Image summary for sles-15-sp3-chost-byos-v20220818-x86-64

SUSE-IU-2022:1049-1

This update for perl-Bootloader fixes the following issues:

• fix sysconfig parsing (bsc#1198828)
• grub2/install: reset error code when passing through recover code (bsc#1198197)
• grub2 install: Support secure boot on powerpc (bsc#1192764, jsc#SLE-18271)

This update for systemd fixes the following issues:

• Allow control characters in environment variable values (bsc#1200170)
• Call pam_loginuid when creating user@.service (bsc#1198507)
• Fix parsing error in s390 udev rules conversion script (bsc#1198732)
• Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570)
• Flagsify EscapeStyle and make ESCAPE_BACKSLASH_ONELINE implicit
• Revert 'basic/env-util: (mostly) follow POSIX for what variable names are allowed'
• basic/env-util: (mostly) follow POSIX for what variable names are allowed
• basic/env-util: make function shorter
• basic/escape: add mode where empty arguments are still shown as ''
• basic/escape: always escape newlines in shell_escape()
• basic/escape: escape control characters, but not utf-8, in shell quoting
• basic/escape: use consistent location for '*' in function declarations
• basic/string-util: inline iterator variable declarations
• basic/string-util: simplify how str_realloc() is used
• basic/string-util: split out helper function
• core/device: device_coldplug(): don't set DEVICE_DEAD
• core/device: do not downgrade device state if it is already enumerated
• core/device: drop unnecessary condition
• string-util: explicitly cast character to unsigned
• string-util: fix build error on aarch64
• test-env-util: Verify that \r is disallowed in env var values
• test-env-util: print function headers

This update for glibc fixes the following issues:

• Remove tunables from static tls surplus patch which caused crashes (bsc#1200855)
• i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788)

This update for gpg2 fixes the following issues:

• CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225).
• Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125)

This update for logrotate fixes the following issues:
Security issues fixed:

• Improved coredump handing for SUID binaries (bsc#1192449).

• Fixed 'logrotate emits unintended warning: keyword size not properly separated, found 0x3d' (bsc#1200278, bsc#1200802).

The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

• CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657).
• CVE-2022-34918: Fixed a buffer overflow with nft_set_elem_init() that could be used by a local attacker to escalate privileges (bnc#1201171).
• CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050).
• CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487).
• CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bsc#1200619).
• CVE-2022-1012: Fixed information leak caused by small table perturb size in the TCP source port generation algorithm (bsc#1199482).
• CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692)
• CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604).
• CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system (bsc#1194013).
• CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599).

• ALSA: hda/conexant: Fix missing beep setup (git-fixes).
• ALSA: hda/realtek - Add HW8326 support (git-fixes).
• ALSA: hda/realtek: Add quirk for Clevo PD70PNT (git-fixes).
• ALSA: hda/realtek - ALC897 headset MIC no sound (git-fixes).
• ALSA: hda/via: Fix missing beep setup (git-fixes).
• arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399 (git-fixes)
• arm64: ftrace: fix branch range checks (git-fixes)
• ASoC: cs35l36: Update digital volume TLV (git-fixes).
• ASoC: cs42l52: Correct TLV for Bypass Volume (git-fixes).
• ASoC: cs42l52: Fix TLV scales for mixer controls (git-fixes).
• ASoC: cs42l56: Correct typo in minimum level for SX volume controls (git-fixes).
• ASoC: cs53l30: Correct number of volume levels on SX controls (git-fixes).
• ASoC: es8328: Fix event generation for deemphasis control (git-fixes).
• ASoC: nau8822: Add operation for internal PLL off and on (git-fixes).
• ASoC: wm8962: Fix suspend while playing music (git-fixes).
• ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put() (git-fixes).
• ata: libata: add qc->flags in ata_qc_complete_template tracepoint (git-fixes).
• ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() (git-fixes).
• bcache: avoid journal no-space deadlock by reserving 1 journal bucket (git-fixes).
• bcache: avoid unnecessary soft lockup in kworker update_writeback_rate() (bsc#1197362).
• bcache: fixup multiple threads crash (git-fixes).
• bcache: improve multithreaded bch_btree_check() (git-fixes).
• bcache: improve multithreaded bch_sectors_dirty_init() (git-fixes).
• bcache: memset on stack variables in bch_btree_check() and bch_sectors_dirty_init() (git-fixes).
• bcache: remove incremental dirty sector counting for bch_sectors_dirty_init() (git-fixes).
• bio: fix page leak bio_add_hw_page failure (git-fixes).
• blk-cgroup: fix a hd_struct leak in blkcg_fill_root_iostats (git-fixes).
• blk-iolatency: Fix inflight count imbalances and IO hangs on offline (bsc#1200825).
• blk-mq: clear active_queues before clearing BLK_MQ_F_TAG_QUEUE_SHARED (bsc#1200263).
• blk-mq: do not update io_ticks with passthrough requests (bsc#1200816).
• blk-mq: drop workarounds for cpu hotplug queue management (bsc#1185762)
• blk-mq: update hctx->dispatch_busy in case of real scheduler (git-fixes).
• block: advance iov_iter on bio_add_hw_page failure (git-fixes).
• block: do not merge across cgroup boundaries if blkcg is enabled (bsc#1198020).
• block: Fix handling of offline queues in blk_mq_alloc_request_hctx() (bsc#1185762).
• block: Fix kABI in blk-merge.c (bsc#1198020).
• block/keyslot-manager: prevent crash when num_slots=1 (git-fixes).
• bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove() (git-fixes).
• caif_virtio: fix race between virtio_device_ready() and ndo_open() (git-fixes).
• ceph: add some lockdep assertions around snaprealm handling (bsc#1201147).
• ceph: clean up locking annotation for ceph_get_snap_realm and __lookup_snap_realm (bsc#1201149).
• certs/blacklist_hashes.c: fix const confusion in certs blacklist (git-fixes).
• cifs: add WARN_ON for when chan_count goes below minimum (bsc#1200217).
• cifs: adjust DebugData to use chans_need_reconnect for conn status (bsc#1200217).
• cifs: alloc_path_with_tree_prefix: do not append sep. if the path is empty (bsc#1200217).
• cifs: avoid parallel session setups on same channel (bsc#1200217).
• cifs: avoid race during socket reconnect between send and recv (bsc#1200217).
• cifs: call cifs_reconnect when a connection is marked (bsc#1200217).
• cifs: call helper functions for marking channels for reconnect (bsc#1200217).
• cifs: change smb2_query_info_compound to use a cached fid, if available (bsc#1200217).
• cifs: check for smb1 in open_cached_dir() (bsc#1200217).
• cifs: check reconnects for channels of active tcons too (bsc#1200217).
• cifs: Check the IOCB_DIRECT flag, not O_DIRECT (bsc#1200217).
• cifs: cifs_ses_mark_for_reconnect should also update reconnect bits (bsc#1200217).
• cifs: clean up an inconsistent indenting (bsc#1200217).
• cifs: destage any unwritten data to the server before calling copychunk_write (bsc#1200217).
• cifs: do not build smb1ops if legacy support is disabled (bsc#1200217).
• cifs: do not call cifs_dfs_query_info_nonascii_quirk() if nodfs was set (bsc#1200217).
• cifs: do not use tcpStatus after negotiate completes (bsc#1200217).
• cifs: do not use uninitialized data in the owner/group sid (bsc#1200217).
• cifs: fix confusing unneeded warning message on smb2.1 and earlier (bsc#1200217).
• cifs: fix double free race when mount fails in cifs_get_root() (bsc#1200217).
• cifs: fix FILE_BOTH_DIRECTORY_INFO definition (bsc#1200217).
• cifs: fix handlecache and multiuser (bsc#1200217).
• cifs: fix hang on cifs_get_next_mid() (bsc#1200217).
• cifs: fix incorrect use of list iterator after the loop (bsc#1200217).
• cifs: fix minor compile warning (bsc#1200217).
• cifs: fix missed refcounting of ipc tcon (bsc#1200217).
• cifs: fix ntlmssp auth when there is no key exchange (bsc#1200217).
• cifs: fix NULL ptr dereference in refresh_mounts() (bsc#1200217).
• cifs: fix potential deadlock in direct reclaim (bsc#1200217).
• cifs: fix potential double free during failed mount (bsc#1200217).
• cifs: fix potential race with cifsd thread (bsc#1200217).
• cifs: fix set of group SID via NTSD xattrs (bsc#1200217).
• cifs: fix signed integer overflow when fl_end is OFFSET_MAX (bsc#1200217).
• cifs: Fix smb311_update_preauth_hash() kernel-doc comment (bsc#1200217).
• cifs: fix the cifs_reconnect path for DFS (bsc#1200217).
• cifs: fix the connection state transitions with multichannel (bsc#1200217).
• cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (bsc#1200217).
• cifs: fix workstation_name for multiuser mounts (bsc#1200217).
• cifs: force new session setup and tcon for dfs (bsc#1200217).
• cifs: free ntlmsspblob allocated in negotiate (bsc#1200217).
• cifs: ignore resource_id while getting fscache super cookie (bsc#1200217).
• cifs: maintain a state machine for tcp/smb/tcon sessions (bsc#1200217).
• cifs: make status checks in version independent callers (bsc#1200217).
• cifs: mark sessions for reconnection in helper function (bsc#1200217).
• cifs: modefromsids must add an ACE for authenticated users (bsc#1200217).
• cifs: move definition of cifs_fattr earlier in cifsglob.h (bsc#1200217).
• cifs: move superblock magic defitions to magic.h (bsc#1200217).
• cifs: potential buffer overflow in handling symlinks (bsc#1200217).
• cifs: print TIDs as hex (bsc#1200217).
• cifs: protect all accesses to chan_* with chan_lock (bsc#1200217).
• cifs: quirk for STATUS_OBJECT_NAME_INVALID returned for non-ASCII dfs refs (bsc#1200217).
• cifs: reconnect only the connection and not smb session where possible (bsc#1200217).
• cifs: release cached dentries only if mount is complete (bsc#1200217).
• cifs: remove check of list iterator against head past the loop body (bsc#1200217).
• cifs: remove redundant assignment to pointer p (bsc#1200217).
• cifs: remove repeated debug message on cifs_put_smb_ses() (bsc#1200217).
• cifs: remove repeated state change in dfs tree connect (bsc#1200217).
• cifs: remove unused variable ses_selected (bsc#1200217).
• cifs: return ENOENT for DFS lookup_cache_entry() (bsc#1200217).
• cifs: return the more nuanced writeback error on close() (bsc#1200217).
• cifs: sanitize multiple delimiters in prepath (bsc#1200217).
• cifs: serialize all mount attempts (bsc#1200217).
• cifs: set the CREATE_NOT_FILE when opening the directory in use_cached_dir() (bsc#1200217).
• cifs: skip trailing separators of prefix paths (bsc#1200217).
• cifs: smbd: fix typo in comment (bsc#1200217).
• cifs: Split the smb3_add_credits tracepoint (bsc#1200217).
• cifs: take cifs_tcp_ses_lock for status checks (bsc#1200217).
• cifs: track individual channel status using chans_need_reconnect (bsc#1200217).
• cifs: unlock chan_lock before calling cifs_put_tcp_session (bsc#1200217).
• cifs: update internal module number (bsc#1193629).
• cifs: update internal module number (bsc#1200217).
• cifs: update tcpStatus during negotiate and sess setup (bsc#1200217).
• cifs: use a different reconnect helper for non-cifsd threads (bsc#1200217).
• cifs: use correct lock type in cifs_reconnect() (bsc#1200217).
• cifs: Use kzalloc instead of kmalloc/memset (bsc#1200217).
• cifs: use new enum for ses_status (bsc#1200217).
• cifs: use the chans_need_reconnect bitmap for reconnect status (bsc#1200217).
• cifs: verify that tcon is valid before dereference in cifs_kill_sb (bsc#1200217).
• cifs: version operations for smb20 unneeded when legacy support disabled (bsc#1200217).
• cifs: wait for tcon resource_id before getting fscache super (bsc#1200217).
• cifs: we do not need a spinlock around the tree access during umount (bsc#1200217).
• cifs: when extending a file with falloc we should make files not-sparse (bsc#1200217).
• drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c (git-fixes).
• drm/i915/reset: Fix error_state_read ptr + offset use (git-fixes).
• drm/i915: Update TGL and RKL DMC firmware versions (bsc#1198924).
• drm/msm: Fix double pm_runtime_disable() call (git-fixes).
• drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (git-fixes).
• drm/sun4i: Fix crash during suspend after component bind failure (git-fixes).
• exec: Force single empty string when argv is empty (bsc#1200571).
• ext4: add check to prevent attempting to resize an fs with sparse_super2 (bsc#1197754).
• ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1200810).
• ext4: fix bug_on in __es_tree_search (bsc#1200809).
• ext4: fix race condition between ext4_write and ext4_convert_inline_data (bsc#1200807).
• ext4: limit length to bitmap_maxbytes - blocksize in punch_hole (bsc#1200806).
• ext4: make variable 'count' signed (bsc#1200820).
• Fix a warning about a malformed kernel doc comment in cifs (bsc#1200217).
• fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1201143).
• gpio: winbond: Fix error code in winbond_gpio_get() (git-fixes).
• gtp: use icmp_ndo_send helper (git-fixes).
• hwmon: (ibmaem) do not call platform_device_del() if platform_device_add() fails (git-fixes).
• i2c: designware: Use standard optional ref clock implementation (git-fixes).
• ibmvnic: Properly dispose of all skbs during a failover (bsc#1200925).
• iio:accel:bma180: rearrange iio trigger get and register (git-fixes).
• iio: accel: mma8452: ignore the return value of reset operation (git-fixes).
• iio: adc: axp288: Override TS pin bias current for some models (git-fixes).
• iio: adc: vf610: fix conversion mode sysfs node name (git-fixes).
• iio:chemical:ccs811: rearrange iio trigger get and register (git-fixes).
• iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (git-fixes).
• iio: trigger: sysfs: fix use-after-free on remove (git-fixes).
• init: Initialize noop_backing_dev_info early (bsc#1200822).
• inotify: show inotify mask flags in proc fdinfo (bsc#1200600).
• iomap: iomap_write_failed fix (bsc#1200829).
• ipvs: add sysctl_run_estimation to support disable estimation (bsc#1195504).
• jfs: fix divide error in dbNextAG (bsc#1200828).
• kABI fix of sysctl_run_estimation (git-fixes).
• kabi: nvme workaround header include (bsc#1201193).
• kabi/severities: ignore KABI for NVMe target (bsc#1192761)
• linux/dim: Fix divide by 0 in RDMA DIM (git-fixes).
• md: fix update super 1.0 on rdev size change (git-fixes).
• move devm_allocate to end of structure for kABI (git-fixes).
• mtd: rawnand: gpmi: Fix setting busy timeout setting (git-fixes).
• net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg (git-fixes).
• net: ethernet: stmmac: Disable hardware multicast filter (git-fixes).
• net: ieee802154: ca8210: Stop leaking skb's (git-fixes).
• net: lantiq: Add locking for TX DMA channel (git-fixes).
• net: rose: fix UAF bugs caused by timer handler (git-fixes).
• net: stmmac: reset Tx desc base address before restarting Tx (git-fixes).
• net: usb: ax88179_178a: Fix packet receiving (git-fixes).
• nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (git-fixes).
• nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred (git-fixes).
• NFC: nxp-nci: Do not issue a zero length i2c_master_read() (git-fixes).
• NFS: Do not report EINTR/ERESTARTSYS as mapping errors (git-fixes).
• NFS: Do not report errors from nfs_pageio_complete() more than once (git-fixes).
• NFS: Do not report flush errors in nfs_write_end() (git-fixes).
• NFS: Further fixes to the writeback error handling (git-fixes).
• NFS: Memory allocation failures are not server fatal errors (git-fixes).
• NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout (git-fixes).
• nvdimm: Fix firmware activation deadlock scenarios (git-fixes).
• nvdimm/region: Fix default alignment for small regions (git-fixes).
• nvme: add CNTRLTYPE definitions for 'identify controller' (bsc#1192761).
• nvme: Add connect option 'discovery' (bsc#1192761).
• nvme: add new discovery log page entry definitions (bsc#1192761).
• nvme: display correct subsystem NQN (bsc#1192761).
• nvme: expose subsystem type in sysfs attribute 'subsystype' (bsc#1192761).
• nvme: kabi fix nvme subsystype change (bsc#1192761)
• nvmet: add nvmet_is_disc_subsys() helper (bsc#1192761).
• nvmet: add nvmet_req_subsys() helper (bsc#1192761).
• nvme-tcp: fix H2CData PDU send accounting (again) (git-fixes).
• nvmet: do not check iosqes,iocqes for discovery controllers (bsc#1192761).
• nvmet: fix freeing unallocated p2pmem (git-fixes).
• nvmet: make discovery NQN configurable (bsc#1192761).
• nvmet-rdma: Fix NULL deref when SEND is completed with error (git-fixes).
• nvmet-rdma: Fix NULL deref when setting pi_enable and traddr INADDR_ANY (git-fixes).
• nvmet: register discovery subsystem as 'current' (bsc#1192761).
• nvmet: set 'CNTRLTYPE' in the identify controller data (bsc#1192761).
• nvmet: switch check for subsystem type (bsc#1192761).
• phy: aquantia: Fix AN when higher speeds than 1G are not advertised (git-fixes).
• pNFS: Do not keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE (git-fixes).
• powerpc/idle: Fix return value of __setup() handler (bsc#1065729).
• powerpc/perf: Fix the threshold compare group constraint for power9 (bsc#1065729).
• powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (bsc#1200343 ltc#198477).
• random: Add and use pr_fmt() (bsc#1184924).
• random: remove unnecessary unlikely() (bsc#1184924).
• regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips (git-fixes).
• Revert 'block: Fix a lockdep complaint triggered by request queue flushing' (git-fixes).
• scsi: core: Show SCMD_LAST in text form (git-fixes).
• scsi: ibmvfc: Allocate/free queue resource only during probe/remove (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes).
• scsi: ibmvfc: Store vhost pointer during subcrq allocation (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes).
• scsi: lpfc: Add more logging of cmd and cqe information for aborted NVMe cmds (bsc#1201193).
• scsi: lpfc: Address NULL pointer dereference after starget_to_rport() (bsc#1201193).
• scsi: lpfc: Add support for ATTO Fibre Channel devices (bsc#1201193).
• scsi: lpfc: Add support for VMID tagging of NVMe I/Os (bsc#1201193).
• scsi: lpfc: Allow reduced polling rate for nvme_admin_async_event cmd completion (bsc#1201193).
• scsi: lpfc: Commonize VMID code location (bsc#1201193).
• scsi: lpfc: Correct BDE type for XMIT_SEQ64_WQE in lpfc_ct_reject_event() (bsc#1201193).
• scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology (bsc#1201193).
• scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is aborted (bsc#1201193).
• scsi: lpfc: Resolve some cleanup issues following abort path refactoring (bsc#1201193).
• scsi: lpfc: Resolve some cleanup issues following SLI path refactoring (bsc#1201193).
• scsi: lpfc: Rework lpfc_vmid_get_appid() to be protocol independent (bsc#1201193).
• scsi: lpfc: Update lpfc version to 14.2.0.4 (bsc#1201193).
• scsi: nvme: Added a new sysfs attribute appid_store (bsc#1201193).
• scsi: nvme-fc: Add new routine nvme_fc_io_getuuid() (bsc#1201193).
• scsi: qla2xxx: Add a new v2 dport diagnostic feature (bsc#1201160).
• scsi: qla2xxx: Add debug prints in the device remove path (bsc#1201160).
• scsi: qla2xxx: edif: Add bsg interface to read doorbell events (bsc#1201160).
• scsi: qla2xxx: edif: Add retry for ELS passthrough (bsc#1201160).
• scsi: qla2xxx: edif: bsg refactor (bsc#1201160).
• scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription (bsc#1201160).
• scsi: qla2xxx: edif: Fix n2n discovery issue with secure target (bsc#1201160).
• scsi: qla2xxx: edif: Fix n2n login retry for secure device (bsc#1201160).
• scsi: qla2xxx: edif: Fix no login after app start (bsc#1201160).
• scsi: qla2xxx: edif: Fix no logout on delete for N2N (bsc#1201160).
• scsi: qla2xxx: edif: Fix potential stuck session in sa update (bsc#1201160).
• scsi: qla2xxx: edif: Fix session thrash (bsc#1201160).
• scsi: qla2xxx: edif: Fix slow session teardown (bsc#1201160).
• scsi: qla2xxx: edif: Reduce disruption due to multiple app start (bsc#1201160).
• scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing (bsc#1201160).
• scsi: qla2xxx: edif: Reduce N2N thrashing at app_start time (bsc#1201160).
• scsi: qla2xxx: edif: Remove old doorbell interface (bsc#1201160).
• scsi: qla2xxx: edif: Send LOGO for unexpected IKE message (bsc#1201160).
• scsi: qla2xxx: edif: Synchronize NPIV deletion with authentication application (bsc#1201160).
• scsi: qla2xxx: edif: Tear down session if keys have been removed (bsc#1201160).
• scsi: qla2xxx: edif: Wait for app to ack on sess down (bsc#1201160).
• scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts (bsc#1201160).
• scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection (bsc#1201160).
• scsi: qla2xxx: Fix excessive I/O error messages by default (bsc#1201160).
• scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation tests (bsc#1201160).
• scsi: qla2xxx: Fix losing FCP-2 targets on long port disable with I/Os (bsc#1201160).
• scsi: qla2xxx: Fix losing target when it reappears during delete (bsc#1201160).
• scsi: qla2xxx: Remove setting of 'req' and 'rsp' parameters (bsc#1201160).
• scsi: qla2xxx: Remove unused 'ql_dm_tgt_ex_pct' parameter (bsc#1201160).
• scsi: qla2xxx: Turn off multi-queue for 8G adapters (bsc#1201160).
• scsi: qla2xxx: Update version to 10.02.07.500-k (bsc#1201160).
• scsi: qla2xxx: Update version to 10.02.07.600-k (bsc#1201160).
• scsi: qla2xxx: Update version to 10.02.07.700-k (bsc#1201160).
• scsi: qla2xxx: Wind down adapter after PCIe error (bsc#1201160).
• scsi: sd: sd_zbc: Do not pass GFP_NOIO to kvcalloc (git-fixes).
• scsi: sd: sd_zbc: Fix handling of host-aware ZBC disks (git-fixes).
• scsi: sd: sd_zbc: Fix ZBC disk initialization (git-fixes).
• scsi: sd: Signal drive managed SMR disks (git-fixes).
• scsi: sd_zbc: Do not limit max_zone_append sectors to (git-fixes).
• scsi: sd_zbc: Ensure buffer size is aligned to SECTOR_SIZE (git-fixes).
• scsi: sd_zbc: Improve zone revalidation (git-fixes).
• scsi: sd_zbc: Remove unused inline functions (git-fixes).
• scsi: sd_zbc: Support disks with more than 2**32 logical (git-fixes).
• scsi: smartpqi: create module parameters for LUN reset (bsc#1179195 bsc#1200622).
• smb3: add mount parm nosparse (bsc#1200217).
• smb3: add trace point for lease not found issue (bsc#1200217).
• smb3: add trace point for oplock not found (bsc#1200217).
• smb3: check for null tcon (bsc#1200217).
• smb3: cleanup and clarify status of tree connections (bsc#1200217).
• smb3: do not set rc when used and unneeded in query_info_compound (bsc#1200217).
• SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op (bsc#1200217).
• smb3: fix incorrect session setup check for multiuser mounts (bsc#1200217).
• smb3: fix ksmbd bigendian bug in oplock break, and move its struct to smbfs_common (bsc#1200217).
• smb3: fix snapshot mount option (bsc#1200217).
• smb3 improve error message when mount options conflict with posix (bsc#1200217).
• smb3: move defines for ioctl protocol header and SMB2 sizes to smbfs_common (bsc#1200217).
• smb3: move defines for query info and query fsinfo to smbfs_common (bsc#1200217).
• smb3: move more common protocol header definitions to smbfs_common (bsc#1200217).
• smb3: send NTLMSSP version information (bsc#1200217).
• soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe (git-fixes).
• spi: Fix use-after-free with devm_spi_alloc_* (git-fixes).
• SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() (git-fixes).
• sunvnet: use icmp_ndo_send helper (git-fixes).
• tty: goldfish: Fix free_irq() on remove (git-fixes).
• usb: chipidea: udc: check request status before setting device address (git-fixes).
• usb: dwc2: Fix memory leak in dwc2_hcd_init (git-fixes).
• usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe (git-fixes).
• usb: gadget: u_ether: fix regression in setting fixed MAC address (git-fixes).
• usbnet: fix memory allocation in helpers (git-fixes).
• USB: serial: io_ti: add Agilent E5805A support (git-fixes).
• USB: serial: option: add Quectel EM05-G modem (git-fixes).
• USB: serial: option: add Quectel RM500K module support (git-fixes).
• USB: serial: option: add support for Cinterion MV31 with new baseline (git-fixes).
• USB: serial: option: add Telit LE910Cx 0x1250 composition (git-fixes).
• usb: xhci: Workaround for S3 issue on AMD SNPS 3.0 xHC (git-fixes).
• veth: fix races around rq->rx_notify_masked (git-fixes).
• virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed (git-fixes).
• virtio-net: fix race between ndo_open() and virtio_device_ready() (git-fixes).
• virtio_net: fix xdp_rxq_info bug after suspend/resume (git-fixes).
• virtio-pci: Remove wrong address verification in vp_del_vqs() (git-fixes).
• vmxnet3: fix minimum vectors alloc issue (bsc#1199489).
• writeback: Avoid skipping inode writeback (bsc#1200813).
• writeback: Fix inode->i_io_list not be protected by inode->i_lock error (bsc#1200821).
• xhci: Add reset resume quirk for AMD xhci controller (git-fixes).
• x86/entry: Remove skip_r11rcx (bsc#1201644).

This update for libzypp, zypper fixes the following issues:
libzypp:

• appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684)
• zypp-rpm: flush rpm script output buffer before sending endOfScriptTag
• PluginRepoverification: initial version hooked into repo::Downloader and repo refresh
• Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived (bsc#1199042)
• singletrans: no dry-run commit if doing just download-only
• Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were removed at the beginning of the repo.
• Fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER

• Basic JobReport for 'cmdout/monitor'
• versioncmp: if verbose, also print the edition 'parts' which are compared
• Make sure MediaAccess is closed on exception (bsc#1194550)
• Display plus-content hint conditionally
• Honor the NO_COLOR environment variable when auto-detecting whether to use color
• Define table columns which should be sorted natural [case insensitive]
• lr/ls: Use highlight color on name and alias as well

This update for ldb, samba fixes the following issues:

• CVE-2022-32746: Fixed a use-after-free occurring in database audit logging (bsc#1201490).
• CVE-2022-32745: Fixed a remote server crash with an LDAP add or modify request (bsc#1201492).
• CVE-2022-2031: Fixed AD restrictions bypass associated with changing passwords (bsc#1201495).
• CVE-2022-32742: Fixed a memory leak in SMB1 (bsc#1201496).
• CVE-2022-32744: Fixed an arbitrary password change request for any AD user (bsc#1201493).

• Use pathref fd instead of io fd in vfs_default_durable_cookie; (bso#15042);
• Setting fruit:resource = stream in vfs_fruit causes a panic; (bso#15099);
• Add support for bind 9.18; (bso#14986);
• logging dsdb audit to specific files does not work; (bso#15076);
• vfs_gpfs with vfs_shadowcopy2 fail to restore file if original file had been deleted; (bso#15069);
• netgroups support removed; (bso#15087); (bsc#1199247);
• net ads info shows LDAP Server: 0.0.0.0 depending on contacted server; (bso#14674); (bsc#1199734);
• waf produces incorrect names for python extensions with Python 3.11; (bso#15071);
• smbclient commands del & deltree fail with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556);
• vfs_gpfs recalls=no option prevents listing files; (bso#15055);
• waf produces incorrect names for python extensions with Python 3.11; (bso#15071);
• Compile error in source3/utils/regedit_hexedit.c; (bso#15091);
• ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link; (bso#15108);
• smbd doesn't handle UPNs for looking up names; (bso#15054);
• Out-by-4 error in smbd read reply max_send clamp; (bso#14443);

• Move pdb backends from package samba-libs to package samba-client-libs and remove samba-libs requirement from samba-winbind; (bsc#1200964); (bsc#1198255);
• Use the canonical realm name to refresh the Kerberos tickets; (bsc#1196224); (bso#14979);
• Fix smbclient commands del & deltree failing with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556).

• Fix build problems, waf produces incorrect names for python extensions; (bso#15071);

This update for xen fixes the following issues:

• CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (XSA-402) (bsc#1199966).
• CVE-2022-21123, CVE-2022-21125, CVE-2022-21166: Fixed MMIO stale data vulnerabilities on x86 (XSA-404) (bsc#1200549).
• CVE-2022-26362: Fixed a race condition in typeref acquisition (XSA-401) (bsc#1199965).
• CVE-2022-33745: Fixed insufficient TLB flush for x86 PV guests in shadow mode (XSA-408) (bsc#1201394).
• CVE-2022-23816, CVE-2022-23825, CVE-2022-29900: Fixed RETBLEED vulnerability, arbitrary speculative code execution with return instructions (XSA-407) (bsc#1201469).

This update for dwarves and elfutils fixes the following issues:
elfutils was updated to version 0.177 (jsc#SLE-24501):

• elfclassify: New tool to analyze ELF objects.
• readelf: Print DW_AT_data_member_location as decimal offset. Decode DW_AT_discr_list block attributes.
• libdw: Add DW_AT_GNU_numerator, DW_AT_GNU_denominator and DW_AT_GNU_bias.
• libdwelf: Add dwelf_elf_e_machine_string. dwelf_elf_begin now only returns NULL when there is an error reading or decompressing a file. If the file is not an ELF file an ELF handle of type ELF_K_NONE is returned.
• backends: Add support for C-SKY.

• build: Add new --enable-install-elfh option. Do NOT use this for system installs (it overrides glibc elf.h).
• backends: riscv improved core file and return value location support.
• Fixes: - CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7664 - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685) - CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (CVE is a bit misleading, as this is not a bug in libelf as described) (bsc#1125007)

• libdw: Added new DWARF5 attribute, tag, character encoding, language code, calling convention, defaulted member function and macro constants to dwarf.h.

• backends: Add support for EM_PPC64 GNU_ATTRIBUTES. Frame pointer unwinding fallback support for i386, x86_64, aarch64.
• translations: Update Polish translation. - CVE-2017-7611: elfutils: DoS (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033088) - CVE-2017-7610: elflint: heap-based buffer overflow in check_group (bsc#1033087) - CVE-2017-7609: memory allocation failure in __libelf_decompress (bsc#1033086) - CVE-2017-7607: heap-based buffer overflow in handle_gnu_hashi (readelf.c) (bsc#1033084) - CVE-2017-7608: heap-based buffer overflow in ebl_object_note_type_name (eblobjnotetypename.c) (bsc#1033085) - CVE-2017-7613: elfutils: denial of service (memory consumption) via a crafted ELF file (bsc#1033090) - CVE-2017-7612: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033089)
• Don't make elfutils recommend elfutils-lang as elfutils-lang already supplements elfutils.

This update for apparmor fixes the following issues:

• Add new rule to fix reported 'DENIED' audit records with Apparmor profile 'usr.sbin.smbd' (bsc#1196850)
• Add new rule to allow reading of openssl.cnf (bsc#1195463)

This update for dracut fixes the following issues:

• Fix(nfs): /var is not mounted during the transactional-update run (bsc#1184970)
• Fix(nfs): give /run/rpcbind ownership to rpc user (bsc#1177461)

This update for pcre2 fixes the following issues:

• CVE-2019-20454: Fixed out-of-bounds read in JIT mode when \X is used in non-UTF mode (bsc#1164384).
• CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235).

This update for hwinfo fixes the following issues:

• Keep NVMe's namespace output consistency when the option `nvme_core.multipath=1` (bsc#1199948)
• Fix bug in determining serial console device name (bsc#1198043)
• Don't rely on select() updating its timeout argument (bsc#1184339)
• Fix logic around CD-ROM detection
• Prevent closing of the open CD-ROM tray after read
• Always read numerical 32bit serial number from EDID header. Override this with ASCII serial number from display descriptor, if available.
• Display numerical 32bit serial number for monitors without serial number display descriptor
• Fix timezone issue in SOURCE_DATE_EPOCH code
• Recognize loongarch64 architecture
• Update PCI and USB ids

This update for ncurses fixes the following issues:

• CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627).

This update for tar fixes the following issues:

• Fix race condition while creating intermediate subdirectories (bsc#1200657)

This update for cifs-utils fixes the following issues:

• CVE-2022-29869: Fixed verbose messages on option parsing causing information leak (bsc#1198976).

This update for tar fixes the following issues:

• A regression in a previous update lead to potential deadlocks when extracting an archive. (bsc#1202436)

SUSE-IU-2022:894-1

This update for python3 fixes the following issues:

• CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511).

This update for pcre fixes the following issues:

• CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232)

This update for p11-kit fixes the following issues:

• CVE-2020-29362: Fixed a 4 byte overread in p11_rpc_buffer_get_byte_array which could lead to crashes (bsc#1180065)

This update for glibc fixes the following issues:

• powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334)
• Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718)
• i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718)
• rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051)

SUSE-IU-2022:760-1

This update for SUSEConnect fixes the following issues:

• Update to 0.3.34
• Manage the `System-Token` header. The `System-Token` header as delivered by SCC will be stored inside of the credentials file for later use on API calls. This way we add system clone detection for systems using this version of SUSE Connect.

• Update to 0.3.33
• Add --keepalive command to send pings to SCC.
• Add service/timer to periodically call --keepalive command to make system information in SCC and proxies more accurate. (bsc#1196076)

This update for grub2 fixes the following issues:
Security fixes and hardenings for boothole 3 / boothole 2022 (bsc#1198581)

• CVE-2021-3695: Fixed that a crafted PNG grayscale image could lead to out-of-bounds write in heap (bsc#1191184)
• CVE-2021-3696: Fixed that a crafted PNG image could lead to out-of-bound write during huffman table handling (bsc#1191185)
• CVE-2021-3697: Fixed that a crafted JPEG image could lead to buffer underflow write in the heap (bsc#1191186)
• CVE-2022-28733: Fixed fragmentation math in net/ip (bsc#1198460)
• CVE-2022-28734: Fixed an out-of-bound write for split http headers (bsc#1198493)
• CVE-2022-28735: Fixed some verifier framework changes (bsc#1198495)
• CVE-2022-28736: Fixed a use-after-free in chainloader command (bsc#1198496)
• Update SBAT security contact (bsc#1193282)
• Bump grub's SBAT generation to 2

• Use boot disks in OpenFirmware, fixing regression caused when the root LV is completely in the boot LUN (bsc#1197948)

This update for xen fixes the following issues:

• CVE-2022-26358, CVE-2022-26359, CVE-2022-26360, CVE-2022-26361: Fixed IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues (XSA-400) (bsc#1197426)
• CVE-2022-26362: Fixed race condition in typeref acquisition (bsc#1199965)
• CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (bsc#1199966)

The SUSE Linux Enterprise 15 SP3 kernel was updated.
The following security bugs were fixed:

• CVE-2022-0168: Fixed a NULL pointer dereference in smb2_ioctl_query_info. (bsc#1197472)
• CVE-2022-20008: Fixed bug that allows to read kernel heap memory due to uninitialized data in mmc_blk_read_single of block.c. (bnc#1199564)
• CVE-2022-1972: Fixed a buffer overflow in nftable that could lead to privilege escalation. (bsc#1200019)
• CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
• CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
• CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
• CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
• CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
• CVE-2019-19377: Fixed an user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image. (bnc#1158266)
• CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507).
• CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when mounting and operating on a corrupted image. (bsc#1198577)
• CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063).
• CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505).
• CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426).

• ACPI: property: Release subnode properties with data nodes (git-fixes).
• ALSA: ctxfi: Add SB046x PCI ID (git-fixes).
• ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes (git-fixes).
• ALSA: hda - fix unused Realtek function when PM is not enabled (git-fixes).
• ALSA: hda/realtek - Add new type for ALC245 (git-fixes).
• ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS (git-fixes).
• ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9520 laptop (git-fixes).
• ALSA: hda/realtek: Enable headset mic on Lenovo P360 (git-fixes).
• ALSA: pcm: Check for null pointer of pointer substream before dereferencing it (git-fixes).
• ALSA: usb-audio: Add missing ep_idx in fixed EP quirks (git-fixes).
• ALSA: usb-audio: Clear MIDI port active flag after draining (git-fixes).
• ALSA: usb-audio: Configure sync endpoints before data (git-fixes).
• ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant (git-fixes).
• ALSA: usb-audio: Restore Rane SL-1 quirk (git-fixes).
• ALSA: wavefront: Proper check of get_user() error (git-fixes).
• ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling (git-fixes)
• ARM: 9170/1: fix panic when kasan and kprobe are enabled (git-fixes)
• ARM: 9187/1: JIVE: fix return value of __setup handler (git-fixes)
• ARM: config: u8500: Re-enable AB8500 battery charging (git-fixes)
• ARM: davinci: da850-evm: Avoid NULL pointer dereference (git-fixes)
• ARM: dts: am3517-evm: Fix misc pinmuxing (git-fixes)
• ARM: dts: armada-38x: Add generic compatible to UART nodes (git-fixes)
• ARM: dts: at91: fix pinctrl phandles (git-fixes)
• ARM: dts: at91: Map MCLK for wm8731 on at91sam9g20ek (git-fixes)
• ARM: dts: at91: sama5d2: Fix PMERRLOC resource size (git-fixes)
• ARM: dts: at91: sama5d4_xplained: fix pinctrl phandle name (git-fixes)
• ARM: dts: bcm2835-rpi-b: Fix GPIO line names (git-fixes)
• ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT (git-fixes)
• ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED (git-fixes)
• ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C (git-fixes)
• ARM: dts: exynos: fix UART3 pins configuration in Exynos5250 (git-fixes)
• ARM: dts: Fix OpenBMC flash layout label addresses (git-fixes)
• ARM: dts: imx: Add missing LVDS decoder on M53Menlo (git-fixes)
• ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group (git-fixes)
• ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue (git-fixes)
• ARM: dts: imx6qdl-udoo: Properly describe the SD card detect (git-fixes)
• ARM: dts: imx6ull-colibri: fix vqmmc regulator (git-fixes)
• ARM: dts: imx6ull-pinfunc: Fix CSI_DATA07__ESAI_TX0 pad name (git-fixes)
• ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35 (git-fixes)
• ARM: dts: meson: Fix the UART compatible strings (git-fixes)
• ARM: dts: meson8: Fix the UART device-tree schema validation (git-fixes)
• ARM: dts: meson8b: Fix the UART device-tree schema validation (git-fixes)
• ARM: dts: qcom: ipq4019: fix sleep clock (git-fixes)
• ARM: dts: qcom: msm8974: Drop flags for mdss irqs (git-fixes)
• ARM: dts: suniv: F1C100: fix watchdog compatible (git-fixes)
• ARM: ftrace: ensure that ADR takes the Thumb bit into account (git-fixes)
• arm: mediatek: select arch timer for mt7629 (git-fixes)
• ARM: omap: remove debug-leds driver (git-fixes)
• ARM: OMAP2+: Fix refcount leak in omap_gic_of_init (git-fixes)
• ARM: socfpga: dts: fix qspi node compatible (git-fixes)
• ARM: socfpga: fix missing RESET_CONTROLLER (git-fixes)
• ARM: tegra: Move panels to AUX bus (git-fixes)
• arm64: dts: broadcom: Fix sata nodename (git-fixes)
• arm64: dts: ns2: Fix spi-cpol and spi-cpha property (git-fixes)
• arm64: dts: rockchip: Fix SDIO regulator supply properties on (git-fixes)
• arm64: paravirt: Use RCU read locks to guard stolen_time (git-fixes).
• arm64: pgtable: make __pte_to_phys/__phys_to_pte_val inline functions (git-fixes)
• arm64/mm: avoid fixmap race condition when create pud mapping (git-fixes)
• ASoC: atmel-classd: Remove endianness flag on class d component (git-fixes).
• ASoC: atmel-pdmic: Remove endianness flag on pdmic component (git-fixes).
• ASoC: da7219: Fix change notifications for tone generator frequency (git-fixes).
• ASoC: dmaengine: Restore NULL prepare_slave_config() callback (git-fixes).
• ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition (git-fixes).
• ASoC: max98090: Generate notifications on changes for custom control (git-fixes).
• ASoC: max98090: Move check for invalid values before casting in max98090_put_enab_tlv() (git-fixes).
• ASoC: max98090: Reject invalid values in custom control put() (git-fixes).
• ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe (git-fixes).
• ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe (git-fixes).
• ASoC: meson: Fix event generation for G12A tohdmi mux (git-fixes).
• ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe (git-fixes).
• ASoC: ops: Validate input values in snd_soc_put_volsw_range() (git-fixes).
• ASoC: rk3328: fix disabling mclk on pclk probe failure (git-fixes).
• ASoC: rt5514: Fix event generation for 'DSP Voice Wake Up' control (git-fixes).
• ASoC: ti: j721e-evm: Fix refcount leak in j721e_soc_probe_* (git-fixes).
• ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() (git-fixes).
• ASoC: wm8958: Fix change notifications for DSP controls (git-fixes).
• assoc_array: Fix BUG_ON during garbage collect (git-fixes).
• ata: pata_hpt37x: fix PCI clock detection (git-fixes).
• ata: pata_marvell: Check the 'bmdma_addr' beforing reading (git-fixes).
• ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix (git-fixes).
• ath9k: fix ar9003_get_eepmisc (git-fixes).
• batman-adv: Do not skb_split skbuffs with frag_list (git-fixes).
• blk-cgroup: move blkcg_{get,set}_fc_appid out of line (bsc#1200045).
• Bluetooth: call hci_le_conn_failed with hdev lock in hci_le_conn_failed (git-fixes).
• Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout (git-fixes).
• Bluetooth: Fix the creation of hdev->name (git-fixes).
• Bluetooth: hci_qca: Use del_timer_sync() before freeing (git-fixes).
• bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag (jsc#SLE-8371 bsc#1153274).
• bnxt_en: Fix unnecessary dropping of RX packets (jsc#SLE-15075).
• brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant (git-fixes).
• bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() (git-fixes).
• bus: ti-sysc: Fix warnings for unbind for serial (git-fixes).
• can: grcan: grcan_close(): fix deadlock (git-fixes).
• can: grcan: use ofdev->dev when allocating DMA memory (git-fixes).
• carl9170: tx: fix an incorrect use of list iterator (git-fixes).
• ceph: fix setting of xattrs on async created inodes (bsc#1200192).
• cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (bsc#1199839).
• clk: at91: generated: consider range when calculating best rate (git-fixes).
• clk: bcm2835: fix bcm2835_clock_choose_div (git-fixes).
• clk: imx8mp: fix usb_root_clk parent (git-fixes).
• clk: renesas: r9a06g032: Fix the RTC hclock description (git-fixes).
• clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() (git-fixes).
• copy_process(): Move fd_install() out of sighand->siglock critical section (bsc#1199626).
• crypto: caam - fix i.MX6SX entropy delay value (git-fixes).
• crypto: ecrdsa - Fix incorrect use of vli_cmp (git-fixes).
• crypto: stm32 - fix reference leak in stm32_crc_remove (git-fixes).
• crypto: x86 - eliminate anonymous module_init and module_exit (git-fixes).
• crypto: x86/chacha20 - Avoid spurious jumps to other functions (git-fixes).
• dim: initialize all struct fields (git-fixes).
• dmaengine: idxd: Fix the error handling path in idxd_cdev_register() (git-fixes).
• dmaengine: stm32-mdma: remove GISR1 register (git-fixes).
• docs: powerpc: Fix misspellings and grammar errors (bsc#1055117 ltc#159753).
• docs: submitting-patches: Fix crossref to 'The canonical patch format' (git-fixes).
• drbd: fix an invalid memory access caused by incorrect use of list iterator (git-fixes).
• drbd: fix duplicate array initializer (git-fixes).
• drbd: Fix five use after free bugs in get_initial_state (git-fixes).
• drbd: remove assign_p_sizes_qlim (git-fixes).
• drbd: use bdev based limit helpers in drbd_send_sizes (git-fixes).
• drbd: use bdev_alignment_offset instead of queue_alignment_offset (git-fixes).
• driver: core: fix deadlock in __device_attach (git-fixes).
• driver: base: fix UAF when driver_attach failed (git-fixes).
• drivers: base: cacheinfo: Get rid of DEFINE_SMP_CALL_CACHE_FUNCTION() (git-fixes)
• drivers/base/memory: fix an unlikely reference counting issue in __add_memory_block() (git-fixes).
• drivers/base/node.c: fix compaction sysfs file leak (git-fixes).
• drm: mali-dp: potential dereference of null pointer (git-fixes).
• drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() (git-fixes).
• drm: sti: do not use kernel-doc markers (git-fixes).
• drm/amd/display/dc/gpio/gpio_service: Pass around correct dce_{version, environment} types (git-fixes).
• drm/amdkfd: Fix GWS queue count (git-fixes).
• drm/blend: fix typo in the comment (git-fixes).
• drm/bridge: adv7511: clean up CEC adapter when probe fails (git-fixes).
• drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (git-fixes).
• drm/bridge: Fix error handling in analogix_dp_probe (git-fixes).
• drm/edid: fix invalid EDID extension block filtering (git-fixes).
• drm/i915: Fix CFI violation with show_dynamic_id() (git-fixes).
• drm/i915: Fix SEL_FETCH_PLANE_*(PIPE_B+) register addresses (git-fixes).
• drm/komeda: Fix an undefined behavior bug in komeda_plane_add() (git-fixes).
• drm/mediatek: Fix mtk_cec_mask() (git-fixes).
• drm/msm: return an error pointer in msm_gem_prime_get_sg_table() (git-fixes).
• drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init (git-fixes).
• drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume (git-fixes).
• drm/msm/dpu: adjust display_v_end for eDP and DP (git-fixes).
• drm/msm/dsi: fix error checks and return values for DSI xmit functions (git-fixes).
• drm/msm/hdmi: check return value after calling platform_get_resource_byname() (git-fixes).
• drm/msm/hdmi: fix error check return value of irq_of_parse_and_map() (git-fixes).
• drm/msm/mdp5: check the return of kzalloc() (git-fixes).
• drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected (git-fixes).
• drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected (git-fixes).
• drm/nouveau: Fix a potential theorical leak in nouveau_get_backlight_name() (git-fixes).
• drm/nouveau/clk: Fix an incorrect NULL check on list iterator (git-fixes).
• drm/nouveau/kms/nv50-: atom: fix an incorrect NULL check on list iterator (git-fixes).
• drm/nouveau/tegra: Stop using iommu_present() (git-fixes).
• drm/panel: simple: Add missing bus flags for Innolux G070Y2-L01 (git-fixes).
• drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (git-fixes).
• drm/vc4: hvs: Reset muxes at probe time (git-fixes).
• drm/vc4: txp: Do not set TXP_VSTART_AT_EOF (git-fixes).
• drm/vc4: txp: Force alpha to be 0xff if it's disabled (git-fixes).
• drm/vmwgfx: Initialize drm_mode_fb_cmd2 (git-fixes).
• EDAC/synopsys: Read the error count from the correct register (bsc#1178134).
• firewire: core: extend card->lock in fw_core_handle_bus_reset (git-fixes).
• firewire: fix potential uaf in outbound_phy_packet_callback() (git-fixes).
• firewire: remove check of list iterator against head past the loop body (git-fixes).
• firmware: arm_scmi: Fix list protocols enumeration in the base protocol (git-fixes).
• firmware: arm_scmi: Validate BASE_DISCOVER_LIST_PROTOCOLS response (git-fixes).
• firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle (git-fixes).
• firmware: stratix10-svc: fix a missing check on list iterator (git-fixes).
• genirq: Fix reference leaks on irq affinity notifiers (git-fixes)
• genirq: Let GENERIC_IRQ_IPI select IRQ_DOMAIN_HIERARCHY (git-fixes)
• genirq/affinity: Consider that CPUs on nodes can be (git-fixes)
• genirq/affinity: Handle affinity setting on inactive (git-fixes)
• genirq/msi: Ensure deactivation on teardown (git-fixes)
• genirq/proc: Reject invalid affinity masks (again) (git-fixes)
• genirq/timings: Fix error return code in (git-fixes)
• genirq/timings: Prevent potential array overflow in (git-fixes)
• gma500: fix an incorrect NULL check on list iterator (git-fixes).
• gpio: adp5588: Remove support for platform setup and teardown callbacks (git-fixes).
• gpio: gpio-vf610: do not touch other bits when set the target bit (git-fixes).
• gpio: mvebu/pwm: Refuse requests with inverted polarity (git-fixes).
• gpio: pca953x: fix irq_stat not updated when irq is disabled (irq_mask not set) (git-fixes).
• gpio: pca953x: use the correct register address to do regcache sync (git-fixes).
• gpiolib: of: fix bounds check for 'gpio-reserved-ranges' (git-fixes).
• hex2bin: fix access beyond string end (git-fixes).
• HID: elan: Fix potential double free in elan_input_configured (git-fixes).
• HID: hid-led: fix maximum brightness for Dream Cheeky (git-fixes).
• hinic: fix bug of wq out of bound access (bsc#1176447).
• hwmon: (f71882fg) Fix negative temperature (git-fixes).
• hwmon: (ltq-cputemp) restrict it to SOC_XWAY (git-fixes).
• hwmon: (tmp401) Add OF device ID table (git-fixes).
• i2c: at91: Initialize dma_buf in at91_twi_xfer() (git-fixes).
• i2c: at91: use dma safe buffers (git-fixes).
• i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe() (git-fixes).
• i40e: stop disabling VFs due to PF error responses (git-fixes).
• ice: arfs: fix use-after-free when freeing @rx_cpu_rmap (jsc#SLE-12878).
• ice: Clear default forwarding VSI during VSI release (jsc#SLE-12878).
• ice: Do not skip not enabled queues in ice_vc_dis_qs_msg (jsc#SLE-7926).
• ice: Fix race conditions between virtchnl handling and VF ndo ops (git-fixes).
• ice: synchronize_rcu() when terminating rings (jsc#SLE-7926).
• iio: adc: ad7124: Remove shift from scan_type (git-fixes).
• iio: adc: sc27xx: Fine tune the scale calibration values (git-fixes).
• iio: adc: sc27xx: fix read big scale voltage not right (git-fixes).
• iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check (git-fixes).
• iio: dac: ad5446: Fix read_raw not returning set value (git-fixes).
• iio: dac: ad5592r: Fix the missing return value (git-fixes).
• iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on() (git-fixes).
• Input: add bounds checking to input_set_capability() (git-fixes).
• Input: ili210x - fix reset timing (git-fixes).
• Input: sparcspkr - fix refcount leak in bbc_beep_probe (git-fixes).
• Input: stmfts - do not leave device disabled in stmfts_input_open (git-fixes).
• Input: stmfts - fix reference leak in stmfts_input_open (git-fixes).
• iommu/amd: Increase timeout waiting for GA log enablement (bsc#1199052).
• ionic: avoid races in ionic_heartbeat_check (bsc#1167773).
• ionic: Cleanups in the Tx hotpath code (bsc#1167773).
• ionic: disable napi when ionic_lif_init() fails (bsc#1167773).
• ionic: Do not send reset commands if FW isn't running (bsc#1167773).
• ionic: fix missing pci_release_regions() on error in ionic_probe() (bsc#1167773).
• ionic: fix type complaint in ionic_dev_cmd_clean() (jsc#SLE-16649).
• ionic: monitor fw status generation (bsc#1167773).
• ionic: remove the dbid_inuse bitmap (bsc#1167773).
• ionic: start watchdog after all is setup (bsc#1167773).
• ivtv: fix incorrect device_caps for ivtvfb (git-fixes).
• iwlwifi: iwl-dbg: Use del_timer_sync() before freeing (git-fixes).
• iwlwifi: mvm: fix the return type for DSM functions 1 and 2 (git-fixes).
• jbd2: Fake symbols defined under CONFIG_JBD2_DEBUG (bsc#1198971).
• kABI: ivtv: restore caps member (git-fixes).
• KVM: PPC: Fix TCE handling for VFIO (bsc#1061840 git-fixes).
• KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state (git-fixes).
• lan743x: fix rx_napi_poll/interrupt ping-pong (git-fixes).
• lan743x: remove redundant assignment to variable rx_process_result (git-fixes).
• lib/raid6/test: fix multiple definition linking error (git-fixes).
• mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (git-fixes).
• mac80211: fix rx reordering with non explicit / psmp ack policy (git-fixes).
• mac80211: Reset MBSSID parameters upon connection (git-fixes).
• media: davinci: Make use of the helper function devm_platform_ioremap_resource() (git-fixes).
• media: davinci: vpif: fix unbalanced runtime PM enable (git-fixes).
• media: davinci: vpif: fix use-after-free on driver unbind (git-fixes).
• media: media-entity.h: Fix documentation for media_create_intf_link (git-fixes).
• media: ov7670: remove ov7670_power_off from ov7670_remove (git-fixes).
• media: platform: add missing put_device() call in mtk_jpeg_probe() and mtk_jpeg_remove() (git-fixes).
• media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init (git-fixes).
• media: saa7134: fix incorrect use to determine if list is empty (git-fixes).
• media: uvcvideo: Fix missing check to determine if element is found in list (git-fixes).
• media: videobuf2: Fix the size printk format (git-fixes).
• media: vim2m: Register video device after setting up internals (git-fixes).
• mfd: ipaq-micro: Fix error check return value of platform_get_irq() (git-fixes).
• misc: ocxl: fix possible double free in ocxl_file_register_afu (git-fixes).
• mm, page_alloc: fix build_zonerefs_node() (git-fixes).
• mm/mmu_notifier.c: fix race in mmu_interval_notifier_remove() (jsc#SLE-15176, jsc#SLE-16387).
• mmc: block: Use generic_cmd6_time when modifying INAND_CMD38_ARG_EXT_CSD (git-fixes).
• mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC (git-fixes).
• mt76: Fix undefined behavior due to shift overflowing the constant (git-fixes).
• mt76: mt7663s: fix rx buffer refcounting (git-fixes).
• mtd: rawnand: fix ecc parameters for mt7622 (git-fixes).
• mtd: rawnand: Fix return value check of wait_for_completion_timeout (git-fixes).
• mtd: spi-nor: core: Check written SR value in spi_nor_write_16bit_sr_and_check() (git-fixes).
• net: bcmgenet: Fix a resource leak in an error handling path in the probe functin (git-fixes).
• net: dsa: lantiq_gswip: Enable GSWIP_MII_CFG_EN also for internal PHYs (git-fixes).
• net: dsa: lantiq_gswip: Fix GSWIP_MII_CFG(p) register access (git-fixes).
• net: ethernet: Fix memleak in ethoc_probe (git-fixes).
• net: ethernet: ti: cpts: fix ethtool output when no ptp_clock registered (git-fixes).
• net: hdlc_ppp: Fix issues when mod_timer is called while timer is running (git-fixes).
• net: hns3: add a check for index in hclge_get_rss_key() (git-fixes).
• net: hns3: clear inited state and stop client after failed to register netdev (bsc#1154353).
• net: hns3: fix bug when PF set the duplicate MAC address for VFs (jsc#SLE-14777).
• net: hns3: fix kernel crash when unload VF while it is being reset (git-fixes).
• net: korina: fix return value (git-fixes).
• net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (bsc#1183405).
• net: stmmac: dwmac-sun8i: Balance internal PHY power (git-fixes).
• net: stmmac: dwmac-sun8i: Balance internal PHY resource references (git-fixes).
• net: stmmac: dwmac-sun8i: Balance syscon (de)initialization (git-fixes).
• net: stmmac: dwmac-sun8i: Fix probe error handling (git-fixes).
• net/mlx5: Fix a race on command flush flow (jsc#SLE-15172).
• net/mlx5e: Fix the calling of update_buffer_lossy() API (jsc#SLE-15172).
• netdevice: demote the type of some dev_addr_set() helpers (bsc#1200216).
• netfilter: conntrack: connection timeout after re-register (bsc#1199035).
• netfilter: conntrack: move synack init code to helper (bsc#1199035).
• netfilter: conntrack: re-init state for retransmitted syn-ack (bsc#1199035).
• netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options (bsc#1199035).
• netfilter: nf_conntrack_tcp: re-init for syn packets only (bsc#1199035).
• netfilter: nft_set_rbtree: overlap detection with element re-addition after deletion (bsc#1176447).
• NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx (git-fixes).
• NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc (git-fixes).
• NFC: netlink: fix sleep in atomic bug when firmware download timeout (git-fixes).
• NFC: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs (git-fixes).
• NFC: NULL out the dev->rfkill to prevent UAF (git-fixes).
• NFS: limit use of ACCESS cache for negative responses (bsc#1196570).
• NFS: Do not invalidate inode attributes on delegation return (git-fixes).
• nl80211: show SSID for P2P_GO interfaces (git-fixes).
• nvdimm/region: always show the 'align' attribute (bsc#1199114).
• nvme-tcp: allow selecting the network interface for connections (bsc#1199670).
• nvme-tcp: use __dev_get_by_name instead dev_get_by_name for OPT_HOST_IFACE (bsc#1199670).
• objtool: Fix type of reloc::addend (git-fixes).
• PCI: aardvark: Clear all MSIs at setup (git-fixes).
• PCI: cadence: Fix find_first_zero_bit() limit (git-fixes).
• PCI: Do not enable AtomicOps on VFs (git-fixes).
• PCI: dwc: Fix setting error return on MSI DMA mapping failure (git-fixes).
• PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314).
• PCI: imx6: Fix PERST# start-up sequence (git-fixes).
• PCI: iproc: Set affinity mask on MSI interrupts (git-fixes).
• PCI: qcom: Fix runtime PM imbalance on probe errors (git-fixes).
• PCI: qcom: Fix unbalanced PHY init on probe errors (git-fixes).
• PCI: rockchip: Fix find_first_zero_bit() limit (git-fixes).
• PCI/AER: Clear MULTI_ERR_COR/UNCOR_RCV bits (git-fixes).
• PCI/PM: Power up all devices during runtime resume (git-fixes).
• phy: mapphone-mdm6600: Fix PM error handling in phy_mdm6600_probe (git-fixes).
• phy: qcom-qmp: fix pipe-clock imbalance on power-on failure (git-fixes).
• phy: qcom-qmp: fix reset-controller leak on probe errors (git-fixes).
• phy: qcom-qmp: fix struct clk leak on probe errors (git-fixes).
• phy: samsung: exynos5250-sata: fix missing device put in probe error paths (git-fixes).
• phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe (git-fixes).
• phy: ti: Add missing pm_runtime_disable() in serdes_am654_probe (git-fixes).
• phy: ti: omap-usb2: Fix error handling in omap_usb2_enable_clocks (git-fixes).
• pinctrl: mvebu: Fix irq_of_parse_and_map() return value (git-fixes).
• pinctrl: pistachio: fix use of irq_of_parse_and_map() (git-fixes).
• pinctrl: rockchip: fix RK3308 pinmux bits (git-fixes).
• pinctrl/rockchip: support deferring other gpio params (git-fixes).
• ping: fix the sk_bound_dev_if match in ping_lookup (bsc#1195826).
• ping: remove pr_err from ping_lookup (bsc#1195826).
• platform/chrome: cros_ec_debugfs: detach log reader wq from devm (git-fixes).
• platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative (git-fixes).
• powerpc: Enable the DAWR on POWER9 DD2.3 and above (bsc#1055117 ltc#159753).
• powerpc/64s: Add CPU_FTRS_POWER10 to ALWAYS mask (jsc#SLE-13521 git-fixes).
• powerpc/64s: Add CPU_FTRS_POWER9_DD2_2 to CPU_FTRS_ALWAYS mask (bsc#1061840 git-fixes).
• powerpc/64s/radix: Fix huge vmap false positive (bsc#1156395).
• powerpc/fadump: fix PT_LOAD segment for boot memory area (bsc#1103269 ltc#169948 git-fixes).
• powerpc/powernv: Add __init attribute to eligible functions (bsc#1188885 ltc#193722 git-fixes).
• powerpc/powernv: Get L1D flush requirements from device-tree (bsc#1188885 ltc#193722 git-fixes).
• powerpc/powernv: Get STF barrier requirements from device-tree (bsc#1188885 ltc#193722 git-fixes).
• powerpc/powernv: Remove POWER9 PVR version check for entry and uaccess flushes (bsc#1188885 ltc#193722 git-fixes).
• powerpc/xive: Add some error handling code to 'xive_spapr_init()' (git-fixes).
• powerpc/xive: Fix refcount leak in xive_spapr_init (git-fixes).
• pwm: lp3943: Fix duty calculation in case period was clamped (git-fixes).
• pwm: raspberrypi-poe: Fix endianness in firmware struct (git-fixes).
• qlcnic: Fix error code in probe (git-fixes).
• regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET (git-fixes).
• regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt (git-fixes).
• reset: tegra-bpmp: Restore Handle errors in BPMP response (git-fixes).
• revert scsi: qla2xxx: Changes to support FCP2 Target (bsc#1198438).
• rtc: fix use-after-free on device removal (git-fixes).
• rtc: mc146818-lib: Fix the AltCentury for AMD platforms (git-fixes).
• rtc: mt6397: check return value after calling platform_get_resource() (git-fixes).
• sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl (git-fixes).
• sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl (git-fixes).
• sched/pelt: Fix attach_entity_load_avg() corner case (git-fixes)
• sched/topology: Skip updating masks for non-online nodes (bsc#1197446 ltc#183000).
• scsi: dc395x: Fix a missing check on list iterator (git-fixes).
• scsi: fnic: Fix a tracing statement (git-fixes).
• scsi: fnic: Replace DMA mask of 64 bits with 47 bits (bsc#1199631).
• scsi: hisi_sas: Change permission of parameter prot_mask (git-fixes).
• scsi: lpfc: Alter FPIN stat accounting logic (bsc#1200045).
• scsi: lpfc: Change FA-PWWN detection methodology (bsc#1200045).
• scsi: lpfc: Change VMID registration to be based on fabric parameters (bsc#1200045).
• scsi: lpfc: Clear fabric topology flag before initiating a new FLOGI (bsc#1200045).
• scsi: lpfc: Copyright updates for 14.2.0.2 patches (bsc#1200045).
• scsi: lpfc: Correct BDE DMA address assignment for GEN_REQ_WQE (bsc#1200045 bsc#1198989 bsc#1197675).
• scsi: lpfc: Correct CRC32 calculation for congestion stats (bsc#1200045).
• scsi: lpfc: Decrement outstanding gidft_inp counter if lpfc_err_lost_link() (bsc#1200045).
• scsi: lpfc: Expand setting ELS_ID field in ELS_REQUEST64_WQE (bsc#1200045).
• scsi: lpfc: Fill in missing ndlp kref puts in error paths (bsc#1200045).
• scsi: lpfc: Fix additional reference counting in lpfc_bsg_rport_els() (bsc#1200045).
• scsi: lpfc: Fix call trace observed during I/O with CMF enabled (bsc#1200045).
• scsi: lpfc: Fix diagnostic fw logging after a function reset (bsc#1200045).
• scsi: lpfc: Fix dmabuf ptr assignment in lpfc_ct_reject_event() (bsc#1200045).
• scsi: lpfc: Fix element offset in __lpfc_sli_release_iocbq_s4() (bsc#1200045).
• scsi: lpfc: Fix field overload in lpfc_iocbq data structure (bsc#1200045).
• scsi: lpfc: Fix ndlp put following a LOGO completion (bsc#1200045).
• scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI (bsc#1200045).
• scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp() (bsc#1200045).
• scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock (bsc#1200045).
• scsi: lpfc: Fix split code for FLOGI on FCoE (bsc#1200045 bsc#1198989 bsc#1197675).
• scsi: lpfc: Inhibit aborts if external loopback plug is inserted (bsc#1200045).
• scsi: lpfc: Introduce FC_RSCN_MEMENTO flag for tracking post RSCN completion (bsc#1200045).
• scsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg() (bsc#1200045).
• scsi: lpfc: Move MI module parameter check to handle dynamic disable (bsc#1200045).
• scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT (bsc#1200045).
• scsi: lpfc: Refactor cleanup of mailbox commands (bsc#1200045).
• scsi: lpfc: Register for Application Services FC-4 type in Fabric topology (bsc#1200045).
• scsi: lpfc: Remove false FDMI NVMe FC-4 support for NPIV ports (bsc#1200045).
• scsi: lpfc: Remove redundant lpfc_sli_prep_wqe() call (bsc#1200045).
• scsi: lpfc: Remove unnecessary null ndlp check in lpfc_sli_prep_wqe() (bsc#1200045).
• scsi: lpfc: Remove unnecessary NULL pointer assignment for ELS_RDF path (bsc#1200045).
• scsi: lpfc: Remove unneeded variable (bsc#1200045).
• scsi: lpfc: Requeue SCSI I/O to upper layer when fw reports link down (bsc#1200045).
• scsi: lpfc: Revise FDMI reporting of supported port speed for trunk groups (bsc#1200045).
• scsi: lpfc: Rework FDMI initialization after link up (bsc#1200045).
• scsi: lpfc: Transition to NPR state upon LOGO cmpl if link down or aborted (bsc#1200045).
• scsi: lpfc: Tweak message log categories for ELS/FDMI/NVMe rescan (bsc#1200045).
• scsi: lpfc: Update fc_prli_sent outstanding only after guaranteed IOCB submit (bsc#1200045).
• scsi: lpfc: Update lpfc version to 14.2.0.2 (bsc#1200045).
• scsi: lpfc: Update lpfc version to 14.2.0.3 (bsc#1200045).
• scsi: lpfc: Update stat accounting for READ_STATUS mbox command (bsc#1200045).
• scsi: lpfc: Use list_for_each_entry_safe() in rscn_recovery_check() (bsc#1200045).
• scsi: lpfc: Use sg_dma_address() and sg_dma_len() macros for NVMe I/O (bsc#1200045).
• scsi: lpfc: Zero SLI4 fcp_cmnd buffer's fcpCntl0 field (bsc#1200045).
• scsi: pm8001: Fix abort all task initialization (git-fixes).
• scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req() (git-fixes).
• scsi: pm8001: Fix command initialization in pm80XX_send_read_log() (git-fixes).
• scsi: pm8001: Fix le32 values handling in pm80xx_chip_sata_req() (git-fixes).
• scsi: pm8001: Fix le32 values handling in pm80xx_chip_ssp_io_req() (git-fixes).
• scsi: pm8001: Fix le32 values handling in pm80xx_set_sas_protocol_timer_config() (git-fixes).
• scsi: pm8001: Fix NCQ NON DATA command completion handling (git-fixes).
• scsi: pm8001: Fix NCQ NON DATA command task initialization (git-fixes).
• scsi: pm8001: Fix payload initialization in pm80xx_encrypt_update() (git-fixes).
• scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config() (git-fixes).
• scsi: pm80xx: Enable upper inbound, outbound queues (git-fixes).
• scsi: pm80xx: Mask and unmask upper interrupt vectors 32-63 (git-fixes).
• scsi: qla2xxx: edif: Remove unneeded variable (bsc#1200046).
• scsi: qla2xxx: Fix missed DMA unmap for aborted commands (bsc#1200046).
• scsi: qla2xxx: Remove free_sg command flag (bsc#1200046).
• scsi: qla2xxx: Remove unneeded flush_workqueue() (bsc#1200046).
• scsi: sr: Do not leak information in ioctl (git-fixes).
• scsi: ufs: core: Exclude UECxx from SFR dump list (git-fixes).
• scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (git-fixes).
• scsi: ufs: qcom: Fix ufs_qcom_resume() (git-fixes).
• scsi: virtio-scsi: Eliminate anonymous module_init & module_exit (git-fixes).
• scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() (git-fixes).
• selftests: firmware: Use smaller dictionary for XZ compression (git-fixes).
• serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485 (git-fixes).
• serial: 8250_mtk: Fix register address for XON/XOFF character (git-fixes).
• serial: 8250_mtk: Fix UART_EFR register address (git-fixes).
• serial: 8250: Also set sticky MCR bits in console restoration (git-fixes).
• serial: 8250: core: Remove unneeded <linux/pm_runtime.h> (git-fixes).
• serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device (git-fixes).
• serial: 8250: pxa: Remove unneeded <linux/pm_runtime.h> (git-fixes).
• serial: digicolor-usart: Do not allow CS5-6 (git-fixes).
• serial: imx: fix overrun interrupts in DMA mode (git-fixes).
• serial: meson: acquire port->lock in startup() (git-fixes).
• serial: pch: do not overwrite xmit->buf[0] by x_char (git-fixes).
• serial: rda-uart: Do not allow CS5-6 (git-fixes).
• serial: sh-sci: Do not allow CS5-6 (git-fixes).
• serial: sifive: Sanitize CSIZE and c_iflag (git-fixes).
• serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 (git-fixes).
• serial: stm32-usart: Correct CSIZE, bits, and parity (git-fixes).
• serial: txx9: Do not allow CS5-6 (git-fixes).
• slimbus: qcom: Fix IRQ check in qcom_slim_probe (git-fixes).
• smp: Fix offline cpu check in flush_smp_call_function_queue() (git-fixes).
• smsc911x: allow using IRQ0 (git-fixes).
• soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc (git-fixes).
• soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc (git-fixes).
• soc: rockchip: Fix refcount leak in rockchip_grf_init (git-fixes).
• spi: img-spfi: Fix pm_runtime_get_sync() error checking (git-fixes).
• spi: spi-cadence: Fix kernel-doc format for resume/suspend (git-fixes).
• spi: spi-fsl-qspi: check return value after calling platform_get_resource_byname() (git-fixes).
• spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout (git-fixes).
• staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() (git-fixes).
• SUNRPC: Ensure gss-proxy connects on setup (git-fixes).
• SUNRPC: Ensure that the gssproxy client can start in a connected state (git-fixes).
• thermal: int340x: Fix attr.show callback prototype (git-fixes).
• thermal/drivers/bcm2711: Do not clamp temperature at zero (git-fixes).
• thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe (git-fixes).
• timekeeping: Really make sure wall_to_monotonic isn't (git-fixes)
• timers: Fix warning condition in __run_timers() (git-fixes)
• tpm: Fix buffer access in tpm2_get_tpm_pt() (git-fixes).
• tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (bsc#1065729).
• tracing: Fix potential double free in create_var_ref() (git-fixes).
• tracing: Fix return value of trace_pid_write() (git-fixes).
• tty: fix deadlock caused by calling printk() under tty_port->lock (git-fixes).
• tty: goldfish: Use tty_port_destroy() to destroy port (git-fixes).
• tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get (git-fixes).
• tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe (git-fixes).
• tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe() (git-fixes).
• usb: cdc-wdm: fix reading stuck on device close (git-fixes).
• usb: dwc3: pci: Fix pm_runtime_get_sync() error checking (git-fixes).
• usb: ehci-omap: drop unused ehci_read() function (git-fixes).
• usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind() (git-fixes).
• usb: misc: fix improper handling of refcount in uss720_probe() (git-fixes).
• usb: mtu3: fix USB 3.0 dual-role-switch from device to host (git-fixes).
• usb: musb: Fix missing of_node_put() in omap2430_probe (git-fixes).
• usb: quirks: add a Realtek card reader (git-fixes).
• usb: quirks: add STRING quirk for VCOM device (git-fixes).
• usb: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (git-fixes).
• usb: serial: option: add Fibocom L610 modem (git-fixes).
• usb: serial: option: add Fibocom MA510 modem (git-fixes).
• usb: serial: option: add support for Cinterion MV32-WA/MV32-WB (git-fixes).
• usb: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions (git-fixes).
• usb: serial: pl2303: add device id for HP LM930 Display (git-fixes).
• usb: serial: qcserial: add support for Sierra Wireless EM7590 (git-fixes).
• usb: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS (git-fixes).
• usb: storage: karma: fix rio_karma_init return (git-fixes).
• usb: typec: mux: Check dev_set_name() return value (git-fixes).
• usb: typec: tcpci: Do not skip cleanup in .remove() on error (git-fixes).
• usb: typec: ucsi: Fix reuse of completion structure (git-fixes).
• usb: typec: ucsi: Fix role swapping (git-fixes).
• usb: usbip: add missing device lock on tweak configuration cmd (git-fixes).
• usb: usbip: fix a refcount leak in stub_probe() (git-fixes).
• video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (git-fixes).
• watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe (git-fixes).
• wifi: mac80211: fix use-after-free in chanctx code (git-fixes).
• wireguard: device: check for metadata_dst with skb_valid_dst() (git-fixes).
• xhci: increase usb U3 -> U0 link resume timeout from 100ms to 500ms (git-fixes).
• xhci: stop polling roothubs after shutdown (git-fixes).

This update for vim fixes the following issues:

• CVE-2017-17087: Fixed information leak via .swp files (bsc#1070955).
• CVE-2021-3875: Fixed heap-based buffer overflow (bsc#1191770).
• CVE-2021-3903: Fixed heap-based buffer overflow (bsc#1192167).
• CVE-2021-3968: Fixed heap-based buffer overflow (bsc#1192902).
• CVE-2021-3973: Fixed heap-based buffer overflow (bsc#1192903).
• CVE-2021-3974: Fixed use-after-free (bsc#1192904).
• CVE-2021-4069: Fixed use-after-free in ex_open()in src/ex_docmd.c (bsc#1193466).
• CVE-2021-4136: Fixed heap-based buffer overflow (bsc#1193905).
• CVE-2021-4166: Fixed out-of-bounds read (bsc#1194093).
• CVE-2021-4192: Fixed use-after-free (bsc#1194217).
• CVE-2021-4193: Fixed out-of-bounds read (bsc#1194216).
• CVE-2022-0128: Fixed out-of-bounds read (bsc#1194388).
• CVE-2022-0213: Fixed heap-based buffer overflow (bsc#1194885).
• CVE-2022-0261: Fixed heap-based buffer overflow (bsc#1194872).
• CVE-2022-0318: Fixed heap-based buffer overflow (bsc#1195004).
• CVE-2022-0359: Fixed heap-based buffer overflow in init_ccline() in ex_getln.c (bsc#1195203).
• CVE-2022-0392: Fixed heap-based buffer overflow (bsc#1195332).
• CVE-2022-0407: Fixed heap-based buffer overflow (bsc#1195354).
• CVE-2022-0696: Fixed NULL pointer dereference (bsc#1196361).
• CVE-2022-1381: Fixed global heap buffer overflow in skip_range (bsc#1198596).
• CVE-2022-1420: Fixed out-of-range pointer offset (bsc#1198748).
• CVE-2022-1616: Fixed use-after-free in append_command (bsc#1199331).
• CVE-2022-1619: Fixed heap-based Buffer Overflow in function cmdline_erase_chars (bsc#1199333).
• CVE-2022-1620: Fixed NULL pointer dereference in function vim_regexec_string (bsc#1199334).
• CVE-2022-1733: Fixed heap-based buffer overflow in cindent.c (bsc#1199655).
• CVE-2022-1735: Fixed heap-based buffer overflow (bsc#1199651).
• CVE-2022-1771: Fixed stack exhaustion (bsc#1199693).
• CVE-2022-1785: Fixed out-of-bounds write (bsc#1199745).
• CVE-2022-1796: Fixed use-after-free in find_pattern_in_path (bsc#1199747).
• CVE-2022-1851: Fixed out-of-bounds read (bsc#1199936).
• CVE-2022-1897: Fixed out-of-bounds write (bsc#1200010).
• CVE-2022-1898: Fixed use-after-free (bsc#1200011).
• CVE-2022-1927: Fixed buffer over-read (bsc#1200012).

The SUSE Linux Enterprise 15 SP3 kernel was updated.
The following security bugs were fixed:

• CVE-2022-1966: Fixed an use-after-free bug in the netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue. (bnc#1200015)
• CVE-2022-1975: Fixed a sleep-in-atomic bug that allows attacker to crash linux kernel by simulating nfc device from user-space. (bsc#1200143)
• CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144)
• CVE-2020-26541: Enforce the secure boot forbidden signature database (aka dbx) protection mechanism. (bnc#1177282)

• ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default (git-fixes).
• ACPI: sysfs: Fix BERT error region memory mapping (git-fixes).
• ACPI: sysfs: Make sparse happy about address space in use (git-fixes).
• ALSA: hda/conexant - Fix loopback issue with CX20632 (git-fixes).
• ALSA: usb-audio: Optimize TEAC clock quirk (git-fixes).
• ALSA: usb-audio: Set up (implicit) sync for Saffire 6 (git-fixes).
• ALSA: usb-audio: Skip generic sync EP parse for secondary EP (git-fixes).
• ALSA: usb-audio: Workaround for clock setup on TEAC devices (git-fixes).
• ASoC: dapm: Do not fold register value changes into notifications (git-fixes).
• ASoC: max98357a: remove dependency on GPIOLIB (git-fixes).
• ASoC: rt5645: Fix errorenous cleanup order (git-fixes).
• ASoC: tscs454: Add endianness flag in snd_soc_component_driver (git-fixes).
• ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files (git-fixes).
• ath9k: fix QCA9561 PA bias level (git-fixes).
• b43: Fix assigning negative value to unsigned variable (git-fixes).
• b43legacy: Fix assigning negative value to unsigned variable (git-fixes).
• blk-mq: fix tag_get wait task can't be awakened (bsc#1200263).
• blk-mq: Fix wrong wakeup batch configuration which will cause hang (bsc#1200263).
• block: fix bio_clone_blkg_association() to associate with proper blkcg_gq (bsc#1200259).
• btrfs: tree-checker: fix incorrect printk format (bsc#1200249).
• cfg80211: set custom regdomain after wiphy registration (git-fixes).
• clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value (git-fixes).
• clocksource/drivers/sp804: Avoid error on multiple instances (git-fixes).
• dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace (git-fixes).
• dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type (git-fixes).
• drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers (git-fixes).
• drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() (git-fixes).
• drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() (git-fixes).
• drivers: tty: serial: Fix deadlock in sa1100_set_termios() (git-fixes).
• drivers: usb: host: Fix deadlock in oxu_bus_suspend() (git-fixes).
• drm: imx: fix compiler warning with gcc-12 (git-fixes).
• drm: msm: fix error check return value of irq_of_parse_and_map() (git-fixes).
• drm/amdgpu/cs: make commands with 0 chunks illegal behaviour (git-fixes).
• drm/amdgpu/smu10: fix SoC/fclk units in auto mode (git-fixes).
• drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo (git-fixes).
• drm/atomic: Force bridge self-refresh-exit on CRTC switch (git-fixes).
• drm/bridge: analogix_dp: Support PSR-exit to disable transition (git-fixes).
• drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency() (git-fixes).
• drm/i915: fix i915_globals_exit() section mismatch error (git-fixes).
• drm/komeda: return early if drm_universal_plane_init() fails (git-fixes).
• drm/msm/dsi: fix address for second DSI PHY on SDM660 (git-fixes).
• drm/plane: Move range check for format_count earlier (git-fixes).
• drm/radeon: fix a possible null pointer dereference (git-fixes).
• drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (git-fixes).
• efi: Add missing prototype for efi_capsule_setup_info (git-fixes).
• efi: Do not import certificates from UEFI Secure Boot for T2 Macs (git-fixes).
• fbcon: Consistently protect deferred_takeover with console_lock() (git-fixes).
• ftrace: Clean up hash direct_functions on register failures (git-fixes).
• HID: bigben: fix slab-out-of-bounds Write in bigben_probe (git-fixes).
• HID: multitouch: Add support for Google Whiskers Touchpad (git-fixes).
• hwmon: Make chip parameter for with_info API mandatory (git-fixes).
• i2c: cadence: Increase timeout per message if necessary (git-fixes).
• i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging (git-fixes).
• iio: dummy: iio_simple_dummy: check the return value of kstrdup() (git-fixes).
• Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag (git-fixes).
• Input: goodix - fix spurious key release events (git-fixes).
• ipw2x00: Fix potential NULL dereference in libipw_xmit() (git-fixes).
• irqchip: irq-xtensa-mx: fix initial IRQ affinity (git-fixes).
• irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (git-fixes).
• irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value (git-fixes).
• irqchip/exiu: Fix acknowledgment of edge triggered interrupts (git-fixes).
• iwlwifi: mvm: fix assert 1F04 upon reconfig (git-fixes).
• KVM: fix wrong exception emulation in check_rdtsc (git-fixes).
• KVM: nVMX: Invalidate all roots when emulating INVVPID without EPT (git-fixes).
• KVM: nVMX: Query current VMCS when determining if MSR bitmaps are in use (git-fixes).
• KVM: nVMX: Set LDTR to its architecturally defined value on nested VM-Exit (git-fixes).
• KVM: nVMX: Unconditionally clear nested.pi_pending on nested VM-Enter (git-fixes).
• KVM: s390: pv: add macros for UVC CC values (git-fixes).
• KVM: s390: pv: avoid double free of sida page (git-fixes).
• KVM: s390: pv: avoid stalls for kvm_s390_pv_init_vm (git-fixes).
• KVM: s390: vsie/gmap: reduce gmap_rmap overhead (git-fixes).
• KVM: VMX: Flush all EPTP/VPID contexts on remote TLB flush (git-fixes).
• KVM: VMX: Use current VMCS to query WAITPKG support for MSR emulation (git-fixes).
• KVM: x86: clflushopt should be treated as a no-op by emulation (git-fixes).
• KVM: x86: Do not force set BSP bit when local APIC is managed by userspace (git-fixes).
• KVM: x86: Fix emulation in writing cr8 (git-fixes).
• KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce (git-fixes).
• KVM: x86: Immediately reset the MMU context when the SMM flag is cleared (git-fixes).
• KVM: x86: Inject #GP if guest attempts to toggle CR4.LA57 in 64-bit mode (git-fixes).
• KVM: x86: Mark CR4.TSD as being possibly owned by the guest (git-fixes).
• KVM: x86: Migrate the PIT only if vcpu0 is migrated, not any BSP (git-fixes).
• KVM: x86: Toggling CR4.PKE does not load PDPTEs in PAE mode (git-fixes).
• KVM: x86: Toggling CR4.SMAP does not load PDPTEs in PAE mode (git-fixes).
• KVM: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (git-fixes).
• KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor() (git-fixes).
• KVM: x86/pmu: Fix HW_REF_CPU_CYCLES event pseudo-encoding in intel_arch_events[] (git-fixes).
• mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (git-fixes).
• md: fix an incorrect NULL check in does_sb_need_changing (git-fixes).
• md: fix an incorrect NULL check in md_reload_sb (git-fixes).
• media: cx25821: Fix the warning when removing the module (git-fixes).
• media: netup_unidvb: Do not leak SPI master in probe error path (git-fixes).
• media: pci: cx23885: Fix the error handling in cx23885_initdev() (git-fixes).
• media: venus: hfi: avoid null dereference in deinit (git-fixes).
• misc: rtsx: set NULL intfdata when probe fails (git-fixes).
• mmc: block: Fix CQE recovery reset success (git-fixes).
• mmc: jz4740: Apply DMA engine limits to maximum segment size (git-fixes).
• modpost: fix removing numeric suffixes (git-fixes).
• modpost: fix undefined behavior of is_arm_mapping_symbol() (git-fixes).
• mt76: check return value of mt76_txq_send_burst in mt76_txq_schedule_list (git-fixes).
• mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue (git-fixes).
• net: rtlwifi: properly check for alloc_workqueue() failure (git-fixes).
• nfc: st21nfca: fix incorrect sizing calculations in EVT_TRANSACTION (git-fixes).
• nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION (git-fixes).
• nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling (git-fixes).
• NFS: Do not report ENOSPC write errors twice (git-fixes).
• nfsd: Fix null-ptr-deref in nfsd_fill_super() (git-fixes).
• PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA topology (bsc#1199365).
• pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (git-fixes).
• pinctrl: sunxi: fix f1c100s uart2 function (git-fixes).
• platform/chrome: cros_ec_proto: Send command again when timeout occurs (git-fixes).
• platform/x86: wmi: Fix driver->notify() vs ->probe() race (git-fixes).
• platform/x86: wmi: Replace read_takes_no_args with a flags field (git-fixes).
• devfreq: rk3399_dmc: Disable edev on remove() (git-fixes).
• raid5: introduce MD_BROKEN (git-fixes).
• rtl818x: Prevent using not initialized queues (git-fixes).
• rtlwifi: Use pr_warn instead of WARN_ONCE (git-fixes).
• s390: fix detection of vector enhancements facility 1 vs. vector packed decimal facility (git-fixes).
• s390: fix strrchr() implementation (git-fixes).
• s390/cio: dont call css_wait_for_slow_path() inside a lock (git-fixes).
• s390/cio: Fix the 'type' field in s390_cio_tpi tracepoint (git-fixes).
• s390/crypto: fix scatterwalk_unmap() callers in AES-GCM (git-fixes).
• s390/ctcm: fix potential memory leak (git-fixes).
• s390/ctcm: fix variable dereferenced before check (git-fixes).
• s390/dasd: fix data corruption for ESE devices (bsc#1200207 LTC#198454).
• s390/dasd: Fix read for ESE with blksize 4k (bsc#1200206 LTC#198455).
• s390/dasd: Fix read inconsistency for ESE DASD devices (bsc#1200206 LTC#198455).
• s390/dasd: prevent double format of tracks for ESE devices (bsc#1200207 LTC#198454).
• s390/ftrace: fix ftrace_update_ftrace_func implementation (git-fixes).
• s390/lcs: fix variable dereferenced before check (git-fixes).
• s390/mcck: fix invalid KVM guest condition check (git-fixes).
• s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST flag (git-fixes).
• s390/nmi: handle guarded storage validity failures for KVM guests (git-fixes).
• s390/nmi: handle vector validity failures for KVM guests (git-fixes).
• s390/pv: fix the forcing of the swiotlb (git-fixes).
• s390/qdio: cancel the ESTABLISH ccw after timeout (git-fixes).
• s390/qdio: fix roll-back after timeout on ESTABLISH ccw (git-fixes).
• s390/vfio-ap: fix circular lockdep when setting/clearing crypto masks (git-fixes).
• serial: msm_serial: disable interrupts in __msm_console_write() (git-fixes).
• spi: Introduce device-managed SPI controller allocation (git-fixes).
• spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction (git-fixes).
• spi: stm32-qspi: Fix wait_cmd timeout in APM mode (git-fixes).
• staging: rtl8712: fix uninit-value in r871xu_drv_init() (git-fixes).
• staging: rtl8712: fix uninit-value in usb_read8() and friends (git-fixes).
• tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (git-fixes).
• tty: Fix a possible resource leak in icom_probe (git-fixes).
• tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() (git-fixes).
• usb: core: hcd: Add support for deferring roothub registration (git-fixes).
• usb: dwc2: gadget: do not reset gadget's driver->bus (git-fixes).
• usb: hcd-pci: Fully suspend across freeze/thaw cycle (git-fixes).
• usb: host: isp116x: check return value after calling platform_get_resource() (git-fixes).
• usb: new quirk for Dell Gen 2 devices (git-fixes).
• usb: serial: option: add Quectel BG95 modem (git-fixes).
• vfio-ccw: Check initialized flag in cp_init() (git-fixes).
• vfio/ccw: Remove unneeded GFP_DMA (git-fixes).
• video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() (git-fixes).
• virtio/s390: implement virtio-ccw revision 2 correctly (git-fixes).
• vringh: Fix loop descriptors check in the indirect cases (git-fixes).
• watchdog: wdat_wdt: Stop watchdog when rebooting the system (git-fixes).

This update for openssl-1_1 fixes the following issues:

• CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166).
• CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550)

This update for virt-manager fixes the following issues:

• Upstream bug fixes: (bsc#1027942) Volume upload use 1MiB read size. Console: fix error with old pygobject. Virtinst: fix message format string. Createnet: Remove some unnecessary annotations. Fix forgetting password from keyring.

• Add support for detecting SUSE Linux Enterprise Micro.

This update for systemd-presets-branding-SLE fixes the following issues:

• Enable suseconnect-keepalive.timer for SUSEConnect (jsc#SLE-23312)

This update for curl fixes the following issues:

• CVE-2022-32206: HTTP compression denial of service (bsc#1200735)
• CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737)

This update for openssl-1_1 fixes the following issues:

• CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099).

This update for rsyslog fixes the following issues:

• Remove inotify watch descriptor in imfile on inode change detected. (bsc#1198939)

This update for containerd, docker and runc fixes the following issues:
containerd:

• CVE-2022-31030: Fixed denial of service via invocation of the ExecSync API (bsc#1200145)

• Update to Docker 20.10.17-ce. See upstream changelog online at https://docs.docker.com/engine/release-notes/#201017. (bsc#1200145)

• Our seccomp `-ENOSYS` stub now correctly handles multiplexed syscalls on s390 and s390x. This solves the issue where syscalls the host kernel did not support would return `-EPERM` despite the existence of the `-ENOSYS` stub code (this was due to how s390x does syscall multiplexing).
• Retry on dbus disconnect logic in libcontainer/cgroups/systemd now works as intended; this fix does not affect runc binary itself but is important for libcontainer users such as Kubernetes.
• Inability to compile with recent clang due to an issue with duplicate constants in libseccomp-golang.
• When using systemd cgroup driver, skip adding device paths that don't exist, to stop systemd from emitting warnings about those paths.
• Socket activation was failing when more than 3 sockets were used.
• Various CI fixes.
• Allow to bind mount /proc/sys/kernel/ns_last_pid to inside container.
• Fixed issues with newer syscalls (namely faccessat2) on older kernels on s390(x) caused by that platform's syscall multiplexing semantics. (bsc#1192051 bsc#1199565)

• CVE-2022-29162: A bug was found in runc where runc exec --cap executed processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment. (bsc#1199460)

• `runc spec` no longer sets any inheritable capabilities in the created example OCI spec (`config.json`) file.

• runc run/start can now run a container with read-only /dev in OCI spec, rather than error out. (#3355)
• runc exec now ensures that --cgroup argument is a sub-cgroup. (#3403) libcontainer systemd v2 manager no longer errors out if one of the files listed in /sys/kernel/cgroup/delegate do not exist in container's cgroup. (#3387, #3404)
• Loosen OCI spec validation to avoid bogus 'Intel RDT is not supported' error. (#3406)
• libcontainer/cgroups no longer panics in cgroup v1 managers if stat of /sys/fs/cgroup/unified returns an error other than ENOENT. (#3435)

• libcontainer will now refuse to build without the nsenter package being correctly compiled (specifically this requires CGO to be enabled). This should avoid folks accidentally creating broken runc binaries (and incorrectly importing our internal libraries into their projects). (#3331)

• Add support for RDMA cgroup added in Linux 4.11.
• runc exec now produces exit code of 255 when the exec failed. This may help in distinguishing between runc exec failures (such as invalid options, non-running container or non-existent binary etc.) and failures of the command being executed.
• runc run: new --keep option to skip removal exited containers artefacts. This might be useful to check the state (e.g. of cgroup controllers) after the container hasexited.
• seccomp: add support for SCMP_ACT_KILL_PROCESS and SCMP_ACT_KILL_THREAD (the latter is just an alias for SCMP_ACT_KILL).
• seccomp: add support for SCMP_ACT_NOTIFY (seccomp actions). This allows users to create sophisticated seccomp filters where syscalls can be efficiently emulated by privileged processes on the host.
• checkpoint/restore: add an option (--lsm-mount-context) to set a different LSM mount context on restore.
• intelrdt: support ClosID parameter.
• runc exec --cgroup: an option to specify a (non-top) in-container cgroup to use for the process being executed.
• cgroup v1 controllers now support hybrid hierarchy (i.e. when on a cgroup v1 machine a cgroup2 filesystem is mounted to /sys/fs/cgroup/unified, runc run/exec now adds the container to the appropriate cgroup under it).
• sysctl: allow slashes in sysctl names, to better match sysctl(8)'s behaviour.
• mounts: add support for bind-mounts which are inaccessible after switching the user namespace. Note that this does not permit the container any additional access to the host filesystem, it simply allows containers to have bind-mounts configured for paths the user can access but have restrictive access control settings for other users.
• Add support for recursive mount attributes using mount_setattr(2). These have the same names as the proposed mount(8) options -- just prepend r to the option name (such as rro).
• Add runc features subcommand to allow runc users to detect what features runc has been built with. This includes critical information such as supported mount flags, hook names, and so on. Note that the output of this command is subject to change and will not be considered stable until runc 1.2 at the earliest. The runtime-spec specification for this feature is being developed in opencontainers/runtime-spec#1130.
• system: improve performance of /proc/$pid/stat parsing.
• cgroup2: when /sys/fs/cgroup is configured as a read-write mount, change the ownership of certain cgroup control files (as per /sys/kernel/cgroup/delegate) to allow for proper deferral to the container process.
• runc checkpoint/restore: fixed for containers with an external bind mount which destination is a symlink.
• cgroup: improve openat2 handling for cgroup directory handle hardening. runc delete -f now succeeds (rather than timing out) on a paused container.
• runc run/start/exec now refuses a frozen cgroup (paused container in case of exec). Users can disable this using --ignore-paused.
• Update version data embedded in binary to correctly include the git commit of the release.

SUSE-IU-2022:679-1

This update for pam fixes the following issue:

• Do not include obsolete header files (bsc#1197794)

This update for curl fixes the following issues:

• CVE-2022-27776: Fixed auth/cookie leak on redirect (bsc#1198766)
• CVE-2022-27775: Fixed bad local IPv6 connection reuse (bsc#1198723)
• CVE-2022-22576: Fixed OAUTH2 bearer bypass in connection re-use (bsc#1198614)

This update for libpsl fixes the following issues:

• Fix libpsl compilation issues (bsc#1197771)

This update for cups fixes the following issues:

• CUPS printservice takes much longer than before with a big number of printers (bsc#1189517)
• CUPS PreserveJobHistory doesn't work with seconds (bsc#1195115)

This update for openldap2 fixes the following issues:

• CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240).

The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

• CVE-2022-29156: Fixed a double free related to rtrs_clt_dev_release (bnc#1198515).
• CVE-2022-28893: Ensuring that sockets are in the intended state inside the SUNRPC subsystem (bnc#1198330).
• CVE-2022-28748: Fixed memory lead over the network by ax88179_178a devices (bsc#1196018).
• CVE-2022-28356: Fixed a refcount leak bug found in net/llc/af_llc.c (bnc#1197391).
• CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect (bsc#1199012).
• CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create (bsc#1198742).
• CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register function in net/key/af_key.c (bnc#1198516).
• CVE-2022-1280: Fixed a use-after-free vulnerability in drm_lease_held in drivers/gpu/drm/drm_lease.c (bnc#1197914).
• CVE-2022-1158: Fixed KVM x86/mmu compare-and-exchange of gPTE via the user address (bsc#1197660).
• CVE-2022-0812: Fixed random memory leakage inside NFS/RDMA (bsc#1196639).
• CVE-2021-4154: Fixed a use-after-free flaw inside cgroup1_parse_param in kernel/cgroup/cgroup-v1.c. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system (bnc#1193842).
• CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call (bnc#1187055).
• CVE-2021-20321: Fixed a race condition accessing file object in the OverlayFS subsystem in the way users do rename in specific way with OverlayFS. A local user could have used this flaw to crash the system (bnc#1191647).
• CVE-2021-20292: Fixed object validation prior to performing operations on the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem (bnc#1183723).
• CVE-2021-0707: Fixed possible memory corruption due to a use after free inside dma_buf_releas e of dma-buf.c (bnc#1198437).
• CVE-2020-27835: Fixed use after free in infiniband hfi1 driver in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system (bnc#1179878).

• ACPI: processor idle: Check for architectural support for LPI (git-fixes).
• ACPI/APEI: Limit printable size of BERT table data (git-fixes).
• ACPICA: Avoid walking the ACPI Namespace if it is not there (git-fixes).
• adm8211: fix error return code in adm8211_probe() (git-fixes).
• ALSA: cs4236: fix an incorrect NULL check on list iterator (git-fixes).
• ALSA: hda/hdmi: fix warning about PCM count when used with SOF (git-fixes).
• ALSA: hda/realtek: Add alc256-samsung-headphone fixup (git-fixes).
• ALSA: hda/realtek: Add quirk for Clevo PD50PNT (git-fixes).
• ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020 (git-fixes).
• ALSA: pcm: Test for 'silence' field in struct 'pcm_format_data' (git-fixes).
• ALSA: usb-audio: Cap upper limits of buffer/period bytes for implicit fb (git-fixes).
• ALSA: usb-audio: Increase max buffer size (git-fixes).
• ALSA: usb-audio: Limit max buffer and period sizes per time (git-fixes).
• arm64: clear_page() shouldn't use DC ZVA when DCZID_EL0.DZP == 1 (git-fixes)
• arm64: dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node (git-fixes)
• arm64: dts: allwinner: orangepi-zero-plus: fix PHY mode (git-fixes)
• arm64: dts: exynos: correct GIC CPU interfaces address range on (git-fixes)
• arm64: dts: ls1028a: fix memory node (git-fixes)
• arm64: dts: ls1028a: fix node name for the sysclk (git-fixes)
• arm64: dts: lx2160a: fix scl-gpios property name (git-fixes)
• arm64: dts: marvell: armada-37xx: Extend PCIe MEM space (git-fixes)
• arm64: dts: marvell: armada-37xx: Fix reg for standard variant of (git-fixes)
• arm64: dts: marvell: armada-37xx: Remap IO space to bus address 0x0 (git-fixes)
• arm64: dts: rockchip: Fix GPU register width for RK3328 (git-fixes)
• arm64: dts: rockchip: remove mmc-hs400-enhanced-strobe from (git-fixes)
• arm64: dts: zii-ultra: fix 12V_MAIN voltage (git-fixes)
• arm64: head: avoid over-mapping in map_memory (git-fixes)
• arm64: Update config files; arm LIBNVDIMM y->m ppc64le ND_BLK ->m (bsc#1199024).
• arm64/sve: Use correct size when reinitialising SVE state (git-fixes)
• ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek (git-fixes).
• ASoC: codecs: wcd934x: do not switch off SIDO Buck when codec is in use (git-fixes).
• ASoC: mediatek: mt6358: add missing EXPORT_SYMBOLs (git-fixes).
• ASoC: msm8916-wcd-digital: Check failure for devm_snd_soc_register_component (git-fixes).
• ASoC: soc-compress: Change the check for codec_dai (git-fixes).
• ASoC: soc-compress: prevent the potentially use of null pointer (git-fixes).
• ASoC: soc-core: skip zero num_dai component in searching dai name (git-fixes).
• ASoC: soc-dapm: fix two incorrect uses of list iterator (git-fixes).
• ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs (git-fixes).
• ata: sata_dwc_460ex: Fix crash due to OOB write (git-fixes).
• ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern (git-fixes).
• ath5k: fix building with LEDS=m (git-fixes).
• ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (git-fixes).
• ath9k_htc: fix uninit value bugs (git-fixes).
• ath9k: Fix usage of driver-private space in tx_info (git-fixes).
• ath9k: Properly clear TX status area before reporting to mac80211 (git-fixes).
• backlight: qcom-wled: Respect enabled-strings in set_brightness (bsc#1152489)
• bareudp: use ipv6_mod_enabled to check if IPv6 enabled (jsc#SLE-15172).
• bfq: Avoid merging queues with different parents (bsc#1197926).
• bfq: Drop pointless unlock-lock pair (bsc#1197926).
• bfq: Get rid of __bio_blkcg() usage (bsc#1197926).
• bfq: Make sure bfqg for which we are queueing requests is online (bsc#1197926).
• bfq: Remove pointless bfq_init_rq() calls (bsc#1197926).
• bfq: Split shared queues on move between cgroups (bsc#1197926).
• bfq: Track whether bfq_group is still online (bsc#1197926).
• bfq: Update cgroup information before merging bio (bsc#1197926).
• block: Drop leftover references to RQF_SORTED (bsc#1182073).
• Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt (git-fixes).
• Bluetooth: Fix use after free in hci_send_acl (git-fixes).
• Bluetooth: hci_serdev: call init_rwsem() before p->open() (git-fixes).
• bnx2x: fix napi API usage sequence (bsc#1198217).
• bpf: Resolve to prog->aux->dst_prog->type only for BPF_PROG_TYPE_EXT (git-fixes bsc#1177028).
• brcmfmac: firmware: Allocate space for default boardrev in nvram (git-fixes).
• brcmfmac: pcie: Fix crashes due to early IRQs (git-fixes).
• brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path (git-fixes).
• brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio (git-fixes).
• carl9170: fix missing bit-wise or operator for tx_params (git-fixes).
• cfg80211: hold bss_lock while updating nontrans_list (git-fixes).
• cifs: do not skip link targets when an I/O fails (bsc#1194625).
• cifs: fix bad fids sent over wire (bsc#1197157).
• clk: Enforce that disjoints limits are invalid (git-fixes).
• clk: si5341: fix reported clk_rate when output divider is 2 (git-fixes).
• direct-io: clean up error paths of do_blockdev_direct_IO (bsc#1197656).
• direct-io: defer alignment check until after the EOF check (bsc#1197656).
• direct-io: do not force writeback for reads beyond EOF (bsc#1197656).
• dma-debug: fix return value of __setup handlers (git-fixes).
• dma: at_xdmac: fix a missing check on list iterator (git-fixes).
• dmaengine: idxd: add RO check for wq max_batch_size write (git-fixes).
• dmaengine: idxd: add RO check for wq max_transfer_size write (git-fixes).
• dmaengine: imx-sdma: Fix error checking in sdma_event_remap (git-fixes).
• dmaengine: mediatek:Fix PM usage reference leak of mtk_uart_apdma_alloc_chan_resources (git-fixes).
• dmaengine: Revert 'dmaengine: shdma: Fix runtime PM imbalance on error' (git-fixes).
• Documentation: add link to stable release candidate tree (git-fixes).
• drm: add a locked version of drm_is_current_master (bsc#1197914).
• drm: Add orientation quirk for GPD Win Max (git-fixes).
• drm: drm_file struct kABI compatibility workaround (bsc#1197914).
• drm: protect drm_master pointers in drm_lease.c (bsc#1197914).
• drm: serialize drm_file.master with a new spinlock (bsc#1197914).
• drm: use the lookup lock in drm_is_current_master (bsc#1197914).
• drm/amd: Add USBC connector ID (git-fixes).
• drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj (git-fixes).
• drm/amd/display: do not ignore alpha property on pre-multiplied mode (git-fixes).
• drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes() (git-fixes).
• drm/amd/display: Fix allocate_mst_payload assert on resume (git-fixes).
• drm/amd/display: Fix memory leak in dcn21_clock_source_create (bsc#1152472)
• drm/amdgpu: fix amdgpu_ras_block_late_init error handler (bsc#1152489)
• drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire() (git-fixes).
• drm/amdgpu: Fix recursive locking warning (git-fixes).
• drm/amdkfd: Check for potential null return of kmalloc_array() (git-fixes).
• drm/amdkfd: Fix Incorrect VMIDs passed to HWS (git-fixes).
• drm/amdkfd: make CRAT table missing message informational only (git-fixes).
• drm/bridge: Add missing pm_runtime_disable() in __dw_mipi_dsi_probe (git-fixes).
• drm/bridge: cdns-dsi: Make sure to to create proper aliases for dt (git-fixes).
• drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev (git-fixes).
• drm/cma-helper: Set VM_DONTEXPAND for mmap (bsc#1152472)
• drm/edid: check basic audio support on CEA extension block (git-fixes).
• drm/edid: Do not clear formats if using deep color (git-fixes).
• drm/fb-helper: Mark screen buffers in system memory with (bsc#1152472)
• drm/i915: Call i915_globals_exit() if pci_register_device() fails (git-fixes).
• drm/i915: Drop all references to DRM IRQ midlayer (bsc#1152489)
• drm/i915: Keep gem ctx->vm alive until the final put (bsc#1152489)
• drm/i915: s/JSP2/ICP2/ PCH (bsc#1152489)
• drm/i915/gem: Flush coherency domains on first set-domain-ioctl (git-fixes).
• drm/imx: Fix memory leak in imx_pd_connector_get_modes (git-fixes).
• drm/mediatek: Add AAL output size configuration (git-fixes).
• drm/mediatek: Fix aal size config (git-fixes).
• drm/msm/dsi: Use connector directly in msm_dsi_manager_connector_init() (git-fixes).
• drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised (git-fixes).
• drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare (git-fixes).
• drm/prime: Fix use after free in mmap with drm_gem_ttm_mmap (bsc#1152472)
• drm/tegra: Fix reference leak in tegra_dsi_ganged_probe (git-fixes).
• drm/vc4: crtc: Lookup the encoder from the register at boot (bsc#1198534)
• drm/vc4: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage (git-fixes).
• drm/vmwgfx: Remove unused compile options (bsc#1152472)
• e1000e: Fix possible overflow in LTR decoding (git-fixes).
• fibmap: Reject negative block numbers (bsc#1198448).
• fibmap: Use bmap instead of ->bmap method in ioctl_fibmap (bsc#1198448).
• firmware: arm_scmi: Fix sorting of retrieved clock rates (git-fixes).
• gpiolib: acpi: use correct format characters (git-fixes).
• gpu: ipu-v3: Fix dev_dbg frequency output (git-fixes).
• HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports (git-fixes).
• hwrng: cavium - HW_RANDOM_CAVIUM should depend on ARCH_THUNDER (git-fixes).
• i2c: dev: Force case user pointers in compat_i2cdev_ioctl() (git-fixes).
• IB/hfi1: Allow larger MTU without AIP (jsc#SLE-13208).
• Input: omap4-keypad - fix pm_runtime_get_sync() error checking (git-fixes).
• ipmi: bail out if init_srcu_struct fails (git-fixes).
• ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module (git-fixes).
• ipmi: Move remove_work to dedicated workqueue (git-fixes).
• iwlwifi: Fix -EIO error code that is never returned (git-fixes).
• iwlwifi: mvm: Fix an error code in iwl_mvm_up() (git-fixes).
• KEYS: fix length validation in keyctl_pkey_params_get_2() (git-fixes).
• livepatch: Do not block removal of patches that are safe to unload (bsc#1071995).
• lz4: fix LZ4_decompress_safe_partial read out of bound (git-fixes).
• media: cx88-mpeg: clear interrupt status register before streaming video (git-fixes).
• media: hdpvr: initialize dev->worker at hdpvr_register_videodev (git-fixes).
• memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe (git-fixes).
• mfd: asic3: Add missing iounmap() on error asic3_mfd_probe (git-fixes).
• mfd: mc13xxx: Add check for mc13xxx_irq_request (git-fixes).
• mmc: host: Return an error when ->enable_sdio_irq() ops is missing (git-fixes).
• mmc: mmci_sdmmc: Replace sg_dma_xxx macros (git-fixes).
• mmc: mmci: stm32: correctly check all elements of sg list (git-fixes).
• mmc: renesas_sdhi: do not overwrite TAP settings when HS400 tuning is complete (git-fixes).
• mtd: onenand: Check for error irq (git-fixes).
• mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init (git-fixes).
• mtd: rawnand: gpmi: fix controller timings setting (git-fixes).
• mwl8k: Fix a double Free in mwl8k_probe_hw (git-fixes).
• net: asix: add proper error handling of usb read errors (git-fixes).
• net: mana: Add counter for packet dropped by XDP (bsc#1195651).
• net: mana: Add counter for XDP_TX (bsc#1195651).
• net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651).
• net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651).
• net: mana: Reuse XDP dropped page (bsc#1195651).
• net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651).
• net: mcs7830: handle usb read errors properly (git-fixes).
• net: usb: aqc111: Fix out-of-bounds accesses in RX fixup (git-fixes).
• nfc: nci: add flush_workqueue to prevent uaf (git-fixes).
• NFSv4: fix open failure with O_ACCMODE flag (git-fixes).
• PCI: aardvark: Fix reading PCI_EXP_RTSTA_PME bit on emulated bridge (git-fixes).
• PCI: aardvark: Fix support for MSI interrupts (git-fixes).
• PCI: imx6: Allow to probe when dw_pcie_wait_for_link() fails (git-fixes).
• PCI: pciehp: Add Qualcomm quirk for Command Completed erratum (git-fixes).
• PCI: pciehp: Clear cmd_busy bit in polling mode (git-fixes).
• PM: core: keep irq flags in device_pm_check_callbacks() (git-fixes).
• power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe (git-fixes).
• power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init (git-fixes).
• power: supply: axp20x_battery: properly report current when discharging (git-fixes).
• power: supply: axp288-charger: Set Vhold to 4.4V (git-fixes).
• power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false return (git-fixes).
• power: supply: wm8350-power: Add missing free in free_charger_irq (git-fixes).
• power: supply: wm8350-power: Handle error for wm8350_register_irq (git-fixes).
• powerpc/perf: Expose Performance Monitor Counter SPR's as part of extended regs (bsc#1198077 ltc#197299).
• powerpc/perf: Fix power10 event alternatives (jsc#SLE-13513 git-fixes).
• powerpc/perf: Fix power9 event alternatives (bsc#1137728, LTC#178106, git-fixes).
• powerpc/perf: Include PMCs as part of per-cpu cpuhw_events struct (bsc#1198077 ltc#197299).
• ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE (bsc#1198413).
• random: check for signal_pending() outside of need_resched() check (git-fixes).
• ray_cs: Check ioremap return value (git-fixes).
• RDMA/core: Set MR type in ib_reg_user_mr (jsc#SLE-8449).
• RDMA/mlx5: Add a missing update of cache->last_add (jsc#SLE-15175).
• RDMA/mlx5: Do not remove cache MRs when a delay is needed (jsc#SLE-15175).
• RDMA/mlx5: Fix the flow of a miss in the allocation of a cache ODP MR (jsc#SLE-15175).
• regulator: wm8994: Add an off-on delay for WM8994 variant (git-fixes).
• rpm: Run external scriptlets on uninstall only when available (bsc#1196514 bsc#1196114 bsc#1196942).
• rpm: Use bash for %() expansion (jsc#SLE-18234).
• rpm/*.spec.in: remove backtick usage
• rpm/constraints.in: skip SLOW_DISK workers for kernel-source
• rpm/kernel-obs-build.spec.in: use default dracut modules (bsc#1195926, bsc#1198484)
• rtc: check if __rtc_read_time was successful (git-fixes).
• rtc: wm8350: Handle error for wm8350_register_irq (git-fixes).
• s390/tape: fix timer initialization in tape_std_assign() (bsc#1197677 LTC#197378).
• scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands (git-fixes).
• scsi: mpt3sas: Fix use after free in _scsih_expander_node_remove() (git-fixes).
• scsi: mpt3sas: Page fault in reply q processing (git-fixes).
• scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340 bsc#1198825).
• spi: atmel-quadspi: Fix the buswidth adjustment between spi-mem and controller (git-fixes).
• spi: bcm-qspi: fix MSPI only access with bcm_qspi_exec_mem_op() (git-fixes).
• spi: Fix erroneous sgs value with min_t() (git-fixes).
• spi: Fix invalid sgs value (git-fixes).
• spi: mxic: Fix the transmit path (git-fixes).
• spi: tegra20: Use of_device_get_match_data() (git-fixes).
• staging: mt7621-dts: fix LEDs and pinctrl on GB-PC1 devicetree (git-fixes).
• SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367).
• SUNRPC: Ensure we flush any closed sockets before xs_xprt_free() (git-fixes).
• SUNRPC: Fix the svc_deferred_event trace class (git-fixes).
• SUNRPC: Handle ENOMEM in call_transmit_status() (git-fixes).
• SUNRPC: Handle low memory situations in call_status() (git-fixes).
• USB: dwc3: core: Fix tx/rx threshold settings (git-fixes).
• USB: dwc3: core: Only handle soft-reset in DCTL (git-fixes).
• USB: dwc3: gadget: Return proper request status (git-fixes).
• USB: dwc3: omap: fix 'unbalanced disables for smps10_out1' on omap5evm (git-fixes).
• USB: gadget: uvc: Fix crash when encoding data for usb request (git-fixes).
• USB: hcd-pci: Use PCI_STD_NUM_BARS when checking standard BARs (bsc#1152489)
• USB: serial: pl2303: add IBM device IDs (git-fixes).
• USB: serial: simple: add Nokia phone driver (git-fixes).
• USB: storage: ums-realtek: fix error code in rts51x_read_mem() (git-fixes).
• USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c (git-fixes).
• vgacon: Propagate console boot parameters before calling `vc_resize' (bsc#1152489)
• video: fbdev: atari: Atari 2 bpp (STe) palette bugfix (git-fixes).
• video: fbdev: cirrusfb: check pixclock to avoid divide by zero (git-fixes).
• video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow (git-fixes).
• video: fbdev: sm712fb: Fix crash in smtcfb_read() (git-fixes).
• video: fbdev: sm712fb: Fix crash in smtcfb_write() (git-fixes).
• video: fbdev: udlfb: properly check endpoint type (bsc#1152489)
• video: fbdev: w100fb: Reset global state (git-fixes).
• virtio_console: break out of buf poll on remove (git-fixes).
• virtio_console: eliminate anonymous module_init & module_exit (git-fixes).
• w1: w1_therm: fixes w1_seq for ds28ea00 sensors (git-fixes).
• x86/pm: Save the MSR validity status at context setup (bsc#1198400).
• x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO (git-fixes).
• x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1198400).
• xen: fix is_xen_pmu() (git-fixes).
• xen/blkfront: fix comment for need_copy (git-fixes).
• xen/x86: obtain full video frame buffer address for Dom0 also under EFI (bsc#1193556).
• xen/x86: obtain upper 32 bits of video frame buffer address for Dom0 (bsc#1193556).
• xhci: fix runtime PM imbalance in USB2 resume (git-fixes).
• xhci: fix uninitialized string returned by xhci_decode_ctrl_ctx() (git-fixes).

This update for e2fsprogs fixes the following issues:

• CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault and possibly arbitrary code execution. (bsc#1198446)

This update for containerd, docker fixes the following issues:

• CVE-2022-24769: Fixed incorrect default inheritable capabilities (bsc#1197517).
• CVE-2022-23648: Fixed directory traversal issue (bsc#1196441).
• CVE-2022-27191: Fixed a crash in a golang.org/x/crypto/ssh server (bsc#1197284).
• CVE-2021-43565: Fixed a panic in golang.org/x/crypto by empty plaintext packet (bsc#1193930).

This update for augeas fixes the following issue:

• Sysctl keys can contain some more non-alphanumeric characters. (bsc#1197443)

This update for libcbor fixes the following issues:

• Fix build errors occuring on SUSE Linux Enterprise 15 Service Pack 4

This update for libxml2 fixes the following issues:

• CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes (bsc#1196490).
• CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132).

This update for samba provides the following fixes:
Bugfixes:

• Revert NIS support removal (bsc#1199247);
• Update to meet last ldb2 version update (bsc#1199362).
• Use requires_eq macro to require the libldb2 version available at samba-dsdb-modules build time (bsc#1199362).
• Add provides to samba-client-libs package to fix upgrades from previous versions (bsc#1197995).
• Add missing samba-client requirement to samba-winbind package (bsc#1198255).
• Add missing samba-libs requirement to samba-winbind package (bsc#1198255).
• Fixed mismatched version of libldb2 (bsc#1196788).
• Dropped obsolete Samba fsrvp v0->v1 state upgrade functionality (bsc#1080338).
• Fixed ntlm authentications with 'winbind use default domain = yes' (bsc#1173429, bsc#1196308).
• Fixed samba-ad-dc status warning notification message by disabling systemd notifications in bgqd (bsc#1195896).
• Fixed libldb version mismatch in Samba dsdb component (bsc#1118508).

This update for suse-build-key fixes the following issues:

• still ship the old ptf key in the documentation directory (bsc#1198504)

This update for cups fixes the following issues:

• CVE-2022-26691: Fixed an authentication bypass and code execution vulnerability (bsc#1199474)

This update for curl fixes the following issues:

• CVE-2022-27781: Fixed CERTINFO never-ending busy-loop (bsc#1199223)
• CVE-2022-27782: Fixed TLS and SSH connection too eager reuse (bsc#1199224)

This update for pcre2 fixes the following issues:

• CVE-2022-1586: Fixed out-of-bounds read via missing Unicode property matching issue in JIT compiled regular expressions (bsc#1199232).

This update for grep fixes the following issues:

• Make profiling deterministic. (bsc#1040589, SLE-24115)

This update for libtirpc fixes the following issues:

• Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176)

This update for glibc fixes the following issues:

• Add the correct name for the IBM Z16 (bsc#1198751).

This update for gcc11 fixes the following issues:
Update to the GCC 11.3.0 release.

• includes SLS hardening backport on x86_64. [bsc#1195283]
• includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861]
• fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065]
• use --with-cpu rather than specifying --with-arch/--with-tune
• Fix D memory corruption in -M output.
• Fix ICE in is_this_parameter with coroutines. [bsc#1193659]
• fixes issue with debug dumping together with -o /dev/null
• fixes libgccjit issue showing up in emacs build [bsc#1192951]
• Package mwaitintrin.h

SUSE-IU-2022:633-1

This update of containerd fixes the following issue:

• container-ctr is shipped to the PackageHub repos.

This update for suse-build-key fixes the following issues:
No longer install 1024bit keys by default. (bsc#1197293)

• The SLE11 key has been moved to documentation directory, and is obsoleted / removed by the package.
• The old PTF (pre March 2022) key moved to documentation directory.

This update for libsolv, libzypp, zypper fixes the following issues:
Security relevant fix:

• Harden package signature checks (bsc#1184501).

• reworked choice rule generation to cover more usecases
• support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514)
• support parsing of Debian's Multi-Arch indicator
• fix segfault on conflict resolution when using bindings
• fix split provides not working if the update includes a forbidden vendor change
• support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY
• support zstd compressed control files in debian packages
• add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20)
• support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata
• support queying of the custom vendor check function new function: pool_get_custom_vendorcheck
• support solv files with an idarray block
• allow accessing the toolversion at runtime

• ZConfig: Update solver settings if target changes (bsc#1196368)
• Fix possible hang in singletrans mode (bsc#1197134)
• Do 2 retries if mount is still busy.
• Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by a valid signature and report more detailed which signature is missing.
• Retry umount if device is busy (bsc#1196061, closes #381) A previously released ISO image may need a bit more time to release it's loop device. So we wait a bit and retry.
• Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925)
• Fix handling of ISO media in releaseAll (bsc#1196061)
• Hint on common ptf resolver conflicts (bsc#1194848)
• Hint on ptf<>patch resolver conflicts (bsc#1194848)

• info: print the packages upstream URL if available (fixes #426)
• info: Fix SEGV with not installed PTFs (bsc#1196317)
• Don't prevent less restrictive umasks (bsc#1195999)

This update for xz fixes the following issues:

• CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062)

This update for systemd fixes the following issues:

• Fix the default target when it's been incorrectly set to one of the runlevel targets (bsc#1196567)
• When migrating from sysvinit to systemd (it probably won't happen anymore), let's use the default systemd target, which is the graphical.target one.
• Don't open /var journals in volatile mode when runtime_journal==NULL
• udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529)
• man: tweak description of auto/noauto (bsc#1191502)
• shared/install: ignore failures for auxiliary files
• install: make UnitFileChangeType enum anonymous
• shared/install: reduce scope of iterator variables
• systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23867)
• Update s390 udev rules conversion script to include the case when the legacy rule was also 41-* (bsc#1195247)
• Drop or soften some of the deprecation warnings (bsc#1193086)

The SUSE Linux Enterprise 15 SP3 kernel was updated.
The following security bugs were fixed:

• CVE-2022-0854: Fixed a memory leak flaw was found in the Linux kernels DMA subsystem. This flaw allowed a local user to read random memory from the kernel space. (bnc#1196823)
• CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197227)
• CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel. (bnc#1198031)
• CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel. (bnc#1198032)
• CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. (bnc#1198033)
• CVE-2022-1055: Fixed a use-after-free in tc_new_tfilter that could allow a local attacker to gain privilege escalation. (bnc#1197702)
• CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock. (bsc#1197331)
• CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file. (bnc#1197366)
• CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462)
• CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c. (bsc#1196761)
• CVE-2022-1199: Fixed null-ptr-deref and use-after-free vulnerabilities that allow an attacker to crash the linux kernel by simulating Amateur Radio. (bsc#1198028)
• CVE-2022-1205: Fixed null pointer dereference and use-after-free vulnerabilities that allow an attacker to crash the linux kernel by simulating Amateur Radio. (bsc#1198027)
• CVE-2022-1198: Fixed an use-after-free vulnerability that allow an attacker to crash the linux kernel by simulating Amateur Radio (bsc#1198030).
• CVE-2022-1195: Fixed an use-after-free vulnerability which could allow a local attacker with a user privilege to execute a denial of service. (bsc#1198029)
• CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bnc#1197343)

• ACPI / x86: Work around broken XSDT on Advantech DAC-BJ01 board (git-fixes).
• ACPI: APEI: fix return value of __setup handlers (git-fixes).
• ACPI: battery: Add device HID and quirk for Microsoft Surface Go 3 (git-fixes).
• ACPI: CPPC: Avoid out of bounds access when parsing _CPC data (git-fixes).
• ACPI: docs: enumeration: Discourage to use custom _DSM methods (git-fixes).
• ACPI: docs: enumeration: Remove redundant .owner assignment (git-fixes).
• ACPI: docs: enumeration: Update UART serial bus resource documentation (git-fixes).
• ACPI: properties: Consistently return -ENOENT if there are no more references (git-fixes).
• ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU (git-fixes).
• ALSA: cmipci: Restore aux vol on suspend/resume (git-fixes).
• ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction (git-fixes).
• ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (git-fixes).
• ALSA: hda/realtek: Add quirk for ASUS GA402 (git-fixes).
• ALSA: oss: Fix PCM OSS buffer allocation overflow (git-fixes).
• ALSA: pci: fix reading of swapped values from pcmreg in AC97 codec (git-fixes).
• ALSA: pcm: Add stream lock during PCM reset ioctl operations (git-fixes).
• ALSA: spi: Add check for clk_enable() (git-fixes).
• ALSA: usb-audio: Add mute TLV for playback volumes on RODE NT-USB (git-fixes).
• ASoC: atmel_ssc_dai: Handle errors for clk_enable (git-fixes).
• ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe (git-fixes).
• ASoC: codecs: wcd934x: Add missing of_node_put() in wcd934x_codec_parse_data (git-fixes).
• ASoC: codecs: wcd934x: fix return value of wcd934x_rx_hph_mode_put (git-fixes).
• ASoC: dmaengine: do not use a NULL prepare_slave_config() callback (git-fixes).
• ASoC: dwc-i2s: Handle errors for clk_enable (git-fixes).
• ASoC: fsi: Add check for clk_enable (git-fixes).
• ASoC: fsl_spdif: Disable TX clock when stop (git-fixes).
• ASoC: imx-es8328: Fix error return code in imx_es8328_probe() (git-fixes).
• ASoC: msm8916-wcd-analog: Fix error handling in pm8916_wcd_analog_spmi_probe (git-fixes).
• ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare() in msm8916_wcd_digital_probe (git-fixes).
• ASoC: mxs-saif: Handle errors for clk_enable (git-fixes).
• ASoC: mxs: Fix error handling in mxs_sgtl5000_probe (git-fixes).
• ASoC: rt5663: check the return value of devm_kzalloc() in rt5663_parse_dp() (git-fixes).
• ASoC: SOF: Add missing of_node_put() in imx8m_probe (git-fixes).
• ASoC: SOF: topology: remove redundant code (git-fixes).
• ASoC: sti: Fix deadlock via snd_pcm_stop_xrun() call (git-fixes).
• ASoC: ti: davinci-i2s: Add check for clk_enable() (git-fixes).
• ASoC: topology: Allow TLV control to be either read or write (git-fixes).
• ASoC: topology: Optimize soc_tplg_dapm_graph_elems_load behavior (git-fixes).
• ASoC: wm8350: Handle error for wm8350_register_irq (git-fixes).
• ASoC: xilinx: xlnx_formatter_pcm: Handle sysclk setting (git-fixes).
• ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32 (bsc#1196018).
• block: update io_ticks when io hang (bsc#1197817).
• block/wbt: fix negative inflight counter when remove scsi device (bsc#1197819).
• bpf: Fix comment for helper bpf_current_task_under_cgroup() (git-fixes).
• bpf: Remove config check to enable bpf support for branch records (git-fixes bsc#1177028).
• btrfs: avoid unnecessary lock and leaf splits when updating inode in the log (bsc#1194649).
• btrfs: avoid unnecessary log mutex contention when syncing log (bsc#1194649).
• btrfs: avoid unnecessary logging of xattrs during fast fsyncs (bsc#1194649).
• btrfs: check error value from btrfs_update_inode in tree log (bsc#1194649).
• btrfs: check if a log root exists before locking the log_mutex on unlink (bsc#1194649).
• btrfs: check if a log tree exists at inode_logged() (bsc#1194649).
• btrfs: do not commit delayed inode when logging a file in full sync mode (bsc#1194649).
• btrfs: do not log new dentries when logging that a new name exists (bsc#1194649).
• btrfs: eliminate some false positives when checking if inode was logged (bsc#1194649).
• btrfs: fix race leading to unnecessary transaction commit when logging inode (bsc#1194649).
• btrfs: fix race that causes unnecessary logging of ancestor inodes (bsc#1194649).
• btrfs: fix race that makes inode logging fallback to transaction commit (bsc#1194649).
• btrfs: fix race that results in logging old extents during a fast fsync (bsc#1194649).
• btrfs: fixup error handling in fixup_inode_link_counts (bsc#1194649).
• btrfs: remove no longer needed full sync flag check at inode_logged() (bsc#1194649).
• btrfs: Remove unnecessary check from join_running_log_trans (bsc#1194649).
• btrfs: remove unnecessary directory inode item update when deleting dir entry (bsc#1194649).
• btrfs: remove unnecessary list head initialization when syncing log (bsc#1194649).
• btrfs: skip unnecessary searches for xattrs when logging an inode (bsc#1194649).
• can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path (git-fixes).
• can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path (git-fixes).
• can: mcba_usb: properly check endpoint type (git-fixes).
• can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device when fully ready (git-fixes).
• cifs: use the correct max-length for dentry_path_raw() (bsc1196196).
• clk: actions: Terminate clk_div_table with sentinel element (git-fixes).
• clk: bcm2835: Remove unused variable (git-fixes).
• clk: clps711x: Terminate clk_div_table with sentinel element (git-fixes).
• clk: imx7d: Remove audio_mclk_root_clk (git-fixes).
• clk: Initialize orphan req_rate (git-fixes).
• clk: loongson1: Terminate clk_div_table with sentinel element (git-fixes).
• clk: nxp: Remove unused variable (git-fixes).
• clk: qcom: clk-rcg2: Update logic to calculate D value for RCG (git-fixes).
• clk: qcom: clk-rcg2: Update the frac table for pixel clock (git-fixes).
• clk: qcom: gcc-msm8994: Fix gpll4 width (git-fixes).
• clk: qcom: ipq8074: Use floor ops for SDCC1 clock (git-fixes).
• clk: tegra: tegra124-emc: Fix missing put_device() call in emc_ensure_emc_driver (git-fixes).
• clk: uniphier: Fix fixed-rate initialization (git-fixes).
• clocksource: acpi_pm: fix return value of __setup handler (git-fixes).
• clocksource/drivers/timer-of: Check return value of of_iomap in timer_of_base_init() (git-fixes).
• cpufreq: schedutil: Destroy mutex before kobject_put() frees (git-fixes)
• crypto: authenc - Fix sleep in atomic context in decrypt_tail (git-fixes).
• crypto: cavium/nitrox - do not cast parameter in bit operations (git-fixes).
• crypto: ccp - ccp_dmaengine_unregister release dma channels (git-fixes).
• crypto: ccree - do not attempt 0 len DMA mappings (git-fixes).
• crypto: mxs-dcp - Fix scatterlist processing (git-fixes).
• crypto: qat - do not cast parameter in bit operations (git-fixes).
• crypto: rsa-pkcs1pad - correctly get hash from source scatterlist (git-fixes).
• crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete() (git-fixes).
• crypto: rsa-pkcs1pad - restore signature length check (git-fixes).
• crypto: vmx - add missing dependencies (git-fixes).
• dma/pool: create dma atomic pool only if dma zone has managed pages (bsc#1197501).
• driver core: dd: fix return value of __setup handler (git-fixes).
• drm: add a locked version of drm_is_current_master (bsc#1197914).
• drm: bridge: adv7511: Fix ADV7535 HPD enablement (git-fixes).
• drm: drm_file struct kABI compatibility workaround (bsc#1197914).
• drm: protect drm_master pointers in drm_lease.c (bsc#1197914).
• drm: serialize drm_file.master with a new spinlock (bsc#1197914).
• drm: use the lookup lock in drm_is_current_master (bsc#1197914).
• drm/amd/display: Add affected crtcs to atomic state for dsc mst unplug (git-fixes).
• drm/amd/pm: return -ENOTSUPP if there is no get_dpm_ultimate_freq function (git-fixes).
• drm/bridge: dw-hdmi: use safe format when first in bridge chain (git-fixes).
• drm/bridge: nwl-dsi: Fix PM disable depth imbalance in nwl_dsi_probe (git-fixes).
• drm/doc: overview before functions for drm_writeback.c (git-fixes).
• drm/i915: Fix dbuf slice config lookup (git-fixes).
• drm/i915/gem: add missing boundary check in vm_access (git-fixes).
• drm/imx: parallel-display: Remove bus flags check in imx_pd_bridge_atomic_check() (git-fixes).
• drm/meson: Fix error handling when afbcd.ops->init fails (git-fixes).
• drm/meson: osd_afbcd: Add an exit callback to struct meson_afbcd_ops (git-fixes).
• drm/msm/dpu: add DSPP blocks teardown (git-fixes).
• drm/nouveau/acr: Fix undefined behavior in nvkm_acr_hsfw_load_bl() (git-fixes).
• drm/panel: simple: Fix Innolux G070Y2-L01 BPP settings (git-fixes).
• drm/vc4: crtc: Fix runtime_pm reference counting (git-fixes).
• drm/vc4: crtc: Make sure the HDMI controller is powered when disabling (git-fixes).
• drm/vrr: Set VRR capable prop only if it is attached to connector (git-fixes).
• ecryptfs: fix kernel panic with null dev_name (bsc#1197812).
• ecryptfs: Fix typo in message (bsc#1197811).
• ext2: correct max file size computing (bsc#1197820).
• firmware: google: Properly state IOMEM dependency (git-fixes).
• firmware: qcom: scm: Remove reassignment to desc following initializer (git-fixes).
• fscrypt: do not ignore minor_hash when hash is 0 (bsc#1197815).
• HID: multitouch: fix Dell Precision 7550 and 7750 button type (bsc#1197243).
• hwmon: (pmbus) Add mutex to regulator ops (git-fixes).
• hwmon: (pmbus) Add Vin unit off handling (git-fixes).
• hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING (git-fixes).
• hwrng: atmel - disable trng on failure path (git-fixes).
• i915_vma: Rename vma_lookup to i915_vma_lookup (git-fixes).
• ibmvnic: fix race between xmit and reset (bsc#1197302 ltc#197259).
• iio: accel: mma8452: use the correct logic to get mma8452_data (git-fixes).
• iio: adc: Add check for devm_request_threaded_irq (git-fixes).
• iio: afe: rescale: use s64 for temporary scale calculations (git-fixes).
• iio: inkern: apply consumer scale on IIO_VAL_INT cases (git-fixes).
• iio: inkern: apply consumer scale when no channel scale is available (git-fixes).
• iio: inkern: make a best effort on offset calculation (git-fixes).
• Input: aiptek - properly check endpoint type (git-fixes).
• iwlwifi: do not advertise TWT support (git-fixes).
• KVM: SVM: Do not flush cache if hardware enforces cache coherency across encryption domains (bsc#1178134).
• llc: fix netdevice reference leaks in llc_ui_bind() (git-fixes).
• mac80211: fix potential double free on mesh join (git-fixes).
• mac80211: refuse aggregations sessions before authorized (git-fixes).
• media: aspeed: Correct value for h-total-pixels (git-fixes).
• media: bttv: fix WARNING regression on tunerless devices (git-fixes).
• media: coda: Fix missing put_device() call in coda_get_vdoa_data (git-fixes).
• media: davinci: vpif: fix unbalanced runtime PM get (git-fixes).
• media: em28xx: initialize refcount before kref_get (git-fixes).
• media: hantro: Fix overfill bottom register field name (git-fixes).
• media: Revert 'media: em28xx: add missing em28xx_close_extension' (git-fixes).
• media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED (git-fixes).
• media: usb: go7007: s2250-board: fix leak in probe() (git-fixes).
• media: video/hdmi: handle short reads of hdmi info frame (git-fixes).
• membarrier: Execute SYNC_CORE on the calling thread (git-fixes)
• membarrier: Explicitly sync remote cores when SYNC_CORE is (git-fixes)
• memory: emif: Add check for setup_interrupts (git-fixes).
• memory: emif: check the pointer temp in get_device_details() (git-fixes).
• misc: alcor_pci: Fix an error handling path (git-fixes).
• misc: sgi-gru: Do not cast parameter in bit operations (git-fixes).
• mm_zone: add function to check if managed dma zone exists (bsc#1197501).
• mm: add vma_lookup(), update find_vma_intersection() comments (git-fixes).
• mm/page_alloc.c: do not warn allocation failure on zone DMA if no managed pages (bsc#1197501).
• mmc: davinci_mmc: Handle error for clk_enable (git-fixes).
• net: dsa: mv88e6xxx: override existent unicast portvec in port_fdb_add (git-fixes).
• net: enetc: initialize the RFS and RSS memories (git-fixes).
• net: hns3: add a check for tqp_index in hclge_get_ring_chain_from_mbx() (git-fixes).
• net: phy: broadcom: Fix brcm_fet_config_init() (git-fixes).
• net: phy: marvell: Fix invalid comparison in the resume and suspend functions (git-fixes).
• net: stmmac: set TxQ mode back to DCB after disabling CBS (git-fixes).
• net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc#1196018).
• net: watchdog: hold device global xmit lock during tx disable (git-fixes).
• net/smc: Fix loop in smc_listen (git-fixes).
• net/smc: fix using of uninitialized completions (git-fixes).
• net/smc: fix wrong list_del in smc_lgr_cleanup_early (git-fixes).
• net/smc: Make sure the link_id is unique (git-fixes).
• net/smc: Reset conn->lgr when link group registration fails (git-fixes).
• netfilter: conntrack: do not refresh sctp entries in closed state (bsc#1197389).
• netxen_nic: fix MSI/MSI-x interrupts (git-fixes).
• NFS: Avoid duplicate uncached readdir calls on eof (git-fixes).
• NFS: Do not report writeback errors in nfs_getattr() (git-fixes).
• NFS: Do not skip directory entries when doing uncached readdir (git-fixes).
• NFS: Ensure the server had an up to date ctime before hardlinking (git-fixes).
• NFS: Fix initialisation of nfs_client cl_flags field (git-fixes).
• NFS: LOOKUP_DIRECTORY is also ok with symlinks (git-fixes).
• NFS: Return valid errors from nfs2/3_decode_dirent() (git-fixes).
• NFS: Use of mapping_set_error() results in spurious errors (git-fixes).
• NFS: nfsd4_setclientid_confirm mistakenly expires confirmed client (git-fixes).
• NFS: do not retry BIND_CONN_TO_SESSION on session error (git-fixes).
• NFS: Fix another issue with a list iterator pointing to the head (git-fixes).
• nl80211: Update bss channel on channel switch for P2P_CLIENT (git-fixes).
• pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init (git-fixes).
• pinctrl: mediatek: paris: Fix 'argument' argument type for mtk_pinconf_get() (git-fixes).
• pinctrl: mediatek: paris: Fix pingroup pin config state readback (git-fixes).
• pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe (git-fixes).
• pinctrl: nuvoton: npcm7xx: Rename DS() macro to DSTR() (git-fixes).
• pinctrl: nuvoton: npcm7xx: Use %zu printk format for ARRAY_SIZE() (git-fixes).
• pinctrl: pinconf-generic: Print arguments for bias-pull-* (git-fixes).
• pinctrl: samsung: drop pin banks references on error paths (git-fixes).
• pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe (git-fixes).
• PM: hibernate: fix __setup handler error handling (git-fixes).
• PM: suspend: fix return value of __setup handler (git-fixes).
• powerpc/lib/sstep: Fix 'sthcx' instruction (bsc#1156395).
• powerpc/mm: Fix verification of MMU_FTR_TYPE_44x (bsc#1156395).
• powerpc/mm/numa: skip NUMA_NO_NODE onlining in parse_numa_properties() (bsc#1179639 ltc#189002 git-fixes).
• powerpc/perf: Do not use perf_hw_context for trace IMC PMU (bsc#1156395).
• powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729).
• powerpc/sysdev: fix incorrect use to determine if list is empty (bsc#1065729).
• powerpc/tm: Fix more userspace r13 corruption (bsc#1065729).
• powerpc/xive: fix return value of __setup handler (bsc#1065729).
• printk: Add panic_in_progress helper (bsc#1197894).
• printk: disable optimistic spin during panic (bsc#1197894).
• pwm: lpc18xx-sct: Initialize driver data and hardware before pwmchip_add() (git-fixes).
• regulator: qcom_smd: fix for_each_child.cocci warnings (git-fixes).
• remoteproc: qcom_wcnss: Add missing of_node_put() in wcnss_alloc_memory_region (git-fixes).
• remoteproc: qcom: Fix missing of_node_put in adsp_alloc_memory_region (git-fixes).
• s390/bpf: Perform r1 range checking before accessing jit->seen_reg (git-fixes).
• s390/gmap: do not unconditionally call pte_unmap_unlock() in __gmap_zap() (git-fixes).
• s390/gmap: validate VMA in __gmap_zap() (git-fixes).
• s390/hypfs: include z/VM guests with access control group set (bsc#1195640 LTC#196352).
• s390/kexec_file: fix error handling when applying relocations (git-fixes).
• s390/kexec: fix memory leak of ipl report buffer (git-fixes).
• s390/kexec: fix return code handling (git-fixes).
• s390/mm: fix VMA and page table handling code in storage key handling functions (git-fixes).
• s390/mm: validate VMA in PGSTE manipulation functions (git-fixes).
• s390/module: fix loading modules with a lot of relocations (git-fixes).
• s390/pci_mmio: fully validate the VMA before calling follow_pte() (git-fixes).
• scsi: lpfc: Copyright updates for 14.2.0.0 patches (bsc#1197675).
• scsi: lpfc: Drop lpfc_no_handler() (bsc#1197675).
• scsi: lpfc: Fix broken SLI4 abort path (bsc#1197675).
• scsi: lpfc: Fix locking for lpfc_sli_iocbq_lookup() (bsc#1197675).
• scsi: lpfc: Fix queue failures when recovering from PCI parity error (bsc#1197675 bsc#1196478).
• scsi: lpfc: Fix typos in comments (bsc#1197675).
• scsi: lpfc: Fix unload hang after back to back PCI EEH faults (bsc#1197675 bsc#1196478).
• scsi: lpfc: Improve PCI EEH Error and Recovery Handling (bsc#1197675 bsc#1196478).
• scsi: lpfc: Kill lpfc_bus_reset_handler() (bsc#1197675).
• scsi: lpfc: Reduce log messages seen after firmware download (bsc#1197675).
• scsi: lpfc: Remove failing soft_wwn support (bsc#1197675).
• scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled (bsc#1197675).
• scsi: lpfc: Remove redundant flush_workqueue() call (bsc#1197675).
• scsi: lpfc: SLI path split: Introduce lpfc_prep_wqe (bsc#1197675).
• scsi: lpfc: SLI path split: Refactor Abort paths (bsc#1197675).
• scsi: lpfc: SLI path split: Refactor base ELS paths and the FLOGI path (bsc#1197675).
• scsi: lpfc: SLI path split: Refactor BSG paths (bsc#1197675).
• scsi: lpfc: SLI path split: Refactor CT paths (bsc#1197675).
• scsi: lpfc: SLI path split: Refactor fast and slow paths to native SLI4 (bsc#1197675).
• scsi: lpfc: SLI path split: Refactor FDISC paths (bsc#1197675).
• scsi: lpfc: SLI path split: Refactor lpfc_iocbq (bsc#1197675).
• scsi: lpfc: SLI path split: Refactor LS_ACC paths (bsc#1197675).
• scsi: lpfc: SLI path split: Refactor LS_RJT paths (bsc#1197675).
• scsi: lpfc: SLI path split: Refactor misc ELS paths (bsc#1197675).
• scsi: lpfc: SLI path split: Refactor PLOGI/PRLI/ADISC/LOGO paths (bsc#1197675).
• scsi: lpfc: SLI path split: Refactor SCSI paths (bsc#1197675).
• scsi: lpfc: SLI path split: Refactor the RSCN/SCR/RDF/EDC/FARPR paths (bsc#1197675).
• scsi: lpfc: SLI path split: Refactor VMID paths (bsc#1197675).
• scsi: lpfc: Update lpfc version to 14.2.0.0 (bsc#1197675).
• scsi: lpfc: Update lpfc version to 14.2.0.1 (bsc#1197675).
• scsi: lpfc: Use fc_block_rport() (bsc#1197675).
• scsi: lpfc: Use kcalloc() (bsc#1197675).
• scsi: lpfc: Use rport as argument for lpfc_chk_tgt_mapped() (bsc#1197675).
• scsi: lpfc: Use rport as argument for lpfc_send_taskmgmt() (bsc#1197675).
• scsi: qla2xxx: Fix crash during module load unload test (bsc#1197661).
• scsi: qla2xxx: Fix disk failure to rediscover (bsc#1197661).
• scsi: qla2xxx: Fix hang due to session stuck (bsc#1197661).
• scsi: qla2xxx: Fix incorrect reporting of task management failure (bsc#1197661).
• scsi: qla2xxx: Fix laggy FC remote port session recovery (bsc#1197661).
• scsi: qla2xxx: Fix loss of NVMe namespaces after driver reload test (bsc#1197661).
• scsi: qla2xxx: Fix missed DMA unmap for NVMe ls requests (bsc#1197661).
• scsi: qla2xxx: Fix N2N inconsistent PLOGI (bsc#1197661).
• scsi: qla2xxx: Fix stuck session of PRLI reject (bsc#1197661).
• scsi: qla2xxx: Fix typos in comments (bsc#1197661).
• scsi: qla2xxx: Increase max limit of ql2xnvme_queues (bsc#1197661).
• scsi: qla2xxx: Reduce false trigger to login (bsc#1197661).
• scsi: qla2xxx: Stop using the SCSI pointer (bsc#1197661).
• scsi: qla2xxx: Update version to 10.02.07.400-k (bsc#1197661).
• scsi: qla2xxx: Use correct feature type field during RFF_ID processing (bsc#1197661).
• scsi: qla2xxx: Use named initializers for port_state_str (bsc#1197661).
• scsi: qla2xxx: Use named initializers for q_dev_state (bsc#1197661).
• serial: 8250_lpss: Balance reference count for PCI DMA device (git-fixes).
• serial: 8250_mid: Balance reference count for PCI DMA device (git-fixes).
• serial: 8250: Fix race condition in RTS-after-send handling (git-fixes).
• serial: core: Fix the definition name in the comment of UPF_* flags (git-fixes).
• soc: qcom: aoss: remove spurious IRQF_ONESHOT flags (git-fixes).
• soc: qcom: rpmpd: Check for null return of devm_kcalloc (git-fixes).
• soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe (git-fixes).
• soundwire: intel: fix wrong register name in intel_shim_wake (git-fixes).
• spi: pxa2xx-pci: Balance reference count for PCI DMA device (git-fixes).
• spi: tegra114: Add missing IRQ check in tegra_spi_probe (git-fixes).
• staging:iio:adc:ad7280a: Fix handing of device address bit reversing (git-fixes).
• tcp: add some entropy in __inet_hash_connect() (bsc#1180153).
• tcp: change source port randomizarion at connect() time (bsc#1180153).
• thermal: int340x: Check for NULL after calling kmemdup() (git-fixes).
• thermal: int340x: Increase bitmap size (git-fixes).
• udp_tunnel: Fix end of loop test in udp_tunnel_nic_unregister() (git-fixes).
• Update config files (bsc#1195926 bsc#1175667). VIRTIO_PCI=m -> VIRTIO_PCI=y
• usb: bdc: Adb shows offline after resuming from S2 (git-fixes).
• usb: bdc: Fix a resource leak in the error handling path of 'bdc_probe()' (git-fixes).
• usb: bdc: Fix unused assignment in bdc_probe() (git-fixes).
• usb: bdc: remove duplicated error message (git-fixes).
• usb: bdc: Use devm_clk_get_optional() (git-fixes).
• usb: bdc: use devm_platform_ioremap_resource() to simplify code (git-fixes).
• usb: dwc3: gadget: Use list_replace_init() before traversing lists (git-fixes).
• usb: dwc3: qcom: add IRQ check (git-fixes).
• usb: gadget: bdc: use readl_poll_timeout() to simplify code (git-fixes).
• usb: gadget: Fix use-after-free bug by not setting udc->dev.driver (git-fixes).
• usb: gadget: rndis: prevent integer overflow in rndis_set_response() (git-fixes).
• usb: usbtmc: Fix bug in pipe direction for control transfers (git-fixes).
• VFS: filename_create(): fix incorrect intent (bsc#1197534).
• video: fbdev: atmel_lcdfb: fix an error code in atmel_lcdfb_probe() (git-fixes).
• video: fbdev: controlfb: Fix COMPILE_TEST build (git-fixes).
• video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name() (git-fixes).
• video: fbdev: matroxfb: set maxvram of vbG200eW to the same as vbG200 to avoid black screen (git-fixes).
• video: fbdev: matroxfb: set maxvram of vbG200eW to the same as vbG200 to avoid black screen (git-fixes).
• video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of (git-fixes).
• video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() (git-fixes).
• VMCI: Fix the description of vmci_check_host_caps() (git-fixes).
• vsprintf: Fix %pK with kptr_restrict == 0 (bsc#1197889).
• wireguard: queueing: use CFI-safe ptr_ring cleanup function (git-fixes).
• wireguard: selftests: rename DEBUG_PI_LIST to DEBUG_PLIST (git-fixes).
• wireguard: socket: free skb in send6 when ipv6 is disabled (git-fixes).
• wireguard: socket: ignore v6 endpoints when ipv6 is disabled (git-fixes).
• x86/cpu: Add hardware-enforced cache coherency as a CPUID feature (bsc#1178134).
• x86/mm/pat: Do not flush cache if hardware enforces cache coherency across encryption domnains (bsc#1178134).
• x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT (bsc#1178134).
• x86/speculation: Warn about Spectre v2 LFENCE mitigation (bsc#1178134).
• xhci: fix garbage USBSTS being logged in some cases (git-fixes).

This update for grub2 fixes the following issues:

• Fix grub-install error when efi system partition is created as mdadm software raid1 device. (bsc#1179981, bsc#1195204)
• Fix error in grub-install when linux root device is on lvm thin volume. (bsc#1192622, bsc#1191974)

This update for lvm2 fixes the following issues:

• udev: create symlinks and watch even in suspended state (bsc#1195231)

This update for libtirpc fixes the following issues:

• Add option to enforce connection via protocol version 2 first (bsc#1196647)

This update for e2fsprogs fixes the following issues:

• Add support for 'libreadline7' for Leap. (bsc#1196939)

This update for openldap2 fixes the following issues:

• allow specification of max/min TLS version with TLS1.3 (bsc#1191157)
• libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004)
• restore CLDAP functionality in CLI tools (jsc#PM-3288)

This update for gcc11 fixes the following issues:

• Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107]
• Fixed memory corruption when creating dependences with the D language frontend.
• Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628]
• Put libstdc++6-pp Requires on the shared library and drop to Recommends.

This update for cifs-utils fixes the following issues:

• CVE-2022-27239: Fixed a buffer overflow in the command line ip option (bsc#1197216).

This update for systemd-presets-common-SUSE fixes the following issue:

• enable vgauthd service for VMWare by default (bsc#1195251)

This update for perl fixes the following issues:

• Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489)

This update for glib2 fixes the following issues:

• CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533).

This update for google-guest-agent, google-guest-configs, google-guest-oslogin, google-osconfig-agent fixes the following issues:

• Update to version 20220204.00. (bsc#1195437, bsc#1195438) * remove han from owners (#154) * Remove extra slash from metadata URL. (#151)
• from version 20220104.00 * List IPv6 routes (#150)
• from version 20211228.00 * add add or remove route integration test, utils (#147)
• from version 20211214.00 * add malformed ssh key unit test (#142)

• Update to version 20220211.00. (bsc#1195437, bsc#1195438) * Set NVMe-PD IO timeout to 4294967295. (#32)

• Update to version 20220205.00. (bsc#1195437, bsc#1195438) * Fix build for EL9. (#82)
• from version 20211213.00 * Reauth error (#81)
• Rename Source0 field to Source
• Update URL in Source field to point to upstream tarball

• Update to version 20220209.00 (bsc#1195437, bsc#1195438) * Update licences, remove deprecated centos-8 tests (#414)

• Update to version 20220204.00 * Add DisableLocalLogging option (#413)
• from version 20220107.00 * OS assignment example: Copy file from bucket

This update for xen fixes the following issues:

• CVE-2022-26356: Fixed potential race conditions in dirty memory tracking that could cause a denial of service in the host (bsc#1197423).
• CVE-2022-26357: Fixed a potential race condition in memory cleanup for hosts using VT-d IOMMU hardware, which could lead to a denial of service in the host (bsc#1197425).
• CVE-2022-26358,CVE-2022-26359,CVE-2022-26360,CVE-2022-26361: Fixed various memory corruption issues for hosts using VT-d or AMD-Vi IOMMU hardware. These could be leveraged by an attacker to cause a denial of service in the host (bsc#1197426).

This update for ruby2.5 fixes the following issues:

• CVE-2022-28739: Fixed a buffer overrun in String-to-Float conversion (bsc#1198441).
• CVE-2021-41817: Fixed a regular expression denial of service in Date Parsing Methods (bsc#1193035).
• CVE-2021-32066: Fixed a StartTLS stripping vulnerability in Net:IMAP (bsc#1188160).
• CVE-2021-31810: Fixed a trusting FTP PASV responses vulnerability in Net:FTP (bsc#1188161).
• CVE-2021-31799: Fixed a command injection vulnerability in RDoc (bsc#1190375).

This update for dracut fixes the following issues:

• fix(dracut-install): copy files preserving ownership attributes (bsc#1197967)
• fix(dracut-systemd): do not require vconsole-setup.service (bsc#1195508)
• fix(dracut-functions.sh): ip route parsing (bsc#1195011)

This update for tar fixes the following issues:

• CVE-2021-20193: Fixed a memory leak in read_header() in list.c (bsc#1181131).
• CVE-2019-9923: Fixed a null-pointer dereference in pax_decode_header in sparse.c (bsc#1130496).
• CVE-2018-20482: Fixed infinite read loop in sparse_dump_region in sparse.c (bsc#1120610).

• Update to GNU tar 1.34: * Fix extraction over pipe * Fix memory leak in read_header (CVE-2021-20193) (bsc#1181131) * Fix extraction when . and .. are unreadable * Gracefully handle duplicate symlinks when extracting * Re-initialize supplementary groups when switching to user privileges

• Update to GNU tar 1.33: * POSIX extended format headers do not include PID by default * --delay-directory-restore works for archives with reversed member ordering * Fix extraction of a symbolic link hardlinked to another symbolic link * Wildcards in exclude-vcs-ignore mode don't match slash * Fix the --no-overwrite-dir option * Fix handling of chained renames in incremental backups * Link counting works for file names supplied with -T * Accept only position-sensitive (file-selection) options in file list files

• prepare usrmerge (bsc#1029961)

• Update to GNU 1.32 * Fix the use of --checkpoint without explicit --checkpoint-action * Fix extraction with the -U option * Fix iconv usage on BSD-based systems * Fix possible NULL dereference (savannah bug #55369) [bsc#1130496] [CVE-2019-9923] * Improve the testsuite

• Update to GNU 1.31 * Fix heap-buffer-overrun with --one-top-level, bug introduced with the addition of that option in 1.28 * Support for zstd compression * New option '--zstd' instructs tar to use zstd as compression program. When listing, extractng and comparing, zstd compressed archives are recognized automatically. When '-a' option is in effect, zstd compression is selected if the destination archive name ends in '.zst' or '.tzst'. * The -K option interacts properly with member names given in the command line. Names of members to extract can be specified along with the '-K NAME' option. In this case, tar will extract NAME and those of named members that appear in the archive after it, which is consistent with the semantics of the option. Previous versions of tar extracted NAME, those of named members that appeared before it, and everything after it. * Fix CVE-2018-20482 - When creating archives with the --sparse option, previous versions of tar would loop endlessly if a sparse file had been truncated while being archived.

This update for ldb fixes the following issues:

• Update to version 2.4.2 - CVE-2021-3670: Fixed an issue where the LDAP server MaxQueryDuration value would not be honoured (bsc#1198397).

This update for rsyslog fixes the following issues:

• CVE-2022-24903: Fixed potential heap buffer overflow in modules for TCP syslog reception (bsc#1199061).

This update for gzip fixes the following issues:

• CVE-2022-1271: Fix escaping of malicious filenames. (bsc#1198062)

This update for systemd fixes the following issues:

• tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090)
• journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114)
• tmpfiles: constify item_compatible() parameters
• test tmpfiles: add a test for 'w+'
• test: add test checking tmpfiles conf file precedence
• journald: make use of CLAMP() in cache_space_refresh()
• journal-file: port journal_file_open() to openat_report_new()
• fs-util: make sure openat_report_new() initializes return param also on shortcut
• fs-util: fix typos in comments
• fs-util: add openat_report_new() wrapper around openat()

SUSE-IU-2022:480-1

This update for procps fixes the following issues:

• Stop registering signal handler for SIGURG, to avoid `ps` failure if someone sends such signal. Without the signal handler, SIGURG will just be ignored. (bsc#1195468)

This update for open-iscsi fixes the following issue:

• Update to latest upstream, including test cleanup, minor bug fixes (cosmetic), and fixing iscsi-init (bsc#1195656).

This update for expat fixes the following issues:

• Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784).

This update for chrony fixes the following issues:
Chrony was updated to 4.1, bringing features and bugfixes.
Update to 4.1
* Add support for NTS servers specified by IP address (matching Subject Alternative Name in server certificate) * Add source-specific configuration of trusted certificates * Allow multiple files and directories with trusted certificates * Allow multiple pairs of server keys and certificates * Add copy option to server/pool directive * Increase PPS lock limit to 40% of pulse interval * Perform source selection immediately after loading dump files * Reload dump files for addresses negotiated by NTS-KE server * Update seccomp filter and add less restrictive level * Restart ongoing name resolution on online command * Fix dump files to not include uncorrected offset * Fix initstepslew to accept time from own NTP clients * Reset NTP address and port when no longer negotiated by NTS-KE server

• Ensure the correct pool packages are installed for openSUSE and SLE (bsc#1180689).
• Fix pool package dependencies, so that SLE prefers chrony-pool-suse over chrony-pool-empty. (bsc#1194229)

• Enable syscallfilter unconditionally [bsc#1181826].

• By default we don't write log files but log to journald, so only recommend logrotate.

• Adjust and rename the sysconfig file, so that it matches the expectations of chronyd.service (bsc#1173277).

• Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075)

• Use iburst in the default pool statements to speed up initial synchronisation (bsc#1172113).

• Add support for more accurate reading of PHC on Linux 5.0
• Add support for hardware timestamping on interfaces with read-only timestamping configuration
• Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris
• Update seccomp filter to work on more architectures
• Validate refclock driver options
• Fix bindaddress directive on FreeBSD
• Fix transposition of hardware RX timestamp on Linux 4.13 and later
• Fix building on non-glibc systems

• Fix location of helper script in chrony-dnssrv@.service (bsc#1128846).

• Read runtime servers from /var/run/netconfig/chrony.servers to fix bsc#1099272.
• Move chrony-helper to /usr/lib/chrony/helper, because there should be no executables in /usr/share.

This update for openssl-1_1 fixes the following issues:
openssl-1_1:

• Fix PAC pointer authentication in ARM (bsc#1195856)
• Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792)
• FIPS: Fix function and reason error codes (bsc#1182959)
• Enable zlib compression support (bsc#1195149)

• Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1

• Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1

• Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1

• Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1

This update for openldap2 fixes the following issue:

• Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression (bsc#1197004)

This update for python-jsonschema, python-rfc3987, python-strict-rfc3339 fixes the following issues:

• Add patch to fix build with new webcolors.

• update to version 3.2.0 (jsc#SLE-18756): * Added a format_nongpl setuptools extra, which installs only format dependencies that are non-GPL (#619).

• specfile: * require python-importlib-metadata
• update to version 3.1.1: * Temporarily revert the switch to js-regex until #611 and #612 are resolved.
• changes from version 3.1.0: - Regular expressions throughout schemas now respect the ECMA 262 dialect, as recommended by the specification (#609).

• Activate more of the test suite
• Remove tests and benchmarking from the runtime package
• Update to v3.0.2 - Fixed a bug where 0 and False were considered equal by const and enum
• from v3.0.1 - Fixed a bug where extending validators did not preserve their notion of which validator property contains $id information.

• Update to 3.0.1: - Support for Draft 6 and Draft 7 - Draft 7 is now the default - New TypeChecker object for more complex type definitions (and overrides) - Falling back to isodate for the date-time format checker is no longer attempted, in accordance with the specification

• Use %license instead of %doc (bsc#1082318)

• Remove hashbang from runtime module
• Replace PyPI URL with https://github.com/dgerber/rfc3987
• Activate doctests

• Add missing runtime dependency on timezone
• Replace dead link with GitHub URL
• Activate test suite

• Trim bias from descriptions.

• Initial commit, needed by flex

This update for avahi fixes the following issues:

• Change python3-Twisted to a soft dependency. It is not available on SLED or PackageHub, and it is only needed by avahi-bookmarks (bsc#1196282)
• Fix warning when Twisted is not available
• Have python3-avahi require python3-dbus-python, not the python 2 dbus-1-python package (bsc#1195614)
• Ensure that NetworkManager or wicked have already started before initializing (bsc#1194561)
• Move sftp-ssh and ssh services to the doc directory. They allow a host's up/down status to be easily discovered and should not be enabled by default (bsc#1179060)

This update for util-linux fixes the following issues:

• Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642)
• Make uuidd lock state file usable and time based UUIDs safer. (bsc#1194642)
• Fix `su -s` bash completion. (bsc#1172427)

This update for filesystem and systemd-rpm-macros fixes the following issues:
filesystem:

• Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639)

• Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406)

This update for xen fixes the following issues:
Update Xen to version 4.14.4 (bsc#1027519)
Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated.
Security issues fixed:

• CVE-2022-0001, CVE-2022-0002, CVE-2021-26401: BHB speculation issues (bsc#1196915).

• Fixed issue around xl and virsh operation - virsh list not giving any output (bsc#1191668).

This update for python3 fixes the following issues:

• CVE-2021-3572: Fixed an improper handling of unicode characters in pip (bsc#1186819).

This update for bind fixes the following issues:

• CVE-2021-25220: Fixed a DNS cache poisoning vulnerability due to loose caching rules (bsc#1197135).

This update for sudo fixes the following issues:

• Fix user set timeout not being honored (bsc#1193446)

This update for chrony fixes the following issues:

• Disable 'ntsdumpdir' in default config, because augeas-lenses cannot parse it during installation of SUSE Linux Enterprise Micro 5.1 and openSUSE Leap 15.3 (bsc#1194220).

The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

• CVE-2022-25636: Fixed an issue which allowed a local users to gain privileges because of a heap out-of-bounds write in nf_dup_netdev.c, related to nf_tables_offload (bsc#1196299).
• CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could trigger crash the system or corrupt system memory (bsc#1196830).
• CVE-2022-0487: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove() in drivers/memstick/host/rtsx_usb_ms.c (bsc#1194516).
• CVE-2022-24448: Fixed an issue if an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612).
• CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079)
• CVE-2022-0644: Fixed a denial of service by a local user. A assertion failure could be triggered in kernel_read_file_from_fd(). (bsc#1196155)
• CVE-2022-25258: The USB Gadget subsystem lacked certain validation of interface OS descriptor requests, which could have lead to memory corruption (bsc#1196096).
• CVE-2022-24958: drivers/usb/gadget/legacy/inode.c mishandled dev->buf release (bsc#1195905).
• CVE-2022-24959: Fixed a memory leak in yam_siocdevprivate() in drivers/net/hamradio/yam.c (bsc#1195897).
• CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987).
• CVE-2021-0920: Fixed a local privilege escalation due to a use-after-free vulnerability in unix_scm_to_skb of af_unix (bsc#1193731).
• CVE-2021-39657: Fixed an information leak in the Universal Flash Storage subsystem (bsc#1193864).
• CVE-2022-26966: Fixed an issue in drivers/net/usb/sr9700.c, which allowed attackers to obtain sensitive information from heap memory via crafted frame lengths from a device (bsc#1196836).
• CVE-2021-39698: Fixed a possible memory corruption due to a use after free in aio_poll_complete_work. This could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1196956)
• CVE-2021-45402: The check_alu_op function in kernel/bpf/verifier.c did not properly update bounds while handling the mov32 instruction, which allowed local users to obtain potentially sensitive address information (bsc#1196130).
• CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have lead to read/write access to memory pages or denial of service. These issues are related to the Xen PV device frontend drivers. (bsc#1196488)

• ALSA: intel_hdmi: Fix reference to PCM buffer address (git-fixes).
• ARM: 9182/1: mmu: fix returns from early_param() and __setup() functions (git-fixes).
• ARM: Fix kgdb breakpoint for Thumb2 (git-fixes).
• ASoC: cs4265: Fix the duplicated control name (git-fixes).
• ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min (git-fixes).
• ASoC: rt5668: do not block workqueue if card is unbound (git-fixes).
• ASoC: rt5682: do not block workqueue if card is unbound (git-fixes).
• Bluetooth: btusb: Add missing Chicony device for Realtek RTL8723BE (bsc#1196779).
• EDAC/altera: Fix deferred probing (bsc#1178134).
• EDAC: Fix calculation of returned address and next offset in edac_align_ptr() (bsc#1178134).
• HID: add mapping for KEY_ALL_APPLICATIONS (git-fixes).
• HID: add mapping for KEY_DICTATE (git-fixes).
• Hand over the maintainership to SLE15-SP3 maintainers
• IB/hfi1: Correct guard on eager buffer deallocation (git-fixes).
• IB/hfi1: Fix early init panic (git-fixes).
• IB/hfi1: Fix leak of rcvhdrtail_dummy_kvaddr (git-fixes).
• IB/hfi1: Insure use of smp_processor_id() is preempt disabled (git-fixes).
• IB/rdmavt: Validate remote_addr during loopback atomic tests (git-fixes).
• Input: clear BTN_RIGHT/MIDDLE on buttonpads (git-fixes).
• Input: elan_i2c - fix regulator enable count imbalance after suspend/resume (git-fixes).
• Input: elan_i2c - move regulator_[en|dis]able() out of elan_[en|dis]able_power() (git-fixes).
• NFC: port100: fix use-after-free in port100_send_complete (git-fixes).
• RDMA/bnxt_re: Scan the whole bitmap when checking if 'disabling RCFW with pending cmd-bit' (git-fixes).
• RDMA/cma: Do not change route.addr.src_addr outside state checks (bsc#1181147).
• RDMA/cma: Let cma_resolve_ib_dev() continue search even after empty entry (git-fixes).
• RDMA/cma: Remove open coding of overflow checking for private_data_len (git-fixes).
• RDMA/core: Do not infoleak GRH fields (git-fixes).
• RDMA/core: Let ib_find_gid() continue search even after empty entry (git-fixes).
• RDMA/cxgb4: Set queue pair state when being queried (git-fixes).
• RDMA/hns: Validate the pkey index (git-fixes).
• RDMA/ib_srp: Fix a deadlock (git-fixes).
• RDMA/mlx4: Do not continue event handler after memory allocation failure (git-fixes).
• RDMA/rtrs-clt: Fix possible double free in error case (jsc#SLE-15176).
• RDMA/rxe: Fix a typo in opcode name (git-fixes).
• RDMA/siw: Fix broken RDMA Read Fence/Resume logic (git-fixes).
• RDMA/uverbs: Check for null return of kmalloc_array (git-fixes).
• RDMA/uverbs: Remove the unnecessary assignment (git-fixes).
• Revert 'USB: serial: ch341: add new Product ID for CH341A' (git-fixes).
• SUNRPC: avoid race between mod_timer() and del_timer_sync() (bnc#1195403).
• USB: gadget: validate endpoint index for xilinx udc (git-fixes).
• USB: gadget: validate interface OS descriptor requests (git-fixes).
• USB: hub: Clean up use of port initialization schemes and retries (git-fixes).
• USB: serial: option: add Telit LE910R1 compositions (git-fixes).
• USB: serial: option: add support for DW5829e (git-fixes).
• USB: zaurus: support another broken Zaurus (git-fixes).
• arm64: dts: rockchip: Switch RK3399-Gru DP to SPDIF output (git-fixes).
• asix: fix uninit-value in asix_mdio_read() (git-fixes).
• ata: pata_hpt37x: disable primary channel on HPT371 (git-fixes).
• ax25: Fix NULL pointer dereference in ax25_kill_by_device (git-fixes).
• batman-adv: Do not expect inter-netns unique iflink indices (git-fixes).
• batman-adv: Request iflink once in batadv-on-batadv check (git-fixes).
• batman-adv: Request iflink once in batadv_get_real_netdevice (git-fixes).
• blk-mq: do not free tags if the tag_set is used by other device in queue initialztion (bsc#1193787).
• bnxt_en: Fix active FEC reporting to ethtool (jsc#SLE-16649).
• bnxt_en: Fix incorrect multicast rx mask setting when not requested (git-fixes).
• bnxt_en: Fix occasional ethtool -t loopback test failures (git-fixes).
• bnxt_en: Fix offline ethtool selftest with RDMA enabled (git-fixes).
• bonding: force carrier update when releasing slave (git-fixes).
• build initrd without systemd This reduces the size of the initrd by over 25%, which improves startup time of the virtual machine by 0.5-0.6s on very fast machines, more on slower ones.
• can: gs_usb: change active_channels's type from atomic_t to u8 (git-fixes).
• cgroup-v1: Correct privileges check in release_agent writes (bsc#1196723).
• cgroup/cpuset: Fix 'suspicious RCU usage' lockdep warning (bsc#1196868).
• clk: jz4725b: fix mmc0 clock gating (git-fixes).
• constraints: Also adjust disk requirement for x86 and s390.
• constraints: Increase disk space for aarch64
• cpufreq: schedutil: Use kobject release() method to free (git-fixes)
• cpuset: Fix the bug that subpart_cpus updated wrongly in update_cpumask() (bsc#1196866).
• cputime, cpuacct: Include guest time in user time in (git-fixes)
• dma-direct: Fix potential NULL pointer dereference (bsc#1196472 ltc#192278).
• dma-mapping: Allow mixing bypass and mapped DMA operation (bsc#1196472 ltc#192278).
• dmaengine: shdma: Fix runtime PM imbalance on error (git-fixes).
• drm/amdgpu: disable MMHUB PG for Picasso (git-fixes).
• drm/edid: Always set RGB444 (git-fixes).
• drm/i915/dg1: Wait for pcode/uncore handshake at startup (bsc#1195211).
• drm/i915/gen11+: Only load DRAM information from pcode (bsc#1195211).
• drm/i915: Nuke not needed members of dram_info (bsc#1195211).
• drm/i915: Remove memory frequency calculation (bsc#1195211).
• drm/i915: Rename is_16gb_dimm to wm_lv_0_adjust_needed (bsc#1195211).
• drm/sun4i: mixer: Fix P010 and P210 format numbers (git-fixes).
• efivars: Respect 'block' flag in efivar_entry_set_safe() (git-fixes).
• exfat: fix i_blocks for files truncated over 4 GiB (git-fixes).
• exfat: fix incorrect loading of i_blocks for large files (git-fixes).
• firmware: arm_scmi: Remove space in MODULE_ALIAS name (git-fixes).
• fix rpm build warning tumbleweed rpm is adding these warnings to the log: It's not recommended to have unversioned Obsoletes: Obsoletes: microcode_ctl
• gianfar: ethtool: Fix refcount leak in gfar_get_ts_info (git-fixes).
• gpio: rockchip: Reset int_bothedge when changing trigger (git-fixes).
• gpio: tegra186: Fix chip_data type confusion (git-fixes).
• gpio: ts4900: Do not set DAT and OE together (git-fixes).
• gpiolib: acpi: Convert ACPI value of debounce to microseconds (git-fixes).
• gtp: remove useless rcu_read_lock() (git-fixes).
• hamradio: fix macro redefine warning (git-fixes).
• i2c: bcm2835: Avoid clock stretching timeouts (git-fixes).
• iavf: Fix missing check for running netdev (git-fixes).
• ice: initialize local variable 'tlv' (jsc#SLE-12878).
• igc: igc_read_phy_reg_gpy: drop premature return (git-fixes).
• igc: igc_write_phy_reg_gpy: drop premature return (git-fixes).
• iio: Fix error handling for PM (git-fixes).
• iio: adc: ad7124: fix mask used for setting AIN_BUFP & AIN_BUFM bits (git-fixes).
• iio: adc: men_z188_adc: Fix a resource leak in an error handling path (git-fixes).
• ixgbe: xsk: change !netif_carrier_ok() handling in ixgbe_xmit_zc() (git-fixes).
• kernel-binary.spec.in: Move 20-kernel-default-extra.conf to the correctr directory (bsc#1195051).
• kernel-binary.spec: Also exclude the kernel signing key from devel package. There is a check in OBS that fails when it is included. Also the key is not reproducible. Fixes: bb988d4625a3 ('kernel-binary: Do not include sourcedir in certificate path.')
• kernel-binary.spec: Do not use the default certificate path (bsc#1194943). Using the the default path is broken since Linux 5.17
• kernel-binary: Do not include sourcedir in certificate path. The certs macro runs before build directory is set up so it creates the aggregate of supplied certificates in the source directory. Using this file directly as the certificate in kernel config works but embeds the source directory path in the kernel config. To avoid this symlink the certificate to the build directory and use relative path to refer to it. Also fabricate a certificate in the same location in build directory when none is provided.
• kernel-obs-build: include 9p (boo#1195353) To be able to share files between host and the qemu vm of the build script, the 9p and 9p_virtio kernel modules need to be included in the initrd of kernel-obs-build.
• mac80211: fix forwarded mesh frames AC & queue selection (git-fixes).
• mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work (git-fixes).
• mac80211_hwsim: report NOACK frames in tx_status (git-fixes).
• mask out added spinlock in rndis_params (git-fixes).
• mmc: meson: Fix usage of meson_mmc_post_req() (git-fixes).
• net/mlx5: Fix possible deadlock on rule deletion (git-fixes).
• net/mlx5: Fix wrong limitation of metadata match on ecpf (git-fixes).
• net/mlx5: Update the list of the PCI supported devices (git-fixes).
• net/mlx5: Update the list of the PCI supported devices (git-fixes).
• net/mlx5e: Fix modify header actions memory leak (git-fixes).
• net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468).
• net/mlx5e: Fix wrong return value on ioctl EEPROM query failure (git-fixes).
• net/mlx5e: TC, Reject rules with drop and modify hdr action (git-fixes).
• net/mlx5e: TC, Reject rules with forward and drop actions (git-fixes).
• net/mlx5e: kTLS, Use CHECKSUM_UNNECESSARY for device-offloaded packets (jsc#SLE-15172).
• net/sched: act_ct: Fix flow table lookup after ct clear or switching zones (jsc#SLE-15172).
• net: dsa: mv88e6xxx: MV88E6097 does not support jumbo configuration (git-fixes).
• net: ethernet: ti: cpsw: disable PTPv1 hw timestamping advertisement (git-fixes).
• net: fix up skbs delta_truesize in UDP GRO frag_list (bsc#1176447).
• net: hns3: Clear the CMDQ registers before unmapping BAR region (git-fixes).
• net: phy: DP83822: clear MISR2 register to disable interrupts (git-fixes).
• net: sfc: Replace in_interrupt() usage (git-fixes).
• net: tipc: validate domain record count on input (bsc#1195254).
• net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990 (git-fixes).
• netfilter: nf_tables: fix memory leak during stateful obj update (bsc#1176447).
• netsec: ignore 'phy-mode' device property on ACPI systems (git-fixes).
• nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac() (git-fixes).
• nl80211: Handle nla_memdup failures in handle_nan_filter (git-fixes).
• ntb: intel: fix port config status offset for SPR (git-fixes).
• nvme-multipath: use vmalloc for ANA log buffer (bsc#1193787).
• nvme-rdma: fix possible use-after-free in transport error_recovery work (git-fixes).
• nvme-tcp: fix possible use-after-free in transport error_recovery work (git-fixes).
• nvme: fix a possible use-after-free in controller reset during load (git-fixes).
• powerpc/dma: Fallback to dma_ops when persistent memory present (bsc#1196472 ltc#192278). Update config files.
• powerpc/fadump: register for fadump as early as possible (bsc#1179439 ltc#190038).
• powerpc/mm: Remove dcache flush from memory remove (bsc#1196433 ltc#196449).
• powerpc/powernv/memtrace: Fix dcache flushing (bsc#1196433 ltc#196449).
• powerpc/pseries/iommu: Fix window size for direct mapping with pmem (bsc#1196472 ltc#192278).
• rpm/*.spec.in: Use https:// urls
• rpm/arch-symbols,guards,*driver: Replace Novell with SUSE.
• rpm/check-for-config-changes: Ignore PAHOLE_VERSION.
• rpm/kernel-docs.spec.in: use %%license for license declarations Limited to SLE15+ to avoid compatibility nightmares.
• rpm/kernel-source.spec.in: call fdupes per subpackage It is a waste of time to do a global fdupes when we have subpackages.
• rpm: SC2006: Use $(...) notation instead of legacy backticked `...`.
• sched/core: Mitigate race (git-fixes)
• scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() (git-fixes).
• scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (git-fixes).
• scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write() (git-fixes).
• scsi: nsp_cs: Check of ioremap return value (git-fixes).
• scsi: qedf: Fix potential dereference of NULL pointer (git-fixes).
• scsi: smartpqi: Add PCI IDs (bsc#1196627).
• scsi: ufs: Fix race conditions related to driver data (git-fixes).
• selftests: mlxsw: tc_police_scale: Make test more robust (bsc#1176774).
• soc: fsl: Correct MAINTAINERS database (QUICC ENGINE LIBRARY) (git-fixes).
• soc: fsl: Correct MAINTAINERS database (SOC) (git-fixes).
• soc: fsl: qe: Check of ioremap return value (git-fixes).
• spi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op() (git-fixes).
• sr9700: sanity check for packet length (bsc#1196836).
• staging: gdm724x: fix use after free in gdm_lte_rx() (git-fixes).
• tracing: Fix return value of __setup handlers (git-fixes).
• tty: n_gsm: fix encoding of control signal octet bit DV (git-fixes).
• tty: n_gsm: fix proper link termination after failed open (git-fixes).
• usb: dwc2: Fix Stalling a Non-Isochronous OUT EP (git-fixes).
• usb: dwc2: gadget: Fix GOUTNAK flow for Slave mode (git-fixes).
• usb: dwc2: gadget: Fix kill_all_requests race (git-fixes).
• usb: dwc2: use well defined macros for power_down (git-fixes).
• usb: dwc3: gadget: Let the interrupt handler disable bottom halves (git-fixes).
• usb: dwc3: meson-g12a: Disable the regulator in the error handling path of the probe (git-fixes).
• usb: dwc3: pci: Fix Bay Trail phy GPIO mappings (git-fixes).
• usb: gadget: rndis: add spinlock for rndis response list (git-fixes).
• usb: host: xen-hcd: add missing unlock in error path (git-fixes).
• usb: hub: Fix locking issues with address0_mutex (git-fixes).
• usb: hub: Fix usb enumeration issue due to address0 race (git-fixes).
• vrf: Fix fast path output packet handling with async Netfilter rules (git-fixes).
• xen/usb: do not use gnttab_end_foreign_access() in xenhcd_gnttab_done() (bsc#1196488, XSA-396).
• xhci: Prevent futile URB re-submissions due to incorrect return value (git-fixes).
• xhci: re-initialize the HC during resume if HCE was set (git-fixes).

This update for protobuf fixes the following issues:

• CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258).

This update for pam fixes the following issues:

• Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093)
• Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024)

This update for zlib fixes the following issues:

• CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459).

This update for yaml-cpp fixes the following issues:

• CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227).
• CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230).
• CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004).
• CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021).

This update for aaa_base fixes the following issues:

• Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883)
• Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library

This update for util-linux fixes the following issue:

• Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642)

This update for timezone fixes the following issues:

• timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data

This update for supportutils fixes the following issues:

• Add command `blkid`
• Add email.txt based on OPTION_EMAIL (bsc#1189028)
• Add rpcinfo -p output #116
• Add s390x specific files and output
• Add shared memory as a log directory for emergency use (bsc#1190943)
• Fix cron package for RPM validation (bsc#1190315)
• Fix for invalid argument during updates (bsc#1193204)
• Fix iscsi initiator name (bsc#1195797)
• Improve `lsblk` readability with `--ascsi` option
• Include 'multipath -t' output in mpio.txt
• Include /etc/sssd/conf.d configuration files
• Include udev rules in /lib/udev/rules.d/
• Made /proc directory and network names spaces configurable (bsc#1193868)
• Prepare future installation of binaries to /usr/sbin instead of /sbin. This does not affect SUSE Linux Enterprise 15 Serivce Pack 3 and 4 (bsc#1191096)
• Move localmessage/warm logs out of messages.txt to new localwarn.txt
• Optimize configuration files
• Remove chronyc DNS lookups with -n switch (bsc#1193732)
• Remove duplicate commands in network.txt
• Remove duplicate firewalld status output
• getappcore identifies compressed core files (bsc#1191794)

This update for nfs-utils fixes the following issues:

• Ensure `sloppy` is added correctly for newer kernels. (bsc#1197297) * This is required for kernels since 5.6 (like in SUSE Linux Enterprise 15 SP4), and it's safe for all kernels.
• Fix the source build with new `glibc` like in SUSE Linux Enterprise 15 SP4. (bsc#1197788)

This update for kdump fixes the following issues:

• Fix return code when no watchdog sysfs entry is found (bsc#1197069)
• Add watchdog modules to kdump initrd to ensure kernel crash dumps are properly collected before a machine is rebooted by a watchdog (bsc#1189923)

SUSE-IU-2022:359-1

This update for libeconf fixes the following issue:

• Solve a downgrade issue between SUSE Linux Enterprise SP3 and lower (bsc#1188348)

This update for rsyslog fixes the following issues:

• update config example in remote.conf to match upstream documentation (bsc#1194669)

This update for yast2-network fixes the following issues:

• Don't crash at the end of installation when storing wifi configuration for NetworkManager. (bsc#1187512)

This update for supportutils-plugin-suse-public-cloud fixes the following issues:

• Update to version 1.0.6 (bsc#1195095, bsc#1195096) - Include cloud-init logs whenever they are present - Update the packages we track in AWS, Azure, and Google - Include the ecs logs for AWS ECS instances

This update for filesystem fixes the following issues:

• Release ported filesystem to LTSS channels (bsc#1190447).

This update for conmon, libcontainers-common, libseccomp, podman fixes the following issues:
podman was updated to 3.4.4.
Security issues fixed:

• fix CVE-2021-41190 [bsc#1193273], opencontainers: OCI manifest and index parsing confusion
• fix CVE-2021-4024 [bsc#1193166], podman machine spawns gvproxy with port binded to all IPs
• fix CVE-2021-20199 [bsc#1181640], Remote traffic to rootless containers is seen as orginating from localhost

• Add: Provides: podman:/usr/bin/podman-remote subpackage for a clearer upgrade path from podman < 3.1.2

• Update to version 3.4.3:

• Update to version 3.4.2:

• Update to version 3.2.2: * Bump to v3.2.2 * fix systemcontext to use correct TMPDIR * Scrub podman commands to use report package * Fix volumes with uid and gid options * Vendor in c/common v0.38.11 * Initial release notes for v3.2.2 * Fix restoring of privileged containers * Fix handling of podman-remote build --device * Add support for podman remote build -f - . * Fix panic condition in cgroups.getAvailableControllers * Fix permissions on initially created named volumes * Fix building static podman-remote * add correct slirp ip to /etc/hosts * disable tty-size exec checks in system tests * Fix resize race with podman exec -it * Fix documentation of the --format option of podman push * Fix systemd-resolved detection. * Health Check is not handled in the compat LibpodToContainerJSON * Do not use inotify for OCICNI * getContainerNetworkInfo: lock netNsCtr before sync * [NO TESTS NEEDED] Create /etc/mtab with the correct ownership * Create the /etc/mtab file if does not exists * [v3.2] cp: do not allow dir->file copying * create: support images with invalid platform * vendor containers/common@v0.38.10 * logs: k8s-file: restore poll sleep * logs: k8s-file: fix spurious error logs * utils: move message from warning to debug * Bump to v3.2.2-dev

• Update to version 3.2.1: * Bump to v3.2.1 * Updated release notes for v3.2.1 * Fix network connect race with docker-compose * Revert 'Ensure minimum API version is set correctly in tests' * Fall back to string for dockerfile parameter * remote events: fix --stream=false * [CI:DOCS] fix incorrect network remove api doc * remote: always send resize before the container starts * remote events: support labels * remote pull: cancel pull when connection is closed * Fix network prune api docs * Improve systemd-resolved detection * logs: k8s-file: fix race * Fix image prune --filter cmd behavior * Several shell completion fixes * podman-remote build should handle -f option properly * System tests: deal with crun 0.20.1 * Fix build tags for pkg/machine... * Fix pre-checkpointing * container: ignore named hierarchies * [v3.2] vendor containers/common@v0.38.9 * rootless: fix fast join userns path * [v3.2] vendor containers/common@v0.38.7 * [v3.2] vendor containers/common@v0.38.6 * Correct qemu options for Intel macs * Ensure minimum API version is set correctly in tests * Bump to v3.2.1-dev

• Update to version 3.2.0: * Bump to v3.2.0 * Fix network create macvlan with subnet option * Final release notes updates for v3.2.0 * add ipv6 nameservers only when the container has ipv6 enabled * Use request context instead of background * [v.3.2] events: support disjunctive filters * System tests: add :Z to volume mounts * generate systemd: make mounts portable * vendor containers/storage@v1.31.3 * vendor containers/common@v0.38.5 * Bump to v3.2.0-dev * Bump to v3.2.0-RC3 * Update release notes for v3.2.0-RC3 * Fix race on podman start --all * Fix race condition in running ls container in a pod * docs: --cert-dir: point to containers-certs.d(5) * Handle hard links in different directories * Improve OCI Runtime error * Handle hard links in remote builds * Podman info add support for status of cgroup controllers * Drop container does not exist on removal to debugf * Downgrade API service routing table logging * add libimage events * docs: generate systemd: XDG_RUNTIME_DIR * Fix problem copying files when container is in host pid namespace * Bump to v3.2.0-dev * Bump to v3.2.0-RC2 * update c/common * Update Cirrus DEST_BRANCH to v3.2 * Updated vendors of c/image, c/storage, Buildah * Initial release notes for v3.2.0-RC2 * Add script for identifying commits in release branches * Add host.containers.internal entry into container's etc/hosts * image prune: remove unused images only with `--all` * podman network reload add rootless support * Use more recent `stale` release... * network tutorial: update with rootless cni changes * [CI:DOCS] Update first line in intro page * Use updated VM images + updated automation tooling * auto-update service: prune images * make vendor * fix system upgrade tests * Print 'extracting' only on compressed file * podman image tree: restore previous behavior * fix network restart always test * fix incorrect log driver in podman container image * Add support for cli network prune --filter flag * Move filter parsing to common utils * Bump github.com/containers/storage from 1.30.2 to 1.30.3 * Update nix pin with `make nixpkgs` * [CI:DOCS] hack/bats - new helper for running system tests * fix restart always with slirp4netns * Bump github.com/opencontainers/runc from 1.0.0-rc93 to 1.0.0-rc94 * Bump github.com/coreos/go-systemd/v22 from 22.3.1 to 22.3.2 * Add host.serviceIsRemote to podman info results * Add client disconnect to build handler loop * Remove obsolete skips * Fix podman-remote build --rm=false ... * fix: improved 'containers/{name}/wait' endpoint * Bump github.com/containers/storage from 1.30.1 to 1.30.2 * Add envars to the generated systemd unit * fix: use UTC Time Stamps in response JSON * fix container startup for empty pidfile * Kube like pods should share ipc,net,uts by default * fix: compat API 'images/get' for multiple images * Revert escaped double dash man page flag syntax * Report Download complete in Compatibility mode * Add documentation on short-names * Bump github.com/docker/docker * Adds support to preserve auto update labels in generate and play kube * [CI:DOCS] Stop conversion of `--` into en dash * Revert Patch to relabel if selinux not enabled * fix per review request * Add support for environment variable secrets * fix pre review request * Fix infinite loop in isPathOnVolume * Add containers.conf information for changing defaults * CI: run rootless tests under ubuntu * Fix wrong macvlan PNG in networking doc. * Add restart-policy to container filters & --filter to podman start * Fixes docker-compose cannot set static ip when use ipam * channel: simplify implementation * build: improve regex for iidfile * Bump github.com/onsi/gomega from 1.11.0 to 1.12.0 * cgroup: fix rootless --cgroup-parent with pods * fix: docker APIv2 `images/get` * codespell cleanup * Minor podmanimage docs updates. * Fix handling of runlabel IMAGE and NAME * Bump to v3.2.0-dev * Bump to v3.2.0-rc1 * rootless: improve automatic range split * podman: set volatile storage flag for --rm containers * Bump github.com/onsi/ginkgo from 1.16.1 to 1.16.2 * Bump github.com/containers/image/v5 from 5.11.1 to 5.12.0 * migrate Podman to containers/common/libimage * Add filepath glob support to --security-opt unmask * Force log_driver to k8s-file for containers in containers * add --mac-address to podman play kube * compat api: Networks must be empty instead of null * System tests: honor $OCI_RUNTIME (for CI) * is this a bug? * system test image: add arm64v8 image * Fix troubleshooting documentation on handling sublemental groups. * Add --all to podman start * Fix variable reference typo. in multi-arch image action * cgroup: always honor --cgroup-parent with cgroupfs * Bump github.com/uber/jaeger-client-go * Don't require tests for github-actions & metadata * Detect if in podman machine virtual vm * Fix multi-arch image workflow typo * [CI:DOCS] Add titles to remote docs (windows) * Remove unused VolumeList* structs * Cirrus: Update F34beta -> F34 * Update container image docs + fix unstable execution * Bump github.com/containers/storage from 1.30.0 to 1.30.1 * TODO complete * Docker returns 'die' status rather then 'died' status * Check if another VM is running on machine start * [CI:DOCS] Improve titles of command HTML pages * system tests: networking: fix another race condition * Use seccomp_profile as default profile if defined in containers.conf * Bump github.com/json-iterator/go from 1.1.10 to 1.1.11 * Vendored * Autoupdate local label functional * System tests: fix two race conditions * Add more documentation on conmon * Allow docker volume create API to pass without name * Cirrus: Update Ubuntu images to 21.04 * Skip blkio-weight test when no kernel BFQ support * rootless: Tell the user what was led to the error, not just what it is * Add troubleshooting advice about the --userns option. * Fix images prune filter until * Fix logic for pushing stable multi-arch images * Fixes generate kube incorrect when bind-mounting '/' and '/root' * libpod/image: unit tests: don't use system's registries.conf.d * runtime: create userns when CAP_SYS_ADMIN is not present * rootless: attempt to copy current mappings first * [CI:DOCS] Restore missing content to manpages * [CI:DOCS] Fix Markdown layout bugs * Fix podman ps --filter ancestor to match exact ImageName/ImageID * Add machine-enabled to containers.conf for machine * Several multi-arch image build/push fixes * Add podman run --timeout option * Parse slirp4netns net options with compat api * Fix rootlesskit port forwarder with custom slirp cidr * Fix removal race condition in ListContainers * Add github-action workflow to build/push multi-arch * rootless: if root is not sub?id raise a debug message * Bump github.com/containers/common from 0.36.0 to 0.37.0 * Add go template shell completion for --format * Add --group-add keep-groups: suplimentary groups into container * Fixes from make codespell * Typo fix to usage text of --compress option * corrupt-image test: fix an oops * Add --noheading flag to all list commands * Bump github.com/containers/storage from 1.29.0 to 1.30.0 * Bump github.com/containers/image/v5 from 5.11.0 to 5.11.1 * [CI:DOCS] Fix Markdown table layout bugs * podman-remote should show podman.sock info * rmi: don't break when the image is missing a manifest * [CI:DOCS] Rewrite --uidmap doc in podman-create.1.md and podman-run.1.md * Add support for CDI device configuration * [CI:DOCS] Add missing dash to verbose option * Bump github.com/uber/jaeger-client-go * Remove an advanced layer diff function * Ensure mount destination is clean, no trailing slash * add it for inspect pidfile * [CI:DOCS] Fix introduction page typo * support pidfile on container restore * fix start it * skip pidfile test on remote * improve document * set pidfile default value int containerconfig * add pidfile in inspection * add pidfile it for container start * skip pidfile it on remote * Modify according to comments * WIP: drop test requirement * runtime: bump required conmon version * runtime: return findConmon to libpod * oci: drop ExecContainerCleanup * oci: use `--full-path` option for conmon * use AttachSocketPath when removing conmon files * hide conmon-pidfile flag on remote mode * Fix possible panic in libpod/image/prune.go * add --ip to podman play kube * add flag autocomplete * add ut * add flag '--pidfile' for podman create/run * Add network bindings tests: remove and list * Fix build with GO111MODULE=off * system tests: build --pull-never: deal with flakes * compose test: diagnose flakes v3 * podman play kube apply correct log driver * Fixes podman-remote save to directories does not work * Bump github.com/rootless-containers/rootlesskit from 0.14.1 to 0.14.2 * Update documentation of podman-run to reflect volume 'U' option * Fix flake on failed podman-remote build : try 2 * compose test: ongoing efforts to diagnose flakes * Test that we don't error out on advertised --log-level values * At trace log level, print error text using %+v instead of %v * pkg/errorhandling.JoinErrors: don't throw away context for lone errors * Recognize --log-level=trace * Fix flake on failed podman-remote build * System tests: fix racy podman-inspect * Fixes invalid expression in save command * Bump github.com/containers/common from 0.35.4 to 0.36.0 * Update nix pin with `make nixpkgs` * compose test: try to get useful data from flakes * Remove in-memory state implementation * Fix message about runtime to show only the actual runtime * System tests: setup: better cleanup of stray images * Bump github.com/containers/ocicrypt from 1.1.0 to 1.1.1 * Reflect current state of prune implementation in docs * Do not delete container twice * [CI:DOCS] Correct status code for /pods/create * vendor in containers/storage v1.29.0 * cgroup: do not set cgroup parent when rootless and cgroupfs * Overhaul Makefile binary and release worflows * Reorganize Makefile with sections and guide * Simplify Makefile help target * Don't shell to obtain current directory * Remove unnecessary/not-needed release.txt target * Fix incorrect version number output * Exclude .gitignore from test req. * Fix handling of $NAME and $IMAGE in runlabel * Update podman image Dockerfile to support Podman in container * Bump github.com/containers/image/v5 from 5.10.5 to 5.11.0 * Fix slashes in socket URLs * Add network prune filters support to bindings * Add support for play/generate kube volumes * Update manifest API endpoints * Fix panic when not giving a machine name for ssh * cgroups: force 64 bits to ParseUint * Bump k8s.io/api from 0.20.5 to 0.21.0 * [CI:DOCS] Fix formatting of podman-build man page * buildah-bud tests: simplify * Add missing return * Bump github.com/onsi/ginkgo from 1.16.0 to 1.16.1 * speed up CI handling of images * Volumes prune endpoint should use only prune filters * Cirrus: Use Fedora 34beta images * Bump go.sum + Makefile for golang 1.16 * Exempt Makefile changes from test requirements * Adjust libpod API Container Wait documentation to the code * [CI:DOCS] Update swagger definition of inspect manifest * use updated ubuntu images * podman unshare: add --rootless-cni to join the ns * Update swagger-check * swagger: remove name wildcards * Update buildah-bud diffs * Handle podman-remote --arch, --platform, --os * buildah-bud tests: handle go pseudoversions, plus... * Fix flaking rootless compose test * rootless cni add /usr/sbin to PATH if not present * System tests: special case for RHEL: require runc * Add --requires flag to podman run/create * [CI:DOCS] swagger-check: compare operations * [CI:DOCS] Polish swagger OpertionIDs * [NO TESTS NEEDED] Update nix pin with `make nixpkgs` * Ensure that `--userns=keep-id` sets user in config * [CI:DOCS] Set all operation id to be compatibile * Move operationIds to swagger:operation line * swagger: add operationIds that match with docker * Cirrus: Make use of shared get_ci_vm container * Don't relabel volumes if running in a privileged container * Allow users to override default storage opts with --storage-opt * Add support for podman --context default * Verify existence of auth file if specified * fix machine naming conventions * Initial network bindings tests * Update release notes to indicate CVE fix * Move socket activation check into init() and set global condition. * Bump github.com/onsi/ginkgo from 1.15.2 to 1.16.0 * Http api tests for network prune with until filter * podman-run.1.md, podman-create.1.md : Adjust Markdown layout for --userns * Fix typos --uidmapping and --gidmapping * Add transport and destination info to manifest doc * Bump github.com/rootless-containers/rootlesskit from 0.14.0 to 0.14.1 * Add default template functions * Fix missing podman-remote build options * Bump github.com/coreos/go-systemd/v22 from 22.3.0 to 22.3.1 * Add ssh connection to root user * Add rootless docker-compose test to the CI * Use the slrip4netns dns in the rootless cni ns * Cleanup the rootless cni namespace * Add new docker-compose test for two networks * Make the docker-compose test work rootless * Remove unused rootless-cni-infra container files * Only use rootless RLK when the container has ports * Fix dnsname test * Enable rootless network connect/disconnect * Move slirp4netns functions into an extra file * Fix pod infra container cni network setup * Add rootless support for cni and --uidmap * rootless cni without infra container * Recreate until container prune tests for bindings * Remove --execute from podman machine ssh * Fixed podman-remote --network flag * Makefile: introduce install.docker-full * Makefile: ensure install.docker creates BINDIR * Fix unmount doc reference in image.rst * Should send the OCI runtime path not just the name to buildah * podman machine shell completion * Fix handling of remove --log-rusage param * Fix bindings prune containers flaky test * [CI:DOCS] Add local html build info to docs/README.md * Add podman machine list * Trim white space from /top endpoint results * Remove semantic version suffices from API calls * podman machine init --ignition-path * Document --volume from podman-remote run/create client * Update main branch to reflect the release of v3.1.0 * Silence podman network reload errors with iptables-nft * Containers prune endpoint should use only prune filters * resolve proper aarch64 image names * APIv2 basic test: relax APIVersion check * Add machine support for qemu-system-aarch64 * podman machine init user input * manpage xref: helpful diagnostic for unescaped dash-dash * Bump to v3.2.0-dev * swagger: update system version response body * buildah-bud tests: reenable pull-never test * [NO TESTS NEEDED] Shrink the size of podman-remote * Add powershell completions * [NO TESTS NEEDED] Drop Warning to Info, if cgroups not mounted * Fix long option format on docs.podman.io * system tests: friendier messages for 2-arg is() * service: use LISTEN_FDS * man pages: correct seccomp-policy label * rootless: use is_fd_inherited * podman generate systemd --new do not duplicate params * play kube: add support for env vars defined from secrets * play kube: support optional/mandatory env var from config map * play kube: prepare supporting other env source than config maps * Add machine support for more Linux distros * [NO TESTS NEEDED] Use same function podman-remote rmi as podman * Podman machine enhancements * Add problematic volume name to kube play error messages * Fix podman build --pull-never * [NO TESTS NEEDED] Fix for kernel without CONFIG_USER_NS * [NO TESTS NEEDED] Turn on podman-remote build --isolation * Fix list pods filter handling in libpod api * Remove resize race condition * [NO TESTS NEEDED] Vendor in containers/buildah v1.20.0 * Use TMPDIR when commiting images * Add RequiresMountsFor= to systemd generate * Bump github.com/vbauerster/mpb/v6 from 6.0.2 to 6.0.3 * Fix swapped dimensions from terminal.GetSize * Rename podman machine create to init and clean up * Correct json field name * system tests: new interactive tests * Improvements for machine * libpod/image: unit tests: use a `registries.conf` for aliases * libpod/image: unit tests: defer cleanup * libpod/image: unit tests: use `require.NoError` * Add --execute flag to podman machine ssh * introduce podman machine * Podman machine CLI and interface stub * Support multi doc yaml for generate/play kube * Fix filters in image http compat/libpod api endpoints * Bump github.com/containers/common from 0.35.3 to 0.35.4 * Bump github.com/containers/storage from 1.28.0 to 1.28.1 * Check if stdin is a term in --interactive --tty mode * [NO TESTS NEEDED] Remove /tmp/containers-users-* files on reboot * [NO TESTS NEEDED] Fix rootless volume plugins * Ensure manually-created volumes have correct ownership * Bump github.com/rootless-containers/rootlesskit * Unification of until filter across list/prune endpoints * Unification of label filter across list/prune endpoints * fixup * fix: build endpoint for compat API * [CI:DOCS] Add note to mappings for user/group userns in build * Bump k8s.io/api from 0.20.1 to 0.20.5 * Validate passed in timezone from tz option * WIP: run buildah bud tests using podman * Fix containers list/prune http api filter behaviour * Generate Kubernetes PersistentVolumeClaims from named volumes

• Update to version 3.1.2: * Bump to v3.1.2 * Update release notes for v3.1.2 * Ensure mount destination is clean, no trailing slash * Fixes podman-remote save to directories does not work * [CI:DOCS] Add missing dash to verbose option * [CI:DOCS] Fix Markdown table layout bugs * [CI:DOCS] Rewrite --uidmap doc in podman-create.1.md and podman-run.1.md * rmi: don't break when the image is missing a manifest * Bump containers/image to v5.11.1 * Bump github.com/coreos/go-systemd from 22.2.0 to 22.3.1 * Fix lint * Bump to v3.1.2-dev
• Split podman-remote into a subpackage
• Add missing scriptlets for systemd units
• Escape macros in comments
• Drop some obsolete workarounds, including %{go_nostrip}

• Update to version 3.1.1: * Bump to v3.1.1 * Update release notes for v3.1.1 * podman play kube apply correct log driver * Fix build with GO111MODULE=off * [CI:DOCS] Set all operation id to be compatibile * Move operationIds to swagger:operation line * swagger: add operationIds that match with docker * Fix missing podman-remote build options * [NO TESTS NEEDED] Shrink the size of podman-remote * Move socket activation check into init() and set global condition. * rootless: use is_fd_inherited * Recreate until container prune tests for bindings * System tests: special case for RHEL: require runc * Document --volume from podman-remote run/create client * Containers prune endpoint should use only prune filters * Trim white space from /top endpoint results * Fix unmount doc reference in image.rst * Fix handling of remove --log-rusage param * Makefile: introduce install.docker-full * Makefile: ensure install.docker creates BINDIR * Should send the OCI runtime path not just the name to buildah * Fixed podman-remote --network flag * podman-run.1.md, podman-create.1.md : Adjust Markdown layout for --userns * Fix typos --uidmapping and --gidmapping * Add default template functions * Don't relabel volumes if running in a privileged container * Allow users to override default storage opts with --storage-opt * Add transport and destination info to manifest doc * Verify existence of auth file if specified * Ensure that `--userns=keep-id` sets user in config * [CI:DOCS] Update swagger definition of inspect manifest * Volumes prune endpoint should use only prune filters * Adjust libpod API Container Wait documentation to the code * Add missing return * [CI:DOCS] Fix formatting of podman-build man page * cgroups: force 64 bits to ParseUint * Fix slashes in socket URLs * [CI:DOCS] Correct status code for /pods/create * cgroup: do not set cgroup parent when rootless and cgroupfs * Reflect current state of prune implementation in docs * Do not delete container twice * Test that we don't error out on advertised --log-level values * At trace log level, print error text using %+v instead of %v * pkg/errorhandling.JoinErrors: don't throw away context for lone errors * Recognize --log-level=trace * Fix message about runtime to show only the actual runtime * Fix handling of $NAME and $IMAGE in runlabel * Fix flake on failed podman-remote build : try 2 * Fix flake on failed podman-remote build * Update documentation of podman-run to reflect volume 'U' option * Fixes invalid expression in save command * Fix possible panic in libpod/image/prune.go * Update all containers/ project vendors * Fix tests * Bump to v3.1.1-dev

• Update to version 3.1.0: * Bump to v3.1.0 * Fix test failure * Update release notes for v3.1.0 final release * [NO TESTS NEEDED] Turn on podman-remote build --isolation * Fix long option format on docs.podman.io * Fix containers list/prune http api filter behaviour * [CI:DOCS] Add note to mappings for user/group userns in build * Validate passed in timezone from tz option * Generate Kubernetes PersistentVolumeClaims from named volumes * libpod/image: unit tests: use a `registries.conf` for aliases
• Require systemd 241 or newer due to podman dependency go-systemd v22, otherwise build will fail with unknown C name errors

• Create docker subpackage to allow replacing docker with corresponding aliases to podman.

• Update to v3.0.1 * Changes - Several frequently-occurring WARN level log messages have been downgraded to INFO or DEBUG to not clutter terminal output.

• Update to v2.2.1 * Changes - Due to a conflict with a previously-removed field, we were forced to modify the way image volumes (mounting images into containers using --mount type=image) were handled in the database. As a result, containers created in Podman 2.2.0 with image volume will not have them in v2.2.1, and these containers will need to be re-created. * Bugfixes - Fixed a bug where rootless Podman would, on systems without the XDG_RUNTIME_DIR environment variable defined, use an incorrect path for the PID file of the Podman pause process, causing Podman to fail to start (#8539). - Fixed a bug where containers created using Podman v1.7 and earlier were unusable in Podman due to JSON decode errors (#8613). - Fixed a bug where Podman could retrieve invalid cgroup paths, instead of erroring, for containers that were not running. - Fixed a bug where the podman system reset command would print a warning about a duplicate shutdown handler being registered. - Fixed a bug where rootless Podman would attempt to mount sysfs in circumstances where it was not allowed; some OCI runtimes (notably crun) would fall back to alternatives and not fail, but others (notably runc) would fail to run containers. - Fixed a bug where the podman run and podman create commands would fail to create containers from untagged images (#8558). - Fixed a bug where remote Podman would prompt for a password even when the server did not support password authentication (#8498). - Fixed a bug where the podman exec command did not move the Conmon process for the exec session into the correct cgroup. - Fixed a bug where shell completion for the ancestor option to podman ps --filter did not work correctly. - Fixed a bug where detached containers would not properly clean themselves up (or remove themselves if --rm was set) if the Podman command that created them was invoked with --log-level=debug. * API - Fixed a bug where the Compat Create endpoint for Containers did not properly handle the Binds and Mounts parameters in HostConfig. - Fixed a bug where the Compat Create endpoint for Containers ignored the Name query parameter. - Fixed a bug where the Compat Create endpoint for Containers did not properly handle the 'default' value for NetworkMode (this value is used extensively by docker-compose) (#8544). - Fixed a bug where the Compat Build endpoint for Images would sometimes incorrectly use the target query parameter as the image's tag. * Misc - Podman v2.2.0 vendored a non-released, custom version of the github.com/spf13/cobra package; this has been reverted to the latest upstream release to aid in packaging. - Updated the containers/image library to v5.9.0

• Update to v2.2.0 * Features - Experimental support for shortname aliasing has been added. This is not enabled by default, but can be turned on by setting the environment variable CONTAINERS_SHORT_NAME_ALIASING to on. Documentation is available here and here. - Initial support has been added for the podman network connect and podman network disconnect commands, which allow existing containers to modify what networks they are connected to. At present, these commands can only be used on running containers that did not specify --network=none when they were created. - The podman run command now supports the --network-alias option to set network aliases (additional names the container can be accessed at from other containers via DNS if the dnsname CNI plugin is in use). Aliases can also be added and removed using the new podman network connect and podman network disconnect commands. Please note that this requires a new release (v1.1.0) of the dnsname plugin, and will only work on newly-created CNI networks. - The podman generate kube command now features support for exporting container's memory and CPU limits (#7855). - The podman play kube command now features support for setting CPU and Memory limits for containers (#7742). - The podman play kube command now supports persistent volumes claims using Podman named volumes. - The podman play kube command now supports Kubernetes configmaps via the --configmap option (#7567). - The podman play kube command now supports a --log-driver option to set the log driver for created containers. - The podman play kube command now supports a --start option, enabled by default, to start the pod after creating it. This allows for podman play kube to be more easily used in systemd unitfiles. - The podman network create command now supports the --ipv6 option to enable dual-stack IPv6 networking for created networks (#7302). - The podman inspect command can now inspect pods, networks, and volumes, in addition to containers and images (#6757). - The --mount option for podman run and podman create now supports a new type, image, to mount the contents of an image into the container at a given location. - The Bash and ZSH completions have been completely reworked and have received significant enhancements! Additionally, support for Fish completions and completions for the podman-remote executable have been added. - The --log-opt option for podman create and podman run now supports the max-size option to set the maximum size for a container's logs (#7434). - The --network option to the podman pod create command now allows pods to be configured to use slirp4netns networking, even when run as root (#6097). - The podman pod stop, podman pod pause, podman pod unpause, and podman pod kill commands now work on multiple containers in parallel and should be significantly faster. - The podman search command now supports a --list-tags option to list all available tags for a single image in a single repository. - The podman search command can now output JSON using the --format=json option. - The podman diff and podman mount commands now work with all containers in the storage library, including those not created by Podman. This allows them to be used with Buildah and CRI-O containers. - The podman container exists command now features a --external option to check if a container exists not just in Podman, but also in the storage library. This will allow Podman to identify Buildah and CRI-O containers. - The --tls-verify and --authfile options have been enabled for use with remote Podman. - The /etc/hosts file now includes the container's name and hostname (both pointing to localhost) when the container is run with --net=none (#8095). - The podman events command now supports filtering events based on the labels of the container they occurred on using the --filter label=key=value option. - The podman volume ls command now supports filtering volumes based on their labels using the --filter label=key=value option. - The --volume and --mount options to podman run and podman create now support two new mount propagation options, unbindable and runbindable. - The name and id filters for podman pod ps now match based on a regular expression, instead of requiring an exact match. - The podman pod ps command now supports a new filter status, that matches pods in a certain state. * Changes - The podman network rm --force command will now also remove pods that are using the network (#7791). - The podman volume rm, podman network rm, and podman pod rm commands now return exit code 1 if the object specified for removal does not exist, and exit code 2 if the object is in use and the --force option was not given. - If /dev/fuse is passed into Podman containers as a device, Podman will open it before starting the container to ensure that the kernel module is loaded on the host and the device is usable in the container. - Global Podman options that were not supported with remote operation have been removed from podman-remote (e.g. --cgroup-manager, --storage-driver). - Many errors have been changed to remove repetition and be more clear as to what has gone wrong. - The --storage option to podman rm is now enabled by default, with slightly changed semantics. If the given container does not exist in Podman but does exist in the storage library, it will be removed even without the --storage option. If the container exists in Podman it will be removed normally. The --storage option for podman rm is now deprecated and will be removed in a future release. - The --storage option to podman ps has been renamed to --external. An alias has been added so the old form of the option will continue to work. - Podman now delays the SIGTERM and SIGINT signals during container creation to ensure that Podman is not stopped midway through creating a container resulting in potential resource leakage (#7941). - The podman save command now strips signatures from images it is exporting, as the formats we export to do not support signatures (#7659). - A new Degraded state has been added to pods. Pods that have some, but not all, of their containers running are now considered to be Degraded instead of Running. - Podman will now print a warning when conflicting network options related to port forwarding (e.g. --publish and --net=host) are specified when creating a container. - The --restart on-failure and --rm options for containers no longer conflict. When both are specified, the container will be restarted if it exits with a non-zero error code, and removed if it exits cleanly (#7906). - Remote Podman will no longer use settings from the client's containers.conf; defaults will instead be provided by the server's containers.conf (#7657). - The podman network rm command now has a new alias, podman network remove (#8402). * Bugfixes - Fixed a bug where podman load on the remote client did not error when attempting to load a directory, which is not yet supported for remote use. - Fixed a bug where rootless Podman could hang when the newuidmap binary was not installed (#7776). - Fixed a bug where the --pull option to podman run, podman create, and podman build did not match Docker's behavior. - Fixed a bug where sysctl settings from the containers.conf configuration file were applied, even if the container did not join the namespace associated with a sysctl. - Fixed a bug where Podman would not return the text of errors encounted when trying to run a healthcheck for a container. - Fixed a bug where Podman was accidentally setting the containers environment variable in addition to the expected container environment variable. - Fixed a bug where rootless Podman using CNI networking did not properly clean up DNS entries for removed containers (#7789). - Fixed a bug where the podman untag --all command was not supported with remote Podman. - Fixed a bug where the podman system service command could time out even if active attach connections were present (#7826). - Fixed a bug where the podman system service command would sometimes never time out despite no active connections being present. - Fixed a bug where Podman's handling of capabilities, specifically inheritable, did not match Docker's. - Fixed a bug where podman run would fail if the image specified was a manifest list and had already been pulled (#7798). - Fixed a bug where Podman did not take search registries into account when looking up images locally (#6381). - Fixed a bug where the podman manifest inspect command would fail for images that had already been pulled (#7726). - Fixed a bug where rootless Podman would not add supplemental GIDs to containers when when a user, but not a group, was set via the --user option to podman create and podman run and sufficient GIDs were available to add the groups (#7782). - Fixed a bug where remote Podman commands did not properly handle cases where the user gave a name that could also be a short ID for a pod or container (#7837). - Fixed a bug where podman image prune could leave images ready to be pruned after podman image prune was run (#7872). - Fixed a bug where the podman logs command with the journald log driver would not read all available logs (#7476). - Fixed a bug where the --rm and --restart options to podman create and podman run did not conflict when a restart policy that is not on-failure was chosen (#7878). - Fixed a bug where the --format 'table {{ .Field }}' option to numerous Podman commands ceased to function on Podman v2.0 and up. - Fixed a bug where pods did not properly share an SELinux label between their containers, resulting in containers being unable to see the processes of other containers when the pod shared a PID namespace (#7886). - Fixed a bug where the --namespace option to podman ps did not work with the remote client (#7903). - Fixed a bug where rootless Podman incorrectly calculated the number of UIDs available in the container if multiple different ranges of UIDs were specified. - Fixed a bug where the /etc/hosts file would not be correctly populated for containers in a user namespace (#7490). - Fixed a bug where the podman network create and podman network remove commands could race when run in parallel, with unpredictable results (#7807). - Fixed a bug where the -p option to podman run, podman create, and podman pod create would, when given only a single number (e.g. -p 80), assign the same port for both host and container, instead of generating a random host port (#7947). - Fixed a bug where Podman containers did not properly store the cgroup manager they were created with, causing them to stop functioning after the cgroup manager was changed in containers.conf or with the --cgroup-manager option (#7830). - Fixed a bug where the podman inspect command did not include information on the CNI networks a container was connected to if it was not running. - Fixed a bug where the podman attach command would not print a newline after detaching from the container (#7751). - Fixed a bug where the HOME environment variable was not set properly in containers when the --userns=keep-id option was set (#8004). - Fixed a bug where the podman container restore command could panic when the container in question was in a pod (#8026). - Fixed a bug where the output of the podman image trust show --raw command was not properly formatted. - Fixed a bug where the podman runlabel command could panic if a label to run was not given (#8038). - Fixed a bug where the podman run and podman start --attach commands would exit with an error when the user detached manually using the detach keys on remote Podman (#7979). - Fixed a bug where rootless CNI networking did not use the dnsname CNI plugin if it was not available on the host, despite it always being available in the container used for rootless networking (#8040). - Fixed a bug where Podman did not properly handle cases where an OCI runtime is specified by its full path, and could revert to using another OCI runtime with the same binary path that existed in the system $PATH on subsequent invocations. - Fixed a bug where the --net=host option to podman create and podman run would cause the /etc/hosts file to be incorrectly populated (#8054). - Fixed a bug where the podman inspect command did not include container network information when the container shared its network namespace (IE, joined a pod or another container's network namespace via --net=container:...) (#8073). - Fixed a bug where the podman ps command did not include information on all ports a container was publishing. - Fixed a bug where the podman build command incorrectly forwarded STDIN into build containers from RUN instructions. - Fixed a bug where the podman wait command's --interval option did not work when units were not specified for the duration (#8088). - Fixed a bug where the --detach-keys and --detach options could be passed to podman create despite having no effect (and not making sense in that context). - Fixed a bug where Podman could not start containers if running on a system without a /etc/resolv.conf file (which occurs on some WSL2 images) (#8089). - Fixed a bug where the --extract option to podman cp was nonfunctional. - Fixed a bug where the --cidfile option to podman run would, when the container was not run with --detach, only create the file after the container exited (#8091). - Fixed a bug where the podman images and podman images -a commands could panic and not list any images when certain improperly-formatted images were present in storage (#8148). - Fixed a bug where the podman events command could, when the journald events backend was in use, become nonfunctional when a badly-formatted event or a log message that container certain string was present in the journal (#8125). - Fixed a bug where remote Podman would, when using SSH transport, not authenticate to the server using hostkeys when connecting on a port other than 22 (#8139). - Fixed a bug where the podman attach command would not exit when containers stopped (#8154). - Fixed a bug where Podman did not properly clean paths before verifying them, resulting in Podman refusing to start if the root or temporary directories were specified with extra trailing / characters (#8160). - Fixed a bug where remote Podman did not support hashed hostnames in the known_hosts file on the host for establishing connections (#8159). - Fixed a bug where the podman image exists command would return non-zero (false) when multiple potential matches for the given name existed. - Fixed a bug where the podman manifest inspect command on images that are not manifest lists would error instead of inspecting the image (#8023). - Fixed a bug where the podman system service command would fail if the directory the Unix socket was to be created inside did not exist (#8184). - Fixed a bug where pods that shared the IPC namespace (which is done by default) did not share a /dev/shm filesystem between all containers in the pod (#8181). - Fixed a bug where filters passed to podman volume list were not inclusive (#6765). - Fixed a bug where the podman volume create command would fail when the volume's data directory already existed (as might occur when a volume was not completely removed) (#8253). - Fixed a bug where the podman run and podman create commands would deadlock when trying to create a container that mounted the same named volume at multiple locations (e.g. podman run -v testvol:/test1 -v testvol:/test2) (#8221). - Fixed a bug where the parsing of the --net option to podman build was incorrect (#8322). - Fixed a bug where the podman build command would print the ID of the built image twice when using remote Podman (#8332). - Fixed a bug where the podman stats command did not show memory limits for containers (#8265). - Fixed a bug where the podman pod inspect command printed the static MAC address of the pod in a non-human-readable format (#8386). - Fixed a bug where the --tls-verify option of the podman play kube command had its logic inverted (false would enforce the use of TLS, true would disable it). - Fixed a bug where the podman network rm command would error when trying to remove macvlan networks and rootless CNI networks (#8491). - Fixed a bug where Podman was not setting sane defaults for missing XDG_ environment variables. - Fixed a bug where remote Podman would check if volume paths to be mounted in the container existed on the host, not the server (#8473). - Fixed a bug where the podman manifest create and podman manifest add commands on local images would drop any images in the manifest not pulled by the host. - Fixed a bug where networks made by podman network create did not include the tuning plugin, and as such did not support setting custom MAC addresses (#8385). - Fixed a bug where container healthchecks did not use $PATH when searching for the Podman executable to run the healthcheck. - Fixed a bug where the --ip-range option to podman network create did not properly handle non-classful subnets when calculating the last usable IP for DHCP assignment (#8448). - Fixed a bug where the podman container ps alias for podman ps was missing (#8445). * API - The Compat Create endpoint for Container has received a major refactor to share more code with the Libpod Create endpoint, and should be significantly more stable. - A Compat endpoint for exporting multiple images at once, GET /images/get, has been added (#7950). - The Compat Network Connect and Network Disconnect endpoints have been added. - Endpoints that deal with image registries now support a X-Registry-Config header to specify registry authentication configuration. - The Compat Create endpoint for images now properly supports specifying images by digest. - The Libpod Build endpoint for images now supports an httpproxy query parameter which, if set to true, will forward the server's HTTP proxy settings into the build container for RUN instructions. - The Libpod Untag endpoint for images will now remove all tags for the given image if no repository and tag are specified for removal. - Fixed a bug where the Ping endpoint misspelled a header name (Libpod-Buildha-Version instead of Libpod-Buildah-Version). - Fixed a bug where the Ping endpoint sent an extra newline at the end of its response where Docker did not. - Fixed a bug where the Compat Logs endpoint for containers did not send a newline character after each log line. - Fixed a bug where the Compat Logs endpoint for containers would mangle line endings to change newline characters to add a preceding carriage return (#7942). - Fixed a bug where the Compat Inspect endpoint for Containers did not properly list the container's stop signal (#7917). - Fixed a bug where the Compat Inspect endpoint for Containers formatted the container's create time incorrectly (#7860). - Fixed a bug where the Compat Inspect endpoint for Containers did not include the container's Path, Args, and Restart Count. - Fixed a bug where the Compat Inspect endpoint for Containers prefixed added and dropped capabilities with CAP_ (Docker does not do so). - Fixed a bug where the Compat Info endpoint for the Engine did not include configured registries. - Fixed a bug where the server could panic if a client closed a connection midway through an image pull (#7896). - Fixed a bug where the Compat Create endpoint for volumes returned an error when a volume with the same name already existed, instead of succeeding with a 201 code (#7740). - Fixed a bug where a client disconnecting from the Libpod or Compat events endpoints could result in the server using 100% CPU (#7946). - Fixed a bug where the 'no such image' error message sent by the Compat Inspect endpoint for Images returned a 404 status code with an error that was improperly formatted for Docker compatibility. - Fixed a bug where the Compat Create endpoint for networks did not properly set a default for the driver parameter if it was not provided by the client. - Fixed a bug where the Compat Inspect endpoint for images did not populate the RootFS field of the response. - Fixed a bug where the Compat Inspect endpoint for images would omit the ParentId field if the image had no parent, and the Created field if the image did not have a creation time. - Fixed a bug where the Compat Remove endpoint for Networks did not support the Force query parameter.

• add dependency to timezone package or podman fails to build a
• Correct invalid use of %{_libexecdir} to ensure files should be in /usr/lib

• Update the syscall table for Linux v5.15
• Fix issues with multiplexed syscalls on mipsel introduced in v2.5.2
• Document that seccomp_rule_add() may return -EACCES

• Update the syscall table for Linux v5.14-rc7
• Add a function, get_notify_fd(), to the Python bindings to get the nofication file descriptor.
• Consolidate multiplexed syscall handling for all architectures into one location.
• Add multiplexed syscall support to PPC and MIPS
• The meaning of SECCOMP_IOCTL_NOTIF_ID_VALID changed within the kernel. libseccomp's fd notification logic was modified to support the kernel's previous and new usage of SECCOMP_IOCTL_NOTIF_ID_VALID.

• Fix a bug where seccomp_load() could only be called once
• Change the notification fd handling to only request a notification fd if
• the filter has a _NOTIFY action
• Add documentation about SCMP_ACT_NOTIFY to the seccomp_add_rule(3) manpage
• Clarify the maintainers' GPG keys

• Add support for the seccomp user notifications, see the seccomp_notify_alloc(3), seccomp_notify_receive(3), seccomp_notify_respond(3) manpages for more information
• Add support for new filter optimization approaches, including a balanced tree optimization, see the SCMP_FLTATR_CTL_OPTIMIZE filter attribute for more information
• Add support for the 64-bit RISC-V architecture
• Performance improvements when adding new rules to a filter thanks to the use of internal shadow transactions and improved syscall lookup tables
• Properly document the libseccomp API return values and include them in the stable API promise
• Improvements to the s390 and s390x multiplexed syscall handling
• Multiple fixes and improvements to the libseccomp manpages
• Moved from manually maintained syscall tables to an automatically generated syscall table in CSV format
• Update the syscall tables to Linux v5.8.0-rc5
• Python bindings and build now default to Python 3.x
• Improvements to the tests have boosted code coverage to over 93%

• Add list of authorized release signatures to README.md
• Fix multiplexing issue with s390/s390x shm* syscalls
• Remove the static flag from libseccomp tools compilation
• Add define for __SNR_ppoll
• Fix potential memory leak identified by clang in the scmp_bpf_sim tool

• Add support for io-uring related system calls

• common 0.44.0
• image 5.16.0
• podman 3.3.1
• storage 1.36.0

This update for sudo fixes the following issues:

• Add support in the LDAP filter for negated users (jsc#SLE-20068)
• Restrict use of sudo -U other -l to people who have permission to run commands as that user (bsc#1181703, jsc#SLE-22569)

This update for expat fixes the following issues:

• CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025).
• CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026).
• CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168).
• CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169).
• CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171).

This update for gnutls fixes the following issues:

• CVE-2021-4209: Fixed null pointer dereference in MD_UPDATE (bsc#1196167).

This update for containerd fixes the following issues:

• CVE-2022-23648: A specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host (bsc#1196441).

This security update for libeconf, shadow and util-linux fix the following issues:
libeconf:

• Add libeconf to SLE-Module-Basesystem_15-SP3 because needed by 'util-linux' and 'shadow' to fix autoyast handling of security related parameters (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402)

• Reading numbers with different bases (e.g. oktal) (bsc#1193632) (#157)
• Fixed different issues while writing string values to file.
• Writing comments to file too.
• Fixed crash while merging values.
• Added econftool cat option (#146)
• new API call: econf_readDirsHistory (showing ALL locations)
• new API call: econf_getPath (absolute path of the configuration file)
• Man pages libeconf.3 and econftool.8.
• Handling multiline strings.
• Added libeconf_ext which returns more information like line_nr, comments, path of the configuration file,...
• Econftool, an command line interface for handling configuration files.
• Generating HTML API documentation with doxygen.
• Improving error handling and semantic file check.
• Joining entries with the same key to one single entry if env variable ECONF_JOIN_SAME_ENTRIES has been set.

• The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402)

• The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402)
• Allow use of larger values for start sector to prevent `blockdev --report` aborting (bsc#1188507)
• Fixed `blockdev --report` using non-space characters as a field separator (bsc#1188507)
• CVE-2021-3995: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976)
• CVE-2021-3996: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976)

This update for vim fixes the following issues:

• CVE-2022-0318: Fixed heap-based buffer overflow (bsc#1195004).
• CVE-2021-3796: Fixed use-after-free in nv_replace() in normal.c (bsc#1190570).
• CVE-2021-3872: Fixed heap-based buffer overflow in win_redr_status() drawscreen.c (bsc#1191893).
• CVE-2021-3927: Fixed heap-based buffer overflow (bsc#1192481).
• CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478).
• CVE-2021-4019: Fixed heap-based buffer overflow (bsc#1193294).
• CVE-2021-3984: Fixed illegal memory access when C-indenting could have led to heap buffer overflow (bsc#1193298).
• CVE-2021-3778: Fixed heap-based buffer overflow in regexp_nfa.c (bsc#1190533).
• CVE-2021-4193: Fixed out-of-bounds read (bsc#1194216).
• CVE-2021-46059: Fixed pointer dereference vulnerability via the vim_regexec_multi function at regexp.c (bsc#1194556).
• CVE-2022-0319: Fixded out-of-bounds read (bsc#1195066).
• CVE-2022-0351: Fixed uncontrolled recursion in eval7() (bsc#1195126).
• CVE-2022-0361: Fixed buffer overflow (bsc#1195126).
• CVE-2022-0413: Fixed use-after-free in src/ex_cmds.c (bsc#1195356).

This update for cyrus-sasl fixes the following issues:

• CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036).

• postfix: sasl authentication with password fails (bsc#1194265).

The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.

Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated.
The following security bugs were fixed:

• CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580).
• CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580).
• CVE-2022-0847: Fixed a vulnerability were a local attackers could overwrite data in arbitrary (read-only) files (bsc#1196584).
• CVE-2022-25375: The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory (bnc#1196235 ).
• CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543).
• CVE-2022-0516: Fixed missing check in ioctl related to KVM in s390 allows kernel memory read/write (bsc#1195516).

• ACPI/IORT: Check node revision for PMCG resources (git-fixes).
• ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220 quirks (git-fixes).
• ALSA: hda/realtek: Add quirk for ASUS GU603 (git-fixes).
• ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after reboot from Windows (git-fixes).
• ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer chipset) (git-fixes).
• ALSA: hda: Fix missing codec probe on Shenker Dock 15 (git-fixes).
• ALSA: hda: Fix regression on forced probe mask option (git-fixes).
• ASoC: Revert 'ASoC: mediatek: Check for error clk pointer' (git-fixes).
• ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw() (git-fixes).
• ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range() (git-fixes).
• ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() (git-fixes).
• ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() (git-fixes).
• ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() (git-fixes).
• Align s390 NVME target options with other architectures (bsc#1188404, jsc#SLE-22494).
• Drop PCI xgene patch that caused a regression for mxl4 (bsc#1195352)
• EDAC/xgene: Fix deferred probing (bsc#1178134).
• HID:Add support for UGTABLET WP5540 (git-fixes).
• IB/cma: Do not send IGMP leaves for sendonly Multicast groups (git-fixes).
• IB/hfi1: Fix AIP early init panic (jsc#SLE-13208).
• KVM: remember position in kvm->vcpus array (bsc#1190972 LTC#194674).
• NFSD: Fix the behavior of READ near OFFSET_MAX (bsc#1195957).
• PM: hibernate: Remove register_nosave_region_late() (git-fixes).
• PM: s2idle: ACPI: Fix wakeup interrupts handling (git-fixes).
• RDMA/cma: Use correct address when leaving multicast group (bsc#1181147).
• RDMA/core: Always release restrack object (git-fixes)
• RDMA/cxgb4: check for ipv6 address properly while destroying listener (git-fixes)
• RDMA/siw: Release xarray entry (git-fixes)
• RDMA/ucma: Protect mc during concurrent multicast leaves (bsc#1181147).
• USB: serial: ch341: add support for GW Instek USB2.0-Serial devices (git-fixes).
• USB: serial: cp210x: add CPI Bulk Coin Recycler id (git-fixes).
• USB: serial: cp210x: add NCR Retail IO box id (git-fixes).
• USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320 (git-fixes).
• USB: serial: mos7840: remove duplicated 0xac24 device ID (git-fixes).
• USB: serial: option: add ZTE MF286D modem (git-fixes).
• ata: libata-core: Disable TRIM on M88V29 (git-fixes).
• ax25: improve the incomplete fix to avoid UAF and NPD bugs (git-fixes).
• blk-mq: always allow reserved allocation in hctx_may_queue (bsc#1193787).
• blk-mq: avoid to iterate over stale request (bsc#1193787).
• blk-mq: clear stale request in tags->rq before freeing one request pool (bsc#1193787).
• blk-mq: clearing flush request reference in tags->rqs (bsc#1193787).
• blk-mq: do not grab rq's refcount in blk_mq_check_expired() (bsc#1193787 git-fixes).
• blk-mq: fix is_flush_rq (bsc#1193787 git-fixes).
• blk-mq: fix kernel panic during iterating over flush request (bsc#1193787 git-fixes).
• blk-mq: grab rq->refcount before calling ->fn in blk_mq_tagset_busy_iter (bsc#1193787).
• blk-mq: mark flush request as IDLE in flush_end_io() (bsc#1193787).
• blk-tag: Hide spin_lock (bsc#1193787).
• block: avoid double io accounting for flush request (bsc#1193787).
• block: do not send a rezise udev event for hidden block device (bsc#1193096).
• block: mark flush request as IDLE when it is really finished (bsc#1193787).
• bonding: pair enable_port with slave_arr_updates (git-fixes).
• bpf: Adjust BTF log size limit (git-fixes).
• bpf: Disallow BPF_LOG_KERNEL log level for bpf(BPF_BTF_LOAD) (git-fixes).
• btrfs: check for missing device in btrfs_trim_fs (bsc#1195701).
• btrfs: check worker before need_preemptive_reclaim (bsc#1196195).
• btrfs: do not do preemptive flushing if the majority is global rsv (bsc#1196195).
• btrfs: do not include the global rsv size in the preemptive used amount (bsc#1196195).
• btrfs: handle preemptive delalloc flushing slightly differently (bsc#1196195).
• btrfs: make sure SB_I_VERSION does not get unset by remount (bsc#1192210).
• btrfs: only clamp the first time we have to start flushing (bsc#1196195).
• btrfs: only ignore delalloc if delalloc is much smaller than ordered (bsc#1196195).
• btrfs: reduce the preemptive flushing threshold to 90% (bsc#1196195).
• btrfs: take into account global rsv in need_preemptive_reclaim (bsc#1196195).
• btrfs: use the global rsv size in the preemptive thresh calculation (bsc#1196195).
• ceph: properly put ceph_string reference after async create attempt (bsc#1195798).
• ceph: set pool_ns in new inode layout for async creates (bsc#1195799).
• drm/amdgpu: fix logic inversion in check (git-fixes).
• drm/i915/gvt: Make DRM_I915_GVT depend on X86 (git-fixes).
• drm/i915/gvt: clean up kernel-doc in gtt.c (git-fixes).
• drm/i915/opregion: check port number bounds for SWSCI display power state (git-fixes).
• drm/i915: Correctly populate use_sagv_wm for all pipes (git-fixes).
• drm/i915: Fix bw atomic check when switching between SAGV vs. no SAGV (git-fixes).
• drm/panel: simple: Assign data from panel_dpi_probe() correctly (git-fixes).
• drm/radeon: Fix backlight control on iMac 12,1 (git-fixes).
• drm/rockchip: dw_hdmi: Do not leave clock enabled in error case (git-fixes).
• drm/rockchip: vop: Correct RK3399 VOP register fields (git-fixes).
• drm/vc4: hdmi: Allow DBLCLK modes even if horz timing is odd (git-fixes).
• drm: panel-orientation-quirks: Add quirk for the 1Netbook OneXPlayer (git-fixes).
• ext4: check for inconsistent extents between index and leaf block (bsc#1194163 bsc#1196339).
• ext4: check for out-of-order index extents in ext4_valid_extent_entries() (bsc#1194163 bsc#1196339).
• ext4: prevent partial update of the extent blocks (bsc#1194163 bsc#1196339).
• gve: Add RX context (bsc#1191655).
• gve: Add a jumbo-frame device option (bsc#1191655).
• gve: Add consumed counts to ethtool stats (bsc#1191655).
• gve: Add optional metadata descriptor type GVE_TXD_MTD (bsc#1191655).
• gve: Correct order of processing device options (bsc#1191655).
• gve: Fix GFP flags when allocing pages (git-fixes).
• gve: Fix off by one in gve_tx_timeout() (bsc#1191655).
• gve: Implement packet continuation for RX (bsc#1191655).
• gve: Implement suspend/resume/shutdown (bsc#1191655).
• gve: Move the irq db indexes out of the ntfy block struct (bsc#1191655).
• gve: Recording rx queue before sending to napi (bsc#1191655).
• gve: Recover from queue stall due to missed IRQ (bsc#1191655).
• gve: Update gve_free_queue_page_list signature (bsc#1191655).
• gve: Use kvcalloc() instead of kvzalloc() (bsc#1191655).
• gve: fix for null pointer dereference (bsc#1191655).
• gve: fix the wrong AdminQ buffer queue index check (bsc#1176940).
• gve: fix unmatched u64_stats_update_end() (bsc#1191655).
• gve: remove memory barrier around seqno (bsc#1191655).
• i2c: brcmstb: fix support for DSL and CM variants (git-fixes).
• i40e: Fix for failed to init adminq while VF reset (git-fixes).
• i40e: Fix issue when maximum queues is exceeded (git-fixes).
• i40e: Fix queues reservation for XDP (git-fixes).
• i40e: Increase delay to 1 s after global EMP reset (git-fixes).
• i40e: fix unsigned stat widths (git-fixes).
• ibmvnic: Allow queueing resets during probe (bsc#1196516 ltc#196391).
• ibmvnic: clear fop when retrying probe (bsc#1196516 ltc#196391).
• ibmvnic: complete init_done on transport events (bsc#1196516 ltc#196391).
• ibmvnic: define flush_reset_queue helper (bsc#1196516 ltc#196391).
• ibmvnic: do not release napi in __ibmvnic_open() (bsc#1195668 ltc#195811).
• ibmvnic: free reset-work-item when flushing (bsc#1196516 ltc#196391).
• ibmvnic: init init_done_rc earlier (bsc#1196516 ltc#196391).
• ibmvnic: initialize rc before completing wait (bsc#1196516 ltc#196391).
• ibmvnic: register netdev after init of adapter (bsc#1196516 ltc#196391).
• ibmvnic: schedule failover only if vioctl fails (bsc#1196400 ltc#195815).
• ice: fix IPIP and SIT TSO offload (git-fixes).
• ice: fix an error code in ice_cfg_phy_fec() (jsc#SLE-12878).
• ima: Allow template selection with ima_template[_fmt]= after ima_hash= (git-fixes).
• ima: Do not print policy rule with inactive LSM labels (git-fixes).
• ima: Remove ima_policy file before directory (git-fixes).
• integrity: Make function integrity_add_key() static (git-fixes).
• integrity: check the return value of audit_log_start() (git-fixes).
• integrity: double check iint_cache was initialized (git-fixes).
• iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() (git-fixes).
• iommu/amd: Remove useless irq affinity notifier (git-fixes).
• iommu/amd: Restore GA log/tail pointer on host resume (git-fixes).
• iommu/amd: X2apic mode: mask/unmask interrupts on suspend/resume (git-fixes).
• iommu/amd: X2apic mode: re-enable after resume (git-fixes).
• iommu/amd: X2apic mode: setup the INTX registers on mask/unmask (git-fixes).
• iommu/io-pgtable-arm-v7s: Add error handle for page table allocation failure (git-fixes).
• iommu/io-pgtable-arm: Fix table descriptor paddr formatting (git-fixes).
• iommu/iova: Fix race between FQ timeout and teardown (git-fixes).
• iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() (git-fixes).
• iwlwifi: fix use-after-free (git-fixes).
• iwlwifi: pcie: fix locking when 'HW not ready' (git-fixes).
• iwlwifi: pcie: gen2: fix locking when 'HW not ready' (git-fixes).
• ixgbevf: Require large buffers for build_skb on 82599VF (git-fixes).
• kABI fixup after adding vcpu_idx to struct kvm_cpu (bsc#1190972 LTC#194674).
• kABI: Fix kABI for AMD IOMMU driver (git-fixes).
• kabi: Hide changes to s390/AP structures (jsc#SLE-20807).
• lib/iov_iter: initialize 'flags' in new pipe_buffer (bsc#1196584).
• libsubcmd: Fix use-after-free for realloc(..., 0) (git-fixes).
• md/raid5: fix oops during stripe resizing (bsc#1181588).
• misc: fastrpc: avoid double fput() on failed usercopy (git-fixes).
• mmc: sdhci-of-esdhc: Check for error num after setting mask (git-fixes).
• mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status (git-fixes).
• mtd: rawnand: gpmi: do not leak PM reference in error path (git-fixes).
• mtd: rawnand: qcom: Fix clock sequencing in qcom_nandc_probe() (git-fixes).
• net/ibmvnic: Cleanup workaround doing an EOI after partition migration (bsc#1089644 ltc#166495 ltc#165544 git-fixes).
• net/mlx5e: Fix handling of wrong devices during bond netevent (jsc#SLE-15172).
• net: macb: Align the dma and coherent dma masks (git-fixes).
• net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE (bsc#1176447).
• net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs (git-fixes).
• net: phy: marvell: Fix RGMII Tx/Rx delays setting in 88e1121-compatible PHYs (git-fixes).
• net: phy: marvell: configure RGMII delays for 88E1118 (git-fixes).
• net: usb: qmi_wwan: Add support for Dell DW5829e (git-fixes).
• nfp: flower: fix ida_idx not being released (bsc#1154353).
• nfsd: allow delegation state ids to be revoked and then freed (bsc#1192483).
• nfsd: allow lock state ids to be revoked and then freed (bsc#1192483).
• nfsd: allow open state ids to be revoked and then freed (bsc#1192483).
• nfsd: do not admin-revoke NSv4.0 state ids (bsc#1192483).
• nfsd: prepare for supporting admin-revocation of state (bsc#1192483).
• nvme-fabrics: fix state check in nvmf_ctlr_matches_baseopts() (bsc#1195012).
• nvme: also mark passthrough-only namespaces ready in nvme_update_ns_info (git-fixes).
• nvme: do not return an error from nvme_configure_metadata (git-fixes).
• nvme: let namespace probing continue for unsupported features (git-fixes).
• powerpc/64: Move paca allocation later in boot (bsc#1190812).
• powerpc/64s: Fix debugfs_simple_attr.cocci warnings (bsc#1157038 bsc#1157923 ltc#182612 git-fixes).
• powerpc/pseries/ddw: Revert 'Extend upper limit for huge DMA window for persistent memory' (bsc#1195995 ltc#196394).
• powerpc/pseries: read the lpar name from the firmware (bsc#1187716 ltc#193451).
• powerpc: Set crashkernel offset to mid of RMA region (bsc#1190812).
• powerpc: add link stack flush mitigation status in debugfs (bsc#1157038 bsc#1157923 ltc#182612 git-fixes).
• s390/AP: support new dynamic AP bus size limit (jsc#SLE-20807).
• s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant (git-fixes).
• s390/bpf: Fix optimizing out zero-extensions (git-fixes).
• s390/cio: make ccw_device_dma_* more robust (bsc#1193243 LTC#195549).
• s390/cio: verify the driver availability for path_event call (bsc#1195928 LTC#196418).
• s390/cpumf: Support for CPU Measurement Facility CSVN 7 (bsc#1195081 LTC#196088).
• s390/cpumf: Support for CPU Measurement Sampling Facility LS bit (bsc#1195081 LTC#196088).
• s390/pci: add s390_iommu_aperture kernel parameter (bsc#1193233 LTC#195540).
• s390/pci: move pseudo-MMIO to prevent MIO overlap (bsc#1194967 LTC#196028).
• s390/protvirt: fix error return code in uv_info_init() (jsc#SLE-22135).
• s390/sclp: fix Secure-IPL facility detection (bsc#1191741 LTC#194816).
• s390/uv: add prot virt guest/host indication files (jsc#SLE-22135).
• s390/uv: fix prot virt host indication compilation (jsc#SLE-22135).
• scsi: core: Add a new error code DID_TRANSPORT_MARGINAL in scsi.h (bsc#1195506).
• scsi: core: Add limitless cmd retry support (bsc#1195506).
• scsi: core: No retries on abort success (bsc#1195506).
• scsi: kABI fix for 'eh_should_retry_cmd' (bsc#1195506).
• scsi: lpfc: Add support for eh_should_retry_cmd() (bsc#1195506).
• scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (bsc#1189126).
• scsi: qla2xxx: Add devids and conditionals for 28xx (bsc#1195823).
• scsi: qla2xxx: Add marginal path handling support (bsc#1195506).
• scsi: qla2xxx: Add ql2xnvme_queues module param to configure number of NVMe queues (bsc#1195823).
• scsi: qla2xxx: Add qla2x00_async_done() for async routines (bsc#1195823).
• scsi: qla2xxx: Add retry for exec firmware (bsc#1195823).
• scsi: qla2xxx: Check for firmware dump already collected (bsc#1195823).
• scsi: qla2xxx: Fix T10 PI tag escape and IP guard options for 28XX adapters (bsc#1195823).
• scsi: qla2xxx: Fix device reconnect in loop topology (bsc#1195823).
• scsi: qla2xxx: Fix premature hw access after PCI error (bsc#1195823).
• scsi: qla2xxx: Fix scheduling while atomic (bsc#1195823).
• scsi: qla2xxx: Fix stuck session in gpdb (bsc#1195823).
• scsi: qla2xxx: Fix unmap of already freed sgl (bsc#1195823).
• scsi: qla2xxx: Fix warning for missing error code (bsc#1195823).
• scsi: qla2xxx: Fix warning message due to adisc being flushed (bsc#1195823).
• scsi: qla2xxx: Fix wrong FDMI data for 64G adapter (bsc#1195823).
• scsi: qla2xxx: Implement ref count for SRB (bsc#1195823).
• scsi: qla2xxx: Refactor asynchronous command initialization (bsc#1195823).
• scsi: qla2xxx: Remove a declaration (bsc#1195823).
• scsi: qla2xxx: Remove unused qla_sess_op_cmd_list from scsi_qla_host_t (bsc#1195823).
• scsi: qla2xxx: Return -ENOMEM if kzalloc() fails (bsc#1195823).
• scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() (bsc#1195823).
• scsi: qla2xxx: Update version to 10.02.07.200-k (bsc#1195823).
• scsi: qla2xxx: Update version to 10.02.07.300-k (bsc#1195823).
• scsi: qla2xxx: edif: Fix clang warning (bsc#1195823).
• scsi: qla2xxx: edif: Fix inconsistent check of db_flags (bsc#1195823).
• scsi: qla2xxx: edif: Reduce connection thrash (bsc#1195823).
• scsi: qla2xxx: edif: Replace list_for_each_safe with list_for_each_entry_safe (bsc#1195823).
• scsi: qla2xxx: edif: Tweak trace message (bsc#1195823).
• scsi: scsi_transport_fc: Add a new rport state FC_PORTSTATE_MARGINAL (bsc#1195506).
• scsi: scsi_transport_fc: Add store capability to rport port_state in sysfs (bsc#1195506).
• scsi: target: iscsi: Fix cmd abort fabric stop race (bsc#1195286).
• scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices (bsc#1195378 LTC#196244).
• scsi_transport_fc: kabi fix blank out FC_PORTSTATE_MARGINAL (bsc#1195506).
• staging/fbtft: Fix backlight (git-fixes).
• staging: fbtft: Fix error path in fbtft_driver_module_init() (git-fixes).
• tracing: Do not inc err_log entry count if entry allocation fails (git-fixes).
• tracing: Dump stacktrace trigger to the corresponding instance (git-fixes).
• tracing: Fix smatch warning for null glob in event_hist_trigger_parse() (git-fixes).
• tracing: Have traceon and traceoff trigger honor the instance (git-fixes).
• tracing: Propagate is_signed to expression (git-fixes).
• usb: dwc2: Fix NULL qh in dwc2_queue_transaction (git-fixes).
• usb: dwc2: gadget: do not try to disable ep0 in dwc2_hsotg_suspend (git-fixes).
• usb: dwc3: do not set gadget->is_otg flag (git-fixes).
• usb: dwc3: gadget: Prevent core from processing stale TRBs (git-fixes).
• usb: f_fs: Fix use-after-free for epfile (git-fixes).
• usb: gadget: f_uac2: Define specific wTerminalType (git-fixes).
• usb: gadget: rndis: check size of RNDIS_MSG_SET command (git-fixes).
• usb: gadget: s3c: remove unused 'udc' variable (git-fixes).
• usb: gadget: udc: renesas_usb3: Fix host to USB_ROLE_NONE transition (git-fixes).
• usb: host: ehci-tegra: Fix error handling in tegra_ehci_probe() (git-fixes).
• usb: ulpi: Call of_node_put correctly (git-fixes).
• usb: ulpi: Move of_node_put to ulpi_dev_release (git-fixes).

This update for libseccomp fixes the following issues:

• Check if we have NR_openat2, avoid using its definition when not (bsc#1196825), this fixes build of systemd.

This update for tcpdump fixes the following issues:

• CVE-2018-16301: Fixed segfault when handling large files (bsc#1195825).

This update for pciutils fixes the following issues:

• Report the theoretical speeds for PCIe 5.0 and 6.0 (bsc#1192862)

This update for openldap2 fixes the following issue:

• restore CLDAP functionality in CLI tools (jsc#PM-3288)

This update for libzypp, zypper fixes the following issues:

• Fix handling of redirected command in-/output (bsc#1195326) This fixes delays at the end of zypper operations, where zypper unintentionally waits for appdata plugin scripts to complete.

This update for update-alternatives fixes the following issues:

• Break bash - update-alternatives cycle rewrite of '%post' in 'lua'. (bsc#1195654)

This update for suse-build-key fixes the following issues:

• The old SUSE PTF key was extended, but also move it to suse_ptf_key_old.asc (as it is a DSA1024 key).
• Added a new SUSE PTF key with RSA2048 bit as suse_ptf_key.asc (bsc#1196494)
• Extended the expiry of SUSE Linux Enterprise 11 key (bsc#1194845)
• Added SUSE Container signing key in PEM format for use e.g. by cosign.
• The SUSE security key was replaced with 2022 edition (E-Mail usage only). (bsc#1196495)

SUSE-IU-2022:282-1

This update for glibc fixes the following issues:

• Add support for livepatches on x86_64 for SUSE Linux Enterprise 15 SP4 (jsc#SLE-20049).

This update for boost fixes the following issues:

• Fix compilation errors (bsc#1194522)

This update for google-guest-agent, google-guest-configs, google-guest-oslogin, google-osconfig-agent contains the following fixes:
Changes in google-guest-agent:

• Update to version 20211116.00 (bsc#1193257, bsc#1193258) * dont duplicate logs (#146) * Add WantedBy network dependencies to google-guest-agent service (#136) * dont try dhcpv6 when not needed (#145) * Integration tests: instance setup (#143) * Integration test: test create and remove google user (#128) * handle comm errors in script runner (#140) * enforce script ordering (#138) * enable ipv6 on secondary interfaces (#133)
• from version 20211103.00 * Integration tests: instance setup (#143)
• from version 20211027.00 * Integration test: test create and remove google user (#128)

• Update to version 20211019.00 * handle comm errors in script runner (#140)
• from version 20211015.00 * enforce script ordering (#138)
• from version 20211014.00 * enable ipv6 on secondary interfaces (#133)
• from version 20211013.00 * dont open ssh tempfile exclusively (#137)
• from version 20211011.00 * correct linux startup script order (#135) * Emit sshable attribute (#123)
• from version 20210908.1 * restore line (#127)
• from version 20210908.00 * New integ test (#124)
• from version 20210901.00 * support enable-oslogin-sk key (#120) * match script logging to guest agent (#125)
• from version 20210804.00 * Debug logging (#122)
• Refresh patches for new version * dont_overwrite_ifcfg.patch

• Build with go1.15 for reproducible build results (bsc#1102408)

• Update to version 20210707.00 * Use IP address for calling the metadata server. (#116)
• from version 20210629.00 * use IP for MDS (#115)

• Update to version 20210603.00 * systemd-notify in agentInit (#113) * dont check status (#112)
• from version 20210524.00 * more granular service restarts (#111)
• from version 20210414.00 * (no functional changes)

• Add missing pkg-config dependency to BuildRequires for SLE-12

• Install modprobe configuration files into /etc again on SLE-15-SP2 and older since that's stil the default location on these distributions
• Probe udev directory using the 'udevdir' pkg-config variable on SLE-15-SP2 and older since the variable got renamed to 'udev_dir' in later versions
• Remove redundant pkgconfig(udev) from BuildRequires for SLE-12

• Update to version 20211116.00 (bsc#1193257, bsc#1193258) * GCE supports up to 24 NVMe local SSDs, but the regex in the PROGRAM field only looks for the last digit of the given string causing issues when there are >= 10 local SSDs. Changed REGEX to get the last number of the string instead to support the up to 24 local SSDs. (#30) * chmod+x google_nvme_id on EL (#31)
• Fix duplicate installation of google_optimize_local_ssd and google_set_multiqueue
• Install google_nvme_id into /usr/lib/udev (bsc#1192652, bsc#1192653)

• Update to version 20210916.00 * Revert 'dont set IP in etc/hosts; remove rsyslog (#26)' (#28)
• from version 20210831.00 * restore rsyslog (#27)
• from version 20210830.00 * Fix NVMe partition names (#25)
• from version 20210824.00 * dont set IP in etc/hosts; remove rsyslog (#26) * update OWNERS

• Use %_modprobedir for modprobe.d files (out of /etc)
• Use %_sysctldir for sysctl.d files (out of /etc)

• Update to version 20210702.00 * use grep for hostname check (#23)
• from version 20210629.00 * address set_hostname vuln (#22)
• from version 20210324.00 * dracut.conf wants spaces around values (#19)

• Update to version 20211013.00 (bsc#1193257, bsc#1193258) * remove deprecated binary (#79)
• from version 20211001.00 * no message if no groups (#78)
• from version 20210907.00 * use sigaction for signals (#76)
• from version 20210906.00 * include cstdlib for exit (#75) * catch SIGPIPE in authorized_keys (#73)
• from version 20210805.00 * fix double free in ParseJsonToKey (#70)
• from version 20210804.00 * fix packaging for authorized_keys_sk (#68) * add authorized_keys_sk (#66)
• Add google_authorized_keys_sk to %files section
• Remove google_oslogin_control from %files section

• Update to version 20211117.00 (bsc#1193257, bsc#1193258) * Add retry logic for RegisterAgent (#404)
• from version 20211111.01 * e2e_test: drop ubuntu 1604 image as its EOL (#403)
• from version 20211111.00 * e2e_test: move to V1 api for OSPolicies (#397)
• from version 20211102.00 * Fix context logging and fix label names (#400)
• from version 20211028.00 * Add cloudops example for gcloud (#399)

• Update to version 20211021.00 * Added patch report logging for Zypper. (#395)
• from version 20211012.00 * Replace deprecated instance filters with the new filters (#394)
• from version 20211006.00 * Added patch report log messages for Yum and Apt (#392)
• from version 20210930.00 * Config: Add package info caching (#391)
• from version 20210928.00 * Fixed the runWithPty function to set ctty to child's filedesc (#389)
• from version 20210927.00 * e2e_tests: fix a test output mismatch (#390)
• from version 20210924.00 * Fix some e2e test failures (#388)
• from version 20210923.02 * Correctly check for folder existance in package upgrade (#387)
• from version 20210923.01 * ReportInventory: Fix bug in deb/rpm inventory, reduce calls to append (#386)
• from version 20210923.00 * Deprecate old config directory in favor of new cache directory (#385)
• from version 20210922.02 * Fix rpm/deb package formating for inventory reporting (#384)
• from version 20210922.01 * Add centos stream rocky linux and available package tests (#383)
• from version 20210922.00 * Add more info logs, actually cleanup unmanaged repos (#382)
• from version 20210901.00 * Add E2E tests for Windows Application (#379) * Return lower-case package name (#377) * Update Terraform scripts for multi-project deployments tutorial. (#378)
• from version 20210811.00 * Support Windows Application Inventory (#371)
• from version 20210723.00 * Send basic inventory with RegisterAgent (#373)
• from version 20210722.1 * e2e_tests: move to manually generated osconfig library (#372)
• from version 20210722.00 * Create OWNERS file for examples directory (#368)
• from version 20210719.00 * Update Zypper patch info parsing (#370)

• Build with go1.15 for reproducible build results (bsc#1102408)

• Update to version 20210712.1 * Skip getting patch info when no patches are found. (#369)
• from version 20210712.00 * Add Terraform scripts for multi-project deployments (#367)
• from version 20210709.00 * Add examples/Terraform directory. (#366)
• from version 20210707.00 * Fix bug in printing packages to update, return error for zypper patch (#365)
• from version 20210629.00 * Add CloudOps examples for CentOS (#364)

• Update to version 20210621.00 * chore: Fixing a comment. (#363)
• from version 20210617.00 * Use exec.CommandContext so that canceling the context also kills any running processes (#362)
• from version 20210608.1 * e2e_tests: point to official osconfig client library (#359)
• from version 20210608.00 * e2e_tests: deflake tests (#358)
• from version 20210607.00 * Fix build on some architectures (#357)
• from version 20210603.00 * Create win-validation-powershell.yaml (#356)
• from version 20210602.00 * Agent efficiency improvements/bugfixes/logging updates (#355) * e2e_tests: add tests for ExecResource output (#354)
• from version 20210525.00 * Run fieldalignment on all structs (#353)
• from version 20210521.00 * Config Task: add error message and ExecResource output recording (#350) * e2e_tests: remove Windows server 1909 and add server 20h2 (#352) * Added a method for logging structured data (#349)

This update for wicked fixes the following issues:

• Fix device rename issue when done via Yast2 (bsc#1194392)
• Prepare RPM packaging for migration of dbus configuration files from /etc to /usr, however this change does not affect SUSE Linux Enterprise 15 Service Pack 3 (bsc#1183407,jsc#SLE-9750)
• Parse sysctl files in the correct order
• Fix sysctl values for loopback device (bsc#1181163, bsc#1178357)
• Add option for dhcp4 to set route pref-src to dhcp IP (bsc#1192353)
• Cleanup warnings, time calculations and add dhcp fixes to reduce resource usage (bsc#1188019)
• Avoid sysfs attribute read error when the kernel has already deleted the TUN/TAP interface (bsc#1192311)
• Fix warning in `ifstatus` about unexpected interface flag combination (bsc#1192164)
• Fix `ifstatus` not to show link as 'up' when interface is not running
• Make firewalld zone assignment permanent (bsc#1189560)
• Initial fixes for dracut integration and improved option handling (bsc#1182227)
• Fix `nanny` to identify node owner exit condition
• Add `ethtool --get-permanent-address` option in the client
• Reconnect on unexpected wpa_supplicant restart (bsc#1183495)
• Migrate wireless to wpa-supplicant v1 DBus interface (bsc#1156920)
• Support multiple wireless networks configurations per interface
• Show wireless connection status and scan-results (bsc#1160654)
• Fix eap-tls,ttls cetificate handling and fix open vs. shared wep,open,psk,eap-tls,ttls,peap parsing from ifcfg (bsc#1057592)
• Updated `man ifcfg-wireless` manual pages

This update for dracut fixes the following issues:

• Fix(network): consistent use of '$gw' for gateway (bsc#1192685)
• Fix(install): handle builtin modules (bsc#1194716)

This update for glibc fixes the following issues:

• CVE-2021-3999: Fixed incorrect errno in getcwd (bsc#1194640)
• CVE-2022-23219: Fixed buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768)
• CVE-2022-23218: Fixed buffer overflow in sunrpc svcunix_create (bsc#1194770)

• IBM Power 10 string operation improvements (bsc#1194785, jsc#SLE-18195)

This update for xen fixes the following issues:

• CVE-2022-23033: Fixed guest_physmap_remove_page not removing the p2m mappings. (XSA-393) (bsc#1194576)
• CVE-2022-23034: Fixed possible DoS by a PV guest Xen while unmapping a grant. (XSA-394) (bsc#1194581)
• CVE-2022-23035: Fixed insufficient cleanup of passed-through device IRQs. (XSA-395) (bsc#1194588)

This update for containerd, docker fixes the following issues:

• CVE-2021-41089: Fixed 'cp' can chmod host files (bsc#1191015).
• CVE-2021-41091: Fixed flaw that could lead to data directory traversal in moby (bsc#1191434).
• CVE-2021-41092: Fixed exposed user credentials with a misconfigured configuration file (bsc#1191334).
• CVE-2021-41103: Fixed file access to local users in containerd (bsc#1191121).
• CVE-2021-41190: Fixed OCI manifest and index parsing confusion (bsc#1193273).

This update for coreutils fixes the following issues:

• Add 'fuse.portal' as a dummy file system (used in flatpak implementations) (bsc#1189152).

The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various a regression bugfix.
The following non-security bugs were fixed:

• drm/radeon: fix error handling in radeon_driver_open_kms that could lead to non-booting systems with Radeon cards (bsc#1195142).

This update for systemd fixes the following issues:

• disable DNSSEC until the following issue is solved: https://github.com/systemd/systemd/issues/10579
• disable fallback DNS servers and fail when no DNS server info could be obtained from the links.
• DNSSEC support requires openssl therefore document this build dependency in systemd-network sub-package.
• Improve warning messages (bsc#1193086).

This update for libzypp fixes the following issues:

• RepoManager: remember execution errors in exception history (bsc#1193007)
• Fix exception handling when reading or writing credentials (bsc#1194898)
• Fix install path for parser (bsc#1194597)
• Fix Legacy include (bsc#1194597)
• Public header files on older distros must use c++11 (bsc#1194597)
• Use the default zypp.conf settings if no zypp.conf exists (bsc#1193488)
• Fix wrong encoding of URI compontents of ISO images (bsc#954813)
• When invoking 32bit mode in userland of an aarch64 kernel, handle armv8l as armv7hl compatible
• Introduce zypp-curl as a sublibrary for CURL related code
• zypp-rpm: Increase rpm loglevel if ZYPP_RPM_DEBUG is set
• Save all signatures associated with a public key in its PublicKeyData

• CVE-2021-44141: Information leak via symlinks of existance of files or directories outside of the exported share; (bso#14911); (bsc#1193690);
• CVE-2021-44142: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution; (bso#14914); (bsc#1194859);
• CVE-2022-0336: Samba AD users with permission to write to an account can impersonate arbitrary services; (bso#14950); (bsc#1195048);

• Duplicate SMB file_ids leading to Windows client cache poisoning; (bso#14928);
• Failed to parse NTLMv2_RESPONSE length 95 - Buffer Size Error - NT_STATUS_BUFFER_TOO_SMALL; (bso#14932);
• kill_tcp_connections does not work; (bso#14934);
• Can't connect to Windows shares not requiring authentication using KDE/Gnome; (bso#14935);
• smbclient -L doesn't set 'client max protocol' to NT1 before calling the 'Reconnecting with SMB1 for workgroup listing' path; (bso#14939);
• Cross device copy of the crossrename module always fails; (bso#14940);
• symlinkat function from VFS cap module always fails with an error; (bso#14941);
• Fix possible fsp pointer deference; (bso#14942);
• Missing pop_sec_ctx() in error path inside close_directory(); (bso#14944);
• 'smbd --build-options' no longer works without an smb.conf file; (bso#14945);

• CVE-2021-43566: Symlink race error can allow directory creation outside of the exported share; (bsc#1139519);
• CVE-2021-20316: Symlink race error can allow metadata read and modify outside of the exported share; (bsc#1191227);
• Reorganize libs packages. Split samba-libs into samba-client-libs, samba-libs, samba-winbind-libs and samba-ad-dc-libs, merging samba public libraries depending on internal samba libraries into these packages as there were dependency problems everytime one of these public libraries changed its version (bsc#1192684). The devel packages are merged into samba-devel.
• Rename package samba-core-devel to samba-devel
• Update the symlink create by samba-dsdb-modules to private samba ldb modules following libldb2 changes from /usr/lib64/ldb/samba to /usr/lib64/ldb2/modules/ldb/samba

• Fix a denial of service attack against the KDC encrypted challenge code; (CVE-2021-36222);
• Fix a memory leak when gss_inquire_cred() is called without a credential handle.

• Fix a linking issue with Samba.
• Better support multiple pkinit_identities values by checking whether certificates can be loaded for each value.

• Fix a denial of service vulnerability when decoding Kerberos protocol messages.
• Fix a locking issue with the LMDB KDB module which could cause KDC and kadmind processes to lose access to the database.
• Fix an assertion failure when libgssapi_krb5 is repeatedly loaded and unloaded while libkrb5support remains loaded.

• Fix a SPNEGO regression where an acceptor using the default credential would improperly filter mechanisms, causing a negotiation failure.
• Fix a bug where the KDC would fail to issue tickets if the local krbtgt principal's first key has a single-DES enctype.
• Add stub functions to allow old versions of OpenSSL libcrypto to link against libkrb5.
• Fix a NegoEx bug where the client name and delegated credential might not be reported.

• Fix a crash when qualifying short hostnames when the system has no primary DNS domain.
• Fix a regression when an application imports 'service@' as a GSS host-based name for its acceptor credential handle.
• Fix KDC enforcement of auth indicators when they are modified by the KDB module.
• Fix removal of require_auth string attributes when the LDAP KDB module is used.
• Fix a compile error when building with musl libc on Linux.
• Fix a compile error when building with gcc 4.x.
• Change the KDC constrained delegation precedence order for consistency with Windows KDCs.

• Fix a bug preventing 'addprinc -randkey -kvno' from working in kadmin.
• Fix a bug preventing time skew correction from working when a KCM credential cache is used.

• A new Kerberos database module using the Lightning Memory-Mapped Database library (LMDB) has been added. The LMDB KDB module should be more performant and more robust than the DB2 module, and may become the default module for new databases in a future release.
• 'kdb5_util dump' will no longer dump policy entries when specific principal names are requested.

• Build with full Cyrus SASL support. Negotiating SASL credentials with an EXTERNAL bind mechanism requires interaction. Kerberos provides its own interaction function that skips all interaction, thus preventing the mechanism from working.

• Release 2.4.1

• Release 2.4.0

• various bugfixes
• python: Ensure reference counts are properly incremented
• Change pytalloc source to LGPL
• Upgrade waf to 2.0.18 to fix a cross-compilation issue; (bso#13846).

• various bugfixes

• Add custom tag to events
• Add event trace api

• Fix tests test_copy_ccache & test_copy_keytab for later versions of krb5
• Update the private ldb modules installation following libldb2 changes from /usr/lib64/ldb/samba to /usr/lib64/ldb2/modules/ldb/samba

• Cater for changes to ldb packaging to allow parallel installation with libldb (bsc#1192684).
• add profile for samba-bgqd (bsc#1191532).

The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

• CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195254).
• CVE-2022-0330: Fixed flush TLBs before releasing backing store (bsc#1194880).
• CVE-2022-0286: Fixed null pointer dereference in bond_ipsec_add_sa() that may have lead to local denial of service (bnc#1195371).
• CVE-2022-22942: Fixed stale file descriptors on failed usercopy (bsc#1195065).
• CVE-2021-45095: Fixed refcount leak in pep_sock_accept in net/phonet/pep.c (bnc#1193867).
• CVE-2021-44733: Fixed a use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem, that could have occured because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object (bnc#1193767).
• CVE-2021-39685: Fixed USB gadget buffer overflow caused by too large endpoint 0 requests (bsc#1193802).
• CVE-2021-39657: Fixed out of bounds read due to a missing bounds check in ufshcd_eh_device_reset_handler of ufshcd.c. This could lead to local information disclosure with System execution privileges needed (bnc#1193864).
• CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a race condition in gadget_dev_desc_UDC_show of configfs.c. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1193861).
• CVE-2021-22600: Fixed double free bug in packet_set_ring() in net/packet/af_packet.c that could have been exploited by a local user through crafted syscalls to escalate privileges or deny service (bnc#1195184).
• CVE-2020-28097: Fixed out-of-bounds read in vgacon subsystem that mishandled software scrollback (bnc#1187723).

• ACPI: battery: Add the ThinkPad 'Not Charging' quirk (git-fixes).
• ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R() (git-fixes).
• ACPICA: Fix wrong interpretation of PCC address (git-fixes).
• ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5 (git-fixes).
• ACPICA: Utilities: Avoid deleting the same object twice in a row (git-fixes).
• ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions (git-fixes).
• ALSA: seq: Set upper limit of processed events (git-fixes).
• ALSA: usb-audio: Correct quirk for VF0770 (git-fixes).
• ALSA: usb-audio: initialize variables that could ignore errors (git-fixes).
• ASoC: cpcap: Check for NULL pointer after calling of_get_child_by_name (git-fixes).
• ASoC: fsl: Add missing error handling in pcm030_fabric_probe (git-fixes).
• ASoC: max9759: fix underflow in speaker_gain_control_put() (git-fixes).
• ASoC: mediatek: mt8173: fix device_node leak (git-fixes).
• ASoC: xilinx: xlnx_formatter_pcm: Make buffer bytes multiple of period bytes (git-fixes).
• Bluetooth: Fix debugfs entry leak in hci_register_dev() (git-fixes).
• Bluetooth: refactor malicious adv data check (git-fixes).
• Documentation: fix firewire.rst ABI file path error (git-fixes).
• HID: apple: Do not reset quirks when the Fn key is not found (git-fixes).
• HID: quirks: Allow inverting the absolute X/Y values (git-fixes).
• HID: uhid: Fix worker destroying device without any protection (git-fixes).
• HID: wacom: Reset expected and received contact counts at the same time (git-fixes).
• IB/cm: Avoid a loop when device has 255 ports (git-fixes)
• IB/hfi1: Fix error return code in parse_platform_config() (git-fixes)
• IB/hfi1: Use kzalloc() for mmu_rb_handler allocation (git-fixes)
• IB/isert: Fix a use after free in isert_connect_request (git-fixes)
• IB/mlx4: Separate tunnel and wire bufs parameters (git-fixes)
• IB/mlx5: Add missing error code (git-fixes)
• IB/mlx5: Add mutex destroy call to cap_mask_mutex mutex (git-fixes)
• IB/mlx5: Fix error unwinding when set_has_smi_cap fails (git-fixes)
• IB/mlx5: Return appropriate error code instead of ENOMEM (git-fixes)
• IB/umad: Return EIO in case of when device disassociated (git-fixes)
• IB/umad: Return EPOLLERR in case of when device disassociated (git-fixes)
• Input: wm97xx: Simplify resource management (git-fixes).
• NFS: Ensure the server had an up to date ctime before renaming (git-fixes).
• NFSv4: Handle case where the lookup of a directory fails (git-fixes).
• NFSv4: nfs_atomic_open() can race when looking up a non-regular file (git-fixes).
• PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller (git-fixes).
• PM: wakeup: simplify the output logic of pm_show_wakelocks() (git-fixes).
• RDMA/addr: Be strict with gid size (git-fixes)
• RDMA/bnxt_re: Fix a double free in bnxt_qplib_alloc_res (git-fixes)
• RDMA/bnxt_re: Fix error return code in bnxt_qplib_cq_process_terminal() (git-fixes)
• RDMA/bnxt_re: Set queue pair state when being queried (git-fixes)
• RDMA/cm: Fix an attempt to use non-valid pointer when cleaning timewait (git-fixes)
• RDMA/core: Clean up cq pool mechanism (jsc#SLE-15176).
• RDMA/core: Do not access cm_id after its destruction (git-fixes)
• RDMA/core: Do not indicate device ready when device enablement fails (git-fixes)
• RDMA/core: Fix corrupted SL on passive side (git-fixes)
• RDMA/core: Unify RoCE check and re-factor code (git-fixes)
• RDMA/cxgb4: Fix adapter LE hash errors while destroying ipv6 listening server (git-fixes)
• RDMA/cxgb4: Fix the reported max_recv_sge value (git-fixes)
• RDMA/cxgb4: Validate the number of CQEs (git-fixes)
• RDMA/cxgb4: add missing qpid increment (git-fixes)
• RDMA/hns: Add a check for current state before modifying QP (git-fixes)
• RDMA/hns: Remove the portn field in UD SQ WQE (git-fixes)
• RDMA/hns: Remove unnecessary access right set during INIT2INIT (git-fixes)
• RDMA/i40iw: Address an mmap handler exploit in i40iw (git-fixes)
• RDMA/i40iw: Fix error unwinding when i40iw_hmc_sd_one fails (git-fixes)
• RDMA/mlx5: Fix corruption of reg_pages in mlx5_ib_rereg_user_mr() (git-fixes)
• RDMA/mlx5: Fix potential race between destroy and CQE poll (git-fixes)
• RDMA/mlx5: Fix query DCT via DEVX (git-fixes)
• RDMA/mlx5: Fix type warning of sizeof in __mlx5_ib_alloc_counters() (git-fixes)
• RDMA/mlx5: Fix wrong free of blue flame register on error (git-fixes)
• RDMA/mlx5: Issue FW command to destroy SRQ on reentry (git-fixes)
• RDMA/mlx5: Recover from fatal event in dual port mode (git-fixes)
• RDMA/mlx5: Use the correct obj_id upon DEVX TIR creation (git-fixes)
• RDMA/ocrdma: Fix use after free in ocrdma_dealloc_ucontext_pd() (git-fixes)
• RDMA/rxe: Clear all QP fields if creation failed (git-fixes)
• RDMA/rxe: Compute PSN windows correctly (git-fixes)
• RDMA/rxe: Correct skb on loopback path (git-fixes)
• RDMA/rxe: Fix coding error in rxe_rcv_mcast_pkt (git-fixes)
• RDMA/rxe: Fix coding error in rxe_recv.c (git-fixes)
• RDMA/rxe: Fix missing kconfig dependency on CRYPTO (git-fixes)
• RDMA/rxe: Remove the unnecessary variable (jsc#SLE-15176).
• RDMA/rxe: Remove useless code in rxe_recv.c (git-fixes)
• RDMA/siw: Fix a use after free in siw_alloc_mr (git-fixes)
• RDMA/siw: Fix calculation of tx_valid_cpus size (git-fixes)
• RDMA/siw: Fix handling of zero-sized Read and Receive Queues. (git-fixes)
• RDMA/siw: Properly check send and receive CQ pointers (git-fixes)
• RDMA/usnic: Fix memleak in find_free_vf_and_create_qp_grp (git-fixes)
• RDMA/uverbs: Fix a NULL vs IS_ERR() bug (git-fixes)
• RDMA/uverbs: Tidy input validation of ib_uverbs_rereg_mr() (git-fixes)
• RMDA/sw: Do not allow drivers using dma_virt_ops on highmem configs (git-fixes)
• USB: core: Fix hang in usb_kill_urb by adding memory barriers (git-fixes).
• USB: serial: mos7840: fix probe error handling (git-fixes).
• ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply (git-fixes).
• arm64: Kconfig: add a choice for endianness (jsc#SLE-23432).
• asix: fix wrong return value in asix_check_host_enable() (git-fixes).
• ata: pata_platform: Fix a NULL pointer dereference in __pata_platform_probe() (git-fixes).
• ath10k: Fix tx hanging (git-fixes).
• ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream (git-fixes).
• batman-adv: allow netlink usage in unprivileged containers (git-fixes).
• blk-cgroup: fix missing put device in error path from blkg_conf_pref() (bsc#1195481).
• blk-mq: introduce blk_mq_set_request_complete (git-fixes).
• bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds() (bsc#1194227).
• btrfs: tree-checker: Add EXTENT_ITEM and METADATA_ITEM check (bsc#1195009).
• btrfs: tree-checker: annotate all error branches as unlikely (bsc#1195009).
• btrfs: tree-checker: check for BTRFS_BLOCK_FLAG_FULL_BACKREF being set improperly (bsc#1195009).
• cgroup/cpuset: Fix a partition bug with hotplug (bsc#1194291).
• clk: si5341: Fix clock HW provider cleanup (git-fixes).
• crypto: qat - fix undetected PFVF timeout in ACK loop (git-fixes).
• dma-buf: heaps: Fix potential spectre v1 gadget (git-fixes).
• drm/amdgpu: fixup bad vram size on gmc v8 (git-fixes).
• drm/bridge: megachips: Ensure both bridges are probed before registration (git-fixes).
• drm/etnaviv: limit submit sizes (git-fixes).
• drm/etnaviv: relax submit size limits (git-fixes).
• drm/i915/overlay: Prevent divide by zero bugs in scaling (git-fixes).
• drm/lima: fix warning when CONFIG_DEBUG_SG=y & CONFIG_DMA_API_DEBUG=y (git-fixes).
• drm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc (git-fixes).
• drm/msm/dsi: Fix missing put_device() call in dsi_get_phy (git-fixes).
• drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable (git-fixes).
• drm/msm/hdmi: Fix missing put_device() call in msm_hdmi_get_phy (git-fixes).
• drm/msm: Fix wrong size calculation (git-fixes).
• drm/nouveau/kms/nv04: use vzalloc for nv04_display (git-fixes).
• drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR (git-fixes).
• drm/nouveau: fix off by one in BIOS boundary checking (git-fixes).
• drm: panel-orientation-quirks: Add quirk for the Lenovo Yoga Book X91F/L (git-fixes).
• ext4: fix an use-after-free issue about data=journal writeback mode (bsc#1195482).
• ext4: make sure quota gets properly shutdown on error (bsc#1195480).
• ext4: set csum seed in tmp inode while migrating to extents (bsc#1195267).
• floppy: Add max size check for user space request (git-fixes).
• fsnotify: fix fsnotify hooks in pseudo filesystems (bsc#1195479).
• fsnotify: invalidate dcache before IN_DELETE event (bsc#1195478).
• gpio: aspeed: Convert aspeed_gpio.lock to raw_spinlock (git-fixes).
• gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use (git-fixes).
• hv_netvsc: Set needed_headroom according to VF (bsc#1193506).
• hwmom: (lm90) Fix citical alarm status for MAX6680/MAX6681 (git-fixes).
• hwmon: (lm90) Mark alert as broken for MAX6646/6647/6649 (git-fixes).
• hwmon: (lm90) Mark alert as broken for MAX6654 (git-fixes).
• hwmon: (lm90) Mark alert as broken for MAX6680 (git-fixes).
• hwmon: (lm90) Reduce maximum conversion rate for G781 (git-fixes).
• i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters (git-fixes).
• i2c: i801: Do not silently correct invalid transfer size (git-fixes).
• i2c: mpc: Correct I2C reset procedure (git-fixes).
• i40iw: Add support to make destroy QP synchronous (git-fixes)
• ibmvnic: Allow extra failures before disabling (bsc#1195073 ltc#195713).
• ibmvnic: Update driver return codes (bsc#1195293 ltc#196198).
• ibmvnic: do not spin in tasklet (bsc#1195073 ltc#195713).
• ibmvnic: init ->running_cap_crqs early (bsc#1195073 ltc#195713).
• ibmvnic: remove unused ->wait_capability (bsc#1195073 ltc#195713).
• ibmvnic: remove unused defines (bsc#1195293 ltc#196198).
• igc: Fix TX timestamp support for non-MSI-X platforms (bsc#1160634).
• iwlwifi: fix leaks/bad data after failed firmware load (git-fixes).
• iwlwifi: mvm: Fix calculation of frame length (git-fixes).
• iwlwifi: mvm: Increase the scan timeout guard to 30 seconds (git-fixes).
• iwlwifi: mvm: synchronize with FW after multicast commands (git-fixes).
• iwlwifi: remove module loading failure message (git-fixes).
• lib82596: Fix IRQ check in sni_82596_probe (git-fixes).
• lightnvm: Remove lightnvm implemenation (bsc#1191881).
• mac80211: allow non-standard VHT MCS-10/11 (git-fixes).
• media: b2c2: Add missing check in flexcop_pci_isr: (git-fixes).
• media: coda/imx-vdoa: Handle dma_set_coherent_mask error codes (git-fixes).
• media: igorplugusb: receiver overflow should be reported (git-fixes).
• media: m920x: do not use stack on USB reads (git-fixes).
• media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach() (git-fixes).
• media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach() (git-fixes).
• media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds (git-fixes).
• mlxsw: Only advertise link modes supported by both driver and device (bsc#1154488).
• mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO (git-fixes).
• mtd: nand: bbt: Fix corner case in bad block table handling (git-fixes).
• mtd: rawnand: gpmi: Add ERR007117 protection for nfc_apply_timings (git-fixes).
• mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6 (git-fixes).
• net, xdp: Introduce xdp_init_buff utility routine (bsc#1193506).
• net, xdp: Introduce xdp_prepare_buff utility routine (bsc#1193506).
• net/mlx5: DR, Proper handling of unsupported Connect-X6DX SW steering (jsc#SLE-8464).
• net/mlx5: E-Switch, fix changing vf VLANID (jsc#SLE-15172).
• net/mlx5e: Protect encap route dev from concurrent release (jsc#SLE-8464).
• net: allow retransmitting a TCP packet if original is still in queue (bsc#1188605 bsc#1187428).
• net: bonding: fix bond_xmit_broadcast return value error bug (bsc#1176447).
• net: bridge: vlan: fix memory leak in __allowed_ingress (bsc#1176447).
• net: bridge: vlan: fix single net device option dumping (bsc#1176447).
• net: mana: Add RX fencing (bsc#1193506).
• net: mana: Add XDP support (bsc#1193506).
• net: sch_generic: aviod concurrent reset and enqueue op for lockless qdisc (bsc#1183405).
• net: sched: add barrier to ensure correct ordering for lockless qdisc (bsc#1183405).
• net: sched: avoid unnecessary seqcount operation for lockless qdisc (bsc#1183405).
• net: sched: fix packet stuck problem for lockless qdisc (bsc#1183405).
• net: sched: fix tx action reschedule issue with stopped queue (bsc#1183405).
• net: sched: fix tx action rescheduling issue during deactivation (bsc#1183405).
• net: sched: replaced invalid qdisc tree flush helper in qdisc_replace (bsc#1183405).
• net: sfp: fix high power modules without diagnostic monitoring (bsc#1154353).
• netdevsim: set .owner to THIS_MODULE (bsc#1154353).
• nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() (git-fixes).
• nvme-core: use list_add_tail_rcu instead of list_add_tail for nvme_init_ns_head (git-fixes).
• nvme-fabrics: avoid double completions in nvmf_fail_nonready_command (git-fixes).
• nvme-fabrics: ignore invalid fast_io_fail_tmo values (git-fixes).
• nvme-fabrics: remove superfluous nvmf_host_put in nvmf_parse_options (git-fixes).
• nvme-tcp: fix data digest pointer calculation (git-fixes).
• nvme-tcp: fix incorrect h2cdata pdu offset accounting (git-fixes).
• nvme-tcp: fix memory leak when freeing a queue (git-fixes).
• nvme-tcp: fix possible use-after-completion (git-fixes).
• nvme-tcp: validate R2T PDU in nvme_tcp_handle_r2t() (git-fixes).
• nvme: add 'iopolicy' module parameter (bsc#1177599 bsc#1193096).
• nvme: fix use after free when disconnecting a reconnecting ctrl (git-fixes).
• nvme: introduce a nvme_host_path_error helper (git-fixes).
• nvme: refactor ns->ctrl by request (git-fixes).
• phy: uniphier-usb3ss: fix unintended writing zeros to PHY register (git-fixes).
• phylib: fix potential use-after-free (git-fixes).
• pinctrl: bcm2835: Add support for wake-up interrupts (git-fixes).
• pinctrl: bcm2835: Match BCM7211 compatible string (git-fixes).
• pinctrl: intel: Fix a glitch when updating IRQ flags on a preconfigured line (git-fixes).
• pinctrl: intel: fix unexpected interrupt (git-fixes).
• powerpc/book3s64/radix: make tlb_single_page_flush_ceiling a debugfs entry (bsc#1195183 ltc#193865).
• powerpc/perf: Fix power_pmu_disable to call clear_pmi_irq_pending only if PMI is pending (bsc#1156395).
• regulator: qcom_smd: Align probe function with rpmh-regulator (git-fixes).
• rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev (git-fixes).
• rpmsg: char: Fix race between the release of rpmsg_eptdev and cdev (git-fixes).
• rsi: Fix use-after-free in rsi_rx_done_handler() (git-fixes).
• sched/fair: Fix detection of per-CPU kthreads waking a task (git fixes (sched/fair)).
• sched/numa: Fix is_core_idle() (git fixes (sched/numa)).
• scripts/dtc: dtx_diff: remove broken example from help text (git-fixes).
• scripts/dtc: only append to HOST_EXTRACFLAGS instead of overwriting (git-fixes).
• serial: 8250: of: Fix mapped region size when using reg-offset property (git-fixes).
• serial: Fix incorrect rs485 polarity on uart open (git-fixes).
• serial: amba-pl011: do not request memory region twice (git-fixes).
• serial: core: Keep mctrl register state and cached copy in sync (git-fixes).
• serial: pl010: Drop CR register reset on set_termios (git-fixes).
• serial: stm32: fix software flow control transfer (git-fixes).
• spi: bcm-qspi: check for valid cs before applying chip select (git-fixes).
• spi: mediatek: Avoid NULL pointer crash in interrupt (git-fixes).
• spi: meson-spicc: add IRQ check in meson_spicc_probe (git-fixes).
• supported.conf: mark rtw88 modules as supported (jsc#SLE-22690)
• tty: Add support for Brainboxes UC cards (git-fixes).
• tty: n_gsm: fix SW flow control encoding/handling (git-fixes).
• ucsi_ccg: Check DEV_INT bit only when starting CCG4 (git-fixes).
• udf: Fix NULL ptr deref when converting from inline format (bsc#1195476).
• udf: Restore i_lenAlloc when inode expansion fails (bsc#1195477).
• usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge (git-fixes).
• usb: common: ulpi: Fix crash in ulpi_match() (git-fixes).
• usb: gadget: f_fs: Use stream_open() for endpoint files (git-fixes).
• usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS (git-fixes).
• usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0 (git-fixes).
• usb: roles: fix include/linux/usb/role.h compile issue (git-fixes).
• usb: typec: tcpm: Do not disconnect while receiving VBUS off (git-fixes).
• usb: uhci: add aspeed ast2600 uhci support (git-fixes).
• vfio/iommu_type1: replace kfree with kvfree (git-fixes).
• video: hyperv_fb: Fix validation of screen resolution (git-fixes).
• vxlan: fix error return code in __vxlan_dev_create() (bsc#1154353).
• workqueue: Fix unbind_workers() VS wq_worker_running() race (bsc#1195062).
• x86/gpu: Reserve stolen memory for first integrated Intel GPU (git-fixes).
• xfrm: fix MTU regression (bsc#1185377, bsc#1194048).
• xhci-pci: Allow host runtime PM as default for Intel Alpine Ridge LP (git-fixes).

This update for cyrus-sasl fixes the following issues:

• Fixed an issue when in postfix 'sasl' authentication with password fails. (bsc#1194265)
• Add config parameter '--with-dblib=gdbm'
• Avoid converting of '/etc/sasldb2 by every update. Convert '/etc/sasldb2' only if it is a Berkeley DB.

This update for nfs-utils fixes the following issues:

• If an error or warning message is produced before closeall() is called, mountd doesn't work. (bsc#1194661)

This update for expat fixes the following issues:

• CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer (bsc#1195054).
• CVE-2022-23990: Fixed integer overflow in the doProlog function (bsc#1195217).

This update for grub2 fixes the following issues:

• Fix wrong default entry when booting snapshot (bsc#1159205).
• Improve support for SLE Micro 5.1 on s390x (bsc#1190395).

This update for rpm fixes the following issues:

• Revert unwanted /usr/bin/python to /usr/bin/python2 change we got with the update to 4.14.3 (bsc#1194968)

This update for systemd fixes the following issues:

• CVE-2021-3997: Fixed an uncontrolled recursion in systemd's systemd-tmpfiles (bsc#1194178).

• udev/net_id: don't generate slot based names if multiple devices might claim the same slot (bsc#1192637)
• localectl: don't omit keymaps files that are symlinks (bsc#1191826)

This update for blog fixes the following issues:

• Update to version 2.26 * On s390/x and PPC64 gcc misses unused arg0

• Update to version 2.24 * Avoid install errror due missed directory

• Update to version 2.22 * Avoid KillMode=none for newer systemd version as well as rework the systemd unit files of blog (bsc#1186506)

• Move to /usr for UsrMerge (bsc#1191057)

• Update to version 2.21 * Merge pull request #4 from samueldr/fix/makefile Fixup Makefile for better build system support * Silent new gcc compiler

SUSE-IU-2022:32-1

This update ships librdkafka 0.11.6 to SUSE Linux Enterprise Server 15.
librdkafka is a C library implementation of the Apache Kafka protocol, containing both Producer and Consumer support.

This update for librdkafka fixes the following issue:

• Fixed thread creation on SUSE Linux Enterprise Server 15 SP3. (bsc#1189792)

This update for systemd fixes the following issues:

• CVE-2021-3997: Fixed an uncontrolled recursion in systemd's systemd-tmpfiles which could cause a minor denial of service. (bsc#1194178)

This update for python3 fixes the following issues:

• Don't use OpenSSL 1.1 on platforms which don't have it.

• Remove shebangs from python-base libraries in '_libdir'. (bsc#1193179, bsc#1192249).
• Build against 'openssl 1.1' as it is incompatible with 'openssl 3.0+' (bsc#1190566)
• Fix for permission error when changing the mtime of the source file in presence of 'SOURCE_DATE_EPOCH'.

This update for rsyslog fixes the following issues:

• Upgrade to rsyslog 8.2106.0: * The prime new feature is support for TLS and non-TLS connections via imtcp in parallel. Furthermore, most TLS parameters can now be overriden at the input() level. The notable exceptions are certificate files, something that is due to be implemented as next step. * New global option 'parser.supportCompressionExtension' This permits to turn off rsyslog's single-message compression extension when it interferes with non-syslog message processing (the parser subsystem expects syslog messages, not generic text) closes https://github.com/rsyslog/rsyslog/issues/4598 * imtcp: add more override config params to input() It is now possible to override all module parameters at the input() level. Module parameters serve as defaults. Existing configs need no modification. * imtcp: add stream driver parameter to input() configuration This permits to have different inputs use different stream drivers and stream driver parameters. * imtcp: permit to run multiple inputs in parallel Previously, a single server was used to run all imtcp inputs. This had a couple of drawsbacks. First and foremost, we could not use different stream drivers in the varios inputs. This patch now provides a baseline to do that, but does still not implement the capability (in this sense it is a staging patch). Secondly, we now ensure that each input has at least one exclusive thread for processing, untangling the performance of multiple inputs from each other. * tcpsrv bugfix: potential sluggishnes and hang on shutdown tcpsrv is used by multiple other modules (imtcp, imdiag, imgssapi, and, in theory, also others - even ones we do not know about). However, the internal synchornization did not properly take multiple tcpsrv users in consideration. As such, a single user could hang under some circumstances. This was caused by improperly awaking all users from a pthread condition wait. That in turn could lead to some sluggish behaviour and, in rare cases, a hang at shutdown. Note: it was highly unlikely to experience real problems with the officially provided modules. * refactoring of syslog/tcp driver parameter passing This has now been generalized to a parameter block, which makes it much cleaner and also easier to add new parameters in the future. * config script: add re_match_i() and re_extract_i() functions This provides case-insensitive regex functionality.
• Upgrade to rsyslog 8.2104.0: * rainerscript: call getgrnam_r repeatedly to get all group members (bsc#1178490) * new built-in function get_property() to access property vars * mmdblookup: add support for mmdb DB reload on HUP * new contributed function module fmunflatten * test bugfix: some tests did not work with newer TLS library versions

• Update 'remote.conf' example file to new 'Address' and 'Port' notation. (bsc#1182653)

• Upgrade to rsyslog 8.2102.0: * omfwd: add stats counter for sent bytes * omfwd: add error reporting configuration option * action stats counter bugfix: failure count was not properly incremented * action stats counter bugfix: resume count was not incremented * omfwd bugfix: segfault or error if port not given * lookup table bugfix: data race on lookup table reload * testbench modernization * testbench: fix invalid sequence of kafka tests runs * testbench: fix kafkacat issues * testbench: fix year-dependendt clickhouse test

• Upgrade to rsyslog 8.2012.0: * testbench bugfix: some tests did not work in make distcheck * immark: rewrite with many improvements * usability: re-phrase error message to help users better understand cause * add new system property $now-unixtimestamp * omfwd: add new rate limit option * omfwd bug: param 'StreamDriver.PermitExpiredCerts' is not 'off' by default

• prepare usrmerge (bsc#1029961)

• remove legacy stuff from specfile * sysvinit is not supported anymore, so remove all tests related to systemv in the specfile

• Upgrade to rsyslog 8.2010.0: * gnutls TLS subsystem bugfix: handshake error handling * core/msg bugfix: memory leak * core/msg bugfix: segfault in jsonPathFindNext() when not an object * openssl TLS subsystem: improvments of error and status messages * core bugfix: do not create empty JSON objects on non-existent key access * gnutls subsysem bugfix: potential hang on session closure * core/network bugfix: obey net.enableDNS=off when querying local hostname * core bugfix: potential segfault on query of PROGRAMNAME property * imtcp bugfix: broken connection not necessariy detected * new module: imhttp - http input * mmdarwin bugfix: potential zero uuid when reusing existing one * imdocker bugfix: build issue on some platforms * omudpspoof bugfix: make compatbile with Solaris build * testbench fix: python 3 incompatibility * core bugfix: segfault if disk-queue file cannot be created * cosmetic: fix dummy module name in debug output * config bugfix: intended warning emitted as error

• Upgrade to rsyslog 8.2008.0
• Added custom unit file rsyslog.service because systemd service file was removed from upstream project
• Use systemd_ordering instead of requiring to make rsyslog useable in containers.
• Fix the URL for bug reporting, should not point to 'novell.com'. (bsc#1173433)
• Add support for 'omkafka'.
• Avoid build error with gcc flag '-fno-common'. (bsc#1160414)

This update for mozilla-nss and MozillaFirefox fix the following issues:
mozilla-nss:

• Update from version 3.68.1 to 3.68.2 (bsc#1193845)
• Add SHA-2 support to mozilla::pkix's Online Certificate Status Protocol implementation

• Firefox Extended Support Release 91.4.1 ESR (bsc#1193845)
• Add SHA-2 support to mozilla::pkix's Online Certificate Status Protocol implementation to fix frequent MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING error messages when trying to connect to various microsoft.com domains

This update for dosfstools fixes the following issues:

• To be able to create filesystems compatible with previous version, add -g command line option to mkfs (bsc#1188401)
• BREAKING CHANGES: After fixing of bsc#1172863 in the last update, mkfs started to create different images than before. Applications that depend on exact FAT file format (e. g. embedded systems) may be broken in two ways: * The introduction of the alignment may create smaller images than before, with a different positions of important image elements. It can break existing software that expect images in doststools <= 4.1 style. To work around these problems, use '-a' command line argument. * The new image may contain a different geometry values. Geometry sensitive applications expecting doststools <= 4.1 style images can fails to accept different geometry values. There is no direct work around for this problem. But you can take the old image, use 'file -s $IMAGE', check its 'sectors/track' and 'heads', and use them in the newly introduced '-g' command line argument.

This update for rsyslog fixes the following issues:

• Fix config parameters in specfile (bsc#1194593)

This update for openssl-1_1 fixes the following issues:

• Add RSA_get0_pss_params() accessor that is used by nodejs16 and provide openssl-has-RSA_get0_pss_params (bsc#1192489)

This update for grub2 fixes the following issues:

• Add support for simplefb (bsc#1193532).

This update for rpm fixes the following issues:

• Fix header check so that old rpms no longer get rejected (bsc#1190824)
• Add explicit requirement on python-rpm-macros (bsc#1180125, bsc#1193711)

This update for dracut fixes the following issues:

• Update dependency and requirement of util-linux-systemd (bsc#1194162)
• Improve SSL CA certificate bundle detection (bsc#1175892)

The SUSE Linux Enterprise 15 SP3 kernel was updated

• Unprivileged BPF has been disabled by default to reduce attack surface as too many security issues have happened in the past (jsc#SLE-22573) You can reenable via systemctl setting /proc/sys/kernel/unprivileged_bpf_disabled to 0. (kernel.unprivileged_bpf_disabled = 0)

• CVE-2021-45485: Fixed an information leak because of certain use of a hash table which use IPv6 source addresses. (bsc#1194094)
• CVE-2021-45486: Fixed an information leak because the hash table is very small in net/ipv4/route.c. (bnc#1194087).
• CVE-2021-4001: Fixed a race condition when the EBPF map is frozen. (bsc#1192990)
• CVE-2021-28715: Fixed an issue where a guest could force Linux netback driver to hog large amounts of kernel memory by do not queueing unlimited number of packages. (bsc#1193442)
• CVE-2021-28714: Fixed an issue where a guest could force Linux netback driver to hog large amounts of kernel memory by fixing rx queue stall detection. (bsc#1193442)
• CVE-2021-28713: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening hvc_xen against event channel storms. (bsc#1193440)
• CVE-2021-28712: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening netfront against event channel storms. (bsc#1193440)
• CVE-2021-28711: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening blkfront against event channel storms. (bsc#1193440)
• CVE-2020-24504: Fixed an uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers that may have allowed an authenticated user to potentially enable denial of service via local access. (bnc#1182404)
• CVE-2021-43975: Fixed a flaw in hw_atl_utils_fw_rpc_wait that could allow an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. (bnc#1192845)
• CVE-2021-43976: Fixed a flaw that could allow an attacker (who can connect a crafted USB device) to cause a denial of service. (bnc#1192847)
• CVE-2021-4002: Added a missing TLB flush that could lead to leak or corruption of data in hugetlbfs. (bsc#1192946)
• CVE-2020-27820: Fixed a vulnerability where a use-after-frees in nouveau's postclose() handler could happen if removing device. (bnc#1179599)

• ACPI: battery: Accept charges over the design capacity as full (git-fixes).
• ACPI: PMIC: Fix intel_pmic_regs_handler() read accesses (git-fixes).
• ACPICA: Avoid evaluating methods too early during system resume (git-fixes).
• Add SMB 2 support for getting and setting SACLs (bsc#1192606).
• Add to supported.conf: fs/smbfs_common/cifs_arc4 fs/smbfs_common/cifs_md4
• ALSA: ctxfi: Fix out-of-range access (git-fixes).
• ALSA: gus: fix null pointer dereference on pointer block (git-fixes).
• ALSA: hda: hdac_ext_stream: fix potential locking issues (git-fixes).
• ALSA: hda: hdac_stream: fix potential locking issue in snd_hdac_stream_assign() (git-fixes).
• ALSA: hda/realtek: Add a quirk for Acer Spin SP513-54N (git-fixes).
• ALSA: hda/realtek: Add quirk for ASUS UX550VE (git-fixes).
• ALSA: hda/realtek: Add quirk for Clevo PC70HS (git-fixes).
• ALSA: hda/realtek: Add quirk for HP EliteBook 840 G7 mute LED (git-fixes).
• ALSA: ISA: not for M68K (git-fixes).
• ALSA: synth: missing check for possible NULL after the call to kstrdup (git-fixes).
• ALSA: timer: Fix use-after-free problem (git-fixes).
• ALSA: timer: Unconditionally unlink slave instances, too (git-fixes).
• ALSA: usb-audio: Add registration quirk for JBL Quantum 400 (git-fixes).
• ARM: 8970/1: decompressor: increase tag size (git-fixes).
• ARM: 8974/1: use SPARSMEM_STATIC when SPARSEMEM is enabled (git-fixes)
• ARM: 8986/1: hw_breakpoint: Do not invoke overflow handler on uaccess watchpoints (git-fixes)
• ARM: 9007/1: l2c: fix prefetch bits init in L2X0_AUX_CTRL using DT (git-fixes)
• ARM: 9019/1: kprobes: Avoid fortify_panic() when copying optprobe (git-fixes)
• ARM: 9046/1: decompressor: Do not clear SCTLR.nTLSMD for ARMv7+ cores (git-fixes)
• ARM: 9064/1: hw_breakpoint: Do not directly check the event's (git-fixes)
• ARM: 9071/1: uprobes: Do not hook on thumb instructions (git-fixes)
• ARM: 9081/1: fix gcc-10 thumb2-kernel regression (git-fixes)
• ARM: 9091/1: Revert 'mm: qsd8x50: Fix incorrect permission faults' (git-fixes)
• ARM: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned (git-fixes)
• ARM: 9134/1: remove duplicate memcpy() definition (git-fixes)
• ARM: 9139/1: kprobes: fix arch_init_kprobes() prototype (git-fixes)
• ARM: 9141/1: only warn about XIP address when not compile testing (git-fixes)
• ARM: 9155/1: fix early early_iounmap() (git-fixes)
• ARM: at91: pm: add missing put_device() call in at91_pm_sram_init() (git-fixes)
• ARM: at91: pm: of_node_put() after its usage (git-fixes)
• ARM: at91: pm: use proper master clock register offset (git-fixes)
• ARM: bcm: Select ARM_TIMER_SP804 for ARCH_BCM_NSP (git-fixes)
• ARM: dts sunxi: Relax a bit the CMA pool allocation range (git-fixes)
• ARM: dts: am335x-pocketbeagle: Fix mmc0 Write Protect (git-fixes)
• ARM: dts: am335x: align ti,pindir-d0-out-d1-in property with dt-shema (git-fixes)
• ARM: dts: am437x-idk-evm: Fix incorrect OPP node names (git-fixes)
• ARM: dts: am437x-l4: fix typo in can@0 node (git-fixes)
• ARM: dts: armada-38x: fix NETA lockup when repeatedly switching speeds (git-fixes)
• ARM: dts: armada388-helios4: assign pinctrl to each fan (git-fixes)
• ARM: dts: armada388-helios4: assign pinctrl to LEDs (git-fixes)
• ARM: dts: aspeed: s2600wf: Fix VGA memory region location (git-fixes)
• ARM: dts: aspeed: tiogapass: Remove vuart (git-fixes)
• ARM: dts: at91-sama5d27_som1: fix phy address to 7 (git-fixes)
• ARM: dts: at91: add pinctrl-{names, 0} for all gpios (git-fixes)
• ARM: dts: at91: at91sam9rl: fix ADC triggers (git-fixes)
• ARM: dts: at91: sama5d2_ptc_ek: fix sdmmc0 node description (git-fixes)
• ARM: dts: at91: sama5d2_ptc_ek: fix vbus pin (git-fixes)
• ARM: dts: at91: sama5d2_xplained: classd: pull-down the R1 and R3 lines (git-fixes)
• ARM: dts: at91: sama5d2: fix CAN message ram offset and size (git-fixes)
• ARM: dts: at91: sama5d2: map securam as device (git-fixes)
• ARM: dts: at91: sama5d3_xplained: add pincontrol for USB Host (git-fixes)
• ARM: dts: at91: sama5d4_xplained: add pincontrol for USB Host (git-fixes)
• ARM: dts: at91: sama5d4: fix pinctrl muxing (git-fixes)
• ARM: dts: at91: tse850: the emaclt;->phy interface is rmii (git-fixes)
• ARM: dts: bcm: HR2: Fix PPI interrupt types (git-fixes)
• ARM: dts: bcm: HR2: Fixed QSPI compatible string (git-fixes)
• ARM: dts: bcm2835-rpi-zero-w: Fix led polarity (git-fixes)
• ARM: dts: BCM5301X: Add interrupt properties to GPIO node (git-fixes)
• ARM: dts: BCM5301X: Fix I2C controller interrupt (git-fixes)
• ARM: dts: BCM5301X: Fixed QSPI compatible string (git-fixes)
• ARM: dts: colibri-imx6ull: limit SDIO clock to 25MHz (git-fixes)
• ARM: dts: Configure missing thermal interrupt for 4430 (git-fixes)
• ARM: dts: dra76x: Fix mmc3 max-frequency (git-fixes)
• ARM: dts: dra76x: m_can: fix order of clocks (git-fixes)
• ARM: dts: dra7xx-clocks: Fixup IPU1 mux clock parent source (git-fixes)
• ARM: dts: exynos: correct fuel gauge interrupt trigger level on Midas (git-fixes)
• ARM: dts: exynos: correct MUIC interrupt trigger level on Midas (git-fixes)
• ARM: dts: exynos: correct PMIC interrupt trigger level on Arndale (git-fixes)
• ARM: dts: exynos: correct PMIC interrupt trigger level on Artik 5 (git-fixes)
• ARM: dts: exynos: correct PMIC interrupt trigger level on Midas (git-fixes)
• ARM: dts: exynos: correct PMIC interrupt trigger level on Monk (git-fixes)
• ARM: dts: exynos: correct PMIC interrupt trigger level on Odroid X/U3 (git-fixes)
• ARM: dts: exynos: correct PMIC interrupt trigger level on Odroid XU3 (git-fixes)
• ARM: dts: exynos: correct PMIC interrupt trigger level on Rinato (git-fixes)
• ARM: dts: exynos: correct PMIC interrupt trigger level on SMDK5250 (git-fixes)
• ARM: dts: exynos: correct PMIC interrupt trigger level on Snow (git-fixes)
• ARM: dts: exynos: correct PMIC interrupt trigger level on Spring (git-fixes)
• ARM: dts: exynos: Fix GPIO polarity for thr GalaxyS3 CM36651 sensor's bus (git-fixes)
• ARM: dts: exynos: fix PWM LED max brightness on Odroid HC1 (git-fixes)
• ARM: dts: exynos: fix PWM LED max brightness on Odroid XU/XU3 (git-fixes)
• ARM: dts: exynos: fix PWM LED max brightness on Odroid XU4 (git-fixes)
• ARM: dts: exynos: fix roles of USB 3.0 ports on Odroid XU (git-fixes)
• ARM: dts: exynos: fix USB 3.0 pins supply being turned off on Odroid (git-fixes)
• ARM: dts: exynos: fix USB 3.0 VBUS control and over-current pins on (git-fixes)
• ARM: dts: Fix dcan driver probe failed on am437x platform (git-fixes)
• ARM: dts: Fix duovero smsc interrupt for suspend (git-fixes)
• ARM: dts: gemini-rut1xx: remove duplicate ethernet node (git-fixes)
• ARM: dts: gose: Fix ports node name for adv7180 (git-fixes)
• ARM: dts: gose: Fix ports node name for adv7612 (git-fixes)
• ARM: dts: imx: emcon-avari: Fix nxp,pca8574 #gpio-cells (git-fixes)
• ARM: dts: imx: Fix USB host power regulator polarity on M53Menlo (git-fixes)
• ARM: dts: imx: Swap M53Menlo pinctrl_power_button/pinctrl_power_out (git-fixes)
• ARM: dts: imx27-phytec-phycard-s-rdk: Fix the I2C1 pinctrl entries (git-fixes)
• ARM: dts: imx50-evk: Fix the chip select 1 IOMUX (git-fixes)
• ARM: dts: imx6: pbab01: Set vmmc supply for both SD interfaces (git-fixes)
• ARM: dts: imx6: phycore-som: fix arm and soc minimum voltage (git-fixes)
• ARM: dts: imx6: phycore-som: fix emmc supply (git-fixes)
• ARM: dts: imx6: Use gpc for FEC interrupt controller to fix wake on LAN (git-fixes)
• ARM: dts: imx6dl-colibri-eval-v3: fix sram compatible properties (git-fixes).
• ARM: dts: imx6dl-yapp4: Fix RGMII connection to QCA8334 switch (git-fixes)
• ARM: dts: imx6dl-yapp4: Fix Ursa board Ethernet connection (git-fixes)
• ARM: dts: imx6q-dhcom: Add gpios pinctrl for i2c bus recovery (git-fixes)
• ARM: dts: imx6q-dhcom: Add PU,VDD1P1,VDD2P5 regulators (git-fixes)
• ARM: dts: imx6q-dhcom: Fix ethernet plugin detection problems (git-fixes)
• ARM: dts: imx6q-dhcom: Fix ethernet reset time properties (git-fixes)
• ARM: dts: imx6qdl-gw52xx: fix duplicate regulator naming (git-fixes)
• ARM: dts: imx6qdl-gw551x: Do not use 'simple-audio-card,dai-link' (git-fixes)
• ARM: dts: imx6qdl-gw551x: fix audio SSI (git-fixes)
• ARM: dts: imx6qdl-icore: Fix OTG_ID pin and sdcard detect (git-fixes)
• ARM: dts: imx6qdl-kontron-samx6i: fix i2c_lcd/cam default status (git-fixes)
• ARM: dts: imx6qdl-kontron-samx6i: fix I2C_PM scl pin (git-fixes)
• ARM: dts: imx6qdl-sr-som: Increase the PHY reset duration to 10ms (git-fixes)
• ARM: dts: imx6qdl-udoo: fix rgmii phy-mode for ksz9031 phy (git-fixes)
• ARM: dts: imx6sl: fix rng node (git-fixes)
• ARM: dts: imx6sx-sabreauto: Fix the phy-mode on fec2 (git-fixes)
• ARM: dts: imx6sx-sdb: Fix the phy-mode on fec2 (git-fixes)
• ARM: dts: imx6sx: Add missing UART RTS/CTS pins mux (git-fixes)
• ARM: dts: imx6sx: fix the pad QSPI1B_SCLK mux mode for uart3 (git-fixes)
• ARM: dts: imx6sx: Improve UART pins macro defines (git-fixes)
• ARM: dts: imx7-colibri: Fix frequency for sd/mmc (git-fixes)
• ARM: dts: imx7-colibri: fix muxing of usbc_det pin (git-fixes)
• ARM: dts: imx7-colibri: prepare module device tree for FlexCAN (git-fixes)
• ARM: dts: imx7d-meerkat96: Fix the 'tuning-step' property (git-fixes)
• ARM: dts: imx7d-pico: Fix the 'tuning-step' property (git-fixes)
• ARM: dts: imx7d: Correct speed grading fuse settings (git-fixes)
• ARM: dts: imx7d: fix opp-supported-hw (git-fixes)
• ARM: dts: imx7ulp: Correct gpio ranges (git-fixes)
• ARM: dts: logicpd-som-lv-baseboard: Fix broken audio (git-fixes)
• ARM: dts: logicpd-som-lv-baseboard: Fix missing video (git-fixes)
• ARM: dts: logicpd-torpedo-baseboard: Fix broken audio (git-fixes)
• ARM: dts: lpc32xx: Revert set default clock rate of HCLK PLL (git-fixes)
• ARM: dts: ls1021a: fix QuadSPI-memory reg range (git-fixes)
• ARM: dts: ls1021a: Restore MDIO compatible to gianfar (git-fixes)
• ARM: dts: meson: fix PHY deassert timing requirements (git-fixes)
• ARM: dts: meson8: remove two invalid interrupt lines from the GPU (git-fixes)
• ARM: dts: meson8: Use a higher default GPU clock frequency (git-fixes)
• ARM: dts: meson8b: ec100: Fix the pwm regulator supply properties (git-fixes)
• ARM: dts: meson8b: mxq: Fix the pwm regulator supply properties (git-fixes)
• ARM: dts: meson8b: odroidc1: Fix the pwm regulator supply properties (git-fixes)
• ARM: dts: mt7623: add missing pause for switchport (git-fixes)
• ARM: dts: N900: fix onenand timings (git-fixes).
• ARM: dts: NSP: Correct FA2 mailbox node (git-fixes)
• ARM: dts: NSP: Disable PL330 by default, add dma-coherent property (git-fixes)
• ARM: dts: NSP: Fixed QSPI compatible string (git-fixes)
• ARM: dts: omap3-gta04a4: accelerometer irq fix (git-fixes)
• ARM: dts: omap3430-sdp: Fix NAND device node (git-fixes)
• ARM: dts: owl-s500: Fix incorrect PPI interrupt specifiers (git-fixes)
• ARM: dts: oxnas: Fix clear-mask property (git-fixes)
• ARM: dts: pandaboard: fix pinmux for gpio user button of Pandaboard (git-fixes)
• ARM: dts: qcom: apq8064: Use 27MHz PXO clock as DSI PLL reference (git-fixes)
• ARM: dts: qcom: msm8974: Add xo_board reference clock to DSI0 PHY (git-fixes)
• ARM: dts: r7s9210: Remove bogus clock-names from OSTM nodes (git-fixes)
• ARM: dts: r8a73a4: Add missing CMT1 interrupts (git-fixes)
• ARM: dts: r8a7740: Add missing extal2 to CPG node (git-fixes)
• ARM: dts: r8a7779, marzen: Fix DU clock names (git-fixes)
• ARM: dts: Remove non-existent i2c1 from 98dx3236 (git-fixes)
• ARM: dts: renesas: Fix IOMMU device node names (git-fixes)
• ARM: dts: s5pv210: Set keep-power-in-suspend for SDHCI1 on Aries (git-fixes)
• ARM: dts: socfpga: Align L2 cache-controller nodename with dtschema (git-fixes)
• ARM: dts: socfpga: fix register entry for timer3 on Arria10 (git-fixes)
• ARM: dts: stm32: fix a typo for DAC io-channel-cells on stm32f429 (git-fixes)
• ARM: dts: stm32: fix a typo for DAC io-channel-cells on stm32h743 (git-fixes)
• ARM: dts: sun6i: a31-hummingbird: Enable RGMII RX/TX delay on (git-fixes)
• ARM: dts: sun7i: a20: bananapro: Fix ethernet phy-mode (git-fixes)
• ARM: dts: sun7i: bananapi-m1-plus: Enable RGMII RX/TX delay on (git-fixes)
• ARM: dts: sun7i: bananapi: Enable RGMII RX/TX delay on Ethernet PHY (git-fixes)
• ARM: dts: sun7i: cubietruck: Enable RGMII RX/TX delay on Ethernet PHY (git-fixes)
• ARM: dts: sun7i: pcduino3-nano: enable RGMII RX/TX delay on PHY (git-fixes)
• ARM: dts: sun8i-a83t-tbs-a711: Fix USB OTG mode detection (git-fixes)
• ARM: dts: sun8i-h2-plus-bananapi-m2-zero: Fix led polarity (git-fixes)
• ARM: dts: sun8i: a83t: Enable both RGMII RX/TX delay on Ethernet PHY (git-fixes)
• ARM: dts: sun8i: h3: orangepi-plus2e: Enable RGMII RX/TX delay on (git-fixes)
• ARM: dts: sun8i: r40: bananapi-m2-berry: Fix dcdc1 regulator (git-fixes)
• ARM: dts: sun8i: r40: bananapi-m2-ultra: Fix dcdc1 regulator (git-fixes)
• ARM: dts: sun8i: r40: bananapi-m2-ultra: Fix ethernet node (git-fixes)
• ARM: dts: sun8i: r40: Move AHCI device node based on address order (git-fixes)
• ARM: dts: sun8i: v3s: fix GIC node memory range (git-fixes)
• ARM: dts: sun8i: v40: bananapi-m2-berry: Fix ethernet node (git-fixes)
• ARM: dts: sun9i: Enable both RGMII RX/TX delay on Ethernet PHY (git-fixes)
• ARM: dts: sunxi: bananapi-m2-plus-v1.2: Fix CPU supply voltages (git-fixes)
• ARM: dts: sunxi: bananapi-m2-plus: Enable RGMII RX/TX delay on (git-fixes)
• ARM: dts: sunxi: Fix DE2 clocks register range (git-fixes)
• ARM: dts: turris-omnia: add comphy handle to eth2 (git-fixes)
• ARM: dts: turris-omnia: add SFP node (git-fixes)
• ARM: dts: turris-omnia: configure LED[2]/INTn pin as interrupt pin (git-fixes)
• ARM: dts: turris-omnia: describe switch interrupt (git-fixes)
• ARM: dts: turris-omnia: enable HW buffer management (git-fixes)
• ARM: dts: turris-omnia: fix hardware buffer management (git-fixes)
• ARM: dts: uniphier: Change phy-mode to RGMII-ID to enable delay pins (git-fixes)
• ARM: dts: uniphier: Set SCSSI clock and reset IDs for each channel (git-fixes).
• ARM: dts: vf610-zii-dev-rev-b: Remove #address-cells and #size-cells (git-fixes)
• ARM: dts: vfxxx: Add syscon compatible with OCOTP (git-fixes)
• ARM: exynos: add missing of_node_put for loop iteration (git-fixes)
• ARM: exynos: MCPM: Restore big.LITTLE cpuidle support (git-fixes)
• ARM: footbridge: fix PCI interrupt mapping (git-fixes)
• ARM: imx: add missing clk_disable_unprepare() (git-fixes)
• ARM: imx: add missing iounmap() (git-fixes)
• ARM: imx: build suspend-imx6.S with arm instruction set (git-fixes)
• ARM: imx: fix missing 3rd argument in macro imx_mmdc_perf_init (git-fixes)
• ARM: imx5: add missing put_device() call in imx_suspend_alloc_ocram() (git-fixes)
• ARM: imx6: disable the GIC CPU interface before calling stby-poweroff (git-fixes)
• ARM: mvebu: drop pointless check for coherency_base (git-fixes)
• ARM: OMAP2+: Fix legacy mode dss_reset (git-fixes)
• ARM: OMAP2+: omap_device: fix idling of devices during probe (git-fixes)
• ARM: OMAP2+: pm33xx-core: Make am43xx_get_rtc_base_addr static (git-fixes)
• ARM: p2v: fix handling of LPAE translation in BE mode (git-fixes)
• ARM: s3c: irq-s3c24xx: Fix return value check for s3c24xx_init_intc() (git-fixes)
• ARM: s3c24xx: fix missing system reset (git-fixes)
• ARM: s3c24xx: fix mmc gpio lookup tables (git-fixes)
• ARM: samsung: do not build plat/pm-common for Exynos (git-fixes)
• ARM: samsung: fix PM debug build with DEBUG_LL but !MMU (git-fixes)
• ARM: socfpga: PM: add missing put_device() call in socfpga_setup_ocram_self_refresh() (git-fixes)
• ASoC: DAPM: Cover regression by kctl change notification fix (git-fixes).
• ASoC: nau8824: Add DMI quirk mechanism for active-high jack-detect (git-fixes).
• ASoC: qdsp6: q6routing: Conditionally reset FrontEnd Mixer (git-fixes).
• ASoC: SOF: Intel: hda-dai: fix potential locking issue (git-fixes).
• ASoC: topology: Add missing rwsem around snd_ctl_remove() calls (git-fixes).
• ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create() (git-fixes).
• ath10k: fix invalid dma_addr_t token assignment (git-fixes).
• ath10k: high latency fixes for beacon buffer (git-fixes).
• Bbluetooth: btusb: Add another Bluetooth part for Realtek 8852AE (bsc#1193655).
• bfq: Limit number of requests consumed by each cgroup (bsc#1184318).
• bfq: Store full bitmap depth in bfq_data (bsc#1184318).
• bfq: Track number of allocated requests in bfq_entity (bsc#1184318).
• block: Fix use-after-free issue accessing struct io_cq (bsc#1193042).
• block: Provide blk_mq_sched_get_icq() (bsc#1184318).
• Bluetooth: Add additional Bluetooth part for Realtek 8852AE (bsc#1193655).
• Bluetooth: btrtl: Refine the ic_id_table for clearer and more regular (bsc#1193655).
• Bluetooth: btusb: Add the more support IDs for Realtek RTL8822CE (bsc#1193655).
• Bluetooth: btusb: Add the new support ID for Realtek RTL8852A (bsc#1193655).
• Bluetooth: btusb: btrtl: Add support for RTL8852A (bsc#1193655).
• Bluetooth: fix use-after-free error in lock_sock_nested() (git-fixes).
• bnxt_en: reject indirect blk offload when hw-tc-offload is off (jsc#SLE-8372 bsc#1153275).
• bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed (git-fixes).
• bpf, arm: Fix register clobbering in div/mod implementation (git-fixes)
• bpf, s390: Fix potential memory leak about jit_data (git-fixes).
• bpf, x86: Fix 'no previous prototype' warning (git-fixes).
• brcmfmac: Add DMI nvram filename quirk for Cyberbook T116 tablet (git-fixes).
• btrfs: do not ignore error from btrfs_next_leaf() when inserting checksums (bsc#1193002).
• btrfs: fix fsync failure and transaction abort after writes to prealloc extents (bsc#1193002).
• btrfs: fix lost inode on log replay after mix of fsync, rename and inode eviction (bsc#1192998).
• btrfs: fix race causing unnecessary inode logging during link and rename (bsc#1192998).
• btrfs: make checksum item extension more efficient (bsc#1193002).
• cfg80211: call cfg80211_stop_ap when switch from P2P_GO type (git-fixes).
• cifs use true,false for bool variable (bsc#1164565).
• cifs_atomic_open(): fix double-put on late allocation failure (bsc#1192606).
• cifs_debug: use %pd instead of messing with ->d_name (bsc#1192606).
• cifs: add a debug macro that prints \\server\share for errors (bsc#1164565).
• cifs: add a function to get a cached dir based on its dentry (bsc#1192606).
• cifs: add a helper to find an existing readable handle to a file (bsc#1154355).
• cifs: add a timestamp to track when the lease of the cached dir was taken (bsc#1192606).
• cifs: add an smb3_fs_context to cifs_sb (bsc#1192606).
• cifs: add FALLOC_FL_INSERT_RANGE support (bsc#1192606).
• cifs: add files to host new mount api (bsc#1192606).
• cifs: add fs_context param to parsing helpers (bsc#1192606).
• cifs: Add get_security_type_str function to return sec type (bsc#1192606).
• cifs: add initial reconfigure support (bsc#1192606).
• cifs: add missing mount option to /proc/mounts (bsc#1164565).
• cifs: add missing parsing of backupuid (bsc#1192606).
• cifs: Add missing sentinel to smb3_fs_parameters (bsc#1192606).
• cifs: add mount parameter tcpnodelay (bsc#1192606).
• cifs: add multichannel mount options and data structs (bsc#1192606).
• cifs: add new debugging macro cifs_server_dbg (bsc#1164565).
• cifs: Add new mount parameter 'acdirmax' to allow caching directory metadata (bsc#1192606).
• cifs: Add new parameter 'acregmax' for distinct file and directory metadata timeout (bsc#1192606).
• cifs: add NULL check for ses->tcon_ipc (bsc#1178270).
• cifs: add passthrough for smb2 setinfo (bsc#1164565).
• cifs: add server param (bsc#1192606).
• cifs: add shutdown support (bsc#1192606).
• cifs: add smb2 POSIX info level (bsc#1164565).
• cifs: add SMB2_open() arg to return POSIX data (bsc#1164565).
• cifs: add SMB3 change notification support (bsc#1164565).
• cifs: add support for FALLOC_FL_COLLAPSE_RANGE (bsc#1192606).
• cifs: add support for fallocate mode 0 for non-sparse files (bsc#1164565).
• cifs: add support for flock (bsc#1164565).
• cifs: Add support for setting owner info, dos attributes, and create time (bsc#1164565).
• cifs: Add tracepoints for errors on flush or fsync (bsc#1164565).
• cifs: Add witness information to debug data dump (bsc#1192606).
• cifs: add witness mount option and data structs (bsc#1192606).
• cifs: added WARN_ON for all the count decrements (bsc#1192606).
• cifs: Adjust indentation in smb2_open_file (bsc#1164565).
• cifs: Adjust key sizes and key generation routines for AES256 encryption (bsc#1192606).
• cifs: allocate buffer in the caller of build_path_from_dentry() (bsc#1192606).
• cifs: Allocate crypto structures on the fly for calculating signatures of incoming packets (bsc#1192606).
• cifs: Allocate encryption header through kmalloc (bsc#1192606).
• cifs: allow chmod to set mode bits using special sid (bsc#1164565).
• cifs: allow syscalls to be restarted in __smb_send_rqst() (bsc#1176956).
• cifs: allow unlock flock and OFD lock across fork (bsc#1192606).
• cifs: Always update signing key of first channel (bsc#1192606).
• cifs: ask for more credit on async read/write code paths (bsc#1192606).
• cifs: Assign boolean values to a bool variable (bsc#1192606).
• cifs: Avoid doing network I/O while holding cache lock (bsc#1164565).
• cifs: Avoid error pointer dereference (bsc#1192606).
• cifs: avoid extra calls in posix_info_parse (bsc#1192606).
• cifs: Avoid field over-reading memcpy() (bsc#1192606).
• cifs: avoid starvation when refreshing dfs cache (bsc#1185902).
• cifs: avoid using MID 0xFFFF (bnc#1151927 5.3.8).
• cifs: call wake_up(server->response_q) inside of cifs_reconnect() (bsc#1164565).
• cifs: change confusing field serverName (to ip_addr) (bsc#1192606).
• cifs: change format of CIFS_FULL_KEY_DUMP ioctl (bsc#1192606).
• cifs: change noisy error message to FYI (bsc#1181507).
• cifs: Change SIDs in ACEs while transferring file ownership (bsc#1192606).
• cifs: check all path components in resolved dfs target (bsc#1181710).
• cifs: check new file size when extending file by fallocate (bsc#1192606).
• cifs: check pointer before freeing (bsc#1183534).
• cifs: check the timestamp for the cached dirent when deciding on revalidate (bsc#1192606).
• cifs: cifs_md4 convert to SPDX identifier (bsc#1192606).
• cifs: cifspdu.h: Replace one-element array with flexible-array member (bsc#1192606).
• cifs: cifspdu.h: Replace zero-length array with flexible-array member (bsc#1192606).
• cifs: cifsssmb: remove redundant assignment to variable ret (bsc#1164565).
• cifs: clarify comment about timestamp granularity for old servers (bsc#1192606).
• cifs: clarify hostname vs ip address in /proc/fs/cifs/DebugData (bsc#1192606).
• cifs: Clarify SMB1 code for delete (bsc#1192606).
• cifs: Clarify SMB1 code for POSIX Create (bsc#1192606).
• cifs: Clarify SMB1 code for POSIX delete file (bsc#1192606).
• cifs: Clarify SMB1 code for POSIX Lock (bsc#1192606).
• cifs: Clarify SMB1 code for rename open file (bsc#1192606).
• cifs: Clarify SMB1 code for SetFileSize (bsc#1192606).
• cifs: clarify SMB1 code for UnixCreateHardLink (bsc#1192606).
• cifs: Clarify SMB1 code for UnixCreateSymLink (bsc#1192606).
• cifs: Clarify SMB1 code for UnixSetPathInfo (bsc#1192606).
• cifs: Clean up DFS referral cache (bsc#1164565).
• cifs: cleanup a few le16 vs. le32 uses in cifsacl.c (bsc#1192606).
• cifs: cleanup misc.c (bsc#1192606).
• cifs: clear PF_MEMALLOC before exiting demultiplex thread (bsc#1192606).
• cifs: Close cached root handle only if it had a lease (bsc#1164565).
• cifs: Close open handle after interrupted close (bsc#1164565).
• cifs: close the shared root handle on tree disconnect (bsc#1164565).
• cifs: compute full_path already in cifs_readdir() (bsc#1192606).
• cifs: connect individual channel servers to primary channel server (bsc#1192606).
• cifs: connect: style: Simplify bool comparison (bsc#1192606).
• cifs: constify get_normalized_path() properly (bsc#1185902).
• cifs: constify path argument of ->make_node() (bsc#1192606).
• cifs: constify pathname arguments in a bunch of helpers (bsc#1192606).
• cifs: Constify static struct genl_ops (bsc#1192606).
• cifs: convert list_for_each to entry variant (bsc#1192606, jsc#SLE-20042).
• cifs: convert list_for_each to entry variant in cifs_debug.c (bsc#1192606).
• cifs: convert list_for_each to entry variant in smb2misc.c (bsc#1192606).
• cifs: convert revalidate of directories to using directory metadata cache timeout (bsc#1192606).
• cifs: convert to use be32_add_cpu() (bsc#1192606).
• cifs: Convert to use the fallthrough macro (bsc#1192606).
• cifs: correct comments explaining internal semaphore usage in the module (bsc#1192606).
• cifs: correct four aliased mount parms to allow use of previous names (bsc#1192606).
• cifs: create a helper function to parse the query-directory response buffer (bsc#1164565).
• cifs: create a helper to find a writeable handle by path name (bsc#1154355).
• cifs: create a MD4 module and switch cifs.ko to use it (bsc#1192606).
• cifs: Create a new shared file holding smb2 pdu definitions (bsc#1192606).
• cifs: create sd context must be a multiple of 8 (bsc#1192606).
• cifs: Deal with some warnings from W=1 (bsc#1192606).
• cifs: Delete a stray unlock in cifs_swn_reconnect() (bsc#1192606).
• cifs: delete duplicated words in header files (bsc#1192606).
• cifs: detect dead connections only when echoes are enabled (bsc#1192606).
• cifs: Display local UID details for SMB sessions in DebugData (bsc#1192606).
• cifs: do d_move in rename (bsc#1164565).
• cifs: do not allow changing posix_paths during remount (bsc#1192606).
• cifs: do not cargo-cult strndup() (bsc#1185902).
• cifs: do not create a temp nls in cifs_setup_ipc (bsc#1192606).
• cifs: do not disable noperm if multiuser mount option is not provided (bsc#1192606).
• cifs: Do not display RDMA transport on reconnect (bsc#1164565).
• cifs: do not duplicate fscache cookie for secondary channels (bsc#1192606).
• cifs: do not fail __smb_send_rqst if non-fatal signals are pending (git-fixes).
• cifs: do not ignore the SYNC flags in getattr (bsc#1164565).
• cifs: do not leak -EAGAIN for stat() during reconnect (bsc#1164565).
• cifs: Do not leak EDEADLK to dgetents64 for STATUS_USER_SESSION_DELETED (bsc#1192606).
• cifs: Do not miss cancelled OPEN responses (bsc#1164565).
• cifs: do not negotiate session if session already exists (bsc#1192606).
• cifs: do not send close in compound create+close requests (bsc#1181507).
• cifs: do not send tree disconnect to ipc shares (bsc#1185902).
• cifs: do not share tcons with DFS (bsc#1178270).
• cifs: do not share tcp servers with dfs mounts (bsc#1185902).
• cifs: do not share tcp sessions of dfs connections (bsc#1185902).
• cifs: do not use 'pre:' for MODULE_SOFTDEP (bsc#1164565).
• cifs: Do not use iov_iter::type directly (bsc#1192606).
• cifs: Do not use the original cruid when following DFS links for multiuser mounts (bsc#1192606).
• cifs: document and cleanup dfs mount (bsc#1178270).
• cifs: dump channel info in DebugData (bsc#1192606).
• cifs: dump Security Type info in DebugData (bsc#1192606).
• cifs: dump the session id and keys also for SMB2 sessions (bsc#1192606).
• cifs: enable change notification for SMB2.1 dialect (bsc#1164565).
• cifs: enable extended stats by default (bsc#1192606).
• cifs: Enable sticky bit with cifsacl mount option (bsc#1192606).
• cifs: ensure correct super block for DFS reconnect (bsc#1178270).
• cifs: escape spaces in share names (bsc#1192606).
• cifs: export supported mount options via new mount_params /proc file (bsc#1192606).
• cifs: fail i/o on soft mounts if sessionsetup errors out (bsc#1164565).
• cifs: fiemap: do not return EINVAL if get nothing (bsc#1192606).
• cifs: fix a comment for the timeouts when sending echos (bsc#1164565).
• cifs: fix a memleak with modefromsid (bsc#1192606).
• cifs: fix a sign extension bug (bsc#1192606).
• cifs: fix a white space issue in cifs_get_inode_info() (bsc#1164565).
• cifs: fix allocation size on newly created files (bsc#1192606).
• cifs: Fix an error pointer dereference in cifs_mount() (bsc#1178270).
• cifs: Fix atime update check vs mtime (bsc#1164565).
• cifs: Fix bug which the return value by asynchronous read is error (bsc#1192606).
• cifs: Fix cached_fid refcnt leak in open_shroot (bsc#1192606).
• cifs: fix channel signing (bsc#1192606).
• cifs: fix check of dfs interlinks (bsc#1185902).
• cifs: fix check of tcon dfs in smb1 (bsc#1178270).
• cifs: Fix chmod with modefromsid when an older ACE already exists (bsc#1192606).
• cifs: fix chown and chgrp when idsfromsid mount option enabled (bsc#1192606).
• cifs: Fix cifsacl ACE mask for group and others (bsc#1192606).
• cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs (bnc#1151927 5.3.10).
• cifs: fix credit accounting for extra channel (bsc#1192606).
• cifs: fix dereference on ses before it is null checked (bsc#1164565).
• cifs: fix dfs domain referrals (bsc#1192606).
• cifs: fix DFS failover (bsc#1192606).
• cifs: fix DFS mount with cifsacl/modefromsid (bsc#1178270).
• cifs: fix dfs-links (bsc#1192606).
• cifs: fix doc warnings in cifs_dfs_ref.c (bsc#1192606).
• cifs: Fix double add page to memcg when cifs_readpages (bsc#1192606).
• cifs: fix double free error on share and prefix (bsc#1178270).
• cifs: Fix fall-through warnings for Clang (bsc#1192606).
• cifs: fix fallocate when trying to allocate a hole (bsc#1192606).
• cifs: fix gcc warning in sid_to_id (bsc#1192606).
• cifs: fix handling of escaped ',' in the password mount argument (bsc#1192606).
• cifs: Fix in error types returned for out-of-credit situations (bsc#1192606).
• cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211).
• cifs: Fix inconsistent indenting (bsc#1192606).
• cifs: Fix inconsistent IS_ERR and PTR_ERR (bsc#1192606).
• cifs: fix incorrect check for null pointer in header_assemble (bsc#1192606).
• cifs: fix incorrect kernel doc comments (bsc#1192606).
• cifs: fix interrupted close commands (git-fixes).
• cifs: fix ipv6 formating in cifs_ses_add_channel (bsc#1192606).
• cifs: fix leak in cifs_smb3_do_mount() ctx (bsc#1192606).
• cifs: Fix leak when handling lease break for cached root fid (bsc#1176242).
• cifs: fix leaked reference on requeued write (bsc#1178270).
• cifs: Fix lookup of root ses in DFS referral cache (bsc#1164565).
• cifs: Fix lookup of SMB connections on multichannel (bsc#1192606).
• cifs: fix max ea value size (bnc#1151927 5.3.4).
• cifs: Fix memory allocation in __smb2_handle_cancelled_cmd() (bsc#1164565).
• cifs: fix memory leak in smb2_copychunk_range (git-fixes).
• cifs: fix memory leak of smb3_fs_context_dup::server_hostname (bsc#1192606).
• cifs: fix minor typos in comments and log messages (bsc#1192606).
• cifs: Fix missed free operations (bnc#1151927 5.3.8).
• cifs: fix missing null session check in mount (bsc#1192606).
• cifs: fix missing spinlock around update to ses->status (bsc#1192606).
• cifs: fix misspellings using codespell tool (bsc#1192606).
• cifs: fix mode bits from dir listing when mounted with modefromsid (bsc#1164565).
• cifs: Fix mode output in debugging statements (bsc#1164565).
• cifs: fix mount option display for sec=krb5i (bsc#1161907).
• cifs: Fix mount options set in automount (bsc#1164565).
• cifs: fix mounts to subdirectories of target (bsc#1192606).
• cifs: fix nodfs mount option (bsc#1181710).
• cifs: fix NULL dereference in match_prepath (bsc#1164565).
• cifs: fix NULL dereference in smb2_check_message() (bsc#1192606).
• cifs: Fix null pointer check in cifs_read (bsc#1192606).
• cifs: Fix NULL pointer dereference in mid callback (bsc#1164565).
• cifs: Fix NULL-pointer dereference in smb2_push_mandatory_locks (bnc#1151927 5.3.16).
• cifs: Fix oplock handling for SMB 2.1+ protocols (bnc#1151927 5.3.4).
• cifs: fix out-of-bound memory access when calling smb3_notify() at mount point (bsc#1192606).
• cifs: fix path comparison and hash calc (bsc#1185902).
• cifs: fix possible uninitialized access and race on iface_list (bsc#1192606).
• cifs: Fix potential deadlock when updating vol in cifs_reconnect() (bsc#1164565).
• cifs: fix potential mismatch of UNC paths (bsc#1164565).
• cifs: Fix potential softlockups while refreshing DFS cache (bsc#1164565).
• cifs: fix potential use-after-free bugs (bsc#1192606, jsc#SLE-20042).
• cifs: fix potential use-after-free in cifs_echo_request() (bsc#1139944).
• cifs: Fix preauth hash corruption (git-fixes).
• cifs: fix print of hdr_flags in dfscache_proc_show() (bsc#1192606, jsc#SLE-20042).
• cifs: fix reference leak for tlink (bsc#1192606).
• cifs: fix regression when mounting shares with prefix paths (bsc#1192606).
• cifs: fix rename() by ensuring source handle opened with DELETE bit (bsc#1164565).
• cifs: Fix resource leak (bsc#1192606).
• cifs: Fix retrieval of DFS referrals in cifs_mount() (bsc#1164565).
• cifs: Fix retry mid list corruption on reconnects (bnc#1151927 5.3.10).
• cifs: Fix return value in __update_cache_entry (bsc#1164565).
• cifs: fix rsize/wsize to be negotiated values (bsc#1192606).
• cifs: fix SMB1 error path in cifs_get_file_info_unix (bsc#1192606).
• cifs: Fix SMB2 oplock break processing (bsc#1154355 bnc#1151927 5.3.16).
• cifs: fix soft mounts hanging in the reconnect code (bsc#1164565).
• cifs: fix soft mounts hanging in the reconnect code (bsc#1164565).
• cifs: Fix some error pointers handling detected by static checker (bsc#1192606).
• cifs: Fix spelling of 'security' (bsc#1192606).
• cifs: fix string declarations and assignments in tracepoints (bsc#1192606).
• cifs: Fix support for remount when not changing rsize/wsize (bsc#1192606).
• cifs: Fix task struct use-after-free on reconnect (bsc#1164565).
• cifs: fix the out of range assignment to bit fields in parse_server_interfaces (bsc#1192606).
• cifs: Fix the target file was deleted when rename failed (bsc#1192606).
• cifs: fix trivial typo (bsc#1192606).
• cifs: fix uninitialised lease_key in open_shroot() (bsc#1178270).
• cifs: fix uninitialized variable in smb3_fs_context_parse_param (bsc#1192606).
• cifs: fix unitialized variable poential problem with network I/O cache lock patch (bsc#1164565).
• cifs: Fix unix perm bits to cifsacl conversion for 'other' bits (bsc#1192606).
• cifs: fix unneeded null check (bsc#1192606).
• cifs: fix use after free in cifs_smb3_do_mount() (bsc#1192606).
• cifs: Fix use after free of file info structures (bnc#1151927 5.3.8).
• cifs: Fix use-after-free bug in cifs_reconnect() (bsc#1164565).
• cifs: fix wrong release in sess_alloc_buffer() failed path (bsc#1192606).
• cifs: for compound requests, use open handle if possible (bsc#1192606).
• cifs: Force reval dentry if LOOKUP_REVAL flag is set (bnc#1151927 5.3.7).
• cifs: Force revalidate inode when dentry is stale (bnc#1151927 5.3.7).
• cifs: fork arc4 and create a separate module for it for cifs and other users (bsc#1192606).
• cifs: get mode bits from special sid on stat (bsc#1164565).
• cifs: get rid of @noreq param in __dfs_cache_find() (bsc#1185902).
• cifs: get rid of cifs_sb->mountdata (bsc#1192606).
• cifs: Get rid of kstrdup_const()'d paths (bsc#1164565).
• cifs: get rid of unused parameter in reconn_setup_dfs_targets() (bsc#1178270).
• cifs: Grab a reference for the dentry of the cached directory during the lifetime of the cache (bsc#1192606).
• cifs: Gracefully handle QueryInfo errors during open (bnc#1151927 5.3.7).
• cifs: handle -EINTR in cifs_setattr (bsc#1192606).
• cifs: handle 'guest' mount parameter (bsc#1192606).
• cifs: handle 'nolease' option for vers=1.0 (bsc#1192606).
• cifs: handle different charsets in dfs cache (bsc#1185902).
• cifs: handle empty list of targets in cifs_reconnect() (bsc#1178270).
• cifs: handle hostnames that resolve to same ip in failover (bsc#1178270).
• cifs: handle prefix paths in reconnect (bsc#1164565).
• cifs: handle reconnect of tcon when there is no cached dfs referral (bsc#1192606).
• cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1178270).
• cifs: Handle witness client move notification (bsc#1192606).
• cifs: have ->mkdir() handle race with another client sanely (bsc#1192606).
• cifs: have cifs_fattr_to_inode() refuse to change type on live inode (bsc#1192606).
• cifs: Identify a connection by a conn_id (bsc#1192606).
• cifs: If a corrupted DACL is returned by the server, bail out (bsc#1192606).
• cifs: ignore auto and noauto options if given (bsc#1192606).
• cifs: ignore cached share root handle closing errors (bsc#1166780).
• cifs: improve fallocate emulation (bsc#1192606).
• cifs: improve read performance for page size 64KB cache=strict vers=2.1+ (bsc#1192606).
• cifs: In the new mount api we get the full devname as source= (bsc#1192606).
• cifs: Increment num_remote_opens stats counter even in case of smb2_query_dir_first (bsc#1192606).
• cifs: Initialize filesystem timestamp ranges (bsc#1164565).
• cifs: introduce cifs_ses_mark_for_reconnect() helper (bsc#1192606).
• cifs: introduce helper for finding referral server (bsc#1181710).
• cifs: Introduce helpers for finding TCP connection (bsc#1164565).
• cifs: introduce new helper for cifs_reconnect() (bsc#1192606, jsc#SLE-20042).
• cifs: keep referral server sessions alive (bsc#1185902).
• cifs: log mount errors using cifs_errorf() (bsc#1192606).
• cifs: log warning message (once) if out of disk space (bsc#1164565).
• cifs: make build_path_from_dentry() return const char * (bsc#1192606).
• cifs: make const array static, makes object smaller (bsc#1192606).
• cifs: Make extract_hostname function public (bsc#1192606).
• cifs: Make extract_sharename function public (bsc#1192606).
• cifs: make fs_context error logging wrapper (bsc#1192606).
• cifs: make locking consistent around the server session status (bsc#1192606).
• cifs: make multichannel warning more visible (bsc#1192606).
• cifs: Make SMB2_notify_init static (bsc#1164565).
• cifs: make sure we do not overflow the max EA buffer size (bsc#1164565).
• cifs: make use of cap_unix(ses) in cifs_reconnect_tcon() (bsc#1164565).
• cifs: map STATUS_ACCOUNT_LOCKED_OUT to -EACCES (bsc#1192606).
• cifs: merge __{cifs,smb2}_reconnect[_tcon]() into cifs_tree_connect() (bsc#1178270).
• cifs: Merge is_path_valid() into get_normalized_path() (bsc#1164565).
• cifs: minor fix to two debug messages (bsc#1192606).
• cifs: minor kernel style fixes for comments (bsc#1192606).
• cifs: minor simplification to smb2_is_network_name_deleted (bsc#1192606).
• cifs: minor update to comments around the cifs_tcp_ses_lock mutex (bsc#1192606).
• cifs: minor updates to Kconfig (bsc#1192606).
• cifs: misc: Use array_size() in if-statement controlling expression (bsc#1192606).
• cifs: missed ref-counting smb session in find (bsc#1192606).
• cifs: missing null check for newinode pointer (bsc#1192606).
• cifs: missing null pointer check in cifs_mount (bsc#1185902).
• cifs: modefromsid: make room for 4 ACE (bsc#1164565).
• cifs: modefromsid: write mode ACE first (bsc#1164565).
• cifs: move [brw]size from cifs_sb to cifs_sb->ctx (bsc#1192606).
• cifs: move cache mount options to fs_context.ch (bsc#1192606).
• cifs: move cifs_cleanup_volume_info[_content] to fs_context.c (bsc#1192606).
• cifs: move cifs_parse_devname to fs_context.c (bsc#1192606).
• cifs: move cifsFileInfo_put logic into a work-queue (bsc#1154355).
• cifs: move debug print out of spinlock (bsc#1192606).
• cifs: Move more definitions into the shared area (bsc#1192606).
• cifs: move NEGOTIATE_PROTOCOL definitions out into the common area (bsc#1192606).
• cifs: move security mount options into fs_context.ch (bsc#1192606).
• cifs: move SMB FSCTL definitions to common code (bsc#1192606).
• cifs: move smb version mount options into fs_context.c (bsc#1192606).
• cifs: Move SMB2_Create definitions to the shared area (bsc#1192606).
• cifs: move some variables off the stack in smb2_ioctl_query_info (bsc#1192606).
• cifs: move the check for nohandlecache into open_shroot (bsc#1192606).
• cifs: move the enum for cifs parameters into fs_context.h (bsc#1192606).
• cifs: move update of flags into a separate function (bsc#1192606).
• cifs: multichannel: always zero struct cifs_io_parms (bsc#1192606).
• cifs: multichannel: move channel selection above transport layer (bsc#1192606).
• cifs: multichannel: move channel selection in function (bsc#1192606).
• cifs: multichannel: try to rebind when reconnecting a channel (bsc#1192606).
• cifs: multichannel: use pointer for binding channel (bsc#1192606).
• cifs: mute -Wunused-const-variable message (bnc#1151927 5.3.9).
• cifs: New optype for session operations (bsc#1181507).
• cifs: nosharesock should be set on new server (bsc#1192606).
• cifs: nosharesock should not share socket with future sessions (bsc#1192606).
• cifs: On cifs_reconnect, resolve the hostname again (bsc#1192606).
• cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#1178270).
• cifs: only write 64kb at a time when fallocating a small region of a file (bsc#1192606).
• cifs: Optimize readdir on reparse points (bsc#1164565).
• cifs: pass a path to open_shroot and check if it is the root or not (bsc#1192606).
• cifs: pass the dentry instead of the inode down to the revalidation check functions (bsc#1192606).
• cifs: plumb smb2 POSIX dir enumeration (bsc#1164565).
• cifs: populate server_hostname for extra channels (bsc#1192606).
• cifs: potential unintitliazed error code in cifs_getattr() (bsc#1164565).
• cifs: prepare SMB2_Flush to be usable in compounds (bsc#1154355).
• cifs: prepare SMB2_query_directory to be used with compounding (bsc#1164565).
• cifs: prevent NULL deref in cifs_compose_mount_options() (bsc#1185902).
• cifs: prevent truncation from long to int in wait_for_free_credits (bsc#1192606).
• cifs: print MIDs in decimal notation (bsc#1181507).
• cifs: Print the address and port we are connecting to in generic_ip_connect() (bsc#1192606).
• cifs: print warning mounting with vers=1.0 (bsc#1164565).
• cifs: properly invalidate cached root handle when closing it (bsc#1192606).
• cifs: Properly process SMB3 lease breaks (bsc#1164565).
• cifs: protect session channel fields with chan_lock (bsc#1192606).
• cifs: protect srv_count with cifs_tcp_ses_lock (bsc#1192606).
• cifs: protect updating server->dstaddr with a spinlock (bsc#1192606).
• cifs: Re-indent cifs_swn_reconnect() (bsc#1192606).
• cifs: reduce number of referral requests in DFS link lookups (bsc#1178270).
• cifs: reduce stack use in smb2_compound_op (bsc#1192606).
• cifs: refactor cifs_get_inode_info() (bsc#1164565).
• cifs: refactor create_sd_buf() and and avoid corrupting the buffer (bsc#1192606).
• cifs: Reformat DebugData and index connections by conn_id (bsc#1192606).
• cifs: Register generic netlink family (bsc#1192606). Update configs with CONFIG_SWN_UPCALL unset.
• cifs: release lock earlier in dequeue_mid error case (bsc#1192606).
• cifs: remove [gu]id/backup[gu]id/file_mode/dir_mode from cifs_sb (bsc#1192606).
• cifs: remove actimeo from cifs_sb (bsc#1192606).
• cifs: remove bogus debug code (bsc#1179427).
• cifs: remove ctx argument from cifs_setup_cifs_sb (bsc#1192606).
• cifs: remove duplicated prototype (bsc#1192606).
• cifs: remove old dead code (bsc#1192606).
• cifs: remove pathname for file from SPDX header (bsc#1192606).
• cifs: remove redundant assignment to pointer pneg_ctxt (bsc#1164565).
• cifs: remove redundant assignment to variable rc (bsc#1164565).
• cifs: remove redundant initialization of variable rc (bsc#1192606).
• cifs: remove redundant initialization of variable rc (bsc#1192606).
• cifs: Remove repeated struct declaration (bsc#1192606).
• cifs: Remove set but not used variable 'capabilities' (bsc#1164565).
• cifs: remove set but not used variable 'server' (bsc#1164565).
• cifs: remove set but not used variables 'cinode' and 'netfid' (bsc#1164565).
• cifs: remove set but not used variables (bsc#1164565).
• cifs: remove some minor warnings pointed out by kernel test robot (bsc#1192606).
• cifs: remove the devname argument to cifs_compose_mount_options (bsc#1192606).
• cifs: remove the retry in cifs_poxis_lock_set (bsc#1192606).
• cifs: Remove the superfluous break (bsc#1192606).
• cifs: remove two cases where rc is set unnecessarily in sid_to_id (bsc#1192606).
• cifs: remove unnecessary copies of tcon->crfid.fid (bsc#1192606).
• cifs: Remove unnecessary struct declaration (bsc#1192606).
• cifs: remove unneeded variable in smb3_fs_context_dup (bsc#1192606).
• cifs: Remove unused inline function is_sysvol_or_netlogon() (bsc#1185902).
• cifs: remove unused variable 'server' (bsc#1192606).
• cifs: remove unused variable 'sid_user' (bsc#1164565).
• cifs: remove unused variable (bsc#1164565).
• cifs: Remove useless variable (bsc#1192606).
• cifs: remove various function description warnings (bsc#1192606).
• cifs: rename a variable in SendReceive() (bsc#1164565).
• cifs: rename cifs_common to smbfs_common (bsc#1192606).
• cifs: rename dup_vol to smb3_fs_context_dup and move it into fs_context.c (bsc#1192606).
• cifs: rename posix create rsp (bsc#1164565).
• cifs: rename reconn_inval_dfs_target() (bsc#1178270).
• cifs: rename smb_vol as smb3_fs_context and move it to fs_context.h (bsc#1192606).
• cifs: rename the *_shroot* functions to *_cached_dir* (bsc#1192606).
• cifs: report error instead of invalid when revalidating a dentry fails (bsc#1177440).
• cifs: Respect O_SYNC and O_DIRECT flags during reconnect (bsc#1164565).
• cifs: Retain old ACEs when converting between mode bits and ACL (bsc#1192606).
• cifs: retry lookup and readdir when EAGAIN is returned (bsc#1192606).
• cifs: return cached_fid from open_shroot (bsc#1192606).
• cifs: Return correct error code from smb2_get_enc_key (git-fixes).
• cifs: Return directly after a failed build_path_from_dentry() in cifs_do_create() (bsc#1164565).
• cifs: return proper error code in statfs(2) (bsc#1181507).
• cifs: Return the error from crypt_message when enc/dec key not found (bsc#1179426).
• cifs: returning mount parm processing errors correctly (bsc#1192606).
• cifs: revalidate mapping when we open files for SMB1 POSIX (bsc#1192606).
• cifs: Send witness register and unregister commands to userspace daemon (bsc#1192606).
• cifs: Send witness register messages to userspace daemon in echo task (bsc#1192606).
• cifs: send workstation name during ntlmssp session setup (bsc#1192606).
• cifs: set a minimum of 120s for next dns resolution (bsc#1192606).
• cifs: set a minimum of 2 minutes for refreshing dfs cache (bsc#1185902).
• cifs: Set CIFS_MOUNT_USE_PREFIX_PATH flag on setting cifs_sb->prepath (bsc#1192606).
• cifs: set correct max-buffer-size for smb2_ioctl_init() (bsc#1164565).
• cifs: set server->cipher_type to AES-128-CCM for SMB3.0 (bsc#1192606).
• cifs: set up next DFS target before generic_ip_connect() (bsc#1178270).
• cifs: Set witness notification handler for messages from userspace daemon (bsc#1192606).
• cifs: Silently ignore unknown oplock break handle (bsc#1192606).
• cifs: Simplify bool comparison (bsc#1192606).
• cifs: simplify handling of cifs_sb/ctx->local_nls (bsc#1192606).
• cifs: Simplify reconnect code when dfs upcall is enabled (bsc#1192606).
• cifs: simplify SWN code with dummy funcs instead of ifdefs (bsc#1192606).
• cifs: smb1: Try failing back to SetFileInfo if SetPathInfo fails (bsc#1192606).
• cifs: smb2pdu.h: Replace zero-length array with flexible-array member (bsc#1192606).
• cifs: smbd: Add messages on RDMA session destroy and reconnection (bsc#1164565).
• cifs: smbd: Calculate the correct maximum packet size for segmented SMBDirect send/receive (bsc#1192606).
• cifs: smbd: Check and extend sender credits in interrupt context (bsc#1192606).
• cifs: smbd: Check send queue size before posting a send (bsc#1192606).
• cifs: smbd: Do not schedule work to send immediate packet on every receive (bsc#1192606).
• cifs: smbd: Invalidate and deregister memory registration on re-send for direct I/O (bsc#1164565).
• cifs: smbd: Merge code to track pending packets (bsc#1192606).
• cifs: smbd: Only queue work for error recovery on memory registration (bsc#1164565).
• cifs: smbd: Properly process errors on ib_post_send (bsc#1192606).
• cifs: smbd: Return -EAGAIN when transport is reconnecting (bsc#1164565).
• cifs: smbd: Return -ECONNABORTED when trasnport is not in connected state (bsc#1164565).
• cifs: smbd: Return -EINVAL when the number of iovs exceeds SMBDIRECT_MAX_SGE (bsc#1164565).
• cifs: smbd: Update receive credits before sending and deal with credits roll back on failure before sending (bsc#1192606).
• cifs: sort interface list by speed (bsc#1192606).
• cifs: Spelling s/EACCESS/EACCES/ (bsc#1192606).
• cifs: split out dfs code from cifs_reconnect() (bsc#1192606, jsc#SLE-20042).
• cifs: Standardize logging output (bsc#1192606).
• cifs: store a pointer to the root dentry in cifs_sb_info once we have completed mounting the share (bsc#1192606).
• cifs: style: replace one-element array with flexible-array (bsc#1192606).
• cifs: support nested dfs links over reconnect (bsc#1192606, jsc#SLE-20042).
• cifs: support share failover when remounting (bsc#1192606, jsc#SLE-20042).
• cifs: switch build_path_from_dentry() to using dentry_path_raw() (bsc#1192606).
• cifs: switch servers depending on binding state (bsc#1192606).
• cifs: switch to new mount api (bsc#1192606).
• cifs: To match file servers, make sure the server hostname matches (bsc#1192606).
• cifs: Tracepoints and logs for tracing credit changes (bsc#1181507).
• cifs: try harder to open new channels (bsc#1192606).
• cifs: try opening channels after mounting (bsc#1192606).
• cifs: uncomplicate printing the iocharset parameter (bsc#1192606).
• cifs: Unlock on errors in cifs_swn_reconnect() (bsc#1192606).
• cifs: update ctime and mtime during truncate (bsc#1192606).
• cifs: update FSCTL definitions (bsc#1192606).
• cifs: update internal module version number (bsc#1192606).
• cifs: update internal module version number (bsc#1192606).
• cifs: update internal module version number (bsc#1192606).
• cifs: update internal module version number (bsc#1192606).
• cifs: update internal module version number (bsc#1192606).
• cifs: update internal module version number (bsc#1192606).
• cifs: update internal module version number (bsc#1192606).
• cifs: update internal module version number (bsc#1192606).
• cifs: update internal version number (bsc#1192606).
• cifs: update internal version number (bsc#1192606).
• cifs: update internal version number (bsc#1192606).
• cifs: update internal version number (bsc#1192606).
• cifs: update mnt_cifs_flags during reconfigure (bsc#1192606).
• cifs: update new ACE pointer after populate_new_aces (bsc#1192606).
• cifs: update super_operations to show_devname (bsc#1192606).
• cifs: Use #define in cifs_dbg (bsc#1164565).
• cifs: use cifsInodeInfo->open_file_lock while iterating to avoid a panic (bnc#1151927 5.3.7).
• cifs: Use common error handling code in smb2_ioctl_query_info() (bsc#1164565).
• cifs: use compounding for open and first query-dir for readdir() (bsc#1164565).
• cifs: use discard iterator to discard unneeded network data more efficiently (bsc#1192606).
• cifs: use echo_interval even when connection not ready (bsc#1192606).
• cifs: use existing handle for compound_op(OP_SET_INFO) when possible (bsc#1154355).
• cifs: use helpers when parsing uid/gid mount options and validate them (bsc#1192606).
• cifs: Use memdup_user() rather than duplicating its implementation (bsc#1164565).
• cifs: use mod_delayed_work() for server->reconnect if already queued (bsc#1164565).
• cifs: use PTR_ERR_OR_ZERO() to simplify code (bsc#1164565).
• cifs: use SPDX-Licence-Identifier (bsc#1192606).
• cifs: use the expiry output of dns_query to schedule next resolution (bsc#1192606).
• cifs: use true,false for bool variable (bsc#1164565).
• cifs: warn and fail if trying to use rootfs without the config option (bsc#1192606).
• cifs: Warn less noisily on default mount (bsc#1192606).
• cifs: we do not allow changing username/password/unc/... during remount (bsc#1192606).
• cifs/smb3: Fix data inconsistent when punch hole (bsc#1176544).
• cifs/smb3: Fix data inconsistent when zero file range (bsc#1176536).
• cifs`: handle ERRBaduid for SMB1 (bsc#1192606).
• clk: imx: imx6ul: Move csi_sel mux to correct base register (git-fixes).
• clk: ingenic: Fix bugs with divided dividers (git-fixes).
• config: refresh BPF configs (jsc#SLE-22574) The SUSE-commit 9a413cc7eb56 ('config: disable unprivileged BPF by default (jsc#SLE-22573)') inherited from SLE15-SP2 puts the BPF config into the wrong place due to SLE15-SP3 additionally backported b24abcff918a ('bpf, kconfig: Add consolidated menu entry for bpf with core options'), and leads to duplicate CONFIG_BPF_UNPRIV_DEFAULT_OFF entires; this commit remove those BPF config. Also, disable unprivileged BPF for armv7hl, which did not inherit the config change from SLE15-SP2.
• constraints: Build aarch64 on recent ARMv8.1 builders. Request asimdrdm feature which is available only on recent ARMv8.1 CPUs. This should prevent scheduling the kernel on an older slower builder.
• Convert trailing spaces and periods in path components (bsc#1179424).
• crypto: ecc - fix CRYPTO_DEFAULT_RNG dependency (git-fixes).
• crypto: pcrypt - Delay write to padata->info (git-fixes).
• crypto: s5p-sss - Add error handling in s5p_aes_probe() (git-fixes).
• cxgb4: fix eeprom len when diagnostics not implemented (git-fixes).
• dm raid: remove unnecessary discard limits for raid0 and raid10 (bsc#1192320).
• dm: fix deadlock when swapping to encrypted device (bsc#1186332).
• dmaengine: at_xdmac: fix AT_XDMAC_CC_PERID() macro (git-fixes).
• dmaengine: dmaengine_desc_callback_valid(): Check for `callback_result` (git-fixes).
• do_cifs_create(): do not set ->i_mode of something we had not created (bsc#1192606).
• drm: panel-orientation-quirks: Add quirk for Aya Neo 2021 (git-fixes).
• drm: panel-orientation-quirks: Add quirk for GPD Win3 (git-fixes).
• drm: panel-orientation-quirks: Add quirk for KD Kurio Smart C15200 2-in-1 (git-fixes).
• drm: panel-orientation-quirks: Add quirk for the Samsung Galaxy Book 10.6 (git-fixes).
• drm: panel-orientation-quirks: Update the Lenovo Ideapad D330 quirk (v2) (git-fixes).
• drm/amd/display: Set plane update flags for all planes in reset (git-fixes).
• drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors (git-fixes).
• drm/msm: Do hw_init() before capturing GPU state (git-fixes).
• drm/msm/a6xx: Allocate enough space for GMU registers (git-fixes).
• drm/nouveau: hdmigv100.c: fix corrupted HDMI Vendor InfoFrame (git-fixes).
• drm/nouveau/acr: fix a couple NULL vs IS_ERR() checks (git-fixes).
• drm/nouveau/svm: Fix refcount leak bug and missing check against null bug (git-fixes).
• drm/panel-orientation-quirks: add Valve Steam Deck (git-fixes).
• drm/pl111: Actually fix CONFIG_VEXPRESS_CONFIG depends (git-fixes).
• drm/plane-helper: fix uninitialized variable reference (git-fixes).
• drm/vc4: fix error code in vc4_create_object() (git-fixes).
• drop superfluous empty lines
• e1000e: Separate TGP board type from SPT (bsc#1192874).
• EDAC/amd64: Handle three rank interleaving mode (bsc#1152489).
• elfcore: correct reference to CONFIG_UML (git-fixes).
• elfcore: fix building with clang (bsc#1169514).
• ethtool: fix ethtool msg len calculation for pause stats (jsc#SLE-15075).
• firmware: qcom_scm: Mark string array const (git-fixes).
• fuse: release pipe buf after last use (bsc#1193318).
• gve: Add netif_set_xps_queue call (bsc#1176940).
• gve: Add rx buffer pagecnt bias (bsc#1176940).
• gve: Allow pageflips on larger pages (bsc#1176940).
• gve: Do lazy cleanup in TX path (git-fixes).
• gve: DQO: avoid unused variable warnings (bsc#1176940).
• gve: Switch to use napi_complete_done (git-fixes).
• gve: Track RX buffer allocation failures (bsc#1176940).
• hwmon: (k10temp) Add additional missing Zen2 and Zen3 APUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666).
• hwmon: (k10temp) Add support for yellow carp (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666).
• hwmon: (k10temp) Add support for Zen3 CPUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666).
• hwmon: (k10temp) Create common functions and macros for Zen CPU families (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666).
• hwmon: (k10temp) Define SVI telemetry and current factors for Zen2 CPUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666).
• hwmon: (k10temp) Do not show Tdie for all Zen/Zen2/Zen3 CPU/APU (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666).
• hwmon: (k10temp) make some symbols static (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666).
• hwmon: (k10temp) Remove residues of current and voltage (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666).
• hwmon: (k10temp) Remove support for displaying voltage and current on Zen CPUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666).
• hwmon: (k10temp) Reorganize and simplify temperature support detection (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666).
• hwmon: (k10temp) Rework the temperature offset calculation (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666).
• hwmon: (k10temp) support Zen3 APUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666).
• hwmon: (k10temp) Swap Tdie and Tctl on Family 17h CPUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666).
• hwmon: (k10temp) Update documentation and add temp2_input info (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666).
• hwmon: (k10temp) Update driver documentation (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666).
• hwmon: (k10temp) Zen3 Ryzen Desktop CPUs support (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666).
• i2c: cbus-gpio: set atomic transfer callback (git-fixes).
• i2c: stm32f7: flush TX FIFO upon transfer errors (git-fixes).
• i2c: stm32f7: recover the bus on access timeout (git-fixes).
• i2c: stm32f7: stop dma transfer in case of NACK (git-fixes).
• i2c: xlr: Fix a resource leak in the error handling path of 'xlr_i2c_probe()' (git-fixes).
• i40e: Fix changing previously set num_queue_pairs for PFs (git-fixes).
• i40e: Fix correct max_pkt_size on VF RX queue (git-fixes).
• i40e: Fix creation of first queue by omitting it if is not power of two (git-fixes).
• i40e: Fix display error code in dmesg (git-fixes).
• i40e: Fix failed opcode appearing if handling messages from VF (git-fixes).
• i40e: Fix NULL ptr dereference on VSI filter sync (git-fixes).
• i40e: Fix ping is lost after configuring ADq on VF (git-fixes).
• i40e: Fix pre-set max number of queues for VF (git-fixes).
• i40e: Fix warning message and call stack during rmmod i40e driver (git-fixes).
• iavf: check for null in iavf_fix_features (git-fixes).
• iavf: do not clear a lock we do not hold (git-fixes).
• iavf: Fix failure to exit out from last all-multicast mode (git-fixes).
• iavf: Fix for setting queues to 0 (jsc#SLE-12877).
• iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset (git-fixes).
• iavf: Fix reporting when setting descriptor count (git-fixes).
• iavf: Fix return of set the new channel count (jsc#SLE-12877).
• iavf: free q_vectors before queues in iavf_disable_vf (git-fixes).
• iavf: prevent accidental free of filter structure (git-fixes).
• iavf: Prevent changing static ITR values if adaptive moderation is on (git-fixes).
• iavf: Restore VLAN filters after link down (git-fixes).
• iavf: validate pointers (git-fixes).
• ibmvnic: drop bad optimization in reuse_rx_pools() (bsc#1193349 ltc#195568).
• ibmvnic: drop bad optimization in reuse_tx_pools() (bsc#1193349 ltc#195568).
• ice: avoid bpf_prog refcount underflow (jsc#SLE-7926).
• ice: avoid bpf_prog refcount underflow (jsc#SLE-7926).
• ice: Delete always true check of PF pointer (git-fixes).
• ice: Fix not stopping Tx queues for VFs (jsc#SLE-7926).
• ice: Fix VF true promiscuous mode (jsc#SLE-12878).
• ice: fix vsi->txq_map sizing (jsc#SLE-7926).
• ice: ignore dropped packets during init (git-fixes).
• ice: Remove toggling of antispoof for VF trusted promiscuous mode (jsc#SLE-12878).
• igb: fix netpoll exit with traffic (git-fixes).
• igc: Remove _I_PHY_ID checking (bsc#1193169).
• igc: Remove phy->type checking (bsc#1193169).
• iio: imu: st_lsm6dsx: Avoid potential array overflow in st_lsm6dsx_set_odr() (git-fixes).
• Input: iforce - fix control-message timeout (git-fixes).
• iommu: Check if group is NULL before remove device (git-fixes).
• iommu/amd: Relocate GAMSup check to early_enable_iommus (git-fixes).
• iommu/amd: Remove iommu_init_ga() (git-fixes).
• iommu/mediatek: Fix out-of-range warning with clang (git-fixes).
• iommu/vt-d: Consolidate duplicate cache invaliation code (git-fixes).
• iommu/vt-d: Fix incomplete cache flush in intel_pasid_tear_down_entry() (git-fixes).
• iommu/vt-d: Update the virtual command related registers (git-fixes).
• ipmi: Disable some operations during a panic (git-fixes).
• kABI: dm: fix deadlock when swapping to encrypted device (bsc#1186332).
• kabi: hide changes to struct uv_info (git-fixes).
• kernel-obs-build: include the preferred kernel parameters Currently the Open Build Service hardcodes the kernel boot parameters globally. Recently functionality was added to control the parameters by the kernel-obs-build package, so make use of that. parameters here will overwrite what is used by OBS otherwise.
• kernel-obs-build: inform build service about virtio-serial Inform the build worker code that this kernel supports virtio-serial, which improves performance and relability of logging.
• kernel-obs-build: remove duplicated/unused parameters lbs=0 - this parameters is just giving 'unused parameter' and it looks like I can not find any version that implemented this. rd.driver.pre=binfmt_misc is not needed when setup_obs is used, it alread loads the kernel module. quiet and panic=1 will now be also always added by OBS, so we do not have to set it here anymore.
• kernel-source.spec: install-kernel-tools also required on 15.4
• lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression (git-fixes).
• lib/xz: Validate the value before assigning it to an enum variable (git-fixes).
• libata: fix checking of DMA state (git-fixes).
• linux/parser.h: add include guards (bsc#1192606).
• lpfc: Reintroduce old IRQ probe logic (bsc#1183897).
• md: add md_submit_discard_bio() for submitting discard bio (bsc#1192320).
• md: fix a lock order reversal in md_alloc (git-fixes).
• md/raid10: extend r10bio devs to raid disks (bsc#1192320).
• md/raid10: improve discard request for far layout (bsc#1192320).
• md/raid10: improve raid10 discard request (bsc#1192320).
• md/raid10: initialize r10_bio->read_slot before use (bsc#1192320).
• md/raid10: pull the code that wait for blocked dev into one function (bsc#1192320).
• md/raid10: Remove unnecessary rcu_dereference in raid10_handle_discard (bsc#1192320).
• mdio: aspeed: Fix 'Link is Down' issue (bsc#1176447).
• media: imx: set a media_device bus_info string (git-fixes).
• media: ipu3-imgu: imgu_fmt: Handle properly try (git-fixes).
• media: ipu3-imgu: VIDIOC_QUERYCAP: Fix bus_info (git-fixes).
• media: ir-kbd-i2c: improve responsiveness of hauppauge zilog receivers (git-fixes).
• media: mceusb: return without resubmitting URB in case of -EPROTO error (git-fixes).
• media: mt9p031: Fix corrupted frame after restarting stream (git-fixes).
• media: netup_unidvb: handle interrupt properly according to the firmware (git-fixes).
• media: rcar-csi2: Add checking to rcsi2_start_receiver() (git-fixes).
• media: s5p-mfc: fix possible null-pointer dereference in s5p_mfc_probe() (git-fixes).
• media: stm32: Potential NULL pointer dereference in dcmi_irq_thread() (git-fixes).
• media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte() (git-fixes).
• media: uvcvideo: Return -EIO for control errors (git-fixes).
• media: uvcvideo: Set capability in s_param (git-fixes).
• media: uvcvideo: Set unique vdev name based in type (git-fixes).
• memstick: r592: Fix a UAF bug when removing the driver (git-fixes).
• MM: reclaim mustn't enter FS for swap-over-NFS (bsc#1191876).
• mmc: dw_mmc: Dont wait for DRTO on Write RSP error (git-fixes).
• mmc: winbond: do not build on M68K (git-fixes).
• mtd: core: do not remove debugfs directory if device is in use (git-fixes).
• mwifiex: Properly initialize private structure on interface type changes (git-fixes).
• mwifiex: Read a PCI register after writing the TX ring write pointer (git-fixes).
• mwifiex: Run SET_BSS_MODE when changing from P2P to STATION vif-type (git-fixes).
• mwl8k: Fix use-after-free in mwl8k_fw_state_machine() (git-fixes).
• net: asix: fix uninit value bugs (git-fixes).
• net: bnx2x: fix variable dereferenced before check (git-fixes).
• net: bridge: fix under estimation in br_get_linkxstats_size() (bsc#1176447).
• net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero (git-fixes).
• net: delete redundant function declaration (git-fixes).
• net: hns3: change affinity_mask to numa node range (bsc#1154353).
• net: hns3: fix misuse vf id and vport id in some logs (bsc#1154353).
• net: hns3: remove check VF uc mac exist when set by PF (bsc#1154353).
• net: hso: fix control-request directions (git-fixes).
• net: hso: fix muxed tty registration (git-fixes).
• net: linkwatch: fix failure to restore device state across suspend/resume (bsc#1192511).
• net: mana: Allow setting the number of queues while the NIC is down (jsc#SLE-18779, bsc#1185726).
• net: mana: Fix memory leak in mana_hwc_create_wq (jsc#SLE-18779, bsc#1185726).
• net: mana: Fix spelling mistake 'calledd' -> 'called' (jsc#SLE-18779, bsc#1185726).
• net: mana: Fix the netdev_err()'s vPort argument in mana_init_port() (jsc#SLE-18779, bsc#1185726).
• net: mana: Improve the HWC error handling (jsc#SLE-18779, bsc#1185726).
• net: mana: Support hibernation and kexec (jsc#SLE-18779, bsc#1185726).
• net: mana: Use kcalloc() instead of kzalloc() (jsc#SLE-18779, bsc#1185726).
• net: pegasus: fix uninit-value in get_interrupt_interval (git-fixes).
• net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() (git-fixes).
• net: stmmac: add EHL 2.5Gbps PCI info and PCI ID (bsc#1192691).
• net: stmmac: add EHL PSE0 PSE1 1Gbps PCI info and PCI ID (bsc#1192691).
• net: stmmac: add EHL RGMII 1Gbps PCI info and PCI ID (bsc#1192691).
• net: stmmac: add EHL SGMII 1Gbps PCI info and PCI ID (bsc#1192691).
• net: stmmac: add TGL SGMII 1Gbps PCI info and PCI ID (bsc#1192691).
• net: stmmac: create dwmac-intel.c to contain all Intel platform (bsc#1192691).
• net: stmmac: pci: Add HAPS support using GMAC5 (bsc#1192691).
• net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of '0' if no IRQ is available (git-fixes).
• net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of '0' if no IRQ is available (git-fixes).
• net: usb: Merge cpu_to_le32s + memcpy to put_unaligned_le32 (git-fixes).
• net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() (git-fixes).
• net/mlx5: E-Switch, return error if encap isn't supported (jsc#SLE-15172).
• net/mlx5e: reset XPS on error flow if netdev isn't registered yet (git-fixes).
• net/sched: sch_ets: do not peek at classes beyond 'nbands' (bsc#1176774).
• netfilter: ctnetlink: do not erase error code with EINVAL (bsc#1176447).
• netfilter: ctnetlink: fix filtering with CTA_TUPLE_REPLY (bsc#1176447).
• netfilter: flowtable: fix IPv6 tunnel addr match (bsc#1176447).
• NFC: add NCI_UNREG flag to eliminate the race (git-fixes).
• NFC: pn533: Fix double free when pn533_fill_fragment_skbs() fails (git-fixes).
• NFC: reorder the logic in nfc_{un,}register_device (git-fixes).
• NFC: reorganize the functions in nci_request (git-fixes).
• nfp: checking parameter process for rx-usecs/tx-usecs is invalid (git-fixes).
• nfp: Fix memory leak in nfp_cpp_area_cache_add() (git-fixes).
• NFS: Do not set NFS_INO_DATA_INVAL_DEFER and NFS_INO_INVALID_DATA (git-fixes).
• NFS: do not take i_rwsem for swap IO (bsc#1191876).
• NFS: Fix deadlocks in nfs_scan_commit_list() (git-fixes).
• NFS: Fix up commit deadlocks (git-fixes).
• NFS: move generic_write_checks() call from nfs_file_direct_write() to nfs_file_write() (bsc#1191876).
• nfsd: do not alloc under spinlock in rpc_parse_scope_id (git-fixes).
• nfsd: fix error handling of register_pernet_subsys() in init_nfsd() (git-fixes).
• nfsd4: Handle the NFSv4 READDIR 'dircount' hint being zero (git-fixes).
• NFSv4: Fix a regression in nfs_set_open_stateid_locked() (git-fixes).
• nvme-multipath: Skip not ready namespaces when revalidating paths (bsc#1191793 bsc#1192507 bsc#1192969).
• nvme-pci: add NO APST quirk for Kioxia device (git-fixes).
• objtool: Support Clang non-section symbols in ORC generation (bsc#1169514).
• PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros (git-fixes).
• PCI: Mark Atheros QCA6174 to avoid bus reset (git-fixes).
• PCI/MSI: Deal with devices lying about their MSI mask capability (git-fixes).
• perf: Correctly handle failed perf_get_aux_event() (git-fixes).
• perf/x86/intel: Fix unchecked MSR access error caused by VLBR_EVENT (git-fixes).
• perf/x86/intel/uncore: Fix Intel ICX IIO event constraints (git-fixes).
• perf/x86/intel/uncore: Fix M2M event umask for Ice Lake server (git-fixes).
• perf/x86/intel/uncore: Fix the scale of the IMC free-running events (git-fixes).
• perf/x86/intel/uncore: Support extra IMC channel on Ice Lake server (git-fixes).
• perf/x86/vlbr: Add c->flags to vlbr event constraints (git-fixes).
• platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()' (git-fixes).
• platform/x86: wmi: do not fail if disabling fails (git-fixes).
• PM: hibernate: Get block device exclusively in swsusp_check() (git-fixes).
• PM: hibernate: use correct mode for swsusp_close() (git-fixes).
• pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds (git-fixes).
• powerpc: fix unbalanced node refcount in check_kvm_guest() (jsc#SLE-15869 jsc#SLE-16321 git-fixes).
• powerpc/iommu: Report the correct most efficient DMA mask for PCI devices (git-fixes).
• powerpc/paravirt: correct preempt debug splat in vcpu_is_preempted() (bsc#1181148 ltc#190702 git-fixes).
• powerpc/paravirt: vcpu_is_preempted() commentary (bsc#1181148 ltc#190702 git-fixes).
• powerpc/perf: Fix cycles/instructions as PM_CYC/PM_INST_CMPL in power10 (jsc#SLE-13513 git-fixes).
• powerpc/pseries: Move some PAPR paravirt functions to their own file (bsc#1181148 ltc#190702 git-fixes).
• powerpc/watchdog: Avoid holding wd_smp_lock over printk and smp_send_nmi_ipi (bsc#1187541 ltc#192129).
• powerpc/watchdog: Fix missed watchdog reset due to memory ordering race (bsc#1187541 ltc#192129).
• powerpc/watchdog: Fix wd_smp_last_reset_tb reporting (bsc#1187541 ltc#192129).
• powerpc/watchdog: read TB close to where it is used (bsc#1187541 ltc#192129).
• powerpc/watchdog: tighten non-atomic read-modify-write access (bsc#1187541 ltc#192129).
• printk: Remove printk.h inclusion in percpu.h (bsc#1192987).
• qede: validate non LSO skb length (git-fixes).
• r8152: limit the RX buffer size of RTL8153A for USB 2.0 (git-fixes).
• r8169: Add device 10ec:8162 to driver r8169 (git-fixes).
• RDMA/bnxt_re: Update statistics counter name (jsc#SLE-16649).
• recordmcount.pl: fix typo in s390 mcount regex (bsc#1192267).
• recordmcount.pl: look for jgnop instruction as well as bcrl on s390 (bsc#1192267).
• reset: socfpga: add empty driver allowing consumers to probe (git-fixes).
• ring-buffer: Protect ring_buffer_reset() from reentrancy (bsc#1179960).
• rpm/*.spec.in: use buildroot macro instead of env variable The RPM_BUILD_ROOT variable is considered deprecated over a buildroot macro. future proof the spec files.
• rpm/kernel-binary.spec.in: do not strip vmlinux again (bsc#1193306) After usrmerge, vmlinux file is not named vmlinux-lt;version>, but simply vmlinux. And this is not reflected in STRIP_KEEP_SYMTAB we set. So fix this by removing the dash...
• rpm/kernel-obs-build.spec.in: move to zstd for the initrd Newer distros have capability to decompress zstd, which provides a 2-5% better compression ratio at very similar cpu overhead. Plus this tests the zstd codepaths now as well.
• rt2x00: do not mark device gone on EPROTO errors during start (git-fixes).
• rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() (bsc#1154353 bnc#1151927 5.3.9).
• s390: mm: Fix secure storage access exception handling (git-fixes).
• s390/bpf: Fix branch shortening during codegen pass (bsc#1193993).
• s390/uv: fully validate the VMA before calling follow_page() (git-fixes).
• scsi: iscsi: Adjust iface sysfs attr detection (git-fixes).
• scsi: lpfc: Fix non-recovery of remote ports following an unsolicited LOGO (bsc#1189126).
• scsi: mpi3mr: Fix duplicate device entries when scanning through sysfs (git-fixes).
• scsi: mpt3sas: Fix kernel panic during drive powercycle test (git-fixes).
• scsi: mpt3sas: Fix system going into read-only mode (git-fixes).
• scsi: pm80xx: Do not call scsi_remove_host() in pm8001_alloc() (git-fixes).
• scsi: qla2xxx: Fix gnl list corruption (git-fixes).
• scsi: qla2xxx: Relogin during fabric disturbance (git-fixes).
• scsi: qla2xxx: Turn off target reset during issue_lip (git-fixes).
• serial: 8250_pci: Fix ACCES entries in pci_serial_quirks array (git-fixes).
• serial: 8250_pci: rewrite pericom_do_set_divisor() (git-fixes).
• serial: 8250: Fix RTS modem control while in rs485 mode (git-fixes).
• serial: core: fix transmit-buffer reset and memleak (git-fixes).
• smb2: clarify rc initialization in smb2_reconnect (bsc#1192606).
• smb2: fix use-after-free in smb2_ioctl_query_info() (bsc#1192606).
• smb3: add additional null check in SMB2_ioctl (bsc#1192606).
• smb3: add additional null check in SMB2_open (bsc#1192606).
• smb3: add additional null check in SMB2_tcon (bsc#1192606).
• smb3: add additional null check in SMB311_posix_mkdir (bsc#1192606).
• smb3: Add debug message for new file creation with idsfromsid mount option (bsc#1192606).
• smb3: add debug messages for closing unmatched open (bsc#1164565).
• smb3: add defines for new crypto algorithms (bsc#1192606).
• smb3: Add defines for new information level, FileIdInformation (bsc#1164565).
• smb3: add defines for new signing negotiate context (bsc#1192606).
• smb3: add dynamic trace point to trace when credits obtained (bsc#1181507).
• smb3: add dynamic trace points for socket connection (bsc#1192606).
• smb3: add dynamic tracepoints for flush and close (bsc#1164565).
• smb3: add indatalen that can be a non-zero value to calculation of credit charge in smb2 ioctl (bsc#1192606).
• smb3: add missing flag definitions (bsc#1164565).
• smb3: Add missing reparse tags (bsc#1164565).
• smb3: add missing worker function for SMB3 change notify (bsc#1164565).
• smb3: add mount option to allow forced caching of read only share (bsc#1164565).
• smb3: add mount option to allow RW caching of share accessed by only 1 client (bsc#1164565).
• smb3: Add new compression flags (bsc#1192606).
• smb3: Add new info level for query directory (bsc#1192606).
• smb3: add new module load parm enable_gcm_256 (bsc#1192606).
• smb3: add new module load parm require_gcm_256 (bsc#1192606).
• smb3: Add new parm 'nodelete' (bsc#1192606).
• smb3: add one more dynamic tracepoint missing from strict fsync path (bsc#1164565).
• smb3: add rasize mount parameter to improve readahead performance (bsc#1192606).
• smb3: add some missing definitions from MS-FSCC (bsc#1192606).
• smb3: add some more descriptive messages about share when mounting cache=ro (bsc#1164565).
• smb3: Add support for getting and setting SACLs (bsc#1192606).
• smb3: Add support for lookup with posix extensions query info (bsc#1192606).
• smb3: Add support for negotiating signing algorithm (bsc#1192606).
• smb3: Add support for query info using posix extensions (level 100) (bsc#1192606).
• smb3: add support for recognizing WSL reparse tags (bsc#1192606).
• smb3: Add support for SMB311 query info (non-compounded) (bsc#1192606).
• smb3: add support for stat of WSL reparse points for special file types (bsc#1192606).
• smb3: add support for using info level for posix extensions query (bsc#1192606).
• smb3: Add tracepoints for new compound posix query info (bsc#1192606).
• smb3: Additional compression structures (bsc#1192606).
• smb3: allow decryption keys to be dumped by admin for debugging (bsc#1164565).
• smb3: allow disabling requesting leases (bnc#1151927 5.3.4).
• smb3: allow dumping GCM256 keys to improve debugging of encrypted shares (bsc#1192606).
• smb3: allow dumping keys for multiuser mounts (bsc#1192606).
• smb3: allow parallelizing decryption of reads (bsc#1164565).
• smb3: allow skipping signature verification for perf sensitive configurations (bsc#1164565).
• smb3: allow uid and gid owners to be set on create with idsfromsid mount option (bsc#1192606).
• smb3: avoid confusing warning message on mount to Azure (bsc#1192606).
• smb3: Avoid Mid pending list corruption (bsc#1192606).
• smb3: Backup intent flag missing from some more ops (bsc#1164565).
• smb3: Call cifs reconnect from demultiplex thread (bsc#1192606).
• smb3: change noisy error message to FYI (bsc#1192606).
• smb3: cleanup some recent endian errors spotted by updated sparse (bsc#1164565).
• smb3: correct server pointer dereferencing check to be more consistent (bsc#1192606).
• smb3: correct smb3 ACL security descriptor (bsc#1192606).
• smb3: default to minimum of two channels when multichannel specified (bsc#1192606).
• smb3: display max smb3 requests in flight at any one time (bsc#1164565).
• smb3: do not attempt multichannel to server which does not support it (bsc#1192606).
• smb3: do not error on fsync when readonly (bsc#1192606).
• smb3: do not fail if no encryption required but server does not support it (bsc#1192606).
• smb3: do not log warning message if server does not populate salt (bsc#1192606).
• smb3: do not setup the fscache_super_cookie until fsinfo initialized (bsc#1192606).
• smb3: do not try to cache root directory if dir leases not supported (bsc#1192606).
• smb3: dump in_send and num_waiters stats counters by default (bsc#1164565).
• smb3: enable negotiating stronger encryption by default (bsc#1192606).
• smb3: enable offload of decryption of large reads via mount option (bsc#1164565).
• smb3: enable swap on SMB3 mounts (bsc#1192606).
• smb3: extend fscache mount volume coherency check (bsc#1192606).
• smb3: fix access denied on change notify request to some servers (bsc#1192606).
• smb3: fix cached file size problems in duplicate extents (reflink) (bsc#1192606).
• smb3: Fix crash in SMB2_open_init due to uninitialized field in compounding path (bsc#1164565).
• smb3: fix crediting for compounding when only one request in flight (bsc#1181507).
• smb3: fix default permissions on new files when mounting with modefromsid (bsc#1164565).
• smb3: Fix ids returned in POSIX query dir (bsc#1192606).
• smb3: fix incorrect number of credits when ioctl MaxOutputResponse > 64K (bsc#1192606).
• smb3: fix leak in 'open on server' perf counter (bnc#1151927 5.3.4).
• smb3: Fix mkdir when idsfromsid configured on mount (bsc#1192606).
• smb3: fix mode passed in on create for modetosid mount option (bsc#1164565).
• smb3: fix mount failure to some servers when compression enabled (bsc#1192606).
• smb3: Fix out-of-bounds bug in SMB2_negotiate() (bsc#1183540).
• smb3: fix performance regression with setting mtime (bsc#1164565).
• smb3: Fix persistent handles reconnect (bnc#1151927 5.3.11).
• smb3: fix posix extensions mount option (bsc#1192606).
• smb3: fix possible access to uninitialized pointer to DACL (bsc#1192606).
• smb3: fix potential null dereference in decrypt offload (bsc#1164565).
• smb3: fix problem with null cifs super block with previous patch (bsc#1164565).
• smb3: fix readpage for large swap cache (bsc#1192606).
• smb3: fix refcount underflow warning on unmount when no directory leases (bsc#1164565).
• smb3: Fix regression in time handling (bsc#1164565).
• smb3: fix signing verification of large reads (bsc#1154355).
• smb3: fix stat when special device file and mounted with modefromsid (bsc#1192606).
• smb3: fix typo in compression flag (bsc#1192606).
• smb3: fix typo in header file (bsc#1192606).
• smb3: fix typo in mount options displayed in /proc/mounts (bsc#1192606).
• smb3: fix uninitialized value for port in witness protocol move (bsc#1192606).
• smb3: fix unmount hang in open_shroot (bnc#1151927 5.3.4).
• smb3: fix unneeded error message on change notify (bsc#1192606).
• smb3: Handle error case during offload read path (bsc#1192606).
• smb3: Honor 'handletimeout' flag for multiuser mounts (bsc#1176558).
• smb3: Honor 'posix' flag for multiuser mounts (bsc#1176559).
• smb3: Honor 'seal' flag for multiuser mounts (bsc#1176545).
• smb3: Honor lease disabling for multiuser mounts (git-fixes).
• smb3: Honor persistent/resilient handle flags for multiuser mounts (bsc#1176546).
• smb3: if max_channels set to more than one channel request multichannel (bsc#1192606).
• smb3: improve check for when we send the security descriptor context on create (bsc#1164565).
• smb3: improve handling of share deleted (and share recreated) (bsc#1154355).
• smb3: incorrect file id in requests compounded with open (bsc#1192606).
• smb3: Incorrect size for netname negotiate context (bsc#1154355).
• smb3: limit noisy error (bsc#1192606).
• smb3: log warning if CSC policy conflicts with cache mount option (bsc#1164565).
• smb3: Minor cleanup of protocol definitions (bsc#1192606).
• smb3: minor update to compression header definitions (bsc#1192606).
• smb3: missing ACL related flags (bsc#1164565).
• smb3: negotiate current dialect (SMB3.1.1) when version 3 or greater requested (bsc#1192606).
• smb3: only offload decryption of read responses if multiple requests (bsc#1164565).
• smb3: pass mode bits into create calls (bsc#1164565).
• smb3: prevent races updating CurrentMid (bsc#1192606).
• smb3: print warning if server does not support requested encryption type (bsc#1192606).
• smb3: print warning once if posix context returned on open (bsc#1164565).
• smb3: query attributes on file close (bsc#1164565).
• smb3: rc uninitialized in one fallocate path (bsc#1192606).
• smb3: remind users that witness protocol is experimental (bsc#1192606).
• smb3: remove confusing dmesg when mounting with encryption ('seal') (bsc#1164565).
• smb3: remove confusing mount warning when no SPNEGO info on negprot rsp (bsc#1192606).
• smb3: remove dead code for non compounded posix query info (bsc#1192606).
• smb3: remove noisy debug message and minor cleanup (bsc#1164565).
• smb3: remove overly noisy debug line in signing errors (bsc#1192606).
• smb3: remove static checker warning (bsc#1192606).
• smb3: remove trivial dfs compile warning (bsc#1192606, jsc#SLE-20042).
• smb3: remove two unused variables (bsc#1192606).
• smb3: remove unused flag passed into close functions (bsc#1164565).
• smb3: rename nonces used for GCM and CCM encryption (bsc#1192606).
• smb3: Resolve data corruption of TCP server info fields (bsc#1192606).
• smb3: set COMPOUND_FID to FileID field of subsequent compound request (bsc#1192606).
• smb3: set gcm256 when requested (bsc#1192606).
• smb3: smbdirect support can be configured by default (bsc#1192606).
• smb3: update comments clarifying SPNEGO info in negprot response (bsc#1192606).
• smb3: update protocol header definitions based to include new flags (bsc#1192606).
• smb3: update structures for new compression protocol definitions (bsc#1192606).
• smb3: use SMB2_SIGNATURE_SIZE define (bsc#1192606).
• smb3: warn on confusing error scenario with sec=krb5 (bsc#1176548).
• smb3: when mounting with multichannel include it in requested capabilities (bsc#1192606).
• smbdirect: missing rc checks while waiting for rdma events (bsc#1192606).
• soc/tegra: Fix an error handling path in tegra_powergate_power_up() (git-fixes).
• soc/tegra: pmc: Fix imbalanced clock disabling in error code path (git-fixes).
• spi: bcm-qspi: Fix missing clk_disable_unprepare() on error in bcm_qspi_probe() (git-fixes).
• spi: spl022: fix Microwire full duplex mode (git-fixes).
• SUNRPC: improve 'swap' handling: scheduling and PF_MEMALLOC (bsc#1191876).
• SUNRPC: remove scheduling boost for 'SWAPPER' tasks (bsc#1191876).
• SUNRPC/auth: async tasks mustn't block waiting for memory (bsc#1191876).
• SUNRPC/call_alloc: async tasks mustn't block waiting for memory (bsc#1191876).
• SUNRPC/xprt: async tasks mustn't block waiting for memory (bsc#1191876).
• supported.conf: add pwm-rockchip References: jsc#SLE-22615
• swiotlb: avoid double free (git-fixes).
• swiotlb: Fix the type of index (git-fixes).
• TCON Reconnect during STATUS_NETWORK_NAME_DELETED (bsc#1192606).
• tlb: mmu_gather: add tlb_flush_*_range APIs
• tracing: Add length protection to histogram string copies (git-fixes).
• tracing: Change STR_VAR_MAX_LEN (git-fixes).
• tracing: Check pid filtering when creating events (git-fixes).
• tracing: Fix pid filtering when triggers are attached (git-fixes).
• tracing: use %ps format string to print symbols (git-fixes).
• tracing/histogram: Do not copy the fixed-size char array field over the field size (git-fixes).
• tty: hvc: replace BUG_ON() with negative return value (git-fixes).
• tty: serial: msm_serial: Deactivate RX DMA for polling support (git-fixes).
• tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc (git-fixes).
• usb-storage: Add compatibility quirk flags for iODD 2531/2541 (git-fixes).
• usb: chipidea: ci_hdrc_imx: fix potential error pointer dereference in probe (git-fixes).
• usb: dwc2: gadget: Fix ISOC flow for elapsed frames (git-fixes).
• usb: dwc2: hcd_queue: Fix use of floating point literal (git-fixes).
• usb: host: ohci-tmio: check return value after calling platform_get_resource() (git-fixes).
• usb: musb: tusb6010: check return value after calling platform_get_resource() (git-fixes).
• usb: serial: option: add Fibocom FM101-GL variants (git-fixes).
• usb: serial: option: add Telit LE910S1 0x9200 composition (git-fixes).
• usb: typec: fusb302: Fix masking of comparator and bc_lvl interrupts (git-fixes).
• usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect (git-fixes).
• usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect (git-fixes).
• usb: xhci: Enable runtime-pm by default on AMD Yellow Carp platform (git-fixes).
• vfs: do not parse forbidden flags (bsc#1192606).
• x86/amd_nb: Add AMD family 19h model 50h PCI ids (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666).
• x86/cpu: Fix migration safety with X86_BUG_NULL_SEL (bsc#1152489).
• x86/efi: Restore Firmware IDT before calling ExitBootServices() (git-fixes).
• x86/entry: Add a fence for kernel entry SWAPGS in paranoid_entry() (bsc#1178134).
• x86/mpx: Disable MPX for 32-bit userland (bsc#1193139).
• x86/pkey: Fix undefined behaviour with PKRU_WD_BIT (bsc#1152489).
• x86/pvh: add prototype for xen_pvh_init() (git-fixes).
• x86/sev: Allow #VC exceptions on the VC2 stack (git-fixes).
• x86/sev: Fix SEV-ES INS/OUTS instructions for word, dword, and qword (bsc#1178134).
• x86/sev: Fix stack type check in vc_switch_off_ist() (git-fixes).
• x86/xen: Add xenpv_restore_regs_and_return_to_usermode() (bsc#1152489).
• x86/Xen: swap NX determination and GDT setup on BSP (git-fixes).
• xen: sync include/xen/interface/io/ring.h with Xen's newest version (git-fixes).
• xen/blkfront: do not take local copy of a request from the ring page (git-fixes).
• xen/blkfront: do not trust the backend response data blindly (git-fixes).
• xen/blkfront: read response from backend only once (git-fixes).
• xen/netfront: disentangle tx_skb_freelist (git-fixes).
• xen/netfront: do not read data from request on the ring page (git-fixes).
• xen/netfront: do not trust the backend response data blindly (git-fixes).
• xen/netfront: read response from backend only once (git-fixes).
• xen/privcmd: fix error handling in mmap-resource processing (git-fixes).
• xen/pvh: add missing prototype to header (git-fixes).
• xen/x86: fix PV trap handling on secondary processors (git-fixes).
• xhci: Fix commad ring abort, write all 64 bits to CRCR register (bsc#1192569).
• xhci: Fix commad ring abort, write all 64 bits to CRCR register (bsc#1192569).
• xhci: Fix commad ring abort, write all 64 bits to CRCR register (git-fixes).
• xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good delay (git-fixes).
• zram: fix return value on writeback_store (git-fixes).
• zram: off by one in read_block_state() (git-fixes).