). - nvme: copy firmware_rev on each init (git-fixes). - nvme: define compat_ioctl again to unbreak 32-bit userspace (git-fixes). - nvme: fix async event trace event (git-fixes). - nvme: fix handling single range discard request (git-fixes). - nvme: fix per-namespace chardev deletion (git-fixes). - nvme: fix the NVME_CMD_EFFECTS_CSE_MASK definition (git-fixes). - nvme: fix the read-only state for zoned namespaces with unsupposed features (git-fixes). - nvme: improve the NVME_CONNECT_AUTHREQ* definitions (git-fixes). - nvme: move nvme_multi_css into nvme.h (git-fixes). - nvme: return err on nvme_init_non_mdts_limits fail (git-fixes). - nvme: send Identify with CNS 06h only to I/O controllers (bsc#1209693). - nvme: set dma alignment to dword (git-fixes). - nvme: use command_id instead of req->tag in trace_nvme_complete_rq() (git-fixes). - nvmet-auth: do not try to cancel a non-initialized work_struct (git-fixes). - nvmet-tcp: fix incomplete data digest send (git-fixes). - nvmet-tcp: fix regression in data_digest calculation (git-fixes). - nvmet: add helpers to set the result field for connect commands (git-fixes). - nvmet: avoid potential UAF in nvmet_req_complete() (git-fixes). - nvmet: do not defer passthrough commands with trivial effects to the workqueue (git-fixes). - nvmet: fix I/O Command Set specific Identify Controller (git-fixes). - nvmet: fix Identify Active Namespace ID list handling (git-fixes). - nvmet: fix Identify Controller handling (git-fixes). - nvmet: fix Identify Namespace handling (git-fixes). - nvmet: fix a memory leak (git-fixes). - nvmet: fix a memory leak in nvmet_auth_set_key (git-fixes). - nvmet: fix a use-after-free (git-fixes). - nvmet: fix invalid memory reference in nvmet_subsys_attr_qid_max_show (git-fixes). - nvmet: force reconnect when number of queue changes (git-fixes). - nvmet: looks at the passthrough controller when initializing CAP (git-fixes). - nvmet: only allocate a single slab for bvecs (git-fixes). - nvmet: use IOCB_NOWAIT only if the filesystem supports it (git-fixes). - perf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output (git fixes). - perf/core: Fix the same task check in perf_event_set_output (git fixes). - perf: Fix check before add_event_to_groups() in perf_group_detach() (git fixes). - perf: fix perf_event_context->time (git fixes). - platform/x86 (gigabyte-wmi): Add support for A320M-S2H V2 (git-fixes). - platform/x86: gigabyte-wmi: add support for X570S AORUS ELITE (git-fixes). - power: supply: cros_usbpd: reclassify 'default case!' as debug (git-fixes). - power: supply: generic-adc-battery: fix unit scaling (git-fixes). - powerpc/64: Always build with 128-bit long double (bsc#1194869). - powerpc/64e: Fix amdgpu build on Book3E w/o AltiVec (bsc#1194869). - powerpc/hv-gpci: Fix hv_gpci event list (git fixes). - powerpc/papr_scm: Update the NUMA distance table for the target node (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes). - powerpc/perf/hv-24x7: add missing RTAS retry status handling (git fixes). - powerpc/pseries: Consolidate different NUMA distance update code paths (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes). - powerpc: declare unmodified attribute_group usages const (git-fixes). - regulator: core: Avoid lockdep reports when resolving supplies (git-fixes). - regulator: core: Consistently set mutex_owner when using ww_mutex_lock_slow() (git-fixes). - regulator: core: Shorten off-on-delay-us for always-on/boot-on by time since booted (git-fixes). - regulator: fan53555: Explicitly include bits header (git-fixes). - regulator: fan53555: Fix wrong TCS_SLEW_MASK (git-fixes). - regulator: stm32-pwr: fix of_iomap leak (git-fixes). - remoteproc: Harden rproc_handle_vdev() against integer overflow (git-fixes). - remoteproc: imx_rproc: Call of_node_put() on iteration error (git-fixes). - remoteproc: st: Call of_node_put() on iteration error (git-fixes). - remoteproc: stm32: Call of_node_put() on iteration error (git-fixes). - rtc: meson-vrtc: Use ktime_get_real_ts64() to get the current time (git-fixes). - rtc: omap: include header for omap_rtc_power_off_program prototype (git-fixes). - sched/fair: Fix imbalance overflow (bsc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Limit sched slice duration (bsc#1189999 (Scheduler functional and performance backports)). - sched/fair: Move calculate of avg_load to a better location (bsc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Sanitize vruntime of entity being migrated (bsc#1203325). - sched/fair: sanitize vruntime of entity being placed (bsc#1203325). - sched/numa: Stop an exhastive search if an idle core is found (bsc#1189999 (Scheduler functional and performance backports)). - sched_getaffinity: do not assume 'cpumask_size()' is fully initialized (bsc#1155798 (CPU scheduler functional and performance backports)). - scsi: aic94xx: Add missing check for dma_map_single() (git-fixes). - scsi: core: Add BLIST_NO_VPD_SIZE for some VDASD (git-fixes bsc#1203039) (renamed now that it's upstgream) - scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR (git-fixes). - scsi: core: Fix a procfs host directory removal regression (git-fixes). - scsi: core: Fix a source code comment (git-fixes). - scsi: core: Remove the /proc/scsi/${proc_name} directory earlier (git-fixes). - scsi: hisi_sas: Check devm_add_action() return value (git-fixes). - scsi: hisi_sas: Set a port invalid only if there are no devices attached when refreshing port id (git-fixes). - scsi: ipr: Work around fortify-string warning (git-fixes). - scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param() (git-fixes). - scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress (git-fixes). - scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress (git-fixes). - scsi: kABI workaround for fc_host_fpin_rcv (git-fixes). - scsi: libsas: Remove useless dev_list delete in sas_ex_discover_end_dev() (git-fixes). - scsi: lpfc: Avoid usage of list iterator variable after loop (git-fixes). - scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read() (git-fixes). - scsi: lpfc: Copyright updates for 14.2.0.11 patches (bsc#1210943). - scsi: lpfc: Correct used_rpi count when devloss tmo fires with no recovery (bsc#1210943). - scsi: lpfc: Defer issuing new PLOGI if received RSCN before completing REG_LOGIN (bsc#1210943). - scsi: lpfc: Drop redundant pci_enable_pcie_error_reporting() (bsc#1210943). - scsi: lpfc: Fix double word in comments (bsc#1210943). - scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup() (bsc#1210943). - scsi: lpfc: Fix lockdep warning for rx_monitor lock when unloading driver (bsc#1210943). - scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer overflow (bsc#1210943). - scsi: lpfc: Record LOGO state with discovery engine even if aborted (bsc#1210943). - scsi: lpfc: Reorder freeing of various DMA buffers and their list removal (bsc#1210943). - scsi: lpfc: Revise lpfc_error_lost_link() reason code evaluation logic (bsc#1210943). - scsi: lpfc: Silence an incorrect device output (bsc#1210943). - scsi: lpfc: Skip waiting for register ready bits when in unrecoverable state (bsc#1210943). - scsi: lpfc: Update lpfc version to 14.2.0.11 (bsc#1210943). - scsi: megaraid_sas: Fix crash after a double completion (git-fixes). - scsi: megaraid_sas: Update max supported LD IDs to 240 (git-fixes). - scsi: mpt3sas: Do not print sense pool info twice (git-fixes). - scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add() (git-fixes). - scsi: mpt3sas: Fix a memory leak (git-fixes). - scsi: qla2xxx: Fix memory leak in qla2x00_probe_one() (git-fixes). - scsi: qla2xxx: Perform lockless command completion in abort path (git-fixes). - scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() (git-fixes). - scsi: scsi_transport_fc: Add an additional flag to fc_host_fpin_rcv() (bsc#1210943). - scsi: sd: Fix wrong zone_write_granularity value during revalidate (git-fixes). - scsi: ses: Do not attach if enclosure has no components (git-fixes). - scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses (git-fixes). - scsi: ses: Fix possible desc_ptr out-of-bounds accesses (git-fixes). - scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process() (git-fixes). - scsi: ses: Fix slab-out-of-bounds in ses_intf_remove() (git-fixes). - scsi: snic: Fix memory leak with using debugfs_lookup() (git-fixes). - seccomp: Move copy_seccomp() to no failure path (bsc#1210817). - selftests/kselftest/runner/run_one(): allow running non-executable files (git-fixes). - selftests: sigaltstack: fix -Wuninitialized (git-fixes). - selinux: ensure av_permissions.h is built when needed (git-fixes). - selinux: fix Makefile dependencies of flask.h (git-fixes). - serial: 8250: Add missing wakeup event reporting (git-fixes). - serial: 8250_bcm7271: Fix arbitration handling (git-fixes). - serial: 8250_exar: derive nr_ports from PCI ID for Acces I/O cards (git-fixes). - serial: exar: Add support for Sealevel 7xxxC serial cards (git-fixes). - signal handling: do not use BUG_ON() for debugging (bsc#1210439). - signal: Add SA_IMMUTABLE to ensure forced siganls do not get changed (bsc#1210816). - signal: Do not always set SA_IMMUTABLE for forced signals (bsc#1210816). - signal: HANDLER_EXIT should clear SIGNAL_UNKILLABLE (bsc#1210816). - soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe (git-fixes). - spi: cadence-quadspi: fix suspend-resume implementations (git-fixes). - spi: fsl-spi: Fix CPM/QE mode Litte Endian (git-fixes). - spi: qup: Do not skip cleanup in remove's error path (git-fixes). - staging: iio: resolver: ads1210: fix config mode (git-fixes). - staging: rtl8192e: Fix W_DISABLE# does not work after stop/start (git-fixes). - stat: fix inconsistency between struct stat and struct compat_stat (git-fixes). - sunrpc: only free unix grouplist after RCU settles (git-fixes). - supported.conf: declaring usb_f_ncm supported as requested in (jsc#PED-3750) Support for the legacy functionality g_ncm is still under discussion (see jsc-PED#3200) For maintainance see (jsc#PED-3759) - supported.conf: support u_ether and libcomposite (jsc-PED#3750) This is necessary for g_ncm (for maintainance see jsc-PED#3759) - tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH (git-fixes). - tty: serial: fsl_lpuart: adjust buffer length to the intended size (git-fixes). - udf: Check consistency of Space Bitmap Descriptor (bsc#1210771). - udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (bsc#1206649). - udf: Support splicing to file (bsc#1210770). - usb: chipidea: fix missing goto in `ci_hdrc_probe` (git-fixes). - usb: chipidea: imx: avoid unnecessary probe defer (git-fixes). - usb: dwc3: gadget: Change condition for processing suspend event (git-fixes). - usb: dwc3: pci: add support for the Intel Meteor Lake-S (git-fixes). - usb: gadget: tegra-xudc: Fix crash in vbus_draw (git-fixes). - usb: gadget: udc: renesas_usb3: Fix use after free bug in renesas_usb3_remove due to race condition (git-fixes). - usb: host: xhci-rcar: remove leftover quirk handling (git-fixes). - virt/coco/sev-guest: Add throttling awareness (bsc#1209927). - virt/coco/sev-guest: Carve out the request issuing logic into a helper (bsc#1209927). - virt/coco/sev-guest: Check SEV_SNP attribute at probe time (bsc#1209927). - virt/coco/sev-guest: Convert the sw_exit_info_2 checking to a switch-case (bsc#1209927). - virt/coco/sev-guest: Do some code style cleanups (bsc#1209927). - virt/coco/sev-guest: Remove the disable_vmpck label in handle_guest_request() (bsc#1209927). - virt/coco/sev-guest: Simplify extended guest request handling (bsc#1209927). - virt/sev-guest: Return -EIO if certificate buffer is not large enough (bsc#1209927). - virtio_ring: do not update event idx on get_buf (git-fixes). - vmci_host: fix a race condition in vmci_host_poll() causing GPF (git-fixes). - vmxnet3: use gro callback when UPT is enabled (bsc#1209739). - wifi: ath5k: fix an off by one check in ath5k_eeprom_read_freq_list() (git-fixes). - wifi: ath6kl: minor fix for allocation size (git-fixes). - wifi: ath6kl: reduce WARN to dev_dbg() in callback (git-fixes). - wifi: ath9k: hif_usb: fix memory leak of remain_skbs (git-fixes). - wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (git-fixes). - wifi: brcmfmac: support CQM RSSI notification with older firmware (git-fixes). - wifi: iwlwifi: debug: fix crash in __iwl_err() (git-fixes). - wifi: iwlwifi: fix duplicate entry in iwl_dev_info_table (git-fixes). - wifi: iwlwifi: fw: fix memory leak in debugfs (git-fixes). - wifi: iwlwifi: fw: move memset before early return (git-fixes). - wifi: iwlwifi: make the loop for card preparation effective (git-fixes). - wifi: iwlwifi: mvm: check firmware response size (git-fixes). - wifi: iwlwifi: mvm: do not set CHECKSUM_COMPLETE for unsupported protocols (git-fixes). - wifi: iwlwifi: mvm: fix mvmtxq->stopped handling (git-fixes). - wifi: iwlwifi: mvm: initialize seq variable (git-fixes). - wifi: iwlwifi: trans: do not trigger d3 interrupt twice (git-fixes). - wifi: iwlwifi: yoyo: Fix possible division by zero (git-fixes). - wifi: iwlwifi: yoyo: skip dump correctly on hw error (git-fixes). - wifi: mac80211: adjust scan cancel comment/check (git-fixes). - wifi: mt76: add missing locking to protect against concurrent rx/status calls (git-fixes). - wifi: mt76: fix 6GHz high channel not be scanned (git-fixes). - wifi: mt76: handle failure of vzalloc in mt7615_coredump_work (git-fixes). - wifi: mwifiex: mark OF related data as maybe unused (git-fixes). - wifi: rt2x00: Fix memory leak when handling surveys (git-fixes). - wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_reg() (git-fixes). - wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_rfreg() (git-fixes). - wifi: rtw88: mac: Return the original error from rtw_mac_power_switch() (git-fixes). - wifi: rtw88: mac: Return the original error from rtw_pwr_seq_parser() (git-fixes). - wifi: rtw89: fix potential race condition between napi_init and napi_enable (git-fixes). - writeback, cgroup: fix null-ptr-deref write in bdi_split_work_to_wbs (bsc#1210769). - x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails (git-fixes). - x86/PCI: Add quirk for AMD XHCI controller that loses MSI-X state in D3hot (git-fixes). - x86/bug: Prevent shadowing in __WARN_FLAGS (git-fixes). - x86/bugs: Enable STIBP for IBPB mitigated RETBleed (git-fixes). - x86/entry: Avoid very early RET (git-fixes). - x86/entry: Do not call error_entry() for XENPV (git-fixes). - x86/entry: Move CLD to the start of the idtentry macro (git-fixes). - x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry() (git-fixes). - x86/entry: Switch the stack after error_entry() returns (git-fixes). - x86/fpu: Prevent FPU state corruption (git-fixes). - x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume (git-fixes). - x86/msi: Fix msi message data shadow struct (git-fixes). - x86/pci/xen: Disable PCI/MSI masking for XEN_HVM guests (git-fixes). - x86/traps: Use pt_regs directly in fixup_bad_iret() (git-fixes). - x86/tsx: Disable TSX development mode at boot (git-fixes). - x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 (git-fixes). - xhci: fix debugfs register accesses while suspended (git-fixes). ----------------------------------------- Patch: SUSE-2023-2240 Released: Wed May 17 19:56:54 2023 Summary: Recommended update for systemd Severity: moderate References: 1203141,1207410 Description: This update for systemd fixes the following issues: - udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410) - Optimize when hundred workers claim the same symlink with the same priority (bsc#1203141) - Add nss-resolve and systemd-network to Packagehub-Subpackages (MSC-626) ----------------------------------------- Patch: SUSE-2023-2256 Released: Fri May 19 15:26:43 2023 Summary: Security update for runc Severity: important References: 1200441 Description: This update of runc fixes the following issues: - rebuild the package with the go 19.9 secure release (bsc#1200441). ----------------------------------------- Patch: SUSE-2023-2276 Released: Wed May 24 07:54:42 2023 Summary: Recommended update for grub2 Severity: moderate References: 1204563,1208581 Description: This update for grub2 fixes the following issues: - grub2-once: Fix 'sh: terminal_output: command not found' error (bsc#1204563) - Fix PowerVS deployment fails to boot with 90 cores (bsc#1208581) ----------------------------------------- Patch: SUSE-2023-2279 Released: Wed May 24 07:57:53 2023 Summary: Recommended update for dracut Severity: moderate References: 1204478,1210640 Description: This update for dracut fixes the following issues: - Update to version 055+suse.342.g2e6dce8e: fips=1 and separate /boot break s390x (bsc#1204478): * fix(fips): move fips-boot script to pre-pivot * fix(fips): only unmount /boot if it was mounted by the fips module * feat(fips): add progress messages * fix(fips): do not blindly remove /boot * fix(network-legacy): handle do_dhcp calls without arguments (bsc#1210640) ----------------------------------------- Patch: SUSE-2023-2307 Released: Mon May 29 10:29:49 2023 Summary: Recommended update for kbd Severity: low References: 1210702 Description: This update for kbd fixes the following issue: - Add 'ara' vc keymap, 'ara' is slightly better than 'arabic' as it matches the name of its X11 layout counterpart. (bsc#1210702) ----------------------------------------- Patch: SUSE-2023-2317 Released: Tue May 30 14:01:22 2023 Summary: Recommended update for util-linux Severity: moderate References: 1210164 Description: This update for util-linux fixes the following issue: - Add upstream patch to prevent possible performance degradation of libuuid (bsc#1210164) ----------------------------------------- Patch: SUSE-2023-2324 Released: Tue May 30 15:52:17 2023 Summary: Security update for cni-plugins Severity: important References: 1200441 Description: This update of cni-plugins fixes the following issues: - rebuild the package with the go 1.19 security release (bsc#1200441). ----------------------------------------- Patch: SUSE-2023-2325 Released: Tue May 30 15:57:30 2023 Summary: Security update for cni Severity: important References: 1200441 Description: This update of cni fixes the following issues: - rebuild the package with the go 1.19 security release (bsc#1200441). ----------------------------------------- Patch: SUSE-2023-2333 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Severity: moderate References: 1210593 Description: This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) ----------------------------------------- Patch: SUSE-2023-2342 Released: Thu Jun 1 11:34:20 2023 Summary: Security update for openssl-1_1 Severity: important References: 1211430,CVE-2023-2650 Description: This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). ----------------------------------------- Patch: SUSE-2023-2438 Released: Wed Jun 7 07:33:01 2023 Summary: Recommended update for kernel-firmware Severity: moderate References: 1205811,1209601,1209681 Description: This update for kernel-firmware fixes the following issues: - Add firmware for QAT 4xxx (jsc#PED-3699, bsc#1209601) - Add iwlwifi-*-72 ucode (bsc#1209681) - Update constraints for 8GB (bsc#1205811) ----------------------------------------- Patch: SUSE-2023-2482 Released: Mon Jun 12 07:19:53 2023 Summary: Recommended update for systemd-rpm-macros Severity: moderate References: 1211272 Description: This update for systemd-rpm-macros fixes the following issues: - Adjust functions so they are disabled when called from a chroot (bsc#1211272) ----------------------------------------- Patch: SUSE-2023-2484 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Severity: moderate References: 1211795,CVE-2023-2953 Description: This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). ----------------------------------------- Patch: SUSE-2023-2527 Released: Fri Jun 16 19:04:57 2023 Summary: Recommended update for NetworkManager Severity: moderate References: Description: This update for NetworkManager fixes the following issues: - Create /etc/NetworkManager/conf.d by default, allowing easy override for NetworkManager.conf file with drop-in - Move default config file to /usr/lib/NetworkManager/NetworkManager.conf, as part of main package - Ensure /usr/lib/NetworkManager/conf.d is part of the package ----------------------------------------- Patch: SUSE-2023-2625 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Severity: moderate References: Description: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 ----------------------------------------- Patch: SUSE-2023-2648 Released: Tue Jun 27 09:52:35 2023 Summary: Security update for openssl-1_1 Severity: moderate References: 1201627,1207534,CVE-2022-4304 Description: This update for openssl-1_1 fixes the following issues: - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - Update further expiring certificates that affect the testsuite (bsc#1201627). ----------------------------------------- Patch: SUSE-2023-2657 Released: Tue Jun 27 14:43:57 2023 Summary: Recommended update for libcontainers-common Severity: moderate References: 1211124 Description: This update for libcontainers-common fixes the following issues: - New subpackage libcontainers-sles-mounts which adds SLE-specific mounts on SLE systems (bsc#1211124) - Own /etc/containers/systemd and /usr/share/containers/systemd for podman quadlet - Remove container-storage-driver.sh to default to the overlay driver instead of btrfs ----------------------------------------- Patch: SUSE-2023-2658 Released: Tue Jun 27 14:46:15 2023 Summary: Recommended update for containerd, docker, runc Severity: moderate References: 1207004,1208074,1210298,1211578 Description: This update for containerd, docker, runc fixes the following issues: - Update to containerd v1.6.21 (bsc#1211578) - Update to Docker 23.0.6-ce (bsc#1211578) - Update to runc v1.1.7 - Require a minimum Go version explicitly (bsc#1210298) - Re-unify packaging for SLE-12 and SLE-15 - Fix build on SLE-12 by switching back to libbtrfs-devel headers - Allow man pages to be built without internet access in OBS - Add apparmor-parser as a Recommends to make sure that most users will end up with it installed even if they are primarily running SELinux - Fix syntax of boolean dependency - Allow to install container-selinux instead of apparmor-parser - Change to using systemd-sysusers - Update runc.keyring to upstream version - Fix the inability to use `/dev/null` when inside a container (bsc#1207004) ----------------------------------------- Patch: SUSE-2023-2765 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Severity: moderate References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603 Description: This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). ----------------------------------------- Patch: SUSE-2023-2767 Released: Mon Jul 3 21:22:32 2023 Summary: Recommended update for dracut Severity: moderate References: 1212662 Description: This update for dracut fixes the following issues: - Update to version 055+suse.344.g3d5cd8fb - Continue parsing if ldd prints 'cannot execute binary file' (bsc#1212662) ----------------------------------------- Patch: SUSE-2023-2782 Released: Tue Jul 4 17:34:42 2023 Summary: Security update for the Linux Kernel Severity: important References: 1065729,1152472,1152489,1160435,1172073,1189998,1191731,1193629,1194869,1195655,1195921,1203906,1205650,1205756,1205758,1205760,1205762,1205803,1206024,1206578,1207553,1208050,1208410,1208600,1208604,1208758,1209039,1209287,1209288,1209367,1209856,1209982,1210165,1210294,1210449,1210450,1210498,1210533,1210551,1210647,1210741,1210775,1210783,1210791,1210806,1210940,1210947,1211037,1211043,1211044,1211089,1211105,1211113,1211131,1211205,1211263,1211280,1211281,1211299,1211346,1211387,1211410,1211414,1211449,1211465,1211519,1211564,1211590,1211592,1211686,1211687,1211688,1211689,1211690,1211691,1211692,1211693,1211714,1211796,1211804,1211807,1211808,1211847,1211852,1211855,1211960,1212129,1212154,1212155,1212158,1212350,1212448,1212494,1212504,1212513,1212540,1212561,1212563,1212564,1212584,1212592,CVE-2022-4269,CVE-2022-45884,CVE-2022-45885,CVE-2022-45886,CVE-2022-45887,CVE-2022-45919,CVE-2023-1077,CVE-2023-1079,CVE-2023-1249,CVE-2023-1380,CVE-2023-1382,CVE-2023-2002,CVE-2023-21102,CVE-2023-2124,CVE-2023-2156,CVE-2023-2162,CVE-2023-2269,CVE-2023-2483,CVE-2023-2513,CVE-2023-28410,CVE-2023-3006,CVE-2023-30456,CVE-2023-31084,CVE-2023-3141,CVE-2023-31436,CVE-2023-3161,CVE-2023-32233,CVE-2023-33288,CVE-2023-35788,CVE-2023-35823,CVE-2023-35828 Description: The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-35828: Fixed a use-after-free flaw inside renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c (bsc#1212513). - CVE-2023-35823: Fixed a use-after-free in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c (bsc#1212494). - CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212504). - CVE-2023-33288: Fixed a use-after-free in bq24190_remove in drivers/power/supply/bq24190_charger.c (bsc#1211590). - CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211043). - CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154). - CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940). - CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129). - CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb-core/dvb_frontend.c (bsc#1210783). - CVE-2023-30456: Fixed an issue in arch/x86/kvm/vmx/nested.c with nVMX on x86_64 lacks consistency checks for CR0 and CR4 (bsc#1210294). - CVE-2023-3006: Fixed a known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB, for the new hw AmpereOne (bsc#1211855). - CVE-2023-28410: Fixed improper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphics drivers that may have allowed an authenticated user to potentially enable escalation of privilege via local access (bsc#1211263). - CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105). - CVE-2023-2483: Fixed a use after free bug in emac_remove due caused by a race condition (bsc#1211037). - CVE-2023-2269: Fixed a denial-of-service problem due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c (bsc#1210806). - CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647). - CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131). - CVE-2023-2124: Fixed an out-of-bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498). - CVE-2023-21102: Fixed possible bypass of shadow stack protection in __efi_rt_asm_wrapper of efi-rt-wrapper.S (bsc#1212155). - CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210533). - CVE-2023-1382: Fixed denial of service in tipc_conn_close (bsc#1209288). - CVE-2023-1380: Fixed a slab-out-of-bound read problem in brcmf_get_assoc_ies() (bsc#1209287). - CVE-2023-1249: Fixed a use-after-free flaw inside the core dump subsystem, that could have been used to crash the system (bsc#1209039). - CVE-2023-1079: Fixed a use-after-free problem that could have been triggered in asus_kbd_backlight_set when plugging/disconnecting a malicious USB device (bsc#1208604). - CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600). - CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803). - CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762). - CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760). - CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758). - CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756). - CVE-2022-4269: Fixed a flaw was found inside the Traffic Control (TC) subsystem (bsc#1206024). The following non-security bugs were fixed: - 3c589_cs: Fix an error handling path in tc589_probe() (git-fixes). - ACPI: EC: Fix oops when removing custom query handlers (git-fixes). - ACPI: bus: Ensure that notify handlers are not running after removal (git-fixes). - ACPI: processor: Fix evaluating _PDC method when running as Xen dom0 (git-fixes). - ACPI: sleep: Avoid breaking S3 wakeup due to might_sleep() (git-fixes). - ACPI: tables: Add support for NBFT (bsc#1195921). - ACPICA: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in acpi_db_display_objects (git-fixes). - ACPICA: Avoid undefined behavior: applying zero offset to null pointer (git-fixes). - ALSA: caiaq: input: Add error handling for unsupported input methods in `snd_usb_caiaq_input_init` (git-fixes). - ALSA: cs46xx: mark snd_cs46xx_download_image as static (git-fixes). - ALSA: firewire-digi00x: prevent potential use after free (git-fixes). - ALSA: hda/ca0132: add quirk for EVGA X299 DARK (git-fixes). - ALSA: hda/realtek: Add Lenovo P3 Tower platform (git-fixes). - ALSA: hda/realtek: Add a quirk for Compaq N14JP6 (git-fixes). - ALSA: hda/realtek: Add a quirk for HP EliteDesk 805 (git-fixes). - ALSA: hda/realtek: Add a quirk for HP Slim Desktop S01 (git-fixes). - ALSA: hda/realtek: Add quirk for 2nd ASUS GU603 (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS UM3402YAR using CS35L41 (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo L140AU (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NS50AU (git-fixes). - ALSA: hda/realtek: Add quirk for HP EliteBook G10 laptops (git-fixes). - ALSA: hda/realtek: Add quirk for ThinkPad P1 Gen 6 (git-fixes). - ALSA: hda/realtek: Add quirks for Asus ROG 2024 laptops using CS35L41 (git-fixes). - ALSA: hda/realtek: Apply HP B&O top speaker profile to Pavilion 15 (git-fixes). - ALSA: hda/realtek: Enable 4 amplifiers instead of 2 on a HP platform (git-fixes). - ALSA: hda/realtek: Enable headset onLenovo M70/M90 (git-fixes). - ALSA: hda/realtek: Fix mute and micmute LEDs for an HP laptop (git-fixes). - ALSA: hda/realtek: Fix mute and micmute LEDs for yet another HP laptop (git-fixes). - ALSA: hda/realtek: support HP Pavilion Aero 13-be0xxx Mute LED (git-fixes). - ALSA: hda: Add NVIDIA codec IDs a3 through a7 to patch table (git-fixes). - ALSA: hda: Fix Oops by 9.1 surround channel names (git-fixes). - ALSA: hda: Fix unhandled register update during auto-suspend period (git-fixes). - ALSA: hda: Glenfly: add HD Audio PCI IDs and HDMI Codec Vendor IDs (git-fixes). - ALSA: oss: avoid missing-prototype warnings (git-fixes). - ALSA: usb-audio: Add a sample rate workaround for Line6 Pod Go (git-fixes). - ALSA: usb-audio: Add quirk flag for HEM devices to enable native DSD playback (git-fixes). - ALSA: usb-audio: Add quirk for Pioneer DDJ-800 (git-fixes). - ALSA: usb-audio: Fix broken resume due to UAC3 power state (git-fixes). - ARM64: dts: Add DTS files for bcmbca SoC BCM6858 (git-fixes). - ARM: 9295/1: unwind:fix unwind abort for uleb128 case (git-fixes) - ARM: 9296/1: HP Jornada 7XX: fix kernel-doc warnings (git-fixes). - ARM: cpu: Switch to arch_cpu_finalize_init() (bsc#1212448). - ARM: dts: qcom: ipq8064: Fix the PCI I/O port range (git-fixes). - ARM: dts: qcom: ipq8064: reduce pci IO size to 64K (git-fixes). - ARM: dts: vexpress: add missing cache properties (git-fixes). - ASOC: Intel: sof_sdw: add quirk for Intel 'Rooks County' NUC M15 (git-fixes). - ASoC: Intel: Skylake: Fix declaration of enum skl_ch_cfg (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Acer Iconia One 7 B1-750 (git-fixes). - ASoC: codecs: wsa881x: do not set can_multi_write flag (git-fixes). - ASoC: dwc: limit the number of overrun messages (git-fixes). - ASoC: dwc: move DMA init to snd_soc_dai_driver probe() (git-fixes). - ASoC: fsl_micfil: Fix error handler with pm_runtime_enable (git-fixes). - ASoC: lpass: Fix for KASAN use_after_free out of bounds (git-fixes). - ASoC: rt5682: Disable jack detection interrupt during suspend (git-fixes). - ASoC: soc-pcm: fix hw->formats cleared by soc_pcm_hw_init() for dpcm (git-fixes). - ASoC: soc-pcm: test if a BE can be prepared (git-fixes). - ASoC: ssm2602: Add workaround for playback distortions (git-fixes). - Add a bug reference to two existing drm-hyperv changes (bsc#1211281). - Also include kernel-docs build requirements for ALP - Avoid unsuported tar parameter on SLE12 - Bluetooth: Fix l2cap_disconnect_req deadlock (git-fixes). - Bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk (git-fixes). - Bluetooth: L2CAP: Add missing checks for invalid DCID (git-fixes). - Bluetooth: L2CAP: fix 'bad unlock balance' in l2cap_disconnect_rsp (git-fixes). - Bluetooth: btintel: Add LE States quirk support (git-fixes). - Bluetooth: hci_bcm: Fall back to getting bdaddr from EFI if not set (git-fixes). - Bluetooth: hci_qca: fix debugfs registration (git-fixes). - Documentation/filesystems: ramfs-rootfs-initramfs: use :Author: (git-fixes). - Documentation/filesystems: sharedsubtree: add section headings (git-fixes). - HID: google: add jewel USB id (git-fixes). - HID: logitech-hidpp: Do not use the USB serial for USB devices (git-fixes). - HID: logitech-hidpp: Reconcile USB and Unifying serials (git-fixes). - HID: microsoft: Add rumble support to latest xbox controllers (bsc#1211280). - HID: wacom: Add new Intuos Pro Small (PTH-460) device IDs (git-fixes). - HID: wacom: Force pen out of prox if no events have been received in a while (git-fixes). - HID: wacom: Set a default resolution for older tablets (git-fixes). - HID: wacom: add three styli to wacom_intuos_get_tool_type (git-fixes). - HID: wacom: avoid integer overflow in wacom_intuos_inout() (git-fixes). - HID: wacom: generic: Set battery quirk only when we see battery data (git-fixes). - IB/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order (git-fixes) - IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests (git-fixes) - IB/hifi1: add a null check of kzalloc_node in hfi1_ipoib_txreq_init (git-fixes) - IB/rdmavt: add missing locks in rvt_ruc_loopback (git-fixes) - Input: fix open count when closing inhibited device (git-fixes). - Input: psmouse - fix OOB access in Elantech protocol (git-fixes). - Input: xpad - add constants for GIP interface numbers (git-fixes). - Input: xpad - delete a Razer DeathAdder mouse VID/PID entry (git-fixes). - KEYS: asymmetric: Copy sig and digest in public_key_verify_signature() (git-fixes). - KVM: Destroy target device if coalesced MMIO unregistration fails (git-fixes) - KVM: Disallow user memslot with size that exceeds 'unsigned long' (git-fixes) - KVM: Do not create VM debugfs files outside of the VM directory (git-fixes) - KVM: Do not set Accessed/Dirty bits for ZERO_PAGE (git-fixes) - KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised (git-fixes). - KVM: Prevent module exit until all VMs are freed (git-fixes) - KVM: SVM: Do not rewrite guest ICR on AVIC IPI virtualization failure (git-fixes). - KVM: SVM: Fix benign 'bool vs. int' comparison in svm_set_cr0() (git-fixes). - KVM: SVM: Fix potential overflow in SEV's send|receive_update_data() (git-fixes). - KVM: SVM: Require logical ID to be power-of-2 for AVIC entry (git-fixes). - KVM: SVM: Skip WRMSR fastpath on VM-Exit if next RIP isn't valid (git-fixes). - KVM: SVM: hyper-v: placate modpost section mismatch error (git-fixes). - KVM: VMX: Introduce vmx_msr_bitmap_l01_changed() helper (git-fixes). - KVM: VMX: Resume guest immediately when injecting #GP on ECREATE (git-fixes). - KVM: VMX: Set vmcs.PENDING_DBG.BS on #DB in STI/MOVSS blocking shadow (git-fixes). - KVM: VMX: Use is_64_bit_mode() to check 64-bit mode in SGX handler (git-fixes). - KVM: X86: Fix tlb flush for tdp in kvm_invalidate_pcid() (git-fixes). - KVM: arm64: Do not arm a hrtimer for an already pending timer (git-fixes) - KVM: arm64: Do not hypercall before EL2 init (git-fixes) - KVM: arm64: Do not return from void function (git-fixes) - KVM: arm64: Fix PAR_TO_HPFAR() to work independently of PA_BITS. (git-fixes) - KVM: arm64: Fix S1PTW handling on RO memslots (git-fixes) - KVM: arm64: Fix bad dereference on MTE-enabled systems (git-fixes) - KVM: arm64: Fix buffer overflow in kvm_arm_set_fw_reg() (git-fixes) - KVM: arm64: Fix kvm init failure when mode!=vhe and VA_BITS=52. (git-fixes) - KVM: arm64: Free hypervisor allocations if vector slot init fails (git-fixes) - KVM: arm64: GICv4.1: Fix race with doorbell on VPE (git-fixes) - KVM: arm64: Limit length in kvm_vm_ioctl_mte_copy_tags() to INT_MAX (git-fixes) - KVM: arm64: PMU: Restore the guest's EL0 event counting after (git-fixes) - KVM: arm64: Propagate errors from __pkvm_prot_finalize hypercall (git-fixes) - KVM: arm64: Reject 32bit user PSTATE on asymmetric systems (git-fixes) - KVM: arm64: Save PSTATE early on exit (git-fixes) - KVM: arm64: Stop handle_exit() from handling HVC twice when an SError (git-fixes) - KVM: arm64: Treat PMCR_EL1.LC as RES1 on asymmetric systems (git-fixes) - KVM: arm64: nvhe: Eliminate kernel-doc warnings (git-fixes) - KVM: arm64: vgic: Fix exit condition in scan_its_table() (git-fixes) - KVM: arm64: vgic: Read HW interrupt pending state from the HW (git-fixes) - KVM: nVMX: Also filter MSR_IA32_VMX_TRUE_PINBASED_CTLS when eVMCS (git-fixes). - KVM: nVMX: Do not use Enlightened MSR Bitmap for L3 (git-fixes). - KVM: nVMX: Document that ignoring memory failures for VMCLEAR is deliberate (git-fixes). - KVM: nVMX: Emulate NOPs in L2, and PAUSE if it's not intercepted (git-fixes). - KVM: nVMX: Inject #GP, not #UD, if 'generic' VMXON CR0/CR4 check fails (git-fixes). - KVM: nVMX: Prioritize TSS T-flag #DBs over Monitor Trap Flag (git-fixes). - KVM: nVMX: Properly expose ENABLE_USR_WAIT_PAUSE control to L1 (git-fixes). - KVM: nVMX: Treat General Detect #DB (DR7.GD=1) as fault-like (git-fixes). - KVM: nVMX: eVMCS: Filter out VM_EXIT_SAVE_VMX_PREEMPTION_TIMER (git-fixes). - KVM: x86/emulator: Emulate RDPID only if it is enabled in guest (git-fixes). - KVM: x86/mmu: avoid NULL-pointer dereference on page freeing bugs (git-fixes). - KVM: x86/pmu: Ignore pmu->global_ctrl check if vPMU does not support global_ctrl (git-fixes). - KVM: x86/svm: add __GFP_ACCOUNT to __sev_dbg_{en,de}crypt_user() (git-fixes). - KVM: x86/vmx: Do not skip segment attributes if unusable bit is set (git-fixes). - KVM: x86/xen: Fix memory leak in kvm_xen_write_hypercall_page() (git-fixes). - KVM: x86: Copy filter arg outside kvm_vm_ioctl_set_msr_filter() (git-fixes). - KVM: x86: Do not change ICR on write to APIC_SELF_IPI (git-fixes). - KVM: x86: Fail emulation during EMULTYPE_SKIP on any exception (git-fixes). - KVM: x86: Inject #GP if WRMSR sets reserved bits in APIC Self-IPI (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.8000001FH (git-fixes). - KVM: x86: Mask off unsupported and unknown bits of IA32_ARCH_CAPABILITIES (git-fixes). - KVM: x86: Protect the unused bits in MSR exiting flags (git-fixes). - KVM: x86: Remove a redundant guest cpuid check in kvm_set_cr4() (git-fixes). - KVM: x86: Report deprecated x87 features in supported CPUID (git-fixes). - KVM: x86: do not set st->preempted when going back to user space (git-fixes). - KVM: x86: fix typo in __try_cmpxchg_user causing non-atomicness (git-fixes). - KVM: x86: ioapic: Fix level-triggered EOI and userspace I/OAPIC reconfigure race (git-fixes). - PCI/ASPM: Remove pcie_aspm_pm_state_change() (git-fixes). - PM: hibernate: Do not get block device exclusively in test_resume mode (git-fixes). - PM: hibernate: Turn snapshot_test into global variable (git-fixes). - PM: hibernate: fix load_image_and_restore() error path (git-fixes). - RDMA/bnxt_re: Fix a possible memory leak (git-fixes) - RDMA/bnxt_re: Fix return value of bnxt_re_process_raw_qp_pkt_rx (git-fixes) - RDMA/bnxt_re: Fix the page_size used during the MR creation (git-fixes) - RDMA/cm: Trace icm_send_rej event before the cm state is reset (git-fixes) - RDMA/core: Fix multiple -Warray-bounds warnings (git-fixes) - RDMA/efa: Fix unsupported page sizes in device (git-fixes) - RDMA/hns: Fix base address table allocation (git-fixes) - RDMA/hns: Fix timeout attr in query qp for HIP08 (git-fixes) - RDMA/hns: Modify the value of long message loopback slice (git-fixes) - RDMA/irdma: Add SW mechanism to generate completions on error (jsc#SLE-18383). - RDMA/irdma: Do not generate SW completions for NOPs (jsc#SLE-18383). - RDMA/irdma: Fix Local Invalidate fencing (git-fixes) - RDMA/irdma: Fix RQ completion opcode (jsc#SLE-18383). - RDMA/irdma: Fix drain SQ hang with no completion (jsc#SLE-18383). - RDMA/irdma: Fix inline for multiple SGE's (jsc#SLE-18383). - RDMA/irdma: Prevent QP use after free (git-fixes) - RDMA/irdma: Remove enum irdma_status_code (jsc#SLE-18383). - RDMA/irdma: Remove excess error variables (jsc#SLE-18383). - RDMA/mana: Remove redefinition of basic u64 type (bsc#1210741 jsc#PED-4022). - RDMA/mana: hide new rdma_driver_ids (bsc#1210741 jsc#PED-4022). - RDMA/mana_ib: Add a driver for Microsoft Azure Network Adapter (bsc#1210741 jsc#PED-4022). - RDMA/mana_ib: Fix a bug when the PF indicates more entries for registering memory on first packet (bsc#1210741 jsc#PED-4022). - RDMA/mana_ib: Prevent array underflow in mana_ib_create_qp_raw() (bsc#1210741 jsc#PED-4022). - RDMA/mlx4: Prevent shift wrapping in set_user_sq_size() (jsc#SLE-19255). - RDMA/mlx5: Fix flow counter query via DEVX (git-fixes) - RDMA/mlx5: Use correct device num_ports when modify DC (git-fixes) - RDMA/rdmavt: Delete unnecessary NULL check (git-fixes) - RDMA/rtrs-clt: Replace list_next_or_null_rr_rcu with an inline function (git-fixes) - RDMA/rtrs-srv: Pass the correct number of entries for dma mapped SGL (git-fixes) - RDMA/rxe: Fix the error 'trying to register non-static key in rxe_cleanup_task' (git-fixes) - RDMA/rxe: Remove tasklet call from rxe_cq.c (git-fixes) - RDMA/siw: Fix potential page_array out of range access (git-fixes) - RDMA/siw: Remove namespace check from siw_netdev_event() (git-fixes) - RDMA/srpt: Add a check for valid 'mad_agent' pointer (git-fixes) - Remove orphaned CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT (bsc#1189998 git-fixes). - Revert 'KVM: set owner of cpu and vm file operations' (git-fixes) - SMB3.1.1: add new tree connect ShareFlags (bsc#1193629). - SMB3: Add missing locks to protect deferred close file list (git-fixes). - SMB3: Close all deferred handles of inode in case of handle lease break (bsc#1193629). - SMB3: Close deferred file handles in case of handle lease break (bsc#1193629). - SMB3: drop reference to cfile before sending oplock break (bsc#1193629). - SMB3: force unmount was failing to close deferred close files (bsc#1193629). - SUNRPC: Clean up svc_deferred_class trace events (git-fixes). - SUNRPC: fix breakage caused by introduction of rq_xprt_ctxt (bsc#1210775). - Squashfs: fix handling and sanity checking of xattr_ids count (git-fixes). - Trim obsolete KMP list. SLE11 is out of support, we do not need to handle upgrading from SLE11 SP1. - USB / dwc3: Fix a checkpatch warning in core.c (git-fixes). - USB: UHCI: adjust zhaoxin UHCI controllers OverCurrent bit value (git-fixes). - USB: core: Add routines for endpoint checks in old drivers (git-fixes). - USB: dwc3: fix use-after-free on core driver unbind (git-fixes). - USB: dwc3: qcom: fix NULL-deref on suspend (git-fixes). - USB: serial: option: add Quectel EM061KGL series (git-fixes). - USB: sisusbvga: Add endpoint checks (git-fixes). - USB: usbtmc: Fix direction for 0-length ioctl control messages (git-fixes). - affs: initialize fsdata in affs_truncate() (git-fixes). - apparmor: add a kernel label to use on kernel objects (bsc#1211113). - arm64: Always load shadow stack pointer directly from the task struct (git-fixes) - arm64: Stash shadow stack pointer in the task struct on interrupt (git-fixes) - arm64: dts: Add DTS files for bcmbca SoC BCM4912 (git-fixes). - arm64: dts: Add DTS files for bcmbca SoC BCM63158 (git-fixes). - arm64: dts: Add base DTS file for bcmbca device Asus GT-AX6000 (git-fixes). - arm64: dts: broadcom: bcm4908: add DT for Netgear RAXE500 (git-fixes). - arm64: dts: imx8-ss-dma: assign default clock rate for lpuarts (git-fixes). - arm64: dts: imx8mn-beacon: Fix SPI CS pinmux (git-fixes). - arm64: dts: imx8qm-mek: correct GPIOs for USDHC2 CD and WP signals (git-fixes). - arm64: dts: qcom: msm8996: Add missing DWC3 quirks (git-fixes). - arm64: dts: qcom: sc7180-lite: Fix SDRAM freq for misidentified sc7180-lite boards (git-fixes). - arm64: errata: add detection for AMEVCNTR01 incrementing incorrectly (git-fixes). - arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes) - arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes). - asm-generic/io.h: suppress endianness warnings for readq() and writeq() (git-fixes). - ata: libata-scsi: Use correct device no in ata_find_dev() (git-fixes). - ata: pata_octeon_cf: drop kernel-doc notation (git-fixes). - ath6kl: Use struct_group() to avoid size-mismatched casting (git-fixes). - batman-adv: Broken sync while rescheduling delayed work (git-fixes). - block: add a bdev_max_zone_append_sectors helper (git-fixes). - bluetooth: Add cmd validity checks at the start of hci_sock_ioctl() (git-fixes). - bnxt: Do not read past the end of test names (jsc#SLE-18978). - bnxt: prevent skb UAF after handing over to PTP worker (jsc#SLE-18978). - bnxt_en: Add missing 200G link speed reporting (jsc#SLE-18978). - bnxt_en: Avoid order-5 memory allocation for TPA data (jsc#SLE-18978). - bnxt_en: Do not initialize PTP on older P3/P4 chips (jsc#SLE-18978). - bnxt_en: Do not issue AP reset during ethtool's reset operation (git-fixes). - bnxt_en: Fix mqprio and XDP ring checking logic (jsc#SLE-18978). - bnxt_en: Fix reporting of test result in ethtool selftest (jsc#SLE-18978). - bnxt_en: Fix typo in PCI id to device description string mapping (jsc#SLE-18978). - bnxt_en: Implement .set_port / .unset_port UDP tunnel callbacks (git-fixes). - bnxt_en: Query default VLAN before VNIC setup on a VF (git-fixes). - bnxt_en: Skip firmware fatal error recovery if chip is not accessible (git-fixes). - bnxt_en: fix NQ resource accounting during vf creation on 57500 chips (jsc#SLE-18978). - bnxt_en: set missing reload flag in devlink features (jsc#SLE-18978). - bpf, arm64: Call build_prologue() first in first JIT pass (git-fixes) - bpf, arm64: Clear prog->jited_len along prog->jited (git-fixes) - bpf, arm64: Feed byte-offset into bpf line info (git-fixes) - bpf, arm64: Use emit_addr_mov_i64() for BPF_PSEUDO_FUNC (git-fixes) - bpf: Add extra path pointer check to d_path helper (git-fixes). - bpf: Fix UAF in task local storage (bsc#1212564). - can: isotp: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes). - can: j1939: avoid possible use-after-free when j1939_can_rx_register fails (git-fixes). - can: j1939: change j1939_netdev_lock type to mutex (git-fixes). - can: j1939: j1939_sk_send_loop_abort(): improved error queue handling in J1939 Socket (git-fixes). - can: j1939: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes). - can: kvaser_pciefd: Call request_irq() before enabling interrupts (git-fixes). - can: kvaser_pciefd: Clear listen-only bit if not explicitly requested (git-fixes). - can: kvaser_pciefd: Disable interrupts in probe error path (git-fixes). - can: kvaser_pciefd: Do not send EFLUSH command on TFD interrupt (git-fixes). - can: kvaser_pciefd: Empty SRB buffer in probe (git-fixes). - can: kvaser_pciefd: Set CAN_STATE_STOPPED in kvaser_pciefd_stop() (git-fixes). - can: kvaser_usb: Add struct kvaser_usb_busparams (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: Get capabilities from device (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: Handle CMD_ERROR_EVENT (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: Rename {leaf,usbcan}_cmd_error_event to {leaf,usbcan}_cmd_can_error_event (git-fixes). - can: kvaser_usb_leaf: Fix overread with an invalid command (git-fixes). - cassini: Fix a memory leak in the error handling path of cas_init_one() (git-fixes). - ceph: fix use-after-free bug for inodes when flushing capsnaps (bsc#1212540). - ceph: force updating the msg pointer in non-split case (bsc#1211804). - cgroup.c: add helper __cset_cgroup_from_root to cleanup duplicated codes (bsc#1203906). - cgroup: Homogenize cgroup_get_from_id() return value (bsc#1205650). - cgroup: Honor caller's cgroup NS when resolving path (bsc#1205650). - cgroup: Make cgroup_get_from_id() prettier (bsc#1205650). - cgroup: Reorganize css_set_lock and kernfs path processing (bsc#1205650). - cgroup: Use cgroup_attach_{lock,unlock}() from cgroup_attach_task_all() (bsc#1212563). - cgroup: always put cset in cgroup_css_set_put_fork (bsc#1212561). - cgroup: cgroup: Honor caller's cgroup NS when resolving cgroup id (bsc#1205650). - cgroup: fix missing cpus_read_{lock,unlock}() in cgroup_transfer_tasks() (bsc#1212563). - cgroup: reduce dependency on cgroup_mutex (bsc#1205650). - cifs: Avoid a cast in add_lease_context() (bsc#1193629). - cifs: Simplify SMB2_open_init() (bsc#1193629). - cifs: Simplify SMB2_open_init() (bsc#1193629). - cifs: Simplify SMB2_open_init() (bsc#1193629). - cifs: avoid dup prefix path in dfs_get_automount_devname() (git-fixes). - cifs: avoid potential races when handling multiple dfs tcons (bsc#1208758). - cifs: fix pcchunk length type in smb2_copychunk_range (bsc#1193629). - cifs: fix potential race when tree connecting ipc (bsc#1208758). - cifs: fix potential use-after-free bugs in TCP_Server_Info::hostname (bsc#1208758). - cifs: fix sharing of DFS connections (bsc#1208758). - cifs: fix smb1 mount regression (bsc#1193629). - cifs: mapchars mount option ignored (bsc#1193629). - cifs: missing lock when updating session status (bsc#1193629). - cifs: print smb3_fs_context::source when mounting (bsc#1193629). - cifs: protect access of TCP_Server_Info::{origin,leaf}_fullpath (bsc#1208758). - cifs: protect session status check in smb2_reconnect() (bsc#1208758). - cifs: release leases for deferred close handles when freezing (bsc#1193629). - cifs: sanitize paths in cifs_update_super_prepath (git-fixes). - cifs: update internal module version number for cifs.ko (bsc#1193629). - clk: qcom: gcc-sm8350: fix PCIe PIPE clocks handling (git-fixes). - clk: qcom: regmap: add PHY clock source implementation (git-fixes). - clk: tegra20: fix gcc-7 constant overflow warning (git-fixes). - configfs: fix possible memory leak in configfs_create_dir() (git-fixes). - crypto: acomp - define max size for destination (jsc#PED-3692) - crypto: drivers - move from strlcpy with unused retval to (jsc#PED-3692) - crypto: qat - Fix unsigned function returning negative (jsc#PED-3692) - crypto: qat - Removes the x86 dependency on the QAT drivers (jsc#PED-3692) - crypto: qat - abstract PFVF messages with struct pfvf_message (jsc#PED-3692) - crypto: qat - abstract PFVF receive logic (jsc#PED-3692) - crypto: qat - abstract PFVF send function (jsc#PED-3692) - crypto: qat - add PFVF support to enable the reset of ring (jsc#PED-3692) - crypto: qat - add PFVF support to the GEN4 host driver (jsc#PED-3692) - crypto: qat - add VF and PF wrappers to common send function (jsc#PED-3692) - crypto: qat - add backlog mechanism (jsc#PED-3692) - crypto: qat - add check for invalid PFVF protocol version 0 (jsc#PED-3692) - crypto: qat - add check to validate firmware images (jsc#PED-3692) - crypto: qat - add limit to linked list parsing (jsc#PED-3692) - crypto: qat - add misc workqueue (jsc#PED-3692) - crypto: qat - add missing restarting event notification in (jsc#PED-3692) - crypto: qat - add param check for DH (jsc#PED-3692) - crypto: qat - add param check for RSA (jsc#PED-3692) - crypto: qat - add pfvf_ops (jsc#PED-3692) - crypto: qat - add resubmit logic for decompression (jsc#PED-3692) - crypto: qat - add support for 401xx devices (jsc#PED-3692) - crypto: qat - add support for compression for 4xxx (jsc#PED-3692) - crypto: qat - add the adf_get_pmisc_base() helper function (jsc#PED-3692) - crypto: qat - allow detection of dc capabilities for 4xxx (jsc#PED-3692) - crypto: qat - change PFVF ACK behaviour (jsc#PED-3692) - crypto: qat - change behaviour of (jsc#PED-3692) - crypto: qat - change bufferlist logic interface (jsc#PED-3692) - crypto: qat - config VFs based on ring-to-svc mapping (jsc#PED-3692) - crypto: qat - differentiate between pf2vf and vf2pf offset (jsc#PED-3692) - crypto: qat - disable AER if an error occurs in probe (jsc#PED-3692) - crypto: qat - do not handle PFVF sources for qat_4xxx (jsc#PED-3692) - crypto: qat - do not rely on min version (jsc#PED-3692) - crypto: qat - enable deflate for QAT GEN4 (jsc#PED-3692) - crypto: qat - enable power management for QAT GEN4 (jsc#PED-3692) - crypto: qat - exchange device capabilities over PFVF (jsc#PED-3692) - crypto: qat - exchange ring-to-service mappings over PFVF (jsc#PED-3692) - crypto: qat - expose deflate through acomp api for QAT GEN2 (jsc#PED-3692) - crypto: qat - expose device config through sysfs for 4xxx (jsc#PED-3692) - crypto: qat - expose device state through sysfs for 4xxx (jsc#PED-3692) - crypto: qat - extend buffer list interface (jsc#PED-3692) - crypto: qat - extend crypto capability detection for 4xxx (jsc#PED-3692) - crypto: qat - extract send and wait from (jsc#PED-3692) - crypto: qat - fix DMA transfer direction (jsc#PED-3692) - crypto: qat - fix ETR sources enabled by default on GEN2 (jsc#PED-3692) - crypto: qat - fix VF IDs in PFVF log messages (jsc#PED-3692) - crypto: qat - fix a signedness bug in get_service_enabled() (jsc#PED-3692) - crypto: qat - fix a typo in a comment (jsc#PED-3692) - crypto: qat - fix access to PFVF interrupt registers for GEN4 (jsc#PED-3692) - crypto: qat - fix definition of ring reset results (jsc#PED-3692) - crypto: qat - fix error return code in adf_probe (jsc#PED-3692) - crypto: qat - fix handling of VF to PF interrupts (jsc#PED-3692) - crypto: qat - fix initialization of pfvf cap_msg structures (jsc#PED-3692) - crypto: qat - fix initialization of pfvf rts_map_msg (jsc#PED-3692) - crypto: qat - fix off-by-one error in PFVF debug print (jsc#PED-3692) - crypto: qat - fix wording and formatting in code comment (jsc#PED-3692) - crypto: qat - flush vf workqueue at driver removal (jsc#PED-3692) - crypto: qat - free irq in case of failure (jsc#PED-3692) - crypto: qat - free irqs only if allocated (jsc#PED-3692) - crypto: qat - generalize crypto request buffers (jsc#PED-3692) - crypto: qat - get compression extended capabilities (jsc#PED-3692) - crypto: qat - handle retries due to collisions in (jsc#PED-3692) - crypto: qat - honor CRYPTO_TFM_REQ_MAY_SLEEP flag (jsc#PED-3692) - crypto: qat - improve logging of PFVF messages (jsc#PED-3692) - crypto: qat - improve the ACK timings in PFVF send (jsc#PED-3692) - crypto: qat - introduce support for PFVF block messages (jsc#PED-3692) - crypto: qat - leverage bitfield.h utils for PFVF messages (jsc#PED-3692) - crypto: qat - leverage read_poll_timeout in PFVF send (jsc#PED-3692) - crypto: qat - leverage the GEN2 VF mask definiton (jsc#PED-3692) - crypto: qat - make PFVF message construction direction (jsc#PED-3692) - crypto: qat - make PFVF send and receive direction agnostic (jsc#PED-3692) - crypto: qat - move VF message handler to adf_vf2pf_msg.c (jsc#PED-3692) - crypto: qat - move and rename GEN4 error register definitions (jsc#PED-3692) - crypto: qat - move interrupt code out of the PFVF handler (jsc#PED-3692) - crypto: qat - move pfvf collision detection values (jsc#PED-3692) - crypto: qat - move vf2pf interrupt helpers (jsc#PED-3692) - crypto: qat - pass the PF2VF responses back to the callers (jsc#PED-3692) - crypto: qat - prevent spurious MSI interrupt in VF (jsc#PED-3692) - crypto: qat - re-enable interrupts for legacy PFVF messages (jsc#PED-3692) - crypto: qat - re-enable registration of algorithms (jsc#PED-3692) - crypto: qat - refactor PF top half for PFVF (jsc#PED-3692) - crypto: qat - refactor pfvf version request messages (jsc#PED-3692) - crypto: qat - refactor submission logic (jsc#PED-3692) - crypto: qat - relocate PFVF PF related logic (jsc#PED-3692) - crypto: qat - relocate PFVF VF related logic (jsc#PED-3692) - crypto: qat - relocate PFVF disabled function (jsc#PED-3692) - crypto: qat - relocate and rename adf_sriov_prepare_restart() (jsc#PED-3692) - crypto: qat - relocate backlog related structures (jsc#PED-3692) - crypto: qat - relocate bufferlist logic (jsc#PED-3692) - crypto: qat - relocate qat_algs_alloc_flags() (jsc#PED-3692) - crypto: qat - remove duplicated logic across GEN2 drivers (jsc#PED-3692) - crypto: qat - remove empty sriov_configure() (jsc#PED-3692) - crypto: qat - remove line wrapping for pfvf_ops functions (jsc#PED-3692) - crypto: qat - remove the unnecessary get_vintmsk_offset() (jsc#PED-3692) - crypto: qat - remove unmatched CPU affinity to cluster IRQ (jsc#PED-3692) - crypto: qat - remove unnecessary tests to detect PFVF support (jsc#PED-3692) - crypto: qat - remove unneeded assignment (jsc#PED-3692) - crypto: qat - remove unneeded braces (jsc#PED-3692) - crypto: qat - remove unneeded packed attribute (jsc#PED-3692) - crypto: qat - remove unused PFVF stubs (jsc#PED-3692) - crypto: qat - rename and relocate GEN2 config function (jsc#PED-3692) - crypto: qat - rename bufferlist functions (jsc#PED-3692) - crypto: qat - rename pfvf collision constants (jsc#PED-3692) - crypto: qat - reorganize PFVF code (jsc#PED-3692) - crypto: qat - reorganize PFVF protocol definitions (jsc#PED-3692) - crypto: qat - replace deprecated MSI API (jsc#PED-3692) - crypto: qat - replace disable_vf2pf_interrupts() (jsc#PED-3692) - crypto: qat - replace get_current_node() with numa_node_id() (jsc#PED-3692) - crypto: qat - rework the VF2PF interrupt handling logic (jsc#PED-3692) - crypto: qat - set CIPHER capability for QAT GEN2 (jsc#PED-3692) - crypto: qat - set COMPRESSION capability for DH895XCC (jsc#PED-3692) - crypto: qat - set COMPRESSION capability for QAT GEN2 (jsc#PED-3692) - crypto: qat - set DMA mask to 48 bits for Gen2 (jsc#PED-3692) - crypto: qat - set PFVF_MSGORIGIN just before sending (jsc#PED-3692) - crypto: qat - share adf_enable_pf2vf_comms() from (jsc#PED-3692) - crypto: qat - simplify adf_enable_aer() (jsc#PED-3692) - crypto: qat - simplify code and axe the use of a deprecated (jsc#PED-3692) - crypto: qat - split PFVF message decoding from handling (jsc#PED-3692) - crypto: qat - stop using iommu_present() (jsc#PED-3692) - crypto: qat - store the PFVF protocol version of the (jsc#PED-3692) - crypto: qat - store the ring-to-service mapping (jsc#PED-3692) - crypto: qat - support fast ACKs in the PFVF protocol (jsc#PED-3692) - crypto: qat - support the reset of ring pairs on PF (jsc#PED-3692) - crypto: qat - test PFVF registers for spurious interrupts on (jsc#PED-3692) - crypto: qat - use enums for PFVF protocol codes (jsc#PED-3692) - crypto: qat - use hweight for bit counting (jsc#PED-3692) - crypto: qat - use pre-allocated buffers in datapath (jsc#PED-3692) - crypto: qat - use reference to structure in dma_map_single() (jsc#PED-3692) - crypto: qat - use u32 variables in all GEN4 pfvf_ops (jsc#PED-3692) - crypto: sun8i-ss - Fix a test in sun8i_ss_setup_ivs() (git-fixes). - cxgb4: fix missing unlock on ETHOFLD desc collect fail path (jsc#SLE-18992). - debugfs: fix error when writing negative value to atomic_t debugfs file (git-fixes). - dma: gpi: remove spurious unlock in gpi_ch_init (git-fixes). - dmaengine: at_xdmac: Move the free desc to the tail of the desc list (git-fixes). - dmaengine: at_xdmac: do not enable all cyclic channels (git-fixes). - dmaengine: at_xdmac: fix potential Oops in at_xdmac_prep_interleaved() (git-fixes). - dmaengine: dw-edma: Fix to change for continuous transfer (git-fixes). - dmaengine: dw-edma: Fix to enable to issue dma request on DMA processing (git-fixes). - dmaengine: idxd: Do not enable user type Work Queue without Shared Virtual Addressing (git-fixes). - dmaengine: idxd: Only call idxd_enable_system_pasid() if succeeded in enabling SVA feature (git-fixes). - dmaengine: idxd: Separate user and kernel pasid enabling (git-fixes). - dmaengine: mv_xor_v2: Fix an error code (git-fixes). - dmaengine: pl330: rename _start to prevent build error (git-fixes). - do not reuse connection if share marked as isolated (bsc#1193629). - docs: networking: fix x25-iface.rst heading & index order (git-fixes). - drivers: base: component: fix memory leak with using debugfs_lookup() (git-fixes). - drivers: base: dd: fix memory leak with using debugfs_lookup() (git-fixes). - drm/amd/display: Fix hang when skipping modeset (git-fixes). - drm/amd/display: Use DC_LOG_DC in the trasform pixel function (git-fixes). - drm/amd/display: edp do not add non-edid timings (git-fixes). - drm/amd/display: fix flickering caused by S/G mode (git-fixes). - drm/amd/pm: Fix power context allocation in SMU13 (git-fixes). - drm/amd/pm: reverse mclk and fclk clocks levels for renoir (git-fixes). - drm/amd/pm: reverse mclk and fclk clocks levels for vangogh (git-fixes). - drm/amd/pm: reverse mclk and fclk clocks levels for yellow carp (git-fixes). - drm/amd: Fix an out of bounds error in BIOS parser (git-fixes). - drm/amdgpu/gfx: disable gfx9 cp_ecc_error_irq only when enabling legacy gfx ras (git-fixes). - drm/amdgpu: Fix vram recover does not work after whole GPU reset (v2) (git-fixes). - drm/amdgpu: Use the default reset when loading or reloading the driver (git-fixes). - drm/amdgpu: add a missing lock for AMDGPU_SCHED (git-fixes). - drm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled in suspend (git-fixes). - drm/amdgpu: fix xclk freq on CHIP_STONEY (git-fixes). - drm/amdgpu: release gpu full access after 'amdgpu_device_ip_late_init' (git-fixes). - drm/amdgpu: skip disabling fence driver src_irqs when device is unplugged (git-fixes). - drm/amdgpu: update drm_display_info correctly when the edid is read (git-fixes). - drm/ast: Fix ARM compatibility (git-fixes). - drm/displayid: add displayid_get_header() and check bounds better (git-fixes). - drm/exynos: fix g2d_open/close helper function definitions (git-fixes). - drm/i915/dg2: Add HDMI pixel clock frequencies 267.30 and 319.89 MHz (git-fixes). - drm/i915/dg2: Add additional HDMI pixel clock frequencies (git-fixes). - drm/i915/dg2: Support 4k@30 on HDMI (git-fixes). - drm/i915/dp: prevent potential div-by-zero (git-fixes). - drm/i915/gt: Use the correct error value when kernel_context() fails (git-fixes). - drm/i915/selftests: Add some missing error propagation (git-fixes). - drm/i915/selftests: Increase timeout for live_parallel_switch (git-fixes). - drm/i915/selftests: Stop using kthread_stop() (git-fixes). - drm/i915: Explain the magic numbers for AUX SYNC/precharge length (git-fixes). - drm/i915: Use 18 fast wake AUX sync len (git-fixes). - drm/mipi-dsi: Set the fwnode for mipi_dsi_device (git-fixes). - drm/msm/dp: Clean up handling of DP AUX interrupts (git-fixes). - drm/msm/dp: unregister audio driver during unbind (git-fixes). - drm/msm/dpu: Add INTF_5 interrupts (git-fixes). - drm/msm/dpu: Move non-MDP_TOP INTF_INTR offsets out of hwio header (git-fixes). - drm/msm/dpu: Remove duplicate register defines from INTF (git-fixes). - drm/msm: Be more shouty if per-process pgtables are not working (git-fixes). - drm/msm: Set max segment size earlier (git-fixes). - drm/nouveau/dp: check for NULL nv_connector->native_mode (git-fixes). - drm/nouveau: add nv_encoder pointer check for NULL (git-fixes). - drm/nouveau: do not detect DSM for non-NVIDIA device (git-fixes). - drm/sched: Remove redundant check (git-fixes). - drm/tegra: Avoid potential 32-bit integer overflow (git-fixes). - drm/ttm/pool: Fix ttm_pool_alloc error path (git-fixes). - drm/ttm: optimize pool allocations a bit v2 (git-fixes). - drm:amd:amdgpu: Fix missing buffer object unlock in failure path (git-fixes). - dt-binding: cdns,usb3: Fix cdns,on-chip-buff-size type (git-fixes). - dt-bindings: ata: ahci-ceva: Cover all 4 iommus entries (git-fixes). - dt-bindings: ata: ahci-ceva: convert to yaml (git-fixes). - dt-bindings: i3c: silvaco,i3c-master: fix missing schema restriction (git-fixes). - dt-bindings: iio: adc: renesas,rcar-gyroadc: Fix adi,ad7476 compatible value (git-fixes). - dt-bindings: usb: snps,dwc3: Fix 'snps,hsphy_interface' type (git-fixes). - eeprom: at24: also select REGMAP (git-fixes). - ext4: unconditionally enable the i_version counter (bsc#1211299). - f2fs: Fix f2fs_truncate_partial_nodes ftrace event (git-fixes). - fbcon: Fix null-ptr-deref in soft_cursor (git-fixes). - fbdev: Prevent possible use-after-free in fb_release() (bsc#1152472). - fbdev: arcfb: Fix error handling in arcfb_probe() (git-fixes). - fbdev: ep93xx-fb: Add missing clk_disable_unprepare in ep93xxfb_probe() (git-fixes). - fbdev: fbcon: Destroy mutex on freeing struct fb_info (bsc#1152489) - fbdev: imsttfb: Fix use after free bug in imsttfb_probe (git-fixes bsc#1211387). - fbdev: modedb: Add 1920x1080 at 60 Hz video mode (git-fixes). - fbdev: stifb: Fall back to cfb_fillrect() on 32-bit HCRX cards (git-fixes). - fbdev: stifb: Fix info entry in sti_struct on error path (git-fixes). - fbdev: udlfb: Fix endpoint check (git-fixes). - firmware: arm_ffa: Check if ffa_driver remove is present before executing (git-fixes). - firmware: arm_ffa: Set handle field to zero in memory descriptor (git-fixes). - firmware: arm_ffa: Set reserved/MBZ fields to zero in the memory descriptors (git-fixes). - fs/jfs: fix shift exponent db_agl2size negative (git-fixes). - fs: hfsplus: fix UAF issue in hfsplus_put_super (git-fixes). - fs: jfs: fix possible NULL pointer dereference in dbFree() (git-fixes). - fs: jfs: fix shift-out-of-bounds in dbAllocAG (git-fixes). - fs: jfs: fix shift-out-of-bounds in dbDiscardAG (git-fixes). - fs: sysv: Fix sysv_nblocks() returns wrong value (git-fixes). - fuse: always revalidate rename target dentry (bsc#1211808). - fuse: fix attr version comparison in fuse_read_update_size() (bsc#1211807). - futex: Resend potentially swallowed owner death notification (git-fixes). - google/gve:fix repeated words in comments (bsc#1211519). - gpio: mockup: Fix mode of debugfs files (git-fixes). - gve: Adding a new AdminQ command to verify driver (bsc#1211519). - gve: Cache link_speed value from device (git-fixes). - gve: Fix error return code in gve_prefill_rx_pages() (bsc#1211519). - gve: Fix spelling mistake 'droping' -> 'dropping' (bsc#1211519). - gve: Handle alternate miss completions (bsc#1211519). - gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519). - gve: Remove the code of clearing PBA bit (git-fixes). - gve: Secure enough bytes in the first TX desc for all TCP pkts (git-fixes). - gve: enhance no queue page list detection (bsc#1211519). - hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling (git-fixes). - hfs/hfsplus: use WARN_ON for sanity check (git-fixes). - hfs: Fix OOB Write in hfs_asc2mac (git-fixes). - hfs: fix OOB Read in __hfs_brec_find (git-fixes). - hfs: fix missing hfs_bnode_get() in __hfs_bnode_create (git-fixes). - hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount (git-fixes). - i2c: mv64xxx: Fix reading invalid status value in atomic mode (git-fixes). - i2c: omap: Fix standard mode false ACK readings (git-fixes). - i2c: sprd: Delete i2c adapter in .remove's error path (git-fixes). - i2c: tegra: Fix PEC support for SMBUS block read (git-fixes). - i40e: Add checking for null for nlmsg_find_attr() (jsc#SLE-18378). - i40e: Fix ADQ rate limiting for PF (jsc#SLE-18378). - i40e: Fix DMA mappings leak (jsc#SLE-18378). - i40e: Fix VF hang when reset is triggered on another VF (jsc#SLE-18378). - i40e: Fix VF set max MTU size (jsc#SLE-18378). - i40e: Fix VF's MAC Address change on VM (jsc#SLE-18378). - i40e: Fix adding ADQ filter to TC0 (jsc#SLE-18378). - i40e: Fix calculating the number of queue pairs (jsc#SLE-18378). - i40e: Fix erroneous adapter reinitialization during recovery process (jsc#SLE-18378). - i40e: Fix ethtool rx-flow-hash setting for X722 (jsc#SLE-18378). - i40e: Fix flow-type by setting GL_HASH_INSET registers (jsc#SLE-18378). - i40e: Fix for VF MAC address 0 (jsc#SLE-18378). - i40e: Fix incorrect address type for IPv6 flow rules (jsc#SLE-18378). - i40e: Fix interface init with MSI interrupts (no MSI-X) (jsc#SLE-18378). - i40e: Fix kernel crash during module removal (jsc#SLE-18378). - i40e: Fix kernel crash during reboot when adapter is in recovery mode (jsc#SLE-18378). - i40e: Fix set max_tx_rate when it is lower than 1 Mbps (jsc#SLE-18378). - i40e: Fix the inability to attach XDP program on downed interface (jsc#SLE-18378). - i40e: Refactor tc mqprio checks (jsc#SLE-18378). - i40e: add double of VLAN header when computing the max MTU (jsc#SLE-18378). - i40e: fix accessing vsi->active_filters without holding lock (jsc#SLE-18378). - i40e: fix flow director packet filter programming (jsc#SLE-18378). - i40e: fix i40e_setup_misc_vector() error handling (jsc#SLE-18378). - i40e: fix registers dump after run ethtool adapter self test (jsc#SLE-18378). - iavf/iavf_main: actually log ->src mask when talking about it (jsc#SLE-18385). - iavf: Detach device during reset task (jsc#SLE-18385). - iavf: Disallow changing rx/tx-frames and rx/tx-frames-irq (jsc#SLE-18385). - iavf: Do not restart Tx queues after reset task failure (jsc#SLE-18385). - iavf: Fix 'tc qdisc show' listing too many queues (jsc#SLE-18385). - iavf: Fix a crash during reset task (jsc#SLE-18385). - iavf: Fix bad page state (jsc#SLE-18385). - iavf: Fix cached head and tail value for iavf_get_tx_pending (jsc#SLE-18385). - iavf: Fix error handling in iavf_init_module() (jsc#SLE-18385). - iavf: Fix max_rate limiting (jsc#SLE-18385). - iavf: Fix race condition between iavf_shutdown and iavf_remove (jsc#SLE-18385). - iavf: Fix set max MTU size with port VLAN and jumbo frames (jsc#SLE-18385). - iavf: fix hang on reboot with ice (jsc#SLE-18385). - iavf: fix inverted Rx hash condition leading to disabled hash (jsc#SLE-18385). - iavf: fix non-tunneled IPv6 UDP packet type and hashing (jsc#SLE-18385). - iavf: remove mask from iavf_irq_enable_queues() (git-fixes). - ice: Fix interrupt moderation settings getting cleared (jsc#SLE-18375). - ice: Set txq_teid to ICE_INVAL_TEID on ring creation (jsc#SLE-18375). - igb: Add lock to avoid data race (jsc#SLE-18379). - igb: Enable SR-IOV after reinit (jsc#SLE-18379). - igb: Initialize mailbox message for VF reset (jsc#SLE-18379). - igb: conditionalize I2C bit banging on external thermal sensor support (jsc#SLE-18379). - igb: fix bit_shift to be in [1..8] range (git-fixes). - igb: fix nvm.ops.read() error handling (git-fixes). - igb: revert rtnl_lock() that causes deadlock (jsc#SLE-18379). - igbvf: Regard vf reset nack as success (jsc#SLE-18379). - igc: Add checking for basetime less than zero (jsc#SLE-18377). - igc: Add ndo_tx_timeout support (jsc#SLE-18377). - igc: Clean the TX buffer and TX descriptor ring (git-fixes). - igc: Enhance Qbv scheduling by using first flag bit (jsc#SLE-18377). - igc: Fix PPS delta between two synchronized end-points (jsc#SLE-18377). - igc: Fix possible system crash when loading module (git-fixes). - igc: Lift TAPRIO schedule restriction (jsc#SLE-18377). - igc: Reinstate IGC_REMOVED logic and implement it properly (jsc#SLE-18377). - igc: Set Qbv start_time and end_time to end_time if not being configured in GCL (jsc#SLE-18377). - igc: Use strict cycles for Qbv scheduling (jsc#SLE-18377). - igc: allow BaseTime 0 enrollment for Qbv (jsc#SLE-18377). - igc: fix the validation logic for taprio's gate list (jsc#SLE-18377). - igc: read before write to SRRCTL register (jsc#SLE-18377). - igc: recalculate Qbv end_time by considering cycle time (jsc#SLE-18377). - igc: return an error if the mac type is unknown in igc_ptp_systim_to_hwtstamp() (jsc#SLE-18377). - iio: accel: st_accel: Fix invalid mount_matrix on devices without ACPI _ONT method (git-fixes). - iio: adc: ad7192: Change 'shorted' channels to differential (git-fixes). - iio: adc: ad_sigma_delta: Fix IRQ issue by setting IRQ_DISABLE_UNLAZY flag (git-fixes). - iio: adc: mxs-lradc: fix the order of two cleanup operations (git-fixes). - iio: adc: palmas_gpadc: fix NULL dereference on rmmod (git-fixes). - iio: dac: mcp4725: Fix i2c_master_send() return value handling (git-fixes). - iio: imu: inv_icm42600: fix timestamp reset (git-fixes). - iio: light: vcnl4035: fixed chip ID check (git-fixes). - init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1212448). - init: Invoke arch_cpu_finalize_init() earlier (bsc#1212448). - init: Provide arch_cpu_finalize_init() (bsc#1212448). - init: Remove check_bugs() leftovers (bsc#1212448). - intel/igbvf: free irq on the error path in igbvf_request_msix() (jsc#SLE-18379). - ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592). - iwlwifi: cfg: Add missing MODULE_FIRMWARE() for *.pnvm (bsc#1207553). - ixgbe: Allow flow hash to be set via ethtool (jsc#SLE-18384). - ixgbe: Enable setting RSS table to default values (jsc#SLE-18384). - ixgbe: Fix panic during XDP_TX with > 64 CPUs (jsc#SLE-18384). - ixgbe: add double of VLAN header when computing the max MTU (jsc#SLE-18384). - ixgbe: allow to increase MTU to 3K with XDP enabled (jsc#SLE-18384). - ixgbe: fix pci device refcount leak (jsc#SLE-18384). - ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter (jsc#SLE-18384). - jfs: Fix fortify moan in symlink (git-fixes). - kABI workaround for btbcm.c (git-fixes). - kABI workaround for mt76_poll_msec() (git-fixes). - kABI: Fix kABI after backport Emulate RDPID only if it is enabled in guest (git-fixes) - kABI: Fixed broken 3rd party dirvers issue (bsc#1208050 bsc#1211414). - kabi/severities: added Microsoft mana symbold (bsc#1210551) - kernel-binary: install expoline.o (boo#1210791 bsc#1211089) - kernel-docs: Add buildrequires on python3-base when using python3 The python3 binary is provided by python3-base. - kernel-docs: Add missing top level chapter numbers on SLE12 SP5 (bsc#1212158). - kernel-source: Remove unused macro variant_symbols - kernel-spec-macros: Fix up obsolete_rebuilds_subpackage to generate obsoletes correctly (boo#1172073 bsc#1191731). - kprobe: reverse kp->flags when arm_kprobe failed (git-fixes). - kprobes: Fix check for probe enabled in kill_kprobe() (git-fixes). - kprobes: Fix to handle forcibly unoptimized kprobes on freeing_list (git-fixes). - kprobes: Forbid probing on trampoline and BPF code areas (git-fixes). - kprobes: Prohibit probes in gate area (git-fixes). - kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case (git-fixes). - kprobes: do not call disarm_kprobe() for disabled kprobes (git-fixes). - kvm: x86: Disable KVM_HC_CLOCK_PAIRING if tsc is in always catchup mode (git-fixes). - leds: Fix reference to led_set_brightness() in doc (git-fixes). - leds: TI_LMU_COMMON: select REGMAP instead of depending on it (git-fixes). - leds: tca6507: Fix error handling of using fwnode_property_read_string (git-fixes). - libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value (git-fixes). - locking/rwsem: Add __always_inline annotation to __down_read_common() and inlined callers (git-fixes). - lpfc: Account for fabric domain ctlr device loss recovery (bsc#1211346, bsc#1211852). - lpfc: Change firmware upgrade logging to KERN_NOTICE instead of TRACE_EVENT (bsc#1211852). - lpfc: Clean up SLI-4 CQE status handling (bsc#1211852). - lpfc: Clear NLP_IN_DEV_LOSS flag if already in rediscovery (bsc#1211852). - lpfc: Copyright updates for 14.2.0.13 patches (bsc#1211852). - lpfc: Enhance congestion statistics collection (bsc#1211852). - lpfc: Fix use-after-free rport memory access in lpfc_register_remote_port (bsc#1211852, bsc#1208410, bsc#1211346). - lpfc: Revise NPIV ELS unsol rcv cmpl logic to drop ndlp based on nlp_state (bsc#1211852). - lpfc: Update lpfc version to 14.2.0.13 (bsc#1211852). - mailbox: mailbox-test: Fix potential double-free in mbox_test_message_write() (git-fixes). - mailbox: mailbox-test: fix a locking issue in mbox_test_message_write() (git-fixes). - mailbox: zynqmp: Fix IPI isr handling (git-fixes). - mailbox: zynqmp: Fix typo in IPI documentation (git-fixes). - mce: fix set_mce_nospec to always unmap the whole page (git-fixes). - media: cx23885: Fix a null-ptr-deref bug in buffer_prepare() and buffer_finish() (git-fixes). - media: dvb-usb-v2: ce6230: fix null-ptr-deref in ce6230_i2c_master_xfer() (git-fixes). - media: dvb-usb-v2: ec168: fix null-ptr-deref in ec168_i2c_xfer() (git-fixes). - media: dvb-usb-v2: rtl28xxu: fix null-ptr-deref in rtl28xxu_i2c_xfer (git-fixes). - media: dvb-usb: az6027: fix three null-ptr-deref in az6027_i2c_xfer() (git-fixes). - media: dvb-usb: digitv: fix null-ptr-deref in digitv_i2c_xfer() (git-fixes). - media: dvb-usb: dw2102: fix uninit-value in su3000_read_mac_address (git-fixes). - media: dvb_ca_en50221: fix a size write bug (git-fixes). - media: dvb_demux: fix a bug for the continuity counter (git-fixes). - media: mn88443x: fix !CONFIG_OF error by drop of_match_ptr from ID table (git-fixes). - media: netup_unidvb: fix irq init by register it at the end of probe (git-fixes). - media: netup_unidvb: fix use-after-free at del_timer() (git-fixes). - media: pci: tw68: Fix null-ptr-deref bug in buf prepare and finish (git-fixes). - media: radio-shark: Add endpoint checks (git-fixes). - media: rcar_fdp1: Fix the correct variable assignments (git-fixes). - media: rcar_fdp1: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - memstick: r592: Fix UAF bug in r592_remove due to race condition (bsc#1211449). - mfd: dln2: Fix memory leak in dln2_probe() (git-fixes). - mfd: tqmx86: Correct board names for TQMxE39x (git-fixes). - mfd: tqmx86: Do not access I2C_DETECT register through io_base (git-fixes). - misc: fastrpc: reject new invocations during device removal (git-fixes). - misc: fastrpc: return -EPIPE to invocations on device removal (git-fixes). - mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next() (git-fixes). - mm/vmalloc: do not output a spurious warning when huge vmalloc() fails (bsc#1211410). - mm: vmalloc: avoid warn_alloc noise caused by fatal signal (bsc#1211410). - mmc: sdhci-esdhc-imx: make 'no-mmc-hs400' works (git-fixes). - mmc: vub300: fix invalid response handling (git-fixes). - mt76: mt7915: fix incorrect testmode ipg on band 1 caused by wmm_idx (git-fixes). - mtd: rawnand: ingenic: fix empty stub helper definitions (git-fixes). - mtd: rawnand: marvell: do not set the NAND frequency select (git-fixes). - mtd: rawnand: marvell: ensure timing values are written (git-fixes). - net/iucv: Fix size of interrupt data (bsc#1211465 git-fixes). - net/net_failover: fix txq exceeding warning (git-fixes). - net/sched: fix initialization order when updating chain 0 head (git-fixes). - net/sched: flower: fix possible OOB write in fl_set_geneve_opt() (git-fixes). - net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms (git-fixes). - net: accept UFOv6 packages in virtio_net_hdr_to_skb (git-fixes). - net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize (git-fixes). - net: ena: Account for the number of processed bytes in XDP (git-fixes). - net: ena: Do not register memory info on XDP exchange (git-fixes). - net: ena: Fix rx_copybreak value update (git-fixes). - net: ena: Fix toeplitz initial hash value (git-fixes). - net: ena: Set default value for RX interrupt moderation (git-fixes). - net: ena: Update NUMA TPH hint register upon NUMA node update (git-fixes). - net: ena: Use bitmask to indicate packet redirection (git-fixes). - net: hns3: add interrupts re-initialization while doing VF FLR (git-fixes). - net: hns3: fix output information incomplete for dumping tx queue info with debugfs (git-fixes). - net: hns3: fix reset delay time to avoid configuration timeout (git-fixes). - net: hns3: fix sending pfc frames after reset issue (git-fixes). - net: hns3: fix tm port shapping of fibre port is incorrect after driver initialization (git-fixes). - net: mana: Add new MANA VF performance counters for easier troubleshooting (bsc#1209982). - net: mana: Add support for auxiliary device (bsc#1210741 jsc#PED-4022). - net: mana: Add support for jumbo frame (bsc#1210551). - net: mana: Check if netdev/napi_alloc_frag returns single page (bsc#1210551). - net: mana: Define and process GDMA response code GDMA_STATUS_MORE_ENTRIES (bsc#1210741 jsc#PED-4022). - net: mana: Define data structures for allocating doorbell page from GDMA (bsc#1210741 jsc#PED-4022). - net: mana: Define data structures for protection domain and memory registration (bsc#1210741 jsc#PED-4022). - net: mana: Define max values for SGL entries (bsc#1210741 jsc#PED-4022). - net: mana: Enable RX path to handle various MTU sizes (bsc#1210551). - net: mana: Export Work Queue functions for use by RDMA driver (bsc#1210741 jsc#PED-4022). - net: mana: Fix perf regression: remove rx_cqes, tx_cqes counters (git-fixes). - net: mana: Handle vport sharing between devices (bsc#1210741 jsc#PED-4022). - net: mana: Move header files to a common location (bsc#1210741 jsc#PED-4022). - net: mana: Record port number in netdev (bsc#1210741 jsc#PED-4022). - net: mana: Record the physical address for doorbell page region (bsc#1210741 jsc#PED-4022). - net: mana: Refactor RX buffer allocation code to prepare for various MTU (bsc#1210551). - net: mana: Rename mana_refill_rxoob and remove some empty lines (bsc#1210551). - net: mana: Set the DMA device max segment size (bsc#1210741 jsc#PED-4022). - net: mana: Use napi_build_skb in RX path (bsc#1210551). - net: mdio: mvusb: Fix an error handling path in mvusb_mdio_probe() (git-fixes). - net: mellanox: mlxbf_gige: Fix skb_panic splat under memory pressure (bsc#1211564). - net: phy: dp83867: add w/a for packet errors seen with short cables (git-fixes). - net: qrtr: correct types of trace event parameters (git-fixes). - net: sched: fix possible refcount leak in tc_chain_tmplt_add() (git-fixes). - net: skip virtio_net_hdr_set_proto if protocol already set (git-fixes). - net: tun: avoid disabling NAPI twice (git-fixes). - net: tun: fix bugs for oversize packet when napi frags enabled (git-fixes). - net: tun: stop NAPI when detaching queues (git-fixes). - net: tun: unlink NAPI from device on destruction (git-fixes). - net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818 (git-fixes). - net: usb: qmi_wwan: add support for Compal RXM-G1 (git-fixes). - net: virtio_net_hdr_to_skb: count transport header in UFO (git-fixes). - nfp: only report pause frame configuration for physical device (git-fixes). - nilfs2: do not write dirty data after degenerating to read-only (git-fixes). - nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key() (git-fixes). - nilfs2: fix infinite loop in nilfs_mdt_get_block() (git-fixes). - nilfs2: fix possible out-of-bounds segment allocation in resize ioctl (git-fixes). - nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode() (git-fixes). - nouveau: fix client work fence deletion race (git-fixes). - nvme-fc: fix a missing queue put in nvmet_fc_ls_create_association (git-fixes). - nvme-multipath: fix hang when disk goes live over reconnect (git-fixes). - nvme-pci: add quirks for Samsung X5 SSDs (git-fixes). - nvme-pci: add the IGNORE_DEV_SUBNQN quirk for Intel P4500/P4600 SSDs (git-fixes). - nvme-pci: avoid the deepest sleep state on ZHITAI TiPro5000 SSDs (git-fixes). - nvme-pci: avoid the deepest sleep state on ZHITAI TiPro7000 SSDs (git-fixes). - nvme-pci: clear the prp2 field when not used (git-fixes). - nvme-pci: disable write zeroes on various Kingston SSD (git-fixes). - nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (git-fixes). - nvme-pci: mark Lexar NM760 as IGNORE_DEV_SUBNQN (git-fixes). - nvme-pci: set min_align_mask before calculating max_hw_sectors (git-fixes). - nvme-tcp: fix a possible UAF when failing to allocate an io queue (git-fixes). - nvme-tcp: fix bogus request completion when failing to send AER (git-fixes). - nvme-tcp: lockdep: annotate in-kernel sockets (git-fixes). - nvme: add a bogus subsystem NQN quirk for Micron MTFDKBA2T0TFH (git-fixes). - nvme: also return I/O command effects from nvme_command_effects (git-fixes). - nvme: check for duplicate identifiers earlier (git-fixes). - nvme: cleanup __nvme_check_ids (git-fixes). - nvme: fix discard support without oncs (git-fixes). - nvme: fix interpretation of DMRSL (git-fixes). - nvme: fix multipath crash caused by flush request when blktrace is enabled (git-fixes). - nvme: fix passthrough csi check (git-fixes). - nvme: generalize the nvme_multi_css check in nvme_scan_ns (git-fixes). - nvme: move the Samsung X5 quirk entry to the core quirks (git-fixes). - nvme: rename nvme_validate_or_alloc_ns to nvme_scan_ns (git-fixes). - nvme: set non-mdts limits in nvme_scan_work (git-fixes). - nvmet-tcp: add bounds check on Transfer Tag (git-fixes). - nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during queue teardown (git-fixes). - nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change() (git-fixes). - nvmet: fix mar and mor off-by-one errors (git-fixes). - nvmet: fix memory leak in nvmet_subsys_attr_model_store_locked (git-fixes). - nvmet: fix workqueue MEM_RECLAIM flushing dependency (git-fixes). - nvmet: move the call to nvmet_ns_changed out of nvmet_ns_revalidate (git-fixes). - nvmet: use NVME_CMD_EFFECTS_CSUPP instead of open coding it (git-fixes). - octeontx2-pf: Avoid use of GFP_KERNEL in atomic context (git-fixes). - octeontx2-pf: Fix resource leakage in VF driver unbind (git-fixes). - octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt (git-fixes). - octeontx2-pf: Recalculate UDP checksum for ptp 1-step sync packet (git-fixes). - phy: st: miphy28lp: use _poll_timeout functions for waits (git-fixes). - phy: tegra: xusb: Add missing tegra_xusb_port_unregister for usb2_port and ulpi_port (git-fixes). - pinctrl: meson-axg: add missing GPIOA_18 gpio group (git-fixes). - pinctrl: qcom: lpass-lpi: set output value before enabling output (git-fixes). - pinctrl: renesas: r8a779a0: Remove incorrect AVB[01] pinmux configuration (git-fixes). - platform/surface: aggregator: Allow completion work-items to be executed in parallel (git-fixes). - platform/x86: asus-wmi: Ignore WMI events with codes 0x7B, 0xC0 (git-fixes). - platform/x86: hp-wmi: Support touchpad on/off (git-fixes). - platform/x86: intel_scu_pcidrv: Add back PCI ID for Medfield (git-fixes). - platform/x86: thinkpad_acpi: Fix platform profiles on T490 (git-fixes). - platform/x86: touchscreen_dmi: Add info for the Dexp Ursus KX210i (git-fixes). - platform/x86: touchscreen_dmi: Add upside-down quirk for GDIX1002 ts on the Juno Tablet (git-fixes). - power: supply: Fix logic checking if system is running from battery (git-fixes). - power: supply: Ratelimit no data debug output (git-fixes). - power: supply: ab8500: Fix external_power_changed race (git-fixes). - power: supply: bq24190_charger: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes). - power: supply: bq27xxx: Add cache parameter to bq27xxx_battery_current_and_status() (git-fixes). - power: supply: bq27xxx: After charger plug in/out wait 0.5s for things to stabilize (git-fixes). - power: supply: bq27xxx: Ensure power_supply_changed() is called on current sign changes (git-fixes). - power: supply: bq27xxx: Fix I2C IRQ race on remove (git-fixes). - power: supply: bq27xxx: Fix bq27xxx_battery_update() race condition (git-fixes). - power: supply: bq27xxx: Fix poll_interval handling and races on remove (git-fixes). - power: supply: bq27xxx: Move bq27xxx_battery_update() down (git-fixes). - power: supply: bq27xxx: Use mod_delayed_work() instead of cancel() + schedule() (git-fixes). - power: supply: bq27xxx: expose battery data when CI=1 (git-fixes). - power: supply: leds: Fix blink to LED on transition (git-fixes). - power: supply: sbs-charger: Fix INHIBITED bit for Status reg (git-fixes). - power: supply: sc27xx: Fix external_power_changed race (git-fixes). - powerpc/64s/radix: Fix soft dirty tracking (bsc#1065729). - powerpc/64s: Make POWER10 and later use pause_short in cpu_relax loops (bsc#1209367 ltc#195662). - powerpc/iommu: DMA address offset is incorrectly calculated with 2MB TCEs (jsc#SLE-19556 git-fixes). - powerpc/purgatory: remove PGO flags (bsc#1194869). - powerpc/rtas: use memmove for potentially overlapping buffer copy (bsc#1065729). - powerpc: Do not try to copy PPR for task with NULL pt_regs (bsc#1065729). - powerpc: Redefine HMT_xxx macros as empty on PPC32 (bsc#1209367 ltc#195662). - powerpc: add ISA v3.0 / v3.1 wait opcode macro (bsc#1209367 ltc#195662). - pstore: Revert pmsg_lock back to a normal mutex (git-fixes). - purgatory: fix disabling debug info (git-fixes). - pwm: meson: Fix axg ao mux parents (git-fixes). - pwm: meson: Fix g12a ao clk81 name (git-fixes). - qed/qed_dev: guard against a possible division by zero (jsc#SLE-19001). - qed/qed_mng_tlv: correctly zero out ->min instead of ->hour (jsc#SLE-19001). - qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info (jsc#SLE-19001). - qed/qede: Fix scheduling while atomic (git-fixes). - qed: allow sleep in qed_mcp_trace_dump() (jsc#SLE-19001). - qede: execute xdp_do_flush() before napi_complete_done() (jsc#SLE-19001). - r8152: fix flow control issue of RTL8156A (git-fixes). - r8152: fix the poor throughput for 2.5G devices (git-fixes). - r8152: move setting r8153b_rx_agg_chg_indicate() (git-fixes). - rcu: Fix missing TICK_DEP_MASK_RCU_EXP dependency check (git-fixes). - regmap: Account for register length when chunking (git-fixes). - regmap: cache: Return error in cache sync operations for REGCACHE_NONE (git-fixes). - regmap: spi-avmm: Fix regmap_bus max_raw_write (git-fixes). - regulator: Fix error checking for debugfs_create_dir (git-fixes). - regulator: mt6359: add read check for PMIC MT6359 (git-fixes). - regulator: pca9450: Fix BUCK2 enable_mask (git-fixes). - regulator: pca9450: Fix LDO3OUT and LDO4OUT MASK (git-fixes). - reiserfs: Add missing calls to reiserfs_security_free() (git-fixes). - reiserfs: Add security prefix to xattr name in reiserfs_security_write() (git-fixes). - remoteproc: stm32_rproc: Add mutex protection for workqueue (git-fixes). - revert 'squashfs: harden sanity check in squashfs_read_xattr_id_table' (git-fixes). - ring-buffer: Ensure proper resetting of atomic variables in ring_buffer_reset_online_cpus (git-fixes). - ring-buffer: Fix kernel-doc (git-fixes). - ring-buffer: Sync IRQ works before buffer destruction (git-fixes). - rpm/constraints.in: Increase disk size constraint for riscv64 to 52GB - rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm - rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435) - rpm/kernel-source.spec.in: Add patches.drm for moved DRM patches - rtmutex: Ensure that the top waiter is always woken up (git-fixes). - s390/ap: fix crash on older machines based on QCI info missing (bsc#1210947) - s390/ctcm: Fix return type of ctc{mp,}m_tx() (git-fixes bsc#1211686). - s390/dasd: Use correct lock while counting channel queue length (git-fixes bsc#1212592). - s390/dasd: fix hanging blockdevice after request requeue (git-fixes bsc#1211687). - s390/extmem: return correct segment type in __segment_load() (bsc#1210450 git-fixes). - s390/kprobes: fix current_kprobe never cleared after kprobes reenter (git-fixes bsc#1211688). - s390/kprobes: fix irq mask clobbering on kprobe reenter from post_handler (git-fixes bsc#1211689). - s390/lcs: Fix return type of lcs_start_xmit() (git-fixes bsc#1211690). - s390/mem_detect: fix detect_memory() error handling (git-fixes bsc#1211691). - s390/netiucv: Fix return type of netiucv_tx() (git-fixes bsc#1211692). - s390/qdio: fix do_sqbs() inline assembly constraint (git-fixes bsc#1211693). - s390/qeth: fix use-after-free in hsci (bsc#1210449 git-fixes). - s390/uaccess: add missing earlyclobber annotations to __clear_user() (bsc#1209856 git-fixes). - s390/vdso: remove -nostdlib compiler flag (git-fixes bsc#1211714). - s390: Hard lockups are observed while running stress-ng and LPAR hangs (bsc#1195655 ltc#195733). - scsi: core: Decrease scsi_device's iorequest_cnt if dispatch failed (git-fixes). - scsi: core: Improve scsi_vpd_inquiry() checks (git-fixes). - scsi: hisi_sas: Handle NCQ error when IPTT is valid (git-fixes). - scsi: libsas: Add sas_ata_device_link_abort() (git-fixes). - scsi: libsas: Grab the ATA port lock in sas_ata_device_link_abort() (git-fixes). - scsi: lpfc: Add new RCQE status for handling DMA failures (bsc#1211847). - scsi: lpfc: Fix double free in lpfc_cmpl_els_logo_acc() caused by lpfc_nlp_not_used() (bsc#1211847). - scsi: lpfc: Fix verbose logging for SCSI commands issued to SES devices (bsc#1211847). - scsi: lpfc: Match lock ordering of lpfc_cmd->buf_lock and hbalock for abort paths (bsc#1211847). - scsi: lpfc: Replace blk_irq_poll intr handler with threaded IRQ (bsc#1211847). - scsi: lpfc: Update congestion warning notification period (bsc#1211847). - scsi: lpfc: Update lpfc version to 14.2.0.12 (bsc#1211847). - scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS (git-fixes). - scsi: megaraid_sas: Fix fw_crash_buffer_show() (git-fixes). - scsi: qedi: Fix use after free bug in qedi_remove() (git-fixes). - scsi: qla2xxx: Drop redundant pci_enable_pcie_error_reporting() (bsc#1211960). - scsi: qla2xxx: Fix hang in task management (bsc#1211960). - scsi: qla2xxx: Fix mem access after free (bsc#1211960). - scsi: qla2xxx: Fix task management cmd fail due to unavailable resource (bsc#1211960). - scsi: qla2xxx: Fix task management cmd failure (bsc#1211960). - scsi: qla2xxx: Multi-que support for TMF (bsc#1211960). - scsi: qla2xxx: Refer directly to the qla2xxx_driver_template (bsc#1211960). - scsi: qla2xxx: Remove default fabric ops callouts (bsc#1211960). - scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy() (bsc#1211960). - scsi: qla2xxx: Update version to 10.02.08.300-k (bsc#1211960). - scsi: qla2xxx: Wait for io return on terminate rport (bsc#1211960). - scsi: ses: Handle enclosure with just a primary component gracefully (git-fixes). - scsi: stex: Fix gcc 13 warnings (git-fixes). - scsi: storvsc: Do not pass unused PFNs to Hyper-V host (git-fixes). - selftests mount: Fix mount_setattr_test builds failed (git-fixes). - selftests/ptp: Fix timestamp printf format for PTP_SYS_OFFSET (git-fixes). - selftests/resctrl: Allow ->setup() to return errors (git-fixes). - selftests/resctrl: Check for return value after write_schemata() (git-fixes). - selftests/resctrl: Extend CPU vendor detection (git-fixes). - selftests/resctrl: Move ->setup() call outside of test specific branches (git-fixes). - selftests/resctrl: Return NULL if malloc_and_init_memory() did not alloc mem (git-fixes). - selftests/sgx: Add 'test_encl.elf' to TEST_FILES (git-fixes). - selftests: mptcp: connect: skip if MPTCP is not supported (git-fixes). - selftests: mptcp: pm nl: skip if MPTCP is not supported (git-fixes). - selftests: mptcp: sockopt: skip if MPTCP is not supported (git-fixes). - selftests: seg6: disable DAD on IPv6 router cfg for srv6_end_dt4_l3vpn_test (git-fixes). - selftests: srv6: make srv6_end_dt46_l3vpn_test more robust (git-fixes). - selftests: xsk: Disable IPv6 on VETH1 (git-fixes). - selftets: seg6: disable rp_filter by default in srv6_end_dt4_l3vpn_test (git-fixes). - selinux: do not use make's grouped targets feature yet (git-fixes). - serial: 8250: Reinit port->pm on port specific driver unbind (git-fixes). - serial: 8250_bcm7271: balance clk_enable calls (git-fixes). - serial: 8250_bcm7271: fix leak in `brcmuart_probe` (git-fixes). - serial: 8250_exar: Add support for USR298x PCI Modems (git-fixes). - serial: 8250_tegra: Fix an error handling path in tegra_uart_probe() (git-fixes). - serial: Add support for Advantech PCI-1611U card (git-fixes). - serial: arc_uart: fix of_iomap leak in `arc_serial_probe` (git-fixes). - serial: lantiq: add missing interrupt ack (git-fixes). - serial: qcom-geni: fix enabling deactivated interrupt (git-fixes). - serial: stm32: re-introduce an irq flag condition in usart_receive_chars (git-fixes). - sfc: Change VF mac via PF as first preference if available (git-fixes). - sfc: Fix module EEPROM reporting for QSFP modules (git-fixes). - sfc: Fix use-after-free due to selftest_work (git-fixes). - sfc: correctly advertise tunneled IPv6 segmentation (git-fixes). - sfc: disable RXFCS and RXALL features by default (git-fixes). - sfc: ef10: do not overwrite offload features at NIC reset (git-fixes). - sfc: fix TX channel offset when using legacy interrupts (git-fixes). - sfc: fix considering that all channels have TX queues (git-fixes). - sfc: fix null pointer dereference in efx_hard_start_xmit (git-fixes). - sfc: fix wrong tx channel offset with efx_separate_tx_channels (git-fixes). - sfc: include vport_id in filter spec hash and equal() (git-fixes). - smb3: display debug information better for encryption (bsc#1193629). - smb3: fix problem remounting a share after shutdown (bsc#1193629). - smb3: improve parallel reads of large files (bsc#1193629). - smb3: make query_on_disk_id open context consistent and move to common code (bsc#1193629). - smb3: move some common open context structs to smbfs_common (bsc#1193629). - soundwire: qcom: correct setting ignore bit on v1.5.1 (git-fixes). - soundwire: qcom: gracefully handle too many ports in DT (git-fixes). - spi: fsl-dspi: avoid SCK glitches with continuous transfers (git-fixes). - spi: qup: Request DMA before enabling clocks (git-fixes). - spi: spi-imx: fix MX51_ECSPI_* macros when cs > 3 (git-fixes). - spi: spi-imx: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes). - spi: tegra210-quad: Fix combined sequence (bsc#1212584) - spi: tegra210-quad: Fix iterator outside loop (git-fixes). - spi: tegra210-quad: Multi-cs support (bsc#1212584) - squashfs: harden sanity check in squashfs_read_xattr_id_table (git-fixes). - staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE (git-fixes). - struct ci_hdrc: hide new member at end (git-fixes). - supported.conf: Move bt878 and bttv modules to kernel-*-extra (jsc#PED-3931) - supported.conf: mark mana_ib supported - swiotlb: relocate PageHighMem test away from rmem_swiotlb_setup (git-fixes). - test_firmware: Use kstrtobool() instead of strtobool() (git-fixes). - test_firmware: fix the memory leak of the allocated firmware buffer (git-fixes). - test_firmware: prevent race conditions by a correct implementation of locking (git-fixes). - thunderbolt: Clear registers properly when auto clear isn't in use (bsc#1210165). - thunderbolt: Mask ring interrupt on Intel hardware as well (bsc#1210165). - thunderbolt: dma_test: Use correct value for absent rings when creating paths (git-fixes). - tls: Skip tls_append_frag on zero copy size (git-fixes). - tools/virtio: compile with -pthread (git-fixes). - tools/virtio: fix the vringh test for virtio ring changes (git-fixes). - tools/virtio: fix virtio_test execution (git-fixes). - tools/virtio: initialize spinlocks in vring_test.c (git-fixes). - tools: bpftool: Remove invalid \' json escape (git-fixes). - tpm, tpm_tis: Claim locality before writing TPM_INT_ENABLE register (git-fixes). - tpm, tpm_tis: Disable interrupts if tpm_tis_probe_irq() failed (git-fixes). - tpm, tpm_tis: Request threaded interrupt handler (git-fixes). - tpm/tpm_tis: Disable interrupts for more Lenovo devices (git-fixes). - tracing/histograms: Allow variables to have some modifiers (git-fixes). - tracing/probe: trace_probe_primary_from_call(): checked list_first_entry (git-fixes). - tracing: Fix permissions for the buffer_percent file (git-fixes). - tracing: Have event format check not flag %p* on __get_dynamic_array() (git-fixes, bsc#1212350). - tracing: Introduce helpers to safely handle dynamic-sized sockaddrs (git-fixes). - tracing: Update print fmt check to handle new __get_sockaddr() macro (git-fixes, bsc#1212350). - tty: serial: fsl_lpuart: use UARTCTRL_TXINV to send break instead of UARTCTRL_SBK (git-fixes). - usb-storage: fix deadlock when a scsi command timeouts more than once (git-fixes). - usb: cdns3: fix NCM gadget RX speed 20x slow than expection at iMX8QM (git-fixes). - usb: chipidea: core: fix possible concurrent when switch role (git-fixes). - usb: dwc3: Align DWC3_EP_* flag macros (git-fixes). - usb: dwc3: Fix a repeated word checkpatch warning (git-fixes). - usb: dwc3: Fix ep0 handling when getting reset while doing control transfer (git-fixes). - usb: dwc3: debugfs: Resume dwc3 before accessing registers (git-fixes). - usb: dwc3: drd: use helper to get role-switch-default-mode (git-fixes). - usb: dwc3: ep0: Do not prepare beyond Setup stage (git-fixes). - usb: dwc3: gadget: Delay issuing End Transfer (git-fixes). - usb: dwc3: gadget: Execute gadget stop after halting the controller (git-fixes). - usb: dwc3: gadget: Improve dwc3_gadget_suspend() and dwc3_gadget_resume() (git-fixes). - usb: dwc3: gadget: Only End Transfer for ep0 data phase (git-fixes). - usb: dwc3: gadget: Reset num TRBs before giving back the request (git-fixes). - usb: dwc3: gadget: Stall and restart EP0 if host is unresponsive (git-fixes). - usb: dwc3: remove a possible unnecessary 'out of memory' message (git-fixes). - usb: gadget: f_fs: Add unbind event before functionfs_unbind (git-fixes). - usb: gadget: u_ether: Fix host MAC address case (git-fixes). - usb: mtu3: fix kernel panic at qmu transfer done irq handler (git-fixes). - usb: typec: altmodes/displayport: fix pin_assignment_show (git-fixes). - usb: typec: tcpm: fix multiple times discover svids error (git-fixes). - usb: typec: ucsi: Fix command cancellation (git-fixes). - usb: usbfs: Enforce page requirements for mmap (git-fixes). - usb: usbfs: Use consistent mmap functions (git-fixes). - usrmerge: Compatibility with earlier rpm (boo#1211796) - vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF (git-fixes). - vdpa: fix use-after-free on vp_vdpa_remove (git-fixes). - vhost/net: Clear the pending messages when the backend is removed (git-fixes). - virtio-net: Keep stop() to follow mirror sequence of open() (git-fixes). - virtio-net: execute xdp_do_flush() before napi_complete_done() (git-fixes). - virtio_net: bugfix overflow inside xdp_linearize_page() (git-fixes). - virtio_net: split free_unused_bufs() (git-fixes). - virtio_net: suppress cpu stall when free_unused_bufs (git-fixes). - watchdog: dw_wdt: Fix the error handling path of dw_wdt_drv_probe() (git-fixes). - watchdog: menz069_wdt: fix watchdog initialisation (git-fixes). - watchdog: sp5100_tco: Immediately trigger upon starting (git-fixes). - wifi: ath11k: Fix SKB corruption in REO destination ring (git-fixes). - wifi: ath: Silence memcpy run-time false positive warning (git-fixes). - wifi: b43: fix incorrect __packed annotation (git-fixes). - wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex (git-fixes). - wifi: cfg80211: fix locking in regulatory disconnect (git-fixes). - wifi: cfg80211: fix locking in sched scan stop work (git-fixes). - wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace (git-fixes). - wifi: iwlwifi: fix OEM's name in the ppag approved list (git-fixes). - wifi: iwlwifi: fw: fix DBGI dump (git-fixes). - wifi: iwlwifi: mvm: do not trust firmware n_channels (git-fixes). - wifi: iwlwifi: mvm: fix OEM's name in the tas approved list (git-fixes). - wifi: iwlwifi: mvm: fix cancel_delayed_work_sync() deadlock (git-fixes). - wifi: iwlwifi: pcie: Fix integer overflow in iwl_write_to_user_buf (git-fixes). - wifi: iwlwifi: pcie: fix possible NULL pointer dereference (git-fixes). - wifi: mac80211: fix min center freq offset tracing (git-fixes). - wifi: mac80211: simplify chanctx allocation (git-fixes). - wifi: mt76: add flexible polling wait-interval support (git-fixes). - wifi: mt76: mt7615: fix possible race in mt7615_mac_sta_poll (git-fixes). - wifi: mt76: mt7921e: Set memory space enable in PCI_COMMAND if unset (git-fixes). - wifi: mt76: mt7921e: fix probe timeout after reboot (git-fixes). - wifi: mt76: mt7921e: improve reliability of dma reset (git-fixes). - wifi: rtl8xxxu: RTL8192EU always needs full init (git-fixes). - wifi: rtl8xxxu: fix authentication timeout due to incorrect RCR value (git-fixes). - workqueue: Fix hung time report of worker pools (bsc#1211044). - workqueue: Interrupted create_worker() is not a repeated event (bsc#1211044). - workqueue: Print backtraces from CPUs with hung CPU bound workqueues (bsc#1211044). - workqueue: Warn when a new worker could not be created (bsc#1211044). - workqueue: Warn when a rescuer could not be created (bsc#1211044). - x86, sched: Fix undefined reference to init_freq_invariance_cppc() build error (git-fixes). - x86/MCE/AMD: Use an u64 for bank_map (git-fixes). - x86/alternative: Make debug-alternative selective (bsc#1206578). - x86/alternative: Report missing return thunk details (git-fixes). - x86/alternative: Support relocations in alternatives (bsc#1206578). - x86/amd: Use IBPB for firmware calls (git-fixes). - x86/boot: Skip realmode init code when running as Xen PV guest (git-fixes). - x86/bugs: Add 'unknown' reporting for MMIO Stale Data (git-fixes). - x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available (git-fixes). - x86/bugs: Warn when 'ibrs' mitigation is selected on Enhanced IBRS parts (git-fixes). - x86/cpu: Switch to arch_cpu_finalize_init() (bsc#1212448). - x86/crash: Disable virt in core NMI crash handler to avoid double shootdown (git-fixes). - x86/delay: Fix the wrong asm constraint in delay_loop() (git-fixes). - x86/entry: Build thunk_$(BITS) only if CONFIG_PREEMPTION=y (git-fixes). - x86/fault: Cast an argument to the proper address space in prefetch() (git-fixes). - x86/fpu/xsave: Initialize offset/size cache early (bsc#1211205). - x86/fpu: Fix copy_xstate_to_uabi() to copy init states correctly (git-fixes). - x86/fpu: Fix the init_fpstate size check with the actual size (git-fixes). - x86/fpu: Mark init functions __init (bsc#1212448). - x86/fpu: Move FPU initialization into arch_cpu_finalize_init() (bsc#1212448). - x86/fpu: Remove cpuinfo argument from init functions (bsc#1212448). - x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN (git-fixes). - x86/hyperv: Block root partition functionality in a Confidential VM (git-fixes). - x86/init: Initialize signal frame size late (bsc#1212448). - x86/kprobes: Fix __recover_optprobed_insn check optimizing logic (git-fixes). - x86/lib/memmove: Decouple ERMS from FSRM (bsc#1206578). - x86/mce: relocate set{clear}_mce_nospec() functions (git-fixes). This is a preparation for the next patch - x86/microcode/AMD: Add a @cpu parameter to the reloading functions (git-fixes). - x86/microcode/AMD: Fix mixed steppings support (git-fixes). - x86/microcode/AMD: Track patch allocation size explicitly (git-fixes). - x86/microcode: Add a parameter to microcode_check() to store CPU capabilities (git-fixes). - x86/microcode: Add explicit CPU vendor dependency (git-fixes). - x86/microcode: Adjust late loading result reporting message (git-fixes). - x86/microcode: Check CPU capabilities after late microcode update correctly (git-fixes). - x86/microcode: Rip out the OLD_INTERFACE (git-fixes). - x86/mm: Cleanup the control_va_addr_alignment() __setup handler (git-fixes). - x86/mm: Use proper mask when setting PUD mapping (git-fixes). - x86/mm: fix poking_init() for Xen PV guests (git-fixes). - x86/nospec: Unwreck the RSB stuffing (git-fixes). - x86/numa: Use cpumask_available instead of hardcoded NULL check (git-fixes). - x86/pat: Fix x86_has_pat_wp() (git-fixes). - x86/pm: Add enumeration check before spec MSRs save/restore setup (git-fixes). - x86/reboot: Disable SVM, not just VMX, when stopping CPUs (git-fixes). - x86/resctrl: Fix min_cbm_bits for AMD (git-fixes). - x86/sev: Add SEV-SNP guest feature negotiation support (git-fixes). - x86/signal: Fix the value returned by strict_sas_size() (git-fixes). - x86/speculation/mmio: Print SMT warning (git-fixes). - x86/speculation: Identify processors vulnerable to SMT RSB predictions (git-fixes). - x86/static_call: Serialize __static_call_fixup() properly (git-fixes). - x86/syscall: Include asm/ptrace.h in syscall_wrapper header (git-fixes). - x86/topology: Fix duplicated core ID within a package (git-fixes). - x86/topology: Fix multiple packages shown on a single-package system (git-fixes). - x86/tsx: Add a feature bit for TSX control MSR support (git-fixes). - x86: Fix return value of __setup handlers (git-fixes). - x86: drop bogus 'cc' clobber from __try_cmpxchg_user_asm() (git-fixes). - xen/netback: do not do grant copy across page boundary (git-fixes). - xen/netback: use same error messages for same errors (git-fixes). - xfs: fix rm_offset flag handling in rmap keys (git-fixes). - xfs: set bnobt/cntbt numrecs correctly when formatting new AGs (git-fixes). - xhci-pci: Only run d3cold avoidance quirk for s2idle (git-fixes). - xhci: Fix incorrect tracking of free space on transfer rings (git-fixes). ----------------------------------------- Patch: SUSE-2023-2788 Released: Thu Jul 6 11:51:02 2023 Summary: Recommended update for mozilla-nspr, mozilla-nss Severity: moderate References: 1185116,1202118 Description: This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nspr was updated to version 4.35 * fixes for building with clang * use the number of online processors for the PR_GetNumberOfProcessors() API on some platforms * fix build on mips+musl libc * Add support for the LoongArch 64-bit architecture mozilla-nss was update to NSS 3.90: * clang-format lib/freebl/stubs.c * Add a constant time select function * Updating an old dbm with lots of certs with keys to sql results in a database that is slow to access. * output early build errors by default * Update the technical constraints for KamuSM * Add BJCA Global Root CA1 and CA2 root certificates * Enable default UBSan Checks * Add explicit handling of zero length records * Tidy up DTLS ACK Error Handling Path * Refactor zero length record tests * Fix compiler warning via correct assert * run linux tests on nss-t/t-linux-xlarge-gcp * In FIPS mode, nss should reject RSASSA-PSS salt lengths larger than the output size of the hash function used, or provide an indicator * Fix reading raw negative numbers * Repairing unreachable code in clang built with gyp * Integrate Vale Curve25519 * Removing unused flags for Hacl* * Adding a better error message * Update HACL* till 51a72a953a4ee6f91e63b2816ae5c4e62edf35d6 * Fall back to the softokn when writing certificate trust * FIPS-104-3 requires we restart post programmatically * cmd/ecperf: fix dangling pointer warning on gcc 13 * Update ACVP dockerfile for compatibility with debian package changes * Add a CI task for tracking ECCKiila code status, update whitespace in ECCKiila files * Removed deprecated sprintf function and replaced with snprintf * fix rst warnings in nss doc * Fix incorrect pygment style * Change GYP directive to apply across platforms * Add libsmime3 abi-check exception for NSS_CMSSignerInfo_GetDigestAlgTag - Merge the libfreebl3-hmac and libsoftokn3-hmac packages into the respective libraries. (bsc#1185116) update to NSS 3.89.1 * Update the technical constraints for KamuSM. * Add BJCA Global Root CA1 and CA2 root certificates. update to NSS 3.89 * revert freebl/softoken RSA_MIN_MODULUS_BITS increase * PR_STATIC_ASSERT is cursed * Need to add policy control to keys lengths for signatures * Fix unreachable code warning in fuzz builds * Fix various compiler warnings in NSS * Enable various compiler warnings for clang builds * set PORT error after sftk_HMACCmp failure * Need to add policy control to keys lengths for signatures * remove data length assertion in sec_PKCS7Decrypt * Make high tag number assertion failure an error * CKM_SHA384_KEY_DERIVATION correction maximum key length from 284 to 384 * Tolerate certificate_authorities xtn in ClientHello * Fix build failure on Windows * migrate Win 2012 tasks to Azure * fix title length in doc * Add interop tests for HRR and PSK to GREASE suite * Add presence/absence tests for TLS GREASE * Correct addition of GREASE value to ALPN xtn * CH extension permutation * TLS GREASE (RFC8701) * improve handling of unknown PKCS#12 safe bag types * use a different treeherder symbol for each docker image build task * remove nested table in rst doc * Export NSS_CMSSignerInfo_GetDigestAlgTag * build failure while implicitly casting SECStatus to PRUInt32 update to NSS 3.88.1 * improve handling of unknown PKCS#12 safe bag types update to NSS 3.88 * remove nested table in rst doc * Export NSS_CMSSignerInfo_GetDigestAlgTag. * build failure while implicitly casting SECStatus to PRUInt32 * Add check for ClientHello SID max length * Added EarlyData ALPN test support to BoGo shim * ECH client - Discard resumption TLS < 1.3 Session(IDs|Tickets) if ECH configs are setup * On HRR skip PSK incompatible with negotiated ciphersuites hash algorithm * ECH client: Send ech_required alert on server negotiating TLS 1.2. Fixed misleading Gtest, enabled corresponding BoGo test * Added Bogo ECH rejection test support * Added ECH 0Rtt support to BoGo shim * RSA OAEP Wycheproof JSON * RSA decrypt Wycheproof JSON * ECDSA Wycheproof JSON * ECDH Wycheproof JSON * PKCS#1v1.5 wycheproof json * Use X25519 wycheproof json * Move scripts to python3 * Properly link FuzzingEngine for oss-fuzz. * Extending RSA-PSS bltest test coverage (Adding SHA-256 and SHA-384) * NSS needs to move off of DSA for integrity checks * Add initial testing with ACVP vector sets using acvp-rust * Don't clone libFuzzer, rely on clang instead update to NSS 3.87 * NULL password encoding incorrect * Fix rng stub signature for fuzzing builds * Updating the compiler parsing for build * Modification of supported compilers * tstclnt crashes when accessing gnutls server without a user cert in the database. * Add configuration option to enable source-based coverage sanitizer * Update ECCKiila generated files. * Add support for the LoongArch 64-bit architecture * add checks for zero-length RSA modulus to avoid memory errors and failed assertions later * Additional zero-length RSA modulus checks update to NSS 3.86 * conscious language removal in NSS * Set nssckbi version number to 2.60 * Set CKA_NSS_SERVER_DISTRUST_AFTER and CKA_NSS_EMAIL_DISTRUST_AFTER for 3 TrustCor Root Certificates * Remove Staat der Nederlanden EV Root CA from NSS * Remove EC-ACC root cert from NSS * Remove SwissSign Platinum CA - G2 from NSS * Remove Network Solutions Certificate Authority * compress docker image artifact with zstd * Migrate nss from AWS to GCP * Enable static builds in the CI * Removing SAW docker from the NSS build system * Initialising variables in the rsa blinding code * Implementation of the double-signing of the message for ECDSA * Adding exponent blinding for RSA. update to NSS 3.85 * Modification of the primes.c and dhe-params.c in order to have better looking tables * Update zlib in NSS to 1.2.13 * Skip building modutil and shlibsign when building in Firefox * Mark _nss_version_c unused on clang-cl * bmo#1795668 - Remove redundant variable definitions in lowhashtest * Add note about python executable to build instructions. update to NSS 3.84 * Bump minimum NSPR version to 4.35 * Add a flag to disable building libnssckbi. update to NSS 3.83 * Remove set-but-unused variables from SEC_PKCS12DecoderValidateBags * Set nssckbi version number to 2.58 * Add two SECOM root certificates to NSS * Add two DigitalSign root certificates to NSS * Remove Camerfirma Global Chambersign Root from NSS * Added bug reference and description to disabled UnsolicitedServerNameAck bogo ECH test * Removed skipping of ECH on equality of private and public server name * Added comment and bug reference to ECHRandomHRRExtension bogo test * Added Bogo shim client HRR test support. Fixed overwriting of CHInner.random on HRR * Added check for server only sending ECH extension with retry configs in EncryptedExtensions and if not accepting ECH. Changed config setting behavior to skip configs with unsupported mandatory extensions instead of failing * Added ECH client support to BoGo shim. Changed CHInner creation to skip TLS 1.2 only extensions to comply with BoGo * Added ECH server support to BoGo shim. Fixed NSS ECH server accept_confirmation bugs * Update BoGo tests to recent BoringSSL version * Bump minimum NSPR version to 4.34.1 update to NSS 3.82 * check for null template in sec_asn1{d,e}_push_state * QuickDER: Forbid NULL tags with non-zero length * Initialize local variables in TlsConnectTestBase::ConnectAndCheckCipherSuite * Cast the result of GetProcAddress * pk11wrap: Tighten certificate lookup based on PKCS #11 URI. update to NSS 3.81 * Enable aarch64 hardware crypto support on OpenBSD * make NSS_SecureMemcmp 0/1 valued * Add no_application_protocol alert handler and test client error code is set * Gracefully handle null nickname in CERT_GetCertNicknameWithValidity * required for Firefox 104 - raised NSPR requirement to 4.34.1 - changing some Requires from (pre) to generic as (pre) is not sufficient (bsc#1202118) update to NSS 3.80 * Fix SEC_ERROR_ALGORITHM_MISMATCH entry in SECerrs.h. * Add support for asynchronous client auth hooks. * nss-policy-check: make unknown keyword check optional. * GatherBuffer: Reduced plaintext buffer allocations by allocating it on initialization. Replaced redundant code with assert. Debug builds: Added buffer freeing/allocation for each record. * Mark 3.79 as an ESR release. * Bump nssckbi version number for June. * Remove Hellenic Academic 2011 Root. * Add E-Tugra Roots. * Add Certainly Roots. * Add DigitCert Roots. * Protect SFTKSlot needLogin with slotLock. * Compare signature and signatureAlgorithm fields in legacy certificate verifier. * Uninitialized value in cert_VerifyCertChainOld. * Unchecked return code in sec_DecodeSigAlg. * Uninitialized value in cert_ComputeCertType. * Avoid data race on primary password change. * Replace ppc64 dcbzl intrinisic. * Allow LDFLAGS override in makefile builds. ----------------------------------------- Patch: SUSE-2023-2800 Released: Mon Jul 10 07:35:22 2023 Summary: Recommended update for openssl-1_1 Severity: moderate References: 1212623 Description: This update for openssl-1_1 fixes the following issues: - Check the OCSP RESPONSE in openssl s_client command and terminate connection if a revoked certificate is found. [bsc#1212623] ----------------------------------------- Patch: SUSE-2023-2803 Released: Mon Jul 10 16:11:18 2023 Summary: Security update for the Linux Kernel Severity: important References: 1187829,1194869,1210335,1212051,1212265,1212603,1212605,1212606,1212619,1212701,1212741,1212835,1212838,1212842,1212861,1212869,1212892,CVE-2023-1829,CVE-2023-3090,CVE-2023-3111,CVE-2023-3212,CVE-2023-3357,CVE-2023-3358,CVE-2023-3389 Description: The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335). - CVE-2023-3389: Fixed a use-after-free vulnerability in the io_uring subsystem (bsc#1212838). - CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842). - CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051). - CVE-2023-3212: Fixed a NULL pointer dereference flaw in the gfs2 file system (bsc#1212265). - CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606). - CVE-2023-3357: Fixed a NULL pointer dereference flaw in the AMD Sensor Fusion Hub driver (bsc#1212605). The following non-security bugs were fixed: - Get module prefix from kmod (bsc#1212835). - Revert 'mtd: rawnand: arasan: Prevent an unsupported configuration' (git-fixes). - Revert 'net: phy: dp83867: perform soft reset and retain established link' (git-fixes). - alsa: ac97: Fix possible NULL dereference in snd_ac97_mixer (git-fixes). - alsa: hda/realtek: Add 'Intel Reference board' and 'NUC 13' SSID in the ALC256 (git-fixes). - alsa: hda/realtek: Add quirk for ASUS ROG G634Z (git-fixes). - alsa: hda/realtek: Add quirk for ASUS ROG GV601V (git-fixes). - alsa: hda/realtek: Add quirks for ASUS GU604V and GU603V (git-fixes). - alsa: hda/realtek: Add quirks for ROG ALLY CS35l41 audio (git-fixes). - alsa: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook (git-fixes). - amdgpu: validate offset_in_bo of drm_amdgpu_gem_va (git-fixes). - arm64: Add missing Set/Way CMO encodings (git-fixes). - arm64: dts: Move BCM4908 dts to bcmbca folder (git-fixes) - arm64: dts: broadcom: bcmbca: bcm4908: fix NAND interrupt name (git-fixes) - arm64: dts: broadcom: bcmbca: bcm4908: fix procmon nodename (git-fixes) - arm64: dts: imx8mn-var-som: fix PHY detection bug by adding deassert (git-fixes) - arm: dts: Fix erroneous ADS touchscreen polarities (git-fixes). - asoc: es8316: Do not set rate constraints for unsupported MCLKs (git-fixes). - asoc: es8316: Increment max value for ALC Capture Target Volume control (git-fixes). - asoc: imx-audmix: check return value of devm_kasprintf() (git-fixes). - asoc: mediatek: mt8173: Fix irq error path (git-fixes). - asoc: nau8824: Add quirk to active-high jack-detect (git-fixes). - asoc: simple-card: Add missing of_node_put() in case of error (git-fixes). - bus: fsl-mc: fsl-mc-allocator: Drop a write-only variable (git-fixes). - bus: ti-sysc: Fix dispc quirk masking bool variables (git-fixes). - can: isotp: isotp_sendmsg(): fix return error fix on TX path (git-fixes). - can: kvaser_pciefd: Remove handler for unused KVASER_PCIEFD_PACK_TYPE_EFRAME_ACK (git-fixes). - can: kvaser_pciefd: Remove useless write to interrupt register (git-fixes). - can: length: fix bitstuffing count (git-fixes). - can: length: fix description of the RRS field (git-fixes). - can: length: make header self contained (git-fixes). - clk: Fix memory leak in devm_clk_notifier_register() (git-fixes). - clk: cdce925: check return value of kasprintf() (git-fixes). - clk: imx: clk-imx8mn: fix memory leak in imx8mn_clocks_probe (git-fixes). - clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe() (git-fixes). - clk: imx: scu: use _safe list iterator to avoid a use after free (git-fixes). - clk: keystone: sci-clk: check return value of kasprintf() (git-fixes). - clk: samsung: Add Exynos4212 compatible to CLKOUT driver (git-fixes). - clk: si5341: check return value of {devm_}kasprintf() (git-fixes). - clk: si5341: free unused memory on probe failure (git-fixes). - clk: si5341: return error if one synth clock registration fails (git-fixes). - clk: tegra: tegra124-emc: Fix potential memory leak (git-fixes). - clk: ti: clkctrl: check return value of kasprintf() (git-fixes). - clk: vc5: check memory returned by kasprintf() (git-fixes). - clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe (git-fixes). - crypto: marvell/cesa - Fix type mismatch warning (git-fixes). - crypto: nx - fix build warnings when DEBUG_FS is not enabled (git-fixes). - drivers: meson: secure-pwrc: always enable DMA domain (git-fixes). - drm/amd/display: Add logging for display MALL refresh setting (git-fixes). - drm/amd/display: Add minimal pipe split transition state (git-fixes). - drm/amd/display: Add wrapper to call planes and stream update (git-fixes). - drm/amd/display: Explicitly specify update type per plane info change (git-fixes). - drm/amd/display: Fix artifacting on eDP panels when engaging freesync video mode (git-fixes). - drm/amd/display: Use dc_update_planes_and_stream (git-fixes). - drm/amd/display: drop redundant memset() in get_available_dsc_slices() (git-fixes). - drm/amd/display: fix the system hang while disable PSR (git-fixes). - drm/amdkfd: Fix potential deallocation of previously deallocated memory (git-fixes). - drm/bridge: tc358768: always enable HS video mode (git-fixes). - drm/bridge: tc358768: fix PLL parameters computation (git-fixes). - drm/bridge: tc358768: fix PLL target frequency (git-fixes). - drm/bridge: tc358768: fix TCLK_ZEROCNT computation (git-fixes). - drm/bridge: tc358768: fix TXTAGOCNT computation (git-fixes). - drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl (git-fixes). - drm/exynos: vidi: fix a wrong error return (git-fixes). - drm/i915/gvt: remove unused variable gma_bottom in command parser (git-fixes). - drm/msm/adreno: fix sparse warnings in a6xx code (git-fixes). - drm/msm/dp: Free resources after unregistering them (git-fixes). - drm/msm/dpu: correct MERGE_3D length (git-fixes). - drm/msm/dpu: do not enable color-management if DSPPs are not available (git-fixes). - drm/msm/dsi: do not allow enabling 14nm VCO with unprogrammed rate (git-fixes). - drm/panel: sharp-ls043t1le01: adjust mode settings (git-fixes). - drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H (git-fixes). - drm/radeon: fix possible division-by-zero errors (git-fixes). - drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl (git-fixes). - drm/rockchip: vop: Leave vblank enabled in self-refresh (git-fixes). - drm/vram-helper: fix function names in vram helper doc (git-fixes). - drm: sun4i_tcon: use devm_clk_get_enabled in `sun4i_tcon_init_clocks` (git-fixes). - elf: correct note name comment (git-fixes). - extcon: Fix kernel doc of property capability fields to avoid warnings (git-fixes). - extcon: Fix kernel doc of property fields to avoid warnings (git-fixes). - extcon: usbc-tusb320: Add USB TYPE-C support (git-fixes). - extcon: usbc-tusb320: Call the Type-C IRQ handler only if a port is registered (git-fixes). - extcon: usbc-tusb320: Unregister typec port on driver removal (git-fixes). - extcon: usbc-tusb320: Update state on probe even if no IRQ pending (git-fixes). - fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe() (git-fixes). - firmware: stratix10-svc: Fix a potential resource leak in svc_create_memory_pool() (git-fixes). - hid: logitech-hidpp: add HIDPP_QUIRK_DELAYED_INIT for the T651 (git-fixes). - hid: wacom: Add error check to wacom_parse_and_register() (git-fixes). - hwmon: (gsc-hwmon) fix fan pwm temperature scaling (git-fixes). - hwrng: imx-rngc - fix the timeout for init and self check (git-fixes). - hwrng: st - keep clock enabled while hwrng is registered (git-fixes). - i2c: imx-lpi2c: fix type char overflow issue when calculating the clock cycle (git-fixes). - i2c: qup: Add missing unwind goto in qup_i2c_probe() (git-fixes). - ib/hfi1: Fix wrong mmu_node used for user SDMA packet after invalidate (git-fixes) - ib/isert: Fix dead lock in ib_isert (git-fixes) - ib/isert: Fix incorrect release of isert connection (git-fixes) - ib/isert: Fix possible list corruption in CMA handler (git-fixes) - ib/uverbs: Fix to consider event queue closing also upon non-blocking mode (git-fixes) - ibmvnic: Do not reset dql stats on NON_FATAL err (bsc#1212603 ltc#202604). - ice, xsk: Diversify return values from xsk_wakeup call paths (git-fixes). - ice: Do not double unplug aux on peer initiated reset (git-fixes). - ice: Do not use WQ_MEM_RECLAIM flag for workqueue (git-fixes). - ice: Fix DSCP PFC TLV creation (git-fixes). - ice: Fix XDP memory leak when NIC is brought up and down (git-fixes). - ice: Fix ice_xdp_xmit() when XDP TX queue number is not sufficient (git-fixes). - ice: Fix memory corruption in VF driver (git-fixes). - ice: Ignore EEXIST when setting promisc mode (git-fixes). - ice: Prevent set_channel from changing queues while RDMA active (git-fixes). - ice: Reset FDIR counter in FDIR init stage (git-fixes). - ice: add profile conflict check for AVF FDIR (git-fixes). - ice: block LAN in case of VF to VF offload (git-fixes). - ice: config netdev tc before setting queues number (git-fixes). - ice: copy last block omitted in ice_get_module_eeprom() (git-fixes). - ice: ethtool: Prohibit improper channel config for DCB (git-fixes). - ice: ethtool: advertise 1000M speeds properly (git-fixes). - ice: fix invalid check for empty list in ice_sched_assoc_vsi_to_agg() (git-fixes). - ice: fix wrong fallback logic for FDIR (git-fixes). - ice: handle E822 generic device ID in PLDM header (git-fixes). - ice: switch: fix potential memleak in ice_add_adv_recipe() (git-fixes). - ice: use bitmap_free instead of devm_kfree (git-fixes). - ice: xsk: use Rx ring's XDP ring when picking NAPI context (git-fixes). - ieee802154: hwsim: Fix possible memory leaks (git-fixes). - ifcvf/vDPA: fix misuse virtio-net device config size for blk dev (jsc#SLE-19253). - iio: accel: fxls8962af: errata bug only applicable for FXLS8962AF (git-fixes). - iio: accel: fxls8962af: fixup buffer scan element type (git-fixes). - iio: adc: ad7192: Fix internal/external clock selection (git-fixes). - iio: adc: ad7192: Fix null ad7192_state pointer access (git-fixes). - input: adxl34x - do not hardcode interrupt trigger type (git-fixes). - input: drv260x - fix typo in register value define (git-fixes). - input: drv260x - remove unused .reg_defaults (git-fixes). - input: drv260x - sleep between polling GO bit (git-fixes). - input: soc_button_array - add invalid acpi_index DMI quirk handling (git-fixes). - integrity: Fix possible multiple allocation in integrity_inode_get() (git-fixes). - irqchip/clps711x: Remove unused clps711x_intc_init() function (git-fixes). - irqchip/ftintc010: Mark all function static (git-fixes). - irqchip/jcore-aic: Fix missing allocation of IRQ descriptors (git-fixes). - kernel-docs: Use python3 together with python3-Sphinx (bsc#1212741). - mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0 (git-fixes). - media: cec: core: do not set last_initiator if tx in progress (git-fixes). - memory: brcmstb_dpfe: fix testing array offset after use (git-fixes). - meson saradc: fix clock divider mask length (git-fixes). - mfd: intel-lpss: Add missing check for platform_get_resource (git-fixes). - mfd: pm8008: Fix module autoloading (git-fixes). - mfd: rt5033: Drop rt5033-battery sub-device (git-fixes). - mfd: stmfx: Fix error path in stmfx_chip_init (git-fixes). - mfd: stmfx: Nullify stmfx->vdd in case of error (git-fixes). - mfd: stmpe: Only disable the regulators if they are enabled (git-fixes). - misc: fastrpc: Create fastrpc scalar with correct buffer count (git-fixes). - misc: pci_endpoint_test: Free IRQs before removing the device (git-fixes). - misc: pci_endpoint_test: Re-init completion for every test (git-fixes). - mlx5: do not use RT_TOS for IPv6 flowlabel (jsc#SLE-19253). - mmc: bcm2835: fix deferred probing (git-fixes). - mmc: meson-gx: remove redundant mmc_request_done() call from irq context (git-fixes). - mmc: mmci: Set PROBE_PREFER_ASYNCHRONOUS (git-fixes). - mmc: mmci: stm32: fix max busy timeout calculation (git-fixes). - mmc: mtk-sd: fix deferred probing (git-fixes). - mmc: mvsdio: fix deferred probing (git-fixes). - mmc: omap: fix deferred probing (git-fixes). - mmc: omap_hsmmc: fix deferred probing (git-fixes). - mmc: owl: fix deferred probing (git-fixes). - mmc: sdhci-acpi: fix deferred probing (git-fixes). - mmc: sdhci-msm: Disable broken 64-bit DMA on MSM8916 (git-fixes). - mmc: sdhci-spear: fix deferred probing (git-fixes). - mmc: sh_mmcif: fix deferred probing (git-fixes). - mmc: sunxi: fix deferred probing (git-fixes). - mmc: usdhi60rol0: fix deferred probing (git-fixes). - mtd: rawnand: meson: fix unaligned DMA buffers handling (git-fixes). - net/mlx5: Add forgotten cleanup calls into mlx5_init_once() error path (jsc#SLE-19253). - net/mlx5: Allow async trigger completion execution on single CPU systems (jsc#SLE-19253). - net/mlx5: Allow future addition of IPsec object modifiers (jsc#SLE-19253). - net/mlx5: Avoid false positive lockdep warning by adding lock_class_key (jsc#SLE-19253). - net/mlx5: Avoid recovery in probe flows (jsc#SLE-19253). - net/mlx5: Bridge, fix ageing of peer FDB entries (jsc#SLE-19253). - net/mlx5: Bridge, verify LAG state when adding bond to bridge (jsc#SLE-19253). - net/mlx5: DR, Check force-loopback RC QP capability independently from RoCE (jsc#SLE-19253). - net/mlx5: DR, Fix crc32 calculation to work on big-endian (BE) CPUs (jsc#SLE-19253). - net/mlx5: DR, Fix missing flow_source when creating multi-destination FW table (jsc#SLE-19253). - net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device (jsc#SLE-19253). - net/mlx5: Do not advertise IPsec netdev support for non-IPsec device (jsc#SLE-19253). - net/mlx5: Do not use already freed action pointer (jsc#SLE-19253). - net/mlx5: E-Switch, Fix an Oops in error handling code (jsc#SLE-19253). - net/mlx5: E-Switch, properly handle ingress tagged packets on VST (jsc#SLE-19253). - net/mlx5: E-switch, Create per vport table based on devlink encap mode (jsc#SLE-19253). - net/mlx5: E-switch, Do not destroy indirect table in split rule (jsc#SLE-19253). - net/mlx5: E-switch, Fix missing set of split_count when forward to ovs internal port (jsc#SLE-19253). - net/mlx5: E-switch, Fix setting of reserved fields on MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253). - net/mlx5: Enhance debug print in page allocation failure (jsc#SLE-19253). - net/mlx5: Fix FW tracer timestamp calculation (jsc#SLE-19253). - net/mlx5: Fix RoCE setting at HCA level (jsc#SLE-19253). - net/mlx5: Fix crash during sync firmware reset (jsc#SLE-19253). - net/mlx5: Fix error message when failing to allocate device memory (jsc#SLE-19253). - net/mlx5: Fix handling of entry refcount when command is not issued to FW (jsc#SLE-19253). - net/mlx5: Fix possible use-after-free in async command interface (jsc#SLE-19253). - net/mlx5: Fix ptp max frequency adjustment range (jsc#SLE-19253). - net/mlx5: Fix steering rules cleanup (jsc#SLE-19253). - net/mlx5: Fix uninitialized variable bug in outlen_write() (jsc#SLE-19253). - net/mlx5: Geneve, Fix handling of Geneve object id as error code (jsc#SLE-19253). - net/mlx5: Initialize flow steering during driver probe (jsc#SLE-19253). - net/mlx5: Read embedded cpu after init bit cleared (jsc#SLE-19253). - net/mlx5: Read the TC mapping of all priorities on ETS query (jsc#SLE-19253). - net/mlx5: Rearm the FW tracer after each tracer event (jsc#SLE-19253). - net/mlx5: SF, Drain health before removing device (jsc#SLE-19253). - net/mlx5: SF: Fix probing active SFs during driver probe phase (jsc#SLE-19253). - net/mlx5: Serialize module cleanup with reload and remove (jsc#SLE-19253). - net/mlx5: Wait for firmware to enable CRS before pci_restore_state (jsc#SLE-19253). - net/mlx5: add IFC bits for bypassing port select flow table (git-fixes) - net/mlx5: check attr pointer validity before dereferencing it (jsc#SLE-19253). - net/mlx5: correct ECE offset in query qp output (jsc#SLE-19253). - net/mlx5: fix missing mutex_unlock in mlx5_fw_fatal_reporter_err_work() (jsc#SLE-19253). - net/mlx5: fs, fail conflicting actions (jsc#SLE-19253). - net/mlx5: fw_tracer, Clear load bit when freeing string DBs buffers (jsc#SLE-19253). - net/mlx5: fw_tracer, Fix event handling (jsc#SLE-19253). - net/mlx5: fw_tracer, Zero consumer index when reloading the tracer (jsc#SLE-19253). - net/mlx5e: Always clear dest encap in neigh-update-del (jsc#SLE-19253). - net/mlx5e: Avoid false lock dependency warning on tc_ht even more (jsc#SLE-19253). - net/mlx5e: Block entering switchdev mode with ns inconsistency (jsc#SLE-19253). - net/mlx5e: Do not attach netdev profile while handling internal error (jsc#SLE-19253). - net/mlx5e: Do not increment ESN when updating IPsec ESN state (jsc#SLE-19253). - net/mlx5e: Do not support encap rules with gbp option (jsc#SLE-19253). - net/mlx5e: E-Switch, Fix comparing termination table instance (jsc#SLE-19253). - net/mlx5e: Extend SKB room check to include PTP-SQ (jsc#SLE-19253). - net/mlx5e: Fix MPLSoUDP encap to use MPLS action information (jsc#SLE-19253). - net/mlx5e: Fix SQ wake logic in ptp napi_poll context (jsc#SLE-19253). - net/mlx5e: Fix capability check for updating vnic env counters (jsc#SLE-19253). - net/mlx5e: Fix error handling in mlx5e_refresh_tirs (jsc#SLE-19253). - net/mlx5e: Fix hw mtu initializing at XDP SQ allocation (jsc#SLE-19253). - net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS (jsc#SLE-19253). - net/mlx5e: Fix use-after-free when reverting termination table (jsc#SLE-19253). - net/mlx5e: Fix wrong application of the LRO state (jsc#SLE-19253). - net/mlx5e: Fix wrong tc flag used when set hw-tc-offload off (jsc#SLE-19253). - net/mlx5e: IPoIB, Do not allow CQE compression to be turned on by default (jsc#SLE-19253). - net/mlx5e: IPoIB, Show unknown speed instead of error (jsc#SLE-19253). - net/mlx5e: Modify slow path rules to go to slow fdb (jsc#SLE-19253). - net/mlx5e: QoS, Fix wrongfully setting parent_element_id on MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253). - net/mlx5e: Set uplink rep as NETNS_LOCAL (jsc#SLE-19253). - net/mlx5e: TC, Fix ct_clear overwriting ct action metadata (jsc#SLE-19253). - net/mlx5e: Update rx ring hw mtu upon each rx-fcs flag change (jsc#SLE-19253). - net/mlx5e: Verify flow_source cap before using it (jsc#SLE-19253). - net/mlx5e: do as little as possible in napi poll when budget is 0 (jsc#SLE-19253). - net/mlx5e: kTLS, Fix build time constant test in RX (jsc#SLE-19253). - net/mlx5e: kTLS, Fix build time constant test in TX (jsc#SLE-19253). - net: mlx5: eliminate anonymous module_init & module_exit (jsc#SLE-19253). - nfcsim.c: Fix error checking for debugfs_create_dir (git-fixes). - nilfs2: fix buffer corruption due to concurrent device reads (git-fixes). - nvme-core: fix dev_pm_qos memleak (git-fixes). - nvme-core: fix memory leak in dhchap_ctrl_secret (git-fixes). - nvme-core: fix memory leak in dhchap_secret_store (git-fixes). - nvme-pci: add quirk for missing secondary temperature thresholds (git-fixes). - nvme: double KA polling frequency to avoid KATO with TBKAS on (git-fixes). - ocfs2: fix defrag path triggering jbd2 ASSERT (git-fixes). - ocfs2: fix freeing uninitialized resource on ocfs2_dlm_shutdown (git-fixes). - ocfs2: fix non-auto defrag path not working issue (git-fixes). - pci/aspm: Disable ASPM on MFD function removal to avoid use-after-free (git-fixes). - pci: Add pci_clear_master() stub for non-CONFIG_PCI (git-fixes). - pci: Release resource invalidated by coalescing (git-fixes). - pci: cadence: Fix Gen2 Link Retraining process (git-fixes). - pci: endpoint: Add missing documentation about the MSI/MSI-X range (git-fixes). - pci: ftpci100: Release the clock resources (git-fixes). - pci: pciehp: Cancel bringup sequence if card is not present (git-fixes). - pci: qcom: Disable write access to read only registers for IP v2.3.3 (git-fixes). - pci: rockchip: Add poll and timeout to wait for PHY PLLs to be locked (git-fixes). - pci: rockchip: Assert PCI Configuration Enable bit after probe (git-fixes). - pci: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core (git-fixes). - pci: rockchip: Set address alignment for endpoint mode (git-fixes). - pci: rockchip: Use u32 variable to access 32-bit registers (git-fixes). - pci: rockchip: Write PCI Device ID to correct register (git-fixes). - pci: vmd: Reset VMD config register between soft reboots (git-fixes). - pinctrl: at91-pio4: check return value of devm_kasprintf() (git-fixes). - pinctrl: cherryview: Return correct value if pin in push-pull mode (git-fixes). - pinctrl: microchip-sgpio: check return value of devm_kasprintf() (git-fixes). - platform/x86: think-lmi: Correct NVME password handling (git-fixes). - platform/x86: think-lmi: Correct System password interface (git-fixes). - platform/x86: think-lmi: mutex protection around multiple WMI calls (git-fixes). - platform/x86: thinkpad_acpi: Fix lkp-tests warnings for platform profiles (git-fixes). - pm: domains: fix integer overflow issues in genpd_parse_state() (git-fixes). - powerpc/64s/radix: Fix exit lazy tlb mm switch with irqs enabled (bsc#1194869). - powerpc/iommu: Limit number of TCEs to 512 for H_STUFF_TCE hcall (bsc#1194869 bsc#1212701). - powerpc/set_memory: Avoid spinlock recursion in change_page_attr() (bsc#1194869). - pstore/ram: Add check for kstrdup (git-fixes). - radeon: avoid double free in ci_dpm_init() (git-fixes). - rdma/bnxt_re: Avoid calling wake_up threads from spin_lock context (git-fixes) - rdma/bnxt_re: Disable/kill tasklet only if it is enabled (git-fixes) - rdma/bnxt_re: Fix to remove an unnecessary log (git-fixes) - rdma/bnxt_re: Fix to remove unnecessary return labels (git-fixes) - rdma/bnxt_re: Remove a redundant check inside bnxt_re_update_gid (git-fixes) - rdma/bnxt_re: Remove unnecessary checks (git-fixes) - rdma/bnxt_re: Return directly without goto jumps (git-fixes) - rdma/bnxt_re: Use unique names while registering interrupts (git-fixes) - rdma/bnxt_re: wraparound mbox producer index (git-fixes) - rdma/cma: Always set static rate to 0 for RoCE (git-fixes) - rdma/hns: Fix hns_roce_table_get return value (git-fixes) - rdma/irdma: avoid fortify-string warning in irdma_clr_wqes (git-fixes) - rdma/mlx5: Do not set tx affinity when lag is in hash mode (git-fixes) - rdma/mlx5: Fix affinity assignment (git-fixes) - rdma/mlx5: Initiate dropless RQ for RAW Ethernet functions (git-fixes) - rdma/mlx5: Rely on RoCE fw cap instead of devlink when setting profile (jsc#SLE-19253). - rdma/rtrs: Fix rxe_dealloc_pd warning (git-fixes) - rdma/rtrs: Fix the last iu->buf leak in err path (git-fixes) - rdma/rxe: Fix packet length checks (git-fixes) - rdma/rxe: Fix ref count error in check_rkey() (git-fixes) - rdma/rxe: Fix rxe_cq_post (git-fixes) - rdma/rxe: Fix the use-before-initialization error of resp_pkts (git-fixes) - rdma/rxe: Remove dangling declaration of rxe_cq_disable() (git-fixes) - rdma/rxe: Remove the unused variable obj (git-fixes) - rdma/rxe: Removed unused name from rxe_task struct (git-fixes) - rdma/uverbs: Restrict usage of privileged QKEYs (git-fixes) - rdma/vmw_pvrdma: Remove unnecessary check on wr->opcode (git-fixes) - regulator: core: Fix more error checking for debugfs_create_dir() (git-fixes). - regulator: core: Streamline debugfs operations (git-fixes). - regulator: helper: Document ramp_delay parameter of regulator_set_ramp_delay_regmap() (git-fixes). - rpm/check-for-config-changes: ignore also PAHOLE_HAS_* We now also have options like CONFIG_PAHOLE_HAS_LANG_EXCLUDE. - rtc: st-lpc: Release some resources in st_rtc_probe() in case of error (git-fixes). - s390/gmap: voluntarily schedule during key setting (git-fixes bsc#1212892). - s390/pkey: zeroize key blobs (git-fixes bsc#1212619). - serial: 8250: lock port for UART_IER access in omap8250_irq() (git-fixes). - serial: 8250: lock port for stop_rx() in omap8250_irq() (git-fixes). - serial: 8250: omap: Fix freeing of resources on failed register (git-fixes). - serial: 8250_omap: Use force_suspend and resume for system suspend (git-fixes). - serial: atmel: do not enable IRQs prematurely (git-fixes). - signal/s390: Use force_sigsegv in default_trap_handler (git-fixes bsc#1212861). - soc/fsl/qe: fix usb.c build errors (git-fixes). - soc: samsung: exynos-pmu: Re-introduce Exynos4212 support (git-fixes). - soundwire: dmi-quirks: add new mapping for HP Spectre x360 (git-fixes). - spi: dw: Round of n_bytes to power of 2 (git-fixes). - spi: lpspi: disable lpspi module irq in DMA mode (git-fixes). - spi: spi-geni-qcom: Correct CS_TOGGLE bit in SPI_TRANS_CFG (git-fixes). - test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation (git-fixes). - thermal/drivers/sun8i: Fix some error handling paths in sun8i_ths_probe() (git-fixes). - tracing/timer: Add missing hrtimer modes to decode_hrtimer_mode() (git-fixes). - tty: serial: imx: fix rs485 rx after tx (git-fixes). - tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error (git-fixes). - tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk (git-fixes). - usb: dwc3-meson-g12a: Fix an error handling path in dwc3_meson_g12a_probe() (git-fixes). - usb: dwc3: gadget: Propagate core init errors to UDC during pullup (git-fixes). - usb: dwc3: qcom: Fix an error handling path in dwc3_qcom_probe() (git-fixes). - usb: dwc3: qcom: Fix potential memory leak (git-fixes). - usb: dwc3: qcom: Release the correct resources in dwc3_qcom_remove() (git-fixes). - usb: gadget: u_serial: Add null pointer check in gserial_suspend (git-fixes). - usb: gadget: udc: fix NULL dereference in remove() (git-fixes). - usb: hide unused usbfs_notify_suspend/resume functions (git-fixes). - usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe() (git-fixes). - usb: xhci: Remove unused udev from xhci_log_ctx trace event (git-fixes). - usrmerge: Adjust module path in the kernel sources (bsc#1212835). - vdpa/mlx5: Directly assign memory key (jsc#SLE-19253). - vdpa/mlx5: Do not clear mr struct on destroy MR (jsc#SLE-19253). - vdpa/mlx5: Fix wrong configuration of virtio_version_1_0 (jsc#SLE-19253). - vdpa: Fix error logic in vdpa_nl_cmd_dev_get_doit (jsc#SLE-19253). - vhost_vdpa: support PACKED when setting-getting vring_base (jsc#SLE-19253). - w1: fix loop in w1_fini() (git-fixes). - w1: w1_therm: fix locking behavior in convert_t (git-fixes). - wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key() (git-fixes). - wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx (git-fixes). - wifi: ath9k: convert msecs to jiffies where needed (git-fixes). - wifi: ath9k: do not allow to overwrite ENDPOINT0 attributes (git-fixes). - wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation (git-fixes). - wifi: atmel: Fix an error handling path in atmel_probe() (git-fixes). - wifi: cfg80211: rewrite merging of inherited elements (git-fixes). - wifi: iwlwifi: mvm: indicate HW decrypt for beacon protection (git-fixes). - wifi: iwlwifi: pcie: fix NULL pointer dereference in iwl_pcie_irq_rx_msix_handler() (git-fixes). - wifi: iwlwifi: pull from TXQs with softirqs disabled (git-fixes). - wifi: mwifiex: Fix the size of a memory allocation in mwifiex_ret_802_11_scan() (git-fixes). - wifi: orinoco: Fix an error handling path in orinoco_cs_probe() (git-fixes). - wifi: orinoco: Fix an error handling path in spectrum_cs_probe() (git-fixes). - wifi: rsi: Do not configure WoWlan in shutdown hook if not enabled (git-fixes). - wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown (git-fixes). - wifi: wilc1000: fix for absent RSN capabilities WFA testcase (git-fixes). - writeback: fix dereferencing NULL mapping->host on writeback_page_template (git-fixes). - x86/build: Avoid relocation information in final vmlinux (bsc#1187829). - x86/kprobes: Fix arch_check_optimized_kprobe check within optimized_kprobe range (git-fixes). - x86/mm: Fix RESERVE_BRK() for older binutils (git-fixes). - x86/mm: Fix use of uninitialized buffer in sme_enable() (git-fixes). - x86/sgx: Fix race between reclaimer and page fault handler (git-fixes). - x86/sgx: Mark PCMD page as dirty when modifying contents (git-fixes). - x86/xen: fix secondary processor fpu initialization (bsc#1212869). ----------------------------------------- Patch: SUSE-2023-2814 Released: Wed Jul 12 22:05:25 2023 Summary: Recommended update for mozilla-nss Severity: moderate References: 1185116,1202118 Description: This update for mozilla-nss fixes the following issues: mozilla-nss was updated to NSS 3.90: * Add a constant time select function * Updating an old dbm with lots of certs with keys to sql results in a database that is slow to access. * output early build errors by default * Update the technical constraints for KamuSM * Add BJCA Global Root CA1 and CA2 root certificates * Enable default UBSan Checks * Add explicit handling of zero length records * Tidy up DTLS ACK Error Handling Path * Refactor zero length record tests * Fix compiler warning via correct assert * run linux tests on nss-t/t-linux-xlarge-gcp * In FIPS mode, nss should reject RSASSA-PSS salt lengths larger than the output size of the hash function used, or provide an indicator * Fix reading raw negative numbers * Repairing unreachable code in clang built with gyp * Integrate Vale Curve25519 * Removing unused flags for Hacl* * Adding a better error message * Update HACL* till 51a72a953a4ee6f91e63b2816ae5c4e62edf35d6 * Fall back to the softokn when writing certificate trust * FIPS-104-3 requires we restart post programmatically * cmd/ecperf: fix dangling pointer warning on gcc 13 * Update ACVP dockerfile for compatibility with debian package changes * Add a CI task for tracking ECCKiila code status, update whitespace in ECCKiila files * Removed deprecated sprintf function and replaced with snprintf * fix rst warnings in nss doc * Fix incorrect pygment style * Change GYP directive to apply across platforms * Add libsmime3 abi-check exception for NSS_CMSSignerInfo_GetDigestAlgTag - Merge the libfreebl3-hmac and libsoftokn3-hmac packages into the respective libraries. (bsc#1185116) update to NSS 3.89.1 * Update the technical constraints for KamuSM. * Add BJCA Global Root CA1 and CA2 root certificates. update to NSS 3.89 * revert freebl/softoken RSA_MIN_MODULUS_BITS increase * PR_STATIC_ASSERT is cursed * Need to add policy control to keys lengths for signatures * Fix unreachable code warning in fuzz builds * Fix various compiler warnings in NSS * Enable various compiler warnings for clang builds * set PORT error after sftk_HMACCmp failure * Need to add policy control to keys lengths for signatures * remove data length assertion in sec_PKCS7Decrypt * Make high tag number assertion failure an error * CKM_SHA384_KEY_DERIVATION correction maximum key length from 284 to 384 * Tolerate certificate_authorities xtn in ClientHello * Fix build failure on Windows * migrate Win 2012 tasks to Azure * fix title length in doc * Add interop tests for HRR and PSK to GREASE suite * Add presence/absence tests for TLS GREASE * Correct addition of GREASE value to ALPN xtn * CH extension permutation * TLS GREASE (RFC8701) * improve handling of unknown PKCS#12 safe bag types * use a different treeherder symbol for each docker image build task * remove nested table in rst doc * Export NSS_CMSSignerInfo_GetDigestAlgTag * build failure while implicitly casting SECStatus to PRUInt32 update to NSS 3.88.1 * improve handling of unknown PKCS#12 safe bag types update to NSS 3.88 * remove nested table in rst doc * Export NSS_CMSSignerInfo_GetDigestAlgTag. * build failure while implicitly casting SECStatus to PRUInt32 * Add check for ClientHello SID max length * Added EarlyData ALPN test support to BoGo shim * ECH client - Discard resumption TLS < 1.3 Session(IDs|Tickets) if ECH configs are setup * On HRR skip PSK incompatible with negotiated ciphersuites hash algorithm * ECH client: Send ech_required alert on server negotiating TLS 1.2. Fixed misleading Gtest, enabled corresponding BoGo test * Added Bogo ECH rejection test support * Added ECH 0Rtt support to BoGo shim * RSA OAEP Wycheproof JSON * RSA decrypt Wycheproof JSON * ECDSA Wycheproof JSON * ECDH Wycheproof JSON * PKCS#1v1.5 wycheproof json * Use X25519 wycheproof json * Move scripts to python3 * Properly link FuzzingEngine for oss-fuzz. * Extending RSA-PSS bltest test coverage (Adding SHA-256 and SHA-384) * NSS needs to move off of DSA for integrity checks * Add initial testing with ACVP vector sets using acvp-rust * Don't clone libFuzzer, rely on clang instead update to NSS 3.87 * NULL password encoding incorrect * Fix rng stub signature for fuzzing builds * Updating the compiler parsing for build * Modification of supported compilers * tstclnt crashes when accessing gnutls server without a user cert in the database. * Add configuration option to enable source-based coverage sanitizer * Update ECCKiila generated files. * Add support for the LoongArch 64-bit architecture * add checks for zero-length RSA modulus to avoid memory errors and failed assertions later * Additional zero-length RSA modulus checks update to NSS 3.86 * conscious language removal in NSS * Set nssckbi version number to 2.60 * Set CKA_NSS_SERVER_DISTRUST_AFTER and CKA_NSS_EMAIL_DISTRUST_AFTER for 3 TrustCor Root Certificates * Remove Staat der Nederlanden EV Root CA from NSS * Remove EC-ACC root cert from NSS * Remove SwissSign Platinum CA - G2 from NSS * Remove Network Solutions Certificate Authority * compress docker image artifact with zstd * Migrate nss from AWS to GCP * Enable static builds in the CI * Removing SAW docker from the NSS build system * Initialising variables in the rsa blinding code * Implementation of the double-signing of the message for ECDSA * Adding exponent blinding for RSA. update to NSS 3.85 * Modification of the primes.c and dhe-params.c in order to have better looking tables * Update zlib in NSS to 1.2.13 * Skip building modutil and shlibsign when building in Firefox * Use __STDC_VERSION__ rather than __STDC__ as a guard * Remove redundant variable definitions in lowhashtest * Add note about python executable to build instructions. update to NSS 3.84 * Bump minimum NSPR version to 4.35 * Add a flag to disable building libnssckbi. update to NSS 3.83 * Remove set-but-unused variables from SEC_PKCS12DecoderValidateBags * Set nssckbi version number to 2.58 * Add two SECOM root certificates to NSS * Add two DigitalSign root certificates to NSS * Remove Camerfirma Global Chambersign Root from NSS * Added bug reference and description to disabled UnsolicitedServerNameAck bogo ECH test * Removed skipping of ECH on equality of private and public server name * Added comment and bug reference to ECHRandomHRRExtension bogo test * Added Bogo shim client HRR test support. Fixed overwriting of CHInner.random on HRR * Added check for server only sending ECH extension with retry configs in EncryptedExtensions and if not accepting ECH. Changed config setting behavior to skip configs with unsupported mandatory extensions instead of failing * Added ECH client support to BoGo shim. Changed CHInner creation to skip TLS 1.2 only extensions to comply with BoGo * Added ECH server support to BoGo shim. Fixed NSS ECH server accept_confirmation bugs * Update BoGo tests to recent BoringSSL version * Bump minimum NSPR version to 4.34.1 update to NSS 3.82 * check for null template in sec_asn1{d,e}_push_state * QuickDER: Forbid NULL tags with non-zero length * Initialize local variables in TlsConnectTestBase::ConnectAndCheckCipherSuite * Cast the result of GetProcAddress * pk11wrap: Tighten certificate lookup based on PKCS #11 URI. update to NSS 3.81 * Enable aarch64 hardware crypto support on OpenBSD * make NSS_SecureMemcmp 0/1 valued * Add no_application_protocol alert handler and test client error code is set * Gracefully handle null nickname in CERT_GetCertNicknameWithValidity * required for Firefox 104 - raised NSPR requirement to 4.34.1 - changing some Requires from (pre) to generic as (pre) is not sufficient (bsc#1202118) update to NSS 3.80 * Fix SEC_ERROR_ALGORITHM_MISMATCH entry in SECerrs.h. * Add support for asynchronous client auth hooks. * nss-policy-check: make unknown keyword check optional. * GatherBuffer: Reduced plaintext buffer allocations by allocating it on initialization. Replaced redundant code with assert. Debug builds: Added buffer freeing/allocation for each record. * Mark 3.79 as an ESR release. * Bump nssckbi version number for June. * Remove Hellenic Academic 2011 Root. * Add E-Tugra Roots. * Add Certainly Roots. * Add DigitCert Roots. * Protect SFTKSlot needLogin with slotLock. * Compare signature and signatureAlgorithm fields in legacy certificate verifier. * Uninitialized value in cert_VerifyCertChainOld. * Unchecked return code in sec_DecodeSigAlg. * Uninitialized value in cert_ComputeCertType. * Avoid data race on primary password change. * Replace ppc64 dcbzl intrinisic. * Allow LDFLAGS override in makefile builds. ----------------------------------------- Patch: SUSE-2023-2827 Released: Fri Jul 14 11:27:47 2023 Summary: Recommended update for libxml2 Severity: moderate References: Description: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) ----------------------------------------- Patch: SUSE-2023-2847 Released: Mon Jul 17 08:40:42 2023 Summary: Recommended update for audit Severity: moderate References: 1210004 Description: This update for audit fixes the following issues: - Check for AF_UNIX unnamed sockets (bsc#1210004) - Enable livepatching on main library on x86_64 ----------------------------------------- Patch: SUSE-2023-2855 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Severity: moderate References: 1212260 Description: This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) ----------------------------------------- Patch: SUSE-2023-2868 Released: Tue Jul 18 11:35:52 2023 Summary: Security update for cni Severity: important References: 1206346 Description: This update of cni fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). ----------------------------------------- Patch: SUSE-2023-2869 Released: Tue Jul 18 11:39:26 2023 Summary: Security update for cni-plugins Severity: important References: 1206346 Description: This update of cni-plugins fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). ----------------------------------------- Patch: SUSE-2023-2877 Released: Wed Jul 19 09:43:42 2023 Summary: Security update for dbus-1 Severity: moderate References: 1212126,CVE-2023-34969 Description: This update for dbus-1 fixes the following issues: - CVE-2023-34969: Fixed a possible dbus-daemon crash by an unprivileged users (bsc#1212126). ----------------------------------------- Patch: SUSE-2023-2882 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Severity: important References: 1210999,CVE-2023-31484 Description: This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------- Patch: SUSE-2023-2885 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Severity: moderate References: 1208721,1209229,1211828 Description: This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) ----------------------------------------- Patch: SUSE-2023-2891 Released: Wed Jul 19 21:14:33 2023 Summary: Security update for curl Severity: moderate References: 1213237,CVE-2023-32001 Description: This update for curl fixes the following issues: - CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237). ----------------------------------------- Patch: SUSE-2023-2918 Released: Thu Jul 20 12:00:17 2023 Summary: Recommended update for gpgme Severity: moderate References: 1089497 Description: This update for gpgme fixes the following issues: gpgme: - Address failure handling issues when using gpg 2.2.6 via gpgme, as used by libzypp (bsc#1089497) libassuan: - Version upgrade to 2.5.5 in LTSS to address gpgme new requirements ----------------------------------------- Patch: SUSE-2023-2962 Released: Tue Jul 25 09:34:53 2023 Summary: Security update for openssl-1_1 Severity: moderate References: 1213487,CVE-2023-3446 Description: This update for openssl-1_1 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). ----------------------------------------- Patch: SUSE-2023-2989 Released: Wed Jul 26 16:33:56 2023 Summary: Security update for conmon Severity: important References: 1208737,1209307 Description: This update for conmon fixes the following issues: conmon was updated to version 2.1.7: - Bumped go version to 1.19 (bsc#1209307). Bugfixes: - Fixed leaking symbolic links in the opt_socket_path directory. - Fixed cgroup oom issues (bsc#1208737). - Fixed OOM watcher for cgroupv2 `oom_kill` events. ----------------------------------------- Patch: SUSE-2023-3022 Released: Fri Jul 28 21:44:59 2023 Summary: Security update for kernel-firmware Severity: moderate References: 1213286,CVE-2023-20593 Description: This update for kernel-firmware fixes the following issues: - CVE-2023-20593: Fixed AMD ucode for ZenBleed vulnerability (bsc#1213286). ----------------------------------------- Patch: SUSE-2023-3170 Released: Thu Aug 3 08:02:27 2023 Summary: Recommended update for perl-Bootloader Severity: moderate References: 1201399,1208003,1210799 Description: This update for perl-Bootloader fixes the following issues: - Use signed grub EFI binary when updating grub in default EFI location (bsc#1210799) - UEFI: update also default location, if it is controlled by SUSE (bsc#1210799, bsc#1201399) - Use `fw_platform_size` to distinguish between 32 bit and 64 bit UEFI platforms (bsc#1208003) - Add basic support for systemd-boot ----------------------------------------- Patch: SUSE-2023-3217 Released: Mon Aug 7 16:51:10 2023 Summary: Recommended update for cryptsetup Severity: moderate References: 1211079 Description: This update for cryptsetup fixes the following issues: - Handle system with low memory and no swap space (bsc#1211079) ----------------------------------------- Patch: SUSE-2023-3275 Released: Fri Aug 11 10:19:36 2023 Summary: Recommended update for apparmor Severity: moderate References: 1213472 Description: This update for apparmor fixes the following issues: - Add pam_apparmor README (bsc#1213472) ----------------------------------------- Patch: SUSE-2023-3286 Released: Fri Aug 11 10:32:03 2023 Summary: Recommended update for util-linux Severity: moderate References: 1194038,1194900 Description: This update for util-linux fixes the following issues: - Fix blkid for floppy drives (bsc#1194900) - Fix rpmbuild %checks fail when @ in the directory path (bsc#1194038) ----------------------------------------- Patch: SUSE-2023-3318 Released: Tue Aug 15 10:34:18 2023 Summary: Security update for the Linux Kernel Severity: important References: 1150305,1193629,1194869,1206418,1207129,1207894,1208788,1210565,1210584,1210627,1210780,1210853,1211131,1211243,1211738,1211811,1211867,1212301,1212502,1212604,1212846,1212901,1212905,1213010,1213011,1213012,1213013,1213014,1213015,1213016,1213017,1213018,1213019,1213020,1213021,1213024,1213025,1213032,1213034,1213035,1213036,1213037,1213038,1213039,1213040,1213041,1213059,1213061,1213087,1213088,1213089,1213090,1213092,1213093,1213094,1213095,1213096,1213098,1213099,1213100,1213102,1213103,1213104,1213105,1213106,1213107,1213108,1213109,1213110,1213111,1213112,1213113,1213114,1213134,1213167,1213245,1213247,1213252,1213258,1213259,1213263,1213264,1213272,1213286,1213287,1213304,1213523,1213524,1213543,1213585,1213586,1213588,1213620,1213653,1213705,1213713,1213715,1213747,1213756,1213759,1213777,1213810,1213812,1213856,1213857,1213863,1213867,1213870,1213871,CVE-2022-40982,CVE-2023-0459,CVE-2023-20569,CVE-2023-20593,CVE-2023-21400,CVE-2023-2156,CVE-2023-2166,CVE-2023-2985,CVE-2023-31083,CVE-2023-3117,CVE-2023-31248,CVE-2023-3268,CVE-2023-3390,CVE-2023-35001,CVE-2023-3567,CVE-2023-3609,CVE-2023-3611,CVE-2023-3776,CVE-2023-3812,CVE-2023-4004 Description: The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling' (bsc#1206418). - CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738). - CVE-2023-20569: Fixed side channel attack ‘Inception’ or ‘RAS Poisoning’ (bsc#1213287). - CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286). - CVE-2023-21400: Fixed several memory corruptions due to improper locking in io_uring (bsc#1213272). - CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131). - CVE-2023-2166: Fixed NULL pointer dereference in can_rcv_filter (bsc#1210627). - CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867). - CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780). - CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter subsystem when processing named and anonymous sets in batch requests that could allow a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system (bsc#1213245). - CVE-2023-31248: Fixed an use-after-free vulnerability in nft_chain_lookup_byid that could allow a local attacker to escalate their privilege (bsc#1213061). - CVE-2023-3268: Fixed an out of bounds memory access flaw in relay_file_read_start_pos in the relayfs (bsc#1212502). - CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212846). - CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059). - CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167). - CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213586). - CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585). - CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-free (bsc#1213588). - CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543). - CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo (bsc#1213812). The following non-security bugs were fixed: - acpi: utils: fix acpi_evaluate_dsm_typed() redefinition error (git-fixes). - add module_firmware() for firmware_tg357766 (git-fixes). - afs: adjust ack interpretation to try and cope with nat (git-fixes). - afs: fix access after dec in put functions (git-fixes). - afs: fix afs_getattr() to refetch file status if callback break occurred (git-fixes). - afs: fix dynamic root getattr (git-fixes). - afs: fix fileserver probe rtt handling (git-fixes). - afs: fix infinite loop found by xfstest generic/676 (git-fixes). - afs: fix lost servers_outstanding count (git-fixes). - afs: fix server->active leak in afs_put_server (git-fixes). - afs: fix setting of mtime when creating a file/dir/symlink (git-fixes). - afs: fix updating of i_size with dv jump from server (git-fixes). - afs: fix vlserver probe rtt handling (git-fixes). - afs: return -eagain, not -eremoteio, when a file already locked (git-fixes). - afs: use refcount_t rather than atomic_t (git-fixes). - afs: use the operation issue time instead of the reply time for callbacks (git-fixes). - alsa: emu10k1: roll up loops in dsp setup code for audigy (git-fixes). - alsa: fireface: make read-only const array for model names static (git-fixes). - alsa: hda/realtek - remove 3k pull low procedure (git-fixes). - alsa: hda/realtek: add quirk for asus rog g614jx (git-fixes). - alsa: hda/realtek: add quirk for asus rog ga402x (git-fixes). - alsa: hda/realtek: add quirk for asus rog gx650p (git-fixes). - alsa: hda/realtek: add quirk for asus rog gz301v (git-fixes). - alsa: hda/realtek: add quirk for clevo npx0snx (git-fixes). - alsa: hda/realtek: add quirk for clevo ns70au (git-fixes). - alsa: hda/realtek: add quirks for unis h3c desktop b760 & q760 (git-fixes). - alsa: hda/realtek: add support for dell oasis 13/14/16 laptops (git-fixes). - alsa: hda/realtek: amend g634 quirk to enable rear speakers (git-fixes). - alsa: hda/realtek: enable mute led on hp laptop 15s-eq2xxx (git-fixes). - alsa: hda/realtek: fix generic fixup definition for cs35l41 amp (git-fixes). - alsa: hda/realtek: support asus g713pv laptop (git-fixes). - alsa: hda/realtek: whitespace fix (git-fixes). - alsa: hda/relatek: enable mute led on hp 250 g8 (git-fixes). - alsa: hda: fix a possible null-pointer dereference due to data race in snd_hdac_regmap_sync() (git-fixes). - alsa: oxfw: make read-only const array models static (git-fixes). - alsa: pcm: fix potential data race at pcm memory allocation helpers (git-fixes). - alsa: usb-audio: add quirk for microsoft modern wireless headset (bsc#1207129). - alsa: usb-audio: update for native dsd support quirks (git-fixes). - apparmor: fix missing error check for rhashtable_insert_fast (git-fixes). - arm64/mm: mark private vm_fault_x defines as vm_fault_t (git-fixes) - arm64: dts: microchip: sparx5: do not use psci on reference boards (git-fixes) - arm64: vdso: pass (void *) to virt_to_page() (git-fixes) - arm64: xor-neon: mark xor_arm64_neon_*() static (git-fixes) - asoc: atmel: fix the 8k sample parameter in i2sc master (git-fixes). - asoc: codecs: es8316: fix dmic config (git-fixes). - asoc: codecs: wcd-mbhc-v2: fix resource leaks on component remove (git-fixes). - asoc: codecs: wcd934x: fix resource leaks on component remove (git-fixes). - asoc: codecs: wcd938x: fix codec initialisation race (git-fixes). - asoc: codecs: wcd938x: fix db range for hphl and hphr (git-fixes). - asoc: codecs: wcd938x: fix missing clsh ctrl error handling (git-fixes). - asoc: codecs: wcd938x: fix soundwire initialisation race (git-fixes). - asoc: da7219: check for failure reading aad irq events (git-fixes). - asoc: da7219: flush pending aad irq when suspending (git-fixes). - asoc: fsl_sai: disable bit clock with transmitter (git-fixes). - asoc: fsl_spdif: silence output on stop (git-fixes). - asoc: rt5682-sdw: fix for jd event handling in clockstop mode0 (git-fixes). - asoc: rt711-sdca: fix for jd event handling in clockstop mode0 (git-fixes). - asoc: rt711: fix for jd event handling in clockstop mode0 (git-fixes). - asoc: tegra: fix adx byte map (git-fixes). - asoc: tegra: fix amx byte map (git-fixes). - asoc: wm8904: fill the cache for wm8904_adc_test_0 register (git-fixes). - ata: pata_ns87415: mark ns87560_tf_read static (git-fixes). - block, bfq: fix division by zero error on zero wsum (bsc#1213653). - block: fix a source code comment in include/uapi/linux/blkzoned.h (git-fixes). - can: bcm: fix uaf in bcm_proc_show() (git-fixes). - can: gs_usb: gs_can_close(): add missing set of can state to can_state_stopped (git-fixes). - ceph: do not let check_caps skip sending responses for revoke msgs (bsc#1213856). - cifs: add a warning when the in-flight count goes negative (bsc#1193629). - cifs: address unused variable warning (bsc#1193629). - cifs: do all necessary checks for credits within or before locking (bsc#1193629). - cifs: fix lease break oops in xfstest generic/098 (bsc#1193629). - cifs: fix max_credits implementation (bsc#1193629). - cifs: fix session state check in reconnect to avoid use-after-free issue (bsc#1193629). - cifs: fix session state check in smb2_find_smb_ses (bsc#1193629). - cifs: fix session state transition to avoid use-after-free issue (bsc#1193629). - cifs: fix sockaddr comparison in iface_cmp (bsc#1193629). - cifs: fix status checks in cifs_tree_connect (bsc#1193629). - cifs: log session id when a matching ses is not found (bsc#1193629). - cifs: new dynamic tracepoint to track ses not found errors (bsc#1193629). - cifs: prevent use-after-free by freeing the cfile later (bsc#1193629). - cifs: print all credit counters in debugdata (bsc#1193629). - cifs: print client_guid in debugdata (bsc#1193629). - cifs: print more detail when invalidate_inode_mapping fails (bsc#1193629). - cifs: print nosharesock value while dumping mount options (bsc#1193629). - clk: qcom: camcc-sc7180: add parent dependency to all camera gdscs (git-fixes). - clk: qcom: gcc-ipq6018: use floor ops for sdcc clocks (git-fixes). - coda: avoid partial allocation of sig_inputargs (git-fixes). - codel: fix kernel-doc notation warnings (git-fixes). - crypto: kpp - add helper to set reqsize (git-fixes). - crypto: qat - use helper to set reqsize (git-fixes). - delete suse/memcg-drop-kmem-limit_in_bytes. drop the patch in order to fix bsc#1213705. - devlink: fix kernel-doc notation warnings (git-fixes). - dlm: fix missing lkb refcount handling (git-fixes). - dlm: fix plock invalid read (git-fixes). - docs: networking: update codeaurora references for rmnet (git-fixes). - documentation: abi: sysfs-class-net-qmi: pass_through contact update (git-fixes). - documentation: bonding: fix the doc of peer_notif_delay (git-fixes). - documentation: devices.txt: reconcile serial/ucc_uart minor numers (git-fixes). - documentation: timers: hrtimers: make hybrid union historical (git-fixes). - drm/amd/display: correct `dmub_fw_version` macro (git-fixes). - drm/amd/display: disable mpc split by default on special asic (git-fixes). - drm/amd/display: keep phy active for dp displays on dcn31 (git-fixes). - drm/amdgpu: avoid restore process run into dead loop (git-fixes). - drm/amdgpu: fix clearing mappings for bos that are always valid in vm (git-fixes). - drm/amdgpu: set vmbo destroy after pt bo is created (git-fixes). - drm/amdgpu: validate vm ioctl flags (git-fixes). - drm/atomic: allow vblank-enabled + self-refresh 'disable' (git-fixes). - drm/atomic: fix potential use-after-free in nonblocking commits (git-fixes). - drm/bridge: tc358768: add atomic_get_input_bus_fmts() implementation (git-fixes). - drm/bridge: tc358768: fix tclk_trailcnt computation (git-fixes). - drm/bridge: tc358768: fix ths_trailcnt computation (git-fixes). - drm/bridge: tc358768: fix ths_zerocnt computation (git-fixes). - drm/client: fix memory leak in drm_client_modeset_probe (git-fixes). - drm/client: fix memory leak in drm_client_target_cloned (git-fixes). - drm/i915/psr: use hw.adjusted mode when calculating io/fast wake times (git-fixes). - drm/i915: fix one wrong caching mode enum usage (git-fixes). - drm/msm/adreno: fix snapshot bindless_data size (git-fixes). - drm/msm/disp/dpu: get timing engine status from intf status register (git-fixes). - drm/msm/dpu: drop enum dpu_core_perf_data_bus_id (git-fixes). - drm/msm/dpu: set dpu_data_hctl_en for in intf_sc7180_mask (git-fixes). - drm/msm: fix is_err_or_null() vs null check in a5xx_submit_in_rb() (git-fixes). - drm/panel: simple: add connector_type for innolux_at043tn24 (git-fixes). - drm/panel: simple: add powertip ph800480t013 drm_display_mode flags (git-fixes). - drm/radeon: fix integer overflow in radeon_cs_parser_init (git-fixes). - drm/ttm: do not leak a resource on swapout move error (git-fixes). - drop amdgpu patches for fixing regression (bsc#1213304,bsc#1213777) - dt-bindings: phy: brcm,brcmstb-usb-phy: fix error in 'compatible' conditional schema (git-fixes). - enable nxp snvs rtc driver for i.mx 8mq/8mp (jsc#PED-4758) - ext4: add ea_inode checking to ext4_iget() (bsc#1213106). - ext4: add ext4_sb_block_valid() refactored out of ext4_inode_block_valid() (bsc#1213088). - ext4: add lockdep annotations for i_data_sem for ea_inode's (bsc#1213109). - ext4: add strict range checks while freeing blocks (bsc#1213089). - ext4: avoid deadlock in fs reclaim with page writeback (bsc#1213016). - ext4: bail out of ext4_xattr_ibody_get() fails for any reason (bsc#1213018). - ext4: block range must be validated before use in ext4_mb_clear_bb() (bsc#1213090). - ext4: check iomap type only if ext4_iomap_begin() does not fail (bsc#1213103). - ext4: disallow ea_inodes with extended attributes (bsc#1213108). - ext4: fail ext4_iget if special inode unallocated (bsc#1213010). - ext4: fix bug_on in __es_tree_search caused by bad quota inode (bsc#1213111). - ext4: fix data races when using cached status extents (bsc#1213102). - ext4: fix deadlock when converting an inline directory in nojournal mode (bsc#1213105). - ext4: fix i_disksize exceeding i_size problem in paritally written case (bsc#1213015). - ext4: fix lockdep warning when enabling mmp (bsc#1213100). - ext4: fix reusing stale buffer heads from last failed mounting (bsc#1213020). - ext4: fix task hung in ext4_xattr_delete_inode (bsc#1213096). - ext4: fix to check return value of freeze_bdev() in ext4_shutdown() (bsc#1213021). - ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline (bsc#1213098). - ext4: fix warning in ext4_update_inline_data (bsc#1213012). - ext4: fix warning in mb_find_extent (bsc#1213099). - ext4: improve error handling from ext4_dirhash() (bsc#1213104). - ext4: improve error recovery code paths in __ext4_remount() (bsc#1213017). - ext4: move where set the may_inline_data flag is set (bsc#1213011). - ext4: only update i_reserved_data_blocks on successful block allocation (bsc#1213019). - ext4: refactor ext4_free_blocks() to pull out ext4_mb_clear_bb() (bsc#1213087). - ext4: refuse to create ea block when umounted (bsc#1213093). - ext4: set lockdep subclass for the ea_inode in ext4_xattr_inode_cache_find() (bsc#1213107). - ext4: turn quotas off if mount failed after enabling quotas (bsc#1213110). - ext4: update s_journal_inum if it changes after journal replay (bsc#1213094). - ext4: use ext4_fc_tl_mem in fast-commit replay path (bsc#1213092). - ext4: zero i_disksize when initializing the bootloader inode (bsc#1213013). - fbdev: au1200fb: fix missing irq check in au1200fb_drv_probe (git-fixes). - fbdev: imxfb: warn about invalid left/right margin (git-fixes). - file: always lock position for fmode_atomic_pos (bsc#1213759). - fix documentation of panic_on_warn (git-fixes). - fs: dlm: add midcomms init/start functions (git-fixes). - fs: dlm: do not set stop rx flag after node reset (git-fixes). - fs: dlm: filter user dlm messages for kernel locks (git-fixes). - fs: dlm: fix log of lowcomms vs midcomms (git-fixes). - fs: dlm: fix race between test_bit() and queue_work() (git-fixes). - fs: dlm: fix race in lowcomms (git-fixes). - fs: dlm: handle -ebusy first in lock arg validation (git-fixes). - fs: dlm: move sending fin message into state change handling (git-fixes). - fs: dlm: retry accept() until -eagain or error returns (git-fixes). - fs: dlm: return positive pid value for f_getlk (git-fixes). - fs: dlm: start midcomms before scand (git-fixes). - fs: hfsplus: remove warn_on() from hfsplus_cat_{read,write}_inode() (git-fixes). - fs: jfs: check for read-only mounted filesystem in txbegin (git-fixes). - fs: jfs: fix null-ptr-deref read in txbegin (git-fixes). - fs: jfs: fix ubsan: array-index-out-of-bounds in dballocdmaplev (git-fixes). - fuse: ioctl: translate enosys in outarg (bsc#1213524). - fuse: revalidate: do not invalidate if interrupted (bsc#1213523). - gve: set default duplex configuration to full (git-fixes). - gve: unify driver name usage (git-fixes). - hvcs: fix hvcs port reference counting (bsc#1213134 ltc#202861). - hvcs: get reference to tty in remove (bsc#1213134 ltc#202861). - hvcs: synchronize hotplug remove with port free (bsc#1213134 ltc#202861). - hvcs: use dev_groups to manage hvcs device attributes (bsc#1213134 ltc#202861). - hvcs: use driver groups to manage driver attributes (bsc#1213134 ltc#202861). - hvcs: use vhangup in hotplug remove (bsc#1213134 ltc#202861). - hwmon: (adm1275) allow setting sample averaging (git-fixes). - hwmon: (k10temp) enable amd3255 proc to show negative temperature (git-fixes). - hwmon: (nct7802) fix for temp6 (peci1) processed even if peci1 disabled (git-fixes). - hwmon: (pmbus/adm1275) fix problems with temperature monitoring on adm1272 (git-fixes). - i2c: xiic: defer xiic_wakeup() and __xiic_start_xfer() in xiic_process() (git-fixes). - i2c: xiic: do not try to handle more interrupt events after error (git-fixes). - iavf: fix out-of-bounds when setting channels on remove (git-fixes). - iavf: fix use-after-free in free_netdev (git-fixes). - iavf: use internal state to free traffic irqs (git-fixes). - ib/hfi1: use bitmap_zalloc() when applicable (git-fixes) - igc: check if hardware tx timestamping is enabled earlier (git-fixes). - igc: enable and fix rx hash usage by netstack (git-fixes). - igc: fix inserting of empty frame for launchtime (git-fixes). - igc: fix kernel panic during ndo_tx_timeout callback (git-fixes). - igc: fix launchtime before start of cycle (git-fixes). - igc: fix race condition in ptp tx code (git-fixes). - igc: handle pps start time programming for past time values (git-fixes). - igc: prevent garbled tx queue with xdp zerocopy (git-fixes). - igc: remove delay during tx ring configuration (git-fixes). - igc: set tp bit in 'supported' and 'advertising' fields of ethtool_link_ksettings (git-fixes). - igc: work around hw bug causing missing timestamps (git-fixes). - inotify: avoid reporting event with invalid wd (bsc#1213025). - input: i8042 - add clevo pcx0dx to i8042 quirk table (git-fixes). - input: iqs269a - do not poll during ati (git-fixes). - input: iqs269a - do not poll during suspend or resume (git-fixes). - jbd2: fix data missing when reusing bh which is ready to be checkpointed (bsc#1213095). - jdb2: do not refuse invalidation of already invalidated buffers (bsc#1213014). - jffs2: fix memory leak in jffs2_do_fill_super (git-fixes). - jffs2: fix memory leak in jffs2_do_mount_fs (git-fixes). - jffs2: fix memory leak in jffs2_scan_medium (git-fixes). - jffs2: fix use-after-free in jffs2_clear_xattr_subsystem (git-fixes). - jffs2: gc deadlock reading a page that is used in jffs2_write_begin() (git-fixes). - jffs2: reduce stack usage in jffs2_build_xattr_subsystem() (git-fixes). - jfs: jfs_dmap: validate db_l2nbperpage while mounting (git-fixes). - kabi/severities: add vas symbols changed due to recent fix vas accelerators are directly tied to the architecture, there is no reason to have out-of-tree production drivers - kabi: do not check external trampolines for signature (kabi bsc#1207894 bsc#1211243). - kernel-binary.spec.in: remove superfluous %% in supplements fixes: 02b7735e0caf ('rpm/kernel-binary.spec.in: add enhances and supplements tags to in-tree kmps') - kselftest: vdso: fix accumulation of uninitialized ret when clock_realtime is undefined (git-fixes). - kvm: arm64: do not read a hw interrupt pending state in user context (git-fixes) - kvm: arm64: warn if accessing timer pending state outside of vcpu (bsc#1213620) - kvm: do not null dereference ops->destroy (git-fixes) - kvm: downgrade two bug_ons to warn_on_once (git-fixes) - kvm: initialize debugfs_dentry when a vm is created to avoid null (git-fixes) - kvm: s390: pv: fix index value of replaced asce (git-fixes bsc#1213867). - kvm: vmx: inject #gp on encls if vcpu has paging disabled (cr0.pg==0) (git-fixes). - kvm: vmx: inject #gp, not #ud, if sgx2 encls leafs are unsupported (git-fixes). - kvm: vmx: restore vmx_vmexit alignment (git-fixes). - kvm: x86: account fastpath-only vm-exits in vcpu stats (git-fixes). - leds: trigger: netdev: recheck netdev_led_mode_linkup on dev rename (git-fixes). - libceph: harden msgr2.1 frame segment length checks (bsc#1213857). - media: atomisp: gmin_platform: fix out_len in gmin_get_config_dsm_var() (git-fixes). - media: cec: i2c: ch7322: also select regmap (git-fixes). - media: i2c: correct format propagation for st-mipid02 (git-fixes). - media: staging: atomisp: select v4l2_fwnode (git-fixes). - media: usb: check az6007_read() return value (git-fixes). - media: usb: siano: fix warning due to null work_func_t function pointer (git-fixes). - media: venus: helpers: fix align() of non power of two (git-fixes). - media: videodev2.h: fix struct v4l2_input tuner index comment (git-fixes). - memcg: drop kmem.limit_in_bytes (bsc#1208788, bsc#1212905). - mmc: core: disable trim on kingston emmc04g-m627 (git-fixes). - mmc: sdhci: fix dma configure compatibility issue when 64bit dma mode is used (git-fixes). - net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585). - net/sched: sch_qfq: reintroduce lmax bound check for mtu (bsc#1213585). - net: ena: fix shift-out-of-bounds in exponential backoff (git-fixes). - net: mana: add support for vlan tagging (bsc#1212301). - net: mana: batch ringing rx queue doorbell on receiving packets (bsc#1212901). - net: mana: use the correct wqe count for ringing rq doorbell (bsc#1212901). - net: phy: marvell10g: fix 88x3310 power up (git-fixes). - net: phy: prevent stale pointer dereference in phy_init() (git-fixes). - nfsd: add encoding of op_recall flag for write delegation (git-fixes). - nfsd: fix double fget() bug in __write_ports_addfd() (git-fixes). - nfsd: fix sparse warning (git-fixes). - nfsd: remove open coding of string copy (git-fixes). - nfsv4.1: always send a reclaim_complete after establishing lease (git-fixes). - nfsv4.1: freeze the session table upon receiving nfs4err_badsession (git-fixes). - ntb: amd: fix error handling in amd_ntb_pci_driver_init() (git-fixes). - ntb: idt: fix error handling in idt_pci_driver_init() (git-fixes). - ntb: intel: fix error handling in intel_ntb_pci_driver_init() (git-fixes). - ntb: ntb_tool: add check for devm_kcalloc (git-fixes). - ntb: ntb_transport: fix possible memory leak while device_register() fails (git-fixes). - nvme-multipath: support io stats on the mpath device (bsc#1210565). - nvme-pci: fix dma direction of unmapping integrity data (git-fixes). - nvme-pci: remove nvme_queue from nvme_iod (git-fixes). - nvme: introduce nvme_start_request (bsc#1210565). - ocfs2: check new file size on fallocate call (git-fixes). - ocfs2: fix use-after-free when unmounting read-only filesystem (git-fixes). - ocfs2: switch to security_inode_init_security() (git-fixes). - octeontx-af: fix hardware timestamp configuration (git-fixes). - octeontx2-af: move validation of ptp pointer before its usage (git-fixes). - octeontx2-pf: add additional check for mcam rules (git-fixes). - opp: fix use-after-free in lazy_opp_tables after probe deferral (git-fixes). - pci/pm: avoid putting elopos e2/s2/h2 pcie ports in d3cold (git-fixes). - pci: add function 1 dma alias quirk for marvell 88se9235 (git-fixes). - phy: hisilicon: fix an out of bounds check in hisi_inno_phy_probe() (git-fixes). - phy: revert 'phy: remove soc_exynos4212 dep. from phy_exynos4x12_usb' (git-fixes). - phy: tegra: xusb: check return value of devm_kzalloc() (git-fixes). - phy: tegra: xusb: clear the driver reference in usb-phy dev (git-fixes). - pie: fix kernel-doc notation warning (git-fixes). - pinctrl: amd: detect internal gpio0 debounce handling (git-fixes). - pinctrl: amd: do not show `invalid config param` errors (git-fixes). - pinctrl: amd: fix mistake in handling clearing pins at startup (git-fixes). - pinctrl: amd: only use special debounce behavior for gpio 0 (git-fixes). - pinctrl: amd: use amd_pinconf_set() for all config options (git-fixes). - platform/x86: msi-laptop: fix rfkill out-of-sync on msi wind u100 (git-fixes). - powerpc/64: only warn if __pa()/__va() called with bad addresses (bsc#1194869). - powerpc/64s: fix vas mm use after free (bsc#1194869). - powerpc/book3s64/mm: fix directmap stats in /proc/meminfo (bsc#1194869). - powerpc/bpf: fix use of user_pt_regs in uapi (bsc#1194869). - powerpc/ftrace: remove ftrace init tramp once kernel init is complete (bsc#1194869). - powerpc/interrupt: do not read msr from interrupt_exit_kernel_prepare() (bsc#1194869). - powerpc/mm/dax: fix the condition when checking if altmap vmemap can cross-boundary (bsc#1150305 ltc#176097 git-fixes). - powerpc/mm: switch obsolete dssall to .long (bsc#1194869). - powerpc/powernv/sriov: perform null check on iov before dereferencing iov (bsc#1194869). - powerpc/powernv/vas: assign real address to rx_fifo in vas_rx_win_attr (bsc#1194869). - powerpc/prom_init: fix kernel config grep (bsc#1194869). - powerpc/secvar: fix refcount leak in format_show() (bsc#1194869). - powerpc/xics: fix refcount leak in icp_opal_init() (bsc#1194869). - powerpc: clean vdso32 and vdso64 directories (bsc#1194869). - powerpc: define get_cycles macro for arch-override (bsc#1194869). - powerpc: update ppc_save_regs to save current r1 in pt_regs (bsc#1194869). - pwm: ab8500: fix error code in probe() (git-fixes). - pwm: imx-tpm: force 'real_period' to be zero in suspend (git-fixes). - pwm: sysfs: do not apply state to already disabled pwms (git-fixes). - rdma/bnxt_re: fix hang during driver unload (git-fixes) - rdma/bnxt_re: prevent handling any completions after qp destroy (git-fixes) - rdma/core: update cma destination address on rdma_resolve_addr (git-fixes) - rdma/irdma: add missing read barriers (git-fixes) - rdma/irdma: fix data race on cqp completion stats (git-fixes) - rdma/irdma: fix data race on cqp request done (git-fixes) - rdma/irdma: fix op_type reporting in cqes (git-fixes) - rdma/irdma: report correct wc error (git-fixes) - rdma/mlx4: make check for invalid flags stricter (git-fixes) - rdma/mthca: fix crash when polling cq for shared qps (git-fixes) - rdma/rxe: fix access checks in rxe_check_bind_mw (git-fixes) - regmap: account for register length in smbus i/o limits (git-fixes). - regmap: drop initial version of maximum transfer length fixes (git-fixes). - revert 'arm64: dts: zynqmp: add address-cells property to interrupt (git-fixes) - revert 'debugfs, coccinelle: check for obsolete define_simple_attribute() usage' (git-fixes). - revert 'drm/amd/display: edp do not add non-edid timings' (git-fixes). - revert 'nfsv4: retry lock on old_stateid during delegation return' (git-fixes). - revert 'usb: dwc3: core: enable autoretry feature in the controller' (git-fixes). - revert 'usb: gadget: tegra-xudc: fix error check in tegra_xudc_powerdomain_init()' (git-fixes). - revert 'usb: xhci: tegra: fix error check' (git-fixes). - revert 'xhci: add quirk for host controllers that do not update endpoint dcs' (git-fixes). - rpm/check-for-config-changes: ignore also riscv_isa_* and dynamic_sigframe they depend on config_toolchain_has_*. - rpm: update dependency to match current kmod. - rsi: remove kernel-doc comment marker (git-fixes). - rxrpc, afs: fix selection of abort codes (git-fixes). - s390/ap: fix status returned by ap_aqic() (git-fixes bsc#1213259). - s390/ap: fix status returned by ap_qact() (git-fixes bsc#1213258). - s390/bpf: add expoline to tail calls (git-fixes bsc#1213870). - s390/dasd: fix hanging device after quiesce/resume (git-fixes bsc#1213810). - s390/debug: add _asm_s390_ prefix to header guard (git-fixes bsc#1213263). - s390/decompressor: specify __decompress() buf len to avoid overflow (git-fixes bsc#1213863). - s390/ipl: add missing intersection check to ipl_report handling (git-fixes bsc#1213871). - s390/percpu: add read_once() to arch_this_cpu_to_op_simple() (git-fixes bsc#1213252). - s390/qeth: fix vipa deletion (git-fixes bsc#1213713). - s390/vmem: fix empty page tables cleanup under kasan (git-fixes bsc#1213715). - s390: define runtime_discard_exit to fix link error with gnu ld < 2.36 (git-fixes bsc#1213264). - s390: discard .interp section (git-fixes bsc#1213247). - s390: introduce nospec_uses_trampoline() (git-fixes bsc#1213870). - scftorture: count reschedule ipis (git-fixes). - sched/debug: fix dentry leak in update_sched_domain_debugfs (git-fixes) - sched: fix debug && !schedstats warn (git-fixes) - scsi: lpfc: abort outstanding els cmds when mailbox timeout error is detected (bsc#1213756). - scsi: lpfc: avoid -wstringop-overflow warning (bsc#1213756). - scsi: lpfc: clean up sli-4 sysfs resource reporting (bsc#1213756). - scsi: lpfc: copyright updates for 14.2.0.14 patches (bsc#1213756). - scsi: lpfc: fix a possible data race in lpfc_unregister_fcf_rescan() (bsc#1213756). - scsi: lpfc: fix incorrect big endian type assignment in bsg loopback path (bsc#1213756). - scsi: lpfc: fix incorrect big endian type assignments in fdmi and vmid paths (bsc#1213756). - scsi: lpfc: fix lpfc_name struct packing (bsc#1213756). - scsi: lpfc: make fabric zone discovery more robust when handling unsolicited logo (bsc#1213756). - scsi: lpfc: pull out fw diagnostic dump log message from driver's trace buffer (bsc#1213756). - scsi: lpfc: qualify ndlp discovery state when processing rscn (bsc#1213756). - scsi: lpfc: refactor cpu affinity assignment paths (bsc#1213756). - scsi: lpfc: remove extra ndlp kref decrement in flogi cmpl for loop topology (bsc#1213756). - scsi: lpfc: replace all non-returning strlcpy() with strscpy() (bsc#1213756). - scsi: lpfc: replace one-element array with flexible-array member (bsc#1213756). - scsi: lpfc: revise ndlp kref handling for dev_loss_tmo_callbk and lpfc_drop_node (bsc#1213756). - scsi: lpfc: set establish image pair service parameter only for target functions (bsc#1213756). - scsi: lpfc: simplify fcp_abort transport callback log message (bsc#1213756). - scsi: lpfc: update lpfc version to 14.2.0.14 (bsc#1213756). - scsi: lpfc: use struct_size() helper (bsc#1213756). - scsi: qla2xxx: adjust iocb resource on qpair create (bsc#1213747). - scsi: qla2xxx: array index may go out of bound (bsc#1213747). - scsi: qla2xxx: avoid fcport pointer dereference (bsc#1213747). - scsi: qla2xxx: check valid rport returned by fc_bsg_to_rport() (bsc#1213747). - scsi: qla2xxx: correct the index of array (bsc#1213747). - scsi: qla2xxx: drop useless list_head (bsc#1213747). - scsi: qla2xxx: fix buffer overrun (bsc#1213747). - scsi: qla2xxx: fix command flush during tmf (bsc#1213747). - scsi: qla2xxx: fix deletion race condition (bsc#1213747). - scsi: qla2xxx: fix end of loop test (bsc#1213747). - scsi: qla2xxx: fix erroneous link up failure (bsc#1213747). - scsi: qla2xxx: fix error code in qla2x00_start_sp() (bsc#1213747). - scsi: qla2xxx: fix inconsistent tmf timeout (bsc#1213747). - scsi: qla2xxx: fix null pointer dereference in target mode (bsc#1213747). - scsi: qla2xxx: fix potential null pointer dereference (bsc#1213747). - scsi: qla2xxx: fix session hang in gnl (bsc#1213747). - scsi: qla2xxx: fix tmf leak through (bsc#1213747). - scsi: qla2xxx: limit tmf to 8 per function (bsc#1213747). - scsi: qla2xxx: pointer may be dereferenced (bsc#1213747). - scsi: qla2xxx: remove unused nvme_ls_waitq wait queue (bsc#1213747). - scsi: qla2xxx: replace one-element array with declare_flex_array() helper (bsc#1213747). - scsi: qla2xxx: silence a static checker warning (bsc#1213747). - scsi: qla2xxx: turn off noisy message log (bsc#1213747). - scsi: qla2xxx: update version to 10.02.08.400-k (bsc#1213747). - scsi: qla2xxx: update version to 10.02.08.500-k (bsc#1213747). - scsi: qla2xxx: use vmalloc_array() and vcalloc() (bsc#1213747). - security: keys: modify mismatched function name (git-fixes). - selftests: mptcp: depend on syn_cookies (git-fixes). - selftests: mptcp: sockopt: return error if wrong mark (git-fixes). - selftests: rtnetlink: remove netdevsim device after ipsec offload test (git-fixes). - selftests: tc: add 'ct' action kconfig dep (git-fixes). - selftests: tc: add conntrack procfs kconfig (git-fixes). - selftests: tc: set timeout to 15 minutes (git-fixes). - serial: qcom-geni: drop bogus runtime pm state update (git-fixes). - serial: sifive: fix sifive_serial_console_setup() section (git-fixes). - signal/powerpc: on swapcontext failure force sigsegv (bsc#1194869). - signal: replace force_sigsegv(sigsegv) with force_fatal_sig(sigsegv) (bsc#1194869). - smb3: do not reserve too many oplock credits (bsc#1193629). - smb3: missing null check in smb2_change_notify (bsc#1193629). - smb: client: fix broken file attrs with nodfs mounts (bsc#1193629). - smb: client: fix missed ses refcounting (git-fixes). - smb: client: fix parsing of source mount option (bsc#1193629). - smb: client: fix shared dfs root mounts with different prefixes (bsc#1193629). - smb: client: fix warning in cifs_match_super() (bsc#1193629). - smb: client: fix warning in cifs_smb3_do_mount() (bsc#1193629). - smb: client: fix warning in cifsfindfirst() (bsc#1193629). - smb: client: fix warning in cifsfindnext() (bsc#1193629). - smb: client: fix warning in generic_ip_connect() (bsc#1193629). - smb: client: improve dfs mount check (bsc#1193629). - smb: client: remove redundant pointer 'server' (bsc#1193629). - smb: delete an unnecessary statement (bsc#1193629). - smb: move client and server files to common directory fs/smb (bsc#1193629). - smb: remove obsolete comment (bsc#1193629). - soundwire: qcom: fix storing port config out-of-bounds (git-fixes). - soundwire: qcom: update status correctly with mask (git-fixes). - spi: bcm-qspi: return error if neither hif_mspi nor mspi is available (git-fixes). - spi: bcm63xx: fix max prepend length (git-fixes). - staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext() (git-fixes). - staging: r8712: fix memory leak in _r8712_init_xmit_priv() (git-fixes). - sunrpc: always free ctxt when freeing deferred request (git-fixes). - sunrpc: double free xprt_ctxt while still in use (git-fixes). - sunrpc: fix trace_svc_register() call site (git-fixes). - sunrpc: fix uaf in svc_tcp_listen_data_ready() (git-fixes). - sunrpc: remove dead code in svc_tcp_release_rqst() (git-fixes). - sunrpc: remove the maximum number of retries in call_bind_status (git-fixes). - svcrdma: prevent page release when nothing was received (git-fixes). - tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation (git-fixes). - tpm_tis: explicitly check for error code (git-fixes). - tty: n_gsm: fix uaf in gsm_cleanup_mux (git-fixes). - tty: serial: fsl_lpuart: add earlycon for imx8ulp platform (git-fixes). - ubi: ensure that vid header offset + vid header size <= alloc, size (bsc#1210584). - ubi: fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584). - ubifs: add missing iput if do_tmpfile() failed in rename whiteout (git-fixes). - ubifs: do_rename: fix wrong space budget when target inode's nlink > 1 (git-fixes). - ubifs: error path in ubifs_remount_rw() seems to wrongly free write buffers (git-fixes). - ubifs: fix 'ui->dirty' race between do_tmpfile() and writeback work (git-fixes). - ubifs: fix aa deadlock when setting xattr for encrypted file (git-fixes). - ubifs: fix build errors as symbol undefined (git-fixes). - ubifs: fix deadlock in concurrent rename whiteout and inode writeback (git-fixes). - ubifs: fix memory leak in alloc_wbufs() (git-fixes). - ubifs: fix memory leak in do_rename (git-fixes). - ubifs: fix read out-of-bounds in ubifs_wbuf_write_nolock() (git-fixes). - ubifs: fix to add refcount once page is set private (git-fixes). - ubifs: fix wrong dirty space budget for dirty inode (git-fixes). - ubifs: free memory for tmpfile name (git-fixes). - ubifs: rectify space amount budget for mkdir/tmpfile operations (git-fixes). - ubifs: rectify space budget for ubifs_symlink() if symlink is encrypted (git-fixes). - ubifs: rectify space budget for ubifs_xrename() (git-fixes). - ubifs: rename whiteout atomically (git-fixes). - ubifs: rename_whiteout: correct old_dir size computing (git-fixes). - ubifs: rename_whiteout: fix double free for whiteout_ui->data (git-fixes). - ubifs: reserve one leb for each journal head while doing budget (git-fixes). - ubifs: setflags: make dirtied_ino_d 8 bytes aligned (git-fixes). - ubifs: ubifs_writepage: mark page dirty after writing inode failed (git-fixes). - udf: avoid double brelse() in udf_rename() (bsc#1213032). - udf: define efscorrupted error code (bsc#1213038). - udf: detect system inodes linked into directory hierarchy (bsc#1213114). - udf: discard preallocation before extending file with a hole (bsc#1213036). - udf: do not bother looking for prealloc extents if i_lenextents matches i_size (bsc#1213035). - udf: do not bother merging very long extents (bsc#1213040). - udf: do not update file length for failed writes to inline files (bsc#1213041). - udf: fix error handling in udf_new_inode() (bsc#1213112). - udf: fix extending file within last block (bsc#1213037). - udf: fix preallocation discarding at indirect extent boundary (bsc#1213034). - udf: preserve link count of system files (bsc#1213113). - udf: truncate added extents on failed expansion (bsc#1213039). - update config and supported.conf files due to renaming. - update suse/rdma-mthca-fix-crash-when-polling-cq-for-shared-qps. (git-fixes bsc#1212604). added bug reference. - usb: dwc2: fix some error handling paths (git-fixes). - usb: dwc2: platform: improve error reporting for problems during .remove() (git-fixes). - usb: dwc3: do not reset device side if dwc3 was configured as host-only (git-fixes). - usb: dwc3: pci: skip byt gpio lookup table for hardwired phy (git-fixes). - usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate (git-fixes). - usb: gadget: udc: core: offload usb_udc_vbus_handler processing (git-fixes). - usb: gadget: udc: core: prevent soft_connect_store() race (git-fixes). - usb: serial: option: add lara-r6 01b pids (git-fixes). - usb: xhci-mtk: set the dma max_seg_size (git-fixes). - vhost: support packed when setting-getting vring_base (git-fixes). - vhost_net: revert upend_idx only on retriable error (git-fixes). - virtio-net: maintain reverse cleanup order (git-fixes). - virtio_net: fix error unwinding of xdp initialization (git-fixes). - wifi: airo: avoid uninitialized warning in airo_get_rate() (git-fixes). - wifi: ray_cs: drop useless status variable in parse_addr() (git-fixes). - wifi: ray_cs: utilize strnlen() in parse_addr() (git-fixes). - wifi: rtw89: debug: fix error code in rtw89_debug_priv_send_h2c_set() (git-fixes). - wl3501_cs: use eth_hw_addr_set() (git-fixes). - writeback: fix call of incorrect macro (bsc#1213024). - x86/pvh: obtain vga console info in dom0 (git-fixes). - x86: fix .brk attribute in linker script (git-fixes). - xen/blkfront: only check req_fua for writes (git-fixes). - xen/pvcalls-back: fix double frees with pvcalls_new_active_socket() (git-fixes). - xfs: ail needs asynchronous cil forcing (bsc#1211811). - xfs: async cil flushes need pending pushes to be made stable (bsc#1211811). - xfs: attach iclog callbacks in xlog_cil_set_ctx_write_state() (bsc#1211811). - xfs: cil work is serialised, not pipelined (bsc#1211811). - xfs: clean up the rtbitmap fsmap backend (git-fixes). - xfs: do not deplete the reserve pool when trying to shrink the fs (git-fixes). - xfs: do not reverse order of items in bulk ail insertion (git-fixes). - xfs: do not run shutdown callbacks on active iclogs (bsc#1211811). - xfs: drop async cache flushes from cil commits (bsc#1211811). - xfs: factor out log write ordering from xlog_cil_push_work() (bsc#1211811). - xfs: fix getfsmap reporting past the last rt extent (git-fixes). - xfs: fix integer overflows in the fsmap rtbitmap and logdev backends (git-fixes). - xfs: fix interval filtering in multi-step fsmap queries (git-fixes). - xfs: fix logdev fsmap query result filtering (git-fixes). - xfs: fix off-by-one error when the last rt extent is in use (git-fixes). - xfs: fix uninitialized variable access (git-fixes). - xfs: make fsmap backend function key parameters const (git-fixes). - xfs: make the record pointer passed to query_range functions const (git-fixes). - xfs: move the cil workqueue to the cil (bsc#1211811). - xfs: move xlog_commit_record to xfs_log_cil.c (bsc#1211811). - xfs: order cil checkpoint start records (bsc#1211811). - xfs: pass a cil context to xlog_write() (bsc#1211811). - xfs: pass explicit mount pointer to rtalloc query functions (git-fixes). - xfs: rework xlog_state_do_callback() (bsc#1211811). - xfs: run callbacks before waking waiters in xlog_state_shutdown_callbacks (bsc#1211811). - xfs: separate out log shutdown callback processing (bsc#1211811). - xfs: wait iclog complete before tearing down ail (bsc#1211811). - xfs: xlog_state_ioerror must die (bsc#1211811). - xhci: fix resume issue of some zhaoxin hosts (git-fixes). - xhci: fix trb prefetch issue of zhaoxin hosts (git-fixes). - xhci: show zhaoxin xhci root hub speed correctly (git-fixes). ----------------------------------------- Patch: SUSE-2023-3327 Released: Wed Aug 16 08:45:25 2023 Summary: Security update for pcre2 Severity: moderate References: 1213514,CVE-2022-41409 Description: This update for pcre2 fixes the following issues: - CVE-2022-41409: Fixed integer overflow vulnerability in pcre2test that allows attackers to cause a denial of service via negative input (bsc#1213514). ----------------------------------------- Patch: SUSE-2023-3360 Released: Fri Aug 18 14:48:55 2023 Summary: Security update for kernel-firmware Severity: moderate References: 1213287,CVE-2023-20569 Description: This update for kernel-firmware fixes the following issues: - CVE-2023-20569: Fixed AMD 19h ucode to mitigate a side channel vulnerability in some of the AMD CPUs. (bsc#1213287) ----------------------------------------- Patch: SUSE-2023-3363 Released: Fri Aug 18 14:54:16 2023 Summary: Security update for krb5 Severity: important References: 1214054,CVE-2023-36054 Description: This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) ----------------------------------------- Patch: SUSE-2023-3397 Released: Wed Aug 23 18:35:56 2023 Summary: Security update for openssl-1_1 Severity: moderate References: 1213517,1213853,CVE-2023-3817 Description: This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) - Don't pass zero length input to EVP_Cipher because s390x assembler optimized AES cannot handle zero size. (bsc#1213517) ----------------------------------------- Patch: SUSE-2023-3410 Released: Thu Aug 24 06:56:32 2023 Summary: Recommended update for audit Severity: moderate References: 1201519,1204844 Description: This update for audit fixes the following issues: - Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519) - Fix rules not loaded when restarting auditd.service (bsc#1204844) ----------------------------------------- Patch: SUSE-2023-3440 Released: Mon Aug 28 08:57:10 2023 Summary: Security update for gawk Severity: low References: 1214025,CVE-2023-4156 Description: This update for gawk fixes the following issues: - CVE-2023-4156: Fix a heap out of bound read by validating the index into argument list. (bsc#1214025) ----------------------------------------- Patch: SUSE-2023-3451 Released: Mon Aug 28 12:15:22 2023 Summary: Recommended update for systemd Severity: moderate References: 1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873 Description: This update for systemd fixes the following issues: - Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575) - Decrease devlink priority for iso disks (bsc#1213185) - Do not ignore mount point paths longer than 255 characters (bsc#1208194) - Refuse hibernation if there's no possible way to resume (bsc#1186606) - Update 'korean' and 'arabic' keyboard layouts (bsc#1210702) - Drop some entries no longer needed by YaST (bsc#1194609) - The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741) - Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873) ----------------------------------------- Patch: SUSE-2023-3461 Released: Mon Aug 28 17:25:09 2023 Summary: Security update for freetype2 Severity: moderate References: 1210419,CVE-2023-2004 Description: This update for freetype2 fixes the following issues: - CVE-2023-2004: Fixed integer overflow in tt_hvadvance_adjust (bsc#1210419). ----------------------------------------- Patch: SUSE-2023-3466 Released: Tue Aug 29 07:33:16 2023 Summary: Recommended update for icu Severity: moderate References: 1103893,1112183 Description: This update for icu fixes the following issues: - Japanese era Reiwa (bsc#1112183, bsc#1103893, fate570, fate#325570, fate#325419) ----------------------------------------- Patch: SUSE-2023-3470 Released: Tue Aug 29 10:49:33 2023 Summary: Recommended update for parted Severity: low References: 1182142,1193412 Description: This update for parted fixes the following issues: - fix null pointer dereference (bsc#1193412) - update mkpart options in manpage (bsc#1182142) ----------------------------------------- Patch: SUSE-2023-3486 Released: Tue Aug 29 14:25:23 2023 Summary: Recommended update for lvm2 Severity: moderate References: 1214071 Description: This update for lvm2 fixes the following issues: - blkdeactivate calls wrong mountpoint cmd (bsc#1214071) ----------------------------------------- Patch: SUSE-2023-3538 Released: Tue Sep 5 16:37:14 2023 Summary: Recommended update for dracut Severity: important References: 1214081 Description: This update for dracut fixes the following issues: - Protect against broken links pointing to themselves - Exit if resolving executable dependencies fails (bsc#1214081) ----------------------------------------- Patch: SUSE-2023-3591 Released: Wed Sep 13 08:33:55 2023 Summary: Security update for shadow Severity: low References: 1214806,CVE-2023-4641 Description: This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------- Patch: SUSE-2023-3611 Released: Fri Sep 15 09:28:36 2023 Summary: Recommended update for sysuser-tools Severity: moderate References: 1195391,1205161,1207778,1213240,1214140 Description: This update for sysuser-tools fixes the following issues: - Update to version 3.2 - Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240) - Add 'quilt setup' friendly hint to %sysusers_requires usage - Use append so if a pre file already exists it isn't overridden - Invoke bash for bash scripts (bsc#1195391) - Remove all systemd requires not supported on SLE15 (bsc#1214140) ----------------------------------------- Patch: SUSE-2023-3661 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Severity: important References: 1214052,CVE-2023-4039 Description: This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). ----------------------------------------- Patch: SUSE-2023-3663 Released: Mon Sep 18 21:49:09 2023 Summary: Recommended update for perl-Bootloader Severity: important References: 1215064 Description: This update for perl-Bootloader fixes the following issues: - bootloader_entry script can have an optional 'force-default' argument (bsc#1215064) - skip warning about unsupported options when in compat mode ----------------------------------------- Patch: SUSE-2023-3699 Released: Wed Sep 20 11:02:50 2023 Summary: Security update for libxml2 Severity: important References: 1214768,CVE-2023-39615 Description: This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). ----------------------------------------- Patch: SUSE-2023-3736 Released: Fri Sep 22 20:30:59 2023 Summary: Recommended update for libcontainers-common Severity: important References: 1215291 Description: This update for libcontainers-common fixes the following issues: - Require libcontainers-sles-mounts for *all* SUSE Linux Enterprise products, and not just SUSE Linux Enterprise Server. (bsc#1215291) ----------------------------------------- Patch: SUSE-2023-3814 Released: Wed Sep 27 18:08:17 2023 Summary: Recommended update for glibc Severity: moderate References: 1211829,1212819,1212910 Description: This update for glibc fixes the following issues: - nscd: Fix netlink cache invalidation if epoll is used (bsc#1212910, BZ #29415) - Restore lookup of IPv4 mapped addresses in files database (bsc#1212819, BZ #25457) - elf: Remove excessive p_align check on PT_LOAD segments (bsc#1211829, BZ #28688) - elf: Properly align PT_LOAD segments (bsc#1211829, BZ #28676) - ld.so: Always use MAP_COPY to map the first segment (BZ #30452) - add GB18030-2022 charmap (jsc#PED-4908, BZ #30243) ----------------------------------------- Patch: SUSE-2023-3815 Released: Wed Sep 27 18:20:25 2023 Summary: Security update for cni Severity: important References: 1212475 Description: This update of cni fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------- Patch: SUSE-2023-3816 Released: Wed Sep 27 18:25:44 2023 Summary: Security update for cni-plugins Severity: important References: 1212475 Description: This update of cni-plugins fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------- Patch: SUSE-2023-3823 Released: Wed Sep 27 18:42:38 2023 Summary: Security update for curl Severity: important References: 1215026,CVE-2023-38039 Description: This update for curl fixes the following issues: - CVE-2023-38039: Fixed possible DoS when receiving too large HTTP header. (bsc#1215026) ----------------------------------------- Patch: SUSE-2023-3856 Released: Thu Sep 28 09:42:16 2023 Summary: Recommended update for apparmor Severity: moderate References: 1214458 Description: This update for apparmor fixes the following issues: - Update zgrep profile to allow egrep helper use (bsc#1214458) ----------------------------------------- Patch: SUSE-2023-3952 Released: Tue Oct 3 20:06:23 2023 Summary: Security update for runc Severity: important References: 1212475 Description: This update of runc fixes the following issues: - Update to runc v1.1.8. Upstream changelog is available from . - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------- Patch: SUSE-2023-3954 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 Description: This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) ----------------------------------------- Patch: SUSE-2023-3964 Released: Wed Oct 4 09:39:04 2023 Summary: Security update for the Linux Kernel Severity: important References: 1023051,1120059,1177719,1188885,1193629,1194869,1205462,1208902,1208949,1209284,1209799,1210048,1210448,1212091,1212142,1212526,1212857,1212873,1213026,1213123,1213546,1213580,1213601,1213666,1213757,1213759,1213916,1213921,1213927,1213946,1213968,1213970,1213971,1214000,1214019,1214120,1214149,1214180,1214238,1214285,1214297,1214299,1214350,1214368,1214370,1214371,1214372,1214380,1214386,1214392,1214393,1214397,1214428,1214451,1214635,1214659,1214661,1214729,1214742,1214743,1214756,1215522,1215523,1215552,1215553,CVE-2023-2007,CVE-2023-20588,CVE-2023-34319,CVE-2023-3610,CVE-2023-37453,CVE-2023-3772,CVE-2023-3863,CVE-2023-4128,CVE-2023-4133,CVE-2023-4134,CVE-2023-4147,CVE-2023-4194,CVE-2023-4273,CVE-2023-4387,CVE-2023-4459,CVE-2023-4569 Description: The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448). - CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927). - CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546). - CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213580). - CVE-2023-37453: Fixed oversight in SuperSpeed initialization (bsc#1213123). - CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666). - CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601). - CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149). - CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970). - CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971). - CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1213968). - CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019). - CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214120). - CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350). - CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451). - CVE-2023-4569: Fixed information leak in nft_set_catchall_flush in net/netfilter/nf_tables_api.c (bsc#1214729). The following non-security bugs were fixed: - Drop amdgpu patch causing spamming (bsc#1215523) - acpi: processor: perflib: avoid updating frequency qos unnecessarily (git-fixes). - acpi: processor: perflib: use the 'no limit' frequency qos (git-fixes). - acpi: x86: s2idle: fix a logic error parsing amd constraints table (git-fixes). - alsa: ac97: fix possible error value of *rac97 (git-fixes). - alsa: hda/cs8409: support new dell dolphin variants (git-fixes). - alsa: hda/realtek - remodified 3k pull low procedure (git-fixes). - alsa: hda/realtek: add quirk for hp victus 16-d1xxx to enable mute led (git-fixes). - alsa: hda/realtek: add quirk for mute leds on hp envy x360 15-eu0xxx (git-fixes). - alsa: hda/realtek: add quirks for hp g11 laptops (git-fixes). - alsa: hda/realtek: switch dell oasis models to use spi (git-fixes). - alsa: pcm: fix missing fixup call in compat hw_refine ioctl (git-fixes). - alsa: usb-audio: add support for mythware xa001au capture and playback interfaces (git-fixes). - alsa: usb-audio: fix init call orders for uac1 (git-fixes). - alsa: ymfpci: fix the missing snd_card_free() call at probe error (git-fixes). - amba: bus: fix refcount leak (git-fixes). - arm64: dts: imx8mn-var-som: add missing pull-up for onboard phy reset pinmux (git-fixes). - arm64: dts: qcom: qrb5165-rb5: fix thermal zone conflict (git-fixes). - arm64: dts: rockchip: disable hs400 for emmc on rock pi 4 (git-fixes). - arm: dts: imx6dl: prtrvt, prtvt7, prti6q, prtwd2: fix usb related warnings (git-fixes). - arm: dts: imx6sll: fixup of operating points (git-fixes). - arm: spear: do not use timer namespace for timer_shutdown() function (bsc#1213970). - asoc: lower 'no backend dais enabled for ... port' log severity (git-fixes). - asoc: meson: axg-tdm-formatter: fix channel slot allocation (git-fixes). - asoc: rt5665: add missed regulator_bulk_disable (git-fixes). - asoc: sof: intel: fix soundwire/hdaudio mutual exclusion (git-fixes). - asoc: stac9766: fix build errors with regmap_ac97 (git-fixes). - asoc: tegra: fix sfc conversion for few rates (git-fixes). - audit: fix possible soft lockup in __audit_inode_child() (git-fixes). - backlight/bd6107: compare against struct fb_info.device (git-fixes). - backlight/gpio_backlight: compare against struct fb_info.device (git-fixes). - backlight/lv5207lp: compare against struct fb_info.device (git-fixes). - batman-adv: do not get eth header before batadv_check_management_packet (git-fixes). - batman-adv: do not increase mtu when set by user (git-fixes). - batman-adv: fix batadv_v_ogm_aggr_send memory leak (git-fixes). - batman-adv: fix tt global entry leak when client roamed back (git-fixes). - batman-adv: hold rtnl lock during mtu update via netlink (git-fixes). - batman-adv: trigger events for auto adjusted mtu (git-fixes). - bluetooth: btusb: add mt7922 bluetooth id for the asus ally (git-fixes). - bluetooth: btusb: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - bluetooth: fix potential use-after-free when clear keys (git-fixes). - bluetooth: l2cap: fix use-after-free (git-fixes). - bluetooth: l2cap: fix use-after-free in l2cap_sock_ready_cb (git-fixes). - bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() (git-fixes). - bluetooth: remove unused declaration amp_read_loc_info() (git-fixes). - bnx2x: fix page fault following eeh recovery (bsc#1214299). - bpf: disable preemption in bpf_event_output (git-fixes). - bus: ti-sysc: fix build warning for 64-bit build (git-fixes). - bus: ti-sysc: fix cast to enum warning (git-fixes). - bus: ti-sysc: flush posted write on enable before reset (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): count rx overflow errors also in case of oom (git-fixes). - ceph: defer stopping mdsc delayed_work (bsc#1214392). - ceph: do not check for quotas on mds stray dirs (bsc#1214238). - ceph: never send metrics if disable_send_metrics is set (bsc#1214180). - check-for-config-changes: ignore builtin_return_address_strips_pac (bsc#1214380). gcc7 on sle 15 does not support this while later gcc does. - cifs: add missing return value check for cifs_sb_tlink (bsc#1193629). - cifs: allow dumping keys for directories too (bsc#1193629). - cifs: fix mid leak during reconnection after timeout threshold (git-fixes). - cifs: if deferred close is disabled then close files immediately (git-fixes). - cifs: is_network_name_deleted should return a bool (bsc#1193629). - cifs: update internal module version number for cifs.ko (bsc#1193629). - clk: fix slab-out-of-bounds error in devm_clk_release() (git-fixes). - clk: fix undefined reference to `clk_rate_exclusive_{get,put}' (git-fixes). - clk: imx8mp: fix sai4 clock (git-fixes). - clk: imx: composite-8m: fix clock pauses when set_rate would be a no-op (git-fixes). - clk: imx: pll14xx: dynamically configure pll for 393216000/361267200hz (git-fixes). - clk: qcom: camcc-sc7180: fix async resume during probe (git-fixes). - clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock (git-fixes). - clk: qcom: gcc-sc7180: fix up gcc_sdcc2_apps_clk_src (git-fixes). - clk: qcom: gcc-sm8250: fix gcc_sdcc2_apps_clk_src (git-fixes). - clk: sunxi-ng: modify mismatched function name (git-fixes). - clocksource/drivers/arm_arch_timer: do not use timer namespace for timer_shutdown() function (bsc#1213970). - clocksource/drivers/sp804: do not use timer namespace for timer_shutdown() function (bsc#1213970). - config_nvme_verbose_errors=y gone with a82baa8083b - config_printk_safe_log_buf_shift=13 gone with 7e152d55123 - cpu/smt: allow enabling partial smt states via sysfs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/smt: create topology_smt_thread_allowed() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/smt: move smt prototypes into cpu_smt.h (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/smt: move smt/control simple exit cases earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/smt: remove topology_smt_supported() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/smt: store the current/max number of threads (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpufreq: fix the race condition while updating the transition_task of policy (git-fixes). - cpufreq: intel_pstate: adjust balance_performance epp for sapphire rapids (bsc#1214659). - cpufreq: intel_pstate: enable hwp io boost for all servers (bsc#1208949 jsc#ped-6003 jsc#ped-6004). - cpufreq: intel_pstate: fix scaling for hybrid-capable systems with disabled e-cores (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). - cpufreq: intel_pstate: hybrid: rework hwp calibration (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). - cpufreq: intel_pstate: hybrid: use known scaling factor for p-cores (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). - cpufreq: intel_pstate: read all msrs on the target cpu (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). - created new preempt kernel flavor configs are cloned from the respective $arch/default configs. all changed configs appart from config_preempt->y are a result of dependencies, namely many lock/unlock primitives are no longer inlined in the preempt kernel. tree_rcu has been also changed to preempt_rcu which is the default implementation for preempt kernel. - crypto: caam - fix unchecked return value error (git-fixes). - crypto: stm32 - properly handle pm_runtime_get failing (git-fixes). - dma-buf/sw_sync: avoid recursive lock during fence signal (git-fixes). - dma-buf/sync_file: fix docs syntax (git-fixes). - dmaengine: idxd: modify the dependence of attribute pasid_enabled (git-fixes). - dmaengine: mcf-edma: fix a potential un-allocated memory access (git-fixes). - dmaengine: pl330: return dma_paused when transaction is paused (git-fixes). - dmaengine: ste_dma40: add missing irq check in d40_probe (git-fixes). - docs/process/howto: replace c89 with c11 (bsc#1214756). - docs: kernel-parameters: refer to the correct bitmap function (git-fixes). - docs: networking: replace skb_hwtstamp_tx with skb_tstamp_tx (git-fixes). - docs: printk-formats: fix hex printing of signed values (git-fixes). - documentation: devices.txt: fix minors for ttycpm* (git-fixes). - documentation: devices.txt: remove ttyioc* (git-fixes). - documentation: devices.txt: remove ttysioc* (git-fixes). - driver core: test_async: fix an error code (git-fixes). - drivers: clk: keystone: fix parameter judgment in _of_pll_clk_init() (git-fixes). - drivers: usb: smsusb: fix error handling code in smsusb_init_device (git-fixes). - drm/amd/display: check attr flag before set cursor degamma on dcn3+ (git-fixes). - drm/amd/display: check tg is non-null before checking if enabled (git-fixes). - drm/amd/display: do not wait for mpc idle if tg is disabled (git-fixes). - drm/amd/display: fix access hdcp_workqueue assert (git-fixes). - drm/amd/display: phase3 mst hdcp for multiple displays (git-fixes). - drm/amd/display: save restore hdcp state when display is unplugged from mst hub (git-fixes). - drm/amd/pm: fix variable dereferenced issue in amdgpu_device_attr_create() (git-fixes). - drm/amd: flush any delayed gfxoff on suspend entry (git-fixes). - drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar() (git-fixes). - drm/amdgpu: fix potential fence use-after-free v2 (git-fixes). - drm/amdgpu: install stub fence into potential unused fence pointers (git-fixes). - drm/amdgpu: use rmw accessors for changing lnkctl (git-fixes). - drm/armada: fix off-by-one error in armada_overlay_get_property() (git-fixes). - drm/ast: fix dram init on ast2200 (git-fixes). - drm/atomic-helper: update reference to drm_crtc_force_disable_all() (git-fixes). - drm/bridge: anx7625: drop device lock before drm_helper_hpd_irq_event() (git-fixes). - drm/bridge: fix -wunused-const-variable= warning (git-fixes). - drm/bridge: tc358764: fix debug print parameter order (git-fixes). - drm/etnaviv: fix dumping of active mmu context (git-fixes). - drm/mediatek: fix dereference before null check (git-fixes). - drm/mediatek: fix potential memory leak if vmap() fail (git-fixes). - drm/msm/a2xx: call adreno_gpu_init() earlier (git-fixes). - drm/msm/mdp5: do not leak some plane state (git-fixes). - drm/msm: update dev core dump to not print backwards (git-fixes). - drm/nouveau/disp: revert a null check inside nouveau_connector_get_modes (git-fixes). - drm/nouveau/gr: enable memory loads on helper invocation on all channels (git-fixes). - drm/panel: simple: add missing connector type and pixel format for auo t215hvn01 (git-fixes). - drm/panel: simple: fix auo g121ean01 panel timings according to the docs (git-fixes). - drm/qxl: fix uaf on handle creation (git-fixes). - drm/radeon: use rmw accessors for changing lnkctl (git-fixes). - drm/rockchip: do not spam logs in atomic check (git-fixes). - drm/shmem-helper: reset vma->vm_ops before calling dma_buf_mmap() (git-fixes). - drm/tegra: dpaux: fix incorrect return value of platform_get_irq (git-fixes). - drm/ttm: check null pointer before accessing when swapping (git-fixes). - drm/ttm: never consider pinned bos for eviction&swap (git-fixes). - drm/vmwgfx: fix shader stage validation (git-fixes). - drm: adv7511: fix low refresh rate register for adv7533/5 (git-fixes). - drm: xlnx: zynqmp_dpsub: add missing check for dma_set_mask (git-fixes). - drop cfg80211 lock fix patches that caused a regression (bsc#1213757) - drop rtsx patch that caused a regression (bsc#1214397,bsc#1214428) - dt-bindings: clock: xlnx,versal-clk: drop select:false (git-fixes). - dt-bindings: clocks: imx8mp: make sai4 a dummy clock (git-fixes). - dt-bindings: crypto: ti,sa2ul: make power-domains conditional (git-fixes). - e1000: fix typos in comments (jsc#ped-5738). - e1000: remove unnecessary use of kmap_atomic() (jsc#ped-5738). - e1000: switch to napi_build_skb() (jsc#ped-5738). - e1000: switch to napi_consume_skb() (jsc#ped-5738). - enable analog devices industrial ethernet phy driver (jsc#ped-4759) - exfat: fix unexpected eof while reading dir (bsc#1214000). - exfat: release s_lock before calling dir_emit() (bsc#1214000). - exfat_iterate(): do not open-code file_inode(file) (bsc#1214000). - fbdev/ep93xx-fb: do not assign to struct fb_info.dev (git-fixes). - fbdev: fix potential oob read in fast_imageblit() (git-fixes). - fbdev: fix sys_imageblit() for arbitrary image widths (git-fixes). - fbdev: improve performance of sys_imageblit() (git-fixes). - fbdev: mmp: fix value check in mmphw_probe() (git-fixes). - file: reinstate f_pos locking optimization for regular files (bsc#1213759). - firmware: arm_scmi: drop of node reference in the transport channel setup (git-fixes). - firmware: cs_dsp: fix new control name check (git-fixes). - firmware: meson_sm: fix to avoid potential null pointer dereference (git-fixes). - firmware: stratix10-svc: fix an null vs is_err() bug in probe (git-fixes). - fs/sysv: null check to prevent null-ptr-deref bug (git-fixes). - ftrace: fix possible warning on checking all pages used in ftrace_process_locs() (git-fixes). - gpio: mvebu: fix irq domain leak (git-fixes). - gpio: mvebu: make use of devm_pwmchip_add (git-fixes). - gpio: tps68470: make tps68470_gpio_output() always set the initial value (git-fixes). - hid: add quirk for 03f0:464a hp elite presenter mouse (git-fixes). - hid: logitech-dj: fix error handling in logi_dj_recv_switch_to_dj_mode() (git-fixes). - hid: logitech-hidpp: add usb and bluetooth ids for the logitech g915 tkl keyboard (git-fixes). - hid: multitouch: correct devm device reference for hidinput input_dev name (git-fixes). - hid: wacom: remove the battery when the ekr is off (git-fixes). - hwmon: (pmbus/bel-pfe) enable pmbus_skip_status_check for pfe1100 (git-fixes). - hwmon: (tmp513) fix the channel number in tmp51x_is_visible() (git-fixes). - hwpoison: offline support: fix spelling in documentation/abi/ (git-fixes). - hwrng: iproc-rng200 - implement suspend and resume calls (git-fixes). - hwrng: nomadik - keep clock enabled while hwrng is registered (git-fixes). - hwrng: pic32 - use devm_clk_get_enabled (git-fixes). - i2c: bcm-iproc: fix bcm_iproc_i2c_isr deadlock issue (git-fixes). - i2c: delete error messages for failed memory allocations (git-fixes). - i2c: designware: correct length byte validation logic (git-fixes). - i2c: designware: handle invalid smbus block data response length value (git-fixes). - i2c: hisi: only handle the interrupt of the driver's transfer (git-fixes). - i2c: improve size determinations (git-fixes). - i2c: nomadik: remove a useless call in the remove function (git-fixes). - i2c: nomadik: remove unnecessary goto label (git-fixes). - i2c: nomadik: use devm_clk_get_enabled() (git-fixes). - i40e: fix an null vs is_err() bug for debugfs_create_dir() (git-fixes). - iavf: fix potential races for fdir filters (git-fixes). - ib/hfi1: fix possible panic during hotplug remove (git-fixes) - ib/uverbs: fix an potential error pointer dereference (git-fixes) - ice: fix crash by keep old cfg when update tcs more than queues (git-fixes). - ice: fix max_rate check while configuring tx rate limits (git-fixes). - ice: fix memory management in ice_ethtool_fdir.c (git-fixes). - ice: fix rdma vsi removal during queue rebuild (git-fixes). - iio: adc: ina2xx: avoid null pointer dereference on of device match (git-fixes). - iio: adc: stx104: implement and utilize register structures (git-fixes). - iio: adc: stx104: utilize iomap interface (git-fixes). - iio: cros_ec: fix the allocation size for cros_ec_command (git-fixes). - input: exc3000 - properly stop timer on shutdown (git-fixes). - intel/e1000:fix repeated words in comments (jsc#ped-5738). - intel: remove unused macros (jsc#ped-5738). - iommu/amd: add pci segment support for ivrs_ commands (git-fixes). - iommu/amd: fix compile warning in init code (git-fixes). - iommu/amd: fix ill-formed ivrs_ioapic, ivrs_hpet and ivrs_acpihid options (git-fixes). - iommu/amd: fix ivrs_acpihid cmdline parsing code (git-fixes). - iommu/amd: fix pci device refcount leak in ppr_notifier() (git-fixes). - iommu/amd: use full 64-bit value in build_completion_wait() (git-fixes). - iommu/arm-smmu-v3: check return value after calling platform_get_resource() (git-fixes). - iommu/arm-smmu-v3: fix event handling soft lockup (git-fixes). - iommu/arm-smmu-v3: make default domain type of hisilicon ptt device to identity (git-fixes). - iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe() (git-fixes). - iommu/dart: initialize dart_streams_enable (git-fixes). - iommu/dma: fix incorrect error return on iommu deferred attach (git-fixes). - iommu/dma: fix iova map result check bug (git-fixes). - iommu/dma: return error code from iommu_dma_map_sg() (git-fixes). - iommu/fsl_pamu: fix resource leak in fsl_pamu_probe() (git-fixes). - iommu/io-pgtable-arm-v7s: add a quirk to allow pgtable pa up to 35bit (git-fixes). - iommu/iova: fix module config properly (git-fixes). - iommu/omap: fix buffer overflow in debugfs (git-fixes). - iommu/rockchip: fix permission bits in page table entries v2 (git-fixes). - iommu/sun50i: consider all fault sources for reset (git-fixes). - iommu/sun50i: fix flush size (git-fixes). - iommu/sun50i: fix r/w permission check (git-fixes). - iommu/sun50i: fix reset release (git-fixes). - iommu/sun50i: implement .iotlb_sync_map (git-fixes). - iommu/sun50i: remove iommu_domain_identity (git-fixes). - iommu/vt-d: add rpls to quirk list to skip te disabling (git-fixes). - iommu/vt-d: check correct capability for sagaw determination (git-fixes). - iommu/vt-d: clean up si_domain in the init_dmars() error path (git-fixes). - iommu/vt-d: correctly calculate sagaw value of iommu (git-fixes). - iommu/vt-d: fix kdump kernels boot failure with scalable mode (git-fixes). - iommu/vt-d: fix pci device refcount leak in dmar_dev_scope_init() (git-fixes). - iommu/vt-d: fix pci device refcount leak in has_external_pci() (git-fixes). - iommu/vt-d: preset access bit for iova in fl non-leaf paging entries (git-fixes). - iommu/vt-d: set sre bit only when hardware has srs cap (git-fixes). - ipmi:ssif: add check for kstrdup (git-fixes). - ipmi:ssif: fix a memory leak when scanning for an adapter (git-fixes). - ipmi_si: fix a memleak in try_smi_init() (git-fixes). - jffs2: correct logic when creating a hole in jffs2_write_begin (git-fixes). - kabi/severities: ignore newly added srso mitigation functions - kabi: allow extra bugsints (bsc#1213927). - kbuild: add -wno-shift-negative-value where -wextra is used (bsc#1214756). - kbuild: move to -std=gnu11 (bsc#1214756). - kernel-binary: common dependencies cleanup common dependencies are copied to a subpackage, there is no need for copying defines or build dependencies there. - kernel-binary: drop code for kerntypes support kerntypes was a suse-specific feature dropped before sle 12. - kunit: make kunit_test_timeout compatible with comment (git-fixes). - kvm: s390: fix sthyi error handling (git-fixes bsc#1214370). - leds: fix bug_on check for led_color_id_multi that is always false (git-fixes). - leds: multicolor: use rounded division when calculating color components (git-fixes). - leds: pwm: fix error code in led_pwm_create_fwnode() (git-fixes). - leds: trigger: tty: do not use led_on/off constants, use led_blink_set_oneshot instead (git-fixes). - leds: turris-omnia: drop unnecessary mutex locking (git-fixes). - lib/test_meminit: allocate pages up to order max_order (git-fixes). - lib/test_meminit: destroy cache in kmem_cache_alloc_bulk() test (git-fixes). - libceph: fix potential hang in ceph_osdc_notify() (bsc#1214393). - md/raid0: factor out helper for mapping and submitting a bio (bsc#1213916). - md/raid0: fix performance regression for large sequential writes (bsc#1213916). - media: ad5820: drop unsupported ad5823 from i2c_ and of_device_id tables (git-fixes). - media: cx24120: add retval check for cx24120_message_send() (git-fixes). - media: dib7000p: fix potential division by zero (git-fixes). - media: dvb-usb: m920x: fix a potential memory leak in m920x_i2c_xfer() (git-fixes). - media: go7007: remove redundant if statement (git-fixes). - media: i2c: ccs: check rules is non-null (git-fixes). - media: i2c: rdacm21: fix uninitialized value (git-fixes). - media: i2c: tvp5150: check return value of devm_kasprintf() (git-fixes). - media: ov2680: add ov2680_fill_format() helper function (git-fixes). - media: ov2680: do not take the lock for try_fmt calls (git-fixes). - media: ov2680: fix ov2680_bayer_order() (git-fixes). - media: ov2680: fix ov2680_set_fmt() which == v4l2_subdev_format_try not working (git-fixes). - media: ov2680: fix regulators being left enabled on ov2680_power_on() errors (git-fixes). - media: ov2680: fix vflip / hflip set functions (git-fixes). - media: ov2680: remove video_v4l2_subdev_api ifdef-s (git-fixes). - media: ov5640: enable mipi interface in ov5640_set_power_mipi() (git-fixes). - media: rkvdec: increase max supported height for h.264 (git-fixes). - media: v4l2-core: fix a potential resource leak in v4l2_fwnode_parse_link() (git-fixes). - media: v4l2-mem2mem: add lock to protect parameter num_rdy (git-fixes). - media: venus: hfi_venus: only consider sys_idle_indicator on v1 (git-fixes). - media: venus: hfi_venus: write to vidc_ctrl_init after unmasking interrupts (git-fixes). - misc: rtsx: judge aspm mode to set petxcfg reg (git-fixes). - mkspec: allow unsupported kmps (bsc#1214386) - mlxsw: pci: add shutdown method in pci driver (git-fixes). - mmc: block: fix in_flight[issue_type] value error (git-fixes). - mmc: moxart: read scr register without changing byte order (git-fixes). - mmc: wbsd: fix double mmc_free_host() in wbsd_init() (git-fixes). - module: avoid allocation if module is already present and ready (bsc#1213921). - module: extract patient module check into helper (bsc#1213921). - module: move check_modinfo() early to early_mod_check() (bsc#1213921). - module: move early sanity checks into a helper (bsc#1213921). - move upstreamed powerpc patches into sorted section - mtd: rawnand: brcmnand: fix crash during the panic_write (git-fixes). - mtd: rawnand: brcmnand: fix mtd oobsize (git-fixes). - mtd: rawnand: brcmnand: fix potential false time out warning (git-fixes). - mtd: rawnand: brcmnand: fix potential out-of-bounds access in oob write (git-fixes). - mtd: rawnand: fsl_upm: fix an off-by one test in fun_exec_op() (git-fixes). - mtd: rawnand: fsmc: handle clk prepare error in fsmc_nand_resume() (git-fixes). - mtd: rawnand: omap_elm: fix incorrect type in assignment (git-fixes). - mtd: rawnand: rockchip: align hwecc vs. raw page helper layouts (git-fixes). - mtd: rawnand: rockchip: fix oobfree offset and description (git-fixes). - mtd: spi-nor: check bus width while setting qe bit (git-fixes). - mtd: spinand: toshiba: fix ecc_get_status (git-fixes). - n_tty: rename tail to old_tail in n_tty_read() (git-fixes). - net: hns3: fix wrong bw weight of disabled tc issue (git-fixes). - net: ieee802154: at86rf230: stop leaking skb's (git-fixes). - net: mana: fix mana vf unload when hardware is unresponsive (git-fixes). - net: phy: at803x: remove set/get wol callbacks for ar8032 (git-fixes). - net: phy: broadcom: stub c45 read/write for 54810 (git-fixes). - net: phy: fix irq-based wake-on-lan over hibernate / power off (git-fixes). - net: usb: lan78xx: reorder cleanup operations to avoid uaf bugs (git-fixes). - net: usbnet: fix warning in usbnet_start_xmit/usb_submit_urb (git-fixes). - netfs: fix lockdep warning from taking sb_writers whilst holding mmap_lock (bsc#1214742). - netfs: fix missing xas_retry() calls in xarray iteration (bsc#1213946). - netfs: fix parameter of cleanup() (bsc#1214743). - nfsd: remove incorrect check in nfsd4_validate_stateid (git-fixes). - nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput (git-fixes). - nilfs2: fix warning in mark_buffer_dirty due to discarded buffer reuse (git-fixes). - nvme-rdma: fix potential unbalanced freeze & unfreeze (bsc#1208902). - nvme-tcp: fix potential unbalanced freeze & unfreeze (bsc#1208902). - objtool/x86: fix srso mess (git-fixes). - objtool/x86: fixup frame-pointer vs rethunk (git-fixes). - objtool: union instruction::{call_dest,jump_table} (git-fixes). - old-flavors: drop 2.6 kernels. 2.6 based kernels are eol, upgrading from them is no longer suported. - pci/aspm: avoid link retraining race (git-fixes). - pci/aspm: factor out pcie_wait_for_retrain() (git-fixes). - pci/aspm: return 0 or -etimedout from pcie_retrain_link() (git-fixes). - pci: acpiphp: reassign resources on bridge if necessary (git-fixes). - pci: acpiphp: use pci_assign_unassigned_bridge_resources() only for non-root bus (git-fixes). - pci: mark nvidia t4 gpus to avoid bus reset (git-fixes). - pci: meson: remove cast between incompatible function type (git-fixes). - pci: microchip: correct the ded and sec interrupt bit offsets (git-fixes). - pci: microchip: remove cast between incompatible function type (git-fixes). - pci: pciehp: use rmw accessors for changing lnkctl (git-fixes). - pci: rockchip: remove writes to unused registers (git-fixes). - pci: s390: fix use-after-free of pci resources with per-function hotplug (git-fixes). - pci: tegra194: fix possible array out of bounds access (git-fixes). - pcmcia: rsrc_nonstatic: fix memory leak in nonstatic_release_resource_db() (git-fixes). - phy/rockchip: inno-hdmi: do not power on rk3328 post pll on reg write (git-fixes). - phy/rockchip: inno-hdmi: round fractal pixclock in rk3328 recalc_rate (git-fixes). - phy/rockchip: inno-hdmi: use correct vco_div_5 macro on rk3328 (git-fixes). - phy: qcom-snps-femto-v2: keep cfg_ahb_clk enabled during runtime suspend (git-fixes). - phy: qcom-snps-femto-v2: properly enable ref clock (git-fixes). - phy: qcom-snps: correct struct qcom_snps_hsphy kerneldoc (git-fixes). - phy: qcom-snps: use dev_err_probe() to simplify code (git-fixes). - pinctrl: cherryview: fix address_space_handler() argument (git-fixes). - pinctrl: mcp23s08: check return value of devm_kasprintf() (git-fixes). - pinctrl: renesas: rza2: add lock around pinctrl_generic{{add,remove}_group,{add,remove}_function} (git-fixes). - platform/x86: dell-sysman: fix reference leak (git-fixes). - pm / devfreq: fix leak in devfreq_dev_release() (git-fixes). - powerpc/64e: fix kexec build error (bsc#1212091 ltc#199106). - powerpc/iommu: do not set failed sg dma_address to dma_mapping_error (bsc#1212091 ltc#199106). - powerpc/iommu: fix iommu_table_in_use for a small default dma window case (bsc#1212091 ltc#199106). - powerpc/iommu: incorrect ddw table is referenced for sr-iov device (bsc#1212091 ltc#199106). - powerpc/iommu: return error code from .map_sg() ops (bsc#1212091 ltc#199106). - powerpc/iommu: tces are incorrectly manipulated with dlpar add/remove of memory (bsc#1212091 ltc#199106). - powerpc/kernel/iommu: add new iommu_table_in_use() helper (bsc#1212091 ltc#199106). - powerpc/kexec: fix build failure from uninitialised variable (bsc#1212091 ltc#199106). - powerpc/mm/altmap: fix altmap boundary check (bsc#1120059 git-fixes). - powerpc/pseries/ddw: do not try direct mapping with persistent memory and one window (bsc#1212091 ltc#199106). - powerpc/pseries/ddw: simplify enable_ddw() (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: add ddw_list_new_entry() helper (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: add ddw_property_create() and refactor enable_ddw() (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: add iommu_pseries_alloc_table() helper (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: add of_node_put() before break (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: allow ddw windows starting at 0x00 (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: check if the default window in use before removing it (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: create huge dma window if no mmio32 is present (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: find existing ddw with given property name (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: make use of ddw for indirect mapping (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: print ibm,query-pe-dma-windows parameters (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: rename 'direct window' to 'dma window' (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: reorganize iommu_table_setparms*() with new helper (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: replace hard-coded page shift (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: update remove_dma_window() to accept property name (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: use correct vfree for it_map (bsc#1212091 ltc#199106). - powerpc/pseries: add __init attribute to eligible functions (bsc#1212091 ltc#199106). - powerpc/pseries: honour current smt state when dlpar onlining cpus (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - powerpc/pseries: initialise cpu hotplug callbacks earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - powerpc/rtas: block error injection when locked down (bsc#1023051). - powerpc/rtas: enture rtas_call is called with mmu enabled (bsc#1023051). - powerpc/rtas_flash: allow user copy to flash block cache objects (bsc#1194869). - powerpc/security: fix speculation_store_bypass reporting on power10 (bsc#1188885 ltc#193722 git-fixes). - powerpc: add hotplug_smt support (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). update config files. - powerpc: fix typos in comments (bsc#1212091 ltc#199106). - powerpc: move dma64_propname define to a header (bsc#1214297 ltc#197503). - pseries/iommu/ddw: fix kdump to work in absence of ibm,dma-window (bsc#1214297 ltc#197503). - pstore/ram: check start of empty przs during init (git-fixes). - pwm: add a stub for devm_pwmchip_add() (git-fixes). - pwm: meson: fix handling of period/duty if greater than uint_max (git-fixes). - pwm: meson: simplify duplicated per-channel tracking (git-fixes). - qed: fix scheduling in a tasklet while getting stats (git-fixes). - rdma/bnxt_re: fix error handling in probe failure path (git-fixes) - rdma/bnxt_re: fix max_qp count for virtual functions (git-fixes) - rdma/efa: fix wrong resources deallocation order (git-fixes) - rdma/hns: fix cq and qp cache affinity (git-fixes) - rdma/hns: fix incorrect post-send with direct wqe of wr-list (git-fixes) - rdma/hns: fix port active speed (git-fixes) - rdma/irdma: prevent zero-length stag registration (git-fixes) - rdma/irdma: replace one-element array with flexible-array member (git-fixes) - rdma/mlx5: return the firmware result upon destroying qp/rq (git-fixes) - rdma/qedr: remove a duplicate assignment in irdma_query_ah() (git-fixes) - rdma/siw: balance the reference of cep->kref in the error path (git-fixes) - rdma/siw: correct wrong debug message (git-fixes) - rdma/umem: set iova in odp flow (git-fixes) - readme.branch: add miroslav franc as a sle15-sp4 co-maintainer. - regmap: rbtree: use alloc_flags for memory allocations (git-fixes). - revert 'ib/isert: fix incorrect release of isert connection' (git-fixes) - revert 'tracing: add '(fault)' name injection to kernel probes' (git-fixes). - ring-buffer: do not swap cpu_buffer during resize process (git-fixes). - ring-buffer: fix deadloop issue on reading trace_pipe (git-fixes). - ring-buffer: fix wrong stat of cpu_buffer->read (git-fixes). - rpmsg: glink: add check for kstrdup (git-fixes). - s390/purgatory: disable branch profiling (git-fixes bsc#1214372). - sched/fair: fix inaccurate tally of ttwu_move_affine (git fixes). - sched/fair: use recent_used_cpu to test p->cpus_ptr (git fixes). - sched/psi: use kernfs polling functions for psi trigger polling (bsc#1209799). - scsi: bsg: increase number of devices (bsc#1210048). - scsi: core: do not wait for quiesce in scsi_device_block() (bsc#1209284). - scsi: core: do not wait for quiesce in scsi_stop_queue() (bsc#1209284). - scsi: core: improve warning message in scsi_device_block() (bsc#1209284). - scsi: core: merge scsi_internal_device_block() and device_block() (bsc#1209284). - scsi: rdma/srp: fix residual handling (git-fixes) - scsi: sg: increase number of devices (bsc#1210048). - scsi: storvsc: always set no_report_opcodes (git-fixes). - scsi: storvsc: fix handling of virtual fibre channel timeouts (git-fixes). - scsi: storvsc: handle srb status value 0x30 (git-fixes). - scsi: storvsc: limit max_sectors for virtual fibre channel devices (git-fixes). - scsi: zfcp: defer fc_rport blocking until after adisc response (git-fixes bsc#1214371). - selftests/futex: order calls to futex_lock_pi (git-fixes). - selftests/harness: actually report skip for signal tests (git-fixes). - selftests/resctrl: close perf value read fd on errors (git-fixes). - selftests/resctrl: do not leak buffer in fill_cache() (git-fixes). - selftests/resctrl: unmount resctrl fs if child fails to run benchmark (git-fixes). - selftests/rseq: check if libc rseq support is registered (git-fixes). - selftests: forwarding: add a helper to skip test when using veth pairs (git-fixes). - selftests: forwarding: ethtool: skip when using veth pairs (git-fixes). - selftests: forwarding: ethtool_extended_state: skip when using veth pairs (git-fixes). - selftests: forwarding: skip test when no interfaces are specified (git-fixes). - selftests: forwarding: switch off timeout (git-fixes). - selftests: forwarding: tc_actions: cleanup temporary files when test is aborted (git-fixes). - selftests: forwarding: tc_actions: use ncat instead of nc (git-fixes). - selftests: forwarding: tc_flower: relax success criterion (git-fixes). - selftests: mirror_gre_changes: tighten up the ttl test match (git-fixes). - serial: sc16is7xx: fix broken port 0 uart init (git-fixes). - serial: sc16is7xx: fix bug when first setting gpio direction (git-fixes). - serial: sprd: assign sprd_port after initialized to avoid wrong access (git-fixes). - serial: sprd: fix dma buffer leak issue (git-fixes). - serial: tegra: handle clk prepare error in tegra_uart_hw_init() (git-fixes). - sfc: fix crash when reading stats while nic is resetting (git-fixes). - smb3: do not send lease break acknowledgment if all file handles have been closed (git-fixes). - smb3: do not set ntlmssp_version flag for negotiate not auth request (bsc#1193629). - smb: client: fix -wstringop-overflow issues (bsc#1193629). - smb: client: fix dfs link mount against w2k8 (bsc#1212142). - smb: client: fix null auth (git-fixes). - soc: aspeed: socinfo: add kfree for kstrdup (git-fixes). - soundwire: bus: pm_runtime_request_resume on peripheral attachment (git-fixes). - soundwire: fix enumeration completion (git-fixes). - spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe() (git-fixes). - supported.conf: fix typos for -!optional markers - target: compare and write backend driver sense handling (bsc#1177719 bsc#1213026). - target_core_rbd: fix leak and reduce kmalloc calls (bsc#1212873). - target_core_rbd: fix rbd_img_request.snap_id assignment (bsc#1212857). - target_core_rbd: remove snapshot existence validation code (bsc#1212857). - thunderbolt: read retimer nvm authentication status prior tb_retimer_set_inbound_sbtx() (git-fixes). - timers: add shutdown mechanism to the internal functions (bsc#1213970). - timers: provide timer_shutdown[_sync]() (bsc#1213970). - timers: rename del_timer() to timer_delete() (bsc#1213970). - timers: rename del_timer_sync() to timer_delete_sync() (bsc#1213970). - timers: replace bug_on()s (bsc#1213970). - timers: silently ignore timers with a null function (bsc#1213970). - timers: split [try_to_]del_timer[_sync]() to prepare for shutdown mode (bsc#1213970). - timers: update kernel-doc for various functions (bsc#1213970). - timers: use del_timer_sync() even on up (bsc#1213970). - tracing/histograms: add histograms to hist_vars if they have referenced variables (git-fixes). - tracing/histograms: return an error if we fail to add histogram to hist_vars list (git-fixes). - tracing/probes: fix not to count error code to total length (git-fixes). - tracing/probes: fix to avoid double count of the string length on the array (git-fixes). - tracing/probes: fix to record 0-length data_loc in fetch_store_string*() if fails (git-fixes). - tracing/probes: fix to update dynamic data counter if fetcharg uses it (git-fixes). - tracing: fix cpu buffers unavailable due to 'record_disabled' missed (git-fixes). - tracing: fix memleak due to race between current_tracer and trace (git-fixes). - tracing: fix memory leak of iter->temp when reading trace_pipe (git-fixes). - tracing: fix null pointer dereference in tracing_err_log_open() (git-fixes). - tracing: fix warning in trace_buffered_event_disable() (git-fixes). - tty: fix hang on tty device with no_room set (git-fixes). - tty: n_gsm: fix the uaf caused by race condition in gsm_cleanup_mux (git-fixes). - tty: serial: fsl_lpuart: add i.mxrt1050 support (git-fixes). - tty: serial: fsl_lpuart: clear the error flags by writing 1 for lpuart32 platforms (git-fixes). - tty: serial: fsl_lpuart: make rx_watermark configurable for different platforms (git-fixes). - tty: serial: fsl_lpuart: reduce rx watermark to 0 on ls1028a (git-fixes). - ubifs: fix memleak when insert_old_idx() failed (git-fixes). - update patches.suse/cpufreq-intel_pstate-fix-cpu-pstate.turbo_freq-initi (git-fixes bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). - usb-storage: alauda: fix uninit-value in alauda_check_media() (git-fixes). - usb: chipidea: imx: add missing usb phy dpdm wakeup setting (git-fixes). - usb: chipidea: imx: do not request qos for imx8ulp (git-fixes). - usb: chipidea: imx: improve logic if samsung,picophy-* parameter is 0 (git-fixes). - usb: common: usb-conn-gpio: prevent bailing out if initial role is none (git-fixes). - usb: dwc3: fix typos in gadget.c (git-fixes). - usb: dwc3: meson-g12a: do post init to fix broken usb after resumption (git-fixes). - usb: dwc3: properly handle processing of pending events (git-fixes). - usb: gadget: f_mass_storage: fix unused variable warning (git-fixes). - usb: gadget: fix the memory leak in raw_gadget driver (git-fixes). - usb: gadget: u_serial: avoid spinlock recursion in __gs_console_push (git-fixes). - usb: ohci-at91: fix the unhandle interrupt when resume (git-fixes). - usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host() (git-fixes). - usb: quirks: add quirk for focusrite scarlett (git-fixes). - usb: serial: option: add quectel ec200a module support (git-fixes). - usb: serial: option: support quectel em060k_128 (git-fixes). - usb: serial: simple: add kaufmann rks+can vcp (git-fixes). - usb: serial: simple: sort driver entries (git-fixes). - usb: typec: altmodes/displayport: signal hpd when configuring pin assignment (git-fixes). - usb: typec: tcpm: fix response to vsafe0v event (git-fixes). - usb: typec: tcpm: set initial svdm version based on pd revision (git-fixes). - usb: zaurus: add id for a-300/b-500/c-700 (git-fixes). - watchdog: sp5100_tco: support hygon fch/sch (server controller hub) (git-fixes). - wifi: ath10k: use rmw accessors for changing lnkctl (git-fixes). - wifi: ath11k: use rmw accessors for changing lnkctl (git-fixes). - wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx (git-fixes). - wifi: ath9k: protect wmi command response buffer replacement with a lock (git-fixes). - wifi: ath9k: use is_err() with debugfs_create_dir() (git-fixes). - wifi: cfg80211: fix return value in scan logic (git-fixes). - wifi: cfg80211: fix sband iftype data lookup for ap_vlan (git-fixes). - wifi: mt76: mt7615: do not advertise 5 ghz on first phy of mt7615d (dbdc) (git-fixes). - wifi: mt76: mt7915: fix power-limits while chan_switch (git-fixes). - wifi: mt76: mt7921: do not support one stream on secondary antenna only (git-fixes). - wifi: mt76: testmode: add nla_policy for mt76_tm_attr_tx_length (git-fixes). - wifi: mwifiex: avoid possible null skb pointer dereference (git-fixes). - wifi: mwifiex: fix error recovery in pcie buffer descriptor management (git-fixes). - wifi: mwifiex: fix memory leak in mwifiex_histogram_read() (git-fixes). - wifi: mwifiex: fix missed return in oob checks failed path (git-fixes). - wifi: mwifiex: fix oob and integer underflow when rx packets (git-fixes). - wifi: nl80211/cfg80211: add forgotten nla_policy for bss color attribute (git-fixes). - wifi: radiotap: fix kernel-doc notation warnings (git-fixes). - wifi: rtw89: debug: fix error handling in rtw89_debug_priv_btc_manual_set() (git-fixes). - x86/alternative: make custom return thunk unconditional (git-fixes). - x86/cpu/amd: disable xsaves on amd family 0x17 (git-fixes). - x86/cpu/kvm: provide untrain_ret_vm (git-fixes). - x86/cpu: clean up srso return thunk mess (git-fixes). - x86/cpu: cleanup the untrain mess (git-fixes). - x86/cpu: fix __x86_return_thunk symbol type (git-fixes). - x86/cpu: fix up srso_safe_ret() and __x86_return_thunk() (git-fixes). - x86/cpu: rename original retbleed methods (git-fixes). - x86/cpu: rename srso_(.*)_alias to srso_alias_\1 (git-fixes). - x86/mce: make sure logged mces are processed after sysfs update (git-fixes). - x86/retpoline,kprobes: fix position of thunk sections with config_lto_clang (git-fixes). - x86/retpoline,kprobes: skip optprobe check for indirect jumps with retpolines and ibt (git-fixes). - x86/retpoline: do not clobber rflags during srso_safe_ret() (git-fixes). - x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635). - x86/speculation: add cpu_show_gds() prototype (git-fixes). - x86/speculation: mark all skylake cpus as vulnerable to gds (git-fixes). - x86/srso: correct the mitigation status when smt is disabled (git-fixes). - x86/srso: disable the mitigation on unaffected configurations (git-fixes). - x86/srso: explain the untraining sequences a bit more (git-fixes). - x86/srso: fix build breakage with the llvm linker (git-fixes). - x86/srso: fix return thunks in generated code (git-fixes). - x86/static_call: fix __static_call_fixup() (git-fixes). - xfs: fix sb write verify for lazysbcount (bsc#1214661). ----------------------------------------- Patch: SUSE-2023-3986 Released: Thu Oct 5 14:07:58 2023 Summary: Recommended update for suse-module-tools Severity: important References: 1201066,1213428 Description: This update for suse-module-tools fixes the following issues: - Update to version 15.4.17: * cert-script: warn only once about non-writable efivarfs * cert-script: skip cert handling if efivarfs is not writable (bsc#1213428, bsc#1201066) ----------------------------------------- Patch: SUSE-2023-3997 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Severity: important References: 1215713,CVE-2023-35945 Description: This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). ----------------------------------------- Patch: SUSE-2023-4042 Released: Tue Oct 10 19:11:00 2023 Summary: Security update for conmon Severity: important References: 1215806 Description: This update for conmon fixes the following issues: conmon was rebuilt using go1.21 (bsc#1215806) ----------------------------------------- Patch: SUSE-2023-4044 Released: Wed Oct 11 09:01:14 2023 Summary: Security update for curl Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 Description: This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) ----------------------------------------- Patch: SUSE-2023-4093 Released: Tue Oct 17 09:50:35 2023 Summary: Security update for the Linux Kernel Severity: important References: 1202845,1213808,1214928,1214940,1214941,1214942,1214943,1214944,1214950,1214951,1214954,1214957,1214986,1214988,1214992,1214993,1215322,1215877,1215894,1215895,1215896,1215911,1215915,1215916,CVE-2023-1192,CVE-2023-1206,CVE-2023-1859,CVE-2023-2177,CVE-2023-39192,CVE-2023-39193,CVE-2023-39194,CVE-2023-4155,CVE-2023-42753,CVE-2023-42754,CVE-2023-4389,CVE-2023-4563,CVE-2023-4622,CVE-2023-4623,CVE-2023-4881,CVE-2023-4921,CVE-2023-5345 Description: The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-39194: Fixed an out of bounds read in the XFRM subsystem (bsc#1215861). - CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860). - CVE-2023-39192: Fixed an out of bounds read in the netfilter (bsc#1215858). - CVE-2023-42754: Fixed a NULL pointer dereference in the IPv4 stack that could lead to denial of service (bsc#1215467). - CVE-2023-4389: Fixed a reference counting issue in the Btrfs filesystem that could be exploited in order to leak internal kernel information or crash the system (bsc#1214351). - CVE-2023-5345: fixed an use-after-free vulnerability in the fs/smb/client component which could be exploited to achieve local privilege escalation. (bsc#1215899) - CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges (bsc#1215150). - CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% (bsc#1212703). - CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275). - CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117). - CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115). - CVE-2023-4155: Fixed a flaw in KVM AMD Secure Encrypted Virtualization (SEV). An attacker can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages. (bsc#1214022) - CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which could be exploited to crash the system (bsc#1210169). - CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221). - CVE-2023-2177: Fixed a null pointer dereference issue in the sctp network protocol which could allow a user to crash the system (bsc#1210643). - CVE-2023-4563: Fixed an use-after-free flaw in the nftables sub-component. This vulnerability could allow a local attacker to crash the system or lead to a kernel information leak problem. (bsc#1214727) - CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995). The following non-security bugs were fixed: - ALSA: hda/cirrus: Fix broken audio on hardware with two CS42L42 codecs (git-fixes). - ALSA: hda/realtek: Splitting the UX3402 into two separate models (git-fixes). - ARM: pxa: remove use of symbol_get() (git-fixes). - arm64: csum: Fix OoB access in IP checksum code for negative lengths (git-fixes). - arm64: module-plts: inline linux/moduleloader.h (git-fixes) - arm64: module: Use module_init_layout_section() to spot init sections (git-fixes) - arm64: sdei: abort running SDEI handlers during crash (git-fixes) - arm64: tegra: Update AHUB clock parent and rate (git-fixes) - arm64/fpsimd: Only provide the length to cpufeature for xCR registers (git-fixes) - ASoC: imx-audmix: Fix return error with devm_clk_get() (git-fixes). - ASoC: meson: spdifin: start hw on dai probe (git-fixes). - ASoC: soc-utils: Export snd_soc_dai_is_dummy() symbol (git-fixes). - ASoC: tegra: Fix redundant PLLA and PLLA_OUT0 updates (git-fixes). - ata: libata: disallow dev-initiated LPM transitions to unsupported states (git-fixes). - ata: pata_falcon: fix IO base selection for Q40 (git-fixes). - ata: pata_ftide010: Add missing MODULE_DESCRIPTION (git-fixes). - ata: sata_gemini: Add missing MODULE_DESCRIPTION (git-fixes). - backlight: gpio_backlight: Drop output GPIO direction check for initial power state (git-fixes). - blk-iocost: fix divide by 0 error in calc_lcoefs() (bsc#1214986). - blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost (bsc#1214992). - block/mq-deadline: use correct way to throttling write requests (bsc#1214993). - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition (git-fixes). - bnx2x: new flag for track HW resource allocation (bsc#1202845 bsc#1215322). - bpf: Clear the probe_addr for uprobe (git-fixes). - btrfs: do not hold CPU for too long when defragging a file (bsc#1214988). - drm: gm12u320: Fix the timeout usage for usb_bulk_msg() (git-fixes). - drm/amd/display: fix the white screen issue when >= 64GB DRAM (git-fixes). - drm/amd/display: prevent potential division by zero errors (git-fixes). - drm/display: Do not assume dual mode adaptors support i2c sub-addressing (bsc#1213808). - drm/i915: mark requests for GuC virtual engines to avoid use-after-free (git-fixes). - drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt() (git-fixes). - drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling (git-fixes). - drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() (git-fixes). - ext4: avoid potential data overflow in next_linear_group (bsc#1214951). - ext4: correct inline offset when handling xattrs in inode body (bsc#1214950). - ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} (bsc#1214954). - ext4: fix wrong unit use in ext4_mb_clear_bb (bsc#1214943). - ext4: fix wrong unit use in ext4_mb_new_blocks (bsc#1214944). - ext4: get block from bh in ext4_free_blocks for fast commit replay (bsc#1214942). - ext4: reflect error codes from ext4_multi_mount_protect() to its callers (bsc#1214941). - ext4: Remove ext4 locking of moved directory (bsc#1214957). - ext4: set goal start correctly in ext4_mb_normalize_request (bsc#1214940). - fs: do not update freeing inode i_io_list (bsc#1214813). - fs: Establish locking order for unrelated directories (bsc#1214958). - fs: Lock moved directories (bsc#1214959). - fs: lockd: avoid possible wrong NULL parameter (git-fixes). - fs: no need to check source (bsc#1215752). - fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE (bsc#1214813). - fuse: nlookup missing decrement in fuse_direntplus_link (bsc#1215581). - gve: Add AF_XDP zero-copy support for GQI-QPL format (bsc#1214479). - gve: Add XDP DROP and TX support for GQI-QPL format (bsc#1214479). - gve: Add XDP REDIRECT support for GQI-QPL format (bsc#1214479). - gve: Changes to add new TX queues (bsc#1214479). - gve: Control path for DQO-QPL (bsc#1214479). - gve: fix frag_list chaining (bsc#1214479). - gve: Fix gve interrupt names (bsc#1214479). - gve: RX path for DQO-QPL (bsc#1214479). - gve: trivial spell fix Recive to Receive (bsc#1214479). - gve: Tx path for DQO-QPL (bsc#1214479). - gve: Unify duplicate GQ min pkt desc size constants (bsc#1214479). - gve: use vmalloc_array and vcalloc (bsc#1214479). - gve: XDP support GQI-QPL: helper function changes (bsc#1214479). - hwrng: virtio - add an internal buffer (git-fixes). - hwrng: virtio - always add a pending request (git-fixes). - hwrng: virtio - do not wait on cleanup (git-fixes). - hwrng: virtio - do not waste entropy (git-fixes). - hwrng: virtio - Fix race on data_avail and actual data (git-fixes). - i2c: aspeed: Reset the i2c controller when timeout occurs (git-fixes). - i3c: master: svc: fix probe failure when no i3c device exist (git-fixes). - idr: fix param name in idr_alloc_cyclic() doc (git-fixes). - Input: tca6416-keypad - fix interrupt enable disbalance (git-fixes). - iommu/virtio: Detach domain on endpoint release (git-fixes). - jbd2: check 'jh->b_transaction' before removing it from checkpoint (bsc#1214953). - jbd2: correct the end of the journal recovery scan range (bsc#1214955). - jbd2: fix a race when checking checkpoint buffer busy (bsc#1214949). - jbd2: fix checkpoint cleanup performance regression (bsc#1214952). - jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint (bsc#1214948). - jbd2: recheck chechpointing non-dirty buffer (bsc#1214945). - jbd2: remove journal_clean_one_cp_list() (bsc#1214947). - jbd2: remove t_checkpoint_io_list (bsc#1214946). - jbd2: restore t_checkpoint_io_list to maintain kABI (bsc#1214946). - kabi/severities: ignore mlx4 internal symbols - kconfig: fix possible buffer overflow (git-fixes). - kernel-binary: Move build-time definitions together Move source list and build architecture to buildrequires to aid in future reorganization of the spec template. - kernel-binary: python3 is needed for build At least scripts/bpf_helpers_doc.py requires python3 since Linux 4.18 Other simimlar scripts may exist. - kselftest/runner.sh: Propagate SIGTERM to runner child (git-fixes). - KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes (git-fixes bsc#1215915). - KVM: s390: interrupt: use READ_ONCE() before cmpxchg() (git-fixes bsc#1215896). - KVM: s390: pv: fix external interruption loop not always detected (git-fixes bsc#1215916). - KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (git-fixes bsc#1215894). - KVM: s390: vsie: fix the length of APCB bitmap (git-fixes bsc#1215895). - KVM: s390/diag: fix racy access of physical cpu number in diag 9c handler (git-fixes bsc#1215911). - KVM: SVM: Remove a duplicate definition of VMCB_AVIC_APIC_BAR_MASK (git-fixes). - KVM: VMX: Fix header file dependency of asm/vmx.h (git-fixes). - KVM: x86: Fix KVM_CAP_SYNC_REGS's sync_regs() TOCTOU issues (git-fixes). - KVM: x86/mmu: Include mmu.h in spte.h (git-fixes). - loop: Fix use-after-free issues (bsc#1214991). - loop: loop_set_status_from_info() check before assignment (bsc#1214990). - mlx4: Avoid resetting MLX4_INTFF_BONDING per driver (bsc#1187236). - mlx4: Connect the ethernet part to the auxiliary bus (bsc#1187236). - mlx4: Connect the infiniband part to the auxiliary bus (bsc#1187236). - mlx4: Delete custom device management logic (bsc#1187236). - mlx4: Get rid of the mlx4_interface.activate callback (bsc#1187236). - mlx4: Get rid of the mlx4_interface.get_dev callback (bsc#1187236). - mlx4: Move the bond work to the core driver (bsc#1187236). - mlx4: Register mlx4 devices to an auxiliary virtual bus (bsc#1187236). - mlx4: Rename member mlx4_en_dev.nb to netdev_nb (bsc#1187236). - mlx4: Replace the mlx4_interface.event callback with a notifier (bsc#1187236). - mlx4: Use 'void *' as the event param of mlx4_dispatch_event() (bsc#1187236). - net: do not allow gso_size to be set to GSO_BY_FRAGS (git-fixes). - net: mana: Add page pool for RX buffers (bsc#1214040). - net: mana: Configure hwc timeout from hardware (bsc#1214037). - net: phy: micrel: Correct bit assignments for phy_device flags (git-fixes). - net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes). - net/mlx4: Remove many unnecessary NULL values (bsc#1187236). - NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN (git-fixes). - NFS/blocklayout: Use the passed in gfp flags (git-fixes). - NFS/pNFS: Report EINVAL errors from connect() to the server (git-fixes). - NFSD: da_addr_body field missing in some GETDEVICEINFO replies (git-fixes). - NFSD: fix change_info in NFSv4 RENAME replies (git-fixes). - NFSD: Fix race to FREE_STATEID and cl_revoked (git-fixes). - NFSv4: Fix dropped lock for racing OPEN and delegation return (git-fixes). - NFSv4: fix out path in __nfs4_get_acl_uncached (git-fixes). - NFSv4.2: fix error handling in nfs42_proc_getxattr (git-fixes). - NFSv4.2: fix handling of COPY ERR_OFFLOAD_NO_REQ (git-fixes). - NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info (git-fixes). - ntb: Clean up tx tail index on link down (git-fixes). - ntb: Drop packets when qp link is down (git-fixes). - ntb: Fix calculation ntb_transport_tx_free_entry() (git-fixes). - nvme-auth: use chap->s2 to indicate bidirectional authentication (bsc#1214543). - nvme-tcp: add recovery_delay to sysfs (bsc#1201284). - nvme-tcp: delay error recovery until the next KATO interval (bsc#1201284). - nvme-tcp: Do not terminate commands when in RESETTING (bsc#1201284). - nvme-tcp: make 'err_work' a delayed work (bsc#1201284). - PCI: Free released resource after coalescing (git-fixes). - platform/mellanox: mlxbf-pmc: Fix potential buffer overflows (git-fixes). - platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events (git-fixes). - platform/mellanox: mlxbf-tmfifo: Drop jumbo frames (git-fixes). - platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more descriptors (git-fixes). - platform/x86: intel_scu_ipc: Check status after timeout in busy_loop() (git-fixes). - platform/x86: intel_scu_ipc: Check status upon timeout in ipc_wait_for_interrupt() (git-fixes). - platform/x86: intel_scu_ipc: Do not override scu in intel_scu_ipc_dev_simple_command() (git-fixes). - platform/x86: intel_scu_ipc: Fail IPC send if still busy (git-fixes). - pNFS: Fix assignment of xprtdata.cred (git-fixes). - powerpc/fadump: make is_kdump_kernel() return false when fadump is active (bsc#1212639 ltc#202582). - powerpc/iommu: Fix notifiers being shared by PCI and VIO buses (bsc#1065729). - powerpc/rtas: mandate RTAS syscall filtering (bsc#1023051). - powerpc/xics: Remove unnecessary endian conversion (bsc#1065729). - printk: ringbuffer: Fix truncating buffer size min_t cast (bsc#1215875). - pwm: lpc32xx: Remove handling of PWM channels (git-fixes). - quota: add new helper dquot_active() (bsc#1214998). - quota: factor out dquot_write_dquot() (bsc#1214995). - quota: fix dqput() to follow the guarantees dquot_srcu should provide (bsc#1214963). - quota: fix warning in dqgrab() (bsc#1214962). - quota: Properly disable quotas when add_dquot_ref() fails (bsc#1214961). - quota: rename dquot_active() to inode_quota_active() (bsc#1214997). - s390/zcrypt: do not leak memory if dev_set_name() fails (git-fixes bsc#1215148). - scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() (git-fixes). - scsi: 53c700: Check that command slot is not NULL (git-fixes). - scsi: core: Fix legacy /proc parsing buffer overflow (git-fixes). - scsi: core: Fix possible memory leak if device_add() fails (git-fixes). - scsi: fnic: Replace return codes in fnic_clean_pending_aborts() (git-fixes). - scsi: lpfc: Do not abuse UUID APIs and LPFC_COMPRESS_VMID_SIZE (git-fixes). - scsi: lpfc: Early return after marking final NLP_DROPPED flag in dev_loss_tmo (git-fixes). - scsi: lpfc: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git-fixes). - scsi: lpfc: Modify when a node should be put in device recovery mode during RSCN (git-fixes). - scsi: lpfc: Prevent use-after-free during rmmod with mapped NVMe rports (git-fixes). - scsi: lpfc: Remove reftag check in DIF paths (git-fixes). - scsi: qedf: Add synchronization between I/O completions and abort (bsc#1210658). - scsi: qedf: Fix firmware halt over suspend and resume (git-fixes). - scsi: qedf: Fix NULL dereference in error handling (git-fixes). - scsi: qedi: Fix firmware halt over suspend and resume (git-fixes). - scsi: qla2xxx: Add logs for SFP temperature monitoring (bsc#1214928). - scsi: qla2xxx: Allow 32-byte CDBs (bsc#1214928). - scsi: qla2xxx: Error code did not return to upper layer (bsc#1214928). - scsi: qla2xxx: Fix firmware resource tracking (bsc#1214928). - scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes). - scsi: qla2xxx: Fix smatch warn for qla_init_iocb_limit() (bsc#1214928). - scsi: qla2xxx: Flush mailbox commands on chip reset (bsc#1214928). - scsi: qla2xxx: Move resource to allow code reuse (bsc#1214928). - scsi: qla2xxx: Remove unsupported ql2xenabledif option (bsc#1214928). - scsi: qla2xxx: Remove unused declarations (bsc#1214928). - scsi: qla2xxx: Remove unused variables in qla24xx_build_scsi_type_6_iocbs() (bsc#1214928). - scsi: qla2xxx: Update version to 10.02.09.100-k (bsc#1214928). - scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() (git-fixes). - scsi: scsi_debug: Remove dead code (git-fixes). - scsi: snic: Fix double free in snic_tgt_create() (git-fixes). - scsi: snic: Fix possible memory leak if device_add() fails (git-fixes). - scsi: storvsc: Handle additional SRB status values (git-fixes). - scsi: zfcp: Fix a double put in zfcp_port_enqueue() (git-fixes bsc#1215941). - selftests: tracing: Fix to unmount tracefs for recovering environment (git-fixes). - SUNRPC: Mark the cred for revalidation if the server rejects it (git-fixes). - tcpm: Avoid soft reset when partner does not support get_status (git-fixes). - tracing: Fix race issue between cpu buffer write and swap (git-fixes). - tracing: Remove extra space at the end of hwlat_detector/mode (git-fixes). - tracing: Remove unnecessary copying of tr->current_trace (git-fixes). - uapi: stddef.h: Fix __DECLARE_FLEX_ARRAY for C++ (git-fixes). - udf: Fix extension of the last extent in the file (bsc#1214964). - udf: Fix file corruption when appending just after end of preallocated extent (bsc#1214965). - udf: Fix off-by-one error when discarding preallocation (bsc#1214966). - udf: Fix uninitialized array access for some pathnames (bsc#1214967). - uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix (git-fixes). - usb: ehci: add workaround for chipidea PORTSC.PEC bug (git-fixes). - usb: ehci: move new member has_ci_pec_bug into hole (git-fixes). - usb: serial: option: add FOXCONN T99W368/T99W373 product (git-fixes). - usb: serial: option: add Quectel EM05G variant (0x030e) (git-fixes). - usb: typec: tcpci: clear the fault status bit (git-fixes). - usb: typec: tcpci: move tcpci.h to include/linux/usb/ (git-fixes). - vhost_vdpa: fix the crash in unmap a large memory (git-fixes). - vhost-scsi: unbreak any layout for response (git-fixes). - vhost: allow batching hint without size (git-fixes). - vhost: fix hung thread due to erroneous iotlb entries (git-fixes). - vhost: handle error while adding split ranges to iotlb (git-fixes). - virtio_net: add checking sq is full inside xdp xmit (git-fixes). - virtio_net: Fix probe failed when modprobe virtio_net (git-fixes). - virtio_net: reorder some funcs (git-fixes). - virtio_net: separate the logic of checking whether sq is full (git-fixes). - virtio_ring: fix avail_wrap_counter in virtqueue_add_packed (git-fixes). - virtio-mmio: do not break lifecycle of vm_dev (git-fixes). - virtio-net: fix race between set queues and probe (git-fixes). - virtio-net: set queues after driver_ok (git-fixes). - virtio-rng: make device ready before making request (git-fixes). - virtio: acknowledge all features before access (git-fixes). - vmcore: remove dependency with is_kdump_kernel() for exporting vmcore (bsc#1212639 ltc#202582). - watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load (git-fixes). - word-at-a-time: use the same return type for has_zero regardless of endianness (bsc#1065729). - x86/alternative: Fix race in try_get_desc() (git-fixes). - x86/boot/e820: Fix typo in e820.c comment (git-fixes). - x86/bugs: Reset speculation control settings on init (git-fixes). - x86/cpu: Add Lunar Lake M (git-fixes). - x86/cpu: Add model number for Intel Arrow Lake processor (git-fixes). - x86/fpu: Take task_struct* in copy_sigframe_from_user_to_xstate() (git-fixes). - x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed (git-fixes). - x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (git-fixes). - x86/ioapic: Do not return 0 from arch_dynirq_lower_bound() (git-fixes). - x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (git-fixes). - x86/mce: Retrieve poison range from hardware (git-fixes). - x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (git-fixes). - x86/mm: Avoid incomplete Global INVLPG flushes (git-fixes). - x86/mm: Do not shuffle CPU entry areas without KASLR (git-fixes). - x86/purgatory: remove PGO flags (git-fixes). - x86/PVH: avoid 32-bit build warning when obtaining VGA console info (git-fixes). - x86/reboot: Disable virtualization in an emergency if SVM is supported (git-fixes). - x86/resctl: fix scheduler confusion with 'current' (git-fixes). - x86/resctrl: Fix task CLOSID/RMID update race (git-fixes). - x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register (git-fixes). - x86/rtc: Remove __init for runtime functions (git-fixes). - x86/sgx: Reduce delay and interference of enclave release (git-fixes). - x86/srso: Do not probe microcode in a guest (git-fixes). - x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes). - x86/srso: Fix srso_show_state() side effect (git-fixes). - x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes). - x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) (git-fixes). - xen: remove a confusing comment on auto-translated guest I/O (git-fixes). - xprtrdma: Remap Receive buffers after a reconnect (git-fixes). ----------------------------------------- Patch: SUSE-2023-4110 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Severity: important References: 1215286,1215891,CVE-2023-4813 Description: This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------- Patch: SUSE-2023-4122 Released: Thu Oct 19 08:24:34 2023 Summary: Recommended update for openssl-1_1 Severity: moderate References: 1215215 Description: This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------- Patch: SUSE-2023-4126 Released: Thu Oct 19 09:38:31 2023 Summary: Security update for cni Severity: important References: 1212475,1216006 Description: This update of cni fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------- Patch: SUSE-2023-4127 Released: Thu Oct 19 09:43:23 2023 Summary: Security update for cni-plugins Severity: important References: 1212475,1216006 Description: This update of cni-plugins fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------- Patch: SUSE-2023-4135 Released: Thu Oct 19 14:14:23 2023 Summary: Security update for suse-module-tools Severity: important References: 1205767,1210335,CVE-2023-1829,CVE-2023-23559 Description: This update for suse-module-tools fixes the following issues: - Updated to version 15.4.18: - CVE-2023-1829: Blacklisted the Linux kernel tcindex classifier module (bsc#1210335). - CVE-2023-23559: Blacklisted the Linux kernel RNDIS modules (bsc#1205767, jsc#PED-5731). ----------------------------------------- Patch: SUSE-2023-4138 Released: Thu Oct 19 17:15:38 2023 Summary: Recommended update for systemd-rpm-macros Severity: moderate References: Description: This update for systemd-rpm-macros fixes the following issues: - Switch to `systemd-hwdb` tool when updating the HW database. It's been introduced in systemd v219 and replaces the deprecated command `udevadm hwdb`. ----------------------------------------- Patch: SUSE-2023-4139 Released: Fri Oct 20 10:06:58 2023 Summary: Recommended update for containerd, runc Severity: moderate References: 1215323 Description: This update for containerd, runc fixes the following issues: runc was updated to v1.1.9. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.9 containerd was updated to containerd v1.7.7 for Docker v24.0.6-ce. Upstream release notes: - https://github.com/containerd/containerd/releases/tag/v1.7.7 - https://github.com/containerd/containerd/releases/tag/v1.7.6 bsc#1215323 - Add `Provides: cri-runtime` to use containerd as container runtime in Factory Kubernetes packages ----------------------------------------- Patch: SUSE-2023-4140 Released: Fri Oct 20 11:34:03 2023 Summary: Security update for grub2 Severity: important References: 1201300,1215935,1215936,CVE-2023-4692,CVE-2023-4693 Description: This update for grub2 fixes the following issues: Security fixes: - CVE-2023-4692: Fixed an out-of-bounds write at fs/ntfs.c which may lead to unsigned code execution. (bsc#1215935) - CVE-2023-4693: Fixed an out-of-bounds read at fs/ntfs.c which may lead to leak sensitive information. (bsc#1215936) Other fixes: - Fix a boot delay issue in PowerPC PXE boot (bsc#1201300) ----------------------------------------- Patch: SUSE-2023-4151 Released: Fri Oct 20 17:19:18 2023 Summary: Recommended update for build-iso, elemental, elemental-operator, elemental-operator-crds-helm, elemental-operator-helm, elemental-system-agent, operator-image, seedimage-builder, teal-channel-image, teal-rt-channel-image Severity: moderate References: Description: This update for build-iso, elemental, elemental-operator, elemental-operator-crds-helm, elemental-operator-helm, elemental-system-agent, operator-image, seedimage-builder, teal-channel-image, teal-rt-channel-image fixes the following issues: - Update build-iso to version 1.2.3: * Include system agent unit file in specfile - Update to version 1.3.5: * Use the proper format for command arguments * Prevent recalling bootstrap.sh on 'systemctl restart elemental-system-agent' * Small refactor to centralize registration config checks * Ensure Elemental registration data includes the registration URL * Remove --debug flag from helm pull * Attempt to use charts from PR project in e2e tests * Publish OBS charts to gh-pages * Apply a regex on tags to match the same criteria as in OBS * Publish all OBS repositories on PRs * Fix repository url * Use OBS PR builds for the e2e tests * Build and publish charts for OBS/IBS artifacts in gh-pages - Update to elemental-operator version 1.3.5 - Remove the systemd unit file as this is now included as part of elemental package ----------------------------------------- Patch: SUSE-2023-4153 Released: Fri Oct 20 19:27:58 2023 Summary: Recommended update for systemd Severity: moderate References: 1215313 Description: This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) ----------------------------------------- Patch: SUSE-2023-4154 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Severity: moderate References: 1107342,1215434 Description: This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) ----------------------------------------- Patch: SUSE-2023-4162 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 Description: This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------- Patch: SUSE-2023-4200 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Severity: important References: 1216123,1216174,CVE-2023-44487 Description: This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------- Patch: SUSE-2023-4217 Released: Thu Oct 26 12:20:27 2023 Summary: Security update for zlib Severity: moderate References: 1216378,CVE-2023-45853 Description: This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). ----------------------------------------- Patch: SUSE-2023-4310 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Severity: moderate References: 1196647 Description: This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir ----------------------------------------- Patch: SUSE-2023-4351 Released: Thu Nov 2 17:11:29 2023 Summary: Security update for the Linux Kernel Severity: important References: 1211307,1212423,1213772,1215955,1216062,1216512,CVE-2023-2163,CVE-2023-31085,CVE-2023-34324,CVE-2023-3777,CVE-2023-39189,CVE-2023-45862,CVE-2023-46813,CVE-2023-5178 Description: The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215095) - CVE-2023-46813: Fixed a local privilege escalation with user-space programs that have access to MMIO regions (bsc#1212649). - CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS. (bsc#1210778) - CVE-2023-45862: Fixed an issue in the ENE UB6250 reader driver whwere an object could potentially extend beyond the end of an allocation causing. (bsc#1216051) - CVE-2023-5178: Fixed an UAF in queue intialization setup. (bsc#1215768) - CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215518) - CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745). - CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046) The following non-security bugs were fixed: - 9p: virtio: make sure 'offs' is initialized in zc_request (git-fixes). - ACPI: irq: Fix incorrect return value in acpi_register_gsi() (git-fixes). - ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA (git-fixes). - ALSA: hda/realtek: Change model for Intel RVP board (git-fixes). - ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre M70q (git-fixes). - ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset (git-fixes). - ASoC: codecs: wcd938x-sdw: fix runtime PM imbalance on probe errors (git-fixes). - ASoC: codecs: wcd938x-sdw: fix use after free on driver unbind (git-fixes). - ASoC: codecs: wcd938x: drop bogus bind error handling (git-fixes). - ASoC: codecs: wcd938x: fix unbind tear down order (git-fixes). - ASoC: fsl: imx-pcm-rpmsg: Add SNDRV_PCM_INFO_BATCH flag (git-fixes). - ASoC: imx-rpmsg: Set ignore_pmdown_time for dai_link (git-fixes). - ASoC: pxa: fix a memory leak in probe() (git-fixes). - Bluetooth: Avoid redundant authentication (git-fixes). - Bluetooth: Fix a refcnt underflow problem for hci_conn (git-fixes). - Bluetooth: Reject connection with the device which has same BD_ADDR (git-fixes). - Bluetooth: avoid memcmp() out of bounds warning (git-fixes). - Bluetooth: btusb: add shutdown function for QCA6174 (git-fixes). - Bluetooth: hci_event: Fix coding style (git-fixes). - Bluetooth: hci_event: Fix using memcmp when comparing keys (git-fixes). - Bluetooth: hci_event: Ignore NULL link key (git-fixes). - Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name (git-fixes). - Bluetooth: hci_sock: fix slab oob read in create_monitor_event (git-fixes). - Bluetooth: vhci: Fix race when opening vhci device (git-fixes). - Documentation: qat: change kernel version (PED-6401). - Documentation: qat: rewrite description (PED-6401). - Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (git-fixes). - Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs (git-fixes). - Fix metadata references - HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event (git-fixes). - HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit (git-fixes). - HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (git-fixes). - HID: multitouch: Add required quirk for Synaptics 0xcd7e device (git-fixes). - HID: sony: Fix a potential memory leak in sony_probe() (git-fixes). - HID: sony: remove duplicate NULL check before calling usb_free_urb() (git-fixes). - IB/mlx4: Fix the size of a buffer in add_port_entries() (git-fixes) - Input: goodix - ensure int GPIO is in input for gpio_count == 1 && gpio_int_idx == 0 case (git-fixes). - Input: powermate - fix use-after-free in powermate_config_complete (git-fixes). - Input: psmouse - fix fast_reconnect function for PS/2 mode (git-fixes). - Input: xpad - add PXN V900 support (git-fixes). - KVM: SVM: Do not kill SEV guest if SMAP erratum triggers in usermode (git-fixes). - KVM: s390: fix gisa destroy operation might lead to cpu stalls (git-fixes bsc#1216512). - KVM: x86/mmu: Reconstruct shadow page root if the guest PDPTEs is changed (git-fixes). - KVM: x86: Fix clang -Wimplicit-fallthrough in do_host_cpuid() (git-fixes). - KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (bsc#1213772). - KVM: x86: Propagate the AMD Automatic IBRS feature to the guest (bsc#1213772). - KVM: x86: add support for CPUID leaf 0x80000021 (bsc#1213772). - KVM: x86: synthesize CPUID leaf 0x80000021h if useful (bsc#1213772). - KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes). - RDMA/cma: Fix truncation compilation warning in make_cma_ports (git-fixes) - RDMA/cma: Initialize ib_sa_multicast structure to 0 when join (git-fixes) - RDMA/core: Require admin capabilities to set system parameters (git-fixes) - RDMA/cxgb4: Check skb value for failure to allocate (git-fixes) - RDMA/mlx5: Fix NULL string error (git-fixes) - RDMA/siw: Fix connection failure handling (git-fixes) - RDMA/srp: Do not call scsi_done() from srp_abort() (git-fixes) - RDMA/uverbs: Fix typo of sizeof argument (git-fixes) - Revert 'pinctrl: avoid unsafe code pattern in find_pinctrl()' (git-fixes). - Revert 'tty: n_gsm: fix UAF in gsm_cleanup_mux' (git-fixes). - USB: serial: option: add Fibocom to DELL custom modem FM101R-GL (git-fixes). - USB: serial: option: add Telit LE910C4-WWX 0x1035 composition (git-fixes). - USB: serial: option: add entry for Sierra EM9191 with new firmware (git-fixes). - ata: libata-core: Do not register PM operations for SAS ports (git-fixes). - ata: libata-core: Fix ata_port_request_pm() locking (git-fixes). - ata: libata-core: Fix port and device removal (git-fixes). - ata: libata-sata: increase PMP SRST timeout to 10s (git-fixes). - ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES (git-fixes). - blk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before init (bsc#1216062). - blk-cgroup: support to track if policy is online (bsc#1216062). - bpf: propagate precision in ALU/ALU64 operations (git-fixes). - bus: ti-sysc: Fix missing AM35xx SoC matching (git-fixes). - bus: ti-sysc: Use fsleep() instead of usleep_range() in sysc_reset() (git-fixes). - cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem (bsc#1215955). - cgroup: Remove duplicates in cgroup v1 tasks file (bsc#1211307). - clk: tegra: fix error return case for recalc_rate (git-fixes). - counter: microchip-tcb-capture: Fix the use of internal GCLK logic (git-fixes). - crypto: qat - Include algapi.h for low-level Crypto API (PED-6401). - crypto: qat - Remove unused function declarations (PED-6401). - crypto: qat - add fw_counters debugfs file (PED-6401). - crypto: qat - add heartbeat counters check (PED-6401). - crypto: qat - add heartbeat feature (PED-6401). - crypto: qat - add internal timer for qat 4xxx (PED-6401). - crypto: qat - add measure clock frequency (PED-6401). - crypto: qat - add missing function declaration in adf_dbgfs.h (PED-6401). - crypto: qat - add qat_zlib_deflate (PED-6401). - crypto: qat - add support for 402xx devices (PED-6401). - crypto: qat - change value of default idle filter (PED-6401). - crypto: qat - delay sysfs initialization (PED-6401). - crypto: qat - do not export adf_init_admin_pm() (PED-6401). - crypto: qat - drop log level of msg in get_instance_node() (PED-6401). - crypto: qat - drop obsolete heartbeat interface (PED-6401). - crypto: qat - drop redundant adf_enable_aer() (PED-6401). - crypto: qat - expose pm_idle_enabled through sysfs (PED-6401). - crypto: qat - extend buffer list logic interface (PED-6401). - crypto: qat - extend configuration for 4xxx (PED-6401). - crypto: qat - fix apply custom thread-service mapping for dc service (PED-6401). - crypto: qat - fix concurrency issue when device state changes (PED-6401). - crypto: qat - fix crypto capability detection for 4xxx (PED-6401). - crypto: qat - fix spelling mistakes from 'bufer' to 'buffer' (PED-6401). - crypto: qat - make fw images name constant (PED-6401). - crypto: qat - make state machine functions static (PED-6401). - crypto: qat - move dbgfs init to separate file (PED-6401). - crypto: qat - move returns to default case (PED-6401). - crypto: qat - refactor device restart logic (PED-6401). - crypto: qat - refactor fw config logic for 4xxx (PED-6401). - crypto: qat - remove ADF_STATUS_PF_RUNNING flag from probe (PED-6401). - crypto: qat - replace state machine calls (PED-6401). - crypto: qat - replace the if statement with min() (PED-6401). - crypto: qat - set deprecated capabilities as reserved (PED-6401). - crypto: qat - unmap buffer before free for DH (PED-6401). - crypto: qat - unmap buffers before free for RSA (PED-6401). - crypto: qat - update slice mask for 4xxx devices (PED-6401). - crypto: qat - use kfree_sensitive instead of memset/kfree() (PED-6401). - dmaengine: idxd: use spin_lock_irqsave before wait_event_lock_irq (git-fixes). - dmaengine: mediatek: Fix deadlock caused by synchronize_irq() (git-fixes). - dmaengine: stm32-mdma: abort resume if no ongoing transfer (git-fixes). - drm/amd/display: Do not check registers, if using AUX BL control (git-fixes). - drm/amd/display: Do not set dpms_off for seamless boot (git-fixes). - drm/amdgpu: Handle null atom context in VBIOS info ioctl (git-fixes). - drm/amdgpu: add missing NULL check (git-fixes). - drm/i915: Retry gtt fault when out of fence registers (git-fixes). - drm/msm/dp: do not reinitialize phy unless retry during link training (git-fixes). - drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid overflow (git-fixes). - drm/msm/dsi: fix irq_of_parse_and_map() error checking (git-fixes). - drm/msm/dsi: skip the wait for video mode done if not applicable (git-fixes). - drm/vmwgfx: fix typo of sizeof argument (git-fixes). - drm: panel-orientation-quirks: Add quirk for One Mix 2S (git-fixes). - firmware: arm_ffa: Do not set the memory region attributes for MEM_LEND (git-fixes). - firmware: imx-dsp: Fix an error handling path in imx_dsp_setup_channels() (git-fixes). - gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config() (git-fixes). - gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip (git-fixes). - gpio: pxa: disable pinctrl calls for MMP_GPIO (git-fixes). - gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() (git-fixes). - gpio: timberdale: Fix potential deadlock on &tgpio->lock (git-fixes). - gpio: vf610: set value before the direction to avoid a glitch (git-fixes). - gve: Do not fully free QPL pages on prefill errors (git-fixes). - i2c: i801: unregister tco_pdev in i801_probe() error path (git-fixes). - i2c: mux: Avoid potential false error message in i2c_mux_add_adapter (git-fixes). - i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() (git-fixes). - i2c: mux: gpio: Add missing fwnode_handle_put() (git-fixes). - i2c: mux: gpio: Replace custom acpi_get_local_address() (git-fixes). - i2c: npcm7xx: Fix callback completion ordering (git-fixes). - ieee802154: ca8210: Fix a potential UAF in ca8210_probe (git-fixes). - iio: pressure: bmp280: Fix NULL pointer exception (git-fixes). - iio: pressure: dps310: Adjust Timeout Settings (git-fixes). - iio: pressure: ms5611: ms5611_prom_is_valid false negative bug (git-fixes). - iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback (bsc#1212423). - iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback (bsc#1212423). - iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support (bsc#1212423). - kabi: blkcg_policy_data fix KABI (bsc#1216062). - kabi: workaround for enum nft_trans_phase (bsc#1215104). - kprobes: Prohibit probing on CFI preamble symbol (git-fixes). - leds: Drop BUG_ON check for LED_COLOR_ID_MULTI (git-fixes). - mm, memcg: reconsider kmem.limit_in_bytes deprecation (bsc#1208788 bsc#1213705). - mmc: core: Capture correct oemid-bits for eMMC cards (git-fixes). - mmc: core: sdio: hold retuning if sdio in 1-bit mode (git-fixes). - mmc: mtk-sd: Use readl_poll_timeout_atomic in msdc_reset_hw (git-fixes). - mtd: physmap-core: Restore map_rom fallback (git-fixes). - mtd: rawnand: arasan: Ensure program page operations are successful (git-fixes). - mtd: rawnand: marvell: Ensure program page operations are successful (git-fixes). - mtd: rawnand: pl353: Ensure program page operations are successful (git-fixes). - mtd: rawnand: qcom: Unmap the right resource upon probe failure (git-fixes). - mtd: spinand: micron: correct bitmask for ecc status (git-fixes). - net/sched: fix netdevice reference leaks in attach_default_qdiscs() (git-fixes). - net: mana: Fix TX CQE error handling (bsc#1215986). - net: mana: Fix oversized sge0 for GSO packets (bsc#1215986). - net: nfc: llcp: Add lock when modifying device list (git-fixes). - net: rfkill: gpio: prevent value glitch during probe (git-fixes). - net: sched: add barrier to fix packet stuck problem for lockless qdisc (bsc#1216345). - net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (bsc#1216345). - net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (git-fixes). - net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-fixes). - net: usb: smsc95xx: Fix an error code in smsc95xx_reset() (git-fixes). - netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain (git-fixes). - netfilter: nf_tables: unbind non-anonymous set if rule construction fails (git-fixes). - nfc: nci: assert requested protocol is valid (git-fixes). - nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (git-fixes). - nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() (git-fixes). - nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() (bsc#1214842). - phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins (git-fixes). - phy: mapphone-mdm6600: Fix runtime PM for remove (git-fixes). - phy: mapphone-mdm6600: Fix runtime disable on probe (git-fixes). - pinctrl: avoid unsafe code pattern in find_pinctrl() (git-fixes). - pinctrl: renesas: rzn1: Enable missing PINMUX (git-fixes). - platform/surface: platform_profile: Propagate error if profile registration fails (git-fixes). - platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e (git-fixes). - platform/x86: asus-wmi: Map 0x2a code, Ignore 0x2b and 0x2c events (git-fixes). - platform/x86: think-lmi: Fix reference leak (git-fixes). - platform/x86: touchscreen_dmi: Add info for the Positivo C4128B (git-fixes). - power: supply: ucs1002: fix error code in ucs1002_get_property() (git-fixes). - quota: Fix slow quotaoff (bsc#1216621). - r8152: check budget for r8152_poll() (git-fixes). - regmap: fix NULL deref on lookup (git-fixes). - regmap: rbtree: Fix wrong register marked as in-cache when creating new node (git-fixes). - ring-buffer: Avoid softlockup in ring_buffer_resize() (git-fixes). - ring-buffer: Do not attempt to read past 'commit' (git-fixes). - ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes). - ring-buffer: Update 'shortest_full' in polling (git-fixes). - s390/cio: fix a memleak in css_alloc_subchannel (git-fixes bsc#1216510). - s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216511). - s390: add z16 elf platform (git-fixes LTC#203789 bsc#1215956 LTC#203788 bsc#1215957). - sched/cpuset: Bring back cpuset_mutex (bsc#1215955). - sched/deadline,rt: Remove unused parameter from pick_next_[rt|dl]_entity() (git fixes (sched)). - sched/rt: Fix live lock between select_fallback_rq() and RT push (git fixes (sched)). - sched/rt: Fix sysctl_sched_rr_timeslice intial value (git fixes (sched)). - serial: 8250_port: Check IRQ data before use (git-fixes). - soc: imx8m: Enable OCOTP clock for imx8mm before reading registers (git-fixes). - spi: nxp-fspi: reset the FLSHxCR1 registers (git-fixes). - spi: stm32: add a delay before SPI disable (git-fixes). - spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain (git-fixes). - spi: sun6i: reduce DMA RX transfer width to single byte (git-fixes). - thunderbolt: Check that lane 1 is in CL0 before enabling lane bonding (git-fixes). - thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple Ridge (git-fixes). - tracing: Have current_trace inc the trace array ref count (git-fixes). - tracing: Have event inject files inc the trace array ref count (git-fixes). - tracing: Have option files inc the trace array ref count (git-fixes). - tracing: Have tracing_max_latency inc the trace array ref count (git-fixes). - tracing: Increase trace array ref count on enable and filter files (git-fixes). - tracing: Make trace_marker{,_raw} stream-like (git-fixes). - usb: cdnsp: Fixes issue with dequeuing not queued requests (git-fixes). - usb: dwc3: Soft reset phy on probe for host (git-fixes). - usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call (git-fixes). - usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes). - usb: musb: Get the musb_qh poniter after musb_giveback (git-fixes). - usb: musb: Modify the 'HWVers' register address (git-fixes). - usb: typec: altmodes/displayport: Signal hpd low when exiting mode (git-fixes). - usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (git-fixes). - vmbus_testing: fix wrong python syntax for integer value comparison (git-fixes). - vringh: do not use vringh_kiov_advance() in vringh_iov_xfer() (git-fixes). - watchdog: iTCO_wdt: No need to stop the timer in probe (git-fixes). - watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running (git-fixes). - wifi: cfg80211: Fix 6GHz scan configuration (git-fixes). - wifi: cfg80211: avoid leaking stack data into trace (git-fixes). - wifi: iwlwifi: Ensure ack flag is properly cleared (git-fixes). - wifi: iwlwifi: dbg_ini: fix structure packing (git-fixes). - wifi: iwlwifi: mvm: Fix a memory corruption issue (git-fixes). - wifi: mac80211: allow transmitting EAPOL frames with tainted key (git-fixes). - wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling (git-fixes). - wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet (git-fixes). - wifi: mwifiex: Fix tlv_buf_left calculation (git-fixes). - wifi: mwifiex: Sanity check tlv_len and tlv_bitmap_len (git-fixes). - x86/cpu, kvm: Add the NO_NESTED_DATA_BP feature (bsc#1213772). - x86/cpu, kvm: Add the Null Selector Clears Base feature (bsc#1213772). - x86/cpu, kvm: Add the SMM_CTL MSR not present feature (bsc#1213772). - x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (bsc#1213772). - x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled (bsc#1213772). - x86/cpu: Support AMD Automatic IBRS (bsc#1213772). - x86/sev: Check IOBM for IOIO exceptions from user-space (bsc#1212649). - x86/sev: Check for user-space IOIO pointing to kernel space (bsc#1212649). - x86/sev: Disable MMIO emulation from user mode (bsc#1212649). - xen-netback: use default TX queue size for vifs (git-fixes). ----------------------------------------- Patch: SUSE-2023-4458 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 Description: This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------- Patch: SUSE-2023-4477 Released: Fri Nov 17 10:21:21 2023 Summary: Recommended update for grub2 Severity: moderate References: 1216010,1216075,1216253 Description: This update for grub2 fixes the following issues: - Fix failure to identify recent ext4 filesystem (bsc#1216010) - Fix reading files from btrfs with 'implicit' holes - Fix fadump not working with 1GB/2GB/4GB LMB[P10] (bsc#1216253) - Fix detection of encrypted disk's uuid in powerpc (bsc#1216075) ----------------------------------------- Patch: SUSE-2023-4524 Released: Tue Nov 21 17:51:28 2023 Summary: Security update for openssl-1_1 Severity: important References: 1216922,CVE-2023-5678 Description: This update for openssl-1_1 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). ----------------------------------------- Patch: SUSE-2023-4537 Released: Thu Nov 23 09:34:08 2023 Summary: Security update for libxml2 Severity: moderate References: 1216129,CVE-2023-45322 Description: This update for libxml2 fixes the following issues: - CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). ----------------------------------------- Patch: SUSE-2023-4615 Released: Wed Nov 29 20:33:38 2023 Summary: Recommended update for icu Severity: moderate References: 1217472 Description: This update of icu fixes the following issue: - missing 32bit libraries in SLES 15 SP3 were added, required by xerces-c 32bit. ----------------------------------------- Patch: SUSE-2023-4619 Released: Thu Nov 30 10:13:52 2023 Summary: Security update for sqlite3 Severity: important References: 1210660,CVE-2023-2137 Description: This update for sqlite3 fixes the following issues: - CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660). ----------------------------------------- Patch: SUSE-2023-4659 Released: Wed Dec 6 13:04:57 2023 Summary: Security update for curl Severity: moderate References: 1217573,1217574,CVE-2023-46218,CVE-2023-46219 Description: This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). - CVE-2023-46219: HSTS long file name clears contents (bsc#1217574). ----------------------------------------- Patch: SUSE-2023-4664 Released: Wed Dec 6 13:33:47 2023 Summary: Security update for kernel-firmware Severity: important References: 1215823,1215831,CVE-2021-26345,CVE-2021-46766,CVE-2021-46774,CVE-2022-23820,CVE-2022-23830,CVE-2023-20519,CVE-2023-20521,CVE-2023-20526,CVE-2023-20533,CVE-2023-20566,CVE-2023-20592 Description: This update for kernel-firmware fixes the following issues: Update AMD ucode to 20231030 (bsc#1215831): - CVE-2022-23820: Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution. - CVE-2021-46774: Insufficient input validation in ABL may enable a privileged attacker to perform arbitrary DRAM writes, potentially resulting in code execution and privilege escalation. - CVE-2023-20533: Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker using DMA to read/write from/to invalid DRAM address potentially resulting in denial-of-service. 0 CVE-2023-20519: A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of guest integrity. - CVE-2023-20566: Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity. - CVE-2023-20521: TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service. - CVE-2021-46766: Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality. - CVE-2022-23830: SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity. - CVE-2023-20526: Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality. - CVE-2021-26345: Failure to validate the value in APCB may allow an attacker with physical access to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service. - CVE-2023-20592: Issue with INVD instruction aka CacheWarpAttack (bsc#1215823). ----------------------------------------- Patch: SUSE-2023-4671 Released: Wed Dec 6 14:33:41 2023 Summary: Recommended update for man Severity: moderate References: Description: This update of man fixes the following problem: - The 'man' commands is delivered to SUSE Linux Enterprise Micro to allow browsing man pages. ----------------------------------------- Patch: SUSE-2023-4699 Released: Mon Dec 11 07:02:10 2023 Summary: Recommended update for gpg2 Severity: moderate References: 1217212 Description: This update for gpg2 fixes the following issues: - `dirmngr-client --validate` is broken for DER-encoded files (bsc#1217212) ----------------------------------------- Patch: SUSE-2023-4705 Released: Mon Dec 11 07:21:46 2023 Summary: Recommended update for dracut Severity: moderate References: 1192986,1217031 Description: This update for dracut fixes the following issues: - Update to version 055+suse.351.g30f0cda6 - Fix network device naming in udev-rules (bsc#1192986) ----------------------------------------- Patch: SUSE-2023-4723 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Severity: moderate References: 1216862 Description: This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) ----------------------------------------- Patch: SUSE-2023-4726 Released: Tue Dec 12 12:11:02 2023 Summary: Recommended update for podman Severity: low References: 1210299 Description: This update for podman fixes the following issues: - Build against latest stable Go version (bsc#1210299) ----------------------------------------- Patch: SUSE-2023-4727 Released: Tue Dec 12 12:27:39 2023 Summary: Security update for catatonit, containerd, runc Severity: important References: 1200528,CVE-2022-1996 Description: This update of runc and containerd fixes the following issues: containerd: - Update to containerd v1.7.8. Upstream release notes: https://github.com/containerd/containerd/releases/tag/v1.7.8 * CVE-2022-1996: Fixed CORS bypass in go-restful (bsc#1200528) catatonit: - Update to catatonit v0.2.0. * Change license to GPL-2.0-or-later. - Update to catatont v0.1.7 * This release adds the ability for catatonit to be used as the only process in a pause container, by passing the -P flag (in this mode no subprocess is spawned and thus no signal forwarding is done). - Update to catatonit v0.1.6, which fixes a few bugs -- mainly ones related to socket activation or features somewhat adjacent to socket activation (such as passing file descriptors). runc: - Update to runc v1.1.10. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.10 ----------------------------------------- Patch: SUSE-2023-4731 Released: Tue Dec 12 15:14:07 2023 Summary: Security update for the Linux Kernel Severity: important References: 1084909,1189998,1210447,1214286,1214976,1215124,1215292,1215420,1215458,1215710,1216058,1216105,1216259,1216584,1216693,1216759,1216761,1216844,1216861,1216909,1216959,1216965,1216976,1217036,1217068,1217086,1217124,1217140,1217195,1217200,1217205,1217332,1217366,1217515,1217598,1217599,1217609,1217687,1217731,1217780,CVE-2023-2006,CVE-2023-25775,CVE-2023-39197,CVE-2023-39198,CVE-2023-4244,CVE-2023-45863,CVE-2023-45871,CVE-2023-46862,CVE-2023-5158,CVE-2023-5717,CVE-2023-6039,CVE-2023-6176 Description: The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm scatterwalk functionality (bsc#1217332). - CVE-2023-2006: Fixed a race condition in the RxRPC network protocol (bsc#1210447). - CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet() (bsc#1216976). - CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve local privilege escalation (bsc#1215420). - CVE-2023-6039: Fixed a use-after-free in lan78xx_disconnect in drivers/net/usb/lan78xx.c (bsc#1217068). - CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path() (bsc#1216058). - CVE-2023-5158: Fixed a denial of service in vringh_kiov_advance() in drivers/vhost/vringh.c in the host side of a virtio ring (bsc#1215710). - CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may not be adequate for frames larger than the MTU (bsc#1216259). - CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216584). - CVE-2023-39198: Fixed a race condition leading to use-after-free in qxl_mode_dumb_create() (bsc#1216965). - CVE-2023-25775: Fixed improper access control in the Intel Ethernet Controller RDMA driver (bsc#1216959). - CVE-2023-46862: Fixed a NULL pointer dereference in io_uring_show_fdinfo() (bsc#1216693). The following non-security bugs were fixed: - ACPI: FPDT: properly handle invalid FPDT subtables (git-fixes). - ACPI: resource: Do IRQ override on TongFang GMxXGxx (git-fixes). - ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CVA (git-fixes). - ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias() (git-fixes). - ALSA: hda/realtek - Add Dell ALC295 to pin fall back table (git-fixes). - ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC (git-fixes). - ALSA: hda/realtek: Add quirks for HP Laptops (git-fixes). - ALSA: hda/realtek: Enable Mute LED on HP 255 G10 (git-fixes). - ALSA: hda/realtek: Enable Mute LED on HP 255 G8 (git-fixes). - ALSA: hda: Disable power-save on KONTRON SinglePC (bsc#1217140). - ALSA: hda: Fix possible null-ptr-deref when assigning a stream (git-fixes). - ALSA: hda: cs35l41: Fix unbalanced pm_runtime_get() (git-fixes). - ALSA: hda: cs35l41: Undo runtime PM changes at driver exit time (git-fixes). - ALSA: hda: intel-dsp-config: Fix JSL Chromebook quirk detection (git-fixes). - ALSA: info: Fix potential deadlock at disconnection (git-fixes). - ARM: 9321/1: memset: cast the constant byte to unsigned char (git-fixes). - ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails (git-fixes). - ASoC: ams-delta.c: use component after check (git-fixes). - ASoC: codecs: wsa-macro: fix uninitialized stack variables with name prefix (git-fixes). - ASoC: cs35l41: Undo runtime PM changes at driver exit time (git-fixes). - ASoC: cs35l41: Verify PM runtime resume errors in IRQ handler (git-fixes). - ASoC: fsl: Fix PM disable depth imbalance in fsl_easrc_probe (git-fixes). - ASoC: fsl: mpc5200_dma.c: Fix warning of Function parameter or member not described (git-fixes). - ASoC: hdmi-codec: register hpd callback on component probe (git-fixes). - ASoC: rt5650: fix the wrong result of key button (git-fixes). - ASoC: simple-card: fixup asoc_simple_probe() error handling (git-fixes). - ASoC: ti: omap-mcbsp: Fix runtime PM underflow warnings (git-fixes). - Bluetooth: btusb: Add 0bda:b85b for Fn-Link RTL8852BE (git-fixes). - Bluetooth: btusb: Add RTW8852BE device 13d3:3570 to device tables (git-fixes). - Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0cb8:0xc559 (git-fixes). - Bluetooth: btusb: Add date->evt_skb is NULL check (git-fixes). - Disable Loongson drivers Loongson is a mips architecture, it does not make sense to build Loongson drivers on other architectures. - Documentation: networking: correct possessive 'its' (bsc#1215458). - Drivers: hv: vmbus: Remove unused extern declaration vmbus_ontimer() (git-fixes). - Ensure ia32_emulation is always enabled for kernel-obs-build If ia32_emulation is disabled by default, ensure it is enabled back for OBS kernel to allow building 32bit binaries (jsc#PED-3184) [ms: Always pass the parameter, no need to grep through the config which may not be very reliable] - Fix termination state for idr_for_each_entry_ul() (git-fixes). - HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W (git-fixes). - HID: hyperv: Replace one-element array with flexible-array member (git-fixes). - HID: hyperv: avoid struct memcpy overrun warning (git-fixes). - HID: hyperv: remove unused struct synthhid_msg (git-fixes). - HID: lenovo: Detect quirk-free fw on cptkbd and stop applying workaround (git-fixes). - HID: logitech-hidpp: Do not restart IO, instead defer hid_connect() only (git-fixes). - HID: logitech-hidpp: Move get_wireless_feature_index() check to hidpp_connect_event() (git-fixes). - HID: logitech-hidpp: Remove HIDPP_QUIRK_NO_HIDINPUT quirk (git-fixes). - HID: logitech-hidpp: Revert 'Do not restart communication if not necessary' (git-fixes). - Input: synaptics-rmi4 - fix use after free in rmi_unregister_function() (git-fixes). - Input: synaptics-rmi4 - handle reset delay when using SMBus trsnsport (git-fixes). - Input: xpad - add VID for Turtle Beach controllers (git-fixes). - PCI/ASPM: Fix L1 substate handling in aspm_attr_store_common() (git-fixes). - PCI/sysfs: Protect driver's D3cold preference from user space (git-fixes). - PCI: Disable ATS for specific Intel IPU E2000 devices (bsc#1215458). - PCI: Extract ATS disabling to a helper function (bsc#1215458). - PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device (git-fixes). - PCI: Use FIELD_GET() in Sapphire RX 5600 XT Pulse quirk (git-fixes). - PCI: Use FIELD_GET() to extract Link Width (git-fixes). - PCI: exynos: Do not discard .remove() callback (git-fixes). - PCI: keystone: Do not discard .probe() callback (git-fixes). - PCI: keystone: Do not discard .remove() callback (git-fixes). - PCI: tegra194: Use FIELD_GET()/FIELD_PREP() with Link Width fields (git-fixes). - PM / devfreq: rockchip-dfi: Make pmu regmap mandatory (git-fixes). - PM: hibernate: Use __get_safe_page() rather than touching the list (git-fixes). - USB: dwc2: write HCINT with INTMASK applied (bsc#1214286). - USB: dwc3: qcom: fix ACPI platform device leak (git-fixes). - USB: dwc3: qcom: fix resource leaks on probe deferral (git-fixes). - USB: dwc3: qcom: fix software node leak on probe errors (git-fixes). - USB: dwc3: qcom: fix wakeup after probe deferral (git-fixes). - USB: serial: option: add Fibocom L7xx modules (git-fixes). - USB: serial: option: add Luat Air72*U series products (git-fixes). - USB: serial: option: do not claim interface 4 for ZTE MF290 (git-fixes). - USB: serial: option: fix FM101R-GL defines (git-fixes). - USB: usbip: fix stub_dev hub disconnect (git-fixes). - arm/xen: fix xen_vcpu_info allocation alignment (git-fixes). - arm64: Add Cortex-A520 CPU part definition (git-fixes) - arm64: allow kprobes on EL0 handlers (git-fixes) - arm64: armv8_deprecated move emulation functions (git-fixes) - arm64: armv8_deprecated: fix unused-function error (git-fixes) - arm64: armv8_deprecated: fold ops into insn_emulation (git-fixes) - arm64: armv8_deprecated: move aarch32 helper earlier (git-fixes) - arm64: armv8_deprecated: rework deprected instruction handling (git-fixes) - arm64: consistently pass ESR_ELx to die() (git-fixes) - arm64: die(): pass 'err' as long (git-fixes) - arm64: factor insn read out of call_undef_hook() (git-fixes) - arm64: factor out EL1 SSBS emulation hook (git-fixes) - arm64: report EL1 UNDEFs better (git-fixes) - arm64: rework BTI exception handling (git-fixes) - arm64: rework EL0 MRS emulation (git-fixes) - arm64: rework FPAC exception handling (git-fixes) - arm64: split EL0/EL1 UNDEF handlers (git-fixes) - ata: pata_isapnp: Add missing error check for devm_ioport_map() (git-fixes). - atl1c: Work around the DMA RX overflow issue (git-fixes). - atm: iphase: Do PCI error checks on own line (git-fixes). - blk-mq: Do not clear driver tags own mapping (bsc#1217366). - blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping() (bsc#1217366). - bluetooth: Add device 0bda:887b to device tables (git-fixes). - bluetooth: Add device 13d3:3571 to device tables (git-fixes). - can: dev: can_put_echo_skb(): do not crash kernel if can_priv::echo_skb is accessed out of bounds (git-fixes). - can: dev: can_restart(): do not crash kernel if carrier is OK (git-fixes). - can: dev: can_restart(): fix race condition between controller restart and netif_carrier_on() (git-fixes). - can: isotp: add local echo tx processing for consecutive frames (git-fixes). - can: isotp: fix race between isotp_sendsmg() and isotp_release() (git-fixes). - can: isotp: fix tx state handling for echo tx processing (git-fixes). - can: isotp: handle wait_event_interruptible() return values (git-fixes). - can: isotp: isotp_bind(): return -EINVAL on incorrect CAN ID formatting (git-fixes). - can: isotp: isotp_sendmsg(): fix TX state detection and wait behavior (git-fixes). - can: isotp: remove re-binding of bound socket (git-fixes). - can: isotp: sanitize CAN ID checks in isotp_bind() (git-fixes). - can: isotp: set max PDU size to 64 kByte (git-fixes). - can: isotp: split tx timer into transmission and timeout (git-fixes). - can: sja1000: Fix comment (git-fixes). - clk: Sanitize possible_parent_show to Handle Return Value of of_clk_get_parent_name (git-fixes). - clk: imx: Select MXC_CLK for CLK_IMX8QXP (git-fixes). - clk: imx: imx8mq: correct error handling path (git-fixes). - clk: imx: imx8qxp: Fix elcdif_pll clock (git-fixes). - clk: keystone: pll: fix a couple NULL vs IS_ERR() checks (git-fixes). - clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data (git-fixes). - clk: mediatek: clk-mt6765: Add check for mtk_alloc_clk_data (git-fixes). - clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data (git-fixes). - clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data (git-fixes). - clk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data (git-fixes). - clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data (git-fixes). - clk: npcm7xx: Fix incorrect kfree (git-fixes). - clk: qcom: clk-rcg2: Fix clock rate overflow for high parent frequencies (git-fixes). - clk: qcom: config IPQ_APSS_6018 should depend on QCOM_SMEM (git-fixes). - clk: qcom: gcc-sm8150: Fix gcc_sdcc2_apps_clk_src (git-fixes). - clk: qcom: ipq6018: drop the CLK_SET_RATE_PARENT flag from PLL clocks (git-fixes). - clk: qcom: mmcc-msm8998: Do not check halt bit on some branch clks (git-fixes). - clk: qcom: mmcc-msm8998: Fix the SMMU GDSC (git-fixes). - clk: scmi: Free scmi_clk allocated when the clocks with invalid info are skipped (git-fixes). - clk: ti: Add ti_dt_clk_name() helper to use clock-output-names (git-fixes). - clk: ti: Update component clocks to use ti_dt_clk_name() (git-fixes). - clk: ti: Update pll and clockdomain clocks to use ti_dt_clk_name() (git-fixes). - clk: ti: change ti_clk_register[_omap_hw]() API (git-fixes). - clk: ti: fix double free in of_ti_divider_clk_setup() (git-fixes). - crypto: caam/jr - fix Chacha20 + Poly1305 self test failure (git-fixes). - crypto: caam/qi2 - fix Chacha20 + Poly1305 self test failure (git-fixes). - crypto: hisilicon/hpre - Fix a erroneous check after snprintf() (git-fixes). - dmaengine: pxa_dma: Remove an erroneous BUG_ON() in pxad_free_desc() (git-fixes). - dmaengine: ste_dma40: Fix PM disable depth imbalance in d40_probe (git-fixes). - dmaengine: stm32-mdma: correct desc prep when channel running (git-fixes). - dmaengine: ti: edma: handle irq_of_parse_and_map() errors (git-fixes). - docs: net: move the probe and open/close sections of driver.rst up (bsc#1215458). - docs: net: reformat driver.rst from a list to sections (bsc#1215458). - docs: net: use C syntax highlight in driver.rst (bsc#1215458). - drm/amd/display: Avoid NULL dereference of timing generator (git-fixes). - drm/amd/display: Change the DMCUB mailbox memory location from FB to inbox (git-fixes). - drm/amd/display: remove useless check in should_enable_fbc() (git-fixes). - drm/amd/display: use full update for clip size increase of large plane source (git-fixes). - drm/amd/pm: Handle non-terminated overdrive commands (git-fixes). - drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga (git-fixes). - drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 (git-fixes). - drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL (git-fixes). - drm/amdgpu: Fix potential null pointer derefernce (git-fixes). - drm/amdgpu: do not use ATRM for external devices (git-fixes). - drm/amdgpu: fix error handling in amdgpu_bo_list_get() (git-fixes). - drm/amdgpu: fix software pci_unplug on some chips (git-fixes). - drm/amdkfd: Fix a race condition of vram buffer unref in svm code (git-fixes). - drm/amdkfd: Fix shift out-of-bounds issue (git-fixes). - drm/amdkfd: fix some race conditions in vram buffer alloc/free of svm code (git-fixes). - drm/bridge: Fix kernel-doc typo in desc of output_bus_cfg in drm_bridge_state (git-fixes). - drm/bridge: lt8912b: Add missing drm_bridge_attach call (git-fixes). - drm/bridge: lt8912b: Fix bridge_detach (git-fixes). - drm/bridge: lt8912b: Fix crash on bridge detach (git-fixes). - drm/bridge: lt8912b: Manually disable HPD only if it was enabled (git-fixes). - drm/bridge: lt8912b: Register and attach our DSI device at probe (git-fixes). - drm/bridge: lt8912b: Switch to devm MIPI-DSI helpers (git-fixes). - drm/bridge: lt9611uxc: Register and attach our DSI device at probe (git-fixes). - drm/bridge: lt9611uxc: Switch to devm MIPI-DSI helpers (git-fixes). - drm/bridge: lt9611uxc: fix the race in the error path (git-fixes). - drm/bridge: tc358768: Disable non-continuous clock mode (git-fixes). - drm/bridge: tc358768: Fix bit updates (git-fixes). - drm/bridge: tc358768: Fix use of uninitialized variable (git-fixes). - drm/gud: Use size_add() in call to struct_size() (git-fixes). - drm/i915/pmu: Check if pmu is closed before stopping event (git-fixes). - drm/i915: Fix potential spectre vulnerability (git-fixes). - drm/komeda: drop all currently held locks if deadlock happens (git-fixes). - drm/mediatek: Fix iommu fault by swapping FBs after updating plane state (git-fixes). - drm/mediatek: Fix iommu fault during crtc enabling (git-fixes). - drm/mipi-dsi: Create devm device attachment (git-fixes). - drm/mipi-dsi: Create devm device registration (git-fixes). - drm/msm/dp: skip validity check for DP CTS EDID checksum (git-fixes). - drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference (git-fixes). - drm/panel: fix a possible null pointer dereference (git-fixes). - drm/panel: simple: Fix Innolux G101ICE-L01 bus flags (git-fixes). - drm/panel: simple: Fix Innolux G101ICE-L01 timings (git-fixes). - drm/panel: st7703: Pick different reset sequence (git-fixes). - drm/qxl: prevent memory leak (git-fixes). - drm/radeon: possible buffer overflow (git-fixes). - drm/rockchip: Fix type promotion bug in rockchip_gem_iommu_map() (git-fixes). - drm/rockchip: cdn-dp: Fix some error handling paths in cdn_dp_probe() (git-fixes). - drm/rockchip: vop: Fix call to crtc reset helper (git-fixes). - drm/rockchip: vop: Fix color for RGB888/BGR888 format on VOP full (git-fixes). - drm/rockchip: vop: Fix reset of state in duplicate state crtc funcs (git-fixes). - drm/syncobj: fix DRM_SYNCOBJ_WAIT_FLAGS_WAIT_AVAILABLE (git-fixes). - drm/vc4: fix typo (git-fixes). - drm: vmwgfx_surface.c: copy user-array safely (git-fixes). - dt-bindings: usb: hcd: add missing phy name to example (git-fixes). - dt-bindings: usb: qcom,dwc3: fix example wakeup interrupt types (git-fixes). - fbdev: fsl-diu-fb: mark wr_reg_wa() static (git-fixes). - fbdev: imsttfb: Fix error path of imsttfb_probe() (git-fixes). - fbdev: imsttfb: Release framebuffer and dealloc cmap on error path (git-fixes). - fbdev: imsttfb: fix a resource leak in probe (git-fixes). - fbdev: imsttfb: fix double free in probe() (git-fixes). - fbdev: omapfb: Drop unused remove function (git-fixes). - firewire: core: fix possible memory leak in create_units() (git-fixes). - firmware/imx-dsp: Fix use_after_free in imx_dsp_setup_channels() (git-fixes). - gpio: mockup: fix kerneldoc (git-fixes). - gpio: mockup: remove unused field (git-fixes). - hid: cp2112: Fix duplicate workqueue initialization (git-fixes). - hv: simplify sysctl registration (git-fixes). - hv_netvsc: Fix race of register_netdevice_notifier and VF register (git-fixes). - hv_netvsc: Mark VF as slave before exposing it to user-mode (git-fixes). - hv_netvsc: fix netvsc_send_completion to avoid multiple message length checks (git-fixes). - hv_netvsc: fix race of netvsc and VF register_netdevice (git-fixes). - hwmon: (coretemp) Fix potentially truncated sysfs attribute name (git-fixes). - i2c: aspeed: Fix i2c bus hang in slave read (git-fixes). - i2c: core: Run atomic i2c xfer when !preemptible (git-fixes). - i2c: designware: Disable TX_EMPTY irq while waiting for block length byte (git-fixes). - i2c: dev: copy userspace array safely (git-fixes). - i2c: i801: fix potential race in i801_block_transaction_byte_by_byte (git-fixes). - i2c: iproc: handle invalid slave state (git-fixes). - i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node() (git-fixes). - i2c: muxes: i2c-mux-gpmux: Use of_get_i2c_adapter_by_node() (git-fixes). - i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node() (git-fixes). - i2c: stm32f7: Fix PEC handling in case of SMBUS transfers (git-fixes). - i2c: sun6i-p2wi: Prevent potential division by zero (git-fixes). - i3c: Fix potential refcount leak in i3c_master_register_new_i3c_devs (git-fixes). - i3c: master: cdns: Fix reading status register (git-fixes). - i3c: master: mipi-i3c-hci: Fix a kernel panic for accessing DAT_data (git-fixes). - i3c: master: svc: fix SDA keep low when polling IBIWON timeout happen (git-fixes). - i3c: master: svc: fix check wrong status register in irq handler (git-fixes). - i3c: master: svc: fix ibi may not return mandatory data byte (git-fixes). - i3c: master: svc: fix race condition in ibi work thread (git-fixes). - i3c: master: svc: fix wrong data return when IBI happen during start frame (git-fixes). - i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler (git-fixes). - i915/perf: Fix NULL deref bugs with drm_dbg() calls (git-fixes). - idpf: add RX splitq napi poll support (bsc#1215458). - idpf: add SRIOV support and other ndo_ops (bsc#1215458). - idpf: add TX splitq napi poll support (bsc#1215458). - idpf: add controlq init and reset checks (bsc#1215458). - idpf: add core init and interrupt request (bsc#1215458). - idpf: add create vport and netdev configuration (bsc#1215458). - idpf: add ethtool callbacks (bsc#1215458). - idpf: add module register and probe functionality (bsc#1215458). - idpf: add ptypes and MAC filter support (bsc#1215458). - idpf: add singleq start_xmit and napi poll (bsc#1215458). - idpf: add splitq start_xmit (bsc#1215458). - idpf: cancel mailbox work in error path (bsc#1215458). - idpf: configure resources for RX queues (bsc#1215458). - idpf: configure resources for TX queues (bsc#1215458). - idpf: fix potential use-after-free in idpf_tso() (bsc#1215458). - idpf: initialize interrupts and enable vport (bsc#1215458). - idpf: set scheduling mode for completion queue (bsc#1215458). - iio: adc: xilinx-xadc: Correct temperature offset/scale for UltraScale (git-fixes). - iio: adc: xilinx-xadc: Do not clobber preset voltage/temperature thresholds (git-fixes). - iio: exynos-adc: request second interupt only when touchscreen mode is used (git-fixes). - irqchip/stm32-exti: add missing DT IRQ flag translation (git-fixes). - kabi/severities: ignore kabi in rxrpc (bsc#1210447) The rxrpc module is built since SLE15-SP3 but it is not shipped as part of any SLE product, only in Leap (in kernel-*-optional). - kernel-binary: suse-module-tools is also required when installed Requires(pre) adds dependency for the specific sciptlet. However, suse-module-tools also ships modprobe.d files which may be needed at posttrans time or any time the kernel is on the system for generating ramdisk. Add plain Requires as well. - kernel-source: Move provides after sources - kernel/fork: beware of __put_task_struct() calling context (bsc#1189998 (PREEMPT_RT prerequisite backports)). - kernel/fork: beware of __put_task_struct() calling context (bsc#1216761). - leds: pwm: Do not disable the PWM when the LED should be off (git-fixes). - leds: trigger: ledtrig-cpu:: Fix 'output may be truncated' issue for 'cpu' (git-fixes). - leds: turris-omnia: Do not use SMBUS calls (git-fixes). - lsm: fix default return value for inode_getsecctx (git-fixes). - lsm: fix default return value for vm_enough_memory (git-fixes). - media: bttv: fix use after free error due to btv->timeout timer (git-fixes). - media: ccs: Correctly initialise try compose rectangle (git-fixes). - media: ccs: Fix driver quirk struct documentation (git-fixes). - media: cedrus: Fix clock/reset sequence (git-fixes). - media: cobalt: Use FIELD_GET() to extract Link Width (git-fixes). - media: gspca: cpia1: shift-out-of-bounds in set_flicker (git-fixes). - media: i2c: max9286: Fix some redundant of_node_put() calls (git-fixes). - media: imon: fix access to invalid resource for the second interface (git-fixes). - media: lirc: drop trailing space from scancode transmit (git-fixes). - media: qcom: camss: Fix VFE-17x vfe_disable_output() (git-fixes). - media: qcom: camss: Fix missing vfe_lite clocks check (git-fixes). - media: qcom: camss: Fix pm_domain_on sequence in probe (git-fixes). - media: qcom: camss: Fix vfe_get() error jump (git-fixes). - media: sharp: fix sharp encoding (git-fixes). - media: siano: Drop unnecessary error check for debugfs_create_dir/file() (git-fixes). - media: venus: hfi: add checks to handle capabilities from firmware (git-fixes). - media: venus: hfi: add checks to perform sanity on queue pointers (git-fixes). - media: venus: hfi: fix the check to handle session buffer requirement (git-fixes). - media: venus: hfi_parser: Add check to keep the number of codecs within range (git-fixes). - media: vidtv: mux: Add check and kfree for kstrdup (git-fixes). - media: vidtv: psi: Add check for kstrdup (git-fixes). - media: vivid: avoid integer overflow (git-fixes). - mfd: arizona-spi: Set pdata.hpdet_channel for ACPI enumerated devs (git-fixes). - mfd: core: Ensure disabled devices are skipped without aborting (git-fixes). - mfd: dln2: Fix double put in dln2_probe (git-fixes). - misc: fastrpc: Clean buffers on remote invocation failures (git-fixes). - misc: pci_endpoint_test: Add Device ID for R-Car S4-8 PCIe controller (git-fixes). - mm/hmm: fault non-owner device private entries (bsc#1216844, jsc#PED-7237, git-fixes). - mmc: block: Be sure to wait while busy in CQE error recovery (git-fixes). - mmc: block: Do not lose cache flush during CQE error recovery (git-fixes). - mmc: block: Retry commands in CQE error recovery (git-fixes). - mmc: cqhci: Fix task clearing in CQE error recovery (git-fixes). - mmc: cqhci: Increase recovery halt timeout (git-fixes). - mmc: cqhci: Warn of halt or task clear failure (git-fixes). - mmc: meson-gx: Remove setting of CMD_CFG_ERROR (git-fixes). - mmc: sdhci-pci-gli: A workaround to allow GL9750 to enter ASPM L1.2 (git-fixes). - mmc: sdhci-pci-gli: GL9750: Mask the replay timer timeout of AER (git-fixes). - mmc: sdhci_am654: fix start loop index for TAP value parsing (git-fixes). - mmc: vub300: fix an error code (git-fixes). - modpost: fix tee MODULE_DEVICE_TABLE built on big-endian host (git-fixes). - mt76: dma: use kzalloc instead of devm_kzalloc for txwi (git-fixes). - mtd: cfi_cmdset_0001: Byte swap OTP info (git-fixes). - mtd: rawnand: arasan: Include ECC syndrome along with in-band data while checking for ECC failure (git-fixes). - net-memcg: Fix scope of sockmem pressure indicators (bsc#1216759). - net: Avoid address overwrite in kernel_connect (bsc#1216861). - net: add macro netif_subqueue_completed_wake (bsc#1215458). - net: fix use-after-free in tw_timer_handler (bsc#1217195). - net: ieee802154: adf7242: Fix some potential buffer overflow in adf7242_stats_show() (git-fixes). - net: mana: Fix return type of mana_start_xmit() (git-fixes). - net: piggy back on the memory barrier in bql when waking queues (bsc#1215458). - net: provide macros for commonly copied lockless queue stop/wake code (bsc#1215458). - net: usb: ax88179_178a: fix failed operations during ax88179_reset (git-fixes). - net: usb: smsc95xx: Fix uninit-value access in smsc95xx_read_reg (git-fixes). - nvme: update firmware version after commit (bsc#1215292). - pcmcia: cs: fix possible hung task and memory leak pccardd() (git-fixes). - pcmcia: ds: fix possible name leak in error path in pcmcia_device_add() (git-fixes). - pcmcia: ds: fix refcount leak in pcmcia_device_add() (git-fixes). - pinctrl: avoid reload of p state in list iteration (git-fixes). - platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e (git-fixes). - platform/x86: wmi: Fix opening of char device (git-fixes). - platform/x86: wmi: Fix probe failure when failing to register WMI devices (git-fixes). - platform/x86: wmi: remove unnecessary initializations (git-fixes). - powerpc: Do not clobber f0/vs0 during fp|altivec register save (bsc#1217780). - pwm: Fix double shift bug (git-fixes). - pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume (git-fixes). - pwm: sti: Reduce number of allocations and drop usage of chip_data (git-fixes). - r8152: Cancel hw_phy_work if we have an error in probe (git-fixes). - r8152: Check for unplug in r8153b_ups_en() / r8153c_ups_en() (git-fixes). - r8152: Check for unplug in rtl_phy_patch_request() (git-fixes). - r8152: Increase USB control msg timeout to 5000ms as per spec (git-fixes). - r8152: Release firmware if we have an error in probe (git-fixes). - r8152: Run the unload routine if we have errors during probe (git-fixes). - regmap: Ensure range selector registers are updated after cache sync (git-fixes). - regmap: debugfs: Fix a erroneous check after snprintf() (git-fixes). - regmap: prevent noinc writes from clobbering cache (git-fixes). - s390/ap: fix AP bus crash on early config change callback invocation (git-fixes bsc#1217687). - s390/cio: unregister device when the only path is gone (git-fixes bsc#1217609). - s390/cmma: fix detection of DAT pages (LTC#203997 bsc#1217086). - s390/cmma: fix handling of swapper_pg_dir and invalid_pg_dir (LTC#203997 bsc#1217086). - s390/cmma: fix initial kernel address space page table walk (LTC#203997 bsc#1217086). - s390/crashdump: fix TOD programmable field size (git-fixes bsc#1217205). - s390/dasd: fix hanging device after request requeue (git-fixes LTC#203629 bsc#1215124). - s390/dasd: protect device queue against concurrent access (git-fixes bsc#1217515). - s390/dasd: use correct number of retries for ERP requests (git-fixes bsc#1217598). - s390/ipl: add missing secure/has_secure file to ipl type 'unknown' (bsc#1214976 git-fixes). - s390/mm: add missing arch_set_page_dat() call to gmap allocations (LTC#203997 bsc#1217086). - s390/mm: add missing arch_set_page_dat() call to vmem_crst_alloc() (LTC#203997 bsc#1217086). - s390/pkey: fix/harmonize internal keyblob headers (git-fixes bsc#1217200). - s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling (git-fixes bsc#1217599). - sbsa_gwdt: Calculate timeout with 64-bit math (git-fixes). - scsi: lpfc: Copyright updates for 14.2.0.16 patches (bsc#1217731). - scsi: lpfc: Correct maximum PCI function value for RAS fw logging (bsc#1217731). - scsi: lpfc: Eliminate unnecessary relocking in lpfc_check_nlp_post_devloss() (bsc#1217731). - scsi: lpfc: Enhance driver logging for selected discovery events (bsc#1217731). - scsi: lpfc: Fix list_entry null check warning in lpfc_cmpl_els_plogi() (bsc#1217731). - scsi: lpfc: Fix possible file string name overflow when updating firmware (bsc#1217731). - scsi: lpfc: Introduce LOG_NODE_VERBOSE messaging flag (bsc#1217124). - scsi: lpfc: Refactor and clean up mailbox command memory free (bsc#1217731). - scsi: lpfc: Reject received PRLIs with only initiator fcn role for NPIV ports (bsc#1217124). - scsi: lpfc: Remove unnecessary zero return code assignment in lpfc_sli4_hba_setup (bsc#1217124). - scsi: lpfc: Return early in lpfc_poll_eratt() when the driver is unloading (bsc#1217731). - scsi: lpfc: Treat IOERR_SLI_DOWN I/O completion status the same as pci offline (bsc#1217124). - scsi: lpfc: Update lpfc version to 14.2.0.15 (bsc#1217124). - scsi: lpfc: Update lpfc version to 14.2.0.16 (bsc#1217731). - scsi: lpfc: Validate ELS LS_ACC completion payload (bsc#1217124). - scsi: qla2xxx: Fix double free of dsd_list during driver load (git-fixes). - scsi: qla2xxx: Use FIELD_GET() to extract PCIe capability fields (git-fixes). - selftests/efivarfs: create-read: fix a resource leak (git-fixes). - selftests/pidfd: Fix ksft print formats (git-fixes). - selftests/resctrl: Ensure the benchmark commands fits to its array (git-fixes). - selftests/resctrl: Reduce failures due to outliers in MBA/MBM tests (git-fixes). - selftests/resctrl: Remove duplicate feature check from CMT test (git-fixes). - seq_buf: fix a misleading comment (git-fixes). - serial: exar: Revert 'serial: exar: Add support for Sealevel 7xxxC serial cards' (git-fixes). - serial: meson: Use platform_get_irq() to get the interrupt (git-fixes). - soc: qcom: llcc: Handle a second device without data corruption (git-fixes). - spi: nxp-fspi: use the correct ioremap function (git-fixes). - spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies (git-fixes). - spi: tegra: Fix missing IRQ check in tegra_slink_probe() (git-fixes). - staging: media: ipu3: remove ftrace-like logging (git-fixes). - string.h: add array-wrappers for (v)memdup_user() (git-fixes). - supported.conf: marked idpf supported - thermal: core: prevent potential string overflow (git-fixes). - treewide: Spelling fix in comment (git-fixes). - tty/sysrq: replace smp_processor_id() with get_cpu() (git-fixes). - tty: 8250: Add Brainboxes Oxford Semiconductor-based quirks (git-fixes). - tty: 8250: Add support for Brainboxes UP cards (git-fixes). - tty: 8250: Add support for Intashield IS-100 (git-fixes). - tty: 8250: Add support for Intashield IX cards (git-fixes). - tty: 8250: Add support for additional Brainboxes PX cards (git-fixes). - tty: 8250: Add support for additional Brainboxes UC cards (git-fixes). - tty: 8250: Fix port count of PX-257 (git-fixes). - tty: 8250: Fix up PX-803/PX-857 (git-fixes). - tty: 8250: Remove UC-257 and UC-431 (git-fixes). - tty: Fix uninit-value access in ppp_sync_receive() (git-fixes). - tty: n_gsm: fix race condition in status line change on dead connections (git-fixes). - tty: serial: meson: fix hard LOCKUP on crtscts mode (git-fixes). - tty: tty_jobctrl: fix pid memleak in disassociate_ctty() (git-fixes). - tty: vcc: Add check for kstrdup() in vcc_probe() (git-fixes). - usb: cdnsp: Fix deadlock issue during using NCM gadget (git-fixes). - usb: chipidea: Fix DMA overwrite for Tegra (git-fixes). - usb: chipidea: Simplify Tegra DMA alignment code (git-fixes). - usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency (git-fixes). - usb: dwc3: Fix default mode initialization (git-fixes). - usb: dwc3: set the dma max_seg_size (git-fixes). - usb: gadget: f_ncm: Always set current gadget in ncm_bind() (git-fixes). - usb: raw-gadget: properly handle interrupted requests (git-fixes). - usb: storage: set 1.50 as the lower bcdDevice for older 'Super Top' compatibility (git-fixes). - usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm() (git-fixes). - usb: typec: tcpm: Skip hard reset when in error recovery (git-fixes). - virtchnl: add virtchnl version 2 ops (bsc#1215458). - wifi: ath10k: Do not touch the CE interrupt registers after power up (git-fixes). - wifi: ath10k: fix clang-specific fortify warning (git-fixes). - wifi: ath11k: debugfs: fix to work with multiple PCI devices (git-fixes). - wifi: ath11k: fix dfs radar event locking (git-fixes). - wifi: ath11k: fix htt pktlog locking (git-fixes). - wifi: ath11k: fix temperature event locking (git-fixes). - wifi: ath9k: fix clang-specific fortify warnings (git-fixes). - wifi: iwlwifi: Use FW rate for non-data frames (git-fixes). - wifi: iwlwifi: call napi_synchronize() before freeing rx/tx queues (git-fixes). - wifi: iwlwifi: empty overflow queue during flush (git-fixes). - wifi: iwlwifi: honor the enable_ini value (git-fixes). - wifi: iwlwifi: pcie: synchronize IRQs before NAPI (git-fixes). - wifi: mac80211: do not return unset power in ieee80211_get_tx_power() (git-fixes). - wifi: mac80211: fix # of MSDU in A-MSDU calculation (git-fixes). - wifi: mt76: mt7603: rework/fix rx pse hang check (git-fixes). - wifi: rtlwifi: fix EDCA limit set by BT coexistence (git-fixes). - wifi: rtw88: debug: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git-fixes). - x86/alternative: Add a __alt_reloc_selftest() prototype (git-fixes). - x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs (git-fixes). - x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4 (git-fixes). - x86/hyperv: Add HV_EXPOSE_INVARIANT_TSC define (git-fixes). - x86/hyperv: Improve code for referencing hyperv_pcpu_input_arg (git-fixes). - x86/hyperv: Make hv_get_nmi_reason public (git-fixes). - x86/hyperv: fix a warning in mshyperv.h (git-fixes). - x86/sev: Do not try to parse for the CC blob on non-AMD hardware (git-fixes). - x86/sev: Fix calculation of end address based on number of pages (git-fixes). - x86/sev: Use the GHCB protocol when available for SNP CPUID requests (git-fixes). - x86: Move gds_ucode_mitigated() declaration to header (git-fixes). - xfs: add attr state machine tracepoints (git-fixes). - xfs: can't use kmem_zalloc() for attribute buffers (bsc#1216909). - xfs: constify btree function parameters that are not modified (git-fixes). - xfs: convert AGF log flags to unsigned (git-fixes). - xfs: convert AGI log flags to unsigned (git-fixes). - xfs: convert attr type flags to unsigned (git-fixes). - xfs: convert bmap extent type flags to unsigned (git-fixes). - xfs: convert bmapi flags to unsigned (git-fixes). - xfs: convert btree buffer log flags to unsigned (git-fixes). - xfs: convert buffer flags to unsigned (git-fixes). - xfs: convert buffer log item flags to unsigned (git-fixes). - xfs: convert da btree operations flags to unsigned (git-fixes). - xfs: convert dquot flags to unsigned (git-fixes). - xfs: convert inode lock flags to unsigned (git-fixes). - xfs: convert log item tracepoint flags to unsigned (git-fixes). - xfs: convert log ticket and iclog flags to unsigned (git-fixes). - xfs: convert quota options flags to unsigned (git-fixes). - xfs: convert scrub type flags to unsigned (git-fixes). - xfs: disambiguate units for ftrace fields tagged 'blkno', 'block', or 'bno' (git-fixes). - xfs: disambiguate units for ftrace fields tagged 'count' (git-fixes). - xfs: disambiguate units for ftrace fields tagged 'len' (git-fixes). - xfs: disambiguate units for ftrace fields tagged 'offset' (git-fixes). - xfs: make the key parameters to all btree key comparison functions const (git-fixes). - xfs: make the key parameters to all btree query range functions const (git-fixes). - xfs: make the keys and records passed to btree inorder functions const (git-fixes). - xfs: make the pointer passed to btree set_root functions const (git-fixes). - xfs: make the start pointer passed to btree alloc_block functions const (git-fixes). - xfs: make the start pointer passed to btree update_lastrec functions const (git-fixes). - xfs: mark the record passed into btree init_key functions as const (git-fixes). - xfs: mark the record passed into xchk_btree functions as const (git-fixes). - xfs: remove xfs_btree_cur_t typedef (git-fixes). - xfs: rename i_disk_size fields in ftrace output (git-fixes). - xfs: resolve fork names in trace output (git-fixes). - xfs: standardize AG block number formatting in ftrace output (git-fixes). - xfs: standardize AG number formatting in ftrace output (git-fixes). - xfs: standardize daddr formatting in ftrace output (git-fixes). - xfs: standardize inode generation formatting in ftrace output (git-fixes). - xfs: standardize inode number formatting in ftrace output (git-fixes). - xfs: standardize remaining xfs_buf length tracepoints (git-fixes). - xfs: standardize rmap owner number formatting in ftrace output (git-fixes). - xhci: Enable RPM on controllers that support low-power states (git-fixes). - xhci: Loosen RPM as default policy to cover for AMD xHC 1.1 (git-fixes). ----------------------------------------- Patch: SUSE-2023-4891 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Severity: moderate References: 1201384,1218014,CVE-2023-50495 Description: This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) ----------------------------------------- Patch: SUSE-2023-4897 Released: Tue Dec 19 08:22:36 2023 Summary: Optional update for openslp Severity: low References: Description: This update for openslp bumps the version number to ensure a clean upgrade path from SLE-12 to SLE-15. This is a no-change rebuild of the packages already available in SLE-15. ----------------------------------------- Patch: SUSE-2023-4916 Released: Wed Dec 20 08:49:04 2023 Summary: Recommended update for lvm2 Severity: important References: 1215229 Description: This update for lvm2 fixes the following issues: - Fixed error creating linux volume on SAN device lvmlockd (bsc#1215229) ----------------------------------------- Patch: SUSE-2023-4962 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Severity: important References: 1216987 Description: This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. ----------------------------------------- Patch: SUSE-2024-10 Released: Tue Jan 2 13:21:05 2024 Summary: Security update for polkit Severity: moderate References: 1209282 Description: This update for polkit fixes the following issues: - Change permissions for rules folders (bsc#1209282) ----------------------------------------- Patch: SUSE-2024-26 Released: Thu Jan 4 11:15:24 2024 Summary: Recommended update for mozilla-nss Severity: moderate References: 1214980 Description: This update for mozilla-nss fixes the following issues: Mozilla NSS was updated to NSS 3.90.1 * regenerate NameConstraints test certificates. * add OSXSAVE and XCR0 tests to AVX2 detection. ----------------------------------------- Patch: SUSE-2024-62 Released: Mon Jan 8 11:44:47 2024 Summary: Recommended update for libxcrypt Severity: moderate References: 1215496 Description: This update for libxcrypt fixes the following issues: - fix variable name for datamember [bsc#1215496] - added patches fix https://github.com/besser82/libxcrypt/commit/b212d601549a0fc84cbbcaf21b931f903787d7e2 ----------------------------------------- Patch: SUSE-2024-70 Released: Tue Jan 9 18:29:39 2024 Summary: Security update for tar Severity: low References: 1217969,CVE-2023-39804 Description: This update for tar fixes the following issues: - CVE-2023-39804: Fixed extension attributes in PAX archives incorrect hanling (bsc#1217969). ----------------------------------------- Patch: SUSE-2024-105 Released: Mon Jan 15 15:41:05 2024 Summary: Recommended update for grub2 and efibootmgr Severity: important References: 1217237 Description: This update for grub2 and efibootmgr fixes the following issues: grub2: - Deliver missing grub2-arm64-efi and grub2-powerpc-ieee1275 to SUSE Manager 4.3 (no source changes) (bsc#1217237) efibootmgr: - Deliver missing efibootmgr to SUSE Manager 4.3 (no source changes) (bsc#1217237) ----------------------------------------- Patch: SUSE-2024-129 Released: Tue Jan 16 15:48:55 2024 Summary: Security update for the Linux Kernel Severity: important References: 1179610,1183045,1193285,1211162,1211226,1212584,1214747,1214823,1215237,1215696,1215885,1216057,1216559,1216776,1217036,1217217,1217250,1217602,1217692,1217790,1217801,1217933,1217938,1217946,1217947,1217980,1217981,1217982,1218056,1218139,1218184,1218234,1218253,1218258,1218335,1218357,1218447,1218515,1218559,1218569,1218659,CVE-2020-26555,CVE-2023-51779,CVE-2023-6121,CVE-2023-6531,CVE-2023-6546,CVE-2023-6606,CVE-2023-6610,CVE-2023-6622,CVE-2023-6931,CVE-2023-6932 Description: The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic() on the socket that the SKB is queued on (bsc#1218447). - CVE-2023-6610: Fixed an out of bounds read in the SMB client when printing debug information (bsc#1217946). - CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218559). - CVE-2020-26555: Fixed an issue during BR/EDR PIN code pairing in the Bluetooth subsystem that would allow replay attacks (bsc#1179610 bsc#1215237). - CVE-2023-6606: Fixed an out of bounds read in the SMB client when receiving a malformed length from a server (bsc#1217947). - CVE-2023-6546: Fixed a race condition in the GSM 0710 tty multiplexor via the GSMIOC_SETCONF ioctl that could lead to local privilege escalation (bsc#1218335). - CVE-2023-6931: Fixed a heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component that could lead to local privilege escalation. (bsc#1218258). - CVE-2023-6932: Fixed a use-after-free vulnerability in the Linux kernel's ipv4: igmp component that could lead to local privilege escalation (bsc#1218253). - CVE-2023-6622: Fixed a null pointer dereference vulnerability in nft_dynset_init() that could allow a local attacker with CAP_NET_ADMIN user privilege to trigger a denial of service (bsc#1217938). - CVE-2023-6121: Fixed an information leak via dmesg when receiving a crafted packet in the NVMe-oF/TCP subsystem (bsc#1217250). The following non-security bugs were fixed: - Reviewed and added more information to README.SUSE (jsc#PED-5021). - Build in the correct KOTD repository with multibuild (JSC-SLE#5501, boo#1211226, bsc#1218184) With multibuild setting repository flags is no longer supported for individual spec files - see https://github.com/openSUSE/open-build-service/issues/3574 Add ExclusiveArch conditional that depends on a macro set up by bs-upload-kernel instead. With that each package should build only in one repository - either standard or QA. Note: bs-upload-kernel does not interpret rpm conditionals, and only uses the first ExclusiveArch line to determine the architectures to enable. - KVM: s390/mm: Properly reset no-dat (bsc#1218056). - KVM: s390: vsie: fix wrong VIR 37 when MSO is used (bsc#1217933). - KVM: x86: Mask LVTPC when handling a PMI (jsc#PED-7322). - NFS: Fix O_DIRECT locking issues (bsc#1211162). - NFS: Fix a few more clear_bit() instances that need release semantics (bsc#1211162). - NFS: Fix a potential data corruption (bsc#1211162). - NFS: Fix a use after free in nfs_direct_join_group() (bsc#1211162). - NFS: Fix error handling for O_DIRECT write scheduling (bsc#1211162). - NFS: More O_DIRECT accounting fixes for error paths (bsc#1211162). - NFS: More fixes for nfs_direct_write_reschedule_io() (bsc#1211162). - NFS: Use the correct commit info in nfs_join_page_group() (bsc#1211162). - NLM: Defend against file_lock changes after vfs_test_lock() (bsc#1217692). - Updated SPI patches for NVIDIA Grace enablement (bsc#1212584, jsc#PED-3459). - block: fix revalidate performance regression (bsc#1216057). - bpf: Adjust insufficient default bpf_jit_limit (bsc#1218234). - ceph: fix incorrect revoked caps assert in ceph_fill_file_size() (bsc#1217980). - ceph: fix type promotion bug on 32bit systems (bsc#1217982). - clocksource: Add a Kconfig option for WATCHDOG_MAX_SKEW (bsc#1215885 bsc#1217217). - clocksource: Enable TSC watchdog checking of HPET and PMTMR only when requested (bsc#1215885 bsc#1217217). - clocksource: Handle negative skews in 'skew is too large' messages (bsc#1215885 bsc#1217217). - clocksource: Improve 'skew is too large' messages (bsc#1215885 bsc#1217217). - clocksource: Improve read-back-delay message (bsc#1215885 bsc#1217217). - clocksource: Loosen clocksource watchdog constraints (bsc#1215885 bsc#1217217). - clocksource: Print clocksource name when clocksource is tested unstable (bsc#1215885 bsc#1217217). - clocksource: Verify HPET and PMTMR when TSC unverified (bsc#1215885 bsc#1217217). - dm_blk_ioctl: implement path failover for SG_IO (bsc#1183045, bsc#1216776). - fuse: dax: set fc->dax to NULL in fuse_dax_conn_free() (bsc#1218659). - kabi/severities: ignore kABI for asus-wmi drivers Tolerate the kABI changes, as used only locally for asus-wmi stuff - libceph: use kernel_connect() (bsc#1217981). - mkspec: Add multibuild support (JSC-SLE#5501, boo#1211226, bsc#1218184) When MULTIBUILD option in config.sh is enabled generate a _multibuild file listing all spec files. - mm: kmem: drop __GFP_NOFAIL when allocating objcg vectors (bsc#1218515). - net/smc: Fix pos miscalculation in statistics (bsc#1218139). - net/tg3: fix race condition in tg3_reset_task() (bsc#1217801). - nfs: only issue commit in DIO codepath if we have uncommitted data (bsc#1211162). - remove unnecessary WARN_ON_ONCE() (bsc#1214823 bsc#1218569). - s390/vx: fix save/restore of fpu kernel context (bsc#1218357). - scsi: lpfc: use unsigned type for num_sge (bsc#1214747). - swiotlb: fix a braino in the alignment check fix (bsc#1216559). - swiotlb: fix slot alignment checks (bsc#1216559). - tracing: Disable preemption when using the filter buffer (bsc#1217036). - tracing: Fix a possible race when disabling buffered events (bsc#1217036). - tracing: Fix a warning when allocating buffered events fails (bsc#1217036). - tracing: Fix incomplete locking when disabling buffered events (bsc#1217036). - tracing: Fix warning in trace_buffered_event_disable() (bsc#1217036). - tracing: Use __this_cpu_read() in trace_event_buffer_lock_reserver() (bsc#1217036). - uapi: propagate __struct_group() attributes to the container union (jsc#SLE-18978). - vsprintf/kallsyms: Prevent invalid data when printing symbol (bsc#1217602). - x86/entry/ia32: Ensure s32 is sign extended to s64 (bsc#1193285). - x86/platform/uv: Use alternate source for socket to node data (bsc#1215696 bsc#1217790). - x86/tsc: Add option to force frequency recalibration with HW timer (bsc#1215885 bsc#1217217). - x86/tsc: Be consistent about use_tsc_delay() (bsc#1215885 bsc#1217217). - x86/tsc: Extend watchdog check exemption to 4-Sockets platform (bsc#1215885 bsc#1217217). ----------------------------------------- Patch: SUSE-2024-136 Released: Thu Jan 18 09:53:47 2024 Summary: Security update for pam Severity: moderate References: 1217000,1218475,CVE-2024-22365 Description: This update for pam fixes the following issues: - CVE-2024-22365: Fixed a local denial of service during PAM login due to a missing check during path manipulation (bsc#1218475). - Check localtime_r() return value to fix crashing (bsc#1217000) ----------------------------------------- Patch: SUSE-2024-140 Released: Thu Jan 18 11:34:58 2024 Summary: Security update for libssh Severity: important References: 1211188,1211190,1218126,1218186,1218209,CVE-2023-1667,CVE-2023-2283,CVE-2023-48795,CVE-2023-6004,CVE-2023-6918 Description: This update for libssh fixes the following issues: Security fixes: - CVE-2023-6004: Fixed command injection using proxycommand (bsc#1218209) - CVE-2023-48795: Fixed potential downgrade attack using strict kex (bsc#1218126) - CVE-2023-6918: Fixed missing checks for return values of MD functions (bsc#1218186) - CVE-2023-1667: Fixed NULL dereference during rekeying with algorithm guessing (bsc#1211188) - CVE-2023-2283: Fixed possible authorization bypass in pki_verify_data_signature under low-memory conditions (bsc#1211190) Other fixes: - Update to version 0.9.8 - Allow @ in usernames when parsing from URI composes - Update to version 0.9.7 - Fix several memory leaks in GSSAPI handling code ----------------------------------------- Patch: SUSE-2024-214 Released: Wed Jan 24 16:01:31 2024 Summary: Recommended update for systemd Severity: moderate References: 1214668,1215241,1217460 Description: This update for systemd fixes the following issues: - resolved: actually check authenticated flag of SOA transaction - core/mount: Make device deps from /proc/self/mountinfo and .mount unit file exclusive - core: Add trace logging to mount_add_device_dependencies() - core/mount: Remove default deps from /proc/self/mountinfo when it is updated (bsc#1217460) - core/mount: Set Mount.from_proc_self_mountinfo flag before adding default dependencies - core: wrap some long comment - utmp-wtmp: Handle EINTR gracefully when waiting to write to tty - utmp-wtmp: Fix error in case isatty() fails - homed: Handle EINTR gracefully when waiting for device node - resolved: Handle EINTR returned from fd_wait_for_event() better - sd-netlink: Handle EINTR from poll() gracefully, as success - varlink: Handle EINTR gracefully when waiting for EIO via ppoll() - stdio-bridge: Don't be bothered with EINTR - sd-bus: Handle EINTR return from bus_poll() (bsc#1215241) - core: Replace slice dependencies as they get added (bsc#1214668) ----------------------------------------- Patch: SUSE-2024-233 Released: Thu Jan 25 11:58:47 2024 Summary: Recommended update for suse-module-tools Severity: moderate References: 1217775 Description: This update for suse-module-tools fixes the following issues: - Update to version 15.4.19 - Add symlink /boot/.vmlinuz.hmac (bsc#1217775) ----------------------------------------- Patch: SUSE-2024-238 Released: Fri Jan 26 10:56:41 2024 Summary: Security update for cpio Severity: moderate References: 1218571,CVE-2023-7207 Description: This update for cpio fixes the following issues: - CVE-2023-7207: Fixed a path traversal issue that could lead to an arbitrary file write during archive extraction (bsc#1218571). ----------------------------------------- Patch: SUSE-2024-243 Released: Fri Jan 26 13:00:47 2024 Summary: Recommended update for util-linux Severity: moderate References: 1207987 Description: This update for util-linux fixes the following issues: - Fix performance degradation (bsc#1207987) ----------------------------------------- Patch: SUSE-2024-261 Released: Tue Jan 30 08:20:36 2024 Summary: Recommended update for conmon Severity: moderate References: 1215806,1217773 Description: This update for conmon fixes the following issues: - New upstream release 2.1.10 Bug fixes: * Fix incorrect free in conn_sock * logging: Respect log-size-max immediately after open - Add patch for fixing regression in v2.1.9 (https://github.com/containers/conmon/issues/475 and https://github.com/containers/conmon/issues/477) - New upstream release 2.1.9 ### Bug fixes * fix some issues flagged by SAST scan * src: fix write after end of buffer * src: open all files with O_CLOEXEC * oom-score: restore oom score before running exit command ### Features * Forward more messages on the sd-notify socket * logging: -l passthrough accepts TTYs * [bsc#1215806] - Update to version 2.1.8: * stdio: ignore EIO for terminals (bsc#1217773) * ensure console socket buffers are properly sized * conmon: drop return after pexit() * ctrl: make accept4 failures fatal * logging: avoid opening /dev/null for each write * oom: restore old OOM score * Use default umask 0022 * cli: log parsing errors to stderr * Changes to build conmon for riscv64 * Changes to build conmon for ppc64le * Fix close_other_fds on FreeBSD ----------------------------------------- Patch: SUSE-2024-293 Released: Wed Jan 31 17:42:15 2024 Summary: Recommended update for elemental-operator Severity: important References: Description: This update for elemental-operator contains the following fix: - Bump Go to 1.20. (jsc#SURE-7083) ----------------------------------------- Patch: SUSE-2024-295 Released: Thu Feb 1 08:23:17 2024 Summary: Security update for runc Severity: important References: 1218894,CVE-2024-21626 Description: This update for runc fixes the following issues: Update to runc v1.1.11: - CVE-2024-21626: Fixed container breakout. (bsc#1218894)